npm - @pagopa/io-react-native-wallet - Versions diffs - 0.27.1 → 0.28.1 - Mend

@pagopa/io-react-native-wallet 0.27.1 → 0.28.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (153) hide show

package/src/trust/types.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { UnixTime } from "../sd-jwt/types";
 import { JWK } from "../utils/jwk";
 import * as z from "zod";
+import { PresentationDefinition } from "../credential/presentation/types";
 export const TrustMark = z.object({ id: z.string(), trust_mark: z.string() });
 export type TrustMark = z.infer<typeof TrustMark>;
@@ -11,8 +12,12 @@ const RelyingPartyMetadata = z.object({
   client_name: z.string().optional(),
   jwks: z.object({ keys: z.array(JWK) }),
   contacts: z.array(z.string()).optional(),
+  presentation_definition: PresentationDefinition.optional(),
+  request_uris: z.array(z.string()).optional(),
+  authorization_signed_response_alg: z.string().optional(),
+  authorization_encrypted_response_alg: z.string().optional(),
+  authorization_encrypted_response_enc: z.string().optional(),
 });
-//.passthrough();
 // Display metadata for a credential, used by the issuer to
 // instruct the Wallet Solution on how to render the credential correctly
@@ -50,7 +55,7 @@ const IssuanceErrorSupported = z.object({
   ),
 });
-// Metadata for a credentia which is supported by a Issuer
+// Metadata for a credential which is supported by an Issuer
 type SupportedCredentialMetadata = z.infer<typeof SupportedCredentialMetadata>;
 const SupportedCredentialMetadata = z.object({
   format: z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]),
@@ -74,7 +79,7 @@ export const EntityStatement = z.object({
     iss: z.string(),
     sub: z.string(),
     jwks: z.object({ keys: z.array(JWK) }),
-    trust_marks: z.array(TrustMark),
+    trust_marks: z.array(TrustMark).optional(),
     iat: z.number(),
     exp: z.number(),
   }),
@@ -90,7 +95,7 @@ export const EntityConfigurationHeader = z.object({
 });
 /**
- * @see https://openid.net/specs/openid-connect-federation-1_0-29.html#name-federation-entity
+ * @see https://openid.net/specs/openid-federation-1_0-41.html
  */
 const FederationEntityMetadata = z
   .object({
@@ -99,6 +104,9 @@ const FederationEntityMetadata = z
     federation_resolve_endpoint: z.string().optional(),
     federation_trust_mark_status_endpoint: z.string().optional(),
     federation_trust_mark_list_endpoint: z.string().optional(),
+    federation_trust_mark_endpoint: z.string().optional(),
+    federation_historical_keys_endpoint: z.string().optional(),
+    endpoint_auth_signing_alg_values_supported: z.string().optional(),
     organization_name: z.string().optional(),
     homepage_uri: z.string().optional(),
     policy_uri: z.string().optional(),
@@ -107,7 +115,7 @@ const FederationEntityMetadata = z
   })
   .passthrough();
-// Structuire common to every Entity Configuration document
+// Structure common to every Entity Configuration document
 const BaseEntityConfiguration = z.object({
   header: EntityConfigurationHeader,
   payload: z
@@ -171,10 +179,24 @@ export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(
           token_endpoint_auth_signing_alg_values_supported: z.array(z.string()),
           request_object_signing_alg_values_supported: z.array(z.string()),
         }),
-        /** Credential Issuers act as Relying Party
-            when they require the presentation of other credentials.
-            This does not apply for PID issuance, which requires CIE authz. */
-        wallet_relying_party: RelyingPartyMetadata.optional(),
+        /**
+         * Credential Issuers act as Relying Party when they require the presentation of other credentials.
+         * This does not apply for PID issuance, which requires CIE authz.
+         */
+        openid_credential_verifier: RelyingPartyMetadata.optional(),
+        /**
+         * @deprecated use `openid_credential_verifier`
+         * TODO [SIW-2111]: remove after migrating to 0.9.x
+         */
+        wallet_relying_party: z
+          .object({
+            application_type: z.string().optional(),
+            client_id: z.string().optional(),
+            client_name: z.string().optional(),
+            jwks: z.object({ keys: z.array(JWK) }),
+            contacts: z.array(z.string()).optional(),
+          })
+          .optional(),
       }),
     }),
   })
@@ -188,7 +210,7 @@ export const RelyingPartyEntityConfiguration = BaseEntityConfiguration.and(
   z.object({
     payload: z.object({
       metadata: z.object({
-        wallet_relying_party: RelyingPartyMetadata,
+        openid_credential_verifier: RelyingPartyMetadata,
       }),
     }),
   })
@@ -232,3 +254,5 @@ export const EntityConfiguration = z.union(
     description: "Any kind of Entity Configuration allowed in the ecosystem",
   }
 );
+export const FederationListResponse = z.array(z.string());

package/src/trust/utils.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import {
+  decode as decodeJwt,
+  verify as verifyJwt,
+} from "@pagopa/io-react-native-jwt";
+import type { JWK, JWTDecodeResult } from "../utils/jwk";
+export type ParsedToken = {
+  header: JWTDecodeResult["protectedHeader"];
+  payload: JWTDecodeResult["payload"];
+};
+// Verify a token signature
+// The kid is extracted from the token header
+export const verify = async (
+  token: string,
+  kid: string,
+  jwks: JWK[]
+): Promise<ParsedToken> => {
+  const jwk = jwks.find((k) => k.kid === kid);
+  if (!jwk) {
+    throw new Error(`Invalid kid: ${kid}, token: ${token}`);
+  }
+  const { protectedHeader: header, payload } = await verifyJwt(token, jwk);
+  return { header, payload };
+};
+/**
+ * Return type for this function is necessary to avoid an issue during the bob build process.
+ * It seems like typescript can't correctly infer the return type of the function.
+ */
+export const decode = (token: string): ParsedToken => {
+  const { protectedHeader: header, payload } = decodeJwt(token);
+  return { header, payload };
+};

package/src/utils/decoder.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
-import type { JWTDecodeResult } from "@pagopa/io-react-native-jwt/lib/typescript/types";
+import type { JWTDecodeResult } from "./jwk";
 import { ValidationFailed } from "./errors";
 /*

package/src/utils/jwk.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { removePadding } from "@pagopa/io-react-native-jwt";
+import { decode, removePadding } from "@pagopa/io-react-native-jwt";
 import { z } from "zod";
 export type JWK = z.infer<typeof JWK>;
@@ -58,3 +58,10 @@ export function fixBase64EncodingOnKey(key: JWK): JWK {
     ...(n ? { n: removePadding(n) } : {}),
   };
 }
+export type JWKS = z.infer<typeof JWKS>;
+export const JWKS = z.object({
+  keys: z.array(JWK),
+});
+export type JWTDecodeResult = ReturnType<typeof decode>;

package/src/wallet-instance/index.ts CHANGED Viewed

@@ -87,3 +87,16 @@ export async function getWalletInstanceStatus(context: {
     path: { id: context.id },
   });
 }
+/**
+ * Get the status of the current Wallet Instance.
+ * @returns Details on the status of the current Wallet Instance
+ */
+export async function getCurrentWalletInstanceStatus(context: {
+  walletProviderBaseUrl: string;
+  appFetch?: GlobalFetch["fetch"];
+}): Promise<WalletInstanceData> {
+  const api = getWalletProviderClient(context);
+  return api.get("/wallet-instances/current/status");
+}

package/lib/commonjs/credential/presentation/04-send-authorization-response.js DELETED Viewed

@@ -1,138 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.sendAuthorizationResponse = exports.AuthorizationResponse = void 0;
-var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
-var _uuid = require("uuid");
-var WalletInstanceAttestation = _interopRequireWildcard(require("../../wallet-instance-attestation"));
-var _errors = require("./errors");
-var _misc = require("../../utils/misc");
-var _sdJwt = require("../../sd-jwt");
-var z = _interopRequireWildcard(require("zod"));
-function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
-function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
-const AuthorizationResponse = z.object({
-  status: z.string(),
-  response_code: z.string() /**
-                            FIXME: [SIW-627] we expect this value from every RP implementation
-                            Actually some RP does not return the value
-                            We make it optional to not break the flow.
-                            */.optional()
-});
-/**
- * Choose an RSA public key from those offered by the RP for encryption.
- *
- * @param entity The RP entity configuration
- * @returns A suitable public key with its compatible encryption algorithm
- * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
- */
-exports.AuthorizationResponse = AuthorizationResponse;
-const chooseRSAPublicKeyToEncrypt = entity => {
-  const [usingRsa256] = entity.wallet_relying_party.jwks.keys.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
-  if (usingRsa256) {
-    return usingRsa256;
-  }
-  // No suitable key has been found
-  throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
-};
-/**
- * Generate a Verified Presentation token for a received request object within the context of an authorization request flow.
- * The presentation is created by revealing data from the provided credentials based on the requested claims.
- * Each Verified Credential is accompanied by the claims that the user consents to disclose from it.
- *
- * @todo: Allow for handling more than one Verified Credential.
- */
-const prepareVpToken = async (requestObject, walletInstanceAttestation, _ref) => {
-  let [vc, claims, cryptoCtx] = _ref;
-  // this throws if vc cannot satisfy all the requested claims
-  const {
-    token: vp,
-    paths
-  } = await (0, _sdJwt.disclose)(vc, claims);
-  // obtain issuer from Wallet Instance
-  const {
-    payload: {
-      iss
-    }
-  } = WalletInstanceAttestation.decode(walletInstanceAttestation);
-  const pidKid = await cryptoCtx.getPublicKey().then(_ => _.kid);
-  // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
-  const vp_token = await new _ioReactNativeJwt.SignJWT(cryptoCtx).setProtectedHeader({
-    typ: "JWT",
-    kid: pidKid
-  }).setPayload({
-    vp: vp,
-    jti: `${(0, _uuid.v4)()}`,
-    iss,
-    nonce: requestObject.nonce
-  }).setAudience(requestObject.response_uri).setIssuedAt().setExpirationTime("1h").sign();
-  const vc_scope = requestObject.scope;
-  const presentation_submission = {
-    definition_id: `${(0, _uuid.v4)()}`,
-    id: `${(0, _uuid.v4)()}`,
-    descriptor_map: paths.map(p => ({
-      id: vc_scope,
-      path: `$.vp_token.${p.path}`,
-      format: "vc+sd-jwt"
-    }))
-  };
-  return {
-    vp_token,
-    presentation_submission
-  };
-};
-/**
- * Complete the presentation flow by sending the authorization response to the Relying Party
- *
- * @param requestObject The Request Object that describes the presentation
- * @param rpConf The Relying Party's configuration
- * @param presentation The presentation tuple consisting in the signed credential,
- * the list of claims to be disclosed, and the context to access the key that proves the holder binding
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The result of the presentation flow
- */
-const sendAuthorizationResponse = async (requestObject, rpConf, presentation, _ref2) => {
-  let {
-    appFetch = fetch,
-    walletInstanceAttestation
-  } = _ref2;
-  // the request is an unsigned jws without iss, aud, exp
-  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
-  const rsaPublicJwk = chooseRSAPublicKeyToEncrypt(rpConf);
-  const {
-    vp_token,
-    presentation_submission
-  } = await prepareVpToken(requestObject, walletInstanceAttestation, presentation);
-  const authzResponsePayload = JSON.stringify({
-    state: requestObject.state,
-    presentation_submission,
-    nonce: requestObject.nonce,
-    vp_token
-  });
-  const encrypted = await new _ioReactNativeJwt.EncryptJwe(authzResponsePayload, {
-    alg: "RSA-OAEP-256",
-    enc: "A256CBC-HS512",
-    kid: rsaPublicJwk.kid
-  }).encrypt(rsaPublicJwk);
-  const formBody = new URLSearchParams({
-    response: encrypted
-  });
-  const body = formBody.toString();
-  return appFetch(requestObject.response_uri, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded"
-    },
-    body
-  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.json()).then(AuthorizationResponse.parse);
-};
-exports.sendAuthorizationResponse = sendAuthorizationResponse;
-//# sourceMappingURL=04-send-authorization-response.js.map

package/lib/commonjs/credential/presentation/04-send-authorization-response.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["_ioReactNativeJwt","require","_uuid","WalletInstanceAttestation","_interopRequireWildcard","_errors","_misc","_sdJwt","z","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","AuthorizationResponse","object","status","string","response_code","optional","exports","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","wallet_relying_party","jwks","keys","filter","jwk","use","kty","NoSuitableKeysFoundInEntityConfiguration","prepareVpToken","requestObject","walletInstanceAttestation","_ref","vc","claims","cryptoCtx","token","vp","paths","disclose","payload","iss","decode","pidKid","getPublicKey","then","_","kid","vp_token","SignJWT","setProtectedHeader","typ","setPayload","jti","uuidv4","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","rpConf","presentation","_ref2","appFetch","fetch","rsaPublicJwk","authzResponsePayload","JSON","stringify","state","encrypted","EncryptJwe","alg","enc","encrypt","formBody","URLSearchParams","response","body","toString","method","headers","hasStatusOrThrow","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-send-authorization-response.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,yBAAA,GAAAC,uBAAA,CAAAH,OAAA;AAEA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AAEA,IAAAM,MAAA,GAAAN,OAAA;AAGA,IAAAO,CAAA,GAAAJ,uBAAA,CAAAH,OAAA;AAAyB,SAAAQ,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAN,wBAAAU,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAGlB,MAAMW,qBAAqB,GAAGvB,CAAC,CAACwB,MAAM,CAAC;EAC5CC,MAAM,EAAEzB,CAAC,CAAC0B,MAAM,CAAC,CAAC;EAClBC,aAAa,EAAE3B,CAAC,CACb0B,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTE,QAAQ,CAAC;AACd,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AANAC,OAAA,CAAAN,qBAAA,GAAAA,qBAAA;AAOA,MAAMO,2BAA2B,GAC/BC,MAAgD,IACxC;EACR,MAAM,CAACC,WAAW,CAAC,GAAGD,MAAM,CAACE,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACC,MAAM,CAC/DC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAED,IAAIP,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAIQ,gDAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,cAAc,GAAG,MAAAA,CACrBC,aAAqD,EACrDC,yBAAiC,EAAAC,IAAA,KAK7B;EAAA,IAJJ,CAACC,EAAE,EAAEC,MAAM,EAAEC,SAAS,CAAe,GAAAH,IAAA;EAKrC;EACA,MAAM;IAAEI,KAAK,EAAEC,EAAE;IAAEC;EAAM,CAAC,GAAG,MAAM,IAAAC,eAAQ,EAACN,EAAE,EAAEC,MAAM,CAAC;;EAEvD;EACA,MAAM;IACJM,OAAO,EAAE;MAAEC;IAAI;EACjB,CAAC,GAAG1D,yBAAyB,CAAC2D,MAAM,CAACX,yBAAyB,CAAC;EAE/D,MAAMY,MAAM,GAAG,MAAMR,SAAS,CAACS,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;;EAEhE;EACA,MAAMC,QAAQ,GAAG,MAAM,IAAIC,yBAAO,CAACd,SAAS,CAAC,CAC1Ce,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVJ,GAAG,EAAEJ;EACP,CAAC,CAAC,CACDS,UAAU,CAAC;IACVf,EAAE,EAAEA,EAAE;IACNgB,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE,EAAC;IAClBb,GAAG;IACHc,KAAK,EAAEzB,aAAa,CAACyB;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC1B,aAAa,CAAC2B,YAAY,CAAC,CACvCC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,QAAQ,GAAG/B,aAAa,CAACgC,KAAK;EACpC,MAAMC,uBAAuB,GAAG;IAC9BC,aAAa,EAAG,GAAE,IAAAV,QAAM,EAAC,CAAE,EAAC;IAC5BW,EAAE,EAAG,GAAE,IAAAX,QAAM,EAAC,CAAE,EAAC;IACjBY,cAAc,EAAE5B,KAAK,CAAC6B,GAAG,CAAEC,CAAC,KAAM;MAChCH,EAAE,EAAEJ,QAAQ;MACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;MAC5BC,MAAM,EAAE;IACV,CAAC,CAAC;EACJ,CAAC;EAED,OAAO;IAAEtB,QAAQ;IAAEe;EAAwB,CAAC;AAC9C,CAAC;AAYD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMQ,yBAAoD,GAAG,MAAAA,CAClEzC,aAAa,EACb0C,MAAM,EACNC,YAAY,EAAAC,KAAA,KAEuB;EAAA,IADnC;IAAEC,QAAQ,GAAGC,KAAK;IAAE7C;EAA0B,CAAC,GAAA2C,KAAA;EAE/C;EACA;EACA,MAAMG,YAAY,GAAG3D,2BAA2B,CAACsD,MAAM,CAAC;EAExD,MAAM;IAAExB,QAAQ;IAAEe;EAAwB,CAAC,GAAG,MAAMlC,cAAc,CAChEC,aAAa,EACbC,yBAAyB,EACzB0C,YACF,CAAC;EAED,MAAMK,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEnD,aAAa,CAACmD,KAAK;IAC1BlB,uBAAuB;IACvBR,KAAK,EAAEzB,aAAa,CAACyB,KAAK;IAC1BP;EACF,CAAC,CAAC;EAEF,MAAMkC,SAAS,GAAG,MAAM,IAAIC,4BAAU,CAACL,oBAAoB,EAAE;IAC3DM,GAAG,EAAE,cAAc;IACnBC,GAAG,EAAE,eAAe;IACpBtC,GAAG,EAAE8B,YAAY,CAAC9B;EACpB,CAAC,CAAC,CAACuC,OAAO,CAACT,YAAY,CAAC;EAExB,MAAMU,QAAQ,GAAG,IAAIC,eAAe,CAAC;IAAEC,QAAQ,EAAEP;EAAU,CAAC,CAAC;EAC7D,MAAMQ,IAAI,GAAGH,QAAQ,CAACI,QAAQ,CAAC,CAAC;EAEhC,OAAOhB,QAAQ,CAAC7C,aAAa,CAAC2B,YAAY,EAAE;IAC1CmC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC7C,IAAI,CAAC,IAAAiD,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BjD,IAAI,CAAEkD,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBnD,IAAI,CAAClC,qBAAqB,CAACsF,KAAK,CAAC;AACtC,CAAC;AAAChF,OAAA,CAAAsD,yBAAA,GAAAA,yBAAA"}

package/lib/module/credential/presentation/04-send-authorization-response.js DELETED Viewed

@@ -1,128 +0,0 @@
-import { EncryptJwe, SignJWT } from "@pagopa/io-react-native-jwt";
-import { v4 as uuidv4 } from "uuid";
-import * as WalletInstanceAttestation from "../../wallet-instance-attestation";
-import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
-import { hasStatusOrThrow } from "../../utils/misc";
-import { disclose } from "../../sd-jwt";
-import * as z from "zod";
-export const AuthorizationResponse = z.object({
-  status: z.string(),
-  response_code: z.string() /**
-                            FIXME: [SIW-627] we expect this value from every RP implementation
-                            Actually some RP does not return the value
-                            We make it optional to not break the flow.
-                            */.optional()
-});
-/**
- * Choose an RSA public key from those offered by the RP for encryption.
- *
- * @param entity The RP entity configuration
- * @returns A suitable public key with its compatible encryption algorithm
- * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
- */
-const chooseRSAPublicKeyToEncrypt = entity => {
-  const [usingRsa256] = entity.wallet_relying_party.jwks.keys.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
-  if (usingRsa256) {
-    return usingRsa256;
-  }
-  // No suitable key has been found
-  throw new NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
-};
-/**
- * Generate a Verified Presentation token for a received request object within the context of an authorization request flow.
- * The presentation is created by revealing data from the provided credentials based on the requested claims.
- * Each Verified Credential is accompanied by the claims that the user consents to disclose from it.
- *
- * @todo: Allow for handling more than one Verified Credential.
- */
-const prepareVpToken = async (requestObject, walletInstanceAttestation, _ref) => {
-  let [vc, claims, cryptoCtx] = _ref;
-  // this throws if vc cannot satisfy all the requested claims
-  const {
-    token: vp,
-    paths
-  } = await disclose(vc, claims);
-  // obtain issuer from Wallet Instance
-  const {
-    payload: {
-      iss
-    }
-  } = WalletInstanceAttestation.decode(walletInstanceAttestation);
-  const pidKid = await cryptoCtx.getPublicKey().then(_ => _.kid);
-  // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
-  const vp_token = await new SignJWT(cryptoCtx).setProtectedHeader({
-    typ: "JWT",
-    kid: pidKid
-  }).setPayload({
-    vp: vp,
-    jti: `${uuidv4()}`,
-    iss,
-    nonce: requestObject.nonce
-  }).setAudience(requestObject.response_uri).setIssuedAt().setExpirationTime("1h").sign();
-  const vc_scope = requestObject.scope;
-  const presentation_submission = {
-    definition_id: `${uuidv4()}`,
-    id: `${uuidv4()}`,
-    descriptor_map: paths.map(p => ({
-      id: vc_scope,
-      path: `$.vp_token.${p.path}`,
-      format: "vc+sd-jwt"
-    }))
-  };
-  return {
-    vp_token,
-    presentation_submission
-  };
-};
-/**
- * Complete the presentation flow by sending the authorization response to the Relying Party
- *
- * @param requestObject The Request Object that describes the presentation
- * @param rpConf The Relying Party's configuration
- * @param presentation The presentation tuple consisting in the signed credential,
- * the list of claims to be disclosed, and the context to access the key that proves the holder binding
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The result of the presentation flow
- */
-export const sendAuthorizationResponse = async (requestObject, rpConf, presentation, _ref2) => {
-  let {
-    appFetch = fetch,
-    walletInstanceAttestation
-  } = _ref2;
-  // the request is an unsigned jws without iss, aud, exp
-  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
-  const rsaPublicJwk = chooseRSAPublicKeyToEncrypt(rpConf);
-  const {
-    vp_token,
-    presentation_submission
-  } = await prepareVpToken(requestObject, walletInstanceAttestation, presentation);
-  const authzResponsePayload = JSON.stringify({
-    state: requestObject.state,
-    presentation_submission,
-    nonce: requestObject.nonce,
-    vp_token
-  });
-  const encrypted = await new EncryptJwe(authzResponsePayload, {
-    alg: "RSA-OAEP-256",
-    enc: "A256CBC-HS512",
-    kid: rsaPublicJwk.kid
-  }).encrypt(rsaPublicJwk);
-  const formBody = new URLSearchParams({
-    response: encrypted
-  });
-  const body = formBody.toString();
-  return appFetch(requestObject.response_uri, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded"
-    },
-    body
-  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(AuthorizationResponse.parse);
-};
-//# sourceMappingURL=04-send-authorization-response.js.map

package/lib/module/credential/presentation/04-send-authorization-response.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["EncryptJwe","SignJWT","v4","uuidv4","WalletInstanceAttestation","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","disclose","z","AuthorizationResponse","object","status","string","response_code","optional","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","wallet_relying_party","jwks","keys","filter","jwk","use","kty","prepareVpToken","requestObject","walletInstanceAttestation","_ref","vc","claims","cryptoCtx","token","vp","paths","payload","iss","decode","pidKid","getPublicKey","then","_","kid","vp_token","setProtectedHeader","typ","setPayload","jti","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","rpConf","presentation","_ref2","appFetch","fetch","rsaPublicJwk","authzResponsePayload","JSON","stringify","state","encrypted","alg","enc","encrypt","formBody","URLSearchParams","response","body","toString","method","headers","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-send-authorization-response.ts"],"mappings":"AAAA,SAASA,UAAU,EAAEC,OAAO,QAAQ,6BAA6B;AACjE,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAE9E,SAASC,wCAAwC,QAAQ,UAAU;AACnE,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SAASC,QAAQ,QAAQ,cAAc;AAGvC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAGxB,OAAO,MAAMC,qBAAqB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAC5CC,MAAM,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBC,aAAa,EAAEL,CAAC,CACbI,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTE,QAAQ,CAAC;AACd,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,2BAA2B,GAC/BC,MAAgD,IACxC;EACR,MAAM,CAACC,WAAW,CAAC,GAAGD,MAAM,CAACE,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACC,MAAM,CAC/DC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAED,IAAIP,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAIZ,wCAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMoB,cAAc,GAAG,MAAAA,CACrBC,aAAqD,EACrDC,yBAAiC,EAAAC,IAAA,KAK7B;EAAA,IAJJ,CAACC,EAAE,EAAEC,MAAM,EAAEC,SAAS,CAAe,GAAAH,IAAA;EAKrC;EACA,MAAM;IAAEI,KAAK,EAAEC,EAAE;IAAEC;EAAM,CAAC,GAAG,MAAM3B,QAAQ,CAACsB,EAAE,EAAEC,MAAM,CAAC;;EAEvD;EACA,MAAM;IACJK,OAAO,EAAE;MAAEC;IAAI;EACjB,CAAC,GAAGhC,yBAAyB,CAACiC,MAAM,CAACV,yBAAyB,CAAC;EAE/D,MAAMW,MAAM,GAAG,MAAMP,SAAS,CAACQ,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;;EAEhE;EACA,MAAMC,QAAQ,GAAG,MAAM,IAAI1C,OAAO,CAAC8B,SAAS,CAAC,CAC1Ca,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVH,GAAG,EAAEJ;EACP,CAAC,CAAC,CACDQ,UAAU,CAAC;IACVb,EAAE,EAAEA,EAAE;IACNc,GAAG,EAAG,GAAE5C,MAAM,CAAC,CAAE,EAAC;IAClBiC,GAAG;IACHY,KAAK,EAAEtB,aAAa,CAACsB;EACvB,CAAC,CAAC,CACDC,WAAW,CAACvB,aAAa,CAACwB,YAAY,CAAC,CACvCC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,QAAQ,GAAG5B,aAAa,CAAC6B,KAAK;EACpC,MAAMC,uBAAuB,GAAG;IAC9BC,aAAa,EAAG,GAAEtD,MAAM,CAAC,CAAE,EAAC;IAC5BuD,EAAE,EAAG,GAAEvD,MAAM,CAAC,CAAE,EAAC;IACjBwD,cAAc,EAAEzB,KAAK,CAAC0B,GAAG,CAAEC,CAAC,KAAM;MAChCH,EAAE,EAAEJ,QAAQ;MACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;MAC5BC,MAAM,EAAE;IACV,CAAC,CAAC;EACJ,CAAC;EAED,OAAO;IAAEpB,QAAQ;IAAEa;EAAwB,CAAC;AAC9C,CAAC;AAYD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,yBAAoD,GAAG,MAAAA,CAClEtC,aAAa,EACbuC,MAAM,EACNC,YAAY,EAAAC,KAAA,KAEuB;EAAA,IADnC;IAAEC,QAAQ,GAAGC,KAAK;IAAE1C;EAA0B,CAAC,GAAAwC,KAAA;EAE/C;EACA;EACA,MAAMG,YAAY,GAAGvD,2BAA2B,CAACkD,MAAM,CAAC;EAExD,MAAM;IAAEtB,QAAQ;IAAEa;EAAwB,CAAC,GAAG,MAAM/B,cAAc,CAChEC,aAAa,EACbC,yBAAyB,EACzBuC,YACF,CAAC;EAED,MAAMK,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEhD,aAAa,CAACgD,KAAK;IAC1BlB,uBAAuB;IACvBR,KAAK,EAAEtB,aAAa,CAACsB,KAAK;IAC1BL;EACF,CAAC,CAAC;EAEF,MAAMgC,SAAS,GAAG,MAAM,IAAI3E,UAAU,CAACuE,oBAAoB,EAAE;IAC3DK,GAAG,EAAE,cAAc;IACnBC,GAAG,EAAE,eAAe;IACpBnC,GAAG,EAAE4B,YAAY,CAAC5B;EACpB,CAAC,CAAC,CAACoC,OAAO,CAACR,YAAY,CAAC;EAExB,MAAMS,QAAQ,GAAG,IAAIC,eAAe,CAAC;IAAEC,QAAQ,EAAEN;EAAU,CAAC,CAAC;EAC7D,MAAMO,IAAI,GAAGH,QAAQ,CAACI,QAAQ,CAAC,CAAC;EAEhC,OAAOf,QAAQ,CAAC1C,aAAa,CAACwB,YAAY,EAAE;IAC1CkC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC1C,IAAI,CAAClC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BkC,IAAI,CAAE8C,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzB/C,IAAI,CAAC/B,qBAAqB,CAAC+E,KAAK,CAAC;AACtC,CAAC"}

package/lib/typescript/credential/presentation/04-send-authorization-response.d.ts DELETED Viewed

@@ -1,34 +0,0 @@
-import { type Out } from "../../utils/misc";
-import type { GetRequestObject } from "./03-get-request-object";
-import type { EvaluateRelyingPartyTrust } from "./02-evaluate-rp-trust";
-import { type Presentation } from "./types";
-import * as z from "zod";
-export type AuthorizationResponse = z.infer<typeof AuthorizationResponse>;
-export declare const AuthorizationResponse: z.ZodObject<{
-    status: z.ZodString;
-    response_code: z.ZodOptional<z.ZodString>;
-}, "strip", z.ZodTypeAny, {
-    status: string;
-    response_code?: string | undefined;
-}, {
-    status: string;
-    response_code?: string | undefined;
-}>;
-export type SendAuthorizationResponse = (requestObject: Out<GetRequestObject>["requestObject"], rpConf: Out<EvaluateRelyingPartyTrust>["rpConf"], presentation: Presentation, // TODO: [SIW-353] support multiple presentations
-context: {
-    walletInstanceAttestation: string;
-    appFetch?: GlobalFetch["fetch"];
-}) => Promise<AuthorizationResponse>;
-/**
- * Complete the presentation flow by sending the authorization response to the Relying Party
- *
- * @param requestObject The Request Object that describes the presentation
- * @param rpConf The Relying Party's configuration
- * @param presentation The presentation tuple consisting in the signed credential,
- * the list of claims to be disclosed, and the context to access the key that proves the holder binding
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The result of the presentation flow
- */
-export declare const sendAuthorizationResponse: SendAuthorizationResponse;
-//# sourceMappingURL=04-send-authorization-response.d.ts.map

package/lib/typescript/credential/presentation/04-send-authorization-response.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"04-send-authorization-response.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/04-send-authorization-response.ts"],"names":[],"mappings":"AAKA,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAEhE,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AACxE,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAC1E,eAAO,MAAM,qBAAqB;;;;;;;;;EAShC,CAAC;AAkFH,MAAM,MAAM,yBAAyB,GAAG,CACtC,aAAa,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,eAAe,CAAC,EACrD,MAAM,EAAE,GAAG,CAAC,yBAAyB,CAAC,CAAC,QAAQ,CAAC,EAChD,YAAY,EAAE,YAAY,EAAE,iDAAiD;AAC7E,OAAO,EAAE;IACP,yBAAyB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC,qBAAqB,CAAC,CAAC;AAEpC;;;;;;;;;;GAUG;AACH,eAAO,MAAM,yBAAyB,EAAE,yBA0CvC,CAAC"}