@pagopa/io-react-native-wallet 0.4.2 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- package/README.md +98 -22
- package/lib/commonjs/index.js +12 -8
- package/lib/commonjs/index.js.map +1 -1
- package/lib/commonjs/pid/index.js +3 -8
- package/lib/commonjs/pid/index.js.map +1 -1
- package/lib/commonjs/pid/issuing.js +152 -168
- package/lib/commonjs/pid/issuing.js.map +1 -1
- package/lib/commonjs/pid/metadata.js +28 -25
- package/lib/commonjs/pid/metadata.js.map +1 -1
- package/lib/commonjs/rp/__test__/index.test.js +5 -3
- package/lib/commonjs/rp/__test__/index.test.js.map +1 -1
- package/lib/commonjs/rp/index.js +158 -154
- package/lib/commonjs/rp/index.js.map +1 -1
- package/lib/commonjs/trust/types.js +9 -7
- package/lib/commonjs/trust/types.js.map +1 -1
- package/lib/commonjs/utils/crypto.js +46 -0
- package/lib/commonjs/utils/crypto.js.map +1 -0
- package/lib/commonjs/utils/dpop.js +14 -7
- package/lib/commonjs/utils/dpop.js.map +1 -1
- package/lib/commonjs/wallet-instance-attestation/index.js +3 -3
- package/lib/commonjs/wallet-instance-attestation/issuing.js +50 -60
- package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/module/index.js +4 -3
- package/lib/module/index.js.map +1 -1
- package/lib/module/pid/index.js +1 -1
- package/lib/module/pid/index.js.map +1 -1
- package/lib/module/pid/issuing.js +151 -171
- package/lib/module/pid/issuing.js.map +1 -1
- package/lib/module/pid/metadata.js +28 -25
- package/lib/module/pid/metadata.js.map +1 -1
- package/lib/module/rp/__test__/index.test.js +1 -1
- package/lib/module/rp/__test__/index.test.js.map +1 -1
- package/lib/module/rp/index.js +155 -153
- package/lib/module/rp/index.js.map +1 -1
- package/lib/module/trust/types.js +7 -6
- package/lib/module/trust/types.js.map +1 -1
- package/lib/module/utils/crypto.js +40 -0
- package/lib/module/utils/crypto.js.map +1 -0
- package/lib/module/utils/dpop.js +13 -5
- package/lib/module/utils/dpop.js.map +1 -1
- package/lib/module/wallet-instance-attestation/index.js +2 -2
- package/lib/module/wallet-instance-attestation/index.js.map +1 -1
- package/lib/module/wallet-instance-attestation/issuing.js +48 -58
- package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/typescript/index.d.ts +4 -3
- package/lib/typescript/index.d.ts.map +1 -1
- package/lib/typescript/pid/index.d.ts +1 -1
- package/lib/typescript/pid/index.d.ts.map +1 -1
- package/lib/typescript/pid/issuing.d.ts +51 -87
- package/lib/typescript/pid/issuing.d.ts.map +1 -1
- package/lib/typescript/pid/metadata.d.ts +1338 -408
- package/lib/typescript/pid/metadata.d.ts.map +1 -1
- package/lib/typescript/rp/index.d.ts +48 -86
- package/lib/typescript/rp/index.d.ts.map +1 -1
- package/lib/typescript/rp/types.d.ts +413 -57
- package/lib/typescript/rp/types.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/index.d.ts +1 -1
- package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
- package/lib/typescript/trust/types.d.ts +1000 -274
- package/lib/typescript/trust/types.d.ts.map +1 -1
- package/lib/typescript/utils/crypto.d.ts +10 -0
- package/lib/typescript/utils/crypto.d.ts.map +1 -0
- package/lib/typescript/utils/dpop.d.ts +10 -2
- package/lib/typescript/utils/dpop.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/index.d.ts +2 -2
- package/lib/typescript/wallet-instance-attestation/index.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/issuing.d.ts +17 -31
- package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/index.ts +5 -3
- package/src/pid/index.ts +1 -1
- package/src/pid/issuing.ts +233 -225
- package/src/pid/metadata.ts +32 -27
- package/src/rp/__test__/index.test.ts +1 -1
- package/src/rp/index.ts +180 -188
- package/src/sd-jwt/index.ts +1 -1
- package/src/trust/types.ts +39 -32
- package/src/utils/crypto.ts +41 -0
- package/src/utils/dpop.ts +17 -7
- package/src/wallet-instance-attestation/index.ts +2 -2
- package/src/wallet-instance-attestation/issuing.ts +55 -62
package/lib/module/rp/index.js
CHANGED
@@ -3,81 +3,88 @@ import { decode as decodeJwt, decodeBase64, sha256ToBase64, SignJWT, EncryptJwe,
|
|
3
3
|
import { QRCodePayload, RequestObject, RpEntityConfiguration } from "./types";
|
4
4
|
import uuid from "react-native-uuid";
|
5
5
|
import { disclose } from "../sd-jwt";
|
6
|
-
import { getEntityConfiguration } from "../trust";
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
6
|
+
import { getEntityConfiguration as getGenericEntityConfiguration } from "../trust";
|
7
|
+
import { createDPopToken } from "../utils/dpop";
|
8
|
+
import { WalletInstanceAttestation } from "..";
|
9
|
+
|
10
|
+
/**
|
11
|
+
* Select a RSA public key from those provided by the RP to encrypt.
|
12
|
+
*
|
13
|
+
* @param entity The RP entity configuration
|
14
|
+
* @returns A suitable public key with its compatible encryption algorithm
|
15
|
+
* @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
|
16
|
+
*/
|
17
|
+
const chooseRSAPublicKeyToEncrypt = entity => {
|
18
|
+
const [usingRsa256] = entity.payload.metadata.wallet_relying_party.jwks.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
|
19
|
+
if (usingRsa256) {
|
20
|
+
return usingRsa256;
|
13
21
|
}
|
14
22
|
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
23
|
+
// No suitable key has been found
|
24
|
+
throw new NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
|
25
|
+
};
|
26
|
+
|
27
|
+
/**
|
28
|
+
* Obtain the relying party entity configuration.
|
29
|
+
*/
|
30
|
+
export const getEntityConfiguration = function () {
|
31
|
+
let {
|
32
|
+
appFetch = fetch
|
33
|
+
} = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
|
34
|
+
return async relyingPartyBaseUrl => {
|
35
|
+
return getGenericEntityConfiguration(relyingPartyBaseUrl, {
|
36
|
+
appFetch: appFetch
|
37
|
+
}).then(RpEntityConfiguration.parse);
|
38
|
+
};
|
39
|
+
};
|
40
|
+
|
41
|
+
/**
|
42
|
+
* Decode a QR code content to an authentication request url.
|
43
|
+
* @function
|
44
|
+
* @param qrcode QR code content
|
45
|
+
*
|
46
|
+
* @returns The authentication request url
|
47
|
+
*
|
48
|
+
*/
|
49
|
+
export const decodeAuthRequestQR = qrcode => {
|
50
|
+
const decoded = decodeBase64(qrcode);
|
51
|
+
const decodedUrl = new URL(decoded);
|
52
|
+
const protocol = decodedUrl.protocol;
|
53
|
+
const resource = decodedUrl.hostname;
|
54
|
+
const requestURI = decodedUrl.searchParams.get("request_uri");
|
55
|
+
const clientId = decodedUrl.searchParams.get("client_id");
|
56
|
+
const result = QRCodePayload.safeParse({
|
57
|
+
protocol,
|
58
|
+
resource,
|
59
|
+
requestURI,
|
60
|
+
clientId
|
61
|
+
});
|
62
|
+
if (result.success) {
|
63
|
+
return result.data;
|
64
|
+
} else {
|
65
|
+
throw new AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
|
41
66
|
}
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
async
|
53
|
-
|
67
|
+
};
|
68
|
+
/**
|
69
|
+
* Obtain the Request Object for RP authentication
|
70
|
+
* @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
|
71
|
+
*/
|
72
|
+
export const getRequestObject = _ref => {
|
73
|
+
let {
|
74
|
+
wiaCryptoContext,
|
75
|
+
appFetch = fetch
|
76
|
+
} = _ref;
|
77
|
+
return async (walletInstanceAttestation, requestUri, rpEntityConfiguration) => {
|
78
|
+
const signedWalletInstanceDPoP = await createDPopToken({
|
54
79
|
jti: `${uuid.v4()}`,
|
55
80
|
htm: "GET",
|
56
|
-
htu:
|
57
|
-
ath: await sha256ToBase64(
|
58
|
-
})
|
59
|
-
|
60
|
-
jwk: walletInstanceAttestationJwk,
|
61
|
-
typ: "dpop+jwt"
|
62
|
-
}).setIssuedAt().setExpirationTime("1h").toSign();
|
63
|
-
}
|
64
|
-
|
65
|
-
/**
|
66
|
-
* Obtain the Request Object for RP authentication
|
67
|
-
* @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
|
68
|
-
*
|
69
|
-
* @async @function
|
70
|
-
* @param signedWalletInstanceDPoP JWT of the Wallet Instance Attestation DPoP
|
71
|
-
*
|
72
|
-
* @returns The Request Object JWT
|
73
|
-
* @throws {NoSuitableKeysFoundInEntityConfiguration} When the Request Object is signed with a key not listed in RP's entity configuration
|
74
|
-
*
|
75
|
-
*/
|
76
|
-
async getRequestObject(signedWalletInstanceDPoP, requestUri, entity) {
|
77
|
-
const response = await this.appFetch(requestUri, {
|
81
|
+
htu: requestUri,
|
82
|
+
ath: await sha256ToBase64(walletInstanceAttestation)
|
83
|
+
}, wiaCryptoContext);
|
84
|
+
const response = await appFetch(requestUri, {
|
78
85
|
method: "GET",
|
79
86
|
headers: {
|
80
|
-
Authorization: `DPoP ${
|
87
|
+
Authorization: `DPoP ${walletInstanceAttestation}`,
|
81
88
|
DPoP: signedWalletInstanceDPoP
|
82
89
|
}
|
83
90
|
});
|
@@ -89,10 +96,10 @@ export class RelyingPartySolution {
|
|
89
96
|
// verify token signature according to RP's entity configuration
|
90
97
|
// to ensure the request object is authentic
|
91
98
|
{
|
92
|
-
const pubKey =
|
99
|
+
const pubKey = rpEntityConfiguration.payload.metadata.wallet_relying_party.jwks.find(_ref2 => {
|
93
100
|
let {
|
94
101
|
kid
|
95
|
-
} =
|
102
|
+
} = _ref2;
|
96
103
|
return kid === responseJwt.protectedHeader.kid;
|
97
104
|
});
|
98
105
|
if (!pubKey) {
|
@@ -102,55 +109,63 @@ export class RelyingPartySolution {
|
|
102
109
|
}
|
103
110
|
|
104
111
|
// parse request object it has the expected shape by specification
|
105
|
-
const
|
112
|
+
const requestObject = RequestObject.parse({
|
106
113
|
header: responseJwt.protectedHeader,
|
107
114
|
payload: responseJwt.payload
|
108
115
|
});
|
109
|
-
return
|
116
|
+
return {
|
117
|
+
requestObject,
|
118
|
+
rpEntityConfiguration,
|
119
|
+
walletInstanceAttestation
|
120
|
+
};
|
110
121
|
}
|
111
|
-
throw new IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}
|
112
|
-
|
122
|
+
throw new IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}
|
123
|
+
${await response.text()}`);
|
124
|
+
};
|
125
|
+
};
|
113
126
|
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
async prepareVpToken(requestObj, walletInstanceIdentifier, _ref2,
|
132
|
-
// TODO: [SIW-353] support multiple presentations,
|
133
|
-
signKeyId) {
|
134
|
-
let [vc, claims] = _ref2;
|
127
|
+
/**
|
128
|
+
* Prepare the Verified Presentation token for a received request object in the context of an authorization request flow.
|
129
|
+
* The presentation is prepared by disclosing data from provided credentials, according to requested claims
|
130
|
+
* Each Verified Credential come along with the claims the user accepts to disclose from it.
|
131
|
+
*
|
132
|
+
* @todo accept more than a Verified Credential
|
133
|
+
*/
|
134
|
+
const prepareVpToken = _ref3 => {
|
135
|
+
let {
|
136
|
+
pidCryptoContext
|
137
|
+
} = _ref3;
|
138
|
+
return async (_ref4, _ref5) => {
|
139
|
+
let {
|
140
|
+
requestObject,
|
141
|
+
walletInstanceAttestation
|
142
|
+
} = _ref4;
|
143
|
+
let [vc, claims] = _ref5;
|
135
144
|
// this throws if vc cannot satisfy all the requested claims
|
136
145
|
const {
|
137
146
|
token: vp,
|
138
147
|
paths
|
139
148
|
} = await disclose(vc, claims);
|
140
149
|
|
141
|
-
//
|
150
|
+
// obtain issuer from Wallet Instance
|
151
|
+
const {
|
152
|
+
payload: {
|
153
|
+
iss
|
154
|
+
}
|
155
|
+
} = WalletInstanceAttestation.decode(walletInstanceAttestation);
|
156
|
+
const pidKid = await pidCryptoContext.getPublicKey().then(_ => _.kid);
|
142
157
|
|
143
|
-
|
158
|
+
// TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
|
159
|
+
const vp_token = await new SignJWT(pidCryptoContext).setProtectedHeader({
|
160
|
+
typ: "JWT",
|
161
|
+
kid: pidKid
|
162
|
+
}).setPayload({
|
144
163
|
vp: vp,
|
145
164
|
jti: `${uuid.v4()}`,
|
146
|
-
iss
|
147
|
-
nonce:
|
148
|
-
}).setAudience(
|
149
|
-
|
150
|
-
alg: "ES256",
|
151
|
-
kid: signKeyId
|
152
|
-
}).toSign();
|
153
|
-
const vc_scope = requestObj.payload.scope;
|
165
|
+
iss,
|
166
|
+
nonce: requestObject.payload.nonce
|
167
|
+
}).setAudience(requestObject.payload.response_uri).setIssuedAt().setExpirationTime("1h").sign();
|
168
|
+
const vc_scope = requestObject.payload.scope;
|
154
169
|
const presentation_submission = {
|
155
170
|
definition_id: `${uuid.v4()}`,
|
156
171
|
id: `${uuid.v4()}`,
|
@@ -164,30 +179,43 @@ export class RelyingPartySolution {
|
|
164
179
|
vp_token,
|
165
180
|
presentation_submission
|
166
181
|
};
|
167
|
-
}
|
182
|
+
};
|
183
|
+
};
|
168
184
|
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
185
|
+
/**
|
186
|
+
* Compose and send an Authorization Response in the context of an authorization request flow.
|
187
|
+
*
|
188
|
+
* @todo MUST add presentation_submission
|
189
|
+
*
|
190
|
+
*/
|
191
|
+
export const sendAuthorizationResponse = _ref6 => {
|
192
|
+
let {
|
193
|
+
pidCryptoContext,
|
194
|
+
appFetch = fetch
|
195
|
+
} = _ref6;
|
196
|
+
return async (_ref7, presentation) => {
|
197
|
+
let {
|
198
|
+
requestObject,
|
199
|
+
rpEntityConfiguration,
|
200
|
+
walletInstanceAttestation
|
201
|
+
} = _ref7;
|
184
202
|
// the request is an unsigned jws without iss, aud, exp
|
185
203
|
// https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
|
186
|
-
const jwk =
|
204
|
+
const jwk = chooseRSAPublicKeyToEncrypt(rpEntityConfiguration);
|
205
|
+
const {
|
206
|
+
vp_token,
|
207
|
+
presentation_submission
|
208
|
+
} = await prepareVpToken({
|
209
|
+
pidCryptoContext
|
210
|
+
})({
|
211
|
+
requestObject,
|
212
|
+
rpEntityConfiguration,
|
213
|
+
walletInstanceAttestation
|
214
|
+
}, presentation);
|
187
215
|
const authzResponsePayload = JSON.stringify({
|
188
|
-
state:
|
216
|
+
state: requestObject.payload.state,
|
189
217
|
presentation_submission,
|
190
|
-
nonce:
|
218
|
+
nonce: requestObject.payload.nonce,
|
191
219
|
vp_token
|
192
220
|
});
|
193
221
|
const encrypted = await new EncryptJwe(authzResponsePayload, {
|
@@ -199,7 +227,7 @@ export class RelyingPartySolution {
|
|
199
227
|
response: encrypted
|
200
228
|
});
|
201
229
|
const body = formBody.toString();
|
202
|
-
const response = await
|
230
|
+
const response = await appFetch(requestObject.payload.response_uri, {
|
203
231
|
method: "POST",
|
204
232
|
headers: {
|
205
233
|
"Content-Type": "application/x-www-form-urlencoded"
|
@@ -210,32 +238,6 @@ export class RelyingPartySolution {
|
|
210
238
|
return await response.json();
|
211
239
|
}
|
212
240
|
throw new IoWalletError(`Unable to send Authorization Response. Response: ${await response.text()} with code: ${response.status}`);
|
213
|
-
}
|
214
|
-
|
215
|
-
/**
|
216
|
-
* Select a RSA public key from those provided by the RP to encrypt.
|
217
|
-
*
|
218
|
-
* @param entity The RP entity configuration
|
219
|
-
* @returns A suitable public key with its compatible encryption algorithm
|
220
|
-
* @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
|
221
|
-
*/
|
222
|
-
chooseRSAPublicKeyToEncrypt(entity) {
|
223
|
-
const [usingRsa256] = entity.payload.metadata.wallet_relying_party.jwks.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
|
224
|
-
if (usingRsa256) {
|
225
|
-
return usingRsa256;
|
226
|
-
}
|
227
|
-
|
228
|
-
// No suitable key has been found
|
229
|
-
throw new NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
|
230
|
-
}
|
231
|
-
|
232
|
-
/**
|
233
|
-
* Obtain the relying party entity configuration.
|
234
|
-
*/
|
235
|
-
async getEntityConfiguration() {
|
236
|
-
return getEntityConfiguration(this.relyingPartyBaseUrl, {
|
237
|
-
appFetch: this.appFetch
|
238
|
-
}).then(RpEntityConfiguration.parse);
|
239
|
-
}
|
240
|
-
}
|
241
|
+
};
|
242
|
+
};
|
241
243
|
//# sourceMappingURL=index.js.map
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"names":["AuthRequestDecodeError","IoWalletError","NoSuitableKeysFoundInEntityConfiguration","decode","decodeJwt","decodeBase64","sha256ToBase64","SignJWT","EncryptJwe","verify","QRCodePayload","RequestObject","RpEntityConfiguration","uuid","disclose","getEntityConfiguration","
|
1
|
+
{"version":3,"names":["AuthRequestDecodeError","IoWalletError","NoSuitableKeysFoundInEntityConfiguration","decode","decodeJwt","decodeBase64","sha256ToBase64","SignJWT","EncryptJwe","verify","QRCodePayload","RequestObject","RpEntityConfiguration","uuid","disclose","getEntityConfiguration","getGenericEntityConfiguration","createDPopToken","WalletInstanceAttestation","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","payload","metadata","wallet_relying_party","jwks","filter","jwk","use","kty","appFetch","fetch","arguments","length","undefined","relyingPartyBaseUrl","then","parse","decodeAuthRequestQR","qrcode","decoded","decodedUrl","URL","protocol","resource","hostname","requestURI","searchParams","get","clientId","result","safeParse","success","data","error","message","getRequestObject","_ref","wiaCryptoContext","walletInstanceAttestation","requestUri","rpEntityConfiguration","signedWalletInstanceDPoP","jti","v4","htm","htu","ath","response","method","headers","Authorization","DPoP","status","responseJson","json","responseEncodedJwt","responseJwt","pubKey","find","_ref2","kid","protectedHeader","requestObject","header","text","prepareVpToken","_ref3","pidCryptoContext","_ref4","_ref5","vc","claims","token","vp","paths","iss","pidKid","getPublicKey","_","vp_token","setProtectedHeader","typ","setPayload","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","_ref6","_ref7","presentation","authzResponsePayload","JSON","stringify","state","encrypted","alg","enc","encrypt","formBody","URLSearchParams","body","toString"],"sourceRoot":"../../../src","sources":["rp/index.ts"],"mappings":"AAAA,SACEA,sBAAsB,EACtBC,aAAa,EACbC,wCAAwC,QACnC,iBAAiB;AACxB,SACEC,MAAM,IAAIC,SAAS,EACnBC,YAAY,EACZC,cAAc,EACdC,OAAO,EACPC,UAAU,EACVC,MAAM,QAED,6BAA6B;AACpC,SACEC,aAAa,EACbC,aAAa,EACbC,qBAAqB,QAEhB,SAAS;AAEhB,OAAOC,IAAI,MAAM,mBAAmB;AAEpC,SAASC,QAAQ,QAAQ,WAAW;AACpC,SAASC,sBAAsB,IAAIC,6BAA6B,QAAQ,UAAU;AAClF,SAASC,eAAe,QAAQ,eAAe;AAC/C,SAASC,yBAAyB,QAAQ,IAAI;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,2BAA2B,GAAIC,MAA6B,IAAU;EAC1E,MAAM,CAACC,WAAW,CAAC,GACjBD,MAAM,CAACE,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACC,MAAM,CACrDC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAEH,IAAIR,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAInB,wCAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA,OAAO,MAAMa,sBAAsB,GACjC,SAAAA,CAAA;EAAA,IAAC;IAAEe,QAAQ,GAAGC;EAA2C,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAAA,OAC/D,MAAOG,mBAA2B,IAAqC;IACrE,OAAOnB,6BAA6B,CAACmB,mBAAmB,EAAE;MACxDL,QAAQ,EAAEA;IACZ,CAAC,CAAC,CAACM,IAAI,CAACxB,qBAAqB,CAACyB,KAAK,CAAC;EACtC,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAmB,GAAIC,MAAc,IAAoB;EACpE,MAAMC,OAAO,GAAGnC,YAAY,CAACkC,MAAM,CAAC;EACpC,MAAME,UAAU,GAAG,IAAIC,GAAG,CAACF,OAAO,CAAC;EACnC,MAAMG,QAAQ,GAAGF,UAAU,CAACE,QAAQ;EACpC,MAAMC,QAAQ,GAAGH,UAAU,CAACI,QAAQ;EACpC,MAAMC,UAAU,GAAGL,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC;EAC7D,MAAMC,QAAQ,GAAGR,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,WAAW,CAAC;EAEzD,MAAME,MAAM,GAAGxC,aAAa,CAACyC,SAAS,CAAC;IACrCR,QAAQ;IACRC,QAAQ;IACRE,UAAU;IACVG;EACF,CAAC,CAAC;EAEF,IAAIC,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIrD,sBAAsB,CAACkD,MAAM,CAACI,KAAK,CAACC,OAAO,EAAG,GAAEd,UAAW,EAAC,CAAC;EACzE;AACF,CAAC;AAQD;AACA;AACA;AACA;AACA,OAAO,MAAMe,gBAAgB,GAC3BC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChB5B,QAAQ,GAAGC;EAIb,CAAC,GAAA0B,IAAA;EAAA,OACD,OACEE,yBAAiC,EACjCC,UAAkB,EAClBC,qBAA4C,KACb;IAC/B,MAAMC,wBAAwB,GAAG,MAAM7C,eAAe,CACpD;MACE8C,GAAG,EAAG,GAAElD,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MACnBC,GAAG,EAAE,KAAK;MACVC,GAAG,EAAEN,UAAU;MACfO,GAAG,EAAE,MAAM7D,cAAc,CAACqD,yBAAyB;IACrD,CAAC,EACDD,gBACF,CAAC;IAED,MAAMU,QAAQ,GAAG,MAAMtC,QAAQ,CAAC8B,UAAU,EAAE;MAC1CS,MAAM,EAAE,KAAK;MACbC,OAAO,EAAE;QACPC,aAAa,EAAG,QAAOZ,yBAA0B,EAAC;QAClDa,IAAI,EAAEV;MACR;IACF,CAAC,CAAC;IAEF,IAAIM,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,YAAY,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MAC1C,MAAMC,kBAAkB,GAAGF,YAAY,CAACN,QAAQ;MAEhD,MAAMS,WAAW,GAAGzE,SAAS,CAACwE,kBAAkB,CAAC;;MAEjD;MACA;MACA;QACE,MAAME,MAAM,GACVjB,qBAAqB,CAACvC,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACsD,IAAI,CACnEC,KAAA;UAAA,IAAC;YAAEC;UAAI,CAAC,GAAAD,KAAA;UAAA,OAAKC,GAAG,KAAKJ,WAAW,CAACK,eAAe,CAACD,GAAG;QAAA,CACtD,CAAC;QACH,IAAI,CAACH,MAAM,EAAE;UACX,MAAM,IAAI5E,wCAAwC,CAChD,uCACF,CAAC;QACH;QACA,MAAMO,MAAM,CAACmE,kBAAkB,EAAEE,MAAM,CAAC;MAC1C;;MAEA;MACA,MAAMK,aAAa,GAAGxE,aAAa,CAAC0B,KAAK,CAAC;QACxC+C,MAAM,EAAEP,WAAW,CAACK,eAAe;QACnC5D,OAAO,EAAEuD,WAAW,CAACvD;MACvB,CAAC,CAAC;MAEF,OAAO;QACL6D,aAAa;QACbtB,qBAAqB;QACrBF;MACF,CAAC;IACH;IAEA,MAAM,IAAI1D,aAAa,CACpB,mDAAkDmE,QAAQ,CAACK,MAAO;AACzE,QAAQ,MAAML,QAAQ,CAACiB,IAAI,CAAC,CAAE,EAC1B,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,cAAc,GAClBC,KAAA;EAAA,IAAC;IAAEC;EAAsD,CAAC,GAAAD,KAAA;EAAA,OAC1D,OAAAE,KAAA,EAAAC,KAAA,KAMM;IAAA,IALJ;MAAEP,aAAa;MAAExB;IAA6C,CAAC,GAAA8B,KAAA;IAAA,IAC/D,CAACE,EAAE,EAAEC,MAAM,CAAe,GAAAF,KAAA;IAK1B;IACA,MAAM;MAAEG,KAAK,EAAEC,EAAE;MAAEC;IAAM,CAAC,GAAG,MAAMjF,QAAQ,CAAC6E,EAAE,EAAEC,MAAM,CAAC;;IAEvD;IACA,MAAM;MACJtE,OAAO,EAAE;QAAE0E;MAAI;IACjB,CAAC,GAAG9E,yBAAyB,CAACf,MAAM,CAACwD,yBAAyB,CAAC;IAE/D,MAAMsC,MAAM,GAAG,MAAMT,gBAAgB,CAACU,YAAY,CAAC,CAAC,CAAC9D,IAAI,CAAE+D,CAAC,IAAKA,CAAC,CAAClB,GAAG,CAAC;;IAEvE;IACA,MAAMmB,QAAQ,GAAG,MAAM,IAAI7F,OAAO,CAACiF,gBAAgB,CAAC,CACjDa,kBAAkB,CAAC;MAClBC,GAAG,EAAE,KAAK;MACVrB,GAAG,EAAEgB;IACP,CAAC,CAAC,CACDM,UAAU,CAAC;MACVT,EAAE,EAAEA,EAAE;MACN/B,GAAG,EAAG,GAAElD,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MACnBgC,GAAG;MACHQ,KAAK,EAAErB,aAAa,CAAC7D,OAAO,CAACkF;IAC/B,CAAC,CAAC,CACDC,WAAW,CAACtB,aAAa,CAAC7D,OAAO,CAACoF,YAAY,CAAC,CAC/CC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,QAAQ,GAAG3B,aAAa,CAAC7D,OAAO,CAACyF,KAAK;IAC5C,MAAMC,uBAAuB,GAAG;MAC9BC,aAAa,EAAG,GAAEpG,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MAC7BkD,EAAE,EAAG,GAAErG,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MAClBmD,cAAc,EAAEpB,KAAK,CAACqB,GAAG,CAAEC,CAAC,KAAM;QAChCH,EAAE,EAAEJ,QAAQ;QACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;QAC5BC,MAAM,EAAE;MACV,CAAC,CAAC;IACJ,CAAC;IAED,OAAO;MAAEnB,QAAQ;MAAEY;IAAwB,CAAC;EAC9C,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,yBAAyB,GACpCC,KAAA;EAAA,IAAC;IACCjC,gBAAgB;IAChB1D,QAAQ,GAAGC;EAIb,CAAC,GAAA0F,KAAA;EAAA,OACD,OAAAC,KAAA,EAMEC,YAA0B,KACN;IAAA,IANpB;MACExC,aAAa;MACbtB,qBAAqB;MACrBF;IACiB,CAAC,GAAA+D,KAAA;IAGpB;IACA;IACA,MAAM/F,GAAG,GAAGR,2BAA2B,CAAC0C,qBAAqB,CAAC;IAE9D,MAAM;MAAEuC,QAAQ;MAAEY;IAAwB,CAAC,GAAG,MAAM1B,cAAc,CAAC;MACjEE;IACF,CAAC,CAAC,CACA;MACEL,aAAa;MACbtB,qBAAqB;MACrBF;IACF,CAAC,EACDgE,YACF,CAAC;IAED,MAAMC,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;MAC1CC,KAAK,EAAE5C,aAAa,CAAC7D,OAAO,CAACyG,KAAK;MAClCf,uBAAuB;MACvBR,KAAK,EAAErB,aAAa,CAAC7D,OAAO,CAACkF,KAAK;MAClCJ;IACF,CAAC,CAAC;IAEF,MAAM4B,SAAS,GAAG,MAAM,IAAIxH,UAAU,CAACoH,oBAAoB,EAAE;MAC3DK,GAAG,EAAE,cAAc;MACnBC,GAAG,EAAE,eAAe;MACpBjD,GAAG,EAAEtD,GAAG,CAACsD;IACX,CAAC,CAAC,CAACkD,OAAO,CAACxG,GAAG,CAAC;IAEf,MAAMyG,QAAQ,GAAG,IAAIC,eAAe,CAAC;MAAEjE,QAAQ,EAAE4D;IAAU,CAAC,CAAC;IAC7D,MAAMM,IAAI,GAAGF,QAAQ,CAACG,QAAQ,CAAC,CAAC;IAEhC,MAAMnE,QAAQ,GAAG,MAAMtC,QAAQ,CAACqD,aAAa,CAAC7D,OAAO,CAACoF,YAAY,EAAE;MAClErC,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDgE;IACF,CAAC,CAAC;IAEF,IAAIlE,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAML,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAI1E,aAAa,CACpB,oDAAmD,MAAMmE,QAAQ,CAACiB,IAAI,CAAC,CAAE,eACxEjB,QAAQ,CAACK,MACV,EACH,CAAC;EACH,CAAC;AAAA"}
|
@@ -22,12 +22,13 @@ export const EntityStatement = z.object({
|
|
22
22
|
exp: z.number()
|
23
23
|
})
|
24
24
|
});
|
25
|
+
export const EntityConfigurationHeader = z.object({
|
26
|
+
typ: z.literal("entity-statement+jwt"),
|
27
|
+
alg: z.string(),
|
28
|
+
kid: z.string()
|
29
|
+
});
|
25
30
|
export const EntityConfiguration = z.object({
|
26
|
-
header:
|
27
|
-
typ: z.literal("entity-statement+jwt"),
|
28
|
-
alg: z.string(),
|
29
|
-
kid: z.string()
|
30
|
-
}),
|
31
|
+
header: EntityConfigurationHeader,
|
31
32
|
payload: z.object({
|
32
33
|
exp: UnixTime,
|
33
34
|
iat: UnixTime,
|
@@ -50,7 +51,7 @@ export const EntityConfiguration = z.object({
|
|
50
51
|
}).passthrough()
|
51
52
|
}).passthrough(),
|
52
53
|
authority_hints: z.array(z.string()).optional()
|
53
|
-
})
|
54
|
+
}).passthrough()
|
54
55
|
});
|
55
56
|
export const TrustAnchorEntityConfiguration = EntityConfiguration;
|
56
57
|
//# sourceMappingURL=types.js.map
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"names":["UnixTime","JWK","z","TrustMark","object","id","string","trust_mark","EntityStatement","header","typ","literal","alg","kid","payload","iss","sub","jwks","keys","array","trust_marks","iat","number","exp","EntityConfiguration","metadata","federation_entity","federation_fetch_endpoint","optional","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","homepage_uri","policy_uri","logo_uri","contacts","passthrough","authority_hints","TrustAnchorEntityConfiguration"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,OAAO,MAAMC,SAAS,GAAGD,CAAC,CAACE,MAAM,CAAC;EAAEC,EAAE,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEL,CAAC,CAACI,MAAM,CAAC;AAAE,CAAC,CAAC;AAI7E,OAAO,MAAME,eAAe,GAAGN,CAAC,CAACE,MAAM,CAAC;EACtCK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACFQ,OAAO,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAChBW,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MAAEc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IAAE,CAAC,CAAC;IACtCmB,WAAW,EAAElB,CAAC,CAACiB,KAAK,CAAChB,SAAS,CAAC;IAC/BkB,GAAG,EAAEnB,CAAC,CAACoB,MAAM,CAAC,CAAC;IACfC,GAAG,EAAErB,CAAC,CAACoB,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;
|
1
|
+
{"version":3,"names":["UnixTime","JWK","z","TrustMark","object","id","string","trust_mark","EntityStatement","header","typ","literal","alg","kid","payload","iss","sub","jwks","keys","array","trust_marks","iat","number","exp","EntityConfigurationHeader","EntityConfiguration","metadata","federation_entity","federation_fetch_endpoint","optional","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","homepage_uri","policy_uri","logo_uri","contacts","passthrough","authority_hints","TrustAnchorEntityConfiguration"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,OAAO,MAAMC,SAAS,GAAGD,CAAC,CAACE,MAAM,CAAC;EAAEC,EAAE,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEL,CAAC,CAACI,MAAM,CAAC;AAAE,CAAC,CAAC;AAI7E,OAAO,MAAME,eAAe,GAAGN,CAAC,CAACE,MAAM,CAAC;EACtCK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACFQ,OAAO,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAChBW,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MAAEc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IAAE,CAAC,CAAC;IACtCmB,WAAW,EAAElB,CAAC,CAACiB,KAAK,CAAChB,SAAS,CAAC;IAC/BkB,GAAG,EAAEnB,CAAC,CAACoB,MAAM,CAAC,CAAC;IACfC,GAAG,EAAErB,CAAC,CAACoB,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAME,yBAAyB,GAAGtB,CAAC,CAACE,MAAM,CAAC;EAChDM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;EACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;EACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;AAChB,CAAC,CAAC;AAGF,OAAO,MAAMmB,mBAAmB,GAAGvB,CAAC,CAACE,MAAM,CAAC;EAC1CK,MAAM,EAAEe,yBAAyB;EACjCV,OAAO,EAAEZ,CAAC,CACPE,MAAM,CAAC;IACNmB,GAAG,EAAEvB,QAAQ;IACbqB,GAAG,EAAErB,QAAQ;IACbe,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MACbc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IACnB,CAAC,CAAC;IACFyB,QAAQ,EAAExB,CAAC,CACRE,MAAM,CAAC;MACNuB,iBAAiB,EAAEzB,CAAC,CACjBE,MAAM,CAAC;QACNwB,yBAAyB,EAAE1B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAChDC,wBAAwB,EAAE5B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC/CE,2BAA2B,EAAE7B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAClDG,qCAAqC,EAAE9B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC5DI,mCAAmC,EAAE/B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC1DK,YAAY,EAAEhC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QACnCM,UAAU,EAAEjC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QACjCO,QAAQ,EAAElC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC/BQ,QAAQ,EAAEnC,CAAC,CAACiB,KAAK,CAACjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACuB,QAAQ,CAAC;MACzC,CAAC,CAAC,CACDS,WAAW,CAAC;IACjB,CAAC,CAAC,CACDA,WAAW,CAAC,CAAC;IAChBC,eAAe,EAAErC,CAAC,CAACiB,KAAK,CAACjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACuB,QAAQ,CAAC;EAChD,CAAC,CAAC,CACDS,WAAW,CAAC;AACjB,CAAC,CAAC;AAKF,OAAO,MAAME,8BAA8B,GAAGf,mBAAmB"}
|
@@ -0,0 +1,40 @@
|
|
1
|
+
import { getPublicKey, sign } from "@pagopa/io-react-native-crypto";
|
2
|
+
import { thumbprint } from "@pagopa/io-react-native-jwt";
|
3
|
+
import { fixBase64EncodingOnKey } from "./jwk";
|
4
|
+
|
5
|
+
/**
|
6
|
+
* Create a CryptoContext bound to a key pair.
|
7
|
+
* Key pair is supposed to exist already in the device's keychain.
|
8
|
+
* It's identified by its unique keytag.
|
9
|
+
*
|
10
|
+
* @returns the crypto context
|
11
|
+
*/
|
12
|
+
export const createCryptoContextFor = keytag => {
|
13
|
+
return {
|
14
|
+
/**
|
15
|
+
* Retrieve the public key of the pair.
|
16
|
+
* If the key pair doesn't exist yet, an error is raised
|
17
|
+
* @returns The public key.
|
18
|
+
*/
|
19
|
+
async getPublicKey() {
|
20
|
+
return getPublicKey(keytag).then(fixBase64EncodingOnKey).then(async jwk => ({
|
21
|
+
...jwk,
|
22
|
+
// Keys in the TEE are not stored with their KID, which is supposed to be assigned when they are included in JWK sets.
|
23
|
+
// (that is, KID is not a propoerty of the key itself, but it's property used to identify a key in a set).
|
24
|
+
// We assume the convention we use the thumbprint of the public key as KID, thus for easy development we decided to evaluate KID here
|
25
|
+
// However the values is an arbitrary string that might be anything
|
26
|
+
kid: await thumbprint(jwk)
|
27
|
+
}));
|
28
|
+
},
|
29
|
+
/**
|
30
|
+
* Get a signature for a provided value.
|
31
|
+
* If the key pair doesn't exist yet, an error is raised.
|
32
|
+
* @param value
|
33
|
+
* @returns The signature for the value
|
34
|
+
*/
|
35
|
+
async getSignature(value) {
|
36
|
+
return sign(value, keytag);
|
37
|
+
}
|
38
|
+
};
|
39
|
+
};
|
40
|
+
//# sourceMappingURL=crypto.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"names":["getPublicKey","sign","thumbprint","fixBase64EncodingOnKey","createCryptoContextFor","keytag","then","jwk","kid","getSignature","value"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":"AAAA,SAASA,YAAY,EAAEC,IAAI,QAAQ,gCAAgC;AACnE,SAASC,UAAU,QAA4B,6BAA6B;AAC5E,SAASC,sBAAsB,QAAQ,OAAO;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,GAAIC,MAAc,IAAoB;EACvE,OAAO;IACL;AACJ;AACA;AACA;AACA;IACI,MAAML,YAAYA,CAAA,EAAG;MACnB,OAAOA,YAAY,CAACK,MAAM,CAAC,CACxBC,IAAI,CAACH,sBAAsB,CAAC,CAC5BG,IAAI,CAAC,MAAOC,GAAG,KAAM;QACpB,GAAGA,GAAG;QACN;QACA;QACA;QACA;QACAC,GAAG,EAAE,MAAMN,UAAU,CAACK,GAAG;MAC3B,CAAC,CAAC,CAAC;IACP,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;IACI,MAAME,YAAYA,CAACC,KAAa,EAAE;MAChC,OAAOT,IAAI,CAACS,KAAK,EAAEL,MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC"}
|
package/lib/module/utils/dpop.js
CHANGED
@@ -1,12 +1,20 @@
|
|
1
1
|
import * as z from "zod";
|
2
2
|
import { SignJWT } from "@pagopa/io-react-native-jwt";
|
3
|
-
|
4
|
-
|
5
|
-
|
3
|
+
|
4
|
+
/**
|
5
|
+
* Create a signed DPoP token
|
6
|
+
*
|
7
|
+
* @param payload The payload to be included in the token.
|
8
|
+
* @param crypto The crypto context that handles the key bound to the DPoP.
|
9
|
+
*
|
10
|
+
* @returns The signed crypto token.
|
11
|
+
*/
|
12
|
+
export const createDPopToken = async (payload, crypto) => {
|
13
|
+
const jwk = await crypto.getPublicKey();
|
14
|
+
return new SignJWT(crypto).setPayload(payload).setProtectedHeader({
|
6
15
|
typ: "dpop+jwt",
|
7
16
|
jwk
|
8
|
-
}).setIssuedAt().setExpirationTime("1h").
|
9
|
-
return dPop;
|
17
|
+
}).setIssuedAt().setExpirationTime("1h").sign();
|
10
18
|
};
|
11
19
|
export const DPoPPayload = z.object({
|
12
20
|
jti: z.string(),
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"names":["z","SignJWT","
|
1
|
+
{"version":3,"names":["z","SignJWT","createDPopToken","payload","crypto","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setIssuedAt","setExpirationTime","sign","DPoPPayload","object","jti","string","htm","union","literal","htu","ath","optional"],"sourceRoot":"../../../src","sources":["utils/dpop.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AAExB,SAASC,OAAO,QAA4B,6BAA6B;;AAEzE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAe,GAAG,MAAAA,CAC7BC,OAAoB,EACpBC,MAAqB,KACD;EACpB,MAAMC,GAAG,GAAG,MAAMD,MAAM,CAACE,YAAY,CAAC,CAAC;EACvC,OAAO,IAAIL,OAAO,CAACG,MAAM,CAAC,CACvBG,UAAU,CAACJ,OAAO,CAAC,CACnBK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,UAAU;IACfJ;EACF,CAAC,CAAC,CACDK,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;AAGD,OAAO,MAAMC,WAAW,GAAGb,CAAC,CAACc,MAAM,CAAC;EAClCC,GAAG,EAAEf,CAAC,CAACgB,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEjB,CAAC,CAACkB,KAAK,CAAC,CAAClB,CAAC,CAACmB,OAAO,CAAC,MAAM,CAAC,EAAEnB,CAAC,CAACmB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;EACnDC,GAAG,EAAEpB,CAAC,CAACgB,MAAM,CAAC,CAAC;EACfK,GAAG,EAAErB,CAAC,CAACgB,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC;AAC3B,CAAC,CAAC"}
|
@@ -1,8 +1,8 @@
|
|
1
1
|
import { WalletInstanceAttestationJwt } from "./types";
|
2
2
|
import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
|
3
3
|
import { verify as verifyJwt } from "@pagopa/io-react-native-jwt";
|
4
|
-
import {
|
5
|
-
export {
|
4
|
+
import { getAttestation } from "./issuing";
|
5
|
+
export { getAttestation };
|
6
6
|
/**
|
7
7
|
* Decode a given JWT to get the parsed Wallet Instance Attestation object they define.
|
8
8
|
* It ensures provided data is in a valid shape.
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"names":["WalletInstanceAttestationJwt","decode","decodeJwt","verify","verifyJwt","
|
1
|
+
{"version":3,"names":["WalletInstanceAttestationJwt","decode","decodeJwt","verify","verifyJwt","getAttestation","token","decodedJwt","parse","header","protectedHeader","payload","decoded","pubKey","cnf","jwk"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/index.ts"],"mappings":"AAAA,SAASA,4BAA4B,QAAQ,SAAS;AACtD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AAEjE,SAASC,cAAc,QAAQ,WAAW;AAC1C,SAASA,cAAc;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASJ,MAAMA,CAACK,KAAa,EAAgC;EAClE;EACA,MAAMC,UAAU,GAAGL,SAAS,CAACI,KAAK,CAAC;EACnC;EACA,OAAON,4BAA4B,CAACQ,KAAK,CAAC;IACxCC,MAAM,EAAEF,UAAU,CAACG,eAAe;IAClCC,OAAO,EAAEJ,UAAU,CAACI;EACtB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeR,MAAMA,CAC1BG,KAAa,EAC0B;EACvC,MAAMM,OAAO,GAAGX,MAAM,CAACK,KAAK,CAAC;EAC7B,MAAMO,MAAM,GAAGD,OAAO,CAACD,OAAO,CAACG,GAAG,CAACC,GAAG;EAEtC,MAAMX,SAAS,CAACE,KAAK,EAAEO,MAAM,CAAC;EAE9B,OAAOD,OAAO;AAChB"}
|