@pagopa/io-react-native-wallet 0.4.2 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (81) hide show
  1. package/README.md +98 -22
  2. package/lib/commonjs/index.js +12 -8
  3. package/lib/commonjs/index.js.map +1 -1
  4. package/lib/commonjs/pid/index.js +3 -8
  5. package/lib/commonjs/pid/index.js.map +1 -1
  6. package/lib/commonjs/pid/issuing.js +152 -168
  7. package/lib/commonjs/pid/issuing.js.map +1 -1
  8. package/lib/commonjs/pid/metadata.js +28 -25
  9. package/lib/commonjs/pid/metadata.js.map +1 -1
  10. package/lib/commonjs/rp/__test__/index.test.js +5 -3
  11. package/lib/commonjs/rp/__test__/index.test.js.map +1 -1
  12. package/lib/commonjs/rp/index.js +158 -154
  13. package/lib/commonjs/rp/index.js.map +1 -1
  14. package/lib/commonjs/trust/types.js +9 -7
  15. package/lib/commonjs/trust/types.js.map +1 -1
  16. package/lib/commonjs/utils/crypto.js +46 -0
  17. package/lib/commonjs/utils/crypto.js.map +1 -0
  18. package/lib/commonjs/utils/dpop.js +14 -7
  19. package/lib/commonjs/utils/dpop.js.map +1 -1
  20. package/lib/commonjs/wallet-instance-attestation/index.js +3 -3
  21. package/lib/commonjs/wallet-instance-attestation/issuing.js +50 -60
  22. package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
  23. package/lib/module/index.js +4 -3
  24. package/lib/module/index.js.map +1 -1
  25. package/lib/module/pid/index.js +1 -1
  26. package/lib/module/pid/index.js.map +1 -1
  27. package/lib/module/pid/issuing.js +151 -171
  28. package/lib/module/pid/issuing.js.map +1 -1
  29. package/lib/module/pid/metadata.js +28 -25
  30. package/lib/module/pid/metadata.js.map +1 -1
  31. package/lib/module/rp/__test__/index.test.js +1 -1
  32. package/lib/module/rp/__test__/index.test.js.map +1 -1
  33. package/lib/module/rp/index.js +155 -153
  34. package/lib/module/rp/index.js.map +1 -1
  35. package/lib/module/trust/types.js +7 -6
  36. package/lib/module/trust/types.js.map +1 -1
  37. package/lib/module/utils/crypto.js +40 -0
  38. package/lib/module/utils/crypto.js.map +1 -0
  39. package/lib/module/utils/dpop.js +13 -5
  40. package/lib/module/utils/dpop.js.map +1 -1
  41. package/lib/module/wallet-instance-attestation/index.js +2 -2
  42. package/lib/module/wallet-instance-attestation/index.js.map +1 -1
  43. package/lib/module/wallet-instance-attestation/issuing.js +48 -58
  44. package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
  45. package/lib/typescript/index.d.ts +4 -3
  46. package/lib/typescript/index.d.ts.map +1 -1
  47. package/lib/typescript/pid/index.d.ts +1 -1
  48. package/lib/typescript/pid/index.d.ts.map +1 -1
  49. package/lib/typescript/pid/issuing.d.ts +51 -87
  50. package/lib/typescript/pid/issuing.d.ts.map +1 -1
  51. package/lib/typescript/pid/metadata.d.ts +1338 -408
  52. package/lib/typescript/pid/metadata.d.ts.map +1 -1
  53. package/lib/typescript/rp/index.d.ts +48 -86
  54. package/lib/typescript/rp/index.d.ts.map +1 -1
  55. package/lib/typescript/rp/types.d.ts +413 -57
  56. package/lib/typescript/rp/types.d.ts.map +1 -1
  57. package/lib/typescript/sd-jwt/index.d.ts +1 -1
  58. package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
  59. package/lib/typescript/trust/types.d.ts +1000 -274
  60. package/lib/typescript/trust/types.d.ts.map +1 -1
  61. package/lib/typescript/utils/crypto.d.ts +10 -0
  62. package/lib/typescript/utils/crypto.d.ts.map +1 -0
  63. package/lib/typescript/utils/dpop.d.ts +10 -2
  64. package/lib/typescript/utils/dpop.d.ts.map +1 -1
  65. package/lib/typescript/wallet-instance-attestation/index.d.ts +2 -2
  66. package/lib/typescript/wallet-instance-attestation/index.d.ts.map +1 -1
  67. package/lib/typescript/wallet-instance-attestation/issuing.d.ts +17 -31
  68. package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +1 -1
  69. package/package.json +2 -2
  70. package/src/index.ts +5 -3
  71. package/src/pid/index.ts +1 -1
  72. package/src/pid/issuing.ts +233 -225
  73. package/src/pid/metadata.ts +32 -27
  74. package/src/rp/__test__/index.test.ts +1 -1
  75. package/src/rp/index.ts +180 -188
  76. package/src/sd-jwt/index.ts +1 -1
  77. package/src/trust/types.ts +39 -32
  78. package/src/utils/crypto.ts +41 -0
  79. package/src/utils/dpop.ts +17 -7
  80. package/src/wallet-instance-attestation/index.ts +2 -2
  81. package/src/wallet-instance-attestation/issuing.ts +55 -62
@@ -3,81 +3,88 @@ import { decode as decodeJwt, decodeBase64, sha256ToBase64, SignJWT, EncryptJwe,
3
3
  import { QRCodePayload, RequestObject, RpEntityConfiguration } from "./types";
4
4
  import uuid from "react-native-uuid";
5
5
  import { disclose } from "../sd-jwt";
6
- import { getEntityConfiguration } from "../trust";
7
- export class RelyingPartySolution {
8
- constructor(relyingPartyBaseUrl, walletInstanceAttestation) {
9
- let appFetch = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : fetch;
10
- this.relyingPartyBaseUrl = relyingPartyBaseUrl;
11
- this.walletInstanceAttestation = walletInstanceAttestation;
12
- this.appFetch = appFetch;
6
+ import { getEntityConfiguration as getGenericEntityConfiguration } from "../trust";
7
+ import { createDPopToken } from "../utils/dpop";
8
+ import { WalletInstanceAttestation } from "..";
9
+
10
+ /**
11
+ * Select a RSA public key from those provided by the RP to encrypt.
12
+ *
13
+ * @param entity The RP entity configuration
14
+ * @returns A suitable public key with its compatible encryption algorithm
15
+ * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
16
+ */
17
+ const chooseRSAPublicKeyToEncrypt = entity => {
18
+ const [usingRsa256] = entity.payload.metadata.wallet_relying_party.jwks.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
19
+ if (usingRsa256) {
20
+ return usingRsa256;
13
21
  }
14
22
 
15
- /**
16
- * Decode a QR code content to an authentication request url.
17
- * @function
18
- * @param qrcode QR code content
19
- *
20
- * @returns The authentication request url
21
- *
22
- */
23
- static decodeAuthRequestQR(qrcode) {
24
- const decoded = decodeBase64(qrcode);
25
- const decodedUrl = new URL(decoded);
26
- const protocol = decodedUrl.protocol;
27
- const resource = decodedUrl.hostname;
28
- const requestURI = decodedUrl.searchParams.get("request_uri");
29
- const clientId = decodedUrl.searchParams.get("client_id");
30
- const result = QRCodePayload.safeParse({
31
- protocol,
32
- resource,
33
- requestURI,
34
- clientId
35
- });
36
- if (result.success) {
37
- return result.data;
38
- } else {
39
- throw new AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
40
- }
23
+ // No suitable key has been found
24
+ throw new NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
25
+ };
26
+
27
+ /**
28
+ * Obtain the relying party entity configuration.
29
+ */
30
+ export const getEntityConfiguration = function () {
31
+ let {
32
+ appFetch = fetch
33
+ } = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
34
+ return async relyingPartyBaseUrl => {
35
+ return getGenericEntityConfiguration(relyingPartyBaseUrl, {
36
+ appFetch: appFetch
37
+ }).then(RpEntityConfiguration.parse);
38
+ };
39
+ };
40
+
41
+ /**
42
+ * Decode a QR code content to an authentication request url.
43
+ * @function
44
+ * @param qrcode QR code content
45
+ *
46
+ * @returns The authentication request url
47
+ *
48
+ */
49
+ export const decodeAuthRequestQR = qrcode => {
50
+ const decoded = decodeBase64(qrcode);
51
+ const decodedUrl = new URL(decoded);
52
+ const protocol = decodedUrl.protocol;
53
+ const resource = decodedUrl.hostname;
54
+ const requestURI = decodedUrl.searchParams.get("request_uri");
55
+ const clientId = decodedUrl.searchParams.get("client_id");
56
+ const result = QRCodePayload.safeParse({
57
+ protocol,
58
+ resource,
59
+ requestURI,
60
+ clientId
61
+ });
62
+ if (result.success) {
63
+ return result.data;
64
+ } else {
65
+ throw new AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
41
66
  }
42
- /**
43
- * Obtain the unsigned wallet instance DPoP for authentication request
44
- *
45
- * @function
46
- * @param walletInstanceAttestationJwk JWT of the Wallet Instance Attestation
47
- * @param authRequestUrl authentication request url
48
- *
49
- * @returns The unsigned wallet instance DPoP
50
- *
51
- */
52
- async getUnsignedWalletInstanceDPoP(walletInstanceAttestationJwk, authRequestUrl) {
53
- return await new SignJWT({
67
+ };
68
+ /**
69
+ * Obtain the Request Object for RP authentication
70
+ * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
71
+ */
72
+ export const getRequestObject = _ref => {
73
+ let {
74
+ wiaCryptoContext,
75
+ appFetch = fetch
76
+ } = _ref;
77
+ return async (walletInstanceAttestation, requestUri, rpEntityConfiguration) => {
78
+ const signedWalletInstanceDPoP = await createDPopToken({
54
79
  jti: `${uuid.v4()}`,
55
80
  htm: "GET",
56
- htu: authRequestUrl,
57
- ath: await sha256ToBase64(this.walletInstanceAttestation)
58
- }).setProtectedHeader({
59
- alg: "ES256",
60
- jwk: walletInstanceAttestationJwk,
61
- typ: "dpop+jwt"
62
- }).setIssuedAt().setExpirationTime("1h").toSign();
63
- }
64
-
65
- /**
66
- * Obtain the Request Object for RP authentication
67
- * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
68
- *
69
- * @async @function
70
- * @param signedWalletInstanceDPoP JWT of the Wallet Instance Attestation DPoP
71
- *
72
- * @returns The Request Object JWT
73
- * @throws {NoSuitableKeysFoundInEntityConfiguration} When the Request Object is signed with a key not listed in RP's entity configuration
74
- *
75
- */
76
- async getRequestObject(signedWalletInstanceDPoP, requestUri, entity) {
77
- const response = await this.appFetch(requestUri, {
81
+ htu: requestUri,
82
+ ath: await sha256ToBase64(walletInstanceAttestation)
83
+ }, wiaCryptoContext);
84
+ const response = await appFetch(requestUri, {
78
85
  method: "GET",
79
86
  headers: {
80
- Authorization: `DPoP ${this.walletInstanceAttestation}`,
87
+ Authorization: `DPoP ${walletInstanceAttestation}`,
81
88
  DPoP: signedWalletInstanceDPoP
82
89
  }
83
90
  });
@@ -89,10 +96,10 @@ export class RelyingPartySolution {
89
96
  // verify token signature according to RP's entity configuration
90
97
  // to ensure the request object is authentic
91
98
  {
92
- const pubKey = entity.payload.metadata.wallet_relying_party.jwks.find(_ref => {
99
+ const pubKey = rpEntityConfiguration.payload.metadata.wallet_relying_party.jwks.find(_ref2 => {
93
100
  let {
94
101
  kid
95
- } = _ref;
102
+ } = _ref2;
96
103
  return kid === responseJwt.protectedHeader.kid;
97
104
  });
98
105
  if (!pubKey) {
@@ -102,55 +109,63 @@ export class RelyingPartySolution {
102
109
  }
103
110
 
104
111
  // parse request object it has the expected shape by specification
105
- const requestObj = RequestObject.parse({
112
+ const requestObject = RequestObject.parse({
106
113
  header: responseJwt.protectedHeader,
107
114
  payload: responseJwt.payload
108
115
  });
109
- return requestObj;
116
+ return {
117
+ requestObject,
118
+ rpEntityConfiguration,
119
+ walletInstanceAttestation
120
+ };
110
121
  }
111
- throw new IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}`);
112
- }
122
+ throw new IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}
123
+ ${await response.text()}`);
124
+ };
125
+ };
113
126
 
114
- /**
115
- * Prepare the Verified Presentation token for a received request object in the context of an authorization request flow.
116
- * The presentation is prepared by disclosing data from provided credentials, according to requested claims
117
- * Each Verified Credential come along with the claims the user accepts to disclose from it.
118
- *
119
- * The returned token is unsigned (sign should be apply by the caller).
120
- *
121
- * @todo accept more than a Verified Credential
122
- *
123
- * @param requestObj The incoming request object, which the requirements for the requested authorization
124
- * @param walletInstanceIdentifier The identifies of the wallt instance that is presenting
125
- * @param presentation The Verified Credential containing user data along with the list of claims to be disclosed.
126
- * @param signKeyId The kid of the key that will be used to sign
127
- * @returns The unsigned Verified Presentation token
128
- * @throws {ClaimsNotFoundBetweenDislosures} If the Verified Credential does not contain one or more requested claims.
129
- *
130
- */
131
- async prepareVpToken(requestObj, walletInstanceIdentifier, _ref2,
132
- // TODO: [SIW-353] support multiple presentations,
133
- signKeyId) {
134
- let [vc, claims] = _ref2;
127
+ /**
128
+ * Prepare the Verified Presentation token for a received request object in the context of an authorization request flow.
129
+ * The presentation is prepared by disclosing data from provided credentials, according to requested claims
130
+ * Each Verified Credential come along with the claims the user accepts to disclose from it.
131
+ *
132
+ * @todo accept more than a Verified Credential
133
+ */
134
+ const prepareVpToken = _ref3 => {
135
+ let {
136
+ pidCryptoContext
137
+ } = _ref3;
138
+ return async (_ref4, _ref5) => {
139
+ let {
140
+ requestObject,
141
+ walletInstanceAttestation
142
+ } = _ref4;
143
+ let [vc, claims] = _ref5;
135
144
  // this throws if vc cannot satisfy all the requested claims
136
145
  const {
137
146
  token: vp,
138
147
  paths
139
148
  } = await disclose(vc, claims);
140
149
 
141
- // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
150
+ // obtain issuer from Wallet Instance
151
+ const {
152
+ payload: {
153
+ iss
154
+ }
155
+ } = WalletInstanceAttestation.decode(walletInstanceAttestation);
156
+ const pidKid = await pidCryptoContext.getPublicKey().then(_ => _.kid);
142
157
 
143
- const vp_token = new SignJWT({
158
+ // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
159
+ const vp_token = await new SignJWT(pidCryptoContext).setProtectedHeader({
160
+ typ: "JWT",
161
+ kid: pidKid
162
+ }).setPayload({
144
163
  vp: vp,
145
164
  jti: `${uuid.v4()}`,
146
- iss: walletInstanceIdentifier,
147
- nonce: requestObj.payload.nonce
148
- }).setAudience(requestObj.payload.response_uri).setIssuedAt().setExpirationTime("1h").setProtectedHeader({
149
- typ: "JWT",
150
- alg: "ES256",
151
- kid: signKeyId
152
- }).toSign();
153
- const vc_scope = requestObj.payload.scope;
165
+ iss,
166
+ nonce: requestObject.payload.nonce
167
+ }).setAudience(requestObject.payload.response_uri).setIssuedAt().setExpirationTime("1h").sign();
168
+ const vc_scope = requestObject.payload.scope;
154
169
  const presentation_submission = {
155
170
  definition_id: `${uuid.v4()}`,
156
171
  id: `${uuid.v4()}`,
@@ -164,30 +179,43 @@ export class RelyingPartySolution {
164
179
  vp_token,
165
180
  presentation_submission
166
181
  };
167
- }
182
+ };
183
+ };
168
184
 
169
- /**
170
- * Compose and send an Authorization Response in the context of an authorization request flow.
171
- *
172
- * @todo MUST add presentation_submission
173
- *
174
- * @param requestObj The incoming request object, which the requirements for the requested authorization
175
- * @param vp_token The signed Verified Presentation token with data to send.
176
- * @param presentation_submission
177
- * @param entity The RP entity configuration
178
- * @returns The response from the RP
179
- * @throws {IoWalletError} if the submission fails.
180
- * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key
181
- *
182
- */
183
- async sendAuthorizationResponse(requestObj, vp_token, presentation_submission, entity) {
185
+ /**
186
+ * Compose and send an Authorization Response in the context of an authorization request flow.
187
+ *
188
+ * @todo MUST add presentation_submission
189
+ *
190
+ */
191
+ export const sendAuthorizationResponse = _ref6 => {
192
+ let {
193
+ pidCryptoContext,
194
+ appFetch = fetch
195
+ } = _ref6;
196
+ return async (_ref7, presentation) => {
197
+ let {
198
+ requestObject,
199
+ rpEntityConfiguration,
200
+ walletInstanceAttestation
201
+ } = _ref7;
184
202
  // the request is an unsigned jws without iss, aud, exp
185
203
  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
186
- const jwk = this.chooseRSAPublicKeyToEncrypt(entity);
204
+ const jwk = chooseRSAPublicKeyToEncrypt(rpEntityConfiguration);
205
+ const {
206
+ vp_token,
207
+ presentation_submission
208
+ } = await prepareVpToken({
209
+ pidCryptoContext
210
+ })({
211
+ requestObject,
212
+ rpEntityConfiguration,
213
+ walletInstanceAttestation
214
+ }, presentation);
187
215
  const authzResponsePayload = JSON.stringify({
188
- state: requestObj.payload.state,
216
+ state: requestObject.payload.state,
189
217
  presentation_submission,
190
- nonce: requestObj.payload.nonce,
218
+ nonce: requestObject.payload.nonce,
191
219
  vp_token
192
220
  });
193
221
  const encrypted = await new EncryptJwe(authzResponsePayload, {
@@ -199,7 +227,7 @@ export class RelyingPartySolution {
199
227
  response: encrypted
200
228
  });
201
229
  const body = formBody.toString();
202
- const response = await this.appFetch(requestObj.payload.response_uri, {
230
+ const response = await appFetch(requestObject.payload.response_uri, {
203
231
  method: "POST",
204
232
  headers: {
205
233
  "Content-Type": "application/x-www-form-urlencoded"
@@ -210,32 +238,6 @@ export class RelyingPartySolution {
210
238
  return await response.json();
211
239
  }
212
240
  throw new IoWalletError(`Unable to send Authorization Response. Response: ${await response.text()} with code: ${response.status}`);
213
- }
214
-
215
- /**
216
- * Select a RSA public key from those provided by the RP to encrypt.
217
- *
218
- * @param entity The RP entity configuration
219
- * @returns A suitable public key with its compatible encryption algorithm
220
- * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
221
- */
222
- chooseRSAPublicKeyToEncrypt(entity) {
223
- const [usingRsa256] = entity.payload.metadata.wallet_relying_party.jwks.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
224
- if (usingRsa256) {
225
- return usingRsa256;
226
- }
227
-
228
- // No suitable key has been found
229
- throw new NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
230
- }
231
-
232
- /**
233
- * Obtain the relying party entity configuration.
234
- */
235
- async getEntityConfiguration() {
236
- return getEntityConfiguration(this.relyingPartyBaseUrl, {
237
- appFetch: this.appFetch
238
- }).then(RpEntityConfiguration.parse);
239
- }
240
- }
241
+ };
242
+ };
241
243
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"names":["AuthRequestDecodeError","IoWalletError","NoSuitableKeysFoundInEntityConfiguration","decode","decodeJwt","decodeBase64","sha256ToBase64","SignJWT","EncryptJwe","verify","QRCodePayload","RequestObject","RpEntityConfiguration","uuid","disclose","getEntityConfiguration","RelyingPartySolution","constructor","relyingPartyBaseUrl","walletInstanceAttestation","appFetch","arguments","length","undefined","fetch","decodeAuthRequestQR","qrcode","decoded","decodedUrl","URL","protocol","resource","hostname","requestURI","searchParams","get","clientId","result","safeParse","success","data","error","message","getUnsignedWalletInstanceDPoP","walletInstanceAttestationJwk","authRequestUrl","jti","v4","htm","htu","ath","setProtectedHeader","alg","jwk","typ","setIssuedAt","setExpirationTime","toSign","getRequestObject","signedWalletInstanceDPoP","requestUri","entity","response","method","headers","Authorization","DPoP","status","responseJson","json","responseEncodedJwt","responseJwt","pubKey","payload","metadata","wallet_relying_party","jwks","find","_ref","kid","protectedHeader","requestObj","parse","header","prepareVpToken","walletInstanceIdentifier","_ref2","signKeyId","vc","claims","token","vp","paths","vp_token","iss","nonce","setAudience","response_uri","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","chooseRSAPublicKeyToEncrypt","authzResponsePayload","JSON","stringify","state","encrypted","enc","encrypt","formBody","URLSearchParams","body","toString","text","usingRsa256","filter","use","kty","then"],"sourceRoot":"../../../src","sources":["rp/index.ts"],"mappings":"AAAA,SACEA,sBAAsB,EACtBC,aAAa,EACbC,wCAAwC,QACnC,iBAAiB;AACxB,SACEC,MAAM,IAAIC,SAAS,EACnBC,YAAY,EACZC,cAAc,EACdC,OAAO,EACPC,UAAU,EACVC,MAAM,QACD,6BAA6B;AACpC,SACEC,aAAa,EACbC,aAAa,EACbC,qBAAqB,QAEhB,SAAS;AAEhB,OAAOC,IAAI,MAAM,mBAAmB;AAEpC,SAASC,QAAQ,QAAQ,WAAW;AACpC,SAASC,sBAAsB,QAAQ,UAAU;AAEjD,OAAO,MAAMC,oBAAoB,CAAC;EAKhCC,WAAWA,CACTC,mBAA2B,EAC3BC,yBAAiC,EAEjC;IAAA,IADAC,QAA8B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;IAEtC,IAAI,CAACN,mBAAmB,GAAGA,mBAAmB;IAC9C,IAAI,CAACC,yBAAyB,GAAGA,yBAAyB;IAC1D,IAAI,CAACC,QAAQ,GAAGA,QAAQ;EAC1B;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACE,OAAOK,mBAAmBA,CAACC,MAAc,EAAiB;IACxD,MAAMC,OAAO,GAAGtB,YAAY,CAACqB,MAAM,CAAC;IACpC,MAAME,UAAU,GAAG,IAAIC,GAAG,CAACF,OAAO,CAAC;IACnC,MAAMG,QAAQ,GAAGF,UAAU,CAACE,QAAQ;IACpC,MAAMC,QAAQ,GAAGH,UAAU,CAACI,QAAQ;IACpC,MAAMC,UAAU,GAAGL,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC;IAC7D,MAAMC,QAAQ,GAAGR,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,WAAW,CAAC;IAEzD,MAAME,MAAM,GAAG3B,aAAa,CAAC4B,SAAS,CAAC;MACrCR,QAAQ;MACRC,QAAQ;MACRE,UAAU;MACVG;IACF,CAAC,CAAC;IAEF,IAAIC,MAAM,CAACE,OAAO,EAAE;MAClB,OAAOF,MAAM,CAACG,IAAI;IACpB,CAAC,MAAM;MACL,MAAM,IAAIxC,sBAAsB,CAACqC,MAAM,CAACI,KAAK,CAACC,OAAO,EAAG,GAAEd,UAAW,EAAC,CAAC;IACzE;EACF;EACA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMe,6BAA6BA,CACjCC,4BAAiC,EACjCC,cAAsB,EACL;IACjB,OAAO,MAAM,IAAItC,OAAO,CAAC;MACvBuC,GAAG,EAAG,GAAEjC,IAAI,CAACkC,EAAE,CAAC,CAAE,EAAC;MACnBC,GAAG,EAAE,KAAK;MACVC,GAAG,EAAEJ,cAAc;MACnBK,GAAG,EAAE,MAAM5C,cAAc,CAAC,IAAI,CAACa,yBAAyB;IAC1D,CAAC,CAAC,CACCgC,kBAAkB,CAAC;MAClBC,GAAG,EAAE,OAAO;MACZC,GAAG,EAAET,4BAA4B;MACjCU,GAAG,EAAE;IACP,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,MAAM,CAAC,CAAC;EACb;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMC,gBAAgBA,CACpBC,wBAAgC,EAChCC,UAAkB,EAClBC,MAA6B,EACL;IACxB,MAAMC,QAAQ,GAAG,MAAM,IAAI,CAAC1C,QAAQ,CAACwC,UAAU,EAAE;MAC/CG,MAAM,EAAE,KAAK;MACbC,OAAO,EAAE;QACPC,aAAa,EAAG,QAAO,IAAI,CAAC9C,yBAA0B,EAAC;QACvD+C,IAAI,EAAEP;MACR;IACF,CAAC,CAAC;IAEF,IAAIG,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,YAAY,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MAC1C,MAAMC,kBAAkB,GAAGF,YAAY,CAACN,QAAQ;MAEhD,MAAMS,WAAW,GAAGnE,SAAS,CAACkE,kBAAkB,CAAC;;MAEjD;MACA;MACA;QACE,MAAME,MAAM,GAAGX,MAAM,CAACY,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACC,IAAI,CACnEC,IAAA;UAAA,IAAC;YAAEC;UAAI,CAAC,GAAAD,IAAA;UAAA,OAAKC,GAAG,KAAKR,WAAW,CAACS,eAAe,CAACD,GAAG;QAAA,CACtD,CAAC;QACD,IAAI,CAACP,MAAM,EAAE;UACX,MAAM,IAAItE,wCAAwC,CAChD,uCACF,CAAC;QACH;QACA,MAAMO,MAAM,CAAC6D,kBAAkB,EAAEE,MAAM,CAAC;MAC1C;;MAEA;MACA,MAAMS,UAAU,GAAGtE,aAAa,CAACuE,KAAK,CAAC;QACrCC,MAAM,EAAEZ,WAAW,CAACS,eAAe;QACnCP,OAAO,EAAEF,WAAW,CAACE;MACvB,CAAC,CAAC;MAEF,OAAOQ,UAAU;IACnB;IAEA,MAAM,IAAIhF,aAAa,CACpB,mDAAkD6D,QAAQ,CAACK,MAAO,EACrE,CAAC;EACH;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMiB,cAAcA,CAClBH,UAAyB,EACzBI,wBAAgC,EAAAC,KAAA;EACJ;EAC5BC,SAAiB,EAIhB;IAAA,IALD,CAACC,EAAE,EAAEC,MAAM,CAAe,GAAAH,KAAA;IAM1B;IACA,MAAM;MAAEI,KAAK,EAAEC,EAAE;MAAEC;IAAM,CAAC,GAAG,MAAM9E,QAAQ,CAAC0E,EAAE,EAAEC,MAAM,CAAC;;IAEvD;;IAEA,MAAMI,QAAQ,GAAG,IAAItF,OAAO,CAAC;MAC3BoF,EAAE,EAAEA,EAAE;MACN7C,GAAG,EAAG,GAAEjC,IAAI,CAACkC,EAAE,CAAC,CAAE,EAAC;MACnB+C,GAAG,EAAET,wBAAwB;MAC7BU,KAAK,EAAEd,UAAU,CAACR,OAAO,CAACsB;IAC5B,CAAC,CAAC,CACCC,WAAW,CAACf,UAAU,CAACR,OAAO,CAACwB,YAAY,CAAC,CAC5C1C,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBL,kBAAkB,CAAC;MAClBG,GAAG,EAAE,KAAK;MACVF,GAAG,EAAE,OAAO;MACZ2B,GAAG,EAAEQ;IACP,CAAC,CAAC,CACD9B,MAAM,CAAC,CAAC;IAEX,MAAMyC,QAAQ,GAAGjB,UAAU,CAACR,OAAO,CAAC0B,KAAK;IACzC,MAAMC,uBAAuB,GAAG;MAC9BC,aAAa,EAAG,GAAExF,IAAI,CAACkC,EAAE,CAAC,CAAE,EAAC;MAC7BuD,EAAE,EAAG,GAAEzF,IAAI,CAACkC,EAAE,CAAC,CAAE,EAAC;MAClBwD,cAAc,EAAEX,KAAK,CAACY,GAAG,CAAEC,CAAC,KAAM;QAChCH,EAAE,EAAEJ,QAAQ;QACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;QAC5BC,MAAM,EAAE;MACV,CAAC,CAAC;IACJ,CAAC;IAED,OAAO;MAAEd,QAAQ;MAAEO;IAAwB,CAAC;EAC9C;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMQ,yBAAyBA,CAC7B3B,UAAyB,EACzBY,QAAgB,EAChBO,uBAAgD,EAChDvC,MAA6B,EACZ;IACjB;IACA;IACA,MAAMR,GAAG,GAAG,IAAI,CAACwD,2BAA2B,CAAChD,MAAM,CAAC;IAEpD,MAAMiD,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;MAC1CC,KAAK,EAAEhC,UAAU,CAACR,OAAO,CAACwC,KAAK;MAC/Bb,uBAAuB;MACvBL,KAAK,EAAEd,UAAU,CAACR,OAAO,CAACsB,KAAK;MAC/BF;IACF,CAAC,CAAC;IAEF,MAAMqB,SAAS,GAAG,MAAM,IAAI1G,UAAU,CAACsG,oBAAoB,EAAE;MAC3D1D,GAAG,EAAE,cAAc;MACnB+D,GAAG,EAAE,eAAe;MACpBpC,GAAG,EAAE1B,GAAG,CAAC0B;IACX,CAAC,CAAC,CAACqC,OAAO,CAAC/D,GAAG,CAAC;IAEf,MAAMgE,QAAQ,GAAG,IAAIC,eAAe,CAAC;MAAExD,QAAQ,EAAEoD;IAAU,CAAC,CAAC;IAC7D,MAAMK,IAAI,GAAGF,QAAQ,CAACG,QAAQ,CAAC,CAAC;IAEhC,MAAM1D,QAAQ,GAAG,MAAM,IAAI,CAAC1C,QAAQ,CAAC6D,UAAU,CAACR,OAAO,CAACwB,YAAY,EAAE;MACpElC,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDuD;IACF,CAAC,CAAC;IAEF,IAAIzD,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAML,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAIpE,aAAa,CACpB,oDAAmD,MAAM6D,QAAQ,CAAC2D,IAAI,CAAC,CAAE,eACxE3D,QAAQ,CAACK,MACV,EACH,CAAC;EACH;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;EACU0C,2BAA2BA,CAAChD,MAA6B,EAAO;IACtE,MAAM,CAAC6D,WAAW,CAAC,GACjB7D,MAAM,CAACY,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAAC+C,MAAM,CACrDtE,GAAG,IAAKA,GAAG,CAACuE,GAAG,KAAK,KAAK,IAAIvE,GAAG,CAACwE,GAAG,KAAK,KAC5C,CAAC;IAEH,IAAIH,WAAW,EAAE;MACf,OAAOA,WAAW;IACpB;;IAEA;IACA,MAAM,IAAIxH,wCAAwC,CAChD,4BACF,CAAC;EACH;;EAEA;AACF;AACA;EACE,MAAMa,sBAAsBA,CAAA,EAAmC;IAC7D,OAAOA,sBAAsB,CAAC,IAAI,CAACG,mBAAmB,EAAE;MACtDE,QAAQ,EAAE,IAAI,CAACA;IACjB,CAAC,CAAC,CAAC0G,IAAI,CAAClH,qBAAqB,CAACsE,KAAK,CAAC;EACtC;AACF"}
1
+ {"version":3,"names":["AuthRequestDecodeError","IoWalletError","NoSuitableKeysFoundInEntityConfiguration","decode","decodeJwt","decodeBase64","sha256ToBase64","SignJWT","EncryptJwe","verify","QRCodePayload","RequestObject","RpEntityConfiguration","uuid","disclose","getEntityConfiguration","getGenericEntityConfiguration","createDPopToken","WalletInstanceAttestation","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","payload","metadata","wallet_relying_party","jwks","filter","jwk","use","kty","appFetch","fetch","arguments","length","undefined","relyingPartyBaseUrl","then","parse","decodeAuthRequestQR","qrcode","decoded","decodedUrl","URL","protocol","resource","hostname","requestURI","searchParams","get","clientId","result","safeParse","success","data","error","message","getRequestObject","_ref","wiaCryptoContext","walletInstanceAttestation","requestUri","rpEntityConfiguration","signedWalletInstanceDPoP","jti","v4","htm","htu","ath","response","method","headers","Authorization","DPoP","status","responseJson","json","responseEncodedJwt","responseJwt","pubKey","find","_ref2","kid","protectedHeader","requestObject","header","text","prepareVpToken","_ref3","pidCryptoContext","_ref4","_ref5","vc","claims","token","vp","paths","iss","pidKid","getPublicKey","_","vp_token","setProtectedHeader","typ","setPayload","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","_ref6","_ref7","presentation","authzResponsePayload","JSON","stringify","state","encrypted","alg","enc","encrypt","formBody","URLSearchParams","body","toString"],"sourceRoot":"../../../src","sources":["rp/index.ts"],"mappings":"AAAA,SACEA,sBAAsB,EACtBC,aAAa,EACbC,wCAAwC,QACnC,iBAAiB;AACxB,SACEC,MAAM,IAAIC,SAAS,EACnBC,YAAY,EACZC,cAAc,EACdC,OAAO,EACPC,UAAU,EACVC,MAAM,QAED,6BAA6B;AACpC,SACEC,aAAa,EACbC,aAAa,EACbC,qBAAqB,QAEhB,SAAS;AAEhB,OAAOC,IAAI,MAAM,mBAAmB;AAEpC,SAASC,QAAQ,QAAQ,WAAW;AACpC,SAASC,sBAAsB,IAAIC,6BAA6B,QAAQ,UAAU;AAClF,SAASC,eAAe,QAAQ,eAAe;AAC/C,SAASC,yBAAyB,QAAQ,IAAI;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,2BAA2B,GAAIC,MAA6B,IAAU;EAC1E,MAAM,CAACC,WAAW,CAAC,GACjBD,MAAM,CAACE,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACC,MAAM,CACrDC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAEH,IAAIR,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAInB,wCAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA,OAAO,MAAMa,sBAAsB,GACjC,SAAAA,CAAA;EAAA,IAAC;IAAEe,QAAQ,GAAGC;EAA2C,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAAA,OAC/D,MAAOG,mBAA2B,IAAqC;IACrE,OAAOnB,6BAA6B,CAACmB,mBAAmB,EAAE;MACxDL,QAAQ,EAAEA;IACZ,CAAC,CAAC,CAACM,IAAI,CAACxB,qBAAqB,CAACyB,KAAK,CAAC;EACtC,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAmB,GAAIC,MAAc,IAAoB;EACpE,MAAMC,OAAO,GAAGnC,YAAY,CAACkC,MAAM,CAAC;EACpC,MAAME,UAAU,GAAG,IAAIC,GAAG,CAACF,OAAO,CAAC;EACnC,MAAMG,QAAQ,GAAGF,UAAU,CAACE,QAAQ;EACpC,MAAMC,QAAQ,GAAGH,UAAU,CAACI,QAAQ;EACpC,MAAMC,UAAU,GAAGL,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC;EAC7D,MAAMC,QAAQ,GAAGR,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,WAAW,CAAC;EAEzD,MAAME,MAAM,GAAGxC,aAAa,CAACyC,SAAS,CAAC;IACrCR,QAAQ;IACRC,QAAQ;IACRE,UAAU;IACVG;EACF,CAAC,CAAC;EAEF,IAAIC,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIrD,sBAAsB,CAACkD,MAAM,CAACI,KAAK,CAACC,OAAO,EAAG,GAAEd,UAAW,EAAC,CAAC;EACzE;AACF,CAAC;AAQD;AACA;AACA;AACA;AACA,OAAO,MAAMe,gBAAgB,GAC3BC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChB5B,QAAQ,GAAGC;EAIb,CAAC,GAAA0B,IAAA;EAAA,OACD,OACEE,yBAAiC,EACjCC,UAAkB,EAClBC,qBAA4C,KACb;IAC/B,MAAMC,wBAAwB,GAAG,MAAM7C,eAAe,CACpD;MACE8C,GAAG,EAAG,GAAElD,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MACnBC,GAAG,EAAE,KAAK;MACVC,GAAG,EAAEN,UAAU;MACfO,GAAG,EAAE,MAAM7D,cAAc,CAACqD,yBAAyB;IACrD,CAAC,EACDD,gBACF,CAAC;IAED,MAAMU,QAAQ,GAAG,MAAMtC,QAAQ,CAAC8B,UAAU,EAAE;MAC1CS,MAAM,EAAE,KAAK;MACbC,OAAO,EAAE;QACPC,aAAa,EAAG,QAAOZ,yBAA0B,EAAC;QAClDa,IAAI,EAAEV;MACR;IACF,CAAC,CAAC;IAEF,IAAIM,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,YAAY,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MAC1C,MAAMC,kBAAkB,GAAGF,YAAY,CAACN,QAAQ;MAEhD,MAAMS,WAAW,GAAGzE,SAAS,CAACwE,kBAAkB,CAAC;;MAEjD;MACA;MACA;QACE,MAAME,MAAM,GACVjB,qBAAqB,CAACvC,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACsD,IAAI,CACnEC,KAAA;UAAA,IAAC;YAAEC;UAAI,CAAC,GAAAD,KAAA;UAAA,OAAKC,GAAG,KAAKJ,WAAW,CAACK,eAAe,CAACD,GAAG;QAAA,CACtD,CAAC;QACH,IAAI,CAACH,MAAM,EAAE;UACX,MAAM,IAAI5E,wCAAwC,CAChD,uCACF,CAAC;QACH;QACA,MAAMO,MAAM,CAACmE,kBAAkB,EAAEE,MAAM,CAAC;MAC1C;;MAEA;MACA,MAAMK,aAAa,GAAGxE,aAAa,CAAC0B,KAAK,CAAC;QACxC+C,MAAM,EAAEP,WAAW,CAACK,eAAe;QACnC5D,OAAO,EAAEuD,WAAW,CAACvD;MACvB,CAAC,CAAC;MAEF,OAAO;QACL6D,aAAa;QACbtB,qBAAqB;QACrBF;MACF,CAAC;IACH;IAEA,MAAM,IAAI1D,aAAa,CACpB,mDAAkDmE,QAAQ,CAACK,MAAO;AACzE,QAAQ,MAAML,QAAQ,CAACiB,IAAI,CAAC,CAAE,EAC1B,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,cAAc,GAClBC,KAAA;EAAA,IAAC;IAAEC;EAAsD,CAAC,GAAAD,KAAA;EAAA,OAC1D,OAAAE,KAAA,EAAAC,KAAA,KAMM;IAAA,IALJ;MAAEP,aAAa;MAAExB;IAA6C,CAAC,GAAA8B,KAAA;IAAA,IAC/D,CAACE,EAAE,EAAEC,MAAM,CAAe,GAAAF,KAAA;IAK1B;IACA,MAAM;MAAEG,KAAK,EAAEC,EAAE;MAAEC;IAAM,CAAC,GAAG,MAAMjF,QAAQ,CAAC6E,EAAE,EAAEC,MAAM,CAAC;;IAEvD;IACA,MAAM;MACJtE,OAAO,EAAE;QAAE0E;MAAI;IACjB,CAAC,GAAG9E,yBAAyB,CAACf,MAAM,CAACwD,yBAAyB,CAAC;IAE/D,MAAMsC,MAAM,GAAG,MAAMT,gBAAgB,CAACU,YAAY,CAAC,CAAC,CAAC9D,IAAI,CAAE+D,CAAC,IAAKA,CAAC,CAAClB,GAAG,CAAC;;IAEvE;IACA,MAAMmB,QAAQ,GAAG,MAAM,IAAI7F,OAAO,CAACiF,gBAAgB,CAAC,CACjDa,kBAAkB,CAAC;MAClBC,GAAG,EAAE,KAAK;MACVrB,GAAG,EAAEgB;IACP,CAAC,CAAC,CACDM,UAAU,CAAC;MACVT,EAAE,EAAEA,EAAE;MACN/B,GAAG,EAAG,GAAElD,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MACnBgC,GAAG;MACHQ,KAAK,EAAErB,aAAa,CAAC7D,OAAO,CAACkF;IAC/B,CAAC,CAAC,CACDC,WAAW,CAACtB,aAAa,CAAC7D,OAAO,CAACoF,YAAY,CAAC,CAC/CC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,QAAQ,GAAG3B,aAAa,CAAC7D,OAAO,CAACyF,KAAK;IAC5C,MAAMC,uBAAuB,GAAG;MAC9BC,aAAa,EAAG,GAAEpG,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MAC7BkD,EAAE,EAAG,GAAErG,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MAClBmD,cAAc,EAAEpB,KAAK,CAACqB,GAAG,CAAEC,CAAC,KAAM;QAChCH,EAAE,EAAEJ,QAAQ;QACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;QAC5BC,MAAM,EAAE;MACV,CAAC,CAAC;IACJ,CAAC;IAED,OAAO;MAAEnB,QAAQ;MAAEY;IAAwB,CAAC;EAC9C,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,yBAAyB,GACpCC,KAAA;EAAA,IAAC;IACCjC,gBAAgB;IAChB1D,QAAQ,GAAGC;EAIb,CAAC,GAAA0F,KAAA;EAAA,OACD,OAAAC,KAAA,EAMEC,YAA0B,KACN;IAAA,IANpB;MACExC,aAAa;MACbtB,qBAAqB;MACrBF;IACiB,CAAC,GAAA+D,KAAA;IAGpB;IACA;IACA,MAAM/F,GAAG,GAAGR,2BAA2B,CAAC0C,qBAAqB,CAAC;IAE9D,MAAM;MAAEuC,QAAQ;MAAEY;IAAwB,CAAC,GAAG,MAAM1B,cAAc,CAAC;MACjEE;IACF,CAAC,CAAC,CACA;MACEL,aAAa;MACbtB,qBAAqB;MACrBF;IACF,CAAC,EACDgE,YACF,CAAC;IAED,MAAMC,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;MAC1CC,KAAK,EAAE5C,aAAa,CAAC7D,OAAO,CAACyG,KAAK;MAClCf,uBAAuB;MACvBR,KAAK,EAAErB,aAAa,CAAC7D,OAAO,CAACkF,KAAK;MAClCJ;IACF,CAAC,CAAC;IAEF,MAAM4B,SAAS,GAAG,MAAM,IAAIxH,UAAU,CAACoH,oBAAoB,EAAE;MAC3DK,GAAG,EAAE,cAAc;MACnBC,GAAG,EAAE,eAAe;MACpBjD,GAAG,EAAEtD,GAAG,CAACsD;IACX,CAAC,CAAC,CAACkD,OAAO,CAACxG,GAAG,CAAC;IAEf,MAAMyG,QAAQ,GAAG,IAAIC,eAAe,CAAC;MAAEjE,QAAQ,EAAE4D;IAAU,CAAC,CAAC;IAC7D,MAAMM,IAAI,GAAGF,QAAQ,CAACG,QAAQ,CAAC,CAAC;IAEhC,MAAMnE,QAAQ,GAAG,MAAMtC,QAAQ,CAACqD,aAAa,CAAC7D,OAAO,CAACoF,YAAY,EAAE;MAClErC,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDgE;IACF,CAAC,CAAC;IAEF,IAAIlE,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAML,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAI1E,aAAa,CACpB,oDAAmD,MAAMmE,QAAQ,CAACiB,IAAI,CAAC,CAAE,eACxEjB,QAAQ,CAACK,MACV,EACH,CAAC;EACH,CAAC;AAAA"}
@@ -22,12 +22,13 @@ export const EntityStatement = z.object({
22
22
  exp: z.number()
23
23
  })
24
24
  });
25
+ export const EntityConfigurationHeader = z.object({
26
+ typ: z.literal("entity-statement+jwt"),
27
+ alg: z.string(),
28
+ kid: z.string()
29
+ });
25
30
  export const EntityConfiguration = z.object({
26
- header: z.object({
27
- typ: z.literal("entity-statement+jwt"),
28
- alg: z.string(),
29
- kid: z.string()
30
- }),
31
+ header: EntityConfigurationHeader,
31
32
  payload: z.object({
32
33
  exp: UnixTime,
33
34
  iat: UnixTime,
@@ -50,7 +51,7 @@ export const EntityConfiguration = z.object({
50
51
  }).passthrough()
51
52
  }).passthrough(),
52
53
  authority_hints: z.array(z.string()).optional()
53
- })
54
+ }).passthrough()
54
55
  });
55
56
  export const TrustAnchorEntityConfiguration = EntityConfiguration;
56
57
  //# sourceMappingURL=types.js.map
@@ -1 +1 @@
1
- {"version":3,"names":["UnixTime","JWK","z","TrustMark","object","id","string","trust_mark","EntityStatement","header","typ","literal","alg","kid","payload","iss","sub","jwks","keys","array","trust_marks","iat","number","exp","EntityConfiguration","metadata","federation_entity","federation_fetch_endpoint","optional","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","homepage_uri","policy_uri","logo_uri","contacts","passthrough","authority_hints","TrustAnchorEntityConfiguration"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,OAAO,MAAMC,SAAS,GAAGD,CAAC,CAACE,MAAM,CAAC;EAAEC,EAAE,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEL,CAAC,CAACI,MAAM,CAAC;AAAE,CAAC,CAAC;AAI7E,OAAO,MAAME,eAAe,GAAGN,CAAC,CAACE,MAAM,CAAC;EACtCK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACFQ,OAAO,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAChBW,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MAAEc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IAAE,CAAC,CAAC;IACtCmB,WAAW,EAAElB,CAAC,CAACiB,KAAK,CAAChB,SAAS,CAAC;IAC/BkB,GAAG,EAAEnB,CAAC,CAACoB,MAAM,CAAC,CAAC;IACfC,GAAG,EAAErB,CAAC,CAACoB,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAGF,OAAO,MAAME,mBAAmB,GAAGtB,CAAC,CAACE,MAAM,CAAC;EAC1CK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACFQ,OAAO,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAChBmB,GAAG,EAAEvB,QAAQ;IACbqB,GAAG,EAAErB,QAAQ;IACbe,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MACbc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IACnB,CAAC,CAAC;IACFwB,QAAQ,EAAEvB,CAAC,CACRE,MAAM,CAAC;MACNsB,iBAAiB,EAAExB,CAAC,CACjBE,MAAM,CAAC;QACNuB,yBAAyB,EAAEzB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAChDC,wBAAwB,EAAE3B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAC/CE,2BAA2B,EAAE5B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAClDG,qCAAqC,EAAE7B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAC5DI,mCAAmC,EAAE9B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAC1DK,YAAY,EAAE/B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QACnCM,UAAU,EAAEhC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QACjCO,QAAQ,EAAEjC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAC/BQ,QAAQ,EAAElC,CAAC,CAACiB,KAAK,CAACjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC;MACzC,CAAC,CAAC,CACDS,WAAW,CAAC;IACjB,CAAC,CAAC,CACDA,WAAW,CAAC,CAAC;IAChBC,eAAe,EAAEpC,CAAC,CAACiB,KAAK,CAACjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC;EAChD,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAMW,8BAA8B,GAAGf,mBAAmB"}
1
+ {"version":3,"names":["UnixTime","JWK","z","TrustMark","object","id","string","trust_mark","EntityStatement","header","typ","literal","alg","kid","payload","iss","sub","jwks","keys","array","trust_marks","iat","number","exp","EntityConfigurationHeader","EntityConfiguration","metadata","federation_entity","federation_fetch_endpoint","optional","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","homepage_uri","policy_uri","logo_uri","contacts","passthrough","authority_hints","TrustAnchorEntityConfiguration"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,OAAO,MAAMC,SAAS,GAAGD,CAAC,CAACE,MAAM,CAAC;EAAEC,EAAE,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEL,CAAC,CAACI,MAAM,CAAC;AAAE,CAAC,CAAC;AAI7E,OAAO,MAAME,eAAe,GAAGN,CAAC,CAACE,MAAM,CAAC;EACtCK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACFQ,OAAO,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAChBW,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MAAEc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IAAE,CAAC,CAAC;IACtCmB,WAAW,EAAElB,CAAC,CAACiB,KAAK,CAAChB,SAAS,CAAC;IAC/BkB,GAAG,EAAEnB,CAAC,CAACoB,MAAM,CAAC,CAAC;IACfC,GAAG,EAAErB,CAAC,CAACoB,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAME,yBAAyB,GAAGtB,CAAC,CAACE,MAAM,CAAC;EAChDM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;EACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;EACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;AAChB,CAAC,CAAC;AAGF,OAAO,MAAMmB,mBAAmB,GAAGvB,CAAC,CAACE,MAAM,CAAC;EAC1CK,MAAM,EAAEe,yBAAyB;EACjCV,OAAO,EAAEZ,CAAC,CACPE,MAAM,CAAC;IACNmB,GAAG,EAAEvB,QAAQ;IACbqB,GAAG,EAAErB,QAAQ;IACbe,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MACbc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IACnB,CAAC,CAAC;IACFyB,QAAQ,EAAExB,CAAC,CACRE,MAAM,CAAC;MACNuB,iBAAiB,EAAEzB,CAAC,CACjBE,MAAM,CAAC;QACNwB,yBAAyB,EAAE1B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAChDC,wBAAwB,EAAE5B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC/CE,2BAA2B,EAAE7B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAClDG,qCAAqC,EAAE9B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC5DI,mCAAmC,EAAE/B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC1DK,YAAY,EAAEhC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QACnCM,UAAU,EAAEjC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QACjCO,QAAQ,EAAElC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC/BQ,QAAQ,EAAEnC,CAAC,CAACiB,KAAK,CAACjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACuB,QAAQ,CAAC;MACzC,CAAC,CAAC,CACDS,WAAW,CAAC;IACjB,CAAC,CAAC,CACDA,WAAW,CAAC,CAAC;IAChBC,eAAe,EAAErC,CAAC,CAACiB,KAAK,CAACjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACuB,QAAQ,CAAC;EAChD,CAAC,CAAC,CACDS,WAAW,CAAC;AACjB,CAAC,CAAC;AAKF,OAAO,MAAME,8BAA8B,GAAGf,mBAAmB"}
@@ -0,0 +1,40 @@
1
+ import { getPublicKey, sign } from "@pagopa/io-react-native-crypto";
2
+ import { thumbprint } from "@pagopa/io-react-native-jwt";
3
+ import { fixBase64EncodingOnKey } from "./jwk";
4
+
5
+ /**
6
+ * Create a CryptoContext bound to a key pair.
7
+ * Key pair is supposed to exist already in the device's keychain.
8
+ * It's identified by its unique keytag.
9
+ *
10
+ * @returns the crypto context
11
+ */
12
+ export const createCryptoContextFor = keytag => {
13
+ return {
14
+ /**
15
+ * Retrieve the public key of the pair.
16
+ * If the key pair doesn't exist yet, an error is raised
17
+ * @returns The public key.
18
+ */
19
+ async getPublicKey() {
20
+ return getPublicKey(keytag).then(fixBase64EncodingOnKey).then(async jwk => ({
21
+ ...jwk,
22
+ // Keys in the TEE are not stored with their KID, which is supposed to be assigned when they are included in JWK sets.
23
+ // (that is, KID is not a propoerty of the key itself, but it's property used to identify a key in a set).
24
+ // We assume the convention we use the thumbprint of the public key as KID, thus for easy development we decided to evaluate KID here
25
+ // However the values is an arbitrary string that might be anything
26
+ kid: await thumbprint(jwk)
27
+ }));
28
+ },
29
+ /**
30
+ * Get a signature for a provided value.
31
+ * If the key pair doesn't exist yet, an error is raised.
32
+ * @param value
33
+ * @returns The signature for the value
34
+ */
35
+ async getSignature(value) {
36
+ return sign(value, keytag);
37
+ }
38
+ };
39
+ };
40
+ //# sourceMappingURL=crypto.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"names":["getPublicKey","sign","thumbprint","fixBase64EncodingOnKey","createCryptoContextFor","keytag","then","jwk","kid","getSignature","value"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":"AAAA,SAASA,YAAY,EAAEC,IAAI,QAAQ,gCAAgC;AACnE,SAASC,UAAU,QAA4B,6BAA6B;AAC5E,SAASC,sBAAsB,QAAQ,OAAO;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,GAAIC,MAAc,IAAoB;EACvE,OAAO;IACL;AACJ;AACA;AACA;AACA;IACI,MAAML,YAAYA,CAAA,EAAG;MACnB,OAAOA,YAAY,CAACK,MAAM,CAAC,CACxBC,IAAI,CAACH,sBAAsB,CAAC,CAC5BG,IAAI,CAAC,MAAOC,GAAG,KAAM;QACpB,GAAGA,GAAG;QACN;QACA;QACA;QACA;QACAC,GAAG,EAAE,MAAMN,UAAU,CAACK,GAAG;MAC3B,CAAC,CAAC,CAAC;IACP,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;IACI,MAAME,YAAYA,CAACC,KAAa,EAAE;MAChC,OAAOT,IAAI,CAACS,KAAK,EAAEL,MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC"}
@@ -1,12 +1,20 @@
1
1
  import * as z from "zod";
2
2
  import { SignJWT } from "@pagopa/io-react-native-jwt";
3
- export const getUnsignedDPop = (jwk, payload) => {
4
- const dPop = new SignJWT(payload).setProtectedHeader({
5
- alg: "ES256",
3
+
4
+ /**
5
+ * Create a signed DPoP token
6
+ *
7
+ * @param payload The payload to be included in the token.
8
+ * @param crypto The crypto context that handles the key bound to the DPoP.
9
+ *
10
+ * @returns The signed crypto token.
11
+ */
12
+ export const createDPopToken = async (payload, crypto) => {
13
+ const jwk = await crypto.getPublicKey();
14
+ return new SignJWT(crypto).setPayload(payload).setProtectedHeader({
6
15
  typ: "dpop+jwt",
7
16
  jwk
8
- }).setIssuedAt().setExpirationTime("1h").toSign();
9
- return dPop;
17
+ }).setIssuedAt().setExpirationTime("1h").sign();
10
18
  };
11
19
  export const DPoPPayload = z.object({
12
20
  jti: z.string(),
@@ -1 +1 @@
1
- {"version":3,"names":["z","SignJWT","getUnsignedDPop","jwk","payload","dPop","setProtectedHeader","alg","typ","setIssuedAt","setExpirationTime","toSign","DPoPPayload","object","jti","string","htm","union","literal","htu","ath","optional"],"sourceRoot":"../../../src","sources":["utils/dpop.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AAExB,SAASC,OAAO,QAAQ,6BAA6B;AAGrD,OAAO,MAAMC,eAAe,GAAGA,CAACC,GAAQ,EAAEC,OAAoB,KAAa;EACzE,MAAMC,IAAI,GAAG,IAAIJ,OAAO,CAACG,OAAO,CAAC,CAC9BE,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,UAAU;IACfL;EACF,CAAC,CAAC,CACDM,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,MAAM,CAAC,CAAC;EACX,OAAON,IAAI;AACb,CAAC;AAGD,OAAO,MAAMO,WAAW,GAAGZ,CAAC,CAACa,MAAM,CAAC;EAClCC,GAAG,EAAEd,CAAC,CAACe,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEhB,CAAC,CAACiB,KAAK,CAAC,CAACjB,CAAC,CAACkB,OAAO,CAAC,MAAM,CAAC,EAAElB,CAAC,CAACkB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;EACnDC,GAAG,EAAEnB,CAAC,CAACe,MAAM,CAAC,CAAC;EACfK,GAAG,EAAEpB,CAAC,CAACe,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC;AAC3B,CAAC,CAAC"}
1
+ {"version":3,"names":["z","SignJWT","createDPopToken","payload","crypto","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setIssuedAt","setExpirationTime","sign","DPoPPayload","object","jti","string","htm","union","literal","htu","ath","optional"],"sourceRoot":"../../../src","sources":["utils/dpop.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AAExB,SAASC,OAAO,QAA4B,6BAA6B;;AAEzE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAe,GAAG,MAAAA,CAC7BC,OAAoB,EACpBC,MAAqB,KACD;EACpB,MAAMC,GAAG,GAAG,MAAMD,MAAM,CAACE,YAAY,CAAC,CAAC;EACvC,OAAO,IAAIL,OAAO,CAACG,MAAM,CAAC,CACvBG,UAAU,CAACJ,OAAO,CAAC,CACnBK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,UAAU;IACfJ;EACF,CAAC,CAAC,CACDK,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;AAGD,OAAO,MAAMC,WAAW,GAAGb,CAAC,CAACc,MAAM,CAAC;EAClCC,GAAG,EAAEf,CAAC,CAACgB,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEjB,CAAC,CAACkB,KAAK,CAAC,CAAClB,CAAC,CAACmB,OAAO,CAAC,MAAM,CAAC,EAAEnB,CAAC,CAACmB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;EACnDC,GAAG,EAAEpB,CAAC,CAACgB,MAAM,CAAC,CAAC;EACfK,GAAG,EAAErB,CAAC,CAACgB,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC;AAC3B,CAAC,CAAC"}
@@ -1,8 +1,8 @@
1
1
  import { WalletInstanceAttestationJwt } from "./types";
2
2
  import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
3
3
  import { verify as verifyJwt } from "@pagopa/io-react-native-jwt";
4
- import { Issuing } from "./issuing";
5
- export { Issuing };
4
+ import { getAttestation } from "./issuing";
5
+ export { getAttestation };
6
6
  /**
7
7
  * Decode a given JWT to get the parsed Wallet Instance Attestation object they define.
8
8
  * It ensures provided data is in a valid shape.
@@ -1 +1 @@
1
- {"version":3,"names":["WalletInstanceAttestationJwt","decode","decodeJwt","verify","verifyJwt","Issuing","token","decodedJwt","parse","header","protectedHeader","payload","decoded","pubKey","cnf","jwk"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/index.ts"],"mappings":"AAAA,SAASA,4BAA4B,QAAQ,SAAS;AACtD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AAEjE,SAASC,OAAO,QAAQ,WAAW;AACnC,SAASA,OAAO;AAChB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASJ,MAAMA,CAACK,KAAa,EAAgC;EAClE;EACA,MAAMC,UAAU,GAAGL,SAAS,CAACI,KAAK,CAAC;EACnC;EACA,OAAON,4BAA4B,CAACQ,KAAK,CAAC;IACxCC,MAAM,EAAEF,UAAU,CAACG,eAAe;IAClCC,OAAO,EAAEJ,UAAU,CAACI;EACtB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeR,MAAMA,CAC1BG,KAAa,EAC0B;EACvC,MAAMM,OAAO,GAAGX,MAAM,CAACK,KAAK,CAAC;EAC7B,MAAMO,MAAM,GAAGD,OAAO,CAACD,OAAO,CAACG,GAAG,CAACC,GAAG;EAEtC,MAAMX,SAAS,CAACE,KAAK,EAAEO,MAAM,CAAC;EAE9B,OAAOD,OAAO;AAChB"}
1
+ {"version":3,"names":["WalletInstanceAttestationJwt","decode","decodeJwt","verify","verifyJwt","getAttestation","token","decodedJwt","parse","header","protectedHeader","payload","decoded","pubKey","cnf","jwk"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/index.ts"],"mappings":"AAAA,SAASA,4BAA4B,QAAQ,SAAS;AACtD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AAEjE,SAASC,cAAc,QAAQ,WAAW;AAC1C,SAASA,cAAc;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASJ,MAAMA,CAACK,KAAa,EAAgC;EAClE;EACA,MAAMC,UAAU,GAAGL,SAAS,CAACI,KAAK,CAAC;EACnC;EACA,OAAON,4BAA4B,CAACQ,KAAK,CAAC;IACxCC,MAAM,EAAEF,UAAU,CAACG,eAAe;IAClCC,OAAO,EAAEJ,UAAU,CAACI;EACtB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeR,MAAMA,CAC1BG,KAAa,EAC0B;EACvC,MAAMM,OAAO,GAAGX,MAAM,CAACK,KAAK,CAAC;EAC7B,MAAMO,MAAM,GAAGD,OAAO,CAACD,OAAO,CAACG,GAAG,CAACC,GAAG;EAEtC,MAAMX,SAAS,CAACE,KAAK,EAAEO,MAAM,CAAC;EAE9B,OAAOD,OAAO;AAChB"}