@pagopa/io-react-native-wallet 0.3.1 → 0.4.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (60) hide show
  1. package/README.md +57 -24
  2. package/lib/commonjs/index.js +39 -0
  3. package/lib/commonjs/index.js.map +1 -1
  4. package/lib/commonjs/rp/__test__/index.test.js +8 -1
  5. package/lib/commonjs/rp/__test__/index.test.js.map +1 -1
  6. package/lib/commonjs/rp/index.js +4 -13
  7. package/lib/commonjs/rp/index.js.map +1 -1
  8. package/lib/commonjs/rp/types.js +12 -32
  9. package/lib/commonjs/rp/types.js.map +1 -1
  10. package/lib/commonjs/trust/chain.js +94 -0
  11. package/lib/commonjs/trust/chain.js.map +1 -0
  12. package/lib/commonjs/trust/index.js +44 -0
  13. package/lib/commonjs/trust/index.js.map +1 -0
  14. package/lib/commonjs/trust/types.js +68 -0
  15. package/lib/commonjs/trust/types.js.map +1 -0
  16. package/lib/commonjs/wallet-instance-attestation/issuing.js +4 -4
  17. package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
  18. package/lib/commonjs/wallet-instance-attestation/types.js +6 -9
  19. package/lib/commonjs/wallet-instance-attestation/types.js.map +1 -1
  20. package/lib/module/index.js +4 -1
  21. package/lib/module/index.js.map +1 -1
  22. package/lib/module/rp/__test__/index.test.js +8 -1
  23. package/lib/module/rp/__test__/index.test.js.map +1 -1
  24. package/lib/module/rp/index.js +4 -13
  25. package/lib/module/rp/index.js.map +1 -1
  26. package/lib/module/rp/types.js +12 -32
  27. package/lib/module/rp/types.js.map +1 -1
  28. package/lib/module/trust/chain.js +86 -0
  29. package/lib/module/trust/chain.js.map +1 -0
  30. package/lib/module/trust/index.js +34 -0
  31. package/lib/module/trust/index.js.map +1 -0
  32. package/lib/module/trust/types.js +56 -0
  33. package/lib/module/trust/types.js.map +1 -0
  34. package/lib/module/wallet-instance-attestation/issuing.js +4 -4
  35. package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
  36. package/lib/module/wallet-instance-attestation/types.js +6 -9
  37. package/lib/module/wallet-instance-attestation/types.js.map +1 -1
  38. package/lib/typescript/index.d.ts +4 -1
  39. package/lib/typescript/index.d.ts.map +1 -1
  40. package/lib/typescript/rp/index.d.ts.map +1 -1
  41. package/lib/typescript/rp/types.d.ts +463 -180
  42. package/lib/typescript/rp/types.d.ts.map +1 -1
  43. package/lib/typescript/trust/chain.d.ts +17 -0
  44. package/lib/typescript/trust/chain.d.ts.map +1 -0
  45. package/lib/typescript/trust/index.d.ts +16 -0
  46. package/lib/typescript/trust/index.d.ts.map +1 -0
  47. package/lib/typescript/trust/types.d.ts +1225 -0
  48. package/lib/typescript/trust/types.d.ts.map +1 -0
  49. package/lib/typescript/wallet-instance-attestation/types.d.ts +30 -50
  50. package/lib/typescript/wallet-instance-attestation/types.d.ts.map +1 -1
  51. package/package.json +1 -1
  52. package/src/index.ts +13 -0
  53. package/src/rp/__test__/index.test.ts +8 -1
  54. package/src/rp/index.ts +4 -19
  55. package/src/rp/types.ts +19 -34
  56. package/src/trust/chain.ts +109 -0
  57. package/src/trust/index.ts +43 -0
  58. package/src/trust/types.ts +64 -0
  59. package/src/wallet-instance-attestation/issuing.ts +4 -4
  60. package/src/wallet-instance-attestation/types.ts +6 -9
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/trust/types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,eAAO,MAAM,SAAS;;;;;;;;;EAAuD,CAAC;AAC9E,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,SAAS,CAAC,CAAC;AAElD,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAC9D,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc1B,CAAC;AAEH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AACtE,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiC9B,CAAC;AAEH,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAClD,OAAO,8BAA8B,CACtC,CAAC;AACF,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAAsB,CAAC"}
@@ -20,15 +20,14 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
20
20
  x5c?: string[] | undefined;
21
21
  trust_chain?: string[] | undefined;
22
22
  }>, z.ZodObject<{
23
- typ: z.ZodLiteral<"var+jwt">;
23
+ typ: z.ZodLiteral<"wiar+jwt">;
24
24
  }, "strip", z.ZodTypeAny, {
25
- typ: "var+jwt";
25
+ typ: "wiar+jwt";
26
26
  }, {
27
- typ: "var+jwt";
27
+ typ: "wiar+jwt";
28
28
  }>>;
29
29
  payload: z.ZodIntersection<z.ZodObject<{
30
30
  iss: z.ZodString;
31
- sub: z.ZodString;
32
31
  iat: z.ZodNumber;
33
32
  exp: z.ZodNumber;
34
33
  cnf: z.ZodObject<{
@@ -165,7 +164,6 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
165
164
  }>;
166
165
  }, "strip", z.ZodTypeAny, {
167
166
  iss: string;
168
- sub: string;
169
167
  iat: number;
170
168
  exp: number;
171
169
  cnf: {
@@ -198,7 +196,6 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
198
196
  };
199
197
  }, {
200
198
  iss: string;
201
- sub: string;
202
199
  iat: number;
203
200
  exp: number;
204
201
  cnf: {
@@ -230,14 +227,17 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
230
227
  };
231
228
  };
232
229
  }>, z.ZodObject<{
230
+ aud: z.ZodString;
233
231
  jti: z.ZodString;
234
- type: z.ZodLiteral<"WalletInstanceAttestationRequest">;
232
+ nonce: z.ZodString;
235
233
  }, "strip", z.ZodTypeAny, {
236
- type: "WalletInstanceAttestationRequest";
237
234
  jti: string;
235
+ nonce: string;
236
+ aud: string;
238
237
  }, {
239
- type: "WalletInstanceAttestationRequest";
240
238
  jti: string;
239
+ nonce: string;
240
+ aud: string;
241
241
  }>>;
242
242
  }, "strip", z.ZodTypeAny, {
243
243
  header: {
@@ -247,11 +247,10 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
247
247
  x5c?: string[] | undefined;
248
248
  trust_chain?: string[] | undefined;
249
249
  } & {
250
- typ: "var+jwt";
250
+ typ: "wiar+jwt";
251
251
  };
252
252
  payload: {
253
253
  iss: string;
254
- sub: string;
255
254
  iat: number;
256
255
  exp: number;
257
256
  cnf: {
@@ -283,8 +282,9 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
283
282
  };
284
283
  };
285
284
  } & {
286
- type: "WalletInstanceAttestationRequest";
287
285
  jti: string;
286
+ nonce: string;
287
+ aud: string;
288
288
  };
289
289
  }, {
290
290
  header: {
@@ -294,11 +294,10 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
294
294
  x5c?: string[] | undefined;
295
295
  trust_chain?: string[] | undefined;
296
296
  } & {
297
- typ: "var+jwt";
297
+ typ: "wiar+jwt";
298
298
  };
299
299
  payload: {
300
300
  iss: string;
301
- sub: string;
302
301
  iat: number;
303
302
  exp: number;
304
303
  cnf: {
@@ -330,8 +329,9 @@ export declare const WalletInstanceAttestationRequestJwt: z.ZodObject<{
330
329
  };
331
330
  };
332
331
  } & {
333
- type: "WalletInstanceAttestationRequest";
334
332
  jti: string;
333
+ nonce: string;
334
+ aud: string;
335
335
  };
336
336
  }>;
337
337
  export type WalletInstanceAttestationJwt = z.infer<typeof WalletInstanceAttestationJwt>;
@@ -355,15 +355,14 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
355
355
  x5c?: string[] | undefined;
356
356
  trust_chain?: string[] | undefined;
357
357
  }>, z.ZodObject<{
358
- typ: z.ZodLiteral<"va+jwt">;
358
+ typ: z.ZodLiteral<"wallet-attestation+jwt">;
359
359
  }, "strip", z.ZodTypeAny, {
360
- typ: "va+jwt";
360
+ typ: "wallet-attestation+jwt";
361
361
  }, {
362
- typ: "va+jwt";
362
+ typ: "wallet-attestation+jwt";
363
363
  }>>;
364
364
  payload: z.ZodIntersection<z.ZodObject<{
365
365
  iss: z.ZodString;
366
- sub: z.ZodString;
367
366
  iat: z.ZodNumber;
368
367
  exp: z.ZodNumber;
369
368
  cnf: z.ZodObject<{
@@ -500,7 +499,6 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
500
499
  }>;
501
500
  }, "strip", z.ZodTypeAny, {
502
501
  iss: string;
503
- sub: string;
504
502
  iat: number;
505
503
  exp: number;
506
504
  cnf: {
@@ -533,7 +531,6 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
533
531
  };
534
532
  }, {
535
533
  iss: string;
536
- sub: string;
537
534
  iat: number;
538
535
  exp: number;
539
536
  cnf: {
@@ -565,11 +562,8 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
565
562
  };
566
563
  };
567
564
  }>, z.ZodObject<{
568
- type: z.ZodLiteral<"WalletInstanceAttestation">;
569
- policy_uri: z.ZodString;
570
- tos_uri: z.ZodString;
571
- logo_uri: z.ZodString;
572
- asc: z.ZodString;
565
+ sub: z.ZodString;
566
+ attested_security_context: z.ZodString;
573
567
  authorization_endpoint: z.ZodString;
574
568
  response_types_supported: z.ZodArray<z.ZodString, "many">;
575
569
  vp_formats_supported: z.ZodObject<{
@@ -605,12 +599,9 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
605
599
  request_object_signing_alg_values_supported: z.ZodArray<z.ZodString, "many">;
606
600
  presentation_definition_uri_supported: z.ZodBoolean;
607
601
  }, "strip", z.ZodTypeAny, {
608
- type: "WalletInstanceAttestation";
602
+ sub: string;
609
603
  authorization_endpoint: string;
610
- policy_uri: string;
611
- tos_uri: string;
612
- logo_uri: string;
613
- asc: string;
604
+ attested_security_context: string;
614
605
  response_types_supported: string[];
615
606
  vp_formats_supported: {
616
607
  jwt_vp_json: {
@@ -623,12 +614,9 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
623
614
  request_object_signing_alg_values_supported: string[];
624
615
  presentation_definition_uri_supported: boolean;
625
616
  }, {
626
- type: "WalletInstanceAttestation";
617
+ sub: string;
627
618
  authorization_endpoint: string;
628
- policy_uri: string;
629
- tos_uri: string;
630
- logo_uri: string;
631
- asc: string;
619
+ attested_security_context: string;
632
620
  response_types_supported: string[];
633
621
  vp_formats_supported: {
634
622
  jwt_vp_json: {
@@ -649,11 +637,10 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
649
637
  x5c?: string[] | undefined;
650
638
  trust_chain?: string[] | undefined;
651
639
  } & {
652
- typ: "va+jwt";
640
+ typ: "wallet-attestation+jwt";
653
641
  };
654
642
  payload: {
655
643
  iss: string;
656
- sub: string;
657
644
  iat: number;
658
645
  exp: number;
659
646
  cnf: {
@@ -685,12 +672,9 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
685
672
  };
686
673
  };
687
674
  } & {
688
- type: "WalletInstanceAttestation";
675
+ sub: string;
689
676
  authorization_endpoint: string;
690
- policy_uri: string;
691
- tos_uri: string;
692
- logo_uri: string;
693
- asc: string;
677
+ attested_security_context: string;
694
678
  response_types_supported: string[];
695
679
  vp_formats_supported: {
696
680
  jwt_vp_json: {
@@ -711,11 +695,10 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
711
695
  x5c?: string[] | undefined;
712
696
  trust_chain?: string[] | undefined;
713
697
  } & {
714
- typ: "va+jwt";
698
+ typ: "wallet-attestation+jwt";
715
699
  };
716
700
  payload: {
717
701
  iss: string;
718
- sub: string;
719
702
  iat: number;
720
703
  exp: number;
721
704
  cnf: {
@@ -747,12 +730,9 @@ export declare const WalletInstanceAttestationJwt: z.ZodObject<{
747
730
  };
748
731
  };
749
732
  } & {
750
- type: "WalletInstanceAttestation";
733
+ sub: string;
751
734
  authorization_endpoint: string;
752
- policy_uri: string;
753
- tos_uri: string;
754
- logo_uri: string;
755
- asc: string;
735
+ attested_security_context: string;
756
736
  response_types_supported: string[];
757
737
  vp_formats_supported: {
758
738
  jwt_vp_json: {
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/wallet-instance-attestation/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AA4BzB,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CACvD,OAAO,mCAAmC,CAC3C,CAAC;AACF,eAAO,MAAM,mCAAmC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAc9C,CAAC;AAEH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,4BAA4B,CACpC,CAAC;AACF,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6BvC,CAAC"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/wallet-instance-attestation/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AA2BzB,MAAM,MAAM,mCAAmC,GAAG,CAAC,CAAC,KAAK,CACvD,OAAO,mCAAmC,CAC3C,CAAC;AACF,eAAO,MAAM,mCAAmC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAe9C,CAAC;AAEH,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAChD,OAAO,4BAA4B,CACpC,CAAC;AACF,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA0BvC,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pagopa/io-react-native-wallet",
3
- "version": "0.3.1",
3
+ "version": "0.4.1",
4
4
  "description": "Provide data structures, helpers and API for IO Wallet",
5
5
  "main": "lib/commonjs/index",
6
6
  "module": "lib/module/index",
package/src/index.ts CHANGED
@@ -8,6 +8,13 @@ import * as Errors from "./utils/errors";
8
8
  import * as WalletInstanceAttestation from "./wallet-instance-attestation";
9
9
  import { getUnsignedDPop } from "./utils/dpop";
10
10
  import { RelyingPartySolution } from "./rp";
11
+ import { RpEntityConfiguration } from "./rp/types";
12
+ import { verifyTrustChain, getEntityConfiguration } from "./trust";
13
+ import {
14
+ EntityConfiguration,
15
+ EntityStatement,
16
+ TrustAnchorEntityConfiguration,
17
+ } from "./trust/types";
11
18
 
12
19
  export {
13
20
  PID,
@@ -16,4 +23,10 @@ export {
16
23
  Errors,
17
24
  getUnsignedDPop,
18
25
  RelyingPartySolution,
26
+ verifyTrustChain,
27
+ getEntityConfiguration,
28
+ EntityConfiguration,
29
+ EntityStatement,
30
+ RpEntityConfiguration,
31
+ TrustAnchorEntityConfiguration,
19
32
  };
@@ -20,7 +20,7 @@ describe("decodeAuthRequestQR", () => {
20
20
  });
21
21
 
22
22
  describe("RpEntityConfiguration", () => {
23
- it("should parse a valid confdsfashdhasd", async () => {
23
+ it("should parse a valid conf", async () => {
24
24
  const pp = {
25
25
  header: {
26
26
  alg: "RS256",
@@ -43,6 +43,13 @@ describe("RpEntityConfiguration", () => {
43
43
  ],
44
44
  },
45
45
  metadata: {
46
+ federation_entity: {
47
+ organization_name: "wallet-provider",
48
+ homepage_uri: "https://wallet-provider.example",
49
+ policy_uri: "https://wallet-provider.example",
50
+ logo_uri: "https://wallet-provider.example",
51
+ contacts: ["https://wallet-provider.example"],
52
+ },
46
53
  wallet_relying_party: {
47
54
  application_type: "web",
48
55
  authorization_encrypted_response_alg: [
package/src/rp/index.ts CHANGED
@@ -21,6 +21,7 @@ import {
21
21
  import uuid from "react-native-uuid";
22
22
  import type { JWK } from "@pagopa/io-react-native-jwt/lib/typescript/types";
23
23
  import { disclose } from "../sd-jwt";
24
+ import { getEntityConfiguration } from "../trust";
24
25
 
25
26
  export class RelyingPartySolution {
26
27
  relyingPartyBaseUrl: string;
@@ -301,24 +302,8 @@ export class RelyingPartySolution {
301
302
  * Obtain the relying party entity configuration.
302
303
  */
303
304
  async getEntityConfiguration(): Promise<RpEntityConfiguration> {
304
- const wellKnownUrl =
305
- this.relyingPartyBaseUrl + "/.well-known/openid-federation";
306
-
307
- const response = await this.appFetch(wellKnownUrl, {
308
- method: "GET",
309
- });
310
-
311
- if (response.status === 200) {
312
- const responseText = await response.text();
313
- const responseJwt = await decodeJwt(responseText);
314
- return RpEntityConfiguration.parse({
315
- header: responseJwt.protectedHeader,
316
- payload: responseJwt.payload,
317
- });
318
- }
319
-
320
- throw new IoWalletError(
321
- `Unable to obtain RP Entity Configuration. Response code: ${response.status}`
322
- );
305
+ return getEntityConfiguration(this.relyingPartyBaseUrl, {
306
+ appFetch: this.appFetch,
307
+ }).then(RpEntityConfiguration.parse);
323
308
  }
324
309
  }
package/src/rp/types.ts CHANGED
@@ -1,6 +1,7 @@
1
1
  import { JWK } from "../utils/jwk";
2
2
  import { UnixTime } from "../sd-jwt/types";
3
3
  import * as z from "zod";
4
+ import { EntityConfiguration } from "../trust/types";
4
5
 
5
6
  export type RequestObject = z.infer<typeof RequestObject>;
6
7
  export const RequestObject = z.object({
@@ -26,43 +27,27 @@ export const RequestObject = z.object({
26
27
  }),
27
28
  });
28
29
 
29
- // TODO: This types is WIP in technical rules
30
+ /**
31
+ * EntityConfiguration plus the metadata specific for a Relying Party entity.
32
+ */
30
33
  export type RpEntityConfiguration = z.infer<typeof RpEntityConfiguration>;
31
- export const RpEntityConfiguration = z.object({
32
- header: z.object({
33
- typ: z.literal("entity-statement+jwt"),
34
- alg: z.string(),
35
- kid: z.string(),
36
- }),
37
- payload: z.object({
38
- exp: UnixTime,
39
- iat: UnixTime,
40
- iss: z.string(),
41
- sub: z.string(),
42
- jwks: z.object({
43
- keys: z.array(JWK),
44
- }),
45
- metadata: z.object({
46
- wallet_relying_party: z.object({
47
- application_type: z.string(),
48
- client_id: z.string(),
49
- client_name: z.string(),
50
- jwks: z.array(JWK),
51
- contacts: z.array(z.string()),
34
+ export const RpEntityConfiguration = EntityConfiguration.and(
35
+ z.object({
36
+ payload: z.object({
37
+ metadata: z.object({
38
+ wallet_relying_party: z
39
+ .object({
40
+ application_type: z.string().optional(),
41
+ client_id: z.string().optional(),
42
+ client_name: z.string().optional(),
43
+ jwks: z.array(JWK),
44
+ contacts: z.array(z.string()).optional(),
45
+ })
46
+ .passthrough(),
52
47
  }),
53
- // FIXME: SIW-422 require federation_metadata field
54
- // Actual RP implementation does not comply with the spec
55
- /* federation_entity: z.object({
56
- organization_name: z.string(),
57
- homepage_uri: z.string(),
58
- policy_uri: z.string(),
59
- logo_uri: z.string(),
60
- contacts: z.array(z.string()),
61
- }), */
62
48
  }),
63
- authority_hints: z.array(z.string()),
64
- }),
65
- });
49
+ })
50
+ );
66
51
 
67
52
  export type QRCodePayload = z.infer<typeof QRCodePayload>;
68
53
  export const QRCodePayload = z.object({
@@ -0,0 +1,109 @@
1
+ import {
2
+ decode as decodeJwt,
3
+ verify as verifyJwt,
4
+ } from "@pagopa/io-react-native-jwt";
5
+ import {
6
+ EntityConfiguration,
7
+ EntityStatement,
8
+ TrustAnchorEntityConfiguration,
9
+ } from "./types";
10
+ import { JWK } from "../utils/jwk";
11
+ import { IoWalletError } from "../utils/errors";
12
+ import * as z from "zod";
13
+ import type { JWTDecodeResult } from "@pagopa/io-react-native-jwt/lib/typescript/types";
14
+
15
+ type ParsedToken = {
16
+ header: JWTDecodeResult["protectedHeader"];
17
+ payload: JWTDecodeResult["payload"];
18
+ };
19
+
20
+ // Verify a token signature
21
+ // The kid is extracted from the token header
22
+ const verify = async (
23
+ token: string,
24
+ kid: string,
25
+ jwks: JWK[]
26
+ ): Promise<ParsedToken> => {
27
+ const jwk = jwks.find((k) => k.kid === kid);
28
+ if (!jwk) {
29
+ throw new Error(`Invalid kid: ${kid}, token: ${token}`);
30
+ }
31
+ const { protectedHeader: header, payload } = await verifyJwt(token, jwk);
32
+ return { header, payload };
33
+ };
34
+
35
+ const decode = (token: string) => {
36
+ const { protectedHeader: header, payload } = decodeJwt(token);
37
+ return { header, payload };
38
+ };
39
+
40
+ // The first element of the chain is supposed to be the Entity Configuration for the document issuer
41
+ const FirstElementShape = EntityConfiguration;
42
+ // Each element but the first is supposed to be an Entity Statement
43
+ const MiddleElementShape = EntityStatement;
44
+ // The last element of the chain can either be an Entity Statement
45
+ // or the Entity Configuration for the known Trust Anchor
46
+ const LastElementShape = z.union([
47
+ EntityStatement,
48
+ TrustAnchorEntityConfiguration,
49
+ ]);
50
+
51
+ /**
52
+ * Validates a provided trust chain against a known trust
53
+ *
54
+ * @param trustAnchorEntity
55
+ * @param chain
56
+ * @returns The list of parsed token representing the chain
57
+ * @throws {IoWalletError} If the chain is not valid
58
+ */
59
+ export async function verifyTrustChain(
60
+ trustAnchorEntity: TrustAnchorEntityConfiguration,
61
+ chain: string[]
62
+ ): Promise<ParsedToken[]> {
63
+ // If the chain is empty, fail
64
+ if (chain.length === 0) {
65
+ throw new IoWalletError("Cannot verify empty trust chain");
66
+ }
67
+
68
+ // Select the expected token shape
69
+ const selectTokenShape = (elementIndex: number) =>
70
+ elementIndex === 0
71
+ ? FirstElementShape
72
+ : elementIndex === chain.length - 1
73
+ ? LastElementShape
74
+ : MiddleElementShape;
75
+
76
+ // select the kid from the current index
77
+ const selectKid = (currentIndex: number): string => {
78
+ const token = chain[currentIndex];
79
+ if (!token) {
80
+ throw new IoWalletError(`Cannot select kid: empty token`);
81
+ }
82
+ const shape = selectTokenShape(currentIndex);
83
+ return shape.parse(decode(token)).header.kid;
84
+ };
85
+
86
+ // select keys from the next token
87
+ // if the current token is the last, keys fro trust anchor will be used
88
+ const selectKeys = (currentIndex: number): JWK[] => {
89
+ if (currentIndex === chain.length - 1) {
90
+ return trustAnchorEntity.payload.jwks.keys;
91
+ }
92
+
93
+ const nextIndex = currentIndex + 1;
94
+ const nextToken = chain[nextIndex];
95
+ if (!nextToken) {
96
+ throw new IoWalletError(`Cannot select keys: empty nextToken`);
97
+ }
98
+ const shape = selectTokenShape(nextIndex);
99
+ return shape.parse(decode(nextToken)).payload.jwks.keys;
100
+ };
101
+
102
+ // Iterate the chain and validate each element's signature against the public keys of its next
103
+ // If there is no next, hence it's the end of the chain and it must be verified by the Trust Anchor
104
+ return Promise.all(
105
+ chain
106
+ .map((token, i) => [token, selectKid(i), selectKeys(i)] as const)
107
+ .map((args) => verify(...args))
108
+ );
109
+ }
@@ -0,0 +1,43 @@
1
+ import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
2
+ import { EntityConfiguration } from "./types";
3
+ import { IoWalletError } from "../utils/errors";
4
+ import { verifyTrustChain } from "./chain";
5
+
6
+ export { verifyTrustChain };
7
+
8
+ /**
9
+ * Fetch and parse teh entity configuration document for a given federation entity
10
+ *
11
+ * @param entityBaseUrl The base url of the entity.
12
+ * @param options.appFetch An optional instance of the http client to be used.
13
+ * @returns The parsed entity configuration object
14
+ * @throws {IoWalletError} If the http request fails
15
+ * @throws Parse error if the document is not in the expected shape.
16
+ */
17
+ export async function getEntityConfiguration(
18
+ entityBaseUrl: string,
19
+ {
20
+ appFetch = fetch,
21
+ }: {
22
+ appFetch?: GlobalFetch["fetch"];
23
+ } = {}
24
+ ): Promise<EntityConfiguration> {
25
+ const wellKnownUrl = `${entityBaseUrl}/.well-known/openid-federation`;
26
+
27
+ const response = await appFetch(wellKnownUrl, {
28
+ method: "GET",
29
+ });
30
+
31
+ if (response.status === 200) {
32
+ const responseText = await response.text();
33
+ const responseJwt = decodeJwt(responseText);
34
+ return EntityConfiguration.parse({
35
+ header: responseJwt.protectedHeader,
36
+ payload: responseJwt.payload,
37
+ });
38
+ }
39
+
40
+ throw new IoWalletError(
41
+ `Unable to obtain Entity Configuration at ${wellKnownUrl}. Response code: ${response.status}`
42
+ );
43
+ }
@@ -0,0 +1,64 @@
1
+ import { UnixTime } from "../sd-jwt/types";
2
+ import { JWK } from "../utils/jwk";
3
+ import * as z from "zod";
4
+
5
+ export const TrustMark = z.object({ id: z.string(), trust_mark: z.string() });
6
+ export type TrustMark = z.infer<typeof TrustMark>;
7
+
8
+ export type EntityStatement = z.infer<typeof EntityStatement>;
9
+ export const EntityStatement = z.object({
10
+ header: z.object({
11
+ typ: z.literal("entity-statement+jwt"),
12
+ alg: z.string(),
13
+ kid: z.string(),
14
+ }),
15
+ payload: z.object({
16
+ iss: z.string(),
17
+ sub: z.string(),
18
+ jwks: z.object({ keys: z.array(JWK) }),
19
+ trust_marks: z.array(TrustMark),
20
+ iat: z.number(),
21
+ exp: z.number(),
22
+ }),
23
+ });
24
+
25
+ export type EntityConfiguration = z.infer<typeof EntityConfiguration>;
26
+ export const EntityConfiguration = z.object({
27
+ header: z.object({
28
+ typ: z.literal("entity-statement+jwt"),
29
+ alg: z.string(),
30
+ kid: z.string(),
31
+ }),
32
+ payload: z.object({
33
+ exp: UnixTime,
34
+ iat: UnixTime,
35
+ iss: z.string(),
36
+ sub: z.string(),
37
+ jwks: z.object({
38
+ keys: z.array(JWK),
39
+ }),
40
+ metadata: z
41
+ .object({
42
+ federation_entity: z
43
+ .object({
44
+ federation_fetch_endpoint: z.string().optional(),
45
+ federation_list_endpoint: z.string().optional(),
46
+ federation_resolve_endpoint: z.string().optional(),
47
+ federation_trust_mark_status_endpoint: z.string().optional(),
48
+ federation_trust_mark_list_endpoint: z.string().optional(),
49
+ homepage_uri: z.string().optional(),
50
+ policy_uri: z.string().optional(),
51
+ logo_uri: z.string().optional(),
52
+ contacts: z.array(z.string()).optional(),
53
+ })
54
+ .passthrough(),
55
+ })
56
+ .passthrough(),
57
+ authority_hints: z.array(z.string()).optional(),
58
+ }),
59
+ });
60
+
61
+ export type TrustAnchorEntityConfiguration = z.infer<
62
+ typeof TrustAnchorEntityConfiguration
63
+ >;
64
+ export const TrustAnchorEntityConfiguration = EntityConfiguration;
@@ -34,9 +34,9 @@ export class Issuing {
34
34
 
35
35
  const walletInstanceAttestationRequest = new SignJWT({
36
36
  iss: keyThumbprint,
37
- sub: this.walletProviderBaseUrl,
37
+ aud: this.walletProviderBaseUrl,
38
38
  jti: `${uuid.v4()}`,
39
- type: "WalletInstanceAttestationRequest",
39
+ nonce: `${uuid.v4()}`,
40
40
  cnf: {
41
41
  jwk: fixBase64EncodingOnKey(publicKey),
42
42
  },
@@ -44,7 +44,7 @@ export class Issuing {
44
44
  .setProtectedHeader({
45
45
  alg: "ES256",
46
46
  kid: publicKey.kid,
47
- typ: "var+jwt",
47
+ typ: "wiar+jwt",
48
48
  })
49
49
  .setIssuedAt()
50
50
  .setExpirationTime("1h")
@@ -87,7 +87,7 @@ export class Issuing {
87
87
  const tokenUrl = new URL("token", this.walletProviderBaseUrl).href;
88
88
  const requestBody = {
89
89
  grant_type:
90
- "urn:ietf:params:oauth:client-assertion-type:jwt-key-attestation",
90
+ "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation",
91
91
  assertion: signedAttestationRequest,
92
92
  };
93
93
  const response = await this.appFetch(tokenUrl, {