@pagopa/io-react-native-wallet 0.27.1 → 0.28.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/client/generated/wallet-provider.js +27 -19
- package/lib/commonjs/client/generated/wallet-provider.js.map +1 -1
- package/lib/commonjs/trust/chain.js +35 -50
- package/lib/commonjs/trust/chain.js.map +1 -1
- package/lib/commonjs/trust/index.js +139 -16
- package/lib/commonjs/trust/index.js.map +1 -1
- package/lib/commonjs/trust/types.js +10 -6
- package/lib/commonjs/trust/types.js.map +1 -1
- package/lib/commonjs/trust/utils.js +36 -0
- package/lib/commonjs/trust/utils.js.map +1 -0
- package/lib/commonjs/wallet-instance/index.js +10 -0
- package/lib/commonjs/wallet-instance/index.js.map +1 -1
- package/lib/module/client/generated/wallet-provider.js +22 -15
- package/lib/module/client/generated/wallet-provider.js.map +1 -1
- package/lib/module/trust/chain.js +32 -46
- package/lib/module/trust/chain.js.map +1 -1
- package/lib/module/trust/index.js +139 -18
- package/lib/module/trust/index.js.map +1 -1
- package/lib/module/trust/types.js +8 -5
- package/lib/module/trust/types.js.map +1 -1
- package/lib/module/trust/utils.js +28 -0
- package/lib/module/trust/utils.js.map +1 -0
- package/lib/module/wallet-instance/index.js +9 -0
- package/lib/module/wallet-instance/index.js.map +1 -1
- package/lib/typescript/client/generated/wallet-provider.d.ts +91 -54
- package/lib/typescript/client/generated/wallet-provider.d.ts.map +1 -1
- package/lib/typescript/credential/status/types.d.ts +6 -6
- package/lib/typescript/sd-jwt/index.d.ts +12 -12
- package/lib/typescript/sd-jwt/types.d.ts +6 -6
- package/lib/typescript/trust/chain.d.ts +4 -9
- package/lib/typescript/trust/chain.d.ts.map +1 -1
- package/lib/typescript/trust/index.d.ts +101 -53
- package/lib/typescript/trust/index.d.ts.map +1 -1
- package/lib/typescript/trust/types.d.ts +761 -64
- package/lib/typescript/trust/types.d.ts.map +1 -1
- package/lib/typescript/trust/utils.d.ts +12 -0
- package/lib/typescript/trust/utils.d.ts.map +1 -0
- package/lib/typescript/utils/errors.d.ts.map +1 -1
- package/lib/typescript/utils/misc.d.ts.map +1 -1
- package/lib/typescript/wallet-instance/index.d.ts +8 -0
- package/lib/typescript/wallet-instance/index.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/types.d.ts +20 -20
- package/package.json +10 -11
- package/src/client/generated/wallet-provider.ts +28 -19
- package/src/credential/presentation/types.ts +1 -1
- package/src/trust/chain.ts +48 -68
- package/src/trust/index.ts +185 -20
- package/src/trust/types.ts +9 -5
- package/src/trust/utils.ts +32 -0
- package/src/utils/errors.ts +2 -2
- package/src/utils/misc.ts +2 -2
- package/src/wallet-instance/index.ts +13 -0
|
@@ -5,7 +5,7 @@ Object.defineProperty(exports, "__esModule", {
|
|
|
5
5
|
});
|
|
6
6
|
exports.WalletInstanceData = exports.WalletAttestationView = exports.SetWalletInstanceStatusBody = exports.RevocationReason = exports.ProblemDetail = exports.NonceDetailView = exports.EndpointByMethod = exports.CreateWalletInstanceBody = exports.CreateWalletAttestationBody = exports.ApiClient = void 0;
|
|
7
7
|
exports.createApiClient = createApiClient;
|
|
8
|
-
exports.put_SetWalletInstanceStatus = exports.post_CreateWalletInstance = exports.post_CreateWalletAttestation = exports.get_GetWalletInstanceStatus = exports.get_GetNonce = void 0;
|
|
8
|
+
exports.put_SetWalletInstanceStatus = exports.post_CreateWalletInstance = exports.post_CreateWalletAttestation = exports.get_GetWalletInstanceStatus = exports.get_GetNonce = exports.get_GetCurrentWalletInstanceStatus = void 0;
|
|
9
9
|
var _zod = _interopRequireDefault(require("zod"));
|
|
10
10
|
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
|
|
11
11
|
const NonceDetailView = _zod.default.object({
|
|
@@ -27,14 +27,6 @@ const CreateWalletAttestationBody = _zod.default.object({
|
|
|
27
27
|
assertion: _zod.default.string()
|
|
28
28
|
});
|
|
29
29
|
exports.CreateWalletAttestationBody = CreateWalletAttestationBody;
|
|
30
|
-
const ProblemDetail = _zod.default.object({
|
|
31
|
-
type: _zod.default.string().optional(),
|
|
32
|
-
title: _zod.default.string().optional(),
|
|
33
|
-
status: _zod.default.number().optional(),
|
|
34
|
-
detail: _zod.default.string().optional(),
|
|
35
|
-
instance: _zod.default.string().optional()
|
|
36
|
-
});
|
|
37
|
-
exports.ProblemDetail = ProblemDetail;
|
|
38
30
|
const SetWalletInstanceStatusBody = _zod.default.object({
|
|
39
31
|
status: _zod.default.literal("REVOKED")
|
|
40
32
|
});
|
|
@@ -47,6 +39,14 @@ const WalletInstanceData = _zod.default.object({
|
|
|
47
39
|
revocation_reason: _zod.default.union([RevocationReason, _zod.default.undefined()]).optional()
|
|
48
40
|
});
|
|
49
41
|
exports.WalletInstanceData = WalletInstanceData;
|
|
42
|
+
const ProblemDetail = _zod.default.object({
|
|
43
|
+
type: _zod.default.string().optional(),
|
|
44
|
+
title: _zod.default.string().optional(),
|
|
45
|
+
status: _zod.default.number().optional(),
|
|
46
|
+
detail: _zod.default.string().optional(),
|
|
47
|
+
instance: _zod.default.string().optional()
|
|
48
|
+
});
|
|
49
|
+
exports.ProblemDetail = ProblemDetail;
|
|
50
50
|
const get_GetNonce = {
|
|
51
51
|
method: _zod.default.literal("GET"),
|
|
52
52
|
path: _zod.default.literal("/nonce"),
|
|
@@ -63,6 +63,22 @@ const post_CreateWalletInstance = {
|
|
|
63
63
|
response: _zod.default.unknown()
|
|
64
64
|
};
|
|
65
65
|
exports.post_CreateWalletInstance = post_CreateWalletInstance;
|
|
66
|
+
const post_CreateWalletAttestation = {
|
|
67
|
+
method: _zod.default.literal("POST"),
|
|
68
|
+
path: _zod.default.literal("/token"),
|
|
69
|
+
parameters: _zod.default.object({
|
|
70
|
+
body: CreateWalletAttestationBody
|
|
71
|
+
}),
|
|
72
|
+
response: WalletAttestationView
|
|
73
|
+
};
|
|
74
|
+
exports.post_CreateWalletAttestation = post_CreateWalletAttestation;
|
|
75
|
+
const get_GetCurrentWalletInstanceStatus = {
|
|
76
|
+
method: _zod.default.literal("GET"),
|
|
77
|
+
path: _zod.default.literal("/wallet-instances/current/status"),
|
|
78
|
+
parameters: _zod.default.never(),
|
|
79
|
+
response: WalletInstanceData
|
|
80
|
+
};
|
|
81
|
+
exports.get_GetCurrentWalletInstanceStatus = get_GetCurrentWalletInstanceStatus;
|
|
66
82
|
const get_GetWalletInstanceStatus = {
|
|
67
83
|
method: _zod.default.literal("GET"),
|
|
68
84
|
path: _zod.default.literal("/wallet-instances/{id}/status"),
|
|
@@ -85,21 +101,13 @@ const put_SetWalletInstanceStatus = {
|
|
|
85
101
|
}),
|
|
86
102
|
response: _zod.default.unknown()
|
|
87
103
|
};
|
|
88
|
-
exports.put_SetWalletInstanceStatus = put_SetWalletInstanceStatus;
|
|
89
|
-
const post_CreateWalletAttestation = {
|
|
90
|
-
method: _zod.default.literal("POST"),
|
|
91
|
-
path: _zod.default.literal("/token"),
|
|
92
|
-
parameters: _zod.default.object({
|
|
93
|
-
body: CreateWalletAttestationBody
|
|
94
|
-
}),
|
|
95
|
-
response: WalletAttestationView
|
|
96
|
-
};
|
|
97
104
|
|
|
98
105
|
// <EndpointByMethod>
|
|
99
|
-
exports.
|
|
106
|
+
exports.put_SetWalletInstanceStatus = put_SetWalletInstanceStatus;
|
|
100
107
|
const EndpointByMethod = {
|
|
101
108
|
get: {
|
|
102
109
|
"/nonce": get_GetNonce,
|
|
110
|
+
"/wallet-instances/current/status": get_GetCurrentWalletInstanceStatus,
|
|
103
111
|
"/wallet-instances/{id}/status": get_GetWalletInstanceStatus
|
|
104
112
|
},
|
|
105
113
|
post: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_zod","_interopRequireDefault","require","obj","__esModule","default","NonceDetailView","z","object","nonce","string","exports","WalletAttestationView","wallet_attestation","CreateWalletInstanceBody","challenge","key_attestation","hardware_key_tag","CreateWalletAttestationBody","grant_type","literal","assertion","
|
|
1
|
+
{"version":3,"names":["_zod","_interopRequireDefault","require","obj","__esModule","default","NonceDetailView","z","object","nonce","string","exports","WalletAttestationView","wallet_attestation","CreateWalletInstanceBody","challenge","key_attestation","hardware_key_tag","CreateWalletAttestationBody","grant_type","literal","assertion","SetWalletInstanceStatusBody","status","RevocationReason","union","WalletInstanceData","id","is_revoked","boolean","revocation_reason","undefined","optional","ProblemDetail","type","title","number","detail","instance","get_GetNonce","method","path","parameters","never","response","post_CreateWalletInstance","body","unknown","post_CreateWalletAttestation","get_GetCurrentWalletInstanceStatus","get_GetWalletInstanceStatus","put_SetWalletInstanceStatus","EndpointByMethod","get","post","put","ApiClient","baseUrl","constructor","fetcher","setBaseUrl","arguments","length","createApiClient"],"sourceRoot":"../../../../src","sources":["client/generated/wallet-provider.ts"],"mappings":";;;;;;;;AAAA,IAAAA,IAAA,GAAAC,sBAAA,CAAAC,OAAA;AAAoB,SAAAD,uBAAAE,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAGb,MAAMG,eAAe,GAAGC,YAAC,CAACC,MAAM,CAAC;EACtCC,KAAK,EAAEF,YAAC,CAACG,MAAM,CAAC;AAClB,CAAC,CAAC;AAACC,OAAA,CAAAL,eAAA,GAAAA,eAAA;AAGI,MAAMM,qBAAqB,GAAGL,YAAC,CAACC,MAAM,CAAC;EAC5CK,kBAAkB,EAAEN,YAAC,CAACG,MAAM,CAAC;AAC/B,CAAC,CAAC;AAACC,OAAA,CAAAC,qBAAA,GAAAA,qBAAA;AAGI,MAAME,wBAAwB,GAAGP,YAAC,CAACC,MAAM,CAAC;EAC/CO,SAAS,EAAER,YAAC,CAACG,MAAM,CAAC,CAAC;EACrBM,eAAe,EAAET,YAAC,CAACG,MAAM,CAAC,CAAC;EAC3BO,gBAAgB,EAAEV,YAAC,CAACG,MAAM,CAAC;AAC7B,CAAC,CAAC;AAACC,OAAA,CAAAG,wBAAA,GAAAA,wBAAA;AAGI,MAAMI,2BAA2B,GAAGX,YAAC,CAACC,MAAM,CAAC;EAClDW,UAAU,EAAEZ,YAAC,CAACa,OAAO,CAAC,6CAA6C,CAAC;EACpEC,SAAS,EAAEd,YAAC,CAACG,MAAM,CAAC;AACtB,CAAC,CAAC;AAACC,OAAA,CAAAO,2BAAA,GAAAA,2BAAA;AAGI,MAAMI,2BAA2B,GAAGf,YAAC,CAACC,MAAM,CAAC;EAClDe,MAAM,EAAEhB,YAAC,CAACa,OAAO,CAAC,SAAS;AAC7B,CAAC,CAAC;AAACT,OAAA,CAAAW,2BAAA,GAAAA,2BAAA;AAGI,MAAME,gBAAgB,GAAGjB,YAAC,CAACkB,KAAK,CAAC,CACtClB,YAAC,CAACa,OAAO,CAAC,+BAA+B,CAAC,EAC1Cb,YAAC,CAACa,OAAO,CAAC,6BAA6B,CAAC,EACxCb,YAAC,CAACa,OAAO,CAAC,iBAAiB,CAAC,CAC7B,CAAC;AAACT,OAAA,CAAAa,gBAAA,GAAAA,gBAAA;AAGI,MAAME,kBAAkB,GAAGnB,YAAC,CAACC,MAAM,CAAC;EACzCmB,EAAE,EAAEpB,YAAC,CAACG,MAAM,CAAC,CAAC;EACdkB,UAAU,EAAErB,YAAC,CAACsB,OAAO,CAAC,CAAC;EACvBC,iBAAiB,EAAEvB,YAAC,CAACkB,KAAK,CAAC,CAACD,gBAAgB,EAAEjB,YAAC,CAACwB,SAAS,CAAC,CAAC,CAAC,CAAC,CAACC,QAAQ,CAAC;AACzE,CAAC,CAAC;AAACrB,OAAA,CAAAe,kBAAA,GAAAA,kBAAA;AAGI,MAAMO,aAAa,GAAG1B,YAAC,CAACC,MAAM,CAAC;EACpC0B,IAAI,EAAE3B,YAAC,CAACG,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EAC3BG,KAAK,EAAE5B,YAAC,CAACG,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EAC5BT,MAAM,EAAEhB,YAAC,CAAC6B,MAAM,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAC7BK,MAAM,EAAE9B,YAAC,CAACG,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EAC7BM,QAAQ,EAAE/B,YAAC,CAACG,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC;AAChC,CAAC,CAAC;AAACrB,OAAA,CAAAsB,aAAA,GAAAA,aAAA;AAGI,MAAMM,YAAY,GAAG;EAC1BC,MAAM,EAAEjC,YAAC,CAACa,OAAO,CAAC,KAAK,CAAC;EACxBqB,IAAI,EAAElC,YAAC,CAACa,OAAO,CAAC,QAAQ,CAAC;EACzBsB,UAAU,EAAEnC,YAAC,CAACoC,KAAK,CAAC,CAAC;EACrBC,QAAQ,EAAEtC;AACZ,CAAC;AAACK,OAAA,CAAA4B,YAAA,GAAAA,YAAA;AAGK,MAAMM,yBAAyB,GAAG;EACvCL,MAAM,EAAEjC,YAAC,CAACa,OAAO,CAAC,MAAM,CAAC;EACzBqB,IAAI,EAAElC,YAAC,CAACa,OAAO,CAAC,mBAAmB,CAAC;EACpCsB,UAAU,EAAEnC,YAAC,CAACC,MAAM,CAAC;IACnBsC,IAAI,EAAEhC;EACR,CAAC,CAAC;EACF8B,QAAQ,EAAErC,YAAC,CAACwC,OAAO,CAAC;AACtB,CAAC;AAACpC,OAAA,CAAAkC,yBAAA,GAAAA,yBAAA;AAGK,MAAMG,4BAA4B,GAAG;EAC1CR,MAAM,EAAEjC,YAAC,CAACa,OAAO,CAAC,MAAM,CAAC;EACzBqB,IAAI,EAAElC,YAAC,CAACa,OAAO,CAAC,QAAQ,CAAC;EACzBsB,UAAU,EAAEnC,YAAC,CAACC,MAAM,CAAC;IACnBsC,IAAI,EAAE5B;EACR,CAAC,CAAC;EACF0B,QAAQ,EAAEhC;AACZ,CAAC;AAACD,OAAA,CAAAqC,4BAAA,GAAAA,4BAAA;AAGK,MAAMC,kCAAkC,GAAG;EAChDT,MAAM,EAAEjC,YAAC,CAACa,OAAO,CAAC,KAAK,CAAC;EACxBqB,IAAI,EAAElC,YAAC,CAACa,OAAO,CAAC,kCAAkC,CAAC;EACnDsB,UAAU,EAAEnC,YAAC,CAACoC,KAAK,CAAC,CAAC;EACrBC,QAAQ,EAAElB;AACZ,CAAC;AAACf,OAAA,CAAAsC,kCAAA,GAAAA,kCAAA;AAGK,MAAMC,2BAA2B,GAAG;EACzCV,MAAM,EAAEjC,YAAC,CAACa,OAAO,CAAC,KAAK,CAAC;EACxBqB,IAAI,EAAElC,YAAC,CAACa,OAAO,CAAC,+BAA+B,CAAC;EAChDsB,UAAU,EAAEnC,YAAC,CAACC,MAAM,CAAC;IACnBiC,IAAI,EAAElC,YAAC,CAACC,MAAM,CAAC;MACbmB,EAAE,EAAEpB,YAAC,CAACG,MAAM,CAAC;IACf,CAAC;EACH,CAAC,CAAC;EACFkC,QAAQ,EAAElB;AACZ,CAAC;AAACf,OAAA,CAAAuC,2BAAA,GAAAA,2BAAA;AAGK,MAAMC,2BAA2B,GAAG;EACzCX,MAAM,EAAEjC,YAAC,CAACa,OAAO,CAAC,KAAK,CAAC;EACxBqB,IAAI,EAAElC,YAAC,CAACa,OAAO,CAAC,+BAA+B,CAAC;EAChDsB,UAAU,EAAEnC,YAAC,CAACC,MAAM,CAAC;IACnBiC,IAAI,EAAElC,YAAC,CAACC,MAAM,CAAC;MACbmB,EAAE,EAAEpB,YAAC,CAACG,MAAM,CAAC;IACf,CAAC,CAAC;IACFoC,IAAI,EAAExB;EACR,CAAC,CAAC;EACFsB,QAAQ,EAAErC,YAAC,CAACwC,OAAO,CAAC;AACtB,CAAC;;AAED;AAAApC,OAAA,CAAAwC,2BAAA,GAAAA,2BAAA;AACO,MAAMC,gBAAgB,GAAG;EAC9BC,GAAG,EAAE;IACH,QAAQ,EAAEd,YAAY;IACtB,kCAAkC,EAAEU,kCAAkC;IACtE,+BAA+B,EAAEC;EACnC,CAAC;EACDI,IAAI,EAAE;IACJ,mBAAmB,EAAET,yBAAyB;IAC9C,QAAQ,EAAEG;EACZ,CAAC;EACDO,GAAG,EAAE;IACH,+BAA+B,EAAEJ;EACnC;AACF,CAAC;;AAED;;AAEA;;AAKA;;AAEA;AAAAxC,OAAA,CAAAyC,gBAAA,GAAAA,gBAAA;AAyCA;;AAEA;AACO,MAAMI,SAAS,CAAC;EACrBC,OAAO,GAAW,EAAE;EAEpBC,WAAWA,CAAQC,OAAgB,EAAE;IAAA,KAAlBA,OAAgB,GAAhBA,OAAgB;EAAG;EAEtCC,UAAUA,CAACH,OAAe,EAAE;IAC1B,IAAI,CAACA,OAAO,GAAGA,OAAO;IACtB,OAAO,IAAI;EACb;;EAEA;EACAJ,GAAGA,CACDZ,IAAU,EAE+B;IACzC,OAAO,IAAI,CAACkB,OAAO,CAAC,KAAK,EAAE,IAAI,CAACF,OAAO,GAAGhB,IAAI,EAAAoB,SAAA,CAAAC,MAAA,QAAA/B,SAAA,GAAA8B,SAAA,GAAW,CAAC;EAC5D;EACA;;EAEA;EACAP,IAAIA,CACFb,IAAU,EAE+B;IACzC,OAAO,IAAI,CAACkB,OAAO,CAAC,MAAM,EAAE,IAAI,CAACF,OAAO,GAAGhB,IAAI,EAAAoB,SAAA,CAAAC,MAAA,QAAA/B,SAAA,GAAA8B,SAAA,GAAW,CAAC;EAC7D;EACA;;EAEA;EACAN,GAAGA,CACDd,IAAU,EAE+B;IACzC,OAAO,IAAI,CAACkB,OAAO,CAAC,KAAK,EAAE,IAAI,CAACF,OAAO,GAAGhB,IAAI,EAAAoB,SAAA,CAAAC,MAAA,QAAA/B,SAAA,GAAA8B,SAAA,GAAW,CAAC;EAC5D;EACA;AACF;AAAClD,OAAA,CAAA6C,SAAA,GAAAA,SAAA;AAEM,SAASO,eAAeA,CAACJ,OAAgB,EAAEF,OAAgB,EAAE;EAClE,OAAO,IAAID,SAAS,CAACG,OAAO,CAAC,CAACC,UAAU,CAACH,OAAO,IAAI,EAAE,CAAC;AACzD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA"}
|
|
@@ -5,40 +5,13 @@ Object.defineProperty(exports, "__esModule", {
|
|
|
5
5
|
});
|
|
6
6
|
exports.renewTrustChain = renewTrustChain;
|
|
7
7
|
exports.validateTrustChain = validateTrustChain;
|
|
8
|
-
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
9
8
|
var _types = require("./types");
|
|
10
9
|
var _errors = require("../utils/errors");
|
|
11
10
|
var z = _interopRequireWildcard(require("zod"));
|
|
12
11
|
var _ = require(".");
|
|
12
|
+
var _utils = require("./utils");
|
|
13
13
|
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
|
14
14
|
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
|
15
|
-
// Verify a token signature
|
|
16
|
-
// The kid is extracted from the token header
|
|
17
|
-
const verify = async (token, kid, jwks) => {
|
|
18
|
-
const jwk = jwks.find(k => k.kid === kid);
|
|
19
|
-
if (!jwk) {
|
|
20
|
-
throw new Error(`Invalid kid: ${kid}, token: ${token}`);
|
|
21
|
-
}
|
|
22
|
-
const {
|
|
23
|
-
protectedHeader: header,
|
|
24
|
-
payload
|
|
25
|
-
} = await (0, _ioReactNativeJwt.verify)(token, jwk);
|
|
26
|
-
return {
|
|
27
|
-
header,
|
|
28
|
-
payload
|
|
29
|
-
};
|
|
30
|
-
};
|
|
31
|
-
const decode = token => {
|
|
32
|
-
const {
|
|
33
|
-
protectedHeader: header,
|
|
34
|
-
payload
|
|
35
|
-
} = (0, _ioReactNativeJwt.decode)(token);
|
|
36
|
-
return {
|
|
37
|
-
header,
|
|
38
|
-
payload
|
|
39
|
-
};
|
|
40
|
-
};
|
|
41
|
-
|
|
42
15
|
// The first element of the chain is supposed to be the Entity Configuration for the document issuer
|
|
43
16
|
const FirstElementShape = _types.EntityConfiguration;
|
|
44
17
|
// Each element but the first is supposed to be an Entity Statement
|
|
@@ -51,7 +24,7 @@ const LastElementShape = z.union([_types.EntityStatement, _types.TrustAnchorEnti
|
|
|
51
24
|
* Validates a provided trust chain against a known trust
|
|
52
25
|
*
|
|
53
26
|
* @param trustAnchorEntity The entity configuration of the known trust anchor
|
|
54
|
-
* @param chain The chain of statements to be
|
|
27
|
+
* @param chain The chain of statements to be validated
|
|
55
28
|
* @returns The list of parsed token representing the chain
|
|
56
29
|
* @throws {IoWalletError} If the chain is not valid
|
|
57
30
|
*/
|
|
@@ -71,11 +44,11 @@ async function validateTrustChain(trustAnchorEntity, chain) {
|
|
|
71
44
|
throw new _errors.IoWalletError(`Cannot select kid: empty token`);
|
|
72
45
|
}
|
|
73
46
|
const shape = selectTokenShape(currentIndex);
|
|
74
|
-
return shape.parse(decode(token)).header.kid;
|
|
47
|
+
return shape.parse((0, _utils.decode)(token)).header.kid;
|
|
75
48
|
};
|
|
76
49
|
|
|
77
50
|
// select keys from the next token
|
|
78
|
-
// if the current token is the last, keys
|
|
51
|
+
// if the current token is the last, keys from trust anchor will be used
|
|
79
52
|
const selectKeys = currentIndex => {
|
|
80
53
|
if (currentIndex === chain.length - 1) {
|
|
81
54
|
return trustAnchorEntity.payload.jwks.keys;
|
|
@@ -86,12 +59,12 @@ async function validateTrustChain(trustAnchorEntity, chain) {
|
|
|
86
59
|
throw new _errors.IoWalletError(`Cannot select keys: empty nextToken`);
|
|
87
60
|
}
|
|
88
61
|
const shape = selectTokenShape(nextIndex);
|
|
89
|
-
return shape.parse(decode(nextToken)).payload.jwks.keys;
|
|
62
|
+
return shape.parse((0, _utils.decode)(nextToken)).payload.jwks.keys;
|
|
90
63
|
};
|
|
91
64
|
|
|
92
65
|
// Iterate the chain and validate each element's signature against the public keys of its next
|
|
93
|
-
// If there is no next, hence it's the end of the chain and it must be verified by the Trust Anchor
|
|
94
|
-
return Promise.all(chain.map((token, i) => [token, selectKid(i), selectKeys(i)]).map(args => verify(...args)));
|
|
66
|
+
// If there is no next, hence it's the end of the chain, and it must be verified by the Trust Anchor
|
|
67
|
+
return Promise.all(chain.map((token, i) => [token, selectKid(i), selectKeys(i)]).map(args => (0, _utils.verify)(...args)));
|
|
95
68
|
}
|
|
96
69
|
|
|
97
70
|
/**
|
|
@@ -99,24 +72,36 @@ async function validateTrustChain(trustAnchorEntity, chain) {
|
|
|
99
72
|
*
|
|
100
73
|
* @param chain The original chain
|
|
101
74
|
* @param appFetch (optional) fetch api implementation
|
|
102
|
-
* @returns A list of signed token that
|
|
103
|
-
* @throws When an element of the chain fails to parse
|
|
75
|
+
* @returns A list of signed token that represent the trust chain, in the same order of the provided chain
|
|
76
|
+
* @throws IoWalletError When an element of the chain fails to parse
|
|
104
77
|
*/
|
|
105
|
-
function renewTrustChain(chain) {
|
|
78
|
+
async function renewTrustChain(chain) {
|
|
106
79
|
let appFetch = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : fetch;
|
|
107
|
-
return Promise.all(chain
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
}
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
80
|
+
return Promise.all(chain.map(async (token, index) => {
|
|
81
|
+
const decoded = (0, _utils.decode)(token);
|
|
82
|
+
const entityStatementResult = _types.EntityStatement.safeParse(decoded);
|
|
83
|
+
const entityConfigurationResult = _types.EntityConfiguration.safeParse(decoded);
|
|
84
|
+
if (entityConfigurationResult.success) {
|
|
85
|
+
return (0, _.getSignedEntityConfiguration)(entityConfigurationResult.data.payload.iss, {
|
|
86
|
+
appFetch
|
|
87
|
+
});
|
|
88
|
+
}
|
|
89
|
+
if (entityStatementResult.success) {
|
|
90
|
+
const entityStatement = entityStatementResult.data;
|
|
91
|
+
const parentBaseUrl = entityStatement.payload.iss;
|
|
92
|
+
const parentECJwt = await (0, _.getSignedEntityConfiguration)(parentBaseUrl, {
|
|
93
|
+
appFetch
|
|
94
|
+
});
|
|
95
|
+
const parentEC = _types.EntityConfiguration.parse((0, _utils.decode)(parentECJwt));
|
|
96
|
+
const federationFetchEndpoint = parentEC.payload.metadata.federation_entity.federation_fetch_endpoint;
|
|
97
|
+
if (!federationFetchEndpoint) {
|
|
98
|
+
throw new _errors.IoWalletError(`Parent EC at ${parentBaseUrl} is missing federation_fetch_endpoint`);
|
|
99
|
+
}
|
|
100
|
+
return (0, _.getSignedEntityStatement)(federationFetchEndpoint, entityStatement.payload.sub, {
|
|
101
|
+
appFetch
|
|
102
|
+
});
|
|
103
|
+
}
|
|
104
|
+
throw new _errors.IoWalletError(`Cannot renew trust chain because element #${index} failed to parse.`);
|
|
120
105
|
}));
|
|
121
106
|
}
|
|
122
107
|
//# sourceMappingURL=chain.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["_types","require","_errors","z","_interopRequireWildcard","_","_utils","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","FirstElementShape","EntityConfiguration","MiddleElementShape","EntityStatement","LastElementShape","union","TrustAnchorEntityConfiguration","validateTrustChain","trustAnchorEntity","chain","length","IoWalletError","selectTokenShape","elementIndex","selectKid","currentIndex","token","shape","parse","decode","header","kid","selectKeys","payload","jwks","keys","nextIndex","nextToken","Promise","all","map","i","args","verify","renewTrustChain","appFetch","arguments","undefined","fetch","index","decoded","entityStatementResult","safeParse","entityConfigurationResult","success","getSignedEntityConfiguration","data","iss","entityStatement","parentBaseUrl","parentECJwt","parentEC","federationFetchEndpoint","metadata","federation_entity","federation_fetch_endpoint","getSignedEntityStatement","sub"],"sourceRoot":"../../../src","sources":["trust/chain.ts"],"mappings":";;;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAMA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,CAAA,GAAAC,uBAAA,CAAAH,OAAA;AACA,IAAAI,CAAA,GAAAJ,OAAA;AACA,IAAAK,MAAA,GAAAL,OAAA;AAA2D,SAAAM,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAE3D;AACA,MAAMW,iBAAiB,GAAGC,0BAAmB;AAC7C;AACA,MAAMC,kBAAkB,GAAGC,sBAAe;AAC1C;AACA;AACA,MAAMC,gBAAgB,GAAG9B,CAAC,CAAC+B,KAAK,CAAC,CAC/BF,sBAAe,EACfG,qCAA8B,CAC/B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeC,kBAAkBA,CACtCC,iBAAiD,EACjDC,KAAe,EACS;EACxB;EACA,IAAIA,KAAK,CAACC,MAAM,KAAK,CAAC,EAAE;IACtB,MAAM,IAAIC,qBAAa,CAAC,iCAAiC,CAAC;EAC5D;;EAEA;EACA,MAAMC,gBAAgB,GAAIC,YAAoB,IAC5CA,YAAY,KAAK,CAAC,GACdb,iBAAiB,GACjBa,YAAY,KAAKJ,KAAK,CAACC,MAAM,GAAG,CAAC,GACjCN,gBAAgB,GAChBF,kBAAkB;;EAExB;EACA,MAAMY,SAAS,GAAIC,YAAoB,IAAa;IAClD,MAAMC,KAAK,GAAGP,KAAK,CAACM,YAAY,CAAC;IACjC,IAAI,CAACC,KAAK,EAAE;MACV,MAAM,IAAIL,qBAAa,CAAE,gCAA+B,CAAC;IAC3D;IACA,MAAMM,KAAK,GAAGL,gBAAgB,CAACG,YAAY,CAAC;IAC5C,OAAOE,KAAK,CAACC,KAAK,CAAC,IAAAC,aAAM,EAACH,KAAK,CAAC,CAAC,CAACI,MAAM,CAACC,GAAG;EAC9C,CAAC;;EAED;EACA;EACA,MAAMC,UAAU,GAAIP,YAAoB,IAAY;IAClD,IAAIA,YAAY,KAAKN,KAAK,CAACC,MAAM,GAAG,CAAC,EAAE;MACrC,OAAOF,iBAAiB,CAACe,OAAO,CAACC,IAAI,CAACC,IAAI;IAC5C;IAEA,MAAMC,SAAS,GAAGX,YAAY,GAAG,CAAC;IAClC,MAAMY,SAAS,GAAGlB,KAAK,CAACiB,SAAS,CAAC;IAClC,IAAI,CAACC,SAAS,EAAE;MACd,MAAM,IAAIhB,qBAAa,CAAE,qCAAoC,CAAC;IAChE;IACA,MAAMM,KAAK,GAAGL,gBAAgB,CAACc,SAAS,CAAC;IACzC,OAAOT,KAAK,CAACC,KAAK,CAAC,IAAAC,aAAM,EAACQ,SAAS,CAAC,CAAC,CAACJ,OAAO,CAACC,IAAI,CAACC,IAAI;EACzD,CAAC;;EAED;EACA;EACA,OAAOG,OAAO,CAACC,GAAG,CAChBpB,KAAK,CACFqB,GAAG,CAAC,CAACd,KAAK,EAAEe,CAAC,KAAK,CAACf,KAAK,EAAEF,SAAS,CAACiB,CAAC,CAAC,EAAET,UAAU,CAACS,CAAC,CAAC,CAAU,CAAC,CAChED,GAAG,CAAEE,IAAI,IAAK,IAAAC,aAAM,EAAC,GAAGD,IAAI,CAAC,CAClC,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeE,eAAeA,CACnCzB,KAAe,EAEI;EAAA,IADnB0B,QAA8B,GAAAC,SAAA,CAAA1B,MAAA,QAAA0B,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAGE,KAAK;EAEtC,OAAOV,OAAO,CAACC,GAAG,CAChBpB,KAAK,CAACqB,GAAG,CAAC,OAAOd,KAAK,EAAEuB,KAAK,KAAK;IAChC,MAAMC,OAAO,GAAG,IAAArB,aAAM,EAACH,KAAK,CAAC;IAE7B,MAAMyB,qBAAqB,GAAGtC,sBAAe,CAACuC,SAAS,CAACF,OAAO,CAAC;IAChE,MAAMG,yBAAyB,GAAG1C,0BAAmB,CAACyC,SAAS,CAACF,OAAO,CAAC;IAExE,IAAIG,yBAAyB,CAACC,OAAO,EAAE;MACrC,OAAO,IAAAC,8BAA4B,EACjCF,yBAAyB,CAACG,IAAI,CAACvB,OAAO,CAACwB,GAAG,EAC1C;QAAEZ;MAAS,CACb,CAAC;IACH;IACA,IAAIM,qBAAqB,CAACG,OAAO,EAAE;MACjC,MAAMI,eAAe,GAAGP,qBAAqB,CAACK,IAAI;MAElD,MAAMG,aAAa,GAAGD,eAAe,CAACzB,OAAO,CAACwB,GAAG;MACjD,MAAMG,WAAW,GAAG,MAAM,IAAAL,8BAA4B,EAACI,aAAa,EAAE;QACpEd;MACF,CAAC,CAAC;MACF,MAAMgB,QAAQ,GAAGlD,0BAAmB,CAACiB,KAAK,CAAC,IAAAC,aAAM,EAAC+B,WAAW,CAAC,CAAC;MAE/D,MAAME,uBAAuB,GAC3BD,QAAQ,CAAC5B,OAAO,CAAC8B,QAAQ,CAACC,iBAAiB,CAACC,yBAAyB;MACvE,IAAI,CAACH,uBAAuB,EAAE;QAC5B,MAAM,IAAIzC,qBAAa,CACpB,gBAAesC,aAAc,uCAChC,CAAC;MACH;MACA,OAAO,IAAAO,0BAAwB,EAC7BJ,uBAAuB,EACvBJ,eAAe,CAACzB,OAAO,CAACkC,GAAG,EAC3B;QAAEtB;MAAS,CACb,CAAC;IACH;IACA,MAAM,IAAIxB,qBAAa,CACpB,6CAA4C4B,KAAM,mBACrD,CAAC;EACH,CAAC,CACH,CAAC;AACH"}
|
|
@@ -3,25 +3,29 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
+
exports.buildTrustChain = buildTrustChain;
|
|
6
7
|
exports.getEntityConfiguration = exports.getCredentialIssuerEntityConfiguration = void 0;
|
|
7
8
|
exports.getEntityStatement = getEntityStatement;
|
|
9
|
+
exports.getFederationList = getFederationList;
|
|
8
10
|
exports.getRelyingPartyEntityConfiguration = void 0;
|
|
9
11
|
exports.getSignedEntityConfiguration = getSignedEntityConfiguration;
|
|
10
12
|
exports.getSignedEntityStatement = getSignedEntityStatement;
|
|
11
13
|
exports.getWalletProviderEntityConfiguration = exports.getTrustAnchorEntityConfiguration = void 0;
|
|
12
14
|
exports.verifyTrustChain = verifyTrustChain;
|
|
15
|
+
var _utils = require("./utils");
|
|
13
16
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
14
17
|
var _types = require("./types");
|
|
15
18
|
var _chain = require("./chain");
|
|
16
19
|
var _misc = require("../utils/misc");
|
|
20
|
+
var _errors = require("../utils/errors");
|
|
17
21
|
/**
|
|
18
22
|
* Verify a given trust chain is actually valid.
|
|
19
23
|
* It can handle fast chain renewal, which means we try to fetch a fresh version of each statement.
|
|
20
24
|
*
|
|
21
25
|
* @param trustAnchorEntity The entity configuration of the known trust anchor
|
|
22
|
-
* @param chain The chain of statements to be
|
|
23
|
-
* @param
|
|
24
|
-
* @param
|
|
26
|
+
* @param chain The chain of statements to be validated
|
|
27
|
+
* @param renewOnFail Whether to renew the provided chain if the validation fails at first. Default: true
|
|
28
|
+
* @param appFetch Fetch api implementation. Default: the built-in implementation
|
|
25
29
|
* @returns The result of the chain validation
|
|
26
30
|
* @throws {IoWalletError} When either validation or renewal fail
|
|
27
31
|
*/
|
|
@@ -46,7 +50,7 @@ async function verifyTrustChain(trustAnchorEntity, chain) {
|
|
|
46
50
|
* Fetch the signed entity configuration token for an entity
|
|
47
51
|
*
|
|
48
52
|
* @param entityBaseUrl The url of the entity to fetch
|
|
49
|
-
* @param
|
|
53
|
+
* @param appFetch (optional) fetch api implementation
|
|
50
54
|
* @returns The signed Entity Configuration token
|
|
51
55
|
*/
|
|
52
56
|
async function getSignedEntityConfiguration(entityBaseUrl) {
|
|
@@ -71,6 +75,7 @@ async function getSignedEntityConfiguration(entityBaseUrl) {
|
|
|
71
75
|
*
|
|
72
76
|
* @param entityBaseUrl The base url of the entity.
|
|
73
77
|
* @param schema The expected schema of the entity configuration, according to the kind of entity we are fetching from.
|
|
78
|
+
* @param options An optional object with additional options.
|
|
74
79
|
* @param options.appFetch An optional instance of the http client to be used.
|
|
75
80
|
* @returns The parsed entity configuration object
|
|
76
81
|
* @throws {IoWalletError} If the http request fails
|
|
@@ -103,9 +108,9 @@ const getEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityCo
|
|
|
103
108
|
/**
|
|
104
109
|
* Fetch and parse the entity statement document for a given federation entity.
|
|
105
110
|
*
|
|
106
|
-
* @param accreditationBodyBaseUrl The base url of the
|
|
111
|
+
* @param accreditationBodyBaseUrl The base url of the accreditation body which holds and signs the required entity statement
|
|
107
112
|
* @param subordinatedEntityBaseUrl The url that identifies the subordinate entity
|
|
108
|
-
* @param
|
|
113
|
+
* @param appFetch An optional instance of the http client to be used.
|
|
109
114
|
* @returns The parsed entity configuration object
|
|
110
115
|
* @throws {IoWalletError} If the http request fails
|
|
111
116
|
* @throws Parse error if the document is not in the expected shape.
|
|
@@ -128,21 +133,139 @@ async function getEntityStatement(accreditationBodyBaseUrl, subordinatedEntityBa
|
|
|
128
133
|
/**
|
|
129
134
|
* Fetch the entity statement document for a given federation entity.
|
|
130
135
|
*
|
|
131
|
-
* @param
|
|
132
|
-
* @param subordinatedEntityBaseUrl The url that identifies the subordinate entity
|
|
133
|
-
* @param
|
|
134
|
-
* @returns The signed entity statement token
|
|
135
|
-
* @throws {IoWalletError} If the http request fails
|
|
136
|
+
* @param federationFetchEndpoint The exact endpoint provided by the parent EC's metadata.
|
|
137
|
+
* @param subordinatedEntityBaseUrl The url that identifies the subordinate entity.
|
|
138
|
+
* @param appFetch An optional instance of the http client to be used.
|
|
139
|
+
* @returns The signed entity statement token.
|
|
140
|
+
* @throws {IoWalletError} If the http request fails.
|
|
136
141
|
*/
|
|
137
|
-
async function getSignedEntityStatement(
|
|
142
|
+
async function getSignedEntityStatement(federationFetchEndpoint, subordinatedEntityBaseUrl) {
|
|
138
143
|
let {
|
|
139
144
|
appFetch = fetch
|
|
140
145
|
} = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
|
|
141
|
-
const url =
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
return await appFetch(url, {
|
|
146
|
+
const url = new URL(federationFetchEndpoint);
|
|
147
|
+
url.searchParams.set("sub", subordinatedEntityBaseUrl);
|
|
148
|
+
return await appFetch(url.toString(), {
|
|
145
149
|
method: "GET"
|
|
146
150
|
}).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.text());
|
|
147
151
|
}
|
|
152
|
+
|
|
153
|
+
/**
|
|
154
|
+
* Fetch the federation list document from a given endpoint.
|
|
155
|
+
*
|
|
156
|
+
* @param federationListEndpoint The URL of the federation list endpoint.
|
|
157
|
+
* @param appFetch An optional instance of the http client to be used.
|
|
158
|
+
* @returns The federation list as an array of strings.
|
|
159
|
+
* @throws {IoWalletError} If the HTTP request fails or the response cannot be parsed.
|
|
160
|
+
*/
|
|
161
|
+
async function getFederationList(federationListEndpoint) {
|
|
162
|
+
let {
|
|
163
|
+
appFetch = fetch
|
|
164
|
+
} = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
|
|
165
|
+
return await appFetch(federationListEndpoint, {
|
|
166
|
+
method: "GET"
|
|
167
|
+
}).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.json()).then(json => {
|
|
168
|
+
const result = _types.FederationListResponse.safeParse(json);
|
|
169
|
+
if (!result.success) {
|
|
170
|
+
throw new _errors.IoWalletError(`Invalid federation list format received from Trust Anchor: ${result.error.message}`);
|
|
171
|
+
}
|
|
172
|
+
return result.data;
|
|
173
|
+
});
|
|
174
|
+
}
|
|
175
|
+
|
|
176
|
+
/**
|
|
177
|
+
* Build a not-verified trust chain for a given Relying Party (RP) entity.
|
|
178
|
+
*
|
|
179
|
+
* @param relyingPartyEntityBaseUrl The base URL of the RP entity
|
|
180
|
+
* @param trustAnchorKey The public key of the Trust Anchor (TA) entity
|
|
181
|
+
* @param appFetch An optional instance of the http client to be used.
|
|
182
|
+
* @returns A list of signed tokens that represent the trust chain, in the order of the chain (from the RP to the Trust Anchor)
|
|
183
|
+
* @throws {IoWalletError} When an element of the chain fails to parse
|
|
184
|
+
* The result of this function can be used to validate the trust chain with {@link verifyTrustChain}
|
|
185
|
+
*/
|
|
186
|
+
async function buildTrustChain(relyingPartyEntityBaseUrl, trustAnchorKey) {
|
|
187
|
+
let appFetch = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : fetch;
|
|
188
|
+
// 1: Recursively gather the trust chain from the RP up to the Trust Anchor
|
|
189
|
+
const trustChain = await gatherTrustChain(relyingPartyEntityBaseUrl, appFetch);
|
|
190
|
+
|
|
191
|
+
// 2: Trust Anchor signature verification
|
|
192
|
+
const trustAnchorJwt = trustChain[trustChain.length - 1];
|
|
193
|
+
if (!trustAnchorJwt) {
|
|
194
|
+
throw new _errors.IoWalletError("Cannot verify trust anchor: missing entity configuration.");
|
|
195
|
+
}
|
|
196
|
+
if (!trustAnchorKey.kid) {
|
|
197
|
+
throw new _errors.IoWalletError("Missing 'kid' in provided Trust Anchor key.");
|
|
198
|
+
}
|
|
199
|
+
await (0, _utils.verify)(trustAnchorJwt, trustAnchorKey.kid, [trustAnchorKey]);
|
|
200
|
+
|
|
201
|
+
// 3: Check the federation list
|
|
202
|
+
const trustAnchorConfig = _types.EntityConfiguration.parse((0, _utils.decode)(trustAnchorJwt));
|
|
203
|
+
const federationListEndpoint = trustAnchorConfig.payload.metadata.federation_entity.federation_list_endpoint;
|
|
204
|
+
if (federationListEndpoint) {
|
|
205
|
+
const federationList = await getFederationList(federationListEndpoint, {
|
|
206
|
+
appFetch
|
|
207
|
+
});
|
|
208
|
+
if (!federationList.includes(relyingPartyEntityBaseUrl)) {
|
|
209
|
+
throw new _errors.IoWalletError("Relying Party entity base URL is not authorized by the Trust Anchor's federation list.");
|
|
210
|
+
}
|
|
211
|
+
}
|
|
212
|
+
return trustChain;
|
|
213
|
+
}
|
|
214
|
+
|
|
215
|
+
/**
|
|
216
|
+
* Recursively gather the trust chain for an entity and all its superiors.
|
|
217
|
+
* @param entityBaseUrl The base URL of the entity for which to gather the chain.
|
|
218
|
+
* @param appFetch An optional instance of the http client to be used.
|
|
219
|
+
* @param isLeaf Whether the current entity is the leaf of the chain.
|
|
220
|
+
* @returns A full ordered list of JWTs (ECs and ESs) forming the trust chain.
|
|
221
|
+
*/
|
|
222
|
+
async function gatherTrustChain(entityBaseUrl, appFetch) {
|
|
223
|
+
let isLeaf = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : true;
|
|
224
|
+
const chain = [];
|
|
225
|
+
|
|
226
|
+
// Fetch self-signed EC (only needed for the leaf)
|
|
227
|
+
const entityECJwt = await getSignedEntityConfiguration(entityBaseUrl, {
|
|
228
|
+
appFetch
|
|
229
|
+
});
|
|
230
|
+
const entityEC = _types.EntityConfiguration.parse((0, _utils.decode)(entityECJwt));
|
|
231
|
+
if (isLeaf) {
|
|
232
|
+
// Only push EC for the leaf
|
|
233
|
+
chain.push(entityECJwt);
|
|
234
|
+
}
|
|
235
|
+
|
|
236
|
+
// Find authority_hints (parent, if any)
|
|
237
|
+
const authorityHints = entityEC.payload.authority_hints ?? [];
|
|
238
|
+
if (authorityHints.length === 0) {
|
|
239
|
+
// This is the Trust Anchor (no parent)
|
|
240
|
+
if (!isLeaf) {
|
|
241
|
+
chain.push(entityECJwt);
|
|
242
|
+
}
|
|
243
|
+
return chain;
|
|
244
|
+
}
|
|
245
|
+
const parentEntityBaseUrl = authorityHints[0];
|
|
246
|
+
|
|
247
|
+
// Fetch parent EC
|
|
248
|
+
const parentECJwt = await getSignedEntityConfiguration(parentEntityBaseUrl, {
|
|
249
|
+
appFetch
|
|
250
|
+
});
|
|
251
|
+
const parentEC = _types.EntityConfiguration.parse((0, _utils.decode)(parentECJwt));
|
|
252
|
+
|
|
253
|
+
// Fetch ES
|
|
254
|
+
const federationFetchEndpoint = parentEC.payload.metadata.federation_entity.federation_fetch_endpoint;
|
|
255
|
+
if (!federationFetchEndpoint) {
|
|
256
|
+
throw new _errors.IoWalletError("Missing federation_fetch_endpoint in parent's configuration.");
|
|
257
|
+
}
|
|
258
|
+
const entityStatementJwt = await getSignedEntityStatement(federationFetchEndpoint, entityBaseUrl, {
|
|
259
|
+
appFetch
|
|
260
|
+
});
|
|
261
|
+
// Validate the ES
|
|
262
|
+
_types.EntityStatement.parse((0, _utils.decode)(entityStatementJwt));
|
|
263
|
+
|
|
264
|
+
// Push this ES into the chain
|
|
265
|
+
chain.push(entityStatementJwt);
|
|
266
|
+
|
|
267
|
+
// Recurse into the parent
|
|
268
|
+
const parentChain = await gatherTrustChain(parentEntityBaseUrl, appFetch, false);
|
|
269
|
+
return chain.concat(parentChain);
|
|
270
|
+
}
|
|
148
271
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["_utils","require","_ioReactNativeJwt","_types","_chain","_misc","_errors","verifyTrustChain","trustAnchorEntity","chain","appFetch","fetch","renewOnFail","arguments","length","undefined","validateTrustChain","error","renewedChain","renewTrustChain","getSignedEntityConfiguration","entityBaseUrl","wellKnownUrl","method","then","hasStatusOrThrow","res","text","fetchAndParseEntityConfiguration","schema","responseText","responseJwt","decodeJwt","parse","header","protectedHeader","payload","getWalletProviderEntityConfiguration","options","WalletProviderEntityConfiguration","exports","getCredentialIssuerEntityConfiguration","CredentialIssuerEntityConfiguration","getTrustAnchorEntityConfiguration","TrustAnchorEntityConfiguration","getRelyingPartyEntityConfiguration","RelyingPartyEntityConfiguration","getEntityConfiguration","EntityConfiguration","getEntityStatement","accreditationBodyBaseUrl","subordinatedEntityBaseUrl","getSignedEntityStatement","EntityStatement","federationFetchEndpoint","url","URL","searchParams","set","toString","getFederationList","federationListEndpoint","json","result","FederationListResponse","safeParse","success","IoWalletError","message","data","buildTrustChain","relyingPartyEntityBaseUrl","trustAnchorKey","trustChain","gatherTrustChain","trustAnchorJwt","kid","verify","trustAnchorConfig","decode","metadata","federation_entity","federation_list_endpoint","federationList","includes","isLeaf","entityECJwt","entityEC","push","authorityHints","authority_hints","parentEntityBaseUrl","parentECJwt","parentEC","federation_fetch_endpoint","entityStatementJwt","parentChain","concat"],"sourceRoot":"../../../src","sources":["trust/index.ts"],"mappings":";;;;;;;;;;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,iBAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AASA,IAAAG,MAAA,GAAAH,OAAA;AACA,IAAAI,KAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AAYA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeM,gBAAgBA,CACpCC,iBAAiD,EACjDC,KAAe,EAKiC;EAAA,IAJhD;IACEC,QAAQ,GAAGC,KAAK;IAChBC,WAAW,GAAG;EAC4C,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAElE,IAAI;IACF,OAAO,IAAAG,yBAAkB,EAACR,iBAAiB,EAAEC,KAAK,CAAC;EACrD,CAAC,CAAC,OAAOQ,KAAK,EAAE;IACd,IAAIL,WAAW,EAAE;MACf,MAAMM,YAAY,GAAG,MAAM,IAAAC,sBAAe,EAACV,KAAK,EAAEC,QAAQ,CAAC;MAC3D,OAAO,IAAAM,yBAAkB,EAACR,iBAAiB,EAAEU,YAAY,CAAC;IAC5D,CAAC,MAAM;MACL,MAAMD,KAAK;IACb;EACF;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeG,4BAA4BA,CAChDC,aAAqB,EAMJ;EAAA,IALjB;IACEX,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMS,YAAY,GAAI,GAAED,aAAc,gCAA+B;EAErE,OAAO,MAAMX,QAAQ,CAACY,YAAY,EAAE;IAClCC,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;AAC9B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAoCA,eAAeC,gCAAgCA,CAC7CP,aAAqB,EACrBQ,MAK8B,EAM9B;EAAA,IALA;IACEnB,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMiB,YAAY,GAAG,MAAMV,4BAA4B,CAACC,aAAa,EAAE;IACrEX;EACF,CAAC,CAAC;EAEF,MAAMqB,WAAW,GAAG,IAAAC,wBAAS,EAACF,YAAY,CAAC;EAC3C,OAAOD,MAAM,CAACI,KAAK,CAAC;IAClBC,MAAM,EAAEH,WAAW,CAACI,eAAe;IACnCC,OAAO,EAAEL,WAAW,CAACK;EACvB,CAAC,CAAC;AACJ;AAEO,MAAMC,oCAAoC,GAAGA,CAClDhB,aAAqE,EACrEiB,OAAgE,KAEhEV,gCAAgC,CAC9BP,aAAa,EACbkB,wCAAiC,EACjCD,OACF,CAAC;AAACE,OAAA,CAAAH,oCAAA,GAAAA,oCAAA;AAEG,MAAMI,sCAAsC,GAAGA,CACpDpB,aAAqE,EACrEiB,OAAgE,KAEhEV,gCAAgC,CAC9BP,aAAa,EACbqB,0CAAmC,EACnCJ,OACF,CAAC;AAACE,OAAA,CAAAC,sCAAA,GAAAA,sCAAA;AAEG,MAAME,iCAAiC,GAAGA,CAC/CtB,aAAqE,EACrEiB,OAAgE,KAEhEV,gCAAgC,CAC9BP,aAAa,EACbuB,qCAA8B,EAC9BN,OACF,CAAC;AAACE,OAAA,CAAAG,iCAAA,GAAAA,iCAAA;AAEG,MAAME,kCAAkC,GAAGA,CAChDxB,aAAqE,EACrEiB,OAAgE,KAEhEV,gCAAgC,CAC9BP,aAAa,EACbyB,sCAA+B,EAC/BR,OACF,CAAC;AAACE,OAAA,CAAAK,kCAAA,GAAAA,kCAAA;AAEG,MAAME,sBAAsB,GAAGA,CACpC1B,aAAqE,EACrEiB,OAAgE,KAEhEV,gCAAgC,CAACP,aAAa,EAAE2B,0BAAmB,EAAEV,OAAO,CAAC;;AAE/E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AATAE,OAAA,CAAAO,sBAAA,GAAAA,sBAAA;AAUO,eAAeE,kBAAkBA,CACtCC,wBAAgC,EAChCC,yBAAiC,EAMjC;EAAA,IALA;IACEzC,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMiB,YAAY,GAAG,MAAMsB,wBAAwB,CACjDF,wBAAwB,EACxBC,yBAAyB,EACzB;IACEzC;EACF,CACF,CAAC;EAED,MAAMqB,WAAW,GAAG,IAAAC,wBAAS,EAACF,YAAY,CAAC;EAC3C,OAAOuB,sBAAe,CAACpB,KAAK,CAAC;IAC3BC,MAAM,EAAEH,WAAW,CAACI,eAAe;IACnCC,OAAO,EAAEL,WAAW,CAACK;EACvB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAegB,wBAAwBA,CAC5CE,uBAA+B,EAC/BH,yBAAiC,EAMjC;EAAA,IALA;IACEzC,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAM0C,GAAG,GAAG,IAAIC,GAAG,CAACF,uBAAuB,CAAC;EAC5CC,GAAG,CAACE,YAAY,CAACC,GAAG,CAAC,KAAK,EAAEP,yBAAyB,CAAC;EAEtD,OAAO,MAAMzC,QAAQ,CAAC6C,GAAG,CAACI,QAAQ,CAAC,CAAC,EAAE;IACpCpC,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;AAC9B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeiC,iBAAiBA,CACrCC,sBAA8B,EAMX;EAAA,IALnB;IACEnD,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,OAAO,MAAMH,QAAQ,CAACmD,sBAAsB,EAAE;IAC5CtC,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACoC,IAAI,CAAC,CAAC,CAAC,CACzBtC,IAAI,CAAEsC,IAAI,IAAK;IACd,MAAMC,MAAM,GAAGC,6BAAsB,CAACC,SAAS,CAACH,IAAI,CAAC;IACrD,IAAI,CAACC,MAAM,CAACG,OAAO,EAAE;MACnB,MAAM,IAAIC,qBAAa,CACpB,8DAA6DJ,MAAM,CAAC9C,KAAK,CAACmD,OAAQ,EACrF,CAAC;IACH;IACA,OAAOL,MAAM,CAACM,IAAI;EACpB,CAAC,CAAC;AACN;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeC,eAAeA,CACnCC,yBAAiC,EACjCC,cAAmB,EAEA;EAAA,IADnB9D,QAA8B,GAAAG,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGF,KAAK;EAEtC;EACA,MAAM8D,UAAU,GAAG,MAAMC,gBAAgB,CACvCH,yBAAyB,EACzB7D,QACF,CAAC;;EAED;EACA,MAAMiE,cAAc,GAAGF,UAAU,CAACA,UAAU,CAAC3D,MAAM,GAAG,CAAC,CAAC;EACxD,IAAI,CAAC6D,cAAc,EAAE;IACnB,MAAM,IAAIR,qBAAa,CACrB,2DACF,CAAC;EACH;EAEA,IAAI,CAACK,cAAc,CAACI,GAAG,EAAE;IACvB,MAAM,IAAIT,qBAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,MAAM,IAAAU,aAAM,EAACF,cAAc,EAAEH,cAAc,CAACI,GAAG,EAAE,CAACJ,cAAc,CAAC,CAAC;;EAElE;EACA,MAAMM,iBAAiB,GAAG9B,0BAAmB,CAACf,KAAK,CAAC,IAAA8C,aAAM,EAACJ,cAAc,CAAC,CAAC;EAC3E,MAAMd,sBAAsB,GAC1BiB,iBAAiB,CAAC1C,OAAO,CAAC4C,QAAQ,CAACC,iBAAiB,CACjDC,wBAAwB;EAE7B,IAAIrB,sBAAsB,EAAE;IAC1B,MAAMsB,cAAc,GAAG,MAAMvB,iBAAiB,CAACC,sBAAsB,EAAE;MACrEnD;IACF,CAAC,CAAC;IAEF,IAAI,CAACyE,cAAc,CAACC,QAAQ,CAACb,yBAAyB,CAAC,EAAE;MACvD,MAAM,IAAIJ,qBAAa,CACrB,wFACF,CAAC;IACH;EACF;EAEA,OAAOM,UAAU;AACnB;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeC,gBAAgBA,CAC7BrD,aAAqB,EACrBX,QAA8B,EAEX;EAAA,IADnB2E,MAAe,GAAAxE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,IAAI;EAEtB,MAAMJ,KAAe,GAAG,EAAE;;EAE1B;EACA,MAAM6E,WAAW,GAAG,MAAMlE,4BAA4B,CAACC,aAAa,EAAE;IACpEX;EACF,CAAC,CAAC;EACF,MAAM6E,QAAQ,GAAGvC,0BAAmB,CAACf,KAAK,CAAC,IAAA8C,aAAM,EAACO,WAAW,CAAC,CAAC;EAE/D,IAAID,MAAM,EAAE;IACV;IACA5E,KAAK,CAAC+E,IAAI,CAACF,WAAW,CAAC;EACzB;;EAEA;EACA,MAAMG,cAAc,GAAGF,QAAQ,CAACnD,OAAO,CAACsD,eAAe,IAAI,EAAE;EAC7D,IAAID,cAAc,CAAC3E,MAAM,KAAK,CAAC,EAAE;IAC/B;IACA,IAAI,CAACuE,MAAM,EAAE;MACX5E,KAAK,CAAC+E,IAAI,CAACF,WAAW,CAAC;IACzB;IACA,OAAO7E,KAAK;EACd;EAEA,MAAMkF,mBAAmB,GAAGF,cAAc,CAAC,CAAC,CAAE;;EAE9C;EACA,MAAMG,WAAW,GAAG,MAAMxE,4BAA4B,CAACuE,mBAAmB,EAAE;IAC1EjF;EACF,CAAC,CAAC;EACF,MAAMmF,QAAQ,GAAG7C,0BAAmB,CAACf,KAAK,CAAC,IAAA8C,aAAM,EAACa,WAAW,CAAC,CAAC;;EAE/D;EACA,MAAMtC,uBAAuB,GAC3BuC,QAAQ,CAACzD,OAAO,CAAC4C,QAAQ,CAACC,iBAAiB,CAACa,yBAAyB;EACvE,IAAI,CAACxC,uBAAuB,EAAE;IAC5B,MAAM,IAAIa,qBAAa,CACrB,8DACF,CAAC;EACH;EAEA,MAAM4B,kBAAkB,GAAG,MAAM3C,wBAAwB,CACvDE,uBAAuB,EACvBjC,aAAa,EACb;IAAEX;EAAS,CACb,CAAC;EACD;EACA2C,sBAAe,CAACpB,KAAK,CAAC,IAAA8C,aAAM,EAACgB,kBAAkB,CAAC,CAAC;;EAEjD;EACAtF,KAAK,CAAC+E,IAAI,CAACO,kBAAkB,CAAC;;EAE9B;EACA,MAAMC,WAAW,GAAG,MAAMtB,gBAAgB,CACxCiB,mBAAmB,EACnBjF,QAAQ,EACR,KACF,CAAC;EAED,OAAOD,KAAK,CAACwF,MAAM,CAACD,WAAW,CAAC;AAClC"}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.WalletProviderEntityConfiguration = exports.TrustMark = exports.TrustAnchorEntityConfiguration = exports.RelyingPartyEntityConfiguration = exports.EntityStatement = exports.EntityConfigurationHeader = exports.EntityConfiguration = exports.CredentialIssuerEntityConfiguration = void 0;
|
|
6
|
+
exports.WalletProviderEntityConfiguration = exports.TrustMark = exports.TrustAnchorEntityConfiguration = exports.RelyingPartyEntityConfiguration = exports.FederationListResponse = exports.EntityStatement = exports.EntityConfigurationHeader = exports.EntityConfiguration = exports.CredentialIssuerEntityConfiguration = void 0;
|
|
7
7
|
var _types = require("../sd-jwt/types");
|
|
8
8
|
var _jwk = require("../utils/jwk");
|
|
9
9
|
var z = _interopRequireWildcard(require("zod"));
|
|
@@ -23,7 +23,6 @@ const RelyingPartyMetadata = z.object({
|
|
|
23
23
|
}),
|
|
24
24
|
contacts: z.array(z.string()).optional()
|
|
25
25
|
});
|
|
26
|
-
//.passthrough();
|
|
27
26
|
|
|
28
27
|
// Display metadata for a credential, used by the issuer to
|
|
29
28
|
// instruct the Wallet Solution on how to render the credential correctly
|
|
@@ -53,7 +52,7 @@ const IssuanceErrorSupported = z.object({
|
|
|
53
52
|
}))
|
|
54
53
|
});
|
|
55
54
|
|
|
56
|
-
// Metadata for a
|
|
55
|
+
// Metadata for a credential which is supported by an Issuer
|
|
57
56
|
|
|
58
57
|
const SupportedCredentialMetadata = z.object({
|
|
59
58
|
format: z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]),
|
|
@@ -77,7 +76,7 @@ const EntityStatement = z.object({
|
|
|
77
76
|
jwks: z.object({
|
|
78
77
|
keys: z.array(_jwk.JWK)
|
|
79
78
|
}),
|
|
80
|
-
trust_marks: z.array(TrustMark),
|
|
79
|
+
trust_marks: z.array(TrustMark).optional(),
|
|
81
80
|
iat: z.number(),
|
|
82
81
|
exp: z.number()
|
|
83
82
|
})
|
|
@@ -90,7 +89,7 @@ const EntityConfigurationHeader = z.object({
|
|
|
90
89
|
});
|
|
91
90
|
|
|
92
91
|
/**
|
|
93
|
-
* @see https://openid.net/specs/openid-
|
|
92
|
+
* @see https://openid.net/specs/openid-federation-1_0-41.html
|
|
94
93
|
*/
|
|
95
94
|
exports.EntityConfigurationHeader = EntityConfigurationHeader;
|
|
96
95
|
const FederationEntityMetadata = z.object({
|
|
@@ -99,6 +98,9 @@ const FederationEntityMetadata = z.object({
|
|
|
99
98
|
federation_resolve_endpoint: z.string().optional(),
|
|
100
99
|
federation_trust_mark_status_endpoint: z.string().optional(),
|
|
101
100
|
federation_trust_mark_list_endpoint: z.string().optional(),
|
|
101
|
+
federation_trust_mark_endpoint: z.string().optional(),
|
|
102
|
+
federation_historical_keys_endpoint: z.string().optional(),
|
|
103
|
+
endpoint_auth_signing_alg_values_supported: z.string().optional(),
|
|
102
104
|
organization_name: z.string().optional(),
|
|
103
105
|
homepage_uri: z.string().optional(),
|
|
104
106
|
policy_uri: z.string().optional(),
|
|
@@ -106,7 +108,7 @@ const FederationEntityMetadata = z.object({
|
|
|
106
108
|
contacts: z.array(z.string()).optional()
|
|
107
109
|
}).passthrough();
|
|
108
110
|
|
|
109
|
-
//
|
|
111
|
+
// Structure common to every Entity Configuration document
|
|
110
112
|
const BaseEntityConfiguration = z.object({
|
|
111
113
|
header: EntityConfigurationHeader,
|
|
112
114
|
payload: z.object({
|
|
@@ -208,4 +210,6 @@ const EntityConfiguration = z.union([WalletProviderEntityConfiguration, Credenti
|
|
|
208
210
|
description: "Any kind of Entity Configuration allowed in the ecosystem"
|
|
209
211
|
});
|
|
210
212
|
exports.EntityConfiguration = EntityConfiguration;
|
|
213
|
+
const FederationListResponse = z.array(z.string());
|
|
214
|
+
exports.FederationListResponse = FederationListResponse;
|
|
211
215
|
//# sourceMappingURL=types.js.map
|