@pagopa/io-react-native-wallet 0.4.2 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +98 -22
- package/lib/commonjs/index.js +12 -8
- package/lib/commonjs/index.js.map +1 -1
- package/lib/commonjs/pid/index.js +3 -8
- package/lib/commonjs/pid/index.js.map +1 -1
- package/lib/commonjs/pid/issuing.js +152 -168
- package/lib/commonjs/pid/issuing.js.map +1 -1
- package/lib/commonjs/pid/metadata.js +28 -25
- package/lib/commonjs/pid/metadata.js.map +1 -1
- package/lib/commonjs/rp/__test__/index.test.js +5 -3
- package/lib/commonjs/rp/__test__/index.test.js.map +1 -1
- package/lib/commonjs/rp/index.js +158 -154
- package/lib/commonjs/rp/index.js.map +1 -1
- package/lib/commonjs/trust/types.js +9 -7
- package/lib/commonjs/trust/types.js.map +1 -1
- package/lib/commonjs/utils/crypto.js +46 -0
- package/lib/commonjs/utils/crypto.js.map +1 -0
- package/lib/commonjs/utils/dpop.js +14 -7
- package/lib/commonjs/utils/dpop.js.map +1 -1
- package/lib/commonjs/wallet-instance-attestation/index.js +3 -3
- package/lib/commonjs/wallet-instance-attestation/issuing.js +50 -60
- package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/module/index.js +4 -3
- package/lib/module/index.js.map +1 -1
- package/lib/module/pid/index.js +1 -1
- package/lib/module/pid/index.js.map +1 -1
- package/lib/module/pid/issuing.js +151 -171
- package/lib/module/pid/issuing.js.map +1 -1
- package/lib/module/pid/metadata.js +28 -25
- package/lib/module/pid/metadata.js.map +1 -1
- package/lib/module/rp/__test__/index.test.js +1 -1
- package/lib/module/rp/__test__/index.test.js.map +1 -1
- package/lib/module/rp/index.js +155 -153
- package/lib/module/rp/index.js.map +1 -1
- package/lib/module/trust/types.js +7 -6
- package/lib/module/trust/types.js.map +1 -1
- package/lib/module/utils/crypto.js +40 -0
- package/lib/module/utils/crypto.js.map +1 -0
- package/lib/module/utils/dpop.js +13 -5
- package/lib/module/utils/dpop.js.map +1 -1
- package/lib/module/wallet-instance-attestation/index.js +2 -2
- package/lib/module/wallet-instance-attestation/index.js.map +1 -1
- package/lib/module/wallet-instance-attestation/issuing.js +48 -58
- package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/typescript/index.d.ts +4 -3
- package/lib/typescript/index.d.ts.map +1 -1
- package/lib/typescript/pid/index.d.ts +1 -1
- package/lib/typescript/pid/index.d.ts.map +1 -1
- package/lib/typescript/pid/issuing.d.ts +51 -87
- package/lib/typescript/pid/issuing.d.ts.map +1 -1
- package/lib/typescript/pid/metadata.d.ts +1338 -408
- package/lib/typescript/pid/metadata.d.ts.map +1 -1
- package/lib/typescript/rp/index.d.ts +48 -86
- package/lib/typescript/rp/index.d.ts.map +1 -1
- package/lib/typescript/rp/types.d.ts +413 -57
- package/lib/typescript/rp/types.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/index.d.ts +1 -1
- package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
- package/lib/typescript/trust/types.d.ts +1000 -274
- package/lib/typescript/trust/types.d.ts.map +1 -1
- package/lib/typescript/utils/crypto.d.ts +10 -0
- package/lib/typescript/utils/crypto.d.ts.map +1 -0
- package/lib/typescript/utils/dpop.d.ts +10 -2
- package/lib/typescript/utils/dpop.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/index.d.ts +2 -2
- package/lib/typescript/wallet-instance-attestation/index.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/issuing.d.ts +17 -31
- package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/index.ts +5 -3
- package/src/pid/index.ts +1 -1
- package/src/pid/issuing.ts +233 -225
- package/src/pid/metadata.ts +32 -27
- package/src/rp/__test__/index.test.ts +1 -1
- package/src/rp/index.ts +180 -188
- package/src/sd-jwt/index.ts +1 -1
- package/src/trust/types.ts +39 -32
- package/src/utils/crypto.ts +41 -0
- package/src/utils/dpop.ts +17 -7
- package/src/wallet-instance-attestation/index.ts +2 -2
- package/src/wallet-instance-attestation/issuing.ts +55 -62
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_jwk","_reactNativeUuid","_interopRequireDefault","_errors","_dpop","_ioReactNativeCrypto","
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_jwk","_reactNativeUuid","_interopRequireDefault","_errors","_dpop","_metadata","_2","_ioReactNativeCrypto","_3","obj","__esModule","default","getEntityConfiguration","appFetch","fetch","arguments","length","undefined","relyingPartyBaseUrl","getGenericEntityConfiguration","then","PidIssuerEntityConfiguration","parse","exports","getPar","_ref","wiaCryptoContext","clientId","codeVerifier","walletProviderBaseUrl","pidProviderEntityConfiguration","walletInstanceAttestation","keyThumbprint","getPublicKey","JWK","thumbprint","codeChallenge","sha256ToBase64","signedJwtForPar","SignJWT","setProtectedHeader","kid","setPayload","client_assertion_type","authorization_details","credentialDefinition","type","format","response_type","code_challenge_method","redirect_uri","state","uuid","v4","client_id","code_challenge","setIssuedAt","setExpirationTime","sign","parUrl","payload","metadata","openid_credential_issuer","pushed_authorization_request_endpoint","requestBody","client_assertion","request","formBody","URLSearchParams","response","method","headers","body","toString","status","result","json","request_uri","PidIssuingError","text","authorizeIssuing","_ref2","_","authorizationCode","tokenUrl","token_endpoint","keytag","generate","ephemeralContext","createCryptoContextFor","signedDPop","createDPopToken","htm","htu","jti","deleteKey","grant_type","code","code_verifier","DPoP","c_nonce","access_token","accessToken","nonce","createNonceProof","issuer","audience","ctx","setAudience","setIssuer","getCredential","_ref3","pidCryptoContext","_ref4","cieData","signedDPopForPid","signedNonceProof","credentialUrl","credential_endpoint","credential_definition","JSON","stringify","proof","jwt","proof_type","Authorization","pidResponse","validatePid","credential","pidJwt","decoded","SdJwt","decode","pidKey","holderBindedKey","sdJwt","cnf","jwk"],"sourceRoot":"../../../src","sources":["pid/issuing.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAMA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,gBAAA,GAAAC,sBAAA,CAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AACA,IAAAM,SAAA,GAAAN,OAAA;AACA,IAAAO,EAAA,GAAAP,OAAA;AAIA,IAAAQ,oBAAA,GAAAR,OAAA;AACA,IAAAS,EAAA,GAAAT,OAAA;AAA0B,SAAAG,uBAAAO,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAC1B;;AAwBA;AACA;AACA;AACO,MAAMG,sBAAsB,GACjC,SAAAA,CAAA;EAAA,IAAC;IAAEC,QAAQ,GAAGC;EAA2C,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAAA,OAC/D,MACEG,mBAA2B,IACe;IAC1C,OAAO,IAAAC,yBAA6B,EAACD,mBAAmB,EAAE;MACxDL,QAAQ,EAAEA;IACZ,CAAC,CAAC,CAACO,IAAI,CAACC,sCAA4B,CAACC,KAAK,CAAC;EAC7C,CAAC;AAAA;;AAEH;AACA;AACA;AAFAC,OAAA,CAAAX,sBAAA,GAAAA,sBAAA;AAGA,MAAMY,MAAM,GACVC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBb,QAAQ,GAAGC;EAIb,CAAC,GAAAW,IAAA;EAAA,OACD,OACEE,QAAgB,EAChBC,YAAoB,EACpBC,qBAA6B,EAC7BC,8BAA4D,EAC5DC,yBAAiC,KACb;IACpB;IACA;IACA;IACA;IACA,MAAMC,aAAa,GAAG,MAAMN,gBAAgB,CACzCO,YAAY,CAAC,CAAC,CACdb,IAAI,CAACc,QAAG,CAACZ,KAAK,CAAC,CACfF,IAAI,CAACe,4BAAU,CAAC;IAEnB,MAAMC,aAAa,GAAG,MAAM,IAAAC,gCAAc,EAACT,YAAY,CAAC;IAExD,MAAMU,eAAe,GAAG,MAAM,IAAIC,yBAAO,CAACb,gBAAgB,CAAC,CACxDc,kBAAkB,CAAC;MAClBC,GAAG,EAAET;IACP,CAAC,CAAC,CACDU,UAAU,CAAC;MACVC,qBAAqB,EACnB,wDAAwD;MAC1DC,qBAAqB,EAAE,CACrB;QACEC,oBAAoB,EAAE;UACpBC,IAAI,EAAE,CAAC,iBAAiB;QAC1B,CAAC;QACDC,MAAM,EAAE,WAAW;QACnBD,IAAI,EAAE;MACR,CAAC,CACF;MACDE,aAAa,EAAE,MAAM;MACrBC,qBAAqB,EAAE,MAAM;MAC7BC,YAAY,EAAErB,qBAAqB;MACnCsB,KAAK,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;MACrBC,SAAS,EAAE3B,QAAQ;MACnB4B,cAAc,EAAEnB;IAClB,CAAC,CAAC,CACDoB,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,MAAM,GACV7B,8BAA8B,CAAC8B,OAAO,CAACC,QAAQ,CAACC,wBAAwB,CACrEC,qCAAqC;IAE1C,MAAMC,WAAW,GAAG;MAClBhB,aAAa,EAAE,MAAM;MACrBM,SAAS,EAAE3B,QAAQ;MACnB4B,cAAc,EAAEnB,aAAa;MAC7Ba,qBAAqB,EAAE,MAAM;MAC7BN,qBAAqB,EACnB,wDAAwD;MAC1DsB,gBAAgB,EAAElC,yBAAyB;MAC3CmC,OAAO,EAAE5B;IACX,CAAC;IAED,IAAI6B,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAMxD,QAAQ,CAAC8C,MAAM,EAAE;MACtCW,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,MAAM,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MACpC,OAAOD,MAAM,CAACE,WAAW;IAC3B;IAEA,MAAM,IAAIC,uBAAe,CACtB,wCAAuC,MAAMT,QAAQ,CAACU,IAAI,CAAC,CAAE,EAChE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,gBAAgB,GAC3BC,KAAA;EAAA,IAAC;IACCvD,gBAAgB;IAChBb,QAAQ,GAAGC;EAIb,CAAC,GAAAmE,KAAA;EAAA,OACD,OACElD,yBAAiC,EACjCF,qBAA6B,EAC7BC,8BAA4D,KAC7B;IAC/B;IACA,MAAMH,QAAQ,GAAG,MAAMD,gBAAgB,CAACO,YAAY,CAAC,CAAC,CAACb,IAAI,CAAE8D,CAAC,IAAKA,CAAC,CAACzC,GAAG,CAAC;IACzE,MAAMb,YAAY,GAAI,GAAEwB,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IACnC,MAAM8B,iBAAiB,GAAI,GAAE/B,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IACxC,MAAM+B,QAAQ,GACZtD,8BAA8B,CAAC8B,OAAO,CAACC,QAAQ,CAACC,wBAAwB,CACrEuB,cAAc;IAEnB,MAAM7D,MAAM,CAAC;MAAEE,gBAAgB;MAAEb;IAAS,CAAC,CAAC,CAC1Cc,QAAQ,EACRC,YAAY,EACZC,qBAAqB,EACrBC,8BAA8B,EAC9BC,yBACF,CAAC;;IAED;IACA,MAAMuD,MAAM,GAAI,aAAYlC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IACvC,MAAM,IAAAkC,6BAAQ,EAACD,MAAM,CAAC;IACtB,MAAME,gBAAgB,GAAG,IAAAC,yBAAsB,EAACH,MAAM,CAAC;IAEvD,MAAMI,UAAU,GAAG,MAAM,IAAAC,qBAAe,EACtC;MACEC,GAAG,EAAE,MAAM;MACXC,GAAG,EAAET,QAAQ;MACbU,GAAG,EAAG,GAAE1C,wBAAI,CAACC,EAAE,CAAC,CAAE;IACpB,CAAC,EACDmC,gBACF,CAAC;IAED,MAAM,IAAAO,8BAAS,EAACT,MAAM,CAAC;IAEvB,MAAMtB,WAAW,GAAG;MAClBgC,UAAU,EAAE,oBAAoB;MAChC1C,SAAS,EAAE3B,QAAQ;MACnBsE,IAAI,EAAEd,iBAAiB;MACvBe,aAAa,EAAEtE,YAAY;MAC3Be,qBAAqB,EACnB,wDAAwD;MAC1DsB,gBAAgB,EAAElC,yBAAyB;MAC3CmB,YAAY,EAAErB;IAChB,CAAC;IACD,IAAIsC,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAMxD,QAAQ,CAACuE,QAAQ,EAAE;MACxCd,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnD4B,IAAI,EAAET;MACR,CAAC;MACDlB,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM;QAAE0B,OAAO;QAAEC;MAAa,CAAC,GAAG,MAAMhC,QAAQ,CAACO,IAAI,CAAC,CAAC;MACvD,OAAO;QACL0B,WAAW,EAAED,YAAY;QACzBE,KAAK,EAAEH,OAAO;QACdzE,QAAQ;QACRC,YAAY;QACZuD,iBAAiB;QACjBtD;MACF,CAAC;IACH;IAEA,MAAM,IAAIiD,uBAAe,CACtB,0CAAyC,MAAMT,QAAQ,CAACU,IAAI,CAAC,CAAE,EAClE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AAFAxD,OAAA,CAAAyD,gBAAA,GAAAA,gBAAA;AAGA,MAAMwB,gBAAgB,GAAG,MAAAA,CACvBD,KAAa,EACbE,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAIpE,yBAAO,CAACoE,GAAG,CAAC,CACpBjE,UAAU,CAAC;IACV6D;EACF,CAAC,CAAC,CACD/D,kBAAkB,CAAC;IAClBM,IAAI,EAAE;EACR,CAAC,CAAC,CACD8D,WAAW,CAACF,QAAQ,CAAC,CACrBG,SAAS,CAACJ,MAAM,CAAC,CACjBjD,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMoD,aAAa,GACxBC,KAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBnG,QAAQ,GAAGC;EAIb,CAAC,GAAAiG,KAAA;EAAA,OACD,OAAAE,KAAA,EAEEnF,8BAA4D,EAC5DoF,OAAgB,KACS;IAAA,IAHzB;MAAEX,KAAK;MAAED,WAAW;MAAE3E,QAAQ;MAAEE;IAAyC,CAAC,GAAAoF,KAAA;IAI1E,MAAME,gBAAgB,GAAG,MAAM,IAAAxB,qBAAe,EAC5C;MACEC,GAAG,EAAE,MAAM;MACXC,GAAG,EAAE/D,8BAA8B,CAAC8B,OAAO,CAACC,QAAQ,CACjDC,wBAAwB,CAACuB,cAAc;MAC1CS,GAAG,EAAG,GAAE1C,wBAAI,CAACC,EAAE,CAAC,CAAE;IACpB,CAAC,EACD2D,gBACF,CAAC;IACD,MAAMI,gBAAgB,GAAG,MAAMZ,gBAAgB,CAC7CD,KAAK,EACL5E,QAAQ,EACRE,qBAAqB,EACrBmF,gBACF,CAAC;IAED,MAAMK,aAAa,GACjBvF,8BAA8B,CAAC8B,OAAO,CAACC,QAAQ,CAACC,wBAAwB,CACrEwD,mBAAmB;IAExB,MAAMtD,WAAW,GAAG;MAClBuD,qBAAqB,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAE3E,IAAI,EAAE,CAAC,iBAAiB;MAAE,CAAC,CAAC;MACpEC,MAAM,EAAE,WAAW;MACnB2E,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;QACpBE,GAAG,EAAEP,gBAAgB;QACrBF,OAAO;QACPU,UAAU,EAAE;MACd,CAAC;IACH,CAAC;IACD,MAAMzD,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAEjD,MAAMK,QAAQ,GAAG,MAAMxD,QAAQ,CAACwG,aAAa,EAAE;MAC7C/C,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnD4B,IAAI,EAAEgB,gBAAgB;QACtBU,aAAa,EAAEvB;MACjB,CAAC;MACD9B,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMoD,WAAW,GAAI,MAAMzD,QAAQ,CAACO,IAAI,CAAC,CAAiB;MAC1D,MAAMmD,WAAW,CAACD,WAAW,CAACE,UAAU,EAAEhB,gBAAgB,CAAC;MAC3D,OAAOc,WAAW;IACpB;IAEA,MAAM,IAAIhD,uBAAe,CACtB,oCAAmCuC,aAAc,WAChDhD,QAAQ,CAACK,MACV,SAAQ,MAAML,QAAQ,CAACU,IAAI,CAAC,CAAE,EACjC,CAAC;EACH,CAAC;AAAA;AAACxD,OAAA,CAAAuF,aAAA,GAAAA,aAAA;AAEJ,MAAMiB,WAAW,GAAG,MAAAA,CAAOE,MAAc,EAAEjB,gBAA+B,KAAK;EAC7E,MAAMkB,OAAO,GAAGC,QAAK,CAACC,MAAM,CAACH,MAAM,CAAC;EACpC,MAAMI,MAAM,GAAG,MAAMrB,gBAAgB,CAAC/E,YAAY,CAAC,CAAC;EACpD,MAAMqG,eAAe,GAAGJ,OAAO,CAACK,KAAK,CAAC3E,OAAO,CAAC4E,GAAG,CAACC,GAAG;EAErD,IAAI,CAAC,MAAM,IAAAtG,4BAAU,EAACkG,MAAM,CAAC,OAAO,MAAM,IAAAlG,4BAAU,EAACmG,eAAe,CAAC,CAAC,EAAE;IACtE,MAAM,IAAIxD,uBAAe,CACtB,uGAAsG0C,IAAI,CAACC,SAAS,CACnHY,MACF,CAAE,kCAAiCb,IAAI,CAACC,SAAS,CAACa,eAAe,CAAE,EACrE,CAAC;EACH;AACF,CAAC"}
|
|
@@ -4,6 +4,7 @@ Object.defineProperty(exports, "__esModule", {
|
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
6
|
exports.PidIssuerEntityConfiguration = exports.PidDisplayMetadata = void 0;
|
|
7
|
+
var _types = require("../trust/types");
|
|
7
8
|
var _jwk = require("../utils/jwk");
|
|
8
9
|
var _zod = require("zod");
|
|
9
10
|
const PidDisplayMetadata = _zod.z.object({
|
|
@@ -17,33 +18,35 @@ const PidDisplayMetadata = _zod.z.object({
|
|
|
17
18
|
text_color: _zod.z.string()
|
|
18
19
|
});
|
|
19
20
|
exports.PidDisplayMetadata = PidDisplayMetadata;
|
|
20
|
-
const PidIssuerEntityConfiguration = _zod.z.object({
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
metadata: _zod.z.object({
|
|
25
|
-
openid_credential_issuer: _zod.z.object({
|
|
26
|
-
credential_issuer: _zod.z.string(),
|
|
27
|
-
authorization_endpoint: _zod.z.string(),
|
|
28
|
-
token_endpoint: _zod.z.string(),
|
|
29
|
-
pushed_authorization_request_endpoint: _zod.z.string(),
|
|
30
|
-
dpop_signing_alg_values_supported: _zod.z.array(_zod.z.string()),
|
|
31
|
-
credential_endpoint: _zod.z.string(),
|
|
32
|
-
credentials_supported: _zod.z.array(_zod.z.object({
|
|
33
|
-
format: _zod.z.literal("vc+sd-jwt"),
|
|
34
|
-
cryptographic_binding_methods_supported: _zod.z.array(_zod.z.string()),
|
|
35
|
-
cryptographic_suites_supported: _zod.z.array(_zod.z.string()),
|
|
36
|
-
display: _zod.z.array(PidDisplayMetadata)
|
|
37
|
-
}))
|
|
21
|
+
const PidIssuerEntityConfiguration = _types.EntityConfiguration.and(_zod.z.object({
|
|
22
|
+
payload: _zod.z.object({
|
|
23
|
+
jwks: _zod.z.object({
|
|
24
|
+
keys: _zod.z.array(_jwk.JWK)
|
|
38
25
|
}),
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
26
|
+
metadata: _zod.z.object({
|
|
27
|
+
openid_credential_issuer: _zod.z.object({
|
|
28
|
+
credential_issuer: _zod.z.string(),
|
|
29
|
+
authorization_endpoint: _zod.z.string(),
|
|
30
|
+
token_endpoint: _zod.z.string(),
|
|
31
|
+
pushed_authorization_request_endpoint: _zod.z.string(),
|
|
32
|
+
dpop_signing_alg_values_supported: _zod.z.array(_zod.z.string()),
|
|
33
|
+
credential_endpoint: _zod.z.string(),
|
|
34
|
+
credentials_supported: _zod.z.array(_zod.z.object({
|
|
35
|
+
format: _zod.z.literal("vc+sd-jwt"),
|
|
36
|
+
cryptographic_binding_methods_supported: _zod.z.array(_zod.z.string()),
|
|
37
|
+
cryptographic_suites_supported: _zod.z.array(_zod.z.string()),
|
|
38
|
+
display: _zod.z.array(PidDisplayMetadata)
|
|
39
|
+
}))
|
|
40
|
+
}),
|
|
41
|
+
federation_entity: _zod.z.object({
|
|
42
|
+
organization_name: _zod.z.string(),
|
|
43
|
+
homepage_uri: _zod.z.string(),
|
|
44
|
+
policy_uri: _zod.z.string(),
|
|
45
|
+
tos_uri: _zod.z.string(),
|
|
46
|
+
logo_uri: _zod.z.string()
|
|
47
|
+
})
|
|
45
48
|
})
|
|
46
49
|
})
|
|
47
|
-
});
|
|
50
|
+
}));
|
|
48
51
|
exports.PidIssuerEntityConfiguration = PidIssuerEntityConfiguration;
|
|
49
52
|
//# sourceMappingURL=metadata.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["_types","require","_jwk","_zod","PidDisplayMetadata","z","object","name","string","locale","logo","url","alt_text","background_color","text_color","exports","PidIssuerEntityConfiguration","EntityConfiguration","and","payload","jwks","keys","array","JWK","metadata","openid_credential_issuer","credential_issuer","authorization_endpoint","token_endpoint","pushed_authorization_request_endpoint","dpop_signing_alg_values_supported","credential_endpoint","credentials_supported","format","literal","cryptographic_binding_methods_supported","cryptographic_suites_supported","display","federation_entity","organization_name","homepage_uri","policy_uri","tos_uri","logo_uri"],"sourceRoot":"../../../src","sources":["pid/metadata.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,IAAA,GAAAF,OAAA;AAGO,MAAMG,kBAAkB,GAAGC,MAAC,CAACC,MAAM,CAAC;EACzCC,IAAI,EAAEF,MAAC,CAACG,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEJ,MAAC,CAACG,MAAM,CAAC,CAAC;EAClBE,IAAI,EAAEL,MAAC,CAACC,MAAM,CAAC;IACbK,GAAG,EAAEN,MAAC,CAACG,MAAM,CAAC,CAAC;IACfI,QAAQ,EAAEP,MAAC,CAACG,MAAM,CAAC;EACrB,CAAC,CAAC;EACFK,gBAAgB,EAAER,MAAC,CAACG,MAAM,CAAC,CAAC;EAC5BM,UAAU,EAAET,MAAC,CAACG,MAAM,CAAC;AACvB,CAAC,CAAC;AAACO,OAAA,CAAAX,kBAAA,GAAAA,kBAAA;AAKI,MAAMY,4BAA4B,GAAGC,0BAAmB,CAACC,GAAG,CACjEb,MAAC,CAACC,MAAM,CAAC;EACPa,OAAO,EAAEd,MAAC,CAACC,MAAM,CAAC;IAChBc,IAAI,EAAEf,MAAC,CAACC,MAAM,CAAC;MAAEe,IAAI,EAAEhB,MAAC,CAACiB,KAAK,CAACC,QAAG;IAAE,CAAC,CAAC;IACtCC,QAAQ,EAAEnB,MAAC,CAACC,MAAM,CAAC;MACjBmB,wBAAwB,EAAEpB,MAAC,CAACC,MAAM,CAAC;QACjCoB,iBAAiB,EAAErB,MAAC,CAACG,MAAM,CAAC,CAAC;QAC7BmB,sBAAsB,EAAEtB,MAAC,CAACG,MAAM,CAAC,CAAC;QAClCoB,cAAc,EAAEvB,MAAC,CAACG,MAAM,CAAC,CAAC;QAC1BqB,qCAAqC,EAAExB,MAAC,CAACG,MAAM,CAAC,CAAC;QACjDsB,iCAAiC,EAAEzB,MAAC,CAACiB,KAAK,CAACjB,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC;QACtDuB,mBAAmB,EAAE1B,MAAC,CAACG,MAAM,CAAC,CAAC;QAC/BwB,qBAAqB,EAAE3B,MAAC,CAACiB,KAAK,CAC5BjB,MAAC,CAACC,MAAM,CAAC;UACP2B,MAAM,EAAE5B,MAAC,CAAC6B,OAAO,CAAC,WAAW,CAAC;UAC9BC,uCAAuC,EAAE9B,MAAC,CAACiB,KAAK,CAACjB,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC;UAC5D4B,8BAA8B,EAAE/B,MAAC,CAACiB,KAAK,CAACjB,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC;UACnD6B,OAAO,EAAEhC,MAAC,CAACiB,KAAK,CAAClB,kBAAkB;QACrC,CAAC,CACH;MACF,CAAC,CAAC;MACFkC,iBAAiB,EAAEjC,MAAC,CAACC,MAAM,CAAC;QAC1BiC,iBAAiB,EAAElC,MAAC,CAACG,MAAM,CAAC,CAAC;QAC7BgC,YAAY,EAAEnC,MAAC,CAACG,MAAM,CAAC,CAAC;QACxBiC,UAAU,EAAEpC,MAAC,CAACG,MAAM,CAAC,CAAC;QACtBkC,OAAO,EAAErC,MAAC,CAACG,MAAM,CAAC,CAAC;QACnBmC,QAAQ,EAAEtC,MAAC,CAACG,MAAM,CAAC;MACrB,CAAC;IACH,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;AAACO,OAAA,CAAAC,4BAAA,GAAAA,4BAAA"}
|
|
@@ -1,17 +1,19 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
-
var
|
|
3
|
+
var RelyingPartySolution = _interopRequireWildcard(require(".."));
|
|
4
4
|
var _errors = require("../../utils/errors");
|
|
5
5
|
var _types = require("../types");
|
|
6
|
+
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
|
7
|
+
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
|
6
8
|
describe("decodeAuthRequestQR", () => {
|
|
7
9
|
it("should return authentication request URL", async () => {
|
|
8
10
|
const qrcode = "ZXVkaXc6Ly9hdXRob3JpemU/Y2xpZW50X2lkPWh0dHBzOi8vdmVyaWZpZXIuZXhhbXBsZS5vcmcmcmVxdWVzdF91cmk9aHR0cHM6Ly92ZXJpZmllci5leGFtcGxlLm9yZy9yZXF1ZXN0X3VyaQ==";
|
|
9
|
-
const result =
|
|
11
|
+
const result = RelyingPartySolution.decodeAuthRequestQR(qrcode);
|
|
10
12
|
expect(result.requestURI).toEqual("https://verifier.example.org/request_uri");
|
|
11
13
|
});
|
|
12
14
|
it("should throw exception with invalid QR", async () => {
|
|
13
15
|
const qrcode = "aHR0cDovL2dvb2dsZS5pdA==";
|
|
14
|
-
expect(() =>
|
|
16
|
+
expect(() => RelyingPartySolution.decodeAuthRequestQR(qrcode)).toThrowError(_errors.AuthRequestDecodeError);
|
|
15
17
|
});
|
|
16
18
|
});
|
|
17
19
|
describe("RpEntityConfiguration", () => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["RelyingPartySolution","_interopRequireWildcard","require","_errors","_types","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","describe","it","qrcode","result","decodeAuthRequestQR","expect","requestURI","toEqual","toThrowError","AuthRequestDecodeError","pp","header","alg","kid","typ","payload","exp","iat","iss","sub","jwks","keys","kty","e","n","metadata","federation_entity","organization_name","homepage_uri","policy_uri","logo_uri","contacts","wallet_relying_party","application_type","authorization_encrypted_response_alg","authorization_encrypted_response_enc","authorization_signed_response_alg","client_id","client_name","default_acr_values","default_max_age","id_token_encrypted_response_alg","id_token_encrypted_response_enc","id_token_signed_response_alg","presentation_definitions","id","input_descriptors","format","constraints","fields","filter","const","type","path","intent_to_retain","limit_disclosure","jwt","mso_mdoc","redirect_uris","request_uris","require_auth_time","subject_type","vp_formats","jwt_vp_json","crv","d","use","x","y","p","q","authority_hints","RpEntityConfiguration","safeParse","success","error","toBe"],"sourceRoot":"../../../../src","sources":["rp/__test__/index.test.ts"],"mappings":";;AAAA,IAAAA,oBAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAAiD,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEjDW,QAAQ,CAAC,qBAAqB,EAAE,MAAM;EACpCC,EAAE,CAAC,0CAA0C,EAAE,YAAY;IACzD,MAAMC,MAAM,GACV,sJAAsJ;IACxJ,MAAMC,MAAM,GAAG9B,oBAAoB,CAAC+B,mBAAmB,CAACF,MAAM,CAAC;IAC/DG,MAAM,CAACF,MAAM,CAACG,UAAU,CAAC,CAACC,OAAO,CAC/B,0CACF,CAAC;EACH,CAAC,CAAC;EACFN,EAAE,CAAC,wCAAwC,EAAE,YAAY;IACvD,MAAMC,MAAM,GAAG,0BAA0B;IACzCG,MAAM,CAAC,MAAMhC,oBAAoB,CAAC+B,mBAAmB,CAACF,MAAM,CAAC,CAAC,CAACM,YAAY,CACzEC,8BACF,CAAC;EACH,CAAC,CAAC;AACJ,CAAC,CAAC;AAEFT,QAAQ,CAAC,uBAAuB,EAAE,MAAM;EACtCC,EAAE,CAAC,2BAA2B,EAAE,YAAY;IAC1C,MAAMS,EAAE,GAAG;MACTC,MAAM,EAAE;QACNC,GAAG,EAAE,OAAO;QACZC,GAAG,EAAE,6CAA6C;QAClDC,GAAG,EAAE;MACP,CAAC;MACDC,OAAO,EAAE;QACPC,GAAG,EAAE,UAAU;QACfC,GAAG,EAAE,UAAU;QACfC,GAAG,EAAE,+DAA+D;QACpEC,GAAG,EAAE,+DAA+D;QACpEC,IAAI,EAAE;UACJC,IAAI,EAAE,CACJ;YACEC,GAAG,EAAE,KAAK;YACVT,GAAG,EAAE,6CAA6C;YAClDU,CAAC,EAAE,MAAM;YACTC,CAAC,EAAE;UACL,CAAC;QAEL,CAAC;QACDC,QAAQ,EAAE;UACRC,iBAAiB,EAAE;YACjBC,iBAAiB,EAAE,iBAAiB;YACpCC,YAAY,EAAE,iCAAiC;YAC/CC,UAAU,EAAE,iCAAiC;YAC7CC,QAAQ,EAAE,iCAAiC;YAC3CC,QAAQ,EAAE,CAAC,iCAAiC;UAC9C,CAAC;UACDC,oBAAoB,EAAE;YACpBC,gBAAgB,EAAE,KAAK;YACvBC,oCAAoC,EAAE,CACpC,UAAU,EACV,cAAc,EACd,SAAS,EACT,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,CACjB;YACDC,oCAAoC,EAAE,CACpC,eAAe,EACf,eAAe,EACf,eAAe,EACf,SAAS,EACT,SAAS,EACT,SAAS,CACV;YACDC,iCAAiC,EAAE,CACjC,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,CACR;YACDC,SAAS,EACP,+DAA+D;YACjEC,WAAW,EAAE,iCAAiC;YAC9CP,QAAQ,EAAE,CAAC,0BAA0B,CAAC;YACtCQ,kBAAkB,EAAE,CAClB,gCAAgC,EAChC,gCAAgC,CACjC;YACDC,eAAe,EAAE,IAAI;YACrBC,+BAA+B,EAAE,CAC/B,UAAU,EACV,cAAc,EACd,SAAS,EACT,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,CACjB;YACDC,+BAA+B,EAAE,CAC/B,eAAe,EACf,eAAe,EACf,eAAe,EACf,SAAS,EACT,SAAS,EACT,SAAS,CACV;YACDC,4BAA4B,EAAE,CAC5B,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,CACR;YACDC,wBAAwB,EAAE,CACxB;cACEC,EAAE,EAAE,6CAA6C;cACjDC,iBAAiB,EAAE,CACjB;gBACED,EAAE,EAAE,6CAA6C;gBACjDE,MAAM,EAAE;kBACNC,WAAW,EAAE;oBACXC,MAAM,EAAE,CACN;sBACEC,MAAM,EAAE;wBACNC,KAAK,EAAE,0BAA0B;wBACjCC,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,eAAe;oBACxB,CAAC,EACD;sBACEH,MAAM,EAAE;wBACNE,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,cAAc;oBACvB,CAAC,EACD;sBACEC,gBAAgB,EAAE,MAAM;sBACxBD,IAAI,EAAE,CAAC,sBAAsB;oBAC/B,CAAC,EACD;sBACEC,gBAAgB,EAAE,MAAM;sBACxBD,IAAI,EAAE,CAAC,qBAAqB;oBAC9B,CAAC,EACD;sBACEC,gBAAgB,EAAE,MAAM;sBACxBD,IAAI,EAAE,CAAC,oBAAoB;oBAC7B,CAAC,CACF;oBACDE,gBAAgB,EAAE;kBACpB,CAAC;kBACDC,GAAG,EAAE;oBACH5C,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;kBACxB;gBACF;cACF,CAAC;YAEL,CAAC,EACD;cACEiC,EAAE,EAAE,gBAAgB;cACpBC,iBAAiB,EAAE,CACjB;gBACEC,MAAM,EAAE;kBACNC,WAAW,EAAE;oBACXC,MAAM,EAAE,CACN;sBACEC,MAAM,EAAE;wBACNC,KAAK,EAAE,uBAAuB;wBAC9BC,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,gBAAgB;oBACzB,CAAC,EACD;sBACEH,MAAM,EAAE;wBACNC,KAAK,EAAE,mBAAmB;wBAC1BC,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,kBAAkB;oBAC3B,CAAC,EACD;sBACEC,gBAAgB,EAAE,OAAO;sBACzBD,IAAI,EAAE,CAAC,oBAAoB;oBAC7B,CAAC,EACD;sBACEC,gBAAgB,EAAE,OAAO;sBACzBD,IAAI,EAAE,CAAC,iBAAiB;oBAC1B,CAAC,EACD;sBACEC,gBAAgB,EAAE,OAAO;sBACzBD,IAAI,EAAE,CAAC,2BAA2B;oBACpC,CAAC,CACF;oBACDE,gBAAgB,EAAE;kBACpB,CAAC;kBACDE,QAAQ,EAAE;oBACR7C,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;kBACxB;gBACF,CAAC;gBACDiC,EAAE,EAAE;cACN,CAAC;YAEL,CAAC,CACF;YACDa,aAAa,EAAE,CACb,4EAA4E,CAC7E;YACDC,YAAY,EAAE,CACZ,2EAA2E,CAC5E;YACDC,iBAAiB,EAAE,IAAI;YACvBC,YAAY,EAAE,UAAU;YACxBC,UAAU,EAAE;cACVC,WAAW,EAAE;gBACXnD,GAAG,EAAE,CAAC,OAAO,EAAE,QAAQ;cACzB;YACF,CAAC;YACDQ,IAAI,EAAE,CACJ;cACE4C,GAAG,EAAE,OAAO;cACZC,CAAC,EAAE,6CAA6C;cAChDpD,GAAG,EAAE,6CAA6C;cAClDqD,GAAG,EAAE,KAAK;cACV5C,GAAG,EAAE,IAAI;cACT6C,CAAC,EAAE,6CAA6C;cAChDC,CAAC,EAAE;YACL,CAAC,EACD;cACE9C,GAAG,EAAE,KAAK;cACV2C,CAAC,EAAE,wVAAwV;cAC3V1C,CAAC,EAAE,MAAM;cACT2C,GAAG,EAAE,KAAK;cACVrD,GAAG,EAAE,6CAA6C;cAClDW,CAAC,EAAE,wVAAwV;cAC3V6C,CAAC,EAAE,6KAA6K;cAChLC,CAAC,EAAE;YACL,CAAC;UAEL;QACF,CAAC;QACDC,eAAe,EAAE,CACf,0DAA0D;MAE9D;IACF,CAAC;IACD,MAAMpE,MAAM,GAAGqE,4BAAqB,CAACC,SAAS,CAAC/D,EAAE,CAAC;IAClD,IAAIP,MAAM,CAACuE,OAAO,KAAK,KAAK,EAAE;MAC5B,MAAMvE,MAAM,CAACwE,KAAK;IACpB;IACAtE,MAAM,CAACF,MAAM,CAACuE,OAAO,CAAC,CAACE,IAAI,CAAC,IAAI,CAAC;EACnC,CAAC,CAAC;AACJ,CAAC,CAAC"}
|
package/lib/commonjs/rp/index.js
CHANGED
|
@@ -3,88 +3,96 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.
|
|
6
|
+
exports.sendAuthorizationResponse = exports.getRequestObject = exports.getEntityConfiguration = exports.decodeAuthRequestQR = void 0;
|
|
7
7
|
var _errors = require("../utils/errors");
|
|
8
8
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
9
9
|
var _types = require("./types");
|
|
10
10
|
var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
|
|
11
11
|
var _sdJwt = require("../sd-jwt");
|
|
12
12
|
var _trust = require("../trust");
|
|
13
|
+
var _dpop = require("../utils/dpop");
|
|
14
|
+
var _2 = require("..");
|
|
13
15
|
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
16
|
+
/**
|
|
17
|
+
* Select a RSA public key from those provided by the RP to encrypt.
|
|
18
|
+
*
|
|
19
|
+
* @param entity The RP entity configuration
|
|
20
|
+
* @returns A suitable public key with its compatible encryption algorithm
|
|
21
|
+
* @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
|
|
22
|
+
*/
|
|
23
|
+
const chooseRSAPublicKeyToEncrypt = entity => {
|
|
24
|
+
const [usingRsa256] = entity.payload.metadata.wallet_relying_party.jwks.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
|
|
25
|
+
if (usingRsa256) {
|
|
26
|
+
return usingRsa256;
|
|
20
27
|
}
|
|
21
28
|
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
29
|
+
// No suitable key has been found
|
|
30
|
+
throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
|
|
31
|
+
};
|
|
32
|
+
|
|
33
|
+
/**
|
|
34
|
+
* Obtain the relying party entity configuration.
|
|
35
|
+
*/
|
|
36
|
+
const getEntityConfiguration = function () {
|
|
37
|
+
let {
|
|
38
|
+
appFetch = fetch
|
|
39
|
+
} = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
|
|
40
|
+
return async relyingPartyBaseUrl => {
|
|
41
|
+
return (0, _trust.getEntityConfiguration)(relyingPartyBaseUrl, {
|
|
42
|
+
appFetch: appFetch
|
|
43
|
+
}).then(_types.RpEntityConfiguration.parse);
|
|
44
|
+
};
|
|
45
|
+
};
|
|
46
|
+
|
|
47
|
+
/**
|
|
48
|
+
* Decode a QR code content to an authentication request url.
|
|
49
|
+
* @function
|
|
50
|
+
* @param qrcode QR code content
|
|
51
|
+
*
|
|
52
|
+
* @returns The authentication request url
|
|
53
|
+
*
|
|
54
|
+
*/
|
|
55
|
+
exports.getEntityConfiguration = getEntityConfiguration;
|
|
56
|
+
const decodeAuthRequestQR = qrcode => {
|
|
57
|
+
const decoded = (0, _ioReactNativeJwt.decodeBase64)(qrcode);
|
|
58
|
+
const decodedUrl = new URL(decoded);
|
|
59
|
+
const protocol = decodedUrl.protocol;
|
|
60
|
+
const resource = decodedUrl.hostname;
|
|
61
|
+
const requestURI = decodedUrl.searchParams.get("request_uri");
|
|
62
|
+
const clientId = decodedUrl.searchParams.get("client_id");
|
|
63
|
+
const result = _types.QRCodePayload.safeParse({
|
|
64
|
+
protocol,
|
|
65
|
+
resource,
|
|
66
|
+
requestURI,
|
|
67
|
+
clientId
|
|
68
|
+
});
|
|
69
|
+
if (result.success) {
|
|
70
|
+
return result.data;
|
|
71
|
+
} else {
|
|
72
|
+
throw new _errors.AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
|
|
48
73
|
}
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
74
|
+
};
|
|
75
|
+
exports.decodeAuthRequestQR = decodeAuthRequestQR;
|
|
76
|
+
/**
|
|
77
|
+
* Obtain the Request Object for RP authentication
|
|
78
|
+
* @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
|
|
79
|
+
*/
|
|
80
|
+
const getRequestObject = _ref => {
|
|
81
|
+
let {
|
|
82
|
+
wiaCryptoContext,
|
|
83
|
+
appFetch = fetch
|
|
84
|
+
} = _ref;
|
|
85
|
+
return async (walletInstanceAttestation, requestUri, rpEntityConfiguration) => {
|
|
86
|
+
const signedWalletInstanceDPoP = await (0, _dpop.createDPopToken)({
|
|
61
87
|
jti: `${_reactNativeUuid.default.v4()}`,
|
|
62
88
|
htm: "GET",
|
|
63
|
-
htu:
|
|
64
|
-
ath: await (0, _ioReactNativeJwt.sha256ToBase64)(
|
|
65
|
-
})
|
|
66
|
-
|
|
67
|
-
jwk: walletInstanceAttestationJwk,
|
|
68
|
-
typ: "dpop+jwt"
|
|
69
|
-
}).setIssuedAt().setExpirationTime("1h").toSign();
|
|
70
|
-
}
|
|
71
|
-
|
|
72
|
-
/**
|
|
73
|
-
* Obtain the Request Object for RP authentication
|
|
74
|
-
* @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
|
|
75
|
-
*
|
|
76
|
-
* @async @function
|
|
77
|
-
* @param signedWalletInstanceDPoP JWT of the Wallet Instance Attestation DPoP
|
|
78
|
-
*
|
|
79
|
-
* @returns The Request Object JWT
|
|
80
|
-
* @throws {NoSuitableKeysFoundInEntityConfiguration} When the Request Object is signed with a key not listed in RP's entity configuration
|
|
81
|
-
*
|
|
82
|
-
*/
|
|
83
|
-
async getRequestObject(signedWalletInstanceDPoP, requestUri, entity) {
|
|
84
|
-
const response = await this.appFetch(requestUri, {
|
|
89
|
+
htu: requestUri,
|
|
90
|
+
ath: await (0, _ioReactNativeJwt.sha256ToBase64)(walletInstanceAttestation)
|
|
91
|
+
}, wiaCryptoContext);
|
|
92
|
+
const response = await appFetch(requestUri, {
|
|
85
93
|
method: "GET",
|
|
86
94
|
headers: {
|
|
87
|
-
Authorization: `DPoP ${
|
|
95
|
+
Authorization: `DPoP ${walletInstanceAttestation}`,
|
|
88
96
|
DPoP: signedWalletInstanceDPoP
|
|
89
97
|
}
|
|
90
98
|
});
|
|
@@ -96,10 +104,10 @@ class RelyingPartySolution {
|
|
|
96
104
|
// verify token signature according to RP's entity configuration
|
|
97
105
|
// to ensure the request object is authentic
|
|
98
106
|
{
|
|
99
|
-
const pubKey =
|
|
107
|
+
const pubKey = rpEntityConfiguration.payload.metadata.wallet_relying_party.jwks.find(_ref2 => {
|
|
100
108
|
let {
|
|
101
109
|
kid
|
|
102
|
-
} =
|
|
110
|
+
} = _ref2;
|
|
103
111
|
return kid === responseJwt.protectedHeader.kid;
|
|
104
112
|
});
|
|
105
113
|
if (!pubKey) {
|
|
@@ -109,55 +117,64 @@ class RelyingPartySolution {
|
|
|
109
117
|
}
|
|
110
118
|
|
|
111
119
|
// parse request object it has the expected shape by specification
|
|
112
|
-
const
|
|
120
|
+
const requestObject = _types.RequestObject.parse({
|
|
113
121
|
header: responseJwt.protectedHeader,
|
|
114
122
|
payload: responseJwt.payload
|
|
115
123
|
});
|
|
116
|
-
return
|
|
124
|
+
return {
|
|
125
|
+
requestObject,
|
|
126
|
+
rpEntityConfiguration,
|
|
127
|
+
walletInstanceAttestation
|
|
128
|
+
};
|
|
117
129
|
}
|
|
118
|
-
throw new _errors.IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}
|
|
119
|
-
|
|
130
|
+
throw new _errors.IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}
|
|
131
|
+
${await response.text()}`);
|
|
132
|
+
};
|
|
133
|
+
};
|
|
120
134
|
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
// TODO: [SIW-353] support multiple presentations,
|
|
140
|
-
signKeyId) {
|
|
141
|
-
let [vc, claims] = _ref2;
|
|
135
|
+
/**
|
|
136
|
+
* Prepare the Verified Presentation token for a received request object in the context of an authorization request flow.
|
|
137
|
+
* The presentation is prepared by disclosing data from provided credentials, according to requested claims
|
|
138
|
+
* Each Verified Credential come along with the claims the user accepts to disclose from it.
|
|
139
|
+
*
|
|
140
|
+
* @todo accept more than a Verified Credential
|
|
141
|
+
*/
|
|
142
|
+
exports.getRequestObject = getRequestObject;
|
|
143
|
+
const prepareVpToken = _ref3 => {
|
|
144
|
+
let {
|
|
145
|
+
pidCryptoContext
|
|
146
|
+
} = _ref3;
|
|
147
|
+
return async (_ref4, _ref5) => {
|
|
148
|
+
let {
|
|
149
|
+
requestObject,
|
|
150
|
+
walletInstanceAttestation
|
|
151
|
+
} = _ref4;
|
|
152
|
+
let [vc, claims] = _ref5;
|
|
142
153
|
// this throws if vc cannot satisfy all the requested claims
|
|
143
154
|
const {
|
|
144
155
|
token: vp,
|
|
145
156
|
paths
|
|
146
157
|
} = await (0, _sdJwt.disclose)(vc, claims);
|
|
147
158
|
|
|
148
|
-
//
|
|
159
|
+
// obtain issuer from Wallet Instance
|
|
160
|
+
const {
|
|
161
|
+
payload: {
|
|
162
|
+
iss
|
|
163
|
+
}
|
|
164
|
+
} = _2.WalletInstanceAttestation.decode(walletInstanceAttestation);
|
|
165
|
+
const pidKid = await pidCryptoContext.getPublicKey().then(_ => _.kid);
|
|
149
166
|
|
|
150
|
-
|
|
167
|
+
// TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
|
|
168
|
+
const vp_token = await new _ioReactNativeJwt.SignJWT(pidCryptoContext).setProtectedHeader({
|
|
169
|
+
typ: "JWT",
|
|
170
|
+
kid: pidKid
|
|
171
|
+
}).setPayload({
|
|
151
172
|
vp: vp,
|
|
152
173
|
jti: `${_reactNativeUuid.default.v4()}`,
|
|
153
|
-
iss
|
|
154
|
-
nonce:
|
|
155
|
-
}).setAudience(
|
|
156
|
-
|
|
157
|
-
alg: "ES256",
|
|
158
|
-
kid: signKeyId
|
|
159
|
-
}).toSign();
|
|
160
|
-
const vc_scope = requestObj.payload.scope;
|
|
174
|
+
iss,
|
|
175
|
+
nonce: requestObject.payload.nonce
|
|
176
|
+
}).setAudience(requestObject.payload.response_uri).setIssuedAt().setExpirationTime("1h").sign();
|
|
177
|
+
const vc_scope = requestObject.payload.scope;
|
|
161
178
|
const presentation_submission = {
|
|
162
179
|
definition_id: `${_reactNativeUuid.default.v4()}`,
|
|
163
180
|
id: `${_reactNativeUuid.default.v4()}`,
|
|
@@ -171,30 +188,43 @@ class RelyingPartySolution {
|
|
|
171
188
|
vp_token,
|
|
172
189
|
presentation_submission
|
|
173
190
|
};
|
|
174
|
-
}
|
|
191
|
+
};
|
|
192
|
+
};
|
|
175
193
|
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
194
|
+
/**
|
|
195
|
+
* Compose and send an Authorization Response in the context of an authorization request flow.
|
|
196
|
+
*
|
|
197
|
+
* @todo MUST add presentation_submission
|
|
198
|
+
*
|
|
199
|
+
*/
|
|
200
|
+
const sendAuthorizationResponse = _ref6 => {
|
|
201
|
+
let {
|
|
202
|
+
pidCryptoContext,
|
|
203
|
+
appFetch = fetch
|
|
204
|
+
} = _ref6;
|
|
205
|
+
return async (_ref7, presentation) => {
|
|
206
|
+
let {
|
|
207
|
+
requestObject,
|
|
208
|
+
rpEntityConfiguration,
|
|
209
|
+
walletInstanceAttestation
|
|
210
|
+
} = _ref7;
|
|
191
211
|
// the request is an unsigned jws without iss, aud, exp
|
|
192
212
|
// https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
|
|
193
|
-
const jwk =
|
|
213
|
+
const jwk = chooseRSAPublicKeyToEncrypt(rpEntityConfiguration);
|
|
214
|
+
const {
|
|
215
|
+
vp_token,
|
|
216
|
+
presentation_submission
|
|
217
|
+
} = await prepareVpToken({
|
|
218
|
+
pidCryptoContext
|
|
219
|
+
})({
|
|
220
|
+
requestObject,
|
|
221
|
+
rpEntityConfiguration,
|
|
222
|
+
walletInstanceAttestation
|
|
223
|
+
}, presentation);
|
|
194
224
|
const authzResponsePayload = JSON.stringify({
|
|
195
|
-
state:
|
|
225
|
+
state: requestObject.payload.state,
|
|
196
226
|
presentation_submission,
|
|
197
|
-
nonce:
|
|
227
|
+
nonce: requestObject.payload.nonce,
|
|
198
228
|
vp_token
|
|
199
229
|
});
|
|
200
230
|
const encrypted = await new _ioReactNativeJwt.EncryptJwe(authzResponsePayload, {
|
|
@@ -206,7 +236,7 @@ class RelyingPartySolution {
|
|
|
206
236
|
response: encrypted
|
|
207
237
|
});
|
|
208
238
|
const body = formBody.toString();
|
|
209
|
-
const response = await
|
|
239
|
+
const response = await appFetch(requestObject.payload.response_uri, {
|
|
210
240
|
method: "POST",
|
|
211
241
|
headers: {
|
|
212
242
|
"Content-Type": "application/x-www-form-urlencoded"
|
|
@@ -217,33 +247,7 @@ class RelyingPartySolution {
|
|
|
217
247
|
return await response.json();
|
|
218
248
|
}
|
|
219
249
|
throw new _errors.IoWalletError(`Unable to send Authorization Response. Response: ${await response.text()} with code: ${response.status}`);
|
|
220
|
-
}
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
* Select a RSA public key from those provided by the RP to encrypt.
|
|
224
|
-
*
|
|
225
|
-
* @param entity The RP entity configuration
|
|
226
|
-
* @returns A suitable public key with its compatible encryption algorithm
|
|
227
|
-
* @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
|
|
228
|
-
*/
|
|
229
|
-
chooseRSAPublicKeyToEncrypt(entity) {
|
|
230
|
-
const [usingRsa256] = entity.payload.metadata.wallet_relying_party.jwks.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
|
|
231
|
-
if (usingRsa256) {
|
|
232
|
-
return usingRsa256;
|
|
233
|
-
}
|
|
234
|
-
|
|
235
|
-
// No suitable key has been found
|
|
236
|
-
throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
|
|
237
|
-
}
|
|
238
|
-
|
|
239
|
-
/**
|
|
240
|
-
* Obtain the relying party entity configuration.
|
|
241
|
-
*/
|
|
242
|
-
async getEntityConfiguration() {
|
|
243
|
-
return (0, _trust.getEntityConfiguration)(this.relyingPartyBaseUrl, {
|
|
244
|
-
appFetch: this.appFetch
|
|
245
|
-
}).then(_types.RpEntityConfiguration.parse);
|
|
246
|
-
}
|
|
247
|
-
}
|
|
248
|
-
exports.RelyingPartySolution = RelyingPartySolution;
|
|
250
|
+
};
|
|
251
|
+
};
|
|
252
|
+
exports.sendAuthorizationResponse = sendAuthorizationResponse;
|
|
249
253
|
//# sourceMappingURL=index.js.map
|