@pagopa/io-react-native-wallet 0.4.3 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- package/README.md +98 -22
- package/lib/commonjs/index.js +12 -8
- package/lib/commonjs/index.js.map +1 -1
- package/lib/commonjs/pid/index.js +3 -8
- package/lib/commonjs/pid/index.js.map +1 -1
- package/lib/commonjs/pid/issuing.js +152 -169
- package/lib/commonjs/pid/issuing.js.map +1 -1
- package/lib/commonjs/pid/metadata.js +28 -25
- package/lib/commonjs/pid/metadata.js.map +1 -1
- package/lib/commonjs/rp/__test__/index.test.js +5 -3
- package/lib/commonjs/rp/__test__/index.test.js.map +1 -1
- package/lib/commonjs/rp/index.js +158 -154
- package/lib/commonjs/rp/index.js.map +1 -1
- package/lib/commonjs/trust/types.js +9 -7
- package/lib/commonjs/trust/types.js.map +1 -1
- package/lib/commonjs/utils/crypto.js +46 -0
- package/lib/commonjs/utils/crypto.js.map +1 -0
- package/lib/commonjs/utils/dpop.js +14 -7
- package/lib/commonjs/utils/dpop.js.map +1 -1
- package/lib/commonjs/wallet-instance-attestation/index.js +3 -3
- package/lib/commonjs/wallet-instance-attestation/issuing.js +50 -60
- package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/module/index.js +4 -3
- package/lib/module/index.js.map +1 -1
- package/lib/module/pid/index.js +1 -1
- package/lib/module/pid/index.js.map +1 -1
- package/lib/module/pid/issuing.js +151 -172
- package/lib/module/pid/issuing.js.map +1 -1
- package/lib/module/pid/metadata.js +28 -25
- package/lib/module/pid/metadata.js.map +1 -1
- package/lib/module/rp/__test__/index.test.js +1 -1
- package/lib/module/rp/__test__/index.test.js.map +1 -1
- package/lib/module/rp/index.js +155 -153
- package/lib/module/rp/index.js.map +1 -1
- package/lib/module/trust/types.js +7 -6
- package/lib/module/trust/types.js.map +1 -1
- package/lib/module/utils/crypto.js +40 -0
- package/lib/module/utils/crypto.js.map +1 -0
- package/lib/module/utils/dpop.js +13 -5
- package/lib/module/utils/dpop.js.map +1 -1
- package/lib/module/wallet-instance-attestation/index.js +2 -2
- package/lib/module/wallet-instance-attestation/index.js.map +1 -1
- package/lib/module/wallet-instance-attestation/issuing.js +48 -58
- package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/typescript/index.d.ts +4 -3
- package/lib/typescript/index.d.ts.map +1 -1
- package/lib/typescript/pid/index.d.ts +1 -1
- package/lib/typescript/pid/index.d.ts.map +1 -1
- package/lib/typescript/pid/issuing.d.ts +51 -87
- package/lib/typescript/pid/issuing.d.ts.map +1 -1
- package/lib/typescript/pid/metadata.d.ts +1338 -408
- package/lib/typescript/pid/metadata.d.ts.map +1 -1
- package/lib/typescript/rp/index.d.ts +48 -86
- package/lib/typescript/rp/index.d.ts.map +1 -1
- package/lib/typescript/rp/types.d.ts +413 -57
- package/lib/typescript/rp/types.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/index.d.ts +1 -1
- package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
- package/lib/typescript/trust/types.d.ts +1000 -274
- package/lib/typescript/trust/types.d.ts.map +1 -1
- package/lib/typescript/utils/crypto.d.ts +10 -0
- package/lib/typescript/utils/crypto.d.ts.map +1 -0
- package/lib/typescript/utils/dpop.d.ts +10 -2
- package/lib/typescript/utils/dpop.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/index.d.ts +2 -2
- package/lib/typescript/wallet-instance-attestation/index.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/issuing.d.ts +17 -31
- package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/index.ts +5 -3
- package/src/pid/index.ts +1 -1
- package/src/pid/issuing.ts +233 -226
- package/src/pid/metadata.ts +32 -27
- package/src/rp/__test__/index.test.ts +1 -1
- package/src/rp/index.ts +180 -188
- package/src/sd-jwt/index.ts +1 -1
- package/src/trust/types.ts +39 -32
- package/src/utils/crypto.ts +41 -0
- package/src/utils/dpop.ts +17 -7
- package/src/wallet-instance-attestation/index.ts +2 -2
- package/src/wallet-instance-attestation/issuing.ts +55 -62
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_jwk","_reactNativeUuid","_interopRequireDefault","_errors","_dpop","
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_jwk","_reactNativeUuid","_interopRequireDefault","_errors","_dpop","_metadata","_2","_ioReactNativeCrypto","_3","obj","__esModule","default","getEntityConfiguration","appFetch","fetch","arguments","length","undefined","relyingPartyBaseUrl","getGenericEntityConfiguration","then","PidIssuerEntityConfiguration","parse","exports","getPar","_ref","wiaCryptoContext","clientId","codeVerifier","walletProviderBaseUrl","pidProviderEntityConfiguration","walletInstanceAttestation","keyThumbprint","getPublicKey","JWK","thumbprint","codeChallenge","sha256ToBase64","signedJwtForPar","SignJWT","setProtectedHeader","kid","setPayload","client_assertion_type","authorization_details","credentialDefinition","type","format","response_type","code_challenge_method","redirect_uri","state","uuid","v4","client_id","code_challenge","setIssuedAt","setExpirationTime","sign","parUrl","payload","metadata","openid_credential_issuer","pushed_authorization_request_endpoint","requestBody","client_assertion","request","formBody","URLSearchParams","response","method","headers","body","toString","status","result","json","request_uri","PidIssuingError","text","authorizeIssuing","_ref2","_","authorizationCode","tokenUrl","token_endpoint","keytag","generate","ephemeralContext","createCryptoContextFor","signedDPop","createDPopToken","htm","htu","jti","deleteKey","grant_type","code","code_verifier","DPoP","c_nonce","access_token","accessToken","nonce","createNonceProof","issuer","audience","ctx","setAudience","setIssuer","getCredential","_ref3","pidCryptoContext","_ref4","cieData","signedDPopForPid","signedNonceProof","credentialUrl","credential_endpoint","credential_definition","JSON","stringify","proof","jwt","proof_type","Authorization","pidResponse","validatePid","credential","pidJwt","decoded","SdJwt","decode","pidKey","holderBindedKey","sdJwt","cnf","jwk"],"sourceRoot":"../../../src","sources":["pid/issuing.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAMA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,gBAAA,GAAAC,sBAAA,CAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AACA,IAAAM,SAAA,GAAAN,OAAA;AACA,IAAAO,EAAA,GAAAP,OAAA;AAIA,IAAAQ,oBAAA,GAAAR,OAAA;AACA,IAAAS,EAAA,GAAAT,OAAA;AAA0B,SAAAG,uBAAAO,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAC1B;;AAwBA;AACA;AACA;AACO,MAAMG,sBAAsB,GACjC,SAAAA,CAAA;EAAA,IAAC;IAAEC,QAAQ,GAAGC;EAA2C,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAAA,OAC/D,MACEG,mBAA2B,IACe;IAC1C,OAAO,IAAAC,yBAA6B,EAACD,mBAAmB,EAAE;MACxDL,QAAQ,EAAEA;IACZ,CAAC,CAAC,CAACO,IAAI,CAACC,sCAA4B,CAACC,KAAK,CAAC;EAC7C,CAAC;AAAA;;AAEH;AACA;AACA;AAFAC,OAAA,CAAAX,sBAAA,GAAAA,sBAAA;AAGA,MAAMY,MAAM,GACVC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBb,QAAQ,GAAGC;EAIb,CAAC,GAAAW,IAAA;EAAA,OACD,OACEE,QAAgB,EAChBC,YAAoB,EACpBC,qBAA6B,EAC7BC,8BAA4D,EAC5DC,yBAAiC,KACb;IACpB;IACA;IACA;IACA;IACA,MAAMC,aAAa,GAAG,MAAMN,gBAAgB,CACzCO,YAAY,CAAC,CAAC,CACdb,IAAI,CAACc,QAAG,CAACZ,KAAK,CAAC,CACfF,IAAI,CAACe,4BAAU,CAAC;IAEnB,MAAMC,aAAa,GAAG,MAAM,IAAAC,gCAAc,EAACT,YAAY,CAAC;IAExD,MAAMU,eAAe,GAAG,MAAM,IAAIC,yBAAO,CAACb,gBAAgB,CAAC,CACxDc,kBAAkB,CAAC;MAClBC,GAAG,EAAET;IACP,CAAC,CAAC,CACDU,UAAU,CAAC;MACVC,qBAAqB,EACnB,wDAAwD;MAC1DC,qBAAqB,EAAE,CACrB;QACEC,oBAAoB,EAAE;UACpBC,IAAI,EAAE,CAAC,iBAAiB;QAC1B,CAAC;QACDC,MAAM,EAAE,WAAW;QACnBD,IAAI,EAAE;MACR,CAAC,CACF;MACDE,aAAa,EAAE,MAAM;MACrBC,qBAAqB,EAAE,MAAM;MAC7BC,YAAY,EAAErB,qBAAqB;MACnCsB,KAAK,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;MACrBC,SAAS,EAAE3B,QAAQ;MACnB4B,cAAc,EAAEnB;IAClB,CAAC,CAAC,CACDoB,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,MAAM,GACV7B,8BAA8B,CAAC8B,OAAO,CAACC,QAAQ,CAACC,wBAAwB,CACrEC,qCAAqC;IAE1C,MAAMC,WAAW,GAAG;MAClBhB,aAAa,EAAE,MAAM;MACrBM,SAAS,EAAE3B,QAAQ;MACnB4B,cAAc,EAAEnB,aAAa;MAC7Ba,qBAAqB,EAAE,MAAM;MAC7BN,qBAAqB,EACnB,wDAAwD;MAC1DsB,gBAAgB,EAAElC,yBAAyB;MAC3CmC,OAAO,EAAE5B;IACX,CAAC;IAED,IAAI6B,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAMxD,QAAQ,CAAC8C,MAAM,EAAE;MACtCW,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,MAAM,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MACpC,OAAOD,MAAM,CAACE,WAAW;IAC3B;IAEA,MAAM,IAAIC,uBAAe,CACtB,wCAAuC,MAAMT,QAAQ,CAACU,IAAI,CAAC,CAAE,EAChE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,gBAAgB,GAC3BC,KAAA;EAAA,IAAC;IACCvD,gBAAgB;IAChBb,QAAQ,GAAGC;EAIb,CAAC,GAAAmE,KAAA;EAAA,OACD,OACElD,yBAAiC,EACjCF,qBAA6B,EAC7BC,8BAA4D,KAC7B;IAC/B;IACA,MAAMH,QAAQ,GAAG,MAAMD,gBAAgB,CAACO,YAAY,CAAC,CAAC,CAACb,IAAI,CAAE8D,CAAC,IAAKA,CAAC,CAACzC,GAAG,CAAC;IACzE,MAAMb,YAAY,GAAI,GAAEwB,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IACnC,MAAM8B,iBAAiB,GAAI,GAAE/B,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IACxC,MAAM+B,QAAQ,GACZtD,8BAA8B,CAAC8B,OAAO,CAACC,QAAQ,CAACC,wBAAwB,CACrEuB,cAAc;IAEnB,MAAM7D,MAAM,CAAC;MAAEE,gBAAgB;MAAEb;IAAS,CAAC,CAAC,CAC1Cc,QAAQ,EACRC,YAAY,EACZC,qBAAqB,EACrBC,8BAA8B,EAC9BC,yBACF,CAAC;;IAED;IACA,MAAMuD,MAAM,GAAI,aAAYlC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IACvC,MAAM,IAAAkC,6BAAQ,EAACD,MAAM,CAAC;IACtB,MAAME,gBAAgB,GAAG,IAAAC,yBAAsB,EAACH,MAAM,CAAC;IAEvD,MAAMI,UAAU,GAAG,MAAM,IAAAC,qBAAe,EACtC;MACEC,GAAG,EAAE,MAAM;MACXC,GAAG,EAAET,QAAQ;MACbU,GAAG,EAAG,GAAE1C,wBAAI,CAACC,EAAE,CAAC,CAAE;IACpB,CAAC,EACDmC,gBACF,CAAC;IAED,MAAM,IAAAO,8BAAS,EAACT,MAAM,CAAC;IAEvB,MAAMtB,WAAW,GAAG;MAClBgC,UAAU,EAAE,oBAAoB;MAChC1C,SAAS,EAAE3B,QAAQ;MACnBsE,IAAI,EAAEd,iBAAiB;MACvBe,aAAa,EAAEtE,YAAY;MAC3Be,qBAAqB,EACnB,wDAAwD;MAC1DsB,gBAAgB,EAAElC,yBAAyB;MAC3CmB,YAAY,EAAErB;IAChB,CAAC;IACD,IAAIsC,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAMxD,QAAQ,CAACuE,QAAQ,EAAE;MACxCd,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnD4B,IAAI,EAAET;MACR,CAAC;MACDlB,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM;QAAE0B,OAAO;QAAEC;MAAa,CAAC,GAAG,MAAMhC,QAAQ,CAACO,IAAI,CAAC,CAAC;MACvD,OAAO;QACL0B,WAAW,EAAED,YAAY;QACzBE,KAAK,EAAEH,OAAO;QACdzE,QAAQ;QACRC,YAAY;QACZuD,iBAAiB;QACjBtD;MACF,CAAC;IACH;IAEA,MAAM,IAAIiD,uBAAe,CACtB,0CAAyC,MAAMT,QAAQ,CAACU,IAAI,CAAC,CAAE,EAClE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AAFAxD,OAAA,CAAAyD,gBAAA,GAAAA,gBAAA;AAGA,MAAMwB,gBAAgB,GAAG,MAAAA,CACvBD,KAAa,EACbE,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAIpE,yBAAO,CAACoE,GAAG,CAAC,CACpBjE,UAAU,CAAC;IACV6D;EACF,CAAC,CAAC,CACD/D,kBAAkB,CAAC;IAClBM,IAAI,EAAE;EACR,CAAC,CAAC,CACD8D,WAAW,CAACF,QAAQ,CAAC,CACrBG,SAAS,CAACJ,MAAM,CAAC,CACjBjD,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMoD,aAAa,GACxBC,KAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBnG,QAAQ,GAAGC;EAIb,CAAC,GAAAiG,KAAA;EAAA,OACD,OAAAE,KAAA,EAEEnF,8BAA4D,EAC5DoF,OAAgB,KACS;IAAA,IAHzB;MAAEX,KAAK;MAAED,WAAW;MAAE3E,QAAQ;MAAEE;IAAyC,CAAC,GAAAoF,KAAA;IAI1E,MAAME,gBAAgB,GAAG,MAAM,IAAAxB,qBAAe,EAC5C;MACEC,GAAG,EAAE,MAAM;MACXC,GAAG,EAAE/D,8BAA8B,CAAC8B,OAAO,CAACC,QAAQ,CACjDC,wBAAwB,CAACuB,cAAc;MAC1CS,GAAG,EAAG,GAAE1C,wBAAI,CAACC,EAAE,CAAC,CAAE;IACpB,CAAC,EACD2D,gBACF,CAAC;IACD,MAAMI,gBAAgB,GAAG,MAAMZ,gBAAgB,CAC7CD,KAAK,EACL5E,QAAQ,EACRE,qBAAqB,EACrBmF,gBACF,CAAC;IAED,MAAMK,aAAa,GACjBvF,8BAA8B,CAAC8B,OAAO,CAACC,QAAQ,CAACC,wBAAwB,CACrEwD,mBAAmB;IAExB,MAAMtD,WAAW,GAAG;MAClBuD,qBAAqB,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAE3E,IAAI,EAAE,CAAC,iBAAiB;MAAE,CAAC,CAAC;MACpEC,MAAM,EAAE,WAAW;MACnB2E,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;QACpBE,GAAG,EAAEP,gBAAgB;QACrBF,OAAO;QACPU,UAAU,EAAE;MACd,CAAC;IACH,CAAC;IACD,MAAMzD,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAEjD,MAAMK,QAAQ,GAAG,MAAMxD,QAAQ,CAACwG,aAAa,EAAE;MAC7C/C,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnD4B,IAAI,EAAEgB,gBAAgB;QACtBU,aAAa,EAAEvB;MACjB,CAAC;MACD9B,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMoD,WAAW,GAAI,MAAMzD,QAAQ,CAACO,IAAI,CAAC,CAAiB;MAC1D,MAAMmD,WAAW,CAACD,WAAW,CAACE,UAAU,EAAEhB,gBAAgB,CAAC;MAC3D,OAAOc,WAAW;IACpB;IAEA,MAAM,IAAIhD,uBAAe,CACtB,oCAAmCuC,aAAc,WAChDhD,QAAQ,CAACK,MACV,SAAQ,MAAML,QAAQ,CAACU,IAAI,CAAC,CAAE,EACjC,CAAC;EACH,CAAC;AAAA;AAACxD,OAAA,CAAAuF,aAAA,GAAAA,aAAA;AAEJ,MAAMiB,WAAW,GAAG,MAAAA,CAAOE,MAAc,EAAEjB,gBAA+B,KAAK;EAC7E,MAAMkB,OAAO,GAAGC,QAAK,CAACC,MAAM,CAACH,MAAM,CAAC;EACpC,MAAMI,MAAM,GAAG,MAAMrB,gBAAgB,CAAC/E,YAAY,CAAC,CAAC;EACpD,MAAMqG,eAAe,GAAGJ,OAAO,CAACK,KAAK,CAAC3E,OAAO,CAAC4E,GAAG,CAACC,GAAG;EAErD,IAAI,CAAC,MAAM,IAAAtG,4BAAU,EAACkG,MAAM,CAAC,OAAO,MAAM,IAAAlG,4BAAU,EAACmG,eAAe,CAAC,CAAC,EAAE;IACtE,MAAM,IAAIxD,uBAAe,CACtB,uGAAsG0C,IAAI,CAACC,SAAS,CACnHY,MACF,CAAE,kCAAiCb,IAAI,CAACC,SAAS,CAACa,eAAe,CAAE,EACrE,CAAC;EACH;AACF,CAAC"}
|
|
@@ -4,6 +4,7 @@ Object.defineProperty(exports, "__esModule", {
|
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
6
|
exports.PidIssuerEntityConfiguration = exports.PidDisplayMetadata = void 0;
|
|
7
|
+
var _types = require("../trust/types");
|
|
7
8
|
var _jwk = require("../utils/jwk");
|
|
8
9
|
var _zod = require("zod");
|
|
9
10
|
const PidDisplayMetadata = _zod.z.object({
|
|
@@ -17,33 +18,35 @@ const PidDisplayMetadata = _zod.z.object({
|
|
|
17
18
|
text_color: _zod.z.string()
|
|
18
19
|
});
|
|
19
20
|
exports.PidDisplayMetadata = PidDisplayMetadata;
|
|
20
|
-
const PidIssuerEntityConfiguration = _zod.z.object({
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
metadata: _zod.z.object({
|
|
25
|
-
openid_credential_issuer: _zod.z.object({
|
|
26
|
-
credential_issuer: _zod.z.string(),
|
|
27
|
-
authorization_endpoint: _zod.z.string(),
|
|
28
|
-
token_endpoint: _zod.z.string(),
|
|
29
|
-
pushed_authorization_request_endpoint: _zod.z.string(),
|
|
30
|
-
dpop_signing_alg_values_supported: _zod.z.array(_zod.z.string()),
|
|
31
|
-
credential_endpoint: _zod.z.string(),
|
|
32
|
-
credentials_supported: _zod.z.array(_zod.z.object({
|
|
33
|
-
format: _zod.z.literal("vc+sd-jwt"),
|
|
34
|
-
cryptographic_binding_methods_supported: _zod.z.array(_zod.z.string()),
|
|
35
|
-
cryptographic_suites_supported: _zod.z.array(_zod.z.string()),
|
|
36
|
-
display: _zod.z.array(PidDisplayMetadata)
|
|
37
|
-
}))
|
|
21
|
+
const PidIssuerEntityConfiguration = _types.EntityConfiguration.and(_zod.z.object({
|
|
22
|
+
payload: _zod.z.object({
|
|
23
|
+
jwks: _zod.z.object({
|
|
24
|
+
keys: _zod.z.array(_jwk.JWK)
|
|
38
25
|
}),
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
26
|
+
metadata: _zod.z.object({
|
|
27
|
+
openid_credential_issuer: _zod.z.object({
|
|
28
|
+
credential_issuer: _zod.z.string(),
|
|
29
|
+
authorization_endpoint: _zod.z.string(),
|
|
30
|
+
token_endpoint: _zod.z.string(),
|
|
31
|
+
pushed_authorization_request_endpoint: _zod.z.string(),
|
|
32
|
+
dpop_signing_alg_values_supported: _zod.z.array(_zod.z.string()),
|
|
33
|
+
credential_endpoint: _zod.z.string(),
|
|
34
|
+
credentials_supported: _zod.z.array(_zod.z.object({
|
|
35
|
+
format: _zod.z.literal("vc+sd-jwt"),
|
|
36
|
+
cryptographic_binding_methods_supported: _zod.z.array(_zod.z.string()),
|
|
37
|
+
cryptographic_suites_supported: _zod.z.array(_zod.z.string()),
|
|
38
|
+
display: _zod.z.array(PidDisplayMetadata)
|
|
39
|
+
}))
|
|
40
|
+
}),
|
|
41
|
+
federation_entity: _zod.z.object({
|
|
42
|
+
organization_name: _zod.z.string(),
|
|
43
|
+
homepage_uri: _zod.z.string(),
|
|
44
|
+
policy_uri: _zod.z.string(),
|
|
45
|
+
tos_uri: _zod.z.string(),
|
|
46
|
+
logo_uri: _zod.z.string()
|
|
47
|
+
})
|
|
45
48
|
})
|
|
46
49
|
})
|
|
47
|
-
});
|
|
50
|
+
}));
|
|
48
51
|
exports.PidIssuerEntityConfiguration = PidIssuerEntityConfiguration;
|
|
49
52
|
//# sourceMappingURL=metadata.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["_types","require","_jwk","_zod","PidDisplayMetadata","z","object","name","string","locale","logo","url","alt_text","background_color","text_color","exports","PidIssuerEntityConfiguration","EntityConfiguration","and","payload","jwks","keys","array","JWK","metadata","openid_credential_issuer","credential_issuer","authorization_endpoint","token_endpoint","pushed_authorization_request_endpoint","dpop_signing_alg_values_supported","credential_endpoint","credentials_supported","format","literal","cryptographic_binding_methods_supported","cryptographic_suites_supported","display","federation_entity","organization_name","homepage_uri","policy_uri","tos_uri","logo_uri"],"sourceRoot":"../../../src","sources":["pid/metadata.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,IAAA,GAAAF,OAAA;AAGO,MAAMG,kBAAkB,GAAGC,MAAC,CAACC,MAAM,CAAC;EACzCC,IAAI,EAAEF,MAAC,CAACG,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEJ,MAAC,CAACG,MAAM,CAAC,CAAC;EAClBE,IAAI,EAAEL,MAAC,CAACC,MAAM,CAAC;IACbK,GAAG,EAAEN,MAAC,CAACG,MAAM,CAAC,CAAC;IACfI,QAAQ,EAAEP,MAAC,CAACG,MAAM,CAAC;EACrB,CAAC,CAAC;EACFK,gBAAgB,EAAER,MAAC,CAACG,MAAM,CAAC,CAAC;EAC5BM,UAAU,EAAET,MAAC,CAACG,MAAM,CAAC;AACvB,CAAC,CAAC;AAACO,OAAA,CAAAX,kBAAA,GAAAA,kBAAA;AAKI,MAAMY,4BAA4B,GAAGC,0BAAmB,CAACC,GAAG,CACjEb,MAAC,CAACC,MAAM,CAAC;EACPa,OAAO,EAAEd,MAAC,CAACC,MAAM,CAAC;IAChBc,IAAI,EAAEf,MAAC,CAACC,MAAM,CAAC;MAAEe,IAAI,EAAEhB,MAAC,CAACiB,KAAK,CAACC,QAAG;IAAE,CAAC,CAAC;IACtCC,QAAQ,EAAEnB,MAAC,CAACC,MAAM,CAAC;MACjBmB,wBAAwB,EAAEpB,MAAC,CAACC,MAAM,CAAC;QACjCoB,iBAAiB,EAAErB,MAAC,CAACG,MAAM,CAAC,CAAC;QAC7BmB,sBAAsB,EAAEtB,MAAC,CAACG,MAAM,CAAC,CAAC;QAClCoB,cAAc,EAAEvB,MAAC,CAACG,MAAM,CAAC,CAAC;QAC1BqB,qCAAqC,EAAExB,MAAC,CAACG,MAAM,CAAC,CAAC;QACjDsB,iCAAiC,EAAEzB,MAAC,CAACiB,KAAK,CAACjB,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC;QACtDuB,mBAAmB,EAAE1B,MAAC,CAACG,MAAM,CAAC,CAAC;QAC/BwB,qBAAqB,EAAE3B,MAAC,CAACiB,KAAK,CAC5BjB,MAAC,CAACC,MAAM,CAAC;UACP2B,MAAM,EAAE5B,MAAC,CAAC6B,OAAO,CAAC,WAAW,CAAC;UAC9BC,uCAAuC,EAAE9B,MAAC,CAACiB,KAAK,CAACjB,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC;UAC5D4B,8BAA8B,EAAE/B,MAAC,CAACiB,KAAK,CAACjB,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC;UACnD6B,OAAO,EAAEhC,MAAC,CAACiB,KAAK,CAAClB,kBAAkB;QACrC,CAAC,CACH;MACF,CAAC,CAAC;MACFkC,iBAAiB,EAAEjC,MAAC,CAACC,MAAM,CAAC;QAC1BiC,iBAAiB,EAAElC,MAAC,CAACG,MAAM,CAAC,CAAC;QAC7BgC,YAAY,EAAEnC,MAAC,CAACG,MAAM,CAAC,CAAC;QACxBiC,UAAU,EAAEpC,MAAC,CAACG,MAAM,CAAC,CAAC;QACtBkC,OAAO,EAAErC,MAAC,CAACG,MAAM,CAAC,CAAC;QACnBmC,QAAQ,EAAEtC,MAAC,CAACG,MAAM,CAAC;MACrB,CAAC;IACH,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;AAACO,OAAA,CAAAC,4BAAA,GAAAA,4BAAA"}
|
|
@@ -1,17 +1,19 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
-
var
|
|
3
|
+
var RelyingPartySolution = _interopRequireWildcard(require(".."));
|
|
4
4
|
var _errors = require("../../utils/errors");
|
|
5
5
|
var _types = require("../types");
|
|
6
|
+
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
|
7
|
+
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
|
6
8
|
describe("decodeAuthRequestQR", () => {
|
|
7
9
|
it("should return authentication request URL", async () => {
|
|
8
10
|
const qrcode = "ZXVkaXc6Ly9hdXRob3JpemU/Y2xpZW50X2lkPWh0dHBzOi8vdmVyaWZpZXIuZXhhbXBsZS5vcmcmcmVxdWVzdF91cmk9aHR0cHM6Ly92ZXJpZmllci5leGFtcGxlLm9yZy9yZXF1ZXN0X3VyaQ==";
|
|
9
|
-
const result =
|
|
11
|
+
const result = RelyingPartySolution.decodeAuthRequestQR(qrcode);
|
|
10
12
|
expect(result.requestURI).toEqual("https://verifier.example.org/request_uri");
|
|
11
13
|
});
|
|
12
14
|
it("should throw exception with invalid QR", async () => {
|
|
13
15
|
const qrcode = "aHR0cDovL2dvb2dsZS5pdA==";
|
|
14
|
-
expect(() =>
|
|
16
|
+
expect(() => RelyingPartySolution.decodeAuthRequestQR(qrcode)).toThrowError(_errors.AuthRequestDecodeError);
|
|
15
17
|
});
|
|
16
18
|
});
|
|
17
19
|
describe("RpEntityConfiguration", () => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["RelyingPartySolution","_interopRequireWildcard","require","_errors","_types","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","describe","it","qrcode","result","decodeAuthRequestQR","expect","requestURI","toEqual","toThrowError","AuthRequestDecodeError","pp","header","alg","kid","typ","payload","exp","iat","iss","sub","jwks","keys","kty","e","n","metadata","federation_entity","organization_name","homepage_uri","policy_uri","logo_uri","contacts","wallet_relying_party","application_type","authorization_encrypted_response_alg","authorization_encrypted_response_enc","authorization_signed_response_alg","client_id","client_name","default_acr_values","default_max_age","id_token_encrypted_response_alg","id_token_encrypted_response_enc","id_token_signed_response_alg","presentation_definitions","id","input_descriptors","format","constraints","fields","filter","const","type","path","intent_to_retain","limit_disclosure","jwt","mso_mdoc","redirect_uris","request_uris","require_auth_time","subject_type","vp_formats","jwt_vp_json","crv","d","use","x","y","p","q","authority_hints","RpEntityConfiguration","safeParse","success","error","toBe"],"sourceRoot":"../../../../src","sources":["rp/__test__/index.test.ts"],"mappings":";;AAAA,IAAAA,oBAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAAiD,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEjDW,QAAQ,CAAC,qBAAqB,EAAE,MAAM;EACpCC,EAAE,CAAC,0CAA0C,EAAE,YAAY;IACzD,MAAMC,MAAM,GACV,sJAAsJ;IACxJ,MAAMC,MAAM,GAAG9B,oBAAoB,CAAC+B,mBAAmB,CAACF,MAAM,CAAC;IAC/DG,MAAM,CAACF,MAAM,CAACG,UAAU,CAAC,CAACC,OAAO,CAC/B,0CACF,CAAC;EACH,CAAC,CAAC;EACFN,EAAE,CAAC,wCAAwC,EAAE,YAAY;IACvD,MAAMC,MAAM,GAAG,0BAA0B;IACzCG,MAAM,CAAC,MAAMhC,oBAAoB,CAAC+B,mBAAmB,CAACF,MAAM,CAAC,CAAC,CAACM,YAAY,CACzEC,8BACF,CAAC;EACH,CAAC,CAAC;AACJ,CAAC,CAAC;AAEFT,QAAQ,CAAC,uBAAuB,EAAE,MAAM;EACtCC,EAAE,CAAC,2BAA2B,EAAE,YAAY;IAC1C,MAAMS,EAAE,GAAG;MACTC,MAAM,EAAE;QACNC,GAAG,EAAE,OAAO;QACZC,GAAG,EAAE,6CAA6C;QAClDC,GAAG,EAAE;MACP,CAAC;MACDC,OAAO,EAAE;QACPC,GAAG,EAAE,UAAU;QACfC,GAAG,EAAE,UAAU;QACfC,GAAG,EAAE,+DAA+D;QACpEC,GAAG,EAAE,+DAA+D;QACpEC,IAAI,EAAE;UACJC,IAAI,EAAE,CACJ;YACEC,GAAG,EAAE,KAAK;YACVT,GAAG,EAAE,6CAA6C;YAClDU,CAAC,EAAE,MAAM;YACTC,CAAC,EAAE;UACL,CAAC;QAEL,CAAC;QACDC,QAAQ,EAAE;UACRC,iBAAiB,EAAE;YACjBC,iBAAiB,EAAE,iBAAiB;YACpCC,YAAY,EAAE,iCAAiC;YAC/CC,UAAU,EAAE,iCAAiC;YAC7CC,QAAQ,EAAE,iCAAiC;YAC3CC,QAAQ,EAAE,CAAC,iCAAiC;UAC9C,CAAC;UACDC,oBAAoB,EAAE;YACpBC,gBAAgB,EAAE,KAAK;YACvBC,oCAAoC,EAAE,CACpC,UAAU,EACV,cAAc,EACd,SAAS,EACT,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,CACjB;YACDC,oCAAoC,EAAE,CACpC,eAAe,EACf,eAAe,EACf,eAAe,EACf,SAAS,EACT,SAAS,EACT,SAAS,CACV;YACDC,iCAAiC,EAAE,CACjC,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,CACR;YACDC,SAAS,EACP,+DAA+D;YACjEC,WAAW,EAAE,iCAAiC;YAC9CP,QAAQ,EAAE,CAAC,0BAA0B,CAAC;YACtCQ,kBAAkB,EAAE,CAClB,gCAAgC,EAChC,gCAAgC,CACjC;YACDC,eAAe,EAAE,IAAI;YACrBC,+BAA+B,EAAE,CAC/B,UAAU,EACV,cAAc,EACd,SAAS,EACT,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,CACjB;YACDC,+BAA+B,EAAE,CAC/B,eAAe,EACf,eAAe,EACf,eAAe,EACf,SAAS,EACT,SAAS,EACT,SAAS,CACV;YACDC,4BAA4B,EAAE,CAC5B,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,EACP,OAAO,CACR;YACDC,wBAAwB,EAAE,CACxB;cACEC,EAAE,EAAE,6CAA6C;cACjDC,iBAAiB,EAAE,CACjB;gBACED,EAAE,EAAE,6CAA6C;gBACjDE,MAAM,EAAE;kBACNC,WAAW,EAAE;oBACXC,MAAM,EAAE,CACN;sBACEC,MAAM,EAAE;wBACNC,KAAK,EAAE,0BAA0B;wBACjCC,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,eAAe;oBACxB,CAAC,EACD;sBACEH,MAAM,EAAE;wBACNE,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,cAAc;oBACvB,CAAC,EACD;sBACEC,gBAAgB,EAAE,MAAM;sBACxBD,IAAI,EAAE,CAAC,sBAAsB;oBAC/B,CAAC,EACD;sBACEC,gBAAgB,EAAE,MAAM;sBACxBD,IAAI,EAAE,CAAC,qBAAqB;oBAC9B,CAAC,EACD;sBACEC,gBAAgB,EAAE,MAAM;sBACxBD,IAAI,EAAE,CAAC,oBAAoB;oBAC7B,CAAC,CACF;oBACDE,gBAAgB,EAAE;kBACpB,CAAC;kBACDC,GAAG,EAAE;oBACH5C,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;kBACxB;gBACF;cACF,CAAC;YAEL,CAAC,EACD;cACEiC,EAAE,EAAE,gBAAgB;cACpBC,iBAAiB,EAAE,CACjB;gBACEC,MAAM,EAAE;kBACNC,WAAW,EAAE;oBACXC,MAAM,EAAE,CACN;sBACEC,MAAM,EAAE;wBACNC,KAAK,EAAE,uBAAuB;wBAC9BC,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,gBAAgB;oBACzB,CAAC,EACD;sBACEH,MAAM,EAAE;wBACNC,KAAK,EAAE,mBAAmB;wBAC1BC,IAAI,EAAE;sBACR,CAAC;sBACDC,IAAI,EAAE,CAAC,kBAAkB;oBAC3B,CAAC,EACD;sBACEC,gBAAgB,EAAE,OAAO;sBACzBD,IAAI,EAAE,CAAC,oBAAoB;oBAC7B,CAAC,EACD;sBACEC,gBAAgB,EAAE,OAAO;sBACzBD,IAAI,EAAE,CAAC,iBAAiB;oBAC1B,CAAC,EACD;sBACEC,gBAAgB,EAAE,OAAO;sBACzBD,IAAI,EAAE,CAAC,2BAA2B;oBACpC,CAAC,CACF;oBACDE,gBAAgB,EAAE;kBACpB,CAAC;kBACDE,QAAQ,EAAE;oBACR7C,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;kBACxB;gBACF,CAAC;gBACDiC,EAAE,EAAE;cACN,CAAC;YAEL,CAAC,CACF;YACDa,aAAa,EAAE,CACb,4EAA4E,CAC7E;YACDC,YAAY,EAAE,CACZ,2EAA2E,CAC5E;YACDC,iBAAiB,EAAE,IAAI;YACvBC,YAAY,EAAE,UAAU;YACxBC,UAAU,EAAE;cACVC,WAAW,EAAE;gBACXnD,GAAG,EAAE,CAAC,OAAO,EAAE,QAAQ;cACzB;YACF,CAAC;YACDQ,IAAI,EAAE,CACJ;cACE4C,GAAG,EAAE,OAAO;cACZC,CAAC,EAAE,6CAA6C;cAChDpD,GAAG,EAAE,6CAA6C;cAClDqD,GAAG,EAAE,KAAK;cACV5C,GAAG,EAAE,IAAI;cACT6C,CAAC,EAAE,6CAA6C;cAChDC,CAAC,EAAE;YACL,CAAC,EACD;cACE9C,GAAG,EAAE,KAAK;cACV2C,CAAC,EAAE,wVAAwV;cAC3V1C,CAAC,EAAE,MAAM;cACT2C,GAAG,EAAE,KAAK;cACVrD,GAAG,EAAE,6CAA6C;cAClDW,CAAC,EAAE,wVAAwV;cAC3V6C,CAAC,EAAE,6KAA6K;cAChLC,CAAC,EAAE;YACL,CAAC;UAEL;QACF,CAAC;QACDC,eAAe,EAAE,CACf,0DAA0D;MAE9D;IACF,CAAC;IACD,MAAMpE,MAAM,GAAGqE,4BAAqB,CAACC,SAAS,CAAC/D,EAAE,CAAC;IAClD,IAAIP,MAAM,CAACuE,OAAO,KAAK,KAAK,EAAE;MAC5B,MAAMvE,MAAM,CAACwE,KAAK;IACpB;IACAtE,MAAM,CAACF,MAAM,CAACuE,OAAO,CAAC,CAACE,IAAI,CAAC,IAAI,CAAC;EACnC,CAAC,CAAC;AACJ,CAAC,CAAC"}
|
package/lib/commonjs/rp/index.js
CHANGED
|
@@ -3,88 +3,96 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.
|
|
6
|
+
exports.sendAuthorizationResponse = exports.getRequestObject = exports.getEntityConfiguration = exports.decodeAuthRequestQR = void 0;
|
|
7
7
|
var _errors = require("../utils/errors");
|
|
8
8
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
9
9
|
var _types = require("./types");
|
|
10
10
|
var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
|
|
11
11
|
var _sdJwt = require("../sd-jwt");
|
|
12
12
|
var _trust = require("../trust");
|
|
13
|
+
var _dpop = require("../utils/dpop");
|
|
14
|
+
var _2 = require("..");
|
|
13
15
|
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
16
|
+
/**
|
|
17
|
+
* Select a RSA public key from those provided by the RP to encrypt.
|
|
18
|
+
*
|
|
19
|
+
* @param entity The RP entity configuration
|
|
20
|
+
* @returns A suitable public key with its compatible encryption algorithm
|
|
21
|
+
* @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
|
|
22
|
+
*/
|
|
23
|
+
const chooseRSAPublicKeyToEncrypt = entity => {
|
|
24
|
+
const [usingRsa256] = entity.payload.metadata.wallet_relying_party.jwks.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
|
|
25
|
+
if (usingRsa256) {
|
|
26
|
+
return usingRsa256;
|
|
20
27
|
}
|
|
21
28
|
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
29
|
+
// No suitable key has been found
|
|
30
|
+
throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
|
|
31
|
+
};
|
|
32
|
+
|
|
33
|
+
/**
|
|
34
|
+
* Obtain the relying party entity configuration.
|
|
35
|
+
*/
|
|
36
|
+
const getEntityConfiguration = function () {
|
|
37
|
+
let {
|
|
38
|
+
appFetch = fetch
|
|
39
|
+
} = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
|
|
40
|
+
return async relyingPartyBaseUrl => {
|
|
41
|
+
return (0, _trust.getEntityConfiguration)(relyingPartyBaseUrl, {
|
|
42
|
+
appFetch: appFetch
|
|
43
|
+
}).then(_types.RpEntityConfiguration.parse);
|
|
44
|
+
};
|
|
45
|
+
};
|
|
46
|
+
|
|
47
|
+
/**
|
|
48
|
+
* Decode a QR code content to an authentication request url.
|
|
49
|
+
* @function
|
|
50
|
+
* @param qrcode QR code content
|
|
51
|
+
*
|
|
52
|
+
* @returns The authentication request url
|
|
53
|
+
*
|
|
54
|
+
*/
|
|
55
|
+
exports.getEntityConfiguration = getEntityConfiguration;
|
|
56
|
+
const decodeAuthRequestQR = qrcode => {
|
|
57
|
+
const decoded = (0, _ioReactNativeJwt.decodeBase64)(qrcode);
|
|
58
|
+
const decodedUrl = new URL(decoded);
|
|
59
|
+
const protocol = decodedUrl.protocol;
|
|
60
|
+
const resource = decodedUrl.hostname;
|
|
61
|
+
const requestURI = decodedUrl.searchParams.get("request_uri");
|
|
62
|
+
const clientId = decodedUrl.searchParams.get("client_id");
|
|
63
|
+
const result = _types.QRCodePayload.safeParse({
|
|
64
|
+
protocol,
|
|
65
|
+
resource,
|
|
66
|
+
requestURI,
|
|
67
|
+
clientId
|
|
68
|
+
});
|
|
69
|
+
if (result.success) {
|
|
70
|
+
return result.data;
|
|
71
|
+
} else {
|
|
72
|
+
throw new _errors.AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
|
|
48
73
|
}
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
74
|
+
};
|
|
75
|
+
exports.decodeAuthRequestQR = decodeAuthRequestQR;
|
|
76
|
+
/**
|
|
77
|
+
* Obtain the Request Object for RP authentication
|
|
78
|
+
* @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
|
|
79
|
+
*/
|
|
80
|
+
const getRequestObject = _ref => {
|
|
81
|
+
let {
|
|
82
|
+
wiaCryptoContext,
|
|
83
|
+
appFetch = fetch
|
|
84
|
+
} = _ref;
|
|
85
|
+
return async (walletInstanceAttestation, requestUri, rpEntityConfiguration) => {
|
|
86
|
+
const signedWalletInstanceDPoP = await (0, _dpop.createDPopToken)({
|
|
61
87
|
jti: `${_reactNativeUuid.default.v4()}`,
|
|
62
88
|
htm: "GET",
|
|
63
|
-
htu:
|
|
64
|
-
ath: await (0, _ioReactNativeJwt.sha256ToBase64)(
|
|
65
|
-
})
|
|
66
|
-
|
|
67
|
-
jwk: walletInstanceAttestationJwk,
|
|
68
|
-
typ: "dpop+jwt"
|
|
69
|
-
}).setIssuedAt().setExpirationTime("1h").toSign();
|
|
70
|
-
}
|
|
71
|
-
|
|
72
|
-
/**
|
|
73
|
-
* Obtain the Request Object for RP authentication
|
|
74
|
-
* @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
|
|
75
|
-
*
|
|
76
|
-
* @async @function
|
|
77
|
-
* @param signedWalletInstanceDPoP JWT of the Wallet Instance Attestation DPoP
|
|
78
|
-
*
|
|
79
|
-
* @returns The Request Object JWT
|
|
80
|
-
* @throws {NoSuitableKeysFoundInEntityConfiguration} When the Request Object is signed with a key not listed in RP's entity configuration
|
|
81
|
-
*
|
|
82
|
-
*/
|
|
83
|
-
async getRequestObject(signedWalletInstanceDPoP, requestUri, entity) {
|
|
84
|
-
const response = await this.appFetch(requestUri, {
|
|
89
|
+
htu: requestUri,
|
|
90
|
+
ath: await (0, _ioReactNativeJwt.sha256ToBase64)(walletInstanceAttestation)
|
|
91
|
+
}, wiaCryptoContext);
|
|
92
|
+
const response = await appFetch(requestUri, {
|
|
85
93
|
method: "GET",
|
|
86
94
|
headers: {
|
|
87
|
-
Authorization: `DPoP ${
|
|
95
|
+
Authorization: `DPoP ${walletInstanceAttestation}`,
|
|
88
96
|
DPoP: signedWalletInstanceDPoP
|
|
89
97
|
}
|
|
90
98
|
});
|
|
@@ -96,10 +104,10 @@ class RelyingPartySolution {
|
|
|
96
104
|
// verify token signature according to RP's entity configuration
|
|
97
105
|
// to ensure the request object is authentic
|
|
98
106
|
{
|
|
99
|
-
const pubKey =
|
|
107
|
+
const pubKey = rpEntityConfiguration.payload.metadata.wallet_relying_party.jwks.find(_ref2 => {
|
|
100
108
|
let {
|
|
101
109
|
kid
|
|
102
|
-
} =
|
|
110
|
+
} = _ref2;
|
|
103
111
|
return kid === responseJwt.protectedHeader.kid;
|
|
104
112
|
});
|
|
105
113
|
if (!pubKey) {
|
|
@@ -109,55 +117,64 @@ class RelyingPartySolution {
|
|
|
109
117
|
}
|
|
110
118
|
|
|
111
119
|
// parse request object it has the expected shape by specification
|
|
112
|
-
const
|
|
120
|
+
const requestObject = _types.RequestObject.parse({
|
|
113
121
|
header: responseJwt.protectedHeader,
|
|
114
122
|
payload: responseJwt.payload
|
|
115
123
|
});
|
|
116
|
-
return
|
|
124
|
+
return {
|
|
125
|
+
requestObject,
|
|
126
|
+
rpEntityConfiguration,
|
|
127
|
+
walletInstanceAttestation
|
|
128
|
+
};
|
|
117
129
|
}
|
|
118
|
-
throw new _errors.IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}
|
|
119
|
-
|
|
130
|
+
throw new _errors.IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}
|
|
131
|
+
${await response.text()}`);
|
|
132
|
+
};
|
|
133
|
+
};
|
|
120
134
|
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
// TODO: [SIW-353] support multiple presentations,
|
|
140
|
-
signKeyId) {
|
|
141
|
-
let [vc, claims] = _ref2;
|
|
135
|
+
/**
|
|
136
|
+
* Prepare the Verified Presentation token for a received request object in the context of an authorization request flow.
|
|
137
|
+
* The presentation is prepared by disclosing data from provided credentials, according to requested claims
|
|
138
|
+
* Each Verified Credential come along with the claims the user accepts to disclose from it.
|
|
139
|
+
*
|
|
140
|
+
* @todo accept more than a Verified Credential
|
|
141
|
+
*/
|
|
142
|
+
exports.getRequestObject = getRequestObject;
|
|
143
|
+
const prepareVpToken = _ref3 => {
|
|
144
|
+
let {
|
|
145
|
+
pidCryptoContext
|
|
146
|
+
} = _ref3;
|
|
147
|
+
return async (_ref4, _ref5) => {
|
|
148
|
+
let {
|
|
149
|
+
requestObject,
|
|
150
|
+
walletInstanceAttestation
|
|
151
|
+
} = _ref4;
|
|
152
|
+
let [vc, claims] = _ref5;
|
|
142
153
|
// this throws if vc cannot satisfy all the requested claims
|
|
143
154
|
const {
|
|
144
155
|
token: vp,
|
|
145
156
|
paths
|
|
146
157
|
} = await (0, _sdJwt.disclose)(vc, claims);
|
|
147
158
|
|
|
148
|
-
//
|
|
159
|
+
// obtain issuer from Wallet Instance
|
|
160
|
+
const {
|
|
161
|
+
payload: {
|
|
162
|
+
iss
|
|
163
|
+
}
|
|
164
|
+
} = _2.WalletInstanceAttestation.decode(walletInstanceAttestation);
|
|
165
|
+
const pidKid = await pidCryptoContext.getPublicKey().then(_ => _.kid);
|
|
149
166
|
|
|
150
|
-
|
|
167
|
+
// TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
|
|
168
|
+
const vp_token = await new _ioReactNativeJwt.SignJWT(pidCryptoContext).setProtectedHeader({
|
|
169
|
+
typ: "JWT",
|
|
170
|
+
kid: pidKid
|
|
171
|
+
}).setPayload({
|
|
151
172
|
vp: vp,
|
|
152
173
|
jti: `${_reactNativeUuid.default.v4()}`,
|
|
153
|
-
iss
|
|
154
|
-
nonce:
|
|
155
|
-
}).setAudience(
|
|
156
|
-
|
|
157
|
-
alg: "ES256",
|
|
158
|
-
kid: signKeyId
|
|
159
|
-
}).toSign();
|
|
160
|
-
const vc_scope = requestObj.payload.scope;
|
|
174
|
+
iss,
|
|
175
|
+
nonce: requestObject.payload.nonce
|
|
176
|
+
}).setAudience(requestObject.payload.response_uri).setIssuedAt().setExpirationTime("1h").sign();
|
|
177
|
+
const vc_scope = requestObject.payload.scope;
|
|
161
178
|
const presentation_submission = {
|
|
162
179
|
definition_id: `${_reactNativeUuid.default.v4()}`,
|
|
163
180
|
id: `${_reactNativeUuid.default.v4()}`,
|
|
@@ -171,30 +188,43 @@ class RelyingPartySolution {
|
|
|
171
188
|
vp_token,
|
|
172
189
|
presentation_submission
|
|
173
190
|
};
|
|
174
|
-
}
|
|
191
|
+
};
|
|
192
|
+
};
|
|
175
193
|
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
194
|
+
/**
|
|
195
|
+
* Compose and send an Authorization Response in the context of an authorization request flow.
|
|
196
|
+
*
|
|
197
|
+
* @todo MUST add presentation_submission
|
|
198
|
+
*
|
|
199
|
+
*/
|
|
200
|
+
const sendAuthorizationResponse = _ref6 => {
|
|
201
|
+
let {
|
|
202
|
+
pidCryptoContext,
|
|
203
|
+
appFetch = fetch
|
|
204
|
+
} = _ref6;
|
|
205
|
+
return async (_ref7, presentation) => {
|
|
206
|
+
let {
|
|
207
|
+
requestObject,
|
|
208
|
+
rpEntityConfiguration,
|
|
209
|
+
walletInstanceAttestation
|
|
210
|
+
} = _ref7;
|
|
191
211
|
// the request is an unsigned jws without iss, aud, exp
|
|
192
212
|
// https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
|
|
193
|
-
const jwk =
|
|
213
|
+
const jwk = chooseRSAPublicKeyToEncrypt(rpEntityConfiguration);
|
|
214
|
+
const {
|
|
215
|
+
vp_token,
|
|
216
|
+
presentation_submission
|
|
217
|
+
} = await prepareVpToken({
|
|
218
|
+
pidCryptoContext
|
|
219
|
+
})({
|
|
220
|
+
requestObject,
|
|
221
|
+
rpEntityConfiguration,
|
|
222
|
+
walletInstanceAttestation
|
|
223
|
+
}, presentation);
|
|
194
224
|
const authzResponsePayload = JSON.stringify({
|
|
195
|
-
state:
|
|
225
|
+
state: requestObject.payload.state,
|
|
196
226
|
presentation_submission,
|
|
197
|
-
nonce:
|
|
227
|
+
nonce: requestObject.payload.nonce,
|
|
198
228
|
vp_token
|
|
199
229
|
});
|
|
200
230
|
const encrypted = await new _ioReactNativeJwt.EncryptJwe(authzResponsePayload, {
|
|
@@ -206,7 +236,7 @@ class RelyingPartySolution {
|
|
|
206
236
|
response: encrypted
|
|
207
237
|
});
|
|
208
238
|
const body = formBody.toString();
|
|
209
|
-
const response = await
|
|
239
|
+
const response = await appFetch(requestObject.payload.response_uri, {
|
|
210
240
|
method: "POST",
|
|
211
241
|
headers: {
|
|
212
242
|
"Content-Type": "application/x-www-form-urlencoded"
|
|
@@ -217,33 +247,7 @@ class RelyingPartySolution {
|
|
|
217
247
|
return await response.json();
|
|
218
248
|
}
|
|
219
249
|
throw new _errors.IoWalletError(`Unable to send Authorization Response. Response: ${await response.text()} with code: ${response.status}`);
|
|
220
|
-
}
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
* Select a RSA public key from those provided by the RP to encrypt.
|
|
224
|
-
*
|
|
225
|
-
* @param entity The RP entity configuration
|
|
226
|
-
* @returns A suitable public key with its compatible encryption algorithm
|
|
227
|
-
* @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
|
|
228
|
-
*/
|
|
229
|
-
chooseRSAPublicKeyToEncrypt(entity) {
|
|
230
|
-
const [usingRsa256] = entity.payload.metadata.wallet_relying_party.jwks.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
|
|
231
|
-
if (usingRsa256) {
|
|
232
|
-
return usingRsa256;
|
|
233
|
-
}
|
|
234
|
-
|
|
235
|
-
// No suitable key has been found
|
|
236
|
-
throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
|
|
237
|
-
}
|
|
238
|
-
|
|
239
|
-
/**
|
|
240
|
-
* Obtain the relying party entity configuration.
|
|
241
|
-
*/
|
|
242
|
-
async getEntityConfiguration() {
|
|
243
|
-
return (0, _trust.getEntityConfiguration)(this.relyingPartyBaseUrl, {
|
|
244
|
-
appFetch: this.appFetch
|
|
245
|
-
}).then(_types.RpEntityConfiguration.parse);
|
|
246
|
-
}
|
|
247
|
-
}
|
|
248
|
-
exports.RelyingPartySolution = RelyingPartySolution;
|
|
250
|
+
};
|
|
251
|
+
};
|
|
252
|
+
exports.sendAuthorizationResponse = sendAuthorizationResponse;
|
|
249
253
|
//# sourceMappingURL=index.js.map
|