npm - @pagopa/io-react-native-wallet - Versions diffs - 0.28.0 → 0.28.1 - Mend

@pagopa/io-react-native-wallet 0.28.0 → 0.28.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (132) hide show

package/lib/module/credential/presentation/08-send-authorization-response.js ADDED Viewed

@@ -0,0 +1,158 @@
+import { EncryptJwe } from "@pagopa/io-react-native-jwt";
+import uuid from "react-native-uuid";
+import { getJwksFromConfig } from "./04-retrieve-rp-jwks";
+import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
+import { hasStatusOrThrow } from "../../utils/misc";
+import * as z from "zod";
+export const AuthorizationResponse = z.object({
+  status: z.string().optional(),
+  response_code: z.string() /**
+                            FIXME: [SIW-627] we expect this value from every RP implementation
+                            Actually some RP does not return the value
+                            We make it optional to not break the flow.
+                            */.optional(),
+  redirect_uri: z.string().optional()
+});
+/**
+ * Selects a public key (with `use = enc`) from the set of JWK keys
+ * offered by the Relying Party (RP) for encryption.
+ *
+ * @param rpJwkKeys - The array of JWKs retrieved from the RP entity configuration.
+ * @returns The first suitable public key found in the list.
+ * @throws {NoSuitableKeysFoundInEntityConfiguration} If no suitable encryption key is found.
+ */
+export const choosePublicKeyToEncrypt = rpJwkKeys => {
+  const encKey = rpJwkKeys.find(jwk => jwk.use === "enc");
+  if (encKey) {
+    return encKey;
+  }
+  // No suitable key found
+  throw new NoSuitableKeysFoundInEntityConfiguration("No suitable public key found for encryption.");
+};
+/**
+ * Builds a URL-encoded form body for a direct POST response using JWT encryption.
+ *
+ * @param jwkKeys - Array of JWKs from the Relying Party for encryption.
+ * @param requestObject - Contains state, nonce, and other relevant info.
+ * @param payload - Object that contains the VP token to encrypt and the mapping of the credential disclosures
+ * @returns A URL-encoded string for an `application/x-www-form-urlencoded` POST body, where `response` contains the encrypted JWE.
+ */
+export const buildDirectPostJwtBody = async (requestObject, rpConf, payload) => {
+  // Prepare the authorization response payload to be encrypted
+  const authzResponsePayload = JSON.stringify({
+    state: requestObject.state,
+    ...payload
+  });
+  // Choose a suitable public key for encryption
+  const {
+    keys
+  } = getJwksFromConfig(rpConf.metadata);
+  const encPublicJwk = choosePublicKeyToEncrypt(keys);
+  // Encrypt the authorization payload
+  const {
+    authorization_encrypted_response_alg,
+    authorization_encrypted_response_enc
+  } = rpConf.metadata.openid_credential_verifier;
+  const encryptedResponse = await new EncryptJwe(authzResponsePayload, {
+    alg: authorization_encrypted_response_alg || "RSA-OAEP-256",
+    enc: authorization_encrypted_response_enc || "A256CBC-HS512",
+    kid: encPublicJwk.kid
+  }).encrypt(encPublicJwk);
+  // Build the x-www-form-urlencoded form body
+  const formBody = new URLSearchParams({
+    response: encryptedResponse,
+    ...(requestObject.state ? {
+      state: requestObject.state
+    } : {})
+  });
+  return formBody.toString();
+};
+/**
+ * Type definition for the function that sends the authorization response
+ * to the Relying Party, completing the presentation flow.
+ * Use with `presentation_definition`.
+ * @deprecated Use `sendAuthorizationResponse`
+ */
+/**
+ * Sends the authorization response to the Relying Party (RP) using the specified `response_mode`.
+ * This function completes the presentation flow in an OpenID 4 Verifiable Presentations scenario.
+ *
+ * @param requestObject - The request details, including presentation requirements.
+ * @param presentationDefinition - The definition of the expected presentation.
+ * @param jwkKeys - Array of JWKs from the Relying Party for optional encryption.
+ * @param presentation - Tuple with verifiable credential, claims, and crypto context.
+ * @param context - Contains optional custom fetch implementation.
+ * @returns Parsed and validated authorization response from the Relying Party.
+ */
+export const sendLegacyAuthorizationResponse = async function (requestObject, presentationDefinitionId, remotePresentations, rpConf) {
+  var _remotePresentations$;
+  let {
+    appFetch = fetch
+  } = arguments.length > 4 && arguments[4] !== undefined ? arguments[4] : {};
+  /**
+   * 1. Prepare the VP token and presentation submission
+   * If there is only one credential, `vpToken` is a single string.
+   * If there are multiple credential, `vpToken` is an array of string.
+   **/
+  const vp_token = (remotePresentations === null || remotePresentations === void 0 ? void 0 : remotePresentations.length) === 1 ? (_remotePresentations$ = remotePresentations[0]) === null || _remotePresentations$ === void 0 ? void 0 : _remotePresentations$.vpToken : remotePresentations.map(remotePresentation => remotePresentation.vpToken);
+  const descriptor_map = remotePresentations.map((remotePresentation, index) => ({
+    id: remotePresentation.inputDescriptor.id,
+    path: remotePresentations.length === 1 ? `$` : `$[${index}]`,
+    format: remotePresentation.format
+  }));
+  const presentation_submission = {
+    id: uuid.v4(),
+    definition_id: presentationDefinitionId,
+    descriptor_map
+  };
+  const requestBody = await buildDirectPostJwtBody(requestObject, rpConf, {
+    vp_token,
+    presentation_submission
+  });
+  // 3. Send the authorization response via HTTP POST and validate the response
+  return await appFetch(requestObject.response_uri, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded"
+    },
+    body: requestBody
+  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(AuthorizationResponse.parse);
+};
+/**
+ * Type definition for the function that sends the authorization response
+ * to the Relying Party, completing the presentation flow.
+ * Use with DCQL queries.
+ */
+export const sendAuthorizationResponse = async function (requestObject, remotePresentations, rpConf) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {};
+  // 1. Prepare the VP token as a JSON object with keys corresponding to the DCQL query credential IDs
+  const requestBody = await buildDirectPostJwtBody(requestObject, rpConf, {
+    vp_token: remotePresentations.reduce((acc, presentation) => ({
+      ...acc,
+      [presentation.credentialId]: presentation.vpToken
+    }), {})
+  });
+  // 2. Send the authorization response via HTTP POST and validate the response
+  return await appFetch(requestObject.response_uri, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded"
+    },
+    body: requestBody
+  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(AuthorizationResponse.parse);
+};
+//# sourceMappingURL=08-send-authorization-response.js.map

package/lib/module/credential/presentation/08-send-authorization-response.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["EncryptJwe","uuid","getJwksFromConfig","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","z","AuthorizationResponse","object","status","string","optional","response_code","redirect_uri","choosePublicKeyToEncrypt","rpJwkKeys","encKey","find","jwk","use","buildDirectPostJwtBody","requestObject","rpConf","payload","authzResponsePayload","JSON","stringify","state","keys","metadata","encPublicJwk","authorization_encrypted_response_alg","authorization_encrypted_response_enc","openid_credential_verifier","encryptedResponse","alg","enc","kid","encrypt","formBody","URLSearchParams","response","toString","sendLegacyAuthorizationResponse","presentationDefinitionId","remotePresentations","_remotePresentations$","appFetch","fetch","arguments","length","undefined","vp_token","vpToken","map","remotePresentation","descriptor_map","index","id","inputDescriptor","path","format","presentation_submission","v4","definition_id","requestBody","response_uri","method","headers","body","then","res","json","parse","sendAuthorizationResponse","reduce","acc","presentation","credentialId"],"sourceRoot":"../../../../src","sources":["credential/presentation/08-send-authorization-response.ts"],"mappings":"AAAA,SAASA,UAAU,QAAQ,6BAA6B;AACxD,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,iBAAiB,QAAwB,uBAAuB;AAEzE,SAASC,wCAAwC,QAAQ,UAAU;AACnE,SAASC,gBAAgB,QAAkB,kBAAkB;AAO7D,OAAO,KAAKC,CAAC,MAAM,KAAK;AAKxB,OAAO,MAAMC,qBAAqB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAC5CC,MAAM,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC7BC,aAAa,EAAEN,CAAC,CACbI,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTC,QAAQ,CAAC,CAAC;EACbE,YAAY,EAAEP,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC;AACpC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMG,wBAAwB,GACnCC,SAAiC,IACzB;EACR,MAAMC,MAAM,GAAGD,SAAS,CAACE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,CAAC;EAEzD,IAAIH,MAAM,EAAE;IACV,OAAOA,MAAM;EACf;;EAEA;EACA,MAAM,IAAIZ,wCAAwC,CAChD,8CACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMgB,sBAAsB,GAAG,MAAAA,CACpCC,aAAwD,EACxDC,MAAkD,EAClDC,OAA8E,KAC1D;EAGpB;EACA,MAAMC,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEN,aAAa,CAACM,KAAK;IAC1B,GAAGJ;EACL,CAAC,CAAC;;EAEF;EACA,MAAM;IAAEK;EAAK,CAAC,GAAGzB,iBAAiB,CAACmB,MAAM,CAACO,QAAQ,CAAC;EACnD,MAAMC,YAAY,GAAGhB,wBAAwB,CAACc,IAAI,CAAC;;EAEnD;EACA,MAAM;IACJG,oCAAoC;IACpCC;EACF,CAAC,GAAGV,MAAM,CAACO,QAAQ,CAACI,0BAA0B;EAE9C,MAAMC,iBAAiB,GAAG,MAAM,IAAIjC,UAAU,CAACuB,oBAAoB,EAAE;IACnEW,GAAG,EAAGJ,oCAAoC,IAAmB,cAAc;IAC3EK,GAAG,EACAJ,oCAAoC,IAAmB,eAAe;IACzEK,GAAG,EAAEP,YAAY,CAACO;EACpB,CAAC,CAAC,CAACC,OAAO,CAACR,YAAY,CAAC;;EAExB;EACA,MAAMS,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCC,QAAQ,EAAEP,iBAAiB;IAC3B,IAAIb,aAAa,CAACM,KAAK,GAAG;MAAEA,KAAK,EAAEN,aAAa,CAACM;IAAM,CAAC,GAAG,CAAC,CAAC;EAC/D,CAAC,CAAC;EACF,OAAOY,QAAQ,CAACG,QAAQ,CAAC,CAAC;AAC5B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;;AAWA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,+BAAgE,GAC3E,eAAAA,CACEtB,aAAa,EACbuB,wBAAwB,EACxBC,mBAAmB,EACnBvB,MAAM,EAE6B;EAAA,IAAAwB,qBAAA;EAAA,IADnC;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB;AACJ;AACA;AACA;AACA;EACI,MAAMG,QAAQ,GACZ,CAAAP,mBAAmB,aAAnBA,mBAAmB,uBAAnBA,mBAAmB,CAAEK,MAAM,MAAK,CAAC,IAAAJ,qBAAA,GAC7BD,mBAAmB,CAAC,CAAC,CAAC,cAAAC,qBAAA,uBAAtBA,qBAAA,CAAwBO,OAAO,GAC/BR,mBAAmB,CAACS,GAAG,CACpBC,kBAAkB,IAAKA,kBAAkB,CAACF,OAC7C,CAAC;EAEP,MAAMG,cAAc,GAAGX,mBAAmB,CAACS,GAAG,CAC5C,CAACC,kBAAkB,EAAEE,KAAK,MAAM;IAC9BC,EAAE,EAAEH,kBAAkB,CAACI,eAAe,CAACD,EAAE;IACzCE,IAAI,EAAEf,mBAAmB,CAACK,MAAM,KAAK,CAAC,GAAI,GAAE,GAAI,KAAIO,KAAM,GAAE;IAC5DI,MAAM,EAAEN,kBAAkB,CAACM;EAC7B,CAAC,CACH,CAAC;EAED,MAAMC,uBAAuB,GAAG;IAC9BJ,EAAE,EAAExD,IAAI,CAAC6D,EAAE,CAAC,CAAC;IACbC,aAAa,EAAEpB,wBAAwB;IACvCY;EACF,CAAC;EAED,MAAMS,WAAW,GAAG,MAAM7C,sBAAsB,CAACC,aAAa,EAAEC,MAAM,EAAE;IACtE8B,QAAQ;IACRU;EACF,CAAC,CAAC;;EAEF;EACA,OAAO,MAAMf,QAAQ,CAAC1B,aAAa,CAAC6C,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEJ;EACR,CAAC,CAAC,CACCK,IAAI,CAACjE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BiE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAC/D,qBAAqB,CAACkE,KAAK,CAAC;AACtC,CAAC;;AAEH;AACA;AACA;AACA;AACA;;AAUA,OAAO,MAAMC,yBAAoD,GAAG,eAAAA,CAClErD,aAAa,EACbwB,mBAAmB,EACnBvB,MAAM,EAE6B;EAAA,IADnC;IAAEyB,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB;EACA,MAAMgB,WAAW,GAAG,MAAM7C,sBAAsB,CAACC,aAAa,EAAEC,MAAM,EAAE;IACtE8B,QAAQ,EAAEP,mBAAmB,CAAC8B,MAAM,CAClC,CAACC,GAAG,EAAEC,YAAY,MAAM;MACtB,GAAGD,GAAG;MACN,CAACC,YAAY,CAACC,YAAY,GAAGD,YAAY,CAACxB;IAC5C,CAAC,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC;;EAEF;EACA,OAAO,MAAMN,QAAQ,CAAC1B,aAAa,CAAC6C,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEJ;EACR,CAAC,CAAC,CACCK,IAAI,CAACjE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BiE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAC/D,qBAAqB,CAACkE,KAAK,CAAC;AACtC,CAAC"}

package/lib/module/credential/presentation/errors.js CHANGED Viewed

@@ -39,4 +39,68 @@ export class NoSuitableKeysFoundInEntityConfiguration extends IoWalletError {
     super(message);
   }
 }
+/**
+ * When a QR code is not valid.
+ *
+ */
+export class InvalidQRCodeError extends IoWalletError {
+  code = "ERR_INVALID_QR_CODE";
+  /**
+   * @param detail A description of why the QR code is considered invalid.
+   */
+  constructor(detail) {
+    const message = `QR code is not valid: ${detail}.`;
+    super(message);
+  }
+}
+/**
+ * When the entity is unverified because the Relying Party is not trusted.
+ *
+ */
+export class UnverifiedEntityError extends IoWalletError {
+  code = "ERR_UNVERIFIED_RP_ENTITY";
+  /**
+   * @param reason A description of why the entity cannot be verified.
+   */
+  constructor(reason) {
+    const message = `Unverified entity: ${reason}.`;
+    super(message);
+  }
+}
+/**
+ * When some required data is missing to continue because certain attributes are not contained inside the wallet.
+ *
+ */
+export class MissingDataError extends IoWalletError {
+  code = "ERR_MISSING_DATA";
+  /**
+   * @param missingAttributes An array or description of the attributes that are missing.
+   */
+  constructor(missingAttributes) {
+    const message = `Some required data is missing: ${missingAttributes}.`;
+    super(message);
+  }
+}
+/**
+ * When a credential is not found in the wallet.
+ *
+ */
+export class CredentialNotFoundError extends IoWalletError {
+  code = "ERR_CREDENTIAL_NOT_FOUND";
+  /**
+   * @param credentialId The ID of the credential that was not found.
+   */
+  constructor(credentialId) {
+    const message = `Credential not found: ${credentialId}.`;
+    super(message);
+  }
+}
 //# sourceMappingURL=errors.js.map

package/lib/module/credential/presentation/errors.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["IoWalletError","serializeAttrs","AuthRequestDecodeError","code","constructor","message","claim","arguments","length","undefined","reason","NoSuitableKeysFoundInEntityConfiguration","scenario"],"sourceRoot":"../../../../src","sources":["credential/presentation/errors.ts"],"mappings":"AAAA,SAASA,aAAa,EAAEC,cAAc,QAAQ,oBAAoB;;AAElE;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,SAASF,aAAa,CAAC;EACxDG,IAAI,GAAG,oDAAoD;;EAE3D;;EAGA;;EAGAC,WAAWA,CACTC,OAAe,EAGf;IAAA,IAFAC,KAAa,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAC7BG,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAE9B,KAAK,CAACN,cAAc,CAAC;MAAEI,OAAO;MAAEC,KAAK;MAAEI;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACJ,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMC,wCAAwC,SAASX,aAAa,CAAC;EAC1EG,IAAI,GAAG,gCAAgC;;EAEvC;AACF;AACA;EACEC,WAAWA,CAACQ,QAAgB,EAAE;IAC5B,MAAMP,OAAO,GAAI,0DAAyDO,QAAS,IAAG;IACtF,KAAK,CAACP,OAAO,CAAC;EAChB;AACF"}
1	+ {"version":3,"names":["IoWalletError","serializeAttrs","AuthRequestDecodeError","code","constructor","message","claim","arguments","length","undefined","reason","NoSuitableKeysFoundInEntityConfiguration","scenario","InvalidQRCodeError","detail","UnverifiedEntityError","MissingDataError","missingAttributes","CredentialNotFoundError","credentialId"],"sourceRoot":"../../../../src","sources":["credential/presentation/errors.ts"],"mappings":"AAAA,SAASA,aAAa,EAAEC,cAAc,QAAQ,oBAAoB;;AAElE;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,SAASF,aAAa,CAAC;EACxDG,IAAI,GAAG,oDAAoD;;EAE3D;;EAGA;;EAGAC,WAAWA,CACTC,OAAe,EAGf;IAAA,IAFAC,KAAa,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAC7BG,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAE9B,KAAK,CAACN,cAAc,CAAC;MAAEI,OAAO;MAAEC,KAAK;MAAEI;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACJ,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMC,wCAAwC,SAASX,aAAa,CAAC;EAC1EG,IAAI,GAAG,gCAAgC;;EAEvC;AACF;AACA;EACEC,WAAWA,CAACQ,QAAgB,EAAE;IAC5B,MAAMP,OAAO,GAAI,0DAAyDO,QAAS,IAAG;IACtF,KAAK,CAACP,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,kBAAkB,SAASb,aAAa,CAAC;EACpDG,IAAI,GAAG,qBAAqB;;EAE5B;AACF;AACA;EACEC,WAAWA,CAACU,MAAc,EAAE;IAC1B,MAAMT,OAAO,GAAI,yBAAwBS,MAAO,GAAE;IAClD,KAAK,CAACT,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMU,qBAAqB,SAASf,aAAa,CAAC;EACvDG,IAAI,GAAG,0BAA0B;;EAEjC;AACF;AACA;EACEC,WAAWA,CAACM,MAAc,EAAE;IAC1B,MAAML,OAAO,GAAI,sBAAqBK,MAAO,GAAE;IAC/C,KAAK,CAACL,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMW,gBAAgB,SAAShB,aAAa,CAAC;EAClDG,IAAI,GAAG,kBAAkB;;EAEzB;AACF;AACA;EACEC,WAAWA,CAACa,iBAAyB,EAAE;IACrC,MAAMZ,OAAO,GAAI,kCAAiCY,iBAAkB,GAAE;IACtE,KAAK,CAACZ,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMa,uBAAuB,SAASlB,aAAa,CAAC;EACzDG,IAAI,GAAG,0BAA0B;;EAEjC;AACF;AACA;EACEC,WAAWA,CAACe,YAAoB,EAAE;IAChC,MAAMd,OAAO,GAAI,yBAAwBc,YAAa,GAAE;IACxD,KAAK,CAACd,OAAO,CAAC;EAChB;AACF"}

package/lib/module/credential/presentation/index.js CHANGED Viewed

@@ -1,7 +1,11 @@
 import { startFlowFromQR } from "./01-start-flow";
 import { evaluateRelyingPartyTrust } from "./02-evaluate-rp-trust";
 import { getRequestObject } from "./03-get-request-object";
-import { sendAuthorizationResponse } from "./04-send-authorization-response";
+import { getJwksFromConfig } from "./04-retrieve-rp-jwks";
+import { verifyRequestObject } from "./05-verify-request-object";
+import { fetchPresentDefinition } from "./06-fetch-presentation-definition";
+import { evaluateInputDescriptorForSdJwt4VC } from "./07-evaluate-input-descriptor";
+import { sendAuthorizationResponse } from "./08-send-authorization-response";
 import * as Errors from "./errors";
-export { startFlowFromQR, evaluateRelyingPartyTrust, getRequestObject, sendAuthorizationResponse, Errors };
+export { startFlowFromQR, evaluateRelyingPartyTrust, getRequestObject, getJwksFromConfig, verifyRequestObject, fetchPresentDefinition, evaluateInputDescriptorForSdJwt4VC, sendAuthorizationResponse, Errors };
 //# sourceMappingURL=index.js.map

package/lib/module/credential/presentation/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["startFlowFromQR","evaluateRelyingPartyTrust","getRequestObject","sendAuthorizationResponse","Errors"],"sourceRoot":"../../../../src","sources":["credential/presentation/index.ts"],"mappings":"AAAA,SAASA,eAAe,QAAwB,iBAAiB;AACjE,SACEC,yBAAyB,QAEpB,wBAAwB;AAC/B,SACEC,gBAAgB,QAEX,yBAAyB;AAChC,SACEC,yBAAyB,QAEpB,kCAAkC;AACzC,OAAO,KAAKC,MAAM,MAAM,UAAU;AAElC,~~SACEJ~~,eAAe,EACfC,yBAAyB,EACzBC,gBAAgB,EAChBC,yBAAyB,EACzBC,MAAM"}
1	+ {"version":3,"names":["startFlowFromQR","evaluateRelyingPartyTrust","getRequestObject","getJwksFromConfig","verifyRequestObject","fetchPresentDefinition","evaluateInputDescriptorForSdJwt4VC","sendAuthorizationResponse","Errors"],"sourceRoot":"../../../../src","sources":["credential/presentation/index.ts"],"mappings":"AAAA,SAASA,eAAe,QAAwB,iBAAiB;AACjE,SACEC,yBAAyB,QAEpB,wBAAwB;AAC/B,SACEC,gBAAgB,QAEX,yBAAyB;AAChC,SAASC,iBAAiB,QAAwB,uBAAuB;AACzE,SACEC,mBAAmB,QAEd,4BAA4B;AACnC,SACEC,sBAAsB,QAEjB,oCAAoC;AAC3C,SACEC,kCAAkC,QAE7B,gCAAgC;AACvC,SACEC,yBAAyB,QAEpB,kCAAkC;AACzC,OAAO,KAAKC,MAAM,MAAM,UAAU;AAElC,SACER,eAAe,EACfC,yBAAyB,EACzBC,gBAAgB,EAChBC,iBAAiB,EACjBC,mBAAmB,EACnBC,sBAAsB,EACtBC,kCAAkC,EAClCC,yBAAyB,EACzBC,MAAM"}

package/lib/module/credential/presentation/types.js CHANGED Viewed

@@ -5,6 +5,80 @@ import * as z from "zod";
  * A pair that associate a tokenized Verified Credential with the claims presented or requested to present.
  */
+/**
+ * A object that associate the information needed to multiple remote presentation
+ * Used with `presentation_definition`
+ * @deprecated Use `RemotePresentation`
+ */
+/**
+ * A object that associate the information needed to multiple remote presentation
+ * Used with DCQL queries
+ */
+const Fields = z.object({
+  path: z.array(z.string().min(1)),
+  // Array of JSONPath string expressions
+  id: z.string().optional(),
+  // Unique string ID
+  purpose: z.string().optional(),
+  // Purpose of the field
+  name: z.string().optional(),
+  // Human-friendly name
+  filter: z.any().optional(),
+  // JSON Schema descriptor for filtering
+  optional: z.boolean().optional(),
+  // Boolean indicating if the field is optional
+  intent_to_retain: z.boolean().optional() // Boolean indicating that the Verifier intends to retain the Claim's data being requested
+});
+// Define the Constraints Object Schema
+const Constraints = z.object({
+  fields: z.array(Fields).optional(),
+  // Array of Field Objects
+  limit_disclosure: z.enum(["required", "preferred"]).optional() // Limit disclosure property
+});
+// Define the Input Descriptor Object Schema
+export const InputDescriptor = z.object({
+  id: z.string().min(1),
+  // Mandatory unique string ID
+  name: z.string().optional(),
+  // Human-friendly name
+  purpose: z.string().optional(),
+  // Purpose of the schema
+  format: z.record(z.string(), z.any()).optional(),
+  // Object with Claim Format Designations
+  constraints: Constraints,
+  // Constraints Object (mandatory)
+  group: z.string().optional() // Match one of the grouping strings listed in the "from" values of a Submission Requirement Rule
+});
+const SubmissionRequirement = z.object({
+  name: z.string().optional(),
+  purpose: z.string().optional(),
+  rule: z.string(),
+  // "all": all group's rules must be present, or "pick": at least group's "count" rules must be present
+  from: z.string().optional(),
+  // MUST contain either a "from" or "from_nested" property
+  from_nested: z.array(z.object({
+    name: z.string().optional(),
+    purpose: z.string().optional(),
+    rule: z.string(),
+    from: z.string()
+  })).optional(),
+  count: z.number().optional()
+  //"count", "min", and "max" may be present with a "pick" rule
+});
+export const PresentationDefinition = z.object({
+  id: z.string(),
+  name: z.string().optional(),
+  purpose: z.string().optional(),
+  input_descriptors: z.array(InputDescriptor),
+  submission_requirements: z.array(SubmissionRequirement).optional()
+});
 export const RequestObject = z.object({
   iss: z.string(),
   iat: UnixTime,
@@ -12,10 +86,55 @@ export const RequestObject = z.object({
   state: z.string(),
   nonce: z.string(),
   response_uri: z.string(),
+  response_uri_method: z.string().optional(),
   response_type: z.literal("vp_token"),
   response_mode: z.literal("direct_post.jwt"),
   client_id: z.string(),
-  client_id_scheme: z.literal("entity_id"),
-  scope: z.string()
+  dcql_query: z.record(z.string(), z.any()).optional(),
+  // Validation happens within the `dcql` library, no need to duplicate it here
+  scope: z.string().optional(),
+  presentation_definition: PresentationDefinition.optional()
+});
+export const WalletMetadata = z.object({
+  presentation_definition_uri_supported: z.boolean().optional(),
+  client_id_schemes_supported: z.array(z.string()).optional(),
+  request_object_signing_alg_values_supported: z.array(z.string()).optional(),
+  vp_formats_supported: z.record(z.string(),
+  // TODO [SIW-2110]: use explicit credential format?
+  z.object({
+    "sd-jwt_alg_values": z.array(z.string()).optional() // alg_values_supported?
+  }))
+  // TODO [SIW-2110]: include other metadata?
+});
+/**
+ * Wallet capabilities that must be submitted to get the Request Object
+ * via POST request when the `request_uri_method` is `post`.
+ */
+export const RequestObjectWalletCapabilities = z.object({
+  wallet_metadata: WalletMetadata,
+  wallet_nonce: z.string().optional()
+});
+/**
+ * Authorization Response payload when using `presentation_definition`.
+ * @deprecated Use `DirectAuthorizationBodyPayload`
+ */
+/**
+ * @deprecated Use `DirectAuthorizationBodyPayload`
+ */
+export const LegacyDirectAuthorizationBodyPayload = z.object({
+  vp_token: z.union([z.string(), z.array(z.string())]).optional(),
+  presentation_submission: z.record(z.string(), z.unknown())
+});
+/**
+ * Authorization Response payload when using DCQL queries.
+ */
+export const DirectAuthorizationBodyPayload = z.object({
+  vp_token: z.record(z.string(), z.string())
 });
 //# sourceMappingURL=types.js.map

package/lib/module/credential/presentation/types.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["UnixTime","z","~~RequestObject~~","object","~~iss~~","string","iat","exp","state","nonce","response_uri","response_type","literal","response_mode","client_id","~~client_id_scheme~~","scope"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":"AACA,SAASA,QAAQ,QAAQ,oBAAoB;AAC7C,OAAO,KAAKC,CAAC,MAAM,KAAK;;AAExB;AACA;AACA;;AAQA,~~OAAO,~~MAAMC,~~aAAa~~,GAAGD,CAAC,CAACE,MAAM,CAAC;~~EACpCC~~,~~GAAG~~,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;~~EACfC~~,GAAG,~~EAAEN~~,QAAQ;~~EACbO~~,GAAG,EAAEP,QAAQ;~~EACbQ~~,KAAK,EAAEP,CAAC,~~CAACI~~,MAAM,CAAC,CAAC;~~EACjBI~~,KAAK,~~EAAER~~,CAAC,CAACI,MAAM,CAAC,CAAC;~~EACjBK~~,YAAY,~~EAAET~~,CAAC,~~CAACI~~,MAAM,CAAC,CAAC;~~EACxBM~~,aAAa,~~EAAEV~~,CAAC,~~CAACW~~,OAAO,CAAC,UAAU,CAAC;EACpCC,aAAa,~~EAAEZ~~,CAAC,~~CAACW~~,OAAO,CAAC,iBAAiB,CAAC;EAC3CE,SAAS,~~EAAEb~~,CAAC,CAACI,MAAM,CAAC,CAAC;~~EACrBU~~,~~gBAAgB~~,~~EAAEd~~,CAAC,~~CAACW~~,OAAO,CAAC,~~WAAW~~,CAAC;~~EACxCI~~,KAAK,~~EAAEf~~,CAAC,CAACI,MAAM,CAAC;~~AAClB~~,CAAC,CAAC"}
1	+ {"version":3,"names":["UnixTime","z","Fields","object","path","array","string","min","id","optional","purpose","name","filter","any","boolean","intent_to_retain","Constraints","fields","limit_disclosure","enum","InputDescriptor","format","record","constraints","group","SubmissionRequirement","rule","from","from_nested","count","number","PresentationDefinition","input_descriptors","submission_requirements","RequestObject","iss","iat","exp","state","nonce","response_uri","response_uri_method","response_type","literal","response_mode","client_id","dcql_query","scope","presentation_definition","WalletMetadata","presentation_definition_uri_supported","client_id_schemes_supported","request_object_signing_alg_values_supported","vp_formats_supported","RequestObjectWalletCapabilities","wallet_metadata","wallet_nonce","LegacyDirectAuthorizationBodyPayload","vp_token","union","presentation_submission","unknown","DirectAuthorizationBodyPayload"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":"AACA,SAASA,QAAQ,QAAQ,oBAAoB;AAC7C,OAAO,KAAKC,CAAC,MAAM,KAAK;;AAExB;AACA;AACA;;AAOA;AACA;AACA;AACA;AACA;;AAQA;AACA;AACA;AACA;;AAQA,MAAMC,MAAM,GAAGD,CAAC,CAACE,MAAM,CAAC;EACtBC,IAAI,EAAEH,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAAC;EAAE;EAClCC,EAAE,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCE,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BG,MAAM,EAAEX,CAAC,CAACY,GAAG,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAC5BA,QAAQ,EAAER,CAAC,CAACa,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAAE;EAClCM,gBAAgB,EAAEd,CAAC,CAACa,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC,CAAE;AAC5C,CAAC,CAAC;;AAEF;AACA,MAAMO,WAAW,GAAGf,CAAC,CAACE,MAAM,CAAC;EAC3Bc,MAAM,EAAEhB,CAAC,CAACI,KAAK,CAACH,MAAM,CAAC,CAACO,QAAQ,CAAC,CAAC;EAAE;EACpCS,gBAAgB,EAAEjB,CAAC,CAACkB,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAACV,QAAQ,CAAC,CAAC,CAAE;AAClE,CAAC,CAAC;;AAEF;;AAEA,OAAO,MAAMW,eAAe,GAAGnB,CAAC,CAACE,MAAM,CAAC;EACtCK,EAAE,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC;EAAE;EACvBI,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCY,MAAM,EAAEpB,CAAC,CAACqB,MAAM,CAACrB,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAACY,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAClDc,WAAW,EAAEP,WAAW;EAAE;EAC1BQ,KAAK,EAAEvB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;AAChC,CAAC,CAAC;;AAEF,MAAMgB,qBAAqB,GAAGxB,CAAC,CAACE,MAAM,CAAC;EACrCQ,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BiB,IAAI,EAAEzB,CAAC,CAACK,MAAM,CAAC,CAAC;EAAE;EAClBqB,IAAI,EAAE1B,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BmB,WAAW,EAAE3B,CAAC,CACXI,KAAK,CACJJ,CAAC,CAACE,MAAM,CAAC;IACPQ,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC9BiB,IAAI,EAAEzB,CAAC,CAACK,MAAM,CAAC,CAAC;IAChBqB,IAAI,EAAE1B,CAAC,CAACK,MAAM,CAAC;EACjB,CAAC,CACH,CAAC,CACAG,QAAQ,CAAC,CAAC;EACboB,KAAK,EAAE5B,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACrB,QAAQ,CAAC;EAC3B;AACF,CAAC,CAAC;;AAGF,OAAO,MAAMsB,sBAAsB,GAAG9B,CAAC,CAACE,MAAM,CAAC;EAC7CK,EAAE,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC;EACdK,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BuB,iBAAiB,EAAE/B,CAAC,CAACI,KAAK,CAACe,eAAe,CAAC;EAC3Ca,uBAAuB,EAAEhC,CAAC,CAACI,KAAK,CAACoB,qBAAqB,CAAC,CAAChB,QAAQ,CAAC;AACnE,CAAC,CAAC;AAGF,OAAO,MAAMyB,aAAa,GAAGjC,CAAC,CAACE,MAAM,CAAC;EACpCgC,GAAG,EAAElC,CAAC,CAACK,MAAM,CAAC,CAAC;EACf8B,GAAG,EAAEpC,QAAQ;EACbqC,GAAG,EAAErC,QAAQ;EACbsC,KAAK,EAAErC,CAAC,CAACK,MAAM,CAAC,CAAC;EACjBiC,KAAK,EAAEtC,CAAC,CAACK,MAAM,CAAC,CAAC;EACjBkC,YAAY,EAAEvC,CAAC,CAACK,MAAM,CAAC,CAAC;EACxBmC,mBAAmB,EAAExC,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC1CiC,aAAa,EAAEzC,CAAC,CAAC0C,OAAO,CAAC,UAAU,CAAC;EACpCC,aAAa,EAAE3C,CAAC,CAAC0C,OAAO,CAAC,iBAAiB,CAAC;EAC3CE,SAAS,EAAE5C,CAAC,CAACK,MAAM,CAAC,CAAC;EACrBwC,UAAU,EAAE7C,CAAC,CAACqB,MAAM,CAACrB,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAACY,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EACtDsC,KAAK,EAAE9C,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC5BuC,uBAAuB,EAAEjB,sBAAsB,CAACtB,QAAQ,CAAC;AAC3D,CAAC,CAAC;AAGF,OAAO,MAAMwC,cAAc,GAAGhD,CAAC,CAACE,MAAM,CAAC;EACrC+C,qCAAqC,EAAEjD,CAAC,CAACa,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAC7D0C,2BAA2B,EAAElD,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3D2C,2CAA2C,EAAEnD,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3E4C,oBAAoB,EAAEpD,CAAC,CAACqB,MAAM,CAC5BrB,CAAC,CAACK,MAAM,CAAC,CAAC;EAAE;EACZL,CAAC,CAACE,MAAM,CAAC;IACP,mBAAmB,EAAEF,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;EACvD,CAAC,CACH;EACA;AACF,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAIA,OAAO,MAAM6C,+BAA+B,GAAGrD,CAAC,CAACE,MAAM,CAAC;EACtDoD,eAAe,EAAEN,cAAc;EAC/BO,YAAY,EAAEvD,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC;AACpC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAIA;AACA;AACA;AACA,OAAO,MAAMgD,oCAAoC,GAAGxD,CAAC,CAACE,MAAM,CAAC;EAC3DuD,QAAQ,EAAEzD,CAAC,CAAC0D,KAAK,CAAC,CAAC1D,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC/DmD,uBAAuB,EAAE3D,CAAC,CAACqB,MAAM,CAACrB,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAAC4D,OAAO,CAAC,CAAC;AAC3D,CAAC,CAAC;;AAEF;AACA;AACA;;AAIA,OAAO,MAAMC,8BAA8B,GAAG7D,CAAC,CAACE,MAAM,CAAC;EACrDuD,QAAQ,EAAEzD,CAAC,CAACqB,MAAM,CAACrB,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAACK,MAAM,CAAC,CAAC;AAC3C,CAAC,CAAC"}

package/lib/module/sd-jwt/index.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
 import { verify as verifyJwt } from "@pagopa/io-react-native-jwt";
-import { sha256ToBase64 } from "@pagopa/io-react-native-jwt";
+import { SignJWT, sha256ToBase64 } from "@pagopa/io-react-native-jwt";
 import { Disclosure, SdJwt4VC } from "./types";
 import { verifyDisclosure } from "./verifier";
 import * as Errors from "./errors";
@@ -149,5 +149,44 @@ export const verify = async (token, publicKey, customSchema) => {
     disclosures: decoded.disclosures.map(d => d.decoded)
   };
 };
+/**
+ * Prepares a Verified Presentation (VP) token to be sent as part of an
+ * authorization response in an OpenID 4 Verifiable Presentations flow.
+ *
+ * @param nonce - The nonce provided by the relying party.
+ * @param client_id - The client identifier of the relying party.
+ * @param presentation - An object containing the verifiable credential, the claims to disclose,
+ *                       and the cryptographic context for signing.
+ * @returns An object containing the signed VP token (`vp_token`).
+ *
+ * @remarks
+ *  1. The `disclose()` function is used to produce a token with only the requested claims.
+ *  2. A KB-JWT is then signed, including sd_hash and `nonce`.
+ *  3. The `vp_token` is composed of the disclosed VP and the KB-JWT.
+ */
+export const prepareVpToken = async (nonce, client_id, _ref2) => {
+  let [verifiableCredential, requestedClaims, cryptoContext] = _ref2;
+  // Produce a VP token with only requested claims from the verifiable credential
+  const {
+    token: vp
+  } = await disclose(verifiableCredential, requestedClaims);
+  // <Issuer-signed JWT>~<Disclosure 1>~<Disclosure N>~
+  const sd_hash = await sha256ToBase64(`${vp}~`);
+  const kbJwt = await new SignJWT(cryptoContext).setProtectedHeader({
+    typ: "kb+jwt",
+    alg: "ES256"
+  }).setPayload({
+    sd_hash,
+    nonce: nonce
+  }).setAudience(client_id).setIssuedAt().sign();
+  // <Issuer-signed JWT>~<Disclosure 1>~...~<Disclosure N>~<KB-JWT>
+  const vp_token = [vp, kbJwt].join("~");
+  return {
+    vp_token
+  };
+};
 export { SdJwt4VC, Errors };
 //# sourceMappingURL=index.js.map

package/lib/module/sd-jwt/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["decode","decodeJwt","verify","verifyJwt","sha256ToBase64","Disclosure","SdJwt4VC","verifyDisclosure","Errors","Base64","decodeDisclosure","encoded","utf8String","decoded","parse","JSON","token","customSchema","slice","rawSdJwt","rawDisclosures","split","decodedJwt","parser","sdJwt","header","protectedHeader","payload","disclosures","map","disclose","claims","paths","Promise","all","claim","disclosure","find","_ref","name","ClaimsNotFoundBetweenDisclosures","hash","_sd","includes","index","indexOf","path","ClaimsNotFoundInToken","filteredDisclosures","filter","d","disclosedToken","join","publicKey"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":"AAEA,SAASA,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,cAAc,QAAQ,6BAA6B;~~AAC5D~~,SAASC,UAAU,EAAEC,QAAQ,QAAoC,SAAS;AAC1E,SAASC,gBAAgB,QAAQ,YAAY;AAE7C,OAAO,KAAKC,MAAM,MAAM,UAAU;AAClC,SAASC,MAAM,QAAQ,WAAW;~~AAElC~~,MAAMC,gBAAgB,GAAIC,OAAe,IAA4B;EACnE,MAAMC,UAAU,GAAGH,MAAM,~~CAACT~~,MAAM,~~CAACW~~,OAAO,CAAC,CAAC,CAAC;EAC3C,MAAME,OAAO,GAAGR,UAAU,CAACS,KAAK,CAACC,IAAI,CAACD,KAAK,CAACF,UAAU,CAAC,CAAC;EACxD,OAAO;IAAEC,OAAO;IAAEF;EAAQ,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,~~MAAMX~~,MAAM,GAAGA,~~CACpBgB~~,KAAa,EACbC,YAAgB,KAIb;EACH;EACA,IAAID,KAAK,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE;IAC3BF,KAAK,GAAGA,KAAK,CAACE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;EAC5B;EACA,MAAM,CAACC,QAAQ,GAAG,EAAE,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;;EAE3D;EACA;EACA,MAAMC,UAAU,~~GAAGrB~~,SAAS,~~CAACkB~~,QAAQ,CAAC;;EAEtC;EACA,MAAMI,MAAM,GAAGN,YAAY,IAAIX,QAAQ;EAEvC,MAAMkB,KAAK,GAAGD,MAAM,CAACT,KAAK,CAAC;IACzBW,MAAM,EAAEH,UAAU,CAACI,eAAe;IAClCC,OAAO,EAAEL,UAAU,CAACK;EACtB,CAAC,CAAC;;EAEF;EACA;EACA;EACA,MAAMC,WAAW,GAAGR,cAAc,CAACS,GAAG,CAACnB,gBAAgB,CAAC;EAExD,OAAO;IAAEc,KAAK;IAAEI;EAAY,CAAC;AAC/B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,QAAQ,GAAG,MAAAA,CACtBd,KAAa,EACbe,MAAgB,KACyD;EACzE,MAAM,CAACZ,QAAQ,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACtD,MAAM;IAAEG,KAAK;IAAEI;EAAY,CAAC,~~GAAG5B~~,MAAM,~~CAACgB~~,KAAK,EAAEV,QAAQ,CAAC;;EAEtD;EACA,MAAM0B,KAAK,GAAG,MAAMC,OAAO,CAACC,GAAG,CAC7BH,MAAM,CAACF,GAAG,CAAC,MAAOM,KAAK,IAAK;IAC1B,MAAMC,UAAU,GAAGR,WAAW,CAACS,IAAI,CACjCC,IAAA;MAAA,IAAC;QAAEzB,OAAO,EAAE,GAAG0B,IAAI;MAAE,CAAC,GAAAD,IAAA;MAAA,OAAKC,IAAI,KAAKJ,KAAK;IAAA,CAC3C,CAAC;;IAED;IACA,IAAI,CAACC,UAAU,EAAE;MACf,MAAM,IAAI5B,MAAM,CAACgC,gCAAgC,CAACL,KAAK,CAAC;IAC1D;IAEA,MAAMM,IAAI,GAAG,MAAMrC,cAAc,CAACgC,UAAU,CAACzB,OAAO,CAAC;;IAErD;IACA;IACA,IAAIa,KAAK,CAACG,OAAO,CAACe,GAAG,CAACC,QAAQ,CAACF,IAAI,CAAC,EAAE;MACpC,MAAMG,KAAK,GAAGpB,KAAK,CAACG,OAAO,CAACe,GAAG,CAACG,OAAO,CAACJ,IAAI,CAAC;MAC7C,OAAO;QAAEN,KAAK;QAAEW,IAAI,EAAG,8BAA6BF,KAAM;MAAG,CAAC;IAChE;IAEA,MAAM,IAAIpC,MAAM,CAACuC,qBAAqB,CAACZ,KAAK,CAAC;EAC/C,CAAC,CACH,CAAC;EAED,MAAMa,mBAAmB,GAAG5B,cAAc,CAAC6B,MAAM,CAAEC,CAAC,IAAK;IACvD,MAAM;MACJrC,OAAO,EAAE,GAAG0B,IAAI;IAClB,CAAC,GAAG7B,gBAAgB,CAACwC,CAAC,CAAC;IACvB,OAAOnB,MAAM,CAACY,QAAQ,CAACJ,IAAI,CAAC;EAC9B,CAAC,CAAC;;EAEF;EACA,MAAMY,cAAc,GAAG,CAAChC,QAAQ,EAAE,GAAG6B,mBAAmB,CAAC,CAACI,IAAI,CAAC,GAAG,CAAC;EAEnE,OAAO;IAAEpC,KAAK,EAAEmC,cAAc;IAAEnB;EAAM,CAAC;AACzC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,~~MAAM9B~~,MAAM,GAAG,MAAAA,~~CACpBc~~,KAAa,EACbqC,SAAsB,EACtBpC,YAAgB,KAC8C;EAC9D;EACA,MAAM,CAACE,QAAQ,GAAG,EAAE,CAAC,GAAGH,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACxC,MAAMR,OAAO,~~GAAGb~~,MAAM,~~CAACgB~~,KAAK,EAAEC,YAAY,CAAC;;EAE3C;EACA,~~MAAMd~~,SAAS,~~CAACgB~~,QAAQ,EAAEkC,SAAS,CAAC;;EAEpC;EACA,MAAMtB,MAAM,GAAG,CAAC,GAAGlB,OAAO,CAACW,KAAK,CAACG,OAAO,CAACe,GAAG,CAAC;EAE7C,MAAMT,OAAO,CAACC,GAAG,CACfrB,OAAO,CAACe,WAAW,CAACC,GAAG,CACrB,MAAOO,UAAU,IAAK,MAAM7B,gBAAgB,CAAC6B,UAAU,EAAEL,MAAM,CACjE,CACF,CAAC;EAED,OAAO;IACLP,KAAK,EAAEX,OAAO,CAACW,KAAK;IACpBI,WAAW,EAAEf,OAAO,CAACe,WAAW,CAACC,GAAG,CAAEqB,CAAC,IAAKA,CAAC,CAACrC,OAAO;EACvD,CAAC;AACH,CAAC;AAED,~~SAASP~~,QAAQ,EAAEE,MAAM"}
1	+ {"version":3,"names":["decode","decodeJwt","verify","verifyJwt","SignJWT","sha256ToBase64","Disclosure","SdJwt4VC","verifyDisclosure","Errors","Base64","decodeDisclosure","encoded","utf8String","decoded","parse","JSON","token","customSchema","slice","rawSdJwt","rawDisclosures","split","decodedJwt","parser","sdJwt","header","protectedHeader","payload","disclosures","map","disclose","claims","paths","Promise","all","claim","disclosure","find","_ref","name","ClaimsNotFoundBetweenDisclosures","hash","_sd","includes","index","indexOf","path","ClaimsNotFoundInToken","filteredDisclosures","filter","d","disclosedToken","join","publicKey","prepareVpToken","nonce","client_id","_ref2","verifiableCredential","requestedClaims","cryptoContext","vp","sd_hash","kbJwt","setProtectedHeader","typ","alg","setPayload","setAudience","setIssuedAt","sign","vp_token"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":"AAEA,SAASA,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,OAAO,EAAEC,cAAc,QAAQ,6BAA6B;AACrE,SAASC,UAAU,EAAEC,QAAQ,QAAoC,SAAS;AAC1E,SAASC,gBAAgB,QAAQ,YAAY;AAE7C,OAAO,KAAKC,MAAM,MAAM,UAAU;AAClC,SAASC,MAAM,QAAQ,WAAW;AAGlC,MAAMC,gBAAgB,GAAIC,OAAe,IAA4B;EACnE,MAAMC,UAAU,GAAGH,MAAM,CAACV,MAAM,CAACY,OAAO,CAAC,CAAC,CAAC;EAC3C,MAAME,OAAO,GAAGR,UAAU,CAACS,KAAK,CAACC,IAAI,CAACD,KAAK,CAACF,UAAU,CAAC,CAAC;EACxD,OAAO;IAAEC,OAAO;IAAEF;EAAQ,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMZ,MAAM,GAAGA,CACpBiB,KAAa,EACbC,YAAgB,KAIb;EACH;EACA,IAAID,KAAK,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE;IAC3BF,KAAK,GAAGA,KAAK,CAACE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;EAC5B;EACA,MAAM,CAACC,QAAQ,GAAG,EAAE,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;;EAE3D;EACA;EACA,MAAMC,UAAU,GAAGtB,SAAS,CAACmB,QAAQ,CAAC;;EAEtC;EACA,MAAMI,MAAM,GAAGN,YAAY,IAAIX,QAAQ;EAEvC,MAAMkB,KAAK,GAAGD,MAAM,CAACT,KAAK,CAAC;IACzBW,MAAM,EAAEH,UAAU,CAACI,eAAe;IAClCC,OAAO,EAAEL,UAAU,CAACK;EACtB,CAAC,CAAC;;EAEF;EACA;EACA;EACA,MAAMC,WAAW,GAAGR,cAAc,CAACS,GAAG,CAACnB,gBAAgB,CAAC;EAExD,OAAO;IAAEc,KAAK;IAAEI;EAAY,CAAC;AAC/B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,QAAQ,GAAG,MAAAA,CACtBd,KAAa,EACbe,MAAgB,KACyD;EACzE,MAAM,CAACZ,QAAQ,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACtD,MAAM;IAAEG,KAAK;IAAEI;EAAY,CAAC,GAAG7B,MAAM,CAACiB,KAAK,EAAEV,QAAQ,CAAC;;EAEtD;EACA,MAAM0B,KAAK,GAAG,MAAMC,OAAO,CAACC,GAAG,CAC7BH,MAAM,CAACF,GAAG,CAAC,MAAOM,KAAK,IAAK;IAC1B,MAAMC,UAAU,GAAGR,WAAW,CAACS,IAAI,CACjCC,IAAA;MAAA,IAAC;QAAEzB,OAAO,EAAE,GAAG0B,IAAI;MAAE,CAAC,GAAAD,IAAA;MAAA,OAAKC,IAAI,KAAKJ,KAAK;IAAA,CAC3C,CAAC;;IAED;IACA,IAAI,CAACC,UAAU,EAAE;MACf,MAAM,IAAI5B,MAAM,CAACgC,gCAAgC,CAACL,KAAK,CAAC;IAC1D;IAEA,MAAMM,IAAI,GAAG,MAAMrC,cAAc,CAACgC,UAAU,CAACzB,OAAO,CAAC;;IAErD;IACA;IACA,IAAIa,KAAK,CAACG,OAAO,CAACe,GAAG,CAACC,QAAQ,CAACF,IAAI,CAAC,EAAE;MACpC,MAAMG,KAAK,GAAGpB,KAAK,CAACG,OAAO,CAACe,GAAG,CAACG,OAAO,CAACJ,IAAI,CAAC;MAC7C,OAAO;QAAEN,KAAK;QAAEW,IAAI,EAAG,8BAA6BF,KAAM;MAAG,CAAC;IAChE;IAEA,MAAM,IAAIpC,MAAM,CAACuC,qBAAqB,CAACZ,KAAK,CAAC;EAC/C,CAAC,CACH,CAAC;EAED,MAAMa,mBAAmB,GAAG5B,cAAc,CAAC6B,MAAM,CAAEC,CAAC,IAAK;IACvD,MAAM;MACJrC,OAAO,EAAE,GAAG0B,IAAI;IAClB,CAAC,GAAG7B,gBAAgB,CAACwC,CAAC,CAAC;IACvB,OAAOnB,MAAM,CAACY,QAAQ,CAACJ,IAAI,CAAC;EAC9B,CAAC,CAAC;;EAEF;EACA,MAAMY,cAAc,GAAG,CAAChC,QAAQ,EAAE,GAAG6B,mBAAmB,CAAC,CAACI,IAAI,CAAC,GAAG,CAAC;EAEnE,OAAO;IAAEpC,KAAK,EAAEmC,cAAc;IAAEnB;EAAM,CAAC;AACzC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM/B,MAAM,GAAG,MAAAA,CACpBe,KAAa,EACbqC,SAAsB,EACtBpC,YAAgB,KAC8C;EAC9D;EACA,MAAM,CAACE,QAAQ,GAAG,EAAE,CAAC,GAAGH,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACxC,MAAMR,OAAO,GAAGd,MAAM,CAACiB,KAAK,EAAEC,YAAY,CAAC;;EAE3C;EACA,MAAMf,SAAS,CAACiB,QAAQ,EAAEkC,SAAS,CAAC;;EAEpC;EACA,MAAMtB,MAAM,GAAG,CAAC,GAAGlB,OAAO,CAACW,KAAK,CAACG,OAAO,CAACe,GAAG,CAAC;EAE7C,MAAMT,OAAO,CAACC,GAAG,CACfrB,OAAO,CAACe,WAAW,CAACC,GAAG,CACrB,MAAOO,UAAU,IAAK,MAAM7B,gBAAgB,CAAC6B,UAAU,EAAEL,MAAM,CACjE,CACF,CAAC;EAED,OAAO;IACLP,KAAK,EAAEX,OAAO,CAACW,KAAK;IACpBI,WAAW,EAAEf,OAAO,CAACe,WAAW,CAACC,GAAG,CAAEqB,CAAC,IAAKA,CAAC,CAACrC,OAAO;EACvD,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMyC,cAAc,GAAG,MAAAA,CAC5BC,KAAa,EACbC,SAAiB,EAAAC,KAAA,KAIb;EAAA,IAHJ,CAACC,oBAAoB,EAAEC,eAAe,EAAEC,aAAa,CAAe,GAAAH,KAAA;EAIpE;EACA,MAAM;IAAEzC,KAAK,EAAE6C;EAAG,CAAC,GAAG,MAAM/B,QAAQ,CAAC4B,oBAAoB,EAAEC,eAAe,CAAC;;EAE3E;EACA,MAAMG,OAAO,GAAG,MAAM1D,cAAc,CAAE,GAAEyD,EAAG,GAAE,CAAC;EAE9C,MAAME,KAAK,GAAG,MAAM,IAAI5D,OAAO,CAACyD,aAAa,CAAC,CAC3CI,kBAAkB,CAAC;IAClBC,GAAG,EAAE,QAAQ;IACbC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVL,OAAO;IACPP,KAAK,EAAEA;EACT,CAAC,CAAC,CACDa,WAAW,CAACZ,SAAS,CAAC,CACtBa,WAAW,CAAC,CAAC,CACbC,IAAI,CAAC,CAAC;;EAET;EACA,MAAMC,QAAQ,GAAG,CAACV,EAAE,EAAEE,KAAK,CAAC,CAACX,IAAI,CAAC,GAAG,CAAC;EAEtC,OAAO;IAAEmB;EAAS,CAAC;AACrB,CAAC;AAED,SAASjE,QAAQ,EAAEE,MAAM"}

package/lib/module/trust/chain.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["EntityConfiguration","EntityStatement","TrustAnchorEntityConfiguration","IoWalletError","z","getSignedEntityConfiguration","getSignedEntityStatement","decode","verify","FirstElementShape","MiddleElementShape","LastElementShape","union","validateTrustChain","trustAnchorEntity","chain","length","selectTokenShape","elementIndex","selectKid","currentIndex","token","shape","parse","header","kid","selectKeys","payload","jwks","keys","nextIndex","nextToken","Promise","all","map","i","args","renewTrustChain","appFetch","arguments","undefined","fetch","index","decoded","entityStatementResult","safeParse","entityConfigurationResult","success","data","iss","entityStatement","parentBaseUrl","parentECJwt","parentEC","federationFetchEndpoint","metadata","federation_entity","federation_fetch_endpoint","sub"],"sourceRoot":"../../../src","sources":["trust/chain.ts"],"mappings":"AAAA,SACEA,mBAAmB,EACnBC,eAAe,EACfC,8BAA8B,QACzB,SAAS;AAEhB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,4BAA4B,EAAEC,wBAAwB,QAAQ,GAAG;AAC1E,SAASC,MAAM,EAAoBC,MAAM,QAAQ,SAAS;;AAE1D;AACA,MAAMC,iBAAiB,GAAGT,mBAAmB;AAC7C;AACA,MAAMU,kBAAkB,GAAGT,eAAe;AAC1C;AACA;AACA,MAAMU,gBAAgB,GAAGP,CAAC,CAACQ,KAAK,CAAC,CAC/BX,eAAe,EACfC,8BAA8B,CAC/B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeW,kBAAkBA,CACtCC,iBAAiD,EACjDC,KAAe,EACS;EACxB;EACA,IAAIA,KAAK,CAACC,MAAM,KAAK,CAAC,EAAE;IACtB,MAAM,IAAIb,aAAa,CAAC,iCAAiC,CAAC;EAC5D;;EAEA;EACA,MAAMc,gBAAgB,GAAIC,YAAoB,IAC5CA,YAAY,KAAK,CAAC,GACdT,iBAAiB,GACjBS,YAAY,KAAKH,KAAK,CAACC,MAAM,GAAG,CAAC,~~GACjCL~~,gBAAgB,GAChBD,kBAAkB;;~~EAExB~~;EACA,MAAMS,SAAS,GAAIC,YAAoB,IAAa;IAClD,MAAMC,KAAK,GAAGN,KAAK,CAACK,YAAY,CAAC;IACjC,IAAI,CAACC,KAAK,EAAE;MACV,MAAM,IAAIlB,aAAa,CAAE,gCAA+B,CAAC;IAC3D;IACA,MAAMmB,KAAK,GAAGL,gBAAgB,CAACG,YAAY,CAAC;IAC5C,OAAOE,KAAK,CAACC,KAAK,CAAChB,MAAM,CAACc,KAAK,CAAC,CAAC,CAACG,MAAM,CAACC,GAAG;EAC9C,CAAC;;EAED;EACA;EACA,MAAMC,UAAU,GAAIN,YAAoB,IAAY;IAClD,IAAIA,YAAY,KAAKL,KAAK,CAACC,MAAM,GAAG,CAAC,EAAE;MACrC,OAAOF,iBAAiB,CAACa,OAAO,CAACC,IAAI,CAACC,IAAI;IAC5C;IAEA,MAAMC,SAAS,GAAGV,YAAY,GAAG,CAAC;IAClC,MAAMW,SAAS,GAAGhB,KAAK,CAACe,SAAS,CAAC;IAClC,IAAI,CAACC,SAAS,EAAE;MACd,MAAM,IAAI5B,aAAa,CAAE,qCAAoC,CAAC;IAChE;IACA,MAAMmB,KAAK,GAAGL,gBAAgB,CAACa,SAAS,CAAC;IACzC,OAAOR,KAAK,CAACC,KAAK,CAAChB,MAAM,CAACwB,SAAS,CAAC,CAAC,CAACJ,OAAO,CAACC,IAAI,CAACC,IAAI;EACzD,CAAC;;EAED;EACA;EACA,OAAOG,OAAO,CAACC,GAAG,CAChBlB,KAAK,CACFmB,GAAG,CAAC,CAACb,KAAK,EAAEc,CAAC,KAAK,CAACd,KAAK,EAAEF,SAAS,CAACgB,CAAC,CAAC,EAAET,UAAU,CAACS,CAAC,CAAC,CAAU,CAAC,CAChED,GAAG,CAAEE,IAAI,IAAK5B,MAAM,CAAC,GAAG4B,IAAI,CAAC,CAClC,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,eAAeA,CACnCtB,KAAe,EAEI;EAAA,IADnBuB,QAA8B,GAAAC,SAAA,CAAAvB,MAAA,QAAAuB,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAGE,KAAK;EAEtC,OAAOT,OAAO,CAACC,GAAG,CAChBlB,KAAK,CAACmB,GAAG,CAAC,OAAOb,KAAK,EAAEqB,KAAK,KAAK;IAChC,MAAMC,OAAO,GAAGpC,MAAM,CAACc,KAAK,CAAC;IAE7B,MAAMuB,qBAAqB,GAAG3C,eAAe,CAAC4C,SAAS,CAACF,OAAO,CAAC;IAChE,MAAMG,yBAAyB,GAAG9C,mBAAmB,CAAC6C,SAAS,CAACF,OAAO,CAAC;IAExE,IAAIG,yBAAyB,CAACC,OAAO,EAAE;MACrC,OAAO1C,4BAA4B,CACjCyC,yBAAyB,CAACE,IAAI,CAACrB,OAAO,CAACsB,GAAG,EAC1C;QAAEX;MAAS,CACb,CAAC;IACH;IACA,IAAIM,qBAAqB,CAACG,OAAO,EAAE;MACjC,MAAMG,eAAe,GAAGN,qBAAqB,CAACI,IAAI;MAElD,MAAMG,aAAa,GAAGD,eAAe,CAACvB,OAAO,CAACsB,GAAG;MACjD,MAAMG,WAAW,GAAG,MAAM/C,4BAA4B,CAAC8C,aAAa,EAAE;QACpEb;MACF,CAAC,CAAC;MACF,MAAMe,QAAQ,GAAGrD,mBAAmB,CAACuB,KAAK,CAAChB,MAAM,CAAC6C,WAAW,CAAC,CAAC;MAE/D,MAAME,uBAAuB,GAC3BD,QAAQ,CAAC1B,OAAO,CAAC4B,QAAQ,CAACC,iBAAiB,CAACC,yBAAyB;MACvE,IAAI,CAACH,uBAAuB,EAAE;QAC5B,MAAM,IAAInD,aAAa,CACpB,gBAAegD,aAAc,uCAChC,CAAC;MACH;MACA,OAAO7C,wBAAwB,CAC7BgD,uBAAuB,EACvBJ,eAAe,CAACvB,OAAO,CAAC+B,GAAG,EAC3B;QAAEpB;MAAS,CACb,CAAC;IACH;IACA,MAAM,IAAInC,aAAa,CACpB,6CAA4CuC,KAAM,mBACrD,CAAC;EACH,CAAC,CACH,CAAC;AACH"}
1	+ {"version":3,"names":["EntityConfiguration","EntityStatement","TrustAnchorEntityConfiguration","IoWalletError","z","getSignedEntityConfiguration","getSignedEntityStatement","decode","verify","FirstElementShape","MiddleElementShape","LastElementShape","union","validateTrustChain","trustAnchorEntity","chain","length","selectTokenShape","elementIndex","selectKid","currentIndex","token","shape","parse","header","kid","selectKeys","payload","jwks","keys","nextIndex","nextToken","Promise","all","map","i","args","renewTrustChain","appFetch","arguments","undefined","fetch","index","decoded","entityStatementResult","safeParse","entityConfigurationResult","success","data","iss","entityStatement","parentBaseUrl","parentECJwt","parentEC","federationFetchEndpoint","metadata","federation_entity","federation_fetch_endpoint","sub"],"sourceRoot":"../../../src","sources":["trust/chain.ts"],"mappings":"AAAA,SACEA,mBAAmB,EACnBC,eAAe,EACfC,8BAA8B,QACzB,SAAS;AAEhB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,4BAA4B,EAAEC,wBAAwB,QAAQ,GAAG;AAC1E,SAASC,MAAM,EAAoBC,MAAM,QAAQ,SAAS;;AAE1D;AACA,MAAMC,iBAAiB,GAAGT,mBAAmB;AAC7C;AACA,MAAMU,kBAAkB,GAAGT,eAAe;AAC1C;AACA;AACA,MAAMU,gBAAgB,GAAGP,CAAC,CAACQ,KAAK,CAAC,CAC/BX,eAAe,EACfC,8BAA8B,CAC/B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeW,kBAAkBA,CACtCC,iBAAiD,EACjDC,KAAe,EACS;EACxB;EACA,IAAIA,KAAK,CAACC,MAAM,KAAK,CAAC,EAAE;IACtB,MAAM,IAAIb,aAAa,CAAC,iCAAiC,CAAC;EAC5D;;EAEA;EACA,MAAMc,gBAAgB,GAAIC,YAAoB,IAC5CA,YAAY,KAAK,CAAC,GACdT,iBAAiB,GACjBS,YAAY,KAAKH,KAAK,CAACC,MAAM,GAAG,CAAC,GAC/BL,gBAAgB,GAChBD,kBAAkB;;EAE1B;EACA,MAAMS,SAAS,GAAIC,YAAoB,IAAa;IAClD,MAAMC,KAAK,GAAGN,KAAK,CAACK,YAAY,CAAC;IACjC,IAAI,CAACC,KAAK,EAAE;MACV,MAAM,IAAIlB,aAAa,CAAE,gCAA+B,CAAC;IAC3D;IACA,MAAMmB,KAAK,GAAGL,gBAAgB,CAACG,YAAY,CAAC;IAC5C,OAAOE,KAAK,CAACC,KAAK,CAAChB,MAAM,CAACc,KAAK,CAAC,CAAC,CAACG,MAAM,CAACC,GAAG;EAC9C,CAAC;;EAED;EACA;EACA,MAAMC,UAAU,GAAIN,YAAoB,IAAY;IAClD,IAAIA,YAAY,KAAKL,KAAK,CAACC,MAAM,GAAG,CAAC,EAAE;MACrC,OAAOF,iBAAiB,CAACa,OAAO,CAACC,IAAI,CAACC,IAAI;IAC5C;IAEA,MAAMC,SAAS,GAAGV,YAAY,GAAG,CAAC;IAClC,MAAMW,SAAS,GAAGhB,KAAK,CAACe,SAAS,CAAC;IAClC,IAAI,CAACC,SAAS,EAAE;MACd,MAAM,IAAI5B,aAAa,CAAE,qCAAoC,CAAC;IAChE;IACA,MAAMmB,KAAK,GAAGL,gBAAgB,CAACa,SAAS,CAAC;IACzC,OAAOR,KAAK,CAACC,KAAK,CAAChB,MAAM,CAACwB,SAAS,CAAC,CAAC,CAACJ,OAAO,CAACC,IAAI,CAACC,IAAI;EACzD,CAAC;;EAED;EACA;EACA,OAAOG,OAAO,CAACC,GAAG,CAChBlB,KAAK,CACFmB,GAAG,CAAC,CAACb,KAAK,EAAEc,CAAC,KAAK,CAACd,KAAK,EAAEF,SAAS,CAACgB,CAAC,CAAC,EAAET,UAAU,CAACS,CAAC,CAAC,CAAU,CAAC,CAChED,GAAG,CAAEE,IAAI,IAAK5B,MAAM,CAAC,GAAG4B,IAAI,CAAC,CAClC,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,eAAeA,CACnCtB,KAAe,EAEI;EAAA,IADnBuB,QAA8B,GAAAC,SAAA,CAAAvB,MAAA,QAAAuB,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAGE,KAAK;EAEtC,OAAOT,OAAO,CAACC,GAAG,CAChBlB,KAAK,CAACmB,GAAG,CAAC,OAAOb,KAAK,EAAEqB,KAAK,KAAK;IAChC,MAAMC,OAAO,GAAGpC,MAAM,CAACc,KAAK,CAAC;IAE7B,MAAMuB,qBAAqB,GAAG3C,eAAe,CAAC4C,SAAS,CAACF,OAAO,CAAC;IAChE,MAAMG,yBAAyB,GAAG9C,mBAAmB,CAAC6C,SAAS,CAACF,OAAO,CAAC;IAExE,IAAIG,yBAAyB,CAACC,OAAO,EAAE;MACrC,OAAO1C,4BAA4B,CACjCyC,yBAAyB,CAACE,IAAI,CAACrB,OAAO,CAACsB,GAAG,EAC1C;QAAEX;MAAS,CACb,CAAC;IACH;IACA,IAAIM,qBAAqB,CAACG,OAAO,EAAE;MACjC,MAAMG,eAAe,GAAGN,qBAAqB,CAACI,IAAI;MAElD,MAAMG,aAAa,GAAGD,eAAe,CAACvB,OAAO,CAACsB,GAAG;MACjD,MAAMG,WAAW,GAAG,MAAM/C,4BAA4B,CAAC8C,aAAa,EAAE;QACpEb;MACF,CAAC,CAAC;MACF,MAAMe,QAAQ,GAAGrD,mBAAmB,CAACuB,KAAK,CAAChB,MAAM,CAAC6C,WAAW,CAAC,CAAC;MAE/D,MAAME,uBAAuB,GAC3BD,QAAQ,CAAC1B,OAAO,CAAC4B,QAAQ,CAACC,iBAAiB,CAACC,yBAAyB;MACvE,IAAI,CAACH,uBAAuB,EAAE;QAC5B,MAAM,IAAInD,aAAa,CACpB,gBAAegD,aAAc,uCAChC,CAAC;MACH;MACA,OAAO7C,wBAAwB,CAC7BgD,uBAAuB,EACvBJ,eAAe,CAACvB,OAAO,CAAC+B,GAAG,EAC3B;QAAEpB;MAAS,CACb,CAAC;IACH;IACA,MAAM,IAAInC,aAAa,CACpB,6CAA4CuC,KAAM,mBACrD,CAAC;EACH,CAAC,CACH,CAAC;AACH"}

package/lib/module/trust/types.js CHANGED Viewed

@@ -1,6 +1,7 @@
 import { UnixTime } from "../sd-jwt/types";
 import { JWK } from "../utils/jwk";
 import * as z from "zod";
+import { PresentationDefinition } from "../credential/presentation/types";
 export const TrustMark = z.object({
   id: z.string(),
   trust_mark: z.string()
@@ -12,7 +13,12 @@ const RelyingPartyMetadata = z.object({
   jwks: z.object({
     keys: z.array(JWK)
   }),
-  contacts: z.array(z.string()).optional()
+  contacts: z.array(z.string()).optional(),
+  presentation_definition: PresentationDefinition.optional(),
+  request_uris: z.array(z.string()).optional(),
+  authorization_signed_response_alg: z.string().optional(),
+  authorization_encrypted_response_alg: z.string().optional(),
+  authorization_encrypted_response_enc: z.string().optional()
 });
 // Display metadata for a credential, used by the issuer to
@@ -156,10 +162,24 @@ export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(z
         token_endpoint_auth_signing_alg_values_supported: z.array(z.string()),
         request_object_signing_alg_values_supported: z.array(z.string())
       }),
-      /** Credential Issuers act as Relying Party
-          when they require the presentation of other credentials.
-          This does not apply for PID issuance, which requires CIE authz. */
-      wallet_relying_party: RelyingPartyMetadata.optional()
+      /**
+       * Credential Issuers act as Relying Party when they require the presentation of other credentials.
+       * This does not apply for PID issuance, which requires CIE authz.
+       */
+      openid_credential_verifier: RelyingPartyMetadata.optional(),
+      /**
+       * @deprecated use `openid_credential_verifier`
+       * TODO [SIW-2111]: remove after migrating to 0.9.x
+       */
+      wallet_relying_party: z.object({
+        application_type: z.string().optional(),
+        client_id: z.string().optional(),
+        client_name: z.string().optional(),
+        jwks: z.object({
+          keys: z.array(JWK)
+        }),
+        contacts: z.array(z.string()).optional()
+      }).optional()
     })
   })
 }));
@@ -169,7 +189,7 @@ export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(z
 export const RelyingPartyEntityConfiguration = BaseEntityConfiguration.and(z.object({
   payload: z.object({
     metadata: z.object({
-      wallet_relying_party: RelyingPartyMetadata
+      openid_credential_verifier: RelyingPartyMetadata
     })
   })
 }));