npm - @pagopa/io-react-native-wallet - Versions diffs - 0.28.0 → 0.28.1 - Mend

@pagopa/io-react-native-wallet 0.28.0 → 0.28.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (132) hide show

package/src/utils/misc.ts CHANGED Viewed

@@ -37,8 +37,8 @@ export const parseRawHttpResponse = <T extends Record<string, unknown>>(
 export type Out<FN> = FN extends (...args: any[]) => Promise<any>
   ? Awaited<ReturnType<FN>>
   : FN extends (...args: any[]) => any
-  ? ReturnType<FN>
-  : never;
+    ? ReturnType<FN>
+    : never;
 /**
  * TODO [SIW-1310]: replace this function with a cryptographically secure one.

package/lib/commonjs/credential/presentation/04-send-authorization-response.js DELETED Viewed

@@ -1,138 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.sendAuthorizationResponse = exports.AuthorizationResponse = void 0;
-var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
-var _uuid = require("uuid");
-var WalletInstanceAttestation = _interopRequireWildcard(require("../../wallet-instance-attestation"));
-var _errors = require("./errors");
-var _misc = require("../../utils/misc");
-var _sdJwt = require("../../sd-jwt");
-var z = _interopRequireWildcard(require("zod"));
-function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
-function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
-const AuthorizationResponse = z.object({
-  status: z.string(),
-  response_code: z.string() /**
-                            FIXME: [SIW-627] we expect this value from every RP implementation
-                            Actually some RP does not return the value
-                            We make it optional to not break the flow.
-                            */.optional()
-});
-/**
- * Choose an RSA public key from those offered by the RP for encryption.
- *
- * @param entity The RP entity configuration
- * @returns A suitable public key with its compatible encryption algorithm
- * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
- */
-exports.AuthorizationResponse = AuthorizationResponse;
-const chooseRSAPublicKeyToEncrypt = entity => {
-  const [usingRsa256] = entity.wallet_relying_party.jwks.keys.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
-  if (usingRsa256) {
-    return usingRsa256;
-  }
-  // No suitable key has been found
-  throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
-};
-/**
- * Generate a Verified Presentation token for a received request object within the context of an authorization request flow.
- * The presentation is created by revealing data from the provided credentials based on the requested claims.
- * Each Verified Credential is accompanied by the claims that the user consents to disclose from it.
- *
- * @todo: Allow for handling more than one Verified Credential.
- */
-const prepareVpToken = async (requestObject, walletInstanceAttestation, _ref) => {
-  let [vc, claims, cryptoCtx] = _ref;
-  // this throws if vc cannot satisfy all the requested claims
-  const {
-    token: vp,
-    paths
-  } = await (0, _sdJwt.disclose)(vc, claims);
-  // obtain issuer from Wallet Instance
-  const {
-    payload: {
-      iss
-    }
-  } = WalletInstanceAttestation.decode(walletInstanceAttestation);
-  const pidKid = await cryptoCtx.getPublicKey().then(_ => _.kid);
-  // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
-  const vp_token = await new _ioReactNativeJwt.SignJWT(cryptoCtx).setProtectedHeader({
-    typ: "JWT",
-    kid: pidKid
-  }).setPayload({
-    vp: vp,
-    jti: `${(0, _uuid.v4)()}`,
-    iss,
-    nonce: requestObject.nonce
-  }).setAudience(requestObject.response_uri).setIssuedAt().setExpirationTime("1h").sign();
-  const vc_scope = requestObject.scope;
-  const presentation_submission = {
-    definition_id: `${(0, _uuid.v4)()}`,
-    id: `${(0, _uuid.v4)()}`,
-    descriptor_map: paths.map(p => ({
-      id: vc_scope,
-      path: `$.vp_token.${p.path}`,
-      format: "vc+sd-jwt"
-    }))
-  };
-  return {
-    vp_token,
-    presentation_submission
-  };
-};
-/**
- * Complete the presentation flow by sending the authorization response to the Relying Party
- *
- * @param requestObject The Request Object that describes the presentation
- * @param rpConf The Relying Party's configuration
- * @param presentation The presentation tuple consisting in the signed credential,
- * the list of claims to be disclosed, and the context to access the key that proves the holder binding
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The result of the presentation flow
- */
-const sendAuthorizationResponse = async (requestObject, rpConf, presentation, _ref2) => {
-  let {
-    appFetch = fetch,
-    walletInstanceAttestation
-  } = _ref2;
-  // the request is an unsigned jws without iss, aud, exp
-  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
-  const rsaPublicJwk = chooseRSAPublicKeyToEncrypt(rpConf);
-  const {
-    vp_token,
-    presentation_submission
-  } = await prepareVpToken(requestObject, walletInstanceAttestation, presentation);
-  const authzResponsePayload = JSON.stringify({
-    state: requestObject.state,
-    presentation_submission,
-    nonce: requestObject.nonce,
-    vp_token
-  });
-  const encrypted = await new _ioReactNativeJwt.EncryptJwe(authzResponsePayload, {
-    alg: "RSA-OAEP-256",
-    enc: "A256CBC-HS512",
-    kid: rsaPublicJwk.kid
-  }).encrypt(rsaPublicJwk);
-  const formBody = new URLSearchParams({
-    response: encrypted
-  });
-  const body = formBody.toString();
-  return appFetch(requestObject.response_uri, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded"
-    },
-    body
-  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.json()).then(AuthorizationResponse.parse);
-};
-exports.sendAuthorizationResponse = sendAuthorizationResponse;
-//# sourceMappingURL=04-send-authorization-response.js.map

package/lib/commonjs/credential/presentation/04-send-authorization-response.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["_ioReactNativeJwt","require","_uuid","WalletInstanceAttestation","_interopRequireWildcard","_errors","_misc","_sdJwt","z","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","AuthorizationResponse","object","status","string","response_code","optional","exports","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","wallet_relying_party","jwks","keys","filter","jwk","use","kty","NoSuitableKeysFoundInEntityConfiguration","prepareVpToken","requestObject","walletInstanceAttestation","_ref","vc","claims","cryptoCtx","token","vp","paths","disclose","payload","iss","decode","pidKid","getPublicKey","then","_","kid","vp_token","SignJWT","setProtectedHeader","typ","setPayload","jti","uuidv4","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","rpConf","presentation","_ref2","appFetch","fetch","rsaPublicJwk","authzResponsePayload","JSON","stringify","state","encrypted","EncryptJwe","alg","enc","encrypt","formBody","URLSearchParams","response","body","toString","method","headers","hasStatusOrThrow","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-send-authorization-response.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,yBAAA,GAAAC,uBAAA,CAAAH,OAAA;AAEA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AAEA,IAAAM,MAAA,GAAAN,OAAA;AAGA,IAAAO,CAAA,GAAAJ,uBAAA,CAAAH,OAAA;AAAyB,SAAAQ,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAN,wBAAAU,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAGlB,MAAMW,qBAAqB,GAAGvB,CAAC,CAACwB,MAAM,CAAC;EAC5CC,MAAM,EAAEzB,CAAC,CAAC0B,MAAM,CAAC,CAAC;EAClBC,aAAa,EAAE3B,CAAC,CACb0B,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTE,QAAQ,CAAC;AACd,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AANAC,OAAA,CAAAN,qBAAA,GAAAA,qBAAA;AAOA,MAAMO,2BAA2B,GAC/BC,MAAgD,IACxC;EACR,MAAM,CAACC,WAAW,CAAC,GAAGD,MAAM,CAACE,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACC,MAAM,CAC/DC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAED,IAAIP,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAIQ,gDAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,cAAc,GAAG,MAAAA,CACrBC,aAAqD,EACrDC,yBAAiC,EAAAC,IAAA,KAK7B;EAAA,IAJJ,CAACC,EAAE,EAAEC,MAAM,EAAEC,SAAS,CAAe,GAAAH,IAAA;EAKrC;EACA,MAAM;IAAEI,KAAK,EAAEC,EAAE;IAAEC;EAAM,CAAC,GAAG,MAAM,IAAAC,eAAQ,EAACN,EAAE,EAAEC,MAAM,CAAC;;EAEvD;EACA,MAAM;IACJM,OAAO,EAAE;MAAEC;IAAI;EACjB,CAAC,GAAG1D,yBAAyB,CAAC2D,MAAM,CAACX,yBAAyB,CAAC;EAE/D,MAAMY,MAAM,GAAG,MAAMR,SAAS,CAACS,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;;EAEhE;EACA,MAAMC,QAAQ,GAAG,MAAM,IAAIC,yBAAO,CAACd,SAAS,CAAC,CAC1Ce,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVJ,GAAG,EAAEJ;EACP,CAAC,CAAC,CACDS,UAAU,CAAC;IACVf,EAAE,EAAEA,EAAE;IACNgB,GAAG,EAAG,GAAE,IAAAC,QAAM,EAAC,CAAE,EAAC;IAClBb,GAAG;IACHc,KAAK,EAAEzB,aAAa,CAACyB;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC1B,aAAa,CAAC2B,YAAY,CAAC,CACvCC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,QAAQ,GAAG/B,aAAa,CAACgC,KAAK;EACpC,MAAMC,uBAAuB,GAAG;IAC9BC,aAAa,EAAG,GAAE,IAAAV,QAAM,EAAC,CAAE,EAAC;IAC5BW,EAAE,EAAG,GAAE,IAAAX,QAAM,EAAC,CAAE,EAAC;IACjBY,cAAc,EAAE5B,KAAK,CAAC6B,GAAG,CAAEC,CAAC,KAAM;MAChCH,EAAE,EAAEJ,QAAQ;MACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;MAC5BC,MAAM,EAAE;IACV,CAAC,CAAC;EACJ,CAAC;EAED,OAAO;IAAEtB,QAAQ;IAAEe;EAAwB,CAAC;AAC9C,CAAC;AAYD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMQ,yBAAoD,GAAG,MAAAA,CAClEzC,aAAa,EACb0C,MAAM,EACNC,YAAY,EAAAC,KAAA,KAEuB;EAAA,IADnC;IAAEC,QAAQ,GAAGC,KAAK;IAAE7C;EAA0B,CAAC,GAAA2C,KAAA;EAE/C;EACA;EACA,MAAMG,YAAY,GAAG3D,2BAA2B,CAACsD,MAAM,CAAC;EAExD,MAAM;IAAExB,QAAQ;IAAEe;EAAwB,CAAC,GAAG,MAAMlC,cAAc,CAChEC,aAAa,EACbC,yBAAyB,EACzB0C,YACF,CAAC;EAED,MAAMK,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEnD,aAAa,CAACmD,KAAK;IAC1BlB,uBAAuB;IACvBR,KAAK,EAAEzB,aAAa,CAACyB,KAAK;IAC1BP;EACF,CAAC,CAAC;EAEF,MAAMkC,SAAS,GAAG,MAAM,IAAIC,4BAAU,CAACL,oBAAoB,EAAE;IAC3DM,GAAG,EAAE,cAAc;IACnBC,GAAG,EAAE,eAAe;IACpBtC,GAAG,EAAE8B,YAAY,CAAC9B;EACpB,CAAC,CAAC,CAACuC,OAAO,CAACT,YAAY,CAAC;EAExB,MAAMU,QAAQ,GAAG,IAAIC,eAAe,CAAC;IAAEC,QAAQ,EAAEP;EAAU,CAAC,CAAC;EAC7D,MAAMQ,IAAI,GAAGH,QAAQ,CAACI,QAAQ,CAAC,CAAC;EAEhC,OAAOhB,QAAQ,CAAC7C,aAAa,CAAC2B,YAAY,EAAE;IAC1CmC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC7C,IAAI,CAAC,IAAAiD,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BjD,IAAI,CAAEkD,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBnD,IAAI,CAAClC,qBAAqB,CAACsF,KAAK,CAAC;AACtC,CAAC;AAAChF,OAAA,CAAAsD,yBAAA,GAAAA,yBAAA"}

package/lib/module/credential/presentation/04-send-authorization-response.js DELETED Viewed

@@ -1,128 +0,0 @@
-import { EncryptJwe, SignJWT } from "@pagopa/io-react-native-jwt";
-import { v4 as uuidv4 } from "uuid";
-import * as WalletInstanceAttestation from "../../wallet-instance-attestation";
-import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
-import { hasStatusOrThrow } from "../../utils/misc";
-import { disclose } from "../../sd-jwt";
-import * as z from "zod";
-export const AuthorizationResponse = z.object({
-  status: z.string(),
-  response_code: z.string() /**
-                            FIXME: [SIW-627] we expect this value from every RP implementation
-                            Actually some RP does not return the value
-                            We make it optional to not break the flow.
-                            */.optional()
-});
-/**
- * Choose an RSA public key from those offered by the RP for encryption.
- *
- * @param entity The RP entity configuration
- * @returns A suitable public key with its compatible encryption algorithm
- * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
- */
-const chooseRSAPublicKeyToEncrypt = entity => {
-  const [usingRsa256] = entity.wallet_relying_party.jwks.keys.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
-  if (usingRsa256) {
-    return usingRsa256;
-  }
-  // No suitable key has been found
-  throw new NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
-};
-/**
- * Generate a Verified Presentation token for a received request object within the context of an authorization request flow.
- * The presentation is created by revealing data from the provided credentials based on the requested claims.
- * Each Verified Credential is accompanied by the claims that the user consents to disclose from it.
- *
- * @todo: Allow for handling more than one Verified Credential.
- */
-const prepareVpToken = async (requestObject, walletInstanceAttestation, _ref) => {
-  let [vc, claims, cryptoCtx] = _ref;
-  // this throws if vc cannot satisfy all the requested claims
-  const {
-    token: vp,
-    paths
-  } = await disclose(vc, claims);
-  // obtain issuer from Wallet Instance
-  const {
-    payload: {
-      iss
-    }
-  } = WalletInstanceAttestation.decode(walletInstanceAttestation);
-  const pidKid = await cryptoCtx.getPublicKey().then(_ => _.kid);
-  // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
-  const vp_token = await new SignJWT(cryptoCtx).setProtectedHeader({
-    typ: "JWT",
-    kid: pidKid
-  }).setPayload({
-    vp: vp,
-    jti: `${uuidv4()}`,
-    iss,
-    nonce: requestObject.nonce
-  }).setAudience(requestObject.response_uri).setIssuedAt().setExpirationTime("1h").sign();
-  const vc_scope = requestObject.scope;
-  const presentation_submission = {
-    definition_id: `${uuidv4()}`,
-    id: `${uuidv4()}`,
-    descriptor_map: paths.map(p => ({
-      id: vc_scope,
-      path: `$.vp_token.${p.path}`,
-      format: "vc+sd-jwt"
-    }))
-  };
-  return {
-    vp_token,
-    presentation_submission
-  };
-};
-/**
- * Complete the presentation flow by sending the authorization response to the Relying Party
- *
- * @param requestObject The Request Object that describes the presentation
- * @param rpConf The Relying Party's configuration
- * @param presentation The presentation tuple consisting in the signed credential,
- * the list of claims to be disclosed, and the context to access the key that proves the holder binding
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The result of the presentation flow
- */
-export const sendAuthorizationResponse = async (requestObject, rpConf, presentation, _ref2) => {
-  let {
-    appFetch = fetch,
-    walletInstanceAttestation
-  } = _ref2;
-  // the request is an unsigned jws without iss, aud, exp
-  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
-  const rsaPublicJwk = chooseRSAPublicKeyToEncrypt(rpConf);
-  const {
-    vp_token,
-    presentation_submission
-  } = await prepareVpToken(requestObject, walletInstanceAttestation, presentation);
-  const authzResponsePayload = JSON.stringify({
-    state: requestObject.state,
-    presentation_submission,
-    nonce: requestObject.nonce,
-    vp_token
-  });
-  const encrypted = await new EncryptJwe(authzResponsePayload, {
-    alg: "RSA-OAEP-256",
-    enc: "A256CBC-HS512",
-    kid: rsaPublicJwk.kid
-  }).encrypt(rsaPublicJwk);
-  const formBody = new URLSearchParams({
-    response: encrypted
-  });
-  const body = formBody.toString();
-  return appFetch(requestObject.response_uri, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded"
-    },
-    body
-  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(AuthorizationResponse.parse);
-};
-//# sourceMappingURL=04-send-authorization-response.js.map

package/lib/module/credential/presentation/04-send-authorization-response.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["EncryptJwe","SignJWT","v4","uuidv4","WalletInstanceAttestation","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","disclose","z","AuthorizationResponse","object","status","string","response_code","optional","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","wallet_relying_party","jwks","keys","filter","jwk","use","kty","prepareVpToken","requestObject","walletInstanceAttestation","_ref","vc","claims","cryptoCtx","token","vp","paths","payload","iss","decode","pidKid","getPublicKey","then","_","kid","vp_token","setProtectedHeader","typ","setPayload","jti","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","rpConf","presentation","_ref2","appFetch","fetch","rsaPublicJwk","authzResponsePayload","JSON","stringify","state","encrypted","alg","enc","encrypt","formBody","URLSearchParams","response","body","toString","method","headers","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-send-authorization-response.ts"],"mappings":"AAAA,SAASA,UAAU,EAAEC,OAAO,QAAQ,6BAA6B;AACjE,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAE9E,SAASC,wCAAwC,QAAQ,UAAU;AACnE,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SAASC,QAAQ,QAAQ,cAAc;AAGvC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAGxB,OAAO,MAAMC,qBAAqB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAC5CC,MAAM,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBC,aAAa,EAAEL,CAAC,CACbI,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTE,QAAQ,CAAC;AACd,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,2BAA2B,GAC/BC,MAAgD,IACxC;EACR,MAAM,CAACC,WAAW,CAAC,GAAGD,MAAM,CAACE,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACC,MAAM,CAC/DC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAED,IAAIP,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAIZ,wCAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMoB,cAAc,GAAG,MAAAA,CACrBC,aAAqD,EACrDC,yBAAiC,EAAAC,IAAA,KAK7B;EAAA,IAJJ,CAACC,EAAE,EAAEC,MAAM,EAAEC,SAAS,CAAe,GAAAH,IAAA;EAKrC;EACA,MAAM;IAAEI,KAAK,EAAEC,EAAE;IAAEC;EAAM,CAAC,GAAG,MAAM3B,QAAQ,CAACsB,EAAE,EAAEC,MAAM,CAAC;;EAEvD;EACA,MAAM;IACJK,OAAO,EAAE;MAAEC;IAAI;EACjB,CAAC,GAAGhC,yBAAyB,CAACiC,MAAM,CAACV,yBAAyB,CAAC;EAE/D,MAAMW,MAAM,GAAG,MAAMP,SAAS,CAACQ,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;;EAEhE;EACA,MAAMC,QAAQ,GAAG,MAAM,IAAI1C,OAAO,CAAC8B,SAAS,CAAC,CAC1Ca,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVH,GAAG,EAAEJ;EACP,CAAC,CAAC,CACDQ,UAAU,CAAC;IACVb,EAAE,EAAEA,EAAE;IACNc,GAAG,EAAG,GAAE5C,MAAM,CAAC,CAAE,EAAC;IAClBiC,GAAG;IACHY,KAAK,EAAEtB,aAAa,CAACsB;EACvB,CAAC,CAAC,CACDC,WAAW,CAACvB,aAAa,CAACwB,YAAY,CAAC,CACvCC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,QAAQ,GAAG5B,aAAa,CAAC6B,KAAK;EACpC,MAAMC,uBAAuB,GAAG;IAC9BC,aAAa,EAAG,GAAEtD,MAAM,CAAC,CAAE,EAAC;IAC5BuD,EAAE,EAAG,GAAEvD,MAAM,CAAC,CAAE,EAAC;IACjBwD,cAAc,EAAEzB,KAAK,CAAC0B,GAAG,CAAEC,CAAC,KAAM;MAChCH,EAAE,EAAEJ,QAAQ;MACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;MAC5BC,MAAM,EAAE;IACV,CAAC,CAAC;EACJ,CAAC;EAED,OAAO;IAAEpB,QAAQ;IAAEa;EAAwB,CAAC;AAC9C,CAAC;AAYD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,yBAAoD,GAAG,MAAAA,CAClEtC,aAAa,EACbuC,MAAM,EACNC,YAAY,EAAAC,KAAA,KAEuB;EAAA,IADnC;IAAEC,QAAQ,GAAGC,KAAK;IAAE1C;EAA0B,CAAC,GAAAwC,KAAA;EAE/C;EACA;EACA,MAAMG,YAAY,GAAGvD,2BAA2B,CAACkD,MAAM,CAAC;EAExD,MAAM;IAAEtB,QAAQ;IAAEa;EAAwB,CAAC,GAAG,MAAM/B,cAAc,CAChEC,aAAa,EACbC,yBAAyB,EACzBuC,YACF,CAAC;EAED,MAAMK,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEhD,aAAa,CAACgD,KAAK;IAC1BlB,uBAAuB;IACvBR,KAAK,EAAEtB,aAAa,CAACsB,KAAK;IAC1BL;EACF,CAAC,CAAC;EAEF,MAAMgC,SAAS,GAAG,MAAM,IAAI3E,UAAU,CAACuE,oBAAoB,EAAE;IAC3DK,GAAG,EAAE,cAAc;IACnBC,GAAG,EAAE,eAAe;IACpBnC,GAAG,EAAE4B,YAAY,CAAC5B;EACpB,CAAC,CAAC,CAACoC,OAAO,CAACR,YAAY,CAAC;EAExB,MAAMS,QAAQ,GAAG,IAAIC,eAAe,CAAC;IAAEC,QAAQ,EAAEN;EAAU,CAAC,CAAC;EAC7D,MAAMO,IAAI,GAAGH,QAAQ,CAACI,QAAQ,CAAC,CAAC;EAEhC,OAAOf,QAAQ,CAAC1C,aAAa,CAACwB,YAAY,EAAE;IAC1CkC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC1C,IAAI,CAAClC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BkC,IAAI,CAAE8C,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzB/C,IAAI,CAAC/B,qBAAqB,CAAC+E,KAAK,CAAC;AACtC,CAAC"}

package/lib/typescript/credential/presentation/04-send-authorization-response.d.ts DELETED Viewed

@@ -1,34 +0,0 @@
-import { type Out } from "../../utils/misc";
-import type { GetRequestObject } from "./03-get-request-object";
-import type { EvaluateRelyingPartyTrust } from "./02-evaluate-rp-trust";
-import { type Presentation } from "./types";
-import * as z from "zod";
-export type AuthorizationResponse = z.infer<typeof AuthorizationResponse>;
-export declare const AuthorizationResponse: z.ZodObject<{
-    status: z.ZodString;
-    response_code: z.ZodOptional<z.ZodString>;
-}, "strip", z.ZodTypeAny, {
-    status: string;
-    response_code?: string | undefined;
-}, {
-    status: string;
-    response_code?: string | undefined;
-}>;
-export type SendAuthorizationResponse = (requestObject: Out<GetRequestObject>["requestObject"], rpConf: Out<EvaluateRelyingPartyTrust>["rpConf"], presentation: Presentation, // TODO: [SIW-353] support multiple presentations
-context: {
-    walletInstanceAttestation: string;
-    appFetch?: GlobalFetch["fetch"];
-}) => Promise<AuthorizationResponse>;
-/**
- * Complete the presentation flow by sending the authorization response to the Relying Party
- *
- * @param requestObject The Request Object that describes the presentation
- * @param rpConf The Relying Party's configuration
- * @param presentation The presentation tuple consisting in the signed credential,
- * the list of claims to be disclosed, and the context to access the key that proves the holder binding
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The result of the presentation flow
- */
-export declare const sendAuthorizationResponse: SendAuthorizationResponse;
-//# sourceMappingURL=04-send-authorization-response.d.ts.map

package/lib/typescript/credential/presentation/04-send-authorization-response.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"04-send-authorization-response.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/04-send-authorization-response.ts"],"names":[],"mappings":"AAKA,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAEhE,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AACxE,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAC1E,eAAO,MAAM,qBAAqB;;;;;;;;;EAShC,CAAC;AAkFH,MAAM,MAAM,yBAAyB,GAAG,CACtC,aAAa,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,eAAe,CAAC,EACrD,MAAM,EAAE,GAAG,CAAC,yBAAyB,CAAC,CAAC,QAAQ,CAAC,EAChD,YAAY,EAAE,YAAY,EAAE,iDAAiD;AAC7E,OAAO,EAAE;IACP,yBAAyB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC,qBAAqB,CAAC,CAAC;AAEpC;;;;;;;;;;GAUG;AACH,eAAO,MAAM,yBAAyB,EAAE,yBA0CvC,CAAC"}

package/src/credential/presentation/04-send-authorization-response.ts DELETED Viewed

@@ -1,168 +0,0 @@
-import { EncryptJwe, SignJWT } from "@pagopa/io-react-native-jwt";
-import { v4 as uuidv4 } from "uuid";
-import * as WalletInstanceAttestation from "../../wallet-instance-attestation";
-import type { JWK } from "@pagopa/io-react-native-jwt/lib/typescript/types";
-import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
-import { hasStatusOrThrow, type Out } from "../../utils/misc";
-import type { GetRequestObject } from "./03-get-request-object";
-import { disclose } from "../../sd-jwt";
-import type { EvaluateRelyingPartyTrust } from "./02-evaluate-rp-trust";
-import { type Presentation } from "./types";
-import * as z from "zod";
-export type AuthorizationResponse = z.infer<typeof AuthorizationResponse>;
-export const AuthorizationResponse = z.object({
-  status: z.string(),
-  response_code: z
-    .string() /**
-      FIXME: [SIW-627] we expect this value from every RP implementation
-      Actually some RP does not return the value
-      We make it optional to not break the flow.
-    */
-    .optional(),
-});
-/**
- * Choose an RSA public key from those offered by the RP for encryption.
- *
- * @param entity The RP entity configuration
- * @returns A suitable public key with its compatible encryption algorithm
- * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
- */
-const chooseRSAPublicKeyToEncrypt = (
-  entity: Out<EvaluateRelyingPartyTrust>["rpConf"]
-): JWK => {
-  const [usingRsa256] = entity.wallet_relying_party.jwks.keys.filter(
-    (jwk) => jwk.use === "enc" && jwk.kty === "RSA"
-  );
-  if (usingRsa256) {
-    return usingRsa256;
-  }
-  // No suitable key has been found
-  throw new NoSuitableKeysFoundInEntityConfiguration(
-    "Encrypt with RP public key"
-  );
-};
-/**
- * Generate a Verified Presentation token for a received request object within the context of an authorization request flow.
- * The presentation is created by revealing data from the provided credentials based on the requested claims.
- * Each Verified Credential is accompanied by the claims that the user consents to disclose from it.
- *
- * @todo: Allow for handling more than one Verified Credential.
- */
-const prepareVpToken = async (
-  requestObject: Out<GetRequestObject>["requestObject"],
-  walletInstanceAttestation: string,
-  [vc, claims, cryptoCtx]: Presentation // TODO: [SIW-353] support multiple presentations,
-): Promise<{
-  vp_token: string;
-  presentation_submission: Record<string, unknown>;
-}> => {
-  // this throws if vc cannot satisfy all the requested claims
-  const { token: vp, paths } = await disclose(vc, claims);
-  // obtain issuer from Wallet Instance
-  const {
-    payload: { iss },
-  } = WalletInstanceAttestation.decode(walletInstanceAttestation);
-  const pidKid = await cryptoCtx.getPublicKey().then((_) => _.kid);
-  // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
-  const vp_token = await new SignJWT(cryptoCtx)
-    .setProtectedHeader({
-      typ: "JWT",
-      kid: pidKid,
-    })
-    .setPayload({
-      vp: vp,
-      jti: `${uuidv4()}`,
-      iss,
-      nonce: requestObject.nonce,
-    })
-    .setAudience(requestObject.response_uri)
-    .setIssuedAt()
-    .setExpirationTime("1h")
-    .sign();
-  const vc_scope = requestObject.scope;
-  const presentation_submission = {
-    definition_id: `${uuidv4()}`,
-    id: `${uuidv4()}`,
-    descriptor_map: paths.map((p) => ({
-      id: vc_scope,
-      path: `$.vp_token.${p.path}`,
-      format: "vc+sd-jwt",
-    })),
-  };
-  return { vp_token, presentation_submission };
-};
-export type SendAuthorizationResponse = (
-  requestObject: Out<GetRequestObject>["requestObject"],
-  rpConf: Out<EvaluateRelyingPartyTrust>["rpConf"],
-  presentation: Presentation, // TODO: [SIW-353] support multiple presentations
-  context: {
-    walletInstanceAttestation: string;
-    appFetch?: GlobalFetch["fetch"];
-  }
-) => Promise<AuthorizationResponse>;
-/**
- * Complete the presentation flow by sending the authorization response to the Relying Party
- *
- * @param requestObject The Request Object that describes the presentation
- * @param rpConf The Relying Party's configuration
- * @param presentation The presentation tuple consisting in the signed credential,
- * the list of claims to be disclosed, and the context to access the key that proves the holder binding
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The result of the presentation flow
- */
-export const sendAuthorizationResponse: SendAuthorizationResponse = async (
-  requestObject,
-  rpConf,
-  presentation,
-  { appFetch = fetch, walletInstanceAttestation }
-): Promise<AuthorizationResponse> => {
-  // the request is an unsigned jws without iss, aud, exp
-  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
-  const rsaPublicJwk = chooseRSAPublicKeyToEncrypt(rpConf);
-  const { vp_token, presentation_submission } = await prepareVpToken(
-    requestObject,
-    walletInstanceAttestation,
-    presentation
-  );
-  const authzResponsePayload = JSON.stringify({
-    state: requestObject.state,
-    presentation_submission,
-    nonce: requestObject.nonce,
-    vp_token,
-  });
-  const encrypted = await new EncryptJwe(authzResponsePayload, {
-    alg: "RSA-OAEP-256",
-    enc: "A256CBC-HS512",
-    kid: rsaPublicJwk.kid,
-  }).encrypt(rsaPublicJwk);
-  const formBody = new URLSearchParams({ response: encrypted });
-  const body = formBody.toString();
-  return appFetch(requestObject.response_uri, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded",
-    },
-    body,
-  })
-    .then(hasStatusOrThrow(200))
-    .then((res) => res.json())
-    .then(AuthorizationResponse.parse);
-};