@pagopa/io-react-native-wallet 0.28.1 → 0.29.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +43 -0
- package/lib/commonjs/credential/issuance/03-start-user-authorization.js +5 -0
- package/lib/commonjs/credential/issuance/03-start-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js +17 -3
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/05-authorize-access.js +5 -0
- package/lib/commonjs/credential/issuance/05-authorize-access.js.map +1 -1
- package/lib/commonjs/credential/issuance/06-obtain-credential.js +13 -2
- package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js +10 -0
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
- package/lib/commonjs/credential/presentation/01-start-flow.js +14 -14
- package/lib/commonjs/credential/presentation/01-start-flow.js.map +1 -1
- package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js +4 -2
- package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js.map +1 -1
- package/lib/commonjs/credential/presentation/03-get-request-object.js +2 -2
- package/lib/commonjs/credential/presentation/03-get-request-object.js.map +1 -1
- package/lib/commonjs/credential/presentation/05-verify-request-object.js +11 -4
- package/lib/commonjs/credential/presentation/05-verify-request-object.js.map +1 -1
- package/lib/commonjs/credential/presentation/07-evaluate-dcql-query.js +54 -14
- package/lib/commonjs/credential/presentation/07-evaluate-dcql-query.js.map +1 -1
- package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js +26 -7
- package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js.map +1 -1
- package/lib/commonjs/credential/presentation/08-send-authorization-response.js +4 -4
- package/lib/commonjs/credential/presentation/08-send-authorization-response.js.map +1 -1
- package/lib/commonjs/credential/presentation/README.md +96 -2
- package/lib/commonjs/credential/presentation/errors.js +16 -19
- package/lib/commonjs/credential/presentation/errors.js.map +1 -1
- package/lib/commonjs/credential/presentation/index.js +27 -2
- package/lib/commonjs/credential/presentation/index.js.map +1 -1
- package/lib/commonjs/credential/presentation/types.js +1 -1
- package/lib/commonjs/credential/presentation/types.js.map +1 -1
- package/lib/commonjs/credential/status/02-status-attestation.js +2 -0
- package/lib/commonjs/credential/status/02-status-attestation.js.map +1 -1
- package/lib/commonjs/credential/status/03-verify-and-parse-status-attestation.js +3 -0
- package/lib/commonjs/credential/status/03-verify-and-parse-status-attestation.js.map +1 -1
- package/lib/commonjs/credential/trustmark/get-credential-trustmark.js +5 -0
- package/lib/commonjs/credential/trustmark/get-credential-trustmark.js.map +1 -1
- package/lib/commonjs/index.js +3 -1
- package/lib/commonjs/index.js.map +1 -1
- package/lib/commonjs/utils/decoder.js +2 -0
- package/lib/commonjs/utils/decoder.js.map +1 -1
- package/lib/commonjs/utils/logging.js +68 -0
- package/lib/commonjs/utils/logging.js.map +1 -0
- package/lib/commonjs/utils/misc.js +2 -0
- package/lib/commonjs/utils/misc.js.map +1 -1
- package/lib/commonjs/utils/par.js +2 -0
- package/lib/commonjs/utils/par.js.map +1 -1
- package/lib/commonjs/wallet-instance/index.js +4 -0
- package/lib/commonjs/wallet-instance/index.js.map +1 -1
- package/lib/commonjs/wallet-instance-attestation/issuing.js +5 -0
- package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/module/credential/issuance/03-start-user-authorization.js +5 -0
- package/lib/module/credential/issuance/03-start-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/04-complete-user-authorization.js +17 -3
- package/lib/module/credential/issuance/04-complete-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/05-authorize-access.js +5 -0
- package/lib/module/credential/issuance/05-authorize-access.js.map +1 -1
- package/lib/module/credential/issuance/06-obtain-credential.js +13 -2
- package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js +10 -0
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
- package/lib/module/credential/presentation/01-start-flow.js +14 -14
- package/lib/module/credential/presentation/01-start-flow.js.map +1 -1
- package/lib/module/credential/presentation/02-evaluate-rp-trust.js +4 -2
- package/lib/module/credential/presentation/02-evaluate-rp-trust.js.map +1 -1
- package/lib/module/credential/presentation/03-get-request-object.js +2 -2
- package/lib/module/credential/presentation/03-get-request-object.js.map +1 -1
- package/lib/module/credential/presentation/05-verify-request-object.js +11 -4
- package/lib/module/credential/presentation/05-verify-request-object.js.map +1 -1
- package/lib/module/credential/presentation/07-evaluate-dcql-query.js +55 -14
- package/lib/module/credential/presentation/07-evaluate-dcql-query.js.map +1 -1
- package/lib/module/credential/presentation/07-evaluate-input-descriptor.js +25 -6
- package/lib/module/credential/presentation/07-evaluate-input-descriptor.js.map +1 -1
- package/lib/module/credential/presentation/08-send-authorization-response.js +4 -4
- package/lib/module/credential/presentation/08-send-authorization-response.js.map +1 -1
- package/lib/module/credential/presentation/README.md +96 -2
- package/lib/module/credential/presentation/errors.js +13 -16
- package/lib/module/credential/presentation/errors.js.map +1 -1
- package/lib/module/credential/presentation/index.js +4 -3
- package/lib/module/credential/presentation/index.js.map +1 -1
- package/lib/module/credential/presentation/types.js +1 -1
- package/lib/module/credential/presentation/types.js.map +1 -1
- package/lib/module/credential/status/02-status-attestation.js +2 -0
- package/lib/module/credential/status/02-status-attestation.js.map +1 -1
- package/lib/module/credential/status/03-verify-and-parse-status-attestation.js +3 -0
- package/lib/module/credential/status/03-verify-and-parse-status-attestation.js.map +1 -1
- package/lib/module/credential/trustmark/get-credential-trustmark.js +5 -0
- package/lib/module/credential/trustmark/get-credential-trustmark.js.map +1 -1
- package/lib/module/index.js +2 -1
- package/lib/module/index.js.map +1 -1
- package/lib/module/utils/decoder.js +2 -0
- package/lib/module/utils/decoder.js.map +1 -1
- package/lib/module/utils/logging.js +62 -0
- package/lib/module/utils/logging.js.map +1 -0
- package/lib/module/utils/misc.js +2 -0
- package/lib/module/utils/misc.js.map +1 -1
- package/lib/module/utils/par.js +2 -0
- package/lib/module/utils/par.js.map +1 -1
- package/lib/module/wallet-instance/index.js +4 -0
- package/lib/module/wallet-instance/index.js.map +1 -1
- package/lib/module/wallet-instance-attestation/issuing.js +5 -0
- package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts +2 -2
- package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/05-authorize-access.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts +1 -1
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/01-start-flow.d.ts +17 -19
- package/lib/typescript/credential/presentation/01-start-flow.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/02-evaluate-rp-trust.d.ts +1 -0
- package/lib/typescript/credential/presentation/02-evaluate-rp-trust.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/03-get-request-object.d.ts +1 -4
- package/lib/typescript/credential/presentation/03-get-request-object.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/05-verify-request-object.d.ts +4 -2
- package/lib/typescript/credential/presentation/05-verify-request-object.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/07-evaluate-dcql-query.d.ts +13 -5
- package/lib/typescript/credential/presentation/07-evaluate-dcql-query.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts +7 -2
- package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts +3 -3
- package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/errors.d.ts +14 -9
- package/lib/typescript/credential/presentation/errors.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/index.d.ts +5 -4
- package/lib/typescript/credential/presentation/index.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/types.d.ts +3 -3
- package/lib/typescript/credential/status/02-status-attestation.d.ts.map +1 -1
- package/lib/typescript/credential/status/03-verify-and-parse-status-attestation.d.ts.map +1 -1
- package/lib/typescript/credential/trustmark/get-credential-trustmark.d.ts.map +1 -1
- package/lib/typescript/index.d.ts +2 -1
- package/lib/typescript/index.d.ts.map +1 -1
- package/lib/typescript/utils/decoder.d.ts.map +1 -1
- package/lib/typescript/utils/logging.d.ts +35 -0
- package/lib/typescript/utils/logging.d.ts.map +1 -0
- package/lib/typescript/utils/misc.d.ts.map +1 -1
- package/lib/typescript/utils/par.d.ts.map +1 -1
- package/lib/typescript/wallet-instance/index.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +1 -1
- package/package.json +3 -3
- package/src/credential/issuance/03-start-user-authorization.ts +18 -0
- package/src/credential/issuance/04-complete-user-authorization.ts +57 -3
- package/src/credential/issuance/05-authorize-access.ts +16 -0
- package/src/credential/issuance/06-obtain-credential.ts +31 -2
- package/src/credential/issuance/07-verify-and-parse-credential.ts +27 -1
- package/src/credential/presentation/01-start-flow.ts +18 -20
- package/src/credential/presentation/02-evaluate-rp-trust.ts +3 -2
- package/src/credential/presentation/03-get-request-object.ts +4 -6
- package/src/credential/presentation/05-verify-request-object.ts +17 -6
- package/src/credential/presentation/07-evaluate-dcql-query.ts +60 -17
- package/src/credential/presentation/07-evaluate-input-descriptor.ts +53 -39
- package/src/credential/presentation/08-send-authorization-response.ts +9 -7
- package/src/credential/presentation/README.md +96 -2
- package/src/credential/presentation/errors.ts +21 -14
- package/src/credential/presentation/index.ts +22 -4
- package/src/credential/presentation/types.ts +1 -1
- package/src/credential/status/02-status-attestation.ts +3 -0
- package/src/credential/status/03-verify-and-parse-status-attestation.ts +10 -0
- package/src/credential/trustmark/get-credential-trustmark.ts +19 -0
- package/src/index.ts +2 -0
- package/src/utils/decoder.ts +5 -0
- package/src/utils/logging.ts +68 -0
- package/src/utils/misc.ts +5 -0
- package/src/utils/par.ts +6 -0
- package/src/wallet-instance/index.ts +17 -1
- package/src/wallet-instance-attestation/issuing.ts +19 -0
|
@@ -19,13 +19,15 @@ const evaluateRelyingPartyTrust = async function (rpUrl) {
|
|
|
19
19
|
} = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
|
|
20
20
|
const {
|
|
21
21
|
payload: {
|
|
22
|
-
metadata: rpConf
|
|
22
|
+
metadata: rpConf,
|
|
23
|
+
sub
|
|
23
24
|
}
|
|
24
25
|
} = await (0, _trust.getRelyingPartyEntityConfiguration)(rpUrl, {
|
|
25
26
|
appFetch
|
|
26
27
|
});
|
|
27
28
|
return {
|
|
28
|
-
rpConf
|
|
29
|
+
rpConf,
|
|
30
|
+
subject: sub
|
|
29
31
|
};
|
|
30
32
|
};
|
|
31
33
|
exports.evaluateRelyingPartyTrust = evaluateRelyingPartyTrust;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_trust","require","evaluateRelyingPartyTrust","rpUrl","appFetch","fetch","arguments","length","undefined","payload","metadata","rpConf","getRelyingPartyEntityConfiguration","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/02-evaluate-rp-trust.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;
|
|
1
|
+
{"version":3,"names":["_trust","require","evaluateRelyingPartyTrust","rpUrl","appFetch","fetch","arguments","length","undefined","payload","metadata","rpConf","sub","getRelyingPartyEntityConfiguration","subject","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/02-evaluate-rp-trust.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAeA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,yBAAoD,GAAG,eAAAA,CAClEC,KAAK,EAEF;EAAA,IADH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IACJG,OAAO,EAAE;MAAEC,QAAQ,EAAEC,MAAM;MAAEC;IAAI;EACnC,CAAC,GAAG,MAAM,IAAAC,yCAAkC,EAACV,KAAK,EAAE;IAClDC;EACF,CAAC,CAAC;EACF,OAAO;IAAEO,MAAM;IAAEG,OAAO,EAAEF;EAAI,CAAC;AACjC,CAAC;AAACG,OAAA,CAAAb,yBAAA,GAAAA,yBAAA"}
|
|
@@ -16,11 +16,11 @@ var _types = require("./types");
|
|
|
16
16
|
* @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
|
|
17
17
|
* @returns The Request Object that describes the presentation
|
|
18
18
|
*/
|
|
19
|
-
const getRequestObject = async (requestUri
|
|
19
|
+
const getRequestObject = async function (requestUri) {
|
|
20
20
|
let {
|
|
21
21
|
appFetch = fetch,
|
|
22
22
|
walletCapabilities
|
|
23
|
-
} =
|
|
23
|
+
} = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
|
|
24
24
|
if (walletCapabilities) {
|
|
25
25
|
// Validate external input
|
|
26
26
|
const {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_misc","require","_types","getRequestObject","requestUri","
|
|
1
|
+
{"version":3,"names":["_misc","require","_types","getRequestObject","requestUri","appFetch","fetch","walletCapabilities","arguments","length","undefined","wallet_metadata","wallet_nonce","RequestObjectWalletCapabilities","parse","formUrlEncodedBody","URLSearchParams","JSON","stringify","requestObjectEncodedJwt","method","headers","body","toString","then","hasStatusOrThrow","res","text","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/03-get-request-object.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAME,gBAAkC,GAAG,eAAAA,CAChDC,UAAU,EAEP;EAAA,IADH;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAAmB,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAE7C,IAAID,kBAAkB,EAAE;IACtB;IACA,MAAM;MAAEI,eAAe;MAAEC;IAAa,CAAC,GACrCC,sCAA+B,CAACC,KAAK,CAACP,kBAAkB,CAAC;IAE3D,MAAMQ,kBAAkB,GAAG,IAAIC,eAAe,CAAC;MAC7CL,eAAe,EAAEM,IAAI,CAACC,SAAS,CAACP,eAAe,CAAC;MAChD,IAAIC,YAAY,IAAI;QAAEA;MAAa,CAAC;IACtC,CAAC,CAAC;IAEF,MAAMO,uBAAuB,GAAG,MAAMd,QAAQ,CAACD,UAAU,EAAE;MACzDgB,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEP,kBAAkB,CAACQ,QAAQ,CAAC;IACpC,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;IAE5B,OAAO;MACLR;IACF,CAAC;EACH;EAEA,MAAMA,uBAAuB,GAAG,MAAMd,QAAQ,CAACD,UAAU,EAAE;IACzDgB,MAAM,EAAE;EACV,CAAC,CAAC,CACCI,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;EAE5B,OAAO;IACLR;EACF,CAAC;AACH,CAAC;AAACS,OAAA,CAAAzB,gBAAA,GAAAA,gBAAA"}
|
|
@@ -12,19 +12,21 @@ var _retrieveRpJwks = require("./04-retrieve-rp-jwks");
|
|
|
12
12
|
* Function to verify the Request Object's signature and the client ID.
|
|
13
13
|
* @param requestObjectEncodedJwt The Request Object in JWT format
|
|
14
14
|
* @param context.clientId The client ID to verify
|
|
15
|
-
* @param context.jwkKeys The set of keys to verify the signature
|
|
16
15
|
* @param context.rpConf The Entity Configuration of the Relying Party
|
|
16
|
+
* @param context.state Optional state
|
|
17
17
|
* @returns The verified Request Object
|
|
18
18
|
*/
|
|
19
19
|
const verifyRequestObject = async (requestObjectEncodedJwt, _ref) => {
|
|
20
20
|
let {
|
|
21
21
|
clientId,
|
|
22
|
-
rpConf
|
|
22
|
+
rpConf,
|
|
23
|
+
rpSubject,
|
|
24
|
+
state
|
|
23
25
|
} = _ref;
|
|
24
26
|
const requestObjectJwt = (0, _ioReactNativeJwt.decode)(requestObjectEncodedJwt);
|
|
25
27
|
const {
|
|
26
28
|
keys
|
|
27
|
-
} = (0, _retrieveRpJwks.getJwksFromConfig)(rpConf
|
|
29
|
+
} = (0, _retrieveRpJwks.getJwksFromConfig)(rpConf);
|
|
28
30
|
|
|
29
31
|
// Verify token signature to ensure the request object is authentic
|
|
30
32
|
const pubKey = keys === null || keys === void 0 ? void 0 : keys.find(_ref2 => {
|
|
@@ -42,9 +44,14 @@ const verifyRequestObject = async (requestObjectEncodedJwt, _ref) => {
|
|
|
42
44
|
issuer: clientId
|
|
43
45
|
});
|
|
44
46
|
const requestObject = _types.RequestObject.parse(requestObjectJwt.payload);
|
|
45
|
-
|
|
47
|
+
const isClientIdMatch = clientId === requestObject.client_id && clientId === rpSubject;
|
|
48
|
+
if (!isClientIdMatch) {
|
|
46
49
|
throw new _errors.UnverifiedEntityError("Client ID does not match Request Object or Entity Configuration");
|
|
47
50
|
}
|
|
51
|
+
const isStateMatch = state && requestObject.state ? state === requestObject.state : true;
|
|
52
|
+
if (!isStateMatch) {
|
|
53
|
+
throw new _errors.UnverifiedEntityError("State does not match Request Object");
|
|
54
|
+
}
|
|
48
55
|
return {
|
|
49
56
|
requestObject
|
|
50
57
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_errors","_types","_retrieveRpJwks","verifyRequestObject","requestObjectEncodedJwt","_ref","clientId","rpConf","requestObjectJwt","decodeJwt","keys","getJwksFromConfig","
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_errors","_types","_retrieveRpJwks","verifyRequestObject","requestObjectEncodedJwt","_ref","clientId","rpConf","rpSubject","state","requestObjectJwt","decodeJwt","keys","getJwksFromConfig","pubKey","find","_ref2","kid","protectedHeader","UnverifiedEntityError","verify","issuer","requestObject","RequestObject","parse","payload","isClientIdMatch","client_id","isStateMatch","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-verify-request-object.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAEA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,eAAA,GAAAH,OAAA;AAYA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMI,mBAAwC,GAAG,MAAAA,CACtDC,uBAAuB,EAAAC,IAAA,KAEpB;EAAA,IADH;IAAEC,QAAQ;IAAEC,MAAM;IAAEC,SAAS;IAAEC;EAAM,CAAC,GAAAJ,IAAA;EAEtC,MAAMK,gBAAgB,GAAG,IAAAC,wBAAS,EAACP,uBAAuB,CAAC;EAC3D,MAAM;IAAEQ;EAAK,CAAC,GAAG,IAAAC,iCAAiB,EAACN,MAAM,CAAC;;EAE1C;EACA,MAAMO,MAAM,GAAGF,IAAI,aAAJA,IAAI,uBAAJA,IAAI,CAAEG,IAAI,CACvBC,KAAA;IAAA,IAAC;MAAEC;IAAI,CAAC,GAAAD,KAAA;IAAA,OAAKC,GAAG,KAAKP,gBAAgB,CAACQ,eAAe,CAACD,GAAG;EAAA,CAC3D,CAAC;EAED,IAAI,CAACH,MAAM,EAAE;IACX,MAAM,IAAIK,6BAAqB,CAAC,wCAAwC,CAAC;EAC3E;;EAEA;EACA,MAAM,IAAAC,wBAAM,EAAChB,uBAAuB,EAAEU,MAAM,EAAE;IAAEO,MAAM,EAAEf;EAAS,CAAC,CAAC;EAEnE,MAAMgB,aAAa,GAAGC,oBAAa,CAACC,KAAK,CAACd,gBAAgB,CAACe,OAAO,CAAC;EAEnE,MAAMC,eAAe,GACnBpB,QAAQ,KAAKgB,aAAa,CAACK,SAAS,IAAIrB,QAAQ,KAAKE,SAAS;EAEhE,IAAI,CAACkB,eAAe,EAAE;IACpB,MAAM,IAAIP,6BAAqB,CAC7B,iEACF,CAAC;EACH;EAEA,MAAMS,YAAY,GAChBnB,KAAK,IAAIa,aAAa,CAACb,KAAK,GAAGA,KAAK,KAAKa,aAAa,CAACb,KAAK,GAAG,IAAI;EAErE,IAAI,CAACmB,YAAY,EAAE;IACjB,MAAM,IAAIT,6BAAqB,CAAC,qCAAqC,CAAC;EACxE;EAEA,OAAO;IAAEG;EAAc,CAAC;AAC1B,CAAC;AAACO,OAAA,CAAA1B,mBAAA,GAAAA,mBAAA"}
|
|
@@ -9,6 +9,11 @@ var _valibot = require("valibot");
|
|
|
9
9
|
var _sdJwt = require("../../sd-jwt");
|
|
10
10
|
var _errors = require("../../utils/errors");
|
|
11
11
|
var _crypto = require("../../utils/crypto");
|
|
12
|
+
var _errors2 = require("./errors");
|
|
13
|
+
/**
|
|
14
|
+
* The purpose for the credential request by the RP.
|
|
15
|
+
*/
|
|
16
|
+
|
|
12
17
|
/**
|
|
13
18
|
* Convert a credential in JWT format to an object with claims
|
|
14
19
|
* for correct parsing by the `dcql` library.
|
|
@@ -41,9 +46,38 @@ const getDcqlQueryMatches = result => Object.entries(result.credential_matches).
|
|
|
41
46
|
let [, match] = _ref;
|
|
42
47
|
return match.success === true;
|
|
43
48
|
});
|
|
49
|
+
|
|
50
|
+
/**
|
|
51
|
+
* Extract only failed matches from the DCQL query result.
|
|
52
|
+
*/
|
|
53
|
+
const getDcqlQueryFailedMatches = result => Object.entries(result.credential_matches).filter(_ref2 => {
|
|
54
|
+
let [, match] = _ref2;
|
|
55
|
+
return match.success === false;
|
|
56
|
+
});
|
|
57
|
+
|
|
58
|
+
/**
|
|
59
|
+
* Extract missing credentials from the DCQL query result.
|
|
60
|
+
* Note: here we are assuming a failed match is a missing credential,
|
|
61
|
+
* but there might be other reasons for its failure.
|
|
62
|
+
*/
|
|
63
|
+
const extractMissingCredentials = (queryResult, originalQuery) => {
|
|
64
|
+
return getDcqlQueryFailedMatches(queryResult).map(_ref3 => {
|
|
65
|
+
var _credential$meta;
|
|
66
|
+
let [id] = _ref3;
|
|
67
|
+
const credential = originalQuery.credentials.find(c => c.id === id);
|
|
68
|
+
if ((credential === null || credential === void 0 ? void 0 : credential.format) !== "vc+sd-jwt") {
|
|
69
|
+
throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
|
|
70
|
+
}
|
|
71
|
+
|
|
72
|
+
return {
|
|
73
|
+
id,
|
|
74
|
+
vctValues: (_credential$meta = credential.meta) === null || _credential$meta === void 0 ? void 0 : _credential$meta.vct_values
|
|
75
|
+
};
|
|
76
|
+
});
|
|
77
|
+
};
|
|
44
78
|
const evaluateDcqlQuery = (credentialsSdJwt, query) => {
|
|
45
|
-
const credentials = credentialsSdJwt.map(
|
|
46
|
-
let [, credential] =
|
|
79
|
+
const credentials = credentialsSdJwt.map(_ref4 => {
|
|
80
|
+
let [, credential] = _ref4;
|
|
47
81
|
return mapCredentialToObject(credential);
|
|
48
82
|
});
|
|
49
83
|
try {
|
|
@@ -52,7 +86,7 @@ const evaluateDcqlQuery = (credentialsSdJwt, query) => {
|
|
|
52
86
|
_dcql.DcqlQuery.validate(parsedQuery);
|
|
53
87
|
const queryResult = _dcql.DcqlQuery.query(parsedQuery, credentials);
|
|
54
88
|
if (!queryResult.canBeSatisfied) {
|
|
55
|
-
throw new
|
|
89
|
+
throw new _errors2.CredentialsNotFoundError(extractMissingCredentials(queryResult, parsedQuery));
|
|
56
90
|
}
|
|
57
91
|
|
|
58
92
|
// Build an object vct:credentialJwt to map matched credentials to their JWT
|
|
@@ -60,9 +94,9 @@ const evaluateDcqlQuery = (credentialsSdJwt, query) => {
|
|
|
60
94
|
...acc,
|
|
61
95
|
[c.vct]: credentialsSdJwt[i]
|
|
62
96
|
}), {});
|
|
63
|
-
return getDcqlQueryMatches(queryResult).map(
|
|
97
|
+
return getDcqlQueryMatches(queryResult).map(_ref5 => {
|
|
64
98
|
var _queryResult$credenti;
|
|
65
|
-
let [id, match] =
|
|
99
|
+
let [id, match] = _ref5;
|
|
66
100
|
if (match.output.credential_format !== "vc+sd-jwt") {
|
|
67
101
|
throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
|
|
68
102
|
}
|
|
@@ -71,23 +105,29 @@ const evaluateDcqlQuery = (credentialsSdJwt, query) => {
|
|
|
71
105
|
vct,
|
|
72
106
|
claims
|
|
73
107
|
} = match.output;
|
|
74
|
-
|
|
75
|
-
// Find a matching credential set to see whether the credential is optional
|
|
76
|
-
// If no credential set is found, then the credential is required by default
|
|
77
|
-
// NOTE: This is an extra, it might not be necessary
|
|
78
|
-
const credentialSet = (_queryResult$credenti = queryResult.credential_sets) === null || _queryResult$credenti === void 0 ? void 0 : _queryResult$credenti.find(set => {
|
|
108
|
+
const purposes = (_queryResult$credenti = queryResult.credential_sets) === null || _queryResult$credenti === void 0 || (_queryResult$credenti = _queryResult$credenti.filter(set => {
|
|
79
109
|
var _set$matching_options;
|
|
80
|
-
return (_set$matching_options = set.matching_options) === null || _set$matching_options === void 0 ? void 0 : _set$matching_options.flat().includes(
|
|
110
|
+
return (_set$matching_options = set.matching_options) === null || _set$matching_options === void 0 ? void 0 : _set$matching_options.flat().includes(id);
|
|
111
|
+
})) === null || _queryResult$credenti === void 0 ? void 0 : _queryResult$credenti.map(credentialSet => {
|
|
112
|
+
var _credentialSet$purpos;
|
|
113
|
+
return {
|
|
114
|
+
description: (_credentialSet$purpos = credentialSet.purpose) === null || _credentialSet$purpos === void 0 ? void 0 : _credentialSet$purpos.toString(),
|
|
115
|
+
required: Boolean(credentialSet.required)
|
|
116
|
+
};
|
|
81
117
|
});
|
|
82
|
-
const isOptional = credentialSet ? !credentialSet.required : false;
|
|
83
118
|
const [keyTag, credential] = credentialsSdJwtByVct[vct];
|
|
84
119
|
const requiredDisclosures = Object.values(claims);
|
|
85
120
|
return {
|
|
86
121
|
id,
|
|
122
|
+
vct,
|
|
87
123
|
keyTag,
|
|
88
124
|
credential,
|
|
89
|
-
|
|
90
|
-
|
|
125
|
+
requiredDisclosures,
|
|
126
|
+
// When it is a match but no credential_sets are found, the credential is required by default
|
|
127
|
+
// See https://openid.net/specs/openid-4-verifiable-presentations-1_0-24.html#section-6.3.1.2-2.1
|
|
128
|
+
purposes: purposes ?? [{
|
|
129
|
+
required: true
|
|
130
|
+
}]
|
|
91
131
|
};
|
|
92
132
|
});
|
|
93
133
|
} catch (error) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_dcql","require","_valibot","_sdJwt","_errors","_crypto","mapCredentialToObject","jwt","sdJwt","disclosures","decode","credentialFormat","header","typ","Error","vct","payload","credential_format","claims","reduce","acc","disclosure","decoded","getDcqlQueryMatches","result","Object","entries","credential_matches","filter","_ref","match","success","
|
|
1
|
+
{"version":3,"names":["_dcql","require","_valibot","_sdJwt","_errors","_crypto","_errors2","mapCredentialToObject","jwt","sdJwt","disclosures","decode","credentialFormat","header","typ","Error","vct","payload","credential_format","claims","reduce","acc","disclosure","decoded","getDcqlQueryMatches","result","Object","entries","credential_matches","filter","_ref","match","success","getDcqlQueryFailedMatches","_ref2","extractMissingCredentials","queryResult","originalQuery","map","_ref3","_credential$meta","id","credential","credentials","find","c","format","vctValues","meta","vct_values","evaluateDcqlQuery","credentialsSdJwt","query","_ref4","parsedQuery","DcqlQuery","parse","validate","canBeSatisfied","CredentialsNotFoundError","credentialsSdJwtByVct","i","_ref5","_queryResult$credenti","output","purposes","credential_sets","set","_set$matching_options","matching_options","flat","includes","credentialSet","_credentialSet$purpos","description","purpose","toString","required","Boolean","keyTag","requiredDisclosures","values","error","isValiError","ValidationFailed","message","reason","issues","issue","join","DcqlError","DcqlCredentialSetError","exports","prepareRemotePresentations","nonce","clientId","Promise","all","item","vp_token","prepareVpToken","requestedClaims","createCryptoContextFor","credentialId","vpToken"],"sourceRoot":"../../../../src","sources":["credential/presentation/07-evaluate-dcql-query.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAMA,IAAAC,QAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAEA,IAAAK,QAAA,GAAAL,OAAA;AAEA;AACA;AACA;;AAuCA;AACA;AACA;AACA;AACA,MAAMM,qBAAqB,GAAIC,GAAW,IAAK;EAC7C,MAAM;IAAEC,KAAK;IAAEC;EAAY,CAAC,GAAG,IAAAC,aAAM,EAACH,GAAG,CAAC;EAC1C,MAAMI,gBAAgB,GAAGH,KAAK,CAACI,MAAM,CAACC,GAAG;;EAEzC;EACA,IAAIF,gBAAgB,KAAK,WAAW,EAAE;IACpC,MAAM,IAAIG,KAAK,CAAE,kCAAiCH,gBAAiB,EAAC,CAAC;EACvE;EAEA,OAAO;IACLI,GAAG,EAAEP,KAAK,CAACQ,OAAO,CAACD,GAAG;IACtBE,iBAAiB,EAAEN,gBAAgB;IACnCO,MAAM,EAAET,WAAW,CAACU,MAAM,CACxB,CAACC,GAAG,EAAEC,UAAU,MAAM;MACpB,GAAGD,GAAG;MACN,CAACC,UAAU,CAACC,OAAO,CAAC,CAAC,CAAC,GAAGD,UAAU,CAACC;IACtC,CAAC,CAAC,EACF,CAAC,CACH;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA,MAAMC,mBAAmB,GAAIC,MAAuB,IAClDC,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,kBAAkB,CAAC,CAACC,MAAM,CAC9CC,IAAA;EAAA,IAAC,GAAGC,KAAK,CAAC,GAAAD,IAAA;EAAA,OAAKC,KAAK,CAACC,OAAO,KAAK,IAAI;AAAA,CACvC,CAAiC;;AAEnC;AACA;AACA;AACA,MAAMC,yBAAyB,GAAIR,MAAuB,IACxDC,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,kBAAkB,CAAC,CAACC,MAAM,CAC9CK,KAAA;EAAA,IAAC,GAAGH,KAAK,CAAC,GAAAG,KAAA;EAAA,OAAKH,KAAK,CAACC,OAAO,KAAK,KAAK;AAAA,CACxC,CAAiC;;AAEnC;AACA;AACA;AACA;AACA;AACA,MAAMG,yBAAyB,GAAGA,CAChCC,WAA4B,EAC5BC,aAAwB,KACH;EACrB,OAAOJ,yBAAyB,CAACG,WAAW,CAAC,CAACE,GAAG,CAACC,KAAA,IAAU;IAAA,IAAAC,gBAAA;IAAA,IAAT,CAACC,EAAE,CAAC,GAAAF,KAAA;IACrD,MAAMG,UAAU,GAAGL,aAAa,CAACM,WAAW,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,EAAE,KAAKA,EAAE,CAAC;IACrE,IAAI,CAAAC,UAAU,aAAVA,UAAU,uBAAVA,UAAU,CAAEI,MAAM,MAAK,WAAW,EAAE;MACtC,MAAM,IAAI/B,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;IACzC;;IACA,OAAO;MAAE0B,EAAE;MAAEM,SAAS,GAAAP,gBAAA,GAAEE,UAAU,CAACM,IAAI,cAAAR,gBAAA,uBAAfA,gBAAA,CAAiBS;IAAW,CAAC;EACvD,CAAC,CAAC;AACJ,CAAC;AAEM,MAAMC,iBAAoC,GAAGA,CAClDC,gBAAgB,EAChBC,KAAK,KACF;EACH,MAAMT,WAAW,GAAGQ,gBAAgB,CAACb,GAAG,CAACe,KAAA;IAAA,IAAC,GAAGX,UAAU,CAAC,GAAAW,KAAA;IAAA,OACtD9C,qBAAqB,CAACmC,UAAU,CAAC;EAAA,CACnC,CAAC;EAED,IAAI;IACF;IACA,MAAMY,WAAW,GAAGC,eAAS,CAACC,KAAK,CAACJ,KAAK,CAAC;IAC1CG,eAAS,CAACE,QAAQ,CAACH,WAAW,CAAC;IAE/B,MAAMlB,WAAW,GAAGmB,eAAS,CAACH,KAAK,CAACE,WAAW,EAAEX,WAAW,CAAC;IAE7D,IAAI,CAACP,WAAW,CAACsB,cAAc,EAAE;MAC/B,MAAM,IAAIC,iCAAwB,CAChCxB,yBAAyB,CAACC,WAAW,EAAEkB,WAAW,CACpD,CAAC;IACH;;IAEA;IACA,MAAMM,qBAAqB,GAAGjB,WAAW,CAACvB,MAAM,CAC9C,CAACC,GAAG,EAAEwB,CAAC,EAAEgB,CAAC,MAAM;MAAE,GAAGxC,GAAG;MAAE,CAACwB,CAAC,CAAC7B,GAAG,GAAGmC,gBAAgB,CAACU,CAAC;IAAG,CAAC,CAAC,EAC1D,CAAC,CACH,CAAC;IAED,OAAOrC,mBAAmB,CAACY,WAAW,CAAC,CAACE,GAAG,CAACwB,KAAA,IAAiB;MAAA,IAAAC,qBAAA;MAAA,IAAhB,CAACtB,EAAE,EAAEV,KAAK,CAAC,GAAA+B,KAAA;MACtD,IAAI/B,KAAK,CAACiC,MAAM,CAAC9C,iBAAiB,KAAK,WAAW,EAAE;QAClD,MAAM,IAAIH,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;MACzC;;MACA,MAAM;QAAEC,GAAG;QAAEG;MAAO,CAAC,GAAGY,KAAK,CAACiC,MAAM;MAEpC,MAAMC,QAAQ,IAAAF,qBAAA,GAAG3B,WAAW,CAAC8B,eAAe,cAAAH,qBAAA,gBAAAA,qBAAA,GAA3BA,qBAAA,CACblC,MAAM,CAAEsC,GAAG;QAAA,IAAAC,qBAAA;QAAA,QAAAA,qBAAA,GAAKD,GAAG,CAACE,gBAAgB,cAAAD,qBAAA,uBAApBA,qBAAA,CAAsBE,IAAI,CAAC,CAAC,CAACC,QAAQ,CAAC9B,EAAE,CAAC;MAAA,EAAC,cAAAsB,qBAAA,uBAD7CA,qBAAA,CAEbzB,GAAG,CAAqBkC,aAAa;QAAA,IAAAC,qBAAA;QAAA,OAAM;UAC3CC,WAAW,GAAAD,qBAAA,GAAED,aAAa,CAACG,OAAO,cAAAF,qBAAA,uBAArBA,qBAAA,CAAuBG,QAAQ,CAAC,CAAC;UAC9CC,QAAQ,EAAEC,OAAO,CAACN,aAAa,CAACK,QAAQ;QAC1C,CAAC;MAAA,CAAC,CAAC;MAEL,MAAM,CAACE,MAAM,EAAErC,UAAU,CAAC,GAAGkB,qBAAqB,CAAC5C,GAAG,CAAE;MACxD,MAAMgE,mBAAmB,GAAGtD,MAAM,CAACuD,MAAM,CAAC9D,MAAM,CAAiB;MACjE,OAAO;QACLsB,EAAE;QACFzB,GAAG;QACH+D,MAAM;QACNrC,UAAU;QACVsC,mBAAmB;QACnB;QACA;QACAf,QAAQ,EAAEA,QAAQ,IAAI,CAAC;UAAEY,QAAQ,EAAE;QAAK,CAAC;MAC3C,CAAC;IACH,CAAC,CAAC;EACJ,CAAC,CAAC,OAAOK,KAAK,EAAE;IACd;IACA,IAAI,IAAAC,oBAAW,EAACD,KAAK,CAAC,EAAE;MACtB,MAAM,IAAIE,wBAAgB,CAAC;QACzBC,OAAO,EAAE,oBAAoB;QAC7BC,MAAM,EAAEJ,KAAK,CAACK,MAAM,CAACjD,GAAG,CAAEkD,KAAK,IAAKA,KAAK,CAACH,OAAO,CAAC,CAACI,IAAI,CAAC,IAAI;MAC9D,CAAC,CAAC;IACJ;IAEA,IAAIP,KAAK,YAAYQ,eAAS,EAAE;MAC9B;IAAA;IAEF,IAAIR,KAAK,YAAYS,4BAAsB,EAAE;MAC3C;IAAA;IAEF,MAAMT,KAAK;EACb;AACF,CAAC;AAACU,OAAA,CAAA1C,iBAAA,GAAAA,iBAAA;AAEK,MAAM2C,0BAAsD,GAAG,MAAAA,CACpElD,WAAW,EACXmD,KAAK,EACLC,QAAQ,KACL;EACH,OAAOC,OAAO,CAACC,GAAG,CAChBtD,WAAW,CAACL,GAAG,CAAC,MAAO4D,IAAI,IAAK;IAC9B,MAAM;MAAEC;IAAS,CAAC,GAAG,MAAM,IAAAC,qBAAc,EAACN,KAAK,EAAEC,QAAQ,EAAE,CACzDG,IAAI,CAACxD,UAAU,EACfwD,IAAI,CAACG,eAAe,EACpB,IAAAC,8BAAsB,EAACJ,IAAI,CAACnB,MAAM,CAAC,CACpC,CAAC;IAEF,OAAO;MACLwB,YAAY,EAAEL,IAAI,CAACzD,EAAE;MACrB4D,eAAe,EAAEH,IAAI,CAACG,eAAe;MACrCG,OAAO,EAAEL,QAAQ;MACjBrD,MAAM,EAAE;IACV,CAAC;EACH,CAAC,CACH,CAAC;AACH,CAAC;AAAC8C,OAAA,CAAAC,0BAAA,GAAAA,0BAAA"}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.
|
|
6
|
+
exports.prepareLegacyRemotePresentations = exports.findCredentialSdJwt = exports.evaluateInputDescriptors = exports.evaluateInputDescriptorForSdJwt4VC = void 0;
|
|
7
7
|
var _sdJwt = require("../../sd-jwt");
|
|
8
8
|
var _crypto = require("../../utils/crypto");
|
|
9
9
|
var _jsonpathPlus = require("jsonpath-plus");
|
|
@@ -14,6 +14,11 @@ const ajv = new _ajv.default({
|
|
|
14
14
|
allErrors: true
|
|
15
15
|
});
|
|
16
16
|
const INDEX_CLAIM_NAME = 1;
|
|
17
|
+
|
|
18
|
+
/**
|
|
19
|
+
* @deprecated Use `prepareRemotePresentations` from DCQL
|
|
20
|
+
*/
|
|
21
|
+
|
|
17
22
|
/**
|
|
18
23
|
* Transforms an array of DisclosureWithEncoded objects into a key-value map.
|
|
19
24
|
* @param disclosures - An array of DisclosureWithEncoded, each containing a decoded property with [?, claimName, claimValue].
|
|
@@ -197,7 +202,10 @@ const findCredentialSdJwt = (inputDescriptor, decodedSdJwtCredentials) => {
|
|
|
197
202
|
continue;
|
|
198
203
|
}
|
|
199
204
|
}
|
|
200
|
-
throw new _errors.
|
|
205
|
+
throw new _errors.CredentialsNotFoundError([{
|
|
206
|
+
id: "",
|
|
207
|
+
reason: "None of the vc+sd-jwt credentials satisfy the requirements."
|
|
208
|
+
}]);
|
|
201
209
|
};
|
|
202
210
|
|
|
203
211
|
/**
|
|
@@ -234,7 +242,10 @@ const evaluateInputDescriptors = async (inputDescriptors, credentialsSdJwt) => {
|
|
|
234
242
|
var _descriptor$format;
|
|
235
243
|
if ((_descriptor$format = descriptor.format) !== null && _descriptor$format !== void 0 && _descriptor$format["vc+sd-jwt"]) {
|
|
236
244
|
if (!decodedSdJwtCredentials.length) {
|
|
237
|
-
throw new _errors.
|
|
245
|
+
throw new _errors.CredentialsNotFoundError([{
|
|
246
|
+
id: descriptor.id,
|
|
247
|
+
reason: "vc+sd-jwt credential is not supported."
|
|
248
|
+
}]);
|
|
238
249
|
}
|
|
239
250
|
const {
|
|
240
251
|
matchedEvaluation,
|
|
@@ -248,7 +259,10 @@ const evaluateInputDescriptors = async (inputDescriptors, credentialsSdJwt) => {
|
|
|
248
259
|
keyTag: matchedKeyTag
|
|
249
260
|
};
|
|
250
261
|
}
|
|
251
|
-
throw new _errors.
|
|
262
|
+
throw new _errors.CredentialsNotFoundError([{
|
|
263
|
+
id: descriptor.id,
|
|
264
|
+
reason: `${descriptor.format} format is not supported.`
|
|
265
|
+
}]);
|
|
252
266
|
}));
|
|
253
267
|
};
|
|
254
268
|
|
|
@@ -259,6 +273,8 @@ const evaluateInputDescriptors = async (inputDescriptors, credentialsSdJwt) => {
|
|
|
259
273
|
* - Validates the credential format.
|
|
260
274
|
* - Generates a verifiable presentation token (vpToken) using the provided nonce and client identifier.
|
|
261
275
|
*
|
|
276
|
+
* @deprecated Use `prepareRemotePresentations` from DCQL
|
|
277
|
+
*
|
|
262
278
|
* @param credentialAndDescriptors - An array containing objects with requested claims,
|
|
263
279
|
* input descriptor, credential, and keyTag.
|
|
264
280
|
* @param nonce - A unique nonce for the verifiable presentation token.
|
|
@@ -267,7 +283,7 @@ const evaluateInputDescriptors = async (inputDescriptors, credentialsSdJwt) => {
|
|
|
267
283
|
* @throws {CredentialNotFoundError} When the credential format is unsupported.
|
|
268
284
|
*/
|
|
269
285
|
exports.evaluateInputDescriptors = evaluateInputDescriptors;
|
|
270
|
-
const
|
|
286
|
+
const prepareLegacyRemotePresentations = async (credentialAndDescriptors, nonce, client_id) => {
|
|
271
287
|
return Promise.all(credentialAndDescriptors.map(async item => {
|
|
272
288
|
var _descriptor$format2;
|
|
273
289
|
const descriptor = item.inputDescriptor;
|
|
@@ -282,8 +298,11 @@ const prepareRemotePresentations = async (credentialAndDescriptors, nonce, clien
|
|
|
282
298
|
format: "vc+sd-jwt"
|
|
283
299
|
};
|
|
284
300
|
}
|
|
285
|
-
throw new _errors.
|
|
301
|
+
throw new _errors.CredentialsNotFoundError([{
|
|
302
|
+
id: descriptor.id,
|
|
303
|
+
reason: `${descriptor.format} format is not supported.`
|
|
304
|
+
}]);
|
|
286
305
|
}));
|
|
287
306
|
};
|
|
288
|
-
exports.
|
|
307
|
+
exports.prepareLegacyRemotePresentations = prepareLegacyRemotePresentations;
|
|
289
308
|
//# sourceMappingURL=07-evaluate-input-descriptor.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_sdJwt","require","_crypto","_jsonpathPlus","_errors","_ajv","_interopRequireDefault","obj","__esModule","default","ajv","Ajv","allErrors","INDEX_CLAIM_NAME","mapDisclosuresToObject","disclosures","reduce","_ref","decoded","claimName","claimValue","findMatchedClaim","paths","payload","matchedPath","matchedValue","some","singlePath","result","JSONPath","path","json","length","error","MissingDataError","extractClaimName","regex","match","Error","evaluateInputDescriptorForSdJwt4VC","inputDescriptor","payloadCredential","_inputDescriptor$cons","constraints","fields","requiredDisclosures","optionalDisclosures","unrequestedDisclosures","requiredClaimNames","optionalClaimNames","disclosuresAsPayload","allFieldsValid","every","field","optional","push","filter","validateSchema","compile","disclosure","includes","isNotLimitDisclosure","limit_disclosure","exports","findCredentialSdJwt","decodedSdJwtCredentials","keyTag","credential","sdJwt","evaluatedDisclosure","matchedEvaluation","matchedKeyTag","matchedCredential","
|
|
1
|
+
{"version":3,"names":["_sdJwt","require","_crypto","_jsonpathPlus","_errors","_ajv","_interopRequireDefault","obj","__esModule","default","ajv","Ajv","allErrors","INDEX_CLAIM_NAME","mapDisclosuresToObject","disclosures","reduce","_ref","decoded","claimName","claimValue","findMatchedClaim","paths","payload","matchedPath","matchedValue","some","singlePath","result","JSONPath","path","json","length","error","MissingDataError","extractClaimName","regex","match","Error","evaluateInputDescriptorForSdJwt4VC","inputDescriptor","payloadCredential","_inputDescriptor$cons","constraints","fields","requiredDisclosures","optionalDisclosures","unrequestedDisclosures","requiredClaimNames","optionalClaimNames","disclosuresAsPayload","allFieldsValid","every","field","optional","push","filter","validateSchema","compile","disclosure","includes","isNotLimitDisclosure","limit_disclosure","exports","findCredentialSdJwt","decodedSdJwtCredentials","keyTag","credential","sdJwt","evaluatedDisclosure","matchedEvaluation","matchedKeyTag","matchedCredential","CredentialsNotFoundError","id","reason","evaluateInputDescriptors","inputDescriptors","credentialsSdJwt","map","_ref2","decode","Promise","all","descriptor","_descriptor$format","format","prepareLegacyRemotePresentations","credentialAndDescriptors","nonce","client_id","item","_descriptor$format2","vp_token","prepareVpToken","requestedClaims","createCryptoContextFor","vpToken"],"sourceRoot":"../../../../src","sources":["credential/presentation/07-evaluate-input-descriptor.ts"],"mappings":";;;;;;AAEA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,aAAA,GAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,IAAA,GAAAC,sBAAA,CAAAL,OAAA;AAAsB,SAAAK,uBAAAC,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAEtB,MAAMG,GAAG,GAAG,IAAIC,YAAG,CAAC;EAAEC,SAAS,EAAE;AAAK,CAAC,CAAC;AACxC,MAAMC,gBAAgB,GAAG,CAAC;;AA0B1B;AACA;AACA;;AAYA;AACA;AACA;AACA;AACA;AACA,MAAMC,sBAAsB,GAC1BC,WAAoC,IACR;EAC5B,OAAOA,WAAW,CAACC,MAAM,CACvB,CAACT,GAAG,EAAAU,IAAA,KAAkB;IAAA,IAAhB;MAAEC;IAAQ,CAAC,GAAAD,IAAA;IACf,MAAM,GAAGE,SAAS,EAAEC,UAAU,CAAC,GAAGF,OAAO;IACzCX,GAAG,CAACY,SAAS,CAAC,GAAGC,UAAU;IAC3B,OAAOb,GAAG;EACZ,CAAC,EACD,CAAC,CACH,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMc,gBAAgB,GAAGA,CACvBC,KAAe,EACfC,OAAY,KACW;EACvB,IAAIC,WAAW;EACf,IAAIC,YAAY;EAChBH,KAAK,CAACI,IAAI,CAAEC,UAAU,IAAK;IACzB,IAAI;MACF,MAAMC,MAAM,GAAG,IAAAC,sBAAQ,EAAC;QAAEC,IAAI,EAAEH,UAAU;QAAEI,IAAI,EAAER;MAAQ,CAAC,CAAC;MAC5D,IAAIK,MAAM,CAACI,MAAM,GAAG,CAAC,EAAE;QACrBR,WAAW,GAAGG,UAAU;QACxBF,YAAY,GAAGG,MAAM,CAAC,CAAC,CAAC;QACxB,OAAO,IAAI;MACb;IACF,CAAC,CAAC,OAAOK,KAAK,EAAE;MACd,MAAM,IAAIC,wBAAgB,CACvB,iBAAgBP,UAAW,wCAC9B,CAAC;IACH;IACA,OAAO,KAAK;EACd,CAAC,CAAC;EAEF,OAAO,CAACH,WAAW,EAAEC,YAAY,CAAC;AACpC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMU,gBAAgB,GAAIL,IAAY,IAAyB;EAC7D;EACA;EACA;EACA,MAAMM,KAAK,GAAG,yCAAyC;EAEvD,MAAMC,KAAK,GAAGP,IAAI,CAACO,KAAK,CAACD,KAAK,CAAC;EAC/B,IAAIC,KAAK,EAAE;IACT;IACA;IACA,OAAOA,KAAK,CAAC,CAAC,CAAC,IAAIA,KAAK,CAAC,CAAC,CAAC;EAC7B;;EAEA;;EAEA,MAAM,IAAIC,KAAK,CACZ,0BAAyBR,IAAK,wFACjC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMS,kCAAmE,GAC9EA,CAACC,eAAe,EAAEC,iBAAiB,EAAE1B,WAAW,KAAK;EAAA,IAAA2B,qBAAA;EACnD,IAAI,EAACF,eAAe,aAAfA,eAAe,gBAAAE,qBAAA,GAAfF,eAAe,CAAEG,WAAW,cAAAD,qBAAA,eAA5BA,qBAAA,CAA8BE,MAAM,GAAE;IACzC;IACA,OAAO;MACLC,mBAAmB,EAAE,EAAE;MACvBC,mBAAmB,EAAE,EAAE;MACvBC,sBAAsB,EAAEhC;IAC1B,CAAC;EACH;EACA,MAAMiC,kBAA4B,GAAG,EAAE;EACvC,MAAMC,kBAA4B,GAAG,EAAE;;EAEvC;EACA,MAAMC,oBAAoB,GAAGpC,sBAAsB,CAACC,WAAW,CAAC;;EAEhE;EACA;EACA,MAAMoC,cAAc,GAAGX,eAAe,CAACG,WAAW,CAACC,MAAM,CAACQ,KAAK,CAAEC,KAAK,IAAK;IACzE;IACA;IACA;IACA,IAAI,CAAC7B,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAChDgC,KAAK,CAACvB,IAAI,EACVoB,oBACF,CAAC;IAED,IAAI,CAAC1B,WAAW,EAAE;MAChB,CAACA,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAC5CgC,KAAK,CAACvB,IAAI,EACVW,iBACF,CAAC;MAED,IAAI,CAACjB,WAAW,EAAE;QAChB;QACA,OAAO6B,KAAK,aAALA,KAAK,uBAALA,KAAK,CAAEC,QAAQ;MACxB;IACF,CAAC,MAAM;MACL;MACA,MAAMnC,SAAS,GAAGgB,gBAAgB,CAACX,WAAW,CAAC;MAC/C,IAAIL,SAAS,EAAE;QACb,CAACkC,KAAK,aAALA,KAAK,eAALA,KAAK,CAAEC,QAAQ,GAAGL,kBAAkB,GAAGD,kBAAkB,EAAEO,IAAI,CAC9DpC,SACF,CAAC;MACH;IACF;;IAEA;IACA;IACA,IAAIkC,KAAK,CAACG,MAAM,EAAE;MAChB,IAAI;QACF,MAAMC,cAAc,GAAG/C,GAAG,CAACgD,OAAO,CAACL,KAAK,CAACG,MAAM,CAAC;QAChD,IAAI,CAACC,cAAc,CAAChC,YAAY,CAAC,EAAE;UACjC,MAAM,IAAIS,wBAAgB,CACvB,gBAAeT,YAAa,eAAcD,WAAY,4CACzD,CAAC;QACH;MACF,CAAC,CAAC,OAAOS,KAAK,EAAE;QACd,OAAO,KAAK;MACd;IACF;IACA;IACA;;IAEA,OAAO,IAAI;EACb,CAAC,CAAC;EAEF,IAAI,CAACkB,cAAc,EAAE;IACnB,MAAM,IAAIjB,wBAAgB,CACxB,iGACF,CAAC;EACH;;EAEA;;EAEA,MAAMW,mBAAmB,GAAG9B,WAAW,CAACyC,MAAM,CAAEG,UAAU,IACxDX,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CAAC,CAClE,CAAC;EAED,MAAMiC,mBAAmB,GAAG/B,WAAW,CAACyC,MAAM,CAAEG,UAAU,IACxDV,kBAAkB,CAACW,QAAQ,CAACD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CAAC,CAClE,CAAC;EAED,MAAMgD,oBAAoB,GAAG,EAC3BrB,eAAe,CAACG,WAAW,CAACmB,gBAAgB,KAAK,UAAU,CAC5D;EAED,MAAMf,sBAAsB,GAAGc,oBAAoB,GAC/C9C,WAAW,CAACyC,MAAM,CACfG,UAAU,IACT,CAACV,kBAAkB,CAACW,QAAQ,CAC1BD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CACrC,CAAC,IACD,CAACmC,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CAAC,CACrE,CAAC,GACD,EAAE;EAEN,OAAO;IACLgC,mBAAmB;IACnBC,mBAAmB;IACnBC;EACF,CAAC;AACH,CAAC;AAACgB,OAAA,CAAAxB,kCAAA,GAAAA,kCAAA;AASJ;AACA;AACA;AACA;AACA;AACA;AACO,MAAMyB,mBAAmB,GAAGA,CACjCxB,eAAgC,EAChCyB,uBAAiD,KAK9C;EACH,KAAK,MAAM;IACTC,MAAM;IACNC,UAAU;IACVC,KAAK;IACLrD;EACF,CAAC,IAAIkD,uBAAuB,EAAE;IAC5B,IAAI;MACF,MAAMI,mBAAmB,GAAG9B,kCAAkC,CAC5DC,eAAe,EACf4B,KAAK,CAAC7C,OAAO,EACbR,WACF,CAAC;MAED,OAAO;QACLuD,iBAAiB,EAAED,mBAAmB;QACtCE,aAAa,EAAEL,MAAM;QACrBM,iBAAiB,EAAEL;MACrB,CAAC;IACH,CAAC,CAAC,MAAM;MACN;MACA;IACF;EACF;EAEA,MAAM,IAAIM,gCAAwB,CAAC,CACjC;IACEC,EAAE,EAAE,EAAE;IACNC,MAAM,EAAE;EACV,CAAC,CACF,CAAC;AACJ,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAbAZ,OAAA,CAAAC,mBAAA,GAAAA,mBAAA;AAcO,MAAMY,wBAAkD,GAAG,MAAAA,CAChEC,gBAAgB,EAChBC,gBAAgB,KACb;EACH;EACA,MAAMb,uBAAuB,GAC3B,CAAAa,gBAAgB,aAAhBA,gBAAgB,uBAAhBA,gBAAgB,CAAEC,GAAG,CAACC,KAAA,IAA0B;IAAA,IAAzB,CAACd,MAAM,EAAEC,UAAU,CAAC,GAAAa,KAAA;IACzC,MAAM;MAAEZ,KAAK;MAAErD;IAAY,CAAC,GAAG,IAAAkE,aAAM,EAACd,UAAU,CAAC;IACjD,OAAO;MAAED,MAAM;MAAEC,UAAU;MAAEC,KAAK;MAAErD;IAAY,CAAC;EACnD,CAAC,CAAC,KAAI,EAAE;EAEV,OAAOmE,OAAO,CAACC,GAAG,CAChBN,gBAAgB,CAACE,GAAG,CAAC,MAAOK,UAAU,IAAK;IAAA,IAAAC,kBAAA;IACzC,KAAAA,kBAAA,GAAID,UAAU,CAACE,MAAM,cAAAD,kBAAA,eAAjBA,kBAAA,CAAoB,WAAW,CAAC,EAAE;MACpC,IAAI,CAACpB,uBAAuB,CAACjC,MAAM,EAAE;QACnC,MAAM,IAAIyC,gCAAwB,CAAC,CACjC;UACEC,EAAE,EAAEU,UAAU,CAACV,EAAE;UACjBC,MAAM,EAAE;QACV,CAAC,CACF,CAAC;MACJ;MAEA,MAAM;QAAEL,iBAAiB;QAAEC,aAAa;QAAEC;MAAkB,CAAC,GAC3DR,mBAAmB,CAACoB,UAAU,EAAEnB,uBAAuB,CAAC;MAE1D,OAAO;QACLI,mBAAmB,EAAEC,iBAAiB;QACtC9B,eAAe,EAAE4C,UAAU;QAC3BjB,UAAU,EAAEK,iBAAiB;QAC7BN,MAAM,EAAEK;MACV,CAAC;IACH;IAEA,MAAM,IAAIE,gCAAwB,CAAC,CACjC;MACEC,EAAE,EAAEU,UAAU,CAACV,EAAE;MACjBC,MAAM,EAAG,GAAES,UAAU,CAACE,MAAO;IAC/B,CAAC,CACF,CAAC;EACJ,CAAC,CACH,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAfAvB,OAAA,CAAAa,wBAAA,GAAAA,wBAAA;AAgBO,MAAMW,gCAAkE,GAC7E,MAAAA,CAAOC,wBAAwB,EAAEC,KAAK,EAAEC,SAAS,KAAK;EACpD,OAAOR,OAAO,CAACC,GAAG,CAChBK,wBAAwB,CAACT,GAAG,CAAC,MAAOY,IAAI,IAAK;IAAA,IAAAC,mBAAA;IAC3C,MAAMR,UAAU,GAAGO,IAAI,CAACnD,eAAe;IAEvC,KAAAoD,mBAAA,GAAIR,UAAU,CAACE,MAAM,cAAAM,mBAAA,eAAjBA,mBAAA,CAAoB,WAAW,CAAC,EAAE;MACpC,MAAM;QAAEC;MAAS,CAAC,GAAG,MAAM,IAAAC,qBAAc,EAACL,KAAK,EAAEC,SAAS,EAAE,CAC1DC,IAAI,CAACxB,UAAU,EACfwB,IAAI,CAACI,eAAe,EACpB,IAAAC,8BAAsB,EAACL,IAAI,CAACzB,MAAM,CAAC,CACpC,CAAC;MAEF,OAAO;QACL6B,eAAe,EAAEJ,IAAI,CAACI,eAAe;QACrCvD,eAAe,EAAE4C,UAAU;QAC3Ba,OAAO,EAAEJ,QAAQ;QACjBP,MAAM,EAAE;MACV,CAAC;IACH;IAEA,MAAM,IAAIb,gCAAwB,CAAC,CACjC;MACEC,EAAE,EAAEU,UAAU,CAACV,EAAE;MACjBC,MAAM,EAAG,GAAES,UAAU,CAACE,MAAO;IAC/B,CAAC,CACF,CAAC;EACJ,CAAC,CACH,CAAC;AACH,CAAC;AAACvB,OAAA,CAAAwB,gCAAA,GAAAA,gCAAA"}
|
|
@@ -57,20 +57,20 @@ const buildDirectPostJwtBody = async (requestObject, rpConf, payload) => {
|
|
|
57
57
|
state: requestObject.state,
|
|
58
58
|
...payload
|
|
59
59
|
});
|
|
60
|
-
|
|
61
60
|
// Choose a suitable public key for encryption
|
|
62
61
|
const {
|
|
63
62
|
keys
|
|
64
|
-
} = (0, _retrieveRpJwks.getJwksFromConfig)(rpConf
|
|
63
|
+
} = (0, _retrieveRpJwks.getJwksFromConfig)(rpConf);
|
|
65
64
|
const encPublicJwk = choosePublicKeyToEncrypt(keys);
|
|
66
65
|
|
|
67
66
|
// Encrypt the authorization payload
|
|
68
67
|
const {
|
|
69
68
|
authorization_encrypted_response_alg,
|
|
70
69
|
authorization_encrypted_response_enc
|
|
71
|
-
} = rpConf.
|
|
70
|
+
} = rpConf.openid_credential_verifier;
|
|
71
|
+
const defaultAlg = encPublicJwk.kty === "EC" ? "ECDH-ES" : "RSA-OAEP-256";
|
|
72
72
|
const encryptedResponse = await new _ioReactNativeJwt.EncryptJwe(authzResponsePayload, {
|
|
73
|
-
alg: authorization_encrypted_response_alg ||
|
|
73
|
+
alg: authorization_encrypted_response_alg || defaultAlg,
|
|
74
74
|
enc: authorization_encrypted_response_enc || "A256CBC-HS512",
|
|
75
75
|
kid: encPublicJwk.kid
|
|
76
76
|
}).encrypt(encPublicJwk);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_reactNativeUuid","_interopRequireDefault","_retrieveRpJwks","_errors","_misc","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","AuthorizationResponse","object","status","string","optional","response_code","redirect_uri","exports","choosePublicKeyToEncrypt","rpJwkKeys","encKey","find","jwk","use","NoSuitableKeysFoundInEntityConfiguration","buildDirectPostJwtBody","requestObject","rpConf","payload","authzResponsePayload","JSON","stringify","state","keys","getJwksFromConfig","
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_reactNativeUuid","_interopRequireDefault","_retrieveRpJwks","_errors","_misc","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","AuthorizationResponse","object","status","string","optional","response_code","redirect_uri","exports","choosePublicKeyToEncrypt","rpJwkKeys","encKey","find","jwk","use","NoSuitableKeysFoundInEntityConfiguration","buildDirectPostJwtBody","requestObject","rpConf","payload","authzResponsePayload","JSON","stringify","state","keys","getJwksFromConfig","encPublicJwk","authorization_encrypted_response_alg","authorization_encrypted_response_enc","openid_credential_verifier","defaultAlg","kty","encryptedResponse","EncryptJwe","alg","enc","kid","encrypt","formBody","URLSearchParams","response","toString","sendLegacyAuthorizationResponse","presentationDefinitionId","remotePresentations","_remotePresentations$","appFetch","fetch","arguments","length","undefined","vp_token","vpToken","map","remotePresentation","descriptor_map","index","id","inputDescriptor","path","format","presentation_submission","uuid","v4","definition_id","requestBody","response_uri","method","headers","body","then","hasStatusOrThrow","res","json","parse","sendAuthorizationResponse","reduce","acc","presentation","credentialId"],"sourceRoot":"../../../../src","sources":["credential/presentation/08-send-authorization-response.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,eAAA,GAAAH,OAAA;AAEA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AAOA,IAAAM,CAAA,GAAAC,uBAAA,CAAAP,OAAA;AAAyB,SAAAQ,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAAA,SAAAjB,uBAAAW,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAKlB,MAAMiB,qBAAqB,GAAGxB,CAAC,CAACyB,MAAM,CAAC;EAC5CC,MAAM,EAAE1B,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC7BC,aAAa,EAAE7B,CAAC,CACb2B,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTC,QAAQ,CAAC,CAAC;EACbE,YAAY,EAAE9B,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC;AACpC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAG,OAAA,CAAAP,qBAAA,GAAAA,qBAAA;AAQO,MAAMQ,wBAAwB,GACnCC,SAAiC,IACzB;EACR,MAAMC,MAAM,GAAGD,SAAS,CAACE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,CAAC;EAEzD,IAAIH,MAAM,EAAE;IACV,OAAOA,MAAM;EACf;;EAEA;EACA,MAAM,IAAII,gDAAwC,CAChD,8CACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAP,OAAA,CAAAC,wBAAA,GAAAA,wBAAA;AAQO,MAAMO,sBAAsB,GAAG,MAAAA,CACpCC,aAAwD,EACxDC,MAA8D,EAC9DC,OAA8E,KAC1D;EAGpB;EACA,MAAMC,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEN,aAAa,CAACM,KAAK;IAC1B,GAAGJ;EACL,CAAC,CAAC;EACF;EACA,MAAM;IAAEK;EAAK,CAAC,GAAG,IAAAC,iCAAiB,EAACP,MAAM,CAAC;EAC1C,MAAMQ,YAAY,GAAGjB,wBAAwB,CAACe,IAAI,CAAC;;EAEnD;EACA,MAAM;IACJG,oCAAoC;IACpCC;EACF,CAAC,GAAGV,MAAM,CAACW,0BAA0B;EAErC,MAAMC,UAAsB,GAC1BJ,YAAY,CAACK,GAAG,KAAK,IAAI,GAAG,SAAS,GAAG,cAAc;EAExD,MAAMC,iBAAiB,GAAG,MAAM,IAAIC,4BAAU,CAACb,oBAAoB,EAAE;IACnEc,GAAG,EAAGP,oCAAoC,IAAmBG,UAAU;IACvEK,GAAG,EACAP,oCAAoC,IAAmB,eAAe;IACzEQ,GAAG,EAAEV,YAAY,CAACU;EACpB,CAAC,CAAC,CAACC,OAAO,CAACX,YAAY,CAAC;;EAExB;EACA,MAAMY,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCC,QAAQ,EAAER,iBAAiB;IAC3B,IAAIf,aAAa,CAACM,KAAK,GAAG;MAAEA,KAAK,EAAEN,aAAa,CAACM;IAAM,CAAC,GAAG,CAAC,CAAC;EAC/D,CAAC,CAAC;EACF,OAAOe,QAAQ,CAACG,QAAQ,CAAC,CAAC;AAC5B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AALAjC,OAAA,CAAAQ,sBAAA,GAAAA,sBAAA;AAgBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAM0B,+BAAgE,GAC3E,eAAAA,CACEzB,aAAa,EACb0B,wBAAwB,EACxBC,mBAAmB,EACnB1B,MAAM,EAE6B;EAAA,IAAA2B,qBAAA;EAAA,IADnC;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB;AACJ;AACA;AACA;AACA;EACI,MAAMG,QAAQ,GACZ,CAAAP,mBAAmB,aAAnBA,mBAAmB,uBAAnBA,mBAAmB,CAAEK,MAAM,MAAK,CAAC,IAAAJ,qBAAA,GAC7BD,mBAAmB,CAAC,CAAC,CAAC,cAAAC,qBAAA,uBAAtBA,qBAAA,CAAwBO,OAAO,GAC/BR,mBAAmB,CAACS,GAAG,CACpBC,kBAAkB,IAAKA,kBAAkB,CAACF,OAC7C,CAAC;EAEP,MAAMG,cAAc,GAAGX,mBAAmB,CAACS,GAAG,CAC5C,CAACC,kBAAkB,EAAEE,KAAK,MAAM;IAC9BC,EAAE,EAAEH,kBAAkB,CAACI,eAAe,CAACD,EAAE;IACzCE,IAAI,EAAEf,mBAAmB,CAACK,MAAM,KAAK,CAAC,GAAI,GAAE,GAAI,KAAIO,KAAM,GAAE;IAC5DI,MAAM,EAAEN,kBAAkB,CAACM;EAC7B,CAAC,CACH,CAAC;EAED,MAAMC,uBAAuB,GAAG;IAC9BJ,EAAE,EAAEK,wBAAI,CAACC,EAAE,CAAC,CAAC;IACbC,aAAa,EAAErB,wBAAwB;IACvCY;EACF,CAAC;EAED,MAAMU,WAAW,GAAG,MAAMjD,sBAAsB,CAACC,aAAa,EAAEC,MAAM,EAAE;IACtEiC,QAAQ;IACRU;EACF,CAAC,CAAC;;EAEF;EACA,OAAO,MAAMf,QAAQ,CAAC7B,aAAa,CAACiD,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEJ;EACR,CAAC,CAAC,CACCK,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAACrE,qBAAqB,CAACyE,KAAK,CAAC;AACtC,CAAC;;AAEH;AACA;AACA;AACA;AACA;AAJAlE,OAAA,CAAAkC,+BAAA,GAAAA,+BAAA;AAcO,MAAMiC,yBAAoD,GAAG,eAAAA,CAClE1D,aAAa,EACb2B,mBAAmB,EACnB1B,MAAM,EAE6B;EAAA,IADnC;IAAE4B,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB;EACA,MAAMiB,WAAW,GAAG,MAAMjD,sBAAsB,CAACC,aAAa,EAAEC,MAAM,EAAE;IACtEiC,QAAQ,EAAEP,mBAAmB,CAACgC,MAAM,CAClC,CAACC,GAAG,EAAEC,YAAY,MAAM;MACtB,GAAGD,GAAG;MACN,CAACC,YAAY,CAACC,YAAY,GAAGD,YAAY,CAAC1B;IAC5C,CAAC,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC;;EAEF;EACA,OAAO,MAAMN,QAAQ,CAAC7B,aAAa,CAACiD,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEJ;EACR,CAAC,CAAC,CACCK,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAACrE,qBAAqB,CAACyE,KAAK,CAAC;AACtC,CAAC;AAAClE,OAAA,CAAAmE,yBAAA,GAAAA,yBAAA"}
|
|
@@ -1,3 +1,97 @@
|
|
|
1
|
-
# Credential
|
|
1
|
+
# Credential Presentation
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
This flow is used for remote presentation, allowing a user with a valid Wallet Instance to remotely present credentials to a Relying Party (Verifier). The presentation flow adheres to the [IT Wallet 0.9.x specification](https://italia.github.io/eid-wallet-it-docs/v0.9.3/en/relying-party-solution.html).
|
|
4
|
+
|
|
5
|
+
The Relying Party provides the Wallet with a Request Object that contains the requested credentials and claims. The Wallet validates the Request Object and asks the user for consent. Then the Wallet creates an encrypted Authorization Response that contains the Verifiable Presentation with the requested data (`vp_token`) and sends it to the Relying Party.
|
|
6
|
+
|
|
7
|
+
## Sequence Diagram
|
|
8
|
+
|
|
9
|
+
```mermaid
|
|
10
|
+
sequenceDiagram
|
|
11
|
+
autonumber
|
|
12
|
+
participant I as User (Wallet Instance)
|
|
13
|
+
participant O as Relying Party (Verifier)
|
|
14
|
+
|
|
15
|
+
O->>+I: QR-CODE: Authorization Request (`request_uri`)
|
|
16
|
+
I->>+O: GET: Verifier's Entity Configuration
|
|
17
|
+
O->>+I: Respond with metadata (including public keys)
|
|
18
|
+
I->>+O: GET: Request Object, resolved from `request_uri`
|
|
19
|
+
O->>+I: Respond with the Request Object
|
|
20
|
+
I->>+I: Validate Request Object and give consent
|
|
21
|
+
I->>+O: POST: Authorization Response with encrypted VP token
|
|
22
|
+
O->>+I: Respond with optional `redirect_uri`
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
## Mapped results
|
|
26
|
+
|
|
27
|
+
|Error|Description|
|
|
28
|
+
|-----|-----------|
|
|
29
|
+
|`ValidationFailed`|The presentation request is not valid, for instance the DCQL query is invalid.|
|
|
30
|
+
|`CredentialsNotFoundError`|The presentation cannot be completed because the Wallet does not contain all requested credentials. The missing credentials can be found in `details`.|
|
|
31
|
+
|
|
32
|
+
|
|
33
|
+
## Examples
|
|
34
|
+
|
|
35
|
+
<details>
|
|
36
|
+
<summary>Remote Presentation flow</summary>
|
|
37
|
+
|
|
38
|
+
**Note:** To successfully complete a remote presentation, the Wallet Instance must be in a valid state with a valid Wallet Instance Attestation.
|
|
39
|
+
|
|
40
|
+
```ts
|
|
41
|
+
// Retrieve and scan the qr-code, decode it and get its parameters
|
|
42
|
+
const qrCodeParams = decodeQrCode(qrCode)
|
|
43
|
+
|
|
44
|
+
// Start the issuance flow
|
|
45
|
+
const {
|
|
46
|
+
request_uri,
|
|
47
|
+
client_id,
|
|
48
|
+
request_uri_method,
|
|
49
|
+
state
|
|
50
|
+
} = Credential.Presentation.startFlowFromQR(qrCodeParams);
|
|
51
|
+
|
|
52
|
+
// Get the Relying Party's Entity Configuration and evaluate trust
|
|
53
|
+
const { rpConf } = await Credential.Presentation.evaluateRelyingPartyTrust(client_id);
|
|
54
|
+
|
|
55
|
+
// Get the Request Object from the RP
|
|
56
|
+
const { requestObjectEncodedJwt } =
|
|
57
|
+
await Credential.Presentation.getRequestObject(request_uri);
|
|
58
|
+
|
|
59
|
+
// Validate the Request Object
|
|
60
|
+
const { requestObject } = await Credential.Presentation.verifyRequestObject(
|
|
61
|
+
requestObjectEncodedJwt,
|
|
62
|
+
{ clientId: client_id, rpConf }
|
|
63
|
+
);
|
|
64
|
+
|
|
65
|
+
// All the credentials that might be requested by the Relying Party
|
|
66
|
+
const credentialsSdJwt = [
|
|
67
|
+
["credential1_keytag", "eyJraWQiOiItRl82VWdhOG4zVmVnalkyVTdZVUhLMXpMb2FELU5QVGM2M1JNSVNuTGF3IiwidHlwIjoidmMrc2Qtand0IiwiYWxnIjoiRVMyNTYifQ.eyJfc2"],
|
|
68
|
+
["credential2_keytag", "eyJ0eXAiOiJ2YytzZC1qd3QiLCJhbGciOiJFUzI1NiIsImtpZCI6Ii1GXzZVZ2E4bjNWZWdqWTJVN1lVSEsxekxvYUQtTlBUYzYzUk1JU25MYXcifQ.ew0KIC"]
|
|
69
|
+
];
|
|
70
|
+
|
|
71
|
+
const result = Credential.Presentation.evaluateDcqlQuery(
|
|
72
|
+
credentialsSdJwt,
|
|
73
|
+
requestObject.dcql_query as DcqlQuery
|
|
74
|
+
);
|
|
75
|
+
|
|
76
|
+
const credentialsToPresent = result.map(
|
|
77
|
+
({ requiredDisclosures, ...rest }) => ({
|
|
78
|
+
...rest,
|
|
79
|
+
requestedClaims: requiredDisclosures.map(([, claimName]) => claimName),
|
|
80
|
+
})
|
|
81
|
+
);
|
|
82
|
+
|
|
83
|
+
const remotePresentations =
|
|
84
|
+
await Credential.Presentation.prepareRemotePresentations(
|
|
85
|
+
credentialsToPresent,
|
|
86
|
+
requestObject.nonce,
|
|
87
|
+
requestObject.client_id
|
|
88
|
+
);
|
|
89
|
+
|
|
90
|
+
const authResponse = await Credential.Presentation.sendAuthorizationResponse(
|
|
91
|
+
requestObject,
|
|
92
|
+
remotePresentations,
|
|
93
|
+
rpConf
|
|
94
|
+
);
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
</details>
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.UnverifiedEntityError = exports.NoSuitableKeysFoundInEntityConfiguration = exports.MissingDataError = exports.InvalidQRCodeError = exports.
|
|
6
|
+
exports.UnverifiedEntityError = exports.NoSuitableKeysFoundInEntityConfiguration = exports.MissingDataError = exports.InvalidQRCodeError = exports.CredentialsNotFoundError = exports.AuthRequestDecodeError = void 0;
|
|
7
7
|
var _errors = require("../../utils/errors");
|
|
8
8
|
/**
|
|
9
9
|
* An error subclass thrown when auth request decode fail
|
|
@@ -54,12 +54,11 @@ exports.NoSuitableKeysFoundInEntityConfiguration = NoSuitableKeysFoundInEntityCo
|
|
|
54
54
|
class InvalidQRCodeError extends _errors.IoWalletError {
|
|
55
55
|
code = "ERR_INVALID_QR_CODE";
|
|
56
56
|
|
|
57
|
-
/**
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
super(message);
|
|
57
|
+
/** Detailed reason for the QR code validation failure. */
|
|
58
|
+
|
|
59
|
+
constructor(reason) {
|
|
60
|
+
super("Invalid QR code");
|
|
61
|
+
this.reason = reason;
|
|
63
62
|
}
|
|
64
63
|
}
|
|
65
64
|
|
|
@@ -96,22 +95,20 @@ class MissingDataError extends _errors.IoWalletError {
|
|
|
96
95
|
super(message);
|
|
97
96
|
}
|
|
98
97
|
}
|
|
99
|
-
|
|
98
|
+
exports.MissingDataError = MissingDataError;
|
|
100
99
|
/**
|
|
101
|
-
*
|
|
102
|
-
*
|
|
100
|
+
* Error thrown when one or more credentials cannot be found in the wallet
|
|
101
|
+
* and the presentation request cannot be satisfied.
|
|
103
102
|
*/
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
code = "ERR_CREDENTIAL_NOT_FOUND";
|
|
107
|
-
|
|
103
|
+
class CredentialsNotFoundError extends _errors.IoWalletError {
|
|
104
|
+
code = "ERR_CREDENTIALS_NOT_FOUND";
|
|
108
105
|
/**
|
|
109
|
-
* @param
|
|
106
|
+
* @param details The details of the credentials that could not be found.
|
|
110
107
|
*/
|
|
111
|
-
constructor(
|
|
112
|
-
|
|
113
|
-
|
|
108
|
+
constructor(details) {
|
|
109
|
+
super("One or more credentials cannot be found in the wallet");
|
|
110
|
+
this.details = details;
|
|
114
111
|
}
|
|
115
112
|
}
|
|
116
|
-
exports.
|
|
113
|
+
exports.CredentialsNotFoundError = CredentialsNotFoundError;
|
|
117
114
|
//# sourceMappingURL=errors.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_errors","require","AuthRequestDecodeError","IoWalletError","code","constructor","message","claim","arguments","length","undefined","reason","serializeAttrs","exports","NoSuitableKeysFoundInEntityConfiguration","scenario","InvalidQRCodeError","
|
|
1
|
+
{"version":3,"names":["_errors","require","AuthRequestDecodeError","IoWalletError","code","constructor","message","claim","arguments","length","undefined","reason","serializeAttrs","exports","NoSuitableKeysFoundInEntityConfiguration","scenario","InvalidQRCodeError","UnverifiedEntityError","MissingDataError","missingAttributes","CredentialsNotFoundError","details"],"sourceRoot":"../../../../src","sources":["credential/presentation/errors.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAEA;AACA;AACA;AACA;AACO,MAAMC,sBAAsB,SAASC,qBAAa,CAAC;EACxDC,IAAI,GAAG,oDAAoD;;EAE3D;;EAGA;;EAGAC,WAAWA,CACTC,OAAe,EAGf;IAAA,IAFAC,KAAa,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAC7BG,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAE9B,KAAK,CAAC,IAAAI,sBAAc,EAAC;MAAEN,OAAO;MAAEC,KAAK;MAAEI;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACJ,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AAHAE,OAAA,CAAAX,sBAAA,GAAAA,sBAAA;AAIO,MAAMY,wCAAwC,SAASX,qBAAa,CAAC;EAC1EC,IAAI,GAAG,gCAAgC;;EAEvC;AACF;AACA;EACEC,WAAWA,CAACU,QAAgB,EAAE;IAC5B,MAAMT,OAAO,GAAI,0DAAyDS,QAAS,IAAG;IACtF,KAAK,CAACT,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AAHAO,OAAA,CAAAC,wCAAA,GAAAA,wCAAA;AAIO,MAAME,kBAAkB,SAASb,qBAAa,CAAC;EACpDC,IAAI,GAAG,qBAAqB;;EAE5B;;EAGAC,WAAWA,CAACM,MAAc,EAAE;IAC1B,KAAK,CAAC,iBAAiB,CAAC;IACxB,IAAI,CAACA,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AAHAE,OAAA,CAAAG,kBAAA,GAAAA,kBAAA;AAIO,MAAMC,qBAAqB,SAASd,qBAAa,CAAC;EACvDC,IAAI,GAAG,0BAA0B;;EAEjC;AACF;AACA;EACEC,WAAWA,CAACM,MAAc,EAAE;IAC1B,MAAML,OAAO,GAAI,sBAAqBK,MAAO,GAAE;IAC/C,KAAK,CAACL,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AAHAO,OAAA,CAAAI,qBAAA,GAAAA,qBAAA;AAIO,MAAMC,gBAAgB,SAASf,qBAAa,CAAC;EAClDC,IAAI,GAAG,kBAAkB;;EAEzB;AACF;AACA;EACEC,WAAWA,CAACc,iBAAyB,EAAE;IACrC,MAAMb,OAAO,GAAI,kCAAiCa,iBAAkB,GAAE;IACtE,KAAK,CAACb,OAAO,CAAC;EAChB;AACF;AAACO,OAAA,CAAAK,gBAAA,GAAAA,gBAAA;AAQD;AACA;AACA;AACA;AACO,MAAME,wBAAwB,SAASjB,qBAAa,CAAC;EAC1DC,IAAI,GAAG,2BAA2B;EAGlC;AACF;AACA;EACEC,WAAWA,CAACgB,OAAyB,EAAE;IACrC,KAAK,CAAC,uDAAuD,CAAC;IAC9D,IAAI,CAACA,OAAO,GAAGA,OAAO;EACxB;AACF;AAACR,OAAA,CAAAO,wBAAA,GAAAA,wBAAA"}
|