@pagopa/io-react-native-wallet 0.3.1 → 0.4.1
Sign up to get free protection for your applications and to get access to all the features.
- package/README.md +57 -24
- package/lib/commonjs/index.js +39 -0
- package/lib/commonjs/index.js.map +1 -1
- package/lib/commonjs/rp/__test__/index.test.js +8 -1
- package/lib/commonjs/rp/__test__/index.test.js.map +1 -1
- package/lib/commonjs/rp/index.js +4 -13
- package/lib/commonjs/rp/index.js.map +1 -1
- package/lib/commonjs/rp/types.js +12 -32
- package/lib/commonjs/rp/types.js.map +1 -1
- package/lib/commonjs/trust/chain.js +94 -0
- package/lib/commonjs/trust/chain.js.map +1 -0
- package/lib/commonjs/trust/index.js +44 -0
- package/lib/commonjs/trust/index.js.map +1 -0
- package/lib/commonjs/trust/types.js +68 -0
- package/lib/commonjs/trust/types.js.map +1 -0
- package/lib/commonjs/wallet-instance-attestation/issuing.js +4 -4
- package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/commonjs/wallet-instance-attestation/types.js +6 -9
- package/lib/commonjs/wallet-instance-attestation/types.js.map +1 -1
- package/lib/module/index.js +4 -1
- package/lib/module/index.js.map +1 -1
- package/lib/module/rp/__test__/index.test.js +8 -1
- package/lib/module/rp/__test__/index.test.js.map +1 -1
- package/lib/module/rp/index.js +4 -13
- package/lib/module/rp/index.js.map +1 -1
- package/lib/module/rp/types.js +12 -32
- package/lib/module/rp/types.js.map +1 -1
- package/lib/module/trust/chain.js +86 -0
- package/lib/module/trust/chain.js.map +1 -0
- package/lib/module/trust/index.js +34 -0
- package/lib/module/trust/index.js.map +1 -0
- package/lib/module/trust/types.js +56 -0
- package/lib/module/trust/types.js.map +1 -0
- package/lib/module/wallet-instance-attestation/issuing.js +4 -4
- package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/module/wallet-instance-attestation/types.js +6 -9
- package/lib/module/wallet-instance-attestation/types.js.map +1 -1
- package/lib/typescript/index.d.ts +4 -1
- package/lib/typescript/index.d.ts.map +1 -1
- package/lib/typescript/rp/index.d.ts.map +1 -1
- package/lib/typescript/rp/types.d.ts +463 -180
- package/lib/typescript/rp/types.d.ts.map +1 -1
- package/lib/typescript/trust/chain.d.ts +17 -0
- package/lib/typescript/trust/chain.d.ts.map +1 -0
- package/lib/typescript/trust/index.d.ts +16 -0
- package/lib/typescript/trust/index.d.ts.map +1 -0
- package/lib/typescript/trust/types.d.ts +1225 -0
- package/lib/typescript/trust/types.d.ts.map +1 -0
- package/lib/typescript/wallet-instance-attestation/types.d.ts +30 -50
- package/lib/typescript/wallet-instance-attestation/types.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/index.ts +13 -0
- package/src/rp/__test__/index.test.ts +8 -1
- package/src/rp/index.ts +4 -19
- package/src/rp/types.ts +19 -34
- package/src/trust/chain.ts +109 -0
- package/src/trust/index.ts +43 -0
- package/src/trust/types.ts +64 -0
- package/src/wallet-instance-attestation/issuing.ts +4 -4
- package/src/wallet-instance-attestation/types.ts +6 -9
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/trust/types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,eAAO,MAAM,SAAS;;;;;;;;;EAAuD,CAAC;AAC9E,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,SAAS,CAAC,CAAC;AAElD,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAC9D,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc1B,CAAC;AAEH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AACtE,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiC9B,CAAC;AAEH,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAClD,OAAO,8BAA8B,CACtC,CAAC;AACF,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAAsB,CAAC"}
|
@@ -20,15 +20,14 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
|
|
20
20
|
x5c?: string[] | undefined;
|
21
21
|
trust_chain?: string[] | undefined;
|
22
22
|
}>, z.ZodObject<{
|
23
|
-
typ: z.ZodLiteral<"
|
23
|
+
typ: z.ZodLiteral<"wiar+jwt">;
|
24
24
|
}, "strip", z.ZodTypeAny, {
|
25
|
-
typ: "
|
25
|
+
typ: "wiar+jwt";
|
26
26
|
}, {
|
27
|
-
typ: "
|
27
|
+
typ: "wiar+jwt";
|
28
28
|
}>>;
|
29
29
|
payload: z.ZodIntersection<z.ZodObject<{
|
30
30
|
iss: z.ZodString;
|
31
|
-
sub: z.ZodString;
|
32
31
|
iat: z.ZodNumber;
|
33
32
|
exp: z.ZodNumber;
|
34
33
|
cnf: z.ZodObject<{
|
@@ -165,7 +164,6 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
|
|
165
164
|
}>;
|
166
165
|
}, "strip", z.ZodTypeAny, {
|
167
166
|
iss: string;
|
168
|
-
sub: string;
|
169
167
|
iat: number;
|
170
168
|
exp: number;
|
171
169
|
cnf: {
|
@@ -198,7 +196,6 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
|
|
198
196
|
};
|
199
197
|
}, {
|
200
198
|
iss: string;
|
201
|
-
sub: string;
|
202
199
|
iat: number;
|
203
200
|
exp: number;
|
204
201
|
cnf: {
|
@@ -230,14 +227,17 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
|
|
230
227
|
};
|
231
228
|
};
|
232
229
|
}>, z.ZodObject<{
|
230
|
+
aud: z.ZodString;
|
233
231
|
jti: z.ZodString;
|
234
|
-
|
232
|
+
nonce: z.ZodString;
|
235
233
|
}, "strip", z.ZodTypeAny, {
|
236
|
-
type: "WalletInstanceAttestationRequest";
|
237
234
|
jti: string;
|
235
|
+
nonce: string;
|
236
|
+
aud: string;
|
238
237
|
}, {
|
239
|
-
type: "WalletInstanceAttestationRequest";
|
240
238
|
jti: string;
|
239
|
+
nonce: string;
|
240
|
+
aud: string;
|
241
241
|
}>>;
|
242
242
|
}, "strip", z.ZodTypeAny, {
|
243
243
|
header: {
|
@@ -247,11 +247,10 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
|
|
247
247
|
x5c?: string[] | undefined;
|
248
248
|
trust_chain?: string[] | undefined;
|
249
249
|
} & {
|
250
|
-
typ: "
|
250
|
+
typ: "wiar+jwt";
|
251
251
|
};
|
252
252
|
payload: {
|
253
253
|
iss: string;
|
254
|
-
sub: string;
|
255
254
|
iat: number;
|
256
255
|
exp: number;
|
257
256
|
cnf: {
|
@@ -283,8 +282,9 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
|
|
283
282
|
};
|
284
283
|
};
|
285
284
|
} & {
|
286
|
-
type: "WalletInstanceAttestationRequest";
|
287
285
|
jti: string;
|
286
|
+
nonce: string;
|
287
|
+
aud: string;
|
288
288
|
};
|
289
289
|
}, {
|
290
290
|
header: {
|
@@ -294,11 +294,10 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
|
|
294
294
|
x5c?: string[] | undefined;
|
295
295
|
trust_chain?: string[] | undefined;
|
296
296
|
} & {
|
297
|
-
typ: "
|
297
|
+
typ: "wiar+jwt";
|
298
298
|
};
|
299
299
|
payload: {
|
300
300
|
iss: string;
|
301
|
-
sub: string;
|
302
301
|
iat: number;
|
303
302
|
exp: number;
|
304
303
|
cnf: {
|
@@ -330,8 +329,9 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
|
|
330
329
|
};
|
331
330
|
};
|
332
331
|
} & {
|
333
|
-
type: "WalletInstanceAttestationRequest";
|
334
332
|
jti: string;
|
333
|
+
nonce: string;
|
334
|
+
aud: string;
|
335
335
|
};
|
336
336
|
}>;
|
337
337
|
export type WalletInstanceAttestationJwt = z.infer<typeof WalletInstanceAttestationJwt>;
|
@@ -355,15 +355,14 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
|
|
355
355
|
x5c?: string[] | undefined;
|
356
356
|
trust_chain?: string[] | undefined;
|
357
357
|
}>, z.ZodObject<{
|
358
|
-
typ: z.ZodLiteral<"
|
358
|
+
typ: z.ZodLiteral<"wallet-attestation+jwt">;
|
359
359
|
}, "strip", z.ZodTypeAny, {
|
360
|
-
typ: "
|
360
|
+
typ: "wallet-attestation+jwt";
|
361
361
|
}, {
|
362
|
-
typ: "
|
362
|
+
typ: "wallet-attestation+jwt";
|
363
363
|
}>>;
|
364
364
|
payload: z.ZodIntersection<z.ZodObject<{
|
365
365
|
iss: z.ZodString;
|
366
|
-
sub: z.ZodString;
|
367
366
|
iat: z.ZodNumber;
|
368
367
|
exp: z.ZodNumber;
|
369
368
|
cnf: z.ZodObject<{
|
@@ -500,7 +499,6 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
|
|
500
499
|
}>;
|
501
500
|
}, "strip", z.ZodTypeAny, {
|
502
501
|
iss: string;
|
503
|
-
sub: string;
|
504
502
|
iat: number;
|
505
503
|
exp: number;
|
506
504
|
cnf: {
|
@@ -533,7 +531,6 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
|
|
533
531
|
};
|
534
532
|
}, {
|
535
533
|
iss: string;
|
536
|
-
sub: string;
|
537
534
|
iat: number;
|
538
535
|
exp: number;
|
539
536
|
cnf: {
|
@@ -565,11 +562,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
|
|
565
562
|
};
|
566
563
|
};
|
567
564
|
}>, z.ZodObject<{
|
568
|
-
|
569
|
-
|
570
|
-
tos_uri: z.ZodString;
|
571
|
-
logo_uri: z.ZodString;
|
572
|
-
asc: z.ZodString;
|
565
|
+
sub: z.ZodString;
|
566
|
+
attested_security_context: z.ZodString;
|
573
567
|
authorization_endpoint: z.ZodString;
|
574
568
|
response_types_supported: z.ZodArray<z.ZodString, "many">;
|
575
569
|
vp_formats_supported: z.ZodObject<{
|
@@ -605,12 +599,9 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
|
|
605
599
|
request_object_signing_alg_values_supported: z.ZodArray<z.ZodString, "many">;
|
606
600
|
presentation_definition_uri_supported: z.ZodBoolean;
|
607
601
|
}, "strip", z.ZodTypeAny, {
|
608
|
-
|
602
|
+
sub: string;
|
609
603
|
authorization_endpoint: string;
|
610
|
-
|
611
|
-
tos_uri: string;
|
612
|
-
logo_uri: string;
|
613
|
-
asc: string;
|
604
|
+
attested_security_context: string;
|
614
605
|
response_types_supported: string[];
|
615
606
|
vp_formats_supported: {
|
616
607
|
jwt_vp_json: {
|
@@ -623,12 +614,9 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
|
|
623
614
|
request_object_signing_alg_values_supported: string[];
|
624
615
|
presentation_definition_uri_supported: boolean;
|
625
616
|
}, {
|
626
|
-
|
617
|
+
sub: string;
|
627
618
|
authorization_endpoint: string;
|
628
|
-
|
629
|
-
tos_uri: string;
|
630
|
-
logo_uri: string;
|
631
|
-
asc: string;
|
619
|
+
attested_security_context: string;
|
632
620
|
response_types_supported: string[];
|
633
621
|
vp_formats_supported: {
|
634
622
|
jwt_vp_json: {
|
@@ -649,11 +637,10 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
|
|
649
637
|
x5c?: string[] | undefined;
|
650
638
|
trust_chain?: string[] | undefined;
|
651
639
|
} & {
|
652
|
-
typ: "
|
640
|
+
typ: "wallet-attestation+jwt";
|
653
641
|
};
|
654
642
|
payload: {
|
655
643
|
iss: string;
|
656
|
-
sub: string;
|
657
644
|
iat: number;
|
658
645
|
exp: number;
|
659
646
|
cnf: {
|
@@ -685,12 +672,9 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
|
|
685
672
|
};
|
686
673
|
};
|
687
674
|
} & {
|
688
|
-
|
675
|
+
sub: string;
|
689
676
|
authorization_endpoint: string;
|
690
|
-
|
691
|
-
tos_uri: string;
|
692
|
-
logo_uri: string;
|
693
|
-
asc: string;
|
677
|
+
attested_security_context: string;
|
694
678
|
response_types_supported: string[];
|
695
679
|
vp_formats_supported: {
|
696
680
|
jwt_vp_json: {
|
@@ -711,11 +695,10 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
|
|
711
695
|
x5c?: string[] | undefined;
|
712
696
|
trust_chain?: string[] | undefined;
|
713
697
|
} & {
|
714
|
-
typ: "
|
698
|
+
typ: "wallet-attestation+jwt";
|
715
699
|
};
|
716
700
|
payload: {
|
717
701
|
iss: string;
|
718
|
-
sub: string;
|
719
702
|
iat: number;
|
720
703
|
exp: number;
|
721
704
|
cnf: {
|
@@ -747,12 +730,9 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
|
|
747
730
|
};
|
748
731
|
};
|
749
732
|
} & {
|
750
|
-
|
733
|
+
sub: string;
|
751
734
|
authorization_endpoint: string;
|
752
|
-
|
753
|
-
tos_uri: string;
|
754
|
-
logo_uri: string;
|
755
|
-
asc: string;
|
735
|
+
attested_security_context: string;
|
756
736
|
response_types_supported: string[];
|
757
737
|
vp_formats_supported: {
|
758
738
|
jwt_vp_json: {
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/wallet-instance-attestation/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/wallet-instance-attestation/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AA2BzB,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CACvD,OAAO,mCAAmC,CAC3C,CAAC;AACF,eAAO,MAAM,mCAAmC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAe9C,CAAC;AAEH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,4BAA4B,CACpC,CAAC;AACF,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA0BvC,CAAC"}
|
package/package.json
CHANGED
package/src/index.ts
CHANGED
@@ -8,6 +8,13 @@ import * as Errors from "./utils/errors";
|
|
8
8
|
import * as WalletInstanceAttestation from "./wallet-instance-attestation";
|
9
9
|
import { getUnsignedDPop } from "./utils/dpop";
|
10
10
|
import { RelyingPartySolution } from "./rp";
|
11
|
+
import { RpEntityConfiguration } from "./rp/types";
|
12
|
+
import { verifyTrustChain, getEntityConfiguration } from "./trust";
|
13
|
+
import {
|
14
|
+
EntityConfiguration,
|
15
|
+
EntityStatement,
|
16
|
+
TrustAnchorEntityConfiguration,
|
17
|
+
} from "./trust/types";
|
11
18
|
|
12
19
|
export {
|
13
20
|
PID,
|
@@ -16,4 +23,10 @@ export {
|
|
16
23
|
Errors,
|
17
24
|
getUnsignedDPop,
|
18
25
|
RelyingPartySolution,
|
26
|
+
verifyTrustChain,
|
27
|
+
getEntityConfiguration,
|
28
|
+
EntityConfiguration,
|
29
|
+
EntityStatement,
|
30
|
+
RpEntityConfiguration,
|
31
|
+
TrustAnchorEntityConfiguration,
|
19
32
|
};
|
@@ -20,7 +20,7 @@ describe("decodeAuthRequestQR", () => {
|
|
20
20
|
});
|
21
21
|
|
22
22
|
describe("RpEntityConfiguration", () => {
|
23
|
-
it("should parse a valid
|
23
|
+
it("should parse a valid conf", async () => {
|
24
24
|
const pp = {
|
25
25
|
header: {
|
26
26
|
alg: "RS256",
|
@@ -43,6 +43,13 @@ describe("RpEntityConfiguration", () => {
|
|
43
43
|
],
|
44
44
|
},
|
45
45
|
metadata: {
|
46
|
+
federation_entity: {
|
47
|
+
organization_name: "wallet-provider",
|
48
|
+
homepage_uri: "https://wallet-provider.example",
|
49
|
+
policy_uri: "https://wallet-provider.example",
|
50
|
+
logo_uri: "https://wallet-provider.example",
|
51
|
+
contacts: ["https://wallet-provider.example"],
|
52
|
+
},
|
46
53
|
wallet_relying_party: {
|
47
54
|
application_type: "web",
|
48
55
|
authorization_encrypted_response_alg: [
|
package/src/rp/index.ts
CHANGED
@@ -21,6 +21,7 @@ import {
|
|
21
21
|
import uuid from "react-native-uuid";
|
22
22
|
import type { JWK } from "@pagopa/io-react-native-jwt/lib/typescript/types";
|
23
23
|
import { disclose } from "../sd-jwt";
|
24
|
+
import { getEntityConfiguration } from "../trust";
|
24
25
|
|
25
26
|
export class RelyingPartySolution {
|
26
27
|
relyingPartyBaseUrl: string;
|
@@ -301,24 +302,8 @@ export class RelyingPartySolution {
|
|
301
302
|
* Obtain the relying party entity configuration.
|
302
303
|
*/
|
303
304
|
async getEntityConfiguration(): Promise<RpEntityConfiguration> {
|
304
|
-
|
305
|
-
this.
|
306
|
-
|
307
|
-
const response = await this.appFetch(wellKnownUrl, {
|
308
|
-
method: "GET",
|
309
|
-
});
|
310
|
-
|
311
|
-
if (response.status === 200) {
|
312
|
-
const responseText = await response.text();
|
313
|
-
const responseJwt = await decodeJwt(responseText);
|
314
|
-
return RpEntityConfiguration.parse({
|
315
|
-
header: responseJwt.protectedHeader,
|
316
|
-
payload: responseJwt.payload,
|
317
|
-
});
|
318
|
-
}
|
319
|
-
|
320
|
-
throw new IoWalletError(
|
321
|
-
`Unable to obtain RP Entity Configuration. Response code: ${response.status}`
|
322
|
-
);
|
305
|
+
return getEntityConfiguration(this.relyingPartyBaseUrl, {
|
306
|
+
appFetch: this.appFetch,
|
307
|
+
}).then(RpEntityConfiguration.parse);
|
323
308
|
}
|
324
309
|
}
|
package/src/rp/types.ts
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
import { JWK } from "../utils/jwk";
|
2
2
|
import { UnixTime } from "../sd-jwt/types";
|
3
3
|
import * as z from "zod";
|
4
|
+
import { EntityConfiguration } from "../trust/types";
|
4
5
|
|
5
6
|
export type RequestObject = z.infer<typeof RequestObject>;
|
6
7
|
export const RequestObject = z.object({
|
@@ -26,43 +27,27 @@ export const RequestObject = z.object({
|
|
26
27
|
}),
|
27
28
|
});
|
28
29
|
|
29
|
-
|
30
|
+
/**
|
31
|
+
* EntityConfiguration plus the metadata specific for a Relying Party entity.
|
32
|
+
*/
|
30
33
|
export type RpEntityConfiguration = z.infer<typeof RpEntityConfiguration>;
|
31
|
-
export const RpEntityConfiguration =
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
}),
|
45
|
-
metadata: z.object({
|
46
|
-
wallet_relying_party: z.object({
|
47
|
-
application_type: z.string(),
|
48
|
-
client_id: z.string(),
|
49
|
-
client_name: z.string(),
|
50
|
-
jwks: z.array(JWK),
|
51
|
-
contacts: z.array(z.string()),
|
34
|
+
export const RpEntityConfiguration = EntityConfiguration.and(
|
35
|
+
z.object({
|
36
|
+
payload: z.object({
|
37
|
+
metadata: z.object({
|
38
|
+
wallet_relying_party: z
|
39
|
+
.object({
|
40
|
+
application_type: z.string().optional(),
|
41
|
+
client_id: z.string().optional(),
|
42
|
+
client_name: z.string().optional(),
|
43
|
+
jwks: z.array(JWK),
|
44
|
+
contacts: z.array(z.string()).optional(),
|
45
|
+
})
|
46
|
+
.passthrough(),
|
52
47
|
}),
|
53
|
-
// FIXME: SIW-422 require federation_metadata field
|
54
|
-
// Actual RP implementation does not comply with the spec
|
55
|
-
/* federation_entity: z.object({
|
56
|
-
organization_name: z.string(),
|
57
|
-
homepage_uri: z.string(),
|
58
|
-
policy_uri: z.string(),
|
59
|
-
logo_uri: z.string(),
|
60
|
-
contacts: z.array(z.string()),
|
61
|
-
}), */
|
62
48
|
}),
|
63
|
-
|
64
|
-
|
65
|
-
});
|
49
|
+
})
|
50
|
+
);
|
66
51
|
|
67
52
|
export type QRCodePayload = z.infer<typeof QRCodePayload>;
|
68
53
|
export const QRCodePayload = z.object({
|
@@ -0,0 +1,109 @@
|
|
1
|
+
import {
|
2
|
+
decode as decodeJwt,
|
3
|
+
verify as verifyJwt,
|
4
|
+
} from "@pagopa/io-react-native-jwt";
|
5
|
+
import {
|
6
|
+
EntityConfiguration,
|
7
|
+
EntityStatement,
|
8
|
+
TrustAnchorEntityConfiguration,
|
9
|
+
} from "./types";
|
10
|
+
import { JWK } from "../utils/jwk";
|
11
|
+
import { IoWalletError } from "../utils/errors";
|
12
|
+
import * as z from "zod";
|
13
|
+
import type { JWTDecodeResult } from "@pagopa/io-react-native-jwt/lib/typescript/types";
|
14
|
+
|
15
|
+
type ParsedToken = {
|
16
|
+
header: JWTDecodeResult["protectedHeader"];
|
17
|
+
payload: JWTDecodeResult["payload"];
|
18
|
+
};
|
19
|
+
|
20
|
+
// Verify a token signature
|
21
|
+
// The kid is extracted from the token header
|
22
|
+
const verify = async (
|
23
|
+
token: string,
|
24
|
+
kid: string,
|
25
|
+
jwks: JWK[]
|
26
|
+
): Promise<ParsedToken> => {
|
27
|
+
const jwk = jwks.find((k) => k.kid === kid);
|
28
|
+
if (!jwk) {
|
29
|
+
throw new Error(`Invalid kid: ${kid}, token: ${token}`);
|
30
|
+
}
|
31
|
+
const { protectedHeader: header, payload } = await verifyJwt(token, jwk);
|
32
|
+
return { header, payload };
|
33
|
+
};
|
34
|
+
|
35
|
+
const decode = (token: string) => {
|
36
|
+
const { protectedHeader: header, payload } = decodeJwt(token);
|
37
|
+
return { header, payload };
|
38
|
+
};
|
39
|
+
|
40
|
+
// The first element of the chain is supposed to be the Entity Configuration for the document issuer
|
41
|
+
const FirstElementShape = EntityConfiguration;
|
42
|
+
// Each element but the first is supposed to be an Entity Statement
|
43
|
+
const MiddleElementShape = EntityStatement;
|
44
|
+
// The last element of the chain can either be an Entity Statement
|
45
|
+
// or the Entity Configuration for the known Trust Anchor
|
46
|
+
const LastElementShape = z.union([
|
47
|
+
EntityStatement,
|
48
|
+
TrustAnchorEntityConfiguration,
|
49
|
+
]);
|
50
|
+
|
51
|
+
/**
|
52
|
+
* Validates a provided trust chain against a known trust
|
53
|
+
*
|
54
|
+
* @param trustAnchorEntity
|
55
|
+
* @param chain
|
56
|
+
* @returns The list of parsed token representing the chain
|
57
|
+
* @throws {IoWalletError} If the chain is not valid
|
58
|
+
*/
|
59
|
+
export async function verifyTrustChain(
|
60
|
+
trustAnchorEntity: TrustAnchorEntityConfiguration,
|
61
|
+
chain: string[]
|
62
|
+
): Promise<ParsedToken[]> {
|
63
|
+
// If the chain is empty, fail
|
64
|
+
if (chain.length === 0) {
|
65
|
+
throw new IoWalletError("Cannot verify empty trust chain");
|
66
|
+
}
|
67
|
+
|
68
|
+
// Select the expected token shape
|
69
|
+
const selectTokenShape = (elementIndex: number) =>
|
70
|
+
elementIndex === 0
|
71
|
+
? FirstElementShape
|
72
|
+
: elementIndex === chain.length - 1
|
73
|
+
? LastElementShape
|
74
|
+
: MiddleElementShape;
|
75
|
+
|
76
|
+
// select the kid from the current index
|
77
|
+
const selectKid = (currentIndex: number): string => {
|
78
|
+
const token = chain[currentIndex];
|
79
|
+
if (!token) {
|
80
|
+
throw new IoWalletError(`Cannot select kid: empty token`);
|
81
|
+
}
|
82
|
+
const shape = selectTokenShape(currentIndex);
|
83
|
+
return shape.parse(decode(token)).header.kid;
|
84
|
+
};
|
85
|
+
|
86
|
+
// select keys from the next token
|
87
|
+
// if the current token is the last, keys fro trust anchor will be used
|
88
|
+
const selectKeys = (currentIndex: number): JWK[] => {
|
89
|
+
if (currentIndex === chain.length - 1) {
|
90
|
+
return trustAnchorEntity.payload.jwks.keys;
|
91
|
+
}
|
92
|
+
|
93
|
+
const nextIndex = currentIndex + 1;
|
94
|
+
const nextToken = chain[nextIndex];
|
95
|
+
if (!nextToken) {
|
96
|
+
throw new IoWalletError(`Cannot select keys: empty nextToken`);
|
97
|
+
}
|
98
|
+
const shape = selectTokenShape(nextIndex);
|
99
|
+
return shape.parse(decode(nextToken)).payload.jwks.keys;
|
100
|
+
};
|
101
|
+
|
102
|
+
// Iterate the chain and validate each element's signature against the public keys of its next
|
103
|
+
// If there is no next, hence it's the end of the chain and it must be verified by the Trust Anchor
|
104
|
+
return Promise.all(
|
105
|
+
chain
|
106
|
+
.map((token, i) => [token, selectKid(i), selectKeys(i)] as const)
|
107
|
+
.map((args) => verify(...args))
|
108
|
+
);
|
109
|
+
}
|
@@ -0,0 +1,43 @@
|
|
1
|
+
import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
|
2
|
+
import { EntityConfiguration } from "./types";
|
3
|
+
import { IoWalletError } from "../utils/errors";
|
4
|
+
import { verifyTrustChain } from "./chain";
|
5
|
+
|
6
|
+
export { verifyTrustChain };
|
7
|
+
|
8
|
+
/**
|
9
|
+
* Fetch and parse teh entity configuration document for a given federation entity
|
10
|
+
*
|
11
|
+
* @param entityBaseUrl The base url of the entity.
|
12
|
+
* @param options.appFetch An optional instance of the http client to be used.
|
13
|
+
* @returns The parsed entity configuration object
|
14
|
+
* @throws {IoWalletError} If the http request fails
|
15
|
+
* @throws Parse error if the document is not in the expected shape.
|
16
|
+
*/
|
17
|
+
export async function getEntityConfiguration(
|
18
|
+
entityBaseUrl: string,
|
19
|
+
{
|
20
|
+
appFetch = fetch,
|
21
|
+
}: {
|
22
|
+
appFetch?: GlobalFetch["fetch"];
|
23
|
+
} = {}
|
24
|
+
): Promise<EntityConfiguration> {
|
25
|
+
const wellKnownUrl = `${entityBaseUrl}/.well-known/openid-federation`;
|
26
|
+
|
27
|
+
const response = await appFetch(wellKnownUrl, {
|
28
|
+
method: "GET",
|
29
|
+
});
|
30
|
+
|
31
|
+
if (response.status === 200) {
|
32
|
+
const responseText = await response.text();
|
33
|
+
const responseJwt = decodeJwt(responseText);
|
34
|
+
return EntityConfiguration.parse({
|
35
|
+
header: responseJwt.protectedHeader,
|
36
|
+
payload: responseJwt.payload,
|
37
|
+
});
|
38
|
+
}
|
39
|
+
|
40
|
+
throw new IoWalletError(
|
41
|
+
`Unable to obtain Entity Configuration at ${wellKnownUrl}. Response code: ${response.status}`
|
42
|
+
);
|
43
|
+
}
|
@@ -0,0 +1,64 @@
|
|
1
|
+
import { UnixTime } from "../sd-jwt/types";
|
2
|
+
import { JWK } from "../utils/jwk";
|
3
|
+
import * as z from "zod";
|
4
|
+
|
5
|
+
export const TrustMark = z.object({ id: z.string(), trust_mark: z.string() });
|
6
|
+
export type TrustMark = z.infer<typeof TrustMark>;
|
7
|
+
|
8
|
+
export type EntityStatement = z.infer<typeof EntityStatement>;
|
9
|
+
export const EntityStatement = z.object({
|
10
|
+
header: z.object({
|
11
|
+
typ: z.literal("entity-statement+jwt"),
|
12
|
+
alg: z.string(),
|
13
|
+
kid: z.string(),
|
14
|
+
}),
|
15
|
+
payload: z.object({
|
16
|
+
iss: z.string(),
|
17
|
+
sub: z.string(),
|
18
|
+
jwks: z.object({ keys: z.array(JWK) }),
|
19
|
+
trust_marks: z.array(TrustMark),
|
20
|
+
iat: z.number(),
|
21
|
+
exp: z.number(),
|
22
|
+
}),
|
23
|
+
});
|
24
|
+
|
25
|
+
export type EntityConfiguration = z.infer<typeof EntityConfiguration>;
|
26
|
+
export const EntityConfiguration = z.object({
|
27
|
+
header: z.object({
|
28
|
+
typ: z.literal("entity-statement+jwt"),
|
29
|
+
alg: z.string(),
|
30
|
+
kid: z.string(),
|
31
|
+
}),
|
32
|
+
payload: z.object({
|
33
|
+
exp: UnixTime,
|
34
|
+
iat: UnixTime,
|
35
|
+
iss: z.string(),
|
36
|
+
sub: z.string(),
|
37
|
+
jwks: z.object({
|
38
|
+
keys: z.array(JWK),
|
39
|
+
}),
|
40
|
+
metadata: z
|
41
|
+
.object({
|
42
|
+
federation_entity: z
|
43
|
+
.object({
|
44
|
+
federation_fetch_endpoint: z.string().optional(),
|
45
|
+
federation_list_endpoint: z.string().optional(),
|
46
|
+
federation_resolve_endpoint: z.string().optional(),
|
47
|
+
federation_trust_mark_status_endpoint: z.string().optional(),
|
48
|
+
federation_trust_mark_list_endpoint: z.string().optional(),
|
49
|
+
homepage_uri: z.string().optional(),
|
50
|
+
policy_uri: z.string().optional(),
|
51
|
+
logo_uri: z.string().optional(),
|
52
|
+
contacts: z.array(z.string()).optional(),
|
53
|
+
})
|
54
|
+
.passthrough(),
|
55
|
+
})
|
56
|
+
.passthrough(),
|
57
|
+
authority_hints: z.array(z.string()).optional(),
|
58
|
+
}),
|
59
|
+
});
|
60
|
+
|
61
|
+
export type TrustAnchorEntityConfiguration = z.infer<
|
62
|
+
typeof TrustAnchorEntityConfiguration
|
63
|
+
>;
|
64
|
+
export const TrustAnchorEntityConfiguration = EntityConfiguration;
|
@@ -34,9 +34,9 @@ export class Issuing {
|
|
34
34
|
|
35
35
|
const walletInstanceAttestationRequest = new SignJWT({
|
36
36
|
iss: keyThumbprint,
|
37
|
-
|
37
|
+
aud: this.walletProviderBaseUrl,
|
38
38
|
jti: `${uuid.v4()}`,
|
39
|
-
|
39
|
+
nonce: `${uuid.v4()}`,
|
40
40
|
cnf: {
|
41
41
|
jwk: fixBase64EncodingOnKey(publicKey),
|
42
42
|
},
|
@@ -44,7 +44,7 @@ export class Issuing {
|
|
44
44
|
.setProtectedHeader({
|
45
45
|
alg: "ES256",
|
46
46
|
kid: publicKey.kid,
|
47
|
-
typ: "
|
47
|
+
typ: "wiar+jwt",
|
48
48
|
})
|
49
49
|
.setIssuedAt()
|
50
50
|
.setExpirationTime("1h")
|
@@ -87,7 +87,7 @@ export class Issuing {
|
|
87
87
|
const tokenUrl = new URL("token", this.walletProviderBaseUrl).href;
|
88
88
|
const requestBody = {
|
89
89
|
grant_type:
|
90
|
-
"urn:ietf:params:oauth:client-assertion-type:jwt-
|
90
|
+
"urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation",
|
91
91
|
assertion: signedAttestationRequest,
|
92
92
|
};
|
93
93
|
const response = await this.appFetch(tokenUrl, {
|