@pagopa/io-react-native-wallet 0.5.0 → 0.6.1

package/src/trust/types.ts

@@ -5,6 +5,29 @@ import * as z from "zod";
 export const TrustMark = z.object({ id: z.string(), trust_mark: z.string() });
 export type TrustMark = z.infer<typeof TrustMark>;
 
+// Display metadata for a credential, used by the issuer to
+// instruct the Wallet Solution on how to render the credential correctly
+type CredentialDisplayMetadata = z.infer<typeof CredentialDisplayMetadata>;
+const CredentialDisplayMetadata = z.object({
+  name: z.string(),
+  locale: z.string(),
+  logo: z.object({
+    url: z.string(),
+    alt_text: z.string(),
+  }),
+  background_color: z.string(),
+  text_color: z.string(),
+});
+
+// Metadata for a credentia which i supported by a Issuer
+type SupportedCredentialMetadata = z.infer<typeof SupportedCredentialMetadata>;
+const SupportedCredentialMetadata = z.object({
+  format: z.literal("vc+sd-jwt"),
+  cryptographic_binding_methods_supported: z.array(z.string()),
+  cryptographic_suites_supported: z.array(z.string()),
+  display: z.array(CredentialDisplayMetadata),
+});
+
 export type EntityStatement = z.infer<typeof EntityStatement>;
 export const EntityStatement = z.object({
   header: z.object({
@@ -31,8 +54,8 @@ export const EntityConfigurationHeader = z.object({
   kid: z.string(),
 });
 
-export type EntityConfiguration = z.infer<typeof EntityConfiguration>;
-export const EntityConfiguration = z.object({
+// Structuire common to every Entity Configuration document
+const BaseEntityConfiguration = z.object({
   header: EntityConfigurationHeader,
   payload: z
     .object({
@@ -65,7 +88,95 @@ export const EntityConfiguration = z.object({
     .passthrough(),
 });
 
+// Entity configuration for a Trust Anchor (it has no specific metadata section)
 export type TrustAnchorEntityConfiguration = z.infer<
   typeof TrustAnchorEntityConfiguration
 >;
-export const TrustAnchorEntityConfiguration = EntityConfiguration;
+export const TrustAnchorEntityConfiguration = BaseEntityConfiguration;
+
+// Entity configuration for a Credential Issuer
+export type CredentialIssuerEntityConfiguration = z.infer<
+  typeof CredentialIssuerEntityConfiguration
+>;
+export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(
+  z.object({
+    payload: z.object({
+      jwks: z.object({ keys: z.array(JWK) }),
+      metadata: z.object({
+        openid_credential_issuer: z.object({
+          credential_issuer: z.string(),
+          authorization_endpoint: z.string(),
+          token_endpoint: z.string(),
+          pushed_authorization_request_endpoint: z.string(),
+          dpop_signing_alg_values_supported: z.array(z.string()),
+          credential_endpoint: z.string(),
+          credentials_supported: z.array(SupportedCredentialMetadata),
+          jwks: z.object({ keys: z.array(JWK) }),
+        }),
+      }),
+    }),
+  })
+);
+
+// Entity configuration for a Wallet Provider
+export type WalletProviderEntityConfiguration = z.infer<
+  typeof WalletProviderEntityConfiguration
+>;
+export const WalletProviderEntityConfiguration = BaseEntityConfiguration.and(
+  z.object({
+    payload: z.object({
+      metadata: z.object({
+        wallet_provider: z
+          .object({
+            token_endpoint: z.string(),
+            attested_security_context_values_supported: z
+              .array(z.string())
+              .optional(),
+            grant_types_supported: z.array(z.string()),
+            token_endpoint_auth_methods_supported: z.array(z.string()),
+            token_endpoint_auth_signing_alg_values_supported: z.array(
+              z.string()
+            ),
+            jwks: z.object({ keys: z.array(JWK) }),
+          })
+          .passthrough(),
+      }),
+    }),
+  })
+);
+
+// Entity configuration for a Relying Party
+export type RelyingPartyEntityConfiguration = z.infer<
+  typeof RelyingPartyEntityConfiguration
+>;
+export const RelyingPartyEntityConfiguration = BaseEntityConfiguration.and(
+  z.object({
+    payload: z.object({
+      metadata: z.object({
+        wallet_relying_party: z
+          .object({
+            application_type: z.string().optional(),
+            client_id: z.string().optional(),
+            client_name: z.string().optional(),
+            jwks: z.array(JWK),
+            contacts: z.array(z.string()).optional(),
+          })
+          .passthrough(),
+      }),
+    }),
+  })
+);
+
+// Maps any entity configuration by the union of every possible shapes
+export type EntityConfiguration = z.infer<typeof EntityConfiguration>;
+export const EntityConfiguration = z.union(
+  [
+    WalletProviderEntityConfiguration,
+    CredentialIssuerEntityConfiguration,
+    TrustAnchorEntityConfiguration,
+    RelyingPartyEntityConfiguration,
+  ],
+  {
+    description: "Any kind of Entity Configuration allowed in the ecosystem",
+  }
+);

package/src/wallet-instance-attestation/issuing.ts

@@ -8,10 +8,11 @@ import { JWK, fixBase64EncodingOnKey } from "../utils/jwk";
 import { WalletInstanceAttestationRequestJwt } from "./types";
 import uuid from "react-native-uuid";
 import { WalletInstanceAttestationIssuingError } from "../utils/errors";
+import type { WalletProviderEntityConfiguration } from "../trust/types";
 
 async function getAttestationRequest(
   wiaCryptoContext: CryptoContext,
-  walletProviderBaseUrl: string
+  walletProviderEntityConfiguration: WalletProviderEntityConfiguration
 ): Promise<string> {
   const jwk = await wiaCryptoContext.getPublicKey();
   const parsedJwk = JWK.parse(jwk);
@@ -21,7 +22,7 @@ async function getAttestationRequest(
   return new SignJWT(wiaCryptoContext)
     .setPayload({
       iss: keyThumbprint,
-      aud: walletProviderBaseUrl,
+      aud: walletProviderEntityConfiguration.payload.iss,
       jti: `${uuid.v4()}`,
       nonce: `${uuid.v4()}`,
       cnf: {
@@ -32,16 +33,6 @@ async function getAttestationRequest(
       kid: publicKey.kid,
       typ: "wiar+jwt",
     })
-    .setPayload({
-      iss: keyThumbprint,
-      sub: walletProviderBaseUrl,
-      jti: `${uuid.v4()}`,
-      type: "WalletInstanceAttestationRequest",
-      cnf: {
-        jwk: fixBase64EncodingOnKey(publicKey),
-      },
-    })
-
     .setIssuedAt()
     .setExpirationTime("1h")
     .sign();
@@ -63,10 +54,12 @@ export const getAttestation =
     wiaCryptoContext: CryptoContext;
     appFetch?: GlobalFetch["fetch"];
   }) =>
-  async (walletProviderBaseUrl: string): Promise<string> => {
+  async (
+    walletProviderEntityConfiguration: WalletProviderEntityConfiguration
+  ): Promise<string> => {
     const signedAttestationRequest = await getAttestationRequest(
       wiaCryptoContext,
-      walletProviderBaseUrl
+      walletProviderEntityConfiguration
     );
 
     const decodedRequest = decodeJwt(signedAttestationRequest);
@@ -78,7 +71,9 @@ export const getAttestation =
 
     await verifyJwt(signedAttestationRequest, publicKey);
 
-    const tokenUrl = new URL("token", walletProviderBaseUrl).href;
+    const tokenUrl =
+      walletProviderEntityConfiguration.payload.metadata.wallet_provider
+        .token_endpoint;
     const requestBody = {
       grant_type:
         "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation",

package/lib/commonjs/pid/metadata.js

@@ -1,52 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.PidIssuerEntityConfiguration = exports.PidDisplayMetadata = void 0;
-var _types = require("../trust/types");
-var _jwk = require("../utils/jwk");
-var _zod = require("zod");
-const PidDisplayMetadata = _zod.z.object({
-  name: _zod.z.string(),
-  locale: _zod.z.string(),
-  logo: _zod.z.object({
-    url: _zod.z.string(),
-    alt_text: _zod.z.string()
-  }),
-  background_color: _zod.z.string(),
-  text_color: _zod.z.string()
-});
-exports.PidDisplayMetadata = PidDisplayMetadata;
-const PidIssuerEntityConfiguration = _types.EntityConfiguration.and(_zod.z.object({
-  payload: _zod.z.object({
-    jwks: _zod.z.object({
-      keys: _zod.z.array(_jwk.JWK)
-    }),
-    metadata: _zod.z.object({
-      openid_credential_issuer: _zod.z.object({
-        credential_issuer: _zod.z.string(),
-        authorization_endpoint: _zod.z.string(),
-        token_endpoint: _zod.z.string(),
-        pushed_authorization_request_endpoint: _zod.z.string(),
-        dpop_signing_alg_values_supported: _zod.z.array(_zod.z.string()),
-        credential_endpoint: _zod.z.string(),
-        credentials_supported: _zod.z.array(_zod.z.object({
-          format: _zod.z.literal("vc+sd-jwt"),
-          cryptographic_binding_methods_supported: _zod.z.array(_zod.z.string()),
-          cryptographic_suites_supported: _zod.z.array(_zod.z.string()),
-          display: _zod.z.array(PidDisplayMetadata)
-        }))
-      }),
-      federation_entity: _zod.z.object({
-        organization_name: _zod.z.string(),
-        homepage_uri: _zod.z.string(),
-        policy_uri: _zod.z.string(),
-        tos_uri: _zod.z.string(),
-        logo_uri: _zod.z.string()
-      })
-    })
-  })
-}));
-exports.PidIssuerEntityConfiguration = PidIssuerEntityConfiguration;
-//# sourceMappingURL=metadata.js.map

package/lib/commonjs/pid/metadata.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["_types","require","_jwk","_zod","PidDisplayMetadata","z","object","name","string","locale","logo","url","alt_text","background_color","text_color","exports","PidIssuerEntityConfiguration","EntityConfiguration","and","payload","jwks","keys","array","JWK","metadata","openid_credential_issuer","credential_issuer","authorization_endpoint","token_endpoint","pushed_authorization_request_endpoint","dpop_signing_alg_values_supported","credential_endpoint","credentials_supported","format","literal","cryptographic_binding_methods_supported","cryptographic_suites_supported","display","federation_entity","organization_name","homepage_uri","policy_uri","tos_uri","logo_uri"],"sourceRoot":"../../../src","sources":["pid/metadata.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,IAAA,GAAAF,OAAA;AAGO,MAAMG,kBAAkB,GAAGC,MAAC,CAACC,MAAM,CAAC;EACzCC,IAAI,EAAEF,MAAC,CAACG,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEJ,MAAC,CAACG,MAAM,CAAC,CAAC;EAClBE,IAAI,EAAEL,MAAC,CAACC,MAAM,CAAC;IACbK,GAAG,EAAEN,MAAC,CAACG,MAAM,CAAC,CAAC;IACfI,QAAQ,EAAEP,MAAC,CAACG,MAAM,CAAC;EACrB,CAAC,CAAC;EACFK,gBAAgB,EAAER,MAAC,CAACG,MAAM,CAAC,CAAC;EAC5BM,UAAU,EAAET,MAAC,CAACG,MAAM,CAAC;AACvB,CAAC,CAAC;AAACO,OAAA,CAAAX,kBAAA,GAAAA,kBAAA;AAKI,MAAMY,4BAA4B,GAAGC,0BAAmB,CAACC,GAAG,CACjEb,MAAC,CAACC,MAAM,CAAC;EACPa,OAAO,EAAEd,MAAC,CAACC,MAAM,CAAC;IAChBc,IAAI,EAAEf,MAAC,CAACC,MAAM,CAAC;MAAEe,IAAI,EAAEhB,MAAC,CAACiB,KAAK,CAACC,QAAG;IAAE,CAAC,CAAC;IACtCC,QAAQ,EAAEnB,MAAC,CAACC,MAAM,CAAC;MACjBmB,wBAAwB,EAAEpB,MAAC,CAACC,MAAM,CAAC;QACjCoB,iBAAiB,EAAErB,MAAC,CAACG,MAAM,CAAC,CAAC;QAC7BmB,sBAAsB,EAAEtB,MAAC,CAACG,MAAM,CAAC,CAAC;QAClCoB,cAAc,EAAEvB,MAAC,CAACG,MAAM,CAAC,CAAC;QAC1BqB,qCAAqC,EAAExB,MAAC,CAACG,MAAM,CAAC,CAAC;QACjDsB,iCAAiC,EAAEzB,MAAC,CAACiB,KAAK,CAACjB,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC;QACtDuB,mBAAmB,EAAE1B,MAAC,CAACG,MAAM,CAAC,CAAC;QAC/BwB,qBAAqB,EAAE3B,MAAC,CAACiB,KAAK,CAC5BjB,MAAC,CAACC,MAAM,CAAC;UACP2B,MAAM,EAAE5B,MAAC,CAAC6B,OAAO,CAAC,WAAW,CAAC;UAC9BC,uCAAuC,EAAE9B,MAAC,CAACiB,KAAK,CAACjB,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC;UAC5D4B,8BAA8B,EAAE/B,MAAC,CAACiB,KAAK,CAACjB,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC;UACnD6B,OAAO,EAAEhC,MAAC,CAACiB,KAAK,CAAClB,kBAAkB;QACrC,CAAC,CACH;MACF,CAAC,CAAC;MACFkC,iBAAiB,EAAEjC,MAAC,CAACC,MAAM,CAAC;QAC1BiC,iBAAiB,EAAElC,MAAC,CAACG,MAAM,CAAC,CAAC;QAC7BgC,YAAY,EAAEnC,MAAC,CAACG,MAAM,CAAC,CAAC;QACxBiC,UAAU,EAAEpC,MAAC,CAACG,MAAM,CAAC,CAAC;QACtBkC,OAAO,EAAErC,MAAC,CAACG,MAAM,CAAC,CAAC;QACnBmC,QAAQ,EAAEtC,MAAC,CAACG,MAAM,CAAC;MACrB,CAAC;IACH,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;AAACO,OAAA,CAAAC,4BAAA,GAAAA,4BAAA"}

package/lib/module/pid/metadata.js

@@ -1,44 +0,0 @@
-import { EntityConfiguration } from "../trust/types";
-import { JWK } from "../utils/jwk";
-import { z } from "zod";
-export const PidDisplayMetadata = z.object({
-  name: z.string(),
-  locale: z.string(),
-  logo: z.object({
-    url: z.string(),
-    alt_text: z.string()
-  }),
-  background_color: z.string(),
-  text_color: z.string()
-});
-export const PidIssuerEntityConfiguration = EntityConfiguration.and(z.object({
-  payload: z.object({
-    jwks: z.object({
-      keys: z.array(JWK)
-    }),
-    metadata: z.object({
-      openid_credential_issuer: z.object({
-        credential_issuer: z.string(),
-        authorization_endpoint: z.string(),
-        token_endpoint: z.string(),
-        pushed_authorization_request_endpoint: z.string(),
-        dpop_signing_alg_values_supported: z.array(z.string()),
-        credential_endpoint: z.string(),
-        credentials_supported: z.array(z.object({
-          format: z.literal("vc+sd-jwt"),
-          cryptographic_binding_methods_supported: z.array(z.string()),
-          cryptographic_suites_supported: z.array(z.string()),
-          display: z.array(PidDisplayMetadata)
-        }))
-      }),
-      federation_entity: z.object({
-        organization_name: z.string(),
-        homepage_uri: z.string(),
-        policy_uri: z.string(),
-        tos_uri: z.string(),
-        logo_uri: z.string()
-      })
-    })
-  })
-}));
-//# sourceMappingURL=metadata.js.map

package/lib/module/pid/metadata.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["EntityConfiguration","JWK","z","PidDisplayMetadata","object","name","string","locale","logo","url","alt_text","background_color","text_color","PidIssuerEntityConfiguration","and","payload","jwks","keys","array","metadata","openid_credential_issuer","credential_issuer","authorization_endpoint","token_endpoint","pushed_authorization_request_endpoint","dpop_signing_alg_values_supported","credential_endpoint","credentials_supported","format","literal","cryptographic_binding_methods_supported","cryptographic_suites_supported","display","federation_entity","organization_name","homepage_uri","policy_uri","tos_uri","logo_uri"],"sourceRoot":"../../../src","sources":["pid/metadata.ts"],"mappings":"AAAA,SAASA,mBAAmB,QAAQ,gBAAgB;AACpD,SAASC,GAAG,QAAQ,cAAc;AAClC,SAASC,CAAC,QAAQ,KAAK;AAGvB,OAAO,MAAMC,kBAAkB,GAAGD,CAAC,CAACE,MAAM,CAAC;EACzCC,IAAI,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEL,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBE,IAAI,EAAEN,CAAC,CAACE,MAAM,CAAC;IACbK,GAAG,EAAEP,CAAC,CAACI,MAAM,CAAC,CAAC;IACfI,QAAQ,EAAER,CAAC,CAACI,MAAM,CAAC;EACrB,CAAC,CAAC;EACFK,gBAAgB,EAAET,CAAC,CAACI,MAAM,CAAC,CAAC;EAC5BM,UAAU,EAAEV,CAAC,CAACI,MAAM,CAAC;AACvB,CAAC,CAAC;AAKF,OAAO,MAAMO,4BAA4B,GAAGb,mBAAmB,CAACc,GAAG,CACjEZ,CAAC,CAACE,MAAM,CAAC;EACPW,OAAO,EAAEb,CAAC,CAACE,MAAM,CAAC;IAChBY,IAAI,EAAEd,CAAC,CAACE,MAAM,CAAC;MAAEa,IAAI,EAAEf,CAAC,CAACgB,KAAK,CAACjB,GAAG;IAAE,CAAC,CAAC;IACtCkB,QAAQ,EAAEjB,CAAC,CAACE,MAAM,CAAC;MACjBgB,wBAAwB,EAAElB,CAAC,CAACE,MAAM,CAAC;QACjCiB,iBAAiB,EAAEnB,CAAC,CAACI,MAAM,CAAC,CAAC;QAC7BgB,sBAAsB,EAAEpB,CAAC,CAACI,MAAM,CAAC,CAAC;QAClCiB,cAAc,EAAErB,CAAC,CAACI,MAAM,CAAC,CAAC;QAC1BkB,qCAAqC,EAAEtB,CAAC,CAACI,MAAM,CAAC,CAAC;QACjDmB,iCAAiC,EAAEvB,CAAC,CAACgB,KAAK,CAAChB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;QACtDoB,mBAAmB,EAAExB,CAAC,CAACI,MAAM,CAAC,CAAC;QAC/BqB,qBAAqB,EAAEzB,CAAC,CAACgB,KAAK,CAC5BhB,CAAC,CAACE,MAAM,CAAC;UACPwB,MAAM,EAAE1B,CAAC,CAAC2B,OAAO,CAAC,WAAW,CAAC;UAC9BC,uCAAuC,EAAE5B,CAAC,CAACgB,KAAK,CAAChB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;UAC5DyB,8BAA8B,EAAE7B,CAAC,CAACgB,KAAK,CAAChB,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;UACnD0B,OAAO,EAAE9B,CAAC,CAACgB,KAAK,CAACf,kBAAkB;QACrC,CAAC,CACH;MACF,CAAC,CAAC;MACF8B,iBAAiB,EAAE/B,CAAC,CAACE,MAAM,CAAC;QAC1B8B,iBAAiB,EAAEhC,CAAC,CAACI,MAAM,CAAC,CAAC;QAC7B6B,YAAY,EAAEjC,CAAC,CAACI,MAAM,CAAC,CAAC;QACxB8B,UAAU,EAAElC,CAAC,CAACI,MAAM,CAAC,CAAC;QACtB+B,OAAO,EAAEnC,CAAC,CAACI,MAAM,CAAC,CAAC;QACnBgC,QAAQ,EAAEpC,CAAC,CAACI,MAAM,CAAC;MACrB,CAAC;IACH,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC"}