@pagopa/io-react-native-wallet 0.27.0 → 0.28.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/client/generated/wallet-provider.js +27 -19
- package/lib/commonjs/client/generated/wallet-provider.js.map +1 -1
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js +5 -5
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/05-authorize-access.js +3 -4
- package/lib/commonjs/credential/issuance/05-authorize-access.js.map +1 -1
- package/lib/commonjs/credential/issuance/06-obtain-credential.js +2 -3
- package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/README.md +2 -2
- package/lib/commonjs/credential/presentation/03-get-request-object.js +2 -3
- package/lib/commonjs/credential/presentation/03-get-request-object.js.map +1 -1
- package/lib/commonjs/credential/presentation/04-send-authorization-response.js +4 -5
- package/lib/commonjs/credential/presentation/04-send-authorization-response.js.map +1 -1
- package/lib/commonjs/credential/status/02-status-attestation.js +2 -3
- package/lib/commonjs/credential/status/02-status-attestation.js.map +1 -1
- package/lib/commonjs/trust/chain.js +35 -50
- package/lib/commonjs/trust/chain.js.map +1 -1
- package/lib/commonjs/trust/index.js +139 -16
- package/lib/commonjs/trust/index.js.map +1 -1
- package/lib/commonjs/trust/types.js +13 -37
- package/lib/commonjs/trust/types.js.map +1 -1
- package/lib/commonjs/trust/utils.js +36 -0
- package/lib/commonjs/trust/utils.js.map +1 -0
- package/lib/commonjs/utils/crypto.js +2 -3
- package/lib/commonjs/utils/crypto.js.map +1 -1
- package/lib/commonjs/utils/par.js +3 -4
- package/lib/commonjs/utils/par.js.map +1 -1
- package/lib/commonjs/wallet-instance/index.js +10 -0
- package/lib/commonjs/wallet-instance/index.js.map +1 -1
- package/lib/module/client/generated/wallet-provider.js +22 -15
- package/lib/module/client/generated/wallet-provider.js.map +1 -1
- package/lib/module/credential/issuance/04-complete-user-authorization.js +5 -5
- package/lib/module/credential/issuance/04-complete-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/05-authorize-access.js +3 -3
- package/lib/module/credential/issuance/05-authorize-access.js.map +1 -1
- package/lib/module/credential/issuance/06-obtain-credential.js +2 -2
- package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/module/credential/issuance/README.md +2 -2
- package/lib/module/credential/presentation/03-get-request-object.js +2 -2
- package/lib/module/credential/presentation/03-get-request-object.js.map +1 -1
- package/lib/module/credential/presentation/04-send-authorization-response.js +4 -4
- package/lib/module/credential/presentation/04-send-authorization-response.js.map +1 -1
- package/lib/module/credential/status/02-status-attestation.js +2 -2
- package/lib/module/credential/status/02-status-attestation.js.map +1 -1
- package/lib/module/trust/chain.js +32 -46
- package/lib/module/trust/chain.js.map +1 -1
- package/lib/module/trust/index.js +139 -18
- package/lib/module/trust/index.js.map +1 -1
- package/lib/module/trust/types.js +11 -36
- package/lib/module/trust/types.js.map +1 -1
- package/lib/module/trust/utils.js +28 -0
- package/lib/module/trust/utils.js.map +1 -0
- package/lib/module/utils/crypto.js +2 -2
- package/lib/module/utils/crypto.js.map +1 -1
- package/lib/module/utils/par.js +3 -3
- package/lib/module/utils/par.js.map +1 -1
- package/lib/module/wallet-instance/index.js +9 -0
- package/lib/module/wallet-instance/index.js.map +1 -1
- package/lib/typescript/client/generated/wallet-provider.d.ts +91 -54
- package/lib/typescript/client/generated/wallet-provider.d.ts.map +1 -1
- package/lib/typescript/credential/status/types.d.ts +6 -6
- package/lib/typescript/sd-jwt/index.d.ts +12 -12
- package/lib/typescript/sd-jwt/types.d.ts +6 -6
- package/lib/typescript/trust/chain.d.ts +4 -9
- package/lib/typescript/trust/chain.d.ts.map +1 -1
- package/lib/typescript/trust/index.d.ts +109 -95
- package/lib/typescript/trust/index.d.ts.map +1 -1
- package/lib/typescript/trust/types.d.ts +845 -542
- package/lib/typescript/trust/types.d.ts.map +1 -1
- package/lib/typescript/trust/utils.d.ts +12 -0
- package/lib/typescript/trust/utils.d.ts.map +1 -0
- package/lib/typescript/wallet-instance/index.d.ts +8 -0
- package/lib/typescript/wallet-instance/index.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/types.d.ts +24 -24
- package/package.json +9 -3
- package/src/client/generated/wallet-provider.ts +28 -19
- package/src/credential/issuance/04-complete-user-authorization.ts +5 -5
- package/src/credential/issuance/05-authorize-access.ts +3 -3
- package/src/credential/issuance/06-obtain-credential.ts +2 -2
- package/src/credential/issuance/README.md +2 -2
- package/src/credential/presentation/03-get-request-object.ts +2 -2
- package/src/credential/presentation/04-send-authorization-response.ts +4 -4
- package/src/credential/status/02-status-attestation.ts +2 -2
- package/src/trust/chain.ts +46 -62
- package/src/trust/index.ts +185 -20
- package/src/trust/types.ts +10 -27
- package/src/trust/utils.ts +32 -0
- package/src/utils/crypto.ts +2 -2
- package/src/utils/par.ts +3 -3
- package/src/wallet-instance/index.ts +13 -0
@@ -1,34 +1,8 @@
|
|
1
|
-
import { decode as decodeJwt, verify as verifyJwt } from "@pagopa/io-react-native-jwt";
|
2
1
|
import { EntityConfiguration, EntityStatement, TrustAnchorEntityConfiguration } from "./types";
|
3
2
|
import { IoWalletError } from "../utils/errors";
|
4
3
|
import * as z from "zod";
|
5
4
|
import { getSignedEntityConfiguration, getSignedEntityStatement } from ".";
|
6
|
-
|
7
|
-
// The kid is extracted from the token header
|
8
|
-
const verify = async (token, kid, jwks) => {
|
9
|
-
const jwk = jwks.find(k => k.kid === kid);
|
10
|
-
if (!jwk) {
|
11
|
-
throw new Error(`Invalid kid: ${kid}, token: ${token}`);
|
12
|
-
}
|
13
|
-
const {
|
14
|
-
protectedHeader: header,
|
15
|
-
payload
|
16
|
-
} = await verifyJwt(token, jwk);
|
17
|
-
return {
|
18
|
-
header,
|
19
|
-
payload
|
20
|
-
};
|
21
|
-
};
|
22
|
-
const decode = token => {
|
23
|
-
const {
|
24
|
-
protectedHeader: header,
|
25
|
-
payload
|
26
|
-
} = decodeJwt(token);
|
27
|
-
return {
|
28
|
-
header,
|
29
|
-
payload
|
30
|
-
};
|
31
|
-
};
|
5
|
+
import { decode, verify } from "./utils";
|
32
6
|
|
33
7
|
// The first element of the chain is supposed to be the Entity Configuration for the document issuer
|
34
8
|
const FirstElementShape = EntityConfiguration;
|
@@ -42,7 +16,7 @@ const LastElementShape = z.union([EntityStatement, TrustAnchorEntityConfiguratio
|
|
42
16
|
* Validates a provided trust chain against a known trust
|
43
17
|
*
|
44
18
|
* @param trustAnchorEntity The entity configuration of the known trust anchor
|
45
|
-
* @param chain The chain of statements to be
|
19
|
+
* @param chain The chain of statements to be validated
|
46
20
|
* @returns The list of parsed token representing the chain
|
47
21
|
* @throws {IoWalletError} If the chain is not valid
|
48
22
|
*/
|
@@ -66,7 +40,7 @@ export async function validateTrustChain(trustAnchorEntity, chain) {
|
|
66
40
|
};
|
67
41
|
|
68
42
|
// select keys from the next token
|
69
|
-
// if the current token is the last, keys
|
43
|
+
// if the current token is the last, keys from trust anchor will be used
|
70
44
|
const selectKeys = currentIndex => {
|
71
45
|
if (currentIndex === chain.length - 1) {
|
72
46
|
return trustAnchorEntity.payload.jwks.keys;
|
@@ -81,7 +55,7 @@ export async function validateTrustChain(trustAnchorEntity, chain) {
|
|
81
55
|
};
|
82
56
|
|
83
57
|
// Iterate the chain and validate each element's signature against the public keys of its next
|
84
|
-
// If there is no next, hence it's the end of the chain and it must be verified by the Trust Anchor
|
58
|
+
// If there is no next, hence it's the end of the chain, and it must be verified by the Trust Anchor
|
85
59
|
return Promise.all(chain.map((token, i) => [token, selectKid(i), selectKeys(i)]).map(args => verify(...args)));
|
86
60
|
}
|
87
61
|
|
@@ -90,24 +64,36 @@ export async function validateTrustChain(trustAnchorEntity, chain) {
|
|
90
64
|
*
|
91
65
|
* @param chain The original chain
|
92
66
|
* @param appFetch (optional) fetch api implementation
|
93
|
-
* @returns A list of signed token that
|
94
|
-
* @throws When an element of the chain fails to parse
|
67
|
+
* @returns A list of signed token that represent the trust chain, in the same order of the provided chain
|
68
|
+
* @throws IoWalletError When an element of the chain fails to parse
|
95
69
|
*/
|
96
|
-
export function renewTrustChain(chain) {
|
70
|
+
export async function renewTrustChain(chain) {
|
97
71
|
let appFetch = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : fetch;
|
98
|
-
return Promise.all(chain
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
}
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
72
|
+
return Promise.all(chain.map(async (token, index) => {
|
73
|
+
const decoded = decode(token);
|
74
|
+
const entityStatementResult = EntityStatement.safeParse(decoded);
|
75
|
+
const entityConfigurationResult = EntityConfiguration.safeParse(decoded);
|
76
|
+
if (entityConfigurationResult.success) {
|
77
|
+
return getSignedEntityConfiguration(entityConfigurationResult.data.payload.iss, {
|
78
|
+
appFetch
|
79
|
+
});
|
80
|
+
}
|
81
|
+
if (entityStatementResult.success) {
|
82
|
+
const entityStatement = entityStatementResult.data;
|
83
|
+
const parentBaseUrl = entityStatement.payload.iss;
|
84
|
+
const parentECJwt = await getSignedEntityConfiguration(parentBaseUrl, {
|
85
|
+
appFetch
|
86
|
+
});
|
87
|
+
const parentEC = EntityConfiguration.parse(decode(parentECJwt));
|
88
|
+
const federationFetchEndpoint = parentEC.payload.metadata.federation_entity.federation_fetch_endpoint;
|
89
|
+
if (!federationFetchEndpoint) {
|
90
|
+
throw new IoWalletError(`Parent EC at ${parentBaseUrl} is missing federation_fetch_endpoint`);
|
91
|
+
}
|
92
|
+
return getSignedEntityStatement(federationFetchEndpoint, entityStatement.payload.sub, {
|
93
|
+
appFetch
|
94
|
+
});
|
95
|
+
}
|
96
|
+
throw new IoWalletError(`Cannot renew trust chain because element #${index} failed to parse.`);
|
111
97
|
}));
|
112
98
|
}
|
113
99
|
//# sourceMappingURL=chain.js.map
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"names":["
|
1
|
+
{"version":3,"names":["EntityConfiguration","EntityStatement","TrustAnchorEntityConfiguration","IoWalletError","z","getSignedEntityConfiguration","getSignedEntityStatement","decode","verify","FirstElementShape","MiddleElementShape","LastElementShape","union","validateTrustChain","trustAnchorEntity","chain","length","selectTokenShape","elementIndex","selectKid","currentIndex","token","shape","parse","header","kid","selectKeys","payload","jwks","keys","nextIndex","nextToken","Promise","all","map","i","args","renewTrustChain","appFetch","arguments","undefined","fetch","index","decoded","entityStatementResult","safeParse","entityConfigurationResult","success","data","iss","entityStatement","parentBaseUrl","parentECJwt","parentEC","federationFetchEndpoint","metadata","federation_entity","federation_fetch_endpoint","sub"],"sourceRoot":"../../../src","sources":["trust/chain.ts"],"mappings":"AAAA,SACEA,mBAAmB,EACnBC,eAAe,EACfC,8BAA8B,QACzB,SAAS;AAEhB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,4BAA4B,EAAEC,wBAAwB,QAAQ,GAAG;AAC1E,SAASC,MAAM,EAAoBC,MAAM,QAAQ,SAAS;;AAE1D;AACA,MAAMC,iBAAiB,GAAGT,mBAAmB;AAC7C;AACA,MAAMU,kBAAkB,GAAGT,eAAe;AAC1C;AACA;AACA,MAAMU,gBAAgB,GAAGP,CAAC,CAACQ,KAAK,CAAC,CAC/BX,eAAe,EACfC,8BAA8B,CAC/B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeW,kBAAkBA,CACtCC,iBAAiD,EACjDC,KAAe,EACS;EACxB;EACA,IAAIA,KAAK,CAACC,MAAM,KAAK,CAAC,EAAE;IACtB,MAAM,IAAIb,aAAa,CAAC,iCAAiC,CAAC;EAC5D;;EAEA;EACA,MAAMc,gBAAgB,GAAIC,YAAoB,IAC5CA,YAAY,KAAK,CAAC,GACdT,iBAAiB,GACjBS,YAAY,KAAKH,KAAK,CAACC,MAAM,GAAG,CAAC,GACjCL,gBAAgB,GAChBD,kBAAkB;;EAExB;EACA,MAAMS,SAAS,GAAIC,YAAoB,IAAa;IAClD,MAAMC,KAAK,GAAGN,KAAK,CAACK,YAAY,CAAC;IACjC,IAAI,CAACC,KAAK,EAAE;MACV,MAAM,IAAIlB,aAAa,CAAE,gCAA+B,CAAC;IAC3D;IACA,MAAMmB,KAAK,GAAGL,gBAAgB,CAACG,YAAY,CAAC;IAC5C,OAAOE,KAAK,CAACC,KAAK,CAAChB,MAAM,CAACc,KAAK,CAAC,CAAC,CAACG,MAAM,CAACC,GAAG;EAC9C,CAAC;;EAED;EACA;EACA,MAAMC,UAAU,GAAIN,YAAoB,IAAY;IAClD,IAAIA,YAAY,KAAKL,KAAK,CAACC,MAAM,GAAG,CAAC,EAAE;MACrC,OAAOF,iBAAiB,CAACa,OAAO,CAACC,IAAI,CAACC,IAAI;IAC5C;IAEA,MAAMC,SAAS,GAAGV,YAAY,GAAG,CAAC;IAClC,MAAMW,SAAS,GAAGhB,KAAK,CAACe,SAAS,CAAC;IAClC,IAAI,CAACC,SAAS,EAAE;MACd,MAAM,IAAI5B,aAAa,CAAE,qCAAoC,CAAC;IAChE;IACA,MAAMmB,KAAK,GAAGL,gBAAgB,CAACa,SAAS,CAAC;IACzC,OAAOR,KAAK,CAACC,KAAK,CAAChB,MAAM,CAACwB,SAAS,CAAC,CAAC,CAACJ,OAAO,CAACC,IAAI,CAACC,IAAI;EACzD,CAAC;;EAED;EACA;EACA,OAAOG,OAAO,CAACC,GAAG,CAChBlB,KAAK,CACFmB,GAAG,CAAC,CAACb,KAAK,EAAEc,CAAC,KAAK,CAACd,KAAK,EAAEF,SAAS,CAACgB,CAAC,CAAC,EAAET,UAAU,CAACS,CAAC,CAAC,CAAU,CAAC,CAChED,GAAG,CAAEE,IAAI,IAAK5B,MAAM,CAAC,GAAG4B,IAAI,CAAC,CAClC,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,eAAeA,CACnCtB,KAAe,EAEI;EAAA,IADnBuB,QAA8B,GAAAC,SAAA,CAAAvB,MAAA,QAAAuB,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAGE,KAAK;EAEtC,OAAOT,OAAO,CAACC,GAAG,CAChBlB,KAAK,CAACmB,GAAG,CAAC,OAAOb,KAAK,EAAEqB,KAAK,KAAK;IAChC,MAAMC,OAAO,GAAGpC,MAAM,CAACc,KAAK,CAAC;IAE7B,MAAMuB,qBAAqB,GAAG3C,eAAe,CAAC4C,SAAS,CAACF,OAAO,CAAC;IAChE,MAAMG,yBAAyB,GAAG9C,mBAAmB,CAAC6C,SAAS,CAACF,OAAO,CAAC;IAExE,IAAIG,yBAAyB,CAACC,OAAO,EAAE;MACrC,OAAO1C,4BAA4B,CACjCyC,yBAAyB,CAACE,IAAI,CAACrB,OAAO,CAACsB,GAAG,EAC1C;QAAEX;MAAS,CACb,CAAC;IACH;IACA,IAAIM,qBAAqB,CAACG,OAAO,EAAE;MACjC,MAAMG,eAAe,GAAGN,qBAAqB,CAACI,IAAI;MAElD,MAAMG,aAAa,GAAGD,eAAe,CAACvB,OAAO,CAACsB,GAAG;MACjD,MAAMG,WAAW,GAAG,MAAM/C,4BAA4B,CAAC8C,aAAa,EAAE;QACpEb;MACF,CAAC,CAAC;MACF,MAAMe,QAAQ,GAAGrD,mBAAmB,CAACuB,KAAK,CAAChB,MAAM,CAAC6C,WAAW,CAAC,CAAC;MAE/D,MAAME,uBAAuB,GAC3BD,QAAQ,CAAC1B,OAAO,CAAC4B,QAAQ,CAACC,iBAAiB,CAACC,yBAAyB;MACvE,IAAI,CAACH,uBAAuB,EAAE;QAC5B,MAAM,IAAInD,aAAa,CACpB,gBAAegD,aAAc,uCAChC,CAAC;MACH;MACA,OAAO7C,wBAAwB,CAC7BgD,uBAAuB,EACvBJ,eAAe,CAACvB,OAAO,CAAC+B,GAAG,EAC3B;QAAEpB;MAAS,CACb,CAAC;IACH;IACA,MAAM,IAAInC,aAAa,CACpB,6CAA4CuC,KAAM,mBACrD,CAAC;EACH,CAAC,CACH,CAAC;AACH"}
|
@@ -1,15 +1,17 @@
|
|
1
|
+
import { decode, verify } from "./utils";
|
1
2
|
import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
|
2
|
-
import {
|
3
|
-
import {
|
3
|
+
import { CredentialIssuerEntityConfiguration, EntityConfiguration, EntityStatement, FederationListResponse, RelyingPartyEntityConfiguration, TrustAnchorEntityConfiguration, WalletProviderEntityConfiguration } from "./types";
|
4
|
+
import { renewTrustChain, validateTrustChain } from "./chain";
|
4
5
|
import { hasStatusOrThrow } from "../utils/misc";
|
6
|
+
import { IoWalletError } from "../utils/errors";
|
5
7
|
/**
|
6
8
|
* Verify a given trust chain is actually valid.
|
7
9
|
* It can handle fast chain renewal, which means we try to fetch a fresh version of each statement.
|
8
10
|
*
|
9
11
|
* @param trustAnchorEntity The entity configuration of the known trust anchor
|
10
|
-
* @param chain The chain of statements to be
|
11
|
-
* @param
|
12
|
-
* @param
|
12
|
+
* @param chain The chain of statements to be validated
|
13
|
+
* @param renewOnFail Whether to renew the provided chain if the validation fails at first. Default: true
|
14
|
+
* @param appFetch Fetch api implementation. Default: the built-in implementation
|
13
15
|
* @returns The result of the chain validation
|
14
16
|
* @throws {IoWalletError} When either validation or renewal fail
|
15
17
|
*/
|
@@ -34,7 +36,7 @@ export async function verifyTrustChain(trustAnchorEntity, chain) {
|
|
34
36
|
* Fetch the signed entity configuration token for an entity
|
35
37
|
*
|
36
38
|
* @param entityBaseUrl The url of the entity to fetch
|
37
|
-
* @param
|
39
|
+
* @param appFetch (optional) fetch api implementation
|
38
40
|
* @returns The signed Entity Configuration token
|
39
41
|
*/
|
40
42
|
export async function getSignedEntityConfiguration(entityBaseUrl) {
|
@@ -59,6 +61,7 @@ export async function getSignedEntityConfiguration(entityBaseUrl) {
|
|
59
61
|
*
|
60
62
|
* @param entityBaseUrl The base url of the entity.
|
61
63
|
* @param schema The expected schema of the entity configuration, according to the kind of entity we are fetching from.
|
64
|
+
* @param options An optional object with additional options.
|
62
65
|
* @param options.appFetch An optional instance of the http client to be used.
|
63
66
|
* @returns The parsed entity configuration object
|
64
67
|
* @throws {IoWalletError} If the http request fails
|
@@ -87,9 +90,9 @@ export const getEntityConfiguration = (entityBaseUrl, options) => fetchAndParseE
|
|
87
90
|
/**
|
88
91
|
* Fetch and parse the entity statement document for a given federation entity.
|
89
92
|
*
|
90
|
-
* @param accreditationBodyBaseUrl The base url of the
|
93
|
+
* @param accreditationBodyBaseUrl The base url of the accreditation body which holds and signs the required entity statement
|
91
94
|
* @param subordinatedEntityBaseUrl The url that identifies the subordinate entity
|
92
|
-
* @param
|
95
|
+
* @param appFetch An optional instance of the http client to be used.
|
93
96
|
* @returns The parsed entity configuration object
|
94
97
|
* @throws {IoWalletError} If the http request fails
|
95
98
|
* @throws Parse error if the document is not in the expected shape.
|
@@ -111,21 +114,139 @@ export async function getEntityStatement(accreditationBodyBaseUrl, subordinatedE
|
|
111
114
|
/**
|
112
115
|
* Fetch the entity statement document for a given federation entity.
|
113
116
|
*
|
114
|
-
* @param
|
115
|
-
* @param subordinatedEntityBaseUrl The url that identifies the subordinate entity
|
116
|
-
* @param
|
117
|
-
* @returns The signed entity statement token
|
118
|
-
* @throws {IoWalletError} If the http request fails
|
117
|
+
* @param federationFetchEndpoint The exact endpoint provided by the parent EC's metadata.
|
118
|
+
* @param subordinatedEntityBaseUrl The url that identifies the subordinate entity.
|
119
|
+
* @param appFetch An optional instance of the http client to be used.
|
120
|
+
* @returns The signed entity statement token.
|
121
|
+
* @throws {IoWalletError} If the http request fails.
|
119
122
|
*/
|
120
|
-
export async function getSignedEntityStatement(
|
123
|
+
export async function getSignedEntityStatement(federationFetchEndpoint, subordinatedEntityBaseUrl) {
|
121
124
|
let {
|
122
125
|
appFetch = fetch
|
123
126
|
} = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
|
124
|
-
const url =
|
125
|
-
|
126
|
-
|
127
|
-
return await appFetch(url, {
|
127
|
+
const url = new URL(federationFetchEndpoint);
|
128
|
+
url.searchParams.set("sub", subordinatedEntityBaseUrl);
|
129
|
+
return await appFetch(url.toString(), {
|
128
130
|
method: "GET"
|
129
131
|
}).then(hasStatusOrThrow(200)).then(res => res.text());
|
130
132
|
}
|
133
|
+
|
134
|
+
/**
|
135
|
+
* Fetch the federation list document from a given endpoint.
|
136
|
+
*
|
137
|
+
* @param federationListEndpoint The URL of the federation list endpoint.
|
138
|
+
* @param appFetch An optional instance of the http client to be used.
|
139
|
+
* @returns The federation list as an array of strings.
|
140
|
+
* @throws {IoWalletError} If the HTTP request fails or the response cannot be parsed.
|
141
|
+
*/
|
142
|
+
export async function getFederationList(federationListEndpoint) {
|
143
|
+
let {
|
144
|
+
appFetch = fetch
|
145
|
+
} = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
|
146
|
+
return await appFetch(federationListEndpoint, {
|
147
|
+
method: "GET"
|
148
|
+
}).then(hasStatusOrThrow(200)).then(res => res.json()).then(json => {
|
149
|
+
const result = FederationListResponse.safeParse(json);
|
150
|
+
if (!result.success) {
|
151
|
+
throw new IoWalletError(`Invalid federation list format received from Trust Anchor: ${result.error.message}`);
|
152
|
+
}
|
153
|
+
return result.data;
|
154
|
+
});
|
155
|
+
}
|
156
|
+
|
157
|
+
/**
|
158
|
+
* Build a not-verified trust chain for a given Relying Party (RP) entity.
|
159
|
+
*
|
160
|
+
* @param relyingPartyEntityBaseUrl The base URL of the RP entity
|
161
|
+
* @param trustAnchorKey The public key of the Trust Anchor (TA) entity
|
162
|
+
* @param appFetch An optional instance of the http client to be used.
|
163
|
+
* @returns A list of signed tokens that represent the trust chain, in the order of the chain (from the RP to the Trust Anchor)
|
164
|
+
* @throws {IoWalletError} When an element of the chain fails to parse
|
165
|
+
* The result of this function can be used to validate the trust chain with {@link verifyTrustChain}
|
166
|
+
*/
|
167
|
+
export async function buildTrustChain(relyingPartyEntityBaseUrl, trustAnchorKey) {
|
168
|
+
let appFetch = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : fetch;
|
169
|
+
// 1: Recursively gather the trust chain from the RP up to the Trust Anchor
|
170
|
+
const trustChain = await gatherTrustChain(relyingPartyEntityBaseUrl, appFetch);
|
171
|
+
|
172
|
+
// 2: Trust Anchor signature verification
|
173
|
+
const trustAnchorJwt = trustChain[trustChain.length - 1];
|
174
|
+
if (!trustAnchorJwt) {
|
175
|
+
throw new IoWalletError("Cannot verify trust anchor: missing entity configuration.");
|
176
|
+
}
|
177
|
+
if (!trustAnchorKey.kid) {
|
178
|
+
throw new IoWalletError("Missing 'kid' in provided Trust Anchor key.");
|
179
|
+
}
|
180
|
+
await verify(trustAnchorJwt, trustAnchorKey.kid, [trustAnchorKey]);
|
181
|
+
|
182
|
+
// 3: Check the federation list
|
183
|
+
const trustAnchorConfig = EntityConfiguration.parse(decode(trustAnchorJwt));
|
184
|
+
const federationListEndpoint = trustAnchorConfig.payload.metadata.federation_entity.federation_list_endpoint;
|
185
|
+
if (federationListEndpoint) {
|
186
|
+
const federationList = await getFederationList(federationListEndpoint, {
|
187
|
+
appFetch
|
188
|
+
});
|
189
|
+
if (!federationList.includes(relyingPartyEntityBaseUrl)) {
|
190
|
+
throw new IoWalletError("Relying Party entity base URL is not authorized by the Trust Anchor's federation list.");
|
191
|
+
}
|
192
|
+
}
|
193
|
+
return trustChain;
|
194
|
+
}
|
195
|
+
|
196
|
+
/**
|
197
|
+
* Recursively gather the trust chain for an entity and all its superiors.
|
198
|
+
* @param entityBaseUrl The base URL of the entity for which to gather the chain.
|
199
|
+
* @param appFetch An optional instance of the http client to be used.
|
200
|
+
* @param isLeaf Whether the current entity is the leaf of the chain.
|
201
|
+
* @returns A full ordered list of JWTs (ECs and ESs) forming the trust chain.
|
202
|
+
*/
|
203
|
+
async function gatherTrustChain(entityBaseUrl, appFetch) {
|
204
|
+
let isLeaf = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : true;
|
205
|
+
const chain = [];
|
206
|
+
|
207
|
+
// Fetch self-signed EC (only needed for the leaf)
|
208
|
+
const entityECJwt = await getSignedEntityConfiguration(entityBaseUrl, {
|
209
|
+
appFetch
|
210
|
+
});
|
211
|
+
const entityEC = EntityConfiguration.parse(decode(entityECJwt));
|
212
|
+
if (isLeaf) {
|
213
|
+
// Only push EC for the leaf
|
214
|
+
chain.push(entityECJwt);
|
215
|
+
}
|
216
|
+
|
217
|
+
// Find authority_hints (parent, if any)
|
218
|
+
const authorityHints = entityEC.payload.authority_hints ?? [];
|
219
|
+
if (authorityHints.length === 0) {
|
220
|
+
// This is the Trust Anchor (no parent)
|
221
|
+
if (!isLeaf) {
|
222
|
+
chain.push(entityECJwt);
|
223
|
+
}
|
224
|
+
return chain;
|
225
|
+
}
|
226
|
+
const parentEntityBaseUrl = authorityHints[0];
|
227
|
+
|
228
|
+
// Fetch parent EC
|
229
|
+
const parentECJwt = await getSignedEntityConfiguration(parentEntityBaseUrl, {
|
230
|
+
appFetch
|
231
|
+
});
|
232
|
+
const parentEC = EntityConfiguration.parse(decode(parentECJwt));
|
233
|
+
|
234
|
+
// Fetch ES
|
235
|
+
const federationFetchEndpoint = parentEC.payload.metadata.federation_entity.federation_fetch_endpoint;
|
236
|
+
if (!federationFetchEndpoint) {
|
237
|
+
throw new IoWalletError("Missing federation_fetch_endpoint in parent's configuration.");
|
238
|
+
}
|
239
|
+
const entityStatementJwt = await getSignedEntityStatement(federationFetchEndpoint, entityBaseUrl, {
|
240
|
+
appFetch
|
241
|
+
});
|
242
|
+
// Validate the ES
|
243
|
+
EntityStatement.parse(decode(entityStatementJwt));
|
244
|
+
|
245
|
+
// Push this ES into the chain
|
246
|
+
chain.push(entityStatementJwt);
|
247
|
+
|
248
|
+
// Recurse into the parent
|
249
|
+
const parentChain = await gatherTrustChain(parentEntityBaseUrl, appFetch, false);
|
250
|
+
return chain.concat(parentChain);
|
251
|
+
}
|
131
252
|
//# sourceMappingURL=index.js.map
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"names":["decode","decodeJwt","
|
1
|
+
{"version":3,"names":["decode","verify","decodeJwt","CredentialIssuerEntityConfiguration","EntityConfiguration","EntityStatement","FederationListResponse","RelyingPartyEntityConfiguration","TrustAnchorEntityConfiguration","WalletProviderEntityConfiguration","renewTrustChain","validateTrustChain","hasStatusOrThrow","IoWalletError","verifyTrustChain","trustAnchorEntity","chain","appFetch","fetch","renewOnFail","arguments","length","undefined","error","renewedChain","getSignedEntityConfiguration","entityBaseUrl","wellKnownUrl","method","then","res","text","fetchAndParseEntityConfiguration","schema","responseText","responseJwt","parse","header","protectedHeader","payload","getWalletProviderEntityConfiguration","options","getCredentialIssuerEntityConfiguration","getTrustAnchorEntityConfiguration","getRelyingPartyEntityConfiguration","getEntityConfiguration","getEntityStatement","accreditationBodyBaseUrl","subordinatedEntityBaseUrl","getSignedEntityStatement","federationFetchEndpoint","url","URL","searchParams","set","toString","getFederationList","federationListEndpoint","json","result","safeParse","success","message","data","buildTrustChain","relyingPartyEntityBaseUrl","trustAnchorKey","trustChain","gatherTrustChain","trustAnchorJwt","kid","trustAnchorConfig","metadata","federation_entity","federation_list_endpoint","federationList","includes","isLeaf","entityECJwt","entityEC","push","authorityHints","authority_hints","parentEntityBaseUrl","parentECJwt","parentEC","federation_fetch_endpoint","entityStatementJwt","parentChain","concat"],"sourceRoot":"../../../src","sources":["trust/index.ts"],"mappings":"AAAA,SAASA,MAAM,EAAEC,MAAM,QAAQ,SAAS;AACxC,SAASD,MAAM,IAAIE,SAAS,QAAQ,6BAA6B;AACjE,SACEC,mCAAmC,EACnCC,mBAAmB,EACnBC,eAAe,EACfC,sBAAsB,EACtBC,+BAA+B,EAC/BC,8BAA8B,EAC9BC,iCAAiC,QAC5B,SAAS;AAChB,SAASC,eAAe,EAAEC,kBAAkB,QAAQ,SAAS;AAC7D,SAASC,gBAAgB,QAAQ,eAAe;AAChD,SAASC,aAAa,QAAQ,iBAAiB;AAY/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,gBAAgBA,CACpCC,iBAAiD,EACjDC,KAAe,EAKiC;EAAA,IAJhD;IACEC,QAAQ,GAAGC,KAAK;IAChBC,WAAW,GAAG;EAC4C,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAElE,IAAI;IACF,OAAOT,kBAAkB,CAACI,iBAAiB,EAAEC,KAAK,CAAC;EACrD,CAAC,CAAC,OAAOO,KAAK,EAAE;IACd,IAAIJ,WAAW,EAAE;MACf,MAAMK,YAAY,GAAG,MAAMd,eAAe,CAACM,KAAK,EAAEC,QAAQ,CAAC;MAC3D,OAAON,kBAAkB,CAACI,iBAAiB,EAAES,YAAY,CAAC;IAC5D,CAAC,MAAM;MACL,MAAMD,KAAK;IACb;EACF;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeE,4BAA4BA,CAChDC,aAAqB,EAMJ;EAAA,IALjB;IACET,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMO,YAAY,GAAI,GAAED,aAAc,gCAA+B;EAErE,OAAO,MAAMT,QAAQ,CAACU,YAAY,EAAE;IAClCC,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAACjB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BiB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;AAC9B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAoCA,eAAeC,gCAAgCA,CAC7CN,aAAqB,EACrBO,MAK8B,EAM9B;EAAA,IALA;IACEhB,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMc,YAAY,GAAG,MAAMT,4BAA4B,CAACC,aAAa,EAAE;IACrET;EACF,CAAC,CAAC;EAEF,MAAMkB,WAAW,GAAGjC,SAAS,CAACgC,YAAY,CAAC;EAC3C,OAAOD,MAAM,CAACG,KAAK,CAAC;IAClBC,MAAM,EAAEF,WAAW,CAACG,eAAe;IACnCC,OAAO,EAAEJ,WAAW,CAACI;EACvB,CAAC,CAAC;AACJ;AAEA,OAAO,MAAMC,oCAAoC,GAAGA,CAClDd,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACbjB,iCAAiC,EACjCgC,OACF,CAAC;AAEH,OAAO,MAAMC,sCAAsC,GAAGA,CACpDhB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACbvB,mCAAmC,EACnCsC,OACF,CAAC;AAEH,OAAO,MAAME,iCAAiC,GAAGA,CAC/CjB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACblB,8BAA8B,EAC9BiC,OACF,CAAC;AAEH,OAAO,MAAMG,kCAAkC,GAAGA,CAChDlB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACbnB,+BAA+B,EAC/BkC,OACF,CAAC;AAEH,OAAO,MAAMI,sBAAsB,GAAGA,CACpCnB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAACN,aAAa,EAAEtB,mBAAmB,EAAEqC,OAAO,CAAC;;AAE/E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeK,kBAAkBA,CACtCC,wBAAgC,EAChCC,yBAAiC,EAMjC;EAAA,IALA;IACE/B,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMc,YAAY,GAAG,MAAMe,wBAAwB,CACjDF,wBAAwB,EACxBC,yBAAyB,EACzB;IACE/B;EACF,CACF,CAAC;EAED,MAAMkB,WAAW,GAAGjC,SAAS,CAACgC,YAAY,CAAC;EAC3C,OAAO7B,eAAe,CAAC+B,KAAK,CAAC;IAC3BC,MAAM,EAAEF,WAAW,CAACG,eAAe;IACnCC,OAAO,EAAEJ,WAAW,CAACI;EACvB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeU,wBAAwBA,CAC5CC,uBAA+B,EAC/BF,yBAAiC,EAMjC;EAAA,IALA;IACE/B,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAM+B,GAAG,GAAG,IAAIC,GAAG,CAACF,uBAAuB,CAAC;EAC5CC,GAAG,CAACE,YAAY,CAACC,GAAG,CAAC,KAAK,EAAEN,yBAAyB,CAAC;EAEtD,OAAO,MAAM/B,QAAQ,CAACkC,GAAG,CAACI,QAAQ,CAAC,CAAC,EAAE;IACpC3B,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAACjB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BiB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;AAC9B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeyB,iBAAiBA,CACrCC,sBAA8B,EAMX;EAAA,IALnB;IACExC,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,OAAO,MAAMH,QAAQ,CAACwC,sBAAsB,EAAE;IAC5C7B,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAACjB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BiB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAAC4B,IAAI,CAAC,CAAC,CAAC,CACzB7B,IAAI,CAAE6B,IAAI,IAAK;IACd,MAAMC,MAAM,GAAGrD,sBAAsB,CAACsD,SAAS,CAACF,IAAI,CAAC;IACrD,IAAI,CAACC,MAAM,CAACE,OAAO,EAAE;MACnB,MAAM,IAAIhD,aAAa,CACpB,8DAA6D8C,MAAM,CAACpC,KAAK,CAACuC,OAAQ,EACrF,CAAC;IACH;IACA,OAAOH,MAAM,CAACI,IAAI;EACpB,CAAC,CAAC;AACN;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,eAAeA,CACnCC,yBAAiC,EACjCC,cAAmB,EAEA;EAAA,IADnBjD,QAA8B,GAAAG,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGF,KAAK;EAEtC;EACA,MAAMiD,UAAU,GAAG,MAAMC,gBAAgB,CACvCH,yBAAyB,EACzBhD,QACF,CAAC;;EAED;EACA,MAAMoD,cAAc,GAAGF,UAAU,CAACA,UAAU,CAAC9C,MAAM,GAAG,CAAC,CAAC;EACxD,IAAI,CAACgD,cAAc,EAAE;IACnB,MAAM,IAAIxD,aAAa,CACrB,2DACF,CAAC;EACH;EAEA,IAAI,CAACqD,cAAc,CAACI,GAAG,EAAE;IACvB,MAAM,IAAIzD,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,MAAMZ,MAAM,CAACoE,cAAc,EAAEH,cAAc,CAACI,GAAG,EAAE,CAACJ,cAAc,CAAC,CAAC;;EAElE;EACA,MAAMK,iBAAiB,GAAGnE,mBAAmB,CAACgC,KAAK,CAACpC,MAAM,CAACqE,cAAc,CAAC,CAAC;EAC3E,MAAMZ,sBAAsB,GAC1Bc,iBAAiB,CAAChC,OAAO,CAACiC,QAAQ,CAACC,iBAAiB,CACjDC,wBAAwB;EAE7B,IAAIjB,sBAAsB,EAAE;IAC1B,MAAMkB,cAAc,GAAG,MAAMnB,iBAAiB,CAACC,sBAAsB,EAAE;MACrExC;IACF,CAAC,CAAC;IAEF,IAAI,CAAC0D,cAAc,CAACC,QAAQ,CAACX,yBAAyB,CAAC,EAAE;MACvD,MAAM,IAAIpD,aAAa,CACrB,wFACF,CAAC;IACH;EACF;EAEA,OAAOsD,UAAU;AACnB;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeC,gBAAgBA,CAC7B1C,aAAqB,EACrBT,QAA8B,EAEX;EAAA,IADnB4D,MAAe,GAAAzD,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,IAAI;EAEtB,MAAMJ,KAAe,GAAG,EAAE;;EAE1B;EACA,MAAM8D,WAAW,GAAG,MAAMrD,4BAA4B,CAACC,aAAa,EAAE;IACpET;EACF,CAAC,CAAC;EACF,MAAM8D,QAAQ,GAAG3E,mBAAmB,CAACgC,KAAK,CAACpC,MAAM,CAAC8E,WAAW,CAAC,CAAC;EAE/D,IAAID,MAAM,EAAE;IACV;IACA7D,KAAK,CAACgE,IAAI,CAACF,WAAW,CAAC;EACzB;;EAEA;EACA,MAAMG,cAAc,GAAGF,QAAQ,CAACxC,OAAO,CAAC2C,eAAe,IAAI,EAAE;EAC7D,IAAID,cAAc,CAAC5D,MAAM,KAAK,CAAC,EAAE;IAC/B;IACA,IAAI,CAACwD,MAAM,EAAE;MACX7D,KAAK,CAACgE,IAAI,CAACF,WAAW,CAAC;IACzB;IACA,OAAO9D,KAAK;EACd;EAEA,MAAMmE,mBAAmB,GAAGF,cAAc,CAAC,CAAC,CAAE;;EAE9C;EACA,MAAMG,WAAW,GAAG,MAAM3D,4BAA4B,CAAC0D,mBAAmB,EAAE;IAC1ElE;EACF,CAAC,CAAC;EACF,MAAMoE,QAAQ,GAAGjF,mBAAmB,CAACgC,KAAK,CAACpC,MAAM,CAACoF,WAAW,CAAC,CAAC;;EAE/D;EACA,MAAMlC,uBAAuB,GAC3BmC,QAAQ,CAAC9C,OAAO,CAACiC,QAAQ,CAACC,iBAAiB,CAACa,yBAAyB;EACvE,IAAI,CAACpC,uBAAuB,EAAE;IAC5B,MAAM,IAAIrC,aAAa,CACrB,8DACF,CAAC;EACH;EAEA,MAAM0E,kBAAkB,GAAG,MAAMtC,wBAAwB,CACvDC,uBAAuB,EACvBxB,aAAa,EACb;IAAET;EAAS,CACb,CAAC;EACD;EACAZ,eAAe,CAAC+B,KAAK,CAACpC,MAAM,CAACuF,kBAAkB,CAAC,CAAC;;EAEjD;EACAvE,KAAK,CAACgE,IAAI,CAACO,kBAAkB,CAAC;;EAE9B;EACA,MAAMC,WAAW,GAAG,MAAMpB,gBAAgB,CACxCe,mBAAmB,EACnBlE,QAAQ,EACR,KACF,CAAC;EAED,OAAOD,KAAK,CAACyE,MAAM,CAACD,WAAW,CAAC;AAClC"}
|
@@ -14,34 +14,20 @@ const RelyingPartyMetadata = z.object({
|
|
14
14
|
}),
|
15
15
|
contacts: z.array(z.string()).optional()
|
16
16
|
});
|
17
|
-
//.passthrough();
|
18
17
|
|
19
18
|
// Display metadata for a credential, used by the issuer to
|
20
19
|
// instruct the Wallet Solution on how to render the credential correctly
|
21
20
|
const CredentialDisplayMetadata = z.object({
|
22
21
|
name: z.string(),
|
23
|
-
locale: z.string()
|
24
|
-
logo: z.object({
|
25
|
-
url: z.string(),
|
26
|
-
alt_text: z.string()
|
27
|
-
}).optional(),
|
28
|
-
// TODO [SIW-1268]: should not be optional
|
29
|
-
background_color: z.string().optional(),
|
30
|
-
// TODO [SIW-1268]: should not be optional
|
31
|
-
text_color: z.string().optional() // TODO [SIW-1268]: should not be optional
|
22
|
+
locale: z.string()
|
32
23
|
});
|
33
24
|
|
34
25
|
// Metadata for displaying issuer information
|
35
26
|
|
36
27
|
const CredentialIssuerDisplayMetadata = z.object({
|
37
28
|
name: z.string(),
|
38
|
-
locale: z.string()
|
39
|
-
logo: z.object({
|
40
|
-
url: z.string(),
|
41
|
-
alt_text: z.string()
|
42
|
-
}).optional() // TODO [SIW-1268]: should not be optional
|
29
|
+
locale: z.string()
|
43
30
|
});
|
44
|
-
|
45
31
|
const ClaimsMetadata = z.record(z.object({
|
46
32
|
value_type: z.string(),
|
47
33
|
display: z.array(z.object({
|
@@ -57,14 +43,13 @@ const IssuanceErrorSupported = z.object({
|
|
57
43
|
}))
|
58
44
|
});
|
59
45
|
|
60
|
-
// Metadata for a
|
46
|
+
// Metadata for a credential which is supported by an Issuer
|
61
47
|
|
62
48
|
const SupportedCredentialMetadata = z.object({
|
63
49
|
format: z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]),
|
64
50
|
scope: z.string(),
|
65
51
|
display: z.array(CredentialDisplayMetadata),
|
66
|
-
claims: ClaimsMetadata
|
67
|
-
// TODO [SIW-1268]: should not be optional
|
52
|
+
claims: ClaimsMetadata,
|
68
53
|
cryptographic_binding_methods_supported: z.array(z.string()),
|
69
54
|
credential_signing_alg_values_supported: z.array(z.string()),
|
70
55
|
authentic_source: z.string().optional(),
|
@@ -82,7 +67,7 @@ export const EntityStatement = z.object({
|
|
82
67
|
jwks: z.object({
|
83
68
|
keys: z.array(JWK)
|
84
69
|
}),
|
85
|
-
trust_marks: z.array(TrustMark),
|
70
|
+
trust_marks: z.array(TrustMark).optional(),
|
86
71
|
iat: z.number(),
|
87
72
|
exp: z.number()
|
88
73
|
})
|
@@ -94,7 +79,7 @@ export const EntityConfigurationHeader = z.object({
|
|
94
79
|
});
|
95
80
|
|
96
81
|
/**
|
97
|
-
* @see https://openid.net/specs/openid-
|
82
|
+
* @see https://openid.net/specs/openid-federation-1_0-41.html
|
98
83
|
*/
|
99
84
|
const FederationEntityMetadata = z.object({
|
100
85
|
federation_fetch_endpoint: z.string().optional(),
|
@@ -102,6 +87,9 @@ const FederationEntityMetadata = z.object({
|
|
102
87
|
federation_resolve_endpoint: z.string().optional(),
|
103
88
|
federation_trust_mark_status_endpoint: z.string().optional(),
|
104
89
|
federation_trust_mark_list_endpoint: z.string().optional(),
|
90
|
+
federation_trust_mark_endpoint: z.string().optional(),
|
91
|
+
federation_historical_keys_endpoint: z.string().optional(),
|
92
|
+
endpoint_auth_signing_alg_values_supported: z.string().optional(),
|
105
93
|
organization_name: z.string().optional(),
|
106
94
|
homepage_uri: z.string().optional(),
|
107
95
|
policy_uri: z.string().optional(),
|
@@ -109,7 +97,7 @@ const FederationEntityMetadata = z.object({
|
|
109
97
|
contacts: z.array(z.string()).optional()
|
110
98
|
}).passthrough();
|
111
99
|
|
112
|
-
//
|
100
|
+
// Structure common to every Entity Configuration document
|
113
101
|
const BaseEntityConfiguration = z.object({
|
114
102
|
header: EntityConfigurationHeader,
|
115
103
|
payload: z.object({
|
@@ -153,15 +141,9 @@ export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(z
|
|
153
141
|
oauth_authorization_server: z.object({
|
154
142
|
authorization_endpoint: z.string(),
|
155
143
|
pushed_authorization_request_endpoint: z.string(),
|
156
|
-
dpop_signing_alg_values_supported: z.array(z.string()).optional(),
|
157
|
-
// TODO [SIW-1268]: should not be optional
|
158
144
|
token_endpoint: z.string(),
|
159
|
-
introspection_endpoint: z.string().optional(),
|
160
|
-
// TODO [SIW-1268]: should not be optional
|
161
145
|
client_registration_types_supported: z.array(z.string()),
|
162
146
|
code_challenge_methods_supported: z.array(z.string()),
|
163
|
-
authorization_details_types_supported: z.array(z.string()).optional(),
|
164
|
-
// TODO [SIW-1268]: should not be optional,
|
165
147
|
acr_values_supported: z.array(z.string()),
|
166
148
|
grant_types_supported: z.array(z.string()),
|
167
149
|
issuer: z.string(),
|
@@ -169,15 +151,7 @@ export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(z
|
|
169
151
|
keys: z.array(JWK)
|
170
152
|
}),
|
171
153
|
scopes_supported: z.array(z.string()),
|
172
|
-
request_parameter_supported: z.boolean().optional(),
|
173
|
-
// TODO [SIW-1268]: should not be optional
|
174
|
-
request_uri_parameter_supported: z.boolean().optional(),
|
175
|
-
// TODO [SIW-1268]: should not be optional
|
176
|
-
response_types_supported: z.array(z.string()).optional(),
|
177
|
-
// TODO [SIW-1268]: should not be optional
|
178
154
|
response_modes_supported: z.array(z.string()),
|
179
|
-
subject_types_supported: z.array(z.string()).optional(),
|
180
|
-
// TODO [SIW-1268]: should not be optional
|
181
155
|
token_endpoint_auth_methods_supported: z.array(z.string()),
|
182
156
|
token_endpoint_auth_signing_alg_values_supported: z.array(z.string()),
|
183
157
|
request_object_signing_alg_values_supported: z.array(z.string())
|
@@ -224,4 +198,5 @@ export const WalletProviderEntityConfiguration = BaseEntityConfiguration.and(z.o
|
|
224
198
|
export const EntityConfiguration = z.union([WalletProviderEntityConfiguration, CredentialIssuerEntityConfiguration, TrustAnchorEntityConfiguration, RelyingPartyEntityConfiguration], {
|
225
199
|
description: "Any kind of Entity Configuration allowed in the ecosystem"
|
226
200
|
});
|
201
|
+
export const FederationListResponse = z.array(z.string());
|
227
202
|
//# sourceMappingURL=types.js.map
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"names":["UnixTime","JWK","z","TrustMark","object","id","string","trust_mark","RelyingPartyMetadata","application_type","optional","client_id","client_name","jwks","keys","array","contacts","CredentialDisplayMetadata","name","locale","logo","url","alt_text","background_color","text_color","CredentialIssuerDisplayMetadata","ClaimsMetadata","record","value_type","display","IssuanceErrorSupported","title","description","SupportedCredentialMetadata","format","union","literal","scope","claims","cryptographic_binding_methods_supported","credential_signing_alg_values_supported","authentic_source","issuance_errors_supported","EntityStatement","header","typ","alg","kid","payload","iss","sub","trust_marks","iat","number","exp","EntityConfigurationHeader","FederationEntityMetadata","federation_fetch_endpoint","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","organization_name","homepage_uri","policy_uri","logo_uri","passthrough","BaseEntityConfiguration","authority_hints","metadata","federation_entity","TrustAnchorEntityConfiguration","CredentialIssuerEntityConfiguration","and","openid_credential_issuer","credential_issuer","credential_endpoint","revocation_endpoint","status_attestation_endpoint","credential_configurations_supported","oauth_authorization_server","authorization_endpoint","pushed_authorization_request_endpoint","dpop_signing_alg_values_supported","token_endpoint","introspection_endpoint","client_registration_types_supported","code_challenge_methods_supported","authorization_details_types_supported","acr_values_supported","grant_types_supported","issuer","scopes_supported","request_parameter_supported","boolean","request_uri_parameter_supported","response_types_supported","response_modes_supported","subject_types_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","request_object_signing_alg_values_supported","wallet_relying_party","RelyingPartyEntityConfiguration","WalletProviderEntityConfiguration","wallet_provider","aal_values_supported","EntityConfiguration"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,OAAO,MAAMC,SAAS,GAAGD,CAAC,CAACE,MAAM,CAAC;EAAEC,EAAE,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEL,CAAC,CAACI,MAAM,CAAC;AAAE,CAAC,CAAC;AAG7E,MAAME,oBAAoB,GAAGN,CAAC,CAACE,MAAM,CAAC;EACpCK,gBAAgB,EAAEP,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACvCC,SAAS,EAAET,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAChCE,WAAW,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAClCG,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;IAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;EAAE,CAAC,CAAC;EACtCe,QAAQ,EAAEd,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC;AACzC,CAAC,CAAC;AACF;;AAEA;AACA;AAEA,MAAMO,yBAAyB,GAAGf,CAAC,CAACE,MAAM,CAAC;EACzCc,IAAI,EAAEhB,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBa,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBc,IAAI,EAAElB,CAAC,CACJE,MAAM,CAAC;IACNiB,GAAG,EAAEnB,CAAC,CAACI,MAAM,CAAC,CAAC;IACfgB,QAAQ,EAAEpB,CAAC,CAACI,MAAM,CAAC;EACrB,CAAC,CAAC,CACDI,QAAQ,CAAC,CAAC;EAAE;EACfa,gBAAgB,EAAErB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAAE;EACzCc,UAAU,EAAEtB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC,CAAE;AACrC,CAAC,CAAC;;AAEF;;AAIA,MAAMe,+BAA+B,GAAGvB,CAAC,CAACE,MAAM,CAAC;EAC/Cc,IAAI,EAAEhB,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBa,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBc,IAAI,EAAElB,CAAC,CACJE,MAAM,CAAC;IACNiB,GAAG,EAAEnB,CAAC,CAACI,MAAM,CAAC,CAAC;IACfgB,QAAQ,EAAEpB,CAAC,CAACI,MAAM,CAAC;EACrB,CAAC,CAAC,CACDI,QAAQ,CAAC,CAAC,CAAE;AACjB,CAAC,CAAC;;AAGF,MAAMgB,cAAc,GAAGxB,CAAC,CAACyB,MAAM,CAC7BzB,CAAC,CAACE,MAAM,CAAC;EACPwB,UAAU,EAAE1B,CAAC,CAACI,MAAM,CAAC,CAAC;EACtBuB,OAAO,EAAE3B,CAAC,CAACa,KAAK,CAACb,CAAC,CAACE,MAAM,CAAC;IAAEc,IAAI,EAAEhB,CAAC,CAACI,MAAM,CAAC,CAAC;IAAEa,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC;EAAE,CAAC,CAAC;AACrE,CAAC,CACH,CAAC;AAGD,MAAMwB,sBAAsB,GAAG5B,CAAC,CAACE,MAAM,CAAC;EACtCyB,OAAO,EAAE3B,CAAC,CAACa,KAAK,CACdb,CAAC,CAACE,MAAM,CAAC;IACP2B,KAAK,EAAE7B,CAAC,CAACI,MAAM,CAAC,CAAC;IACjB0B,WAAW,EAAE9B,CAAC,CAACI,MAAM,CAAC,CAAC;IACvBa,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;;AAEF;;AAEA,MAAM2B,2BAA2B,GAAG/B,CAAC,CAACE,MAAM,CAAC;EAC3C8B,MAAM,EAAEhC,CAAC,CAACiC,KAAK,CAAC,CAACjC,CAAC,CAACkC,OAAO,CAAC,WAAW,CAAC,EAAElC,CAAC,CAACkC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC;EACpEC,KAAK,EAAEnC,CAAC,CAACI,MAAM,CAAC,CAAC;EACjBuB,OAAO,EAAE3B,CAAC,CAACa,KAAK,CAACE,yBAAyB,CAAC;EAC3CqB,MAAM,EAAEZ,cAAc,CAAChB,QAAQ,CAAC,CAAC;EAAE;EACnC6B,uCAAuC,EAAErC,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;EAC5DkC,uCAAuC,EAAEtC,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;EAC5DmC,gBAAgB,EAAEvC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACvCgC,yBAAyB,EAAExC,CAAC,CAACyB,MAAM,CAACG,sBAAsB,CAAC,CAACpB,QAAQ,CAAC;AACvE,CAAC,CAAC;AAGF,OAAO,MAAMiC,eAAe,GAAGzC,CAAC,CAACE,MAAM,CAAC;EACtCwC,MAAM,EAAE1C,CAAC,CAACE,MAAM,CAAC;IACfyC,GAAG,EAAE3C,CAAC,CAACkC,OAAO,CAAC,sBAAsB,CAAC;IACtCU,GAAG,EAAE5C,CAAC,CAACI,MAAM,CAAC,CAAC;IACfyC,GAAG,EAAE7C,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACF0C,OAAO,EAAE9C,CAAC,CAACE,MAAM,CAAC;IAChB6C,GAAG,EAAE/C,CAAC,CAACI,MAAM,CAAC,CAAC;IACf4C,GAAG,EAAEhD,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;MAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;IAAE,CAAC,CAAC;IACtCkD,WAAW,EAAEjD,CAAC,CAACa,KAAK,CAACZ,SAAS,CAAC;IAC/BiD,GAAG,EAAElD,CAAC,CAACmD,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEpD,CAAC,CAACmD,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAME,yBAAyB,GAAGrD,CAAC,CAACE,MAAM,CAAC;EAChDyC,GAAG,EAAE3C,CAAC,CAACkC,OAAO,CAAC,sBAAsB,CAAC;EACtCU,GAAG,EAAE5C,CAAC,CAACI,MAAM,CAAC,CAAC;EACfyC,GAAG,EAAE7C,CAAC,CAACI,MAAM,CAAC;AAChB,CAAC,CAAC;;AAEF;AACA;AACA;AACA,MAAMkD,wBAAwB,GAAGtD,CAAC,CAC/BE,MAAM,CAAC;EACNqD,yBAAyB,EAAEvD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAChDgD,wBAAwB,EAAExD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC/CiD,2BAA2B,EAAEzD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAClDkD,qCAAqC,EAAE1D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC5DmD,mCAAmC,EAAE3D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC1DoD,iBAAiB,EAAE5D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACxCqD,YAAY,EAAE7D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACnCsD,UAAU,EAAE9D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACjCuD,QAAQ,EAAE/D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC/BM,QAAQ,EAAEd,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC;AACzC,CAAC,CAAC,CACDwD,WAAW,CAAC,CAAC;;AAEhB;AACA,MAAMC,uBAAuB,GAAGjE,CAAC,CAACE,MAAM,CAAC;EACvCwC,MAAM,EAAEW,yBAAyB;EACjCP,OAAO,EAAE9C,CAAC,CACPE,MAAM,CAAC;IACN6C,GAAG,EAAE/C,CAAC,CAACI,MAAM,CAAC,CAAC;IACf4C,GAAG,EAAEhD,CAAC,CAACI,MAAM,CAAC,CAAC;IACf8C,GAAG,EAAEpD,QAAQ;IACbsD,GAAG,EAAEtD,QAAQ;IACboE,eAAe,EAAElE,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;IAC/C2D,QAAQ,EAAEnE,CAAC,CACRE,MAAM,CAAC;MACNkE,iBAAiB,EAAEd;IACrB,CAAC,CAAC,CACDU,WAAW,CAAC,CAAC;IAChBrD,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;MACbU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;IACnB,CAAC;EACH,CAAC,CAAC,CACDiE,WAAW,CAAC;AACjB,CAAC,CAAC;;AAEF;;AAIA,OAAO,MAAMK,8BAA8B,GAAGJ,uBAAuB;;AAErE;;AAIA,OAAO,MAAMK,mCAAmC,GAAGL,uBAAuB,CAACM,GAAG,CAC5EvE,CAAC,CAACE,MAAM,CAAC;EACP4C,OAAO,EAAE9C,CAAC,CAACE,MAAM,CAAC;IAChBS,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;MAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;IAAE,CAAC,CAAC;IACtCoE,QAAQ,EAAEnE,CAAC,CAACE,MAAM,CAAC;MACjBsE,wBAAwB,EAAExE,CAAC,CAACE,MAAM,CAAC;QACjCuE,iBAAiB,EAAEzE,CAAC,CAACI,MAAM,CAAC,CAAC;QAC7BsE,mBAAmB,EAAE1E,CAAC,CAACI,MAAM,CAAC,CAAC;QAC/BuE,mBAAmB,EAAE3E,CAAC,CAACI,MAAM,CAAC,CAAC;QAC/BwE,2BAA2B,EAAE5E,CAAC,CAACI,MAAM,CAAC,CAAC;QACvCuB,OAAO,EAAE3B,CAAC,CAACa,KAAK,CAACU,+BAA+B,CAAC;QACjDsD,mCAAmC,EAAE7E,CAAC,CAACyB,MAAM,CAC3CM,2BACF,CAAC;QACDpB,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;UAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;QAAE,CAAC;MACvC,CAAC,CAAC;MACF+E,0BAA0B,EAAE9E,CAAC,CAACE,MAAM,CAAC;QACnC6E,sBAAsB,EAAE/E,CAAC,CAACI,MAAM,CAAC,CAAC;QAClC4E,qCAAqC,EAAEhF,CAAC,CAACI,MAAM,CAAC,CAAC;QACjD6E,iCAAiC,EAAEjF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QAAE;QACnE0E,cAAc,EAAElF,CAAC,CAACI,MAAM,CAAC,CAAC;QAC1B+E,sBAAsB,EAAEnF,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QAAE;QAC/C4E,mCAAmC,EAAEpF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACxDiF,gCAAgC,EAAErF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACrDkF,qCAAqC,EAAEtF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QAAE;QACvE+E,oBAAoB,EAAEvF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACzCoF,qBAAqB,EAAExF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC1CqF,MAAM,EAAEzF,CAAC,CAACI,MAAM,CAAC,CAAC;QAClBO,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;UAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;QAAE,CAAC,CAAC;QACtC2F,gBAAgB,EAAE1F,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACrCuF,2BAA2B,EAAE3F,CAAC,CAAC4F,OAAO,CAAC,CAAC,CAACpF,QAAQ,CAAC,CAAC;QAAE;QACrDqF,+BAA+B,EAAE7F,CAAC,CAAC4F,OAAO,CAAC,CAAC,CAACpF,QAAQ,CAAC,CAAC;QAAE;QACzDsF,wBAAwB,EAAE9F,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QAAE;QAC1DuF,wBAAwB,EAAE/F,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC7C4F,uBAAuB,EAAEhG,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QAAE;QACzDyF,qCAAqC,EAAEjG,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC1D8F,gDAAgD,EAAElG,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACrE+F,2CAA2C,EAAEnG,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC;MACjE,CAAC,CAAC;MACF;AACR;AACA;MACQgG,oBAAoB,EAAE9F,oBAAoB,CAACE,QAAQ,CAAC;IACtD,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAM6F,+BAA+B,GAAGpC,uBAAuB,CAACM,GAAG,CACxEvE,CAAC,CAACE,MAAM,CAAC;EACP4C,OAAO,EAAE9C,CAAC,CAACE,MAAM,CAAC;IAChBiE,QAAQ,EAAEnE,CAAC,CAACE,MAAM,CAAC;MACjBkG,oBAAoB,EAAE9F;IACxB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAMgG,iCAAiC,GAAGrC,uBAAuB,CAACM,GAAG,CAC1EvE,CAAC,CAACE,MAAM,CAAC;EACP4C,OAAO,EAAE9C,CAAC,CAACE,MAAM,CAAC;IAChBiE,QAAQ,EAAEnE,CAAC,CAACE,MAAM,CAAC;MACjBqG,eAAe,EAAEvG,CAAC,CACfE,MAAM,CAAC;QACNgF,cAAc,EAAElF,CAAC,CAACI,MAAM,CAAC,CAAC;QAC1BoG,oBAAoB,EAAExG,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QACpDgF,qBAAqB,EAAExF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC1C6F,qCAAqC,EAAEjG,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC1D8F,gDAAgD,EAAElG,CAAC,CAACa,KAAK,CACvDb,CAAC,CAACI,MAAM,CAAC,CACX,CAAC;QACDO,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;UAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;QAAE,CAAC;MACvC,CAAC,CAAC,CACDiE,WAAW,CAAC;IACjB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAEA,OAAO,MAAMyC,mBAAmB,GAAGzG,CAAC,CAACiC,KAAK,CACxC,CACEqE,iCAAiC,EACjChC,mCAAmC,EACnCD,8BAA8B,EAC9BgC,+BAA+B,CAChC,EACD;EACEvE,WAAW,EAAE;AACf,CACF,CAAC"}
|
1
|
+
{"version":3,"names":["UnixTime","JWK","z","TrustMark","object","id","string","trust_mark","RelyingPartyMetadata","application_type","optional","client_id","client_name","jwks","keys","array","contacts","CredentialDisplayMetadata","name","locale","CredentialIssuerDisplayMetadata","ClaimsMetadata","record","value_type","display","IssuanceErrorSupported","title","description","SupportedCredentialMetadata","format","union","literal","scope","claims","cryptographic_binding_methods_supported","credential_signing_alg_values_supported","authentic_source","issuance_errors_supported","EntityStatement","header","typ","alg","kid","payload","iss","sub","trust_marks","iat","number","exp","EntityConfigurationHeader","FederationEntityMetadata","federation_fetch_endpoint","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","federation_trust_mark_endpoint","federation_historical_keys_endpoint","endpoint_auth_signing_alg_values_supported","organization_name","homepage_uri","policy_uri","logo_uri","passthrough","BaseEntityConfiguration","authority_hints","metadata","federation_entity","TrustAnchorEntityConfiguration","CredentialIssuerEntityConfiguration","and","openid_credential_issuer","credential_issuer","credential_endpoint","revocation_endpoint","status_attestation_endpoint","credential_configurations_supported","oauth_authorization_server","authorization_endpoint","pushed_authorization_request_endpoint","token_endpoint","client_registration_types_supported","code_challenge_methods_supported","acr_values_supported","grant_types_supported","issuer","scopes_supported","response_modes_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","request_object_signing_alg_values_supported","wallet_relying_party","RelyingPartyEntityConfiguration","WalletProviderEntityConfiguration","wallet_provider","aal_values_supported","EntityConfiguration","FederationListResponse"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,OAAO,MAAMC,SAAS,GAAGD,CAAC,CAACE,MAAM,CAAC;EAAEC,EAAE,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEL,CAAC,CAACI,MAAM,CAAC;AAAE,CAAC,CAAC;AAG7E,MAAME,oBAAoB,GAAGN,CAAC,CAACE,MAAM,CAAC;EACpCK,gBAAgB,EAAEP,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACvCC,SAAS,EAAET,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAChCE,WAAW,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAClCG,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;IAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;EAAE,CAAC,CAAC;EACtCe,QAAQ,EAAEd,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC;AACzC,CAAC,CAAC;;AAEF;AACA;AAEA,MAAMO,yBAAyB,GAAGf,CAAC,CAACE,MAAM,CAAC;EACzCc,IAAI,EAAEhB,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBa,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC;AACnB,CAAC,CAAC;;AAEF;;AAIA,MAAMc,+BAA+B,GAAGlB,CAAC,CAACE,MAAM,CAAC;EAC/Cc,IAAI,EAAEhB,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBa,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC;AACnB,CAAC,CAAC;AAGF,MAAMe,cAAc,GAAGnB,CAAC,CAACoB,MAAM,CAC7BpB,CAAC,CAACE,MAAM,CAAC;EACPmB,UAAU,EAAErB,CAAC,CAACI,MAAM,CAAC,CAAC;EACtBkB,OAAO,EAAEtB,CAAC,CAACa,KAAK,CAACb,CAAC,CAACE,MAAM,CAAC;IAAEc,IAAI,EAAEhB,CAAC,CAACI,MAAM,CAAC,CAAC;IAAEa,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC;EAAE,CAAC,CAAC;AACrE,CAAC,CACH,CAAC;AAGD,MAAMmB,sBAAsB,GAAGvB,CAAC,CAACE,MAAM,CAAC;EACtCoB,OAAO,EAAEtB,CAAC,CAACa,KAAK,CACdb,CAAC,CAACE,MAAM,CAAC;IACPsB,KAAK,EAAExB,CAAC,CAACI,MAAM,CAAC,CAAC;IACjBqB,WAAW,EAAEzB,CAAC,CAACI,MAAM,CAAC,CAAC;IACvBa,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;;AAEF;;AAEA,MAAMsB,2BAA2B,GAAG1B,CAAC,CAACE,MAAM,CAAC;EAC3CyB,MAAM,EAAE3B,CAAC,CAAC4B,KAAK,CAAC,CAAC5B,CAAC,CAAC6B,OAAO,CAAC,WAAW,CAAC,EAAE7B,CAAC,CAAC6B,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC;EACpEC,KAAK,EAAE9B,CAAC,CAACI,MAAM,CAAC,CAAC;EACjBkB,OAAO,EAAEtB,CAAC,CAACa,KAAK,CAACE,yBAAyB,CAAC;EAC3CgB,MAAM,EAAEZ,cAAc;EACtBa,uCAAuC,EAAEhC,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;EAC5D6B,uCAAuC,EAAEjC,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;EAC5D8B,gBAAgB,EAAElC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACvC2B,yBAAyB,EAAEnC,CAAC,CAACoB,MAAM,CAACG,sBAAsB,CAAC,CAACf,QAAQ,CAAC;AACvE,CAAC,CAAC;AAGF,OAAO,MAAM4B,eAAe,GAAGpC,CAAC,CAACE,MAAM,CAAC;EACtCmC,MAAM,EAAErC,CAAC,CAACE,MAAM,CAAC;IACfoC,GAAG,EAAEtC,CAAC,CAAC6B,OAAO,CAAC,sBAAsB,CAAC;IACtCU,GAAG,EAAEvC,CAAC,CAACI,MAAM,CAAC,CAAC;IACfoC,GAAG,EAAExC,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACFqC,OAAO,EAAEzC,CAAC,CAACE,MAAM,CAAC;IAChBwC,GAAG,EAAE1C,CAAC,CAACI,MAAM,CAAC,CAAC;IACfuC,GAAG,EAAE3C,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;MAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;IAAE,CAAC,CAAC;IACtC6C,WAAW,EAAE5C,CAAC,CAACa,KAAK,CAACZ,SAAS,CAAC,CAACO,QAAQ,CAAC,CAAC;IAC1CqC,GAAG,EAAE7C,CAAC,CAAC8C,MAAM,CAAC,CAAC;IACfC,GAAG,EAAE/C,CAAC,CAAC8C,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAME,yBAAyB,GAAGhD,CAAC,CAACE,MAAM,CAAC;EAChDoC,GAAG,EAAEtC,CAAC,CAAC6B,OAAO,CAAC,sBAAsB,CAAC;EACtCU,GAAG,EAAEvC,CAAC,CAACI,MAAM,CAAC,CAAC;EACfoC,GAAG,EAAExC,CAAC,CAACI,MAAM,CAAC;AAChB,CAAC,CAAC;;AAEF;AACA;AACA;AACA,MAAM6C,wBAAwB,GAAGjD,CAAC,CAC/BE,MAAM,CAAC;EACNgD,yBAAyB,EAAElD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAChD2C,wBAAwB,EAAEnD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC/C4C,2BAA2B,EAAEpD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAClD6C,qCAAqC,EAAErD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC5D8C,mCAAmC,EAAEtD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC1D+C,8BAA8B,EAAEvD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACrDgD,mCAAmC,EAAExD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC1DiD,0CAA0C,EAAEzD,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACjEkD,iBAAiB,EAAE1D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACxCmD,YAAY,EAAE3D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACnCoD,UAAU,EAAE5D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACjCqD,QAAQ,EAAE7D,CAAC,CAACI,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC/BM,QAAQ,EAAEd,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC;AACzC,CAAC,CAAC,CACDsD,WAAW,CAAC,CAAC;;AAEhB;AACA,MAAMC,uBAAuB,GAAG/D,CAAC,CAACE,MAAM,CAAC;EACvCmC,MAAM,EAAEW,yBAAyB;EACjCP,OAAO,EAAEzC,CAAC,CACPE,MAAM,CAAC;IACNwC,GAAG,EAAE1C,CAAC,CAACI,MAAM,CAAC,CAAC;IACfuC,GAAG,EAAE3C,CAAC,CAACI,MAAM,CAAC,CAAC;IACfyC,GAAG,EAAE/C,QAAQ;IACbiD,GAAG,EAAEjD,QAAQ;IACbkE,eAAe,EAAEhE,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;IAC/CyD,QAAQ,EAAEjE,CAAC,CACRE,MAAM,CAAC;MACNgE,iBAAiB,EAAEjB;IACrB,CAAC,CAAC,CACDa,WAAW,CAAC,CAAC;IAChBnD,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;MACbU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;IACnB,CAAC;EACH,CAAC,CAAC,CACD+D,WAAW,CAAC;AACjB,CAAC,CAAC;;AAEF;;AAIA,OAAO,MAAMK,8BAA8B,GAAGJ,uBAAuB;;AAErE;;AAIA,OAAO,MAAMK,mCAAmC,GAAGL,uBAAuB,CAACM,GAAG,CAC5ErE,CAAC,CAACE,MAAM,CAAC;EACPuC,OAAO,EAAEzC,CAAC,CAACE,MAAM,CAAC;IAChBS,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;MAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;IAAE,CAAC,CAAC;IACtCkE,QAAQ,EAAEjE,CAAC,CAACE,MAAM,CAAC;MACjBoE,wBAAwB,EAAEtE,CAAC,CAACE,MAAM,CAAC;QACjCqE,iBAAiB,EAAEvE,CAAC,CAACI,MAAM,CAAC,CAAC;QAC7BoE,mBAAmB,EAAExE,CAAC,CAACI,MAAM,CAAC,CAAC;QAC/BqE,mBAAmB,EAAEzE,CAAC,CAACI,MAAM,CAAC,CAAC;QAC/BsE,2BAA2B,EAAE1E,CAAC,CAACI,MAAM,CAAC,CAAC;QACvCkB,OAAO,EAAEtB,CAAC,CAACa,KAAK,CAACK,+BAA+B,CAAC;QACjDyD,mCAAmC,EAAE3E,CAAC,CAACoB,MAAM,CAC3CM,2BACF,CAAC;QACDf,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;UAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;QAAE,CAAC;MACvC,CAAC,CAAC;MACF6E,0BAA0B,EAAE5E,CAAC,CAACE,MAAM,CAAC;QACnC2E,sBAAsB,EAAE7E,CAAC,CAACI,MAAM,CAAC,CAAC;QAClC0E,qCAAqC,EAAE9E,CAAC,CAACI,MAAM,CAAC,CAAC;QACjD2E,cAAc,EAAE/E,CAAC,CAACI,MAAM,CAAC,CAAC;QAC1B4E,mCAAmC,EAAEhF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACxD6E,gCAAgC,EAAEjF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACrD8E,oBAAoB,EAAElF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACzC+E,qBAAqB,EAAEnF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC1CgF,MAAM,EAAEpF,CAAC,CAACI,MAAM,CAAC,CAAC;QAClBO,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;UAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;QAAE,CAAC,CAAC;QACtCsF,gBAAgB,EAAErF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACrCkF,wBAAwB,EAAEtF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC7CmF,qCAAqC,EAAEvF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC1DoF,gDAAgD,EAAExF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACrEqF,2CAA2C,EAAEzF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC;MACjE,CAAC,CAAC;MACF;AACR;AACA;MACQsF,oBAAoB,EAAEpF,oBAAoB,CAACE,QAAQ,CAAC;IACtD,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAMmF,+BAA+B,GAAG5B,uBAAuB,CAACM,GAAG,CACxErE,CAAC,CAACE,MAAM,CAAC;EACPuC,OAAO,EAAEzC,CAAC,CAACE,MAAM,CAAC;IAChB+D,QAAQ,EAAEjE,CAAC,CAACE,MAAM,CAAC;MACjBwF,oBAAoB,EAAEpF;IACxB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAMsF,iCAAiC,GAAG7B,uBAAuB,CAACM,GAAG,CAC1ErE,CAAC,CAACE,MAAM,CAAC;EACPuC,OAAO,EAAEzC,CAAC,CAACE,MAAM,CAAC;IAChB+D,QAAQ,EAAEjE,CAAC,CAACE,MAAM,CAAC;MACjB2F,eAAe,EAAE7F,CAAC,CACfE,MAAM,CAAC;QACN6E,cAAc,EAAE/E,CAAC,CAACI,MAAM,CAAC,CAAC;QAC1B0F,oBAAoB,EAAE9F,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QACpD2E,qBAAqB,EAAEnF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC1CmF,qCAAqC,EAAEvF,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC1DoF,gDAAgD,EAAExF,CAAC,CAACa,KAAK,CACvDb,CAAC,CAACI,MAAM,CAAC,CACX,CAAC;QACDO,IAAI,EAAEX,CAAC,CAACE,MAAM,CAAC;UAAEU,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACd,GAAG;QAAE,CAAC;MACvC,CAAC,CAAC,CACD+D,WAAW,CAAC;IACjB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAEA,OAAO,MAAMiC,mBAAmB,GAAG/F,CAAC,CAAC4B,KAAK,CACxC,CACEgE,iCAAiC,EACjCxB,mCAAmC,EACnCD,8BAA8B,EAC9BwB,+BAA+B,CAChC,EACD;EACElE,WAAW,EAAE;AACf,CACF,CAAC;AAED,OAAO,MAAMuE,sBAAsB,GAAGhG,CAAC,CAACa,KAAK,CAACb,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC"}
|
@@ -0,0 +1,28 @@
|
|
1
|
+
import { decode as decodeJwt, verify as verifyJwt } from "@pagopa/io-react-native-jwt";
|
2
|
+
// Verify a token signature
|
3
|
+
// The kid is extracted from the token header
|
4
|
+
export const verify = async (token, kid, jwks) => {
|
5
|
+
const jwk = jwks.find(k => k.kid === kid);
|
6
|
+
if (!jwk) {
|
7
|
+
throw new Error(`Invalid kid: ${kid}, token: ${token}`);
|
8
|
+
}
|
9
|
+
const {
|
10
|
+
protectedHeader: header,
|
11
|
+
payload
|
12
|
+
} = await verifyJwt(token, jwk);
|
13
|
+
return {
|
14
|
+
header,
|
15
|
+
payload
|
16
|
+
};
|
17
|
+
};
|
18
|
+
export const decode = token => {
|
19
|
+
const {
|
20
|
+
protectedHeader: header,
|
21
|
+
payload
|
22
|
+
} = decodeJwt(token);
|
23
|
+
return {
|
24
|
+
header,
|
25
|
+
payload
|
26
|
+
};
|
27
|
+
};
|
28
|
+
//# sourceMappingURL=utils.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"names":["decode","decodeJwt","verify","verifyJwt","token","kid","jwks","jwk","find","k","Error","protectedHeader","header","payload"],"sourceRoot":"../../../src","sources":["trust/utils.ts"],"mappings":"AAAA,SACEA,MAAM,IAAIC,SAAS,EACnBC,MAAM,IAAIC,SAAS,QACd,6BAA6B;AAUpC;AACA;AACA,OAAO,MAAMD,MAAM,GAAG,MAAAA,CACpBE,KAAa,EACbC,GAAW,EACXC,IAAW,KACc;EACzB,MAAMC,GAAG,GAAGD,IAAI,CAACE,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,GAAG,KAAKA,GAAG,CAAC;EAC3C,IAAI,CAACE,GAAG,EAAE;IACR,MAAM,IAAIG,KAAK,CAAE,gBAAeL,GAAI,YAAWD,KAAM,EAAC,CAAC;EACzD;EACA,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAMV,SAAS,CAACC,KAAK,EAAEG,GAAG,CAAC;EACxE,OAAO;IAAEK,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;AAED,OAAO,MAAMb,MAAM,GAAII,KAAa,IAAK;EACvC,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAGZ,SAAS,CAACG,KAAK,CAAC;EAC7D,OAAO;IAAEQ,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC"}
|
@@ -1,5 +1,5 @@
|
|
1
1
|
import { getPublicKey, sign, generate, deleteKey } from "@pagopa/io-react-native-crypto";
|
2
|
-
import
|
2
|
+
import { v4 as uuidv4 } from "uuid";
|
3
3
|
import { thumbprint } from "@pagopa/io-react-native-jwt";
|
4
4
|
import { fixBase64EncodingOnKey } from "./jwk";
|
5
5
|
|
@@ -49,7 +49,7 @@ export const createCryptoContextFor = keytag => {
|
|
49
49
|
*/
|
50
50
|
export const withEphemeralKey = async fn => {
|
51
51
|
// Use an ephemeral key to be destroyed after use
|
52
|
-
const keytag = `ephemeral-${
|
52
|
+
const keytag = `ephemeral-${uuidv4()}`;
|
53
53
|
await generate(keytag);
|
54
54
|
const ephemeralContext = createCryptoContextFor(keytag);
|
55
55
|
return fn(ephemeralContext).finally(() => deleteKey(keytag));
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"names":["getPublicKey","sign","generate","deleteKey","
|
1
|
+
{"version":3,"names":["getPublicKey","sign","generate","deleteKey","v4","uuidv4","thumbprint","fixBase64EncodingOnKey","createCryptoContextFor","keytag","then","jwk","kid","getSignature","value","withEphemeralKey","fn","ephemeralContext","finally"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":"AAAA,SACEA,YAAY,EACZC,IAAI,EACJC,QAAQ,EACRC,SAAS,QACJ,gCAAgC;AACvC,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,UAAU,QAA4B,6BAA6B;AAC5E,SAASC,sBAAsB,QAAQ,OAAO;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,GAAIC,MAAc,IAAoB;EACvE,OAAO;IACL;AACJ;AACA;AACA;AACA;IACI,MAAMT,YAAYA,CAAA,EAAG;MACnB,OAAOA,YAAY,CAACS,MAAM,CAAC,CACxBC,IAAI,CAACH,sBAAsB,CAAC,CAC5BG,IAAI,CAAC,MAAOC,GAAG,KAAM;QACpB,GAAGA,GAAG;QACN;QACA;QACA;QACA;QACAC,GAAG,EAAE,MAAMN,UAAU,CAACK,GAAG;MAC3B,CAAC,CAAC,CAAC;IACP,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;IACI,MAAME,YAAYA,CAACC,KAAa,EAAE;MAChC,OAAOb,IAAI,CAACa,KAAK,EAAEL,MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMM,gBAAgB,GAAG,MAC9BC,EAAmD,IACpC;EACf;EACA,MAAMP,MAAM,GAAI,aAAYJ,MAAM,CAAC,CAAE,EAAC;EACtC,MAAMH,QAAQ,CAACO,MAAM,CAAC;EACtB,MAAMQ,gBAAgB,GAAGT,sBAAsB,CAACC,MAAM,CAAC;EACvD,OAAOO,EAAE,CAACC,gBAAgB,CAAC,CAACC,OAAO,CAAC,MAAMf,SAAS,CAACM,MAAM,CAAC,CAAC;AAC9D,CAAC"}
|