@pagopa/io-react-native-wallet 0.27.0 → 0.28.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (90) hide show
  1. package/lib/commonjs/client/generated/wallet-provider.js +27 -19
  2. package/lib/commonjs/client/generated/wallet-provider.js.map +1 -1
  3. package/lib/commonjs/credential/issuance/04-complete-user-authorization.js +5 -5
  4. package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map +1 -1
  5. package/lib/commonjs/credential/issuance/05-authorize-access.js +3 -4
  6. package/lib/commonjs/credential/issuance/05-authorize-access.js.map +1 -1
  7. package/lib/commonjs/credential/issuance/06-obtain-credential.js +2 -3
  8. package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
  9. package/lib/commonjs/credential/issuance/README.md +2 -2
  10. package/lib/commonjs/credential/presentation/03-get-request-object.js +2 -3
  11. package/lib/commonjs/credential/presentation/03-get-request-object.js.map +1 -1
  12. package/lib/commonjs/credential/presentation/04-send-authorization-response.js +4 -5
  13. package/lib/commonjs/credential/presentation/04-send-authorization-response.js.map +1 -1
  14. package/lib/commonjs/credential/status/02-status-attestation.js +2 -3
  15. package/lib/commonjs/credential/status/02-status-attestation.js.map +1 -1
  16. package/lib/commonjs/trust/chain.js +35 -50
  17. package/lib/commonjs/trust/chain.js.map +1 -1
  18. package/lib/commonjs/trust/index.js +139 -16
  19. package/lib/commonjs/trust/index.js.map +1 -1
  20. package/lib/commonjs/trust/types.js +13 -37
  21. package/lib/commonjs/trust/types.js.map +1 -1
  22. package/lib/commonjs/trust/utils.js +36 -0
  23. package/lib/commonjs/trust/utils.js.map +1 -0
  24. package/lib/commonjs/utils/crypto.js +2 -3
  25. package/lib/commonjs/utils/crypto.js.map +1 -1
  26. package/lib/commonjs/utils/par.js +3 -4
  27. package/lib/commonjs/utils/par.js.map +1 -1
  28. package/lib/commonjs/wallet-instance/index.js +10 -0
  29. package/lib/commonjs/wallet-instance/index.js.map +1 -1
  30. package/lib/module/client/generated/wallet-provider.js +22 -15
  31. package/lib/module/client/generated/wallet-provider.js.map +1 -1
  32. package/lib/module/credential/issuance/04-complete-user-authorization.js +5 -5
  33. package/lib/module/credential/issuance/04-complete-user-authorization.js.map +1 -1
  34. package/lib/module/credential/issuance/05-authorize-access.js +3 -3
  35. package/lib/module/credential/issuance/05-authorize-access.js.map +1 -1
  36. package/lib/module/credential/issuance/06-obtain-credential.js +2 -2
  37. package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
  38. package/lib/module/credential/issuance/README.md +2 -2
  39. package/lib/module/credential/presentation/03-get-request-object.js +2 -2
  40. package/lib/module/credential/presentation/03-get-request-object.js.map +1 -1
  41. package/lib/module/credential/presentation/04-send-authorization-response.js +4 -4
  42. package/lib/module/credential/presentation/04-send-authorization-response.js.map +1 -1
  43. package/lib/module/credential/status/02-status-attestation.js +2 -2
  44. package/lib/module/credential/status/02-status-attestation.js.map +1 -1
  45. package/lib/module/trust/chain.js +32 -46
  46. package/lib/module/trust/chain.js.map +1 -1
  47. package/lib/module/trust/index.js +139 -18
  48. package/lib/module/trust/index.js.map +1 -1
  49. package/lib/module/trust/types.js +11 -36
  50. package/lib/module/trust/types.js.map +1 -1
  51. package/lib/module/trust/utils.js +28 -0
  52. package/lib/module/trust/utils.js.map +1 -0
  53. package/lib/module/utils/crypto.js +2 -2
  54. package/lib/module/utils/crypto.js.map +1 -1
  55. package/lib/module/utils/par.js +3 -3
  56. package/lib/module/utils/par.js.map +1 -1
  57. package/lib/module/wallet-instance/index.js +9 -0
  58. package/lib/module/wallet-instance/index.js.map +1 -1
  59. package/lib/typescript/client/generated/wallet-provider.d.ts +91 -54
  60. package/lib/typescript/client/generated/wallet-provider.d.ts.map +1 -1
  61. package/lib/typescript/credential/status/types.d.ts +6 -6
  62. package/lib/typescript/sd-jwt/index.d.ts +12 -12
  63. package/lib/typescript/sd-jwt/types.d.ts +6 -6
  64. package/lib/typescript/trust/chain.d.ts +4 -9
  65. package/lib/typescript/trust/chain.d.ts.map +1 -1
  66. package/lib/typescript/trust/index.d.ts +109 -95
  67. package/lib/typescript/trust/index.d.ts.map +1 -1
  68. package/lib/typescript/trust/types.d.ts +845 -542
  69. package/lib/typescript/trust/types.d.ts.map +1 -1
  70. package/lib/typescript/trust/utils.d.ts +12 -0
  71. package/lib/typescript/trust/utils.d.ts.map +1 -0
  72. package/lib/typescript/wallet-instance/index.d.ts +8 -0
  73. package/lib/typescript/wallet-instance/index.d.ts.map +1 -1
  74. package/lib/typescript/wallet-instance-attestation/types.d.ts +24 -24
  75. package/package.json +9 -3
  76. package/src/client/generated/wallet-provider.ts +28 -19
  77. package/src/credential/issuance/04-complete-user-authorization.ts +5 -5
  78. package/src/credential/issuance/05-authorize-access.ts +3 -3
  79. package/src/credential/issuance/06-obtain-credential.ts +2 -2
  80. package/src/credential/issuance/README.md +2 -2
  81. package/src/credential/presentation/03-get-request-object.ts +2 -2
  82. package/src/credential/presentation/04-send-authorization-response.ts +4 -4
  83. package/src/credential/status/02-status-attestation.ts +2 -2
  84. package/src/trust/chain.ts +46 -62
  85. package/src/trust/index.ts +185 -20
  86. package/src/trust/types.ts +10 -27
  87. package/src/trust/utils.ts +32 -0
  88. package/src/utils/crypto.ts +2 -2
  89. package/src/utils/par.ts +3 -3
  90. package/src/wallet-instance/index.ts +13 -0
@@ -1,34 +1,8 @@
1
- import { decode as decodeJwt, verify as verifyJwt } from "@pagopa/io-react-native-jwt";
2
1
  import { EntityConfiguration, EntityStatement, TrustAnchorEntityConfiguration } from "./types";
3
2
  import { IoWalletError } from "../utils/errors";
4
3
  import * as z from "zod";
5
4
  import { getSignedEntityConfiguration, getSignedEntityStatement } from ".";
6
- // Verify a token signature
7
- // The kid is extracted from the token header
8
- const verify = async (token, kid, jwks) => {
9
- const jwk = jwks.find(k => k.kid === kid);
10
- if (!jwk) {
11
- throw new Error(`Invalid kid: ${kid}, token: ${token}`);
12
- }
13
- const {
14
- protectedHeader: header,
15
- payload
16
- } = await verifyJwt(token, jwk);
17
- return {
18
- header,
19
- payload
20
- };
21
- };
22
- const decode = token => {
23
- const {
24
- protectedHeader: header,
25
- payload
26
- } = decodeJwt(token);
27
- return {
28
- header,
29
- payload
30
- };
31
- };
5
+ import { decode, verify } from "./utils";
32
6
 
33
7
  // The first element of the chain is supposed to be the Entity Configuration for the document issuer
34
8
  const FirstElementShape = EntityConfiguration;
@@ -42,7 +16,7 @@ const LastElementShape = z.union([EntityStatement, TrustAnchorEntityConfiguratio
42
16
  * Validates a provided trust chain against a known trust
43
17
  *
44
18
  * @param trustAnchorEntity The entity configuration of the known trust anchor
45
- * @param chain The chain of statements to be validate
19
+ * @param chain The chain of statements to be validated
46
20
  * @returns The list of parsed token representing the chain
47
21
  * @throws {IoWalletError} If the chain is not valid
48
22
  */
@@ -66,7 +40,7 @@ export async function validateTrustChain(trustAnchorEntity, chain) {
66
40
  };
67
41
 
68
42
  // select keys from the next token
69
- // if the current token is the last, keys fro trust anchor will be used
43
+ // if the current token is the last, keys from trust anchor will be used
70
44
  const selectKeys = currentIndex => {
71
45
  if (currentIndex === chain.length - 1) {
72
46
  return trustAnchorEntity.payload.jwks.keys;
@@ -81,7 +55,7 @@ export async function validateTrustChain(trustAnchorEntity, chain) {
81
55
  };
82
56
 
83
57
  // Iterate the chain and validate each element's signature against the public keys of its next
84
- // If there is no next, hence it's the end of the chain and it must be verified by the Trust Anchor
58
+ // If there is no next, hence it's the end of the chain, and it must be verified by the Trust Anchor
85
59
  return Promise.all(chain.map((token, i) => [token, selectKid(i), selectKeys(i)]).map(args => verify(...args)));
86
60
  }
87
61
 
@@ -90,24 +64,36 @@ export async function validateTrustChain(trustAnchorEntity, chain) {
90
64
  *
91
65
  * @param chain The original chain
92
66
  * @param appFetch (optional) fetch api implementation
93
- * @returns A list of signed token that reprensent the trust chain, in the same order of the provided chain
94
- * @throws When an element of the chain fails to parse
67
+ * @returns A list of signed token that represent the trust chain, in the same order of the provided chain
68
+ * @throws IoWalletError When an element of the chain fails to parse
95
69
  */
96
- export function renewTrustChain(chain) {
70
+ export async function renewTrustChain(chain) {
97
71
  let appFetch = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : fetch;
98
- return Promise.all(chain
99
- // Decode each item to determine its shape
100
- .map(decode).map(e => [EntityStatement.safeParse(e), EntityConfiguration.safeParse(e)])
101
- // fetch the element according to its shape
102
- .map((_ref, i) => {
103
- let [es, ec] = _ref;
104
- return ec.success ? getSignedEntityConfiguration(ec.data.payload.iss, {
105
- appFetch
106
- }) : es.success ? getSignedEntityStatement(es.data.payload.iss, es.data.payload.sub, {
107
- appFetch
108
- }) :
109
- // if the element fail to parse in both EntityStatement and EntityConfiguration, raise an error
110
- Promise.reject(new IoWalletError(`Cannot renew trust chain because the element #${i} failed to be parsed.`));
72
+ return Promise.all(chain.map(async (token, index) => {
73
+ const decoded = decode(token);
74
+ const entityStatementResult = EntityStatement.safeParse(decoded);
75
+ const entityConfigurationResult = EntityConfiguration.safeParse(decoded);
76
+ if (entityConfigurationResult.success) {
77
+ return getSignedEntityConfiguration(entityConfigurationResult.data.payload.iss, {
78
+ appFetch
79
+ });
80
+ }
81
+ if (entityStatementResult.success) {
82
+ const entityStatement = entityStatementResult.data;
83
+ const parentBaseUrl = entityStatement.payload.iss;
84
+ const parentECJwt = await getSignedEntityConfiguration(parentBaseUrl, {
85
+ appFetch
86
+ });
87
+ const parentEC = EntityConfiguration.parse(decode(parentECJwt));
88
+ const federationFetchEndpoint = parentEC.payload.metadata.federation_entity.federation_fetch_endpoint;
89
+ if (!federationFetchEndpoint) {
90
+ throw new IoWalletError(`Parent EC at ${parentBaseUrl} is missing federation_fetch_endpoint`);
91
+ }
92
+ return getSignedEntityStatement(federationFetchEndpoint, entityStatement.payload.sub, {
93
+ appFetch
94
+ });
95
+ }
96
+ throw new IoWalletError(`Cannot renew trust chain because element #${index} failed to parse.`);
111
97
  }));
112
98
  }
113
99
  //# sourceMappingURL=chain.js.map
@@ -1 +1 @@
1
- {"version":3,"names":["decode","decodeJwt","verify","verifyJwt","EntityConfiguration","EntityStatement","TrustAnchorEntityConfiguration","IoWalletError","z","getSignedEntityConfiguration","getSignedEntityStatement","token","kid","jwks","jwk","find","k","Error","protectedHeader","header","payload","FirstElementShape","MiddleElementShape","LastElementShape","union","validateTrustChain","trustAnchorEntity","chain","length","selectTokenShape","elementIndex","selectKid","currentIndex","shape","parse","selectKeys","keys","nextIndex","nextToken","Promise","all","map","i","args","renewTrustChain","appFetch","arguments","undefined","fetch","e","safeParse","_ref","es","ec","success","data","iss","sub","reject"],"sourceRoot":"../../../src","sources":["trust/chain.ts"],"mappings":"AAAA,SACEA,MAAM,IAAIC,SAAS,EACnBC,MAAM,IAAIC,SAAS,QACd,6BAA6B;AACpC,SACEC,mBAAmB,EACnBC,eAAe,EACfC,8BAA8B,QACzB,SAAS;AAEhB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,SAASC,4BAA4B,EAAEC,wBAAwB,QAAQ,GAAG;AAO1E;AACA;AACA,MAAMR,MAAM,GAAG,MAAAA,CACbS,KAAa,EACbC,GAAW,EACXC,IAAW,KACc;EACzB,MAAMC,GAAG,GAAGD,IAAI,CAACE,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,GAAG,KAAKA,GAAG,CAAC;EAC3C,IAAI,CAACE,GAAG,EAAE;IACR,MAAM,IAAIG,KAAK,CAAE,gBAAeL,GAAI,YAAWD,KAAM,EAAC,CAAC;EACzD;EACA,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAMjB,SAAS,CAACQ,KAAK,EAAEG,GAAG,CAAC;EACxE,OAAO;IAAEK,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;AAED,MAAMpB,MAAM,GAAIW,KAAa,IAAK;EAChC,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAGnB,SAAS,CAACU,KAAK,CAAC;EAC7D,OAAO;IAAEQ,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;;AAED;AACA,MAAMC,iBAAiB,GAAGjB,mBAAmB;AAC7C;AACA,MAAMkB,kBAAkB,GAAGjB,eAAe;AAC1C;AACA;AACA,MAAMkB,gBAAgB,GAAGf,CAAC,CAACgB,KAAK,CAAC,CAC/BnB,eAAe,EACfC,8BAA8B,CAC/B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAemB,kBAAkBA,CACtCC,iBAAiD,EACjDC,KAAe,EACS;EACxB;EACA,IAAIA,KAAK,CAACC,MAAM,KAAK,CAAC,EAAE;IACtB,MAAM,IAAIrB,aAAa,CAAC,iCAAiC,CAAC;EAC5D;;EAEA;EACA,MAAMsB,gBAAgB,GAAIC,YAAoB,IAC5CA,YAAY,KAAK,CAAC,GACdT,iBAAiB,GACjBS,YAAY,KAAKH,KAAK,CAACC,MAAM,GAAG,CAAC,GACjCL,gBAAgB,GAChBD,kBAAkB;;EAExB;EACA,MAAMS,SAAS,GAAIC,YAAoB,IAAa;IAClD,MAAMrB,KAAK,GAAGgB,KAAK,CAACK,YAAY,CAAC;IACjC,IAAI,CAACrB,KAAK,EAAE;MACV,MAAM,IAAIJ,aAAa,CAAE,gCAA+B,CAAC;IAC3D;IACA,MAAM0B,KAAK,GAAGJ,gBAAgB,CAACG,YAAY,CAAC;IAC5C,OAAOC,KAAK,CAACC,KAAK,CAAClC,MAAM,CAACW,KAAK,CAAC,CAAC,CAACQ,MAAM,CAACP,GAAG;EAC9C,CAAC;;EAED;EACA;EACA,MAAMuB,UAAU,GAAIH,YAAoB,IAAY;IAClD,IAAIA,YAAY,KAAKL,KAAK,CAACC,MAAM,GAAG,CAAC,EAAE;MACrC,OAAOF,iBAAiB,CAACN,OAAO,CAACP,IAAI,CAACuB,IAAI;IAC5C;IAEA,MAAMC,SAAS,GAAGL,YAAY,GAAG,CAAC;IAClC,MAAMM,SAAS,GAAGX,KAAK,CAACU,SAAS,CAAC;IAClC,IAAI,CAACC,SAAS,EAAE;MACd,MAAM,IAAI/B,aAAa,CAAE,qCAAoC,CAAC;IAChE;IACA,MAAM0B,KAAK,GAAGJ,gBAAgB,CAACQ,SAAS,CAAC;IACzC,OAAOJ,KAAK,CAACC,KAAK,CAAClC,MAAM,CAACsC,SAAS,CAAC,CAAC,CAAClB,OAAO,CAACP,IAAI,CAACuB,IAAI;EACzD,CAAC;;EAED;EACA;EACA,OAAOG,OAAO,CAACC,GAAG,CAChBb,KAAK,CACFc,GAAG,CAAC,CAAC9B,KAAK,EAAE+B,CAAC,KAAK,CAAC/B,KAAK,EAAEoB,SAAS,CAACW,CAAC,CAAC,EAAEP,UAAU,CAACO,CAAC,CAAC,CAAU,CAAC,CAChED,GAAG,CAAEE,IAAI,IAAKzC,MAAM,CAAC,GAAGyC,IAAI,CAAC,CAClC,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,eAAeA,CAC7BjB,KAAe,EAEf;EAAA,IADAkB,QAA8B,GAAAC,SAAA,CAAAlB,MAAA,QAAAkB,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAGE,KAAK;EAEtC,OAAOT,OAAO,CAACC,GAAG,CAChBb;EACE;EAAA,CACCc,GAAG,CAACzC,MAAM,CAAC,CACXyC,GAAG,CACDQ,CAAC,IACA,CACE5C,eAAe,CAAC6C,SAAS,CAACD,CAAC,CAAC,EAC5B7C,mBAAmB,CAAC8C,SAAS,CAACD,CAAC,CAAC,CAEtC;EACA;EAAA,CACCR,GAAG,CAAC,CAAAU,IAAA,EAAWT,CAAC;IAAA,IAAX,CAACU,EAAE,EAAEC,EAAE,CAAC,GAAAF,IAAA;IAAA,OACZE,EAAE,CAACC,OAAO,GACN7C,4BAA4B,CAAC4C,EAAE,CAACE,IAAI,CAACnC,OAAO,CAACoC,GAAG,EAAE;MAAEX;IAAS,CAAC,CAAC,GAC/DO,EAAE,CAACE,OAAO,GACV5C,wBAAwB,CAAC0C,EAAE,CAACG,IAAI,CAACnC,OAAO,CAACoC,GAAG,EAAEJ,EAAE,CAACG,IAAI,CAACnC,OAAO,CAACqC,GAAG,EAAE;MACjEZ;IACF,CAAC,CAAC;IACF;IACAN,OAAO,CAACmB,MAAM,CACZ,IAAInD,aAAa,CACd,iDAAgDmC,CAAE,uBACrD,CACF,CAAC;EAAA,CACP,CACJ,CAAC;AACH"}
1
+ {"version":3,"names":["EntityConfiguration","EntityStatement","TrustAnchorEntityConfiguration","IoWalletError","z","getSignedEntityConfiguration","getSignedEntityStatement","decode","verify","FirstElementShape","MiddleElementShape","LastElementShape","union","validateTrustChain","trustAnchorEntity","chain","length","selectTokenShape","elementIndex","selectKid","currentIndex","token","shape","parse","header","kid","selectKeys","payload","jwks","keys","nextIndex","nextToken","Promise","all","map","i","args","renewTrustChain","appFetch","arguments","undefined","fetch","index","decoded","entityStatementResult","safeParse","entityConfigurationResult","success","data","iss","entityStatement","parentBaseUrl","parentECJwt","parentEC","federationFetchEndpoint","metadata","federation_entity","federation_fetch_endpoint","sub"],"sourceRoot":"../../../src","sources":["trust/chain.ts"],"mappings":"AAAA,SACEA,mBAAmB,EACnBC,eAAe,EACfC,8BAA8B,QACzB,SAAS;AAEhB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,4BAA4B,EAAEC,wBAAwB,QAAQ,GAAG;AAC1E,SAASC,MAAM,EAAoBC,MAAM,QAAQ,SAAS;;AAE1D;AACA,MAAMC,iBAAiB,GAAGT,mBAAmB;AAC7C;AACA,MAAMU,kBAAkB,GAAGT,eAAe;AAC1C;AACA;AACA,MAAMU,gBAAgB,GAAGP,CAAC,CAACQ,KAAK,CAAC,CAC/BX,eAAe,EACfC,8BAA8B,CAC/B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeW,kBAAkBA,CACtCC,iBAAiD,EACjDC,KAAe,EACS;EACxB;EACA,IAAIA,KAAK,CAACC,MAAM,KAAK,CAAC,EAAE;IACtB,MAAM,IAAIb,aAAa,CAAC,iCAAiC,CAAC;EAC5D;;EAEA;EACA,MAAMc,gBAAgB,GAAIC,YAAoB,IAC5CA,YAAY,KAAK,CAAC,GACdT,iBAAiB,GACjBS,YAAY,KAAKH,KAAK,CAACC,MAAM,GAAG,CAAC,GACjCL,gBAAgB,GAChBD,kBAAkB;;EAExB;EACA,MAAMS,SAAS,GAAIC,YAAoB,IAAa;IAClD,MAAMC,KAAK,GAAGN,KAAK,CAACK,YAAY,CAAC;IACjC,IAAI,CAACC,KAAK,EAAE;MACV,MAAM,IAAIlB,aAAa,CAAE,gCAA+B,CAAC;IAC3D;IACA,MAAMmB,KAAK,GAAGL,gBAAgB,CAACG,YAAY,CAAC;IAC5C,OAAOE,KAAK,CAACC,KAAK,CAAChB,MAAM,CAACc,KAAK,CAAC,CAAC,CAACG,MAAM,CAACC,GAAG;EAC9C,CAAC;;EAED;EACA;EACA,MAAMC,UAAU,GAAIN,YAAoB,IAAY;IAClD,IAAIA,YAAY,KAAKL,KAAK,CAACC,MAAM,GAAG,CAAC,EAAE;MACrC,OAAOF,iBAAiB,CAACa,OAAO,CAACC,IAAI,CAACC,IAAI;IAC5C;IAEA,MAAMC,SAAS,GAAGV,YAAY,GAAG,CAAC;IAClC,MAAMW,SAAS,GAAGhB,KAAK,CAACe,SAAS,CAAC;IAClC,IAAI,CAACC,SAAS,EAAE;MACd,MAAM,IAAI5B,aAAa,CAAE,qCAAoC,CAAC;IAChE;IACA,MAAMmB,KAAK,GAAGL,gBAAgB,CAACa,SAAS,CAAC;IACzC,OAAOR,KAAK,CAACC,KAAK,CAAChB,MAAM,CAACwB,SAAS,CAAC,CAAC,CAACJ,OAAO,CAACC,IAAI,CAACC,IAAI;EACzD,CAAC;;EAED;EACA;EACA,OAAOG,OAAO,CAACC,GAAG,CAChBlB,KAAK,CACFmB,GAAG,CAAC,CAACb,KAAK,EAAEc,CAAC,KAAK,CAACd,KAAK,EAAEF,SAAS,CAACgB,CAAC,CAAC,EAAET,UAAU,CAACS,CAAC,CAAC,CAAU,CAAC,CAChED,GAAG,CAAEE,IAAI,IAAK5B,MAAM,CAAC,GAAG4B,IAAI,CAAC,CAClC,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,eAAeA,CACnCtB,KAAe,EAEI;EAAA,IADnBuB,QAA8B,GAAAC,SAAA,CAAAvB,MAAA,QAAAuB,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAGE,KAAK;EAEtC,OAAOT,OAAO,CAACC,GAAG,CAChBlB,KAAK,CAACmB,GAAG,CAAC,OAAOb,KAAK,EAAEqB,KAAK,KAAK;IAChC,MAAMC,OAAO,GAAGpC,MAAM,CAACc,KAAK,CAAC;IAE7B,MAAMuB,qBAAqB,GAAG3C,eAAe,CAAC4C,SAAS,CAACF,OAAO,CAAC;IAChE,MAAMG,yBAAyB,GAAG9C,mBAAmB,CAAC6C,SAAS,CAACF,OAAO,CAAC;IAExE,IAAIG,yBAAyB,CAACC,OAAO,EAAE;MACrC,OAAO1C,4BAA4B,CACjCyC,yBAAyB,CAACE,IAAI,CAACrB,OAAO,CAACsB,GAAG,EAC1C;QAAEX;MAAS,CACb,CAAC;IACH;IACA,IAAIM,qBAAqB,CAACG,OAAO,EAAE;MACjC,MAAMG,eAAe,GAAGN,qBAAqB,CAACI,IAAI;MAElD,MAAMG,aAAa,GAAGD,eAAe,CAACvB,OAAO,CAACsB,GAAG;MACjD,MAAMG,WAAW,GAAG,MAAM/C,4BAA4B,CAAC8C,aAAa,EAAE;QACpEb;MACF,CAAC,CAAC;MACF,MAAMe,QAAQ,GAAGrD,mBAAmB,CAACuB,KAAK,CAAChB,MAAM,CAAC6C,WAAW,CAAC,CAAC;MAE/D,MAAME,uBAAuB,GAC3BD,QAAQ,CAAC1B,OAAO,CAAC4B,QAAQ,CAACC,iBAAiB,CAACC,yBAAyB;MACvE,IAAI,CAACH,uBAAuB,EAAE;QAC5B,MAAM,IAAInD,aAAa,CACpB,gBAAegD,aAAc,uCAChC,CAAC;MACH;MACA,OAAO7C,wBAAwB,CAC7BgD,uBAAuB,EACvBJ,eAAe,CAACvB,OAAO,CAAC+B,GAAG,EAC3B;QAAEpB;MAAS,CACb,CAAC;IACH;IACA,MAAM,IAAInC,aAAa,CACpB,6CAA4CuC,KAAM,mBACrD,CAAC;EACH,CAAC,CACH,CAAC;AACH"}
@@ -1,15 +1,17 @@
1
+ import { decode, verify } from "./utils";
1
2
  import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
2
- import { WalletProviderEntityConfiguration, TrustAnchorEntityConfiguration, CredentialIssuerEntityConfiguration, RelyingPartyEntityConfiguration, EntityConfiguration, EntityStatement } from "./types";
3
- import { validateTrustChain, renewTrustChain } from "./chain";
3
+ import { CredentialIssuerEntityConfiguration, EntityConfiguration, EntityStatement, FederationListResponse, RelyingPartyEntityConfiguration, TrustAnchorEntityConfiguration, WalletProviderEntityConfiguration } from "./types";
4
+ import { renewTrustChain, validateTrustChain } from "./chain";
4
5
  import { hasStatusOrThrow } from "../utils/misc";
6
+ import { IoWalletError } from "../utils/errors";
5
7
  /**
6
8
  * Verify a given trust chain is actually valid.
7
9
  * It can handle fast chain renewal, which means we try to fetch a fresh version of each statement.
8
10
  *
9
11
  * @param trustAnchorEntity The entity configuration of the known trust anchor
10
- * @param chain The chain of statements to be validate
11
- * @param options.renewOnFail Whether to renew the provided chain if the validation fails at first. Default: true
12
- * @param options.appFetch Fetch api implementation. Default: the built-in implementation
12
+ * @param chain The chain of statements to be validated
13
+ * @param renewOnFail Whether to renew the provided chain if the validation fails at first. Default: true
14
+ * @param appFetch Fetch api implementation. Default: the built-in implementation
13
15
  * @returns The result of the chain validation
14
16
  * @throws {IoWalletError} When either validation or renewal fail
15
17
  */
@@ -34,7 +36,7 @@ export async function verifyTrustChain(trustAnchorEntity, chain) {
34
36
  * Fetch the signed entity configuration token for an entity
35
37
  *
36
38
  * @param entityBaseUrl The url of the entity to fetch
37
- * @param param.appFetch (optional) fetch api implemention
39
+ * @param appFetch (optional) fetch api implementation
38
40
  * @returns The signed Entity Configuration token
39
41
  */
40
42
  export async function getSignedEntityConfiguration(entityBaseUrl) {
@@ -59,6 +61,7 @@ export async function getSignedEntityConfiguration(entityBaseUrl) {
59
61
  *
60
62
  * @param entityBaseUrl The base url of the entity.
61
63
  * @param schema The expected schema of the entity configuration, according to the kind of entity we are fetching from.
64
+ * @param options An optional object with additional options.
62
65
  * @param options.appFetch An optional instance of the http client to be used.
63
66
  * @returns The parsed entity configuration object
64
67
  * @throws {IoWalletError} If the http request fails
@@ -87,9 +90,9 @@ export const getEntityConfiguration = (entityBaseUrl, options) => fetchAndParseE
87
90
  /**
88
91
  * Fetch and parse the entity statement document for a given federation entity.
89
92
  *
90
- * @param accreditationBodyBaseUrl The base url of the accreditaion body which holds and signs the required entity statement
93
+ * @param accreditationBodyBaseUrl The base url of the accreditation body which holds and signs the required entity statement
91
94
  * @param subordinatedEntityBaseUrl The url that identifies the subordinate entity
92
- * @param options.appFetch An optional instance of the http client to be used.
95
+ * @param appFetch An optional instance of the http client to be used.
93
96
  * @returns The parsed entity configuration object
94
97
  * @throws {IoWalletError} If the http request fails
95
98
  * @throws Parse error if the document is not in the expected shape.
@@ -111,21 +114,139 @@ export async function getEntityStatement(accreditationBodyBaseUrl, subordinatedE
111
114
  /**
112
115
  * Fetch the entity statement document for a given federation entity.
113
116
  *
114
- * @param accreditationBodyBaseUrl The base url of the accreditaion body which holds and signs the required entity statement
115
- * @param subordinatedEntityBaseUrl The url that identifies the subordinate entity
116
- * @param options.appFetch An optional instance of the http client to be used.
117
- * @returns The signed entity statement token
118
- * @throws {IoWalletError} If the http request fails
117
+ * @param federationFetchEndpoint The exact endpoint provided by the parent EC's metadata.
118
+ * @param subordinatedEntityBaseUrl The url that identifies the subordinate entity.
119
+ * @param appFetch An optional instance of the http client to be used.
120
+ * @returns The signed entity statement token.
121
+ * @throws {IoWalletError} If the http request fails.
119
122
  */
120
- export async function getSignedEntityStatement(accreditationBodyBaseUrl, subordinatedEntityBaseUrl) {
123
+ export async function getSignedEntityStatement(federationFetchEndpoint, subordinatedEntityBaseUrl) {
121
124
  let {
122
125
  appFetch = fetch
123
126
  } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
124
- const url = `${accreditationBodyBaseUrl}/fetch?${new URLSearchParams({
125
- sub: subordinatedEntityBaseUrl
126
- })}`;
127
- return await appFetch(url, {
127
+ const url = new URL(federationFetchEndpoint);
128
+ url.searchParams.set("sub", subordinatedEntityBaseUrl);
129
+ return await appFetch(url.toString(), {
128
130
  method: "GET"
129
131
  }).then(hasStatusOrThrow(200)).then(res => res.text());
130
132
  }
133
+
134
+ /**
135
+ * Fetch the federation list document from a given endpoint.
136
+ *
137
+ * @param federationListEndpoint The URL of the federation list endpoint.
138
+ * @param appFetch An optional instance of the http client to be used.
139
+ * @returns The federation list as an array of strings.
140
+ * @throws {IoWalletError} If the HTTP request fails or the response cannot be parsed.
141
+ */
142
+ export async function getFederationList(federationListEndpoint) {
143
+ let {
144
+ appFetch = fetch
145
+ } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
146
+ return await appFetch(federationListEndpoint, {
147
+ method: "GET"
148
+ }).then(hasStatusOrThrow(200)).then(res => res.json()).then(json => {
149
+ const result = FederationListResponse.safeParse(json);
150
+ if (!result.success) {
151
+ throw new IoWalletError(`Invalid federation list format received from Trust Anchor: ${result.error.message}`);
152
+ }
153
+ return result.data;
154
+ });
155
+ }
156
+
157
+ /**
158
+ * Build a not-verified trust chain for a given Relying Party (RP) entity.
159
+ *
160
+ * @param relyingPartyEntityBaseUrl The base URL of the RP entity
161
+ * @param trustAnchorKey The public key of the Trust Anchor (TA) entity
162
+ * @param appFetch An optional instance of the http client to be used.
163
+ * @returns A list of signed tokens that represent the trust chain, in the order of the chain (from the RP to the Trust Anchor)
164
+ * @throws {IoWalletError} When an element of the chain fails to parse
165
+ * The result of this function can be used to validate the trust chain with {@link verifyTrustChain}
166
+ */
167
+ export async function buildTrustChain(relyingPartyEntityBaseUrl, trustAnchorKey) {
168
+ let appFetch = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : fetch;
169
+ // 1: Recursively gather the trust chain from the RP up to the Trust Anchor
170
+ const trustChain = await gatherTrustChain(relyingPartyEntityBaseUrl, appFetch);
171
+
172
+ // 2: Trust Anchor signature verification
173
+ const trustAnchorJwt = trustChain[trustChain.length - 1];
174
+ if (!trustAnchorJwt) {
175
+ throw new IoWalletError("Cannot verify trust anchor: missing entity configuration.");
176
+ }
177
+ if (!trustAnchorKey.kid) {
178
+ throw new IoWalletError("Missing 'kid' in provided Trust Anchor key.");
179
+ }
180
+ await verify(trustAnchorJwt, trustAnchorKey.kid, [trustAnchorKey]);
181
+
182
+ // 3: Check the federation list
183
+ const trustAnchorConfig = EntityConfiguration.parse(decode(trustAnchorJwt));
184
+ const federationListEndpoint = trustAnchorConfig.payload.metadata.federation_entity.federation_list_endpoint;
185
+ if (federationListEndpoint) {
186
+ const federationList = await getFederationList(federationListEndpoint, {
187
+ appFetch
188
+ });
189
+ if (!federationList.includes(relyingPartyEntityBaseUrl)) {
190
+ throw new IoWalletError("Relying Party entity base URL is not authorized by the Trust Anchor's federation list.");
191
+ }
192
+ }
193
+ return trustChain;
194
+ }
195
+
196
+ /**
197
+ * Recursively gather the trust chain for an entity and all its superiors.
198
+ * @param entityBaseUrl The base URL of the entity for which to gather the chain.
199
+ * @param appFetch An optional instance of the http client to be used.
200
+ * @param isLeaf Whether the current entity is the leaf of the chain.
201
+ * @returns A full ordered list of JWTs (ECs and ESs) forming the trust chain.
202
+ */
203
+ async function gatherTrustChain(entityBaseUrl, appFetch) {
204
+ let isLeaf = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : true;
205
+ const chain = [];
206
+
207
+ // Fetch self-signed EC (only needed for the leaf)
208
+ const entityECJwt = await getSignedEntityConfiguration(entityBaseUrl, {
209
+ appFetch
210
+ });
211
+ const entityEC = EntityConfiguration.parse(decode(entityECJwt));
212
+ if (isLeaf) {
213
+ // Only push EC for the leaf
214
+ chain.push(entityECJwt);
215
+ }
216
+
217
+ // Find authority_hints (parent, if any)
218
+ const authorityHints = entityEC.payload.authority_hints ?? [];
219
+ if (authorityHints.length === 0) {
220
+ // This is the Trust Anchor (no parent)
221
+ if (!isLeaf) {
222
+ chain.push(entityECJwt);
223
+ }
224
+ return chain;
225
+ }
226
+ const parentEntityBaseUrl = authorityHints[0];
227
+
228
+ // Fetch parent EC
229
+ const parentECJwt = await getSignedEntityConfiguration(parentEntityBaseUrl, {
230
+ appFetch
231
+ });
232
+ const parentEC = EntityConfiguration.parse(decode(parentECJwt));
233
+
234
+ // Fetch ES
235
+ const federationFetchEndpoint = parentEC.payload.metadata.federation_entity.federation_fetch_endpoint;
236
+ if (!federationFetchEndpoint) {
237
+ throw new IoWalletError("Missing federation_fetch_endpoint in parent's configuration.");
238
+ }
239
+ const entityStatementJwt = await getSignedEntityStatement(federationFetchEndpoint, entityBaseUrl, {
240
+ appFetch
241
+ });
242
+ // Validate the ES
243
+ EntityStatement.parse(decode(entityStatementJwt));
244
+
245
+ // Push this ES into the chain
246
+ chain.push(entityStatementJwt);
247
+
248
+ // Recurse into the parent
249
+ const parentChain = await gatherTrustChain(parentEntityBaseUrl, appFetch, false);
250
+ return chain.concat(parentChain);
251
+ }
131
252
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"names":["decode","decodeJwt","WalletProviderEntityConfiguration","TrustAnchorEntityConfiguration","CredentialIssuerEntityConfiguration","RelyingPartyEntityConfiguration","EntityConfiguration","EntityStatement","validateTrustChain","renewTrustChain","hasStatusOrThrow","verifyTrustChain","trustAnchorEntity","chain","appFetch","fetch","renewOnFail","arguments","length","undefined","error","renewedChain","getSignedEntityConfiguration","entityBaseUrl","wellKnownUrl","method","then","res","text","fetchAndParseEntityConfiguration","schema","responseText","responseJwt","parse","header","protectedHeader","payload","getWalletProviderEntityConfiguration","options","getCredentialIssuerEntityConfiguration","getTrustAnchorEntityConfiguration","getRelyingPartyEntityConfiguration","getEntityConfiguration","getEntityStatement","accreditationBodyBaseUrl","subordinatedEntityBaseUrl","getSignedEntityStatement","url","URLSearchParams","sub"],"sourceRoot":"../../../src","sources":["trust/index.ts"],"mappings":"AAAA,SAASA,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SACEC,iCAAiC,EACjCC,8BAA8B,EAC9BC,mCAAmC,EACnCC,+BAA+B,EAC/BC,mBAAmB,EACnBC,eAAe,QACV,SAAS;AAChB,SAASC,kBAAkB,EAAEC,eAAe,QAAQ,SAAS;AAC7D,SAASC,gBAAgB,QAAQ,eAAe;AAWhD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,gBAAgBA,CACpCC,iBAAiD,EACjDC,KAAe,EAKiC;EAAA,IAJhD;IACEC,QAAQ,GAAGC,KAAK;IAChBC,WAAW,GAAG;EAC4C,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAElE,IAAI;IACF,OAAOT,kBAAkB,CAACI,iBAAiB,EAAEC,KAAK,CAAC;EACrD,CAAC,CAAC,OAAOO,KAAK,EAAE;IACd,IAAIJ,WAAW,EAAE;MACf,MAAMK,YAAY,GAAG,MAAMZ,eAAe,CAACI,KAAK,EAAEC,QAAQ,CAAC;MAC3D,OAAON,kBAAkB,CAACI,iBAAiB,EAAES,YAAY,CAAC;IAC5D,CAAC,MAAM;MACL,MAAMD,KAAK;IACb;EACF;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeE,4BAA4BA,CAChDC,aAAqB,EAMJ;EAAA,IALjB;IACET,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMO,YAAY,GAAI,GAAED,aAAc,gCAA+B;EAErE,OAAO,MAAMT,QAAQ,CAACU,YAAY,EAAE;IAClCC,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAAChB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BgB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;AAC9B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAoCA,eAAeC,gCAAgCA,CAC7CN,aAAqB,EACrBO,MAK8B,EAM9B;EAAA,IALA;IACEhB,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMc,YAAY,GAAG,MAAMT,4BAA4B,CAACC,aAAa,EAAE;IACrET;EACF,CAAC,CAAC;EAEF,MAAMkB,WAAW,GAAG/B,SAAS,CAAC8B,YAAY,CAAC;EAC3C,OAAOD,MAAM,CAACG,KAAK,CAAC;IAClBC,MAAM,EAAEF,WAAW,CAACG,eAAe;IACnCC,OAAO,EAAEJ,WAAW,CAACI;EACvB,CAAC,CAAC;AACJ;AAEA,OAAO,MAAMC,oCAAoC,GAAGA,CAClDd,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACbrB,iCAAiC,EACjCoC,OACF,CAAC;AAEH,OAAO,MAAMC,sCAAsC,GAAGA,CACpDhB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACbnB,mCAAmC,EACnCkC,OACF,CAAC;AAEH,OAAO,MAAME,iCAAiC,GAAGA,CAC/CjB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACbpB,8BAA8B,EAC9BmC,OACF,CAAC;AAEH,OAAO,MAAMG,kCAAkC,GAAGA,CAChDlB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACblB,+BAA+B,EAC/BiC,OACF,CAAC;AAEH,OAAO,MAAMI,sBAAsB,GAAGA,CACpCnB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAACN,aAAa,EAAEjB,mBAAmB,EAAEgC,OAAO,CAAC;;AAE/E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeK,kBAAkBA,CACtCC,wBAAgC,EAChCC,yBAAiC,EAMjC;EAAA,IALA;IACE/B,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMc,YAAY,GAAG,MAAMe,wBAAwB,CACjDF,wBAAwB,EACxBC,yBAAyB,EACzB;IACE/B;EACF,CACF,CAAC;EAED,MAAMkB,WAAW,GAAG/B,SAAS,CAAC8B,YAAY,CAAC;EAC3C,OAAOxB,eAAe,CAAC0B,KAAK,CAAC;IAC3BC,MAAM,EAAEF,WAAW,CAACG,eAAe;IACnCC,OAAO,EAAEJ,WAAW,CAACI;EACvB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeU,wBAAwBA,CAC5CF,wBAAgC,EAChCC,yBAAiC,EAMjC;EAAA,IALA;IACE/B,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAM8B,GAAG,GAAI,GAAEH,wBAAyB,UAAS,IAAII,eAAe,CAAC;IACnEC,GAAG,EAAEJ;EACP,CAAC,CAAE,EAAC;EAEJ,OAAO,MAAM/B,QAAQ,CAACiC,GAAG,EAAE;IACzBtB,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAAChB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BgB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;AAC9B"}
1
+ {"version":3,"names":["decode","verify","decodeJwt","CredentialIssuerEntityConfiguration","EntityConfiguration","EntityStatement","FederationListResponse","RelyingPartyEntityConfiguration","TrustAnchorEntityConfiguration","WalletProviderEntityConfiguration","renewTrustChain","validateTrustChain","hasStatusOrThrow","IoWalletError","verifyTrustChain","trustAnchorEntity","chain","appFetch","fetch","renewOnFail","arguments","length","undefined","error","renewedChain","getSignedEntityConfiguration","entityBaseUrl","wellKnownUrl","method","then","res","text","fetchAndParseEntityConfiguration","schema","responseText","responseJwt","parse","header","protectedHeader","payload","getWalletProviderEntityConfiguration","options","getCredentialIssuerEntityConfiguration","getTrustAnchorEntityConfiguration","getRelyingPartyEntityConfiguration","getEntityConfiguration","getEntityStatement","accreditationBodyBaseUrl","subordinatedEntityBaseUrl","getSignedEntityStatement","federationFetchEndpoint","url","URL","searchParams","set","toString","getFederationList","federationListEndpoint","json","result","safeParse","success","message","data","buildTrustChain","relyingPartyEntityBaseUrl","trustAnchorKey","trustChain","gatherTrustChain","trustAnchorJwt","kid","trustAnchorConfig","metadata","federation_entity","federation_list_endpoint","federationList","includes","isLeaf","entityECJwt","entityEC","push","authorityHints","authority_hints","parentEntityBaseUrl","parentECJwt","parentEC","federation_fetch_endpoint","entityStatementJwt","parentChain","concat"],"sourceRoot":"../../../src","sources":["trust/index.ts"],"mappings":"AAAA,SAASA,MAAM,EAAEC,MAAM,QAAQ,SAAS;AACxC,SAASD,MAAM,IAAIE,SAAS,QAAQ,6BAA6B;AACjE,SACEC,mCAAmC,EACnCC,mBAAmB,EACnBC,eAAe,EACfC,sBAAsB,EACtBC,+BAA+B,EAC/BC,8BAA8B,EAC9BC,iCAAiC,QAC5B,SAAS;AAChB,SAASC,eAAe,EAAEC,kBAAkB,QAAQ,SAAS;AAC7D,SAASC,gBAAgB,QAAQ,eAAe;AAChD,SAASC,aAAa,QAAQ,iBAAiB;AAY/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,gBAAgBA,CACpCC,iBAAiD,EACjDC,KAAe,EAKiC;EAAA,IAJhD;IACEC,QAAQ,GAAGC,KAAK;IAChBC,WAAW,GAAG;EAC4C,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAElE,IAAI;IACF,OAAOT,kBAAkB,CAACI,iBAAiB,EAAEC,KAAK,CAAC;EACrD,CAAC,CAAC,OAAOO,KAAK,EAAE;IACd,IAAIJ,WAAW,EAAE;MACf,MAAMK,YAAY,GAAG,MAAMd,eAAe,CAACM,KAAK,EAAEC,QAAQ,CAAC;MAC3D,OAAON,kBAAkB,CAACI,iBAAiB,EAAES,YAAY,CAAC;IAC5D,CAAC,MAAM;MACL,MAAMD,KAAK;IACb;EACF;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeE,4BAA4BA,CAChDC,aAAqB,EAMJ;EAAA,IALjB;IACET,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMO,YAAY,GAAI,GAAED,aAAc,gCAA+B;EAErE,OAAO,MAAMT,QAAQ,CAACU,YAAY,EAAE;IAClCC,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAACjB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BiB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;AAC9B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAoCA,eAAeC,gCAAgCA,CAC7CN,aAAqB,EACrBO,MAK8B,EAM9B;EAAA,IALA;IACEhB,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMc,YAAY,GAAG,MAAMT,4BAA4B,CAACC,aAAa,EAAE;IACrET;EACF,CAAC,CAAC;EAEF,MAAMkB,WAAW,GAAGjC,SAAS,CAACgC,YAAY,CAAC;EAC3C,OAAOD,MAAM,CAACG,KAAK,CAAC;IAClBC,MAAM,EAAEF,WAAW,CAACG,eAAe;IACnCC,OAAO,EAAEJ,WAAW,CAACI;EACvB,CAAC,CAAC;AACJ;AAEA,OAAO,MAAMC,oCAAoC,GAAGA,CAClDd,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACbjB,iCAAiC,EACjCgC,OACF,CAAC;AAEH,OAAO,MAAMC,sCAAsC,GAAGA,CACpDhB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACbvB,mCAAmC,EACnCsC,OACF,CAAC;AAEH,OAAO,MAAME,iCAAiC,GAAGA,CAC/CjB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACblB,8BAA8B,EAC9BiC,OACF,CAAC;AAEH,OAAO,MAAMG,kCAAkC,GAAGA,CAChDlB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACbnB,+BAA+B,EAC/BkC,OACF,CAAC;AAEH,OAAO,MAAMI,sBAAsB,GAAGA,CACpCnB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAACN,aAAa,EAAEtB,mBAAmB,EAAEqC,OAAO,CAAC;;AAE/E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeK,kBAAkBA,CACtCC,wBAAgC,EAChCC,yBAAiC,EAMjC;EAAA,IALA;IACE/B,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMc,YAAY,GAAG,MAAMe,wBAAwB,CACjDF,wBAAwB,EACxBC,yBAAyB,EACzB;IACE/B;EACF,CACF,CAAC;EAED,MAAMkB,WAAW,GAAGjC,SAAS,CAACgC,YAAY,CAAC;EAC3C,OAAO7B,eAAe,CAAC+B,KAAK,CAAC;IAC3BC,MAAM,EAAEF,WAAW,CAACG,eAAe;IACnCC,OAAO,EAAEJ,WAAW,CAACI;EACvB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeU,wBAAwBA,CAC5CC,uBAA+B,EAC/BF,yBAAiC,EAMjC;EAAA,IALA;IACE/B,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAM+B,GAAG,GAAG,IAAIC,GAAG,CAACF,uBAAuB,CAAC;EAC5CC,GAAG,CAACE,YAAY,CAACC,GAAG,CAAC,KAAK,EAAEN,yBAAyB,CAAC;EAEtD,OAAO,MAAM/B,QAAQ,CAACkC,GAAG,CAACI,QAAQ,CAAC,CAAC,EAAE;IACpC3B,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAACjB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BiB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;AAC9B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeyB,iBAAiBA,CACrCC,sBAA8B,EAMX;EAAA,IALnB;IACExC,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,OAAO,MAAMH,QAAQ,CAACwC,sBAAsB,EAAE;IAC5C7B,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAACjB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BiB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAAC4B,IAAI,CAAC,CAAC,CAAC,CACzB7B,IAAI,CAAE6B,IAAI,IAAK;IACd,MAAMC,MAAM,GAAGrD,sBAAsB,CAACsD,SAAS,CAACF,IAAI,CAAC;IACrD,IAAI,CAACC,MAAM,CAACE,OAAO,EAAE;MACnB,MAAM,IAAIhD,aAAa,CACpB,8DAA6D8C,MAAM,CAACpC,KAAK,CAACuC,OAAQ,EACrF,CAAC;IACH;IACA,OAAOH,MAAM,CAACI,IAAI;EACpB,CAAC,CAAC;AACN;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,eAAeA,CACnCC,yBAAiC,EACjCC,cAAmB,EAEA;EAAA,IADnBjD,QAA8B,GAAAG,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGF,KAAK;EAEtC;EACA,MAAMiD,UAAU,GAAG,MAAMC,gBAAgB,CACvCH,yBAAyB,EACzBhD,QACF,CAAC;;EAED;EACA,MAAMoD,cAAc,GAAGF,UAAU,CAACA,UAAU,CAAC9C,MAAM,GAAG,CAAC,CAAC;EACxD,IAAI,CAACgD,cAAc,EAAE;IACnB,MAAM,IAAIxD,aAAa,CACrB,2DACF,CAAC;EACH;EAEA,IAAI,CAACqD,cAAc,CAACI,GAAG,EAAE;IACvB,MAAM,IAAIzD,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,MAAMZ,MAAM,CAACoE,cAAc,EAAEH,cAAc,CAACI,GAAG,EAAE,CAACJ,cAAc,CAAC,CAAC;;EAElE;EACA,MAAMK,iBAAiB,GAAGnE,mBAAmB,CAACgC,KAAK,CAACpC,MAAM,CAACqE,cAAc,CAAC,CAAC;EAC3E,MAAMZ,sBAAsB,GAC1Bc,iBAAiB,CAAChC,OAAO,CAACiC,QAAQ,CAACC,iBAAiB,CACjDC,wBAAwB;EAE7B,IAAIjB,sBAAsB,EAAE;IAC1B,MAAMkB,cAAc,GAAG,MAAMnB,iBAAiB,CAACC,sBAAsB,EAAE;MACrExC;IACF,CAAC,CAAC;IAEF,IAAI,CAAC0D,cAAc,CAACC,QAAQ,CAACX,yBAAyB,CAAC,EAAE;MACvD,MAAM,IAAIpD,aAAa,CACrB,wFACF,CAAC;IACH;EACF;EAEA,OAAOsD,UAAU;AACnB;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeC,gBAAgBA,CAC7B1C,aAAqB,EACrBT,QAA8B,EAEX;EAAA,IADnB4D,MAAe,GAAAzD,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,IAAI;EAEtB,MAAMJ,KAAe,GAAG,EAAE;;EAE1B;EACA,MAAM8D,WAAW,GAAG,MAAMrD,4BAA4B,CAACC,aAAa,EAAE;IACpET;EACF,CAAC,CAAC;EACF,MAAM8D,QAAQ,GAAG3E,mBAAmB,CAACgC,KAAK,CAACpC,MAAM,CAAC8E,WAAW,CAAC,CAAC;EAE/D,IAAID,MAAM,EAAE;IACV;IACA7D,KAAK,CAACgE,IAAI,CAACF,WAAW,CAAC;EACzB;;EAEA;EACA,MAAMG,cAAc,GAAGF,QAAQ,CAACxC,OAAO,CAAC2C,eAAe,IAAI,EAAE;EAC7D,IAAID,cAAc,CAAC5D,MAAM,KAAK,CAAC,EAAE;IAC/B;IACA,IAAI,CAACwD,MAAM,EAAE;MACX7D,KAAK,CAACgE,IAAI,CAACF,WAAW,CAAC;IACzB;IACA,OAAO9D,KAAK;EACd;EAEA,MAAMmE,mBAAmB,GAAGF,cAAc,CAAC,CAAC,CAAE;;EAE9C;EACA,MAAMG,WAAW,GAAG,MAAM3D,4BAA4B,CAAC0D,mBAAmB,EAAE;IAC1ElE;EACF,CAAC,CAAC;EACF,MAAMoE,QAAQ,GAAGjF,mBAAmB,CAACgC,KAAK,CAACpC,MAAM,CAACoF,WAAW,CAAC,CAAC;;EAE/D;EACA,MAAMlC,uBAAuB,GAC3BmC,QAAQ,CAAC9C,OAAO,CAACiC,QAAQ,CAACC,iBAAiB,CAACa,yBAAyB;EACvE,IAAI,CAACpC,uBAAuB,EAAE;IAC5B,MAAM,IAAIrC,aAAa,CACrB,8DACF,CAAC;EACH;EAEA,MAAM0E,kBAAkB,GAAG,MAAMtC,wBAAwB,CACvDC,uBAAuB,EACvBxB,aAAa,EACb;IAAET;EAAS,CACb,CAAC;EACD;EACAZ,eAAe,CAAC+B,KAAK,CAACpC,MAAM,CAACuF,kBAAkB,CAAC,CAAC;;EAEjD;EACAvE,KAAK,CAACgE,IAAI,CAACO,kBAAkB,CAAC;;EAE9B;EACA,MAAMC,WAAW,GAAG,MAAMpB,gBAAgB,CACxCe,mBAAmB,EACnBlE,QAAQ,EACR,KACF,CAAC;EAED,OAAOD,KAAK,CAACyE,MAAM,CAACD,WAAW,CAAC;AAClC"}
@@ -14,34 +14,20 @@ const RelyingPartyMetadata = z.object({
14
14
  }),
15
15
  contacts: z.array(z.string()).optional()
16
16
  });
17
- //.passthrough();
18
17
 
19
18
  // Display metadata for a credential, used by the issuer to
20
19
  // instruct the Wallet Solution on how to render the credential correctly
21
20
  const CredentialDisplayMetadata = z.object({
22
21
  name: z.string(),
23
- locale: z.string(),
24
- logo: z.object({
25
- url: z.string(),
26
- alt_text: z.string()
27
- }).optional(),
28
- // TODO [SIW-1268]: should not be optional
29
- background_color: z.string().optional(),
30
- // TODO [SIW-1268]: should not be optional
31
- text_color: z.string().optional() // TODO [SIW-1268]: should not be optional
22
+ locale: z.string()
32
23
  });
33
24
 
34
25
  // Metadata for displaying issuer information
35
26
 
36
27
  const CredentialIssuerDisplayMetadata = z.object({
37
28
  name: z.string(),
38
- locale: z.string(),
39
- logo: z.object({
40
- url: z.string(),
41
- alt_text: z.string()
42
- }).optional() // TODO [SIW-1268]: should not be optional
29
+ locale: z.string()
43
30
  });
44
-
45
31
  const ClaimsMetadata = z.record(z.object({
46
32
  value_type: z.string(),
47
33
  display: z.array(z.object({
@@ -57,14 +43,13 @@ const IssuanceErrorSupported = z.object({
57
43
  }))
58
44
  });
59
45
 
60
- // Metadata for a credentia which is supported by a Issuer
46
+ // Metadata for a credential which is supported by an Issuer
61
47
 
62
48
  const SupportedCredentialMetadata = z.object({
63
49
  format: z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]),
64
50
  scope: z.string(),
65
51
  display: z.array(CredentialDisplayMetadata),
66
- claims: ClaimsMetadata.optional(),
67
- // TODO [SIW-1268]: should not be optional
52
+ claims: ClaimsMetadata,
68
53
  cryptographic_binding_methods_supported: z.array(z.string()),
69
54
  credential_signing_alg_values_supported: z.array(z.string()),
70
55
  authentic_source: z.string().optional(),
@@ -82,7 +67,7 @@ export const EntityStatement = z.object({
82
67
  jwks: z.object({
83
68
  keys: z.array(JWK)
84
69
  }),
85
- trust_marks: z.array(TrustMark),
70
+ trust_marks: z.array(TrustMark).optional(),
86
71
  iat: z.number(),
87
72
  exp: z.number()
88
73
  })
@@ -94,7 +79,7 @@ export const EntityConfigurationHeader = z.object({
94
79
  });
95
80
 
96
81
  /**
97
- * @see https://openid.net/specs/openid-connect-federation-1_0-29.html#name-federation-entity
82
+ * @see https://openid.net/specs/openid-federation-1_0-41.html
98
83
  */
99
84
  const FederationEntityMetadata = z.object({
100
85
  federation_fetch_endpoint: z.string().optional(),
@@ -102,6 +87,9 @@ const FederationEntityMetadata = z.object({
102
87
  federation_resolve_endpoint: z.string().optional(),
103
88
  federation_trust_mark_status_endpoint: z.string().optional(),
104
89
  federation_trust_mark_list_endpoint: z.string().optional(),
90
+ federation_trust_mark_endpoint: z.string().optional(),
91
+ federation_historical_keys_endpoint: z.string().optional(),
92
+ endpoint_auth_signing_alg_values_supported: z.string().optional(),
105
93
  organization_name: z.string().optional(),
106
94
  homepage_uri: z.string().optional(),
107
95
  policy_uri: z.string().optional(),
@@ -109,7 +97,7 @@ const FederationEntityMetadata = z.object({
109
97
  contacts: z.array(z.string()).optional()
110
98
  }).passthrough();
111
99
 
112
- // Structuire common to every Entity Configuration document
100
+ // Structure common to every Entity Configuration document
113
101
  const BaseEntityConfiguration = z.object({
114
102
  header: EntityConfigurationHeader,
115
103
  payload: z.object({
@@ -153,15 +141,9 @@ export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(z
153
141
  oauth_authorization_server: z.object({
154
142
  authorization_endpoint: z.string(),
155
143
  pushed_authorization_request_endpoint: z.string(),
156
- dpop_signing_alg_values_supported: z.array(z.string()).optional(),
157
- // TODO [SIW-1268]: should not be optional
158
144
  token_endpoint: z.string(),
159
- introspection_endpoint: z.string().optional(),
160
- // TODO [SIW-1268]: should not be optional
161
145
  client_registration_types_supported: z.array(z.string()),
162
146
  code_challenge_methods_supported: z.array(z.string()),
163
- authorization_details_types_supported: z.array(z.string()).optional(),
164
- // TODO [SIW-1268]: should not be optional,
165
147
  acr_values_supported: z.array(z.string()),
166
148
  grant_types_supported: z.array(z.string()),
167
149
  issuer: z.string(),
@@ -169,15 +151,7 @@ export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(z
169
151
  keys: z.array(JWK)
170
152
  }),
171
153
  scopes_supported: z.array(z.string()),
172
- request_parameter_supported: z.boolean().optional(),
173
- // TODO [SIW-1268]: should not be optional
174
- request_uri_parameter_supported: z.boolean().optional(),
175
- // TODO [SIW-1268]: should not be optional
176
- response_types_supported: z.array(z.string()).optional(),
177
- // TODO [SIW-1268]: should not be optional
178
154
  response_modes_supported: z.array(z.string()),
179
- subject_types_supported: z.array(z.string()).optional(),
180
- // TODO [SIW-1268]: should not be optional
181
155
  token_endpoint_auth_methods_supported: z.array(z.string()),
182
156
  token_endpoint_auth_signing_alg_values_supported: z.array(z.string()),
183
157
  request_object_signing_alg_values_supported: z.array(z.string())
@@ -224,4 +198,5 @@ export const WalletProviderEntityConfiguration = BaseEntityConfiguration.and(z.o
224
198
  export const EntityConfiguration = z.union([WalletProviderEntityConfiguration, CredentialIssuerEntityConfiguration, TrustAnchorEntityConfiguration, RelyingPartyEntityConfiguration], {
225
199
  description: "Any kind of Entity Configuration allowed in the ecosystem"
226
200
  });
201
+ export const FederationListResponse = z.array(z.string());
227
202
  //# sourceMappingURL=types.js.map
@@ -1 +1 @@
1
- {"version":3,"names":["UnixTime","JWK","z","TrustMark","object","id","string","trust_mark","RelyingPartyMetadata","application_type","optional","client_id","client_name","jwks","keys","array","contacts","CredentialDisplayMetadata","name","locale","logo","url","alt_text","background_color","text_color","CredentialIssuerDisplayMetadata","ClaimsMetadata","record","value_type","display","IssuanceErrorSupported","title","description","SupportedCredentialMetadata","format","union","literal","scope","claims","cryptographic_binding_methods_supported","credential_signing_alg_values_supported","authentic_source","issuance_errors_supported","EntityStatement","header","typ","alg","kid","payload","iss","sub","trust_marks","iat","number","exp","EntityConfigurationHeader","FederationEntityMetadata","federation_fetch_endpoint","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","organization_name","homepage_uri","policy_uri","logo_uri","passthrough","BaseEntityConfiguration","authority_hints","metadata","federation_entity","TrustAnchorEntityConfiguration","CredentialIssuerEntityConfiguration","and","openid_credential_issuer","credential_issuer","credential_endpoint","revocation_endpoint","status_attestation_endpoint","credential_configurations_supported","oauth_authorization_server","authorization_endpoint","pushed_authorization_request_endpoint","dpop_signing_alg_values_supported","token_endpoint","introspection_endpoint","client_registration_types_supported","code_challenge_methods_supported","authorization_details_types_supported","acr_values_supported","grant_types_supported","issuer","scopes_supported","request_parameter_supported","boolean","request_uri_parameter_supported","response_types_supported","response_modes_supported","subject_types_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","request_object_signing_alg_values_supported","wallet_relying_party","RelyingPartyEntityConfiguration","WalletProviderEntityConfiguration","wallet_provider","aal_values_supported","EntityConfiguration"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,OAAO,MAAMC,SAAS,GAAGD,CAAC,CAACE,MAAM,CAAC;EAAEC,EAAE,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEL,CAAC,CAACI,MAAM,CAAC;AAAE,CAAC,CAAC;AAG7E,MAAME,oBAAoB,GAAGN,CAAC,CAACE,MAAM,CAAC;EACpCK,gBAAgB,EAAEP,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACvCC,SAAS,EAAET,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAChCE,WAAW,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAClCG,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;IAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;EAAE,CAAC,CAAC;EACtCe,QAAQ,EAAEd,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC;AACzC,CAAC,CAAC;AACF;;AAEA;AACA;AAEA,MAAMO,yBAAyB,GAAGf,CAAC,CAACE,MAAM,CAAC;EACzCc,IAAI,EAAEhB,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBa,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBc,IAAI,EAAElB,CAAC,CACJE,MAAM,CAAC;IACNiB,GAAG,EAAEnB,CAAC,CAACI,MAAM,CAAC,CAAC;IACfgB,QAAQ,EAAEpB,CAAC,CAACI,MAAM,CAAC;EACrB,CAAC,CAAC,CACDI,QAAQ,CAAC,CAAC;EAAE;EACfa,gBAAgB,EAAErB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAAE;EACzCc,UAAU,EAAEtB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC,CAAE;AACrC,CAAC,CAAC;;AAEF;;AAIA,MAAMe,+BAA+B,GAAGvB,CAAC,CAACE,MAAM,CAAC;EAC/Cc,IAAI,EAAEhB,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBa,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBc,IAAI,EAAElB,CAAC,CACJE,MAAM,CAAC;IACNiB,GAAG,EAAEnB,CAAC,CAACI,MAAM,CAAC,CAAC;IACfgB,QAAQ,EAAEpB,CAAC,CAACI,MAAM,CAAC;EACrB,CAAC,CAAC,CACDI,QAAQ,CAAC,CAAC,CAAE;AACjB,CAAC,CAAC;;AAGF,MAAMgB,cAAc,GAAGxB,CAAC,CAACyB,MAAM,CAC7BzB,CAAC,CAACE,MAAM,CAAC;EACPwB,UAAU,EAAE1B,CAAC,CAACI,MAAM,CAAC,CAAC;EACtBuB,OAAO,EAAE3B,CAAC,CAACa,KAAK,CAACb,CAAC,CAACE,MAAM,CAAC;IAAEc,IAAI,EAAEhB,CAAC,CAACI,MAAM,CAAC,CAAC;IAAEa,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC;EAAE,CAAC,CAAC;AACrE,CAAC,CACH,CAAC;AAGD,MAAMwB,sBAAsB,GAAG5B,CAAC,CAACE,MAAM,CAAC;EACtCyB,OAAO,EAAE3B,CAAC,CAACa,KAAK,CACdb,CAAC,CAACE,MAAM,CAAC;IACP2B,KAAK,EAAE7B,CAAC,CAACI,MAAM,CAAC,CAAC;IACjB0B,WAAW,EAAE9B,CAAC,CAACI,MAAM,CAAC,CAAC;IACvBa,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;;AAEF;;AAEA,MAAM2B,2BAA2B,GAAG/B,CAAC,CAACE,MAAM,CAAC;EAC3C8B,MAAM,EAAEhC,CAAC,CAACiC,KAAK,CAAC,CAACjC,CAAC,CAACkC,OAAO,CAAC,WAAW,CAAC,EAAElC,CAAC,CAACkC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC;EACpEC,KAAK,EAAEnC,CAAC,CAACI,MAAM,CAAC,CAAC;EACjBuB,OAAO,EAAE3B,CAAC,CAACa,KAAK,CAACE,yBAAyB,CAAC;EAC3CqB,MAAM,EAAEZ,cAAc,CAAChB,QAAQ,CAAC,CAAC;EAAE;EACnC6B,uCAAuC,EAAErC,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;EAC5DkC,uCAAuC,EAAEtC,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;EAC5DmC,gBAAgB,EAAEvC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACvCgC,yBAAyB,EAAExC,CAAC,CAACyB,MAAM,CAACG,sBAAsB,CAAC,CAACpB,QAAQ,CAAC;AACvE,CAAC,CAAC;AAGF,OAAO,MAAMiC,eAAe,GAAGzC,CAAC,CAACE,MAAM,CAAC;EACtCwC,MAAM,EAAE1C,CAAC,CAACE,MAAM,CAAC;IACfyC,GAAG,EAAE3C,CAAC,CAACkC,OAAO,CAAC,sBAAsB,CAAC;IACtCU,GAAG,EAAE5C,CAAC,CAACI,MAAM,CAAC,CAAC;IACfyC,GAAG,EAAE7C,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACF0C,OAAO,EAAE9C,CAAC,CAACE,MAAM,CAAC;IAChB6C,GAAG,EAAE/C,CAAC,CAACI,MAAM,CAAC,CAAC;IACf4C,GAAG,EAAEhD,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;MAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;IAAE,CAAC,CAAC;IACtCkD,WAAW,EAAEjD,CAAC,CAACa,KAAK,CAACZ,SAAS,CAAC;IAC/BiD,GAAG,EAAElD,CAAC,CAACmD,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEpD,CAAC,CAACmD,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAME,yBAAyB,GAAGrD,CAAC,CAACE,MAAM,CAAC;EAChDyC,GAAG,EAAE3C,CAAC,CAACkC,OAAO,CAAC,sBAAsB,CAAC;EACtCU,GAAG,EAAE5C,CAAC,CAACI,MAAM,CAAC,CAAC;EACfyC,GAAG,EAAE7C,CAAC,CAACI,MAAM,CAAC;AAChB,CAAC,CAAC;;AAEF;AACA;AACA;AACA,MAAMkD,wBAAwB,GAAGtD,CAAC,CAC/BE,MAAM,CAAC;EACNqD,yBAAyB,EAAEvD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAChDgD,wBAAwB,EAAExD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC/CiD,2BAA2B,EAAEzD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAClDkD,qCAAqC,EAAE1D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC5DmD,mCAAmC,EAAE3D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC1DoD,iBAAiB,EAAE5D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACxCqD,YAAY,EAAE7D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACnCsD,UAAU,EAAE9D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACjCuD,QAAQ,EAAE/D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC/BM,QAAQ,EAAEd,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC;AACzC,CAAC,CAAC,CACDwD,WAAW,CAAC,CAAC;;AAEhB;AACA,MAAMC,uBAAuB,GAAGjE,CAAC,CAACE,MAAM,CAAC;EACvCwC,MAAM,EAAEW,yBAAyB;EACjCP,OAAO,EAAE9C,CAAC,CACPE,MAAM,CAAC;IACN6C,GAAG,EAAE/C,CAAC,CAACI,MAAM,CAAC,CAAC;IACf4C,GAAG,EAAEhD,CAAC,CAACI,MAAM,CAAC,CAAC;IACf8C,GAAG,EAAEpD,QAAQ;IACbsD,GAAG,EAAEtD,QAAQ;IACboE,eAAe,EAAElE,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;IAC/C2D,QAAQ,EAAEnE,CAAC,CACRE,MAAM,CAAC;MACNkE,iBAAiB,EAAEd;IACrB,CAAC,CAAC,CACDU,WAAW,CAAC,CAAC;IAChBrD,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;MACbU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;IACnB,CAAC;EACH,CAAC,CAAC,CACDiE,WAAW,CAAC;AACjB,CAAC,CAAC;;AAEF;;AAIA,OAAO,MAAMK,8BAA8B,GAAGJ,uBAAuB;;AAErE;;AAIA,OAAO,MAAMK,mCAAmC,GAAGL,uBAAuB,CAACM,GAAG,CAC5EvE,CAAC,CAACE,MAAM,CAAC;EACP4C,OAAO,EAAE9C,CAAC,CAACE,MAAM,CAAC;IAChBS,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;MAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;IAAE,CAAC,CAAC;IACtCoE,QAAQ,EAAEnE,CAAC,CAACE,MAAM,CAAC;MACjBsE,wBAAwB,EAAExE,CAAC,CAACE,MAAM,CAAC;QACjCuE,iBAAiB,EAAEzE,CAAC,CAACI,MAAM,CAAC,CAAC;QAC7BsE,mBAAmB,EAAE1E,CAAC,CAACI,MAAM,CAAC,CAAC;QAC/BuE,mBAAmB,EAAE3E,CAAC,CAACI,MAAM,CAAC,CAAC;QAC/BwE,2BAA2B,EAAE5E,CAAC,CAACI,MAAM,CAAC,CAAC;QACvCuB,OAAO,EAAE3B,CAAC,CAACa,KAAK,CAACU,+BAA+B,CAAC;QACjDsD,mCAAmC,EAAE7E,CAAC,CAACyB,MAAM,CAC3CM,2BACF,CAAC;QACDpB,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;UAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;QAAE,CAAC;MACvC,CAAC,CAAC;MACF+E,0BAA0B,EAAE9E,CAAC,CAACE,MAAM,CAAC;QACnC6E,sBAAsB,EAAE/E,CAAC,CAACI,MAAM,CAAC,CAAC;QAClC4E,qCAAqC,EAAEhF,CAAC,CAACI,MAAM,CAAC,CAAC;QACjD6E,iCAAiC,EAAEjF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QAAE;QACnE0E,cAAc,EAAElF,CAAC,CAACI,MAAM,CAAC,CAAC;QAC1B+E,sBAAsB,EAAEnF,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QAAE;QAC/C4E,mCAAmC,EAAEpF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACxDiF,gCAAgC,EAAErF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACrDkF,qCAAqC,EAAEtF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QAAE;QACvE+E,oBAAoB,EAAEvF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACzCoF,qBAAqB,EAAExF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC1CqF,MAAM,EAAEzF,CAAC,CAACI,MAAM,CAAC,CAAC;QAClBO,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;UAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;QAAE,CAAC,CAAC;QACtC2F,gBAAgB,EAAE1F,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACrCuF,2BAA2B,EAAE3F,CAAC,CAAC4F,OAAO,CAAC,CAAC,CAACpF,QAAQ,CAAC,CAAC;QAAE;QACrDqF,+BAA+B,EAAE7F,CAAC,CAAC4F,OAAO,CAAC,CAAC,CAACpF,QAAQ,CAAC,CAAC;QAAE;QACzDsF,wBAAwB,EAAE9F,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QAAE;QAC1DuF,wBAAwB,EAAE/F,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC7C4F,uBAAuB,EAAEhG,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QAAE;QACzDyF,qCAAqC,EAAEjG,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC1D8F,gDAAgD,EAAElG,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACrE+F,2CAA2C,EAAEnG,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC;MACjE,CAAC,CAAC;MACF;AACR;AACA;MACQgG,oBAAoB,EAAE9F,oBAAoB,CAACE,QAAQ,CAAC;IACtD,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAM6F,+BAA+B,GAAGpC,uBAAuB,CAACM,GAAG,CACxEvE,CAAC,CAACE,MAAM,CAAC;EACP4C,OAAO,EAAE9C,CAAC,CAACE,MAAM,CAAC;IAChBiE,QAAQ,EAAEnE,CAAC,CAACE,MAAM,CAAC;MACjBkG,oBAAoB,EAAE9F;IACxB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAMgG,iCAAiC,GAAGrC,uBAAuB,CAACM,GAAG,CAC1EvE,CAAC,CAACE,MAAM,CAAC;EACP4C,OAAO,EAAE9C,CAAC,CAACE,MAAM,CAAC;IAChBiE,QAAQ,EAAEnE,CAAC,CAACE,MAAM,CAAC;MACjBqG,eAAe,EAAEvG,CAAC,CACfE,MAAM,CAAC;QACNgF,cAAc,EAAElF,CAAC,CAACI,MAAM,CAAC,CAAC;QAC1BoG,oBAAoB,EAAExG,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QACpDgF,qBAAqB,EAAExF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC1C6F,qCAAqC,EAAEjG,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC1D8F,gDAAgD,EAAElG,CAAC,CAACa,KAAK,CACvDb,CAAC,CAACI,MAAM,CAAC,CACX,CAAC;QACDO,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;UAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;QAAE,CAAC;MACvC,CAAC,CAAC,CACDiE,WAAW,CAAC;IACjB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAEA,OAAO,MAAMyC,mBAAmB,GAAGzG,CAAC,CAACiC,KAAK,CACxC,CACEqE,iCAAiC,EACjChC,mCAAmC,EACnCD,8BAA8B,EAC9BgC,+BAA+B,CAChC,EACD;EACEvE,WAAW,EAAE;AACf,CACF,CAAC"}
1
+ {"version":3,"names":["UnixTime","JWK","z","TrustMark","object","id","string","trust_mark","RelyingPartyMetadata","application_type","optional","client_id","client_name","jwks","keys","array","contacts","CredentialDisplayMetadata","name","locale","CredentialIssuerDisplayMetadata","ClaimsMetadata","record","value_type","display","IssuanceErrorSupported","title","description","SupportedCredentialMetadata","format","union","literal","scope","claims","cryptographic_binding_methods_supported","credential_signing_alg_values_supported","authentic_source","issuance_errors_supported","EntityStatement","header","typ","alg","kid","payload","iss","sub","trust_marks","iat","number","exp","EntityConfigurationHeader","FederationEntityMetadata","federation_fetch_endpoint","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","federation_trust_mark_endpoint","federation_historical_keys_endpoint","endpoint_auth_signing_alg_values_supported","organization_name","homepage_uri","policy_uri","logo_uri","passthrough","BaseEntityConfiguration","authority_hints","metadata","federation_entity","TrustAnchorEntityConfiguration","CredentialIssuerEntityConfiguration","and","openid_credential_issuer","credential_issuer","credential_endpoint","revocation_endpoint","status_attestation_endpoint","credential_configurations_supported","oauth_authorization_server","authorization_endpoint","pushed_authorization_request_endpoint","token_endpoint","client_registration_types_supported","code_challenge_methods_supported","acr_values_supported","grant_types_supported","issuer","scopes_supported","response_modes_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","request_object_signing_alg_values_supported","wallet_relying_party","RelyingPartyEntityConfiguration","WalletProviderEntityConfiguration","wallet_provider","aal_values_supported","EntityConfiguration","FederationListResponse"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,OAAO,MAAMC,SAAS,GAAGD,CAAC,CAACE,MAAM,CAAC;EAAEC,EAAE,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEL,CAAC,CAACI,MAAM,CAAC;AAAE,CAAC,CAAC;AAG7E,MAAME,oBAAoB,GAAGN,CAAC,CAACE,MAAM,CAAC;EACpCK,gBAAgB,EAAEP,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACvCC,SAAS,EAAET,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAChCE,WAAW,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAClCG,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;IAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;EAAE,CAAC,CAAC;EACtCe,QAAQ,EAAEd,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC;AACzC,CAAC,CAAC;;AAEF;AACA;AAEA,MAAMO,yBAAyB,GAAGf,CAAC,CAACE,MAAM,CAAC;EACzCc,IAAI,EAAEhB,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBa,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC;AACnB,CAAC,CAAC;;AAEF;;AAIA,MAAMc,+BAA+B,GAAGlB,CAAC,CAACE,MAAM,CAAC;EAC/Cc,IAAI,EAAEhB,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBa,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC;AACnB,CAAC,CAAC;AAGF,MAAMe,cAAc,GAAGnB,CAAC,CAACoB,MAAM,CAC7BpB,CAAC,CAACE,MAAM,CAAC;EACPmB,UAAU,EAAErB,CAAC,CAACI,MAAM,CAAC,CAAC;EACtBkB,OAAO,EAAEtB,CAAC,CAACa,KAAK,CAACb,CAAC,CAACE,MAAM,CAAC;IAAEc,IAAI,EAAEhB,CAAC,CAACI,MAAM,CAAC,CAAC;IAAEa,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC;EAAE,CAAC,CAAC;AACrE,CAAC,CACH,CAAC;AAGD,MAAMmB,sBAAsB,GAAGvB,CAAC,CAACE,MAAM,CAAC;EACtCoB,OAAO,EAAEtB,CAAC,CAACa,KAAK,CACdb,CAAC,CAACE,MAAM,CAAC;IACPsB,KAAK,EAAExB,CAAC,CAACI,MAAM,CAAC,CAAC;IACjBqB,WAAW,EAAEzB,CAAC,CAACI,MAAM,CAAC,CAAC;IACvBa,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;;AAEF;;AAEA,MAAMsB,2BAA2B,GAAG1B,CAAC,CAACE,MAAM,CAAC;EAC3CyB,MAAM,EAAE3B,CAAC,CAAC4B,KAAK,CAAC,CAAC5B,CAAC,CAAC6B,OAAO,CAAC,WAAW,CAAC,EAAE7B,CAAC,CAAC6B,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC;EACpEC,KAAK,EAAE9B,CAAC,CAACI,MAAM,CAAC,CAAC;EACjBkB,OAAO,EAAEtB,CAAC,CAACa,KAAK,CAACE,yBAAyB,CAAC;EAC3CgB,MAAM,EAAEZ,cAAc;EACtBa,uCAAuC,EAAEhC,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;EAC5D6B,uCAAuC,EAAEjC,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;EAC5D8B,gBAAgB,EAAElC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACvC2B,yBAAyB,EAAEnC,CAAC,CAACoB,MAAM,CAACG,sBAAsB,CAAC,CAACf,QAAQ,CAAC;AACvE,CAAC,CAAC;AAGF,OAAO,MAAM4B,eAAe,GAAGpC,CAAC,CAACE,MAAM,CAAC;EACtCmC,MAAM,EAAErC,CAAC,CAACE,MAAM,CAAC;IACfoC,GAAG,EAAEtC,CAAC,CAAC6B,OAAO,CAAC,sBAAsB,CAAC;IACtCU,GAAG,EAAEvC,CAAC,CAACI,MAAM,CAAC,CAAC;IACfoC,GAAG,EAAExC,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACFqC,OAAO,EAAEzC,CAAC,CAACE,MAAM,CAAC;IAChBwC,GAAG,EAAE1C,CAAC,CAACI,MAAM,CAAC,CAAC;IACfuC,GAAG,EAAE3C,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;MAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;IAAE,CAAC,CAAC;IACtC6C,WAAW,EAAE5C,CAAC,CAACa,KAAK,CAACZ,SAAS,CAAC,CAACO,QAAQ,CAAC,CAAC;IAC1CqC,GAAG,EAAE7C,CAAC,CAAC8C,MAAM,CAAC,CAAC;IACfC,GAAG,EAAE/C,CAAC,CAAC8C,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAME,yBAAyB,GAAGhD,CAAC,CAACE,MAAM,CAAC;EAChDoC,GAAG,EAAEtC,CAAC,CAAC6B,OAAO,CAAC,sBAAsB,CAAC;EACtCU,GAAG,EAAEvC,CAAC,CAACI,MAAM,CAAC,CAAC;EACfoC,GAAG,EAAExC,CAAC,CAACI,MAAM,CAAC;AAChB,CAAC,CAAC;;AAEF;AACA;AACA;AACA,MAAM6C,wBAAwB,GAAGjD,CAAC,CAC/BE,MAAM,CAAC;EACNgD,yBAAyB,EAAElD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAChD2C,wBAAwB,EAAEnD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC/C4C,2BAA2B,EAAEpD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAClD6C,qCAAqC,EAAErD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC5D8C,mCAAmC,EAAEtD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC1D+C,8BAA8B,EAAEvD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACrDgD,mCAAmC,EAAExD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC1DiD,0CAA0C,EAAEzD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACjEkD,iBAAiB,EAAE1D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACxCmD,YAAY,EAAE3D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACnCoD,UAAU,EAAE5D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACjCqD,QAAQ,EAAE7D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC/BM,QAAQ,EAAEd,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC;AACzC,CAAC,CAAC,CACDsD,WAAW,CAAC,CAAC;;AAEhB;AACA,MAAMC,uBAAuB,GAAG/D,CAAC,CAACE,MAAM,CAAC;EACvCmC,MAAM,EAAEW,yBAAyB;EACjCP,OAAO,EAAEzC,CAAC,CACPE,MAAM,CAAC;IACNwC,GAAG,EAAE1C,CAAC,CAACI,MAAM,CAAC,CAAC;IACfuC,GAAG,EAAE3C,CAAC,CAACI,MAAM,CAAC,CAAC;IACfyC,GAAG,EAAE/C,QAAQ;IACbiD,GAAG,EAAEjD,QAAQ;IACbkE,eAAe,EAAEhE,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;IAC/CyD,QAAQ,EAAEjE,CAAC,CACRE,MAAM,CAAC;MACNgE,iBAAiB,EAAEjB;IACrB,CAAC,CAAC,CACDa,WAAW,CAAC,CAAC;IAChBnD,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;MACbU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;IACnB,CAAC;EACH,CAAC,CAAC,CACD+D,WAAW,CAAC;AACjB,CAAC,CAAC;;AAEF;;AAIA,OAAO,MAAMK,8BAA8B,GAAGJ,uBAAuB;;AAErE;;AAIA,OAAO,MAAMK,mCAAmC,GAAGL,uBAAuB,CAACM,GAAG,CAC5ErE,CAAC,CAACE,MAAM,CAAC;EACPuC,OAAO,EAAEzC,CAAC,CAACE,MAAM,CAAC;IAChBS,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;MAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;IAAE,CAAC,CAAC;IACtCkE,QAAQ,EAAEjE,CAAC,CAACE,MAAM,CAAC;MACjBoE,wBAAwB,EAAEtE,CAAC,CAACE,MAAM,CAAC;QACjCqE,iBAAiB,EAAEvE,CAAC,CAACI,MAAM,CAAC,CAAC;QAC7BoE,mBAAmB,EAAExE,CAAC,CAACI,MAAM,CAAC,CAAC;QAC/BqE,mBAAmB,EAAEzE,CAAC,CAACI,MAAM,CAAC,CAAC;QAC/BsE,2BAA2B,EAAE1E,CAAC,CAACI,MAAM,CAAC,CAAC;QACvCkB,OAAO,EAAEtB,CAAC,CAACa,KAAK,CAACK,+BAA+B,CAAC;QACjDyD,mCAAmC,EAAE3E,CAAC,CAACoB,MAAM,CAC3CM,2BACF,CAAC;QACDf,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;UAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;QAAE,CAAC;MACvC,CAAC,CAAC;MACF6E,0BAA0B,EAAE5E,CAAC,CAACE,MAAM,CAAC;QACnC2E,sBAAsB,EAAE7E,CAAC,CAACI,MAAM,CAAC,CAAC;QAClC0E,qCAAqC,EAAE9E,CAAC,CAACI,MAAM,CAAC,CAAC;QACjD2E,cAAc,EAAE/E,CAAC,CAACI,MAAM,CAAC,CAAC;QAC1B4E,mCAAmC,EAAEhF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACxD6E,gCAAgC,EAAEjF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACrD8E,oBAAoB,EAAElF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACzC+E,qBAAqB,EAAEnF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC1CgF,MAAM,EAAEpF,CAAC,CAACI,MAAM,CAAC,CAAC;QAClBO,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;UAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;QAAE,CAAC,CAAC;QACtCsF,gBAAgB,EAAErF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACrCkF,wBAAwB,EAAEtF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC7CmF,qCAAqC,EAAEvF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC1DoF,gDAAgD,EAAExF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACrEqF,2CAA2C,EAAEzF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC;MACjE,CAAC,CAAC;MACF;AACR;AACA;MACQsF,oBAAoB,EAAEpF,oBAAoB,CAACE,QAAQ,CAAC;IACtD,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAMmF,+BAA+B,GAAG5B,uBAAuB,CAACM,GAAG,CACxErE,CAAC,CAACE,MAAM,CAAC;EACPuC,OAAO,EAAEzC,CAAC,CAACE,MAAM,CAAC;IAChB+D,QAAQ,EAAEjE,CAAC,CAACE,MAAM,CAAC;MACjBwF,oBAAoB,EAAEpF;IACxB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAMsF,iCAAiC,GAAG7B,uBAAuB,CAACM,GAAG,CAC1ErE,CAAC,CAACE,MAAM,CAAC;EACPuC,OAAO,EAAEzC,CAAC,CAACE,MAAM,CAAC;IAChB+D,QAAQ,EAAEjE,CAAC,CAACE,MAAM,CAAC;MACjB2F,eAAe,EAAE7F,CAAC,CACfE,MAAM,CAAC;QACN6E,cAAc,EAAE/E,CAAC,CAACI,MAAM,CAAC,CAAC;QAC1B0F,oBAAoB,EAAE9F,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QACpD2E,qBAAqB,EAAEnF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC1CmF,qCAAqC,EAAEvF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC1DoF,gDAAgD,EAAExF,CAAC,CAACa,KAAK,CACvDb,CAAC,CAACI,MAAM,CAAC,CACX,CAAC;QACDO,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;UAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;QAAE,CAAC;MACvC,CAAC,CAAC,CACD+D,WAAW,CAAC;IACjB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAEA,OAAO,MAAMiC,mBAAmB,GAAG/F,CAAC,CAAC4B,KAAK,CACxC,CACEgE,iCAAiC,EACjCxB,mCAAmC,EACnCD,8BAA8B,EAC9BwB,+BAA+B,CAChC,EACD;EACElE,WAAW,EAAE;AACf,CACF,CAAC;AAED,OAAO,MAAMuE,sBAAsB,GAAGhG,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC"}
@@ -0,0 +1,28 @@
1
+ import { decode as decodeJwt, verify as verifyJwt } from "@pagopa/io-react-native-jwt";
2
+ // Verify a token signature
3
+ // The kid is extracted from the token header
4
+ export const verify = async (token, kid, jwks) => {
5
+ const jwk = jwks.find(k => k.kid === kid);
6
+ if (!jwk) {
7
+ throw new Error(`Invalid kid: ${kid}, token: ${token}`);
8
+ }
9
+ const {
10
+ protectedHeader: header,
11
+ payload
12
+ } = await verifyJwt(token, jwk);
13
+ return {
14
+ header,
15
+ payload
16
+ };
17
+ };
18
+ export const decode = token => {
19
+ const {
20
+ protectedHeader: header,
21
+ payload
22
+ } = decodeJwt(token);
23
+ return {
24
+ header,
25
+ payload
26
+ };
27
+ };
28
+ //# sourceMappingURL=utils.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"names":["decode","decodeJwt","verify","verifyJwt","token","kid","jwks","jwk","find","k","Error","protectedHeader","header","payload"],"sourceRoot":"../../../src","sources":["trust/utils.ts"],"mappings":"AAAA,SACEA,MAAM,IAAIC,SAAS,EACnBC,MAAM,IAAIC,SAAS,QACd,6BAA6B;AAUpC;AACA;AACA,OAAO,MAAMD,MAAM,GAAG,MAAAA,CACpBE,KAAa,EACbC,GAAW,EACXC,IAAW,KACc;EACzB,MAAMC,GAAG,GAAGD,IAAI,CAACE,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,GAAG,KAAKA,GAAG,CAAC;EAC3C,IAAI,CAACE,GAAG,EAAE;IACR,MAAM,IAAIG,KAAK,CAAE,gBAAeL,GAAI,YAAWD,KAAM,EAAC,CAAC;EACzD;EACA,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAMV,SAAS,CAACC,KAAK,EAAEG,GAAG,CAAC;EACxE,OAAO;IAAEK,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;AAED,OAAO,MAAMb,MAAM,GAAII,KAAa,IAAK;EACvC,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAGZ,SAAS,CAACG,KAAK,CAAC;EAC7D,OAAO;IAAEQ,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC"}
@@ -1,5 +1,5 @@
1
1
  import { getPublicKey, sign, generate, deleteKey } from "@pagopa/io-react-native-crypto";
2
- import uuid from "react-native-uuid";
2
+ import { v4 as uuidv4 } from "uuid";
3
3
  import { thumbprint } from "@pagopa/io-react-native-jwt";
4
4
  import { fixBase64EncodingOnKey } from "./jwk";
5
5
 
@@ -49,7 +49,7 @@ export const createCryptoContextFor = keytag => {
49
49
  */
50
50
  export const withEphemeralKey = async fn => {
51
51
  // Use an ephemeral key to be destroyed after use
52
- const keytag = `ephemeral-${uuid.v4()}`;
52
+ const keytag = `ephemeral-${uuidv4()}`;
53
53
  await generate(keytag);
54
54
  const ephemeralContext = createCryptoContextFor(keytag);
55
55
  return fn(ephemeralContext).finally(() => deleteKey(keytag));
@@ -1 +1 @@
1
- {"version":3,"names":["getPublicKey","sign","generate","deleteKey","uuid","thumbprint","fixBase64EncodingOnKey","createCryptoContextFor","keytag","then","jwk","kid","getSignature","value","withEphemeralKey","fn","v4","ephemeralContext","finally"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":"AAAA,SACEA,YAAY,EACZC,IAAI,EACJC,QAAQ,EACRC,SAAS,QACJ,gCAAgC;AACvC,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,UAAU,QAA4B,6BAA6B;AAC5E,SAASC,sBAAsB,QAAQ,OAAO;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,GAAIC,MAAc,IAAoB;EACvE,OAAO;IACL;AACJ;AACA;AACA;AACA;IACI,MAAMR,YAAYA,CAAA,EAAG;MACnB,OAAOA,YAAY,CAACQ,MAAM,CAAC,CACxBC,IAAI,CAACH,sBAAsB,CAAC,CAC5BG,IAAI,CAAC,MAAOC,GAAG,KAAM;QACpB,GAAGA,GAAG;QACN;QACA;QACA;QACA;QACAC,GAAG,EAAE,MAAMN,UAAU,CAACK,GAAG;MAC3B,CAAC,CAAC,CAAC;IACP,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;IACI,MAAME,YAAYA,CAACC,KAAa,EAAE;MAChC,OAAOZ,IAAI,CAACY,KAAK,EAAEL,MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMM,gBAAgB,GAAG,MAC9BC,EAAmD,IACpC;EACf;EACA,MAAMP,MAAM,GAAI,aAAYJ,IAAI,CAACY,EAAE,CAAC,CAAE,EAAC;EACvC,MAAMd,QAAQ,CAACM,MAAM,CAAC;EACtB,MAAMS,gBAAgB,GAAGV,sBAAsB,CAACC,MAAM,CAAC;EACvD,OAAOO,EAAE,CAACE,gBAAgB,CAAC,CAACC,OAAO,CAAC,MAAMf,SAAS,CAACK,MAAM,CAAC,CAAC;AAC9D,CAAC"}
1
+ {"version":3,"names":["getPublicKey","sign","generate","deleteKey","v4","uuidv4","thumbprint","fixBase64EncodingOnKey","createCryptoContextFor","keytag","then","jwk","kid","getSignature","value","withEphemeralKey","fn","ephemeralContext","finally"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":"AAAA,SACEA,YAAY,EACZC,IAAI,EACJC,QAAQ,EACRC,SAAS,QACJ,gCAAgC;AACvC,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,UAAU,QAA4B,6BAA6B;AAC5E,SAASC,sBAAsB,QAAQ,OAAO;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,GAAIC,MAAc,IAAoB;EACvE,OAAO;IACL;AACJ;AACA;AACA;AACA;IACI,MAAMT,YAAYA,CAAA,EAAG;MACnB,OAAOA,YAAY,CAACS,MAAM,CAAC,CACxBC,IAAI,CAACH,sBAAsB,CAAC,CAC5BG,IAAI,CAAC,MAAOC,GAAG,KAAM;QACpB,GAAGA,GAAG;QACN;QACA;QACA;QACA;QACAC,GAAG,EAAE,MAAMN,UAAU,CAACK,GAAG;MAC3B,CAAC,CAAC,CAAC;IACP,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;IACI,MAAME,YAAYA,CAACC,KAAa,EAAE;MAChC,OAAOb,IAAI,CAACa,KAAK,EAAEL,MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMM,gBAAgB,GAAG,MAC9BC,EAAmD,IACpC;EACf;EACA,MAAMP,MAAM,GAAI,aAAYJ,MAAM,CAAC,CAAE,EAAC;EACtC,MAAMH,QAAQ,CAACO,MAAM,CAAC;EACtB,MAAMQ,gBAAgB,GAAGT,sBAAsB,CAACC,MAAM,CAAC;EACvD,OAAOO,EAAE,CAACC,gBAAgB,CAAC,CAACC,OAAO,CAAC,MAAMf,SAAS,CAACM,MAAM,CAAC,CAAC;AAC9D,CAAC"}