npm - @pagopa/io-react-native-wallet - Versions diffs - 0.27.1 → 0.28.1 - Mend

@pagopa/io-react-native-wallet 0.27.1 → 0.28.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (153) hide show

package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js ADDED Viewed

@@ -0,0 +1,289 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.prepareRemotePresentations = exports.findCredentialSdJwt = exports.evaluateInputDescriptors = exports.evaluateInputDescriptorForSdJwt4VC = void 0;
+var _sdJwt = require("../../sd-jwt");
+var _crypto = require("../../utils/crypto");
+var _jsonpathPlus = require("jsonpath-plus");
+var _errors = require("./errors");
+var _ajv = _interopRequireDefault(require("ajv"));
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+const ajv = new _ajv.default({
+  allErrors: true
+});
+const INDEX_CLAIM_NAME = 1;
+/**
+ * Transforms an array of DisclosureWithEncoded objects into a key-value map.
+ * @param disclosures - An array of DisclosureWithEncoded, each containing a decoded property with [?, claimName, claimValue].
+ * @returns An object mapping claim names to their corresponding values.
+ */
+const mapDisclosuresToObject = disclosures => {
+  return disclosures.reduce((obj, _ref) => {
+    let {
+      decoded
+    } = _ref;
+    const [, claimName, claimValue] = decoded;
+    obj[claimName] = claimValue;
+    return obj;
+  }, {});
+};
+/**
+ * Finds a claim within the payload based on provided JSONPath expressions.
+ * @param paths - An array of JSONPath expressions to search for in the payload.
+ * @param payload - The object to search within using JSONPath.
+ * @returns A tuple with the first matched JSONPath and its corresponding value, or [undefined, undefined] if not found.
+ */
+const findMatchedClaim = (paths, payload) => {
+  let matchedPath;
+  let matchedValue;
+  paths.some(singlePath => {
+    try {
+      const result = (0, _jsonpathPlus.JSONPath)({
+        path: singlePath,
+        json: payload
+      });
+      if (result.length > 0) {
+        matchedPath = singlePath;
+        matchedValue = result[0];
+        return true;
+      }
+    } catch (error) {
+      throw new _errors.MissingDataError(`JSONPath for "${singlePath}" does not match the provided payload.`);
+    }
+    return false;
+  });
+  return [matchedPath, matchedValue];
+};
+/**
+ * Extracts the claim name from a path that can be in one of the following formats:
+ * 1. $.propertyName
+ * 2. $["propertyName"] or $['propertyName']
+ *
+ * @param path - The path string containing the claim reference.
+ * @returns The extracted claim name if matched; otherwise, throws an exception.
+ */
+const extractClaimName = path => {
+  // Define a regular expression that matches both formats:
+  // 1. $.propertyName
+  // 2. $["propertyName"] or $['propertyName']
+  const regex = /^\$\.(\w+)$|^\$\[(?:'|")(\w+)(?:'|")\]$/;
+  const match = path.match(regex);
+  if (match) {
+    // match[1] corresponds to the first capture group (\w+) after $.
+    // match[2] corresponds to the second capture group (\w+) inside [""] or ['']
+    return match[1] || match[2];
+  }
+  // If the input doesn't match any of the expected formats, return null
+  throw new Error(`Invalid input format: "${path}". Expected formats are "$.propertyName", "$['propertyName']", or '$["propertyName"]'.`);
+};
+/**
+ * Evaluates an InputDescriptor for an SD-JWT-based verifiable credential.
+ *
+ * - Checks each field in the InputDescriptor against the provided `payloadCredential`
+ *   and `disclosures` (selectively disclosed claims).
+ * - Validates whether required fields are present (unless marked optional)
+ *   and match any specified JSONPath.
+ * - If a field includes a JSON Schema filter, validates the claim value against that schema.
+ * - Enforces `limit_disclosure` rules by returning only disclosures, required and optional, matching the specified fields
+ *   if set to "required". Otherwise also return the array unrequestedDisclosures with disclosures which can be passed for a particular use case.
+ * - Throws an error if a required field is invalid or missing.
+ *
+ * @param inputDescriptor - Describes constraints (fields, filters, etc.) that must be satisfied.
+ * @param payloadCredential - The credential payload to check against.
+ * @param disclosures - An array of DisclosureWithEncoded objects representing selective disclosures.
+ * @returns A filtered list of disclosures satisfying the descriptor constraints, or throws an error if not.
+ * @throws Will throw an error if any required constraint fails or if JSONPath lookups are invalid.
+ */
+const evaluateInputDescriptorForSdJwt4VC = (inputDescriptor, payloadCredential, disclosures) => {
+  var _inputDescriptor$cons;
+  if (!(inputDescriptor !== null && inputDescriptor !== void 0 && (_inputDescriptor$cons = inputDescriptor.constraints) !== null && _inputDescriptor$cons !== void 0 && _inputDescriptor$cons.fields)) {
+    // No validation, all field are optional
+    return {
+      requiredDisclosures: [],
+      optionalDisclosures: [],
+      unrequestedDisclosures: disclosures
+    };
+  }
+  const requiredClaimNames = [];
+  const optionalClaimNames = [];
+  // Transform disclosures to find claim using JSONPath
+  const disclosuresAsPayload = mapDisclosuresToObject(disclosures);
+  // For each field, we need at least one matching path
+  // If we succeed, we push the matched disclosure in matchedDisclosures and stop checking further paths
+  const allFieldsValid = inputDescriptor.constraints.fields.every(field => {
+    // For Potential profile, selectively disclosed claims will always be built as an individual object property, by using a name-value pair.
+    // Hence that selective claim for array element and recursive disclosures are not supported by Potential for the first iteration of Piloting.
+    // We need to check inside disclosures or inside credential payload. Example path: "$.given_name"
+    let [matchedPath, matchedValue] = findMatchedClaim(field.path, disclosuresAsPayload);
+    if (!matchedPath) {
+      [matchedPath, matchedValue] = findMatchedClaim(field.path, payloadCredential);
+      if (!matchedPath) {
+        // Path could be optional, in this case no need to validate! continue to next field
+        return field === null || field === void 0 ? void 0 : field.optional;
+      }
+    } else {
+      // if match a disclouse we save which is required or optional
+      const claimName = extractClaimName(matchedPath);
+      if (claimName) {
+        (field !== null && field !== void 0 && field.optional ? optionalClaimNames : requiredClaimNames).push(claimName);
+      }
+    }
+    // FILTER validation
+    // If this field has a "filter" (JSON Schema), validate the claimValue
+    if (field.filter) {
+      try {
+        const validateSchema = ajv.compile(field.filter);
+        if (!validateSchema(matchedValue)) {
+          throw new _errors.MissingDataError(`Claim value "${matchedValue}" for path "${matchedPath}" does not match the provided JSON Schema.`);
+        }
+      } catch (error) {
+        return false;
+      }
+    }
+    // Submission Requirements validation
+    // TODO: [EUDIW-216] Read rule value if “all” o “pick” and validate
+    return true;
+  });
+  if (!allFieldsValid) {
+    throw new _errors.MissingDataError("Credential validation failed: Required fields are missing or do not match the input descriptor.");
+  }
+  // Categorizes disclosures into required and optional based on claim names and disclosure constraints.
+  const requiredDisclosures = disclosures.filter(disclosure => requiredClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]));
+  const optionalDisclosures = disclosures.filter(disclosure => optionalClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]));
+  const isNotLimitDisclosure = !(inputDescriptor.constraints.limit_disclosure === "required");
+  const unrequestedDisclosures = isNotLimitDisclosure ? disclosures.filter(disclosure => !optionalClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]) && !requiredClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME])) : [];
+  return {
+    requiredDisclosures,
+    optionalDisclosures,
+    unrequestedDisclosures
+  };
+};
+exports.evaluateInputDescriptorForSdJwt4VC = evaluateInputDescriptorForSdJwt4VC;
+/**
+ * Finds the first credential that satisfies the input descriptor constraints.
+ * @param inputDescriptor The input descriptor to evaluate.
+ * @param decodedSdJwtCredentials An array of decoded SD-JWT credentials.
+ * @returns An object containing the matched evaluation, keyTag, and credential.
+ */
+const findCredentialSdJwt = (inputDescriptor, decodedSdJwtCredentials) => {
+  for (const {
+    keyTag,
+    credential,
+    sdJwt,
+    disclosures
+  } of decodedSdJwtCredentials) {
+    try {
+      const evaluatedDisclosure = evaluateInputDescriptorForSdJwt4VC(inputDescriptor, sdJwt.payload, disclosures);
+      return {
+        matchedEvaluation: evaluatedDisclosure,
+        matchedKeyTag: keyTag,
+        matchedCredential: credential
+      };
+    } catch {
+      // skip to next credential
+      continue;
+    }
+  }
+  throw new _errors.CredentialNotFoundError("None of the vc+sd-jwt credentials satisfy the requirements.");
+};
+/**
+ * Evaluates multiple input descriptors against provided SD-JWT and MDOC credentials.
+ *
+ * For each input descriptor, this function:
+ * - Checks the credential format.
+ * - Decodes the credential.
+ * - Evaluates the descriptor using the associated disclosures.
+ *
+ * @param inputDescriptors - An array of input descriptors.
+ * @param credentialsSdJwt - An array of tuples containing keyTag and SD-JWT credential.
+ * @returns An array of objects, each containing the evaluated disclosures,
+ *          the input descriptor, the credential, and the keyTag.
+ * @throws {CredentialNotFoundError} When the credential format is unsupported.
+ */
+exports.findCredentialSdJwt = findCredentialSdJwt;
+const evaluateInputDescriptors = async (inputDescriptors, credentialsSdJwt) => {
+  // We need decode SD-JWT credentials for evaluation
+  const decodedSdJwtCredentials = (credentialsSdJwt === null || credentialsSdJwt === void 0 ? void 0 : credentialsSdJwt.map(_ref2 => {
+    let [keyTag, credential] = _ref2;
+    const {
+      sdJwt,
+      disclosures
+    } = (0, _sdJwt.decode)(credential);
+    return {
+      keyTag,
+      credential,
+      sdJwt,
+      disclosures
+    };
+  })) || [];
+  return Promise.all(inputDescriptors.map(async descriptor => {
+    var _descriptor$format;
+    if ((_descriptor$format = descriptor.format) !== null && _descriptor$format !== void 0 && _descriptor$format["vc+sd-jwt"]) {
+      if (!decodedSdJwtCredentials.length) {
+        throw new _errors.CredentialNotFoundError("vc+sd-jwt credential is not supported.");
+      }
+      const {
+        matchedEvaluation,
+        matchedKeyTag,
+        matchedCredential
+      } = findCredentialSdJwt(descriptor, decodedSdJwtCredentials);
+      return {
+        evaluatedDisclosure: matchedEvaluation,
+        inputDescriptor: descriptor,
+        credential: matchedCredential,
+        keyTag: matchedKeyTag
+      };
+    }
+    throw new _errors.CredentialNotFoundError(`${descriptor.format} format is not supported.`);
+  }));
+};
+/**
+ * Prepares remote presentations for a set of credentials based on input descriptors.
+ *
+ * For each credential and its corresponding input descriptor, this function:
+ * - Validates the credential format.
+ * - Generates a verifiable presentation token (vpToken) using the provided nonce and client identifier.
+ *
+ * @param credentialAndDescriptors - An array containing objects with requested claims,
+ *                                   input descriptor, credential, and keyTag.
+ * @param nonce - A unique nonce for the verifiable presentation token.
+ * @param client_id - The client identifier.
+ * @returns A promise that resolves to an array of RemotePresentation objects.
+ * @throws {CredentialNotFoundError} When the credential format is unsupported.
+ */
+exports.evaluateInputDescriptors = evaluateInputDescriptors;
+const prepareRemotePresentations = async (credentialAndDescriptors, nonce, client_id) => {
+  return Promise.all(credentialAndDescriptors.map(async item => {
+    var _descriptor$format2;
+    const descriptor = item.inputDescriptor;
+    if ((_descriptor$format2 = descriptor.format) !== null && _descriptor$format2 !== void 0 && _descriptor$format2["vc+sd-jwt"]) {
+      const {
+        vp_token
+      } = await (0, _sdJwt.prepareVpToken)(nonce, client_id, [item.credential, item.requestedClaims, (0, _crypto.createCryptoContextFor)(item.keyTag)]);
+      return {
+        requestedClaims: item.requestedClaims,
+        inputDescriptor: descriptor,
+        vpToken: vp_token,
+        format: "vc+sd-jwt"
+      };
+    }
+    throw new _errors.CredentialNotFoundError(`${descriptor.format} format is not supported.`);
+  }));
+};
+exports.prepareRemotePresentations = prepareRemotePresentations;
+//# sourceMappingURL=07-evaluate-input-descriptor.js.map

package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_sdJwt","require","_crypto","_jsonpathPlus","_errors","_ajv","_interopRequireDefault","obj","__esModule","default","ajv","Ajv","allErrors","INDEX_CLAIM_NAME","mapDisclosuresToObject","disclosures","reduce","_ref","decoded","claimName","claimValue","findMatchedClaim","paths","payload","matchedPath","matchedValue","some","singlePath","result","JSONPath","path","json","length","error","MissingDataError","extractClaimName","regex","match","Error","evaluateInputDescriptorForSdJwt4VC","inputDescriptor","payloadCredential","_inputDescriptor$cons","constraints","fields","requiredDisclosures","optionalDisclosures","unrequestedDisclosures","requiredClaimNames","optionalClaimNames","disclosuresAsPayload","allFieldsValid","every","field","optional","push","filter","validateSchema","compile","disclosure","includes","isNotLimitDisclosure","limit_disclosure","exports","findCredentialSdJwt","decodedSdJwtCredentials","keyTag","credential","sdJwt","evaluatedDisclosure","matchedEvaluation","matchedKeyTag","matchedCredential","CredentialNotFoundError","evaluateInputDescriptors","inputDescriptors","credentialsSdJwt","map","_ref2","decode","Promise","all","descriptor","_descriptor$format","format","prepareRemotePresentations","credentialAndDescriptors","nonce","client_id","item","_descriptor$format2","vp_token","prepareVpToken","requestedClaims","createCryptoContextFor","vpToken"],"sourceRoot":"../../../../src","sources":["credential/presentation/07-evaluate-input-descriptor.ts"],"mappings":";;;;;;AAEA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,aAAA,GAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,IAAA,GAAAC,sBAAA,CAAAL,OAAA;AAAsB,SAAAK,uBAAAC,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAEtB,MAAMG,GAAG,GAAG,IAAIC,YAAG,CAAC;EAAEC,SAAS,EAAE;AAAK,CAAC,CAAC;AACxC,MAAMC,gBAAgB,GAAG,CAAC;AAqC1B;AACA;AACA;AACA;AACA;AACA,MAAMC,sBAAsB,GAC1BC,WAAoC,IACR;EAC5B,OAAOA,WAAW,CAACC,MAAM,CACvB,CAACT,GAAG,EAAAU,IAAA,KAAkB;IAAA,IAAhB;MAAEC;IAAQ,CAAC,GAAAD,IAAA;IACf,MAAM,GAAGE,SAAS,EAAEC,UAAU,CAAC,GAAGF,OAAO;IACzCX,GAAG,CAACY,SAAS,CAAC,GAAGC,UAAU;IAC3B,OAAOb,GAAG;EACZ,CAAC,EACD,CAAC,CACH,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMc,gBAAgB,GAAGA,CACvBC,KAAe,EACfC,OAAY,KACW;EACvB,IAAIC,WAAW;EACf,IAAIC,YAAY;EAChBH,KAAK,CAACI,IAAI,CAAEC,UAAU,IAAK;IACzB,IAAI;MACF,MAAMC,MAAM,GAAG,IAAAC,sBAAQ,EAAC;QAAEC,IAAI,EAAEH,UAAU;QAAEI,IAAI,EAAER;MAAQ,CAAC,CAAC;MAC5D,IAAIK,MAAM,CAACI,MAAM,GAAG,CAAC,EAAE;QACrBR,WAAW,GAAGG,UAAU;QACxBF,YAAY,GAAGG,MAAM,CAAC,CAAC,CAAC;QACxB,OAAO,IAAI;MACb;IACF,CAAC,CAAC,OAAOK,KAAK,EAAE;MACd,MAAM,IAAIC,wBAAgB,CACvB,iBAAgBP,UAAW,wCAC9B,CAAC;IACH;IACA,OAAO,KAAK;EACd,CAAC,CAAC;EAEF,OAAO,CAACH,WAAW,EAAEC,YAAY,CAAC;AACpC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMU,gBAAgB,GAAIL,IAAY,IAAyB;EAC7D;EACA;EACA;EACA,MAAMM,KAAK,GAAG,yCAAyC;EAEvD,MAAMC,KAAK,GAAGP,IAAI,CAACO,KAAK,CAACD,KAAK,CAAC;EAC/B,IAAIC,KAAK,EAAE;IACT;IACA;IACA,OAAOA,KAAK,CAAC,CAAC,CAAC,IAAIA,KAAK,CAAC,CAAC,CAAC;EAC7B;;EAEA;;EAEA,MAAM,IAAIC,KAAK,CACZ,0BAAyBR,IAAK,wFACjC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMS,kCAAmE,GAC9EA,CAACC,eAAe,EAAEC,iBAAiB,EAAE1B,WAAW,KAAK;EAAA,IAAA2B,qBAAA;EACnD,IAAI,EAACF,eAAe,aAAfA,eAAe,gBAAAE,qBAAA,GAAfF,eAAe,CAAEG,WAAW,cAAAD,qBAAA,eAA5BA,qBAAA,CAA8BE,MAAM,GAAE;IACzC;IACA,OAAO;MACLC,mBAAmB,EAAE,EAAE;MACvBC,mBAAmB,EAAE,EAAE;MACvBC,sBAAsB,EAAEhC;IAC1B,CAAC;EACH;EACA,MAAMiC,kBAA4B,GAAG,EAAE;EACvC,MAAMC,kBAA4B,GAAG,EAAE;;EAEvC;EACA,MAAMC,oBAAoB,GAAGpC,sBAAsB,CAACC,WAAW,CAAC;;EAEhE;EACA;EACA,MAAMoC,cAAc,GAAGX,eAAe,CAACG,WAAW,CAACC,MAAM,CAACQ,KAAK,CAAEC,KAAK,IAAK;IACzE;IACA;IACA;IACA,IAAI,CAAC7B,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAChDgC,KAAK,CAACvB,IAAI,EACVoB,oBACF,CAAC;IAED,IAAI,CAAC1B,WAAW,EAAE;MAChB,CAACA,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAC5CgC,KAAK,CAACvB,IAAI,EACVW,iBACF,CAAC;MAED,IAAI,CAACjB,WAAW,EAAE;QAChB;QACA,OAAO6B,KAAK,aAALA,KAAK,uBAALA,KAAK,CAAEC,QAAQ;MACxB;IACF,CAAC,MAAM;MACL;MACA,MAAMnC,SAAS,GAAGgB,gBAAgB,CAACX,WAAW,CAAC;MAC/C,IAAIL,SAAS,EAAE;QACb,CAACkC,KAAK,aAALA,KAAK,eAALA,KAAK,CAAEC,QAAQ,GAAGL,kBAAkB,GAAGD,kBAAkB,EAAEO,IAAI,CAC9DpC,SACF,CAAC;MACH;IACF;;IAEA;IACA;IACA,IAAIkC,KAAK,CAACG,MAAM,EAAE;MAChB,IAAI;QACF,MAAMC,cAAc,GAAG/C,GAAG,CAACgD,OAAO,CAACL,KAAK,CAACG,MAAM,CAAC;QAChD,IAAI,CAACC,cAAc,CAAChC,YAAY,CAAC,EAAE;UACjC,MAAM,IAAIS,wBAAgB,CACvB,gBAAeT,YAAa,eAAcD,WAAY,4CACzD,CAAC;QACH;MACF,CAAC,CAAC,OAAOS,KAAK,EAAE;QACd,OAAO,KAAK;MACd;IACF;IACA;IACA;;IAEA,OAAO,IAAI;EACb,CAAC,CAAC;EAEF,IAAI,CAACkB,cAAc,EAAE;IACnB,MAAM,IAAIjB,wBAAgB,CACxB,iGACF,CAAC;EACH;;EAEA;;EAEA,MAAMW,mBAAmB,GAAG9B,WAAW,CAACyC,MAAM,CAAEG,UAAU,IACxDX,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CAAC,CAClE,CAAC;EAED,MAAMiC,mBAAmB,GAAG/B,WAAW,CAACyC,MAAM,CAAEG,UAAU,IACxDV,kBAAkB,CAACW,QAAQ,CAACD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CAAC,CAClE,CAAC;EAED,MAAMgD,oBAAoB,GAAG,EAC3BrB,eAAe,CAACG,WAAW,CAACmB,gBAAgB,KAAK,UAAU,CAC5D;EAED,MAAMf,sBAAsB,GAAGc,oBAAoB,GAC/C9C,WAAW,CAACyC,MAAM,CACfG,UAAU,IACT,CAACV,kBAAkB,CAACW,QAAQ,CAC1BD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CACrC,CAAC,IACD,CAACmC,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CAAC,CACrE,CAAC,GACD,EAAE;EAEN,OAAO;IACLgC,mBAAmB;IACnBC,mBAAmB;IACnBC;EACF,CAAC;AACH,CAAC;AAACgB,OAAA,CAAAxB,kCAAA,GAAAA,kCAAA;AASJ;AACA;AACA;AACA;AACA;AACA;AACO,MAAMyB,mBAAmB,GAAGA,CACjCxB,eAAgC,EAChCyB,uBAAiD,KAK9C;EACH,KAAK,MAAM;IACTC,MAAM;IACNC,UAAU;IACVC,KAAK;IACLrD;EACF,CAAC,IAAIkD,uBAAuB,EAAE;IAC5B,IAAI;MACF,MAAMI,mBAAmB,GAAG9B,kCAAkC,CAC5DC,eAAe,EACf4B,KAAK,CAAC7C,OAAO,EACbR,WACF,CAAC;MAED,OAAO;QACLuD,iBAAiB,EAAED,mBAAmB;QACtCE,aAAa,EAAEL,MAAM;QACrBM,iBAAiB,EAAEL;MACrB,CAAC;IACH,CAAC,CAAC,MAAM;MACN;MACA;IACF;EACF;EAEA,MAAM,IAAIM,+BAAuB,CAC/B,6DACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAbAV,OAAA,CAAAC,mBAAA,GAAAA,mBAAA;AAcO,MAAMU,wBAAkD,GAAG,MAAAA,CAChEC,gBAAgB,EAChBC,gBAAgB,KACb;EACH;EACA,MAAMX,uBAAuB,GAC3B,CAAAW,gBAAgB,aAAhBA,gBAAgB,uBAAhBA,gBAAgB,CAAEC,GAAG,CAACC,KAAA,IAA0B;IAAA,IAAzB,CAACZ,MAAM,EAAEC,UAAU,CAAC,GAAAW,KAAA;IACzC,MAAM;MAAEV,KAAK;MAAErD;IAAY,CAAC,GAAG,IAAAgE,aAAM,EAACZ,UAAU,CAAC;IACjD,OAAO;MAAED,MAAM;MAAEC,UAAU;MAAEC,KAAK;MAAErD;IAAY,CAAC;EACnD,CAAC,CAAC,KAAI,EAAE;EAEV,OAAOiE,OAAO,CAACC,GAAG,CAChBN,gBAAgB,CAACE,GAAG,CAAC,MAAOK,UAAU,IAAK;IAAA,IAAAC,kBAAA;IACzC,KAAAA,kBAAA,GAAID,UAAU,CAACE,MAAM,cAAAD,kBAAA,eAAjBA,kBAAA,CAAoB,WAAW,CAAC,EAAE;MACpC,IAAI,CAAClB,uBAAuB,CAACjC,MAAM,EAAE;QACnC,MAAM,IAAIyC,+BAAuB,CAC/B,wCACF,CAAC;MACH;MAEA,MAAM;QAAEH,iBAAiB;QAAEC,aAAa;QAAEC;MAAkB,CAAC,GAC3DR,mBAAmB,CAACkB,UAAU,EAAEjB,uBAAuB,CAAC;MAE1D,OAAO;QACLI,mBAAmB,EAAEC,iBAAiB;QACtC9B,eAAe,EAAE0C,UAAU;QAC3Bf,UAAU,EAAEK,iBAAiB;QAC7BN,MAAM,EAAEK;MACV,CAAC;IACH;IAEA,MAAM,IAAIE,+BAAuB,CAC9B,GAAES,UAAU,CAACE,MAAO,2BACvB,CAAC;EACH,CAAC,CACH,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAbArB,OAAA,CAAAW,wBAAA,GAAAA,wBAAA;AAcO,MAAMW,0BAAsD,GAAG,MAAAA,CACpEC,wBAAwB,EACxBC,KAAK,EACLC,SAAS,KACN;EACH,OAAOR,OAAO,CAACC,GAAG,CAChBK,wBAAwB,CAACT,GAAG,CAAC,MAAOY,IAAI,IAAK;IAAA,IAAAC,mBAAA;IAC3C,MAAMR,UAAU,GAAGO,IAAI,CAACjD,eAAe;IAEvC,KAAAkD,mBAAA,GAAIR,UAAU,CAACE,MAAM,cAAAM,mBAAA,eAAjBA,mBAAA,CAAoB,WAAW,CAAC,EAAE;MACpC,MAAM;QAAEC;MAAS,CAAC,GAAG,MAAM,IAAAC,qBAAc,EAACL,KAAK,EAAEC,SAAS,EAAE,CAC1DC,IAAI,CAACtB,UAAU,EACfsB,IAAI,CAACI,eAAe,EACpB,IAAAC,8BAAsB,EAACL,IAAI,CAACvB,MAAM,CAAC,CACpC,CAAC;MAEF,OAAO;QACL2B,eAAe,EAAEJ,IAAI,CAACI,eAAe;QACrCrD,eAAe,EAAE0C,UAAU;QAC3Ba,OAAO,EAAEJ,QAAQ;QACjBP,MAAM,EAAE;MACV,CAAC;IACH;IAEA,MAAM,IAAIX,+BAAuB,CAC9B,GAAES,UAAU,CAACE,MAAO,2BACvB,CAAC;EACH,CAAC,CACH,CAAC;AACH,CAAC;AAACrB,OAAA,CAAAsB,0BAAA,GAAAA,0BAAA"}

package/lib/commonjs/credential/presentation/08-send-authorization-response.js ADDED Viewed

@@ -0,0 +1,170 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.sendLegacyAuthorizationResponse = exports.sendAuthorizationResponse = exports.choosePublicKeyToEncrypt = exports.buildDirectPostJwtBody = exports.AuthorizationResponse = void 0;
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
+var _retrieveRpJwks = require("./04-retrieve-rp-jwks");
+var _errors = require("./errors");
+var _misc = require("../../utils/misc");
+var z = _interopRequireWildcard(require("zod"));
+function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
+function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+const AuthorizationResponse = z.object({
+  status: z.string().optional(),
+  response_code: z.string() /**
+                            FIXME: [SIW-627] we expect this value from every RP implementation
+                            Actually some RP does not return the value
+                            We make it optional to not break the flow.
+                            */.optional(),
+  redirect_uri: z.string().optional()
+});
+/**
+ * Selects a public key (with `use = enc`) from the set of JWK keys
+ * offered by the Relying Party (RP) for encryption.
+ *
+ * @param rpJwkKeys - The array of JWKs retrieved from the RP entity configuration.
+ * @returns The first suitable public key found in the list.
+ * @throws {NoSuitableKeysFoundInEntityConfiguration} If no suitable encryption key is found.
+ */
+exports.AuthorizationResponse = AuthorizationResponse;
+const choosePublicKeyToEncrypt = rpJwkKeys => {
+  const encKey = rpJwkKeys.find(jwk => jwk.use === "enc");
+  if (encKey) {
+    return encKey;
+  }
+  // No suitable key found
+  throw new _errors.NoSuitableKeysFoundInEntityConfiguration("No suitable public key found for encryption.");
+};
+/**
+ * Builds a URL-encoded form body for a direct POST response using JWT encryption.
+ *
+ * @param jwkKeys - Array of JWKs from the Relying Party for encryption.
+ * @param requestObject - Contains state, nonce, and other relevant info.
+ * @param payload - Object that contains the VP token to encrypt and the mapping of the credential disclosures
+ * @returns A URL-encoded string for an `application/x-www-form-urlencoded` POST body, where `response` contains the encrypted JWE.
+ */
+exports.choosePublicKeyToEncrypt = choosePublicKeyToEncrypt;
+const buildDirectPostJwtBody = async (requestObject, rpConf, payload) => {
+  // Prepare the authorization response payload to be encrypted
+  const authzResponsePayload = JSON.stringify({
+    state: requestObject.state,
+    ...payload
+  });
+  // Choose a suitable public key for encryption
+  const {
+    keys
+  } = (0, _retrieveRpJwks.getJwksFromConfig)(rpConf.metadata);
+  const encPublicJwk = choosePublicKeyToEncrypt(keys);
+  // Encrypt the authorization payload
+  const {
+    authorization_encrypted_response_alg,
+    authorization_encrypted_response_enc
+  } = rpConf.metadata.openid_credential_verifier;
+  const encryptedResponse = await new _ioReactNativeJwt.EncryptJwe(authzResponsePayload, {
+    alg: authorization_encrypted_response_alg || "RSA-OAEP-256",
+    enc: authorization_encrypted_response_enc || "A256CBC-HS512",
+    kid: encPublicJwk.kid
+  }).encrypt(encPublicJwk);
+  // Build the x-www-form-urlencoded form body
+  const formBody = new URLSearchParams({
+    response: encryptedResponse,
+    ...(requestObject.state ? {
+      state: requestObject.state
+    } : {})
+  });
+  return formBody.toString();
+};
+/**
+ * Type definition for the function that sends the authorization response
+ * to the Relying Party, completing the presentation flow.
+ * Use with `presentation_definition`.
+ * @deprecated Use `sendAuthorizationResponse`
+ */
+exports.buildDirectPostJwtBody = buildDirectPostJwtBody;
+/**
+ * Sends the authorization response to the Relying Party (RP) using the specified `response_mode`.
+ * This function completes the presentation flow in an OpenID 4 Verifiable Presentations scenario.
+ *
+ * @param requestObject - The request details, including presentation requirements.
+ * @param presentationDefinition - The definition of the expected presentation.
+ * @param jwkKeys - Array of JWKs from the Relying Party for optional encryption.
+ * @param presentation - Tuple with verifiable credential, claims, and crypto context.
+ * @param context - Contains optional custom fetch implementation.
+ * @returns Parsed and validated authorization response from the Relying Party.
+ */
+const sendLegacyAuthorizationResponse = async function (requestObject, presentationDefinitionId, remotePresentations, rpConf) {
+  var _remotePresentations$;
+  let {
+    appFetch = fetch
+  } = arguments.length > 4 && arguments[4] !== undefined ? arguments[4] : {};
+  /**
+   * 1. Prepare the VP token and presentation submission
+   * If there is only one credential, `vpToken` is a single string.
+   * If there are multiple credential, `vpToken` is an array of string.
+   **/
+  const vp_token = (remotePresentations === null || remotePresentations === void 0 ? void 0 : remotePresentations.length) === 1 ? (_remotePresentations$ = remotePresentations[0]) === null || _remotePresentations$ === void 0 ? void 0 : _remotePresentations$.vpToken : remotePresentations.map(remotePresentation => remotePresentation.vpToken);
+  const descriptor_map = remotePresentations.map((remotePresentation, index) => ({
+    id: remotePresentation.inputDescriptor.id,
+    path: remotePresentations.length === 1 ? `$` : `$[${index}]`,
+    format: remotePresentation.format
+  }));
+  const presentation_submission = {
+    id: _reactNativeUuid.default.v4(),
+    definition_id: presentationDefinitionId,
+    descriptor_map
+  };
+  const requestBody = await buildDirectPostJwtBody(requestObject, rpConf, {
+    vp_token,
+    presentation_submission
+  });
+  // 3. Send the authorization response via HTTP POST and validate the response
+  return await appFetch(requestObject.response_uri, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded"
+    },
+    body: requestBody
+  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.json()).then(AuthorizationResponse.parse);
+};
+/**
+ * Type definition for the function that sends the authorization response
+ * to the Relying Party, completing the presentation flow.
+ * Use with DCQL queries.
+ */
+exports.sendLegacyAuthorizationResponse = sendLegacyAuthorizationResponse;
+const sendAuthorizationResponse = async function (requestObject, remotePresentations, rpConf) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {};
+  // 1. Prepare the VP token as a JSON object with keys corresponding to the DCQL query credential IDs
+  const requestBody = await buildDirectPostJwtBody(requestObject, rpConf, {
+    vp_token: remotePresentations.reduce((acc, presentation) => ({
+      ...acc,
+      [presentation.credentialId]: presentation.vpToken
+    }), {})
+  });
+  // 2. Send the authorization response via HTTP POST and validate the response
+  return await appFetch(requestObject.response_uri, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded"
+    },
+    body: requestBody
+  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.json()).then(AuthorizationResponse.parse);
+};
+exports.sendAuthorizationResponse = sendAuthorizationResponse;
+//# sourceMappingURL=08-send-authorization-response.js.map

package/lib/commonjs/credential/presentation/08-send-authorization-response.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_ioReactNativeJwt","require","_reactNativeUuid","_interopRequireDefault","_retrieveRpJwks","_errors","_misc","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","AuthorizationResponse","object","status","string","optional","response_code","redirect_uri","exports","choosePublicKeyToEncrypt","rpJwkKeys","encKey","find","jwk","use","NoSuitableKeysFoundInEntityConfiguration","buildDirectPostJwtBody","requestObject","rpConf","payload","authzResponsePayload","JSON","stringify","state","keys","getJwksFromConfig","metadata","encPublicJwk","authorization_encrypted_response_alg","authorization_encrypted_response_enc","openid_credential_verifier","encryptedResponse","EncryptJwe","alg","enc","kid","encrypt","formBody","URLSearchParams","response","toString","sendLegacyAuthorizationResponse","presentationDefinitionId","remotePresentations","_remotePresentations$","appFetch","fetch","arguments","length","undefined","vp_token","vpToken","map","remotePresentation","descriptor_map","index","id","inputDescriptor","path","format","presentation_submission","uuid","v4","definition_id","requestBody","response_uri","method","headers","body","then","hasStatusOrThrow","res","json","parse","sendAuthorizationResponse","reduce","acc","presentation","credentialId"],"sourceRoot":"../../../../src","sources":["credential/presentation/08-send-authorization-response.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,eAAA,GAAAH,OAAA;AAEA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AAOA,IAAAM,CAAA,GAAAC,uBAAA,CAAAP,OAAA;AAAyB,SAAAQ,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAAA,SAAAjB,uBAAAW,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAKlB,MAAMiB,qBAAqB,GAAGxB,CAAC,CAACyB,MAAM,CAAC;EAC5CC,MAAM,EAAE1B,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC7BC,aAAa,EAAE7B,CAAC,CACb2B,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTC,QAAQ,CAAC,CAAC;EACbE,YAAY,EAAE9B,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC;AACpC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAG,OAAA,CAAAP,qBAAA,GAAAA,qBAAA;AAQO,MAAMQ,wBAAwB,GACnCC,SAAiC,IACzB;EACR,MAAMC,MAAM,GAAGD,SAAS,CAACE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,CAAC;EAEzD,IAAIH,MAAM,EAAE;IACV,OAAOA,MAAM;EACf;;EAEA;EACA,MAAM,IAAII,gDAAwC,CAChD,8CACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAP,OAAA,CAAAC,wBAAA,GAAAA,wBAAA;AAQO,MAAMO,sBAAsB,GAAG,MAAAA,CACpCC,aAAwD,EACxDC,MAAkD,EAClDC,OAA8E,KAC1D;EAGpB;EACA,MAAMC,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEN,aAAa,CAACM,KAAK;IAC1B,GAAGJ;EACL,CAAC,CAAC;;EAEF;EACA,MAAM;IAAEK;EAAK,CAAC,GAAG,IAAAC,iCAAiB,EAACP,MAAM,CAACQ,QAAQ,CAAC;EACnD,MAAMC,YAAY,GAAGlB,wBAAwB,CAACe,IAAI,CAAC;;EAEnD;EACA,MAAM;IACJI,oCAAoC;IACpCC;EACF,CAAC,GAAGX,MAAM,CAACQ,QAAQ,CAACI,0BAA0B;EAE9C,MAAMC,iBAAiB,GAAG,MAAM,IAAIC,4BAAU,CAACZ,oBAAoB,EAAE;IACnEa,GAAG,EAAGL,oCAAoC,IAAmB,cAAc;IAC3EM,GAAG,EACAL,oCAAoC,IAAmB,eAAe;IACzEM,GAAG,EAAER,YAAY,CAACQ;EACpB,CAAC,CAAC,CAACC,OAAO,CAACT,YAAY,CAAC;;EAExB;EACA,MAAMU,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCC,QAAQ,EAAER,iBAAiB;IAC3B,IAAId,aAAa,CAACM,KAAK,GAAG;MAAEA,KAAK,EAAEN,aAAa,CAACM;IAAM,CAAC,GAAG,CAAC,CAAC;EAC/D,CAAC,CAAC;EACF,OAAOc,QAAQ,CAACG,QAAQ,CAAC,CAAC;AAC5B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AALAhC,OAAA,CAAAQ,sBAAA,GAAAA,sBAAA;AAgBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMyB,+BAAgE,GAC3E,eAAAA,CACExB,aAAa,EACbyB,wBAAwB,EACxBC,mBAAmB,EACnBzB,MAAM,EAE6B;EAAA,IAAA0B,qBAAA;EAAA,IADnC;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB;AACJ;AACA;AACA;AACA;EACI,MAAMG,QAAQ,GACZ,CAAAP,mBAAmB,aAAnBA,mBAAmB,uBAAnBA,mBAAmB,CAAEK,MAAM,MAAK,CAAC,IAAAJ,qBAAA,GAC7BD,mBAAmB,CAAC,CAAC,CAAC,cAAAC,qBAAA,uBAAtBA,qBAAA,CAAwBO,OAAO,GAC/BR,mBAAmB,CAACS,GAAG,CACpBC,kBAAkB,IAAKA,kBAAkB,CAACF,OAC7C,CAAC;EAEP,MAAMG,cAAc,GAAGX,mBAAmB,CAACS,GAAG,CAC5C,CAACC,kBAAkB,EAAEE,KAAK,MAAM;IAC9BC,EAAE,EAAEH,kBAAkB,CAACI,eAAe,CAACD,EAAE;IACzCE,IAAI,EAAEf,mBAAmB,CAACK,MAAM,KAAK,CAAC,GAAI,GAAE,GAAI,KAAIO,KAAM,GAAE;IAC5DI,MAAM,EAAEN,kBAAkB,CAACM;EAC7B,CAAC,CACH,CAAC;EAED,MAAMC,uBAAuB,GAAG;IAC9BJ,EAAE,EAAEK,wBAAI,CAACC,EAAE,CAAC,CAAC;IACbC,aAAa,EAAErB,wBAAwB;IACvCY;EACF,CAAC;EAED,MAAMU,WAAW,GAAG,MAAMhD,sBAAsB,CAACC,aAAa,EAAEC,MAAM,EAAE;IACtEgC,QAAQ;IACRU;EACF,CAAC,CAAC;;EAEF;EACA,OAAO,MAAMf,QAAQ,CAAC5B,aAAa,CAACgD,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEJ;EACR,CAAC,CAAC,CACCK,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAACpE,qBAAqB,CAACwE,KAAK,CAAC;AACtC,CAAC;;AAEH;AACA;AACA;AACA;AACA;AAJAjE,OAAA,CAAAiC,+BAAA,GAAAA,+BAAA;AAcO,MAAMiC,yBAAoD,GAAG,eAAAA,CAClEzD,aAAa,EACb0B,mBAAmB,EACnBzB,MAAM,EAE6B;EAAA,IADnC;IAAE2B,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB;EACA,MAAMiB,WAAW,GAAG,MAAMhD,sBAAsB,CAACC,aAAa,EAAEC,MAAM,EAAE;IACtEgC,QAAQ,EAAEP,mBAAmB,CAACgC,MAAM,CAClC,CAACC,GAAG,EAAEC,YAAY,MAAM;MACtB,GAAGD,GAAG;MACN,CAACC,YAAY,CAACC,YAAY,GAAGD,YAAY,CAAC1B;IAC5C,CAAC,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC;;EAEF;EACA,OAAO,MAAMN,QAAQ,CAAC5B,aAAa,CAACgD,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEJ;EACR,CAAC,CAAC,CACCK,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAACpE,qBAAqB,CAACwE,KAAK,CAAC;AACtC,CAAC;AAACjE,OAAA,CAAAkE,yBAAA,GAAAA,yBAAA"}

package/lib/commonjs/credential/presentation/errors.js CHANGED Viewed

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.NoSuitableKeysFoundInEntityConfiguration = exports.AuthRequestDecodeError = void 0;
+exports.UnverifiedEntityError = exports.NoSuitableKeysFoundInEntityConfiguration = exports.MissingDataError = exports.InvalidQRCodeError = exports.CredentialNotFoundError = exports.AuthRequestDecodeError = void 0;
 var _errors = require("../../utils/errors");
 /**
  * An error subclass thrown when auth request decode fail
@@ -45,5 +45,73 @@ class NoSuitableKeysFoundInEntityConfiguration extends _errors.IoWalletError {
     super(message);
   }
 }
+/**
+ * When a QR code is not valid.
+ *
+ */
 exports.NoSuitableKeysFoundInEntityConfiguration = NoSuitableKeysFoundInEntityConfiguration;
+class InvalidQRCodeError extends _errors.IoWalletError {
+  code = "ERR_INVALID_QR_CODE";
+  /**
+   * @param detail A description of why the QR code is considered invalid.
+   */
+  constructor(detail) {
+    const message = `QR code is not valid: ${detail}.`;
+    super(message);
+  }
+}
+/**
+ * When the entity is unverified because the Relying Party is not trusted.
+ *
+ */
+exports.InvalidQRCodeError = InvalidQRCodeError;
+class UnverifiedEntityError extends _errors.IoWalletError {
+  code = "ERR_UNVERIFIED_RP_ENTITY";
+  /**
+   * @param reason A description of why the entity cannot be verified.
+   */
+  constructor(reason) {
+    const message = `Unverified entity: ${reason}.`;
+    super(message);
+  }
+}
+/**
+ * When some required data is missing to continue because certain attributes are not contained inside the wallet.
+ *
+ */
+exports.UnverifiedEntityError = UnverifiedEntityError;
+class MissingDataError extends _errors.IoWalletError {
+  code = "ERR_MISSING_DATA";
+  /**
+   * @param missingAttributes An array or description of the attributes that are missing.
+   */
+  constructor(missingAttributes) {
+    const message = `Some required data is missing: ${missingAttributes}.`;
+    super(message);
+  }
+}
+/**
+ * When a credential is not found in the wallet.
+ *
+ */
+exports.MissingDataError = MissingDataError;
+class CredentialNotFoundError extends _errors.IoWalletError {
+  code = "ERR_CREDENTIAL_NOT_FOUND";
+  /**
+   * @param credentialId The ID of the credential that was not found.
+   */
+  constructor(credentialId) {
+    const message = `Credential not found: ${credentialId}.`;
+    super(message);
+  }
+}
+exports.CredentialNotFoundError = CredentialNotFoundError;
 //# sourceMappingURL=errors.js.map

package/lib/commonjs/credential/presentation/errors.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["_errors","require","AuthRequestDecodeError","IoWalletError","code","constructor","message","claim","arguments","length","undefined","reason","serializeAttrs","exports","NoSuitableKeysFoundInEntityConfiguration","scenario"],"sourceRoot":"../../../../src","sources":["credential/presentation/errors.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAEA;AACA;AACA;AACA;AACO,MAAMC,sBAAsB,SAASC,qBAAa,CAAC;EACxDC,IAAI,GAAG,oDAAoD;;EAE3D;;EAGA;;EAGAC,WAAWA,CACTC,OAAe,EAGf;IAAA,IAFAC,KAAa,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAC7BG,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAE9B,KAAK,CAAC,IAAAI,sBAAc,EAAC;MAAEN,OAAO;MAAEC,KAAK;MAAEI;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACJ,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AAHAE,OAAA,CAAAX,sBAAA,GAAAA,sBAAA;AAIO,MAAMY,wCAAwC,SAASX,qBAAa,CAAC;EAC1EC,IAAI,GAAG,gCAAgC;;EAEvC;AACF;AACA;EACEC,WAAWA,CAACU,QAAgB,EAAE;IAC5B,MAAMT,OAAO,GAAI,0DAAyDS,QAAS,IAAG;IACtF,KAAK,CAACT,OAAO,CAAC;EAChB;AACF;~~AAACO~~,OAAA,CAAAC,wCAAA,GAAAA,wCAAA"}
1	+ {"version":3,"names":["_errors","require","AuthRequestDecodeError","IoWalletError","code","constructor","message","claim","arguments","length","undefined","reason","serializeAttrs","exports","NoSuitableKeysFoundInEntityConfiguration","scenario","InvalidQRCodeError","detail","UnverifiedEntityError","MissingDataError","missingAttributes","CredentialNotFoundError","credentialId"],"sourceRoot":"../../../../src","sources":["credential/presentation/errors.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAEA;AACA;AACA;AACA;AACO,MAAMC,sBAAsB,SAASC,qBAAa,CAAC;EACxDC,IAAI,GAAG,oDAAoD;;EAE3D;;EAGA;;EAGAC,WAAWA,CACTC,OAAe,EAGf;IAAA,IAFAC,KAAa,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAC7BG,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAE9B,KAAK,CAAC,IAAAI,sBAAc,EAAC;MAAEN,OAAO;MAAEC,KAAK;MAAEI;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACJ,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AAHAE,OAAA,CAAAX,sBAAA,GAAAA,sBAAA;AAIO,MAAMY,wCAAwC,SAASX,qBAAa,CAAC;EAC1EC,IAAI,GAAG,gCAAgC;;EAEvC;AACF;AACA;EACEC,WAAWA,CAACU,QAAgB,EAAE;IAC5B,MAAMT,OAAO,GAAI,0DAAyDS,QAAS,IAAG;IACtF,KAAK,CAACT,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AAHAO,OAAA,CAAAC,wCAAA,GAAAA,wCAAA;AAIO,MAAME,kBAAkB,SAASb,qBAAa,CAAC;EACpDC,IAAI,GAAG,qBAAqB;;EAE5B;AACF;AACA;EACEC,WAAWA,CAACY,MAAc,EAAE;IAC1B,MAAMX,OAAO,GAAI,yBAAwBW,MAAO,GAAE;IAClD,KAAK,CAACX,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AAHAO,OAAA,CAAAG,kBAAA,GAAAA,kBAAA;AAIO,MAAME,qBAAqB,SAASf,qBAAa,CAAC;EACvDC,IAAI,GAAG,0BAA0B;;EAEjC;AACF;AACA;EACEC,WAAWA,CAACM,MAAc,EAAE;IAC1B,MAAML,OAAO,GAAI,sBAAqBK,MAAO,GAAE;IAC/C,KAAK,CAACL,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AAHAO,OAAA,CAAAK,qBAAA,GAAAA,qBAAA;AAIO,MAAMC,gBAAgB,SAAShB,qBAAa,CAAC;EAClDC,IAAI,GAAG,kBAAkB;;EAEzB;AACF;AACA;EACEC,WAAWA,CAACe,iBAAyB,EAAE;IACrC,MAAMd,OAAO,GAAI,kCAAiCc,iBAAkB,GAAE;IACtE,KAAK,CAACd,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AAHAO,OAAA,CAAAM,gBAAA,GAAAA,gBAAA;AAIO,MAAME,uBAAuB,SAASlB,qBAAa,CAAC;EACzDC,IAAI,GAAG,0BAA0B;;EAEjC;AACF;AACA;EACEC,WAAWA,CAACiB,YAAoB,EAAE;IAChC,MAAMhB,OAAO,GAAI,yBAAwBgB,YAAa,GAAE;IACxD,KAAK,CAAChB,OAAO,CAAC;EAChB;AACF;AAACO,OAAA,CAAAQ,uBAAA,GAAAA,uBAAA"}

package/lib/commonjs/credential/presentation/index.js CHANGED Viewed

@@ -4,12 +4,30 @@ Object.defineProperty(exports, "__esModule", {
   value: true
 });
 exports.Errors = void 0;
+Object.defineProperty(exports, "evaluateInputDescriptorForSdJwt4VC", {
+  enumerable: true,
+  get: function () {
+    return _evaluateInputDescriptor.evaluateInputDescriptorForSdJwt4VC;
+  }
+});
 Object.defineProperty(exports, "evaluateRelyingPartyTrust", {
   enumerable: true,
   get: function () {
     return _evaluateRpTrust.evaluateRelyingPartyTrust;
   }
 });
+Object.defineProperty(exports, "fetchPresentDefinition", {
+  enumerable: true,
+  get: function () {
+    return _fetchPresentationDefinition.fetchPresentDefinition;
+  }
+});
+Object.defineProperty(exports, "getJwksFromConfig", {
+  enumerable: true,
+  get: function () {
+    return _retrieveRpJwks.getJwksFromConfig;
+  }
+});
 Object.defineProperty(exports, "getRequestObject", {
   enumerable: true,
   get: function () {
@@ -28,10 +46,20 @@ Object.defineProperty(exports, "startFlowFromQR", {
     return _startFlow.startFlowFromQR;
   }
 });
+Object.defineProperty(exports, "verifyRequestObject", {
+  enumerable: true,
+  get: function () {
+    return _verifyRequestObject.verifyRequestObject;
+  }
+});
 var _startFlow = require("./01-start-flow");
 var _evaluateRpTrust = require("./02-evaluate-rp-trust");
 var _getRequestObject = require("./03-get-request-object");
-var _sendAuthorizationResponse = require("./04-send-authorization-response");
+var _retrieveRpJwks = require("./04-retrieve-rp-jwks");
+var _verifyRequestObject = require("./05-verify-request-object");
+var _fetchPresentationDefinition = require("./06-fetch-presentation-definition");
+var _evaluateInputDescriptor = require("./07-evaluate-input-descriptor");
+var _sendAuthorizationResponse = require("./08-send-authorization-response");
 var Errors = _interopRequireWildcard(require("./errors"));
 exports.Errors = Errors;
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }

package/lib/commonjs/credential/presentation/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["_startFlow","require","_evaluateRpTrust","_getRequestObject","_sendAuthorizationResponse","Errors","_interopRequireWildcard","exports","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../../../src","sources":["credential/presentation/index.ts"],"mappings":"~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~AAAA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAD,OAAA;AAIA,IAAAE,iBAAA,GAAAF,OAAA;AAIA,IAAAG,~~0BAAA~~,GAAAH,OAAA;~~AAIA~~,IAAAI,MAAA,GAAAC,uBAAA,~~CAAAL~~,OAAA;~~AAAmCM~~,OAAA,CAAAF,MAAA,GAAAA,MAAA;AAAA,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}
1	+ {"version":3,"names":["_startFlow","require","_evaluateRpTrust","_getRequestObject","_retrieveRpJwks","_verifyRequestObject","_fetchPresentationDefinition","_evaluateInputDescriptor","_sendAuthorizationResponse","Errors","_interopRequireWildcard","exports","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../../../src","sources":["credential/presentation/index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAD,OAAA;AAIA,IAAAE,iBAAA,GAAAF,OAAA;AAIA,IAAAG,eAAA,GAAAH,OAAA;AACA,IAAAI,oBAAA,GAAAJ,OAAA;AAIA,IAAAK,4BAAA,GAAAL,OAAA;AAIA,IAAAM,wBAAA,GAAAN,OAAA;AAIA,IAAAO,0BAAA,GAAAP,OAAA;AAIA,IAAAQ,MAAA,GAAAC,uBAAA,CAAAT,OAAA;AAAmCU,OAAA,CAAAF,MAAA,GAAAA,MAAA;AAAA,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}