@pagopa/io-react-native-wallet 0.4.3 → 0.6.0

package/lib/module/rp/index.js

@@ -1,83 +1,75 @@
 import { AuthRequestDecodeError, IoWalletError, NoSuitableKeysFoundInEntityConfiguration } from "../utils/errors";
 import { decode as decodeJwt, decodeBase64, sha256ToBase64, SignJWT, EncryptJwe, verify } from "@pagopa/io-react-native-jwt";
-import { QRCodePayload, RequestObject, RpEntityConfiguration } from "./types";
+import { QRCodePayload, RequestObject } from "./types";
 import uuid from "react-native-uuid";
 import { disclose } from "../sd-jwt";
-import { getEntityConfiguration } from "../trust";
-export class RelyingPartySolution {
-  constructor(relyingPartyBaseUrl, walletInstanceAttestation) {
-    let appFetch = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : fetch;
-    this.relyingPartyBaseUrl = relyingPartyBaseUrl;
-    this.walletInstanceAttestation = walletInstanceAttestation;
-    this.appFetch = appFetch;
+import { createDPopToken } from "../utils/dpop";
+import * as WalletInstanceAttestation from "../wallet-instance-attestation";
+
+/**
+ * Select a RSA public key from those provided by the RP to encrypt.
+ *
+ * @param entity The RP entity configuration
+ * @returns A suitable public key with its compatible encryption algorithm
+ * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
+ */
+const chooseRSAPublicKeyToEncrypt = entity => {
+  const [usingRsa256] = entity.payload.metadata.wallet_relying_party.jwks.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
+  if (usingRsa256) {
+    return usingRsa256;
   }
 
-  /**
-   * Decode a QR code content to an authentication request url.
-   * @function
-   * @param qrcode QR code content
-   *
-   * @returns The authentication request url
-   *
-   */
-  static decodeAuthRequestQR(qrcode) {
-    const decoded = decodeBase64(qrcode);
-    const decodedUrl = new URL(decoded);
-    const protocol = decodedUrl.protocol;
-    const resource = decodedUrl.hostname;
-    const requestURI = decodedUrl.searchParams.get("request_uri");
-    const clientId = decodedUrl.searchParams.get("client_id");
-    const result = QRCodePayload.safeParse({
-      protocol,
-      resource,
-      requestURI,
-      clientId
-    });
-    if (result.success) {
-      return result.data;
-    } else {
-      throw new AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
-    }
+  // No suitable key has been found
+  throw new NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
+};
+
+/**
+ * Decode a QR code content to an authentication request url.
+ * @function
+ * @param qrcode QR code content
+ *
+ * @returns The authentication request url
+ *
+ */
+export const decodeAuthRequestQR = qrcode => {
+  const decoded = decodeBase64(qrcode);
+  const decodedUrl = new URL(decoded);
+  const protocol = decodedUrl.protocol;
+  const resource = decodedUrl.hostname;
+  const requestURI = decodedUrl.searchParams.get("request_uri");
+  const clientId = decodedUrl.searchParams.get("client_id");
+  const result = QRCodePayload.safeParse({
+    protocol,
+    resource,
+    requestURI,
+    clientId
+  });
+  if (result.success) {
+    return result.data;
+  } else {
+    throw new AuthRequestDecodeError(result.error.message, `${decodedUrl}`);
   }
-  /**
-   * Obtain the unsigned wallet instance DPoP for authentication request
-   *
-   * @function
-   * @param walletInstanceAttestationJwk JWT of the Wallet Instance Attestation
-   * @param authRequestUrl authentication request url
-   *
-   * @returns The unsigned wallet instance DPoP
-   *
-   */
-  async getUnsignedWalletInstanceDPoP(walletInstanceAttestationJwk, authRequestUrl) {
-    return await new SignJWT({
+};
+/**
+ * Obtain the Request Object for RP authentication
+ * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
+ */
+export const getRequestObject = _ref => {
+  let {
+    wiaCryptoContext,
+    appFetch = fetch
+  } = _ref;
+  return async (walletInstanceAttestation, requestUri, rpEntityConfiguration) => {
+    const signedWalletInstanceDPoP = await createDPopToken({
       jti: `${uuid.v4()}`,
       htm: "GET",
-      htu: authRequestUrl,
-      ath: await sha256ToBase64(this.walletInstanceAttestation)
-    }).setProtectedHeader({
-      alg: "ES256",
-      jwk: walletInstanceAttestationJwk,
-      typ: "dpop+jwt"
-    }).setIssuedAt().setExpirationTime("1h").toSign();
-  }
-
-  /**
-   * Obtain the Request Object for RP authentication
-   * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
-   *
-   * @async @function
-   * @param signedWalletInstanceDPoP JWT of the Wallet Instance Attestation DPoP
-   *
-   * @returns The Request Object JWT
-   * @throws {NoSuitableKeysFoundInEntityConfiguration} When the Request Object is signed with a key not listed in RP's entity configuration
-   *
-   */
-  async getRequestObject(signedWalletInstanceDPoP, requestUri, entity) {
-    const response = await this.appFetch(requestUri, {
+      htu: requestUri,
+      ath: await sha256ToBase64(walletInstanceAttestation)
+    }, wiaCryptoContext);
+    const response = await appFetch(requestUri, {
       method: "GET",
       headers: {
-        Authorization: `DPoP ${this.walletInstanceAttestation}`,
+        Authorization: `DPoP ${walletInstanceAttestation}`,
         DPoP: signedWalletInstanceDPoP
       }
     });
@@ -89,10 +81,10 @@ export class RelyingPartySolution {
       // verify token signature according to RP's entity configuration
       // to ensure the request object is authentic
       {
-        const pubKey = entity.payload.metadata.wallet_relying_party.jwks.find(_ref => {
+        const pubKey = rpEntityConfiguration.payload.metadata.wallet_relying_party.jwks.find(_ref2 => {
           let {
             kid
-          } = _ref;
+          } = _ref2;
           return kid === responseJwt.protectedHeader.kid;
         });
         if (!pubKey) {
@@ -102,55 +94,63 @@ export class RelyingPartySolution {
       }
 
       // parse request object it has the expected shape by specification
-      const requestObj = RequestObject.parse({
+      const requestObject = RequestObject.parse({
         header: responseJwt.protectedHeader,
         payload: responseJwt.payload
       });
-      return requestObj;
+      return {
+        requestObject,
+        rpEntityConfiguration,
+        walletInstanceAttestation
+      };
     }
-    throw new IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}`);
-  }
+    throw new IoWalletError(`Unable to obtain Request Object. Response code: ${response.status}
+      ${await response.text()}`);
+  };
+};
 
-  /**
-   * Prepare the Verified Presentation token for a received request object in the context of an authorization request flow.
-   * The presentation is prepared by disclosing data from provided credentials, according to requested claims
-   * Each Verified Credential come along with the claims the user accepts to disclose from it.
-   *
-   * The returned token is unsigned (sign should be apply by the caller).
-   *
-   * @todo accept more than a Verified Credential
-   *
-   * @param requestObj The incoming request object, which the requirements for the requested authorization
-   * @param walletInstanceIdentifier The identifies of the wallt instance that is presenting
-   * @param presentation The Verified Credential containing user data along with the list of claims to be disclosed.
-   * @param signKeyId The kid of the key that will be used to sign
-   * @returns The unsigned Verified Presentation token
-   * @throws {ClaimsNotFoundBetweenDislosures} If the Verified Credential does not contain one or more requested claims.
-   *
-   */
-  async prepareVpToken(requestObj, walletInstanceIdentifier, _ref2,
-  // TODO: [SIW-353] support multiple presentations,
-  signKeyId) {
-    let [vc, claims] = _ref2;
+/**
+ * Prepare the Verified Presentation token for a received request object in the context of an authorization request flow.
+ * The presentation is prepared by disclosing data from provided credentials, according to requested claims
+ * Each Verified Credential come along with the claims the user accepts to disclose from it.
+ *
+ * @todo accept more than a Verified Credential
+ */
+const prepareVpToken = _ref3 => {
+  let {
+    pidCryptoContext
+  } = _ref3;
+  return async (_ref4, _ref5) => {
+    let {
+      requestObject,
+      walletInstanceAttestation
+    } = _ref4;
+    let [vc, claims] = _ref5;
     // this throws if vc cannot satisfy all the requested claims
     const {
       token: vp,
       paths
     } = await disclose(vc, claims);
 
-    // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
+    // obtain issuer from Wallet Instance
+    const {
+      payload: {
+        iss
+      }
+    } = WalletInstanceAttestation.decode(walletInstanceAttestation);
+    const pidKid = await pidCryptoContext.getPublicKey().then(_ => _.kid);
 
-    const vp_token = new SignJWT({
+    // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
+    const vp_token = await new SignJWT(pidCryptoContext).setProtectedHeader({
+      typ: "JWT",
+      kid: pidKid
+    }).setPayload({
       vp: vp,
       jti: `${uuid.v4()}`,
-      iss: walletInstanceIdentifier,
-      nonce: requestObj.payload.nonce
-    }).setAudience(requestObj.payload.response_uri).setIssuedAt().setExpirationTime("1h").setProtectedHeader({
-      typ: "JWT",
-      alg: "ES256",
-      kid: signKeyId
-    }).toSign();
-    const vc_scope = requestObj.payload.scope;
+      iss,
+      nonce: requestObject.payload.nonce
+    }).setAudience(requestObject.payload.response_uri).setIssuedAt().setExpirationTime("1h").sign();
+    const vc_scope = requestObject.payload.scope;
     const presentation_submission = {
       definition_id: `${uuid.v4()}`,
       id: `${uuid.v4()}`,
@@ -164,30 +164,43 @@ export class RelyingPartySolution {
       vp_token,
       presentation_submission
     };
-  }
+  };
+};
 
-  /**
-   * Compose and send an Authorization Response in the context of an authorization request flow.
-   *
-   * @todo MUST add presentation_submission
-   *
-   * @param requestObj The incoming request object, which the requirements for the requested authorization
-   * @param vp_token The signed Verified Presentation token with data to send.
-   * @param presentation_submission
-   * @param entity The RP entity configuration
-   * @returns The response from the RP
-   * @throws {IoWalletError} if the submission fails.
-   * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key
-   *
-   */
-  async sendAuthorizationResponse(requestObj, vp_token, presentation_submission, entity) {
+/**
+ * Compose and send an Authorization Response in the context of an authorization request flow.
+ *
+ * @todo MUST add presentation_submission
+ *
+ */
+export const sendAuthorizationResponse = _ref6 => {
+  let {
+    pidCryptoContext,
+    appFetch = fetch
+  } = _ref6;
+  return async (_ref7, presentation) => {
+    let {
+      requestObject,
+      rpEntityConfiguration,
+      walletInstanceAttestation
+    } = _ref7;
     // the request is an unsigned jws without iss, aud, exp
     // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
-    const jwk = this.chooseRSAPublicKeyToEncrypt(entity);
+    const jwk = chooseRSAPublicKeyToEncrypt(rpEntityConfiguration);
+    const {
+      vp_token,
+      presentation_submission
+    } = await prepareVpToken({
+      pidCryptoContext
+    })({
+      requestObject,
+      rpEntityConfiguration,
+      walletInstanceAttestation
+    }, presentation);
     const authzResponsePayload = JSON.stringify({
-      state: requestObj.payload.state,
+      state: requestObject.payload.state,
       presentation_submission,
-      nonce: requestObj.payload.nonce,
+      nonce: requestObject.payload.nonce,
       vp_token
     });
     const encrypted = await new EncryptJwe(authzResponsePayload, {
@@ -199,7 +212,7 @@ export class RelyingPartySolution {
       response: encrypted
     });
     const body = formBody.toString();
-    const response = await this.appFetch(requestObj.payload.response_uri, {
+    const response = await appFetch(requestObject.payload.response_uri, {
       method: "POST",
       headers: {
         "Content-Type": "application/x-www-form-urlencoded"
@@ -210,32 +223,6 @@ export class RelyingPartySolution {
       return await response.json();
     }
     throw new IoWalletError(`Unable to send Authorization Response. Response: ${await response.text()} with code: ${response.status}`);
-  }
-
-  /**
-   * Select a RSA public key from those provided by the RP to encrypt.
-   *
-   * @param entity The RP entity configuration
-   * @returns A suitable public key with its compatible encryption algorithm
-   * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
-   */
-  chooseRSAPublicKeyToEncrypt(entity) {
-    const [usingRsa256] = entity.payload.metadata.wallet_relying_party.jwks.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
-    if (usingRsa256) {
-      return usingRsa256;
-    }
-
-    // No suitable key has been found
-    throw new NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
-  }
-
-  /**
-   * Obtain the relying party entity configuration.
-   */
-  async getEntityConfiguration() {
-    return getEntityConfiguration(this.relyingPartyBaseUrl, {
-      appFetch: this.appFetch
-    }).then(RpEntityConfiguration.parse);
-  }
-}
+  };
+};
 //# sourceMappingURL=index.js.map

package/lib/module/rp/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["AuthRequestDecodeError","IoWalletError","NoSuitableKeysFoundInEntityConfiguration","decode","decodeJwt","decodeBase64","sha256ToBase64","SignJWT","EncryptJwe","verify","QRCodePayload","RequestObject","RpEntityConfiguration","uuid","disclose","getEntityConfiguration","RelyingPartySolution","constructor","relyingPartyBaseUrl","walletInstanceAttestation","appFetch","arguments","length","undefined","fetch","decodeAuthRequestQR","qrcode","decoded","decodedUrl","URL","protocol","resource","hostname","requestURI","searchParams","get","clientId","result","safeParse","success","data","error","message","getUnsignedWalletInstanceDPoP","walletInstanceAttestationJwk","authRequestUrl","jti","v4","htm","htu","ath","setProtectedHeader","alg","jwk","typ","setIssuedAt","setExpirationTime","toSign","getRequestObject","signedWalletInstanceDPoP","requestUri","entity","response","method","headers","Authorization","DPoP","status","responseJson","json","responseEncodedJwt","responseJwt","pubKey","payload","metadata","wallet_relying_party","jwks","find","_ref","kid","protectedHeader","requestObj","parse","header","prepareVpToken","walletInstanceIdentifier","_ref2","signKeyId","vc","claims","token","vp","paths","vp_token","iss","nonce","setAudience","response_uri","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","chooseRSAPublicKeyToEncrypt","authzResponsePayload","JSON","stringify","state","encrypted","enc","encrypt","formBody","URLSearchParams","body","toString","text","usingRsa256","filter","use","kty","then"],"sourceRoot":"../../../src","sources":["rp/index.ts"],"mappings":"AAAA,SACEA,sBAAsB,EACtBC,aAAa,EACbC,wCAAwC,QACnC,iBAAiB;AACxB,SACEC,MAAM,IAAIC,SAAS,EACnBC,YAAY,EACZC,cAAc,EACdC,OAAO,EACPC,UAAU,EACVC,MAAM,QACD,6BAA6B;AACpC,SACEC,aAAa,EACbC,aAAa,EACbC,qBAAqB,QAEhB,SAAS;AAEhB,OAAOC,IAAI,MAAM,mBAAmB;AAEpC,SAASC,QAAQ,QAAQ,WAAW;AACpC,SAASC,sBAAsB,QAAQ,UAAU;AAEjD,OAAO,MAAMC,oBAAoB,CAAC;EAKhCC,WAAWA,CACTC,mBAA2B,EAC3BC,yBAAiC,EAEjC;IAAA,IADAC,QAA8B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;IAEtC,IAAI,CAACN,mBAAmB,GAAGA,mBAAmB;IAC9C,IAAI,CAACC,yBAAyB,GAAGA,yBAAyB;IAC1D,IAAI,CAACC,QAAQ,GAAGA,QAAQ;EAC1B;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACE,OAAOK,mBAAmBA,CAACC,MAAc,EAAiB;IACxD,MAAMC,OAAO,GAAGtB,YAAY,CAACqB,MAAM,CAAC;IACpC,MAAME,UAAU,GAAG,IAAIC,GAAG,CAACF,OAAO,CAAC;IACnC,MAAMG,QAAQ,GAAGF,UAAU,CAACE,QAAQ;IACpC,MAAMC,QAAQ,GAAGH,UAAU,CAACI,QAAQ;IACpC,MAAMC,UAAU,GAAGL,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC;IAC7D,MAAMC,QAAQ,GAAGR,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,WAAW,CAAC;IAEzD,MAAME,MAAM,GAAG3B,aAAa,CAAC4B,SAAS,CAAC;MACrCR,QAAQ;MACRC,QAAQ;MACRE,UAAU;MACVG;IACF,CAAC,CAAC;IAEF,IAAIC,MAAM,CAACE,OAAO,EAAE;MAClB,OAAOF,MAAM,CAACG,IAAI;IACpB,CAAC,MAAM;MACL,MAAM,IAAIxC,sBAAsB,CAACqC,MAAM,CAACI,KAAK,CAACC,OAAO,EAAG,GAAEd,UAAW,EAAC,CAAC;IACzE;EACF;EACA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMe,6BAA6BA,CACjCC,4BAAiC,EACjCC,cAAsB,EACL;IACjB,OAAO,MAAM,IAAItC,OAAO,CAAC;MACvBuC,GAAG,EAAG,GAAEjC,IAAI,CAACkC,EAAE,CAAC,CAAE,EAAC;MACnBC,GAAG,EAAE,KAAK;MACVC,GAAG,EAAEJ,cAAc;MACnBK,GAAG,EAAE,MAAM5C,cAAc,CAAC,IAAI,CAACa,yBAAyB;IAC1D,CAAC,CAAC,CACCgC,kBAAkB,CAAC;MAClBC,GAAG,EAAE,OAAO;MACZC,GAAG,EAAET,4BAA4B;MACjCU,GAAG,EAAE;IACP,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,MAAM,CAAC,CAAC;EACb;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMC,gBAAgBA,CACpBC,wBAAgC,EAChCC,UAAkB,EAClBC,MAA6B,EACL;IACxB,MAAMC,QAAQ,GAAG,MAAM,IAAI,CAAC1C,QAAQ,CAACwC,UAAU,EAAE;MAC/CG,MAAM,EAAE,KAAK;MACbC,OAAO,EAAE;QACPC,aAAa,EAAG,QAAO,IAAI,CAAC9C,yBAA0B,EAAC;QACvD+C,IAAI,EAAEP;MACR;IACF,CAAC,CAAC;IAEF,IAAIG,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,YAAY,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MAC1C,MAAMC,kBAAkB,GAAGF,YAAY,CAACN,QAAQ;MAEhD,MAAMS,WAAW,GAAGnE,SAAS,CAACkE,kBAAkB,CAAC;;MAEjD;MACA;MACA;QACE,MAAME,MAAM,GAAGX,MAAM,CAACY,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACC,IAAI,CACnEC,IAAA;UAAA,IAAC;YAAEC;UAAI,CAAC,GAAAD,IAAA;UAAA,OAAKC,GAAG,KAAKR,WAAW,CAACS,eAAe,CAACD,GAAG;QAAA,CACtD,CAAC;QACD,IAAI,CAACP,MAAM,EAAE;UACX,MAAM,IAAItE,wCAAwC,CAChD,uCACF,CAAC;QACH;QACA,MAAMO,MAAM,CAAC6D,kBAAkB,EAAEE,MAAM,CAAC;MAC1C;;MAEA;MACA,MAAMS,UAAU,GAAGtE,aAAa,CAACuE,KAAK,CAAC;QACrCC,MAAM,EAAEZ,WAAW,CAACS,eAAe;QACnCP,OAAO,EAAEF,WAAW,CAACE;MACvB,CAAC,CAAC;MAEF,OAAOQ,UAAU;IACnB;IAEA,MAAM,IAAIhF,aAAa,CACpB,mDAAkD6D,QAAQ,CAACK,MAAO,EACrE,CAAC;EACH;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMiB,cAAcA,CAClBH,UAAyB,EACzBI,wBAAgC,EAAAC,KAAA;EACJ;EAC5BC,SAAiB,EAIhB;IAAA,IALD,CAACC,EAAE,EAAEC,MAAM,CAAe,GAAAH,KAAA;IAM1B;IACA,MAAM;MAAEI,KAAK,EAAEC,EAAE;MAAEC;IAAM,CAAC,GAAG,MAAM9E,QAAQ,CAAC0E,EAAE,EAAEC,MAAM,CAAC;;IAEvD;;IAEA,MAAMI,QAAQ,GAAG,IAAItF,OAAO,CAAC;MAC3BoF,EAAE,EAAEA,EAAE;MACN7C,GAAG,EAAG,GAAEjC,IAAI,CAACkC,EAAE,CAAC,CAAE,EAAC;MACnB+C,GAAG,EAAET,wBAAwB;MAC7BU,KAAK,EAAEd,UAAU,CAACR,OAAO,CAACsB;IAC5B,CAAC,CAAC,CACCC,WAAW,CAACf,UAAU,CAACR,OAAO,CAACwB,YAAY,CAAC,CAC5C1C,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBL,kBAAkB,CAAC;MAClBG,GAAG,EAAE,KAAK;MACVF,GAAG,EAAE,OAAO;MACZ2B,GAAG,EAAEQ;IACP,CAAC,CAAC,CACD9B,MAAM,CAAC,CAAC;IAEX,MAAMyC,QAAQ,GAAGjB,UAAU,CAACR,OAAO,CAAC0B,KAAK;IACzC,MAAMC,uBAAuB,GAAG;MAC9BC,aAAa,EAAG,GAAExF,IAAI,CAACkC,EAAE,CAAC,CAAE,EAAC;MAC7BuD,EAAE,EAAG,GAAEzF,IAAI,CAACkC,EAAE,CAAC,CAAE,EAAC;MAClBwD,cAAc,EAAEX,KAAK,CAACY,GAAG,CAAEC,CAAC,KAAM;QAChCH,EAAE,EAAEJ,QAAQ;QACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;QAC5BC,MAAM,EAAE;MACV,CAAC,CAAC;IACJ,CAAC;IAED,OAAO;MAAEd,QAAQ;MAAEO;IAAwB,CAAC;EAC9C;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMQ,yBAAyBA,CAC7B3B,UAAyB,EACzBY,QAAgB,EAChBO,uBAAgD,EAChDvC,MAA6B,EACZ;IACjB;IACA;IACA,MAAMR,GAAG,GAAG,IAAI,CAACwD,2BAA2B,CAAChD,MAAM,CAAC;IAEpD,MAAMiD,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;MAC1CC,KAAK,EAAEhC,UAAU,CAACR,OAAO,CAACwC,KAAK;MAC/Bb,uBAAuB;MACvBL,KAAK,EAAEd,UAAU,CAACR,OAAO,CAACsB,KAAK;MAC/BF;IACF,CAAC,CAAC;IAEF,MAAMqB,SAAS,GAAG,MAAM,IAAI1G,UAAU,CAACsG,oBAAoB,EAAE;MAC3D1D,GAAG,EAAE,cAAc;MACnB+D,GAAG,EAAE,eAAe;MACpBpC,GAAG,EAAE1B,GAAG,CAAC0B;IACX,CAAC,CAAC,CAACqC,OAAO,CAAC/D,GAAG,CAAC;IAEf,MAAMgE,QAAQ,GAAG,IAAIC,eAAe,CAAC;MAAExD,QAAQ,EAAEoD;IAAU,CAAC,CAAC;IAC7D,MAAMK,IAAI,GAAGF,QAAQ,CAACG,QAAQ,CAAC,CAAC;IAEhC,MAAM1D,QAAQ,GAAG,MAAM,IAAI,CAAC1C,QAAQ,CAAC6D,UAAU,CAACR,OAAO,CAACwB,YAAY,EAAE;MACpElC,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDuD;IACF,CAAC,CAAC;IAEF,IAAIzD,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAML,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAIpE,aAAa,CACpB,oDAAmD,MAAM6D,QAAQ,CAAC2D,IAAI,CAAC,CAAE,eACxE3D,QAAQ,CAACK,MACV,EACH,CAAC;EACH;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;EACU0C,2BAA2BA,CAAChD,MAA6B,EAAO;IACtE,MAAM,CAAC6D,WAAW,CAAC,GACjB7D,MAAM,CAACY,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAAC+C,MAAM,CACrDtE,GAAG,IAAKA,GAAG,CAACuE,GAAG,KAAK,KAAK,IAAIvE,GAAG,CAACwE,GAAG,KAAK,KAC5C,CAAC;IAEH,IAAIH,WAAW,EAAE;MACf,OAAOA,WAAW;IACpB;;IAEA;IACA,MAAM,IAAIxH,wCAAwC,CAChD,4BACF,CAAC;EACH;;EAEA;AACF;AACA;EACE,MAAMa,sBAAsBA,CAAA,EAAmC;IAC7D,OAAOA,sBAAsB,CAAC,IAAI,CAACG,mBAAmB,EAAE;MACtDE,QAAQ,EAAE,IAAI,CAACA;IACjB,CAAC,CAAC,CAAC0G,IAAI,CAAClH,qBAAqB,CAACsE,KAAK,CAAC;EACtC;AACF"}
+{"version":3,"names":["AuthRequestDecodeError","IoWalletError","NoSuitableKeysFoundInEntityConfiguration","decode","decodeJwt","decodeBase64","sha256ToBase64","SignJWT","EncryptJwe","verify","QRCodePayload","RequestObject","uuid","disclose","createDPopToken","WalletInstanceAttestation","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","payload","metadata","wallet_relying_party","jwks","filter","jwk","use","kty","decodeAuthRequestQR","qrcode","decoded","decodedUrl","URL","protocol","resource","hostname","requestURI","searchParams","get","clientId","result","safeParse","success","data","error","message","getRequestObject","_ref","wiaCryptoContext","appFetch","fetch","walletInstanceAttestation","requestUri","rpEntityConfiguration","signedWalletInstanceDPoP","jti","v4","htm","htu","ath","response","method","headers","Authorization","DPoP","status","responseJson","json","responseEncodedJwt","responseJwt","pubKey","find","_ref2","kid","protectedHeader","requestObject","parse","header","text","prepareVpToken","_ref3","pidCryptoContext","_ref4","_ref5","vc","claims","token","vp","paths","iss","pidKid","getPublicKey","then","_","vp_token","setProtectedHeader","typ","setPayload","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","_ref6","_ref7","presentation","authzResponsePayload","JSON","stringify","state","encrypted","alg","enc","encrypt","formBody","URLSearchParams","body","toString"],"sourceRoot":"../../../src","sources":["rp/index.ts"],"mappings":"AAAA,SACEA,sBAAsB,EACtBC,aAAa,EACbC,wCAAwC,QACnC,iBAAiB;AACxB,SACEC,MAAM,IAAIC,SAAS,EACnBC,YAAY,EACZC,cAAc,EACdC,OAAO,EACPC,UAAU,EACVC,MAAM,QAED,6BAA6B;AACpC,SAASC,aAAa,EAAEC,aAAa,QAA2B,SAAS;AAEzE,OAAOC,IAAI,MAAM,mBAAmB;AAEpC,SAASC,QAAQ,QAAQ,WAAW;AACpC,SAASC,eAAe,QAAQ,eAAe;AAE/C,OAAO,KAAKC,yBAAyB,MAAM,gCAAgC;;AAE3E;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,2BAA2B,GAC/BC,MAAuC,IAC/B;EACR,MAAM,CAACC,WAAW,CAAC,GACjBD,MAAM,CAACE,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACC,MAAM,CACrDC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAEH,IAAIR,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAIhB,wCAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMyB,mBAAmB,GAAIC,MAAc,IAAoB;EACpE,MAAMC,OAAO,GAAGxB,YAAY,CAACuB,MAAM,CAAC;EACpC,MAAME,UAAU,GAAG,IAAIC,GAAG,CAACF,OAAO,CAAC;EACnC,MAAMG,QAAQ,GAAGF,UAAU,CAACE,QAAQ;EACpC,MAAMC,QAAQ,GAAGH,UAAU,CAACI,QAAQ;EACpC,MAAMC,UAAU,GAAGL,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC;EAC7D,MAAMC,QAAQ,GAAGR,UAAU,CAACM,YAAY,CAACC,GAAG,CAAC,WAAW,CAAC;EAEzD,MAAME,MAAM,GAAG7B,aAAa,CAAC8B,SAAS,CAAC;IACrCR,QAAQ;IACRC,QAAQ;IACRE,UAAU;IACVG;EACF,CAAC,CAAC;EAEF,IAAIC,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAI1C,sBAAsB,CAACuC,MAAM,CAACI,KAAK,CAACC,OAAO,EAAG,GAAEd,UAAW,EAAC,CAAC;EACzE;AACF,CAAC;AAQD;AACA;AACA;AACA;AACA,OAAO,MAAMe,gBAAgB,GAC3BC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAAH,IAAA;EAAA,OACD,OACEI,yBAAiC,EACjCC,UAAkB,EAClBC,qBAAsD,KACvB;IAC/B,MAAMC,wBAAwB,GAAG,MAAMvC,eAAe,CACpD;MACEwC,GAAG,EAAG,GAAE1C,IAAI,CAAC2C,EAAE,CAAC,CAAE,EAAC;MACnBC,GAAG,EAAE,KAAK;MACVC,GAAG,EAAEN,UAAU;MACfO,GAAG,EAAE,MAAMpD,cAAc,CAAC4C,yBAAyB;IACrD,CAAC,EACDH,gBACF,CAAC;IAED,MAAMY,QAAQ,GAAG,MAAMX,QAAQ,CAACG,UAAU,EAAE;MAC1CS,MAAM,EAAE,KAAK;MACbC,OAAO,EAAE;QACPC,aAAa,EAAG,QAAOZ,yBAA0B,EAAC;QAClDa,IAAI,EAAEV;MACR;IACF,CAAC,CAAC;IAEF,IAAIM,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,YAAY,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MAC1C,MAAMC,kBAAkB,GAAGF,YAAY,CAACN,QAAQ;MAEhD,MAAMS,WAAW,GAAGhE,SAAS,CAAC+D,kBAAkB,CAAC;;MAEjD;MACA;MACA;QACE,MAAME,MAAM,GACVjB,qBAAqB,CAACjC,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACC,IAAI,CAACgD,IAAI,CACnEC,KAAA;UAAA,IAAC;YAAEC;UAAI,CAAC,GAAAD,KAAA;UAAA,OAAKC,GAAG,KAAKJ,WAAW,CAACK,eAAe,CAACD,GAAG;QAAA,CACtD,CAAC;QACH,IAAI,CAACH,MAAM,EAAE;UACX,MAAM,IAAInE,wCAAwC,CAChD,uCACF,CAAC;QACH;QACA,MAAMO,MAAM,CAAC0D,kBAAkB,EAAEE,MAAM,CAAC;MAC1C;;MAEA;MACA,MAAMK,aAAa,GAAG/D,aAAa,CAACgE,KAAK,CAAC;QACxCC,MAAM,EAAER,WAAW,CAACK,eAAe;QACnCtD,OAAO,EAAEiD,WAAW,CAACjD;MACvB,CAAC,CAAC;MAEF,OAAO;QACLuD,aAAa;QACbtB,qBAAqB;QACrBF;MACF,CAAC;IACH;IAEA,MAAM,IAAIjD,aAAa,CACpB,mDAAkD0D,QAAQ,CAACK,MAAO;AACzE,QAAQ,MAAML,QAAQ,CAACkB,IAAI,CAAC,CAAE,EAC1B,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,cAAc,GAClBC,KAAA;EAAA,IAAC;IAAEC;EAAsD,CAAC,GAAAD,KAAA;EAAA,OAC1D,OAAAE,KAAA,EAAAC,KAAA,KAMM;IAAA,IALJ;MAAER,aAAa;MAAExB;IAA6C,CAAC,GAAA+B,KAAA;IAAA,IAC/D,CAACE,EAAE,EAAEC,MAAM,CAAe,GAAAF,KAAA;IAK1B;IACA,MAAM;MAAEG,KAAK,EAAEC,EAAE;MAAEC;IAAM,CAAC,GAAG,MAAM1E,QAAQ,CAACsE,EAAE,EAAEC,MAAM,CAAC;;IAEvD;IACA,MAAM;MACJjE,OAAO,EAAE;QAAEqE;MAAI;IACjB,CAAC,GAAGzE,yBAAyB,CAACZ,MAAM,CAAC+C,yBAAyB,CAAC;IAE/D,MAAMuC,MAAM,GAAG,MAAMT,gBAAgB,CAACU,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACpB,GAAG,CAAC;;IAEvE;IACA,MAAMqB,QAAQ,GAAG,MAAM,IAAItF,OAAO,CAACyE,gBAAgB,CAAC,CACjDc,kBAAkB,CAAC;MAClBC,GAAG,EAAE,KAAK;MACVvB,GAAG,EAAEiB;IACP,CAAC,CAAC,CACDO,UAAU,CAAC;MACVV,EAAE,EAAEA,EAAE;MACNhC,GAAG,EAAG,GAAE1C,IAAI,CAAC2C,EAAE,CAAC,CAAE,EAAC;MACnBiC,GAAG;MACHS,KAAK,EAAEvB,aAAa,CAACvD,OAAO,CAAC8E;IAC/B,CAAC,CAAC,CACDC,WAAW,CAACxB,aAAa,CAACvD,OAAO,CAACgF,YAAY,CAAC,CAC/CC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,QAAQ,GAAG7B,aAAa,CAACvD,OAAO,CAACqF,KAAK;IAC5C,MAAMC,uBAAuB,GAAG;MAC9BC,aAAa,EAAG,GAAE9F,IAAI,CAAC2C,EAAE,CAAC,CAAE,EAAC;MAC7BoD,EAAE,EAAG,GAAE/F,IAAI,CAAC2C,EAAE,CAAC,CAAE,EAAC;MAClBqD,cAAc,EAAErB,KAAK,CAACsB,GAAG,CAAEC,CAAC,KAAM;QAChCH,EAAE,EAAEJ,QAAQ;QACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;QAC5BC,MAAM,EAAE;MACV,CAAC,CAAC;IACJ,CAAC;IAED,OAAO;MAAEnB,QAAQ;MAAEY;IAAwB,CAAC;EAC9C,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,yBAAyB,GACpCC,KAAA;EAAA,IAAC;IACClC,gBAAgB;IAChBhC,QAAQ,GAAGC;EAIb,CAAC,GAAAiE,KAAA;EAAA,OACD,OAAAC,KAAA,EAMEC,YAA0B,KACN;IAAA,IANpB;MACE1C,aAAa;MACbtB,qBAAqB;MACrBF;IACiB,CAAC,GAAAiE,KAAA;IAGpB;IACA;IACA,MAAM3F,GAAG,GAAGR,2BAA2B,CAACoC,qBAAqB,CAAC;IAE9D,MAAM;MAAEyC,QAAQ;MAAEY;IAAwB,CAAC,GAAG,MAAM3B,cAAc,CAAC;MACjEE;IACF,CAAC,CAAC,CACA;MACEN,aAAa;MACbtB,qBAAqB;MACrBF;IACF,CAAC,EACDkE,YACF,CAAC;IAED,MAAMC,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;MAC1CC,KAAK,EAAE9C,aAAa,CAACvD,OAAO,CAACqG,KAAK;MAClCf,uBAAuB;MACvBR,KAAK,EAAEvB,aAAa,CAACvD,OAAO,CAAC8E,KAAK;MAClCJ;IACF,CAAC,CAAC;IAEF,MAAM4B,SAAS,GAAG,MAAM,IAAIjH,UAAU,CAAC6G,oBAAoB,EAAE;MAC3DK,GAAG,EAAE,cAAc;MACnBC,GAAG,EAAE,eAAe;MACpBnD,GAAG,EAAEhD,GAAG,CAACgD;IACX,CAAC,CAAC,CAACoD,OAAO,CAACpG,GAAG,CAAC;IAEf,MAAMqG,QAAQ,GAAG,IAAIC,eAAe,CAAC;MAAEnE,QAAQ,EAAE8D;IAAU,CAAC,CAAC;IAC7D,MAAMM,IAAI,GAAGF,QAAQ,CAACG,QAAQ,CAAC,CAAC;IAEhC,MAAMrE,QAAQ,GAAG,MAAMX,QAAQ,CAAC0B,aAAa,CAACvD,OAAO,CAACgF,YAAY,EAAE;MAClEvC,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDkE;IACF,CAAC,CAAC;IAEF,IAAIpE,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAML,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAIjE,aAAa,CACpB,oDAAmD,MAAM0D,QAAQ,CAACkB,IAAI,CAAC,CAAE,eACxElB,QAAQ,CAACK,MACV,EACH,CAAC;EACH,CAAC;AAAA"}

package/lib/module/rp/types.js

@@ -1,7 +1,5 @@
-import { JWK } from "../utils/jwk";
 import { UnixTime } from "../sd-jwt/types";
 import * as z from "zod";
-import { EntityConfiguration } from "../trust/types";
 export const RequestObject = z.object({
   header: z.object({
     // FIXME: SIW-421 type field must be either required or omitted, optional isn't useful
@@ -24,24 +22,6 @@ export const RequestObject = z.object({
     scope: z.string()
   })
 });
-
-/**
- * EntityConfiguration plus the metadata specific for a Relying Party entity.
- */
-
-export const RpEntityConfiguration = EntityConfiguration.and(z.object({
-  payload: z.object({
-    metadata: z.object({
-      wallet_relying_party: z.object({
-        application_type: z.string().optional(),
-        client_id: z.string().optional(),
-        client_name: z.string().optional(),
-        jwks: z.array(JWK),
-        contacts: z.array(z.string()).optional()
-      }).passthrough()
-    })
-  })
-}));
 export const QRCodePayload = z.object({
   protocol: z.string(),
   resource: z.string(),

package/lib/module/rp/types.js.map

@@ -1 +1 @@
-{"version":3,"names":["JWK","UnixTime","z","EntityConfiguration","RequestObject","object","header","typ","literal","optional","alg","string","kid","trust_chain","array","payload","iss","iat","exp","state","nonce","response_uri","response_type","response_mode","client_id","client_id_scheme","scope","RpEntityConfiguration","and","metadata","wallet_relying_party","application_type","client_name","jwks","contacts","passthrough","QRCodePayload","protocol","resource","clientId","requestURI"],"sourceRoot":"../../../src","sources":["rp/types.ts"],"mappings":"AAAA,SAASA,GAAG,QAAQ,cAAc;AAClC,SAASC,QAAQ,QAAQ,iBAAiB;AAC1C,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,mBAAmB,QAAQ,gBAAgB;AAGpD,OAAO,MAAMC,aAAa,GAAGF,CAAC,CAACG,MAAM,CAAC;EACpCC,MAAM,EAAEJ,CAAC,CAACG,MAAM,CAAC;IACf;IACAE,GAAG,EAAEL,CAAC,CAACM,OAAO,CAAC,KAAK,CAAC,CAACC,QAAQ,CAAC,CAAC;IAChCC,GAAG,EAAER,CAAC,CAACS,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEV,CAAC,CAACS,MAAM,CAAC,CAAC;IACfE,WAAW,EAAEX,CAAC,CAACY,KAAK,CAACZ,CAAC,CAACS,MAAM,CAAC,CAAC;EACjC,CAAC,CAAC;EACFI,OAAO,EAAEb,CAAC,CAACG,MAAM,CAAC;IAChBW,GAAG,EAAEd,CAAC,CAACS,MAAM,CAAC,CAAC;IACfM,GAAG,EAAEhB,QAAQ;IACbiB,GAAG,EAAEjB,QAAQ;IACbkB,KAAK,EAAEjB,CAAC,CAACS,MAAM,CAAC,CAAC;IACjBS,KAAK,EAAElB,CAAC,CAACS,MAAM,CAAC,CAAC;IACjBU,YAAY,EAAEnB,CAAC,CAACS,MAAM,CAAC,CAAC;IACxBW,aAAa,EAAEpB,CAAC,CAACM,OAAO,CAAC,UAAU,CAAC;IACpCe,aAAa,EAAErB,CAAC,CAACM,OAAO,CAAC,iBAAiB,CAAC;IAC3CgB,SAAS,EAAEtB,CAAC,CAACS,MAAM,CAAC,CAAC;IACrBc,gBAAgB,EAAEvB,CAAC,CAACM,OAAO,CAAC,WAAW,CAAC;IACxCkB,KAAK,EAAExB,CAAC,CAACS,MAAM,CAAC;EAClB,CAAC;AACH,CAAC,CAAC;;AAEF;AACA;AACA;;AAEA,OAAO,MAAMgB,qBAAqB,GAAGxB,mBAAmB,CAACyB,GAAG,CAC1D1B,CAAC,CAACG,MAAM,CAAC;EACPU,OAAO,EAAEb,CAAC,CAACG,MAAM,CAAC;IAChBwB,QAAQ,EAAE3B,CAAC,CAACG,MAAM,CAAC;MACjByB,oBAAoB,EAAE5B,CAAC,CACpBG,MAAM,CAAC;QACN0B,gBAAgB,EAAE7B,CAAC,CAACS,MAAM,CAAC,CAAC,CAACF,QAAQ,CAAC,CAAC;QACvCe,SAAS,EAAEtB,CAAC,CAACS,MAAM,CAAC,CAAC,CAACF,QAAQ,CAAC,CAAC;QAChCuB,WAAW,EAAE9B,CAAC,CAACS,MAAM,CAAC,CAAC,CAACF,QAAQ,CAAC,CAAC;QAClCwB,IAAI,EAAE/B,CAAC,CAACY,KAAK,CAACd,GAAG,CAAC;QAClBkC,QAAQ,EAAEhC,CAAC,CAACY,KAAK,CAACZ,CAAC,CAACS,MAAM,CAAC,CAAC,CAAC,CAACF,QAAQ,CAAC;MACzC,CAAC,CAAC,CACD0B,WAAW,CAAC;IACjB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;AAGD,OAAO,MAAMC,aAAa,GAAGlC,CAAC,CAACG,MAAM,CAAC;EACpCgC,QAAQ,EAAEnC,CAAC,CAACS,MAAM,CAAC,CAAC;EACpB2B,QAAQ,EAAEpC,CAAC,CAACS,MAAM,CAAC,CAAC;EAAE;EACtB4B,QAAQ,EAAErC,CAAC,CAACS,MAAM,CAAC,CAAC;EACpB6B,UAAU,EAAEtC,CAAC,CAACS,MAAM,CAAC;AACvB,CAAC,CAAC;;AAEF;AACA;AACA"}
+{"version":3,"names":["UnixTime","z","RequestObject","object","header","typ","literal","optional","alg","string","kid","trust_chain","array","payload","iss","iat","exp","state","nonce","response_uri","response_type","response_mode","client_id","client_id_scheme","scope","QRCodePayload","protocol","resource","clientId","requestURI"],"sourceRoot":"../../../src","sources":["rp/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,OAAO,KAAKC,CAAC,MAAM,KAAK;AAGxB,OAAO,MAAMC,aAAa,GAAGD,CAAC,CAACE,MAAM,CAAC;EACpCC,MAAM,EAAEH,CAAC,CAACE,MAAM,CAAC;IACf;IACAE,GAAG,EAAEJ,CAAC,CAACK,OAAO,CAAC,KAAK,CAAC,CAACC,QAAQ,CAAC,CAAC;IAChCC,GAAG,EAAEP,CAAC,CAACQ,MAAM,CAAC,CAAC;IACfC,GAAG,EAAET,CAAC,CAACQ,MAAM,CAAC,CAAC;IACfE,WAAW,EAAEV,CAAC,CAACW,KAAK,CAACX,CAAC,CAACQ,MAAM,CAAC,CAAC;EACjC,CAAC,CAAC;EACFI,OAAO,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAChBW,GAAG,EAAEb,CAAC,CAACQ,MAAM,CAAC,CAAC;IACfM,GAAG,EAAEf,QAAQ;IACbgB,GAAG,EAAEhB,QAAQ;IACbiB,KAAK,EAAEhB,CAAC,CAACQ,MAAM,CAAC,CAAC;IACjBS,KAAK,EAAEjB,CAAC,CAACQ,MAAM,CAAC,CAAC;IACjBU,YAAY,EAAElB,CAAC,CAACQ,MAAM,CAAC,CAAC;IACxBW,aAAa,EAAEnB,CAAC,CAACK,OAAO,CAAC,UAAU,CAAC;IACpCe,aAAa,EAAEpB,CAAC,CAACK,OAAO,CAAC,iBAAiB,CAAC;IAC3CgB,SAAS,EAAErB,CAAC,CAACQ,MAAM,CAAC,CAAC;IACrBc,gBAAgB,EAAEtB,CAAC,CAACK,OAAO,CAAC,WAAW,CAAC;IACxCkB,KAAK,EAAEvB,CAAC,CAACQ,MAAM,CAAC;EAClB,CAAC;AACH,CAAC,CAAC;AAGF,OAAO,MAAMgB,aAAa,GAAGxB,CAAC,CAACE,MAAM,CAAC;EACpCuB,QAAQ,EAAEzB,CAAC,CAACQ,MAAM,CAAC,CAAC;EACpBkB,QAAQ,EAAE1B,CAAC,CAACQ,MAAM,CAAC,CAAC;EAAE;EACtBmB,QAAQ,EAAE3B,CAAC,CAACQ,MAAM,CAAC,CAAC;EACpBoB,UAAU,EAAE5B,CAAC,CAACQ,MAAM,CAAC;AACvB,CAAC,CAAC;;AAEF;AACA;AACA"}

package/lib/module/trust/index.js

@@ -1,22 +1,31 @@
 import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
-import { EntityConfiguration } from "./types";
+import { WalletProviderEntityConfiguration, TrustAnchorEntityConfiguration, CredentialIssuerEntityConfiguration, RelyingPartyEntityConfiguration, EntityConfiguration } from "./types";
 import { IoWalletError } from "../utils/errors";
 import { verifyTrustChain } from "./chain";
 export { verifyTrustChain };
 
 /**
- * Fetch and parse teh entity configuration document for a given federation entity
+ * Fetch and parse the entity configuration document for a given federation entity.
+ * This is an inner method to serve public interfaces.
+ *
+ * To add another entity configuration type (example: Foo entity type):
+ *  - create its zod schema and type by inherit from the base type (example: FooEntityConfiguration = BaseEntityConfiguration.and(...))
+ *  - add such type to EntityConfiguration union
+ *  - add an overload to this function
+ *  - create a public function which use such type (example: getFooEntityConfiguration = (url, options) => Promise<FooEntityConfiguration>)
  *
  * @param entityBaseUrl The base url of the entity.
+ * @param schema The expected schema of the entity configuration, according to the kind of entity we are fetching from.
  * @param options.appFetch An optional instance of the http client to be used.
  * @returns The parsed entity configuration object
  * @throws {IoWalletError} If the http request fails
  * @throws Parse error if the document is not in the expected shape.
  */
-export async function getEntityConfiguration(entityBaseUrl) {
+
+async function fetchAndParseEntityConfiguration(entityBaseUrl, schema) {
   let {
     appFetch = fetch
-  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
   const wellKnownUrl = `${entityBaseUrl}/.well-known/openid-federation`;
   const response = await appFetch(wellKnownUrl, {
     method: "GET"
@@ -24,11 +33,16 @@ export async function getEntityConfiguration(entityBaseUrl) {
   if (response.status === 200) {
     const responseText = await response.text();
     const responseJwt = decodeJwt(responseText);
-    return EntityConfiguration.parse({
+    return schema.parse({
       header: responseJwt.protectedHeader,
       payload: responseJwt.payload
     });
   }
   throw new IoWalletError(`Unable to obtain Entity Configuration at ${wellKnownUrl}. Response code: ${response.status}`);
 }
+export const getWalletProviderEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, WalletProviderEntityConfiguration, options);
+export const getCredentialIssuerEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, CredentialIssuerEntityConfiguration, options);
+export const getTrustAnchorEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, TrustAnchorEntityConfiguration, options);
+export const getRelyingPartyEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, RelyingPartyEntityConfiguration, options);
+export const getEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, EntityConfiguration, options);
 //# sourceMappingURL=index.js.map

package/lib/module/trust/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["decode","decodeJwt","EntityConfiguration","IoWalletError","verifyTrustChain","getEntityConfiguration","entityBaseUrl","appFetch","fetch","arguments","length","undefined","wellKnownUrl","response","method","status","responseText","text","responseJwt","parse","header","protectedHeader","payload"],"sourceRoot":"../../../src","sources":["trust/index.ts"],"mappings":"AAAA,SAASA,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,mBAAmB,QAAQ,SAAS;AAC7C,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,gBAAgB,QAAQ,SAAS;AAE1C,SAASA,gBAAgB;;AAEzB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,sBAAsBA,CAC1CC,aAAqB,EAMS;EAAA,IAL9B;IACEC,QAAQ,GAAGC;EAGb,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMG,YAAY,GAAI,GAAEN,aAAc,gCAA+B;EAErE,MAAMO,QAAQ,GAAG,MAAMN,QAAQ,CAACK,YAAY,EAAE;IAC5CE,MAAM,EAAE;EACV,CAAC,CAAC;EAEF,IAAID,QAAQ,CAACE,MAAM,KAAK,GAAG,EAAE;IAC3B,MAAMC,YAAY,GAAG,MAAMH,QAAQ,CAACI,IAAI,CAAC,CAAC;IAC1C,MAAMC,WAAW,GAAGjB,SAAS,CAACe,YAAY,CAAC;IAC3C,OAAOd,mBAAmB,CAACiB,KAAK,CAAC;MAC/BC,MAAM,EAAEF,WAAW,CAACG,eAAe;MACnCC,OAAO,EAAEJ,WAAW,CAACI;IACvB,CAAC,CAAC;EACJ;EAEA,MAAM,IAAInB,aAAa,CACpB,4CAA2CS,YAAa,oBAAmBC,QAAQ,CAACE,MAAO,EAC9F,CAAC;AACH"}
+{"version":3,"names":["decode","decodeJwt","WalletProviderEntityConfiguration","TrustAnchorEntityConfiguration","CredentialIssuerEntityConfiguration","RelyingPartyEntityConfiguration","EntityConfiguration","IoWalletError","verifyTrustChain","fetchAndParseEntityConfiguration","entityBaseUrl","schema","appFetch","fetch","arguments","length","undefined","wellKnownUrl","response","method","status","responseText","text","responseJwt","parse","header","protectedHeader","payload","getWalletProviderEntityConfiguration","options","getCredentialIssuerEntityConfiguration","getTrustAnchorEntityConfiguration","getRelyingPartyEntityConfiguration","getEntityConfiguration"],"sourceRoot":"../../../src","sources":["trust/index.ts"],"mappings":"AAAA,SAASA,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SACEC,iCAAiC,EACjCC,8BAA8B,EAC9BC,mCAAmC,EACnCC,+BAA+B,EAC/BC,mBAAmB,QACd,SAAS;AAChB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,gBAAgB,QAAQ,SAAS;AAE1C,SAASA,gBAAgB;;AAEzB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAoCA,eAAeC,gCAAgCA,CAC7CC,aAAqB,EACrBC,MAK8B,EAM9B;EAAA,IALA;IACEC,QAAQ,GAAGC;EAGb,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMG,YAAY,GAAI,GAAEP,aAAc,gCAA+B;EAErE,MAAMQ,QAAQ,GAAG,MAAMN,QAAQ,CAACK,YAAY,EAAE;IAC5CE,MAAM,EAAE;EACV,CAAC,CAAC;EAEF,IAAID,QAAQ,CAACE,MAAM,KAAK,GAAG,EAAE;IAC3B,MAAMC,YAAY,GAAG,MAAMH,QAAQ,CAACI,IAAI,CAAC,CAAC;IAC1C,MAAMC,WAAW,GAAGtB,SAAS,CAACoB,YAAY,CAAC;IAC3C,OAAOV,MAAM,CAACa,KAAK,CAAC;MAClBC,MAAM,EAAEF,WAAW,CAACG,eAAe;MACnCC,OAAO,EAAEJ,WAAW,CAACI;IACvB,CAAC,CAAC;EACJ;EAEA,MAAM,IAAIpB,aAAa,CACpB,4CAA2CU,YAAa,oBAAmBC,QAAQ,CAACE,MAAO,EAC9F,CAAC;AACH;AAEA,OAAO,MAAMQ,oCAAoC,GAAGA,CAClDlB,aAAqE,EACrEmB,OAAgE,KAEhEpB,gCAAgC,CAC9BC,aAAa,EACbR,iCAAiC,EACjC2B,OACF,CAAC;AAEH,OAAO,MAAMC,sCAAsC,GAAGA,CACpDpB,aAAqE,EACrEmB,OAAgE,KAEhEpB,gCAAgC,CAC9BC,aAAa,EACbN,mCAAmC,EACnCyB,OACF,CAAC;AAEH,OAAO,MAAME,iCAAiC,GAAGA,CAC/CrB,aAAqE,EACrEmB,OAAgE,KAEhEpB,gCAAgC,CAC9BC,aAAa,EACbP,8BAA8B,EAC9B0B,OACF,CAAC;AAEH,OAAO,MAAMG,kCAAkC,GAAGA,CAChDtB,aAAqE,EACrEmB,OAAgE,KAEhEpB,gCAAgC,CAC9BC,aAAa,EACbL,+BAA+B,EAC/BwB,OACF,CAAC;AAEH,OAAO,MAAMI,sBAAsB,GAAGA,CACpCvB,aAAqE,EACrEmB,OAAgE,KAEhEpB,gCAAgC,CAACC,aAAa,EAAEJ,mBAAmB,EAAEuB,OAAO,CAAC"}