@pagopa/io-react-native-wallet 0.4.3 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (81) hide show
  1. package/README.md +98 -22
  2. package/lib/commonjs/index.js +12 -8
  3. package/lib/commonjs/index.js.map +1 -1
  4. package/lib/commonjs/pid/index.js +3 -8
  5. package/lib/commonjs/pid/index.js.map +1 -1
  6. package/lib/commonjs/pid/issuing.js +152 -169
  7. package/lib/commonjs/pid/issuing.js.map +1 -1
  8. package/lib/commonjs/pid/metadata.js +28 -25
  9. package/lib/commonjs/pid/metadata.js.map +1 -1
  10. package/lib/commonjs/rp/__test__/index.test.js +5 -3
  11. package/lib/commonjs/rp/__test__/index.test.js.map +1 -1
  12. package/lib/commonjs/rp/index.js +158 -154
  13. package/lib/commonjs/rp/index.js.map +1 -1
  14. package/lib/commonjs/trust/types.js +9 -7
  15. package/lib/commonjs/trust/types.js.map +1 -1
  16. package/lib/commonjs/utils/crypto.js +46 -0
  17. package/lib/commonjs/utils/crypto.js.map +1 -0
  18. package/lib/commonjs/utils/dpop.js +14 -7
  19. package/lib/commonjs/utils/dpop.js.map +1 -1
  20. package/lib/commonjs/wallet-instance-attestation/index.js +3 -3
  21. package/lib/commonjs/wallet-instance-attestation/issuing.js +50 -60
  22. package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
  23. package/lib/module/index.js +4 -3
  24. package/lib/module/index.js.map +1 -1
  25. package/lib/module/pid/index.js +1 -1
  26. package/lib/module/pid/index.js.map +1 -1
  27. package/lib/module/pid/issuing.js +151 -172
  28. package/lib/module/pid/issuing.js.map +1 -1
  29. package/lib/module/pid/metadata.js +28 -25
  30. package/lib/module/pid/metadata.js.map +1 -1
  31. package/lib/module/rp/__test__/index.test.js +1 -1
  32. package/lib/module/rp/__test__/index.test.js.map +1 -1
  33. package/lib/module/rp/index.js +155 -153
  34. package/lib/module/rp/index.js.map +1 -1
  35. package/lib/module/trust/types.js +7 -6
  36. package/lib/module/trust/types.js.map +1 -1
  37. package/lib/module/utils/crypto.js +40 -0
  38. package/lib/module/utils/crypto.js.map +1 -0
  39. package/lib/module/utils/dpop.js +13 -5
  40. package/lib/module/utils/dpop.js.map +1 -1
  41. package/lib/module/wallet-instance-attestation/index.js +2 -2
  42. package/lib/module/wallet-instance-attestation/index.js.map +1 -1
  43. package/lib/module/wallet-instance-attestation/issuing.js +48 -58
  44. package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
  45. package/lib/typescript/index.d.ts +4 -3
  46. package/lib/typescript/index.d.ts.map +1 -1
  47. package/lib/typescript/pid/index.d.ts +1 -1
  48. package/lib/typescript/pid/index.d.ts.map +1 -1
  49. package/lib/typescript/pid/issuing.d.ts +51 -87
  50. package/lib/typescript/pid/issuing.d.ts.map +1 -1
  51. package/lib/typescript/pid/metadata.d.ts +1338 -408
  52. package/lib/typescript/pid/metadata.d.ts.map +1 -1
  53. package/lib/typescript/rp/index.d.ts +48 -86
  54. package/lib/typescript/rp/index.d.ts.map +1 -1
  55. package/lib/typescript/rp/types.d.ts +413 -57
  56. package/lib/typescript/rp/types.d.ts.map +1 -1
  57. package/lib/typescript/sd-jwt/index.d.ts +1 -1
  58. package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
  59. package/lib/typescript/trust/types.d.ts +1000 -274
  60. package/lib/typescript/trust/types.d.ts.map +1 -1
  61. package/lib/typescript/utils/crypto.d.ts +10 -0
  62. package/lib/typescript/utils/crypto.d.ts.map +1 -0
  63. package/lib/typescript/utils/dpop.d.ts +10 -2
  64. package/lib/typescript/utils/dpop.d.ts.map +1 -1
  65. package/lib/typescript/wallet-instance-attestation/index.d.ts +2 -2
  66. package/lib/typescript/wallet-instance-attestation/index.d.ts.map +1 -1
  67. package/lib/typescript/wallet-instance-attestation/issuing.d.ts +17 -31
  68. package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +1 -1
  69. package/package.json +2 -2
  70. package/src/index.ts +5 -3
  71. package/src/pid/index.ts +1 -1
  72. package/src/pid/issuing.ts +233 -226
  73. package/src/pid/metadata.ts +32 -27
  74. package/src/rp/__test__/index.test.ts +1 -1
  75. package/src/rp/index.ts +180 -188
  76. package/src/sd-jwt/index.ts +1 -1
  77. package/src/trust/types.ts +39 -32
  78. package/src/utils/crypto.ts +41 -0
  79. package/src/utils/dpop.ts +17 -7
  80. package/src/wallet-instance-attestation/index.ts +2 -2
  81. package/src/wallet-instance-attestation/issuing.ts +55 -62
@@ -3,81 +3,88 @@ import { decode as decodeJwt, decodeBase64, sha256ToBase64, SignJWT, EncryptJwe,
3
3
  import { QRCodePayload, RequestObject, RpEntityConfiguration } from "./types";
4
4
  import uuid from "react-native-uuid";
5
5
  import { disclose } from "../sd-jwt";
6
- import { getEntityConfiguration } from "../trust";
7
- export class RelyingPartySolution {
8
- constructor(relyingPartyBaseUrl, walletInstanceAttestation) {
9
- let appFetch = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : fetch;
10
- this.relyingPartyBaseUrl = relyingPartyBaseUrl;
11
- this.walletInstanceAttestation = walletInstanceAttestation;
12
- this.appFetch = appFetch;
6
+ import { getEntityConfiguration as getGenericEntityConfiguration } from "../trust";
7
+ import { createDPopToken } from "../utils/dpop";
8
+ import { WalletInstanceAttestation } from "..";
9
+
10
+ /**
11
+ * Select a RSA public key from those provided by the RP to encrypt.
12
+ *
13
+ * @param entity The RP entity configuration
14
+ * @returns A suitable public key with its compatible encryption algorithm
15
+ * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
16
+ */
17
+ const chooseRSAPublicKeyToEncrypt = entity => {
18
+ const [usingRsa256] = entity.payload.metadata.wallet_relying_party.jwks.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
19
+ if (usingRsa256) {
20
+ return usingRsa256;
13
21
  }
14
22
 
15
- /**
16
- * Decode a QR code content to an authentication request url.
17
- * @function
18
- * @param qrcode QR code content
19
- *
20
- * @returns The authentication request url
21
- *
22
- */
23
- static decodeAuthRequestQR(qrcode) {
24
- const decoded = decodeBase64(qrcode);
25
- const decodedUrl = new URL(decoded);
26
- const protocol = decodedUrl.protocol;
27
- const resource = decodedUrl.hostname;
28
- const requestURI = decodedUrl.searchParams.get("request_uri");
29
- const clientId = decodedUrl.searchParams.get("client_id");
30
- const result = QRCodePayload.safeParse({
31
- protocol,
32
- resource,
33
- requestURI,
34
- clientId
35
- });
36
- if (result.success) {
37
- return result.data;
38
- } else {
39
- throw new AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
40
- }
23
+ // No suitable key has been found
24
+ throw new NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
25
+ };
26
+
27
+ /**
28
+ * Obtain the relying party entity configuration.
29
+ */
30
+ export const getEntityConfiguration = function () {
31
+ let {
32
+ appFetch = fetch
33
+ } = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
34
+ return async relyingPartyBaseUrl => {
35
+ return getGenericEntityConfiguration(relyingPartyBaseUrl, {
36
+ appFetch: appFetch
37
+ }).then(RpEntityConfiguration.parse);
38
+ };
39
+ };
40
+
41
+ /**
42
+ * Decode a QR code content to an authentication request url.
43
+ * @function
44
+ * @param qrcode QR code content
45
+ *
46
+ * @returns The authentication request url
47
+ *
48
+ */
49
+ export const decodeAuthRequestQR = qrcode => {
50
+ const decoded = decodeBase64(qrcode);
51
+ const decodedUrl = new URL(decoded);
52
+ const protocol = decodedUrl.protocol;
53
+ const resource = decodedUrl.hostname;
54
+ const requestURI = decodedUrl.searchParams.get("request_uri");
55
+ const clientId = decodedUrl.searchParams.get("client_id");
56
+ const result = QRCodePayload.safeParse({
57
+ protocol,
58
+ resource,
59
+ requestURI,
60
+ clientId
61
+ });
62
+ if (result.success) {
63
+ return result.data;
64
+ } else {
65
+ throw new AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
41
66
  }
42
- /**
43
- * Obtain the unsigned wallet instance DPoP for authentication request
44
- *
45
- * @function
46
- * @param walletInstanceAttestationJwk JWT of the Wallet Instance Attestation
47
- * @param authRequestUrl authentication request url
48
- *
49
- * @returns The unsigned wallet instance DPoP
50
- *
51
- */
52
- async getUnsignedWalletInstanceDPoP(walletInstanceAttestationJwk, authRequestUrl) {
53
- return await new SignJWT({
67
+ };
68
+ /**
69
+ * Obtain the Request Object for RP authentication
70
+ * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
71
+ */
72
+ export const getRequestObject = _ref => {
73
+ let {
74
+ wiaCryptoContext,
75
+ appFetch = fetch
76
+ } = _ref;
77
+ return async (walletInstanceAttestation, requestUri, rpEntityConfiguration) => {
78
+ const signedWalletInstanceDPoP = await createDPopToken({
54
79
  jti: `${uuid.v4()}`,
55
80
  htm: "GET",
56
- htu: authRequestUrl,
57
- ath: await sha256ToBase64(this.walletInstanceAttestation)
58
- }).setProtectedHeader({
59
- alg: "ES256",
60
- jwk: walletInstanceAttestationJwk,
61
- typ: "dpop+jwt"
62
- }).setIssuedAt().setExpirationTime("1h").toSign();
63
- }
64
-
65
- /**
66
- * Obtain the Request Object for RP authentication
67
- * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
68
- *
69
- * @async @function
70
- * @param signedWalletInstanceDPoP JWT of the Wallet Instance Attestation DPoP
71
- *
72
- * @returns The Request Object JWT
73
- * @throws {NoSuitableKeysFoundInEntityConfiguration} When the Request Object is signed with a key not listed in RP's entity configuration
74
- *
75
- */
76
- async getRequestObject(signedWalletInstanceDPoP, requestUri, entity) {
77
- const response = await this.appFetch(requestUri, {
81
+ htu: requestUri,
82
+ ath: await sha256ToBase64(walletInstanceAttestation)
83
+ }, wiaCryptoContext);
84
+ const response = await appFetch(requestUri, {
78
85
  method: "GET",
79
86
  headers: {
80
- Authorization: `DPoP ${this.walletInstanceAttestation}`,
87
+ Authorization: `DPoP ${walletInstanceAttestation}`,
81
88
  DPoP: signedWalletInstanceDPoP
82
89
  }
83
90
  });
@@ -89,10 +96,10 @@ export class RelyingPartySolution {
89
96
  // verify token signature according to RP's entity configuration
90
97
  // to ensure the request object is authentic
91
98
  {
92
- const pubKey = entity.payload.metadata.wallet_relying_party.jwks.find(_ref => {
99
+ const pubKey = rpEntityConfiguration.payload.metadata.wallet_relying_party.jwks.find(_ref2 => {
93
100
  let {
94
101
  kid
95
- } = _ref;
102
+ } = _ref2;
96
103
  return kid === responseJwt.protectedHeader.kid;
97
104
  });
98
105
  if (!pubKey) {
@@ -102,55 +109,63 @@ export class RelyingPartySolution {
102
109
  }
103
110
 
104
111
  // parse request object it has the expected shape by specification
105
- const requestObj = RequestObject.parse({
112
+ const requestObject = RequestObject.parse({
106
113
  header: responseJwt.protectedHeader,
107
114
  payload: responseJwt.payload
108
115
  });
109
- return requestObj;
116
+ return {
117
+ requestObject,
118
+ rpEntityConfiguration,
119
+ walletInstanceAttestation
120
+ };
110
121
  }
111
- throw new IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}`);
112
- }
122
+ throw new IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}
123
+ ${await response.text()}`);
124
+ };
125
+ };
113
126
 
114
- /**
115
- * Prepare the Verified Presentation token for a received request object in the context of an authorization request flow.
116
- * The presentation is prepared by disclosing data from provided credentials, according to requested claims
117
- * Each Verified Credential come along with the claims the user accepts to disclose from it.
118
- *
119
- * The returned token is unsigned (sign should be apply by the caller).
120
- *
121
- * @todo accept more than a Verified Credential
122
- *
123
- * @param requestObj The incoming request object, which the requirements for the requested authorization
124
- * @param walletInstanceIdentifier The identifies of the wallt instance that is presenting
125
- * @param presentation The Verified Credential containing user data along with the list of claims to be disclosed.
126
- * @param signKeyId The kid of the key that will be used to sign
127
- * @returns The unsigned Verified Presentation token
128
- * @throws {ClaimsNotFoundBetweenDislosures} If the Verified Credential does not contain one or more requested claims.
129
- *
130
- */
131
- async prepareVpToken(requestObj, walletInstanceIdentifier, _ref2,
132
- // TODO: [SIW-353] support multiple presentations,
133
- signKeyId) {
134
- let [vc, claims] = _ref2;
127
+ /**
128
+ * Prepare the Verified Presentation token for a received request object in the context of an authorization request flow.
129
+ * The presentation is prepared by disclosing data from provided credentials, according to requested claims
130
+ * Each Verified Credential come along with the claims the user accepts to disclose from it.
131
+ *
132
+ * @todo accept more than a Verified Credential
133
+ */
134
+ const prepareVpToken = _ref3 => {
135
+ let {
136
+ pidCryptoContext
137
+ } = _ref3;
138
+ return async (_ref4, _ref5) => {
139
+ let {
140
+ requestObject,
141
+ walletInstanceAttestation
142
+ } = _ref4;
143
+ let [vc, claims] = _ref5;
135
144
  // this throws if vc cannot satisfy all the requested claims
136
145
  const {
137
146
  token: vp,
138
147
  paths
139
148
  } = await disclose(vc, claims);
140
149
 
141
- // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
150
+ // obtain issuer from Wallet Instance
151
+ const {
152
+ payload: {
153
+ iss
154
+ }
155
+ } = WalletInstanceAttestation.decode(walletInstanceAttestation);
156
+ const pidKid = await pidCryptoContext.getPublicKey().then(_ => _.kid);
142
157
 
143
- const vp_token = new SignJWT({
158
+ // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
159
+ const vp_token = await new SignJWT(pidCryptoContext).setProtectedHeader({
160
+ typ: "JWT",
161
+ kid: pidKid
162
+ }).setPayload({
144
163
  vp: vp,
145
164
  jti: `${uuid.v4()}`,
146
- iss: walletInstanceIdentifier,
147
- nonce: requestObj.payload.nonce
148
- }).setAudience(requestObj.payload.response_uri).setIssuedAt().setExpirationTime("1h").setProtectedHeader({
149
- typ: "JWT",
150
- alg: "ES256",
151
- kid: signKeyId
152
- }).toSign();
153
- const vc_scope = requestObj.payload.scope;
165
+ iss,
166
+ nonce: requestObject.payload.nonce
167
+ }).setAudience(requestObject.payload.response_uri).setIssuedAt().setExpirationTime("1h").sign();
168
+ const vc_scope = requestObject.payload.scope;
154
169
  const presentation_submission = {
155
170
  definition_id: `${uuid.v4()}`,
156
171
  id: `${uuid.v4()}`,
@@ -164,30 +179,43 @@ export class RelyingPartySolution {
164
179
  vp_token,
165
180
  presentation_submission
166
181
  };
167
- }
182
+ };
183
+ };
168
184
 
169
- /**
170
- * Compose and send an Authorization Response in the context of an authorization request flow.
171
- *
172
- * @todo MUST add presentation_submission
173
- *
174
- * @param requestObj The incoming request object, which the requirements for the requested authorization
175
- * @param vp_token The signed Verified Presentation token with data to send.
176
- * @param presentation_submission
177
- * @param entity The RP entity configuration
178
- * @returns The response from the RP
179
- * @throws {IoWalletError} if the submission fails.
180
- * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key
181
- *
182
- */
183
- async sendAuthorizationResponse(requestObj, vp_token, presentation_submission, entity) {
185
+ /**
186
+ * Compose and send an Authorization Response in the context of an authorization request flow.
187
+ *
188
+ * @todo MUST add presentation_submission
189
+ *
190
+ */
191
+ export const sendAuthorizationResponse = _ref6 => {
192
+ let {
193
+ pidCryptoContext,
194
+ appFetch = fetch
195
+ } = _ref6;
196
+ return async (_ref7, presentation) => {
197
+ let {
198
+ requestObject,
199
+ rpEntityConfiguration,
200
+ walletInstanceAttestation
201
+ } = _ref7;
184
202
  // the request is an unsigned jws without iss, aud, exp
185
203
  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
186
- const jwk = this.chooseRSAPublicKeyToEncrypt(entity);
204
+ const jwk = chooseRSAPublicKeyToEncrypt(rpEntityConfiguration);
205
+ const {
206
+ vp_token,
207
+ presentation_submission
208
+ } = await prepareVpToken({
209
+ pidCryptoContext
210
+ })({
211
+ requestObject,
212
+ rpEntityConfiguration,
213
+ walletInstanceAttestation
214
+ }, presentation);
187
215
  const authzResponsePayload = JSON.stringify({
188
- state: requestObj.payload.state,
216
+ state: requestObject.payload.state,
189
217
  presentation_submission,
190
- nonce: requestObj.payload.nonce,
218
+ nonce: requestObject.payload.nonce,
191
219
  vp_token
192
220
  });
193
221
  const encrypted = await new EncryptJwe(authzResponsePayload, {
@@ -199,7 +227,7 @@ export class RelyingPartySolution {
199
227
  response: encrypted
200
228
  });
201
229
  const body = formBody.toString();
202
- const response = await this.appFetch(requestObj.payload.response_uri, {
230
+ const response = await appFetch(requestObject.payload.response_uri, {
203
231
  method: "POST",
204
232
  headers: {
205
233
  "Content-Type": "application/x-www-form-urlencoded"
@@ -210,32 +238,6 @@ export class RelyingPartySolution {
210
238
  return await response.json();
211
239
  }
212
240
  throw new IoWalletError(`Unable to send Authorization Response. Response: ${await response.text()} with code: ${response.status}`);
213
- }
214
-
215
- /**
216
- * Select a RSA public key from those provided by the RP to encrypt.
217
- *
218
- * @param entity The RP entity configuration
219
- * @returns A suitable public key with its compatible encryption algorithm
220
- * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
221
- */
222
- chooseRSAPublicKeyToEncrypt(entity) {
223
- const [usingRsa256] = entity.payload.metadata.wallet_relying_party.jwks.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
224
- if (usingRsa256) {
225
- return usingRsa256;
226
- }
227
-
228
- // No suitable key has been found
229
- throw new NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
230
- }
231
-
232
- /**
233
- * Obtain the relying party entity configuration.
234
- */
235
- async getEntityConfiguration() {
236
- return getEntityConfiguration(this.relyingPartyBaseUrl, {
237
- appFetch: this.appFetch
238
- }).then(RpEntityConfiguration.parse);
239
- }
240
- }
241
+ };
242
+ };
241
243
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"names":["AuthRequestDecodeError","IoWalletError","NoSuitableKeysFoundInEntityConfiguration","decode","decodeJwt","decodeBase64","sha256ToBase64","SignJWT","EncryptJwe","verify","QRCodePayload","RequestObject","RpEntityConfiguration","uuid","disclose","getEntityConfiguration","RelyingPartySolution","constructor","relyingPartyBaseUrl","walletInstanceAttestation","appFetch","arguments","length","undefined","fetch","decodeAuthRequestQR","qrcode","decoded","decodedUrl","URL","protocol","resource","hostname","requestURI","searchParams","get","clientId","result","safeParse","success","data","error","message","getUnsignedWalletInstanceDPoP","walletInstanceAttestationJwk","authRequestUrl","jti","v4","htm","htu","ath","setProtectedHeader","alg","jwk","typ","setIssuedAt","setExpirationTime","toSign","getRequestObject","signedWalletInstanceDPoP","requestUri","entity","response","method","headers","Authorization","DPoP","status","responseJson","json","responseEncodedJwt","responseJwt","pubKey","payload","metadata","wallet_relying_party","jwks","find","_ref","kid","protectedHeader","requestObj","parse","header","prepareVpToken","walletInstanceIdentifier","_ref2","signKeyId","vc","claims","token","vp","paths","vp_token","iss","nonce","setAudience","response_uri","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","chooseRSAPublicKeyToEncrypt","authzResponsePayload","JSON","stringify","state","encrypted","enc","encrypt","formBody","URLSearchParams","body","toString","text","usingRsa256","filter","use","kty","then"],"sourceRoot":"../../../src","sources":["rp/index.ts"],"mappings":"AAAA,SACEA,sBAAsB,EACtBC,aAAa,EACbC,wCAAwC,QACnC,iBAAiB;AACxB,SACEC,MAAM,IAAIC,SAAS,EACnBC,YAAY,EACZC,cAAc,EACdC,OAAO,EACPC,UAAU,EACVC,MAAM,QACD,6BAA6B;AACpC,SACEC,aAAa,EACbC,aAAa,EACbC,qBAAqB,QAEhB,SAAS;AAEhB,OAAOC,IAAI,MAAM,mBAAmB;AAEpC,SAASC,QAAQ,QAAQ,WAAW;AACpC,SAASC,sBAAsB,QAAQ,UAAU;AAEjD,OAAO,MAAMC,oBAAoB,CAAC;EAKhCC,WAAWA,CACTC,mBAA2B,EAC3BC,yBAAiC,EAEjC;IAAA,IADAC,QAA8B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;IAEtC,IAAI,CAACN,mBAAmB,GAAGA,mBAAmB;IAC9C,IAAI,CAACC,yBAAyB,GAAGA,yBAAyB;IAC1D,IAAI,CAACC,QAAQ,GAAGA,QAAQ;EAC1B;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACE,OAAOK,mBAAmBA,CAACC,MAAc,EAAiB;IACxD,MAAMC,OAAO,GAAGtB,YAAY,CAACqB,MAAM,CAAC;IACpC,MAAME,UAAU,GAAG,IAAIC,GAAG,CAACF,OAAO,CAAC;IACnC,MAAMG,QAAQ,GAAGF,UAAU,CAACE,QAAQ;IACpC,MAAMC,QAAQ,GAAGH,UAAU,CAACI,QAAQ;IACpC,MAAMC,UAAU,GAAGL,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC;IAC7D,MAAMC,QAAQ,GAAGR,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,WAAW,CAAC;IAEzD,MAAME,MAAM,GAAG3B,aAAa,CAAC4B,SAAS,CAAC;MACrCR,QAAQ;MACRC,QAAQ;MACRE,UAAU;MACVG;IACF,CAAC,CAAC;IAEF,IAAIC,MAAM,CAACE,OAAO,EAAE;MAClB,OAAOF,MAAM,CAACG,IAAI;IACpB,CAAC,MAAM;MACL,MAAM,IAAIxC,sBAAsB,CAACqC,MAAM,CAACI,KAAK,CAACC,OAAO,EAAG,GAAEd,UAAW,EAAC,CAAC;IACzE;EACF;EACA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMe,6BAA6BA,CACjCC,4BAAiC,EACjCC,cAAsB,EACL;IACjB,OAAO,MAAM,IAAItC,OAAO,CAAC;MACvBuC,GAAG,EAAG,GAAEjC,IAAI,CAACkC,EAAE,CAAC,CAAE,EAAC;MACnBC,GAAG,EAAE,KAAK;MACVC,GAAG,EAAEJ,cAAc;MACnBK,GAAG,EAAE,MAAM5C,cAAc,CAAC,IAAI,CAACa,yBAAyB;IAC1D,CAAC,CAAC,CACCgC,kBAAkB,CAAC;MAClBC,GAAG,EAAE,OAAO;MACZC,GAAG,EAAET,4BAA4B;MACjCU,GAAG,EAAE;IACP,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,MAAM,CAAC,CAAC;EACb;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMC,gBAAgBA,CACpBC,wBAAgC,EAChCC,UAAkB,EAClBC,MAA6B,EACL;IACxB,MAAMC,QAAQ,GAAG,MAAM,IAAI,CAAC1C,QAAQ,CAACwC,UAAU,EAAE;MAC/CG,MAAM,EAAE,KAAK;MACbC,OAAO,EAAE;QACPC,aAAa,EAAG,QAAO,IAAI,CAAC9C,yBAA0B,EAAC;QACvD+C,IAAI,EAAEP;MACR;IACF,CAAC,CAAC;IAEF,IAAIG,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,YAAY,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MAC1C,MAAMC,kBAAkB,GAAGF,YAAY,CAACN,QAAQ;MAEhD,MAAMS,WAAW,GAAGnE,SAAS,CAACkE,kBAAkB,CAAC;;MAEjD;MACA;MACA;QACE,MAAME,MAAM,GAAGX,MAAM,CAACY,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACC,IAAI,CACnEC,IAAA;UAAA,IAAC;YAAEC;UAAI,CAAC,GAAAD,IAAA;UAAA,OAAKC,GAAG,KAAKR,WAAW,CAACS,eAAe,CAACD,GAAG;QAAA,CACtD,CAAC;QACD,IAAI,CAACP,MAAM,EAAE;UACX,MAAM,IAAItE,wCAAwC,CAChD,uCACF,CAAC;QACH;QACA,MAAMO,MAAM,CAAC6D,kBAAkB,EAAEE,MAAM,CAAC;MAC1C;;MAEA;MACA,MAAMS,UAAU,GAAGtE,aAAa,CAACuE,KAAK,CAAC;QACrCC,MAAM,EAAEZ,WAAW,CAACS,eAAe;QACnCP,OAAO,EAAEF,WAAW,CAACE;MACvB,CAAC,CAAC;MAEF,OAAOQ,UAAU;IACnB;IAEA,MAAM,IAAIhF,aAAa,CACpB,mDAAkD6D,QAAQ,CAACK,MAAO,EACrE,CAAC;EACH;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMiB,cAAcA,CAClBH,UAAyB,EACzBI,wBAAgC,EAAAC,KAAA;EACJ;EAC5BC,SAAiB,EAIhB;IAAA,IALD,CAACC,EAAE,EAAEC,MAAM,CAAe,GAAAH,KAAA;IAM1B;IACA,MAAM;MAAEI,KAAK,EAAEC,EAAE;MAAEC;IAAM,CAAC,GAAG,MAAM9E,QAAQ,CAAC0E,EAAE,EAAEC,MAAM,CAAC;;IAEvD;;IAEA,MAAMI,QAAQ,GAAG,IAAItF,OAAO,CAAC;MAC3BoF,EAAE,EAAEA,EAAE;MACN7C,GAAG,EAAG,GAAEjC,IAAI,CAACkC,EAAE,CAAC,CAAE,EAAC;MACnB+C,GAAG,EAAET,wBAAwB;MAC7BU,KAAK,EAAEd,UAAU,CAACR,OAAO,CAACsB;IAC5B,CAAC,CAAC,CACCC,WAAW,CAACf,UAAU,CAACR,OAAO,CAACwB,YAAY,CAAC,CAC5C1C,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBL,kBAAkB,CAAC;MAClBG,GAAG,EAAE,KAAK;MACVF,GAAG,EAAE,OAAO;MACZ2B,GAAG,EAAEQ;IACP,CAAC,CAAC,CACD9B,MAAM,CAAC,CAAC;IAEX,MAAMyC,QAAQ,GAAGjB,UAAU,CAACR,OAAO,CAAC0B,KAAK;IACzC,MAAMC,uBAAuB,GAAG;MAC9BC,aAAa,EAAG,GAAExF,IAAI,CAACkC,EAAE,CAAC,CAAE,EAAC;MAC7BuD,EAAE,EAAG,GAAEzF,IAAI,CAACkC,EAAE,CAAC,CAAE,EAAC;MAClBwD,cAAc,EAAEX,KAAK,CAACY,GAAG,CAAEC,CAAC,KAAM;QAChCH,EAAE,EAAEJ,QAAQ;QACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;QAC5BC,MAAM,EAAE;MACV,CAAC,CAAC;IACJ,CAAC;IAED,OAAO;MAAEd,QAAQ;MAAEO;IAAwB,CAAC;EAC9C;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMQ,yBAAyBA,CAC7B3B,UAAyB,EACzBY,QAAgB,EAChBO,uBAAgD,EAChDvC,MAA6B,EACZ;IACjB;IACA;IACA,MAAMR,GAAG,GAAG,IAAI,CAACwD,2BAA2B,CAAChD,MAAM,CAAC;IAEpD,MAAMiD,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;MAC1CC,KAAK,EAAEhC,UAAU,CAACR,OAAO,CAACwC,KAAK;MAC/Bb,uBAAuB;MACvBL,KAAK,EAAEd,UAAU,CAACR,OAAO,CAACsB,KAAK;MAC/BF;IACF,CAAC,CAAC;IAEF,MAAMqB,SAAS,GAAG,MAAM,IAAI1G,UAAU,CAACsG,oBAAoB,EAAE;MAC3D1D,GAAG,EAAE,cAAc;MACnB+D,GAAG,EAAE,eAAe;MACpBpC,GAAG,EAAE1B,GAAG,CAAC0B;IACX,CAAC,CAAC,CAACqC,OAAO,CAAC/D,GAAG,CAAC;IAEf,MAAMgE,QAAQ,GAAG,IAAIC,eAAe,CAAC;MAAExD,QAAQ,EAAEoD;IAAU,CAAC,CAAC;IAC7D,MAAMK,IAAI,GAAGF,QAAQ,CAACG,QAAQ,CAAC,CAAC;IAEhC,MAAM1D,QAAQ,GAAG,MAAM,IAAI,CAAC1C,QAAQ,CAAC6D,UAAU,CAACR,OAAO,CAACwB,YAAY,EAAE;MACpElC,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDuD;IACF,CAAC,CAAC;IAEF,IAAIzD,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAML,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAIpE,aAAa,CACpB,oDAAmD,MAAM6D,QAAQ,CAAC2D,IAAI,CAAC,CAAE,eACxE3D,QAAQ,CAACK,MACV,EACH,CAAC;EACH;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;EACU0C,2BAA2BA,CAAChD,MAA6B,EAAO;IACtE,MAAM,CAAC6D,WAAW,CAAC,GACjB7D,MAAM,CAACY,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAAC+C,MAAM,CACrDtE,GAAG,IAAKA,GAAG,CAACuE,GAAG,KAAK,KAAK,IAAIvE,GAAG,CAACwE,GAAG,KAAK,KAC5C,CAAC;IAEH,IAAIH,WAAW,EAAE;MACf,OAAOA,WAAW;IACpB;;IAEA;IACA,MAAM,IAAIxH,wCAAwC,CAChD,4BACF,CAAC;EACH;;EAEA;AACF;AACA;EACE,MAAMa,sBAAsBA,CAAA,EAAmC;IAC7D,OAAOA,sBAAsB,CAAC,IAAI,CAACG,mBAAmB,EAAE;MACtDE,QAAQ,EAAE,IAAI,CAACA;IACjB,CAAC,CAAC,CAAC0G,IAAI,CAAClH,qBAAqB,CAACsE,KAAK,CAAC;EACtC;AACF"}
1
+ {"version":3,"names":["AuthRequestDecodeError","IoWalletError","NoSuitableKeysFoundInEntityConfiguration","decode","decodeJwt","decodeBase64","sha256ToBase64","SignJWT","EncryptJwe","verify","QRCodePayload","RequestObject","RpEntityConfiguration","uuid","disclose","getEntityConfiguration","getGenericEntityConfiguration","createDPopToken","WalletInstanceAttestation","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","payload","metadata","wallet_relying_party","jwks","filter","jwk","use","kty","appFetch","fetch","arguments","length","undefined","relyingPartyBaseUrl","then","parse","decodeAuthRequestQR","qrcode","decoded","decodedUrl","URL","protocol","resource","hostname","requestURI","searchParams","get","clientId","result","safeParse","success","data","error","message","getRequestObject","_ref","wiaCryptoContext","walletInstanceAttestation","requestUri","rpEntityConfiguration","signedWalletInstanceDPoP","jti","v4","htm","htu","ath","response","method","headers","Authorization","DPoP","status","responseJson","json","responseEncodedJwt","responseJwt","pubKey","find","_ref2","kid","protectedHeader","requestObject","header","text","prepareVpToken","_ref3","pidCryptoContext","_ref4","_ref5","vc","claims","token","vp","paths","iss","pidKid","getPublicKey","_","vp_token","setProtectedHeader","typ","setPayload","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","_ref6","_ref7","presentation","authzResponsePayload","JSON","stringify","state","encrypted","alg","enc","encrypt","formBody","URLSearchParams","body","toString"],"sourceRoot":"../../../src","sources":["rp/index.ts"],"mappings":"AAAA,SACEA,sBAAsB,EACtBC,aAAa,EACbC,wCAAwC,QACnC,iBAAiB;AACxB,SACEC,MAAM,IAAIC,SAAS,EACnBC,YAAY,EACZC,cAAc,EACdC,OAAO,EACPC,UAAU,EACVC,MAAM,QAED,6BAA6B;AACpC,SACEC,aAAa,EACbC,aAAa,EACbC,qBAAqB,QAEhB,SAAS;AAEhB,OAAOC,IAAI,MAAM,mBAAmB;AAEpC,SAASC,QAAQ,QAAQ,WAAW;AACpC,SAASC,sBAAsB,IAAIC,6BAA6B,QAAQ,UAAU;AAClF,SAASC,eAAe,QAAQ,eAAe;AAC/C,SAASC,yBAAyB,QAAQ,IAAI;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,2BAA2B,GAAIC,MAA6B,IAAU;EAC1E,MAAM,CAACC,WAAW,CAAC,GACjBD,MAAM,CAACE,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACC,MAAM,CACrDC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAEH,IAAIR,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAInB,wCAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA,OAAO,MAAMa,sBAAsB,GACjC,SAAAA,CAAA;EAAA,IAAC;IAAEe,QAAQ,GAAGC;EAA2C,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAAA,OAC/D,MAAOG,mBAA2B,IAAqC;IACrE,OAAOnB,6BAA6B,CAACmB,mBAAmB,EAAE;MACxDL,QAAQ,EAAEA;IACZ,CAAC,CAAC,CAACM,IAAI,CAACxB,qBAAqB,CAACyB,KAAK,CAAC;EACtC,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAmB,GAAIC,MAAc,IAAoB;EACpE,MAAMC,OAAO,GAAGnC,YAAY,CAACkC,MAAM,CAAC;EACpC,MAAME,UAAU,GAAG,IAAIC,GAAG,CAACF,OAAO,CAAC;EACnC,MAAMG,QAAQ,GAAGF,UAAU,CAACE,QAAQ;EACpC,MAAMC,QAAQ,GAAGH,UAAU,CAACI,QAAQ;EACpC,MAAMC,UAAU,GAAGL,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC;EAC7D,MAAMC,QAAQ,GAAGR,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,WAAW,CAAC;EAEzD,MAAME,MAAM,GAAGxC,aAAa,CAACyC,SAAS,CAAC;IACrCR,QAAQ;IACRC,QAAQ;IACRE,UAAU;IACVG;EACF,CAAC,CAAC;EAEF,IAAIC,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIrD,sBAAsB,CAACkD,MAAM,CAACI,KAAK,CAACC,OAAO,EAAG,GAAEd,UAAW,EAAC,CAAC;EACzE;AACF,CAAC;AAQD;AACA;AACA;AACA;AACA,OAAO,MAAMe,gBAAgB,GAC3BC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChB5B,QAAQ,GAAGC;EAIb,CAAC,GAAA0B,IAAA;EAAA,OACD,OACEE,yBAAiC,EACjCC,UAAkB,EAClBC,qBAA4C,KACb;IAC/B,MAAMC,wBAAwB,GAAG,MAAM7C,eAAe,CACpD;MACE8C,GAAG,EAAG,GAAElD,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MACnBC,GAAG,EAAE,KAAK;MACVC,GAAG,EAAEN,UAAU;MACfO,GAAG,EAAE,MAAM7D,cAAc,CAACqD,yBAAyB;IACrD,CAAC,EACDD,gBACF,CAAC;IAED,MAAMU,QAAQ,GAAG,MAAMtC,QAAQ,CAAC8B,UAAU,EAAE;MAC1CS,MAAM,EAAE,KAAK;MACbC,OAAO,EAAE;QACPC,aAAa,EAAG,QAAOZ,yBAA0B,EAAC;QAClDa,IAAI,EAAEV;MACR;IACF,CAAC,CAAC;IAEF,IAAIM,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,YAAY,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MAC1C,MAAMC,kBAAkB,GAAGF,YAAY,CAACN,QAAQ;MAEhD,MAAMS,WAAW,GAAGzE,SAAS,CAACwE,kBAAkB,CAAC;;MAEjD;MACA;MACA;QACE,MAAME,MAAM,GACVjB,qBAAqB,CAACvC,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACsD,IAAI,CACnEC,KAAA;UAAA,IAAC;YAAEC;UAAI,CAAC,GAAAD,KAAA;UAAA,OAAKC,GAAG,KAAKJ,WAAW,CAACK,eAAe,CAACD,GAAG;QAAA,CACtD,CAAC;QACH,IAAI,CAACH,MAAM,EAAE;UACX,MAAM,IAAI5E,wCAAwC,CAChD,uCACF,CAAC;QACH;QACA,MAAMO,MAAM,CAACmE,kBAAkB,EAAEE,MAAM,CAAC;MAC1C;;MAEA;MACA,MAAMK,aAAa,GAAGxE,aAAa,CAAC0B,KAAK,CAAC;QACxC+C,MAAM,EAAEP,WAAW,CAACK,eAAe;QACnC5D,OAAO,EAAEuD,WAAW,CAACvD;MACvB,CAAC,CAAC;MAEF,OAAO;QACL6D,aAAa;QACbtB,qBAAqB;QACrBF;MACF,CAAC;IACH;IAEA,MAAM,IAAI1D,aAAa,CACpB,mDAAkDmE,QAAQ,CAACK,MAAO;AACzE,QAAQ,MAAML,QAAQ,CAACiB,IAAI,CAAC,CAAE,EAC1B,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,cAAc,GAClBC,KAAA;EAAA,IAAC;IAAEC;EAAsD,CAAC,GAAAD,KAAA;EAAA,OAC1D,OAAAE,KAAA,EAAAC,KAAA,KAMM;IAAA,IALJ;MAAEP,aAAa;MAAExB;IAA6C,CAAC,GAAA8B,KAAA;IAAA,IAC/D,CAACE,EAAE,EAAEC,MAAM,CAAe,GAAAF,KAAA;IAK1B;IACA,MAAM;MAAEG,KAAK,EAAEC,EAAE;MAAEC;IAAM,CAAC,GAAG,MAAMjF,QAAQ,CAAC6E,EAAE,EAAEC,MAAM,CAAC;;IAEvD;IACA,MAAM;MACJtE,OAAO,EAAE;QAAE0E;MAAI;IACjB,CAAC,GAAG9E,yBAAyB,CAACf,MAAM,CAACwD,yBAAyB,CAAC;IAE/D,MAAMsC,MAAM,GAAG,MAAMT,gBAAgB,CAACU,YAAY,CAAC,CAAC,CAAC9D,IAAI,CAAE+D,CAAC,IAAKA,CAAC,CAAClB,GAAG,CAAC;;IAEvE;IACA,MAAMmB,QAAQ,GAAG,MAAM,IAAI7F,OAAO,CAACiF,gBAAgB,CAAC,CACjDa,kBAAkB,CAAC;MAClBC,GAAG,EAAE,KAAK;MACVrB,GAAG,EAAEgB;IACP,CAAC,CAAC,CACDM,UAAU,CAAC;MACVT,EAAE,EAAEA,EAAE;MACN/B,GAAG,EAAG,GAAElD,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MACnBgC,GAAG;MACHQ,KAAK,EAAErB,aAAa,CAAC7D,OAAO,CAACkF;IAC/B,CAAC,CAAC,CACDC,WAAW,CAACtB,aAAa,CAAC7D,OAAO,CAACoF,YAAY,CAAC,CAC/CC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,QAAQ,GAAG3B,aAAa,CAAC7D,OAAO,CAACyF,KAAK;IAC5C,MAAMC,uBAAuB,GAAG;MAC9BC,aAAa,EAAG,GAAEpG,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MAC7BkD,EAAE,EAAG,GAAErG,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MAClBmD,cAAc,EAAEpB,KAAK,CAACqB,GAAG,CAAEC,CAAC,KAAM;QAChCH,EAAE,EAAEJ,QAAQ;QACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;QAC5BC,MAAM,EAAE;MACV,CAAC,CAAC;IACJ,CAAC;IAED,OAAO;MAAEnB,QAAQ;MAAEY;IAAwB,CAAC;EAC9C,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,yBAAyB,GACpCC,KAAA;EAAA,IAAC;IACCjC,gBAAgB;IAChB1D,QAAQ,GAAGC;EAIb,CAAC,GAAA0F,KAAA;EAAA,OACD,OAAAC,KAAA,EAMEC,YAA0B,KACN;IAAA,IANpB;MACExC,aAAa;MACbtB,qBAAqB;MACrBF;IACiB,CAAC,GAAA+D,KAAA;IAGpB;IACA;IACA,MAAM/F,GAAG,GAAGR,2BAA2B,CAAC0C,qBAAqB,CAAC;IAE9D,MAAM;MAAEuC,QAAQ;MAAEY;IAAwB,CAAC,GAAG,MAAM1B,cAAc,CAAC;MACjEE;IACF,CAAC,CAAC,CACA;MACEL,aAAa;MACbtB,qBAAqB;MACrBF;IACF,CAAC,EACDgE,YACF,CAAC;IAED,MAAMC,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;MAC1CC,KAAK,EAAE5C,aAAa,CAAC7D,OAAO,CAACyG,KAAK;MAClCf,uBAAuB;MACvBR,KAAK,EAAErB,aAAa,CAAC7D,OAAO,CAACkF,KAAK;MAClCJ;IACF,CAAC,CAAC;IAEF,MAAM4B,SAAS,GAAG,MAAM,IAAIxH,UAAU,CAACoH,oBAAoB,EAAE;MAC3DK,GAAG,EAAE,cAAc;MACnBC,GAAG,EAAE,eAAe;MACpBjD,GAAG,EAAEtD,GAAG,CAACsD;IACX,CAAC,CAAC,CAACkD,OAAO,CAACxG,GAAG,CAAC;IAEf,MAAMyG,QAAQ,GAAG,IAAIC,eAAe,CAAC;MAAEjE,QAAQ,EAAE4D;IAAU,CAAC,CAAC;IAC7D,MAAMM,IAAI,GAAGF,QAAQ,CAACG,QAAQ,CAAC,CAAC;IAEhC,MAAMnE,QAAQ,GAAG,MAAMtC,QAAQ,CAACqD,aAAa,CAAC7D,OAAO,CAACoF,YAAY,EAAE;MAClErC,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDgE;IACF,CAAC,CAAC;IAEF,IAAIlE,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAML,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAI1E,aAAa,CACpB,oDAAmD,MAAMmE,QAAQ,CAACiB,IAAI,CAAC,CAAE,eACxEjB,QAAQ,CAACK,MACV,EACH,CAAC;EACH,CAAC;AAAA"}
@@ -22,12 +22,13 @@ export const EntityStatement = z.object({
22
22
  exp: z.number()
23
23
  })
24
24
  });
25
+ export const EntityConfigurationHeader = z.object({
26
+ typ: z.literal("entity-statement+jwt"),
27
+ alg: z.string(),
28
+ kid: z.string()
29
+ });
25
30
  export const EntityConfiguration = z.object({
26
- header: z.object({
27
- typ: z.literal("entity-statement+jwt"),
28
- alg: z.string(),
29
- kid: z.string()
30
- }),
31
+ header: EntityConfigurationHeader,
31
32
  payload: z.object({
32
33
  exp: UnixTime,
33
34
  iat: UnixTime,
@@ -50,7 +51,7 @@ export const EntityConfiguration = z.object({
50
51
  }).passthrough()
51
52
  }).passthrough(),
52
53
  authority_hints: z.array(z.string()).optional()
53
- })
54
+ }).passthrough()
54
55
  });
55
56
  export const TrustAnchorEntityConfiguration = EntityConfiguration;
56
57
  //# sourceMappingURL=types.js.map
@@ -1 +1 @@
1
- {"version":3,"names":["UnixTime","JWK","z","TrustMark","object","id","string","trust_mark","EntityStatement","header","typ","literal","alg","kid","payload","iss","sub","jwks","keys","array","trust_marks","iat","number","exp","EntityConfiguration","metadata","federation_entity","federation_fetch_endpoint","optional","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","homepage_uri","policy_uri","logo_uri","contacts","passthrough","authority_hints","TrustAnchorEntityConfiguration"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,OAAO,MAAMC,SAAS,GAAGD,CAAC,CAACE,MAAM,CAAC;EAAEC,EAAE,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEL,CAAC,CAACI,MAAM,CAAC;AAAE,CAAC,CAAC;AAI7E,OAAO,MAAME,eAAe,GAAGN,CAAC,CAACE,MAAM,CAAC;EACtCK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACFQ,OAAO,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAChBW,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MAAEc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IAAE,CAAC,CAAC;IACtCmB,WAAW,EAAElB,CAAC,CAACiB,KAAK,CAAChB,SAAS,CAAC;IAC/BkB,GAAG,EAAEnB,CAAC,CAACoB,MAAM,CAAC,CAAC;IACfC,GAAG,EAAErB,CAAC,CAACoB,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAGF,OAAO,MAAME,mBAAmB,GAAGtB,CAAC,CAACE,MAAM,CAAC;EAC1CK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACFQ,OAAO,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAChBmB,GAAG,EAAEvB,QAAQ;IACbqB,GAAG,EAAErB,QAAQ;IACbe,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MACbc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IACnB,CAAC,CAAC;IACFwB,QAAQ,EAAEvB,CAAC,CACRE,MAAM,CAAC;MACNsB,iBAAiB,EAAExB,CAAC,CACjBE,MAAM,CAAC;QACNuB,yBAAyB,EAAEzB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAChDC,wBAAwB,EAAE3B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAC/CE,2BAA2B,EAAE5B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAClDG,qCAAqC,EAAE7B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAC5DI,mCAAmC,EAAE9B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAC1DK,YAAY,EAAE/B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QACnCM,UAAU,EAAEhC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QACjCO,QAAQ,EAAEjC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAC/BQ,QAAQ,EAAElC,CAAC,CAACiB,KAAK,CAACjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC;MACzC,CAAC,CAAC,CACDS,WAAW,CAAC;IACjB,CAAC,CAAC,CACDA,WAAW,CAAC,CAAC;IAChBC,eAAe,EAAEpC,CAAC,CAACiB,KAAK,CAACjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC;EAChD,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAMW,8BAA8B,GAAGf,mBAAmB"}
1
+ {"version":3,"names":["UnixTime","JWK","z","TrustMark","object","id","string","trust_mark","EntityStatement","header","typ","literal","alg","kid","payload","iss","sub","jwks","keys","array","trust_marks","iat","number","exp","EntityConfigurationHeader","EntityConfiguration","metadata","federation_entity","federation_fetch_endpoint","optional","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","homepage_uri","policy_uri","logo_uri","contacts","passthrough","authority_hints","TrustAnchorEntityConfiguration"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,OAAO,MAAMC,SAAS,GAAGD,CAAC,CAACE,MAAM,CAAC;EAAEC,EAAE,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEL,CAAC,CAACI,MAAM,CAAC;AAAE,CAAC,CAAC;AAI7E,OAAO,MAAME,eAAe,GAAGN,CAAC,CAACE,MAAM,CAAC;EACtCK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACFQ,OAAO,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAChBW,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MAAEc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IAAE,CAAC,CAAC;IACtCmB,WAAW,EAAElB,CAAC,CAACiB,KAAK,CAAChB,SAAS,CAAC;IAC/BkB,GAAG,EAAEnB,CAAC,CAACoB,MAAM,CAAC,CAAC;IACfC,GAAG,EAAErB,CAAC,CAACoB,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAME,yBAAyB,GAAGtB,CAAC,CAACE,MAAM,CAAC;EAChDM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;EACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;EACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;AAChB,CAAC,CAAC;AAGF,OAAO,MAAMmB,mBAAmB,GAAGvB,CAAC,CAACE,MAAM,CAAC;EAC1CK,MAAM,EAAEe,yBAAyB;EACjCV,OAAO,EAAEZ,CAAC,CACPE,MAAM,CAAC;IACNmB,GAAG,EAAEvB,QAAQ;IACbqB,GAAG,EAAErB,QAAQ;IACbe,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MACbc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IACnB,CAAC,CAAC;IACFyB,QAAQ,EAAExB,CAAC,CACRE,MAAM,CAAC;MACNuB,iBAAiB,EAAEzB,CAAC,CACjBE,MAAM,CAAC;QACNwB,yBAAyB,EAAE1B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAChDC,wBAAwB,EAAE5B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC/CE,2BAA2B,EAAE7B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAClDG,qCAAqC,EAAE9B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC5DI,mCAAmC,EAAE/B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC1DK,YAAY,EAAEhC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QACnCM,UAAU,EAAEjC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QACjCO,QAAQ,EAAElC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC/BQ,QAAQ,EAAEnC,CAAC,CAACiB,KAAK,CAACjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACuB,QAAQ,CAAC;MACzC,CAAC,CAAC,CACDS,WAAW,CAAC;IACjB,CAAC,CAAC,CACDA,WAAW,CAAC,CAAC;IAChBC,eAAe,EAAErC,CAAC,CAACiB,KAAK,CAACjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACuB,QAAQ,CAAC;EAChD,CAAC,CAAC,CACDS,WAAW,CAAC;AACjB,CAAC,CAAC;AAKF,OAAO,MAAME,8BAA8B,GAAGf,mBAAmB"}
@@ -0,0 +1,40 @@
1
+ import { getPublicKey, sign } from "@pagopa/io-react-native-crypto";
2
+ import { thumbprint } from "@pagopa/io-react-native-jwt";
3
+ import { fixBase64EncodingOnKey } from "./jwk";
4
+
5
+ /**
6
+ * Create a CryptoContext bound to a key pair.
7
+ * Key pair is supposed to exist already in the device's keychain.
8
+ * It's identified by its unique keytag.
9
+ *
10
+ * @returns the crypto context
11
+ */
12
+ export const createCryptoContextFor = keytag => {
13
+ return {
14
+ /**
15
+ * Retrieve the public key of the pair.
16
+ * If the key pair doesn't exist yet, an error is raised
17
+ * @returns The public key.
18
+ */
19
+ async getPublicKey() {
20
+ return getPublicKey(keytag).then(fixBase64EncodingOnKey).then(async jwk => ({
21
+ ...jwk,
22
+ // Keys in the TEE are not stored with their KID, which is supposed to be assigned when they are included in JWK sets.
23
+ // (that is, KID is not a propoerty of the key itself, but it's property used to identify a key in a set).
24
+ // We assume the convention we use the thumbprint of the public key as KID, thus for easy development we decided to evaluate KID here
25
+ // However the values is an arbitrary string that might be anything
26
+ kid: await thumbprint(jwk)
27
+ }));
28
+ },
29
+ /**
30
+ * Get a signature for a provided value.
31
+ * If the key pair doesn't exist yet, an error is raised.
32
+ * @param value
33
+ * @returns The signature for the value
34
+ */
35
+ async getSignature(value) {
36
+ return sign(value, keytag);
37
+ }
38
+ };
39
+ };
40
+ //# sourceMappingURL=crypto.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"names":["getPublicKey","sign","thumbprint","fixBase64EncodingOnKey","createCryptoContextFor","keytag","then","jwk","kid","getSignature","value"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":"AAAA,SAASA,YAAY,EAAEC,IAAI,QAAQ,gCAAgC;AACnE,SAASC,UAAU,QAA4B,6BAA6B;AAC5E,SAASC,sBAAsB,QAAQ,OAAO;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,GAAIC,MAAc,IAAoB;EACvE,OAAO;IACL;AACJ;AACA;AACA;AACA;IACI,MAAML,YAAYA,CAAA,EAAG;MACnB,OAAOA,YAAY,CAACK,MAAM,CAAC,CACxBC,IAAI,CAACH,sBAAsB,CAAC,CAC5BG,IAAI,CAAC,MAAOC,GAAG,KAAM;QACpB,GAAGA,GAAG;QACN;QACA;QACA;QACA;QACAC,GAAG,EAAE,MAAMN,UAAU,CAACK,GAAG;MAC3B,CAAC,CAAC,CAAC;IACP,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;IACI,MAAME,YAAYA,CAACC,KAAa,EAAE;MAChC,OAAOT,IAAI,CAACS,KAAK,EAAEL,MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC"}
@@ -1,12 +1,20 @@
1
1
  import * as z from "zod";
2
2
  import { SignJWT } from "@pagopa/io-react-native-jwt";
3
- export const getUnsignedDPop = (jwk, payload) => {
4
- const dPop = new SignJWT(payload).setProtectedHeader({
5
- alg: "ES256",
3
+
4
+ /**
5
+ * Create a signed DPoP token
6
+ *
7
+ * @param payload The payload to be included in the token.
8
+ * @param crypto The crypto context that handles the key bound to the DPoP.
9
+ *
10
+ * @returns The signed crypto token.
11
+ */
12
+ export const createDPopToken = async (payload, crypto) => {
13
+ const jwk = await crypto.getPublicKey();
14
+ return new SignJWT(crypto).setPayload(payload).setProtectedHeader({
6
15
  typ: "dpop+jwt",
7
16
  jwk
8
- }).setIssuedAt().setExpirationTime("1h").toSign();
9
- return dPop;
17
+ }).setIssuedAt().setExpirationTime("1h").sign();
10
18
  };
11
19
  export const DPoPPayload = z.object({
12
20
  jti: z.string(),
@@ -1 +1 @@
1
- {"version":3,"names":["z","SignJWT","getUnsignedDPop","jwk","payload","dPop","setProtectedHeader","alg","typ","setIssuedAt","setExpirationTime","toSign","DPoPPayload","object","jti","string","htm","union","literal","htu","ath","optional"],"sourceRoot":"../../../src","sources":["utils/dpop.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AAExB,SAASC,OAAO,QAAQ,6BAA6B;AAGrD,OAAO,MAAMC,eAAe,GAAGA,CAACC,GAAQ,EAAEC,OAAoB,KAAa;EACzE,MAAMC,IAAI,GAAG,IAAIJ,OAAO,CAACG,OAAO,CAAC,CAC9BE,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,UAAU;IACfL;EACF,CAAC,CAAC,CACDM,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,MAAM,CAAC,CAAC;EACX,OAAON,IAAI;AACb,CAAC;AAGD,OAAO,MAAMO,WAAW,GAAGZ,CAAC,CAACa,MAAM,CAAC;EAClCC,GAAG,EAAEd,CAAC,CAACe,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEhB,CAAC,CAACiB,KAAK,CAAC,CAACjB,CAAC,CAACkB,OAAO,CAAC,MAAM,CAAC,EAAElB,CAAC,CAACkB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;EACnDC,GAAG,EAAEnB,CAAC,CAACe,MAAM,CAAC,CAAC;EACfK,GAAG,EAAEpB,CAAC,CAACe,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC;AAC3B,CAAC,CAAC"}
1
+ {"version":3,"names":["z","SignJWT","createDPopToken","payload","crypto","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setIssuedAt","setExpirationTime","sign","DPoPPayload","object","jti","string","htm","union","literal","htu","ath","optional"],"sourceRoot":"../../../src","sources":["utils/dpop.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AAExB,SAASC,OAAO,QAA4B,6BAA6B;;AAEzE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAe,GAAG,MAAAA,CAC7BC,OAAoB,EACpBC,MAAqB,KACD;EACpB,MAAMC,GAAG,GAAG,MAAMD,MAAM,CAACE,YAAY,CAAC,CAAC;EACvC,OAAO,IAAIL,OAAO,CAACG,MAAM,CAAC,CACvBG,UAAU,CAACJ,OAAO,CAAC,CACnBK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,UAAU;IACfJ;EACF,CAAC,CAAC,CACDK,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;AAGD,OAAO,MAAMC,WAAW,GAAGb,CAAC,CAACc,MAAM,CAAC;EAClCC,GAAG,EAAEf,CAAC,CAACgB,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEjB,CAAC,CAACkB,KAAK,CAAC,CAAClB,CAAC,CAACmB,OAAO,CAAC,MAAM,CAAC,EAAEnB,CAAC,CAACmB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;EACnDC,GAAG,EAAEpB,CAAC,CAACgB,MAAM,CAAC,CAAC;EACfK,GAAG,EAAErB,CAAC,CAACgB,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC;AAC3B,CAAC,CAAC"}
@@ -1,8 +1,8 @@
1
1
  import { WalletInstanceAttestationJwt } from "./types";
2
2
  import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
3
3
  import { verify as verifyJwt } from "@pagopa/io-react-native-jwt";
4
- import { Issuing } from "./issuing";
5
- export { Issuing };
4
+ import { getAttestation } from "./issuing";
5
+ export { getAttestation };
6
6
  /**
7
7
  * Decode a given JWT to get the parsed Wallet Instance Attestation object they define.
8
8
  * It ensures provided data is in a valid shape.
@@ -1 +1 @@
1
- {"version":3,"names":["WalletInstanceAttestationJwt","decode","decodeJwt","verify","verifyJwt","Issuing","token","decodedJwt","parse","header","protectedHeader","payload","decoded","pubKey","cnf","jwk"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/index.ts"],"mappings":"AAAA,SAASA,4BAA4B,QAAQ,SAAS;AACtD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AAEjE,SAASC,OAAO,QAAQ,WAAW;AACnC,SAASA,OAAO;AAChB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASJ,MAAMA,CAACK,KAAa,EAAgC;EAClE;EACA,MAAMC,UAAU,GAAGL,SAAS,CAACI,KAAK,CAAC;EACnC;EACA,OAAON,4BAA4B,CAACQ,KAAK,CAAC;IACxCC,MAAM,EAAEF,UAAU,CAACG,eAAe;IAClCC,OAAO,EAAEJ,UAAU,CAACI;EACtB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeR,MAAMA,CAC1BG,KAAa,EAC0B;EACvC,MAAMM,OAAO,GAAGX,MAAM,CAACK,KAAK,CAAC;EAC7B,MAAMO,MAAM,GAAGD,OAAO,CAACD,OAAO,CAACG,GAAG,CAACC,GAAG;EAEtC,MAAMX,SAAS,CAACE,KAAK,EAAEO,MAAM,CAAC;EAE9B,OAAOD,OAAO;AAChB"}
1
+ {"version":3,"names":["WalletInstanceAttestationJwt","decode","decodeJwt","verify","verifyJwt","getAttestation","token","decodedJwt","parse","header","protectedHeader","payload","decoded","pubKey","cnf","jwk"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/index.ts"],"mappings":"AAAA,SAASA,4BAA4B,QAAQ,SAAS;AACtD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AAEjE,SAASC,cAAc,QAAQ,WAAW;AAC1C,SAASA,cAAc;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASJ,MAAMA,CAACK,KAAa,EAAgC;EAClE;EACA,MAAMC,UAAU,GAAGL,SAAS,CAACI,KAAK,CAAC;EACnC;EACA,OAAON,4BAA4B,CAACQ,KAAK,CAAC;IACxCC,MAAM,EAAEF,UAAU,CAACG,eAAe;IAClCC,OAAO,EAAEJ,UAAU,CAACI;EACtB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeR,MAAMA,CAC1BG,KAAa,EAC0B;EACvC,MAAMM,OAAO,GAAGX,MAAM,CAACK,KAAK,CAAC;EAC7B,MAAMO,MAAM,GAAGD,OAAO,CAACD,OAAO,CAACG,GAAG,CAACC,GAAG;EAEtC,MAAMX,SAAS,CAACE,KAAK,EAAEO,MAAM,CAAC;EAE9B,OAAOD,OAAO;AAChB"}