@pagopa/io-react-native-wallet 0.2.8 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/lib/commonjs/rp/__test__/index.test.js +145 -0
  2. package/lib/commonjs/rp/__test__/index.test.js.map +1 -1
  3. package/lib/commonjs/rp/index.js +33 -41
  4. package/lib/commonjs/rp/index.js.map +1 -1
  5. package/lib/commonjs/rp/types.js +11 -9
  6. package/lib/commonjs/rp/types.js.map +1 -1
  7. package/lib/commonjs/utils/jwk.js +35 -0
  8. package/lib/commonjs/utils/jwk.js.map +1 -1
  9. package/lib/commonjs/wallet-instance-attestation/issuing.js +1 -1
  10. package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
  11. package/lib/commonjs/wallet-instance-attestation/types.js +6 -2
  12. package/lib/commonjs/wallet-instance-attestation/types.js.map +1 -1
  13. package/lib/module/rp/__test__/index.test.js +145 -0
  14. package/lib/module/rp/__test__/index.test.js.map +1 -1
  15. package/lib/module/rp/index.js +33 -41
  16. package/lib/module/rp/index.js.map +1 -1
  17. package/lib/module/rp/types.js +11 -9
  18. package/lib/module/rp/types.js.map +1 -1
  19. package/lib/module/utils/jwk.js +34 -0
  20. package/lib/module/utils/jwk.js.map +1 -1
  21. package/lib/module/wallet-instance-attestation/issuing.js +2 -2
  22. package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
  23. package/lib/module/wallet-instance-attestation/types.js +6 -2
  24. package/lib/module/wallet-instance-attestation/types.js.map +1 -1
  25. package/lib/typescript/rp/index.d.ts +8 -8
  26. package/lib/typescript/rp/index.d.ts.map +1 -1
  27. package/lib/typescript/rp/types.d.ts +260 -389
  28. package/lib/typescript/rp/types.d.ts.map +1 -1
  29. package/lib/typescript/utils/jwk.d.ts +9 -0
  30. package/lib/typescript/utils/jwk.d.ts.map +1 -1
  31. package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +1 -1
  32. package/lib/typescript/wallet-instance-attestation/types.d.ts +40 -4
  33. package/lib/typescript/wallet-instance-attestation/types.d.ts.map +1 -1
  34. package/package.json +2 -2
  35. package/src/rp/__test__/index.test.ts +222 -0
  36. package/src/rp/index.ts +44 -54
  37. package/src/rp/types.ts +8 -7
  38. package/src/utils/jwk.ts +21 -0
  39. package/src/wallet-instance-attestation/issuing.ts +3 -2
  40. package/src/wallet-instance-attestation/types.ts +6 -2
package/lib/typescript/rp/types.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/rp/types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAoBxB,CAAC;AAGH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAC1E,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkChC,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;EAKxB,CAAC;AAEH;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACO,MAAM;IACzB,MAAM,EAAE;CACtB,CAAC"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/rp/types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAqBxB,CAAC;AAGH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAC1E,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkChC,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;EAKxB,CAAC;AAEH;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACO,MAAM;IACzB,MAAM,EAAE;CACtB,CAAC"}
package/lib/typescript/utils/jwk.d.ts CHANGED
@@ -82,4 +82,13 @@ export declare const JWK: z.ZodObject<{
82
82
  "x5t#S256"?: string | undefined;
83
83
  x5u?: string | undefined;
84
84
  }>;
85
+ /**
86
+ * Ensure key values are encoded using base64url and not just base64, as defined in https://datatracker.ietf.org/doc/html/rfc7517
87
+ *
88
+ * @see https://datatracker.ietf.org/doc/html/rfc7517
89
+ *
90
+ * @param key The key to fix
91
+ * @returns THe same input key with fixed values
92
+ */
93
+ export declare function fixBase64EncodingOnKey(key: JWK): JWK;
85
94
  //# sourceMappingURL=jwk.d.ts.map
package/lib/typescript/utils/jwk.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"jwk.d.ts","sourceRoot":"","sources":["../../../src/utils/jwk.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC;AACtC,eAAO,MAAM,GAAG;IACd,uCAAuC;;;;;;;IAOvC,yCAAyC;;;IAGzC,gDAAgD;;IAEhD,oCAAoC;;IAEpC;;kCAE8B;;;;;;IAM9B,4CAA4C;;;;IAI5C,qDAAqD;;IAErD,gEAAgE;;IAEhE,mEAAmE;;IAEnE,uCAAuC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEvC,CAAC"}
1
+ {"version":3,"file":"jwk.d.ts","sourceRoot":"","sources":["../../../src/utils/jwk.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC;AACtC,eAAO,MAAM,GAAG;IACd,uCAAuC;;;;;;;IAOvC,yCAAyC;;;IAGzC,gDAAgD;;IAEhD,oCAAoC;;IAEpC;;kCAE8B;;;;;;IAM9B,4CAA4C;;;;IAI5C,qDAAqD;;IAErD,gEAAgE;;IAEhE,mEAAmE;;IAEnE,uCAAuC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEvC,CAAC;AAEH;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,GAAG,GAAG,GAAG,CAUpD"}
package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"issuing.d.ts","sourceRoot":"","sources":["../../../src/wallet-instance-attestation/issuing.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAKnC,qBAAa,OAAO;IAClB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;gBAE7B,qBAAqB,EAAE,MAAM,EAC7B,QAAQ,GAAE,WAAW,CAAC,OAAO,CAAS;IAMxC;;;;;;;;;OASG;IACG,2BAA2B,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IA0B5D;;;;;;;;;;;;OAYG;IACG,cAAc,CAClB,kBAAkB,EAAE,MAAM,EAC1B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC;CAqCnB"}
1
+ {"version":3,"file":"issuing.d.ts","sourceRoot":"","sources":["../../../src/wallet-instance-attestation/issuing.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,GAAG,EAA0B,MAAM,cAAc,CAAC;AAK3D,qBAAa,OAAO;IAClB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;gBAE7B,qBAAqB,EAAE,MAAM,EAC7B,QAAQ,GAAE,WAAW,CAAC,OAAO,CAAS;IAMxC;;;;;;;;;OASG;IACG,2BAA2B,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IA0B5D;;;;;;;;;;;;OAYG;IACG,cAAc,CAClB,kBAAkB,EAAE,MAAM,EAC1B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC;CAsCnB"}
package/lib/typescript/wallet-instance-attestation/types.d.ts CHANGED
@@ -32,7 +32,7 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
32
32
  iat: z.ZodNumber;
33
33
  exp: z.ZodNumber;
34
34
  cnf: z.ZodObject<{
35
- jwk: z.ZodObject<{
35
+ jwk: z.ZodIntersection<z.ZodObject<{
36
36
  alg: z.ZodOptional<z.ZodString>;
37
37
  crv: z.ZodOptional<z.ZodString>;
38
38
  d: z.ZodOptional<z.ZodString>;
@@ -101,7 +101,13 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
101
101
  x5t?: string | undefined;
102
102
  "x5t#S256"?: string | undefined;
103
103
  x5u?: string | undefined;
104
- }>;
104
+ }>, z.ZodObject<{
105
+ kid: z.ZodString;
106
+ }, "strip", z.ZodTypeAny, {
107
+ kid: string;
108
+ }, {
109
+ kid: string;
110
+ }>>;
105
111
  }, "strip", z.ZodTypeAny, {
106
112
  jwk: {
107
113
  kty: "RSA" | "EC";
@@ -126,6 +132,8 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
126
132
  x5t?: string | undefined;
127
133
  "x5t#S256"?: string | undefined;
128
134
  x5u?: string | undefined;
135
+ } & {
136
+ kid: string;
129
137
  };
130
138
  }, {
131
139
  jwk: {
@@ -151,6 +159,8 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
151
159
  x5t?: string | undefined;
152
160
  "x5t#S256"?: string | undefined;
153
161
  x5u?: string | undefined;
162
+ } & {
163
+ kid: string;
154
164
  };
155
165
  }>;
156
166
  }, "strip", z.ZodTypeAny, {
@@ -182,6 +192,8 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
182
192
  x5t?: string | undefined;
183
193
  "x5t#S256"?: string | undefined;
184
194
  x5u?: string | undefined;
195
+ } & {
196
+ kid: string;
185
197
  };
186
198
  };
187
199
  }, {
@@ -213,6 +225,8 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
213
225
  x5t?: string | undefined;
214
226
  "x5t#S256"?: string | undefined;
215
227
  x5u?: string | undefined;
228
+ } & {
229
+ kid: string;
216
230
  };
217
231
  };
218
232
  }>, z.ZodObject<{
@@ -264,6 +278,8 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
264
278
  x5t?: string | undefined;
265
279
  "x5t#S256"?: string | undefined;
266
280
  x5u?: string | undefined;
281
+ } & {
282
+ kid: string;
267
283
  };
268
284
  };
269
285
  } & {
@@ -309,6 +325,8 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
309
325
  x5t?: string | undefined;
310
326
  "x5t#S256"?: string | undefined;
311
327
  x5u?: string | undefined;
328
+ } & {
329
+ kid: string;
312
330
  };
313
331
  };
314
332
  } & {
@@ -349,7 +367,7 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
349
367
  iat: z.ZodNumber;
350
368
  exp: z.ZodNumber;
351
369
  cnf: z.ZodObject<{
352
- jwk: z.ZodObject<{
370
+ jwk: z.ZodIntersection<z.ZodObject<{
353
371
  alg: z.ZodOptional<z.ZodString>;
354
372
  crv: z.ZodOptional<z.ZodString>;
355
373
  d: z.ZodOptional<z.ZodString>;
@@ -418,7 +436,13 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
418
436
  x5t?: string | undefined;
419
437
  "x5t#S256"?: string | undefined;
420
438
  x5u?: string | undefined;
421
- }>;
439
+ }>, z.ZodObject<{
440
+ kid: z.ZodString;
441
+ }, "strip", z.ZodTypeAny, {
442
+ kid: string;
443
+ }, {
444
+ kid: string;
445
+ }>>;
422
446
  }, "strip", z.ZodTypeAny, {
423
447
  jwk: {
424
448
  kty: "RSA" | "EC";
@@ -443,6 +467,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
443
467
  x5t?: string | undefined;
444
468
  "x5t#S256"?: string | undefined;
445
469
  x5u?: string | undefined;
470
+ } & {
471
+ kid: string;
446
472
  };
447
473
  }, {
448
474
  jwk: {
@@ -468,6 +494,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
468
494
  x5t?: string | undefined;
469
495
  "x5t#S256"?: string | undefined;
470
496
  x5u?: string | undefined;
497
+ } & {
498
+ kid: string;
471
499
  };
472
500
  }>;
473
501
  }, "strip", z.ZodTypeAny, {
@@ -499,6 +527,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
499
527
  x5t?: string | undefined;
500
528
  "x5t#S256"?: string | undefined;
501
529
  x5u?: string | undefined;
530
+ } & {
531
+ kid: string;
502
532
  };
503
533
  };
504
534
  }, {
@@ -530,6 +560,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
530
560
  x5t?: string | undefined;
531
561
  "x5t#S256"?: string | undefined;
532
562
  x5u?: string | undefined;
563
+ } & {
564
+ kid: string;
533
565
  };
534
566
  };
535
567
  }>, z.ZodObject<{
@@ -648,6 +680,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
648
680
  x5t?: string | undefined;
649
681
  "x5t#S256"?: string | undefined;
650
682
  x5u?: string | undefined;
683
+ } & {
684
+ kid: string;
651
685
  };
652
686
  };
653
687
  } & {
@@ -708,6 +742,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
708
742
  x5t?: string | undefined;
709
743
  "x5t#S256"?: string | undefined;
710
744
  x5u?: string | undefined;
745
+ } & {
746
+ kid: string;
711
747
  };
712
748
  };
713
749
  } & {
package/lib/typescript/wallet-instance-attestation/types.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/wallet-instance-attestation/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAwBzB,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CACvD,OAAO,mCAAmC,CAC3C,CAAC;AACF,eAAO,MAAM,mCAAmC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc9C,CAAC;AAEH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,4BAA4B,CACpC,CAAC;AACF,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6BvC,CAAC"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/wallet-instance-attestation/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AA4BzB,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CACvD,OAAO,mCAAmC,CAC3C,CAAC;AACF,eAAO,MAAM,mCAAmC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc9C,CAAC;AAEH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,4BAA4B,CACpC,CAAC;AACF,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6BvC,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pagopa/io-react-native-wallet",
3
- "version": "0.2.8",
3
+ "version": "0.3.1",
4
4
  "description": "Provide data structures, helpers and API for IO Wallet",
5
5
  "main": "lib/commonjs/index",
6
6
  "module": "lib/module/index",
@@ -53,7 +53,7 @@
53
53
  "devDependencies": {
54
54
  "@pagopa/eslint-config": "^3.0.0",
55
55
  "@pagopa/io-react-native-crypto": "^0.2.3",
56
- "@pagopa/io-react-native-jwt": "^0.6.0",
56
+ "@pagopa/io-react-native-jwt": "^0.6.4",
57
57
  "@react-native-community/eslint-config": "^3.2.0",
58
58
  "@rushstack/eslint-patch": "^1.3.2",
59
59
  "@types/jest": "^28.1.2",
package/src/rp/__test__/index.test.ts CHANGED
@@ -1,5 +1,6 @@
1
1
  import { RelyingPartySolution } from "..";
2
2
  import { AuthRequestDecodeError } from "../../utils/errors";
3
+ import { RpEntityConfiguration } from "../types";
3
4
 
4
5
  describe("decodeAuthRequestQR", () => {
5
6
  it("should return authentication request URL", async () => {
@@ -17,3 +18,224 @@ describe("decodeAuthRequestQR", () => {
17
18
  );
18
19
  });
19
20
  });
21
+
22
+ describe("RpEntityConfiguration", () => {
23
+ it("should parse a valid confdsfashdhasd", async () => {
24
+ const pp = {
25
+ header: {
26
+ alg: "RS256",
27
+ kid: "9Cquk0X-fNPSdePQIgQcQZtD6J0IjIRrFigW2PPK_-w",
28
+ typ: "entity-statement+jwt",
29
+ },
30
+ payload: {
31
+ exp: 1692625747,
32
+ iat: 1692625387,
33
+ iss: "https://demo.proxy.eudi.wallet.developers.italia.it/OpenID4VP",
34
+ sub: "https://demo.proxy.eudi.wallet.developers.italia.it/OpenID4VP",
35
+ jwks: {
36
+ keys: [
37
+ {
38
+ kty: "RSA",
39
+ kid: "9Cquk0X-fNPSdePQIgQcQZtD6J0IjIRrFigW2PPK_-w",
40
+ e: "AQAB",
41
+ n: "utqtxbs-jnK0cPsV7aRkkZKA9t4S-WSZa3nCZtYIKDpgLnR_qcpeF0diJZvKOqXmj2cXaKFUE-8uHKAHo7BL7T-Rj2x3vGESh7SG1pE0thDGlXj4yNsg0qNvCXtk703L2H3i1UXwx6nq1uFxD2EcOE4a6qDYBI16Zl71TUZktJwmOejoHl16CPWqDLGo9GUSk_MmHOV20m4wXWkB4qbvpWVY8H6b2a0rB1B1YPOs5ZLYarSYZgjDEg6DMtZ4NgiwZ-4N1aaLwyO-GLwt9Vf-NBKwoxeRyD3zWE2FXRFBbhKGksMrCGnFDsNl5JTlPjaM3kYyImE941ggcuc495m-Fw",
42
+ },
43
+ ],
44
+ },
45
+ metadata: {
46
+ wallet_relying_party: {
47
+ application_type: "web",
48
+ authorization_encrypted_response_alg: [
49
+ "RSA-OAEP",
50
+ "RSA-OAEP-256",
51
+ "ECDH-ES",
52
+ "ECDH-ES+A128KW",
53
+ "ECDH-ES+A192KW",
54
+ "ECDH-ES+A256KW",
55
+ ],
56
+ authorization_encrypted_response_enc: [
57
+ "A128CBC-HS256",
58
+ "A192CBC-HS384",
59
+ "A256CBC-HS512",
60
+ "A128GCM",
61
+ "A192GCM",
62
+ "A256GCM",
63
+ ],
64
+ authorization_signed_response_alg: [
65
+ "RS256",
66
+ "RS384",
67
+ "RS512",
68
+ "ES256",
69
+ "ES384",
70
+ "ES512",
71
+ ],
72
+ client_id:
73
+ "https://demo.proxy.eudi.wallet.developers.italia.it/OpenID4VP",
74
+ client_name: "Name of an example organization",
75
+ contacts: ["ops@verifier.example.org"],
76
+ default_acr_values: [
77
+ "https://www.spid.gov.it/SpidL2",
78
+ "https://www.spid.gov.it/SpidL3",
79
+ ],
80
+ default_max_age: 1111,
81
+ id_token_encrypted_response_alg: [
82
+ "RSA-OAEP",
83
+ "RSA-OAEP-256",
84
+ "ECDH-ES",
85
+ "ECDH-ES+A128KW",
86
+ "ECDH-ES+A192KW",
87
+ "ECDH-ES+A256KW",
88
+ ],
89
+ id_token_encrypted_response_enc: [
90
+ "A128CBC-HS256",
91
+ "A192CBC-HS384",
92
+ "A256CBC-HS512",
93
+ "A128GCM",
94
+ "A192GCM",
95
+ "A256GCM",
96
+ ],
97
+ id_token_signed_response_alg: [
98
+ "RS256",
99
+ "RS384",
100
+ "RS512",
101
+ "ES256",
102
+ "ES384",
103
+ "ES512",
104
+ ],
105
+ presentation_definitions: [
106
+ {
107
+ id: "pid-sd-jwt:unique_id+given_name+family_name",
108
+ input_descriptors: [
109
+ {
110
+ id: "pid-sd-jwt:unique_id+given_name+family_name",
111
+ format: {
112
+ constraints: {
113
+ fields: [
114
+ {
115
+ filter: {
116
+ const: "PersonIdentificationData",
117
+ type: "string",
118
+ },
119
+ path: ["$.sd-jwt.type"],
120
+ },
121
+ {
122
+ filter: {
123
+ type: "object",
124
+ },
125
+ path: ["$.sd-jwt.cnf"],
126
+ },
127
+ {
128
+ intent_to_retain: "true",
129
+ path: ["$.sd-jwt.family_name"],
130
+ },
131
+ {
132
+ intent_to_retain: "true",
133
+ path: ["$.sd-jwt.given_name"],
134
+ },
135
+ {
136
+ intent_to_retain: "true",
137
+ path: ["$.sd-jwt.unique_id"],
138
+ },
139
+ ],
140
+ limit_disclosure: "required",
141
+ },
142
+ jwt: {
143
+ alg: ["EdDSA", "ES256"],
144
+ },
145
+ },
146
+ },
147
+ ],
148
+ },
149
+ {
150
+ id: "mDL-sample-req",
151
+ input_descriptors: [
152
+ {
153
+ format: {
154
+ constraints: {
155
+ fields: [
156
+ {
157
+ filter: {
158
+ const: "org.iso.18013.5.1.mDL",
159
+ type: "string",
160
+ },
161
+ path: ["$.mdoc.doctype"],
162
+ },
163
+ {
164
+ filter: {
165
+ const: "org.iso.18013.5.1",
166
+ type: "string",
167
+ },
168
+ path: ["$.mdoc.namespace"],
169
+ },
170
+ {
171
+ intent_to_retain: "false",
172
+ path: ["$.mdoc.family_name"],
173
+ },
174
+ {
175
+ intent_to_retain: "false",
176
+ path: ["$.mdoc.portrait"],
177
+ },
178
+ {
179
+ intent_to_retain: "false",
180
+ path: ["$.mdoc.driving_privileges"],
181
+ },
182
+ ],
183
+ limit_disclosure: "required",
184
+ },
185
+ mso_mdoc: {
186
+ alg: ["EdDSA", "ES256"],
187
+ },
188
+ },
189
+ id: "mDL",
190
+ },
191
+ ],
192
+ },
193
+ ],
194
+ redirect_uris: [
195
+ "https://demo.proxy.eudi.wallet.developers.italia.it/OpenID4VP/redirect-uri",
196
+ ],
197
+ request_uris: [
198
+ "https://demo.proxy.eudi.wallet.developers.italia.it/OpenID4VP/request-uri",
199
+ ],
200
+ require_auth_time: true,
201
+ subject_type: "pairwise",
202
+ vp_formats: {
203
+ jwt_vp_json: {
204
+ alg: ["EdDSA", "ES256K"],
205
+ },
206
+ },
207
+ jwks: [
208
+ {
209
+ crv: "P-256",
210
+ d: "KzQBowMMoPmSZe7G8QsdEWc1IvR2nsgE8qTOYmMcLtc",
211
+ kid: "dDwPWXz5sCtczj7CJbqgPGJ2qQ83gZ9Sfs-tJyULi6s",
212
+ use: "sig",
213
+ kty: "EC",
214
+ x: "TSO-KOqdnUj5SUuasdlRB2VVFSqtJOxuR5GftUTuBdk",
215
+ y: "ByWgQt1wGBSnF56jQqLdoO1xKUynMY-BHIDB3eXlR7",
216
+ },
217
+ {
218
+ kty: "RSA",
219
+ d: "QUZsh1NqvpueootsdSjFQz-BUvxwd3Qnzm5qNb-WeOsvt3rWMEv0Q8CZrla2tndHTJhwioo1U4NuQey7znijhZ177bUwPPxSW1r68dEnL2U74nKwwoYeeMdEXnUfZSPxzs7nY6b7vtyCoA-AjiVYFOlgKNAItspv1HxeyGCLhLYhKvS_YoTdAeLuegETU5D6K1xGQIuw0nS13Icjz79Y8jC10TX4FdZwdX-NmuIEDP5-s95V9DMENtVqJAVE3L-wO-NdDilyjyOmAbntgsCzYVGH9U3W_djh4t3qVFCv3r0S-DA2FD3THvlrFi655L0QHR3gu_Fbj3b9Ybtajpue_Q",
220
+ e: "AQAB",
221
+ use: "enc",
222
+ kid: "9Cquk0X-fNPSdePQIgQcQZtD6J0IjIRrFigW2PPK_-w",
223
+ n: "utqtxbs-jnK0cPsV7aRkkZKA9t4S-WSZa3nCZtYIKDpgLnR_qcpeF0diJZvKOqXmj2cXaKFUE-8uHKAHo7BL7T-Rj2x3vGESh7SG1pE0thDGlXj4yNsg0qNvCXtk703L2H3i1UXwx6nq1uFxD2EcOE4a6qDYBI16Zl71TUZktJwmOejoHl16CPWqDLGo9GUSk_MmHOV20m4wXWkB4qbvpWVY8H6b2a0rB1B1YPOs5ZLYarSYZgjDEg6DMtZ4NgiwZ-4N1aaLwyO-GLwt9Vf-NBKwoxeRyD3zWE2FXRFBbhKGksMrCGnFDsNl5JTlPjaM3kYyImE941ggcuc495m-Fw",
224
+ p: "2zmGXIMCEHPphw778YjVTar1eycih6fFSJ4I4bl1iq167GqO0PjlOx6CZ1-OdBTVU7HfrYRiUK_BnGRdPDn-DQghwwkB79ZdHWL14wXnpB5y-boHz_LxvjsEqXtuQYcIkidOGaMG68XNT1nM4F9a8UKFr5hHYT5_UIQSwsxlRQ0",
225
+ q: "2jMFt2iFrdaYabdXuB4QMboVjPvbLA-IVb6_0hSG_-EueGBvgcBxdFGIZaG6kqHqlB7qMsSzdptU0vn6IgmCZnX-Hlt6c5X7JB_q91PZMLTO01pbZ2Bk58GloalCHnw_mjPh0YPviH5jGoWM5RHyl_HDDMI-UeLkzP7ImxGizrM",
226
+ },
227
+ ],
228
+ },
229
+ },
230
+ authority_hints: [
231
+ "https://demo.federation.eudi.wallet.developers.italia.it",
232
+ ],
233
+ },
234
+ };
235
+ const result = RpEntityConfiguration.safeParse(pp);
236
+ if (result.success === false) {
237
+ throw result.error;
238
+ }
239
+ expect(result.success).toBe(true);
240
+ });
241
+ });
package/src/rp/index.ts CHANGED
@@ -77,7 +77,7 @@ export class RelyingPartySolution {
77
77
  *
78
78
  */
79
79
  async getUnsignedWalletInstanceDPoP(
80
- walletInstanceAttestationJwk: JWK,
80
+ walletInstanceAttestationJwk: any,
81
81
  authRequestUrl: string
82
82
  ): Promise<string> {
83
83
  return await new SignJWT({
@@ -109,10 +109,9 @@ export class RelyingPartySolution {
109
109
  */
110
110
  async getRequestObject(
111
111
  signedWalletInstanceDPoP: string,
112
+ requestUri: string,
112
113
  entity: RpEntityConfiguration
113
114
  ): Promise<RequestObject> {
114
- const decodedJwtDPop = await decodeJwt(signedWalletInstanceDPoP);
115
- const requestUri = decodedJwtDPop.payload.htu as string;
116
115
  const response = await this.appFetch(requestUri, {
117
116
  method: "GET",
118
117
  headers: {
@@ -122,13 +121,15 @@ export class RelyingPartySolution {
122
121
  });
123
122
 
124
123
  if (response.status === 200) {
125
- const responseText = await response.text();
126
- const responseJwt = decodeJwt(responseText);
124
+ const responseJson = await response.json();
125
+ const responseEncodedJwt = responseJson.response;
126
+
127
+ const responseJwt = decodeJwt(responseEncodedJwt);
127
128
 
128
129
  // verify token signature according to RP's entity configuration
129
130
  // to ensure the request object is authentic
130
131
  {
131
- const pubKey = entity.payload.jwks.keys.find(
132
+ const pubKey = entity.payload.metadata.wallet_relying_party.jwks.find(
132
133
  ({ kid }) => kid === responseJwt.protectedHeader.kid
133
134
  );
134
135
  if (!pubKey) {
@@ -136,7 +137,7 @@ export class RelyingPartySolution {
136
137
  "Request Object signature verification"
137
138
  );
138
139
  }
139
- await verify(responseText, pubKey);
140
+ await verify(responseEncodedJwt, pubKey);
140
141
  }
141
142
 
142
143
  // parse request object it has the expected shape by specification
@@ -163,14 +164,18 @@ export class RelyingPartySolution {
163
164
  * @todo accept more than a Verified Credential
164
165
  *
165
166
  * @param requestObj The incoming request object, which the requirements for the requested authorization
167
+ * @param walletInstanceIdentifier The identifies of the wallt instance that is presenting
166
168
  * @param presentation The Verified Credential containing user data along with the list of claims to be disclosed.
169
+ * @param signKeyId The kid of the key that will be used to sign
167
170
  * @returns The unsigned Verified Presentation token
168
171
  * @throws {ClaimsNotFoundBetweenDislosures} If the Verified Credential does not contain one or more requested claims.
169
172
  *
170
173
  */
171
174
  async prepareVpToken(
172
175
  requestObj: RequestObject,
173
- [vc, claims]: Presentation // TODO: [SIW-353] support multiple presentations
176
+ walletInstanceIdentifier: string,
177
+ [vc, claims]: Presentation, // TODO: [SIW-353] support multiple presentations,
178
+ signKeyId: string
174
179
  ): Promise<{
175
180
  vp_token: string;
176
181
  presentation_submission: Record<string, unknown>;
@@ -180,18 +185,25 @@ export class RelyingPartySolution {
180
185
 
181
186
  // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
182
187
 
183
- const vp_token = new SignJWT({ vp })
188
+ const vp_token = new SignJWT({
189
+ vp: vp,
190
+ jti: `${uuid.v4()}`,
191
+ iss: walletInstanceIdentifier,
192
+ nonce: requestObj.payload.nonce,
193
+ })
184
194
  .setAudience(requestObj.payload.response_uri)
195
+ .setIssuedAt()
185
196
  .setExpirationTime("1h")
186
197
  .setProtectedHeader({
187
198
  typ: "JWT",
188
199
  alg: "ES256",
200
+ kid: signKeyId,
189
201
  })
190
202
  .toSign();
191
203
 
192
- const [definition_id, vc_scope] = requestObj.payload.scope;
204
+ const vc_scope = requestObj.payload.scope;
193
205
  const presentation_submission = {
194
- definition_id,
206
+ definition_id: `${uuid.v4()}`,
195
207
  id: `${uuid.v4()}`,
196
208
  descriptor_map: paths.map((p) => ({
197
209
  id: vc_scope,
@@ -225,94 +237,72 @@ export class RelyingPartySolution {
225
237
  ): Promise<string> {
226
238
  // the request is an unsigned jws without iss, aud, exp
227
239
  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
228
- const jwk = this.choosePublicKeyToEncrypt(entity);
229
- const enc = this.getEncryptionAlgByJwk(jwk);
240
+ const jwk = this.chooseRSAPublicKeyToEncrypt(entity);
230
241
 
231
242
  const authzResponsePayload = JSON.stringify({
232
243
  state: requestObj.payload.state,
233
244
  presentation_submission,
245
+ nonce: requestObj.payload.nonce,
234
246
  vp_token,
235
247
  });
248
+
236
249
  const encrypted = await new EncryptJwe(authzResponsePayload, {
237
- alg: jwk.alg,
238
- enc,
250
+ alg: "RSA-OAEP-256",
251
+ enc: "A256CBC-HS512",
252
+ kid: jwk.kid,
239
253
  }).encrypt(jwk);
240
254
 
241
255
  const formBody = new URLSearchParams({ response: encrypted });
256
+ const body = formBody.toString();
257
+
242
258
  const response = await this.appFetch(requestObj.payload.response_uri, {
243
259
  method: "POST",
244
260
  headers: {
245
261
  "Content-Type": "application/x-www-form-urlencoded",
246
262
  },
247
- body: formBody.toString(),
263
+ body,
248
264
  });
249
265
 
250
266
  if (response.status === 200) {
251
- return response.text();
267
+ return await response.json();
252
268
  }
253
269
 
254
270
  throw new IoWalletError(
255
- `Unable to send Authorization Response. Response code: ${response.status}`
271
+ `Unable to send Authorization Response. Response: ${await response.text()} with code: ${
272
+ response.status
273
+ }`
256
274
  );
257
275
  }
258
276
 
259
277
  /**
260
- * Select a public key from those provided by the RP.
261
- * Keys with algorithm "RSA-OAEP-256" or "RSA-OAEP" are expected, the firsts to be preferred.
278
+ * Select a RSA public key from those provided by the RP to encrypt.
262
279
  *
263
280
  * @param entity The RP entity configuration
264
281
  * @returns A suitable public key with its compatible encryption algorithm
265
282
  * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
266
283
  */
267
- private choosePublicKeyToEncrypt(
268
- entity: RpEntityConfiguration
269
- ): (JWK & { alg: "RSA-OAEP-256" }) | (JWK & { alg: "RSA-OAEP" }) {
270
- // Look for keys using "RSA-OAEP-256", and pick a random one
271
- const [usingRsa256] = entity.payload.jwks.keys.filter(
272
- <T>(k: T & { alg?: string }): k is T & { alg: "RSA-OAEP-256" } =>
273
- typeof k.alg === "string" && k.alg === "RSA-OAEP-256"
274
- );
284
+ private chooseRSAPublicKeyToEncrypt(entity: RpEntityConfiguration): JWK {
285
+ const [usingRsa256] =
286
+ entity.payload.metadata.wallet_relying_party.jwks.filter(
287
+ (jwk) => jwk.use === "enc" && jwk.kty === "RSA"
288
+ );
275
289
 
276
290
  if (usingRsa256) {
277
291
  return usingRsa256;
278
292
  }
279
293
 
280
- // Look for keys using "RSA-OAEP", and pick a random one
281
- const [usingRsa] = entity.payload.jwks.keys.filter(
282
- <T>(k: T & { alg?: string }): k is T & { alg: "RSA-OAEP" } =>
283
- typeof k.alg === "string" && k.alg === "RSA-OAEP"
284
- );
285
-
286
- if (usingRsa) {
287
- return usingRsa;
288
- }
289
-
290
294
  // No suitable key has been found
291
295
  throw new NoSuitableKeysFoundInEntityConfiguration(
292
296
  "Encrypt with RP public key"
293
297
  );
294
298
  }
295
299
 
296
- private getEncryptionAlgByJwk({
297
- alg,
298
- }: (JWK & { alg: "RSA-OAEP-256" }) | (JWK & { alg: "RSA-OAEP" })):
299
- | "A128CBC-HS256"
300
- | "A256CBC-HS512" {
301
- if (alg === "RSA-OAEP-256") return "A256CBC-HS512";
302
- if (alg === "RSA-OAEP") return "A128CBC-HS256";
303
-
304
- const _: never = alg;
305
- throw new Error(`Invalid jwk algorithm: ${_}`);
306
- }
307
-
308
300
  /**
309
301
  * Obtain the relying party entity configuration.
310
302
  */
311
303
  async getEntityConfiguration(): Promise<RpEntityConfiguration> {
312
- const wellKnownUrl = new URL(
313
- "/.well-known/openid-federation",
314
- this.relyingPartyBaseUrl
315
- ).href;
304
+ const wellKnownUrl =
305
+ this.relyingPartyBaseUrl + "/.well-known/openid-federation";
316
306
 
317
307
  const response = await this.appFetch(wellKnownUrl, {
318
308
  method: "GET",