@pagopa/io-react-native-wallet 0.2.2 → 0.2.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (118) hide show
  1. package/lib/commonjs/pid/issuing.js +28 -0
  2. package/lib/commonjs/pid/issuing.js.map +1 -1
  3. package/lib/commonjs/pid/metadata.js +51 -0
  4. package/lib/commonjs/pid/metadata.js.map +1 -0
  5. package/lib/commonjs/pid/sd-jwt/index.js +2 -1
  6. package/lib/commonjs/pid/sd-jwt/index.js.map +1 -1
  7. package/lib/commonjs/rp/index.js +148 -3
  8. package/lib/commonjs/rp/index.js.map +1 -1
  9. package/lib/commonjs/rp/types.js +4 -0
  10. package/lib/commonjs/rp/types.js.map +1 -1
  11. package/lib/commonjs/sd-jwt/__test__/index.test.js +119 -0
  12. package/lib/commonjs/sd-jwt/__test__/index.test.js.map +1 -0
  13. package/lib/commonjs/sd-jwt/index.js +84 -4
  14. package/lib/commonjs/sd-jwt/index.js.map +1 -1
  15. package/lib/commonjs/sd-jwt/types.js +9 -0
  16. package/lib/commonjs/sd-jwt/types.js.map +1 -1
  17. package/lib/commonjs/sd-jwt/verifier.js +7 -5
  18. package/lib/commonjs/sd-jwt/verifier.js.map +1 -1
  19. package/lib/commonjs/utils/errors.js +76 -1
  20. package/lib/commonjs/utils/errors.js.map +1 -1
  21. package/lib/module/pid/issuing.js +30 -2
  22. package/lib/module/pid/issuing.js.map +1 -1
  23. package/lib/module/pid/metadata.js +43 -0
  24. package/lib/module/pid/metadata.js.map +1 -0
  25. package/lib/module/pid/sd-jwt/index.js +3 -3
  26. package/lib/module/pid/sd-jwt/index.js.map +1 -1
  27. package/lib/module/rp/index.js +150 -5
  28. package/lib/module/rp/index.js.map +1 -1
  29. package/lib/module/rp/types.js +4 -0
  30. package/lib/module/rp/types.js.map +1 -1
  31. package/lib/module/sd-jwt/__test__/index.test.js +118 -0
  32. package/lib/module/sd-jwt/__test__/index.test.js.map +1 -0
  33. package/lib/module/sd-jwt/index.js +83 -3
  34. package/lib/module/sd-jwt/index.js.map +1 -1
  35. package/lib/module/sd-jwt/types.js +10 -0
  36. package/lib/module/sd-jwt/types.js.map +1 -1
  37. package/lib/module/sd-jwt/verifier.js +8 -6
  38. package/lib/module/sd-jwt/verifier.js.map +1 -1
  39. package/lib/module/utils/errors.js +71 -0
  40. package/lib/module/utils/errors.js.map +1 -1
  41. package/lib/typescript/src/index.d.ts.map +1 -0
  42. package/lib/typescript/src/pid/index.d.ts.map +1 -0
  43. package/lib/typescript/{pid → src/pid}/issuing.d.ts +9 -0
  44. package/lib/typescript/src/pid/issuing.d.ts.map +1 -0
  45. package/lib/typescript/src/pid/metadata.d.ts +528 -0
  46. package/lib/typescript/src/pid/metadata.d.ts.map +1 -0
  47. package/lib/typescript/src/pid/sd-jwt/converters.d.ts.map +1 -0
  48. package/lib/typescript/src/pid/sd-jwt/index.d.ts.map +1 -0
  49. package/lib/typescript/src/pid/sd-jwt/types.d.ts.map +1 -0
  50. package/lib/typescript/src/rp/__test__/index.test.d.ts.map +1 -0
  51. package/lib/typescript/src/rp/index.d.ts +89 -0
  52. package/lib/typescript/src/rp/index.d.ts.map +1 -0
  53. package/lib/typescript/{rp → src/rp}/types.d.ts +54 -47
  54. package/lib/typescript/{rp → src/rp}/types.d.ts.map +1 -1
  55. package/lib/typescript/src/sd-jwt/__test__/converters.test.d.ts.map +1 -0
  56. package/lib/typescript/src/sd-jwt/__test__/index.test.d.ts +2 -0
  57. package/lib/typescript/src/sd-jwt/__test__/index.test.d.ts.map +1 -0
  58. package/lib/typescript/src/sd-jwt/__test__/types.test.d.ts.map +1 -0
  59. package/lib/typescript/src/sd-jwt/converters.d.ts.map +1 -0
  60. package/lib/typescript/{sd-jwt → src/sd-jwt}/index.d.ts +22 -2
  61. package/lib/typescript/src/sd-jwt/index.d.ts.map +1 -0
  62. package/lib/typescript/{sd-jwt → src/sd-jwt}/types.d.ts +12 -0
  63. package/lib/typescript/src/sd-jwt/types.d.ts.map +1 -0
  64. package/lib/typescript/src/sd-jwt/verifier.d.ts +3 -0
  65. package/lib/typescript/src/sd-jwt/verifier.d.ts.map +1 -0
  66. package/lib/typescript/src/utils/dpop.d.ts.map +1 -0
  67. package/lib/typescript/{utils → src/utils}/errors.d.ts +41 -0
  68. package/lib/typescript/src/utils/errors.d.ts.map +1 -0
  69. package/lib/typescript/src/utils/jwk.d.ts.map +1 -0
  70. package/lib/typescript/src/wallet-instance-attestation/index.d.ts.map +1 -0
  71. package/lib/typescript/src/wallet-instance-attestation/issuing.d.ts.map +1 -0
  72. package/lib/typescript/{wallet-instance-attestation → src/wallet-instance-attestation}/types.d.ts +8 -8
  73. package/lib/typescript/{wallet-instance-attestation → src/wallet-instance-attestation}/types.d.ts.map +1 -1
  74. package/package.json +4 -3
  75. package/src/pid/issuing.ts +38 -1
  76. package/src/pid/metadata.ts +46 -0
  77. package/src/pid/sd-jwt/index.ts +6 -3
  78. package/src/rp/index.ts +189 -5
  79. package/src/rp/types.ts +8 -0
  80. package/src/sd-jwt/__test__/index.test.ts +171 -0
  81. package/src/sd-jwt/index.ts +84 -7
  82. package/src/sd-jwt/types.ts +13 -0
  83. package/src/sd-jwt/verifier.ts +5 -7
  84. package/src/utils/errors.ts +81 -0
  85. package/lib/typescript/index.d.ts.map +0 -1
  86. package/lib/typescript/pid/index.d.ts.map +0 -1
  87. package/lib/typescript/pid/issuing.d.ts.map +0 -1
  88. package/lib/typescript/pid/sd-jwt/converters.d.ts.map +0 -1
  89. package/lib/typescript/pid/sd-jwt/index.d.ts.map +0 -1
  90. package/lib/typescript/pid/sd-jwt/types.d.ts.map +0 -1
  91. package/lib/typescript/rp/__test__/index.test.d.ts.map +0 -1
  92. package/lib/typescript/rp/index.d.ts +0 -43
  93. package/lib/typescript/rp/index.d.ts.map +0 -1
  94. package/lib/typescript/sd-jwt/__test__/converters.test.d.ts.map +0 -1
  95. package/lib/typescript/sd-jwt/__test__/types.test.d.ts.map +0 -1
  96. package/lib/typescript/sd-jwt/converters.d.ts.map +0 -1
  97. package/lib/typescript/sd-jwt/index.d.ts.map +0 -1
  98. package/lib/typescript/sd-jwt/types.d.ts.map +0 -1
  99. package/lib/typescript/sd-jwt/verifier.d.ts +0 -3
  100. package/lib/typescript/sd-jwt/verifier.d.ts.map +0 -1
  101. package/lib/typescript/utils/dpop.d.ts.map +0 -1
  102. package/lib/typescript/utils/errors.d.ts.map +0 -1
  103. package/lib/typescript/utils/jwk.d.ts.map +0 -1
  104. package/lib/typescript/wallet-instance-attestation/index.d.ts.map +0 -1
  105. package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +0 -1
  106. /package/lib/typescript/{index.d.ts → src/index.d.ts} +0 -0
  107. /package/lib/typescript/{pid → src/pid}/index.d.ts +0 -0
  108. /package/lib/typescript/{pid → src/pid}/sd-jwt/converters.d.ts +0 -0
  109. /package/lib/typescript/{pid → src/pid}/sd-jwt/index.d.ts +0 -0
  110. /package/lib/typescript/{pid → src/pid}/sd-jwt/types.d.ts +0 -0
  111. /package/lib/typescript/{rp → src/rp}/__test__/index.test.d.ts +0 -0
  112. /package/lib/typescript/{sd-jwt → src/sd-jwt}/__test__/converters.test.d.ts +0 -0
  113. /package/lib/typescript/{sd-jwt → src/sd-jwt}/__test__/types.test.d.ts +0 -0
  114. /package/lib/typescript/{sd-jwt → src/sd-jwt}/converters.d.ts +0 -0
  115. /package/lib/typescript/{utils → src/utils}/dpop.d.ts +0 -0
  116. /package/lib/typescript/{utils → src/utils}/jwk.d.ts +0 -0
  117. /package/lib/typescript/{wallet-instance-attestation → src/wallet-instance-attestation}/index.d.ts +0 -0
  118. /package/lib/typescript/{wallet-instance-attestation → src/wallet-instance-attestation}/issuing.d.ts +0 -0
@@ -1,7 +1,8 @@
1
- import { AuthRequestDecodeError, IoWalletError } from "../utils/errors";
2
- import { decode as decodeJwt, decodeBase64, sha256ToBase64, SignJWT } from "@pagopa/io-react-native-jwt";
1
+ import { AuthRequestDecodeError, IoWalletError, NoSuitableKeysFoundInEntityConfiguration } from "../utils/errors";
2
+ import { decode as decodeJwt, decodeBase64, sha256ToBase64, SignJWT, EncryptJwe, verify } from "@pagopa/io-react-native-jwt";
3
3
  import { QRCodePayload, RequestObject, RpEntityConfiguration } from "./types";
4
4
  import uuid from "react-native-uuid";
5
+ import { disclose } from "../sd-jwt";
5
6
  export class RelyingPartySolution {
6
7
  constructor(relyingPartyBaseUrl, walletInstanceAttestation) {
7
8
  let appFetch = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : fetch;
@@ -62,14 +63,16 @@ export class RelyingPartySolution {
62
63
 
63
64
  /**
64
65
  * Obtain the Request Object for RP authentication
66
+ * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
65
67
  *
66
- * @function
68
+ * @async @function
67
69
  * @param signedWalletInstanceDPoP JWT of the Wallet Instance Attestation DPoP
68
70
  *
69
71
  * @returns The Request Object JWT
72
+ * @throws {NoSuitableKeysFoundInEntityConfiguration} When the Request Object is signed with a key not listed in RP's entity configuration
70
73
  *
71
74
  */
72
- async getRequestObject(signedWalletInstanceDPoP) {
75
+ async getRequestObject(signedWalletInstanceDPoP, entity) {
73
76
  const decodedJwtDPop = await decodeJwt(signedWalletInstanceDPoP);
74
77
  const requestUri = decodedJwtDPop.payload.htu;
75
78
  const response = await this.appFetch(requestUri, {
@@ -81,7 +84,24 @@ export class RelyingPartySolution {
81
84
  });
82
85
  if (response.status === 200) {
83
86
  const responseText = await response.text();
84
- const responseJwt = await decodeJwt(responseText);
87
+ const responseJwt = decodeJwt(responseText);
88
+
89
+ // verify token signature according to RP's entity configuration
90
+ // to ensure the request object is authentic
91
+ {
92
+ const pubKey = entity.payload.jwks.keys.find(_ref => {
93
+ let {
94
+ kid
95
+ } = _ref;
96
+ return kid === responseJwt.protectedHeader.kid;
97
+ });
98
+ if (!pubKey) {
99
+ throw new NoSuitableKeysFoundInEntityConfiguration("Request Object signature verification");
100
+ }
101
+ await verify(responseText, pubKey);
102
+ }
103
+
104
+ // parse request object it has the expected shape by specification
85
105
  const requestObj = RequestObject.parse({
86
106
  header: responseJwt.protectedHeader,
87
107
  payload: responseJwt.payload
@@ -91,6 +111,131 @@ export class RelyingPartySolution {
91
111
  throw new IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}`);
92
112
  }
93
113
 
114
+ /**
115
+ * Prepare the Verified Presentation token for a received request object in the context of an authorization request flow.
116
+ * The presentation is prepared by disclosing data from provided credentials, according to requested claims
117
+ * Each Verified Credential come along with the claims the user accepts to disclose from it.
118
+ *
119
+ * The returned token is unsigned (sign should be apply by the caller).
120
+ *
121
+ * @todo accept more than a Verified Credential
122
+ *
123
+ * @param requestObj The incoming request object, which the requirements for the requested authorization
124
+ * @param presentation The Verified Credential containing user data along with the list of claims to be disclosed.
125
+ * @returns The unsigned Verified Presentation token
126
+ * @throws {ClaimsNotFoundBetweenDislosures} If the Verified Credential does not contain one or more requested claims.
127
+ *
128
+ */
129
+ async prepareVpToken(requestObj, _ref2) {
130
+ let [vc, claims] = _ref2;
131
+ // this throws if vc cannot satisfy all the requested claims
132
+ const {
133
+ token: vp,
134
+ paths
135
+ } = await disclose(vc, claims);
136
+
137
+ // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
138
+
139
+ const vp_token = new SignJWT({
140
+ vp
141
+ }).setAudience(requestObj.payload.response_uri).setExpirationTime("1h").setProtectedHeader({
142
+ typ: "JWT",
143
+ alg: "ES256"
144
+ }).toSign();
145
+ const [definition_id, vc_scope] = requestObj.payload.scope;
146
+ const presentation_submission = {
147
+ definition_id,
148
+ id: `${uuid.v4()}`,
149
+ descriptor_map: paths.map(p => ({
150
+ id: vc_scope,
151
+ path: `$.vp_token.${p.path}`,
152
+ format: "vc+sd-jwt"
153
+ }))
154
+ };
155
+ return {
156
+ vp_token,
157
+ presentation_submission
158
+ };
159
+ }
160
+
161
+ /**
162
+ * Compose and send an Authorization Response in the context of an authorization request flow.
163
+ *
164
+ * @todo MUST add presentation_submission
165
+ *
166
+ * @param requestObj The incoming request object, which the requirements for the requested authorization
167
+ * @param vp_token The signed Verified Presentation token with data to send.
168
+ * @param presentation_submission
169
+ * @param entity The RP entity configuration
170
+ * @returns The response from the RP
171
+ * @throws {IoWalletError} if the submission fails.
172
+ * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key
173
+ *
174
+ */
175
+ async sendAuthorizationResponse(requestObj, vp_token, presentation_submission, entity) {
176
+ // the request is an unsigned jws without iss, aud, exp
177
+ // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
178
+ const jwk = this.choosePublicKeyToEncrypt(entity);
179
+ const enc = this.getEncryptionAlgByJwk(jwk);
180
+ const authzResponsePayload = JSON.stringify({
181
+ state: requestObj.payload.state,
182
+ presentation_submission,
183
+ vp_token
184
+ });
185
+ const encrypted = await new EncryptJwe(authzResponsePayload, {
186
+ alg: jwk.alg,
187
+ enc
188
+ }).encrypt(jwk);
189
+ const formBody = new URLSearchParams({
190
+ response: encrypted
191
+ });
192
+ const response = await this.appFetch(requestObj.payload.response_uri, {
193
+ method: "POST",
194
+ headers: {
195
+ "Content-Type": "application/x-www-form-urlencoded"
196
+ },
197
+ body: formBody.toString()
198
+ });
199
+ if (response.status === 200) {
200
+ return response.text();
201
+ }
202
+ throw new IoWalletError(`Unable to send Authorization Response. Response code: ${response.status}`);
203
+ }
204
+
205
+ /**
206
+ * Select a public key from those provided by the RP.
207
+ * Keys with algorithm "RSA-OAEP-256" or "RSA-OAEP" are expected, the firsts to be preferred.
208
+ *
209
+ * @param entity The RP entity configuration
210
+ * @returns A suitable public key with its compatible encryption algorithm
211
+ * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
212
+ */
213
+ choosePublicKeyToEncrypt(entity) {
214
+ // Look for keys using "RSA-OAEP-256", and pick a random one
215
+ const [usingRsa256] = entity.payload.jwks.keys.filter(k => typeof k.alg === "string" && k.alg === "RSA-OAEP-256");
216
+ if (usingRsa256) {
217
+ return usingRsa256;
218
+ }
219
+
220
+ // Look for keys using "RSA-OAEP", and pick a random one
221
+ const [usingRsa] = entity.payload.jwks.keys.filter(k => typeof k.alg === "string" && k.alg === "RSA-OAEP");
222
+ if (usingRsa) {
223
+ return usingRsa;
224
+ }
225
+
226
+ // No suitable key has been found
227
+ throw new NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
228
+ }
229
+ getEncryptionAlgByJwk(_ref3) {
230
+ let {
231
+ alg
232
+ } = _ref3;
233
+ if (alg === "RSA-OAEP-256") return "A256CBC-HS512";
234
+ if (alg === "RSA-OAEP") return "A128CBC-HS256";
235
+ const _ = alg;
236
+ throw new Error(`Invalid jwk algorithm: ${_}`);
237
+ }
238
+
94
239
  /**
95
240
  * Obtain the relying party entity configuration.
96
241
  */
@@ -1 +1 @@
1
- {"version":3,"names":["AuthRequestDecodeError","IoWalletError","decode","decodeJwt","decodeBase64","sha256ToBase64","SignJWT","QRCodePayload","RequestObject","RpEntityConfiguration","uuid","RelyingPartySolution","constructor","relyingPartyBaseUrl","walletInstanceAttestation","appFetch","arguments","length","undefined","fetch","decodeAuthRequestQR","qrcode","decoded","decodedUrl","URL","protocol","resource","hostname","requestURI","searchParams","get","clientId","result","safeParse","success","data","error","message","getUnsignedWalletInstanceDPoP","walletInstanceAttestationJwk","authRequestUrl","jti","v4","htm","htu","ath","setProtectedHeader","alg","jwk","typ","setIssuedAt","setExpirationTime","toSign","getRequestObject","signedWalletInstanceDPoP","decodedJwtDPop","requestUri","payload","response","method","headers","Authorization","DPoP","status","responseText","text","responseJwt","requestObj","parse","header","protectedHeader","getEntityConfiguration","wellKnownUrl","href"],"sourceRoot":"../../../src","sources":["rp/index.ts"],"mappings":"AAAA,SAASA,sBAAsB,EAAEC,aAAa,QAAQ,iBAAiB;AACvE,SACEC,MAAM,IAAIC,SAAS,EACnBC,YAAY,EACZC,cAAc,EACdC,OAAO,QACF,6BAA6B;AACpC,SAASC,aAAa,EAAEC,aAAa,EAAEC,qBAAqB,QAAQ,SAAS;AAE7E,OAAOC,IAAI,MAAM,mBAAmB;AAGpC,OAAO,MAAMC,oBAAoB,CAAC;EAKhCC,WAAWA,CACTC,mBAA2B,EAC3BC,yBAAiC,EAEjC;IAAA,IADAC,QAA8B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;IAEtC,IAAI,CAACN,mBAAmB,GAAGA,mBAAmB;IAC9C,IAAI,CAACC,yBAAyB,GAAGA,yBAAyB;IAC1D,IAAI,CAACC,QAAQ,GAAGA,QAAQ;EAC1B;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACE,OAAOK,mBAAmBA,CAACC,MAAc,EAAiB;IACxD,MAAMC,OAAO,GAAGlB,YAAY,CAACiB,MAAM,CAAC;IACpC,MAAME,UAAU,GAAG,IAAIC,GAAG,CAACF,OAAO,CAAC;IACnC,MAAMG,QAAQ,GAAGF,UAAU,CAACE,QAAQ;IACpC,MAAMC,QAAQ,GAAGH,UAAU,CAACI,QAAQ;IACpC,MAAMC,UAAU,GAAGL,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC;IAC7D,MAAMC,QAAQ,GAAGR,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,WAAW,CAAC;IAEzD,MAAME,MAAM,GAAGzB,aAAa,CAAC0B,SAAS,CAAC;MACrCR,QAAQ;MACRC,QAAQ;MACRE,UAAU;MACVG;IACF,CAAC,CAAC;IAEF,IAAIC,MAAM,CAACE,OAAO,EAAE;MAClB,OAAOF,MAAM,CAACG,IAAI;IACpB,CAAC,MAAM;MACL,MAAM,IAAInC,sBAAsB,CAACgC,MAAM,CAACI,KAAK,CAACC,OAAO,EAAG,GAAEd,UAAW,EAAC,CAAC;IACzE;EACF;EACA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMe,6BAA6BA,CACjCC,4BAAiC,EACjCC,cAAsB,EACL;IACjB,OAAO,MAAM,IAAIlC,OAAO,CAAC;MACvBmC,GAAG,EAAG,GAAE/B,IAAI,CAACgC,EAAE,CAAC,CAAE,EAAC;MACnBC,GAAG,EAAE,KAAK;MACVC,GAAG,EAAEJ,cAAc;MACnBK,GAAG,EAAE,MAAMxC,cAAc,CAAC,IAAI,CAACS,yBAAyB;IAC1D,CAAC,CAAC,CACCgC,kBAAkB,CAAC;MAClBC,GAAG,EAAE,OAAO;MACZC,GAAG,EAAET,4BAA4B;MACjCU,GAAG,EAAE;IACP,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,MAAM,CAAC,CAAC;EACb;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMC,gBAAgBA,CACpBC,wBAAgC,EACR;IACxB,MAAMC,cAAc,GAAG,MAAMpD,SAAS,CAACmD,wBAAwB,CAAC;IAChE,MAAME,UAAU,GAAGD,cAAc,CAACE,OAAO,CAACb,GAAa;IACvD,MAAMc,QAAQ,GAAG,MAAM,IAAI,CAAC3C,QAAQ,CAACyC,UAAU,EAAE;MAC/CG,MAAM,EAAE,KAAK;MACbC,OAAO,EAAE;QACPC,aAAa,EAAG,QAAO,IAAI,CAAC/C,yBAA0B,EAAC;QACvDgD,IAAI,EAAER;MACR;IACF,CAAC,CAAC;IAEF,IAAII,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,YAAY,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MAC1C,MAAMC,WAAW,GAAG,MAAM/D,SAAS,CAAC6D,YAAY,CAAC;MACjD,MAAMG,UAAU,GAAG3D,aAAa,CAAC4D,KAAK,CAAC;QACrCC,MAAM,EAAEH,WAAW,CAACI,eAAe;QACnCb,OAAO,EAAES,WAAW,CAACT;MACvB,CAAC,CAAC;MACF,OAAOU,UAAU;IACnB;IAEA,MAAM,IAAIlE,aAAa,CACpB,mDAAkDyD,QAAQ,CAACK,MAAO,EACrE,CAAC;EACH;;EAEA;AACF;AACA;EACE,MAAMQ,sBAAsBA,CAAA,EAAmC;IAC7D,MAAMC,YAAY,GAAG,IAAIhD,GAAG,CAC1B,gCAAgC,EAChC,IAAI,CAACX,mBACP,CAAC,CAAC4D,IAAI;IAEN,MAAMf,QAAQ,GAAG,MAAM,IAAI,CAAC3C,QAAQ,CAACyD,YAAY,EAAE;MACjDb,MAAM,EAAE;IACV,CAAC,CAAC;IAEF,IAAID,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,YAAY,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MAC1C,MAAMC,WAAW,GAAG,MAAM/D,SAAS,CAAC6D,YAAY,CAAC;MACjD,OAAOvD,qBAAqB,CAAC2D,KAAK,CAAC;QACjCC,MAAM,EAAEH,WAAW,CAACI,eAAe;QACnCb,OAAO,EAAES,WAAW,CAACT;MACvB,CAAC,CAAC;IACJ;IAEA,MAAM,IAAIxD,aAAa,CACpB,4DAA2DyD,QAAQ,CAACK,MAAO,EAC9E,CAAC;EACH;AACF"}
1
+ {"version":3,"names":["AuthRequestDecodeError","IoWalletError","NoSuitableKeysFoundInEntityConfiguration","decode","decodeJwt","decodeBase64","sha256ToBase64","SignJWT","EncryptJwe","verify","QRCodePayload","RequestObject","RpEntityConfiguration","uuid","disclose","RelyingPartySolution","constructor","relyingPartyBaseUrl","walletInstanceAttestation","appFetch","arguments","length","undefined","fetch","decodeAuthRequestQR","qrcode","decoded","decodedUrl","URL","protocol","resource","hostname","requestURI","searchParams","get","clientId","result","safeParse","success","data","error","message","getUnsignedWalletInstanceDPoP","walletInstanceAttestationJwk","authRequestUrl","jti","v4","htm","htu","ath","setProtectedHeader","alg","jwk","typ","setIssuedAt","setExpirationTime","toSign","getRequestObject","signedWalletInstanceDPoP","entity","decodedJwtDPop","requestUri","payload","response","method","headers","Authorization","DPoP","status","responseText","text","responseJwt","pubKey","jwks","keys","find","_ref","kid","protectedHeader","requestObj","parse","header","prepareVpToken","_ref2","vc","claims","token","vp","paths","vp_token","setAudience","response_uri","definition_id","vc_scope","scope","presentation_submission","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","choosePublicKeyToEncrypt","enc","getEncryptionAlgByJwk","authzResponsePayload","JSON","stringify","state","encrypted","encrypt","formBody","URLSearchParams","body","toString","usingRsa256","filter","k","usingRsa","_ref3","_","Error","getEntityConfiguration","wellKnownUrl","href"],"sourceRoot":"../../../src","sources":["rp/index.ts"],"mappings":"AAAA,SACEA,sBAAsB,EACtBC,aAAa,EACbC,wCAAwC,QACnC,iBAAiB;AACxB,SACEC,MAAM,IAAIC,SAAS,EACnBC,YAAY,EACZC,cAAc,EACdC,OAAO,EACPC,UAAU,EACVC,MAAM,QACD,6BAA6B;AACpC,SACEC,aAAa,EACbC,aAAa,EACbC,qBAAqB,QAEhB,SAAS;AAEhB,OAAOC,IAAI,MAAM,mBAAmB;AAEpC,SAASC,QAAQ,QAAQ,WAAW;AAEpC,OAAO,MAAMC,oBAAoB,CAAC;EAKhCC,WAAWA,CACTC,mBAA2B,EAC3BC,yBAAiC,EAEjC;IAAA,IADAC,QAA8B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;IAEtC,IAAI,CAACN,mBAAmB,GAAGA,mBAAmB;IAC9C,IAAI,CAACC,yBAAyB,GAAGA,yBAAyB;IAC1D,IAAI,CAACC,QAAQ,GAAGA,QAAQ;EAC1B;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACE,OAAOK,mBAAmBA,CAACC,MAAc,EAAiB;IACxD,MAAMC,OAAO,GAAGrB,YAAY,CAACoB,MAAM,CAAC;IACpC,MAAME,UAAU,GAAG,IAAIC,GAAG,CAACF,OAAO,CAAC;IACnC,MAAMG,QAAQ,GAAGF,UAAU,CAACE,QAAQ;IACpC,MAAMC,QAAQ,GAAGH,UAAU,CAACI,QAAQ;IACpC,MAAMC,UAAU,GAAGL,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC;IAC7D,MAAMC,QAAQ,GAAGR,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,WAAW,CAAC;IAEzD,MAAME,MAAM,GAAG1B,aAAa,CAAC2B,SAAS,CAAC;MACrCR,QAAQ;MACRC,QAAQ;MACRE,UAAU;MACVG;IACF,CAAC,CAAC;IAEF,IAAIC,MAAM,CAACE,OAAO,EAAE;MAClB,OAAOF,MAAM,CAACG,IAAI;IACpB,CAAC,MAAM;MACL,MAAM,IAAIvC,sBAAsB,CAACoC,MAAM,CAACI,KAAK,CAACC,OAAO,EAAG,GAAEd,UAAW,EAAC,CAAC;IACzE;EACF;EACA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMe,6BAA6BA,CACjCC,4BAAiC,EACjCC,cAAsB,EACL;IACjB,OAAO,MAAM,IAAIrC,OAAO,CAAC;MACvBsC,GAAG,EAAG,GAAEhC,IAAI,CAACiC,EAAE,CAAC,CAAE,EAAC;MACnBC,GAAG,EAAE,KAAK;MACVC,GAAG,EAAEJ,cAAc;MACnBK,GAAG,EAAE,MAAM3C,cAAc,CAAC,IAAI,CAACY,yBAAyB;IAC1D,CAAC,CAAC,CACCgC,kBAAkB,CAAC;MAClBC,GAAG,EAAE,OAAO;MACZC,GAAG,EAAET,4BAA4B;MACjCU,GAAG,EAAE;IACP,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,MAAM,CAAC,CAAC;EACb;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMC,gBAAgBA,CACpBC,wBAAgC,EAChCC,MAA6B,EACL;IACxB,MAAMC,cAAc,GAAG,MAAMxD,SAAS,CAACsD,wBAAwB,CAAC;IAChE,MAAMG,UAAU,GAAGD,cAAc,CAACE,OAAO,CAACd,GAAa;IACvD,MAAMe,QAAQ,GAAG,MAAM,IAAI,CAAC5C,QAAQ,CAAC0C,UAAU,EAAE;MAC/CG,MAAM,EAAE,KAAK;MACbC,OAAO,EAAE;QACPC,aAAa,EAAG,QAAO,IAAI,CAAChD,yBAA0B,EAAC;QACvDiD,IAAI,EAAET;MACR;IACF,CAAC,CAAC;IAEF,IAAIK,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,YAAY,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MAC1C,MAAMC,WAAW,GAAGnE,SAAS,CAACiE,YAAY,CAAC;;MAE3C;MACA;MACA;QACE,MAAMG,MAAM,GAAGb,MAAM,CAACG,OAAO,CAACW,IAAI,CAACC,IAAI,CAACC,IAAI,CAC1CC,IAAA;UAAA,IAAC;YAAEC;UAAI,CAAC,GAAAD,IAAA;UAAA,OAAKC,GAAG,KAAKN,WAAW,CAACO,eAAe,CAACD,GAAG;QAAA,CACtD,CAAC;QACD,IAAI,CAACL,MAAM,EAAE;UACX,MAAM,IAAItE,wCAAwC,CAChD,uCACF,CAAC;QACH;QACA,MAAMO,MAAM,CAAC4D,YAAY,EAAEG,MAAM,CAAC;MACpC;;MAEA;MACA,MAAMO,UAAU,GAAGpE,aAAa,CAACqE,KAAK,CAAC;QACrCC,MAAM,EAAEV,WAAW,CAACO,eAAe;QACnChB,OAAO,EAAES,WAAW,CAACT;MACvB,CAAC,CAAC;MAEF,OAAOiB,UAAU;IACnB;IAEA,MAAM,IAAI9E,aAAa,CACpB,mDAAkD8D,QAAQ,CAACK,MAAO,EACrE,CAAC;EACH;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMc,cAAcA,CAClBH,UAAyB,EAAAI,KAAA,EAKxB;IAAA,IAJD,CAACC,EAAE,EAAEC,MAAM,CAAe,GAAAF,KAAA;IAK1B;IACA,MAAM;MAAEG,KAAK,EAAEC,EAAE;MAAEC;IAAM,CAAC,GAAG,MAAM1E,QAAQ,CAACsE,EAAE,EAAEC,MAAM,CAAC;;IAEvD;;IAEA,MAAMI,QAAQ,GAAG,IAAIlF,OAAO,CAAC;MAAEgF;IAAG,CAAC,CAAC,CACjCG,WAAW,CAACX,UAAU,CAACjB,OAAO,CAAC6B,YAAY,CAAC,CAC5CpC,iBAAiB,CAAC,IAAI,CAAC,CACvBL,kBAAkB,CAAC;MAClBG,GAAG,EAAE,KAAK;MACVF,GAAG,EAAE;IACP,CAAC,CAAC,CACDK,MAAM,CAAC,CAAC;IAEX,MAAM,CAACoC,aAAa,EAAEC,QAAQ,CAAC,GAAGd,UAAU,CAACjB,OAAO,CAACgC,KAAK;IAC1D,MAAMC,uBAAuB,GAAG;MAC9BH,aAAa;MACbI,EAAE,EAAG,GAAEnF,IAAI,CAACiC,EAAE,CAAC,CAAE,EAAC;MAClBmD,cAAc,EAAET,KAAK,CAACU,GAAG,CAAEC,CAAC,KAAM;QAChCH,EAAE,EAAEH,QAAQ;QACZO,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;QAC5BC,MAAM,EAAE;MACV,CAAC,CAAC;IACJ,CAAC;IAED,OAAO;MAAEZ,QAAQ;MAAEM;IAAwB,CAAC;EAC9C;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMO,yBAAyBA,CAC7BvB,UAAyB,EACzBU,QAAgB,EAChBM,uBAAgD,EAChDpC,MAA6B,EACZ;IACjB;IACA;IACA,MAAMP,GAAG,GAAG,IAAI,CAACmD,wBAAwB,CAAC5C,MAAM,CAAC;IACjD,MAAM6C,GAAG,GAAG,IAAI,CAACC,qBAAqB,CAACrD,GAAG,CAAC;IAE3C,MAAMsD,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;MAC1CC,KAAK,EAAE9B,UAAU,CAACjB,OAAO,CAAC+C,KAAK;MAC/Bd,uBAAuB;MACvBN;IACF,CAAC,CAAC;IACF,MAAMqB,SAAS,GAAG,MAAM,IAAItG,UAAU,CAACkG,oBAAoB,EAAE;MAC3DvD,GAAG,EAAEC,GAAG,CAACD,GAAG;MACZqD;IACF,CAAC,CAAC,CAACO,OAAO,CAAC3D,GAAG,CAAC;IAEf,MAAM4D,QAAQ,GAAG,IAAIC,eAAe,CAAC;MAAElD,QAAQ,EAAE+C;IAAU,CAAC,CAAC;IAC7D,MAAM/C,QAAQ,GAAG,MAAM,IAAI,CAAC5C,QAAQ,CAAC4D,UAAU,CAACjB,OAAO,CAAC6B,YAAY,EAAE;MACpE3B,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDiD,IAAI,EAAEF,QAAQ,CAACG,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIpD,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAOL,QAAQ,CAACO,IAAI,CAAC,CAAC;IACxB;IAEA,MAAM,IAAIrE,aAAa,CACpB,yDAAwD8D,QAAQ,CAACK,MAAO,EAC3E,CAAC;EACH;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACUmC,wBAAwBA,CAC9B5C,MAA6B,EACkC;IAC/D;IACA,MAAM,CAACyD,WAAW,CAAC,GAAGzD,MAAM,CAACG,OAAO,CAACW,IAAI,CAACC,IAAI,CAAC2C,MAAM,CAC/CC,CAAuB,IACzB,OAAOA,CAAC,CAACnE,GAAG,KAAK,QAAQ,IAAImE,CAAC,CAACnE,GAAG,KAAK,cAC3C,CAAC;IAED,IAAIiE,WAAW,EAAE;MACf,OAAOA,WAAW;IACpB;;IAEA;IACA,MAAM,CAACG,QAAQ,CAAC,GAAG5D,MAAM,CAACG,OAAO,CAACW,IAAI,CAACC,IAAI,CAAC2C,MAAM,CAC5CC,CAAuB,IACzB,OAAOA,CAAC,CAACnE,GAAG,KAAK,QAAQ,IAAImE,CAAC,CAACnE,GAAG,KAAK,UAC3C,CAAC;IAED,IAAIoE,QAAQ,EAAE;MACZ,OAAOA,QAAQ;IACjB;;IAEA;IACA,MAAM,IAAIrH,wCAAwC,CAChD,4BACF,CAAC;EACH;EAEQuG,qBAAqBA,CAAAe,KAAA,EAIT;IAAA,IAJU;MAC5BrE;IAC6D,CAAC,GAAAqE,KAAA;IAG9D,IAAIrE,GAAG,KAAK,cAAc,EAAE,OAAO,eAAe;IAClD,IAAIA,GAAG,KAAK,UAAU,EAAE,OAAO,eAAe;IAE9C,MAAMsE,CAAQ,GAAGtE,GAAG;IACpB,MAAM,IAAIuE,KAAK,CAAE,0BAAyBD,CAAE,EAAC,CAAC;EAChD;;EAEA;AACF;AACA;EACE,MAAME,sBAAsBA,CAAA,EAAmC;IAC7D,MAAMC,YAAY,GAAG,IAAIhG,GAAG,CAC1B,gCAAgC,EAChC,IAAI,CAACX,mBACP,CAAC,CAAC4G,IAAI;IAEN,MAAM9D,QAAQ,GAAG,MAAM,IAAI,CAAC5C,QAAQ,CAACyG,YAAY,EAAE;MACjD5D,MAAM,EAAE;IACV,CAAC,CAAC;IAEF,IAAID,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,YAAY,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MAC1C,MAAMC,WAAW,GAAG,MAAMnE,SAAS,CAACiE,YAAY,CAAC;MACjD,OAAOzD,qBAAqB,CAACoE,KAAK,CAAC;QACjCC,MAAM,EAAEV,WAAW,CAACO,eAAe;QACnChB,OAAO,EAAES,WAAW,CAACT;MACvB,CAAC,CAAC;IACJ;IAEA,MAAM,IAAI7D,aAAa,CACpB,4DAA2D8D,QAAQ,CAACK,MAAO,EAC9E,CAAC;EACH;AACF"}
@@ -67,4 +67,8 @@ export const QRCodePayload = z.object({
67
67
  clientId: z.string(),
68
68
  requestURI: z.string()
69
69
  });
70
+
71
+ /**
72
+ * A pair that associate a tokenized Verified Credential with the claims presented or requested to present.
73
+ */
70
74
  //# sourceMappingURL=types.js.map
@@ -1 +1 @@
1
- {"version":3,"names":["JWK","UnixTime","z","RequestObject","object","header","typ","literal","alg","string","kid","trust_chain","array","payload","iss","iat","exp","state","nonce","response_uri","response_type","response_mode","client_id","client_id_scheme","scope","RpEntityConfiguration","sub","jwks","keys","metadata","wallet_relying_party","application_type","client_name","contacts","federation_entity","organization_name","homepage_uri","policy_uri","logo_uri","authority_hints","QRCodePayload","protocol","resource","clientId","requestURI"],"sourceRoot":"../../../src","sources":["rp/types.ts"],"mappings":"AAAA,SAASA,GAAG,QAAQ,cAAc;AAClC,SAASC,QAAQ,QAAQ,iBAAiB;AAC1C,OAAO,KAAKC,CAAC,MAAM,KAAK;AAGxB,OAAO,MAAMC,aAAa,GAAGD,CAAC,CAACE,MAAM,CAAC;EACpCC,MAAM,EAAEH,CAAC,CAACE,MAAM,CAAC;IACfE,GAAG,EAAEJ,CAAC,CAACK,OAAO,CAAC,KAAK,CAAC;IACrBC,GAAG,EAAEN,CAAC,CAACO,MAAM,CAAC,CAAC;IACfC,GAAG,EAAER,CAAC,CAACO,MAAM,CAAC,CAAC;IACfE,WAAW,EAAET,CAAC,CAACU,KAAK,CAACV,CAAC,CAACO,MAAM,CAAC,CAAC;EACjC,CAAC,CAAC;EACFI,OAAO,EAAEX,CAAC,CAACE,MAAM,CAAC;IAChBU,GAAG,EAAEZ,CAAC,CAACO,MAAM,CAAC,CAAC;IACfM,GAAG,EAAEd,QAAQ;IACbe,GAAG,EAAEf,QAAQ;IACbgB,KAAK,EAAEf,CAAC,CAACO,MAAM,CAAC,CAAC;IACjBS,KAAK,EAAEhB,CAAC,CAACO,MAAM,CAAC,CAAC;IACjBU,YAAY,EAAEjB,CAAC,CAACO,MAAM,CAAC,CAAC;IACxBW,aAAa,EAAElB,CAAC,CAACK,OAAO,CAAC,UAAU,CAAC;IACpCc,aAAa,EAAEnB,CAAC,CAACK,OAAO,CAAC,iBAAiB,CAAC;IAC3Ce,SAAS,EAAEpB,CAAC,CAACO,MAAM,CAAC,CAAC;IACrBc,gBAAgB,EAAErB,CAAC,CAACK,OAAO,CAAC,WAAW,CAAC;IACxCiB,KAAK,EAAEtB,CAAC,CAACO,MAAM,CAAC;EAClB,CAAC;AACH,CAAC,CAAC;;AAEF;;AAEA,OAAO,MAAMgB,qBAAqB,GAAGvB,CAAC,CAACE,MAAM,CAAC;EAC5CC,MAAM,EAAEH,CAAC,CAACE,MAAM,CAAC;IACfE,GAAG,EAAEJ,CAAC,CAACK,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEN,CAAC,CAACO,MAAM,CAAC,CAAC;IACfC,GAAG,EAAER,CAAC,CAACO,MAAM,CAAC;EAChB,CAAC,CAAC;EACFI,OAAO,EAAEX,CAAC,CAACE,MAAM,CAAC;IAChBY,GAAG,EAAEf,QAAQ;IACbc,GAAG,EAAEd,QAAQ;IACba,GAAG,EAAEZ,CAAC,CAACO,MAAM,CAAC,CAAC;IACfiB,GAAG,EAAExB,CAAC,CAACO,MAAM,CAAC,CAAC;IACfkB,IAAI,EAAEzB,CAAC,CAACE,MAAM,CAAC;MACbwB,IAAI,EAAE1B,CAAC,CAACU,KAAK,CAACZ,GAAG;IACnB,CAAC,CAAC;IACF6B,QAAQ,EAAE3B,CAAC,CAACE,MAAM,CAAC;MACjB0B,oBAAoB,EAAE5B,CAAC,CAACE,MAAM,CAAC;QAC7B2B,gBAAgB,EAAE7B,CAAC,CAACO,MAAM,CAAC,CAAC;QAC5Ba,SAAS,EAAEpB,CAAC,CAACO,MAAM,CAAC,CAAC;QACrBuB,WAAW,EAAE9B,CAAC,CAACO,MAAM,CAAC,CAAC;QACvBkB,IAAI,EAAEzB,CAAC,CAACE,MAAM,CAAC;UACbwB,IAAI,EAAE1B,CAAC,CAACU,KAAK,CAACZ,GAAG;QACnB,CAAC,CAAC;QACFiC,QAAQ,EAAE/B,CAAC,CAACU,KAAK,CAACV,CAAC,CAACO,MAAM,CAAC,CAAC;MAC9B,CAAC,CAAC;MACFyB,iBAAiB,EAAEhC,CAAC,CAACE,MAAM,CAAC;QAC1B+B,iBAAiB,EAAEjC,CAAC,CAACO,MAAM,CAAC,CAAC;QAC7B2B,YAAY,EAAElC,CAAC,CAACO,MAAM,CAAC,CAAC;QACxB4B,UAAU,EAAEnC,CAAC,CAACO,MAAM,CAAC,CAAC;QACtB6B,QAAQ,EAAEpC,CAAC,CAACO,MAAM,CAAC,CAAC;QACpBwB,QAAQ,EAAE/B,CAAC,CAACU,KAAK,CAACV,CAAC,CAACO,MAAM,CAAC,CAAC;MAC9B,CAAC;IACH,CAAC,CAAC;IACF8B,eAAe,EAAErC,CAAC,CAACU,KAAK,CAACV,CAAC,CAACO,MAAM,CAAC,CAAC;EACrC,CAAC;AACH,CAAC,CAAC;AAGF,OAAO,MAAM+B,aAAa,GAAGtC,CAAC,CAACE,MAAM,CAAC;EACpCqC,QAAQ,EAAEvC,CAAC,CAACK,OAAO,CAAC,QAAQ,CAAC;EAC7BmC,QAAQ,EAAExC,CAAC,CAACO,MAAM,CAAC,CAAC;EAAE;EACtBkC,QAAQ,EAAEzC,CAAC,CAACO,MAAM,CAAC,CAAC;EACpBmC,UAAU,EAAE1C,CAAC,CAACO,MAAM,CAAC;AACvB,CAAC,CAAC"}
1
+ {"version":3,"names":["JWK","UnixTime","z","RequestObject","object","header","typ","literal","alg","string","kid","trust_chain","array","payload","iss","iat","exp","state","nonce","response_uri","response_type","response_mode","client_id","client_id_scheme","scope","RpEntityConfiguration","sub","jwks","keys","metadata","wallet_relying_party","application_type","client_name","contacts","federation_entity","organization_name","homepage_uri","policy_uri","logo_uri","authority_hints","QRCodePayload","protocol","resource","clientId","requestURI"],"sourceRoot":"../../../src","sources":["rp/types.ts"],"mappings":"AAAA,SAASA,GAAG,QAAQ,cAAc;AAClC,SAASC,QAAQ,QAAQ,iBAAiB;AAC1C,OAAO,KAAKC,CAAC,MAAM,KAAK;AAGxB,OAAO,MAAMC,aAAa,GAAGD,CAAC,CAACE,MAAM,CAAC;EACpCC,MAAM,EAAEH,CAAC,CAACE,MAAM,CAAC;IACfE,GAAG,EAAEJ,CAAC,CAACK,OAAO,CAAC,KAAK,CAAC;IACrBC,GAAG,EAAEN,CAAC,CAACO,MAAM,CAAC,CAAC;IACfC,GAAG,EAAER,CAAC,CAACO,MAAM,CAAC,CAAC;IACfE,WAAW,EAAET,CAAC,CAACU,KAAK,CAACV,CAAC,CAACO,MAAM,CAAC,CAAC;EACjC,CAAC,CAAC;EACFI,OAAO,EAAEX,CAAC,CAACE,MAAM,CAAC;IAChBU,GAAG,EAAEZ,CAAC,CAACO,MAAM,CAAC,CAAC;IACfM,GAAG,EAAEd,QAAQ;IACbe,GAAG,EAAEf,QAAQ;IACbgB,KAAK,EAAEf,CAAC,CAACO,MAAM,CAAC,CAAC;IACjBS,KAAK,EAAEhB,CAAC,CAACO,MAAM,CAAC,CAAC;IACjBU,YAAY,EAAEjB,CAAC,CAACO,MAAM,CAAC,CAAC;IACxBW,aAAa,EAAElB,CAAC,CAACK,OAAO,CAAC,UAAU,CAAC;IACpCc,aAAa,EAAEnB,CAAC,CAACK,OAAO,CAAC,iBAAiB,CAAC;IAC3Ce,SAAS,EAAEpB,CAAC,CAACO,MAAM,CAAC,CAAC;IACrBc,gBAAgB,EAAErB,CAAC,CAACK,OAAO,CAAC,WAAW,CAAC;IACxCiB,KAAK,EAAEtB,CAAC,CAACO,MAAM,CAAC;EAClB,CAAC;AACH,CAAC,CAAC;;AAEF;;AAEA,OAAO,MAAMgB,qBAAqB,GAAGvB,CAAC,CAACE,MAAM,CAAC;EAC5CC,MAAM,EAAEH,CAAC,CAACE,MAAM,CAAC;IACfE,GAAG,EAAEJ,CAAC,CAACK,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEN,CAAC,CAACO,MAAM,CAAC,CAAC;IACfC,GAAG,EAAER,CAAC,CAACO,MAAM,CAAC;EAChB,CAAC,CAAC;EACFI,OAAO,EAAEX,CAAC,CAACE,MAAM,CAAC;IAChBY,GAAG,EAAEf,QAAQ;IACbc,GAAG,EAAEd,QAAQ;IACba,GAAG,EAAEZ,CAAC,CAACO,MAAM,CAAC,CAAC;IACfiB,GAAG,EAAExB,CAAC,CAACO,MAAM,CAAC,CAAC;IACfkB,IAAI,EAAEzB,CAAC,CAACE,MAAM,CAAC;MACbwB,IAAI,EAAE1B,CAAC,CAACU,KAAK,CAACZ,GAAG;IACnB,CAAC,CAAC;IACF6B,QAAQ,EAAE3B,CAAC,CAACE,MAAM,CAAC;MACjB0B,oBAAoB,EAAE5B,CAAC,CAACE,MAAM,CAAC;QAC7B2B,gBAAgB,EAAE7B,CAAC,CAACO,MAAM,CAAC,CAAC;QAC5Ba,SAAS,EAAEpB,CAAC,CAACO,MAAM,CAAC,CAAC;QACrBuB,WAAW,EAAE9B,CAAC,CAACO,MAAM,CAAC,CAAC;QACvBkB,IAAI,EAAEzB,CAAC,CAACE,MAAM,CAAC;UACbwB,IAAI,EAAE1B,CAAC,CAACU,KAAK,CAACZ,GAAG;QACnB,CAAC,CAAC;QACFiC,QAAQ,EAAE/B,CAAC,CAACU,KAAK,CAACV,CAAC,CAACO,MAAM,CAAC,CAAC;MAC9B,CAAC,CAAC;MACFyB,iBAAiB,EAAEhC,CAAC,CAACE,MAAM,CAAC;QAC1B+B,iBAAiB,EAAEjC,CAAC,CAACO,MAAM,CAAC,CAAC;QAC7B2B,YAAY,EAAElC,CAAC,CAACO,MAAM,CAAC,CAAC;QACxB4B,UAAU,EAAEnC,CAAC,CAACO,MAAM,CAAC,CAAC;QACtB6B,QAAQ,EAAEpC,CAAC,CAACO,MAAM,CAAC,CAAC;QACpBwB,QAAQ,EAAE/B,CAAC,CAACU,KAAK,CAACV,CAAC,CAACO,MAAM,CAAC,CAAC;MAC9B,CAAC;IACH,CAAC,CAAC;IACF8B,eAAe,EAAErC,CAAC,CAACU,KAAK,CAACV,CAAC,CAACO,MAAM,CAAC,CAAC;EACrC,CAAC;AACH,CAAC,CAAC;AAGF,OAAO,MAAM+B,aAAa,GAAGtC,CAAC,CAACE,MAAM,CAAC;EACpCqC,QAAQ,EAAEvC,CAAC,CAACK,OAAO,CAAC,QAAQ,CAAC;EAC7BmC,QAAQ,EAAExC,CAAC,CAACO,MAAM,CAAC,CAAC;EAAE;EACtBkC,QAAQ,EAAEzC,CAAC,CAACO,MAAM,CAAC,CAAC;EACpBmC,UAAU,EAAE1C,CAAC,CAACO,MAAM,CAAC;AACvB,CAAC,CAAC;;AAEF;AACA;AACA"}
@@ -0,0 +1,118 @@
1
+ import { decode, disclose } from "../index";
2
+ import { encodeBase64, decodeBase64 } from "@pagopa/io-react-native-jwt";
3
+ import { SdJwt4VC } from "../types";
4
+
5
+ // Examples from https://www.ietf.org/id/draft-terbu-sd-jwt-vc-02.html#name-example-4
6
+ // but adapted to adhere to format declared in https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/pid-eaa-data-model.html#id2
7
+ // In short, the token is a Frankenstein composed as follows:
8
+ // - the header is taken from the italian specification, with kid and alg valued according to the signing keys
9
+ // - disclosures are taken from the SD-JWT-4-VC standard
10
+ // - payload is taken from the italian specification, but _sd are compiled with:
11
+ // - "address" is used as verification._sd
12
+ // - all others disclosures are in claims._sd
13
+ const token = "eyJ0eXAiOiJ2YytzZC1qd3QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImIxODZlYTBjMTkyNTc5MzA5N2JmMDFiOGEyODlhNDVmIiwidHJ1c3RfY2hhaW4iOlsiTkVoUmRFUnBZbmxIWTNNNVdsZFdUV1oyYVVobSAuLi4iLCJleUpoYkdjaU9pSlNVekkxTmlJc0ltdHBaQ0k2IC4uLiIsIklrSllkbVp5Ykc1b1FVMTFTRkl3TjJGcVZXMUIgLi4uIl19.eyJpc3MiOiJodHRwczovL2V4YW1wbGUuY29tL2lzc3VlciIsInN1YiI6Ik56YkxzWGg4dURDY2Q3bm9XWEZaQWZIa3hac1JHQzlYcy4uLiIsImp0aSI6InVybjp1dWlkOjZjNWMwYTQ5LWI1ODktNDMxZC1iYWU3LTIxOTEyMmE5ZWMyYyIsImlhdCI6MTU0MTQ5MzcyNCwiZXhwIjoxNTQxNDkzNzI0LCJzdGF0dXMiOiJodHRwczovL2V4YW1wbGUuY29tL3N0YXR1cyIsImNuZiI6eyJqd2siOnsia3R5IjoiUlNBIiwidXNlIjoic2lnIiwibiI6IjFUYS1zRSIsImUiOiJBUUFCIiwia2lkIjoiWWhORlMzWW5DOXRqaUNhaXZoV0xWVUozQXh3R0d6Xzk4dVJGYXFNRUVzIn19LCJ0eXBlIjoiUGVyc29uSWRlbnRpZmljYXRpb25EYXRhIiwidmVyaWZpZWRfY2xhaW1zIjp7InZlcmlmaWNhdGlvbiI6eyJfc2QiOlsiSnpZakg0c3ZsaUgwUjNQeUVNZmVadTZKdDY5dTVxZWhabzdGN0VQWWxTRSJdLCJ0cnVzdF9mcmFtZXdvcmsiOiJlaWRhcyIsImFzc3VyYW5jZV9sZXZlbCI6ImhpZ2gifSwiY2xhaW1zIjp7Il9zZCI6WyIwOXZLckpNT2x5VFdNMHNqcHVfcGRPQlZCUTJNMXkzS2hwSDUxNW5Ya3BZIiwiMnJzakdiYUMwa3k4bVQwcEpyUGlvV1RxMF9kYXcxc1g3NnBvVWxnQ3diSSIsIkVrTzhkaFcwZEhFSmJ2VUhsRV9WQ2V1Qzl1UkVMT2llTFpoaDdYYlVUdEEiLCJJbER6SUtlaVpkRHdwcXBLNlpmYnlwaEZ2ejVGZ25XYS1zTjZ3cVFYQ2l3IiwiUG9yRmJwS3VWdTZ4eW1KYWd2a0ZzRlhBYlJvYzJKR2xBVUEyQkE0bzdjSSIsIlRHZjRvTGJnd2Q1SlFhSHlLVlFaVTlVZEdFMHc1cnREc3JaemZVYW9tTG8iLCJqZHJURThZY2JZNEVpZnVnaWhpQWVfQlBla3hKUVpJQ2VpVVF3WTlRcXhJIiwianN1OXlWdWx3UVFsaEZsTV8zSmx6TWFTRnpnbGhRRzBEcGZheVF3TFVLNCJdfX0sIl9zZF9hbGciOiJzaGEtMjU2In0.8wwSHCd47wCgzRYXvvPTTRXGS-hk9V8jRzy7WSjRBTZxSHxJkGOSWwBVAA-kpJ-IvQS7699aLWxIMqAvr34sOA~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLCAiSm9obiJd~WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgImZhbWlseV9uYW1lIiwgIkRvZSJd~WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImVtYWlsIiwgImpvaG5kb2VAZXhhbXBsZS5jb20iXQ~WyJlSThaV205UW5LUHBOUGVOZW5IZGhRIiwgInBob25lX251bWJlciIsICIrMS0yMDItNTU1LTAxMDEiXQ~WyJBSngtMDk1VlBycFR0TjRRTU9xUk9BIiwgImJpcnRoZGF0ZSIsICIxOTQwLTAxLTAxIl0~WyJQYzMzSk0yTGNoY1VfbEhnZ3ZfdWZRIiwgImlzX292ZXJfMTgiLCB0cnVlXQ~WyJHMDJOU3JRZmpGWFE3SW8wOXN5YWpBIiwgImlzX292ZXJfMjEiLCB0cnVlXQ~WyJsa2x4RjVqTVlsR1RQVW92TU5JdkNBIiwgImlzX292ZXJfNjUiLCB0cnVlXQ~WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9BIiwgImFkZHJlc3MiLCB7InN0cmVldF9hZGRyZXNzIjogIjEyMyBNYWluIFN0IiwgImxvY2FsaXR5IjogIkFueXRvd24iLCAicmVnaW9uIjogIkFueXN0YXRlIiwgImNvdW50cnkiOiAiVVMifV0";
14
+ const unsigned = "eyJ0eXAiOiJ2YytzZC1qd3QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImIxODZlYTBjMTkyNTc5MzA5N2JmMDFiOGEyODlhNDVmIiwidHJ1c3RfY2hhaW4iOlsiTkVoUmRFUnBZbmxIWTNNNVdsZFdUV1oyYVVobSAuLi4iLCJleUpoYkdjaU9pSlNVekkxTmlJc0ltdHBaQ0k2IC4uLiIsIklrSllkbVp5Ykc1b1FVMTFTRkl3TjJGcVZXMUIgLi4uIl19.eyJpc3MiOiJodHRwczovL2V4YW1wbGUuY29tL2lzc3VlciIsInN1YiI6Ik56YkxzWGg4dURDY2Q3bm9XWEZaQWZIa3hac1JHQzlYcy4uLiIsImp0aSI6InVybjp1dWlkOjZjNWMwYTQ5LWI1ODktNDMxZC1iYWU3LTIxOTEyMmE5ZWMyYyIsImlhdCI6MTU0MTQ5MzcyNCwiZXhwIjoxNTQxNDkzNzI0LCJzdGF0dXMiOiJodHRwczovL2V4YW1wbGUuY29tL3N0YXR1cyIsImNuZiI6eyJqd2siOnsia3R5IjoiUlNBIiwidXNlIjoic2lnIiwibiI6IjFUYS1zRSIsImUiOiJBUUFCIiwia2lkIjoiWWhORlMzWW5DOXRqaUNhaXZoV0xWVUozQXh3R0d6Xzk4dVJGYXFNRUVzIn19LCJ0eXBlIjoiUGVyc29uSWRlbnRpZmljYXRpb25EYXRhIiwidmVyaWZpZWRfY2xhaW1zIjp7InZlcmlmaWNhdGlvbiI6eyJfc2QiOlsiSnpZakg0c3ZsaUgwUjNQeUVNZmVadTZKdDY5dTVxZWhabzdGN0VQWWxTRSJdLCJ0cnVzdF9mcmFtZXdvcmsiOiJlaWRhcyIsImFzc3VyYW5jZV9sZXZlbCI6ImhpZ2gifSwiY2xhaW1zIjp7Il9zZCI6WyIwOXZLckpNT2x5VFdNMHNqcHVfcGRPQlZCUTJNMXkzS2hwSDUxNW5Ya3BZIiwiMnJzakdiYUMwa3k4bVQwcEpyUGlvV1RxMF9kYXcxc1g3NnBvVWxnQ3diSSIsIkVrTzhkaFcwZEhFSmJ2VUhsRV9WQ2V1Qzl1UkVMT2llTFpoaDdYYlVUdEEiLCJJbER6SUtlaVpkRHdwcXBLNlpmYnlwaEZ2ejVGZ25XYS1zTjZ3cVFYQ2l3IiwiUG9yRmJwS3VWdTZ4eW1KYWd2a0ZzRlhBYlJvYzJKR2xBVUEyQkE0bzdjSSIsIlRHZjRvTGJnd2Q1SlFhSHlLVlFaVTlVZEdFMHc1cnREc3JaemZVYW9tTG8iLCJqZHJURThZY2JZNEVpZnVnaWhpQWVfQlBla3hKUVpJQ2VpVVF3WTlRcXhJIiwianN1OXlWdWx3UVFsaEZsTV8zSmx6TWFTRnpnbGhRRzBEcGZheVF3TFVLNCJdfX0sIl9zZF9hbGciOiJzaGEtMjU2In0";
15
+ const signature = "8wwSHCd47wCgzRYXvvPTTRXGS-hk9V8jRzy7WSjRBTZxSHxJkGOSWwBVAA-kpJ-IvQS7699aLWxIMqAvr34sOA";
16
+ const signed = `${unsigned}.${signature}`;
17
+ const tokenizedDisclosures = ["WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLCAiSm9obiJd", "WyJlbHVWNU9nM2dTTklJOEVZbnN4QV9BIiwgImZhbWlseV9uYW1lIiwgIkRvZSJd", "WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImVtYWlsIiwgImpvaG5kb2VAZXhhbXBsZS5jb20iXQ", "WyJlSThaV205UW5LUHBOUGVOZW5IZGhRIiwgInBob25lX251bWJlciIsICIrMS0yMDItNTU1LTAxMDEiXQ", "WyJBSngtMDk1VlBycFR0TjRRTU9xUk9BIiwgImJpcnRoZGF0ZSIsICIxOTQwLTAxLTAxIl0", "WyJQYzMzSk0yTGNoY1VfbEhnZ3ZfdWZRIiwgImlzX292ZXJfMTgiLCB0cnVlXQ", "WyJHMDJOU3JRZmpGWFE3SW8wOXN5YWpBIiwgImlzX292ZXJfMjEiLCB0cnVlXQ", "WyJsa2x4RjVqTVlsR1RQVW92TU5JdkNBIiwgImlzX292ZXJfNjUiLCB0cnVlXQ", "WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9BIiwgImFkZHJlc3MiLCB7InN0cmVldF9hZGRyZXNzIjogIjEyMyBNYWluIFN0IiwgImxvY2FsaXR5IjogIkFueXRvd24iLCAicmVnaW9uIjogIkFueXN0YXRlIiwgImNvdW50cnkiOiAiVVMifV0"];
18
+ const sdJwt = {
19
+ header: {
20
+ typ: "vc+sd-jwt",
21
+ alg: "ES256",
22
+ kid: "b186ea0c1925793097bf01b8a289a45f",
23
+ trust_chain: ["NEhRdERpYnlHY3M5WldWTWZ2aUhm ...", "eyJhbGciOiJSUzI1NiIsImtpZCI6 ...", "IkJYdmZybG5oQU11SFIwN2FqVW1B ..."]
24
+ },
25
+ payload: {
26
+ iss: "https://example.com/issuer",
27
+ sub: "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs...",
28
+ jti: "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c",
29
+ iat: 1541493724,
30
+ exp: 1541493724,
31
+ status: "https://example.com/status",
32
+ cnf: {
33
+ jwk: {
34
+ kty: "RSA",
35
+ use: "sig",
36
+ n: "1Ta-sE",
37
+ e: "AQAB",
38
+ kid: "YhNFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs"
39
+ }
40
+ },
41
+ type: "PersonIdentificationData",
42
+ verified_claims: {
43
+ verification: {
44
+ _sd: ["JzYjH4svliH0R3PyEMfeZu6Jt69u5qehZo7F7EPYlSE"],
45
+ trust_framework: "eidas",
46
+ assurance_level: "high"
47
+ },
48
+ claims: {
49
+ _sd: ["09vKrJMOlyTWM0sjpu_pdOBVBQ2M1y3KhpH515nXkpY", "2rsjGbaC0ky8mT0pJrPioWTq0_daw1sX76poUlgCwbI", "EkO8dhW0dHEJbvUHlE_VCeuC9uRELOieLZhh7XbUTtA", "IlDzIKeiZdDwpqpK6ZfbyphFvz5FgnWa-sN6wqQXCiw", "PorFbpKuVu6xymJagvkFsFXAbRoc2JGlAUA2BA4o7cI", "TGf4oLbgwd5JQaHyKVQZU9UdGE0w5rtDsrZzfUaomLo", "jdrTE8YcbY4EifugihiAe_BPekxJQZICeiUQwY9QqxI", "jsu9yVulwQQlhFlM_3JlzMaSFzglhQG0DpfayQwLUK4"]
50
+ }
51
+ },
52
+ _sd_alg: "sha-256"
53
+ }
54
+ };
55
+
56
+ // In the very same order than tokenizedDisclosures
57
+ const disclosures = [["2GLC42sKQveCfGfryNRN9w", "given_name", "John"], ["eluV5Og3gSNII8EYnsxA_A", "family_name", "Doe"], ["6Ij7tM-a5iVPGboS5tmvVA", "email", "johndoe@example.com"], ["eI8ZWm9QnKPpNPeNenHdhQ", "phone_number", "+1-202-555-0101"], ["AJx-095VPrpTtN4QMOqROA", "birthdate", "1940-01-01"], ["Pc33JM2LchcU_lHggv_ufQ", "is_over_18", true], ["G02NSrQfjFXQ7Io09syajA", "is_over_21", true], ["lklxF5jMYlGTPUovMNIvCA", "is_over_65", true], ["Qg_O64zqAxe412a108iroA", "address", {
58
+ street_address: "123 Main St",
59
+ locality: "Anytown",
60
+ region: "Anystate",
61
+ country: "US"
62
+ }]];
63
+ it("Ensures example data correctness", () => {
64
+ expect(JSON.parse(decodeBase64(encodeBase64(JSON.stringify(sdJwt.header))))).toEqual(sdJwt.header);
65
+ expect([signed, ...tokenizedDisclosures].join("~")).toBe(token);
66
+ });
67
+ describe("decode", () => {
68
+ it("should decode a valid token", () => {
69
+ const result = decode(token, SdJwt4VC);
70
+ expect(result).toEqual({
71
+ sdJwt,
72
+ disclosures: disclosures.map((decoded, i) => ({
73
+ decoded,
74
+ encoded: tokenizedDisclosures[i]
75
+ }))
76
+ });
77
+ });
78
+ });
79
+ describe("disclose", () => {
80
+ it("should encode a valid sdjwt (one claim)", async () => {
81
+ const result = await disclose(token, ["given_name"]);
82
+ const expected = {
83
+ token: `${signed}~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLCAiSm9obiJd`,
84
+ paths: [{
85
+ claim: "given_name",
86
+ path: "verified_claims.claims._sd[7]"
87
+ }]
88
+ };
89
+ expect(result).toEqual(expected);
90
+ });
91
+ it("should encode a valid sdjwt (no claims)", async () => {
92
+ const result = await disclose(token, []);
93
+ const expected = {
94
+ token: `${signed}`,
95
+ paths: []
96
+ };
97
+ expect(result).toEqual(expected);
98
+ });
99
+ it("should encode a valid sdjwt (multiple claims)", async () => {
100
+ const result = await disclose(token, ["given_name", "email"]);
101
+ const expected = {
102
+ token: `${signed}~WyIyR0xDNDJzS1F2ZUNmR2ZyeU5STjl3IiwgImdpdmVuX25hbWUiLCAiSm9obiJd~WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImVtYWlsIiwgImpvaG5kb2VAZXhhbXBsZS5jb20iXQ`,
103
+ paths: [{
104
+ claim: "given_name",
105
+ path: "verified_claims.claims._sd[7]"
106
+ }, {
107
+ claim: "email",
108
+ path: "verified_claims.verification._sd[0]"
109
+ }]
110
+ };
111
+ expect(result).toEqual(expected);
112
+ });
113
+ it("should fail on unknown claim", async () => {
114
+ const fn = async () => disclose(token, ["unknown"]);
115
+ await expect(fn()).rejects.toEqual(expect.any(Error));
116
+ });
117
+ });
118
+ //# sourceMappingURL=index.test.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"names":["decode","disclose","encodeBase64","decodeBase64","SdJwt4VC","token","unsigned","signature","signed","tokenizedDisclosures","sdJwt","header","typ","alg","kid","trust_chain","payload","iss","sub","jti","iat","exp","status","cnf","jwk","kty","use","n","e","type","verified_claims","verification","_sd","trust_framework","assurance_level","claims","_sd_alg","disclosures","street_address","locality","region","country","it","expect","JSON","parse","stringify","toEqual","join","toBe","describe","result","map","decoded","i","encoded","expected","paths","claim","path","fn","rejects","any","Error"],"sourceRoot":"../../../../src","sources":["sd-jwt/__test__/index.test.ts"],"mappings":"AAAA,SAASA,MAAM,EAAEC,QAAQ,QAAQ,UAAU;AAE3C,SAASC,YAAY,EAAEC,YAAY,QAAQ,6BAA6B;AACxE,SAASC,QAAQ,QAAQ,UAAU;;AAEnC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,KAAK,GACT,kvEAAkvE;AAEpvE,MAAMC,QAAQ,GACZ,87CAA87C;AAEh8C,MAAMC,SAAS,GACb,wFAAwF;AAE1F,MAAMC,MAAM,GAAI,GAAEF,QAAS,IAAGC,SAAU,EAAC;AAEzC,MAAME,oBAAoB,GAAG,CAC3B,kEAAkE,EAClE,kEAAkE,EAClE,gFAAgF,EAChF,oFAAoF,EACpF,yEAAyE,EACzE,gEAAgE,EAChE,gEAAgE,EAChE,gEAAgE,EAChE,qLAAqL,CACtL;AAED,MAAMC,KAAK,GAAG;EACZC,MAAM,EAAE;IACNC,GAAG,EAAE,WAAW;IAChBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,kCAAkC;IACvCC,WAAW,EAAE,CACX,kCAAkC,EAClC,kCAAkC,EAClC,kCAAkC;EAEtC,CAAC;EACDC,OAAO,EAAE;IACPC,GAAG,EAAE,4BAA4B;IACjCC,GAAG,EAAE,sCAAsC;IAC3CC,GAAG,EAAE,+CAA+C;IACpDC,GAAG,EAAE,UAAU;IACfC,GAAG,EAAE,UAAU;IACfC,MAAM,EAAE,4BAA4B;IACpCC,GAAG,EAAE;MACHC,GAAG,EAAE;QACHC,GAAG,EAAE,KAAK;QACVC,GAAG,EAAE,KAAK;QACVC,CAAC,EAAE,QAAQ;QACXC,CAAC,EAAE,MAAM;QACTd,GAAG,EAAE;MACP;IACF,CAAC;IACDe,IAAI,EAAE,0BAA0B;IAChCC,eAAe,EAAE;MACfC,YAAY,EAAE;QACZC,GAAG,EAAE,CAAC,6CAA6C,CAAC;QACpDC,eAAe,EAAE,OAAO;QACxBC,eAAe,EAAE;MACnB,CAAC;MACDC,MAAM,EAAE;QACNH,GAAG,EAAE,CACH,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C;MAEjD;IACF,CAAC;IACDI,OAAO,EAAE;EACX;AACF,CAAC;;AAED;AACA,MAAMC,WAAW,GAAG,CAClB,CAAC,wBAAwB,EAAE,YAAY,EAAE,MAAM,CAAC,EAChD,CAAC,wBAAwB,EAAE,aAAa,EAAE,KAAK,CAAC,EAChD,CAAC,wBAAwB,EAAE,OAAO,EAAE,qBAAqB,CAAC,EAC1D,CAAC,wBAAwB,EAAE,cAAc,EAAE,iBAAiB,CAAC,EAC7D,CAAC,wBAAwB,EAAE,WAAW,EAAE,YAAY,CAAC,EACrD,CAAC,wBAAwB,EAAE,YAAY,EAAE,IAAI,CAAC,EAC9C,CAAC,wBAAwB,EAAE,YAAY,EAAE,IAAI,CAAC,EAC9C,CAAC,wBAAwB,EAAE,YAAY,EAAE,IAAI,CAAC,EAC9C,CACE,wBAAwB,EACxB,SAAS,EACT;EACEC,cAAc,EAAE,aAAa;EAC7BC,QAAQ,EAAE,SAAS;EACnBC,MAAM,EAAE,UAAU;EAClBC,OAAO,EAAE;AACX,CAAC,CACF,CACF;AACDC,EAAE,CAAC,kCAAkC,EAAE,MAAM;EAC3CC,MAAM,CACJC,IAAI,CAACC,KAAK,CAAC1C,YAAY,CAACD,YAAY,CAAC0C,IAAI,CAACE,SAAS,CAACpC,KAAK,CAACC,MAAM,CAAC,CAAC,CAAC,CACrE,CAAC,CAACoC,OAAO,CAACrC,KAAK,CAACC,MAAM,CAAC;EACvBgC,MAAM,CAAC,CAACnC,MAAM,EAAE,GAAGC,oBAAoB,CAAC,CAACuC,IAAI,CAAC,GAAG,CAAC,CAAC,CAACC,IAAI,CAAC5C,KAAK,CAAC;AACjE,CAAC,CAAC;AAEF6C,QAAQ,CAAC,QAAQ,EAAE,MAAM;EACvBR,EAAE,CAAC,6BAA6B,EAAE,MAAM;IACtC,MAAMS,MAAM,GAAGnD,MAAM,CAACK,KAAK,EAAED,QAAQ,CAAC;IACtCuC,MAAM,CAACQ,MAAM,CAAC,CAACJ,OAAO,CAAC;MACrBrC,KAAK;MACL2B,WAAW,EAAEA,WAAW,CAACe,GAAG,CAAC,CAACC,OAAO,EAAEC,CAAC,MAAM;QAC5CD,OAAO;QACPE,OAAO,EAAE9C,oBAAoB,CAAC6C,CAAC;MACjC,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC,CAAC;AACJ,CAAC,CAAC;AAEFJ,QAAQ,CAAC,UAAU,EAAE,MAAM;EACzBR,EAAE,CAAC,yCAAyC,EAAE,YAAY;IACxD,MAAMS,MAAM,GAAG,MAAMlD,QAAQ,CAACI,KAAK,EAAE,CAAC,YAAY,CAAC,CAAC;IACpD,MAAMmD,QAAQ,GAAG;MACfnD,KAAK,EAAG,GAAEG,MAAO,mEAAkE;MACnFiD,KAAK,EAAE,CAAC;QAAEC,KAAK,EAAE,YAAY;QAAEC,IAAI,EAAE;MAAgC,CAAC;IACxE,CAAC;IAEDhB,MAAM,CAACQ,MAAM,CAAC,CAACJ,OAAO,CAACS,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEFd,EAAE,CAAC,yCAAyC,EAAE,YAAY;IACxD,MAAMS,MAAM,GAAG,MAAMlD,QAAQ,CAACI,KAAK,EAAE,EAAE,CAAC;IACxC,MAAMmD,QAAQ,GAAG;MAAEnD,KAAK,EAAG,GAAEG,MAAO,EAAC;MAAEiD,KAAK,EAAE;IAAG,CAAC;IAElDd,MAAM,CAACQ,MAAM,CAAC,CAACJ,OAAO,CAACS,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEFd,EAAE,CAAC,+CAA+C,EAAE,YAAY;IAC9D,MAAMS,MAAM,GAAG,MAAMlD,QAAQ,CAACI,KAAK,EAAE,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAC7D,MAAMmD,QAAQ,GAAG;MACfnD,KAAK,EAAG,GAAEG,MAAO,kJAAiJ;MAClKiD,KAAK,EAAE,CACL;QACEC,KAAK,EAAE,YAAY;QACnBC,IAAI,EAAE;MACR,CAAC,EACD;QACED,KAAK,EAAE,OAAO;QACdC,IAAI,EAAE;MACR,CAAC;IAEL,CAAC;IAEDhB,MAAM,CAACQ,MAAM,CAAC,CAACJ,OAAO,CAACS,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEFd,EAAE,CAAC,8BAA8B,EAAE,YAAY;IAC7C,MAAMkB,EAAE,GAAG,MAAAA,CAAA,KAAY3D,QAAQ,CAACI,KAAK,EAAE,CAAC,SAAS,CAAC,CAAC;IAEnD,MAAMsC,MAAM,CAACiB,EAAE,CAAC,CAAC,CAAC,CAACC,OAAO,CAACd,OAAO,CAACJ,MAAM,CAACmB,GAAG,CAACC,KAAK,CAAC,CAAC;EACvD,CAAC,CAAC;AACJ,CAAC,CAAC"}
@@ -1,8 +1,18 @@
1
1
  import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
2
2
  import { verify as verifyJwt } from "@pagopa/io-react-native-jwt";
3
+ import { sha256ToBase64 } from "@pagopa/io-react-native-jwt";
3
4
  import { decodeBase64 } from "@pagopa/io-react-native-jwt";
4
- import { Disclosure } from "./types";
5
+ import { Disclosure, SdJwt4VC } from "./types";
5
6
  import { verifyDisclosure } from "./verifier";
7
+ import { ClaimsNotFoundBetweenDislosures, ClaimsNotFoundInToken } from "../utils/errors";
8
+ const decodeDisclosure = encoded => {
9
+ const decoded = Disclosure.parse(JSON.parse(decodeBase64(encoded)));
10
+ return {
11
+ decoded,
12
+ encoded
13
+ };
14
+ };
15
+
6
16
  /**
7
17
  * Decode a given SD-JWT with Disclosures to get the parsed SD-JWT object they define.
8
18
  * It ensures provided data is in a valid shape.
@@ -35,13 +45,80 @@ export const decode = (token, schema) => {
35
45
  // get disclosures as list of triples
36
46
  // validate each triple
37
47
  // throw a validation error if at least one fails to parse
38
- const disclosures = rawDisclosures.map(decodeBase64).map(e => JSON.parse(e)).map(e => Disclosure.parse(e));
48
+ const disclosures = rawDisclosures.map(decodeDisclosure);
39
49
  return {
40
50
  sdJwt,
41
51
  disclosures
42
52
  };
43
53
  };
44
54
 
55
+ /**
56
+ * Select disclosures from a given SD-JWT with Disclosures.
57
+ * Claims relate with disclosures by their name.
58
+ *
59
+ * @function
60
+ * @param token The encoded token that represents a valid sd-jwt for verifiable credentials
61
+ * @param claims The list of claims to be disclosed
62
+ *
63
+ * @throws {ClaimsNotFoundBetweenDislosures} When one or more claims does not relate to any discloure.
64
+ * @throws {ClaimsNotFoundInToken} When one or more claims are not contained in the SD-JWT token.
65
+ * @returns The encoded token with only the requested disclosures, along with the path each claim can be found on the SD-JWT token
66
+ *
67
+ */
68
+ export const disclose = async (token, claims) => {
69
+ const [rawSdJwt, ...rawDisclosures] = token.split("~");
70
+ const {
71
+ sdJwt,
72
+ disclosures
73
+ } = decode(token, SdJwt4VC);
74
+
75
+ // for each claim, return the path on which they are located in the SD-JWT token
76
+ const paths = await Promise.all(claims.map(async claim => {
77
+ const disclosure = disclosures.find(_ref => {
78
+ let {
79
+ decoded: [, name]
80
+ } = _ref;
81
+ return name === claim;
82
+ });
83
+
84
+ // check every claim represents a known disclosure
85
+ if (!disclosure) {
86
+ throw new ClaimsNotFoundBetweenDislosures(claim);
87
+ }
88
+ const hash = await sha256ToBase64(disclosure.encoded);
89
+
90
+ // _sd is defined in verified_claims.claims and verified_claims.verification
91
+ // we must look into both
92
+ if (sdJwt.payload.verified_claims.claims._sd.includes(hash)) {
93
+ const index = sdJwt.payload.verified_claims.claims._sd.indexOf(hash);
94
+ return {
95
+ claim,
96
+ path: `verified_claims.claims._sd[${index}]`
97
+ };
98
+ } else if (sdJwt.payload.verified_claims.verification._sd.includes(hash)) {
99
+ const index = sdJwt.payload.verified_claims.verification._sd.indexOf(hash);
100
+ return {
101
+ claim,
102
+ path: `verified_claims.verification._sd[${index}]`
103
+ };
104
+ }
105
+ throw new ClaimsNotFoundInToken(claim);
106
+ }));
107
+ const filteredDisclosures = rawDisclosures.filter(d => {
108
+ const {
109
+ decoded: [, name]
110
+ } = decodeDisclosure(d);
111
+ return claims.includes(name);
112
+ });
113
+
114
+ // compose the final disclosed token
115
+ const disclosedToken = [rawSdJwt, ...filteredDisclosures].join("~");
116
+ return {
117
+ token: disclosedToken,
118
+ paths
119
+ };
120
+ };
121
+
45
122
  /**
46
123
  * Verify a given SD-JWT with Disclosures
47
124
  * Same as {@link decode} plus:
@@ -69,6 +146,9 @@ export const verify = async (token, publicKey, schema) => {
69
146
  //Check disclosures in sd-jwt
70
147
  const claims = [...decoded.sdJwt.payload.verified_claims.verification._sd, ...decoded.sdJwt.payload.verified_claims.claims._sd];
71
148
  await Promise.all(decoded.disclosures.map(async disclosure => await verifyDisclosure(disclosure, claims)));
72
- return decoded;
149
+ return {
150
+ sdJwt: decoded.sdJwt,
151
+ disclosures: decoded.disclosures.map(d => d.decoded)
152
+ };
73
153
  };
74
154
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"names":["decode","decodeJwt","verify","verifyJwt","decodeBase64","Disclosure","verifyDisclosure","token","schema","slice","rawSdJwt","rawDisclosures","split","decodedJwt","sdJwt","parse","header","protectedHeader","payload","disclosures","map","e","JSON","publicKey","decoded","claims","verified_claims","verification","_sd","Promise","all","disclosure"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":"AAEA,SAASA,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AAEjE,SAASC,YAAY,QAAQ,6BAA6B;AAC1D,SAASC,UAAU,QAAQ,SAAS;AACpC,SAASC,gBAAgB,QAAQ,YAAY;AAG7C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMN,MAAM,GAAGA,CACpBO,KAAa,EACbC,MAAS,KAC4C;EACrD;EACA,IAAID,KAAK,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE;IAC3BF,KAAK,GAAGA,KAAK,CAACE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;EAC5B;EACA,MAAM,CAACC,QAAQ,GAAG,EAAE,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;;EAE3D;EACA;EACA,MAAMC,UAAU,GAAGZ,SAAS,CAACS,QAAQ,CAAC;EACtC,MAAMI,KAAK,GAAGN,MAAM,CAACO,KAAK,CAAC;IACzBC,MAAM,EAAEH,UAAU,CAACI,eAAe;IAClCC,OAAO,EAAEL,UAAU,CAACK;EACtB,CAAC,CAAC;;EAEF;EACA;EACA;EACA,MAAMC,WAAW,GAAGR,cAAc,CAC/BS,GAAG,CAAChB,YAAY,CAAC,CACjBgB,GAAG,CAAEC,CAAC,IAAKC,IAAI,CAACP,KAAK,CAACM,CAAC,CAAC,CAAC,CACzBD,GAAG,CAAEC,CAAC,IAAKhB,UAAU,CAACU,KAAK,CAACM,CAAC,CAAC,CAAC;EAElC,OAAO;IAAEP,KAAK;IAAEK;EAAY,CAAC;AAC/B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMjB,MAAM,GAAG,MAAAA,CACpBK,KAAa,EACbgB,SAAc,EACdf,MAAS,KACqD;EAC9D;EACA,MAAM,CAACE,QAAQ,GAAG,EAAE,CAAC,GAAGH,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACxC,MAAMY,OAAO,GAAGxB,MAAM,CAACO,KAAK,EAAEC,MAAM,CAAC;;EAErC;EACA,MAAML,SAAS,CAACO,QAAQ,EAAEa,SAAS,CAAC;;EAEpC;EACA,MAAME,MAAM,GAAG,CACb,GAAGD,OAAO,CAACV,KAAK,CAACI,OAAO,CAACQ,eAAe,CAACC,YAAY,CAACC,GAAG,EACzD,GAAGJ,OAAO,CAACV,KAAK,CAACI,OAAO,CAACQ,eAAe,CAACD,MAAM,CAACG,GAAG,CACpD;EAED,MAAMC,OAAO,CAACC,GAAG,CACfN,OAAO,CAACL,WAAW,CAACC,GAAG,CACrB,MAAOW,UAAU,IAAK,MAAMzB,gBAAgB,CAACyB,UAAU,EAAEN,MAAM,CACjE,CACF,CAAC;EAED,OAAOD,OAAO;AAChB,CAAC"}
1
+ {"version":3,"names":["decode","decodeJwt","verify","verifyJwt","sha256ToBase64","decodeBase64","Disclosure","SdJwt4VC","verifyDisclosure","ClaimsNotFoundBetweenDislosures","ClaimsNotFoundInToken","decodeDisclosure","encoded","decoded","parse","JSON","token","schema","slice","rawSdJwt","rawDisclosures","split","decodedJwt","sdJwt","header","protectedHeader","payload","disclosures","map","disclose","claims","paths","Promise","all","claim","disclosure","find","_ref","name","hash","verified_claims","_sd","includes","index","indexOf","path","verification","filteredDisclosures","filter","d","disclosedToken","join","publicKey"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":"AAEA,SAASA,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,cAAc,QAAQ,6BAA6B;AAE5D,SAASC,YAAY,QAAQ,6BAA6B;AAC1D,SAASC,UAAU,EAAEC,QAAQ,QAAoC,SAAS;AAC1E,SAASC,gBAAgB,QAAQ,YAAY;AAE7C,SACEC,+BAA+B,EAC/BC,qBAAqB,QAChB,iBAAiB;AAExB,MAAMC,gBAAgB,GAAIC,OAAe,IAA4B;EACnE,MAAMC,OAAO,GAAGP,UAAU,CAACQ,KAAK,CAACC,IAAI,CAACD,KAAK,CAACT,YAAY,CAACO,OAAO,CAAC,CAAC,CAAC;EACnE,OAAO;IAAEC,OAAO;IAAED;EAAQ,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMZ,MAAM,GAAGA,CACpBgB,KAAa,EACbC,MAAS,KAIN;EACH;EACA,IAAID,KAAK,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE;IAC3BF,KAAK,GAAGA,KAAK,CAACE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;EAC5B;EACA,MAAM,CAACC,QAAQ,GAAG,EAAE,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;;EAE3D;EACA;EACA,MAAMC,UAAU,GAAGrB,SAAS,CAACkB,QAAQ,CAAC;EACtC,MAAMI,KAAK,GAAGN,MAAM,CAACH,KAAK,CAAC;IACzBU,MAAM,EAAEF,UAAU,CAACG,eAAe;IAClCC,OAAO,EAAEJ,UAAU,CAACI;EACtB,CAAC,CAAC;;EAEF;EACA;EACA;EACA,MAAMC,WAAW,GAAGP,cAAc,CAACQ,GAAG,CAACjB,gBAAgB,CAAC;EAExD,OAAO;IAAEY,KAAK;IAAEI;EAAY,CAAC;AAC/B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,QAAQ,GAAG,MAAAA,CACtBb,KAAa,EACbc,MAAgB,KACyD;EACzE,MAAM,CAACX,QAAQ,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACtD,MAAM;IAAEE,KAAK;IAAEI;EAAY,CAAC,GAAG3B,MAAM,CAACgB,KAAK,EAAET,QAAQ,CAAC;;EAEtD;EACA,MAAMwB,KAAK,GAAG,MAAMC,OAAO,CAACC,GAAG,CAC7BH,MAAM,CAACF,GAAG,CAAC,MAAOM,KAAK,IAAK;IAC1B,MAAMC,UAAU,GAAGR,WAAW,CAACS,IAAI,CACjCC,IAAA;MAAA,IAAC;QAAExB,OAAO,EAAE,GAAGyB,IAAI;MAAE,CAAC,GAAAD,IAAA;MAAA,OAAKC,IAAI,KAAKJ,KAAK;IAAA,CAC3C,CAAC;;IAED;IACA,IAAI,CAACC,UAAU,EAAE;MACf,MAAM,IAAI1B,+BAA+B,CAACyB,KAAK,CAAC;IAClD;IAEA,MAAMK,IAAI,GAAG,MAAMnC,cAAc,CAAC+B,UAAU,CAACvB,OAAO,CAAC;;IAErD;IACA;IACA,IAAIW,KAAK,CAACG,OAAO,CAACc,eAAe,CAACV,MAAM,CAACW,GAAG,CAACC,QAAQ,CAACH,IAAI,CAAC,EAAE;MAC3D,MAAMI,KAAK,GAAGpB,KAAK,CAACG,OAAO,CAACc,eAAe,CAACV,MAAM,CAACW,GAAG,CAACG,OAAO,CAACL,IAAI,CAAC;MACpE,OAAO;QAAEL,KAAK;QAAEW,IAAI,EAAG,8BAA6BF,KAAM;MAAG,CAAC;IAChE,CAAC,MAAM,IACLpB,KAAK,CAACG,OAAO,CAACc,eAAe,CAACM,YAAY,CAACL,GAAG,CAACC,QAAQ,CAACH,IAAI,CAAC,EAC7D;MACA,MAAMI,KAAK,GACTpB,KAAK,CAACG,OAAO,CAACc,eAAe,CAACM,YAAY,CAACL,GAAG,CAACG,OAAO,CAACL,IAAI,CAAC;MAC9D,OAAO;QAAEL,KAAK;QAAEW,IAAI,EAAG,oCAAmCF,KAAM;MAAG,CAAC;IACtE;IAEA,MAAM,IAAIjC,qBAAqB,CAACwB,KAAK,CAAC;EACxC,CAAC,CACH,CAAC;EAED,MAAMa,mBAAmB,GAAG3B,cAAc,CAAC4B,MAAM,CAAEC,CAAC,IAAK;IACvD,MAAM;MACJpC,OAAO,EAAE,GAAGyB,IAAI;IAClB,CAAC,GAAG3B,gBAAgB,CAACsC,CAAC,CAAC;IACvB,OAAOnB,MAAM,CAACY,QAAQ,CAACJ,IAAI,CAAC;EAC9B,CAAC,CAAC;;EAEF;EACA,MAAMY,cAAc,GAAG,CAAC/B,QAAQ,EAAE,GAAG4B,mBAAmB,CAAC,CAACI,IAAI,CAAC,GAAG,CAAC;EAEnE,OAAO;IAAEnC,KAAK,EAAEkC,cAAc;IAAEnB;EAAM,CAAC;AACzC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM7B,MAAM,GAAG,MAAAA,CACpBc,KAAa,EACboC,SAAc,EACdnC,MAAS,KACqD;EAC9D;EACA,MAAM,CAACE,QAAQ,GAAG,EAAE,CAAC,GAAGH,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACxC,MAAMR,OAAO,GAAGb,MAAM,CAACgB,KAAK,EAAEC,MAAM,CAAC;;EAErC;EACA,MAAMd,SAAS,CAACgB,QAAQ,EAAEiC,SAAS,CAAC;;EAEpC;EACA,MAAMtB,MAAM,GAAG,CACb,GAAGjB,OAAO,CAACU,KAAK,CAACG,OAAO,CAACc,eAAe,CAACM,YAAY,CAACL,GAAG,EACzD,GAAG5B,OAAO,CAACU,KAAK,CAACG,OAAO,CAACc,eAAe,CAACV,MAAM,CAACW,GAAG,CACpD;EAED,MAAMT,OAAO,CAACC,GAAG,CACfpB,OAAO,CAACc,WAAW,CAACC,GAAG,CACrB,MAAOO,UAAU,IAAK,MAAM3B,gBAAgB,CAAC2B,UAAU,EAAEL,MAAM,CACjE,CACF,CAAC;EAED,OAAO;IACLP,KAAK,EAAEV,OAAO,CAACU,KAAK;IACpBI,WAAW,EAAEd,OAAO,CAACc,WAAW,CAACC,GAAG,CAAEqB,CAAC,IAAKA,CAAC,CAACpC,OAAO;EACvD,CAAC;AACH,CAAC"}
@@ -13,6 +13,16 @@ export const ObfuscatedDisclosures = z.object({
13
13
  */
14
14
 
15
15
  export const Disclosure = z.tuple([/* salt */z.string(), /* claim name */z.string(), /* claim value */z.unknown()]);
16
+
17
+ /**
18
+ * Encoding depends on the serialization algorithm used when generating the disclosure tokens.
19
+ * The SD-JWT reference itself take no decision about how to handle whitespaces in serialized objects.
20
+ * For such reason, we may find conveninent to have encoded and decode values stored explicitly in the same structure.
21
+ * Please note that `encoded` can always decode into `decode`, but `decode` may or may not be encoded with the same value of `encoded`
22
+ *
23
+ * @see https://www.ietf.org/id/draft-ietf-oauth-selective-disclosure-jwt-05.html#name-disclosures-for-object-prop
24
+ */
25
+
16
26
  export const SdJwt4VC = z.object({
17
27
  header: z.object({
18
28
  typ: z.literal("vc+sd-jwt"),
@@ -1 +1 @@
1
- {"version":3,"names":["JWK","z","UnixTime","number","min","max","ObfuscatedDisclosures","object","_sd","array","string","Disclosure","tuple","unknown","SdJwt4VC","header","typ","literal","alg","kid","optional","trust_chain","payload","iss","sub","jti","iat","exp","status","cnf","jwk","type","verified_claims","verification","intersection","trust_framework","assurance_level","claims","_sd_alg"],"sourceRoot":"../../../src","sources":["sd-jwt/types.ts"],"mappings":"AAAA,SAASA,GAAG,QAAQ,cAAc;AAClC,SAASC,CAAC,QAAQ,KAAK;AAEvB,OAAO,MAAMC,QAAQ,GAAGD,CAAC,CAACE,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAACC,GAAG,CAAC,aAAa,CAAC;AAI5D,OAAO,MAAMC,qBAAqB,GAAGL,CAAC,CAACM,MAAM,CAAC;EAAEC,GAAG,EAAEP,CAAC,CAACQ,KAAK,CAACR,CAAC,CAACS,MAAM,CAAC,CAAC;AAAE,CAAC,CAAC;;AAE3E;AACA;AACA;AACA;AACA;AACA;;AAEA,OAAO,MAAMC,UAAU,GAAGV,CAAC,CAACW,KAAK,CAAC,CAChC,UAAWX,CAAC,CAACS,MAAM,CAAC,CAAC,EACrB,gBAAiBT,CAAC,CAACS,MAAM,CAAC,CAAC,EAC3B,iBAAkBT,CAAC,CAACY,OAAO,CAAC,CAAC,CAC9B,CAAC;AAGF,OAAO,MAAMC,QAAQ,GAAGb,CAAC,CAACM,MAAM,CAAC;EAC/BQ,MAAM,EAAEd,CAAC,CAACM,MAAM,CAAC;IACfS,GAAG,EAAEf,CAAC,CAACgB,OAAO,CAAC,WAAW,CAAC;IAC3BC,GAAG,EAAEjB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfS,GAAG,EAAElB,CAAC,CAACS,MAAM,CAAC,CAAC,CAACU,QAAQ,CAAC,CAAC;IAC1BC,WAAW,EAAEpB,CAAC,CAACQ,KAAK,CAACR,CAAC,CAACS,MAAM,CAAC,CAAC;EACjC,CAAC,CAAC;EACFY,OAAO,EAAErB,CAAC,CAACM,MAAM,CAAC;IAChBgB,GAAG,EAAEtB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfc,GAAG,EAAEvB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfe,GAAG,EAAExB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfgB,GAAG,EAAExB,QAAQ;IACbyB,GAAG,EAAEzB,QAAQ;IACb0B,MAAM,EAAE3B,CAAC,CAACS,MAAM,CAAC,CAAC;IAClBmB,GAAG,EAAE5B,CAAC,CAACM,MAAM,CAAC;MACZuB,GAAG,EAAE9B;IACP,CAAC,CAAC;IACF+B,IAAI,EAAE9B,CAAC,CAACgB,OAAO,CAAC,0BAA0B,CAAC;IAC3Ce,eAAe,EAAE/B,CAAC,CAACM,MAAM,CAAC;MACxB0B,YAAY,EAAEhC,CAAC,CAACiC,YAAY,CAC1BjC,CAAC,CAACM,MAAM,CAAC;QACP4B,eAAe,EAAElC,CAAC,CAACgB,OAAO,CAAC,OAAO,CAAC;QACnCmB,eAAe,EAAEnC,CAAC,CAACS,MAAM,CAAC;MAC5B,CAAC,CAAC,EACFJ,qBACF,CAAC;MACD+B,MAAM,EAAE/B;IACV,CAAC,CAAC;IACFgC,OAAO,EAAErC,CAAC,CAACgB,OAAO,CAAC,SAAS;EAC9B,CAAC;AACH,CAAC,CAAC"}
1
+ {"version":3,"names":["JWK","z","UnixTime","number","min","max","ObfuscatedDisclosures","object","_sd","array","string","Disclosure","tuple","unknown","SdJwt4VC","header","typ","literal","alg","kid","optional","trust_chain","payload","iss","sub","jti","iat","exp","status","cnf","jwk","type","verified_claims","verification","intersection","trust_framework","assurance_level","claims","_sd_alg"],"sourceRoot":"../../../src","sources":["sd-jwt/types.ts"],"mappings":"AAAA,SAASA,GAAG,QAAQ,cAAc;AAClC,SAASC,CAAC,QAAQ,KAAK;AAEvB,OAAO,MAAMC,QAAQ,GAAGD,CAAC,CAACE,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAACC,GAAG,CAAC,aAAa,CAAC;AAI5D,OAAO,MAAMC,qBAAqB,GAAGL,CAAC,CAACM,MAAM,CAAC;EAAEC,GAAG,EAAEP,CAAC,CAACQ,KAAK,CAACR,CAAC,CAACS,MAAM,CAAC,CAAC;AAAE,CAAC,CAAC;;AAE3E;AACA;AACA;AACA;AACA;AACA;;AAEA,OAAO,MAAMC,UAAU,GAAGV,CAAC,CAACW,KAAK,CAAC,CAChC,UAAWX,CAAC,CAACS,MAAM,CAAC,CAAC,EACrB,gBAAiBT,CAAC,CAACS,MAAM,CAAC,CAAC,EAC3B,iBAAkBT,CAAC,CAACY,OAAO,CAAC,CAAC,CAC9B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAOA,OAAO,MAAMC,QAAQ,GAAGb,CAAC,CAACM,MAAM,CAAC;EAC/BQ,MAAM,EAAEd,CAAC,CAACM,MAAM,CAAC;IACfS,GAAG,EAAEf,CAAC,CAACgB,OAAO,CAAC,WAAW,CAAC;IAC3BC,GAAG,EAAEjB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfS,GAAG,EAAElB,CAAC,CAACS,MAAM,CAAC,CAAC,CAACU,QAAQ,CAAC,CAAC;IAC1BC,WAAW,EAAEpB,CAAC,CAACQ,KAAK,CAACR,CAAC,CAACS,MAAM,CAAC,CAAC;EACjC,CAAC,CAAC;EACFY,OAAO,EAAErB,CAAC,CAACM,MAAM,CAAC;IAChBgB,GAAG,EAAEtB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfc,GAAG,EAAEvB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfe,GAAG,EAAExB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfgB,GAAG,EAAExB,QAAQ;IACbyB,GAAG,EAAEzB,QAAQ;IACb0B,MAAM,EAAE3B,CAAC,CAACS,MAAM,CAAC,CAAC;IAClBmB,GAAG,EAAE5B,CAAC,CAACM,MAAM,CAAC;MACZuB,GAAG,EAAE9B;IACP,CAAC,CAAC;IACF+B,IAAI,EAAE9B,CAAC,CAACgB,OAAO,CAAC,0BAA0B,CAAC;IAC3Ce,eAAe,EAAE/B,CAAC,CAACM,MAAM,CAAC;MACxB0B,YAAY,EAAEhC,CAAC,CAACiC,YAAY,CAC1BjC,CAAC,CAACM,MAAM,CAAC;QACP4B,eAAe,EAAElC,CAAC,CAACgB,OAAO,CAAC,OAAO,CAAC;QACnCmB,eAAe,EAAEnC,CAAC,CAACS,MAAM,CAAC;MAC5B,CAAC,CAAC,EACFJ,qBACF,CAAC;MACD+B,MAAM,EAAE/B;IACV,CAAC,CAAC;IACFgC,OAAO,EAAErC,CAAC,CAACgB,OAAO,CAAC,SAAS;EAC9B,CAAC;AACH,CAAC,CAAC"}
@@ -1,11 +1,13 @@
1
- import { encodeBase64, sha256ToBase64 } from "@pagopa/io-react-native-jwt";
1
+ import { sha256ToBase64 } from "@pagopa/io-react-native-jwt";
2
2
  import { ValidationFailed } from "../utils/errors";
3
- export const verifyDisclosure = async (disclosure, claims) => {
4
- let disclosureString = JSON.stringify(disclosure);
5
- let encodedDisclosure = encodeBase64(disclosureString);
6
- let hash = await sha256ToBase64(encodedDisclosure);
3
+ export const verifyDisclosure = async (_ref, claims) => {
4
+ let {
5
+ encoded,
6
+ decoded
7
+ } = _ref;
8
+ let hash = await sha256ToBase64(encoded);
7
9
  if (!claims.includes(hash)) {
8
- throw new ValidationFailed("Validation of disclosure failed", `${disclosure}`, "Disclosure hash not found in claims");
10
+ throw new ValidationFailed("Validation of disclosure failed", `${decoded}`, "Disclosure hash not found in claims");
9
11
  }
10
12
  };
11
13
  //# sourceMappingURL=verifier.js.map
@@ -1 +1 @@
1
- {"version":3,"names":["encodeBase64","sha256ToBase64","ValidationFailed","verifyDisclosure","disclosure","claims","disclosureString","JSON","stringify","encodedDisclosure","hash","includes"],"sourceRoot":"../../../src","sources":["sd-jwt/verifier.ts"],"mappings":"AAAA,SAASA,YAAY,EAAEC,cAAc,QAAQ,6BAA6B;AAE1E,SAASC,gBAAgB,QAAQ,iBAAiB;AAGlD,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,UAAsB,EACtBC,MAAoC,KACjC;EACH,IAAIC,gBAAgB,GAAGC,IAAI,CAACC,SAAS,CAACJ,UAAU,CAAC;EACjD,IAAIK,iBAAiB,GAAGT,YAAY,CAACM,gBAAgB,CAAC;EACtD,IAAII,IAAI,GAAG,MAAMT,cAAc,CAACQ,iBAAiB,CAAC;EAClD,IAAI,CAACJ,MAAM,CAACM,QAAQ,CAACD,IAAI,CAAC,EAAE;IAC1B,MAAM,IAAIR,gBAAgB,CACxB,iCAAiC,EAChC,GAAEE,UAAW,EAAC,EACf,qCACF,CAAC;EACH;AACF,CAAC"}
1
+ {"version":3,"names":["sha256ToBase64","ValidationFailed","verifyDisclosure","_ref","claims","encoded","decoded","hash","includes"],"sourceRoot":"../../../src","sources":["sd-jwt/verifier.ts"],"mappings":"AAAA,SAASA,cAAc,QAAQ,6BAA6B;AAE5D,SAASC,gBAAgB,QAAQ,iBAAiB;AAGlD,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAAAC,IAAA,EAE9BC,MAAoC,KACjC;EAAA,IAFH;IAAEC,OAAO;IAAEC;EAA+B,CAAC,GAAAH,IAAA;EAG3C,IAAII,IAAI,GAAG,MAAMP,cAAc,CAACK,OAAO,CAAC;EACxC,IAAI,CAACD,MAAM,CAACI,QAAQ,CAACD,IAAI,CAAC,EAAE;IAC1B,MAAM,IAAIN,gBAAgB,CACxB,iCAAiC,EAChC,GAAEK,OAAQ,EAAC,EACZ,qCACF,CAAC;EACH;AACF,CAAC"}