@pagopa/io-react-native-wallet 0.4.3 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +98 -22
- package/lib/commonjs/index.js +12 -8
- package/lib/commonjs/index.js.map +1 -1
- package/lib/commonjs/pid/index.js +3 -8
- package/lib/commonjs/pid/index.js.map +1 -1
- package/lib/commonjs/pid/issuing.js +152 -169
- package/lib/commonjs/pid/issuing.js.map +1 -1
- package/lib/commonjs/pid/metadata.js +28 -25
- package/lib/commonjs/pid/metadata.js.map +1 -1
- package/lib/commonjs/rp/__test__/index.test.js +5 -3
- package/lib/commonjs/rp/__test__/index.test.js.map +1 -1
- package/lib/commonjs/rp/index.js +158 -154
- package/lib/commonjs/rp/index.js.map +1 -1
- package/lib/commonjs/trust/types.js +9 -7
- package/lib/commonjs/trust/types.js.map +1 -1
- package/lib/commonjs/utils/crypto.js +46 -0
- package/lib/commonjs/utils/crypto.js.map +1 -0
- package/lib/commonjs/utils/dpop.js +14 -7
- package/lib/commonjs/utils/dpop.js.map +1 -1
- package/lib/commonjs/wallet-instance-attestation/index.js +3 -3
- package/lib/commonjs/wallet-instance-attestation/issuing.js +50 -60
- package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/module/index.js +4 -3
- package/lib/module/index.js.map +1 -1
- package/lib/module/pid/index.js +1 -1
- package/lib/module/pid/index.js.map +1 -1
- package/lib/module/pid/issuing.js +151 -172
- package/lib/module/pid/issuing.js.map +1 -1
- package/lib/module/pid/metadata.js +28 -25
- package/lib/module/pid/metadata.js.map +1 -1
- package/lib/module/rp/__test__/index.test.js +1 -1
- package/lib/module/rp/__test__/index.test.js.map +1 -1
- package/lib/module/rp/index.js +155 -153
- package/lib/module/rp/index.js.map +1 -1
- package/lib/module/trust/types.js +7 -6
- package/lib/module/trust/types.js.map +1 -1
- package/lib/module/utils/crypto.js +40 -0
- package/lib/module/utils/crypto.js.map +1 -0
- package/lib/module/utils/dpop.js +13 -5
- package/lib/module/utils/dpop.js.map +1 -1
- package/lib/module/wallet-instance-attestation/index.js +2 -2
- package/lib/module/wallet-instance-attestation/index.js.map +1 -1
- package/lib/module/wallet-instance-attestation/issuing.js +48 -58
- package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/typescript/index.d.ts +4 -3
- package/lib/typescript/index.d.ts.map +1 -1
- package/lib/typescript/pid/index.d.ts +1 -1
- package/lib/typescript/pid/index.d.ts.map +1 -1
- package/lib/typescript/pid/issuing.d.ts +51 -87
- package/lib/typescript/pid/issuing.d.ts.map +1 -1
- package/lib/typescript/pid/metadata.d.ts +1338 -408
- package/lib/typescript/pid/metadata.d.ts.map +1 -1
- package/lib/typescript/rp/index.d.ts +48 -86
- package/lib/typescript/rp/index.d.ts.map +1 -1
- package/lib/typescript/rp/types.d.ts +413 -57
- package/lib/typescript/rp/types.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/index.d.ts +1 -1
- package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
- package/lib/typescript/trust/types.d.ts +1000 -274
- package/lib/typescript/trust/types.d.ts.map +1 -1
- package/lib/typescript/utils/crypto.d.ts +10 -0
- package/lib/typescript/utils/crypto.d.ts.map +1 -0
- package/lib/typescript/utils/dpop.d.ts +10 -2
- package/lib/typescript/utils/dpop.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/index.d.ts +2 -2
- package/lib/typescript/wallet-instance-attestation/index.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/issuing.d.ts +17 -31
- package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/index.ts +5 -3
- package/src/pid/index.ts +1 -1
- package/src/pid/issuing.ts +233 -226
- package/src/pid/metadata.ts +32 -27
- package/src/rp/__test__/index.test.ts +1 -1
- package/src/rp/index.ts +180 -188
- package/src/sd-jwt/index.ts +1 -1
- package/src/trust/types.ts +39 -32
- package/src/utils/crypto.ts +41 -0
- package/src/utils/dpop.ts +17 -7
- package/src/wallet-instance-attestation/index.ts +2 -2
- package/src/wallet-instance-attestation/issuing.ts +55 -62
package/lib/module/rp/index.js
CHANGED
@@ -3,81 +3,88 @@ import { decode as decodeJwt, decodeBase64, sha256ToBase64, SignJWT, EncryptJwe,
|
|
3
3
|
import { QRCodePayload, RequestObject, RpEntityConfiguration } from "./types";
|
4
4
|
import uuid from "react-native-uuid";
|
5
5
|
import { disclose } from "../sd-jwt";
|
6
|
-
import { getEntityConfiguration } from "../trust";
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
6
|
+
import { getEntityConfiguration as getGenericEntityConfiguration } from "../trust";
|
7
|
+
import { createDPopToken } from "../utils/dpop";
|
8
|
+
import { WalletInstanceAttestation } from "..";
|
9
|
+
|
10
|
+
/**
|
11
|
+
* Select a RSA public key from those provided by the RP to encrypt.
|
12
|
+
*
|
13
|
+
* @param entity The RP entity configuration
|
14
|
+
* @returns A suitable public key with its compatible encryption algorithm
|
15
|
+
* @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
|
16
|
+
*/
|
17
|
+
const chooseRSAPublicKeyToEncrypt = entity => {
|
18
|
+
const [usingRsa256] = entity.payload.metadata.wallet_relying_party.jwks.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
|
19
|
+
if (usingRsa256) {
|
20
|
+
return usingRsa256;
|
13
21
|
}
|
14
22
|
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
23
|
+
// No suitable key has been found
|
24
|
+
throw new NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
|
25
|
+
};
|
26
|
+
|
27
|
+
/**
|
28
|
+
* Obtain the relying party entity configuration.
|
29
|
+
*/
|
30
|
+
export const getEntityConfiguration = function () {
|
31
|
+
let {
|
32
|
+
appFetch = fetch
|
33
|
+
} = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
|
34
|
+
return async relyingPartyBaseUrl => {
|
35
|
+
return getGenericEntityConfiguration(relyingPartyBaseUrl, {
|
36
|
+
appFetch: appFetch
|
37
|
+
}).then(RpEntityConfiguration.parse);
|
38
|
+
};
|
39
|
+
};
|
40
|
+
|
41
|
+
/**
|
42
|
+
* Decode a QR code content to an authentication request url.
|
43
|
+
* @function
|
44
|
+
* @param qrcode QR code content
|
45
|
+
*
|
46
|
+
* @returns The authentication request url
|
47
|
+
*
|
48
|
+
*/
|
49
|
+
export const decodeAuthRequestQR = qrcode => {
|
50
|
+
const decoded = decodeBase64(qrcode);
|
51
|
+
const decodedUrl = new URL(decoded);
|
52
|
+
const protocol = decodedUrl.protocol;
|
53
|
+
const resource = decodedUrl.hostname;
|
54
|
+
const requestURI = decodedUrl.searchParams.get("request_uri");
|
55
|
+
const clientId = decodedUrl.searchParams.get("client_id");
|
56
|
+
const result = QRCodePayload.safeParse({
|
57
|
+
protocol,
|
58
|
+
resource,
|
59
|
+
requestURI,
|
60
|
+
clientId
|
61
|
+
});
|
62
|
+
if (result.success) {
|
63
|
+
return result.data;
|
64
|
+
} else {
|
65
|
+
throw new AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
|
41
66
|
}
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
async
|
53
|
-
|
67
|
+
};
|
68
|
+
/**
|
69
|
+
* Obtain the Request Object for RP authentication
|
70
|
+
* @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
|
71
|
+
*/
|
72
|
+
export const getRequestObject = _ref => {
|
73
|
+
let {
|
74
|
+
wiaCryptoContext,
|
75
|
+
appFetch = fetch
|
76
|
+
} = _ref;
|
77
|
+
return async (walletInstanceAttestation, requestUri, rpEntityConfiguration) => {
|
78
|
+
const signedWalletInstanceDPoP = await createDPopToken({
|
54
79
|
jti: `${uuid.v4()}`,
|
55
80
|
htm: "GET",
|
56
|
-
htu:
|
57
|
-
ath: await sha256ToBase64(
|
58
|
-
})
|
59
|
-
|
60
|
-
jwk: walletInstanceAttestationJwk,
|
61
|
-
typ: "dpop+jwt"
|
62
|
-
}).setIssuedAt().setExpirationTime("1h").toSign();
|
63
|
-
}
|
64
|
-
|
65
|
-
/**
|
66
|
-
* Obtain the Request Object for RP authentication
|
67
|
-
* @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
|
68
|
-
*
|
69
|
-
* @async @function
|
70
|
-
* @param signedWalletInstanceDPoP JWT of the Wallet Instance Attestation DPoP
|
71
|
-
*
|
72
|
-
* @returns The Request Object JWT
|
73
|
-
* @throws {NoSuitableKeysFoundInEntityConfiguration} When the Request Object is signed with a key not listed in RP's entity configuration
|
74
|
-
*
|
75
|
-
*/
|
76
|
-
async getRequestObject(signedWalletInstanceDPoP, requestUri, entity) {
|
77
|
-
const response = await this.appFetch(requestUri, {
|
81
|
+
htu: requestUri,
|
82
|
+
ath: await sha256ToBase64(walletInstanceAttestation)
|
83
|
+
}, wiaCryptoContext);
|
84
|
+
const response = await appFetch(requestUri, {
|
78
85
|
method: "GET",
|
79
86
|
headers: {
|
80
|
-
Authorization: `DPoP ${
|
87
|
+
Authorization: `DPoP ${walletInstanceAttestation}`,
|
81
88
|
DPoP: signedWalletInstanceDPoP
|
82
89
|
}
|
83
90
|
});
|
@@ -89,10 +96,10 @@ export class RelyingPartySolution {
|
|
89
96
|
// verify token signature according to RP's entity configuration
|
90
97
|
// to ensure the request object is authentic
|
91
98
|
{
|
92
|
-
const pubKey =
|
99
|
+
const pubKey = rpEntityConfiguration.payload.metadata.wallet_relying_party.jwks.find(_ref2 => {
|
93
100
|
let {
|
94
101
|
kid
|
95
|
-
} =
|
102
|
+
} = _ref2;
|
96
103
|
return kid === responseJwt.protectedHeader.kid;
|
97
104
|
});
|
98
105
|
if (!pubKey) {
|
@@ -102,55 +109,63 @@ export class RelyingPartySolution {
|
|
102
109
|
}
|
103
110
|
|
104
111
|
// parse request object it has the expected shape by specification
|
105
|
-
const
|
112
|
+
const requestObject = RequestObject.parse({
|
106
113
|
header: responseJwt.protectedHeader,
|
107
114
|
payload: responseJwt.payload
|
108
115
|
});
|
109
|
-
return
|
116
|
+
return {
|
117
|
+
requestObject,
|
118
|
+
rpEntityConfiguration,
|
119
|
+
walletInstanceAttestation
|
120
|
+
};
|
110
121
|
}
|
111
|
-
throw new IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}
|
112
|
-
|
122
|
+
throw new IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}
|
123
|
+
${await response.text()}`);
|
124
|
+
};
|
125
|
+
};
|
113
126
|
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
async prepareVpToken(requestObj, walletInstanceIdentifier, _ref2,
|
132
|
-
// TODO: [SIW-353] support multiple presentations,
|
133
|
-
signKeyId) {
|
134
|
-
let [vc, claims] = _ref2;
|
127
|
+
/**
|
128
|
+
* Prepare the Verified Presentation token for a received request object in the context of an authorization request flow.
|
129
|
+
* The presentation is prepared by disclosing data from provided credentials, according to requested claims
|
130
|
+
* Each Verified Credential come along with the claims the user accepts to disclose from it.
|
131
|
+
*
|
132
|
+
* @todo accept more than a Verified Credential
|
133
|
+
*/
|
134
|
+
const prepareVpToken = _ref3 => {
|
135
|
+
let {
|
136
|
+
pidCryptoContext
|
137
|
+
} = _ref3;
|
138
|
+
return async (_ref4, _ref5) => {
|
139
|
+
let {
|
140
|
+
requestObject,
|
141
|
+
walletInstanceAttestation
|
142
|
+
} = _ref4;
|
143
|
+
let [vc, claims] = _ref5;
|
135
144
|
// this throws if vc cannot satisfy all the requested claims
|
136
145
|
const {
|
137
146
|
token: vp,
|
138
147
|
paths
|
139
148
|
} = await disclose(vc, claims);
|
140
149
|
|
141
|
-
//
|
150
|
+
// obtain issuer from Wallet Instance
|
151
|
+
const {
|
152
|
+
payload: {
|
153
|
+
iss
|
154
|
+
}
|
155
|
+
} = WalletInstanceAttestation.decode(walletInstanceAttestation);
|
156
|
+
const pidKid = await pidCryptoContext.getPublicKey().then(_ => _.kid);
|
142
157
|
|
143
|
-
|
158
|
+
// TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
|
159
|
+
const vp_token = await new SignJWT(pidCryptoContext).setProtectedHeader({
|
160
|
+
typ: "JWT",
|
161
|
+
kid: pidKid
|
162
|
+
}).setPayload({
|
144
163
|
vp: vp,
|
145
164
|
jti: `${uuid.v4()}`,
|
146
|
-
iss
|
147
|
-
nonce:
|
148
|
-
}).setAudience(
|
149
|
-
|
150
|
-
alg: "ES256",
|
151
|
-
kid: signKeyId
|
152
|
-
}).toSign();
|
153
|
-
const vc_scope = requestObj.payload.scope;
|
165
|
+
iss,
|
166
|
+
nonce: requestObject.payload.nonce
|
167
|
+
}).setAudience(requestObject.payload.response_uri).setIssuedAt().setExpirationTime("1h").sign();
|
168
|
+
const vc_scope = requestObject.payload.scope;
|
154
169
|
const presentation_submission = {
|
155
170
|
definition_id: `${uuid.v4()}`,
|
156
171
|
id: `${uuid.v4()}`,
|
@@ -164,30 +179,43 @@ export class RelyingPartySolution {
|
|
164
179
|
vp_token,
|
165
180
|
presentation_submission
|
166
181
|
};
|
167
|
-
}
|
182
|
+
};
|
183
|
+
};
|
168
184
|
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
185
|
+
/**
|
186
|
+
* Compose and send an Authorization Response in the context of an authorization request flow.
|
187
|
+
*
|
188
|
+
* @todo MUST add presentation_submission
|
189
|
+
*
|
190
|
+
*/
|
191
|
+
export const sendAuthorizationResponse = _ref6 => {
|
192
|
+
let {
|
193
|
+
pidCryptoContext,
|
194
|
+
appFetch = fetch
|
195
|
+
} = _ref6;
|
196
|
+
return async (_ref7, presentation) => {
|
197
|
+
let {
|
198
|
+
requestObject,
|
199
|
+
rpEntityConfiguration,
|
200
|
+
walletInstanceAttestation
|
201
|
+
} = _ref7;
|
184
202
|
// the request is an unsigned jws without iss, aud, exp
|
185
203
|
// https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
|
186
|
-
const jwk =
|
204
|
+
const jwk = chooseRSAPublicKeyToEncrypt(rpEntityConfiguration);
|
205
|
+
const {
|
206
|
+
vp_token,
|
207
|
+
presentation_submission
|
208
|
+
} = await prepareVpToken({
|
209
|
+
pidCryptoContext
|
210
|
+
})({
|
211
|
+
requestObject,
|
212
|
+
rpEntityConfiguration,
|
213
|
+
walletInstanceAttestation
|
214
|
+
}, presentation);
|
187
215
|
const authzResponsePayload = JSON.stringify({
|
188
|
-
state:
|
216
|
+
state: requestObject.payload.state,
|
189
217
|
presentation_submission,
|
190
|
-
nonce:
|
218
|
+
nonce: requestObject.payload.nonce,
|
191
219
|
vp_token
|
192
220
|
});
|
193
221
|
const encrypted = await new EncryptJwe(authzResponsePayload, {
|
@@ -199,7 +227,7 @@ export class RelyingPartySolution {
|
|
199
227
|
response: encrypted
|
200
228
|
});
|
201
229
|
const body = formBody.toString();
|
202
|
-
const response = await
|
230
|
+
const response = await appFetch(requestObject.payload.response_uri, {
|
203
231
|
method: "POST",
|
204
232
|
headers: {
|
205
233
|
"Content-Type": "application/x-www-form-urlencoded"
|
@@ -210,32 +238,6 @@ export class RelyingPartySolution {
|
|
210
238
|
return await response.json();
|
211
239
|
}
|
212
240
|
throw new IoWalletError(`Unable to send Authorization Response. Response: ${await response.text()} with code: ${response.status}`);
|
213
|
-
}
|
214
|
-
|
215
|
-
/**
|
216
|
-
* Select a RSA public key from those provided by the RP to encrypt.
|
217
|
-
*
|
218
|
-
* @param entity The RP entity configuration
|
219
|
-
* @returns A suitable public key with its compatible encryption algorithm
|
220
|
-
* @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
|
221
|
-
*/
|
222
|
-
chooseRSAPublicKeyToEncrypt(entity) {
|
223
|
-
const [usingRsa256] = entity.payload.metadata.wallet_relying_party.jwks.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
|
224
|
-
if (usingRsa256) {
|
225
|
-
return usingRsa256;
|
226
|
-
}
|
227
|
-
|
228
|
-
// No suitable key has been found
|
229
|
-
throw new NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
|
230
|
-
}
|
231
|
-
|
232
|
-
/**
|
233
|
-
* Obtain the relying party entity configuration.
|
234
|
-
*/
|
235
|
-
async getEntityConfiguration() {
|
236
|
-
return getEntityConfiguration(this.relyingPartyBaseUrl, {
|
237
|
-
appFetch: this.appFetch
|
238
|
-
}).then(RpEntityConfiguration.parse);
|
239
|
-
}
|
240
|
-
}
|
241
|
+
};
|
242
|
+
};
|
241
243
|
//# sourceMappingURL=index.js.map
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"names":["AuthRequestDecodeError","IoWalletError","NoSuitableKeysFoundInEntityConfiguration","decode","decodeJwt","decodeBase64","sha256ToBase64","SignJWT","EncryptJwe","verify","QRCodePayload","RequestObject","RpEntityConfiguration","uuid","disclose","getEntityConfiguration","
|
1
|
+
{"version":3,"names":["AuthRequestDecodeError","IoWalletError","NoSuitableKeysFoundInEntityConfiguration","decode","decodeJwt","decodeBase64","sha256ToBase64","SignJWT","EncryptJwe","verify","QRCodePayload","RequestObject","RpEntityConfiguration","uuid","disclose","getEntityConfiguration","getGenericEntityConfiguration","createDPopToken","WalletInstanceAttestation","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","payload","metadata","wallet_relying_party","jwks","filter","jwk","use","kty","appFetch","fetch","arguments","length","undefined","relyingPartyBaseUrl","then","parse","decodeAuthRequestQR","qrcode","decoded","decodedUrl","URL","protocol","resource","hostname","requestURI","searchParams","get","clientId","result","safeParse","success","data","error","message","getRequestObject","_ref","wiaCryptoContext","walletInstanceAttestation","requestUri","rpEntityConfiguration","signedWalletInstanceDPoP","jti","v4","htm","htu","ath","response","method","headers","Authorization","DPoP","status","responseJson","json","responseEncodedJwt","responseJwt","pubKey","find","_ref2","kid","protectedHeader","requestObject","header","text","prepareVpToken","_ref3","pidCryptoContext","_ref4","_ref5","vc","claims","token","vp","paths","iss","pidKid","getPublicKey","_","vp_token","setProtectedHeader","typ","setPayload","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","_ref6","_ref7","presentation","authzResponsePayload","JSON","stringify","state","encrypted","alg","enc","encrypt","formBody","URLSearchParams","body","toString"],"sourceRoot":"../../../src","sources":["rp/index.ts"],"mappings":"AAAA,SACEA,sBAAsB,EACtBC,aAAa,EACbC,wCAAwC,QACnC,iBAAiB;AACxB,SACEC,MAAM,IAAIC,SAAS,EACnBC,YAAY,EACZC,cAAc,EACdC,OAAO,EACPC,UAAU,EACVC,MAAM,QAED,6BAA6B;AACpC,SACEC,aAAa,EACbC,aAAa,EACbC,qBAAqB,QAEhB,SAAS;AAEhB,OAAOC,IAAI,MAAM,mBAAmB;AAEpC,SAASC,QAAQ,QAAQ,WAAW;AACpC,SAASC,sBAAsB,IAAIC,6BAA6B,QAAQ,UAAU;AAClF,SAASC,eAAe,QAAQ,eAAe;AAC/C,SAASC,yBAAyB,QAAQ,IAAI;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,2BAA2B,GAAIC,MAA6B,IAAU;EAC1E,MAAM,CAACC,WAAW,CAAC,GACjBD,MAAM,CAACE,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACC,MAAM,CACrDC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAEH,IAAIR,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAInB,wCAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA,OAAO,MAAMa,sBAAsB,GACjC,SAAAA,CAAA;EAAA,IAAC;IAAEe,QAAQ,GAAGC;EAA2C,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAAA,OAC/D,MAAOG,mBAA2B,IAAqC;IACrE,OAAOnB,6BAA6B,CAACmB,mBAAmB,EAAE;MACxDL,QAAQ,EAAEA;IACZ,CAAC,CAAC,CAACM,IAAI,CAACxB,qBAAqB,CAACyB,KAAK,CAAC;EACtC,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAmB,GAAIC,MAAc,IAAoB;EACpE,MAAMC,OAAO,GAAGnC,YAAY,CAACkC,MAAM,CAAC;EACpC,MAAME,UAAU,GAAG,IAAIC,GAAG,CAACF,OAAO,CAAC;EACnC,MAAMG,QAAQ,GAAGF,UAAU,CAACE,QAAQ;EACpC,MAAMC,QAAQ,GAAGH,UAAU,CAACI,QAAQ;EACpC,MAAMC,UAAU,GAAGL,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC;EAC7D,MAAMC,QAAQ,GAAGR,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,WAAW,CAAC;EAEzD,MAAME,MAAM,GAAGxC,aAAa,CAACyC,SAAS,CAAC;IACrCR,QAAQ;IACRC,QAAQ;IACRE,UAAU;IACVG;EACF,CAAC,CAAC;EAEF,IAAIC,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIrD,sBAAsB,CAACkD,MAAM,CAACI,KAAK,CAACC,OAAO,EAAG,GAAEd,UAAW,EAAC,CAAC;EACzE;AACF,CAAC;AAQD;AACA;AACA;AACA;AACA,OAAO,MAAMe,gBAAgB,GAC3BC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChB5B,QAAQ,GAAGC;EAIb,CAAC,GAAA0B,IAAA;EAAA,OACD,OACEE,yBAAiC,EACjCC,UAAkB,EAClBC,qBAA4C,KACb;IAC/B,MAAMC,wBAAwB,GAAG,MAAM7C,eAAe,CACpD;MACE8C,GAAG,EAAG,GAAElD,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MACnBC,GAAG,EAAE,KAAK;MACVC,GAAG,EAAEN,UAAU;MACfO,GAAG,EAAE,MAAM7D,cAAc,CAACqD,yBAAyB;IACrD,CAAC,EACDD,gBACF,CAAC;IAED,MAAMU,QAAQ,GAAG,MAAMtC,QAAQ,CAAC8B,UAAU,EAAE;MAC1CS,MAAM,EAAE,KAAK;MACbC,OAAO,EAAE;QACPC,aAAa,EAAG,QAAOZ,yBAA0B,EAAC;QAClDa,IAAI,EAAEV;MACR;IACF,CAAC,CAAC;IAEF,IAAIM,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,YAAY,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MAC1C,MAAMC,kBAAkB,GAAGF,YAAY,CAACN,QAAQ;MAEhD,MAAMS,WAAW,GAAGzE,SAAS,CAACwE,kBAAkB,CAAC;;MAEjD;MACA;MACA;QACE,MAAME,MAAM,GACVjB,qBAAqB,CAACvC,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACsD,IAAI,CACnEC,KAAA;UAAA,IAAC;YAAEC;UAAI,CAAC,GAAAD,KAAA;UAAA,OAAKC,GAAG,KAAKJ,WAAW,CAACK,eAAe,CAACD,GAAG;QAAA,CACtD,CAAC;QACH,IAAI,CAACH,MAAM,EAAE;UACX,MAAM,IAAI5E,wCAAwC,CAChD,uCACF,CAAC;QACH;QACA,MAAMO,MAAM,CAACmE,kBAAkB,EAAEE,MAAM,CAAC;MAC1C;;MAEA;MACA,MAAMK,aAAa,GAAGxE,aAAa,CAAC0B,KAAK,CAAC;QACxC+C,MAAM,EAAEP,WAAW,CAACK,eAAe;QACnC5D,OAAO,EAAEuD,WAAW,CAACvD;MACvB,CAAC,CAAC;MAEF,OAAO;QACL6D,aAAa;QACbtB,qBAAqB;QACrBF;MACF,CAAC;IACH;IAEA,MAAM,IAAI1D,aAAa,CACpB,mDAAkDmE,QAAQ,CAACK,MAAO;AACzE,QAAQ,MAAML,QAAQ,CAACiB,IAAI,CAAC,CAAE,EAC1B,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,cAAc,GAClBC,KAAA;EAAA,IAAC;IAAEC;EAAsD,CAAC,GAAAD,KAAA;EAAA,OAC1D,OAAAE,KAAA,EAAAC,KAAA,KAMM;IAAA,IALJ;MAAEP,aAAa;MAAExB;IAA6C,CAAC,GAAA8B,KAAA;IAAA,IAC/D,CAACE,EAAE,EAAEC,MAAM,CAAe,GAAAF,KAAA;IAK1B;IACA,MAAM;MAAEG,KAAK,EAAEC,EAAE;MAAEC;IAAM,CAAC,GAAG,MAAMjF,QAAQ,CAAC6E,EAAE,EAAEC,MAAM,CAAC;;IAEvD;IACA,MAAM;MACJtE,OAAO,EAAE;QAAE0E;MAAI;IACjB,CAAC,GAAG9E,yBAAyB,CAACf,MAAM,CAACwD,yBAAyB,CAAC;IAE/D,MAAMsC,MAAM,GAAG,MAAMT,gBAAgB,CAACU,YAAY,CAAC,CAAC,CAAC9D,IAAI,CAAE+D,CAAC,IAAKA,CAAC,CAAClB,GAAG,CAAC;;IAEvE;IACA,MAAMmB,QAAQ,GAAG,MAAM,IAAI7F,OAAO,CAACiF,gBAAgB,CAAC,CACjDa,kBAAkB,CAAC;MAClBC,GAAG,EAAE,KAAK;MACVrB,GAAG,EAAEgB;IACP,CAAC,CAAC,CACDM,UAAU,CAAC;MACVT,EAAE,EAAEA,EAAE;MACN/B,GAAG,EAAG,GAAElD,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MACnBgC,GAAG;MACHQ,KAAK,EAAErB,aAAa,CAAC7D,OAAO,CAACkF;IAC/B,CAAC,CAAC,CACDC,WAAW,CAACtB,aAAa,CAAC7D,OAAO,CAACoF,YAAY,CAAC,CAC/CC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,QAAQ,GAAG3B,aAAa,CAAC7D,OAAO,CAACyF,KAAK;IAC5C,MAAMC,uBAAuB,GAAG;MAC9BC,aAAa,EAAG,GAAEpG,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MAC7BkD,EAAE,EAAG,GAAErG,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MAClBmD,cAAc,EAAEpB,KAAK,CAACqB,GAAG,CAAEC,CAAC,KAAM;QAChCH,EAAE,EAAEJ,QAAQ;QACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;QAC5BC,MAAM,EAAE;MACV,CAAC,CAAC;IACJ,CAAC;IAED,OAAO;MAAEnB,QAAQ;MAAEY;IAAwB,CAAC;EAC9C,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,yBAAyB,GACpCC,KAAA;EAAA,IAAC;IACCjC,gBAAgB;IAChB1D,QAAQ,GAAGC;EAIb,CAAC,GAAA0F,KAAA;EAAA,OACD,OAAAC,KAAA,EAMEC,YAA0B,KACN;IAAA,IANpB;MACExC,aAAa;MACbtB,qBAAqB;MACrBF;IACiB,CAAC,GAAA+D,KAAA;IAGpB;IACA;IACA,MAAM/F,GAAG,GAAGR,2BAA2B,CAAC0C,qBAAqB,CAAC;IAE9D,MAAM;MAAEuC,QAAQ;MAAEY;IAAwB,CAAC,GAAG,MAAM1B,cAAc,CAAC;MACjEE;IACF,CAAC,CAAC,CACA;MACEL,aAAa;MACbtB,qBAAqB;MACrBF;IACF,CAAC,EACDgE,YACF,CAAC;IAED,MAAMC,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;MAC1CC,KAAK,EAAE5C,aAAa,CAAC7D,OAAO,CAACyG,KAAK;MAClCf,uBAAuB;MACvBR,KAAK,EAAErB,aAAa,CAAC7D,OAAO,CAACkF,KAAK;MAClCJ;IACF,CAAC,CAAC;IAEF,MAAM4B,SAAS,GAAG,MAAM,IAAIxH,UAAU,CAACoH,oBAAoB,EAAE;MAC3DK,GAAG,EAAE,cAAc;MACnBC,GAAG,EAAE,eAAe;MACpBjD,GAAG,EAAEtD,GAAG,CAACsD;IACX,CAAC,CAAC,CAACkD,OAAO,CAACxG,GAAG,CAAC;IAEf,MAAMyG,QAAQ,GAAG,IAAIC,eAAe,CAAC;MAAEjE,QAAQ,EAAE4D;IAAU,CAAC,CAAC;IAC7D,MAAMM,IAAI,GAAGF,QAAQ,CAACG,QAAQ,CAAC,CAAC;IAEhC,MAAMnE,QAAQ,GAAG,MAAMtC,QAAQ,CAACqD,aAAa,CAAC7D,OAAO,CAACoF,YAAY,EAAE;MAClErC,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDgE;IACF,CAAC,CAAC;IAEF,IAAIlE,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAML,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAI1E,aAAa,CACpB,oDAAmD,MAAMmE,QAAQ,CAACiB,IAAI,CAAC,CAAE,eACxEjB,QAAQ,CAACK,MACV,EACH,CAAC;EACH,CAAC;AAAA"}
|
@@ -22,12 +22,13 @@ export const EntityStatement = z.object({
|
|
22
22
|
exp: z.number()
|
23
23
|
})
|
24
24
|
});
|
25
|
+
export const EntityConfigurationHeader = z.object({
|
26
|
+
typ: z.literal("entity-statement+jwt"),
|
27
|
+
alg: z.string(),
|
28
|
+
kid: z.string()
|
29
|
+
});
|
25
30
|
export const EntityConfiguration = z.object({
|
26
|
-
header:
|
27
|
-
typ: z.literal("entity-statement+jwt"),
|
28
|
-
alg: z.string(),
|
29
|
-
kid: z.string()
|
30
|
-
}),
|
31
|
+
header: EntityConfigurationHeader,
|
31
32
|
payload: z.object({
|
32
33
|
exp: UnixTime,
|
33
34
|
iat: UnixTime,
|
@@ -50,7 +51,7 @@ export const EntityConfiguration = z.object({
|
|
50
51
|
}).passthrough()
|
51
52
|
}).passthrough(),
|
52
53
|
authority_hints: z.array(z.string()).optional()
|
53
|
-
})
|
54
|
+
}).passthrough()
|
54
55
|
});
|
55
56
|
export const TrustAnchorEntityConfiguration = EntityConfiguration;
|
56
57
|
//# sourceMappingURL=types.js.map
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"names":["UnixTime","JWK","z","TrustMark","object","id","string","trust_mark","EntityStatement","header","typ","literal","alg","kid","payload","iss","sub","jwks","keys","array","trust_marks","iat","number","exp","EntityConfiguration","metadata","federation_entity","federation_fetch_endpoint","optional","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","homepage_uri","policy_uri","logo_uri","contacts","passthrough","authority_hints","TrustAnchorEntityConfiguration"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,OAAO,MAAMC,SAAS,GAAGD,CAAC,CAACE,MAAM,CAAC;EAAEC,EAAE,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEL,CAAC,CAACI,MAAM,CAAC;AAAE,CAAC,CAAC;AAI7E,OAAO,MAAME,eAAe,GAAGN,CAAC,CAACE,MAAM,CAAC;EACtCK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACFQ,OAAO,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAChBW,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MAAEc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IAAE,CAAC,CAAC;IACtCmB,WAAW,EAAElB,CAAC,CAACiB,KAAK,CAAChB,SAAS,CAAC;IAC/BkB,GAAG,EAAEnB,CAAC,CAACoB,MAAM,CAAC,CAAC;IACfC,GAAG,EAAErB,CAAC,CAACoB,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;
|
1
|
+
{"version":3,"names":["UnixTime","JWK","z","TrustMark","object","id","string","trust_mark","EntityStatement","header","typ","literal","alg","kid","payload","iss","sub","jwks","keys","array","trust_marks","iat","number","exp","EntityConfigurationHeader","EntityConfiguration","metadata","federation_entity","federation_fetch_endpoint","optional","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","homepage_uri","policy_uri","logo_uri","contacts","passthrough","authority_hints","TrustAnchorEntityConfiguration"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,OAAO,MAAMC,SAAS,GAAGD,CAAC,CAACE,MAAM,CAAC;EAAEC,EAAE,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEL,CAAC,CAACI,MAAM,CAAC;AAAE,CAAC,CAAC;AAI7E,OAAO,MAAME,eAAe,GAAGN,CAAC,CAACE,MAAM,CAAC;EACtCK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACFQ,OAAO,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAChBW,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MAAEc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IAAE,CAAC,CAAC;IACtCmB,WAAW,EAAElB,CAAC,CAACiB,KAAK,CAAChB,SAAS,CAAC;IAC/BkB,GAAG,EAAEnB,CAAC,CAACoB,MAAM,CAAC,CAAC;IACfC,GAAG,EAAErB,CAAC,CAACoB,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAME,yBAAyB,GAAGtB,CAAC,CAACE,MAAM,CAAC;EAChDM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;EACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;EACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;AAChB,CAAC,CAAC;AAGF,OAAO,MAAMmB,mBAAmB,GAAGvB,CAAC,CAACE,MAAM,CAAC;EAC1CK,MAAM,EAAEe,yBAAyB;EACjCV,OAAO,EAAEZ,CAAC,CACPE,MAAM,CAAC;IACNmB,GAAG,EAAEvB,QAAQ;IACbqB,GAAG,EAAErB,QAAQ;IACbe,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MACbc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IACnB,CAAC,CAAC;IACFyB,QAAQ,EAAExB,CAAC,CACRE,MAAM,CAAC;MACNuB,iBAAiB,EAAEzB,CAAC,CACjBE,MAAM,CAAC;QACNwB,yBAAyB,EAAE1B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAChDC,wBAAwB,EAAE5B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC/CE,2BAA2B,EAAE7B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAClDG,qCAAqC,EAAE9B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC5DI,mCAAmC,EAAE/B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC1DK,YAAY,EAAEhC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QACnCM,UAAU,EAAEjC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QACjCO,QAAQ,EAAElC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC/BQ,QAAQ,EAAEnC,CAAC,CAACiB,KAAK,CAACjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACuB,QAAQ,CAAC;MACzC,CAAC,CAAC,CACDS,WAAW,CAAC;IACjB,CAAC,CAAC,CACDA,WAAW,CAAC,CAAC;IAChBC,eAAe,EAAErC,CAAC,CAACiB,KAAK,CAACjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACuB,QAAQ,CAAC;EAChD,CAAC,CAAC,CACDS,WAAW,CAAC;AACjB,CAAC,CAAC;AAKF,OAAO,MAAME,8BAA8B,GAAGf,mBAAmB"}
|
@@ -0,0 +1,40 @@
|
|
1
|
+
import { getPublicKey, sign } from "@pagopa/io-react-native-crypto";
|
2
|
+
import { thumbprint } from "@pagopa/io-react-native-jwt";
|
3
|
+
import { fixBase64EncodingOnKey } from "./jwk";
|
4
|
+
|
5
|
+
/**
|
6
|
+
* Create a CryptoContext bound to a key pair.
|
7
|
+
* Key pair is supposed to exist already in the device's keychain.
|
8
|
+
* It's identified by its unique keytag.
|
9
|
+
*
|
10
|
+
* @returns the crypto context
|
11
|
+
*/
|
12
|
+
export const createCryptoContextFor = keytag => {
|
13
|
+
return {
|
14
|
+
/**
|
15
|
+
* Retrieve the public key of the pair.
|
16
|
+
* If the key pair doesn't exist yet, an error is raised
|
17
|
+
* @returns The public key.
|
18
|
+
*/
|
19
|
+
async getPublicKey() {
|
20
|
+
return getPublicKey(keytag).then(fixBase64EncodingOnKey).then(async jwk => ({
|
21
|
+
...jwk,
|
22
|
+
// Keys in the TEE are not stored with their KID, which is supposed to be assigned when they are included in JWK sets.
|
23
|
+
// (that is, KID is not a propoerty of the key itself, but it's property used to identify a key in a set).
|
24
|
+
// We assume the convention we use the thumbprint of the public key as KID, thus for easy development we decided to evaluate KID here
|
25
|
+
// However the values is an arbitrary string that might be anything
|
26
|
+
kid: await thumbprint(jwk)
|
27
|
+
}));
|
28
|
+
},
|
29
|
+
/**
|
30
|
+
* Get a signature for a provided value.
|
31
|
+
* If the key pair doesn't exist yet, an error is raised.
|
32
|
+
* @param value
|
33
|
+
* @returns The signature for the value
|
34
|
+
*/
|
35
|
+
async getSignature(value) {
|
36
|
+
return sign(value, keytag);
|
37
|
+
}
|
38
|
+
};
|
39
|
+
};
|
40
|
+
//# sourceMappingURL=crypto.js.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"names":["getPublicKey","sign","thumbprint","fixBase64EncodingOnKey","createCryptoContextFor","keytag","then","jwk","kid","getSignature","value"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":"AAAA,SAASA,YAAY,EAAEC,IAAI,QAAQ,gCAAgC;AACnE,SAASC,UAAU,QAA4B,6BAA6B;AAC5E,SAASC,sBAAsB,QAAQ,OAAO;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,GAAIC,MAAc,IAAoB;EACvE,OAAO;IACL;AACJ;AACA;AACA;AACA;IACI,MAAML,YAAYA,CAAA,EAAG;MACnB,OAAOA,YAAY,CAACK,MAAM,CAAC,CACxBC,IAAI,CAACH,sBAAsB,CAAC,CAC5BG,IAAI,CAAC,MAAOC,GAAG,KAAM;QACpB,GAAGA,GAAG;QACN;QACA;QACA;QACA;QACAC,GAAG,EAAE,MAAMN,UAAU,CAACK,GAAG;MAC3B,CAAC,CAAC,CAAC;IACP,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;IACI,MAAME,YAAYA,CAACC,KAAa,EAAE;MAChC,OAAOT,IAAI,CAACS,KAAK,EAAEL,MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC"}
|
package/lib/module/utils/dpop.js
CHANGED
@@ -1,12 +1,20 @@
|
|
1
1
|
import * as z from "zod";
|
2
2
|
import { SignJWT } from "@pagopa/io-react-native-jwt";
|
3
|
-
|
4
|
-
|
5
|
-
|
3
|
+
|
4
|
+
/**
|
5
|
+
* Create a signed DPoP token
|
6
|
+
*
|
7
|
+
* @param payload The payload to be included in the token.
|
8
|
+
* @param crypto The crypto context that handles the key bound to the DPoP.
|
9
|
+
*
|
10
|
+
* @returns The signed crypto token.
|
11
|
+
*/
|
12
|
+
export const createDPopToken = async (payload, crypto) => {
|
13
|
+
const jwk = await crypto.getPublicKey();
|
14
|
+
return new SignJWT(crypto).setPayload(payload).setProtectedHeader({
|
6
15
|
typ: "dpop+jwt",
|
7
16
|
jwk
|
8
|
-
}).setIssuedAt().setExpirationTime("1h").
|
9
|
-
return dPop;
|
17
|
+
}).setIssuedAt().setExpirationTime("1h").sign();
|
10
18
|
};
|
11
19
|
export const DPoPPayload = z.object({
|
12
20
|
jti: z.string(),
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"names":["z","SignJWT","
|
1
|
+
{"version":3,"names":["z","SignJWT","createDPopToken","payload","crypto","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setIssuedAt","setExpirationTime","sign","DPoPPayload","object","jti","string","htm","union","literal","htu","ath","optional"],"sourceRoot":"../../../src","sources":["utils/dpop.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AAExB,SAASC,OAAO,QAA4B,6BAA6B;;AAEzE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAe,GAAG,MAAAA,CAC7BC,OAAoB,EACpBC,MAAqB,KACD;EACpB,MAAMC,GAAG,GAAG,MAAMD,MAAM,CAACE,YAAY,CAAC,CAAC;EACvC,OAAO,IAAIL,OAAO,CAACG,MAAM,CAAC,CACvBG,UAAU,CAACJ,OAAO,CAAC,CACnBK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,UAAU;IACfJ;EACF,CAAC,CAAC,CACDK,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;AAGD,OAAO,MAAMC,WAAW,GAAGb,CAAC,CAACc,MAAM,CAAC;EAClCC,GAAG,EAAEf,CAAC,CAACgB,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEjB,CAAC,CAACkB,KAAK,CAAC,CAAClB,CAAC,CAACmB,OAAO,CAAC,MAAM,CAAC,EAAEnB,CAAC,CAACmB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;EACnDC,GAAG,EAAEpB,CAAC,CAACgB,MAAM,CAAC,CAAC;EACfK,GAAG,EAAErB,CAAC,CAACgB,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC;AAC3B,CAAC,CAAC"}
|
@@ -1,8 +1,8 @@
|
|
1
1
|
import { WalletInstanceAttestationJwt } from "./types";
|
2
2
|
import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
|
3
3
|
import { verify as verifyJwt } from "@pagopa/io-react-native-jwt";
|
4
|
-
import {
|
5
|
-
export {
|
4
|
+
import { getAttestation } from "./issuing";
|
5
|
+
export { getAttestation };
|
6
6
|
/**
|
7
7
|
* Decode a given JWT to get the parsed Wallet Instance Attestation object they define.
|
8
8
|
* It ensures provided data is in a valid shape.
|
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"names":["WalletInstanceAttestationJwt","decode","decodeJwt","verify","verifyJwt","
|
1
|
+
{"version":3,"names":["WalletInstanceAttestationJwt","decode","decodeJwt","verify","verifyJwt","getAttestation","token","decodedJwt","parse","header","protectedHeader","payload","decoded","pubKey","cnf","jwk"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/index.ts"],"mappings":"AAAA,SAASA,4BAA4B,QAAQ,SAAS;AACtD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AAEjE,SAASC,cAAc,QAAQ,WAAW;AAC1C,SAASA,cAAc;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASJ,MAAMA,CAACK,KAAa,EAAgC;EAClE;EACA,MAAMC,UAAU,GAAGL,SAAS,CAACI,KAAK,CAAC;EACnC;EACA,OAAON,4BAA4B,CAACQ,KAAK,CAAC;IACxCC,MAAM,EAAEF,UAAU,CAACG,eAAe;IAClCC,OAAO,EAAEJ,UAAU,CAACI;EACtB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeR,MAAMA,CAC1BG,KAAa,EAC0B;EACvC,MAAMM,OAAO,GAAGX,MAAM,CAACK,KAAK,CAAC;EAC7B,MAAMO,MAAM,GAAGD,OAAO,CAACD,OAAO,CAACG,GAAG,CAACC,GAAG;EAEtC,MAAMX,SAAS,CAACE,KAAK,EAAEO,MAAM,CAAC;EAE9B,OAAOD,OAAO;AAChB"}
|