@pagopa/io-react-native-wallet 0.4.3 → 0.5.0

package/lib/module/rp/index.js

@@ -3,81 +3,88 @@ import { decode as decodeJwt, decodeBase64, sha256ToBase64, SignJWT, EncryptJwe,
 import { QRCodePayload, RequestObject, RpEntityConfiguration } from "./types";
 import uuid from "react-native-uuid";
 import { disclose } from "../sd-jwt";
-import { getEntityConfiguration } from "../trust";
-export class RelyingPartySolution {
-  constructor(relyingPartyBaseUrl, walletInstanceAttestation) {
-    let appFetch = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : fetch;
-    this.relyingPartyBaseUrl = relyingPartyBaseUrl;
-    this.walletInstanceAttestation = walletInstanceAttestation;
-    this.appFetch = appFetch;
+import { getEntityConfiguration as getGenericEntityConfiguration } from "../trust";
+import { createDPopToken } from "../utils/dpop";
+import { WalletInstanceAttestation } from "..";
+
+/**
+ * Select a RSA public key from those provided by the RP to encrypt.
+ *
+ * @param entity The RP entity configuration
+ * @returns A suitable public key with its compatible encryption algorithm
+ * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
+ */
+const chooseRSAPublicKeyToEncrypt = entity => {
+  const [usingRsa256] = entity.payload.metadata.wallet_relying_party.jwks.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
+  if (usingRsa256) {
+    return usingRsa256;
   }
 
-  /**
-   * Decode a QR code content to an authentication request url.
-   * @function
-   * @param qrcode QR code content
-   *
-   * @returns The authentication request url
-   *
-   */
-  static decodeAuthRequestQR(qrcode) {
-    const decoded = decodeBase64(qrcode);
-    const decodedUrl = new URL(decoded);
-    const protocol = decodedUrl.protocol;
-    const resource = decodedUrl.hostname;
-    const requestURI = decodedUrl.searchParams.get("request_uri");
-    const clientId = decodedUrl.searchParams.get("client_id");
-    const result = QRCodePayload.safeParse({
-      protocol,
-      resource,
-      requestURI,
-      clientId
-    });
-    if (result.success) {
-      return result.data;
-    } else {
-      throw new AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
-    }
+  // No suitable key has been found
+  throw new NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
+};
+
+/**
+ * Obtain the relying party entity configuration.
+ */
+export const getEntityConfiguration = function () {
+  let {
+    appFetch = fetch
+  } = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
+  return async relyingPartyBaseUrl => {
+    return getGenericEntityConfiguration(relyingPartyBaseUrl, {
+      appFetch: appFetch
+    }).then(RpEntityConfiguration.parse);
+  };
+};
+
+/**
+ * Decode a QR code content to an authentication request url.
+ * @function
+ * @param qrcode QR code content
+ *
+ * @returns The authentication request url
+ *
+ */
+export const decodeAuthRequestQR = qrcode => {
+  const decoded = decodeBase64(qrcode);
+  const decodedUrl = new URL(decoded);
+  const protocol = decodedUrl.protocol;
+  const resource = decodedUrl.hostname;
+  const requestURI = decodedUrl.searchParams.get("request_uri");
+  const clientId = decodedUrl.searchParams.get("client_id");
+  const result = QRCodePayload.safeParse({
+    protocol,
+    resource,
+    requestURI,
+    clientId
+  });
+  if (result.success) {
+    return result.data;
+  } else {
+    throw new AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
   }
-  /**
-   * Obtain the unsigned wallet instance DPoP for authentication request
-   *
-   * @function
-   * @param walletInstanceAttestationJwk JWT of the Wallet Instance Attestation
-   * @param authRequestUrl authentication request url
-   *
-   * @returns The unsigned wallet instance DPoP
-   *
-   */
-  async getUnsignedWalletInstanceDPoP(walletInstanceAttestationJwk, authRequestUrl) {
-    return await new SignJWT({
+};
+/**
+ * Obtain the Request Object for RP authentication
+ * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
+ */
+export const getRequestObject = _ref => {
+  let {
+    wiaCryptoContext,
+    appFetch = fetch
+  } = _ref;
+  return async (walletInstanceAttestation, requestUri, rpEntityConfiguration) => {
+    const signedWalletInstanceDPoP = await createDPopToken({
       jti: `${uuid.v4()}`,
       htm: "GET",
-      htu: authRequestUrl,
-      ath: await sha256ToBase64(this.walletInstanceAttestation)
-    }).setProtectedHeader({
-      alg: "ES256",
-      jwk: walletInstanceAttestationJwk,
-      typ: "dpop+jwt"
-    }).setIssuedAt().setExpirationTime("1h").toSign();
-  }
-
-  /**
-   * Obtain the Request Object for RP authentication
-   * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
-   *
-   * @async @function
-   * @param signedWalletInstanceDPoP JWT of the Wallet Instance Attestation DPoP
-   *
-   * @returns The Request Object JWT
-   * @throws {NoSuitableKeysFoundInEntityConfiguration} When the Request Object is signed with a key not listed in RP's entity configuration
-   *
-   */
-  async getRequestObject(signedWalletInstanceDPoP, requestUri, entity) {
-    const response = await this.appFetch(requestUri, {
+      htu: requestUri,
+      ath: await sha256ToBase64(walletInstanceAttestation)
+    }, wiaCryptoContext);
+    const response = await appFetch(requestUri, {
       method: "GET",
       headers: {
-        Authorization: `DPoP ${this.walletInstanceAttestation}`,
+        Authorization: `DPoP ${walletInstanceAttestation}`,
         DPoP: signedWalletInstanceDPoP
       }
     });
@@ -89,10 +96,10 @@ export class RelyingPartySolution {
       // verify token signature according to RP's entity configuration
       // to ensure the request object is authentic
       {
-        const pubKey = entity.payload.metadata.wallet_relying_party.jwks.find(_ref => {
+        const pubKey = rpEntityConfiguration.payload.metadata.wallet_relying_party.jwks.find(_ref2 => {
           let {
             kid
-          } = _ref;
+          } = _ref2;
           return kid === responseJwt.protectedHeader.kid;
         });
         if (!pubKey) {
@@ -102,55 +109,63 @@ export class RelyingPartySolution {
       }
 
       // parse request object it has the expected shape by specification
-      const requestObj = RequestObject.parse({
+      const requestObject = RequestObject.parse({
         header: responseJwt.protectedHeader,
         payload: responseJwt.payload
       });
-      return requestObj;
+      return {
+        requestObject,
+        rpEntityConfiguration,
+        walletInstanceAttestation
+      };
     }
-    throw new IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}`);
-  }
+    throw new IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}
+      ${await response.text()}`);
+  };
+};
 
-  /**
-   * Prepare the Verified Presentation token for a received request object in the context of an authorization request flow.
-   * The presentation is prepared by disclosing data from provided credentials, according to requested claims
-   * Each Verified Credential come along with the claims the user accepts to disclose from it.
-   *
-   * The returned token is unsigned (sign should be apply by the caller).
-   *
-   * @todo accept more than a Verified Credential
-   *
-   * @param requestObj The incoming request object, which the requirements for the requested authorization
-   * @param walletInstanceIdentifier The identifies of the wallt instance that is presenting
-   * @param presentation The Verified Credential containing user data along with the list of claims to be disclosed.
-   * @param signKeyId The kid of the key that will be used to sign
-   * @returns The unsigned Verified Presentation token
-   * @throws {ClaimsNotFoundBetweenDislosures} If the Verified Credential does not contain one or more requested claims.
-   *
-   */
-  async prepareVpToken(requestObj, walletInstanceIdentifier, _ref2,
-  // TODO: [SIW-353] support multiple presentations,
-  signKeyId) {
-    let [vc, claims] = _ref2;
+/**
+ * Prepare the Verified Presentation token for a received request object in the context of an authorization request flow.
+ * The presentation is prepared by disclosing data from provided credentials, according to requested claims
+ * Each Verified Credential come along with the claims the user accepts to disclose from it.
+ *
+ * @todo accept more than a Verified Credential
+ */
+const prepareVpToken = _ref3 => {
+  let {
+    pidCryptoContext
+  } = _ref3;
+  return async (_ref4, _ref5) => {
+    let {
+      requestObject,
+      walletInstanceAttestation
+    } = _ref4;
+    let [vc, claims] = _ref5;
     // this throws if vc cannot satisfy all the requested claims
     const {
       token: vp,
       paths
     } = await disclose(vc, claims);
 
-    // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
+    // obtain issuer from Wallet Instance
+    const {
+      payload: {
+        iss
+      }
+    } = WalletInstanceAttestation.decode(walletInstanceAttestation);
+    const pidKid = await pidCryptoContext.getPublicKey().then(_ => _.kid);
 
-    const vp_token = new SignJWT({
+    // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
+    const vp_token = await new SignJWT(pidCryptoContext).setProtectedHeader({
+      typ: "JWT",
+      kid: pidKid
+    }).setPayload({
       vp: vp,
       jti: `${uuid.v4()}`,
-      iss: walletInstanceIdentifier,
-      nonce: requestObj.payload.nonce
-    }).setAudience(requestObj.payload.response_uri).setIssuedAt().setExpirationTime("1h").setProtectedHeader({
-      typ: "JWT",
-      alg: "ES256",
-      kid: signKeyId
-    }).toSign();
-    const vc_scope = requestObj.payload.scope;
+      iss,
+      nonce: requestObject.payload.nonce
+    }).setAudience(requestObject.payload.response_uri).setIssuedAt().setExpirationTime("1h").sign();
+    const vc_scope = requestObject.payload.scope;
     const presentation_submission = {
       definition_id: `${uuid.v4()}`,
       id: `${uuid.v4()}`,
@@ -164,30 +179,43 @@ export class RelyingPartySolution {
       vp_token,
       presentation_submission
     };
-  }
+  };
+};
 
-  /**
-   * Compose and send an Authorization Response in the context of an authorization request flow.
-   *
-   * @todo MUST add presentation_submission
-   *
-   * @param requestObj The incoming request object, which the requirements for the requested authorization
-   * @param vp_token The signed Verified Presentation token with data to send.
-   * @param presentation_submission
-   * @param entity The RP entity configuration
-   * @returns The response from the RP
-   * @throws {IoWalletError} if the submission fails.
-   * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key
-   *
-   */
-  async sendAuthorizationResponse(requestObj, vp_token, presentation_submission, entity) {
+/**
+ * Compose and send an Authorization Response in the context of an authorization request flow.
+ *
+ * @todo MUST add presentation_submission
+ *
+ */
+export const sendAuthorizationResponse = _ref6 => {
+  let {
+    pidCryptoContext,
+    appFetch = fetch
+  } = _ref6;
+  return async (_ref7, presentation) => {
+    let {
+      requestObject,
+      rpEntityConfiguration,
+      walletInstanceAttestation
+    } = _ref7;
     // the request is an unsigned jws without iss, aud, exp
     // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
-    const jwk = this.chooseRSAPublicKeyToEncrypt(entity);
+    const jwk = chooseRSAPublicKeyToEncrypt(rpEntityConfiguration);
+    const {
+      vp_token,
+      presentation_submission
+    } = await prepareVpToken({
+      pidCryptoContext
+    })({
+      requestObject,
+      rpEntityConfiguration,
+      walletInstanceAttestation
+    }, presentation);
     const authzResponsePayload = JSON.stringify({
-      state: requestObj.payload.state,
+      state: requestObject.payload.state,
       presentation_submission,
-      nonce: requestObj.payload.nonce,
+      nonce: requestObject.payload.nonce,
       vp_token
     });
     const encrypted = await new EncryptJwe(authzResponsePayload, {
@@ -199,7 +227,7 @@ export class RelyingPartySolution {
       response: encrypted
     });
     const body = formBody.toString();
-    const response = await this.appFetch(requestObj.payload.response_uri, {
+    const response = await appFetch(requestObject.payload.response_uri, {
       method: "POST",
       headers: {
         "Content-Type": "application/x-www-form-urlencoded"
@@ -210,32 +238,6 @@ export class RelyingPartySolution {
       return await response.json();
     }
     throw new IoWalletError(`Unable to send Authorization Response. Response: ${await response.text()} with code: ${response.status}`);
-  }
-
-  /**
-   * Select a RSA public key from those provided by the RP to encrypt.
-   *
-   * @param entity The RP entity configuration
-   * @returns A suitable public key with its compatible encryption algorithm
-   * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
-   */
-  chooseRSAPublicKeyToEncrypt(entity) {
-    const [usingRsa256] = entity.payload.metadata.wallet_relying_party.jwks.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
-    if (usingRsa256) {
-      return usingRsa256;
-    }
-
-    // No suitable key has been found
-    throw new NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
-  }
-
-  /**
-   * Obtain the relying party entity configuration.
-   */
-  async getEntityConfiguration() {
-    return getEntityConfiguration(this.relyingPartyBaseUrl, {
-      appFetch: this.appFetch
-    }).then(RpEntityConfiguration.parse);
-  }
-}
+  };
+};
 //# sourceMappingURL=index.js.map

package/lib/module/rp/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["AuthRequestDecodeError","IoWalletError","NoSuitableKeysFoundInEntityConfiguration","decode","decodeJwt","decodeBase64","sha256ToBase64","SignJWT","EncryptJwe","verify","QRCodePayload","RequestObject","RpEntityConfiguration","uuid","disclose","getEntityConfiguration","RelyingPartySolution","constructor","relyingPartyBaseUrl","walletInstanceAttestation","appFetch","arguments","length","undefined","fetch","decodeAuthRequestQR","qrcode","decoded","decodedUrl","URL","protocol","resource","hostname","requestURI","searchParams","get","clientId","result","safeParse","success","data","error","message","getUnsignedWalletInstanceDPoP","walletInstanceAttestationJwk","authRequestUrl","jti","v4","htm","htu","ath","setProtectedHeader","alg","jwk","typ","setIssuedAt","setExpirationTime","toSign","getRequestObject","signedWalletInstanceDPoP","requestUri","entity","response","method","headers","Authorization","DPoP","status","responseJson","json","responseEncodedJwt","responseJwt","pubKey","payload","metadata","wallet_relying_party","jwks","find","_ref","kid","protectedHeader","requestObj","parse","header","prepareVpToken","walletInstanceIdentifier","_ref2","signKeyId","vc","claims","token","vp","paths","vp_token","iss","nonce","setAudience","response_uri","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","chooseRSAPublicKeyToEncrypt","authzResponsePayload","JSON","stringify","state","encrypted","enc","encrypt","formBody","URLSearchParams","body","toString","text","usingRsa256","filter","use","kty","then"],"sourceRoot":"../../../src","sources":["rp/index.ts"],"mappings":"AAAA,SACEA,sBAAsB,EACtBC,aAAa,EACbC,wCAAwC,QACnC,iBAAiB;AACxB,SACEC,MAAM,IAAIC,SAAS,EACnBC,YAAY,EACZC,cAAc,EACdC,OAAO,EACPC,UAAU,EACVC,MAAM,QACD,6BAA6B;AACpC,SACEC,aAAa,EACbC,aAAa,EACbC,qBAAqB,QAEhB,SAAS;AAEhB,OAAOC,IAAI,MAAM,mBAAmB;AAEpC,SAASC,QAAQ,QAAQ,WAAW;AACpC,SAASC,sBAAsB,QAAQ,UAAU;AAEjD,OAAO,MAAMC,oBAAoB,CAAC;EAKhCC,WAAWA,CACTC,mBAA2B,EAC3BC,yBAAiC,EAEjC;IAAA,IADAC,QAA8B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;IAEtC,IAAI,CAACN,mBAAmB,GAAGA,mBAAmB;IAC9C,IAAI,CAACC,yBAAyB,GAAGA,yBAAyB;IAC1D,IAAI,CAACC,QAAQ,GAAGA,QAAQ;EAC1B;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACE,OAAOK,mBAAmBA,CAACC,MAAc,EAAiB;IACxD,MAAMC,OAAO,GAAGtB,YAAY,CAACqB,MAAM,CAAC;IACpC,MAAME,UAAU,GAAG,IAAIC,GAAG,CAACF,OAAO,CAAC;IACnC,MAAMG,QAAQ,GAAGF,UAAU,CAACE,QAAQ;IACpC,MAAMC,QAAQ,GAAGH,UAAU,CAACI,QAAQ;IACpC,MAAMC,UAAU,GAAGL,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC;IAC7D,MAAMC,QAAQ,GAAGR,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,WAAW,CAAC;IAEzD,MAAME,MAAM,GAAG3B,aAAa,CAAC4B,SAAS,CAAC;MACrCR,QAAQ;MACRC,QAAQ;MACRE,UAAU;MACVG;IACF,CAAC,CAAC;IAEF,IAAIC,MAAM,CAACE,OAAO,EAAE;MAClB,OAAOF,MAAM,CAACG,IAAI;IACpB,CAAC,MAAM;MACL,MAAM,IAAIxC,sBAAsB,CAACqC,MAAM,CAACI,KAAK,CAACC,OAAO,EAAG,GAAEd,UAAW,EAAC,CAAC;IACzE;EACF;EACA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMe,6BAA6BA,CACjCC,4BAAiC,EACjCC,cAAsB,EACL;IACjB,OAAO,MAAM,IAAItC,OAAO,CAAC;MACvBuC,GAAG,EAAG,GAAEjC,IAAI,CAACkC,EAAE,CAAC,CAAE,EAAC;MACnBC,GAAG,EAAE,KAAK;MACVC,GAAG,EAAEJ,cAAc;MACnBK,GAAG,EAAE,MAAM5C,cAAc,CAAC,IAAI,CAACa,yBAAyB;IAC1D,CAAC,CAAC,CACCgC,kBAAkB,CAAC;MAClBC,GAAG,EAAE,OAAO;MACZC,GAAG,EAAET,4BAA4B;MACjCU,GAAG,EAAE;IACP,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,MAAM,CAAC,CAAC;EACb;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMC,gBAAgBA,CACpBC,wBAAgC,EAChCC,UAAkB,EAClBC,MAA6B,EACL;IACxB,MAAMC,QAAQ,GAAG,MAAM,IAAI,CAAC1C,QAAQ,CAACwC,UAAU,EAAE;MAC/CG,MAAM,EAAE,KAAK;MACbC,OAAO,EAAE;QACPC,aAAa,EAAG,QAAO,IAAI,CAAC9C,yBAA0B,EAAC;QACvD+C,IAAI,EAAEP;MACR;IACF,CAAC,CAAC;IAEF,IAAIG,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,YAAY,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MAC1C,MAAMC,kBAAkB,GAAGF,YAAY,CAACN,QAAQ;MAEhD,MAAMS,WAAW,GAAGnE,SAAS,CAACkE,kBAAkB,CAAC;;MAEjD;MACA;MACA;QACE,MAAME,MAAM,GAAGX,MAAM,CAACY,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACC,IAAI,CACnEC,IAAA;UAAA,IAAC;YAAEC;UAAI,CAAC,GAAAD,IAAA;UAAA,OAAKC,GAAG,KAAKR,WAAW,CAACS,eAAe,CAACD,GAAG;QAAA,CACtD,CAAC;QACD,IAAI,CAACP,MAAM,EAAE;UACX,MAAM,IAAItE,wCAAwC,CAChD,uCACF,CAAC;QACH;QACA,MAAMO,MAAM,CAAC6D,kBAAkB,EAAEE,MAAM,CAAC;MAC1C;;MAEA;MACA,MAAMS,UAAU,GAAGtE,aAAa,CAACuE,KAAK,CAAC;QACrCC,MAAM,EAAEZ,WAAW,CAACS,eAAe;QACnCP,OAAO,EAAEF,WAAW,CAACE;MACvB,CAAC,CAAC;MAEF,OAAOQ,UAAU;IACnB;IAEA,MAAM,IAAIhF,aAAa,CACpB,mDAAkD6D,QAAQ,CAACK,MAAO,EACrE,CAAC;EACH;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMiB,cAAcA,CAClBH,UAAyB,EACzBI,wBAAgC,EAAAC,KAAA;EACJ;EAC5BC,SAAiB,EAIhB;IAAA,IALD,CAACC,EAAE,EAAEC,MAAM,CAAe,GAAAH,KAAA;IAM1B;IACA,MAAM;MAAEI,KAAK,EAAEC,EAAE;MAAEC;IAAM,CAAC,GAAG,MAAM9E,QAAQ,CAAC0E,EAAE,EAAEC,MAAM,CAAC;;IAEvD;;IAEA,MAAMI,QAAQ,GAAG,IAAItF,OAAO,CAAC;MAC3BoF,EAAE,EAAEA,EAAE;MACN7C,GAAG,EAAG,GAAEjC,IAAI,CAACkC,EAAE,CAAC,CAAE,EAAC;MACnB+C,GAAG,EAAET,wBAAwB;MAC7BU,KAAK,EAAEd,UAAU,CAACR,OAAO,CAACsB;IAC5B,CAAC,CAAC,CACCC,WAAW,CAACf,UAAU,CAACR,OAAO,CAACwB,YAAY,CAAC,CAC5C1C,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBL,kBAAkB,CAAC;MAClBG,GAAG,EAAE,KAAK;MACVF,GAAG,EAAE,OAAO;MACZ2B,GAAG,EAAEQ;IACP,CAAC,CAAC,CACD9B,MAAM,CAAC,CAAC;IAEX,MAAMyC,QAAQ,GAAGjB,UAAU,CAACR,OAAO,CAAC0B,KAAK;IACzC,MAAMC,uBAAuB,GAAG;MAC9BC,aAAa,EAAG,GAAExF,IAAI,CAACkC,EAAE,CAAC,CAAE,EAAC;MAC7BuD,EAAE,EAAG,GAAEzF,IAAI,CAACkC,EAAE,CAAC,CAAE,EAAC;MAClBwD,cAAc,EAAEX,KAAK,CAACY,GAAG,CAAEC,CAAC,KAAM;QAChCH,EAAE,EAAEJ,QAAQ;QACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;QAC5BC,MAAM,EAAE;MACV,CAAC,CAAC;IACJ,CAAC;IAED,OAAO;MAAEd,QAAQ;MAAEO;IAAwB,CAAC;EAC9C;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMQ,yBAAyBA,CAC7B3B,UAAyB,EACzBY,QAAgB,EAChBO,uBAAgD,EAChDvC,MAA6B,EACZ;IACjB;IACA;IACA,MAAMR,GAAG,GAAG,IAAI,CAACwD,2BAA2B,CAAChD,MAAM,CAAC;IAEpD,MAAMiD,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;MAC1CC,KAAK,EAAEhC,UAAU,CAACR,OAAO,CAACwC,KAAK;MAC/Bb,uBAAuB;MACvBL,KAAK,EAAEd,UAAU,CAACR,OAAO,CAACsB,KAAK;MAC/BF;IACF,CAAC,CAAC;IAEF,MAAMqB,SAAS,GAAG,MAAM,IAAI1G,UAAU,CAACsG,oBAAoB,EAAE;MAC3D1D,GAAG,EAAE,cAAc;MACnB+D,GAAG,EAAE,eAAe;MACpBpC,GAAG,EAAE1B,GAAG,CAAC0B;IACX,CAAC,CAAC,CAACqC,OAAO,CAAC/D,GAAG,CAAC;IAEf,MAAMgE,QAAQ,GAAG,IAAIC,eAAe,CAAC;MAAExD,QAAQ,EAAEoD;IAAU,CAAC,CAAC;IAC7D,MAAMK,IAAI,GAAGF,QAAQ,CAACG,QAAQ,CAAC,CAAC;IAEhC,MAAM1D,QAAQ,GAAG,MAAM,IAAI,CAAC1C,QAAQ,CAAC6D,UAAU,CAACR,OAAO,CAACwB,YAAY,EAAE;MACpElC,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDuD;IACF,CAAC,CAAC;IAEF,IAAIzD,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAML,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAIpE,aAAa,CACpB,oDAAmD,MAAM6D,QAAQ,CAAC2D,IAAI,CAAC,CAAE,eACxE3D,QAAQ,CAACK,MACV,EACH,CAAC;EACH;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;EACU0C,2BAA2BA,CAAChD,MAA6B,EAAO;IACtE,MAAM,CAAC6D,WAAW,CAAC,GACjB7D,MAAM,CAACY,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAAC+C,MAAM,CACrDtE,GAAG,IAAKA,GAAG,CAACuE,GAAG,KAAK,KAAK,IAAIvE,GAAG,CAACwE,GAAG,KAAK,KAC5C,CAAC;IAEH,IAAIH,WAAW,EAAE;MACf,OAAOA,WAAW;IACpB;;IAEA;IACA,MAAM,IAAIxH,wCAAwC,CAChD,4BACF,CAAC;EACH;;EAEA;AACF;AACA;EACE,MAAMa,sBAAsBA,CAAA,EAAmC;IAC7D,OAAOA,sBAAsB,CAAC,IAAI,CAACG,mBAAmB,EAAE;MACtDE,QAAQ,EAAE,IAAI,CAACA;IACjB,CAAC,CAAC,CAAC0G,IAAI,CAAClH,qBAAqB,CAACsE,KAAK,CAAC;EACtC;AACF"}
+{"version":3,"names":["AuthRequestDecodeError","IoWalletError","NoSuitableKeysFoundInEntityConfiguration","decode","decodeJwt","decodeBase64","sha256ToBase64","SignJWT","EncryptJwe","verify","QRCodePayload","RequestObject","RpEntityConfiguration","uuid","disclose","getEntityConfiguration","getGenericEntityConfiguration","createDPopToken","WalletInstanceAttestation","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","payload","metadata","wallet_relying_party","jwks","filter","jwk","use","kty","appFetch","fetch","arguments","length","undefined","relyingPartyBaseUrl","then","parse","decodeAuthRequestQR","qrcode","decoded","decodedUrl","URL","protocol","resource","hostname","requestURI","searchParams","get","clientId","result","safeParse","success","data","error","message","getRequestObject","_ref","wiaCryptoContext","walletInstanceAttestation","requestUri","rpEntityConfiguration","signedWalletInstanceDPoP","jti","v4","htm","htu","ath","response","method","headers","Authorization","DPoP","status","responseJson","json","responseEncodedJwt","responseJwt","pubKey","find","_ref2","kid","protectedHeader","requestObject","header","text","prepareVpToken","_ref3","pidCryptoContext","_ref4","_ref5","vc","claims","token","vp","paths","iss","pidKid","getPublicKey","_","vp_token","setProtectedHeader","typ","setPayload","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","_ref6","_ref7","presentation","authzResponsePayload","JSON","stringify","state","encrypted","alg","enc","encrypt","formBody","URLSearchParams","body","toString"],"sourceRoot":"../../../src","sources":["rp/index.ts"],"mappings":"AAAA,SACEA,sBAAsB,EACtBC,aAAa,EACbC,wCAAwC,QACnC,iBAAiB;AACxB,SACEC,MAAM,IAAIC,SAAS,EACnBC,YAAY,EACZC,cAAc,EACdC,OAAO,EACPC,UAAU,EACVC,MAAM,QAED,6BAA6B;AACpC,SACEC,aAAa,EACbC,aAAa,EACbC,qBAAqB,QAEhB,SAAS;AAEhB,OAAOC,IAAI,MAAM,mBAAmB;AAEpC,SAASC,QAAQ,QAAQ,WAAW;AACpC,SAASC,sBAAsB,IAAIC,6BAA6B,QAAQ,UAAU;AAClF,SAASC,eAAe,QAAQ,eAAe;AAC/C,SAASC,yBAAyB,QAAQ,IAAI;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,2BAA2B,GAAIC,MAA6B,IAAU;EAC1E,MAAM,CAACC,WAAW,CAAC,GACjBD,MAAM,CAACE,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACC,MAAM,CACrDC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAEH,IAAIR,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAInB,wCAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA,OAAO,MAAMa,sBAAsB,GACjC,SAAAA,CAAA;EAAA,IAAC;IAAEe,QAAQ,GAAGC;EAA2C,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAAA,OAC/D,MAAOG,mBAA2B,IAAqC;IACrE,OAAOnB,6BAA6B,CAACmB,mBAAmB,EAAE;MACxDL,QAAQ,EAAEA;IACZ,CAAC,CAAC,CAACM,IAAI,CAACxB,qBAAqB,CAACyB,KAAK,CAAC;EACtC,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAmB,GAAIC,MAAc,IAAoB;EACpE,MAAMC,OAAO,GAAGnC,YAAY,CAACkC,MAAM,CAAC;EACpC,MAAME,UAAU,GAAG,IAAIC,GAAG,CAACF,OAAO,CAAC;EACnC,MAAMG,QAAQ,GAAGF,UAAU,CAACE,QAAQ;EACpC,MAAMC,QAAQ,GAAGH,UAAU,CAACI,QAAQ;EACpC,MAAMC,UAAU,GAAGL,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC;EAC7D,MAAMC,QAAQ,GAAGR,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,WAAW,CAAC;EAEzD,MAAME,MAAM,GAAGxC,aAAa,CAACyC,SAAS,CAAC;IACrCR,QAAQ;IACRC,QAAQ;IACRE,UAAU;IACVG;EACF,CAAC,CAAC;EAEF,IAAIC,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIrD,sBAAsB,CAACkD,MAAM,CAACI,KAAK,CAACC,OAAO,EAAG,GAAEd,UAAW,EAAC,CAAC;EACzE;AACF,CAAC;AAQD;AACA;AACA;AACA;AACA,OAAO,MAAMe,gBAAgB,GAC3BC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChB5B,QAAQ,GAAGC;EAIb,CAAC,GAAA0B,IAAA;EAAA,OACD,OACEE,yBAAiC,EACjCC,UAAkB,EAClBC,qBAA4C,KACb;IAC/B,MAAMC,wBAAwB,GAAG,MAAM7C,eAAe,CACpD;MACE8C,GAAG,EAAG,GAAElD,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MACnBC,GAAG,EAAE,KAAK;MACVC,GAAG,EAAEN,UAAU;MACfO,GAAG,EAAE,MAAM7D,cAAc,CAACqD,yBAAyB;IACrD,CAAC,EACDD,gBACF,CAAC;IAED,MAAMU,QAAQ,GAAG,MAAMtC,QAAQ,CAAC8B,UAAU,EAAE;MAC1CS,MAAM,EAAE,KAAK;MACbC,OAAO,EAAE;QACPC,aAAa,EAAG,QAAOZ,yBAA0B,EAAC;QAClDa,IAAI,EAAEV;MACR;IACF,CAAC,CAAC;IAEF,IAAIM,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,YAAY,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MAC1C,MAAMC,kBAAkB,GAAGF,YAAY,CAACN,QAAQ;MAEhD,MAAMS,WAAW,GAAGzE,SAAS,CAACwE,kBAAkB,CAAC;;MAEjD;MACA;MACA;QACE,MAAME,MAAM,GACVjB,qBAAqB,CAACvC,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACsD,IAAI,CACnEC,KAAA;UAAA,IAAC;YAAEC;UAAI,CAAC,GAAAD,KAAA;UAAA,OAAKC,GAAG,KAAKJ,WAAW,CAACK,eAAe,CAACD,GAAG;QAAA,CACtD,CAAC;QACH,IAAI,CAACH,MAAM,EAAE;UACX,MAAM,IAAI5E,wCAAwC,CAChD,uCACF,CAAC;QACH;QACA,MAAMO,MAAM,CAACmE,kBAAkB,EAAEE,MAAM,CAAC;MAC1C;;MAEA;MACA,MAAMK,aAAa,GAAGxE,aAAa,CAAC0B,KAAK,CAAC;QACxC+C,MAAM,EAAEP,WAAW,CAACK,eAAe;QACnC5D,OAAO,EAAEuD,WAAW,CAACvD;MACvB,CAAC,CAAC;MAEF,OAAO;QACL6D,aAAa;QACbtB,qBAAqB;QACrBF;MACF,CAAC;IACH;IAEA,MAAM,IAAI1D,aAAa,CACpB,mDAAkDmE,QAAQ,CAACK,MAAO;AACzE,QAAQ,MAAML,QAAQ,CAACiB,IAAI,CAAC,CAAE,EAC1B,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,cAAc,GAClBC,KAAA;EAAA,IAAC;IAAEC;EAAsD,CAAC,GAAAD,KAAA;EAAA,OAC1D,OAAAE,KAAA,EAAAC,KAAA,KAMM;IAAA,IALJ;MAAEP,aAAa;MAAExB;IAA6C,CAAC,GAAA8B,KAAA;IAAA,IAC/D,CAACE,EAAE,EAAEC,MAAM,CAAe,GAAAF,KAAA;IAK1B;IACA,MAAM;MAAEG,KAAK,EAAEC,EAAE;MAAEC;IAAM,CAAC,GAAG,MAAMjF,QAAQ,CAAC6E,EAAE,EAAEC,MAAM,CAAC;;IAEvD;IACA,MAAM;MACJtE,OAAO,EAAE;QAAE0E;MAAI;IACjB,CAAC,GAAG9E,yBAAyB,CAACf,MAAM,CAACwD,yBAAyB,CAAC;IAE/D,MAAMsC,MAAM,GAAG,MAAMT,gBAAgB,CAACU,YAAY,CAAC,CAAC,CAAC9D,IAAI,CAAE+D,CAAC,IAAKA,CAAC,CAAClB,GAAG,CAAC;;IAEvE;IACA,MAAMmB,QAAQ,GAAG,MAAM,IAAI7F,OAAO,CAACiF,gBAAgB,CAAC,CACjDa,kBAAkB,CAAC;MAClBC,GAAG,EAAE,KAAK;MACVrB,GAAG,EAAEgB;IACP,CAAC,CAAC,CACDM,UAAU,CAAC;MACVT,EAAE,EAAEA,EAAE;MACN/B,GAAG,EAAG,GAAElD,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MACnBgC,GAAG;MACHQ,KAAK,EAAErB,aAAa,CAAC7D,OAAO,CAACkF;IAC/B,CAAC,CAAC,CACDC,WAAW,CAACtB,aAAa,CAAC7D,OAAO,CAACoF,YAAY,CAAC,CAC/CC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,QAAQ,GAAG3B,aAAa,CAAC7D,OAAO,CAACyF,KAAK;IAC5C,MAAMC,uBAAuB,GAAG;MAC9BC,aAAa,EAAG,GAAEpG,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MAC7BkD,EAAE,EAAG,GAAErG,IAAI,CAACmD,EAAE,CAAC,CAAE,EAAC;MAClBmD,cAAc,EAAEpB,KAAK,CAACqB,GAAG,CAAEC,CAAC,KAAM;QAChCH,EAAE,EAAEJ,QAAQ;QACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;QAC5BC,MAAM,EAAE;MACV,CAAC,CAAC;IACJ,CAAC;IAED,OAAO;MAAEnB,QAAQ;MAAEY;IAAwB,CAAC;EAC9C,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,yBAAyB,GACpCC,KAAA;EAAA,IAAC;IACCjC,gBAAgB;IAChB1D,QAAQ,GAAGC;EAIb,CAAC,GAAA0F,KAAA;EAAA,OACD,OAAAC,KAAA,EAMEC,YAA0B,KACN;IAAA,IANpB;MACExC,aAAa;MACbtB,qBAAqB;MACrBF;IACiB,CAAC,GAAA+D,KAAA;IAGpB;IACA;IACA,MAAM/F,GAAG,GAAGR,2BAA2B,CAAC0C,qBAAqB,CAAC;IAE9D,MAAM;MAAEuC,QAAQ;MAAEY;IAAwB,CAAC,GAAG,MAAM1B,cAAc,CAAC;MACjEE;IACF,CAAC,CAAC,CACA;MACEL,aAAa;MACbtB,qBAAqB;MACrBF;IACF,CAAC,EACDgE,YACF,CAAC;IAED,MAAMC,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;MAC1CC,KAAK,EAAE5C,aAAa,CAAC7D,OAAO,CAACyG,KAAK;MAClCf,uBAAuB;MACvBR,KAAK,EAAErB,aAAa,CAAC7D,OAAO,CAACkF,KAAK;MAClCJ;IACF,CAAC,CAAC;IAEF,MAAM4B,SAAS,GAAG,MAAM,IAAIxH,UAAU,CAACoH,oBAAoB,EAAE;MAC3DK,GAAG,EAAE,cAAc;MACnBC,GAAG,EAAE,eAAe;MACpBjD,GAAG,EAAEtD,GAAG,CAACsD;IACX,CAAC,CAAC,CAACkD,OAAO,CAACxG,GAAG,CAAC;IAEf,MAAMyG,QAAQ,GAAG,IAAIC,eAAe,CAAC;MAAEjE,QAAQ,EAAE4D;IAAU,CAAC,CAAC;IAC7D,MAAMM,IAAI,GAAGF,QAAQ,CAACG,QAAQ,CAAC,CAAC;IAEhC,MAAMnE,QAAQ,GAAG,MAAMtC,QAAQ,CAACqD,aAAa,CAAC7D,OAAO,CAACoF,YAAY,EAAE;MAClErC,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDgE;IACF,CAAC,CAAC;IAEF,IAAIlE,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAML,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAI1E,aAAa,CACpB,oDAAmD,MAAMmE,QAAQ,CAACiB,IAAI,CAAC,CAAE,eACxEjB,QAAQ,CAACK,MACV,EACH,CAAC;EACH,CAAC;AAAA"}

package/lib/module/trust/types.js

@@ -22,12 +22,13 @@ export const EntityStatement = z.object({
     exp: z.number()
   })
 });
+export const EntityConfigurationHeader = z.object({
+  typ: z.literal("entity-statement+jwt"),
+  alg: z.string(),
+  kid: z.string()
+});
 export const EntityConfiguration = z.object({
-  header: z.object({
-    typ: z.literal("entity-statement+jwt"),
-    alg: z.string(),
-    kid: z.string()
-  }),
+  header: EntityConfigurationHeader,
   payload: z.object({
     exp: UnixTime,
     iat: UnixTime,
@@ -50,7 +51,7 @@ export const EntityConfiguration = z.object({
       }).passthrough()
     }).passthrough(),
     authority_hints: z.array(z.string()).optional()
-  })
+  }).passthrough()
 });
 export const TrustAnchorEntityConfiguration = EntityConfiguration;
 //# sourceMappingURL=types.js.map

package/lib/module/trust/types.js.map

@@ -1 +1 @@
-{"version":3,"names":["UnixTime","JWK","z","TrustMark","object","id","string","trust_mark","EntityStatement","header","typ","literal","alg","kid","payload","iss","sub","jwks","keys","array","trust_marks","iat","number","exp","EntityConfiguration","metadata","federation_entity","federation_fetch_endpoint","optional","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","homepage_uri","policy_uri","logo_uri","contacts","passthrough","authority_hints","TrustAnchorEntityConfiguration"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,OAAO,MAAMC,SAAS,GAAGD,CAAC,CAACE,MAAM,CAAC;EAAEC,EAAE,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEL,CAAC,CAACI,MAAM,CAAC;AAAE,CAAC,CAAC;AAI7E,OAAO,MAAME,eAAe,GAAGN,CAAC,CAACE,MAAM,CAAC;EACtCK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACFQ,OAAO,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAChBW,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MAAEc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IAAE,CAAC,CAAC;IACtCmB,WAAW,EAAElB,CAAC,CAACiB,KAAK,CAAChB,SAAS,CAAC;IAC/BkB,GAAG,EAAEnB,CAAC,CAACoB,MAAM,CAAC,CAAC;IACfC,GAAG,EAAErB,CAAC,CAACoB,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAGF,OAAO,MAAME,mBAAmB,GAAGtB,CAAC,CAACE,MAAM,CAAC;EAC1CK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACFQ,OAAO,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAChBmB,GAAG,EAAEvB,QAAQ;IACbqB,GAAG,EAAErB,QAAQ;IACbe,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MACbc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IACnB,CAAC,CAAC;IACFwB,QAAQ,EAAEvB,CAAC,CACRE,MAAM,CAAC;MACNsB,iBAAiB,EAAExB,CAAC,CACjBE,MAAM,CAAC;QACNuB,yBAAyB,EAAEzB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAChDC,wBAAwB,EAAE3B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAC/CE,2BAA2B,EAAE5B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAClDG,qCAAqC,EAAE7B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAC5DI,mCAAmC,EAAE9B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAC1DK,YAAY,EAAE/B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QACnCM,UAAU,EAAEhC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QACjCO,QAAQ,EAAEjC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAC/BQ,QAAQ,EAAElC,CAAC,CAACiB,KAAK,CAACjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC;MACzC,CAAC,CAAC,CACDS,WAAW,CAAC;IACjB,CAAC,CAAC,CACDA,WAAW,CAAC,CAAC;IAChBC,eAAe,EAAEpC,CAAC,CAACiB,KAAK,CAACjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC;EAChD,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAMW,8BAA8B,GAAGf,mBAAmB"}
+{"version":3,"names":["UnixTime","JWK","z","TrustMark","object","id","string","trust_mark","EntityStatement","header","typ","literal","alg","kid","payload","iss","sub","jwks","keys","array","trust_marks","iat","number","exp","EntityConfigurationHeader","EntityConfiguration","metadata","federation_entity","federation_fetch_endpoint","optional","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","homepage_uri","policy_uri","logo_uri","contacts","passthrough","authority_hints","TrustAnchorEntityConfiguration"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,OAAO,MAAMC,SAAS,GAAGD,CAAC,CAACE,MAAM,CAAC;EAAEC,EAAE,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEL,CAAC,CAACI,MAAM,CAAC;AAAE,CAAC,CAAC;AAI7E,OAAO,MAAME,eAAe,GAAGN,CAAC,CAACE,MAAM,CAAC;EACtCK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACFQ,OAAO,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAChBW,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MAAEc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IAAE,CAAC,CAAC;IACtCmB,WAAW,EAAElB,CAAC,CAACiB,KAAK,CAAChB,SAAS,CAAC;IAC/BkB,GAAG,EAAEnB,CAAC,CAACoB,MAAM,CAAC,CAAC;IACfC,GAAG,EAAErB,CAAC,CAACoB,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAME,yBAAyB,GAAGtB,CAAC,CAACE,MAAM,CAAC;EAChDM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;EACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;EACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;AAChB,CAAC,CAAC;AAGF,OAAO,MAAMmB,mBAAmB,GAAGvB,CAAC,CAACE,MAAM,CAAC;EAC1CK,MAAM,EAAEe,yBAAyB;EACjCV,OAAO,EAAEZ,CAAC,CACPE,MAAM,CAAC;IACNmB,GAAG,EAAEvB,QAAQ;IACbqB,GAAG,EAAErB,QAAQ;IACbe,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MACbc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IACnB,CAAC,CAAC;IACFyB,QAAQ,EAAExB,CAAC,CACRE,MAAM,CAAC;MACNuB,iBAAiB,EAAEzB,CAAC,CACjBE,MAAM,CAAC;QACNwB,yBAAyB,EAAE1B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAChDC,wBAAwB,EAAE5B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC/CE,2BAA2B,EAAE7B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAClDG,qCAAqC,EAAE9B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC5DI,mCAAmC,EAAE/B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC1DK,YAAY,EAAEhC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QACnCM,UAAU,EAAEjC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QACjCO,QAAQ,EAAElC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACuB,QAAQ,CAAC,CAAC;QAC/BQ,QAAQ,EAAEnC,CAAC,CAACiB,KAAK,CAACjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACuB,QAAQ,CAAC;MACzC,CAAC,CAAC,CACDS,WAAW,CAAC;IACjB,CAAC,CAAC,CACDA,WAAW,CAAC,CAAC;IAChBC,eAAe,EAAErC,CAAC,CAACiB,KAAK,CAACjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACuB,QAAQ,CAAC;EAChD,CAAC,CAAC,CACDS,WAAW,CAAC;AACjB,CAAC,CAAC;AAKF,OAAO,MAAME,8BAA8B,GAAGf,mBAAmB"}

package/lib/module/utils/crypto.js

@@ -0,0 +1,40 @@
+import { getPublicKey, sign } from "@pagopa/io-react-native-crypto";
+import { thumbprint } from "@pagopa/io-react-native-jwt";
+import { fixBase64EncodingOnKey } from "./jwk";
+
+/**
+ * Create a CryptoContext bound to a key pair.
+ * Key pair is supposed to exist already in the device's keychain.
+ * It's identified by its unique keytag.
+ *
+ * @returns the crypto context
+ */
+export const createCryptoContextFor = keytag => {
+  return {
+    /**
+     * Retrieve the public key of the pair.
+     * If the key pair doesn't exist yet, an error is raised
+     * @returns The public key.
+     */
+    async getPublicKey() {
+      return getPublicKey(keytag).then(fixBase64EncodingOnKey).then(async jwk => ({
+        ...jwk,
+        // Keys in the TEE are not stored with their KID, which is supposed to be assigned when they are included in JWK sets.
+        // (that is, KID is not a propoerty of the key itself, but it's property used to identify a key in a set).
+        // We assume the convention we use the thumbprint of the public key as KID, thus for easy development we decided to evaluate KID here
+        // However the values is an arbitrary string that might be anything
+        kid: await thumbprint(jwk)
+      }));
+    },
+    /**
+     * Get a signature for a provided value.
+     * If the key pair doesn't exist yet, an error is raised.
+     * @param value
+     * @returns The signature for the value
+     */
+    async getSignature(value) {
+      return sign(value, keytag);
+    }
+  };
+};
+//# sourceMappingURL=crypto.js.map

package/lib/module/utils/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["getPublicKey","sign","thumbprint","fixBase64EncodingOnKey","createCryptoContextFor","keytag","then","jwk","kid","getSignature","value"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":"AAAA,SAASA,YAAY,EAAEC,IAAI,QAAQ,gCAAgC;AACnE,SAASC,UAAU,QAA4B,6BAA6B;AAC5E,SAASC,sBAAsB,QAAQ,OAAO;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,GAAIC,MAAc,IAAoB;EACvE,OAAO;IACL;AACJ;AACA;AACA;AACA;IACI,MAAML,YAAYA,CAAA,EAAG;MACnB,OAAOA,YAAY,CAACK,MAAM,CAAC,CACxBC,IAAI,CAACH,sBAAsB,CAAC,CAC5BG,IAAI,CAAC,MAAOC,GAAG,KAAM;QACpB,GAAGA,GAAG;QACN;QACA;QACA;QACA;QACAC,GAAG,EAAE,MAAMN,UAAU,CAACK,GAAG;MAC3B,CAAC,CAAC,CAAC;IACP,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;IACI,MAAME,YAAYA,CAACC,KAAa,EAAE;MAChC,OAAOT,IAAI,CAACS,KAAK,EAAEL,MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC"}

package/lib/module/utils/dpop.js

@@ -1,12 +1,20 @@
 import * as z from "zod";
 import { SignJWT } from "@pagopa/io-react-native-jwt";
-export const getUnsignedDPop = (jwk, payload) => {
-  const dPop = new SignJWT(payload).setProtectedHeader({
-    alg: "ES256",
+
+/**
+ * Create a signed DPoP token
+ *
+ * @param payload The payload to be included in the token.
+ * @param crypto The crypto context that handles the key bound to the DPoP.
+ *
+ * @returns The signed crypto token.
+ */
+export const createDPopToken = async (payload, crypto) => {
+  const jwk = await crypto.getPublicKey();
+  return new SignJWT(crypto).setPayload(payload).setProtectedHeader({
     typ: "dpop+jwt",
     jwk
-  }).setIssuedAt().setExpirationTime("1h").toSign();
-  return dPop;
+  }).setIssuedAt().setExpirationTime("1h").sign();
 };
 export const DPoPPayload = z.object({
   jti: z.string(),

package/lib/module/utils/dpop.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","SignJWT","getUnsignedDPop","jwk","payload","dPop","setProtectedHeader","alg","typ","setIssuedAt","setExpirationTime","toSign","DPoPPayload","object","jti","string","htm","union","literal","htu","ath","optional"],"sourceRoot":"../../../src","sources":["utils/dpop.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AAExB,SAASC,OAAO,QAAQ,6BAA6B;AAGrD,OAAO,MAAMC,eAAe,GAAGA,CAACC,GAAQ,EAAEC,OAAoB,KAAa;EACzE,MAAMC,IAAI,GAAG,IAAIJ,OAAO,CAACG,OAAO,CAAC,CAC9BE,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,UAAU;IACfL;EACF,CAAC,CAAC,CACDM,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,MAAM,CAAC,CAAC;EACX,OAAON,IAAI;AACb,CAAC;AAGD,OAAO,MAAMO,WAAW,GAAGZ,CAAC,CAACa,MAAM,CAAC;EAClCC,GAAG,EAAEd,CAAC,CAACe,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEhB,CAAC,CAACiB,KAAK,CAAC,CAACjB,CAAC,CAACkB,OAAO,CAAC,MAAM,CAAC,EAAElB,CAAC,CAACkB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;EACnDC,GAAG,EAAEnB,CAAC,CAACe,MAAM,CAAC,CAAC;EACfK,GAAG,EAAEpB,CAAC,CAACe,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC;AAC3B,CAAC,CAAC"}
+{"version":3,"names":["z","SignJWT","createDPopToken","payload","crypto","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setIssuedAt","setExpirationTime","sign","DPoPPayload","object","jti","string","htm","union","literal","htu","ath","optional"],"sourceRoot":"../../../src","sources":["utils/dpop.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AAExB,SAASC,OAAO,QAA4B,6BAA6B;;AAEzE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAe,GAAG,MAAAA,CAC7BC,OAAoB,EACpBC,MAAqB,KACD;EACpB,MAAMC,GAAG,GAAG,MAAMD,MAAM,CAACE,YAAY,CAAC,CAAC;EACvC,OAAO,IAAIL,OAAO,CAACG,MAAM,CAAC,CACvBG,UAAU,CAACJ,OAAO,CAAC,CACnBK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,UAAU;IACfJ;EACF,CAAC,CAAC,CACDK,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;AAGD,OAAO,MAAMC,WAAW,GAAGb,CAAC,CAACc,MAAM,CAAC;EAClCC,GAAG,EAAEf,CAAC,CAACgB,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEjB,CAAC,CAACkB,KAAK,CAAC,CAAClB,CAAC,CAACmB,OAAO,CAAC,MAAM,CAAC,EAAEnB,CAAC,CAACmB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;EACnDC,GAAG,EAAEpB,CAAC,CAACgB,MAAM,CAAC,CAAC;EACfK,GAAG,EAAErB,CAAC,CAACgB,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC;AAC3B,CAAC,CAAC"}

package/lib/module/wallet-instance-attestation/index.js

@@ -1,8 +1,8 @@
 import { WalletInstanceAttestationJwt } from "./types";
 import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
 import { verify as verifyJwt } from "@pagopa/io-react-native-jwt";
-import { Issuing } from "./issuing";
-export { Issuing };
+import { getAttestation } from "./issuing";
+export { getAttestation };
 /**
  * Decode a given JWT to get the parsed Wallet Instance Attestation object they define.
  * It ensures provided data is in a valid shape.

package/lib/module/wallet-instance-attestation/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["WalletInstanceAttestationJwt","decode","decodeJwt","verify","verifyJwt","Issuing","token","decodedJwt","parse","header","protectedHeader","payload","decoded","pubKey","cnf","jwk"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/index.ts"],"mappings":"AAAA,SAASA,4BAA4B,QAAQ,SAAS;AACtD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AAEjE,SAASC,OAAO,QAAQ,WAAW;AACnC,SAASA,OAAO;AAChB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASJ,MAAMA,CAACK,KAAa,EAAgC;EAClE;EACA,MAAMC,UAAU,GAAGL,SAAS,CAACI,KAAK,CAAC;EACnC;EACA,OAAON,4BAA4B,CAACQ,KAAK,CAAC;IACxCC,MAAM,EAAEF,UAAU,CAACG,eAAe;IAClCC,OAAO,EAAEJ,UAAU,CAACI;EACtB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeR,MAAMA,CAC1BG,KAAa,EAC0B;EACvC,MAAMM,OAAO,GAAGX,MAAM,CAACK,KAAK,CAAC;EAC7B,MAAMO,MAAM,GAAGD,OAAO,CAACD,OAAO,CAACG,GAAG,CAACC,GAAG;EAEtC,MAAMX,SAAS,CAACE,KAAK,EAAEO,MAAM,CAAC;EAE9B,OAAOD,OAAO;AAChB"}
+{"version":3,"names":["WalletInstanceAttestationJwt","decode","decodeJwt","verify","verifyJwt","getAttestation","token","decodedJwt","parse","header","protectedHeader","payload","decoded","pubKey","cnf","jwk"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/index.ts"],"mappings":"AAAA,SAASA,4BAA4B,QAAQ,SAAS;AACtD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AAEjE,SAASC,cAAc,QAAQ,WAAW;AAC1C,SAASA,cAAc;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASJ,MAAMA,CAACK,KAAa,EAAgC;EAClE;EACA,MAAMC,UAAU,GAAGL,SAAS,CAACI,KAAK,CAAC;EACnC;EACA,OAAON,4BAA4B,CAACQ,KAAK,CAAC;IACxCC,MAAM,EAAEF,UAAU,CAACG,eAAe;IAClCC,OAAO,EAAEJ,UAAU,CAACI;EACtB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeR,MAAMA,CAC1BG,KAAa,EAC0B;EACvC,MAAMM,OAAO,GAAGX,MAAM,CAACK,KAAK,CAAC;EAC7B,MAAMO,MAAM,GAAGD,OAAO,CAACD,OAAO,CAACG,GAAG,CAACC,GAAG;EAEtC,MAAMX,SAAS,CAACE,KAAK,EAAEO,MAAM,CAAC;EAE9B,OAAOD,OAAO;AAChB"}