@pagopa/io-react-native-wallet 0.4.3 → 0.6.0

package/lib/module/trust/types.js

@@ -5,6 +5,28 @@ export const TrustMark = z.object({
   id: z.string(),
   trust_mark: z.string()
 });
+
+// Display metadata for a credential, used by the issuer to
+// instruct the Wallet Solution on how to render the credential correctly
+const CredentialDisplayMetadata = z.object({
+  name: z.string(),
+  locale: z.string(),
+  logo: z.object({
+    url: z.string(),
+    alt_text: z.string()
+  }),
+  background_color: z.string(),
+  text_color: z.string()
+});
+
+// Metadata for a credentia which i supported by a Issuer
+
+const SupportedCredentialMetadata = z.object({
+  format: z.literal("vc+sd-jwt"),
+  cryptographic_binding_methods_supported: z.array(z.string()),
+  cryptographic_suites_supported: z.array(z.string()),
+  display: z.array(CredentialDisplayMetadata)
+});
 export const EntityStatement = z.object({
   header: z.object({
     typ: z.literal("entity-statement+jwt"),
@@ -22,12 +44,15 @@ export const EntityStatement = z.object({
     exp: z.number()
   })
 });
-export const EntityConfiguration = z.object({
-  header: z.object({
-    typ: z.literal("entity-statement+jwt"),
-    alg: z.string(),
-    kid: z.string()
-  }),
+export const EntityConfigurationHeader = z.object({
+  typ: z.literal("entity-statement+jwt"),
+  alg: z.string(),
+  kid: z.string()
+});
+
+// Structuire common to every Entity Configuration document
+const BaseEntityConfiguration = z.object({
+  header: EntityConfigurationHeader,
   payload: z.object({
     exp: UnixTime,
     iat: UnixTime,
@@ -50,7 +75,75 @@ export const EntityConfiguration = z.object({
       }).passthrough()
     }).passthrough(),
     authority_hints: z.array(z.string()).optional()
+  }).passthrough()
+});
+
+// Entity configuration for a Trust Anchor (it has no specific metadata section)
+
+export const TrustAnchorEntityConfiguration = BaseEntityConfiguration;
+
+// Entity configuration for a Credential Issuer
+
+export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(z.object({
+  payload: z.object({
+    jwks: z.object({
+      keys: z.array(JWK)
+    }),
+    metadata: z.object({
+      openid_credential_issuer: z.object({
+        credential_issuer: z.string(),
+        authorization_endpoint: z.string(),
+        token_endpoint: z.string(),
+        pushed_authorization_request_endpoint: z.string(),
+        dpop_signing_alg_values_supported: z.array(z.string()),
+        credential_endpoint: z.string(),
+        credentials_supported: z.array(SupportedCredentialMetadata),
+        jwks: z.object({
+          keys: z.array(JWK)
+        })
+      })
+    })
+  })
+}));
+
+// Entity configuration for a Wallet Provider
+
+export const WalletProviderEntityConfiguration = BaseEntityConfiguration.and(z.object({
+  payload: z.object({
+    metadata: z.object({
+      wallet_provider: z.object({
+        token_endpoint: z.string(),
+        attested_security_context_values_supported: z.array(z.string()).optional(),
+        grant_types_supported: z.array(z.string()),
+        token_endpoint_auth_methods_supported: z.array(z.string()),
+        token_endpoint_auth_signing_alg_values_supported: z.array(z.string()),
+        jwks: z.object({
+          keys: z.array(JWK)
+        })
+      }).passthrough()
+    })
+  })
+}));
+
+// Entity configuration for a Relying Party
+
+export const RelyingPartyEntityConfiguration = BaseEntityConfiguration.and(z.object({
+  payload: z.object({
+    metadata: z.object({
+      wallet_relying_party: z.object({
+        application_type: z.string().optional(),
+        client_id: z.string().optional(),
+        client_name: z.string().optional(),
+        jwks: z.array(JWK),
+        contacts: z.array(z.string()).optional()
+      }).passthrough()
+    })
   })
+}));
+
+// Maps any entity configuration by the union of every possible shapes
+
+export const EntityConfiguration = z.union([WalletProviderEntityConfiguration, CredentialIssuerEntityConfiguration, TrustAnchorEntityConfiguration, RelyingPartyEntityConfiguration], {
+  description: "Any kind of Entity Configuration allowed in the ecosystem"
 });
-export const TrustAnchorEntityConfiguration = EntityConfiguration;
 //# sourceMappingURL=types.js.map

package/lib/module/trust/types.js.map

@@ -1 +1 @@
-{"version":3,"names":["UnixTime","JWK","z","TrustMark","object","id","string","trust_mark","EntityStatement","header","typ","literal","alg","kid","payload","iss","sub","jwks","keys","array","trust_marks","iat","number","exp","EntityConfiguration","metadata","federation_entity","federation_fetch_endpoint","optional","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","homepage_uri","policy_uri","logo_uri","contacts","passthrough","authority_hints","TrustAnchorEntityConfiguration"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,OAAO,MAAMC,SAAS,GAAGD,CAAC,CAACE,MAAM,CAAC;EAAEC,EAAE,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEL,CAAC,CAACI,MAAM,CAAC;AAAE,CAAC,CAAC;AAI7E,OAAO,MAAME,eAAe,GAAGN,CAAC,CAACE,MAAM,CAAC;EACtCK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACFQ,OAAO,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAChBW,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MAAEc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IAAE,CAAC,CAAC;IACtCmB,WAAW,EAAElB,CAAC,CAACiB,KAAK,CAAChB,SAAS,CAAC;IAC/BkB,GAAG,EAAEnB,CAAC,CAACoB,MAAM,CAAC,CAAC;IACfC,GAAG,EAAErB,CAAC,CAACoB,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAGF,OAAO,MAAME,mBAAmB,GAAGtB,CAAC,CAACE,MAAM,CAAC;EAC1CK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEX,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACFQ,OAAO,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAChBmB,GAAG,EAAEvB,QAAQ;IACbqB,GAAG,EAAErB,QAAQ;IACbe,GAAG,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IACfU,GAAG,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IACfW,IAAI,EAAEf,CAAC,CAACE,MAAM,CAAC;MACbc,IAAI,EAAEhB,CAAC,CAACiB,KAAK,CAAClB,GAAG;IACnB,CAAC,CAAC;IACFwB,QAAQ,EAAEvB,CAAC,CACRE,MAAM,CAAC;MACNsB,iBAAiB,EAAExB,CAAC,CACjBE,MAAM,CAAC;QACNuB,yBAAyB,EAAEzB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAChDC,wBAAwB,EAAE3B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAC/CE,2BAA2B,EAAE5B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAClDG,qCAAqC,EAAE7B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAC5DI,mCAAmC,EAAE9B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAC1DK,YAAY,EAAE/B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QACnCM,UAAU,EAAEhC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QACjCO,QAAQ,EAAEjC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;QAC/BQ,QAAQ,EAAElC,CAAC,CAACiB,KAAK,CAACjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC;MACzC,CAAC,CAAC,CACDS,WAAW,CAAC;IACjB,CAAC,CAAC,CACDA,WAAW,CAAC,CAAC;IAChBC,eAAe,EAAEpC,CAAC,CAACiB,KAAK,CAACjB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC;EAChD,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAMW,8BAA8B,GAAGf,mBAAmB"}
+{"version":3,"names":["UnixTime","JWK","z","TrustMark","object","id","string","trust_mark","CredentialDisplayMetadata","name","locale","logo","url","alt_text","background_color","text_color","SupportedCredentialMetadata","format","literal","cryptographic_binding_methods_supported","array","cryptographic_suites_supported","display","EntityStatement","header","typ","alg","kid","payload","iss","sub","jwks","keys","trust_marks","iat","number","exp","EntityConfigurationHeader","BaseEntityConfiguration","metadata","federation_entity","federation_fetch_endpoint","optional","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","homepage_uri","policy_uri","logo_uri","contacts","passthrough","authority_hints","TrustAnchorEntityConfiguration","CredentialIssuerEntityConfiguration","and","openid_credential_issuer","credential_issuer","authorization_endpoint","token_endpoint","pushed_authorization_request_endpoint","dpop_signing_alg_values_supported","credential_endpoint","credentials_supported","WalletProviderEntityConfiguration","wallet_provider","attested_security_context_values_supported","grant_types_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","RelyingPartyEntityConfiguration","wallet_relying_party","application_type","client_id","client_name","EntityConfiguration","union","description"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,OAAO,MAAMC,SAAS,GAAGD,CAAC,CAACE,MAAM,CAAC;EAAEC,EAAE,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEL,CAAC,CAACI,MAAM,CAAC;AAAE,CAAC,CAAC;;AAG7E;AACA;AAEA,MAAME,yBAAyB,GAAGN,CAAC,CAACE,MAAM,CAAC;EACzCK,IAAI,EAAEP,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBI,MAAM,EAAER,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBK,IAAI,EAAET,CAAC,CAACE,MAAM,CAAC;IACbQ,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC;IACfO,QAAQ,EAAEX,CAAC,CAACI,MAAM,CAAC;EACrB,CAAC,CAAC;EACFQ,gBAAgB,EAAEZ,CAAC,CAACI,MAAM,CAAC,CAAC;EAC5BS,UAAU,EAAEb,CAAC,CAACI,MAAM,CAAC;AACvB,CAAC,CAAC;;AAEF;;AAEA,MAAMU,2BAA2B,GAAGd,CAAC,CAACE,MAAM,CAAC;EAC3Ca,MAAM,EAAEf,CAAC,CAACgB,OAAO,CAAC,WAAW,CAAC;EAC9BC,uCAAuC,EAAEjB,CAAC,CAACkB,KAAK,CAAClB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;EAC5De,8BAA8B,EAAEnB,CAAC,CAACkB,KAAK,CAAClB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;EACnDgB,OAAO,EAAEpB,CAAC,CAACkB,KAAK,CAACZ,yBAAyB;AAC5C,CAAC,CAAC;AAGF,OAAO,MAAMe,eAAe,GAAGrB,CAAC,CAACE,MAAM,CAAC;EACtCoB,MAAM,EAAEtB,CAAC,CAACE,MAAM,CAAC;IACfqB,GAAG,EAAEvB,CAAC,CAACgB,OAAO,CAAC,sBAAsB,CAAC;IACtCQ,GAAG,EAAExB,CAAC,CAACI,MAAM,CAAC,CAAC;IACfqB,GAAG,EAAEzB,CAAC,CAACI,MAAM,CAAC;EAChB,CAAC,CAAC;EACFsB,OAAO,EAAE1B,CAAC,CAACE,MAAM,CAAC;IAChByB,GAAG,EAAE3B,CAAC,CAACI,MAAM,CAAC,CAAC;IACfwB,GAAG,EAAE5B,CAAC,CAACI,MAAM,CAAC,CAAC;IACfyB,IAAI,EAAE7B,CAAC,CAACE,MAAM,CAAC;MAAE4B,IAAI,EAAE9B,CAAC,CAACkB,KAAK,CAACnB,GAAG;IAAE,CAAC,CAAC;IACtCgC,WAAW,EAAE/B,CAAC,CAACkB,KAAK,CAACjB,SAAS,CAAC;IAC/B+B,GAAG,EAAEhC,CAAC,CAACiC,MAAM,CAAC,CAAC;IACfC,GAAG,EAAElC,CAAC,CAACiC,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAME,yBAAyB,GAAGnC,CAAC,CAACE,MAAM,CAAC;EAChDqB,GAAG,EAAEvB,CAAC,CAACgB,OAAO,CAAC,sBAAsB,CAAC;EACtCQ,GAAG,EAAExB,CAAC,CAACI,MAAM,CAAC,CAAC;EACfqB,GAAG,EAAEzB,CAAC,CAACI,MAAM,CAAC;AAChB,CAAC,CAAC;;AAEF;AACA,MAAMgC,uBAAuB,GAAGpC,CAAC,CAACE,MAAM,CAAC;EACvCoB,MAAM,EAAEa,yBAAyB;EACjCT,OAAO,EAAE1B,CAAC,CACPE,MAAM,CAAC;IACNgC,GAAG,EAAEpC,QAAQ;IACbkC,GAAG,EAAElC,QAAQ;IACb6B,GAAG,EAAE3B,CAAC,CAACI,MAAM,CAAC,CAAC;IACfwB,GAAG,EAAE5B,CAAC,CAACI,MAAM,CAAC,CAAC;IACfyB,IAAI,EAAE7B,CAAC,CAACE,MAAM,CAAC;MACb4B,IAAI,EAAE9B,CAAC,CAACkB,KAAK,CAACnB,GAAG;IACnB,CAAC,CAAC;IACFsC,QAAQ,EAAErC,CAAC,CACRE,MAAM,CAAC;MACNoC,iBAAiB,EAAEtC,CAAC,CACjBE,MAAM,CAAC;QACNqC,yBAAyB,EAAEvC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACoC,QAAQ,CAAC,CAAC;QAChDC,wBAAwB,EAAEzC,CAAC,CAACI,MAAM,CAAC,CAAC,CAACoC,QAAQ,CAAC,CAAC;QAC/CE,2BAA2B,EAAE1C,CAAC,CAACI,MAAM,CAAC,CAAC,CAACoC,QAAQ,CAAC,CAAC;QAClDG,qCAAqC,EAAE3C,CAAC,CAACI,MAAM,CAAC,CAAC,CAACoC,QAAQ,CAAC,CAAC;QAC5DI,mCAAmC,EAAE5C,CAAC,CAACI,MAAM,CAAC,CAAC,CAACoC,QAAQ,CAAC,CAAC;QAC1DK,YAAY,EAAE7C,CAAC,CAACI,MAAM,CAAC,CAAC,CAACoC,QAAQ,CAAC,CAAC;QACnCM,UAAU,EAAE9C,CAAC,CAACI,MAAM,CAAC,CAAC,CAACoC,QAAQ,CAAC,CAAC;QACjCO,QAAQ,EAAE/C,CAAC,CAACI,MAAM,CAAC,CAAC,CAACoC,QAAQ,CAAC,CAAC;QAC/BQ,QAAQ,EAAEhD,CAAC,CAACkB,KAAK,CAAClB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACoC,QAAQ,CAAC;MACzC,CAAC,CAAC,CACDS,WAAW,CAAC;IACjB,CAAC,CAAC,CACDA,WAAW,CAAC,CAAC;IAChBC,eAAe,EAAElD,CAAC,CAACkB,KAAK,CAAClB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACoC,QAAQ,CAAC;EAChD,CAAC,CAAC,CACDS,WAAW,CAAC;AACjB,CAAC,CAAC;;AAEF;;AAIA,OAAO,MAAME,8BAA8B,GAAGf,uBAAuB;;AAErE;;AAIA,OAAO,MAAMgB,mCAAmC,GAAGhB,uBAAuB,CAACiB,GAAG,CAC5ErD,CAAC,CAACE,MAAM,CAAC;EACPwB,OAAO,EAAE1B,CAAC,CAACE,MAAM,CAAC;IAChB2B,IAAI,EAAE7B,CAAC,CAACE,MAAM,CAAC;MAAE4B,IAAI,EAAE9B,CAAC,CAACkB,KAAK,CAACnB,GAAG;IAAE,CAAC,CAAC;IACtCsC,QAAQ,EAAErC,CAAC,CAACE,MAAM,CAAC;MACjBoD,wBAAwB,EAAEtD,CAAC,CAACE,MAAM,CAAC;QACjCqD,iBAAiB,EAAEvD,CAAC,CAACI,MAAM,CAAC,CAAC;QAC7BoD,sBAAsB,EAAExD,CAAC,CAACI,MAAM,CAAC,CAAC;QAClCqD,cAAc,EAAEzD,CAAC,CAACI,MAAM,CAAC,CAAC;QAC1BsD,qCAAqC,EAAE1D,CAAC,CAACI,MAAM,CAAC,CAAC;QACjDuD,iCAAiC,EAAE3D,CAAC,CAACkB,KAAK,CAAClB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACtDwD,mBAAmB,EAAE5D,CAAC,CAACI,MAAM,CAAC,CAAC;QAC/ByD,qBAAqB,EAAE7D,CAAC,CAACkB,KAAK,CAACJ,2BAA2B,CAAC;QAC3De,IAAI,EAAE7B,CAAC,CAACE,MAAM,CAAC;UAAE4B,IAAI,EAAE9B,CAAC,CAACkB,KAAK,CAACnB,GAAG;QAAE,CAAC;MACvC,CAAC;IACH,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAM+D,iCAAiC,GAAG1B,uBAAuB,CAACiB,GAAG,CAC1ErD,CAAC,CAACE,MAAM,CAAC;EACPwB,OAAO,EAAE1B,CAAC,CAACE,MAAM,CAAC;IAChBmC,QAAQ,EAAErC,CAAC,CAACE,MAAM,CAAC;MACjB6D,eAAe,EAAE/D,CAAC,CACfE,MAAM,CAAC;QACNuD,cAAc,EAAEzD,CAAC,CAACI,MAAM,CAAC,CAAC;QAC1B4D,0CAA0C,EAAEhE,CAAC,CAC1CkB,KAAK,CAAClB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CACjBoC,QAAQ,CAAC,CAAC;QACbyB,qBAAqB,EAAEjE,CAAC,CAACkB,KAAK,CAAClB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC1C8D,qCAAqC,EAAElE,CAAC,CAACkB,KAAK,CAAClB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QAC1D+D,gDAAgD,EAAEnE,CAAC,CAACkB,KAAK,CACvDlB,CAAC,CAACI,MAAM,CAAC,CACX,CAAC;QACDyB,IAAI,EAAE7B,CAAC,CAACE,MAAM,CAAC;UAAE4B,IAAI,EAAE9B,CAAC,CAACkB,KAAK,CAACnB,GAAG;QAAE,CAAC;MACvC,CAAC,CAAC,CACDkD,WAAW,CAAC;IACjB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAMmB,+BAA+B,GAAGhC,uBAAuB,CAACiB,GAAG,CACxErD,CAAC,CAACE,MAAM,CAAC;EACPwB,OAAO,EAAE1B,CAAC,CAACE,MAAM,CAAC;IAChBmC,QAAQ,EAAErC,CAAC,CAACE,MAAM,CAAC;MACjBmE,oBAAoB,EAAErE,CAAC,CACpBE,MAAM,CAAC;QACNoE,gBAAgB,EAAEtE,CAAC,CAACI,MAAM,CAAC,CAAC,CAACoC,QAAQ,CAAC,CAAC;QACvC+B,SAAS,EAAEvE,CAAC,CAACI,MAAM,CAAC,CAAC,CAACoC,QAAQ,CAAC,CAAC;QAChCgC,WAAW,EAAExE,CAAC,CAACI,MAAM,CAAC,CAAC,CAACoC,QAAQ,CAAC,CAAC;QAClCX,IAAI,EAAE7B,CAAC,CAACkB,KAAK,CAACnB,GAAG,CAAC;QAClBiD,QAAQ,EAAEhD,CAAC,CAACkB,KAAK,CAAClB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACoC,QAAQ,CAAC;MACzC,CAAC,CAAC,CACDS,WAAW,CAAC;IACjB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAEA,OAAO,MAAMwB,mBAAmB,GAAGzE,CAAC,CAAC0E,KAAK,CACxC,CACEZ,iCAAiC,EACjCV,mCAAmC,EACnCD,8BAA8B,EAC9BiB,+BAA+B,CAChC,EACD;EACEO,WAAW,EAAE;AACf,CACF,CAAC"}

package/lib/module/utils/crypto.js

@@ -0,0 +1,40 @@
+import { getPublicKey, sign } from "@pagopa/io-react-native-crypto";
+import { thumbprint } from "@pagopa/io-react-native-jwt";
+import { fixBase64EncodingOnKey } from "./jwk";
+
+/**
+ * Create a CryptoContext bound to a key pair.
+ * Key pair is supposed to exist already in the device's keychain.
+ * It's identified by its unique keytag.
+ *
+ * @returns the crypto context
+ */
+export const createCryptoContextFor = keytag => {
+  return {
+    /**
+     * Retrieve the public key of the pair.
+     * If the key pair doesn't exist yet, an error is raised
+     * @returns The public key.
+     */
+    async getPublicKey() {
+      return getPublicKey(keytag).then(fixBase64EncodingOnKey).then(async jwk => ({
+        ...jwk,
+        // Keys in the TEE are not stored with their KID, which is supposed to be assigned when they are included in JWK sets.
+        // (that is, KID is not a propoerty of the key itself, but it's property used to identify a key in a set).
+        // We assume the convention we use the thumbprint of the public key as KID, thus for easy development we decided to evaluate KID here
+        // However the values is an arbitrary string that might be anything
+        kid: await thumbprint(jwk)
+      }));
+    },
+    /**
+     * Get a signature for a provided value.
+     * If the key pair doesn't exist yet, an error is raised.
+     * @param value
+     * @returns The signature for the value
+     */
+    async getSignature(value) {
+      return sign(value, keytag);
+    }
+  };
+};
+//# sourceMappingURL=crypto.js.map

package/lib/module/utils/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["getPublicKey","sign","thumbprint","fixBase64EncodingOnKey","createCryptoContextFor","keytag","then","jwk","kid","getSignature","value"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":"AAAA,SAASA,YAAY,EAAEC,IAAI,QAAQ,gCAAgC;AACnE,SAASC,UAAU,QAA4B,6BAA6B;AAC5E,SAASC,sBAAsB,QAAQ,OAAO;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,GAAIC,MAAc,IAAoB;EACvE,OAAO;IACL;AACJ;AACA;AACA;AACA;IACI,MAAML,YAAYA,CAAA,EAAG;MACnB,OAAOA,YAAY,CAACK,MAAM,CAAC,CACxBC,IAAI,CAACH,sBAAsB,CAAC,CAC5BG,IAAI,CAAC,MAAOC,GAAG,KAAM;QACpB,GAAGA,GAAG;QACN;QACA;QACA;QACA;QACAC,GAAG,EAAE,MAAMN,UAAU,CAACK,GAAG;MAC3B,CAAC,CAAC,CAAC;IACP,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;IACI,MAAME,YAAYA,CAACC,KAAa,EAAE;MAChC,OAAOT,IAAI,CAACS,KAAK,EAAEL,MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC"}

package/lib/module/utils/dpop.js

@@ -1,12 +1,20 @@
 import * as z from "zod";
 import { SignJWT } from "@pagopa/io-react-native-jwt";
-export const getUnsignedDPop = (jwk, payload) => {
-  const dPop = new SignJWT(payload).setProtectedHeader({
-    alg: "ES256",
+
+/**
+ * Create a signed DPoP token
+ *
+ * @param payload The payload to be included in the token.
+ * @param crypto The crypto context that handles the key bound to the DPoP.
+ *
+ * @returns The signed crypto token.
+ */
+export const createDPopToken = async (payload, crypto) => {
+  const jwk = await crypto.getPublicKey();
+  return new SignJWT(crypto).setPayload(payload).setProtectedHeader({
     typ: "dpop+jwt",
     jwk
-  }).setIssuedAt().setExpirationTime("1h").toSign();
-  return dPop;
+  }).setIssuedAt().setExpirationTime("1h").sign();
 };
 export const DPoPPayload = z.object({
   jti: z.string(),

package/lib/module/utils/dpop.js.map

@@ -1 +1 @@
-{"version":3,"names":["z","SignJWT","getUnsignedDPop","jwk","payload","dPop","setProtectedHeader","alg","typ","setIssuedAt","setExpirationTime","toSign","DPoPPayload","object","jti","string","htm","union","literal","htu","ath","optional"],"sourceRoot":"../../../src","sources":["utils/dpop.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AAExB,SAASC,OAAO,QAAQ,6BAA6B;AAGrD,OAAO,MAAMC,eAAe,GAAGA,CAACC,GAAQ,EAAEC,OAAoB,KAAa;EACzE,MAAMC,IAAI,GAAG,IAAIJ,OAAO,CAACG,OAAO,CAAC,CAC9BE,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,UAAU;IACfL;EACF,CAAC,CAAC,CACDM,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,MAAM,CAAC,CAAC;EACX,OAAON,IAAI;AACb,CAAC;AAGD,OAAO,MAAMO,WAAW,GAAGZ,CAAC,CAACa,MAAM,CAAC;EAClCC,GAAG,EAAEd,CAAC,CAACe,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEhB,CAAC,CAACiB,KAAK,CAAC,CAACjB,CAAC,CAACkB,OAAO,CAAC,MAAM,CAAC,EAAElB,CAAC,CAACkB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;EACnDC,GAAG,EAAEnB,CAAC,CAACe,MAAM,CAAC,CAAC;EACfK,GAAG,EAAEpB,CAAC,CAACe,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC;AAC3B,CAAC,CAAC"}
+{"version":3,"names":["z","SignJWT","createDPopToken","payload","crypto","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setIssuedAt","setExpirationTime","sign","DPoPPayload","object","jti","string","htm","union","literal","htu","ath","optional"],"sourceRoot":"../../../src","sources":["utils/dpop.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AAExB,SAASC,OAAO,QAA4B,6BAA6B;;AAEzE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAe,GAAG,MAAAA,CAC7BC,OAAoB,EACpBC,MAAqB,KACD;EACpB,MAAMC,GAAG,GAAG,MAAMD,MAAM,CAACE,YAAY,CAAC,CAAC;EACvC,OAAO,IAAIL,OAAO,CAACG,MAAM,CAAC,CACvBG,UAAU,CAACJ,OAAO,CAAC,CACnBK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,UAAU;IACfJ;EACF,CAAC,CAAC,CACDK,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;AAGD,OAAO,MAAMC,WAAW,GAAGb,CAAC,CAACc,MAAM,CAAC;EAClCC,GAAG,EAAEf,CAAC,CAACgB,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEjB,CAAC,CAACkB,KAAK,CAAC,CAAClB,CAAC,CAACmB,OAAO,CAAC,MAAM,CAAC,EAAEnB,CAAC,CAACmB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;EACnDC,GAAG,EAAEpB,CAAC,CAACgB,MAAM,CAAC,CAAC;EACfK,GAAG,EAAErB,CAAC,CAACgB,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC;AAC3B,CAAC,CAAC"}

package/lib/module/wallet-instance-attestation/index.js

@@ -1,8 +1,8 @@
 import { WalletInstanceAttestationJwt } from "./types";
 import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
 import { verify as verifyJwt } from "@pagopa/io-react-native-jwt";
-import { Issuing } from "./issuing";
-export { Issuing };
+import { getAttestation } from "./issuing";
+export { getAttestation };
 /**
  * Decode a given JWT to get the parsed Wallet Instance Attestation object they define.
  * It ensures provided data is in a valid shape.

package/lib/module/wallet-instance-attestation/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["WalletInstanceAttestationJwt","decode","decodeJwt","verify","verifyJwt","Issuing","token","decodedJwt","parse","header","protectedHeader","payload","decoded","pubKey","cnf","jwk"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/index.ts"],"mappings":"AAAA,SAASA,4BAA4B,QAAQ,SAAS;AACtD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AAEjE,SAASC,OAAO,QAAQ,WAAW;AACnC,SAASA,OAAO;AAChB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASJ,MAAMA,CAACK,KAAa,EAAgC;EAClE;EACA,MAAMC,UAAU,GAAGL,SAAS,CAACI,KAAK,CAAC;EACnC;EACA,OAAON,4BAA4B,CAACQ,KAAK,CAAC;IACxCC,MAAM,EAAEF,UAAU,CAACG,eAAe;IAClCC,OAAO,EAAEJ,UAAU,CAACI;EACtB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeR,MAAMA,CAC1BG,KAAa,EAC0B;EACvC,MAAMM,OAAO,GAAGX,MAAM,CAACK,KAAK,CAAC;EAC7B,MAAMO,MAAM,GAAGD,OAAO,CAACD,OAAO,CAACG,GAAG,CAACC,GAAG;EAEtC,MAAMX,SAAS,CAACE,KAAK,EAAEO,MAAM,CAAC;EAE9B,OAAOD,OAAO;AAChB"}
+{"version":3,"names":["WalletInstanceAttestationJwt","decode","decodeJwt","verify","verifyJwt","getAttestation","token","decodedJwt","parse","header","protectedHeader","payload","decoded","pubKey","cnf","jwk"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/index.ts"],"mappings":"AAAA,SAASA,4BAA4B,QAAQ,SAAS;AACtD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AAEjE,SAASC,cAAc,QAAQ,WAAW;AAC1C,SAASA,cAAc;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASJ,MAAMA,CAACK,KAAa,EAAgC;EAClE;EACA,MAAMC,UAAU,GAAGL,SAAS,CAACI,KAAK,CAAC;EACnC;EACA,OAAON,4BAA4B,CAACQ,KAAK,CAAC;IACxCC,MAAM,EAAEF,UAAU,CAACG,eAAe;IAClCC,OAAO,EAAEJ,UAAU,CAACI;EACtB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeR,MAAMA,CAC1BG,KAAa,EAC0B;EACvC,MAAMM,OAAO,GAAGX,MAAM,CAACK,KAAK,CAAC;EAC7B,MAAMO,MAAM,GAAGD,OAAO,CAACD,OAAO,CAACG,GAAG,CAACC,GAAG;EAEtC,MAAMX,SAAS,CAACE,KAAK,EAAEO,MAAM,CAAC;EAE9B,OAAOD,OAAO;AAChB"}

package/lib/module/wallet-instance-attestation/issuing.js

@@ -5,61 +5,43 @@ import { JWK, fixBase64EncodingOnKey } from "../utils/jwk";
 import { WalletInstanceAttestationRequestJwt } from "./types";
 import uuid from "react-native-uuid";
 import { WalletInstanceAttestationIssuingError } from "../utils/errors";
-export class Issuing {
-  constructor(walletProviderBaseUrl) {
-    let appFetch = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : fetch;
-    this.walletProviderBaseUrl = walletProviderBaseUrl;
-    this.appFetch = appFetch;
-  }
-
-  /**
-   * Get the Wallet Instance Attestation Request to sign
-   *
-   * @async @function
-   *
-   * @param jwk Public key of the wallet instance
-   *
-   * @returns {string} Wallet Instance Attestation Request to sign
-   *
-   */
-  async getAttestationRequestToSign(jwk) {
-    const parsedJwk = JWK.parse(jwk);
-    const keyThumbprint = await thumbprint(parsedJwk);
-    const publicKey = {
-      ...parsedJwk,
-      kid: keyThumbprint
-    };
-    const walletInstanceAttestationRequest = new SignJWT({
-      iss: keyThumbprint,
-      aud: this.walletProviderBaseUrl,
-      jti: `${uuid.v4()}`,
-      nonce: `${uuid.v4()}`,
-      cnf: {
-        jwk: fixBase64EncodingOnKey(publicKey)
-      }
-    }).setProtectedHeader({
-      alg: "ES256",
-      kid: publicKey.kid,
-      typ: "wiar+jwt"
-    }).setIssuedAt().setExpirationTime("1h").toSign();
-    return walletInstanceAttestationRequest;
-  }
+async function getAttestationRequest(wiaCryptoContext, walletProviderEntityConfiguration) {
+  const jwk = await wiaCryptoContext.getPublicKey();
+  const parsedJwk = JWK.parse(jwk);
+  const keyThumbprint = await thumbprint(parsedJwk);
+  const publicKey = {
+    ...parsedJwk,
+    kid: keyThumbprint
+  };
+  return new SignJWT(wiaCryptoContext).setPayload({
+    iss: keyThumbprint,
+    aud: walletProviderEntityConfiguration.payload.iss,
+    jti: `${uuid.v4()}`,
+    nonce: `${uuid.v4()}`,
+    cnf: {
+      jwk: fixBase64EncodingOnKey(publicKey)
+    }
+  }).setProtectedHeader({
+    kid: publicKey.kid,
+    typ: "wiar+jwt"
+  }).setIssuedAt().setExpirationTime("1h").sign();
+}
 
-  /**
-   * Get the Wallet Instance Attestation given a
-   * Wallet Instance Attestation Request and signature
-   *
-   * @async @function
-   *
-   * @param attestationRequest Wallet Instance Attestaion Request
-   * obtained with {@link getAttestationRequestToSign}
-   * @param signature Signature of the Wallet Instance Attestaion Request
-   *
-   * @returns {string} Wallet Instance Attestation
-   *
-   */
-  async getAttestation(attestationRequest, signature) {
-    const signedAttestationRequest = await SignJWT.appendSignature(attestationRequest, signature);
+/**
+ * Request a Wallet Instance Attestation (WIA) to the Wallet provider
+ *
+ * @param params.wiaCryptoContext The key pair associated with the WIA. Will be use to prove the ownership of the attestation.
+ * @param params.appFetch (optional) Http client
+ * @param walletProviderBaseUrl Base url for the Wallet Provider
+ * @returns The retrieved Wallet Instance Attestation token
+ */
+export const getAttestation = _ref => {
+  let {
+    wiaCryptoContext,
+    appFetch = fetch
+  } = _ref;
+  return async walletProviderEntityConfiguration => {
+    const signedAttestationRequest = await getAttestationRequest(wiaCryptoContext, walletProviderEntityConfiguration);
     const decodedRequest = decodeJwt(signedAttestationRequest);
     const parsedRequest = WalletInstanceAttestationRequestJwt.parse({
       payload: decodedRequest.payload,
@@ -67,12 +49,12 @@ export class Issuing {
     });
     const publicKey = parsedRequest.payload.cnf.jwk;
     await verifyJwt(signedAttestationRequest, publicKey);
-    const tokenUrl = new URL("token", this.walletProviderBaseUrl).href;
+    const tokenUrl = walletProviderEntityConfiguration.payload.metadata.wallet_provider.token_endpoint;
     const requestBody = {
       grant_type: "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation",
       assertion: signedAttestationRequest
     };
-    const response = await this.appFetch(tokenUrl, {
+    const response = await appFetch(tokenUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/json"
@@ -83,6 +65,6 @@ export class Issuing {
       return await response.text();
     }
     throw new WalletInstanceAttestationIssuingError("Unable to obtain wallet instance attestation from wallet provider", `Response code: ${response.status}`);
-  }
-}
+  };
+};
 //# sourceMappingURL=issuing.js.map

package/lib/module/wallet-instance-attestation/issuing.js.map

@@ -1 +1 @@
-{"version":3,"names":["decode","decodeJwt","verify","verifyJwt","SignJWT","thumbprint","JWK","fixBase64EncodingOnKey","WalletInstanceAttestationRequestJwt","uuid","WalletInstanceAttestationIssuingError","Issuing","constructor","walletProviderBaseUrl","appFetch","arguments","length","undefined","fetch","getAttestationRequestToSign","jwk","parsedJwk","parse","keyThumbprint","publicKey","kid","walletInstanceAttestationRequest","iss","aud","jti","v4","nonce","cnf","setProtectedHeader","alg","typ","setIssuedAt","setExpirationTime","toSign","getAttestation","attestationRequest","signature","signedAttestationRequest","appendSignature","decodedRequest","parsedRequest","payload","header","protectedHeader","tokenUrl","URL","href","requestBody","grant_type","assertion","response","method","headers","body","JSON","stringify","status","text"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/issuing.ts"],"mappings":"AAAA,SAASA,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,OAAO,EAAEC,UAAU,QAAQ,6BAA6B;AACjE,SAASC,GAAG,EAAEC,sBAAsB,QAAQ,cAAc;AAC1D,SAASC,mCAAmC,QAAQ,SAAS;AAC7D,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,qCAAqC,QAAQ,iBAAiB;AAEvE,OAAO,MAAMC,OAAO,CAAC;EAGnBC,WAAWA,CACTC,qBAA6B,EAE7B;IAAA,IADAC,QAA8B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;IAEtC,IAAI,CAACL,qBAAqB,GAAGA,qBAAqB;IAClD,IAAI,CAACC,QAAQ,GAAGA,QAAQ;EAC1B;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMK,2BAA2BA,CAACC,GAAQ,EAAmB;IAC3D,MAAMC,SAAS,GAAGf,GAAG,CAACgB,KAAK,CAACF,GAAG,CAAC;IAChC,MAAMG,aAAa,GAAG,MAAMlB,UAAU,CAACgB,SAAS,CAAC;IACjD,MAAMG,SAAS,GAAG;MAAE,GAAGH,SAAS;MAAEI,GAAG,EAAEF;IAAc,CAAC;IAEtD,MAAMG,gCAAgC,GAAG,IAAItB,OAAO,CAAC;MACnDuB,GAAG,EAAEJ,aAAa;MAClBK,GAAG,EAAE,IAAI,CAACf,qBAAqB;MAC/BgB,GAAG,EAAG,GAAEpB,IAAI,CAACqB,EAAE,CAAC,CAAE,EAAC;MACnBC,KAAK,EAAG,GAAEtB,IAAI,CAACqB,EAAE,CAAC,CAAE,EAAC;MACrBE,GAAG,EAAE;QACHZ,GAAG,EAAEb,sBAAsB,CAACiB,SAAS;MACvC;IACF,CAAC,CAAC,CACCS,kBAAkB,CAAC;MAClBC,GAAG,EAAE,OAAO;MACZT,GAAG,EAAED,SAAS,CAACC,GAAG;MAClBU,GAAG,EAAE;IACP,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,MAAM,CAAC,CAAC;IAEX,OAAOZ,gCAAgC;EACzC;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMa,cAAcA,CAClBC,kBAA0B,EAC1BC,SAAiB,EACA;IACjB,MAAMC,wBAAwB,GAAG,MAAMtC,OAAO,CAACuC,eAAe,CAC5DH,kBAAkB,EAClBC,SACF,CAAC;IAED,MAAMG,cAAc,GAAG3C,SAAS,CAACyC,wBAAwB,CAAC;IAC1D,MAAMG,aAAa,GAAGrC,mCAAmC,CAACc,KAAK,CAAC;MAC9DwB,OAAO,EAAEF,cAAc,CAACE,OAAO;MAC/BC,MAAM,EAAEH,cAAc,CAACI;IACzB,CAAC,CAAC;IACF,MAAMxB,SAAS,GAAGqB,aAAa,CAACC,OAAO,CAACd,GAAG,CAACZ,GAAG;IAE/C,MAAMjB,SAAS,CAACuC,wBAAwB,EAAElB,SAAS,CAAC;IAEpD,MAAMyB,QAAQ,GAAG,IAAIC,GAAG,CAAC,OAAO,EAAE,IAAI,CAACrC,qBAAqB,CAAC,CAACsC,IAAI;IAClE,MAAMC,WAAW,GAAG;MAClBC,UAAU,EACR,oEAAoE;MACtEC,SAAS,EAAEZ;IACb,CAAC;IACD,MAAMa,QAAQ,GAAG,MAAM,IAAI,CAACzC,QAAQ,CAACmC,QAAQ,EAAE;MAC7CO,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEC,IAAI,CAACC,SAAS,CAACR,WAAW;IAClC,CAAC,CAAC;IAEF,IAAIG,QAAQ,CAACM,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAIpD,qCAAqC,CAC7C,mEAAmE,EAClE,kBAAiB6C,QAAQ,CAACM,MAAO,EACpC,CAAC;EACH;AACF"}
+{"version":3,"names":["decode","decodeJwt","verify","verifyJwt","SignJWT","thumbprint","JWK","fixBase64EncodingOnKey","WalletInstanceAttestationRequestJwt","uuid","WalletInstanceAttestationIssuingError","getAttestationRequest","wiaCryptoContext","walletProviderEntityConfiguration","jwk","getPublicKey","parsedJwk","parse","keyThumbprint","publicKey","kid","setPayload","iss","aud","payload","jti","v4","nonce","cnf","setProtectedHeader","typ","setIssuedAt","setExpirationTime","sign","getAttestation","_ref","appFetch","fetch","signedAttestationRequest","decodedRequest","parsedRequest","header","protectedHeader","tokenUrl","metadata","wallet_provider","token_endpoint","requestBody","grant_type","assertion","response","method","headers","body","JSON","stringify","status","text"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/issuing.ts"],"mappings":"AAAA,SAEEA,MAAM,IAAIC,SAAS,QACd,6BAA6B;AACpC,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,OAAO,EAAEC,UAAU,QAAQ,6BAA6B;AACjE,SAASC,GAAG,EAAEC,sBAAsB,QAAQ,cAAc;AAC1D,SAASC,mCAAmC,QAAQ,SAAS;AAC7D,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,qCAAqC,QAAQ,iBAAiB;AAGvE,eAAeC,qBAAqBA,CAClCC,gBAA+B,EAC/BC,iCAAoE,EACnD;EACjB,MAAMC,GAAG,GAAG,MAAMF,gBAAgB,CAACG,YAAY,CAAC,CAAC;EACjD,MAAMC,SAAS,GAAGV,GAAG,CAACW,KAAK,CAACH,GAAG,CAAC;EAChC,MAAMI,aAAa,GAAG,MAAMb,UAAU,CAACW,SAAS,CAAC;EACjD,MAAMG,SAAS,GAAG;IAAE,GAAGH,SAAS;IAAEI,GAAG,EAAEF;EAAc,CAAC;EAEtD,OAAO,IAAId,OAAO,CAACQ,gBAAgB,CAAC,CACjCS,UAAU,CAAC;IACVC,GAAG,EAAEJ,aAAa;IAClBK,GAAG,EAAEV,iCAAiC,CAACW,OAAO,CAACF,GAAG;IAClDG,GAAG,EAAG,GAAEhB,IAAI,CAACiB,EAAE,CAAC,CAAE,EAAC;IACnBC,KAAK,EAAG,GAAElB,IAAI,CAACiB,EAAE,CAAC,CAAE,EAAC;IACrBE,GAAG,EAAE;MACHd,GAAG,EAAEP,sBAAsB,CAACY,SAAS;IACvC;EACF,CAAC,CAAC,CACDU,kBAAkB,CAAC;IAClBT,GAAG,EAAED,SAAS,CAACC,GAAG;IAClBU,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,cAAc,GACzBC,IAAA;EAAA,IAAC;IACCvB,gBAAgB;IAChBwB,QAAQ,GAAGC;EAIb,CAAC,GAAAF,IAAA;EAAA,OACD,MACEtB,iCAAoE,IAChD;IACpB,MAAMyB,wBAAwB,GAAG,MAAM3B,qBAAqB,CAC1DC,gBAAgB,EAChBC,iCACF,CAAC;IAED,MAAM0B,cAAc,GAAGtC,SAAS,CAACqC,wBAAwB,CAAC;IAC1D,MAAME,aAAa,GAAGhC,mCAAmC,CAACS,KAAK,CAAC;MAC9DO,OAAO,EAAEe,cAAc,CAACf,OAAO;MAC/BiB,MAAM,EAAEF,cAAc,CAACG;IACzB,CAAC,CAAC;IACF,MAAMvB,SAAS,GAAGqB,aAAa,CAAChB,OAAO,CAACI,GAAG,CAACd,GAAG;IAE/C,MAAMX,SAAS,CAACmC,wBAAwB,EAAEnB,SAAS,CAAC;IAEpD,MAAMwB,QAAQ,GACZ9B,iCAAiC,CAACW,OAAO,CAACoB,QAAQ,CAACC,eAAe,CAC/DC,cAAc;IACnB,MAAMC,WAAW,GAAG;MAClBC,UAAU,EACR,oEAAoE;MACtEC,SAAS,EAAEX;IACb,CAAC;IACD,MAAMY,QAAQ,GAAG,MAAMd,QAAQ,CAACO,QAAQ,EAAE;MACxCQ,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEC,IAAI,CAACC,SAAS,CAACR,WAAW;IAClC,CAAC,CAAC;IAEF,IAAIG,QAAQ,CAACM,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAI/C,qCAAqC,CAC7C,mEAAmE,EAClE,kBAAiBwC,QAAQ,CAACM,MAAO,EACpC,CAAC;EACH,CAAC;AAAA"}

package/lib/typescript/index.d.ts

@@ -3,10 +3,8 @@ import * as PID from "./pid";
 import * as RP from "./rp";
 import * as Errors from "./utils/errors";
 import * as WalletInstanceAttestation from "./wallet-instance-attestation";
-import { getUnsignedDPop } from "./utils/dpop";
-import { RelyingPartySolution } from "./rp";
-import { RpEntityConfiguration } from "./rp/types";
-import { verifyTrustChain, getEntityConfiguration } from "./trust";
-import { EntityConfiguration, EntityStatement, TrustAnchorEntityConfiguration } from "./trust/types";
-export { PID, RP, WalletInstanceAttestation, Errors, getUnsignedDPop, RelyingPartySolution, verifyTrustChain, getEntityConfiguration, EntityConfiguration, EntityStatement, RpEntityConfiguration, TrustAnchorEntityConfiguration, };
+import * as RelyingPartySolution from "./rp";
+import { verifyTrustChain, getEntityConfiguration, getCredentialIssuerEntityConfiguration, getRelyingPartyEntityConfiguration, getTrustAnchorEntityConfiguration, getWalletProviderEntityConfiguration } from "./trust";
+import { createCryptoContextFor } from "./utils/crypto";
+export { PID, RP, WalletInstanceAttestation, Errors, RelyingPartySolution, verifyTrustChain, getEntityConfiguration, getCredentialIssuerEntityConfiguration, getRelyingPartyEntityConfiguration, getTrustAnchorEntityConfiguration, getWalletProviderEntityConfiguration, createCryptoContextFor, };
 //# sourceMappingURL=index.d.ts.map

package/lib/typescript/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,gCAAgC,CAAC;AAExC,OAAO,KAAK,GAAG,MAAM,OAAO,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,MAAM,CAAC;AAC3B,OAAO,KAAK,MAAM,MAAM,gBAAgB,CAAC;AACzC,OAAO,KAAK,yBAAyB,MAAM,+BAA+B,CAAC;AAC3E,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAC/C,OAAO,EAAE,oBAAoB,EAAE,MAAM,MAAM,CAAC;AAC5C,OAAO,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,MAAM,SAAS,CAAC;AACnE,OAAO,EACL,mBAAmB,EACnB,eAAe,EACf,8BAA8B,EAC/B,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,GAAG,EACH,EAAE,EACF,yBAAyB,EACzB,MAAM,EACN,eAAe,EACf,oBAAoB,EACpB,gBAAgB,EAChB,sBAAsB,EACtB,mBAAmB,EACnB,eAAe,EACf,qBAAqB,EACrB,8BAA8B,GAC/B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,gCAAgC,CAAC;AAExC,OAAO,KAAK,GAAG,MAAM,OAAO,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,MAAM,CAAC;AAC3B,OAAO,KAAK,MAAM,MAAM,gBAAgB,CAAC;AACzC,OAAO,KAAK,yBAAyB,MAAM,+BAA+B,CAAC;AAC3E,OAAO,KAAK,oBAAoB,MAAM,MAAM,CAAC;AAC7C,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EACtB,sCAAsC,EACtC,kCAAkC,EAClC,iCAAiC,EACjC,oCAAoC,EACrC,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAExD,OAAO,EACL,GAAG,EACH,EAAE,EACF,yBAAyB,EACzB,MAAM,EACN,oBAAoB,EACpB,gBAAgB,EAChB,sBAAsB,EACtB,sCAAsC,EACtC,kCAAkC,EAClC,iCAAiC,EACjC,oCAAoC,EACpC,sBAAsB,GACvB,CAAC"}

package/lib/typescript/pid/index.d.ts

@@ -1,4 +1,4 @@
 import * as SdJwt from "./sd-jwt";
-import { Issuing } from "./issuing";
+import * as Issuing from "./issuing";
 export { SdJwt, Issuing };
 //# sourceMappingURL=index.d.ts.map

package/lib/typescript/pid/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/pid/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,UAAU,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/pid/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,UAAU,CAAC;AAClC,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AACrC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC"}

package/lib/typescript/pid/issuing.d.ts

@@ -1,14 +1,19 @@
-import { JWK } from "../utils/jwk";
-import { PidIssuerEntityConfiguration } from "./metadata";
+/// <reference types="react-native" />
+import { type CryptoContext } from "@pagopa/io-react-native-jwt";
+import { CredentialIssuerEntityConfiguration } from "../trust/types";
 export type CieData = {
     birthDate: string;
     fiscalCode: string;
     name: string;
     surname: string;
 };
-export type TokenResponse = {
-    access_token: string;
-    c_nonce: string;
+export type AuthorizationConf = {
+    accessToken: string;
+    nonce: string;
+    clientId: string;
+    authorizationCode: string;
+    codeVerifier: string;
+    walletProviderBaseUrl: string;
 };
 export type PidResponse = {
     credential: string;
@@ -16,87 +21,37 @@ export type PidResponse = {
     c_nonce_expires_in: number;
     format: string;
 };
-export declare class Issuing {
-    pidProviderBaseUrl: string;
-    walletProviderBaseUrl: string;
-    walletInstanceAttestation: string;
-    codeVerifier: string;
-    clientId: string;
-    state: string;
-    authorizationCode: string;
-    appFetch: GlobalFetch["fetch"];
-    constructor(pidProviderBaseUrl: string, walletProviderBaseUrl: string, walletInstanceAttestation: string, clientId: string, appFetch?: GlobalFetch["fetch"]);
-    /**
-     * Return the unsigned jwt to call the PAR request.
-     *
-     * @function
-     * @param jwk The wallet instance attestation public JWK
-     *
-     * @returns Unsigned jwt
-     *
-     */
-    getUnsignedJwtForPar(jwk: JWK): Promise<string>;
-    /**
-     * Make a PAR request to the PID issuer and return the response url
-     *
-     * @function
-     * @param unsignedJwtForPar The unsigned JWT for PAR
-     * @param signature The JWT for PAR signature
-     *
-     * @returns Unsigned PAR url
-     *
-     */
-    getPar(unsignedJwtForPar: string, signature: string): Promise<string>;
-    /**
-     * Return the unsigned jwt for a generic DPoP
-     *
-     * @function
-     * @param jwk the public key for which the DPoP is to be created
-     *
-     * @returns Unsigned JWT for DPoP
-     *
-     */
-    getUnsignedDPoP(jwk: JWK): Promise<string>;
-    /**
-     * Make an auth token request to the PID issuer
-     *
-     * @function
-     * @returns a token response
-     *
-     */
-    getAuthToken(): Promise<TokenResponse>;
-    /**
-     * Return the unsigned jwt for nonce proof of possession
-     *
-     * @function
-     * @param nonce the nonce
-     *
-     * @returns Unsigned JWT for nonce proof
-     *
-     */
-    getUnsignedNonceProof(nonce: string): Promise<string>;
-    /**
-     * Make the credential issuing request to the PID issuer
-     *
-     * @function
-     * @param unsignedDPopForPid The unsigned JWT for PID DPoP
-     * @param dPopPidSignature The JWT for PID DPoP signature
-     * @param unsignedNonceProof The unsigned JWT for nonce proof
-     * @param nonceProofSignature The JWT for nonce proof signature
-     * @param accessToken The access token obtained with getAuthToken
-     * @param cieData Personal data read by the CIE
-     *
-     * @returns a credential
-     *
-     */
-    getCredential(unsignedDPopForPid: string, dPopPidSignature: string, unsignedNonceProof: string, nonceProofSignature: string, accessToken: string, cieData: CieData): Promise<PidResponse>;
-    /**
-     * Obtain the PID issuer metadata
-     *
-     * @function
-     * @returns PID issuer metadata
-     *
-     */
-    getEntityConfiguration(): Promise<PidIssuerEntityConfiguration>;
-}
+/**
+ * Start the issuing flow by generating an authorization request to the PID Provider. Obtain from the PID Provider an access token to be used to complete the issuing flow.
+ *
+ * @param params.wiaCryptoContext The key pair associated with the WIA. Will be use to prove the ownership of the attestation.
+ * @param params.appFetch (optional) Http client
+ * @param walletInstanceAttestation Wallet Instance Attestation token.
+ * @param walletProviderBaseUrl Base url for the Wallet Provider
+ * @param pidProviderEntityConfiguration The Entity Configuration of the PID Provider, from which discover public endooints.
+ * @returns The access token along with the values that identify the issuing session.
+ */
+export declare const authorizeIssuing: ({ wiaCryptoContext, appFetch, }: {
+    wiaCryptoContext: CryptoContext;
+    appFetch?: {
+        (input: RequestInfo, init?: RequestInit | undefined): Promise<Response>;
+        (input: RequestInfo, init?: RequestInit | undefined): Promise<Response>;
+    } | undefined;
+}) => (walletInstanceAttestation: string, walletProviderBaseUrl: string, pidProviderEntityConfiguration: CredentialIssuerEntityConfiguration) => Promise<AuthorizationConf>;
+/**
+ * Complete the issuing flow and get the PID credential.
+ *
+ * @param params.pidCryptoContext The key pair associated with the PID. Will be use to prove the ownership of the credential.
+ * @param params.appFetch (optional) Http client
+ * @param authConf The authorization configuration retrieved with the access token
+ * @param cieData Data red from the CIE login process
+ * @returns The PID credential token
+ */
+export declare const getCredential: ({ pidCryptoContext, appFetch, }: {
+    pidCryptoContext: CryptoContext;
+    appFetch?: {
+        (input: RequestInfo, init?: RequestInit | undefined): Promise<Response>;
+        (input: RequestInfo, init?: RequestInit | undefined): Promise<Response>;
+    } | undefined;
+}) => ({ nonce, accessToken, clientId, walletProviderBaseUrl }: AuthorizationConf, pidProviderEntityConfiguration: CredentialIssuerEntityConfiguration, cieData: CieData) => Promise<PidResponse>;
 //# sourceMappingURL=issuing.d.ts.map

package/lib/typescript/pid/issuing.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"issuing.d.ts","sourceRoot":"","sources":["../../../src/pid/issuing.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AAKnC,OAAO,EAAE,4BAA4B,EAAE,MAAM,YAAY,CAAC;AAI1D,MAAM,MAAM,OAAO,GAAG;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AACtE,MAAM,MAAM,WAAW,GAAG;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,qBAAa,OAAO;IAClB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,yBAAyB,EAAE,MAAM,CAAC;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,EAAE,MAAM,CAAC;IAC1B,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;gBAG7B,kBAAkB,EAAE,MAAM,EAC1B,qBAAqB,EAAE,MAAM,EAC7B,yBAAyB,EAAE,MAAM,EACjC,QAAQ,EAAE,MAAM,EAChB,QAAQ,GAAE,WAAW,CAAC,OAAO,CAAS;IAYxC;;;;;;;;OAQG;IACG,oBAAoB,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IAoCrD;;;;;;;;;OASG;IACG,MAAM,CAAC,iBAAiB,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAwC3E;;;;;;;;OAQG;IACG,eAAe,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IAUhD;;;;;;OAMG;IACG,YAAY,IAAI,OAAO,CAAC,aAAa,CAAC;IA4C5C;;;;;;;;OAQG;IACG,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAgB3D;;;;;;;;;;;;;OAaG;IACG,aAAa,CACjB,kBAAkB,EAAE,MAAM,EAC1B,gBAAgB,EAAE,MAAM,EACxB,kBAAkB,EAAE,MAAM,EAC1B,mBAAmB,EAAE,MAAM,EAC3B,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,WAAW,CAAC;IAuCvB;;;;;;OAMG;IACG,sBAAsB,IAAI,OAAO,CAAC,4BAA4B,CAAC;CA2BtE"}
+{"version":3,"file":"issuing.d.ts","sourceRoot":"","sources":["../../../src/pid/issuing.ts"],"names":[],"mappings":";AAAA,OAAO,EAEL,KAAK,aAAa,EAGnB,MAAM,6BAA6B,CAAC;AAKrC,OAAO,EAAE,mCAAmC,EAAE,MAAM,gBAAgB,CAAC;AAMrE,MAAM,MAAM,OAAO,GAAG;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,qBAAqB,EAAE,MAAM,CAAC;CAC/B,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAoGF;;;;;;;;;GASG;AACH,eAAO,MAAM,gBAAgB;sBAKP,aAAa;;;;;kCAIJ,MAAM,yBACV,MAAM,kCACG,mCAAmC,KAClE,QAAQ,iBAAiB,CAoE3B,CAAC;AA0BJ;;;;;;;;GAQG;AACH,eAAO,MAAM,aAAa;sBAKJ,aAAa;;;;;gEAI0B,iBAAiB,kCAC1C,mCAAmC,WAC1D,OAAO,KACf,QAAQ,WAAW,CAuDrB,CAAC"}