@pagopa/io-react-native-wallet 0.2.8 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (40) hide show
  1. package/lib/commonjs/rp/__test__/index.test.js +145 -0
  2. package/lib/commonjs/rp/__test__/index.test.js.map +1 -1
  3. package/lib/commonjs/rp/index.js +33 -41
  4. package/lib/commonjs/rp/index.js.map +1 -1
  5. package/lib/commonjs/rp/types.js +11 -9
  6. package/lib/commonjs/rp/types.js.map +1 -1
  7. package/lib/commonjs/utils/jwk.js +35 -0
  8. package/lib/commonjs/utils/jwk.js.map +1 -1
  9. package/lib/commonjs/wallet-instance-attestation/issuing.js +1 -1
  10. package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
  11. package/lib/commonjs/wallet-instance-attestation/types.js +6 -2
  12. package/lib/commonjs/wallet-instance-attestation/types.js.map +1 -1
  13. package/lib/module/rp/__test__/index.test.js +145 -0
  14. package/lib/module/rp/__test__/index.test.js.map +1 -1
  15. package/lib/module/rp/index.js +33 -41
  16. package/lib/module/rp/index.js.map +1 -1
  17. package/lib/module/rp/types.js +11 -9
  18. package/lib/module/rp/types.js.map +1 -1
  19. package/lib/module/utils/jwk.js +34 -0
  20. package/lib/module/utils/jwk.js.map +1 -1
  21. package/lib/module/wallet-instance-attestation/issuing.js +2 -2
  22. package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
  23. package/lib/module/wallet-instance-attestation/types.js +6 -2
  24. package/lib/module/wallet-instance-attestation/types.js.map +1 -1
  25. package/lib/typescript/rp/index.d.ts +8 -8
  26. package/lib/typescript/rp/index.d.ts.map +1 -1
  27. package/lib/typescript/rp/types.d.ts +260 -389
  28. package/lib/typescript/rp/types.d.ts.map +1 -1
  29. package/lib/typescript/utils/jwk.d.ts +9 -0
  30. package/lib/typescript/utils/jwk.d.ts.map +1 -1
  31. package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +1 -1
  32. package/lib/typescript/wallet-instance-attestation/types.d.ts +40 -4
  33. package/lib/typescript/wallet-instance-attestation/types.d.ts.map +1 -1
  34. package/package.json +2 -2
  35. package/src/rp/__test__/index.test.ts +222 -0
  36. package/src/rp/index.ts +44 -54
  37. package/src/rp/types.ts +8 -7
  38. package/src/utils/jwk.ts +21 -0
  39. package/src/wallet-instance-attestation/issuing.ts +3 -2
  40. package/src/wallet-instance-attestation/types.ts +6 -2
package/lib/typescript/rp/types.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/rp/types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAoBxB,CAAC;AAGH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAC1E,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkChC,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;EAKxB,CAAC;AAEH;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACO,MAAM;IACzB,MAAM,EAAE;CACtB,CAAC"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/rp/types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAqBxB,CAAC;AAGH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAC1E,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkChC,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;EAKxB,CAAC;AAEH;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACO,MAAM;IACzB,MAAM,EAAE;CACtB,CAAC"}
package/lib/typescript/utils/jwk.d.ts CHANGED
@@ -82,4 +82,13 @@ export declare const JWK: z.ZodObject<{
82
82
  "x5t#S256"?: string | undefined;
83
83
  x5u?: string | undefined;
84
84
  }>;
85
+ /**
86
+ * Ensure key values are encoded using base64url and not just base64, as defined in https://datatracker.ietf.org/doc/html/rfc7517
87
+ *
88
+ * @see https://datatracker.ietf.org/doc/html/rfc7517
89
+ *
90
+ * @param key The key to fix
91
+ * @returns THe same input key with fixed values
92
+ */
93
+ export declare function fixBase64EncodingOnKey(key: JWK): JWK;
85
94
  //# sourceMappingURL=jwk.d.ts.map
package/lib/typescript/utils/jwk.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"jwk.d.ts","sourceRoot":"","sources":["../../../src/utils/jwk.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC;AACtC,eAAO,MAAM,GAAG;IACd,uCAAuC;;;;;;;IAOvC,yCAAyC;;;IAGzC,gDAAgD;;IAEhD,oCAAoC;;IAEpC;;kCAE8B;;;;;;IAM9B,4CAA4C;;;;IAI5C,qDAAqD;;IAErD,gEAAgE;;IAEhE,mEAAmE;;IAEnE,uCAAuC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEvC,CAAC"}
1
+ {"version":3,"file":"jwk.d.ts","sourceRoot":"","sources":["../../../src/utils/jwk.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC;AACtC,eAAO,MAAM,GAAG;IACd,uCAAuC;;;;;;;IAOvC,yCAAyC;;;IAGzC,gDAAgD;;IAEhD,oCAAoC;;IAEpC;;kCAE8B;;;;;;IAM9B,4CAA4C;;;;IAI5C,qDAAqD;;IAErD,gEAAgE;;IAEhE,mEAAmE;;IAEnE,uCAAuC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEvC,CAAC;AAEH;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,CAUpD"}
package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"issuing.d.ts","sourceRoot":"","sources":["../../../src/wallet-instance-attestation/issuing.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAKnC,qBAAa,OAAO;IAClB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;gBAE7B,qBAAqB,EAAE,MAAM,EAC7B,QAAQ,GAAE,WAAW,CAAC,OAAO,CAAS;IAMxC;;;;;;;;;OASG;IACG,2BAA2B,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IA0B5D;;;;;;;;;;;;OAYG;IACG,cAAc,CAClB,kBAAkB,EAAE,MAAM,EAC1B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC;CAqCnB"}
1
+ {"version":3,"file":"issuing.d.ts","sourceRoot":"","sources":["../../../src/wallet-instance-attestation/issuing.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,GAAG,EAA0B,MAAM,cAAc,CAAC;AAK3D,qBAAa,OAAO;IAClB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;gBAE7B,qBAAqB,EAAE,MAAM,EAC7B,QAAQ,GAAE,WAAW,CAAC,OAAO,CAAS;IAMxC;;;;;;;;;OASG;IACG,2BAA2B,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IA0B5D;;;;;;;;;;;;OAYG;IACG,cAAc,CAClB,kBAAkB,EAAE,MAAM,EAC1B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC;CAsCnB"}
package/lib/typescript/wallet-instance-attestation/types.d.ts CHANGED
@@ -32,7 +32,7 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
32
32
  iat: z.ZodNumber;
33
33
  exp: z.ZodNumber;
34
34
  cnf: z.ZodObject<{
35
- jwk: z.ZodObject<{
35
+ jwk: z.ZodIntersection<z.ZodObject<{
36
36
  alg: z.ZodOptional<z.ZodString>;
37
37
  crv: z.ZodOptional<z.ZodString>;
38
38
  d: z.ZodOptional<z.ZodString>;
@@ -101,7 +101,13 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
101
101
  x5t?: string | undefined;
102
102
  "x5t#S256"?: string | undefined;
103
103
  x5u?: string | undefined;
104
- }>;
104
+ }>, z.ZodObject<{
105
+ kid: z.ZodString;
106
+ }, "strip", z.ZodTypeAny, {
107
+ kid: string;
108
+ }, {
109
+ kid: string;
110
+ }>>;
105
111
  }, "strip", z.ZodTypeAny, {
106
112
  jwk: {
107
113
  kty: "RSA" | "EC";
@@ -126,6 +132,8 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
126
132
  x5t?: string | undefined;
127
133
  "x5t#S256"?: string | undefined;
128
134
  x5u?: string | undefined;
135
+ } & {
136
+ kid: string;
129
137
  };
130
138
  }, {
131
139
  jwk: {
@@ -151,6 +159,8 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
151
159
  x5t?: string | undefined;
152
160
  "x5t#S256"?: string | undefined;
153
161
  x5u?: string | undefined;
162
+ } & {
163
+ kid: string;
154
164
  };
155
165
  }>;
156
166
  }, "strip", z.ZodTypeAny, {
@@ -182,6 +192,8 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
182
192
  x5t?: string | undefined;
183
193
  "x5t#S256"?: string | undefined;
184
194
  x5u?: string | undefined;
195
+ } & {
196
+ kid: string;
185
197
  };
186
198
  };
187
199
  }, {
@@ -213,6 +225,8 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
213
225
  x5t?: string | undefined;
214
226
  "x5t#S256"?: string | undefined;
215
227
  x5u?: string | undefined;
228
+ } & {
229
+ kid: string;
216
230
  };
217
231
  };
218
232
  }>, z.ZodObject<{
@@ -264,6 +278,8 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
264
278
  x5t?: string | undefined;
265
279
  "x5t#S256"?: string | undefined;
266
280
  x5u?: string | undefined;
281
+ } & {
282
+ kid: string;
267
283
  };
268
284
  };
269
285
  } & {
@@ -309,6 +325,8 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
309
325
  x5t?: string | undefined;
310
326
  "x5t#S256"?: string | undefined;
311
327
  x5u?: string | undefined;
328
+ } & {
329
+ kid: string;
312
330
  };
313
331
  };
314
332
  } & {
@@ -349,7 +367,7 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
349
367
  iat: z.ZodNumber;
350
368
  exp: z.ZodNumber;
351
369
  cnf: z.ZodObject<{
352
- jwk: z.ZodObject<{
370
+ jwk: z.ZodIntersection<z.ZodObject<{
353
371
  alg: z.ZodOptional<z.ZodString>;
354
372
  crv: z.ZodOptional<z.ZodString>;
355
373
  d: z.ZodOptional<z.ZodString>;
@@ -418,7 +436,13 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
418
436
  x5t?: string | undefined;
419
437
  "x5t#S256"?: string | undefined;
420
438
  x5u?: string | undefined;
421
- }>;
439
+ }>, z.ZodObject<{
440
+ kid: z.ZodString;
441
+ }, "strip", z.ZodTypeAny, {
442
+ kid: string;
443
+ }, {
444
+ kid: string;
445
+ }>>;
422
446
  }, "strip", z.ZodTypeAny, {
423
447
  jwk: {
424
448
  kty: "RSA" | "EC";
@@ -443,6 +467,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
443
467
  x5t?: string | undefined;
444
468
  "x5t#S256"?: string | undefined;
445
469
  x5u?: string | undefined;
470
+ } & {
471
+ kid: string;
446
472
  };
447
473
  }, {
448
474
  jwk: {
@@ -468,6 +494,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
468
494
  x5t?: string | undefined;
469
495
  "x5t#S256"?: string | undefined;
470
496
  x5u?: string | undefined;
497
+ } & {
498
+ kid: string;
471
499
  };
472
500
  }>;
473
501
  }, "strip", z.ZodTypeAny, {
@@ -499,6 +527,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
499
527
  x5t?: string | undefined;
500
528
  "x5t#S256"?: string | undefined;
501
529
  x5u?: string | undefined;
530
+ } & {
531
+ kid: string;
502
532
  };
503
533
  };
504
534
  }, {
@@ -530,6 +560,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
530
560
  x5t?: string | undefined;
531
561
  "x5t#S256"?: string | undefined;
532
562
  x5u?: string | undefined;
563
+ } & {
564
+ kid: string;
533
565
  };
534
566
  };
535
567
  }>, z.ZodObject<{
@@ -648,6 +680,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
648
680
  x5t?: string | undefined;
649
681
  "x5t#S256"?: string | undefined;
650
682
  x5u?: string | undefined;
683
+ } & {
684
+ kid: string;
651
685
  };
652
686
  };
653
687
  } & {
@@ -708,6 +742,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
708
742
  x5t?: string | undefined;
709
743
  "x5t#S256"?: string | undefined;
710
744
  x5u?: string | undefined;
745
+ } & {
746
+ kid: string;
711
747
  };
712
748
  };
713
749
  } & {
package/lib/typescript/wallet-instance-attestation/types.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/wallet-instance-attestation/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAwBzB,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CACvD,OAAO,mCAAmC,CAC3C,CAAC;AACF,eAAO,MAAM,mCAAmC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc9C,CAAC;AAEH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,4BAA4B,CACpC,CAAC;AACF,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6BvC,CAAC"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/wallet-instance-attestation/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AA4BzB,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CACvD,OAAO,mCAAmC,CAC3C,CAAC;AACF,eAAO,MAAM,mCAAmC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc9C,CAAC;AAEH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,4BAA4B,CACpC,CAAC;AACF,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6BvC,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pagopa/io-react-native-wallet",
3
- "version": "0.2.8",
3
+ "version": "0.3.0",
4
4
  "description": "Provide data structures, helpers and API for IO Wallet",
5
5
  "main": "lib/commonjs/index",
6
6
  "module": "lib/module/index",
@@ -53,7 +53,7 @@
53
53
  "devDependencies": {
54
54
  "@pagopa/eslint-config": "^3.0.0",
55
55
  "@pagopa/io-react-native-crypto": "^0.2.3",
56
- "@pagopa/io-react-native-jwt": "^0.6.0",
56
+ "@pagopa/io-react-native-jwt": "^0.6.4",
57
57
  "@react-native-community/eslint-config": "^3.2.0",
58
58
  "@rushstack/eslint-patch": "^1.3.2",
59
59
  "@types/jest": "^28.1.2",
package/src/rp/__test__/index.test.ts CHANGED
@@ -1,5 +1,6 @@
1
1
  import { RelyingPartySolution } from "..";
2
2
  import { AuthRequestDecodeError } from "../../utils/errors";
3
+ import { RpEntityConfiguration } from "../types";
3
4
 
4
5
  describe("decodeAuthRequestQR", () => {
5
6
  it("should return authentication request URL", async () => {
@@ -17,3 +18,224 @@ describe("decodeAuthRequestQR", () => {
17
18
  );
18
19
  });
19
20
  });
21
+
22
+ describe("RpEntityConfiguration", () => {
23
+ it("should parse a valid confdsfashdhasd", async () => {
24
+ const pp = {
25
+ header: {
26
+ alg: "RS256",
27
+ kid: "9Cquk0X-fNPSdePQIgQcQZtD6J0IjIRrFigW2PPK_-w",
28
+ typ: "entity-statement+jwt",
29
+ },
30
+ payload: {
31
+ exp: 1692625747,
32
+ iat: 1692625387,
33
+ iss: "https://demo.proxy.eudi.wallet.developers.italia.it/OpenID4VP",
34
+ sub: "https://demo.proxy.eudi.wallet.developers.italia.it/OpenID4VP",
35
+ jwks: {
36
+ keys: [
37
+ {
38
+ kty: "RSA",
39
+ kid: "9Cquk0X-fNPSdePQIgQcQZtD6J0IjIRrFigW2PPK_-w",
40
+ e: "AQAB",
41
+ n: "utqtxbs-jnK0cPsV7aRkkZKA9t4S-WSZa3nCZtYIKDpgLnR_qcpeF0diJZvKOqXmj2cXaKFUE-8uHKAHo7BL7T-Rj2x3vGESh7SG1pE0thDGlXj4yNsg0qNvCXtk703L2H3i1UXwx6nq1uFxD2EcOE4a6qDYBI16Zl71TUZktJwmOejoHl16CPWqDLGo9GUSk_MmHOV20m4wXWkB4qbvpWVY8H6b2a0rB1B1YPOs5ZLYarSYZgjDEg6DMtZ4NgiwZ-4N1aaLwyO-GLwt9Vf-NBKwoxeRyD3zWE2FXRFBbhKGksMrCGnFDsNl5JTlPjaM3kYyImE941ggcuc495m-Fw",
42
+ },
43
+ ],
44
+ },
45
+ metadata: {
46
+ wallet_relying_party: {
47
+ application_type: "web",
48
+ authorization_encrypted_response_alg: [
49
+ "RSA-OAEP",
50
+ "RSA-OAEP-256",
51
+ "ECDH-ES",
52
+ "ECDH-ES+A128KW",
53
+ "ECDH-ES+A192KW",
54
+ "ECDH-ES+A256KW",
55
+ ],
56
+ authorization_encrypted_response_enc: [
57
+ "A128CBC-HS256",
58
+ "A192CBC-HS384",
59
+ "A256CBC-HS512",
60
+ "A128GCM",
61
+ "A192GCM",
62
+ "A256GCM",
63
+ ],
64
+ authorization_signed_response_alg: [
65
+ "RS256",
66
+ "RS384",
67
+ "RS512",
68
+ "ES256",
69
+ "ES384",
70
+ "ES512",
71
+ ],
72
+ client_id:
73
+ "https://demo.proxy.eudi.wallet.developers.italia.it/OpenID4VP",
74
+ client_name: "Name of an example organization",
75
+ contacts: ["ops@verifier.example.org"],
76
+ default_acr_values: [
77
+ "https://www.spid.gov.it/SpidL2",
78
+ "https://www.spid.gov.it/SpidL3",
79
+ ],
80
+ default_max_age: 1111,
81
+ id_token_encrypted_response_alg: [
82
+ "RSA-OAEP",
83
+ "RSA-OAEP-256",
84
+ "ECDH-ES",
85
+ "ECDH-ES+A128KW",
86
+ "ECDH-ES+A192KW",
87
+ "ECDH-ES+A256KW",
88
+ ],
89
+ id_token_encrypted_response_enc: [
90
+ "A128CBC-HS256",
91
+ "A192CBC-HS384",
92
+ "A256CBC-HS512",
93
+ "A128GCM",
94
+ "A192GCM",
95
+ "A256GCM",
96
+ ],
97
+ id_token_signed_response_alg: [
98
+ "RS256",
99
+ "RS384",
100
+ "RS512",
101
+ "ES256",
102
+ "ES384",
103
+ "ES512",
104
+ ],
105
+ presentation_definitions: [
106
+ {
107
+ id: "pid-sd-jwt:unique_id+given_name+family_name",
108
+ input_descriptors: [
109
+ {
110
+ id: "pid-sd-jwt:unique_id+given_name+family_name",
111
+ format: {
112
+ constraints: {
113
+ fields: [
114
+ {
115
+ filter: {
116
+ const: "PersonIdentificationData",
117
+ type: "string",
118
+ },
119
+ path: ["$.sd-jwt.type"],
120
+ },
121
+ {
122
+ filter: {
123
+ type: "object",
124
+ },
125
+ path: ["$.sd-jwt.cnf"],
126
+ },
127
+ {
128
+ intent_to_retain: "true",
129
+ path: ["$.sd-jwt.family_name"],
130
+ },
131
+ {
132
+ intent_to_retain: "true",
133
+ path: ["$.sd-jwt.given_name"],
134
+ },
135
+ {
136
+ intent_to_retain: "true",
137
+ path: ["$.sd-jwt.unique_id"],
138
+ },
139
+ ],
140
+ limit_disclosure: "required",
141
+ },
142
+ jwt: {
143
+ alg: ["EdDSA", "ES256"],
144
+ },
145
+ },
146
+ },
147
+ ],
148
+ },
149
+ {
150
+ id: "mDL-sample-req",
151
+ input_descriptors: [
152
+ {
153
+ format: {
154
+ constraints: {
155
+ fields: [
156
+ {
157
+ filter: {
158
+ const: "org.iso.18013.5.1.mDL",
159
+ type: "string",
160
+ },
161
+ path: ["$.mdoc.doctype"],
162
+ },
163
+ {
164
+ filter: {
165
+ const: "org.iso.18013.5.1",
166
+ type: "string",
167
+ },
168
+ path: ["$.mdoc.namespace"],
169
+ },
170
+ {
171
+ intent_to_retain: "false",
172
+ path: ["$.mdoc.family_name"],
173
+ },
174
+ {
175
+ intent_to_retain: "false",
176
+ path: ["$.mdoc.portrait"],
177
+ },
178
+ {
179
+ intent_to_retain: "false",
180
+ path: ["$.mdoc.driving_privileges"],
181
+ },
182
+ ],
183
+ limit_disclosure: "required",
184
+ },
185
+ mso_mdoc: {
186
+ alg: ["EdDSA", "ES256"],
187
+ },
188
+ },
189
+ id: "mDL",
190
+ },
191
+ ],
192
+ },
193
+ ],
194
+ redirect_uris: [
195
+ "https://demo.proxy.eudi.wallet.developers.italia.it/OpenID4VP/redirect-uri",
196
+ ],
197
+ request_uris: [
198
+ "https://demo.proxy.eudi.wallet.developers.italia.it/OpenID4VP/request-uri",
199
+ ],
200
+ require_auth_time: true,
201
+ subject_type: "pairwise",
202
+ vp_formats: {
203
+ jwt_vp_json: {
204
+ alg: ["EdDSA", "ES256K"],
205
+ },
206
+ },
207
+ jwks: [
208
+ {
209
+ crv: "P-256",
210
+ d: "KzQBowMMoPmSZe7G8QsdEWc1IvR2nsgE8qTOYmMcLtc",
211
+ kid: "dDwPWXz5sCtczj7CJbqgPGJ2qQ83gZ9Sfs-tJyULi6s",
212
+ use: "sig",
213
+ kty: "EC",
214
+ x: "TSO-KOqdnUj5SUuasdlRB2VVFSqtJOxuR5GftUTuBdk",
215
+ y: "ByWgQt1wGBSnF56jQqLdoO1xKUynMY-BHIDB3eXlR7",
216
+ },
217
+ {
218
+ kty: "RSA",
219
+ d: "QUZsh1NqvpueootsdSjFQz-BUvxwd3Qnzm5qNb-WeOsvt3rWMEv0Q8CZrla2tndHTJhwioo1U4NuQey7znijhZ177bUwPPxSW1r68dEnL2U74nKwwoYeeMdEXnUfZSPxzs7nY6b7vtyCoA-AjiVYFOlgKNAItspv1HxeyGCLhLYhKvS_YoTdAeLuegETU5D6K1xGQIuw0nS13Icjz79Y8jC10TX4FdZwdX-NmuIEDP5-s95V9DMENtVqJAVE3L-wO-NdDilyjyOmAbntgsCzYVGH9U3W_djh4t3qVFCv3r0S-DA2FD3THvlrFi655L0QHR3gu_Fbj3b9Ybtajpue_Q",
220
+ e: "AQAB",
221
+ use: "enc",
222
+ kid: "9Cquk0X-fNPSdePQIgQcQZtD6J0IjIRrFigW2PPK_-w",
223
+ n: "utqtxbs-jnK0cPsV7aRkkZKA9t4S-WSZa3nCZtYIKDpgLnR_qcpeF0diJZvKOqXmj2cXaKFUE-8uHKAHo7BL7T-Rj2x3vGESh7SG1pE0thDGlXj4yNsg0qNvCXtk703L2H3i1UXwx6nq1uFxD2EcOE4a6qDYBI16Zl71TUZktJwmOejoHl16CPWqDLGo9GUSk_MmHOV20m4wXWkB4qbvpWVY8H6b2a0rB1B1YPOs5ZLYarSYZgjDEg6DMtZ4NgiwZ-4N1aaLwyO-GLwt9Vf-NBKwoxeRyD3zWE2FXRFBbhKGksMrCGnFDsNl5JTlPjaM3kYyImE941ggcuc495m-Fw",
224
+ p: "2zmGXIMCEHPphw778YjVTar1eycih6fFSJ4I4bl1iq167GqO0PjlOx6CZ1-OdBTVU7HfrYRiUK_BnGRdPDn-DQghwwkB79ZdHWL14wXnpB5y-boHz_LxvjsEqXtuQYcIkidOGaMG68XNT1nM4F9a8UKFr5hHYT5_UIQSwsxlRQ0",
225
+ q: "2jMFt2iFrdaYabdXuB4QMboVjPvbLA-IVb6_0hSG_-EueGBvgcBxdFGIZaG6kqHqlB7qMsSzdptU0vn6IgmCZnX-Hlt6c5X7JB_q91PZMLTO01pbZ2Bk58GloalCHnw_mjPh0YPviH5jGoWM5RHyl_HDDMI-UeLkzP7ImxGizrM",
226
+ },
227
+ ],
228
+ },
229
+ },
230
+ authority_hints: [
231
+ "https://demo.federation.eudi.wallet.developers.italia.it",
232
+ ],
233
+ },
234
+ };
235
+ const result = RpEntityConfiguration.safeParse(pp);
236
+ if (result.success === false) {
237
+ throw result.error;
238
+ }
239
+ expect(result.success).toBe(true);
240
+ });
241
+ });
package/src/rp/index.ts CHANGED
@@ -77,7 +77,7 @@ export class RelyingPartySolution {
77
77
  *
78
78
  */
79
79
  async getUnsignedWalletInstanceDPoP(
80
- walletInstanceAttestationJwk: JWK,
80
+ walletInstanceAttestationJwk: any,
81
81
  authRequestUrl: string
82
82
  ): Promise<string> {
83
83
  return await new SignJWT({
@@ -109,10 +109,9 @@ export class RelyingPartySolution {
109
109
  */
110
110
  async getRequestObject(
111
111
  signedWalletInstanceDPoP: string,
112
+ requestUri: string,
112
113
  entity: RpEntityConfiguration
113
114
  ): Promise<RequestObject> {
114
- const decodedJwtDPop = await decodeJwt(signedWalletInstanceDPoP);
115
- const requestUri = decodedJwtDPop.payload.htu as string;
116
115
  const response = await this.appFetch(requestUri, {
117
116
  method: "GET",
118
117
  headers: {
@@ -122,13 +121,15 @@ export class RelyingPartySolution {
122
121
  });
123
122
 
124
123
  if (response.status === 200) {
125
- const responseText = await response.text();
126
- const responseJwt = decodeJwt(responseText);
124
+ const responseJson = await response.json();
125
+ const responseEncodedJwt = responseJson.response;
126
+
127
+ const responseJwt = decodeJwt(responseEncodedJwt);
127
128
 
128
129
  // verify token signature according to RP's entity configuration
129
130
  // to ensure the request object is authentic
130
131
  {
131
- const pubKey = entity.payload.jwks.keys.find(
132
+ const pubKey = entity.payload.metadata.wallet_relying_party.jwks.find(
132
133
  ({ kid }) => kid === responseJwt.protectedHeader.kid
133
134
  );
134
135
  if (!pubKey) {
@@ -136,7 +137,7 @@ export class RelyingPartySolution {
136
137
  "Request Object signature verification"
137
138
  );
138
139
  }
139
- await verify(responseText, pubKey);
140
+ await verify(responseEncodedJwt, pubKey);
140
141
  }
141
142
 
142
143
  // parse request object it has the expected shape by specification
@@ -163,14 +164,18 @@ export class RelyingPartySolution {
163
164
  * @todo accept more than a Verified Credential
164
165
  *
165
166
  * @param requestObj The incoming request object, which the requirements for the requested authorization
167
+ * @param walletInstanceIdentifier The identifies of the wallt instance that is presenting
166
168
  * @param presentation The Verified Credential containing user data along with the list of claims to be disclosed.
169
+ * @param signKeyId The kid of the key that will be used to sign
167
170
  * @returns The unsigned Verified Presentation token
168
171
  * @throws {ClaimsNotFoundBetweenDislosures} If the Verified Credential does not contain one or more requested claims.
169
172
  *
170
173
  */
171
174
  async prepareVpToken(
172
175
  requestObj: RequestObject,
173
- [vc, claims]: Presentation // TODO: [SIW-353] support multiple presentations
176
+ walletInstanceIdentifier: string,
177
+ [vc, claims]: Presentation, // TODO: [SIW-353] support multiple presentations,
178
+ signKeyId: string
174
179
  ): Promise<{
175
180
  vp_token: string;
176
181
  presentation_submission: Record<string, unknown>;
@@ -180,18 +185,25 @@ export class RelyingPartySolution {
180
185
 
181
186
  // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
182
187
 
183
- const vp_token = new SignJWT({ vp })
188
+ const vp_token = new SignJWT({
189
+ vp: vp,
190
+ jti: `${uuid.v4()}`,
191
+ iss: walletInstanceIdentifier,
192
+ nonce: requestObj.payload.nonce,
193
+ })
184
194
  .setAudience(requestObj.payload.response_uri)
195
+ .setIssuedAt()
185
196
  .setExpirationTime("1h")
186
197
  .setProtectedHeader({
187
198
  typ: "JWT",
188
199
  alg: "ES256",
200
+ kid: signKeyId,
189
201
  })
190
202
  .toSign();
191
203
 
192
- const [definition_id, vc_scope] = requestObj.payload.scope;
204
+ const vc_scope = requestObj.payload.scope;
193
205
  const presentation_submission = {
194
- definition_id,
206
+ definition_id: `${uuid.v4()}`,
195
207
  id: `${uuid.v4()}`,
196
208
  descriptor_map: paths.map((p) => ({
197
209
  id: vc_scope,
@@ -225,94 +237,72 @@ export class RelyingPartySolution {
225
237
  ): Promise<string> {
226
238
  // the request is an unsigned jws without iss, aud, exp
227
239
  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
228
- const jwk = this.choosePublicKeyToEncrypt(entity);
229
- const enc = this.getEncryptionAlgByJwk(jwk);
240
+ const jwk = this.chooseRSAPublicKeyToEncrypt(entity);
230
241
 
231
242
  const authzResponsePayload = JSON.stringify({
232
243
  state: requestObj.payload.state,
233
244
  presentation_submission,
245
+ nonce: requestObj.payload.nonce,
234
246
  vp_token,
235
247
  });
248
+
236
249
  const encrypted = await new EncryptJwe(authzResponsePayload, {
237
- alg: jwk.alg,
238
- enc,
250
+ alg: "RSA-OAEP-256",
251
+ enc: "A256CBC-HS512",
252
+ kid: jwk.kid,
239
253
  }).encrypt(jwk);
240
254
 
241
255
  const formBody = new URLSearchParams({ response: encrypted });
256
+ const body = formBody.toString();
257
+
242
258
  const response = await this.appFetch(requestObj.payload.response_uri, {
243
259
  method: "POST",
244
260
  headers: {
245
261
  "Content-Type": "application/x-www-form-urlencoded",
246
262
  },
247
- body: formBody.toString(),
263
+ body,
248
264
  });
249
265
 
250
266
  if (response.status === 200) {
251
- return response.text();
267
+ return await response.text();
252
268
  }
253
269
 
254
270
  throw new IoWalletError(
255
- `Unable to send Authorization Response. Response code: ${response.status}`
271
+ `Unable to send Authorization Response. Response: ${await response.text()} with code: ${
272
+ response.status
273
+ }`
256
274
  );
257
275
  }
258
276
 
259
277
  /**
260
- * Select a public key from those provided by the RP.
261
- * Keys with algorithm "RSA-OAEP-256" or "RSA-OAEP" are expected, the firsts to be preferred.
278
+ * Select a RSA public key from those provided by the RP to encrypt.
262
279
  *
263
280
  * @param entity The RP entity configuration
264
281
  * @returns A suitable public key with its compatible encryption algorithm
265
282
  * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
266
283
  */
267
- private choosePublicKeyToEncrypt(
268
- entity: RpEntityConfiguration
269
- ): (JWK & { alg: "RSA-OAEP-256" }) | (JWK & { alg: "RSA-OAEP" }) {
270
- // Look for keys using "RSA-OAEP-256", and pick a random one
271
- const [usingRsa256] = entity.payload.jwks.keys.filter(
272
- <T>(k: T & { alg?: string }): k is T & { alg: "RSA-OAEP-256" } =>
273
- typeof k.alg === "string" && k.alg === "RSA-OAEP-256"
274
- );
284
+ private chooseRSAPublicKeyToEncrypt(entity: RpEntityConfiguration): JWK {
285
+ const [usingRsa256] =
286
+ entity.payload.metadata.wallet_relying_party.jwks.filter(
287
+ (jwk) => jwk.use === "enc" && jwk.kty === "RSA"
288
+ );
275
289
 
276
290
  if (usingRsa256) {
277
291
  return usingRsa256;
278
292
  }
279
293
 
280
- // Look for keys using "RSA-OAEP", and pick a random one
281
- const [usingRsa] = entity.payload.jwks.keys.filter(
282
- <T>(k: T & { alg?: string }): k is T & { alg: "RSA-OAEP" } =>
283
- typeof k.alg === "string" && k.alg === "RSA-OAEP"
284
- );
285
-
286
- if (usingRsa) {
287
- return usingRsa;
288
- }
289
-
290
294
  // No suitable key has been found
291
295
  throw new NoSuitableKeysFoundInEntityConfiguration(
292
296
  "Encrypt with RP public key"
293
297
  );
294
298
  }
295
299
 
296
- private getEncryptionAlgByJwk({
297
- alg,
298
- }: (JWK & { alg: "RSA-OAEP-256" }) | (JWK & { alg: "RSA-OAEP" })):
299
- | "A128CBC-HS256"
300
- | "A256CBC-HS512" {
301
- if (alg === "RSA-OAEP-256") return "A256CBC-HS512";
302
- if (alg === "RSA-OAEP") return "A128CBC-HS256";
303
-
304
- const _: never = alg;
305
- throw new Error(`Invalid jwk algorithm: ${_}`);
306
- }
307
-
308
300
  /**
309
301
  * Obtain the relying party entity configuration.
310
302
  */
311
303
  async getEntityConfiguration(): Promise<RpEntityConfiguration> {
312
- const wellKnownUrl = new URL(
313
- "/.well-known/openid-federation",
314
- this.relyingPartyBaseUrl
315
- ).href;
304
+ const wellKnownUrl =
305
+ this.relyingPartyBaseUrl + "/.well-known/openid-federation";
316
306
 
317
307
  const response = await this.appFetch(wellKnownUrl, {
318
308
  method: "GET",