@pagopa/io-react-native-wallet 0.27.1 → 0.28.1

package/lib/commonjs/credential/presentation/types.js

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.RequestObject = void 0;
+exports.WalletMetadata = exports.RequestObjectWalletCapabilities = exports.RequestObject = exports.PresentationDefinition = exports.LegacyDirectAuthorizationBodyPayload = exports.InputDescriptor = exports.DirectAuthorizationBodyPayload = void 0;
 var _types = require("../../sd-jwt/types");
 var z = _interopRequireWildcard(require("zod"));
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
@@ -12,6 +12,81 @@ function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj &&
  * A pair that associate a tokenized Verified Credential with the claims presented or requested to present.
  */
 
+/**
+ * A object that associate the information needed to multiple remote presentation
+ * Used with `presentation_definition`
+ * @deprecated Use `RemotePresentation`
+ */
+
+/**
+ * A object that associate the information needed to multiple remote presentation
+ * Used with DCQL queries
+ */
+
+const Fields = z.object({
+  path: z.array(z.string().min(1)),
+  // Array of JSONPath string expressions
+  id: z.string().optional(),
+  // Unique string ID
+  purpose: z.string().optional(),
+  // Purpose of the field
+  name: z.string().optional(),
+  // Human-friendly name
+  filter: z.any().optional(),
+  // JSON Schema descriptor for filtering
+  optional: z.boolean().optional(),
+  // Boolean indicating if the field is optional
+  intent_to_retain: z.boolean().optional() // Boolean indicating that the Verifier intends to retain the Claim's data being requested
+});
+
+// Define the Constraints Object Schema
+const Constraints = z.object({
+  fields: z.array(Fields).optional(),
+  // Array of Field Objects
+  limit_disclosure: z.enum(["required", "preferred"]).optional() // Limit disclosure property
+});
+
+// Define the Input Descriptor Object Schema
+
+const InputDescriptor = z.object({
+  id: z.string().min(1),
+  // Mandatory unique string ID
+  name: z.string().optional(),
+  // Human-friendly name
+  purpose: z.string().optional(),
+  // Purpose of the schema
+  format: z.record(z.string(), z.any()).optional(),
+  // Object with Claim Format Designations
+  constraints: Constraints,
+  // Constraints Object (mandatory)
+  group: z.string().optional() // Match one of the grouping strings listed in the "from" values of a Submission Requirement Rule
+});
+exports.InputDescriptor = InputDescriptor;
+const SubmissionRequirement = z.object({
+  name: z.string().optional(),
+  purpose: z.string().optional(),
+  rule: z.string(),
+  // "all": all group's rules must be present, or "pick": at least group's "count" rules must be present
+  from: z.string().optional(),
+  // MUST contain either a "from" or "from_nested" property
+  from_nested: z.array(z.object({
+    name: z.string().optional(),
+    purpose: z.string().optional(),
+    rule: z.string(),
+    from: z.string()
+  })).optional(),
+  count: z.number().optional()
+  //"count", "min", and "max" may be present with a "pick" rule
+});
+
+const PresentationDefinition = z.object({
+  id: z.string(),
+  name: z.string().optional(),
+  purpose: z.string().optional(),
+  input_descriptors: z.array(InputDescriptor),
+  submission_requirements: z.array(SubmissionRequirement).optional()
+});
+exports.PresentationDefinition = PresentationDefinition;
 const RequestObject = z.object({
   iss: z.string(),
   iat: _types.UnixTime,
@@ -19,11 +94,57 @@ const RequestObject = z.object({
   state: z.string(),
   nonce: z.string(),
   response_uri: z.string(),
+  response_uri_method: z.string().optional(),
   response_type: z.literal("vp_token"),
   response_mode: z.literal("direct_post.jwt"),
   client_id: z.string(),
-  client_id_scheme: z.literal("entity_id"),
-  scope: z.string()
+  dcql_query: z.record(z.string(), z.any()).optional(),
+  // Validation happens within the `dcql` library, no need to duplicate it here
+  scope: z.string().optional(),
+  presentation_definition: PresentationDefinition.optional()
 });
 exports.RequestObject = RequestObject;
+const WalletMetadata = z.object({
+  presentation_definition_uri_supported: z.boolean().optional(),
+  client_id_schemes_supported: z.array(z.string()).optional(),
+  request_object_signing_alg_values_supported: z.array(z.string()).optional(),
+  vp_formats_supported: z.record(z.string(),
+  // TODO [SIW-2110]: use explicit credential format?
+  z.object({
+    "sd-jwt_alg_values": z.array(z.string()).optional() // alg_values_supported?
+  }))
+  // TODO [SIW-2110]: include other metadata?
+});
+
+/**
+ * Wallet capabilities that must be submitted to get the Request Object
+ * via POST request when the `request_uri_method` is `post`.
+ */
+exports.WalletMetadata = WalletMetadata;
+const RequestObjectWalletCapabilities = z.object({
+  wallet_metadata: WalletMetadata,
+  wallet_nonce: z.string().optional()
+});
+
+/**
+ * Authorization Response payload when using `presentation_definition`.
+ * @deprecated Use `DirectAuthorizationBodyPayload`
+ */
+exports.RequestObjectWalletCapabilities = RequestObjectWalletCapabilities;
+/**
+ * @deprecated Use `DirectAuthorizationBodyPayload`
+ */
+const LegacyDirectAuthorizationBodyPayload = z.object({
+  vp_token: z.union([z.string(), z.array(z.string())]).optional(),
+  presentation_submission: z.record(z.string(), z.unknown())
+});
+
+/**
+ * Authorization Response payload when using DCQL queries.
+ */
+exports.LegacyDirectAuthorizationBodyPayload = LegacyDirectAuthorizationBodyPayload;
+const DirectAuthorizationBodyPayload = z.object({
+  vp_token: z.record(z.string(), z.string())
+});
+exports.DirectAuthorizationBodyPayload = DirectAuthorizationBodyPayload;
 //# sourceMappingURL=types.js.map

package/lib/commonjs/credential/presentation/types.js.map

@@ -1 +1 @@
-{"version":3,"names":["_types","require","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","RequestObject","object","iss","string","iat","UnixTime","exp","state","nonce","response_uri","response_type","literal","response_mode","client_id","client_id_scheme","scope","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":";;;;;;AACA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;AAAyB,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEzB;AACA;AACA;;AAQO,MAAMW,aAAa,GAAGxB,CAAC,CAACyB,MAAM,CAAC;EACpCC,GAAG,EAAE1B,CAAC,CAAC2B,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEC,eAAQ;EACbC,GAAG,EAAED,eAAQ;EACbE,KAAK,EAAE/B,CAAC,CAAC2B,MAAM,CAAC,CAAC;EACjBK,KAAK,EAAEhC,CAAC,CAAC2B,MAAM,CAAC,CAAC;EACjBM,YAAY,EAAEjC,CAAC,CAAC2B,MAAM,CAAC,CAAC;EACxBO,aAAa,EAAElC,CAAC,CAACmC,OAAO,CAAC,UAAU,CAAC;EACpCC,aAAa,EAAEpC,CAAC,CAACmC,OAAO,CAAC,iBAAiB,CAAC;EAC3CE,SAAS,EAAErC,CAAC,CAAC2B,MAAM,CAAC,CAAC;EACrBW,gBAAgB,EAAEtC,CAAC,CAACmC,OAAO,CAAC,WAAW,CAAC;EACxCI,KAAK,EAAEvC,CAAC,CAAC2B,MAAM,CAAC;AAClB,CAAC,CAAC;AAACa,OAAA,CAAAhB,aAAA,GAAAA,aAAA"}
+{"version":3,"names":["_types","require","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","Fields","object","path","array","string","min","id","optional","purpose","name","filter","any","boolean","intent_to_retain","Constraints","fields","limit_disclosure","enum","InputDescriptor","format","record","constraints","group","exports","SubmissionRequirement","rule","from","from_nested","count","number","PresentationDefinition","input_descriptors","submission_requirements","RequestObject","iss","iat","UnixTime","exp","state","nonce","response_uri","response_uri_method","response_type","literal","response_mode","client_id","dcql_query","scope","presentation_definition","WalletMetadata","presentation_definition_uri_supported","client_id_schemes_supported","request_object_signing_alg_values_supported","vp_formats_supported","RequestObjectWalletCapabilities","wallet_metadata","wallet_nonce","LegacyDirectAuthorizationBodyPayload","vp_token","union","presentation_submission","unknown","DirectAuthorizationBodyPayload"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":";;;;;;AACA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;AAAyB,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEzB;AACA;AACA;;AAOA;AACA;AACA;AACA;AACA;;AAQA;AACA;AACA;AACA;;AAQA,MAAMW,MAAM,GAAGxB,CAAC,CAACyB,MAAM,CAAC;EACtBC,IAAI,EAAE1B,CAAC,CAAC2B,KAAK,CAAC3B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAAC;EAAE;EAClCC,EAAE,EAAE9B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC3BC,OAAO,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCE,IAAI,EAAEjC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BG,MAAM,EAAElC,CAAC,CAACmC,GAAG,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAC5BA,QAAQ,EAAE/B,CAAC,CAACoC,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAAE;EAClCM,gBAAgB,EAAErC,CAAC,CAACoC,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC,CAAE;AAC5C,CAAC,CAAC;;AAEF;AACA,MAAMO,WAAW,GAAGtC,CAAC,CAACyB,MAAM,CAAC;EAC3Bc,MAAM,EAAEvC,CAAC,CAAC2B,KAAK,CAACH,MAAM,CAAC,CAACO,QAAQ,CAAC,CAAC;EAAE;EACpCS,gBAAgB,EAAExC,CAAC,CAACyC,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAACV,QAAQ,CAAC,CAAC,CAAE;AAClE,CAAC,CAAC;;AAEF;;AAEO,MAAMW,eAAe,GAAG1C,CAAC,CAACyB,MAAM,CAAC;EACtCK,EAAE,EAAE9B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC;EAAE;EACvBI,IAAI,EAAEjC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BC,OAAO,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCY,MAAM,EAAE3C,CAAC,CAAC4C,MAAM,CAAC5C,CAAC,CAAC4B,MAAM,CAAC,CAAC,EAAE5B,CAAC,CAACmC,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAClDc,WAAW,EAAEP,WAAW;EAAE;EAC1BQ,KAAK,EAAE9C,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;AAChC,CAAC,CAAC;AAACgB,OAAA,CAAAL,eAAA,GAAAA,eAAA;AAEH,MAAMM,qBAAqB,GAAGhD,CAAC,CAACyB,MAAM,CAAC;EACrCQ,IAAI,EAAEjC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BkB,IAAI,EAAEjD,CAAC,CAAC4B,MAAM,CAAC,CAAC;EAAE;EAClBsB,IAAI,EAAElD,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BoB,WAAW,EAAEnD,CAAC,CACX2B,KAAK,CACJ3B,CAAC,CAACyB,MAAM,CAAC;IACPQ,IAAI,EAAEjC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3BC,OAAO,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC9BkB,IAAI,EAAEjD,CAAC,CAAC4B,MAAM,CAAC,CAAC;IAChBsB,IAAI,EAAElD,CAAC,CAAC4B,MAAM,CAAC;EACjB,CAAC,CACH,CAAC,CACAG,QAAQ,CAAC,CAAC;EACbqB,KAAK,EAAEpD,CAAC,CAACqD,MAAM,CAAC,CAAC,CAACtB,QAAQ,CAAC;EAC3B;AACF,CAAC,CAAC;;AAGK,MAAMuB,sBAAsB,GAAGtD,CAAC,CAACyB,MAAM,CAAC;EAC7CK,EAAE,EAAE9B,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACdK,IAAI,EAAEjC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BwB,iBAAiB,EAAEvD,CAAC,CAAC2B,KAAK,CAACe,eAAe,CAAC;EAC3Cc,uBAAuB,EAAExD,CAAC,CAAC2B,KAAK,CAACqB,qBAAqB,CAAC,CAACjB,QAAQ,CAAC;AACnE,CAAC,CAAC;AAACgB,OAAA,CAAAO,sBAAA,GAAAA,sBAAA;AAGI,MAAMG,aAAa,GAAGzD,CAAC,CAACyB,MAAM,CAAC;EACpCiC,GAAG,EAAE1D,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACf+B,GAAG,EAAEC,eAAQ;EACbC,GAAG,EAAED,eAAQ;EACbE,KAAK,EAAE9D,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACjBmC,KAAK,EAAE/D,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACjBoC,YAAY,EAAEhE,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACxBqC,mBAAmB,EAAEjE,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC1CmC,aAAa,EAAElE,CAAC,CAACmE,OAAO,CAAC,UAAU,CAAC;EACpCC,aAAa,EAAEpE,CAAC,CAACmE,OAAO,CAAC,iBAAiB,CAAC;EAC3CE,SAAS,EAAErE,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACrB0C,UAAU,EAAEtE,CAAC,CAAC4C,MAAM,CAAC5C,CAAC,CAAC4B,MAAM,CAAC,CAAC,EAAE5B,CAAC,CAACmC,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EACtDwC,KAAK,EAAEvE,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC5ByC,uBAAuB,EAAElB,sBAAsB,CAACvB,QAAQ,CAAC;AAC3D,CAAC,CAAC;AAACgB,OAAA,CAAAU,aAAA,GAAAA,aAAA;AAGI,MAAMgB,cAAc,GAAGzE,CAAC,CAACyB,MAAM,CAAC;EACrCiD,qCAAqC,EAAE1E,CAAC,CAACoC,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAC7D4C,2BAA2B,EAAE3E,CAAC,CAAC2B,KAAK,CAAC3B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3D6C,2CAA2C,EAAE5E,CAAC,CAAC2B,KAAK,CAAC3B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3E8C,oBAAoB,EAAE7E,CAAC,CAAC4C,MAAM,CAC5B5C,CAAC,CAAC4B,MAAM,CAAC,CAAC;EAAE;EACZ5B,CAAC,CAACyB,MAAM,CAAC;IACP,mBAAmB,EAAEzB,CAAC,CAAC2B,KAAK,CAAC3B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;EACvD,CAAC,CACH;EACA;AACF,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AAHAgB,OAAA,CAAA0B,cAAA,GAAAA,cAAA;AAOO,MAAMK,+BAA+B,GAAG9E,CAAC,CAACyB,MAAM,CAAC;EACtDsD,eAAe,EAAEN,cAAc;EAC/BO,YAAY,EAAEhF,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC;AACpC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AAHAgB,OAAA,CAAA+B,+BAAA,GAAAA,+BAAA;AAOA;AACA;AACA;AACO,MAAMG,oCAAoC,GAAGjF,CAAC,CAACyB,MAAM,CAAC;EAC3DyD,QAAQ,EAAElF,CAAC,CAACmF,KAAK,CAAC,CAACnF,CAAC,CAAC4B,MAAM,CAAC,CAAC,EAAE5B,CAAC,CAAC2B,KAAK,CAAC3B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC/DqD,uBAAuB,EAAEpF,CAAC,CAAC4C,MAAM,CAAC5C,CAAC,CAAC4B,MAAM,CAAC,CAAC,EAAE5B,CAAC,CAACqF,OAAO,CAAC,CAAC;AAC3D,CAAC,CAAC;;AAEF;AACA;AACA;AAFAtC,OAAA,CAAAkC,oCAAA,GAAAA,oCAAA;AAMO,MAAMK,8BAA8B,GAAGtF,CAAC,CAACyB,MAAM,CAAC;EACrDyD,QAAQ,EAAElF,CAAC,CAAC4C,MAAM,CAAC5C,CAAC,CAAC4B,MAAM,CAAC,CAAC,EAAE5B,CAAC,CAAC4B,MAAM,CAAC,CAAC;AAC3C,CAAC,CAAC;AAACmB,OAAA,CAAAuC,8BAAA,GAAAA,8BAAA"}

package/lib/commonjs/sd-jwt/index.js

@@ -10,7 +10,7 @@ Object.defineProperty(exports, "SdJwt4VC", {
     return _types.SdJwt4VC;
   }
 });
-exports.verify = exports.disclose = exports.decode = void 0;
+exports.verify = exports.prepareVpToken = exports.disclose = exports.decode = void 0;
 var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
 var _types = require("./types");
 var _verifier = require("./verifier");
@@ -165,5 +165,45 @@ const verify = async (token, publicKey, customSchema) => {
     disclosures: decoded.disclosures.map(d => d.decoded)
   };
 };
+
+/**
+ * Prepares a Verified Presentation (VP) token to be sent as part of an
+ * authorization response in an OpenID 4 Verifiable Presentations flow.
+ *
+ * @param nonce - The nonce provided by the relying party.
+ * @param client_id - The client identifier of the relying party.
+ * @param presentation - An object containing the verifiable credential, the claims to disclose,
+ *                       and the cryptographic context for signing.
+ * @returns An object containing the signed VP token (`vp_token`).
+ *
+ * @remarks
+ *  1. The `disclose()` function is used to produce a token with only the requested claims.
+ *  2. A KB-JWT is then signed, including sd_hash and `nonce`.
+ *  3. The `vp_token` is composed of the disclosed VP and the KB-JWT.
+ */
 exports.verify = verify;
+const prepareVpToken = async (nonce, client_id, _ref2) => {
+  let [verifiableCredential, requestedClaims, cryptoContext] = _ref2;
+  // Produce a VP token with only requested claims from the verifiable credential
+  const {
+    token: vp
+  } = await disclose(verifiableCredential, requestedClaims);
+
+  // <Issuer-signed JWT>~<Disclosure 1>~<Disclosure N>~
+  const sd_hash = await (0, _ioReactNativeJwt.sha256ToBase64)(`${vp}~`);
+  const kbJwt = await new _ioReactNativeJwt.SignJWT(cryptoContext).setProtectedHeader({
+    typ: "kb+jwt",
+    alg: "ES256"
+  }).setPayload({
+    sd_hash,
+    nonce: nonce
+  }).setAudience(client_id).setIssuedAt().sign();
+
+  // <Issuer-signed JWT>~<Disclosure 1>~...~<Disclosure N>~<KB-JWT>
+  const vp_token = [vp, kbJwt].join("~");
+  return {
+    vp_token
+  };
+};
+exports.prepareVpToken = prepareVpToken;
 //# sourceMappingURL=index.js.map

package/lib/commonjs/sd-jwt/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["_ioReactNativeJwt","require","_types","_verifier","Errors","_interopRequireWildcard","exports","_jsBase","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","decodeDisclosure","encoded","utf8String","Base64","decode","decoded","Disclosure","parse","JSON","token","customSchema","slice","rawSdJwt","rawDisclosures","split","decodedJwt","decodeJwt","parser","SdJwt4VC","sdJwt","header","protectedHeader","payload","disclosures","map","disclose","claims","paths","Promise","all","claim","disclosure","find","_ref","name","ClaimsNotFoundBetweenDisclosures","hash","sha256ToBase64","_sd","includes","index","indexOf","path","ClaimsNotFoundInToken","filteredDisclosures","filter","d","disclosedToken","join","verify","publicKey","verifyJwt","verifyDisclosure"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":";;;;;;;;;;;;;AAEA,IAAAA,iBAAA,GAAAC,OAAA;AAGA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,SAAA,GAAAF,OAAA;AAEA,IAAAG,MAAA,GAAAC,uBAAA,CAAAJ,OAAA;AAAmCK,OAAA,CAAAF,MAAA,GAAAA,MAAA;AACnC,IAAAG,OAAA,GAAAN,OAAA;AAAmC,SAAAO,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEnC,MAAMW,gBAAgB,GAAIC,OAAe,IAA4B;EACnE,MAAMC,UAAU,GAAGC,cAAM,CAACC,MAAM,CAACH,OAAO,CAAC,CAAC,CAAC;EAC3C,MAAMI,OAAO,GAAGC,iBAAU,CAACC,KAAK,CAACC,IAAI,CAACD,KAAK,CAACL,UAAU,CAAC,CAAC;EACxD,OAAO;IAAEG,OAAO;IAAEJ;EAAQ,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,MAAM,GAAGA,CACpBK,KAAa,EACbC,YAAgB,KAIb;EACH;EACA,IAAID,KAAK,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE;IAC3BF,KAAK,GAAGA,KAAK,CAACE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;EAC5B;EACA,MAAM,CAACC,QAAQ,GAAG,EAAE,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;;EAE3D;EACA;EACA,MAAMC,UAAU,GAAG,IAAAC,wBAAS,EAACJ,QAAQ,CAAC;;EAEtC;EACA,MAAMK,MAAM,GAAGP,YAAY,IAAIQ,eAAQ;EAEvC,MAAMC,KAAK,GAAGF,MAAM,CAACV,KAAK,CAAC;IACzBa,MAAM,EAAEL,UAAU,CAACM,eAAe;IAClCC,OAAO,EAAEP,UAAU,CAACO;EACtB,CAAC,CAAC;;EAEF;EACA;EACA;EACA,MAAMC,WAAW,GAAGV,cAAc,CAACW,GAAG,CAACxB,gBAAgB,CAAC;EAExD,OAAO;IAAEmB,KAAK;IAAEI;EAAY,CAAC;AAC/B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAZA/C,OAAA,CAAA4B,MAAA,GAAAA,MAAA;AAaO,MAAMqB,QAAQ,GAAG,MAAAA,CACtBhB,KAAa,EACbiB,MAAgB,KACyD;EACzE,MAAM,CAACd,QAAQ,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACtD,MAAM;IAAEK,KAAK;IAAEI;EAAY,CAAC,GAAGnB,MAAM,CAACK,KAAK,EAAES,eAAQ,CAAC;;EAEtD;EACA,MAAMS,KAAK,GAAG,MAAMC,OAAO,CAACC,GAAG,CAC7BH,MAAM,CAACF,GAAG,CAAC,MAAOM,KAAK,IAAK;IAC1B,MAAMC,UAAU,GAAGR,WAAW,CAACS,IAAI,CACjCC,IAAA;MAAA,IAAC;QAAE5B,OAAO,EAAE,GAAG6B,IAAI;MAAE,CAAC,GAAAD,IAAA;MAAA,OAAKC,IAAI,KAAKJ,KAAK;IAAA,CAC3C,CAAC;;IAED;IACA,IAAI,CAACC,UAAU,EAAE;MACf,MAAM,IAAIzD,MAAM,CAAC6D,gCAAgC,CAACL,KAAK,CAAC;IAC1D;IAEA,MAAMM,IAAI,GAAG,MAAM,IAAAC,gCAAc,EAACN,UAAU,CAAC9B,OAAO,CAAC;;IAErD;IACA;IACA,IAAIkB,KAAK,CAACG,OAAO,CAACgB,GAAG,CAACC,QAAQ,CAACH,IAAI,CAAC,EAAE;MACpC,MAAMI,KAAK,GAAGrB,KAAK,CAACG,OAAO,CAACgB,GAAG,CAACG,OAAO,CAACL,IAAI,CAAC;MAC7C,OAAO;QAAEN,KAAK;QAAEY,IAAI,EAAG,8BAA6BF,KAAM;MAAG,CAAC;IAChE;IAEA,MAAM,IAAIlE,MAAM,CAACqE,qBAAqB,CAACb,KAAK,CAAC;EAC/C,CAAC,CACH,CAAC;EAED,MAAMc,mBAAmB,GAAG/B,cAAc,CAACgC,MAAM,CAAEC,CAAC,IAAK;IACvD,MAAM;MACJzC,OAAO,EAAE,GAAG6B,IAAI;IAClB,CAAC,GAAGlC,gBAAgB,CAAC8C,CAAC,CAAC;IACvB,OAAOpB,MAAM,CAACa,QAAQ,CAACL,IAAI,CAAC;EAC9B,CAAC,CAAC;;EAEF;EACA,MAAMa,cAAc,GAAG,CAACnC,QAAQ,EAAE,GAAGgC,mBAAmB,CAAC,CAACI,IAAI,CAAC,GAAG,CAAC;EAEnE,OAAO;IAAEvC,KAAK,EAAEsC,cAAc;IAAEpB;EAAM,CAAC;AACzC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAfAnD,OAAA,CAAAiD,QAAA,GAAAA,QAAA;AAgBO,MAAMwB,MAAM,GAAG,MAAAA,CACpBxC,KAAa,EACbyC,SAAsB,EACtBxC,YAAgB,KAC8C;EAC9D;EACA,MAAM,CAACE,QAAQ,GAAG,EAAE,CAAC,GAAGH,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACxC,MAAMT,OAAO,GAAGD,MAAM,CAACK,KAAK,EAAEC,YAAY,CAAC;;EAE3C;EACA,MAAM,IAAAyC,wBAAS,EAACvC,QAAQ,EAAEsC,SAAS,CAAC;;EAEpC;EACA,MAAMxB,MAAM,GAAG,CAAC,GAAGrB,OAAO,CAACc,KAAK,CAACG,OAAO,CAACgB,GAAG,CAAC;EAE7C,MAAMV,OAAO,CAACC,GAAG,CACfxB,OAAO,CAACkB,WAAW,CAACC,GAAG,CACrB,MAAOO,UAAU,IAAK,MAAM,IAAAqB,0BAAgB,EAACrB,UAAU,EAAEL,MAAM,CACjE,CACF,CAAC;EAED,OAAO;IACLP,KAAK,EAAEd,OAAO,CAACc,KAAK;IACpBI,WAAW,EAAElB,OAAO,CAACkB,WAAW,CAACC,GAAG,CAAEsB,CAAC,IAAKA,CAAC,CAACzC,OAAO;EACvD,CAAC;AACH,CAAC;AAAC7B,OAAA,CAAAyE,MAAA,GAAAA,MAAA"}
+{"version":3,"names":["_ioReactNativeJwt","require","_types","_verifier","Errors","_interopRequireWildcard","exports","_jsBase","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","decodeDisclosure","encoded","utf8String","Base64","decode","decoded","Disclosure","parse","JSON","token","customSchema","slice","rawSdJwt","rawDisclosures","split","decodedJwt","decodeJwt","parser","SdJwt4VC","sdJwt","header","protectedHeader","payload","disclosures","map","disclose","claims","paths","Promise","all","claim","disclosure","find","_ref","name","ClaimsNotFoundBetweenDisclosures","hash","sha256ToBase64","_sd","includes","index","indexOf","path","ClaimsNotFoundInToken","filteredDisclosures","filter","d","disclosedToken","join","verify","publicKey","verifyJwt","verifyDisclosure","prepareVpToken","nonce","client_id","_ref2","verifiableCredential","requestedClaims","cryptoContext","vp","sd_hash","kbJwt","SignJWT","setProtectedHeader","typ","alg","setPayload","setAudience","setIssuedAt","sign","vp_token"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":";;;;;;;;;;;;;AAEA,IAAAA,iBAAA,GAAAC,OAAA;AAGA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,SAAA,GAAAF,OAAA;AAEA,IAAAG,MAAA,GAAAC,uBAAA,CAAAJ,OAAA;AAAmCK,OAAA,CAAAF,MAAA,GAAAA,MAAA;AACnC,IAAAG,OAAA,GAAAN,OAAA;AAAmC,SAAAO,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAGnC,MAAMW,gBAAgB,GAAIC,OAAe,IAA4B;EACnE,MAAMC,UAAU,GAAGC,cAAM,CAACC,MAAM,CAACH,OAAO,CAAC,CAAC,CAAC;EAC3C,MAAMI,OAAO,GAAGC,iBAAU,CAACC,KAAK,CAACC,IAAI,CAACD,KAAK,CAACL,UAAU,CAAC,CAAC;EACxD,OAAO;IAAEG,OAAO;IAAEJ;EAAQ,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,MAAM,GAAGA,CACpBK,KAAa,EACbC,YAAgB,KAIb;EACH;EACA,IAAID,KAAK,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE;IAC3BF,KAAK,GAAGA,KAAK,CAACE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;EAC5B;EACA,MAAM,CAACC,QAAQ,GAAG,EAAE,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;;EAE3D;EACA;EACA,MAAMC,UAAU,GAAG,IAAAC,wBAAS,EAACJ,QAAQ,CAAC;;EAEtC;EACA,MAAMK,MAAM,GAAGP,YAAY,IAAIQ,eAAQ;EAEvC,MAAMC,KAAK,GAAGF,MAAM,CAACV,KAAK,CAAC;IACzBa,MAAM,EAAEL,UAAU,CAACM,eAAe;IAClCC,OAAO,EAAEP,UAAU,CAACO;EACtB,CAAC,CAAC;;EAEF;EACA;EACA;EACA,MAAMC,WAAW,GAAGV,cAAc,CAACW,GAAG,CAACxB,gBAAgB,CAAC;EAExD,OAAO;IAAEmB,KAAK;IAAEI;EAAY,CAAC;AAC/B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAZA/C,OAAA,CAAA4B,MAAA,GAAAA,MAAA;AAaO,MAAMqB,QAAQ,GAAG,MAAAA,CACtBhB,KAAa,EACbiB,MAAgB,KACyD;EACzE,MAAM,CAACd,QAAQ,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACtD,MAAM;IAAEK,KAAK;IAAEI;EAAY,CAAC,GAAGnB,MAAM,CAACK,KAAK,EAAES,eAAQ,CAAC;;EAEtD;EACA,MAAMS,KAAK,GAAG,MAAMC,OAAO,CAACC,GAAG,CAC7BH,MAAM,CAACF,GAAG,CAAC,MAAOM,KAAK,IAAK;IAC1B,MAAMC,UAAU,GAAGR,WAAW,CAACS,IAAI,CACjCC,IAAA;MAAA,IAAC;QAAE5B,OAAO,EAAE,GAAG6B,IAAI;MAAE,CAAC,GAAAD,IAAA;MAAA,OAAKC,IAAI,KAAKJ,KAAK;IAAA,CAC3C,CAAC;;IAED;IACA,IAAI,CAACC,UAAU,EAAE;MACf,MAAM,IAAIzD,MAAM,CAAC6D,gCAAgC,CAACL,KAAK,CAAC;IAC1D;IAEA,MAAMM,IAAI,GAAG,MAAM,IAAAC,gCAAc,EAACN,UAAU,CAAC9B,OAAO,CAAC;;IAErD;IACA;IACA,IAAIkB,KAAK,CAACG,OAAO,CAACgB,GAAG,CAACC,QAAQ,CAACH,IAAI,CAAC,EAAE;MACpC,MAAMI,KAAK,GAAGrB,KAAK,CAACG,OAAO,CAACgB,GAAG,CAACG,OAAO,CAACL,IAAI,CAAC;MAC7C,OAAO;QAAEN,KAAK;QAAEY,IAAI,EAAG,8BAA6BF,KAAM;MAAG,CAAC;IAChE;IAEA,MAAM,IAAIlE,MAAM,CAACqE,qBAAqB,CAACb,KAAK,CAAC;EAC/C,CAAC,CACH,CAAC;EAED,MAAMc,mBAAmB,GAAG/B,cAAc,CAACgC,MAAM,CAAEC,CAAC,IAAK;IACvD,MAAM;MACJzC,OAAO,EAAE,GAAG6B,IAAI;IAClB,CAAC,GAAGlC,gBAAgB,CAAC8C,CAAC,CAAC;IACvB,OAAOpB,MAAM,CAACa,QAAQ,CAACL,IAAI,CAAC;EAC9B,CAAC,CAAC;;EAEF;EACA,MAAMa,cAAc,GAAG,CAACnC,QAAQ,EAAE,GAAGgC,mBAAmB,CAAC,CAACI,IAAI,CAAC,GAAG,CAAC;EAEnE,OAAO;IAAEvC,KAAK,EAAEsC,cAAc;IAAEpB;EAAM,CAAC;AACzC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAfAnD,OAAA,CAAAiD,QAAA,GAAAA,QAAA;AAgBO,MAAMwB,MAAM,GAAG,MAAAA,CACpBxC,KAAa,EACbyC,SAAsB,EACtBxC,YAAgB,KAC8C;EAC9D;EACA,MAAM,CAACE,QAAQ,GAAG,EAAE,CAAC,GAAGH,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACxC,MAAMT,OAAO,GAAGD,MAAM,CAACK,KAAK,EAAEC,YAAY,CAAC;;EAE3C;EACA,MAAM,IAAAyC,wBAAS,EAACvC,QAAQ,EAAEsC,SAAS,CAAC;;EAEpC;EACA,MAAMxB,MAAM,GAAG,CAAC,GAAGrB,OAAO,CAACc,KAAK,CAACG,OAAO,CAACgB,GAAG,CAAC;EAE7C,MAAMV,OAAO,CAACC,GAAG,CACfxB,OAAO,CAACkB,WAAW,CAACC,GAAG,CACrB,MAAOO,UAAU,IAAK,MAAM,IAAAqB,0BAAgB,EAACrB,UAAU,EAAEL,MAAM,CACjE,CACF,CAAC;EAED,OAAO;IACLP,KAAK,EAAEd,OAAO,CAACc,KAAK;IACpBI,WAAW,EAAElB,OAAO,CAACkB,WAAW,CAACC,GAAG,CAAEsB,CAAC,IAAKA,CAAC,CAACzC,OAAO;EACvD,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAdA7B,OAAA,CAAAyE,MAAA,GAAAA,MAAA;AAeO,MAAMI,cAAc,GAAG,MAAAA,CAC5BC,KAAa,EACbC,SAAiB,EAAAC,KAAA,KAIb;EAAA,IAHJ,CAACC,oBAAoB,EAAEC,eAAe,EAAEC,aAAa,CAAe,GAAAH,KAAA;EAIpE;EACA,MAAM;IAAE/C,KAAK,EAAEmD;EAAG,CAAC,GAAG,MAAMnC,QAAQ,CAACgC,oBAAoB,EAAEC,eAAe,CAAC;;EAE3E;EACA,MAAMG,OAAO,GAAG,MAAM,IAAAxB,gCAAc,EAAE,GAAEuB,EAAG,GAAE,CAAC;EAE9C,MAAME,KAAK,GAAG,MAAM,IAAIC,yBAAO,CAACJ,aAAa,CAAC,CAC3CK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,QAAQ;IACbC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVN,OAAO;IACPP,KAAK,EAAEA;EACT,CAAC,CAAC,CACDc,WAAW,CAACb,SAAS,CAAC,CACtBc,WAAW,CAAC,CAAC,CACbC,IAAI,CAAC,CAAC;;EAET;EACA,MAAMC,QAAQ,GAAG,CAACX,EAAE,EAAEE,KAAK,CAAC,CAACd,IAAI,CAAC,GAAG,CAAC;EAEtC,OAAO;IAAEuB;EAAS,CAAC;AACrB,CAAC;AAAC/F,OAAA,CAAA6E,cAAA,GAAAA,cAAA"}

package/lib/commonjs/trust/chain.js

@@ -5,40 +5,13 @@ Object.defineProperty(exports, "__esModule", {
 });
 exports.renewTrustChain = renewTrustChain;
 exports.validateTrustChain = validateTrustChain;
-var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
 var _types = require("./types");
 var _errors = require("../utils/errors");
 var z = _interopRequireWildcard(require("zod"));
 var _ = require(".");
+var _utils = require("./utils");
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
-// Verify a token signature
-// The kid is extracted from the token header
-const verify = async (token, kid, jwks) => {
-  const jwk = jwks.find(k => k.kid === kid);
-  if (!jwk) {
-    throw new Error(`Invalid kid: ${kid}, token: ${token}`);
-  }
-  const {
-    protectedHeader: header,
-    payload
-  } = await (0, _ioReactNativeJwt.verify)(token, jwk);
-  return {
-    header,
-    payload
-  };
-};
-const decode = token => {
-  const {
-    protectedHeader: header,
-    payload
-  } = (0, _ioReactNativeJwt.decode)(token);
-  return {
-    header,
-    payload
-  };
-};
-
 // The first element of the chain is supposed to be the Entity Configuration for the document issuer
 const FirstElementShape = _types.EntityConfiguration;
 // Each element but the first is supposed to be an Entity Statement
@@ -51,7 +24,7 @@ const LastElementShape = z.union([_types.EntityStatement, _types.TrustAnchorEnti
  * Validates a provided trust chain against a known trust
  *
  * @param trustAnchorEntity The entity configuration of the known trust anchor
- * @param chain The chain of statements to be validate
+ * @param chain The chain of statements to be validated
  * @returns The list of parsed token representing the chain
  * @throws {IoWalletError} If the chain is not valid
  */
@@ -71,11 +44,11 @@ async function validateTrustChain(trustAnchorEntity, chain) {
       throw new _errors.IoWalletError(`Cannot select kid: empty token`);
     }
     const shape = selectTokenShape(currentIndex);
-    return shape.parse(decode(token)).header.kid;
+    return shape.parse((0, _utils.decode)(token)).header.kid;
   };
 
   // select keys from the next token
-  // if the current token is the last, keys fro  trust anchor will be used
+  // if the current token is the last, keys from trust anchor will be used
   const selectKeys = currentIndex => {
     if (currentIndex === chain.length - 1) {
       return trustAnchorEntity.payload.jwks.keys;
@@ -86,12 +59,12 @@ async function validateTrustChain(trustAnchorEntity, chain) {
       throw new _errors.IoWalletError(`Cannot select keys: empty nextToken`);
     }
     const shape = selectTokenShape(nextIndex);
-    return shape.parse(decode(nextToken)).payload.jwks.keys;
+    return shape.parse((0, _utils.decode)(nextToken)).payload.jwks.keys;
   };
 
   // Iterate the chain and validate each element's signature against the public keys of its next
-  // If there is no next, hence it's the end of the chain and it must be verified by the Trust Anchor
-  return Promise.all(chain.map((token, i) => [token, selectKid(i), selectKeys(i)]).map(args => verify(...args)));
+  // If there is no next, hence it's the end of the chain, and it must be verified by the Trust Anchor
+  return Promise.all(chain.map((token, i) => [token, selectKid(i), selectKeys(i)]).map(args => (0, _utils.verify)(...args)));
 }
 
 /**
@@ -99,24 +72,36 @@ async function validateTrustChain(trustAnchorEntity, chain) {
  *
  * @param chain The original chain
  * @param appFetch (optional) fetch api implementation
- * @returns A list of signed token that reprensent the trust chain, in the same order of the provided chain
- * @throws When an element of the chain fails to parse
+ * @returns A list of signed token that represent the trust chain, in the same order of the provided chain
+ * @throws IoWalletError When an element of the chain fails to parse
  */
-function renewTrustChain(chain) {
+async function renewTrustChain(chain) {
   let appFetch = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : fetch;
-  return Promise.all(chain
-  // Decode each item to determine its shape
-  .map(decode).map(e => [_types.EntityStatement.safeParse(e), _types.EntityConfiguration.safeParse(e)])
-  // fetch the element according to its shape
-  .map((_ref, i) => {
-    let [es, ec] = _ref;
-    return ec.success ? (0, _.getSignedEntityConfiguration)(ec.data.payload.iss, {
-      appFetch
-    }) : es.success ? (0, _.getSignedEntityStatement)(es.data.payload.iss, es.data.payload.sub, {
-      appFetch
-    }) :
-    // if the element fail to parse in both EntityStatement and EntityConfiguration, raise an error
-    Promise.reject(new _errors.IoWalletError(`Cannot renew trust chain because the element #${i} failed to be parsed.`));
+  return Promise.all(chain.map(async (token, index) => {
+    const decoded = (0, _utils.decode)(token);
+    const entityStatementResult = _types.EntityStatement.safeParse(decoded);
+    const entityConfigurationResult = _types.EntityConfiguration.safeParse(decoded);
+    if (entityConfigurationResult.success) {
+      return (0, _.getSignedEntityConfiguration)(entityConfigurationResult.data.payload.iss, {
+        appFetch
+      });
+    }
+    if (entityStatementResult.success) {
+      const entityStatement = entityStatementResult.data;
+      const parentBaseUrl = entityStatement.payload.iss;
+      const parentECJwt = await (0, _.getSignedEntityConfiguration)(parentBaseUrl, {
+        appFetch
+      });
+      const parentEC = _types.EntityConfiguration.parse((0, _utils.decode)(parentECJwt));
+      const federationFetchEndpoint = parentEC.payload.metadata.federation_entity.federation_fetch_endpoint;
+      if (!federationFetchEndpoint) {
+        throw new _errors.IoWalletError(`Parent EC at ${parentBaseUrl} is missing federation_fetch_endpoint`);
+      }
+      return (0, _.getSignedEntityStatement)(federationFetchEndpoint, entityStatement.payload.sub, {
+        appFetch
+      });
+    }
+    throw new _errors.IoWalletError(`Cannot renew trust chain because element #${index} failed to parse.`);
   }));
 }
 //# sourceMappingURL=chain.js.map

package/lib/commonjs/trust/chain.js.map

@@ -1 +1 @@
-{"version":3,"names":["_ioReactNativeJwt","require","_types","_errors","z","_interopRequireWildcard","_","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","verify","token","kid","jwks","jwk","find","k","Error","protectedHeader","header","payload","verifyJwt","decode","decodeJwt","FirstElementShape","EntityConfiguration","MiddleElementShape","EntityStatement","LastElementShape","union","TrustAnchorEntityConfiguration","validateTrustChain","trustAnchorEntity","chain","length","IoWalletError","selectTokenShape","elementIndex","selectKid","currentIndex","shape","parse","selectKeys","keys","nextIndex","nextToken","Promise","all","map","i","args","renewTrustChain","appFetch","arguments","undefined","fetch","e","safeParse","_ref","es","ec","success","getSignedEntityConfiguration","data","iss","getSignedEntityStatement","sub","reject"],"sourceRoot":"../../../src","sources":["trust/chain.ts"],"mappings":";;;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAIA,IAAAC,MAAA,GAAAD,OAAA;AAMA,IAAAE,OAAA,GAAAF,OAAA;AACA,IAAAG,CAAA,GAAAC,uBAAA,CAAAJ,OAAA;AAEA,IAAAK,CAAA,GAAAL,OAAA;AAA2E,SAAAM,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAO3E;AACA;AACA,MAAMW,MAAM,GAAG,MAAAA,CACbC,KAAa,EACbC,GAAW,EACXC,IAAW,KACc;EACzB,MAAMC,GAAG,GAAGD,IAAI,CAACE,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,GAAG,KAAKA,GAAG,CAAC;EAC3C,IAAI,CAACE,GAAG,EAAE;IACR,MAAM,IAAIG,KAAK,CAAE,gBAAeL,GAAI,YAAWD,KAAM,EAAC,CAAC;EACzD;EACA,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAM,IAAAC,wBAAS,EAACV,KAAK,EAAEG,GAAG,CAAC;EACxE,OAAO;IAAEK,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;AAED,MAAME,MAAM,GAAIX,KAAa,IAAK;EAChC,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,IAAAG,wBAAS,EAACZ,KAAK,CAAC;EAC7D,OAAO;IAAEQ,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;;AAED;AACA,MAAMI,iBAAiB,GAAGC,0BAAmB;AAC7C;AACA,MAAMC,kBAAkB,GAAGC,sBAAe;AAC1C;AACA;AACA,MAAMC,gBAAgB,GAAG3C,CAAC,CAAC4C,KAAK,CAAC,CAC/BF,sBAAe,EACfG,qCAA8B,CAC/B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeC,kBAAkBA,CACtCC,iBAAiD,EACjDC,KAAe,EACS;EACxB;EACA,IAAIA,KAAK,CAACC,MAAM,KAAK,CAAC,EAAE;IACtB,MAAM,IAAIC,qBAAa,CAAC,iCAAiC,CAAC;EAC5D;;EAEA;EACA,MAAMC,gBAAgB,GAAIC,YAAoB,IAC5CA,YAAY,KAAK,CAAC,GACdb,iBAAiB,GACjBa,YAAY,KAAKJ,KAAK,CAACC,MAAM,GAAG,CAAC,GAC/BN,gBAAgB,GAChBF,kBAAkB;;EAE1B;EACA,MAAMY,SAAS,GAAIC,YAAoB,IAAa;IAClD,MAAM5B,KAAK,GAAGsB,KAAK,CAACM,YAAY,CAAC;IACjC,IAAI,CAAC5B,KAAK,EAAE;MACV,MAAM,IAAIwB,qBAAa,CAAE,gCAA+B,CAAC;IAC3D;IACA,MAAMK,KAAK,GAAGJ,gBAAgB,CAACG,YAAY,CAAC;IAC5C,OAAOC,KAAK,CAACC,KAAK,CAACnB,MAAM,CAACX,KAAK,CAAC,CAAC,CAACQ,MAAM,CAACP,GAAG;EAC9C,CAAC;;EAED;EACA;EACA,MAAM8B,UAAU,GAAIH,YAAoB,IAAY;IAClD,IAAIA,YAAY,KAAKN,KAAK,CAACC,MAAM,GAAG,CAAC,EAAE;MACrC,OAAOF,iBAAiB,CAACZ,OAAO,CAACP,IAAI,CAAC8B,IAAI;IAC5C;IAEA,MAAMC,SAAS,GAAGL,YAAY,GAAG,CAAC;IAClC,MAAMM,SAAS,GAAGZ,KAAK,CAACW,SAAS,CAAC;IAClC,IAAI,CAACC,SAAS,EAAE;MACd,MAAM,IAAIV,qBAAa,CAAE,qCAAoC,CAAC;IAChE;IACA,MAAMK,KAAK,GAAGJ,gBAAgB,CAACQ,SAAS,CAAC;IACzC,OAAOJ,KAAK,CAACC,KAAK,CAACnB,MAAM,CAACuB,SAAS,CAAC,CAAC,CAACzB,OAAO,CAACP,IAAI,CAAC8B,IAAI;EACzD,CAAC;;EAED;EACA;EACA,OAAOG,OAAO,CAACC,GAAG,CAChBd,KAAK,CACFe,GAAG,CAAC,CAACrC,KAAK,EAAEsC,CAAC,KAAK,CAACtC,KAAK,EAAE2B,SAAS,CAACW,CAAC,CAAC,EAAEP,UAAU,CAACO,CAAC,CAAC,CAAU,CAAC,CAChED,GAAG,CAAEE,IAAI,IAAKxC,MAAM,CAAC,GAAGwC,IAAI,CAAC,CAClC,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASC,eAAeA,CAC7BlB,KAAe,EAEf;EAAA,IADAmB,QAA8B,GAAAC,SAAA,CAAAnB,MAAA,QAAAmB,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAGE,KAAK;EAEtC,OAAOT,OAAO,CAACC,GAAG,CAChBd;EACE;EAAA,CACCe,GAAG,CAAC1B,MAAM,CAAC,CACX0B,GAAG,CACDQ,CAAC,IACA,CACE7B,sBAAe,CAAC8B,SAAS,CAACD,CAAC,CAAC,EAC5B/B,0BAAmB,CAACgC,SAAS,CAACD,CAAC,CAAC,CAEtC;EACA;EAAA,CACCR,GAAG,CAAC,CAAAU,IAAA,EAAWT,CAAC;IAAA,IAAX,CAACU,EAAE,EAAEC,EAAE,CAAC,GAAAF,IAAA;IAAA,OACZE,EAAE,CAACC,OAAO,GACN,IAAAC,8BAA4B,EAACF,EAAE,CAACG,IAAI,CAAC3C,OAAO,CAAC4C,GAAG,EAAE;MAAEZ;IAAS,CAAC,CAAC,GAC/DO,EAAE,CAACE,OAAO,GACR,IAAAI,0BAAwB,EACtBN,EAAE,CAACI,IAAI,CAAC3C,OAAO,CAAC4C,GAAG,EACnBL,EAAE,CAACI,IAAI,CAAC3C,OAAO,CAAC8C,GAAG,EACnB;MACEd;IACF,CACF,CAAC;IACD;IACAN,OAAO,CAACqB,MAAM,CACZ,IAAIhC,qBAAa,CACd,iDAAgDc,CAAE,uBACrD,CACF,CAAC;EAAA,CACT,CACJ,CAAC;AACH"}
+{"version":3,"names":["_types","require","_errors","z","_interopRequireWildcard","_","_utils","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","FirstElementShape","EntityConfiguration","MiddleElementShape","EntityStatement","LastElementShape","union","TrustAnchorEntityConfiguration","validateTrustChain","trustAnchorEntity","chain","length","IoWalletError","selectTokenShape","elementIndex","selectKid","currentIndex","token","shape","parse","decode","header","kid","selectKeys","payload","jwks","keys","nextIndex","nextToken","Promise","all","map","i","args","verify","renewTrustChain","appFetch","arguments","undefined","fetch","index","decoded","entityStatementResult","safeParse","entityConfigurationResult","success","getSignedEntityConfiguration","data","iss","entityStatement","parentBaseUrl","parentECJwt","parentEC","federationFetchEndpoint","metadata","federation_entity","federation_fetch_endpoint","getSignedEntityStatement","sub"],"sourceRoot":"../../../src","sources":["trust/chain.ts"],"mappings":";;;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAMA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,CAAA,GAAAC,uBAAA,CAAAH,OAAA;AACA,IAAAI,CAAA,GAAAJ,OAAA;AACA,IAAAK,MAAA,GAAAL,OAAA;AAA2D,SAAAM,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAE3D;AACA,MAAMW,iBAAiB,GAAGC,0BAAmB;AAC7C;AACA,MAAMC,kBAAkB,GAAGC,sBAAe;AAC1C;AACA;AACA,MAAMC,gBAAgB,GAAG9B,CAAC,CAAC+B,KAAK,CAAC,CAC/BF,sBAAe,EACfG,qCAA8B,CAC/B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeC,kBAAkBA,CACtCC,iBAAiD,EACjDC,KAAe,EACS;EACxB;EACA,IAAIA,KAAK,CAACC,MAAM,KAAK,CAAC,EAAE;IACtB,MAAM,IAAIC,qBAAa,CAAC,iCAAiC,CAAC;EAC5D;;EAEA;EACA,MAAMC,gBAAgB,GAAIC,YAAoB,IAC5CA,YAAY,KAAK,CAAC,GACdb,iBAAiB,GACjBa,YAAY,KAAKJ,KAAK,CAACC,MAAM,GAAG,CAAC,GAC/BN,gBAAgB,GAChBF,kBAAkB;;EAE1B;EACA,MAAMY,SAAS,GAAIC,YAAoB,IAAa;IAClD,MAAMC,KAAK,GAAGP,KAAK,CAACM,YAAY,CAAC;IACjC,IAAI,CAACC,KAAK,EAAE;MACV,MAAM,IAAIL,qBAAa,CAAE,gCAA+B,CAAC;IAC3D;IACA,MAAMM,KAAK,GAAGL,gBAAgB,CAACG,YAAY,CAAC;IAC5C,OAAOE,KAAK,CAACC,KAAK,CAAC,IAAAC,aAAM,EAACH,KAAK,CAAC,CAAC,CAACI,MAAM,CAACC,GAAG;EAC9C,CAAC;;EAED;EACA;EACA,MAAMC,UAAU,GAAIP,YAAoB,IAAY;IAClD,IAAIA,YAAY,KAAKN,KAAK,CAACC,MAAM,GAAG,CAAC,EAAE;MACrC,OAAOF,iBAAiB,CAACe,OAAO,CAACC,IAAI,CAACC,IAAI;IAC5C;IAEA,MAAMC,SAAS,GAAGX,YAAY,GAAG,CAAC;IAClC,MAAMY,SAAS,GAAGlB,KAAK,CAACiB,SAAS,CAAC;IAClC,IAAI,CAACC,SAAS,EAAE;MACd,MAAM,IAAIhB,qBAAa,CAAE,qCAAoC,CAAC;IAChE;IACA,MAAMM,KAAK,GAAGL,gBAAgB,CAACc,SAAS,CAAC;IACzC,OAAOT,KAAK,CAACC,KAAK,CAAC,IAAAC,aAAM,EAACQ,SAAS,CAAC,CAAC,CAACJ,OAAO,CAACC,IAAI,CAACC,IAAI;EACzD,CAAC;;EAED;EACA;EACA,OAAOG,OAAO,CAACC,GAAG,CAChBpB,KAAK,CACFqB,GAAG,CAAC,CAACd,KAAK,EAAEe,CAAC,KAAK,CAACf,KAAK,EAAEF,SAAS,CAACiB,CAAC,CAAC,EAAET,UAAU,CAACS,CAAC,CAAC,CAAU,CAAC,CAChED,GAAG,CAAEE,IAAI,IAAK,IAAAC,aAAM,EAAC,GAAGD,IAAI,CAAC,CAClC,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeE,eAAeA,CACnCzB,KAAe,EAEI;EAAA,IADnB0B,QAA8B,GAAAC,SAAA,CAAA1B,MAAA,QAAA0B,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAGE,KAAK;EAEtC,OAAOV,OAAO,CAACC,GAAG,CAChBpB,KAAK,CAACqB,GAAG,CAAC,OAAOd,KAAK,EAAEuB,KAAK,KAAK;IAChC,MAAMC,OAAO,GAAG,IAAArB,aAAM,EAACH,KAAK,CAAC;IAE7B,MAAMyB,qBAAqB,GAAGtC,sBAAe,CAACuC,SAAS,CAACF,OAAO,CAAC;IAChE,MAAMG,yBAAyB,GAAG1C,0BAAmB,CAACyC,SAAS,CAACF,OAAO,CAAC;IAExE,IAAIG,yBAAyB,CAACC,OAAO,EAAE;MACrC,OAAO,IAAAC,8BAA4B,EACjCF,yBAAyB,CAACG,IAAI,CAACvB,OAAO,CAACwB,GAAG,EAC1C;QAAEZ;MAAS,CACb,CAAC;IACH;IACA,IAAIM,qBAAqB,CAACG,OAAO,EAAE;MACjC,MAAMI,eAAe,GAAGP,qBAAqB,CAACK,IAAI;MAElD,MAAMG,aAAa,GAAGD,eAAe,CAACzB,OAAO,CAACwB,GAAG;MACjD,MAAMG,WAAW,GAAG,MAAM,IAAAL,8BAA4B,EAACI,aAAa,EAAE;QACpEd;MACF,CAAC,CAAC;MACF,MAAMgB,QAAQ,GAAGlD,0BAAmB,CAACiB,KAAK,CAAC,IAAAC,aAAM,EAAC+B,WAAW,CAAC,CAAC;MAE/D,MAAME,uBAAuB,GAC3BD,QAAQ,CAAC5B,OAAO,CAAC8B,QAAQ,CAACC,iBAAiB,CAACC,yBAAyB;MACvE,IAAI,CAACH,uBAAuB,EAAE;QAC5B,MAAM,IAAIzC,qBAAa,CACpB,gBAAesC,aAAc,uCAChC,CAAC;MACH;MACA,OAAO,IAAAO,0BAAwB,EAC7BJ,uBAAuB,EACvBJ,eAAe,CAACzB,OAAO,CAACkC,GAAG,EAC3B;QAAEtB;MAAS,CACb,CAAC;IACH;IACA,MAAM,IAAIxB,qBAAa,CACpB,6CAA4C4B,KAAM,mBACrD,CAAC;EACH,CAAC,CACH,CAAC;AACH"}

package/lib/commonjs/trust/index.js

@@ -3,25 +3,29 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
+exports.buildTrustChain = buildTrustChain;
 exports.getEntityConfiguration = exports.getCredentialIssuerEntityConfiguration = void 0;
 exports.getEntityStatement = getEntityStatement;
+exports.getFederationList = getFederationList;
 exports.getRelyingPartyEntityConfiguration = void 0;
 exports.getSignedEntityConfiguration = getSignedEntityConfiguration;
 exports.getSignedEntityStatement = getSignedEntityStatement;
 exports.getWalletProviderEntityConfiguration = exports.getTrustAnchorEntityConfiguration = void 0;
 exports.verifyTrustChain = verifyTrustChain;
+var _utils = require("./utils");
 var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
 var _types = require("./types");
 var _chain = require("./chain");
 var _misc = require("../utils/misc");
+var _errors = require("../utils/errors");
 /**
  * Verify a given trust chain is actually valid.
  * It can handle fast chain renewal, which means we try to fetch a fresh version of each statement.
  *
  * @param trustAnchorEntity The entity configuration of the known trust anchor
- * @param chain The chain of statements to be validate
- * @param options.renewOnFail Whether to renew the provided chain if the validation fails at first. Default: true
- * @param options.appFetch Fetch api implementation. Default: the built-in implementation
+ * @param chain The chain of statements to be validated
+ * @param renewOnFail Whether to renew the provided chain if the validation fails at first. Default: true
+ * @param appFetch Fetch api implementation. Default: the built-in implementation
  * @returns The result of the chain validation
  * @throws {IoWalletError} When either validation or renewal fail
  */
@@ -46,7 +50,7 @@ async function verifyTrustChain(trustAnchorEntity, chain) {
  * Fetch the signed entity configuration token for an entity
  *
  * @param entityBaseUrl The url of the entity to fetch
- * @param param.appFetch (optional) fetch api implemention
+ * @param appFetch (optional) fetch api implementation
  * @returns The signed Entity Configuration token
  */
 async function getSignedEntityConfiguration(entityBaseUrl) {
@@ -71,6 +75,7 @@ async function getSignedEntityConfiguration(entityBaseUrl) {
  *
  * @param entityBaseUrl The base url of the entity.
  * @param schema The expected schema of the entity configuration, according to the kind of entity we are fetching from.
+ * @param options An optional object with additional options.
  * @param options.appFetch An optional instance of the http client to be used.
  * @returns The parsed entity configuration object
  * @throws {IoWalletError} If the http request fails
@@ -103,9 +108,9 @@ const getEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityCo
 /**
  * Fetch and parse the entity statement document for a given federation entity.
  *
- * @param accreditationBodyBaseUrl The base url of the accreditaion body which holds and signs the required entity statement
+ * @param accreditationBodyBaseUrl The base url of the accreditation body which holds and signs the required entity statement
  * @param subordinatedEntityBaseUrl The url that identifies the subordinate entity
- * @param options.appFetch An optional instance of the http client to be used.
+ * @param appFetch An optional instance of the http client to be used.
  * @returns The parsed entity configuration object
  * @throws {IoWalletError} If the http request fails
  * @throws Parse error if the document is not in the expected shape.
@@ -128,21 +133,139 @@ async function getEntityStatement(accreditationBodyBaseUrl, subordinatedEntityBa
 /**
  * Fetch the entity statement document for a given federation entity.
  *
- * @param accreditationBodyBaseUrl The base url of the accreditaion body which holds and signs the required entity statement
- * @param subordinatedEntityBaseUrl The url that identifies the subordinate entity
- * @param options.appFetch An optional instance of the http client to be used.
- * @returns The signed entity statement token
- * @throws {IoWalletError} If the http request fails
+ * @param federationFetchEndpoint The exact endpoint provided by the parent EC's metadata.
+ * @param subordinatedEntityBaseUrl The url that identifies the subordinate entity.
+ * @param appFetch An optional instance of the http client to be used.
+ * @returns The signed entity statement token.
+ * @throws {IoWalletError} If the http request fails.
  */
-async function getSignedEntityStatement(accreditationBodyBaseUrl, subordinatedEntityBaseUrl) {
+async function getSignedEntityStatement(federationFetchEndpoint, subordinatedEntityBaseUrl) {
   let {
     appFetch = fetch
   } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
-  const url = `${accreditationBodyBaseUrl}/fetch?${new URLSearchParams({
-    sub: subordinatedEntityBaseUrl
-  })}`;
-  return await appFetch(url, {
+  const url = new URL(federationFetchEndpoint);
+  url.searchParams.set("sub", subordinatedEntityBaseUrl);
+  return await appFetch(url.toString(), {
     method: "GET"
   }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.text());
 }
+
+/**
+ * Fetch the federation list document from a given endpoint.
+ *
+ * @param federationListEndpoint The URL of the federation list endpoint.
+ * @param appFetch An optional instance of the http client to be used.
+ * @returns The federation list as an array of strings.
+ * @throws {IoWalletError} If the HTTP request fails or the response cannot be parsed.
+ */
+async function getFederationList(federationListEndpoint) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  return await appFetch(federationListEndpoint, {
+    method: "GET"
+  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.json()).then(json => {
+    const result = _types.FederationListResponse.safeParse(json);
+    if (!result.success) {
+      throw new _errors.IoWalletError(`Invalid federation list format received from Trust Anchor: ${result.error.message}`);
+    }
+    return result.data;
+  });
+}
+
+/**
+ * Build a not-verified trust chain for a given Relying Party (RP) entity.
+ *
+ * @param relyingPartyEntityBaseUrl The base URL of the RP entity
+ * @param trustAnchorKey The public key of the Trust Anchor (TA) entity
+ * @param appFetch An optional instance of the http client to be used.
+ * @returns A list of signed tokens that represent the trust chain, in the order of the chain (from the RP to the Trust Anchor)
+ * @throws {IoWalletError} When an element of the chain fails to parse
+ * The result of this function can be used to validate the trust chain with {@link verifyTrustChain}
+ */
+async function buildTrustChain(relyingPartyEntityBaseUrl, trustAnchorKey) {
+  let appFetch = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : fetch;
+  // 1: Recursively gather the trust chain from the RP up to the Trust Anchor
+  const trustChain = await gatherTrustChain(relyingPartyEntityBaseUrl, appFetch);
+
+  // 2: Trust Anchor signature verification
+  const trustAnchorJwt = trustChain[trustChain.length - 1];
+  if (!trustAnchorJwt) {
+    throw new _errors.IoWalletError("Cannot verify trust anchor: missing entity configuration.");
+  }
+  if (!trustAnchorKey.kid) {
+    throw new _errors.IoWalletError("Missing 'kid' in provided Trust Anchor key.");
+  }
+  await (0, _utils.verify)(trustAnchorJwt, trustAnchorKey.kid, [trustAnchorKey]);
+
+  // 3: Check the federation list
+  const trustAnchorConfig = _types.EntityConfiguration.parse((0, _utils.decode)(trustAnchorJwt));
+  const federationListEndpoint = trustAnchorConfig.payload.metadata.federation_entity.federation_list_endpoint;
+  if (federationListEndpoint) {
+    const federationList = await getFederationList(federationListEndpoint, {
+      appFetch
+    });
+    if (!federationList.includes(relyingPartyEntityBaseUrl)) {
+      throw new _errors.IoWalletError("Relying Party entity base URL is not authorized by the Trust Anchor's federation list.");
+    }
+  }
+  return trustChain;
+}
+
+/**
+ * Recursively gather the trust chain for an entity and all its superiors.
+ * @param entityBaseUrl The base URL of the entity for which to gather the chain.
+ * @param appFetch An optional instance of the http client to be used.
+ * @param isLeaf Whether the current entity is the leaf of the chain.
+ * @returns A full ordered list of JWTs (ECs and ESs) forming the trust chain.
+ */
+async function gatherTrustChain(entityBaseUrl, appFetch) {
+  let isLeaf = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : true;
+  const chain = [];
+
+  // Fetch self-signed EC (only needed for the leaf)
+  const entityECJwt = await getSignedEntityConfiguration(entityBaseUrl, {
+    appFetch
+  });
+  const entityEC = _types.EntityConfiguration.parse((0, _utils.decode)(entityECJwt));
+  if (isLeaf) {
+    // Only push EC for the leaf
+    chain.push(entityECJwt);
+  }
+
+  // Find authority_hints (parent, if any)
+  const authorityHints = entityEC.payload.authority_hints ?? [];
+  if (authorityHints.length === 0) {
+    // This is the Trust Anchor (no parent)
+    if (!isLeaf) {
+      chain.push(entityECJwt);
+    }
+    return chain;
+  }
+  const parentEntityBaseUrl = authorityHints[0];
+
+  // Fetch parent EC
+  const parentECJwt = await getSignedEntityConfiguration(parentEntityBaseUrl, {
+    appFetch
+  });
+  const parentEC = _types.EntityConfiguration.parse((0, _utils.decode)(parentECJwt));
+
+  // Fetch ES
+  const federationFetchEndpoint = parentEC.payload.metadata.federation_entity.federation_fetch_endpoint;
+  if (!federationFetchEndpoint) {
+    throw new _errors.IoWalletError("Missing federation_fetch_endpoint in parent's configuration.");
+  }
+  const entityStatementJwt = await getSignedEntityStatement(federationFetchEndpoint, entityBaseUrl, {
+    appFetch
+  });
+  // Validate the ES
+  _types.EntityStatement.parse((0, _utils.decode)(entityStatementJwt));
+
+  // Push this ES into the chain
+  chain.push(entityStatementJwt);
+
+  // Recurse into the parent
+  const parentChain = await gatherTrustChain(parentEntityBaseUrl, appFetch, false);
+  return chain.concat(parentChain);
+}
 //# sourceMappingURL=index.js.map