@pagopa/io-react-native-wallet 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (60) hide show
  1. package/README.md +57 -24
  2. package/lib/commonjs/index.js +13 -0
  3. package/lib/commonjs/index.js.map +1 -1
  4. package/lib/commonjs/rp/__test__/index.test.js +8 -1
  5. package/lib/commonjs/rp/__test__/index.test.js.map +1 -1
  6. package/lib/commonjs/rp/index.js +5 -14
  7. package/lib/commonjs/rp/index.js.map +1 -1
  8. package/lib/commonjs/rp/types.js +7 -27
  9. package/lib/commonjs/rp/types.js.map +1 -1
  10. package/lib/commonjs/trust/chain.js +94 -0
  11. package/lib/commonjs/trust/chain.js.map +1 -0
  12. package/lib/commonjs/trust/index.js +44 -0
  13. package/lib/commonjs/trust/index.js.map +1 -0
  14. package/lib/commonjs/trust/types.js +64 -0
  15. package/lib/commonjs/trust/types.js.map +1 -0
  16. package/lib/commonjs/wallet-instance-attestation/issuing.js +4 -4
  17. package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
  18. package/lib/commonjs/wallet-instance-attestation/types.js +6 -9
  19. package/lib/commonjs/wallet-instance-attestation/types.js.map +1 -1
  20. package/lib/module/index.js +2 -1
  21. package/lib/module/index.js.map +1 -1
  22. package/lib/module/rp/__test__/index.test.js +8 -1
  23. package/lib/module/rp/__test__/index.test.js.map +1 -1
  24. package/lib/module/rp/index.js +5 -14
  25. package/lib/module/rp/index.js.map +1 -1
  26. package/lib/module/rp/types.js +7 -27
  27. package/lib/module/rp/types.js.map +1 -1
  28. package/lib/module/trust/chain.js +86 -0
  29. package/lib/module/trust/chain.js.map +1 -0
  30. package/lib/module/trust/index.js +34 -0
  31. package/lib/module/trust/index.js.map +1 -0
  32. package/lib/module/trust/types.js +52 -0
  33. package/lib/module/trust/types.js.map +1 -0
  34. package/lib/module/wallet-instance-attestation/issuing.js +4 -4
  35. package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
  36. package/lib/module/wallet-instance-attestation/types.js +6 -9
  37. package/lib/module/wallet-instance-attestation/types.js.map +1 -1
  38. package/lib/typescript/index.d.ts +2 -1
  39. package/lib/typescript/index.d.ts.map +1 -1
  40. package/lib/typescript/rp/index.d.ts.map +1 -1
  41. package/lib/typescript/rp/types.d.ts +232 -145
  42. package/lib/typescript/rp/types.d.ts.map +1 -1
  43. package/lib/typescript/trust/chain.d.ts +17 -0
  44. package/lib/typescript/trust/chain.d.ts.map +1 -0
  45. package/lib/typescript/trust/index.d.ts +16 -0
  46. package/lib/typescript/trust/index.d.ts.map +1 -0
  47. package/lib/typescript/trust/types.d.ts +1041 -0
  48. package/lib/typescript/trust/types.d.ts.map +1 -0
  49. package/lib/typescript/wallet-instance-attestation/types.d.ts +30 -50
  50. package/lib/typescript/wallet-instance-attestation/types.d.ts.map +1 -1
  51. package/package.json +1 -1
  52. package/src/index.ts +3 -0
  53. package/src/rp/__test__/index.test.ts +8 -1
  54. package/src/rp/index.ts +5 -20
  55. package/src/rp/types.ts +17 -34
  56. package/src/trust/chain.ts +109 -0
  57. package/src/trust/index.ts +43 -0
  58. package/src/trust/types.ts +56 -0
  59. package/src/wallet-instance-attestation/issuing.ts +4 -4
  60. package/src/wallet-instance-attestation/types.ts +6 -9
package/lib/typescript/trust/types.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/trust/types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,eAAO,MAAM,SAAS;;;;;;;;;EAAuD,CAAC;AAC9E,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,SAAS,CAAC,CAAC;AAElD,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAC9D,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc1B,CAAC;AAEH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AACtE,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAyB9B,CAAC;AAEH,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAClD,OAAO,8BAA8B,CACtC,CAAC;AACF,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAAsB,CAAC"}
package/lib/typescript/wallet-instance-attestation/types.d.ts CHANGED
@@ -20,15 +20,14 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
20
20
  x5c?: string[] | undefined;
21
21
  trust_chain?: string[] | undefined;
22
22
  }>, z.ZodObject<{
23
- typ: z.ZodLiteral<"var+jwt">;
23
+ typ: z.ZodLiteral<"wiar+jwt">;
24
24
  }, "strip", z.ZodTypeAny, {
25
- typ: "var+jwt";
25
+ typ: "wiar+jwt";
26
26
  }, {
27
- typ: "var+jwt";
27
+ typ: "wiar+jwt";
28
28
  }>>;
29
29
  payload: z.ZodIntersection<z.ZodObject<{
30
30
  iss: z.ZodString;
31
- sub: z.ZodString;
32
31
  iat: z.ZodNumber;
33
32
  exp: z.ZodNumber;
34
33
  cnf: z.ZodObject<{
@@ -165,7 +164,6 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
165
164
  }>;
166
165
  }, "strip", z.ZodTypeAny, {
167
166
  iss: string;
168
- sub: string;
169
167
  iat: number;
170
168
  exp: number;
171
169
  cnf: {
@@ -198,7 +196,6 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
198
196
  };
199
197
  }, {
200
198
  iss: string;
201
- sub: string;
202
199
  iat: number;
203
200
  exp: number;
204
201
  cnf: {
@@ -230,14 +227,17 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
230
227
  };
231
228
  };
232
229
  }>, z.ZodObject<{
230
+ aud: z.ZodString;
233
231
  jti: z.ZodString;
234
- type: z.ZodLiteral<"WalletInstanceAttestationRequest">;
232
+ nonce: z.ZodString;
235
233
  }, "strip", z.ZodTypeAny, {
236
- type: "WalletInstanceAttestationRequest";
237
234
  jti: string;
235
+ nonce: string;
236
+ aud: string;
238
237
  }, {
239
- type: "WalletInstanceAttestationRequest";
240
238
  jti: string;
239
+ nonce: string;
240
+ aud: string;
241
241
  }>>;
242
242
  }, "strip", z.ZodTypeAny, {
243
243
  header: {
@@ -247,11 +247,10 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
247
247
  x5c?: string[] | undefined;
248
248
  trust_chain?: string[] | undefined;
249
249
  } & {
250
- typ: "var+jwt";
250
+ typ: "wiar+jwt";
251
251
  };
252
252
  payload: {
253
253
  iss: string;
254
- sub: string;
255
254
  iat: number;
256
255
  exp: number;
257
256
  cnf: {
@@ -283,8 +282,9 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
283
282
  };
284
283
  };
285
284
  } & {
286
- type: "WalletInstanceAttestationRequest";
287
285
  jti: string;
286
+ nonce: string;
287
+ aud: string;
288
288
  };
289
289
  }, {
290
290
  header: {
@@ -294,11 +294,10 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
294
294
  x5c?: string[] | undefined;
295
295
  trust_chain?: string[] | undefined;
296
296
  } & {
297
- typ: "var+jwt";
297
+ typ: "wiar+jwt";
298
298
  };
299
299
  payload: {
300
300
  iss: string;
301
- sub: string;
302
301
  iat: number;
303
302
  exp: number;
304
303
  cnf: {
@@ -330,8 +329,9 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
330
329
  };
331
330
  };
332
331
  } & {
333
- type: "WalletInstanceAttestationRequest";
334
332
  jti: string;
333
+ nonce: string;
334
+ aud: string;
335
335
  };
336
336
  }>;
337
337
  export type WalletInstanceAttestationJwt = z.infer<typeof WalletInstanceAttestationJwt>;
@@ -355,15 +355,14 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
355
355
  x5c?: string[] | undefined;
356
356
  trust_chain?: string[] | undefined;
357
357
  }>, z.ZodObject<{
358
- typ: z.ZodLiteral<"va+jwt">;
358
+ typ: z.ZodLiteral<"wallet-attestation+jwt">;
359
359
  }, "strip", z.ZodTypeAny, {
360
- typ: "va+jwt";
360
+ typ: "wallet-attestation+jwt";
361
361
  }, {
362
- typ: "va+jwt";
362
+ typ: "wallet-attestation+jwt";
363
363
  }>>;
364
364
  payload: z.ZodIntersection<z.ZodObject<{
365
365
  iss: z.ZodString;
366
- sub: z.ZodString;
367
366
  iat: z.ZodNumber;
368
367
  exp: z.ZodNumber;
369
368
  cnf: z.ZodObject<{
@@ -500,7 +499,6 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
500
499
  }>;
501
500
  }, "strip", z.ZodTypeAny, {
502
501
  iss: string;
503
- sub: string;
504
502
  iat: number;
505
503
  exp: number;
506
504
  cnf: {
@@ -533,7 +531,6 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
533
531
  };
534
532
  }, {
535
533
  iss: string;
536
- sub: string;
537
534
  iat: number;
538
535
  exp: number;
539
536
  cnf: {
@@ -565,11 +562,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
565
562
  };
566
563
  };
567
564
  }>, z.ZodObject<{
568
- type: z.ZodLiteral<"WalletInstanceAttestation">;
569
- policy_uri: z.ZodString;
570
- tos_uri: z.ZodString;
571
- logo_uri: z.ZodString;
572
- asc: z.ZodString;
565
+ sub: z.ZodString;
566
+ attested_security_context: z.ZodString;
573
567
  authorization_endpoint: z.ZodString;
574
568
  response_types_supported: z.ZodArray<z.ZodString, "many">;
575
569
  vp_formats_supported: z.ZodObject<{
@@ -605,12 +599,9 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
605
599
  request_object_signing_alg_values_supported: z.ZodArray<z.ZodString, "many">;
606
600
  presentation_definition_uri_supported: z.ZodBoolean;
607
601
  }, "strip", z.ZodTypeAny, {
608
- type: "WalletInstanceAttestation";
602
+ sub: string;
609
603
  authorization_endpoint: string;
610
- policy_uri: string;
611
- tos_uri: string;
612
- logo_uri: string;
613
- asc: string;
604
+ attested_security_context: string;
614
605
  response_types_supported: string[];
615
606
  vp_formats_supported: {
616
607
  jwt_vp_json: {
@@ -623,12 +614,9 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
623
614
  request_object_signing_alg_values_supported: string[];
624
615
  presentation_definition_uri_supported: boolean;
625
616
  }, {
626
- type: "WalletInstanceAttestation";
617
+ sub: string;
627
618
  authorization_endpoint: string;
628
- policy_uri: string;
629
- tos_uri: string;
630
- logo_uri: string;
631
- asc: string;
619
+ attested_security_context: string;
632
620
  response_types_supported: string[];
633
621
  vp_formats_supported: {
634
622
  jwt_vp_json: {
@@ -649,11 +637,10 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
649
637
  x5c?: string[] | undefined;
650
638
  trust_chain?: string[] | undefined;
651
639
  } & {
652
- typ: "va+jwt";
640
+ typ: "wallet-attestation+jwt";
653
641
  };
654
642
  payload: {
655
643
  iss: string;
656
- sub: string;
657
644
  iat: number;
658
645
  exp: number;
659
646
  cnf: {
@@ -685,12 +672,9 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
685
672
  };
686
673
  };
687
674
  } & {
688
- type: "WalletInstanceAttestation";
675
+ sub: string;
689
676
  authorization_endpoint: string;
690
- policy_uri: string;
691
- tos_uri: string;
692
- logo_uri: string;
693
- asc: string;
677
+ attested_security_context: string;
694
678
  response_types_supported: string[];
695
679
  vp_formats_supported: {
696
680
  jwt_vp_json: {
@@ -711,11 +695,10 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
711
695
  x5c?: string[] | undefined;
712
696
  trust_chain?: string[] | undefined;
713
697
  } & {
714
- typ: "va+jwt";
698
+ typ: "wallet-attestation+jwt";
715
699
  };
716
700
  payload: {
717
701
  iss: string;
718
- sub: string;
719
702
  iat: number;
720
703
  exp: number;
721
704
  cnf: {
@@ -747,12 +730,9 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
747
730
  };
748
731
  };
749
732
  } & {
750
- type: "WalletInstanceAttestation";
733
+ sub: string;
751
734
  authorization_endpoint: string;
752
- policy_uri: string;
753
- tos_uri: string;
754
- logo_uri: string;
755
- asc: string;
735
+ attested_security_context: string;
756
736
  response_types_supported: string[];
757
737
  vp_formats_supported: {
758
738
  jwt_vp_json: {
package/lib/typescript/wallet-instance-attestation/types.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/wallet-instance-attestation/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AA4BzB,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CACvD,OAAO,mCAAmC,CAC3C,CAAC;AACF,eAAO,MAAM,mCAAmC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc9C,CAAC;AAEH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,4BAA4B,CACpC,CAAC;AACF,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6BvC,CAAC"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/wallet-instance-attestation/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AA2BzB,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CACvD,OAAO,mCAAmC,CAC3C,CAAC;AACF,eAAO,MAAM,mCAAmC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAe9C,CAAC;AAEH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,4BAA4B,CACpC,CAAC;AACF,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA0BvC,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pagopa/io-react-native-wallet",
3
- "version": "0.3.0",
3
+ "version": "0.4.0",
4
4
  "description": "Provide data structures, helpers and API for IO Wallet",
5
5
  "main": "lib/commonjs/index",
6
6
  "module": "lib/module/index",
package/src/index.ts CHANGED
@@ -8,6 +8,7 @@ import * as Errors from "./utils/errors";
8
8
  import * as WalletInstanceAttestation from "./wallet-instance-attestation";
9
9
  import { getUnsignedDPop } from "./utils/dpop";
10
10
  import { RelyingPartySolution } from "./rp";
11
+ import { verifyTrustChain, getEntityConfiguration } from "./trust";
11
12
 
12
13
  export {
13
14
  PID,
@@ -16,4 +17,6 @@ export {
16
17
  Errors,
17
18
  getUnsignedDPop,
18
19
  RelyingPartySolution,
20
+ verifyTrustChain,
21
+ getEntityConfiguration,
19
22
  };
package/src/rp/__test__/index.test.ts CHANGED
@@ -20,7 +20,7 @@ describe("decodeAuthRequestQR", () => {
20
20
  });
21
21
 
22
22
  describe("RpEntityConfiguration", () => {
23
- it("should parse a valid confdsfashdhasd", async () => {
23
+ it("should parse a valid conf", async () => {
24
24
  const pp = {
25
25
  header: {
26
26
  alg: "RS256",
@@ -43,6 +43,13 @@ describe("RpEntityConfiguration", () => {
43
43
  ],
44
44
  },
45
45
  metadata: {
46
+ federation_entity: {
47
+ organization_name: "wallet-provider",
48
+ homepage_uri: "https://wallet-provider.example",
49
+ policy_uri: "https://wallet-provider.example",
50
+ logo_uri: "https://wallet-provider.example",
51
+ contacts: ["https://wallet-provider.example"],
52
+ },
46
53
  wallet_relying_party: {
47
54
  application_type: "web",
48
55
  authorization_encrypted_response_alg: [
package/src/rp/index.ts CHANGED
@@ -21,6 +21,7 @@ import {
21
21
  import uuid from "react-native-uuid";
22
22
  import type { JWK } from "@pagopa/io-react-native-jwt/lib/typescript/types";
23
23
  import { disclose } from "../sd-jwt";
24
+ import { getEntityConfiguration } from "../trust";
24
25
 
25
26
  export class RelyingPartySolution {
26
27
  relyingPartyBaseUrl: string;
@@ -264,7 +265,7 @@ export class RelyingPartySolution {
264
265
  });
265
266
 
266
267
  if (response.status === 200) {
267
- return await response.text();
268
+ return await response.json();
268
269
  }
269
270
 
270
271
  throw new IoWalletError(
@@ -301,24 +302,8 @@ export class RelyingPartySolution {
301
302
  * Obtain the relying party entity configuration.
302
303
  */
303
304
  async getEntityConfiguration(): Promise<RpEntityConfiguration> {
304
- const wellKnownUrl =
305
- this.relyingPartyBaseUrl + "/.well-known/openid-federation";
306
-
307
- const response = await this.appFetch(wellKnownUrl, {
308
- method: "GET",
309
- });
310
-
311
- if (response.status === 200) {
312
- const responseText = await response.text();
313
- const responseJwt = await decodeJwt(responseText);
314
- return RpEntityConfiguration.parse({
315
- header: responseJwt.protectedHeader,
316
- payload: responseJwt.payload,
317
- });
318
- }
319
-
320
- throw new IoWalletError(
321
- `Unable to obtain RP Entity Configuration. Response code: ${response.status}`
322
- );
305
+ return getEntityConfiguration(this.relyingPartyBaseUrl, {
306
+ appFetch: this.appFetch,
307
+ }).then(RpEntityConfiguration.parse);
323
308
  }
324
309
  }
package/src/rp/types.ts CHANGED
@@ -1,6 +1,7 @@
1
1
  import { JWK } from "../utils/jwk";
2
2
  import { UnixTime } from "../sd-jwt/types";
3
3
  import * as z from "zod";
4
+ import { EntityConfiguration } from "../trust/types";
4
5
 
5
6
  export type RequestObject = z.infer<typeof RequestObject>;
6
7
  export const RequestObject = z.object({
@@ -26,43 +27,25 @@ export const RequestObject = z.object({
26
27
  }),
27
28
  });
28
29
 
29
- // TODO: This types is WIP in technical rules
30
+ /**
31
+ * EntityConfiguration plus the metadata specific for a Relying Party entity.
32
+ */
30
33
  export type RpEntityConfiguration = z.infer<typeof RpEntityConfiguration>;
31
- export const RpEntityConfiguration = z.object({
32
- header: z.object({
33
- typ: z.literal("entity-statement+jwt"),
34
- alg: z.string(),
35
- kid: z.string(),
36
- }),
37
- payload: z.object({
38
- exp: UnixTime,
39
- iat: UnixTime,
40
- iss: z.string(),
41
- sub: z.string(),
42
- jwks: z.object({
43
- keys: z.array(JWK),
44
- }),
45
- metadata: z.object({
46
- wallet_relying_party: z.object({
47
- application_type: z.string(),
48
- client_id: z.string(),
49
- client_name: z.string(),
50
- jwks: z.array(JWK),
51
- contacts: z.array(z.string()),
34
+ export const RpEntityConfiguration = EntityConfiguration.and(
35
+ z.object({
36
+ payload: z.object({
37
+ metadata: z.object({
38
+ wallet_relying_party: z.object({
39
+ application_type: z.string(),
40
+ client_id: z.string(),
41
+ client_name: z.string(),
42
+ jwks: z.array(JWK),
43
+ contacts: z.array(z.string()),
44
+ }),
52
45
  }),
53
- // FIXME: SIW-422 require federation_metadata field
54
- // Actual RP implementation does not comply with the spec
55
- /* federation_entity: z.object({
56
- organization_name: z.string(),
57
- homepage_uri: z.string(),
58
- policy_uri: z.string(),
59
- logo_uri: z.string(),
60
- contacts: z.array(z.string()),
61
- }), */
62
46
  }),
63
- authority_hints: z.array(z.string()),
64
- }),
65
- });
47
+ })
48
+ );
66
49
 
67
50
  export type QRCodePayload = z.infer<typeof QRCodePayload>;
68
51
  export const QRCodePayload = z.object({
package/src/trust/chain.ts ADDED
@@ -0,0 +1,109 @@
1
+ import {
2
+ decode as decodeJwt,
3
+ verify as verifyJwt,
4
+ } from "@pagopa/io-react-native-jwt";
5
+ import {
6
+ EntityConfiguration,
7
+ EntityStatement,
8
+ TrustAnchorEntityConfiguration,
9
+ } from "./types";
10
+ import { JWK } from "../utils/jwk";
11
+ import { IoWalletError } from "../utils/errors";
12
+ import * as z from "zod";
13
+ import type { JWTDecodeResult } from "@pagopa/io-react-native-jwt/lib/typescript/types";
14
+
15
+ type ParsedToken = {
16
+ header: JWTDecodeResult["protectedHeader"];
17
+ payload: JWTDecodeResult["payload"];
18
+ };
19
+
20
+ // Verify a token signature
21
+ // The kid is extracted from the token header
22
+ const verify = async (
23
+ token: string,
24
+ kid: string,
25
+ jwks: JWK[]
26
+ ): Promise<ParsedToken> => {
27
+ const jwk = jwks.find((k) => k.kid === kid);
28
+ if (!jwk) {
29
+ throw new Error(`Invalid kid: ${kid}, token: ${token}`);
30
+ }
31
+ const { protectedHeader: header, payload } = await verifyJwt(token, jwk);
32
+ return { header, payload };
33
+ };
34
+
35
+ const decode = (token: string) => {
36
+ const { protectedHeader: header, payload } = decodeJwt(token);
37
+ return { header, payload };
38
+ };
39
+
40
+ // The first element of the chain is supposed to be the Entity Configuration for the document issuer
41
+ const FirstElementShape = EntityConfiguration;
42
+ // Each element but the first is supposed to be an Entity Statement
43
+ const MiddleElementShape = EntityStatement;
44
+ // The last element of the chain can either be an Entity Statement
45
+ // or the Entity Configuration for the known Trust Anchor
46
+ const LastElementShape = z.union([
47
+ EntityStatement,
48
+ TrustAnchorEntityConfiguration,
49
+ ]);
50
+
51
+ /**
52
+ * Validates a provided trust chain against a known trust
53
+ *
54
+ * @param trustAnchorEntity
55
+ * @param chain
56
+ * @returns The list of parsed token representing the chain
57
+ * @throws {IoWalletError} If the chain is not valid
58
+ */
59
+ export async function verifyTrustChain(
60
+ trustAnchorEntity: TrustAnchorEntityConfiguration,
61
+ chain: string[]
62
+ ): Promise<ParsedToken[]> {
63
+ // If the chain is empty, fail
64
+ if (chain.length === 0) {
65
+ throw new IoWalletError("Cannot verify empty trust chain");
66
+ }
67
+
68
+ // Select the expected token shape
69
+ const selectTokenShape = (elementIndex: number) =>
70
+ elementIndex === 0
71
+ ? FirstElementShape
72
+ : elementIndex === chain.length - 1
73
+ ? LastElementShape
74
+ : MiddleElementShape;
75
+
76
+ // select the kid from the current index
77
+ const selectKid = (currentIndex: number): string => {
78
+ const token = chain[currentIndex];
79
+ if (!token) {
80
+ throw new IoWalletError(`Cannot select kid: empty token`);
81
+ }
82
+ const shape = selectTokenShape(currentIndex);
83
+ return shape.parse(decode(token)).header.kid;
84
+ };
85
+
86
+ // select keys from the next token
87
+ // if the current token is the last, keys fro trust anchor will be used
88
+ const selectKeys = (currentIndex: number): JWK[] => {
89
+ if (currentIndex === chain.length - 1) {
90
+ return trustAnchorEntity.payload.jwks.keys;
91
+ }
92
+
93
+ const nextIndex = currentIndex + 1;
94
+ const nextToken = chain[nextIndex];
95
+ if (!nextToken) {
96
+ throw new IoWalletError(`Cannot select keys: empty nextToken`);
97
+ }
98
+ const shape = selectTokenShape(nextIndex);
99
+ return shape.parse(decode(nextToken)).payload.jwks.keys;
100
+ };
101
+
102
+ // Iterate the chain and validate each element's signature against the public keys of its next
103
+ // If there is no next, hence it's the end of the chain and it must be verified by the Trust Anchor
104
+ return Promise.all(
105
+ chain
106
+ .map((token, i) => [token, selectKid(i), selectKeys(i)] as const)
107
+ .map((args) => verify(...args))
108
+ );
109
+ }
package/src/trust/index.ts ADDED
@@ -0,0 +1,43 @@
1
+ import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
2
+ import { EntityConfiguration } from "./types";
3
+ import { IoWalletError } from "../utils/errors";
4
+ import { verifyTrustChain } from "./chain";
5
+
6
+ export { verifyTrustChain };
7
+
8
+ /**
9
+ * Fetch and parse teh entity configuration document for a given federation entity
10
+ *
11
+ * @param entityBaseUrl The base url of the entity.
12
+ * @param options.appFetch An optional instance of the http client to be used.
13
+ * @returns The parsed entity configuration object
14
+ * @throws {IoWalletError} If the http request fails
15
+ * @throws Parse error if the document is not in the expected shape.
16
+ */
17
+ export async function getEntityConfiguration(
18
+ entityBaseUrl: string,
19
+ {
20
+ appFetch = fetch,
21
+ }: {
22
+ appFetch?: GlobalFetch["fetch"];
23
+ } = {}
24
+ ): Promise<EntityConfiguration> {
25
+ const wellKnownUrl = `${entityBaseUrl}/.well-known/openid-federation`;
26
+
27
+ const response = await appFetch(wellKnownUrl, {
28
+ method: "GET",
29
+ });
30
+
31
+ if (response.status === 200) {
32
+ const responseText = await response.text();
33
+ const responseJwt = decodeJwt(responseText);
34
+ return EntityConfiguration.parse({
35
+ header: responseJwt.protectedHeader,
36
+ payload: responseJwt.payload,
37
+ });
38
+ }
39
+
40
+ throw new IoWalletError(
41
+ `Unable to obtain Entity Configuration at ${wellKnownUrl}. Response code: ${response.status}`
42
+ );
43
+ }
package/src/trust/types.ts ADDED
@@ -0,0 +1,56 @@
1
+ import { UnixTime } from "../sd-jwt/types";
2
+ import { JWK } from "../utils/jwk";
3
+ import * as z from "zod";
4
+
5
+ export const TrustMark = z.object({ id: z.string(), trust_mark: z.string() });
6
+ export type TrustMark = z.infer<typeof TrustMark>;
7
+
8
+ export type EntityStatement = z.infer<typeof EntityStatement>;
9
+ export const EntityStatement = z.object({
10
+ header: z.object({
11
+ typ: z.literal("entity-statement+jwt"),
12
+ alg: z.string(),
13
+ kid: z.string(),
14
+ }),
15
+ payload: z.object({
16
+ iss: z.string(),
17
+ sub: z.string(),
18
+ jwks: z.object({ keys: z.array(JWK) }),
19
+ trust_marks: z.array(TrustMark),
20
+ iat: z.number(),
21
+ exp: z.number(),
22
+ }),
23
+ });
24
+
25
+ export type EntityConfiguration = z.infer<typeof EntityConfiguration>;
26
+ export const EntityConfiguration = z.object({
27
+ header: z.object({
28
+ typ: z.literal("entity-statement+jwt"),
29
+ alg: z.string(),
30
+ kid: z.string(),
31
+ }),
32
+ payload: z.object({
33
+ exp: UnixTime,
34
+ iat: UnixTime,
35
+ iss: z.string(),
36
+ sub: z.string(),
37
+ jwks: z.object({
38
+ keys: z.array(JWK),
39
+ }),
40
+ metadata: z.object({
41
+ federation_entity: z.object({
42
+ organization_name: z.string(),
43
+ homepage_uri: z.string(),
44
+ policy_uri: z.string(),
45
+ logo_uri: z.string(),
46
+ contacts: z.array(z.string()),
47
+ }),
48
+ }),
49
+ authority_hints: z.array(z.string()),
50
+ }),
51
+ });
52
+
53
+ export type TrustAnchorEntityConfiguration = z.infer<
54
+ typeof TrustAnchorEntityConfiguration
55
+ >;
56
+ export const TrustAnchorEntityConfiguration = EntityConfiguration;
package/src/wallet-instance-attestation/issuing.ts CHANGED
@@ -34,9 +34,9 @@ export class Issuing {
34
34
 
35
35
  const walletInstanceAttestationRequest = new SignJWT({
36
36
  iss: keyThumbprint,
37
- sub: this.walletProviderBaseUrl,
37
+ aud: this.walletProviderBaseUrl,
38
38
  jti: `${uuid.v4()}`,
39
- type: "WalletInstanceAttestationRequest",
39
+ nonce: `${uuid.v4()}`,
40
40
  cnf: {
41
41
  jwk: fixBase64EncodingOnKey(publicKey),
42
42
  },
@@ -44,7 +44,7 @@ export class Issuing {
44
44
  .setProtectedHeader({
45
45
  alg: "ES256",
46
46
  kid: publicKey.kid,
47
- typ: "var+jwt",
47
+ typ: "wiar+jwt",
48
48
  })
49
49
  .setIssuedAt()
50
50
  .setExpirationTime("1h")
@@ -87,7 +87,7 @@ export class Issuing {
87
87
  const tokenUrl = new URL("token", this.walletProviderBaseUrl).href;
88
88
  const requestBody = {
89
89
  grant_type:
90
- "urn:ietf:params:oauth:client-assertion-type:jwt-key-attestation",
90
+ "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation",
91
91
  assertion: signedAttestationRequest,
92
92
  };
93
93
  const response = await this.appFetch(tokenUrl, {