@pagopa/io-react-native-wallet 0.4.2 → 0.5.0

package/README.md

@@ -15,8 +15,67 @@ npm install @pagopa/io-react-native-wallet
 
 ## Usage
 
+Refer to Example App for actual usages.
+
+<details>
+  <summary>Handling cryptographic assets</summary>
+
+User flows implementions make use of tokens signed using asymmetric key pairs. Such cryptographic keys are managed by the device according to its specifications. It's not the intention of this package to handle such cryptographic assets and their peculiarities; instead, an handy interface is used to provide the right abstraction to allow responsibilities segregation:
+
+- the application knows who to generate/store/delete keys;
+- the package knows when and where to use them.
+
+The interface is `CryptoContext` inherited from the `@pagopa/io-react-native-jwt` package.
+
+This package provides an helper to build a `CryptoContext` object bound to a given key tag
+
+```ts
+import { createCryptoContextFor } from "@pagopa/io-react-native-wallet";
+
+const ctx = createCryptoContextFor("my-tag");
+```
+
+Be sure the key for `my-tag` already exists.
+
+</details>
+
+<details>
+  <summary>Making HTTP requests</summary>
+
+This package is compatibile with any http client which implements [Fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API). Functions that makes http requests allow for an optional `appFetch` parameter to provide a custom http client implementation. If not provided, the built-in implementation on the runtime is used.
+
+</details>
+
 ### PID
 
+#### Issuing
+
+```ts
+import { PID, createCryptoContextFor } from "@pagopa/io-react-native-wallet";
+
+// Obtain PID metadata
+const pidEntityConfiguration = await PID.Issuing.getEntityConfiguration()(
+  pidProviderBaseUrl
+);
+
+// Auth Token request
+const authRequest = PID.Issuing.authorizeIssuing({ wiaCryptoContext });
+const authConf = await authRequest(
+  instanceAttestation,
+  walletProviderBaseUrl,
+  pidEntityConfiguration
+);
+
+// Credential request
+const credentialRequest = PID.Issuing.getCredential({ pidCryptoContext });
+const pid = await credentialRequest(authConf, pidEntityConfiguration, {
+  birthDate: "01/01/1990",
+  fiscalCode: "AAABBB00A00A000A",
+  name: "NAME",
+  surname: "SURNAME",
+});
+```
+
 #### Encode and Decode
 
 ```ts
@@ -34,28 +93,20 @@ PID.SdJwt.verify("<token>");
 #### Issuing
 
 ```ts
-import { WalletInstanceAttestation } from "@pagopa/io-react-native-wallet";
-
-const issuing = new WalletInstanceAttestation.Issuing(yourWalletProviderUrl);
-
-// Generate keys
-const publicKey = await yourCustomPublicKey("TEE_KEY_TAG");
-
-const walletInstanceAttestationRequest =
-  await issuing.getAttestationRequestToSign(publicKey);
-
-//Sign with TEE
-const signature = await yourCustomSignatureFunction(
-  walletInstanceAttestationRequest,
-  "TEE_KEY_TAG"
-);
-
-const walletInstanceAttestation = await issuing.getAttestation(
-  walletInstanceAttestationRequest,
-  signature
-);
-
-console.log(walletInstanceAttestation);
+import {
+  WalletInstanceAttestation,
+  createCryptoContextFor,
+} from "@pagopa/io-react-native-wallet";
+// create crypto contet
+const wiaCryptoContext = createCryptoContextFor("wia-keytag");
+
+// prepare the request
+const wiaRequest = WalletInstanceAttestation.getAttestation({
+  wiaCryptoContext,
+});
+
+// request
+const instanceAttestation = await wiaRequest("https://wallet-provider.example");
 ```
 
 #### Encode and Decode
@@ -66,6 +117,31 @@ import { WalletInstanceAttestation } from "io-react-native-wallet";
 WalletInstanceAttestation.decode("<token>");
 ```
 
+### Relying Party
+
+#### Credential presentation
+
+```ts
+import { PID, createCryptoContextFor } from "@pagopa/io-react-native-wallet";
+
+// get request object
+const getRequestObject = RelyingPartySolution.getRequestObject({
+  wiaCryptoContext,
+});
+const requestObj = await getRequestObject(
+  walletInstanceAttestation,
+  authRequestUrl,
+  entityConfiguration
+);
+
+// Submit authorization response
+const sendAuthorizationResponse =
+  RelyingPartySolution.sendAuthorizationResponse({
+    pidCryptoContext,
+  });
+const result = await sendAuthorizationResponse(requestObj, [pidToken, claims]);
+```
+
 ## Example
 
 ### NodeJS and Ruby

package/lib/commonjs/index.js

@@ -15,13 +15,14 @@ Object.defineProperty(exports, "EntityStatement", {
     return _types2.EntityStatement;
   }
 });
-exports.RP = exports.PID = exports.Errors = void 0;
-Object.defineProperty(exports, "RelyingPartySolution", {
+exports.PID = exports.Errors = void 0;
+Object.defineProperty(exports, "PidIssuerEntityConfiguration", {
   enumerable: true,
   get: function () {
-    return RP.RelyingPartySolution;
+    return _metadata.PidIssuerEntityConfiguration;
   }
 });
+exports.RelyingPartySolution = exports.RP = void 0;
 Object.defineProperty(exports, "RpEntityConfiguration", {
   enumerable: true,
   get: function () {
@@ -35,16 +36,16 @@ Object.defineProperty(exports, "TrustAnchorEntityConfiguration", {
   }
 });
 exports.WalletInstanceAttestation = void 0;
-Object.defineProperty(exports, "getEntityConfiguration", {
+Object.defineProperty(exports, "createCryptoContextFor", {
   enumerable: true,
   get: function () {
-    return _trust.getEntityConfiguration;
+    return _crypto.createCryptoContextFor;
   }
 });
-Object.defineProperty(exports, "getUnsignedDPop", {
+Object.defineProperty(exports, "getEntityConfiguration", {
   enumerable: true,
   get: function () {
-    return _dpop.getUnsignedDPop;
+    return _trust.getEntityConfiguration;
   }
 });
 Object.defineProperty(exports, "verifyTrustChain", {
@@ -57,15 +58,18 @@ require("react-native-url-polyfill/auto");
 var PID = _interopRequireWildcard(require("./pid"));
 exports.PID = PID;
 var RP = _interopRequireWildcard(require("./rp"));
+var RelyingPartySolution = RP;
 exports.RP = RP;
+exports.RelyingPartySolution = RP;
 var Errors = _interopRequireWildcard(require("./utils/errors"));
 exports.Errors = Errors;
 var WalletInstanceAttestation = _interopRequireWildcard(require("./wallet-instance-attestation"));
 exports.WalletInstanceAttestation = WalletInstanceAttestation;
-var _dpop = require("./utils/dpop");
 var _types = require("./rp/types");
 var _trust = require("./trust");
 var _types2 = require("./trust/types");
+var _crypto = require("./utils/crypto");
+var _metadata = require("./pid/metadata");
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
 //# sourceMappingURL=index.js.map

package/lib/commonjs/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["require","PID","_interopRequireWildcard","exports","RP","Errors","WalletInstanceAttestation","_dpop","_types","_trust","_types2","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEAA,OAAA;AAEA,IAAAC,GAAA,GAAAC,uBAAA,CAAAF,OAAA;AAA6BG,OAAA,CAAAF,GAAA,GAAAA,GAAA;AAC7B,IAAAG,EAAA,GAAAF,uBAAA,CAAAF,OAAA;AAA2BG,OAAA,CAAAC,EAAA,GAAAA,EAAA;AAC3B,IAAAC,MAAA,GAAAH,uBAAA,CAAAF,OAAA;AAAyCG,OAAA,CAAAE,MAAA,GAAAA,MAAA;AACzC,IAAAC,yBAAA,GAAAJ,uBAAA,CAAAF,OAAA;AAA2EG,OAAA,CAAAG,yBAAA,GAAAA,yBAAA;AAC3E,IAAAC,KAAA,GAAAP,OAAA;AAEA,IAAAQ,MAAA,GAAAR,OAAA;AACA,IAAAS,MAAA,GAAAT,OAAA;AACA,IAAAU,OAAA,GAAAV,OAAA;AAIuB,SAAAW,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAV,wBAAAc,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}
+{"version":3,"names":["require","PID","_interopRequireWildcard","exports","RP","RelyingPartySolution","Errors","WalletInstanceAttestation","_types","_trust","_types2","_crypto","_metadata","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEAA,OAAA;AAEA,IAAAC,GAAA,GAAAC,uBAAA,CAAAF,OAAA;AAA6BG,OAAA,CAAAF,GAAA,GAAAA,GAAA;AAC7B,IAAAG,EAAA,GAAAF,uBAAA,CAAAF,OAAA;AAA2B,IAAAK,oBAAA,GAAAD,EAAA;AAAAD,OAAA,CAAAC,EAAA,GAAAA,EAAA;AAAAD,OAAA,CAAAE,oBAAA,GAAAD,EAAA;AAC3B,IAAAE,MAAA,GAAAJ,uBAAA,CAAAF,OAAA;AAAyCG,OAAA,CAAAG,MAAA,GAAAA,MAAA;AACzC,IAAAC,yBAAA,GAAAL,uBAAA,CAAAF,OAAA;AAA2EG,OAAA,CAAAI,yBAAA,GAAAA,yBAAA;AAE3E,IAAAC,MAAA,GAAAR,OAAA;AACA,IAAAS,MAAA,GAAAT,OAAA;AACA,IAAAU,OAAA,GAAAV,OAAA;AAKA,IAAAW,OAAA,GAAAX,OAAA;AACA,IAAAY,SAAA,GAAAZ,OAAA;AAA8D,SAAAa,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAZ,wBAAAgB,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}

package/lib/commonjs/pid/index.js

@@ -3,16 +3,11 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-Object.defineProperty(exports, "Issuing", {
-  enumerable: true,
-  get: function () {
-    return _issuing.Issuing;
-  }
-});
-exports.SdJwt = void 0;
+exports.SdJwt = exports.Issuing = void 0;
 var SdJwt = _interopRequireWildcard(require("./sd-jwt"));
 exports.SdJwt = SdJwt;
-var _issuing = require("./issuing");
+var Issuing = _interopRequireWildcard(require("./issuing"));
+exports.Issuing = Issuing;
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
 //# sourceMappingURL=index.js.map

package/lib/commonjs/pid/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["SdJwt","_interopRequireWildcard","require","exports","_issuing","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../../src","sources":["pid/index.ts"],"mappings":";;;;;;;;;;;;AAAA,IAAAA,KAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAkCC,OAAA,CAAAH,KAAA,GAAAA,KAAA;AAClC,IAAAI,QAAA,GAAAF,OAAA;AAAoC,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}
+{"version":3,"names":["SdJwt","_interopRequireWildcard","require","exports","Issuing","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../../src","sources":["pid/index.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAkCC,OAAA,CAAAH,KAAA,GAAAA,KAAA;AAClC,IAAAI,OAAA,GAAAH,uBAAA,CAAAC,OAAA;AAAqCC,OAAA,CAAAC,OAAA,GAAAA,OAAA;AAAA,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}

package/lib/commonjs/pid/issuing.js

@@ -3,48 +3,52 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.Issuing = void 0;
+exports.getEntityConfiguration = exports.getCredential = exports.authorizeIssuing = void 0;
 var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
 var _jwk = require("../utils/jwk");
 var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
 var _errors = require("../utils/errors");
 var _dpop = require("../utils/dpop");
-var _ioReactNativeCrypto = require("@pagopa/io-react-native-crypto");
 var _metadata = require("./metadata");
+var _2 = require("..");
+var _ioReactNativeCrypto = require("@pagopa/io-react-native-crypto");
+var _3 = require(".");
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
 // This is a temporary type that will be used for demo purposes only
 
-class Issuing {
-  constructor(pidProviderBaseUrl, walletProviderBaseUrl, walletInstanceAttestation, clientId) {
-    let appFetch = arguments.length > 4 && arguments[4] !== undefined ? arguments[4] : fetch;
-    this.pidProviderBaseUrl = pidProviderBaseUrl;
-    this.walletProviderBaseUrl = walletProviderBaseUrl;
-    this.state = `${_reactNativeUuid.default.v4()}`;
-    this.codeVerifier = `${_reactNativeUuid.default.v4()}`;
-    this.authorizationCode = `${_reactNativeUuid.default.v4()}`;
-    this.walletInstanceAttestation = walletInstanceAttestation;
-    this.clientId = clientId;
-    this.appFetch = appFetch;
-  }
+/**
+ * Obtain the PID provider entity configuration.
+ */
+const getEntityConfiguration = function () {
+  let {
+    appFetch = fetch
+  } = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
+  return async relyingPartyBaseUrl => {
+    return (0, _2.getEntityConfiguration)(relyingPartyBaseUrl, {
+      appFetch: appFetch
+    }).then(_metadata.PidIssuerEntityConfiguration.parse);
+  };
+};
 
-  /**
-   * Return the unsigned jwt to call the PAR request.
-   *
-   * @function
-   * @param jwk The wallet instance attestation public JWK
-   *
-   * @returns Unsigned jwt
-   *
-   */
-  async getUnsignedJwtForPar(jwk) {
-    const parsedJwk = _jwk.JWK.parse(jwk);
-    const keyThumbprint = await (0, _ioReactNativeJwt.thumbprint)(parsedJwk);
-    const publicKey = {
-      ...parsedJwk,
+/**
+ * Make a PAR request to the PID issuer and return the response url
+ */
+exports.getEntityConfiguration = getEntityConfiguration;
+const getPar = _ref => {
+  let {
+    wiaCryptoContext,
+    appFetch = fetch
+  } = _ref;
+  return async (clientId, codeVerifier, walletProviderBaseUrl, pidProviderEntityConfiguration, walletInstanceAttestation) => {
+    // Calculate the thumbprint of the public key of the Wallet Instance Attestation.
+    // The PAR request token is signed used the Wallet Instance Attestation key.
+    // The signature can be verified by reading the public key from the key set shippet with the it will ship the Wallet Instance Attestation;
+    //  key is matched by its kid, which is supposed to be the thumbprint of its public key.
+    const keyThumbprint = await wiaCryptoContext.getPublicKey().then(_jwk.JWK.parse).then(_ioReactNativeJwt.thumbprint);
+    const codeChallenge = await (0, _ioReactNativeJwt.sha256ToBase64)(codeVerifier);
+    const signedJwtForPar = await new _ioReactNativeJwt.SignJWT(wiaCryptoContext).setProtectedHeader({
       kid: keyThumbprint
-    };
-    const codeChallenge = await (0, _ioReactNativeJwt.sha256ToBase64)(this.codeVerifier);
-    const unsignedJwtForPar = new _ioReactNativeJwt.SignJWT({
+    }).setPayload({
       client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
       authorization_details: [{
         credentialDefinition: {
@@ -55,42 +59,23 @@ class Issuing {
       }],
       response_type: "code",
       code_challenge_method: "s256",
-      redirect_uri: this.walletProviderBaseUrl,
-      state: this.state,
-      client_id: this.clientId,
+      redirect_uri: walletProviderBaseUrl,
+      state: `${_reactNativeUuid.default.v4()}`,
+      client_id: clientId,
       code_challenge: codeChallenge
-    }).setProtectedHeader({
-      alg: "ES256",
-      kid: publicKey.kid
-    }).setIssuedAt().setExpirationTime("1h").toSign();
-    return unsignedJwtForPar;
-  }
-
-  /**
-   * Make a PAR request to the PID issuer and return the response url
-   *
-   * @function
-   * @param unsignedJwtForPar The unsigned JWT for PAR
-   * @param signature The JWT for PAR signature
-   *
-   * @returns Unsigned PAR url
-   *
-   */
-  async getPar(unsignedJwtForPar, signature) {
-    const codeChallenge = await (0, _ioReactNativeJwt.sha256ToBase64)(this.codeVerifier);
-    const signedJwtForPar = await _ioReactNativeJwt.SignJWT.appendSignature(unsignedJwtForPar, signature);
-    const parUrl = new URL("/as/par", this.pidProviderBaseUrl).href;
+    }).setIssuedAt().setExpirationTime("1h").sign();
+    const parUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.pushed_authorization_request_endpoint;
     const requestBody = {
       response_type: "code",
-      client_id: this.clientId,
+      client_id: clientId,
       code_challenge: codeChallenge,
       code_challenge_method: "S256",
       client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
-      client_assertion: this.walletInstanceAttestation,
+      client_assertion: walletInstanceAttestation,
       request: signedJwtForPar
     };
     var formBody = new URLSearchParams(requestBody);
-    const response = await this.appFetch(parUrl, {
+    const response = await appFetch(parUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/x-www-form-urlencoded"
@@ -102,55 +87,56 @@ class Issuing {
       return result.request_uri;
     }
     throw new _errors.PidIssuingError(`Unable to obtain PAR. Response code: ${await response.text()}`);
-  }
+  };
+};
+
+/**
+ * Start the issuing flow by generating an authorization request to the PID Provider. Obtain from the PID Provider an access token to be used to complete the issuing flow.
+ *
+ * @param params.wiaCryptoContext The key pair associated with the WIA. Will be use to prove the ownership of the attestation.
+ * @param params.appFetch (optional) Http client
+ * @param walletInstanceAttestation Wallet Instance Attestation token.
+ * @param walletProviderBaseUrl Base url for the Wallet Provider
+ * @param pidProviderEntityConfiguration The Entity Configuration of the PID Provider, from which discover public endooints.
+ * @returns The access token along with the values that identify the issuing session.
+ */
+const authorizeIssuing = _ref2 => {
+  let {
+    wiaCryptoContext,
+    appFetch = fetch
+  } = _ref2;
+  return async (walletInstanceAttestation, walletProviderBaseUrl, pidProviderEntityConfiguration) => {
+    // FIXME: do better
+    const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
+    const codeVerifier = `${_reactNativeUuid.default.v4()}`;
+    const authorizationCode = `${_reactNativeUuid.default.v4()}`;
+    const tokenUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.token_endpoint;
+    await getPar({
+      wiaCryptoContext,
+      appFetch
+    })(clientId, codeVerifier, walletProviderBaseUrl, pidProviderEntityConfiguration, walletInstanceAttestation);
 
-  /**
-   * Return the unsigned jwt for a generic DPoP
-   *
-   * @function
-   * @param jwk the public key for which the DPoP is to be created
-   *
-   * @returns Unsigned JWT for DPoP
-   *
-   */
-  async getUnsignedDPoP(jwk) {
-    const tokenUrl = new URL("/token", this.pidProviderBaseUrl).href;
-    const dPop = (0, _dpop.getUnsignedDPop)(jwk, {
+    // Use an ephemeral key to be destroyed after use
+    const keytag = `ephemeral-${_reactNativeUuid.default.v4()}`;
+    await (0, _ioReactNativeCrypto.generate)(keytag);
+    const ephemeralContext = (0, _2.createCryptoContextFor)(keytag);
+    const signedDPop = await (0, _dpop.createDPopToken)({
       htm: "POST",
       htu: tokenUrl,
       jti: `${_reactNativeUuid.default.v4()}`
-    });
-    return dPop;
-  }
-
-  /**
-   * Make an auth token request to the PID issuer
-   *
-   * @function
-   * @returns a token response
-   *
-   */
-  async getAuthToken() {
-    //Generate fresh keys for DPoP
-    const dPopKeyTag = `${_reactNativeUuid.default.v4()}`;
-    const dPopKey = await (0, _ioReactNativeCrypto.generate)(dPopKeyTag);
-    const unsignedDPopForToken = await this.getUnsignedDPoP(dPopKey);
-    const dPopTokenSignature = await (0, _ioReactNativeCrypto.sign)(unsignedDPopForToken, dPopKeyTag);
-    await (0, _ioReactNativeCrypto.deleteKey)(dPopKeyTag);
-    const signedDPop = await _ioReactNativeJwt.SignJWT.appendSignature(unsignedDPopForToken, dPopTokenSignature);
-    const decodedJwtDPop = (0, _ioReactNativeJwt.decode)(signedDPop);
-    const tokenUrl = decodedJwtDPop.payload.htu;
+    }, ephemeralContext);
+    await (0, _ioReactNativeCrypto.deleteKey)(keytag);
     const requestBody = {
       grant_type: "authorization code",
-      client_id: this.clientId,
-      code: this.authorizationCode,
-      code_verifier: this.codeVerifier,
+      client_id: clientId,
+      code: authorizationCode,
+      code_verifier: codeVerifier,
       client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
-      client_assertion: this.walletInstanceAttestation,
-      redirect_uri: this.walletProviderBaseUrl
+      client_assertion: walletInstanceAttestation,
+      redirect_uri: walletProviderBaseUrl
     };
     var formBody = new URLSearchParams(requestBody);
-    const response = await this.appFetch(tokenUrl, {
+    const response = await appFetch(tokenUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/x-www-form-urlencoded",
@@ -159,48 +145,63 @@ class Issuing {
       body: formBody.toString()
     });
     if (response.status === 200) {
-      return await response.json();
+      const {
+        c_nonce,
+        access_token
+      } = await response.json();
+      return {
+        accessToken: access_token,
+        nonce: c_nonce,
+        clientId,
+        codeVerifier,
+        authorizationCode,
+        walletProviderBaseUrl
+      };
     }
     throw new _errors.PidIssuingError(`Unable to obtain token. Response code: ${await response.text()}`);
-  }
+  };
+};
 
-  /**
-   * Return the unsigned jwt for nonce proof of possession
-   *
-   * @function
-   * @param nonce the nonce
-   *
-   * @returns Unsigned JWT for nonce proof
-   *
-   */
-  async getUnsignedNonceProof(nonce) {
-    const unsignedProof = new _ioReactNativeJwt.SignJWT({
-      nonce
-    }).setProtectedHeader({
-      alg: "ES256",
-      type: "openid4vci-proof+jwt"
-    }).setAudience(this.walletProviderBaseUrl).setIssuer(this.clientId).setIssuedAt().setExpirationTime("1h").toSign();
-    return unsignedProof;
-  }
+/**
+ * Return the signed jwt for nonce proof of possession
+ */
+exports.authorizeIssuing = authorizeIssuing;
+const createNonceProof = async (nonce, issuer, audience, ctx) => {
+  return new _ioReactNativeJwt.SignJWT(ctx).setPayload({
+    nonce
+  }).setProtectedHeader({
+    type: "openid4vci-proof+jwt"
+  }).setAudience(audience).setIssuer(issuer).setIssuedAt().setExpirationTime("1h").sign();
+};
 
-  /**
-   * Make the credential issuing request to the PID issuer
-   *
-   * @function
-   * @param unsignedDPopForPid The unsigned JWT for PID DPoP
-   * @param dPopPidSignature The JWT for PID DPoP signature
-   * @param unsignedNonceProof The unsigned JWT for nonce proof
-   * @param nonceProofSignature The JWT for nonce proof signature
-   * @param accessToken The access token obtained with getAuthToken
-   * @param cieData Personal data read by the CIE
-   *
-   * @returns a credential
-   *
-   */
-  async getCredential(unsignedDPopForPid, dPopPidSignature, unsignedNonceProof, nonceProofSignature, accessToken, cieData) {
-    const signedDPopForPid = await _ioReactNativeJwt.SignJWT.appendSignature(unsignedDPopForPid, dPopPidSignature);
-    const signedNonceProof = await _ioReactNativeJwt.SignJWT.appendSignature(unsignedNonceProof, nonceProofSignature);
-    const credentialUrl = new URL("/credential", this.pidProviderBaseUrl).href;
+/**
+ * Complete the issuing flow and get the PID credential.
+ *
+ * @param params.pidCryptoContext The key pair associated with the PID. Will be use to prove the ownership of the credential.
+ * @param params.appFetch (optional) Http client
+ * @param authConf The authorization configuration retrieved with the access token
+ * @param cieData Data red from the CIE login process
+ * @returns The PID credential token
+ */
+const getCredential = _ref3 => {
+  let {
+    pidCryptoContext,
+    appFetch = fetch
+  } = _ref3;
+  return async (_ref4, pidProviderEntityConfiguration, cieData) => {
+    let {
+      nonce,
+      accessToken,
+      clientId,
+      walletProviderBaseUrl
+    } = _ref4;
+    const signedDPopForPid = await (0, _dpop.createDPopToken)({
+      htm: "POST",
+      htu: pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.token_endpoint,
+      jti: `${_reactNativeUuid.default.v4()}`
+    }, pidCryptoContext);
+    const signedNonceProof = await createNonceProof(nonce, clientId, walletProviderBaseUrl, pidCryptoContext);
+    const credentialUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.credential_endpoint;
     const requestBody = {
       credential_definition: JSON.stringify({
         type: ["eu.eudiw.pid.it"]
@@ -213,7 +214,7 @@ class Issuing {
       })
     };
     const formBody = new URLSearchParams(requestBody);
-    const response = await this.appFetch(credentialUrl, {
+    const response = await appFetch(credentialUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/x-www-form-urlencoded",
@@ -223,37 +224,20 @@ class Issuing {
       body: formBody.toString()
     });
     if (response.status === 200) {
-      return await response.json();
-    }
-    throw new _errors.PidIssuingError(`Unable to obtain credential!`);
-  }
-
-  /**
-   * Obtain the PID issuer metadata
-   *
-   * @function
-   * @returns PID issuer metadata
-   *
-   */
-  async getEntityConfiguration() {
-    const metadataUrl = new URL("ci/.well-known/openid-federation", this.pidProviderBaseUrl).href;
-    const response = await this.appFetch(metadataUrl);
-    if (response.status === 200) {
-      const jwtMetadata = await response.text();
-      const {
-        payload
-      } = (0, _ioReactNativeJwt.decode)(jwtMetadata);
-      const result = _metadata.PidIssuerEntityConfiguration.safeParse(payload);
-      if (result.success) {
-        const parsedMetadata = result.data;
-        await (0, _ioReactNativeJwt.verify)(jwtMetadata, parsedMetadata.jwks.keys);
-        return parsedMetadata;
-      } else {
-        throw new _errors.PidMetadataError(result.error.message);
-      }
+      const pidResponse = await response.json();
+      await validatePid(pidResponse.credential, pidCryptoContext);
+      return pidResponse;
     }
-    throw new _errors.PidMetadataError(`Unable to obtain PID metadata. Response: ${await response.text()} with status: ${response.status}`);
+    throw new _errors.PidIssuingError(`Unable to obtain credential! url=${credentialUrl} status=${response.status} body=${await response.text()}`);
+  };
+};
+exports.getCredential = getCredential;
+const validatePid = async (pidJwt, pidCryptoContext) => {
+  const decoded = _3.SdJwt.decode(pidJwt);
+  const pidKey = await pidCryptoContext.getPublicKey();
+  const holderBindedKey = decoded.sdJwt.payload.cnf.jwk;
+  if ((await (0, _ioReactNativeJwt.thumbprint)(pidKey)) !== (await (0, _ioReactNativeJwt.thumbprint)(holderBindedKey))) {
+    throw new _errors.PidIssuingError(`The obtained pid does not seem to be valid according to your configuration. Your PID public key is: ${JSON.stringify(pidKey)} but PID holder binded key is: ${JSON.stringify(holderBindedKey)}`);
   }
-}
-exports.Issuing = Issuing;
+};
 //# sourceMappingURL=issuing.js.map