@pagopa/io-react-native-wallet 0.6.1 → 0.7.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -13,11 +13,19 @@ var WalletInstanceAttestation = _interopRequireWildcard(require("../wallet-insta
13
13
  var _ioReactNativeCrypto = require("@pagopa/io-react-native-crypto");
14
14
  var _2 = require(".");
15
15
  var _crypto = require("../utils/crypto");
16
+ var z = _interopRequireWildcard(require("zod"));
17
+ var _decoder = require("../utils/decoder");
16
18
  function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
17
19
  function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
18
20
  function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
19
21
  // This is a temporary type that will be used for demo purposes only
20
22
 
23
+ const AuthenticationRequestResponse = z.object({
24
+ code: z.string(),
25
+ state: z.string(),
26
+ // TODO: refine to known paths using literals
27
+ iss: z.string()
28
+ });
21
29
  const assertionType = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
22
30
 
23
31
  /**
@@ -83,31 +91,71 @@ const getPar = _ref => {
83
91
  };
84
92
  };
85
93
 
94
+ /**
95
+ * Make an authorization request
96
+ */
97
+ const getAuthenticationRequest = _ref2 => {
98
+ let {
99
+ appFetch = fetch
100
+ } = _ref2;
101
+ return async (clientId, requestUri, pidProviderEntityConfiguration, cieData) => {
102
+ const authzRequestEndpoint = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.authorization_endpoint;
103
+
104
+ /* User's personal data is not supposed to transit in this flow,
105
+ * but to be provided to the PID issuer directly by its chosen authentication method (CIE).
106
+ * Being the project in an initial phase, and being we were still unable to fully comply with authentication,
107
+ * we temporarily provide data from the App's logged user.
108
+ * */
109
+ const params = new URLSearchParams({
110
+ client_id: clientId,
111
+ request_uri: requestUri,
112
+ name: cieData.name,
113
+ surname: cieData.surname,
114
+ birth_date: cieData.birthDate,
115
+ fiscal_code: cieData.fiscalCode
116
+ });
117
+ const response = await appFetch(authzRequestEndpoint + "?" + params, {
118
+ method: "GET"
119
+ });
120
+ if (response.status === 200) {
121
+ const formData = await response.text();
122
+ const {
123
+ decodedJwt
124
+ } = await (0, _decoder.getJwtFromFormPost)(formData);
125
+ const parsed = AuthenticationRequestResponse.parse(decodedJwt.payload);
126
+ return parsed;
127
+ }
128
+ throw new _errors.PidIssuingError(`Unable to obtain Authorization Request. Response code: ${await response.text()}`);
129
+ };
130
+ };
131
+
86
132
  /**
87
133
  * Start the issuing flow by generating an authorization request to the PID Provider. Obtain from the PID Provider an access token to be used to complete the issuing flow.
88
134
  *
89
135
  * @param params.wiaCryptoContext The key pair associated with the WIA. Will be use to prove the ownership of the attestation.
90
136
  * @param params.appFetch (optional) Http client
91
137
  * @param walletInstanceAttestation Wallet Instance Attestation token.
92
- * @param walletProviderBaseUrl Base url for the Wallet Provider
138
+ * @param walletProviderBaseUrl Base url for the Wallet Provider.
93
139
  * @param pidProviderEntityConfiguration The Entity Configuration of the PID Provider, from which discover public endooints.
140
+ * @param cieData Data red from the CIE login process
94
141
  * @returns The access token along with the values that identify the issuing session.
95
142
  */
96
- const authorizeIssuing = _ref2 => {
143
+ const authorizeIssuing = _ref3 => {
97
144
  let {
98
145
  wiaCryptoContext,
99
146
  appFetch = fetch
100
- } = _ref2;
101
- return async (walletInstanceAttestation, walletProviderBaseUrl, pidProviderEntityConfiguration) => {
147
+ } = _ref3;
148
+ return async (walletInstanceAttestation, walletProviderBaseUrl, pidProviderEntityConfiguration, cieData) => {
102
149
  // FIXME: do better
103
150
  const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
104
151
  const codeVerifier = `${_reactNativeUuid.default.v4()}`;
105
- const authorizationCode = `${_reactNativeUuid.default.v4()}`;
106
152
  const tokenUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.token_endpoint;
107
- await getPar({
153
+ const requestUri = await getPar({
108
154
  wiaCryptoContext,
109
155
  appFetch
110
156
  })(clientId, codeVerifier, walletProviderBaseUrl, pidProviderEntityConfiguration, walletInstanceAttestation);
157
+ const authenticationRequest = await getAuthenticationRequest({})(clientId, requestUri, pidProviderEntityConfiguration, cieData);
158
+ const authorizationCode = authenticationRequest.code;
111
159
 
112
160
  // Use an ephemeral key to be destroyed after use
113
161
  const keytag = `ephemeral-${_reactNativeUuid.default.v4()}`;
@@ -174,21 +222,20 @@ const createNonceProof = async (nonce, issuer, audience, ctx) => {
174
222
  * @param params.pidCryptoContext The key pair associated with the PID. Will be use to prove the ownership of the credential.
175
223
  * @param params.appFetch (optional) Http client
176
224
  * @param authConf The authorization configuration retrieved with the access token
177
- * @param cieData Data red from the CIE login process
178
225
  * @returns The PID credential token
179
226
  */
180
- const getCredential = _ref3 => {
227
+ const getCredential = _ref4 => {
181
228
  let {
182
229
  pidCryptoContext,
183
230
  appFetch = fetch
184
- } = _ref3;
185
- return async (_ref4, pidProviderEntityConfiguration, cieData) => {
231
+ } = _ref4;
232
+ return async (_ref5, pidProviderEntityConfiguration) => {
186
233
  let {
187
234
  nonce,
188
235
  accessToken,
189
236
  clientId,
190
237
  walletProviderBaseUrl
191
- } = _ref4;
238
+ } = _ref5;
192
239
  const signedDPopForPid = await (0, _dpop.createDPopToken)({
193
240
  htm: "POST",
194
241
  htu: pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.token_endpoint,
@@ -203,7 +250,6 @@ const getCredential = _ref3 => {
203
250
  format: "vc+sd-jwt",
204
251
  proof: JSON.stringify({
205
252
  jwt: signedNonceProof,
206
- cieData,
207
253
  proof_type: "jwt"
208
254
  })
209
255
  };
@@ -1 +1 @@
1
- {"version":3,"names":["_ioReactNativeJwt","require","_jwk","_reactNativeUuid","_interopRequireDefault","_errors","_dpop","WalletInstanceAttestation","_interopRequireWildcard","_ioReactNativeCrypto","_2","_crypto","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","assertionType","getPar","_ref","wiaCryptoContext","appFetch","fetch","clientId","codeVerifier","walletProviderBaseUrl","pidProviderEntityConfiguration","walletInstanceAttestation","keyThumbprint","getPublicKey","then","JWK","parse","thumbprint","iss","decode","payload","cnf","jwk","kid","codeChallenge","sha256ToBase64","signedJwtForPar","SignJWT","setProtectedHeader","setPayload","aud","jti","uuid","v4","client_assertion_type","authorization_details","credential_definition","type","format","response_type","code_challenge_method","redirect_uri","state","client_id","code_challenge","setIssuedAt","setExpirationTime","sign","parUrl","metadata","openid_credential_issuer","pushed_authorization_request_endpoint","requestBody","client_assertion","request","formBody","URLSearchParams","response","method","headers","body","toString","status","result","json","request_uri","PidIssuingError","text","authorizeIssuing","_ref2","_","authorizationCode","tokenUrl","token_endpoint","keytag","generate","ephemeralContext","createCryptoContextFor","signedDPop","createDPopToken","htm","htu","deleteKey","grant_type","code","code_verifier","DPoP","c_nonce","access_token","accessToken","nonce","exports","createNonceProof","issuer","audience","ctx","setAudience","setIssuer","getCredential","_ref3","pidCryptoContext","_ref4","cieData","signedDPopForPid","signedNonceProof","credentialUrl","credential_endpoint","JSON","stringify","proof","jwt","proof_type","Authorization","pidResponse","validatePid","credential","pidJwt","decoded","SdJwt","pidKey","holderBindedKey","sdJwt"],"sourceRoot":"../../../src","sources":["pid/issuing.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAMA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,gBAAA,GAAAC,sBAAA,CAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AAEA,IAAAM,yBAAA,GAAAC,uBAAA,CAAAP,OAAA;AACA,IAAAQ,oBAAA,GAAAR,OAAA;AACA,IAAAS,EAAA,GAAAT,OAAA;AACA,IAAAU,OAAA,GAAAV,OAAA;AAAyD,SAAAW,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAAA,SAAAnB,uBAAAa,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AACzD;;AAwBA,MAAMiB,aAAa,GACjB,oEAAoE;;AAEtE;AACA;AACA;AACA,MAAMC,MAAM,GACVC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAAH,IAAA;EAAA,OACD,OACEI,QAAgB,EAChBC,YAAoB,EACpBC,qBAA6B,EAC7BC,8BAAmE,EACnEC,yBAAiC,KACb;IACpB;IACA;IACA;IACA;IACA,MAAMC,aAAa,GAAG,MAAMR,gBAAgB,CACzCS,YAAY,CAAC,CAAC,CACdC,IAAI,CAACC,QAAG,CAACC,KAAK,CAAC,CACfF,IAAI,CAACG,4BAAU,CAAC;IAEnB,MAAMC,GAAG,GAAG5C,yBAAyB,CAAC6C,MAAM,CAACR,yBAAyB,CAAC,CACpES,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;IAEtB,MAAMC,aAAa,GAAG,MAAM,IAAAC,gCAAc,EAACjB,YAAY,CAAC;IAExD,MAAMkB,eAAe,GAAG,MAAM,IAAIC,yBAAO,CAACvB,gBAAgB,CAAC,CACxDwB,kBAAkB,CAAC;MAClBL,GAAG,EAAEX;IACP,CAAC,CAAC,CACDiB,UAAU,CAAC;MACVX,GAAG;MACHY,GAAG,EAAEpB,8BAA8B,CAACU,OAAO,CAACF,GAAG;MAC/Ca,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;MACnBC,qBAAqB,EAAEjC,aAAa;MACpCkC,qBAAqB,EAAE,CACrB;QACEC,qBAAqB,EAAE;UACrBC,IAAI,EAAE;QACR,CAAC;QACDC,MAAM,EAAE,WAAW;QACnBD,IAAI,EAAE;MACR,CAAC,CACF;MACDE,aAAa,EAAE,MAAM;MACrBC,qBAAqB,EAAE,MAAM;MAC7BC,YAAY,EAAEhC,qBAAqB;MACnCiC,KAAK,EAAG,GAAEV,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;MACrBU,SAAS,EAAEpC,QAAQ;MACnBqC,cAAc,EAAEpB;IAClB,CAAC,CAAC,CACDqB,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,MAAM,GACVtC,8BAA8B,CAACU,OAAO,CAAC6B,QAAQ,CAACC,wBAAwB,CACrEC,qCAAqC;IAE1C,MAAMC,WAAW,GAAG;MAClBb,aAAa,EAAE,MAAM;MACrBI,SAAS,EAAEpC,QAAQ;MACnBqC,cAAc,EAAEpB,aAAa;MAC7BgB,qBAAqB,EAAE,MAAM;MAC7BN,qBAAqB,EAAEjC,aAAa;MACpCoD,gBAAgB,EAAE1C,yBAAyB;MAC3C2C,OAAO,EAAE5B;IACX,CAAC;IAED,IAAI6B,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAMpD,QAAQ,CAAC2C,MAAM,EAAE;MACtCU,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,MAAM,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MACpC,OAAOD,MAAM,CAACE,WAAW;IAC3B;IAEA,MAAM,IAAIC,uBAAe,CACtB,wCAAuC,MAAMT,QAAQ,CAACU,IAAI,CAAC,CAAE,EAChE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,gBAAgB,GAC3BC,KAAA;EAAA,IAAC;IACCjE,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAA+D,KAAA;EAAA,OACD,OACE1D,yBAAiC,EACjCF,qBAA6B,EAC7BC,8BAAmE,KACpC;IAC/B;IACA,MAAMH,QAAQ,GAAG,MAAMH,gBAAgB,CAACS,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEwD,CAAC,IAAKA,CAAC,CAAC/C,GAAG,CAAC;IACzE,MAAMf,YAAY,GAAI,GAAEwB,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IACnC,MAAMsC,iBAAiB,GAAI,GAAEvC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IACxC,MAAMuC,QAAQ,GACZ9D,8BAA8B,CAACU,OAAO,CAAC6B,QAAQ,CAACC,wBAAwB,CACrEuB,cAAc;IAEnB,MAAMvE,MAAM,CAAC;MAAEE,gBAAgB;MAAEC;IAAS,CAAC,CAAC,CAC1CE,QAAQ,EACRC,YAAY,EACZC,qBAAqB,EACrBC,8BAA8B,EAC9BC,yBACF,CAAC;;IAED;IACA,MAAM+D,MAAM,GAAI,aAAY1C,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IACvC,MAAM,IAAA0C,6BAAQ,EAACD,MAAM,CAAC;IACtB,MAAME,gBAAgB,GAAG,IAAAC,8BAAsB,EAACH,MAAM,CAAC;IAEvD,MAAMI,UAAU,GAAG,MAAM,IAAAC,qBAAe,EACtC;MACEC,GAAG,EAAE,MAAM;MACXC,GAAG,EAAET,QAAQ;MACbzC,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE;IACpB,CAAC,EACD2C,gBACF,CAAC;IAED,MAAM,IAAAM,8BAAS,EAACR,MAAM,CAAC;IAEvB,MAAMtB,WAAW,GAAG;MAClB+B,UAAU,EAAE,oBAAoB;MAChCxC,SAAS,EAAEpC,QAAQ;MACnB6E,IAAI,EAAEb,iBAAiB;MACvBc,aAAa,EAAE7E,YAAY;MAC3B0B,qBAAqB,EAAEjC,aAAa;MACpCoD,gBAAgB,EAAE1C,yBAAyB;MAC3C8B,YAAY,EAAEhC;IAChB,CAAC;IACD,IAAI8C,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAMpD,QAAQ,CAACmE,QAAQ,EAAE;MACxCd,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnD2B,IAAI,EAAER;MACR,CAAC;MACDlB,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM;QAAEyB,OAAO;QAAEC;MAAa,CAAC,GAAG,MAAM/B,QAAQ,CAACO,IAAI,CAAC,CAAC;MACvD,OAAO;QACLyB,WAAW,EAAED,YAAY;QACzBE,KAAK,EAAEH,OAAO;QACdhF,QAAQ;QACRC,YAAY;QACZ+D,iBAAiB;QACjB9D;MACF,CAAC;IACH;IAEA,MAAM,IAAIyD,uBAAe,CACtB,0CAAyC,MAAMT,QAAQ,CAACU,IAAI,CAAC,CAAE,EAClE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AAFAwB,OAAA,CAAAvB,gBAAA,GAAAA,gBAAA;AAGA,MAAMwB,gBAAgB,GAAG,MAAAA,CACvBF,KAAa,EACbG,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAIpE,yBAAO,CAACoE,GAAG,CAAC,CACpBlE,UAAU,CAAC;IACV6D,KAAK;IACLpE,GAAG,EAAE,MAAMyE,GAAG,CAAClF,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDe,kBAAkB,CAAC;IAClBS,IAAI,EAAE;EACR,CAAC,CAAC,CACD2D,WAAW,CAACF,QAAQ,CAAC,CACrBG,SAAS,CAACJ,MAAM,CAAC,CACjBhD,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMmD,aAAa,GACxBC,KAAA;EAAA,IAAC;IACCC,gBAAgB;IAChB/F,QAAQ,GAAGC;EAIb,CAAC,GAAA6F,KAAA;EAAA,OACD,OAAAE,KAAA,EAEE3F,8BAAmE,EACnE4F,OAAgB,KACS;IAAA,IAHzB;MAAEZ,KAAK;MAAED,WAAW;MAAElF,QAAQ;MAAEE;IAAyC,CAAC,GAAA4F,KAAA;IAI1E,MAAME,gBAAgB,GAAG,MAAM,IAAAxB,qBAAe,EAC5C;MACEC,GAAG,EAAE,MAAM;MACXC,GAAG,EAAEvE,8BAA8B,CAACU,OAAO,CAAC6B,QAAQ,CACjDC,wBAAwB,CAACuB,cAAc;MAC1C1C,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE;IACpB,CAAC,EACDmE,gBACF,CAAC;IACD,MAAMI,gBAAgB,GAAG,MAAMZ,gBAAgB,CAC7CF,KAAK,EACLnF,QAAQ,EACRE,qBAAqB,EACrB2F,gBACF,CAAC;IAED,MAAMK,aAAa,GACjB/F,8BAA8B,CAACU,OAAO,CAAC6B,QAAQ,CAACC,wBAAwB,CACrEwD,mBAAmB;IAExB,MAAMtD,WAAW,GAAG;MAClBhB,qBAAqB,EAAEuE,IAAI,CAACC,SAAS,CAAC;QACpCvE,IAAI,EAAE,CAAC,0BAA0B;MACnC,CAAC,CAAC;MACFC,MAAM,EAAE,WAAW;MACnBuE,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;QACpBE,GAAG,EAAEN,gBAAgB;QACrBF,OAAO;QACPS,UAAU,EAAE;MACd,CAAC;IACH,CAAC;IACD,MAAMxD,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAEjD,MAAMK,QAAQ,GAAG,MAAMpD,QAAQ,CAACoG,aAAa,EAAE;MAC7C/C,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnD2B,IAAI,EAAEiB,gBAAgB;QACtBS,aAAa,EAAEvB;MACjB,CAAC;MACD7B,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMmD,WAAW,GAAI,MAAMxD,QAAQ,CAACO,IAAI,CAAC,CAAiB;MAC1D,MAAMkD,WAAW,CAACD,WAAW,CAACE,UAAU,EAAEf,gBAAgB,CAAC;MAC3D,OAAOa,WAAW;IACpB;IAEA,MAAM,IAAI/C,uBAAe,CACtB,oCAAmCuC,aAAc,WAChDhD,QAAQ,CAACK,MACV,SAAQ,MAAML,QAAQ,CAACU,IAAI,CAAC,CAAE,EACjC,CAAC;EACH,CAAC;AAAA;AAACwB,OAAA,CAAAO,aAAA,GAAAA,aAAA;AAEJ,MAAMgB,WAAW,GAAG,MAAAA,CAAOE,MAAc,EAAEhB,gBAA+B,KAAK;EAC7E,MAAMiB,OAAO,GAAGC,QAAK,CAACnG,MAAM,CAACiG,MAAM,CAAC;EACpC,MAAMG,MAAM,GAAG,MAAMnB,gBAAgB,CAACvF,YAAY,CAAC,CAAC;EACpD,MAAM2G,eAAe,GAAGH,OAAO,CAACI,KAAK,CAACrG,OAAO,CAACC,GAAG,CAACC,GAAG;EAErD,IAAI,CAAC,MAAM,IAAAL,4BAAU,EAACsG,MAAM,CAAC,OAAO,MAAM,IAAAtG,4BAAU,EAACuG,eAAe,CAAC,CAAC,EAAE;IACtE,MAAM,IAAItD,uBAAe,CACtB,uGAAsGyC,IAAI,CAACC,SAAS,CACnHW,MACF,CAAE,kCAAiCZ,IAAI,CAACC,SAAS,CAACY,eAAe,CAAE,EACrE,CAAC;EACH;AACF,CAAC"}
1
+ {"version":3,"names":["_ioReactNativeJwt","require","_jwk","_reactNativeUuid","_interopRequireDefault","_errors","_dpop","WalletInstanceAttestation","_interopRequireWildcard","_ioReactNativeCrypto","_2","_crypto","z","_decoder","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","AuthenticationRequestResponse","object","code","string","state","iss","assertionType","getPar","_ref","wiaCryptoContext","appFetch","fetch","clientId","codeVerifier","walletProviderBaseUrl","pidProviderEntityConfiguration","walletInstanceAttestation","keyThumbprint","getPublicKey","then","JWK","parse","thumbprint","decode","payload","cnf","jwk","kid","codeChallenge","sha256ToBase64","signedJwtForPar","SignJWT","setProtectedHeader","setPayload","aud","jti","uuid","v4","client_assertion_type","authorization_details","credential_definition","type","format","response_type","code_challenge_method","redirect_uri","client_id","code_challenge","setIssuedAt","setExpirationTime","sign","parUrl","metadata","openid_credential_issuer","pushed_authorization_request_endpoint","requestBody","client_assertion","request","formBody","URLSearchParams","response","method","headers","body","toString","status","result","json","request_uri","PidIssuingError","text","getAuthenticationRequest","_ref2","requestUri","cieData","authzRequestEndpoint","authorization_endpoint","params","name","surname","birth_date","birthDate","fiscal_code","fiscalCode","formData","decodedJwt","getJwtFromFormPost","parsed","authorizeIssuing","_ref3","_","tokenUrl","token_endpoint","authenticationRequest","authorizationCode","keytag","generate","ephemeralContext","createCryptoContextFor","signedDPop","createDPopToken","htm","htu","deleteKey","grant_type","code_verifier","DPoP","c_nonce","access_token","accessToken","nonce","exports","createNonceProof","issuer","audience","ctx","setAudience","setIssuer","getCredential","_ref4","pidCryptoContext","_ref5","signedDPopForPid","signedNonceProof","credentialUrl","credential_endpoint","JSON","stringify","proof","jwt","proof_type","Authorization","pidResponse","validatePid","credential","pidJwt","decoded","SdJwt","pidKey","holderBindedKey","sdJwt"],"sourceRoot":"../../../src","sources":["pid/issuing.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAOA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,gBAAA,GAAAC,sBAAA,CAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,KAAA,GAAAL,OAAA;AAEA,IAAAM,yBAAA,GAAAC,uBAAA,CAAAP,OAAA;AACA,IAAAQ,oBAAA,GAAAR,OAAA;AACA,IAAAS,EAAA,GAAAT,OAAA;AACA,IAAAU,OAAA,GAAAV,OAAA;AAEA,IAAAW,CAAA,GAAAJ,uBAAA,CAAAP,OAAA;AACA,IAAAY,QAAA,GAAAZ,OAAA;AAAsD,SAAAa,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAP,wBAAAW,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAAA,SAAArB,uBAAAe,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAEtD;;AA2BA,MAAMiB,6BAA6B,GAAGxB,CAAC,CAACyB,MAAM,CAAC;EAC7CC,IAAI,EAAE1B,CAAC,CAAC2B,MAAM,CAAC,CAAC;EAChBC,KAAK,EAAE5B,CAAC,CAAC2B,MAAM,CAAC,CAAC;EAAE;EACnBE,GAAG,EAAE7B,CAAC,CAAC2B,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF,MAAMG,aAAa,GACjB,oEAAoE;;AAEtE;AACA;AACA;AACA,MAAMC,MAAM,GACVC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAAH,IAAA;EAAA,OACD,OACEI,QAAgB,EAChBC,YAAoB,EACpBC,qBAA6B,EAC7BC,8BAAmE,EACnEC,yBAAiC,KACb;IACpB;IACA;IACA;IACA;IACA,MAAMC,aAAa,GAAG,MAAMR,gBAAgB,CACzCS,YAAY,CAAC,CAAC,CACdC,IAAI,CAACC,QAAG,CAACC,KAAK,CAAC,CACfF,IAAI,CAACG,4BAAU,CAAC;IAEnB,MAAMjB,GAAG,GAAGlC,yBAAyB,CAACoD,MAAM,CAACP,yBAAyB,CAAC,CACpEQ,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;IAEtB,MAAMC,aAAa,GAAG,MAAM,IAAAC,gCAAc,EAAChB,YAAY,CAAC;IAExD,MAAMiB,eAAe,GAAG,MAAM,IAAIC,yBAAO,CAACtB,gBAAgB,CAAC,CACxDuB,kBAAkB,CAAC;MAClBL,GAAG,EAAEV;IACP,CAAC,CAAC,CACDgB,UAAU,CAAC;MACV5B,GAAG;MACH6B,GAAG,EAAEnB,8BAA8B,CAACS,OAAO,CAACnB,GAAG;MAC/C8B,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;MACnBC,qBAAqB,EAAEhC,aAAa;MACpCiC,qBAAqB,EAAE,CACrB;QACEC,qBAAqB,EAAE;UACrBC,IAAI,EAAE;QACR,CAAC;QACDC,MAAM,EAAE,WAAW;QACnBD,IAAI,EAAE;MACR,CAAC,CACF;MACDE,aAAa,EAAE,MAAM;MACrBC,qBAAqB,EAAE,MAAM;MAC7BC,YAAY,EAAE/B,qBAAqB;MACnCV,KAAK,EAAG,GAAEgC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;MACrBS,SAAS,EAAElC,QAAQ;MACnBmC,cAAc,EAAEnB;IAClB,CAAC,CAAC,CACDoB,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,MAAM,GACVpC,8BAA8B,CAACS,OAAO,CAAC4B,QAAQ,CAACC,wBAAwB,CACrEC,qCAAqC;IAE1C,MAAMC,WAAW,GAAG;MAClBZ,aAAa,EAAE,MAAM;MACrBG,SAAS,EAAElC,QAAQ;MACnBmC,cAAc,EAAEnB,aAAa;MAC7BgB,qBAAqB,EAAE,MAAM;MAC7BN,qBAAqB,EAAEhC,aAAa;MACpCkD,gBAAgB,EAAExC,yBAAyB;MAC3CyC,OAAO,EAAE3B;IACX,CAAC;IAED,IAAI4B,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAMlD,QAAQ,CAACyC,MAAM,EAAE;MACtCU,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,MAAM,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MACpC,OAAOD,MAAM,CAACE,WAAW;IAC3B;IAEA,MAAM,IAAIC,uBAAe,CACtB,wCAAuC,MAAMT,QAAQ,CAACU,IAAI,CAAC,CAAE,EAChE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA,MAAMC,wBAAwB,GAC5BC,KAAA;EAAA,IAAC;IAAE9D,QAAQ,GAAGC;EAA2C,CAAC,GAAA6D,KAAA;EAAA,OAC1D,OACE5D,QAAgB,EAChB6D,UAAkB,EAClB1D,8BAAmE,EACnE2D,OAAgB,KAC2B;IAC3C,MAAMC,oBAAoB,GACxB5D,8BAA8B,CAACS,OAAO,CAAC4B,QAAQ,CAACC,wBAAwB,CACrEuB,sBAAsB;;IAE3B;AACJ;AACA;AACA;AACA;IACI,MAAMC,MAAM,GAAG,IAAIlB,eAAe,CAAC;MACjCb,SAAS,EAAElC,QAAQ;MACnBwD,WAAW,EAAEK,UAAU;MACvBK,IAAI,EAAEJ,OAAO,CAACI,IAAI;MAClBC,OAAO,EAAEL,OAAO,CAACK,OAAO;MACxBC,UAAU,EAAEN,OAAO,CAACO,SAAS;MAC7BC,WAAW,EAAER,OAAO,CAACS;IACvB,CAAC,CAAC;IAEF,MAAMvB,QAAQ,GAAG,MAAMlD,QAAQ,CAACiE,oBAAoB,GAAG,GAAG,GAAGE,MAAM,EAAE;MACnEhB,MAAM,EAAE;IACV,CAAC,CAAC;IAEF,IAAID,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMmB,QAAQ,GAAG,MAAMxB,QAAQ,CAACU,IAAI,CAAC,CAAC;MACtC,MAAM;QAAEe;MAAW,CAAC,GAAG,MAAM,IAAAC,2BAAkB,EAACF,QAAQ,CAAC;MACzD,MAAMG,MAAM,GAAGvF,6BAA6B,CAACqB,KAAK,CAACgE,UAAU,CAAC7D,OAAO,CAAC;MACtE,OAAO+D,MAAM;IACf;IAEA,MAAM,IAAIlB,uBAAe,CACtB,0DAAyD,MAAMT,QAAQ,CAACU,IAAI,CAAC,CAAE,EAClF,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMkB,gBAAgB,GAC3BC,KAAA;EAAA,IAAC;IACChF,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAA8E,KAAA;EAAA,OACD,OACEzE,yBAAiC,EACjCF,qBAA6B,EAC7BC,8BAAmE,EACnE2D,OAAgB,KACe;IAC/B;IACA,MAAM9D,QAAQ,GAAG,MAAMH,gBAAgB,CAACS,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEuE,CAAC,IAAKA,CAAC,CAAC/D,GAAG,CAAC;IACzE,MAAMd,YAAY,GAAI,GAAEuB,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IAEnC,MAAMsD,QAAQ,GACZ5E,8BAA8B,CAACS,OAAO,CAAC4B,QAAQ,CAACC,wBAAwB,CACrEuC,cAAc;IAEnB,MAAMnB,UAAU,GAAG,MAAMlE,MAAM,CAAC;MAAEE,gBAAgB;MAAEC;IAAS,CAAC,CAAC,CAC7DE,QAAQ,EACRC,YAAY,EACZC,qBAAqB,EACrBC,8BAA8B,EAC9BC,yBACF,CAAC;IAED,MAAM6E,qBAAqB,GAAG,MAAMtB,wBAAwB,CAAC,CAAC,CAAC,CAAC,CAC9D3D,QAAQ,EACR6D,UAAU,EACV1D,8BAA8B,EAC9B2D,OACF,CAAC;IAED,MAAMoB,iBAAiB,GAAGD,qBAAqB,CAAC3F,IAAI;;IAEpD;IACA,MAAM6F,MAAM,GAAI,aAAY3D,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IACvC,MAAM,IAAA2D,6BAAQ,EAACD,MAAM,CAAC;IACtB,MAAME,gBAAgB,GAAG,IAAAC,8BAAsB,EAACH,MAAM,CAAC;IAEvD,MAAMI,UAAU,GAAG,MAAM,IAAAC,qBAAe,EACtC;MACEC,GAAG,EAAE,MAAM;MACXC,GAAG,EAAEX,QAAQ;MACbxD,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE;IACpB,CAAC,EACD4D,gBACF,CAAC;IAED,MAAM,IAAAM,8BAAS,EAACR,MAAM,CAAC;IAEvB,MAAMxC,WAAW,GAAG;MAClBiD,UAAU,EAAE,oBAAoB;MAChC1D,SAAS,EAAElC,QAAQ;MACnBV,IAAI,EAAE4F,iBAAiB;MACvBW,aAAa,EAAE5F,YAAY;MAC3ByB,qBAAqB,EAAEhC,aAAa;MACpCkD,gBAAgB,EAAExC,yBAAyB;MAC3C6B,YAAY,EAAE/B;IAChB,CAAC;IACD,IAAI4C,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAMlD,QAAQ,CAACiF,QAAQ,EAAE;MACxC9B,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnD4C,IAAI,EAAEP;MACR,CAAC;MACDpC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM;QAAE0C,OAAO;QAAEC;MAAa,CAAC,GAAG,MAAMhD,QAAQ,CAACO,IAAI,CAAC,CAAC;MACvD,OAAO;QACL0C,WAAW,EAAED,YAAY;QACzBE,KAAK,EAAEH,OAAO;QACd/F,QAAQ;QACRC,YAAY;QACZiF,iBAAiB;QACjBhF;MACF,CAAC;IACH;IAEA,MAAM,IAAIuD,uBAAe,CACtB,0CAAyC,MAAMT,QAAQ,CAACU,IAAI,CAAC,CAAE,EAClE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AAFAyC,OAAA,CAAAvB,gBAAA,GAAAA,gBAAA;AAGA,MAAMwB,gBAAgB,GAAG,MAAAA,CACvBF,KAAa,EACbG,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAIpF,yBAAO,CAACoF,GAAG,CAAC,CACpBlF,UAAU,CAAC;IACV6E,KAAK;IACLpF,GAAG,EAAE,MAAMyF,GAAG,CAACjG,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDc,kBAAkB,CAAC;IAClBS,IAAI,EAAE;EACR,CAAC,CAAC,CACD2E,WAAW,CAACF,QAAQ,CAAC,CACrBG,SAAS,CAACJ,MAAM,CAAC,CACjBjE,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMoE,aAAa,GACxBC,KAAA;EAAA,IAAC;IACCC,gBAAgB;IAChB9G,QAAQ,GAAGC;EAIb,CAAC,GAAA4G,KAAA;EAAA,OACD,OAAAE,KAAA,EAEE1G,8BAAmE,KAC1C;IAAA,IAFzB;MAAE+F,KAAK;MAAED,WAAW;MAAEjG,QAAQ;MAAEE;IAAyC,CAAC,GAAA2G,KAAA;IAG1E,MAAMC,gBAAgB,GAAG,MAAM,IAAAtB,qBAAe,EAC5C;MACEC,GAAG,EAAE,MAAM;MACXC,GAAG,EAAEvF,8BAA8B,CAACS,OAAO,CAAC4B,QAAQ,CACjDC,wBAAwB,CAACuC,cAAc;MAC1CzD,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE;IACpB,CAAC,EACDmF,gBACF,CAAC;IACD,MAAMG,gBAAgB,GAAG,MAAMX,gBAAgB,CAC7CF,KAAK,EACLlG,QAAQ,EACRE,qBAAqB,EACrB0G,gBACF,CAAC;IAED,MAAMI,aAAa,GACjB7G,8BAA8B,CAACS,OAAO,CAAC4B,QAAQ,CAACC,wBAAwB,CACrEwE,mBAAmB;IAExB,MAAMtE,WAAW,GAAG;MAClBf,qBAAqB,EAAEsF,IAAI,CAACC,SAAS,CAAC;QACpCtF,IAAI,EAAE,CAAC,0BAA0B;MACnC,CAAC,CAAC;MACFC,MAAM,EAAE,WAAW;MACnBsF,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;QACpBE,GAAG,EAAEN,gBAAgB;QACrBO,UAAU,EAAE;MACd,CAAC;IACH,CAAC;IACD,MAAMxE,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAEjD,MAAMK,QAAQ,GAAG,MAAMlD,QAAQ,CAACkH,aAAa,EAAE;MAC7C/D,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnD4C,IAAI,EAAEgB,gBAAgB;QACtBS,aAAa,EAAEtB;MACjB,CAAC;MACD9C,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMmE,WAAW,GAAI,MAAMxE,QAAQ,CAACO,IAAI,CAAC,CAAiB;MAC1D,MAAMkE,WAAW,CAACD,WAAW,CAACE,UAAU,EAAEd,gBAAgB,CAAC;MAC3D,OAAOY,WAAW;IACpB;IAEA,MAAM,IAAI/D,uBAAe,CACtB,oCAAmCuD,aAAc,WAChDhE,QAAQ,CAACK,MACV,SAAQ,MAAML,QAAQ,CAACU,IAAI,CAAC,CAAE,EACjC,CAAC;EACH,CAAC;AAAA;AAACyC,OAAA,CAAAO,aAAA,GAAAA,aAAA;AAEJ,MAAMe,WAAW,GAAG,MAAAA,CAAOE,MAAc,EAAEf,gBAA+B,KAAK;EAC7E,MAAMgB,OAAO,GAAGC,QAAK,CAAClH,MAAM,CAACgH,MAAM,CAAC;EACpC,MAAMG,MAAM,GAAG,MAAMlB,gBAAgB,CAACtG,YAAY,CAAC,CAAC;EACpD,MAAMyH,eAAe,GAAGH,OAAO,CAACI,KAAK,CAACpH,OAAO,CAACC,GAAG,CAACC,GAAG;EAErD,IAAI,CAAC,MAAM,IAAAJ,4BAAU,EAACoH,MAAM,CAAC,OAAO,MAAM,IAAApH,4BAAU,EAACqH,eAAe,CAAC,CAAC,EAAE;IACtE,MAAM,IAAItE,uBAAe,CACtB,uGAAsGyD,IAAI,CAACC,SAAS,CACnHW,MACF,CAAE,kCAAiCZ,IAAI,CAACC,SAAS,CAACY,eAAe,CAAE,EACrE,CAAC;EACH;AACF,CAAC"}
@@ -0,0 +1,46 @@
1
+ "use strict";
2
+
3
+ Object.defineProperty(exports, "__esModule", {
4
+ value: true
5
+ });
6
+ exports.getJwtFromFormPost = void 0;
7
+ var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
8
+ var _errors = require("./errors");
9
+ /*
10
+ * Decode a form_post.jwt and return the final JWT.
11
+ * The formData here is in form_post.jwt format as defined in
12
+ * JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
13
+ * HTTP/1.1 200 OK
14
+ * Content-Type: text/html;charset=UTF-8
15
+ * Cache-Control: no-cache, no-store
16
+ * Pragma: no-cache
17
+ *
18
+ * <html>
19
+ * <head><title>Submit This Form</title></head>
20
+ * <body onload="javascript:document.forms[0].submit()">
21
+ * <form method="post" action="https://client.example.com/cb">
22
+ * <input type="hidden" name="response"
23
+ * value="eyJhbGciOiJSUz....."/>
24
+ * </form>
25
+ * </body>
26
+ * </html>
27
+ */
28
+ const getJwtFromFormPost = async formData => {
29
+ const formPostRegex = /<input(.|\n)*value\s*=\s*"((.|\n)*)"(.|\n)*>/gm;
30
+ const lineExpressionRegex = /\r\n|\n\r|\n|\r|\s+/g;
31
+ const matches = formPostRegex.exec(formData);
32
+ if (matches && matches.length >= 2) {
33
+ const responseJwt = matches[2];
34
+ if (responseJwt) {
35
+ const jwt = responseJwt.replace(lineExpressionRegex, "");
36
+ const decodedJwt = await (0, _ioReactNativeJwt.decode)(jwt);
37
+ return {
38
+ jwt,
39
+ decodedJwt
40
+ };
41
+ }
42
+ }
43
+ throw new _errors.ValidationFailed(`Unable to obtain JWT from form_post.jwt. Form data: ${formData}`);
44
+ };
45
+ exports.getJwtFromFormPost = getJwtFromFormPost;
46
+ //# sourceMappingURL=decoder.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"names":["_ioReactNativeJwt","require","_errors","getJwtFromFormPost","formData","formPostRegex","lineExpressionRegex","matches","exec","length","responseJwt","jwt","replace","decodedJwt","decodeJwt","ValidationFailed","exports"],"sourceRoot":"../../../src","sources":["utils/decoder.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAEA,IAAAC,OAAA,GAAAD,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAME,kBAAkB,GAAG,MAChCC,QAAgB,IAC0C;EAC1D,MAAMC,aAAa,GAAG,gDAAgD;EACtE,MAAMC,mBAAmB,GAAG,sBAAsB;EAElD,MAAMC,OAAO,GAAGF,aAAa,CAACG,IAAI,CAACJ,QAAQ,CAAC;EAC5C,IAAIG,OAAO,IAAIA,OAAO,CAACE,MAAM,IAAI,CAAC,EAAE;IAClC,MAAMC,WAAW,GAAGH,OAAO,CAAC,CAAC,CAAC;IAE9B,IAAIG,WAAW,EAAE;MACf,MAAMC,GAAG,GAAGD,WAAW,CAACE,OAAO,CAACN,mBAAmB,EAAE,EAAE,CAAC;MACxD,MAAMO,UAAU,GAAG,MAAM,IAAAC,wBAAS,EAACH,GAAG,CAAC;MACvC,OAAO;QAAEA,GAAG;QAAEE;MAAW,CAAC;IAC5B;EACF;EAEA,MAAM,IAAIE,wBAAgB,CACvB,uDAAsDX,QAAS,EAClE,CAAC;AACH,CAAC;AAACY,OAAA,CAAAb,kBAAA,GAAAA,kBAAA"}
@@ -7,8 +7,17 @@ import * as WalletInstanceAttestation from "../wallet-instance-attestation";
7
7
  import { generate, deleteKey } from "@pagopa/io-react-native-crypto";
8
8
  import { SdJwt } from ".";
9
9
  import { createCryptoContextFor } from "../utils/crypto";
10
+ import * as z from "zod";
11
+ import { getJwtFromFormPost } from "../utils/decoder";
12
+
10
13
  // This is a temporary type that will be used for demo purposes only
11
14
 
15
+ const AuthenticationRequestResponse = z.object({
16
+ code: z.string(),
17
+ state: z.string(),
18
+ // TODO: refine to known paths using literals
19
+ iss: z.string()
20
+ });
12
21
  const assertionType = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
13
22
 
14
23
  /**
@@ -74,31 +83,71 @@ const getPar = _ref => {
74
83
  };
75
84
  };
76
85
 
86
+ /**
87
+ * Make an authorization request
88
+ */
89
+ const getAuthenticationRequest = _ref2 => {
90
+ let {
91
+ appFetch = fetch
92
+ } = _ref2;
93
+ return async (clientId, requestUri, pidProviderEntityConfiguration, cieData) => {
94
+ const authzRequestEndpoint = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.authorization_endpoint;
95
+
96
+ /* User's personal data is not supposed to transit in this flow,
97
+ * but to be provided to the PID issuer directly by its chosen authentication method (CIE).
98
+ * Being the project in an initial phase, and being we were still unable to fully comply with authentication,
99
+ * we temporarily provide data from the App's logged user.
100
+ * */
101
+ const params = new URLSearchParams({
102
+ client_id: clientId,
103
+ request_uri: requestUri,
104
+ name: cieData.name,
105
+ surname: cieData.surname,
106
+ birth_date: cieData.birthDate,
107
+ fiscal_code: cieData.fiscalCode
108
+ });
109
+ const response = await appFetch(authzRequestEndpoint + "?" + params, {
110
+ method: "GET"
111
+ });
112
+ if (response.status === 200) {
113
+ const formData = await response.text();
114
+ const {
115
+ decodedJwt
116
+ } = await getJwtFromFormPost(formData);
117
+ const parsed = AuthenticationRequestResponse.parse(decodedJwt.payload);
118
+ return parsed;
119
+ }
120
+ throw new PidIssuingError(`Unable to obtain Authorization Request. Response code: ${await response.text()}`);
121
+ };
122
+ };
123
+
77
124
  /**
78
125
  * Start the issuing flow by generating an authorization request to the PID Provider. Obtain from the PID Provider an access token to be used to complete the issuing flow.
79
126
  *
80
127
  * @param params.wiaCryptoContext The key pair associated with the WIA. Will be use to prove the ownership of the attestation.
81
128
  * @param params.appFetch (optional) Http client
82
129
  * @param walletInstanceAttestation Wallet Instance Attestation token.
83
- * @param walletProviderBaseUrl Base url for the Wallet Provider
130
+ * @param walletProviderBaseUrl Base url for the Wallet Provider.
84
131
  * @param pidProviderEntityConfiguration The Entity Configuration of the PID Provider, from which discover public endooints.
132
+ * @param cieData Data red from the CIE login process
85
133
  * @returns The access token along with the values that identify the issuing session.
86
134
  */
87
- export const authorizeIssuing = _ref2 => {
135
+ export const authorizeIssuing = _ref3 => {
88
136
  let {
89
137
  wiaCryptoContext,
90
138
  appFetch = fetch
91
- } = _ref2;
92
- return async (walletInstanceAttestation, walletProviderBaseUrl, pidProviderEntityConfiguration) => {
139
+ } = _ref3;
140
+ return async (walletInstanceAttestation, walletProviderBaseUrl, pidProviderEntityConfiguration, cieData) => {
93
141
  // FIXME: do better
94
142
  const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
95
143
  const codeVerifier = `${uuid.v4()}`;
96
- const authorizationCode = `${uuid.v4()}`;
97
144
  const tokenUrl = pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.token_endpoint;
98
- await getPar({
145
+ const requestUri = await getPar({
99
146
  wiaCryptoContext,
100
147
  appFetch
101
148
  })(clientId, codeVerifier, walletProviderBaseUrl, pidProviderEntityConfiguration, walletInstanceAttestation);
149
+ const authenticationRequest = await getAuthenticationRequest({})(clientId, requestUri, pidProviderEntityConfiguration, cieData);
150
+ const authorizationCode = authenticationRequest.code;
102
151
 
103
152
  // Use an ephemeral key to be destroyed after use
104
153
  const keytag = `ephemeral-${uuid.v4()}`;
@@ -164,21 +213,20 @@ const createNonceProof = async (nonce, issuer, audience, ctx) => {
164
213
  * @param params.pidCryptoContext The key pair associated with the PID. Will be use to prove the ownership of the credential.
165
214
  * @param params.appFetch (optional) Http client
166
215
  * @param authConf The authorization configuration retrieved with the access token
167
- * @param cieData Data red from the CIE login process
168
216
  * @returns The PID credential token
169
217
  */
170
- export const getCredential = _ref3 => {
218
+ export const getCredential = _ref4 => {
171
219
  let {
172
220
  pidCryptoContext,
173
221
  appFetch = fetch
174
- } = _ref3;
175
- return async (_ref4, pidProviderEntityConfiguration, cieData) => {
222
+ } = _ref4;
223
+ return async (_ref5, pidProviderEntityConfiguration) => {
176
224
  let {
177
225
  nonce,
178
226
  accessToken,
179
227
  clientId,
180
228
  walletProviderBaseUrl
181
- } = _ref4;
229
+ } = _ref5;
182
230
  const signedDPopForPid = await createDPopToken({
183
231
  htm: "POST",
184
232
  htu: pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer.token_endpoint,
@@ -193,7 +241,6 @@ export const getCredential = _ref3 => {
193
241
  format: "vc+sd-jwt",
194
242
  proof: JSON.stringify({
195
243
  jwt: signedNonceProof,
196
- cieData,
197
244
  proof_type: "jwt"
198
245
  })
199
246
  };
@@ -1 +1 @@
1
- {"version":3,"names":["sha256ToBase64","SignJWT","thumbprint","JWK","uuid","PidIssuingError","createDPopToken","WalletInstanceAttestation","generate","deleteKey","SdJwt","createCryptoContextFor","assertionType","getPar","_ref","wiaCryptoContext","appFetch","fetch","clientId","codeVerifier","walletProviderBaseUrl","pidProviderEntityConfiguration","walletInstanceAttestation","keyThumbprint","getPublicKey","then","parse","iss","decode","payload","cnf","jwk","kid","codeChallenge","signedJwtForPar","setProtectedHeader","setPayload","aud","jti","v4","client_assertion_type","authorization_details","credential_definition","type","format","response_type","code_challenge_method","redirect_uri","state","client_id","code_challenge","setIssuedAt","setExpirationTime","sign","parUrl","metadata","openid_credential_issuer","pushed_authorization_request_endpoint","requestBody","client_assertion","request","formBody","URLSearchParams","response","method","headers","body","toString","status","result","json","request_uri","text","authorizeIssuing","_ref2","_","authorizationCode","tokenUrl","token_endpoint","keytag","ephemeralContext","signedDPop","htm","htu","grant_type","code","code_verifier","DPoP","c_nonce","access_token","accessToken","nonce","createNonceProof","issuer","audience","ctx","setAudience","setIssuer","getCredential","_ref3","pidCryptoContext","_ref4","cieData","signedDPopForPid","signedNonceProof","credentialUrl","credential_endpoint","JSON","stringify","proof","jwt","proof_type","Authorization","pidResponse","validatePid","credential","pidJwt","decoded","pidKey","holderBindedKey","sdJwt"],"sourceRoot":"../../../src","sources":["pid/issuing.ts"],"mappings":"AAAA,SACEA,cAAc,EAEdC,OAAO,EACPC,UAAU,QACL,6BAA6B;AACpC,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,eAAe,QAAQ,iBAAiB;AACjD,SAASC,eAAe,QAAQ,eAAe;AAE/C,OAAO,KAAKC,yBAAyB,MAAM,gCAAgC;AAC3E,SAASC,QAAQ,EAAEC,SAAS,QAAQ,gCAAgC;AACpE,SAASC,KAAK,QAAQ,GAAG;AACzB,SAASC,sBAAsB,QAAQ,iBAAiB;AACxD;;AAwBA,MAAMC,aAAa,GACjB,oEAAoE;;AAEtE;AACA;AACA;AACA,MAAMC,MAAM,GACVC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAAH,IAAA;EAAA,OACD,OACEI,QAAgB,EAChBC,YAAoB,EACpBC,qBAA6B,EAC7BC,8BAAmE,EACnEC,yBAAiC,KACb;IACpB;IACA;IACA;IACA;IACA,MAAMC,aAAa,GAAG,MAAMR,gBAAgB,CACzCS,YAAY,CAAC,CAAC,CACdC,IAAI,CAACtB,GAAG,CAACuB,KAAK,CAAC,CACfD,IAAI,CAACvB,UAAU,CAAC;IAEnB,MAAMyB,GAAG,GAAGpB,yBAAyB,CAACqB,MAAM,CAACN,yBAAyB,CAAC,CACpEO,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;IAEtB,MAAMC,aAAa,GAAG,MAAMjC,cAAc,CAACmB,YAAY,CAAC;IAExD,MAAMe,eAAe,GAAG,MAAM,IAAIjC,OAAO,CAACc,gBAAgB,CAAC,CACxDoB,kBAAkB,CAAC;MAClBH,GAAG,EAAET;IACP,CAAC,CAAC,CACDa,UAAU,CAAC;MACVT,GAAG;MACHU,GAAG,EAAEhB,8BAA8B,CAACQ,OAAO,CAACF,GAAG;MAC/CW,GAAG,EAAG,GAAElC,IAAI,CAACmC,EAAE,CAAC,CAAE,EAAC;MACnBC,qBAAqB,EAAE5B,aAAa;MACpC6B,qBAAqB,EAAE,CACrB;QACEC,qBAAqB,EAAE;UACrBC,IAAI,EAAE;QACR,CAAC;QACDC,MAAM,EAAE,WAAW;QACnBD,IAAI,EAAE;MACR,CAAC,CACF;MACDE,aAAa,EAAE,MAAM;MACrBC,qBAAqB,EAAE,MAAM;MAC7BC,YAAY,EAAE3B,qBAAqB;MACnC4B,KAAK,EAAG,GAAE5C,IAAI,CAACmC,EAAE,CAAC,CAAE,EAAC;MACrBU,SAAS,EAAE/B,QAAQ;MACnBgC,cAAc,EAAEjB;IAClB,CAAC,CAAC,CACDkB,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,MAAM,GACVjC,8BAA8B,CAACQ,OAAO,CAAC0B,QAAQ,CAACC,wBAAwB,CACrEC,qCAAqC;IAE1C,MAAMC,WAAW,GAAG;MAClBb,aAAa,EAAE,MAAM;MACrBI,SAAS,EAAE/B,QAAQ;MACnBgC,cAAc,EAAEjB,aAAa;MAC7Ba,qBAAqB,EAAE,MAAM;MAC7BN,qBAAqB,EAAE5B,aAAa;MACpC+C,gBAAgB,EAAErC,yBAAyB;MAC3CsC,OAAO,EAAE1B;IACX,CAAC;IAED,IAAI2B,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAM/C,QAAQ,CAACsC,MAAM,EAAE;MACtCU,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,MAAM,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MACpC,OAAOD,MAAM,CAACE,WAAW;IAC3B;IAEA,MAAM,IAAIlE,eAAe,CACtB,wCAAuC,MAAM0D,QAAQ,CAACS,IAAI,CAAC,CAAE,EAChE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAgB,GAC3BC,KAAA;EAAA,IAAC;IACC3D,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAAyD,KAAA;EAAA,OACD,OACEpD,yBAAiC,EACjCF,qBAA6B,EAC7BC,8BAAmE,KACpC;IAC/B;IACA,MAAMH,QAAQ,GAAG,MAAMH,gBAAgB,CAACS,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEkD,CAAC,IAAKA,CAAC,CAAC3C,GAAG,CAAC;IACzE,MAAMb,YAAY,GAAI,GAAEf,IAAI,CAACmC,EAAE,CAAC,CAAE,EAAC;IACnC,MAAMqC,iBAAiB,GAAI,GAAExE,IAAI,CAACmC,EAAE,CAAC,CAAE,EAAC;IACxC,MAAMsC,QAAQ,GACZxD,8BAA8B,CAACQ,OAAO,CAAC0B,QAAQ,CAACC,wBAAwB,CACrEsB,cAAc;IAEnB,MAAMjE,MAAM,CAAC;MAAEE,gBAAgB;MAAEC;IAAS,CAAC,CAAC,CAC1CE,QAAQ,EACRC,YAAY,EACZC,qBAAqB,EACrBC,8BAA8B,EAC9BC,yBACF,CAAC;;IAED;IACA,MAAMyD,MAAM,GAAI,aAAY3E,IAAI,CAACmC,EAAE,CAAC,CAAE,EAAC;IACvC,MAAM/B,QAAQ,CAACuE,MAAM,CAAC;IACtB,MAAMC,gBAAgB,GAAGrE,sBAAsB,CAACoE,MAAM,CAAC;IAEvD,MAAME,UAAU,GAAG,MAAM3E,eAAe,CACtC;MACE4E,GAAG,EAAE,MAAM;MACXC,GAAG,EAAEN,QAAQ;MACbvC,GAAG,EAAG,GAAElC,IAAI,CAACmC,EAAE,CAAC,CAAE;IACpB,CAAC,EACDyC,gBACF,CAAC;IAED,MAAMvE,SAAS,CAACsE,MAAM,CAAC;IAEvB,MAAMrB,WAAW,GAAG;MAClB0B,UAAU,EAAE,oBAAoB;MAChCnC,SAAS,EAAE/B,QAAQ;MACnBmE,IAAI,EAAET,iBAAiB;MACvBU,aAAa,EAAEnE,YAAY;MAC3BqB,qBAAqB,EAAE5B,aAAa;MACpC+C,gBAAgB,EAAErC,yBAAyB;MAC3CyB,YAAY,EAAE3B;IAChB,CAAC;IACD,IAAIyC,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAM/C,QAAQ,CAAC6D,QAAQ,EAAE;MACxCb,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnDsB,IAAI,EAAEN;MACR,CAAC;MACDf,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM;QAAEoB,OAAO;QAAEC;MAAa,CAAC,GAAG,MAAM1B,QAAQ,CAACO,IAAI,CAAC,CAAC;MACvD,OAAO;QACLoB,WAAW,EAAED,YAAY;QACzBE,KAAK,EAAEH,OAAO;QACdtE,QAAQ;QACRC,YAAY;QACZyD,iBAAiB;QACjBxD;MACF,CAAC;IACH;IAEA,MAAM,IAAIf,eAAe,CACtB,0CAAyC,MAAM0D,QAAQ,CAACS,IAAI,CAAC,CAAE,EAClE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA,MAAMoB,gBAAgB,GAAG,MAAAA,CACvBD,KAAa,EACbE,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAI9F,OAAO,CAAC8F,GAAG,CAAC,CACpB3D,UAAU,CAAC;IACVuD,KAAK;IACL5D,GAAG,EAAE,MAAMgE,GAAG,CAACvE,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDW,kBAAkB,CAAC;IAClBQ,IAAI,EAAE;EACR,CAAC,CAAC,CACDqD,WAAW,CAACF,QAAQ,CAAC,CACrBG,SAAS,CAACJ,MAAM,CAAC,CACjB1C,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM6C,aAAa,GACxBC,KAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBpF,QAAQ,GAAGC;EAIb,CAAC,GAAAkF,KAAA;EAAA,OACD,OAAAE,KAAA,EAEEhF,8BAAmE,EACnEiF,OAAgB,KACS;IAAA,IAHzB;MAAEX,KAAK;MAAED,WAAW;MAAExE,QAAQ;MAAEE;IAAyC,CAAC,GAAAiF,KAAA;IAI1E,MAAME,gBAAgB,GAAG,MAAMjG,eAAe,CAC5C;MACE4E,GAAG,EAAE,MAAM;MACXC,GAAG,EAAE9D,8BAA8B,CAACQ,OAAO,CAAC0B,QAAQ,CACjDC,wBAAwB,CAACsB,cAAc;MAC1CxC,GAAG,EAAG,GAAElC,IAAI,CAACmC,EAAE,CAAC,CAAE;IACpB,CAAC,EACD6D,gBACF,CAAC;IACD,MAAMI,gBAAgB,GAAG,MAAMZ,gBAAgB,CAC7CD,KAAK,EACLzE,QAAQ,EACRE,qBAAqB,EACrBgF,gBACF,CAAC;IAED,MAAMK,aAAa,GACjBpF,8BAA8B,CAACQ,OAAO,CAAC0B,QAAQ,CAACC,wBAAwB,CACrEkD,mBAAmB;IAExB,MAAMhD,WAAW,GAAG;MAClBhB,qBAAqB,EAAEiE,IAAI,CAACC,SAAS,CAAC;QACpCjE,IAAI,EAAE,CAAC,0BAA0B;MACnC,CAAC,CAAC;MACFC,MAAM,EAAE,WAAW;MACnBiE,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;QACpBE,GAAG,EAAEN,gBAAgB;QACrBF,OAAO;QACPS,UAAU,EAAE;MACd,CAAC;IACH,CAAC;IACD,MAAMlD,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAEjD,MAAMK,QAAQ,GAAG,MAAM/C,QAAQ,CAACyF,aAAa,EAAE;MAC7CzC,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnDsB,IAAI,EAAEgB,gBAAgB;QACtBS,aAAa,EAAEtB;MACjB,CAAC;MACDxB,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM6C,WAAW,GAAI,MAAMlD,QAAQ,CAACO,IAAI,CAAC,CAAiB;MAC1D,MAAM4C,WAAW,CAACD,WAAW,CAACE,UAAU,EAAEf,gBAAgB,CAAC;MAC3D,OAAOa,WAAW;IACpB;IAEA,MAAM,IAAI5G,eAAe,CACtB,oCAAmCoG,aAAc,WAChD1C,QAAQ,CAACK,MACV,SAAQ,MAAML,QAAQ,CAACS,IAAI,CAAC,CAAE,EACjC,CAAC;EACH,CAAC;AAAA;AAEH,MAAM0C,WAAW,GAAG,MAAAA,CAAOE,MAAc,EAAEhB,gBAA+B,KAAK;EAC7E,MAAMiB,OAAO,GAAG3G,KAAK,CAACkB,MAAM,CAACwF,MAAM,CAAC;EACpC,MAAME,MAAM,GAAG,MAAMlB,gBAAgB,CAAC5E,YAAY,CAAC,CAAC;EACpD,MAAM+F,eAAe,GAAGF,OAAO,CAACG,KAAK,CAAC3F,OAAO,CAACC,GAAG,CAACC,GAAG;EAErD,IAAI,CAAC,MAAM7B,UAAU,CAACoH,MAAM,CAAC,OAAO,MAAMpH,UAAU,CAACqH,eAAe,CAAC,CAAC,EAAE;IACtE,MAAM,IAAIlH,eAAe,CACtB,uGAAsGsG,IAAI,CAACC,SAAS,CACnHU,MACF,CAAE,kCAAiCX,IAAI,CAACC,SAAS,CAACW,eAAe,CAAE,EACrE,CAAC;EACH;AACF,CAAC"}
1
+ {"version":3,"names":["sha256ToBase64","SignJWT","thumbprint","JWK","uuid","PidIssuingError","createDPopToken","WalletInstanceAttestation","generate","deleteKey","SdJwt","createCryptoContextFor","z","getJwtFromFormPost","AuthenticationRequestResponse","object","code","string","state","iss","assertionType","getPar","_ref","wiaCryptoContext","appFetch","fetch","clientId","codeVerifier","walletProviderBaseUrl","pidProviderEntityConfiguration","walletInstanceAttestation","keyThumbprint","getPublicKey","then","parse","decode","payload","cnf","jwk","kid","codeChallenge","signedJwtForPar","setProtectedHeader","setPayload","aud","jti","v4","client_assertion_type","authorization_details","credential_definition","type","format","response_type","code_challenge_method","redirect_uri","client_id","code_challenge","setIssuedAt","setExpirationTime","sign","parUrl","metadata","openid_credential_issuer","pushed_authorization_request_endpoint","requestBody","client_assertion","request","formBody","URLSearchParams","response","method","headers","body","toString","status","result","json","request_uri","text","getAuthenticationRequest","_ref2","requestUri","cieData","authzRequestEndpoint","authorization_endpoint","params","name","surname","birth_date","birthDate","fiscal_code","fiscalCode","formData","decodedJwt","parsed","authorizeIssuing","_ref3","_","tokenUrl","token_endpoint","authenticationRequest","authorizationCode","keytag","ephemeralContext","signedDPop","htm","htu","grant_type","code_verifier","DPoP","c_nonce","access_token","accessToken","nonce","createNonceProof","issuer","audience","ctx","setAudience","setIssuer","getCredential","_ref4","pidCryptoContext","_ref5","signedDPopForPid","signedNonceProof","credentialUrl","credential_endpoint","JSON","stringify","proof","jwt","proof_type","Authorization","pidResponse","validatePid","credential","pidJwt","decoded","pidKey","holderBindedKey","sdJwt"],"sourceRoot":"../../../src","sources":["pid/issuing.ts"],"mappings":"AAAA,SACEA,cAAc,EAEdC,OAAO,EACPC,UAAU,QACL,6BAA6B;AAEpC,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,eAAe,QAAQ,iBAAiB;AACjD,SAASC,eAAe,QAAQ,eAAe;AAE/C,OAAO,KAAKC,yBAAyB,MAAM,gCAAgC;AAC3E,SAASC,QAAQ,EAAEC,SAAS,QAAQ,gCAAgC;AACpE,SAASC,KAAK,QAAQ,GAAG;AACzB,SAASC,sBAAsB,QAAQ,iBAAiB;AAExD,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,kBAAkB,QAAQ,kBAAkB;;AAErD;;AA2BA,MAAMC,6BAA6B,GAAGF,CAAC,CAACG,MAAM,CAAC;EAC7CC,IAAI,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC;EAChBC,KAAK,EAAEN,CAAC,CAACK,MAAM,CAAC,CAAC;EAAE;EACnBE,GAAG,EAAEP,CAAC,CAACK,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF,MAAMG,aAAa,GACjB,oEAAoE;;AAEtE;AACA;AACA;AACA,MAAMC,MAAM,GACVC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAAH,IAAA;EAAA,OACD,OACEI,QAAgB,EAChBC,YAAoB,EACpBC,qBAA6B,EAC7BC,8BAAmE,EACnEC,yBAAiC,KACb;IACpB;IACA;IACA;IACA;IACA,MAAMC,aAAa,GAAG,MAAMR,gBAAgB,CACzCS,YAAY,CAAC,CAAC,CACdC,IAAI,CAAC9B,GAAG,CAAC+B,KAAK,CAAC,CACfD,IAAI,CAAC/B,UAAU,CAAC;IAEnB,MAAMiB,GAAG,GAAGZ,yBAAyB,CAAC4B,MAAM,CAACL,yBAAyB,CAAC,CACpEM,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;IAEtB,MAAMC,aAAa,GAAG,MAAMxC,cAAc,CAAC2B,YAAY,CAAC;IAExD,MAAMc,eAAe,GAAG,MAAM,IAAIxC,OAAO,CAACsB,gBAAgB,CAAC,CACxDmB,kBAAkB,CAAC;MAClBH,GAAG,EAAER;IACP,CAAC,CAAC,CACDY,UAAU,CAAC;MACVxB,GAAG;MACHyB,GAAG,EAAEf,8BAA8B,CAACO,OAAO,CAACjB,GAAG;MAC/C0B,GAAG,EAAG,GAAEzC,IAAI,CAAC0C,EAAE,CAAC,CAAE,EAAC;MACnBC,qBAAqB,EAAE3B,aAAa;MACpC4B,qBAAqB,EAAE,CACrB;QACEC,qBAAqB,EAAE;UACrBC,IAAI,EAAE;QACR,CAAC;QACDC,MAAM,EAAE,WAAW;QACnBD,IAAI,EAAE;MACR,CAAC,CACF;MACDE,aAAa,EAAE,MAAM;MACrBC,qBAAqB,EAAE,MAAM;MAC7BC,YAAY,EAAE1B,qBAAqB;MACnCV,KAAK,EAAG,GAAEd,IAAI,CAAC0C,EAAE,CAAC,CAAE,EAAC;MACrBS,SAAS,EAAE7B,QAAQ;MACnB8B,cAAc,EAAEhB;IAClB,CAAC,CAAC,CACDiB,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,MAAM,GACV/B,8BAA8B,CAACO,OAAO,CAACyB,QAAQ,CAACC,wBAAwB,CACrEC,qCAAqC;IAE1C,MAAMC,WAAW,GAAG;MAClBZ,aAAa,EAAE,MAAM;MACrBG,SAAS,EAAE7B,QAAQ;MACnB8B,cAAc,EAAEhB,aAAa;MAC7Ba,qBAAqB,EAAE,MAAM;MAC7BN,qBAAqB,EAAE3B,aAAa;MACpC6C,gBAAgB,EAAEnC,yBAAyB;MAC3CoC,OAAO,EAAEzB;IACX,CAAC;IAED,IAAI0B,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAM7C,QAAQ,CAACoC,MAAM,EAAE;MACtCU,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,MAAM,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MACpC,OAAOD,MAAM,CAACE,WAAW;IAC3B;IAEA,MAAM,IAAIxE,eAAe,CACtB,wCAAuC,MAAMgE,QAAQ,CAACS,IAAI,CAAC,CAAE,EAChE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA,MAAMC,wBAAwB,GAC5BC,KAAA;EAAA,IAAC;IAAExD,QAAQ,GAAGC;EAA2C,CAAC,GAAAuD,KAAA;EAAA,OAC1D,OACEtD,QAAgB,EAChBuD,UAAkB,EAClBpD,8BAAmE,EACnEqD,OAAgB,KAC2B;IAC3C,MAAMC,oBAAoB,GACxBtD,8BAA8B,CAACO,OAAO,CAACyB,QAAQ,CAACC,wBAAwB,CACrEsB,sBAAsB;;IAE3B;AACJ;AACA;AACA;AACA;IACI,MAAMC,MAAM,GAAG,IAAIjB,eAAe,CAAC;MACjCb,SAAS,EAAE7B,QAAQ;MACnBmD,WAAW,EAAEI,UAAU;MACvBK,IAAI,EAAEJ,OAAO,CAACI,IAAI;MAClBC,OAAO,EAAEL,OAAO,CAACK,OAAO;MACxBC,UAAU,EAAEN,OAAO,CAACO,SAAS;MAC7BC,WAAW,EAAER,OAAO,CAACS;IACvB,CAAC,CAAC;IAEF,MAAMtB,QAAQ,GAAG,MAAM7C,QAAQ,CAAC2D,oBAAoB,GAAG,GAAG,GAAGE,MAAM,EAAE;MACnEf,MAAM,EAAE;IACV,CAAC,CAAC;IAEF,IAAID,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMkB,QAAQ,GAAG,MAAMvB,QAAQ,CAACS,IAAI,CAAC,CAAC;MACtC,MAAM;QAAEe;MAAW,CAAC,GAAG,MAAMhF,kBAAkB,CAAC+E,QAAQ,CAAC;MACzD,MAAME,MAAM,GAAGhF,6BAA6B,CAACoB,KAAK,CAAC2D,UAAU,CAACzD,OAAO,CAAC;MACtE,OAAO0D,MAAM;IACf;IAEA,MAAM,IAAIzF,eAAe,CACtB,0DAAyD,MAAMgE,QAAQ,CAACS,IAAI,CAAC,CAAE,EAClF,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMiB,gBAAgB,GAC3BC,KAAA;EAAA,IAAC;IACCzE,gBAAgB;IAChBC,QAAQ,GAAGC;EAIb,CAAC,GAAAuE,KAAA;EAAA,OACD,OACElE,yBAAiC,EACjCF,qBAA6B,EAC7BC,8BAAmE,EACnEqD,OAAgB,KACe;IAC/B;IACA,MAAMxD,QAAQ,GAAG,MAAMH,gBAAgB,CAACS,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEgE,CAAC,IAAKA,CAAC,CAAC1D,GAAG,CAAC;IACzE,MAAMZ,YAAY,GAAI,GAAEvB,IAAI,CAAC0C,EAAE,CAAC,CAAE,EAAC;IAEnC,MAAMoD,QAAQ,GACZrE,8BAA8B,CAACO,OAAO,CAACyB,QAAQ,CAACC,wBAAwB,CACrEqC,cAAc;IAEnB,MAAMlB,UAAU,GAAG,MAAM5D,MAAM,CAAC;MAAEE,gBAAgB;MAAEC;IAAS,CAAC,CAAC,CAC7DE,QAAQ,EACRC,YAAY,EACZC,qBAAqB,EACrBC,8BAA8B,EAC9BC,yBACF,CAAC;IAED,MAAMsE,qBAAqB,GAAG,MAAMrB,wBAAwB,CAAC,CAAC,CAAC,CAAC,CAC9DrD,QAAQ,EACRuD,UAAU,EACVpD,8BAA8B,EAC9BqD,OACF,CAAC;IAED,MAAMmB,iBAAiB,GAAGD,qBAAqB,CAACpF,IAAI;;IAEpD;IACA,MAAMsF,MAAM,GAAI,aAAYlG,IAAI,CAAC0C,EAAE,CAAC,CAAE,EAAC;IACvC,MAAMtC,QAAQ,CAAC8F,MAAM,CAAC;IACtB,MAAMC,gBAAgB,GAAG5F,sBAAsB,CAAC2F,MAAM,CAAC;IAEvD,MAAME,UAAU,GAAG,MAAMlG,eAAe,CACtC;MACEmG,GAAG,EAAE,MAAM;MACXC,GAAG,EAAER,QAAQ;MACbrD,GAAG,EAAG,GAAEzC,IAAI,CAAC0C,EAAE,CAAC,CAAE;IACpB,CAAC,EACDyD,gBACF,CAAC;IAED,MAAM9F,SAAS,CAAC6F,MAAM,CAAC;IAEvB,MAAMtC,WAAW,GAAG;MAClB2C,UAAU,EAAE,oBAAoB;MAChCpD,SAAS,EAAE7B,QAAQ;MACnBV,IAAI,EAAEqF,iBAAiB;MACvBO,aAAa,EAAEjF,YAAY;MAC3BoB,qBAAqB,EAAE3B,aAAa;MACpC6C,gBAAgB,EAAEnC,yBAAyB;MAC3CwB,YAAY,EAAE1B;IAChB,CAAC;IACD,IAAIuC,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAM7C,QAAQ,CAAC0E,QAAQ,EAAE;MACxC5B,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnDsC,IAAI,EAAEL;MACR,CAAC;MACDhC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM;QAAEoC,OAAO;QAAEC;MAAa,CAAC,GAAG,MAAM1C,QAAQ,CAACO,IAAI,CAAC,CAAC;MACvD,OAAO;QACLoC,WAAW,EAAED,YAAY;QACzBE,KAAK,EAAEH,OAAO;QACdpF,QAAQ;QACRC,YAAY;QACZ0E,iBAAiB;QACjBzE;MACF,CAAC;IACH;IAEA,MAAM,IAAIvB,eAAe,CACtB,0CAAyC,MAAMgE,QAAQ,CAACS,IAAI,CAAC,CAAE,EAClE,CAAC;EACH,CAAC;AAAA;;AAEH;AACA;AACA;AACA,MAAMoC,gBAAgB,GAAG,MAAAA,CACvBD,KAAa,EACbE,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAIpH,OAAO,CAACoH,GAAG,CAAC,CACpB1E,UAAU,CAAC;IACVsE,KAAK;IACL3E,GAAG,EAAE,MAAM+E,GAAG,CAACrF,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDU,kBAAkB,CAAC;IAClBQ,IAAI,EAAE;EACR,CAAC,CAAC,CACDoE,WAAW,CAACF,QAAQ,CAAC,CACrBG,SAAS,CAACJ,MAAM,CAAC,CACjB1D,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM6D,aAAa,GACxBC,KAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBlG,QAAQ,GAAGC;EAIb,CAAC,GAAAgG,KAAA;EAAA,OACD,OAAAE,KAAA,EAEE9F,8BAAmE,KAC1C;IAAA,IAFzB;MAAEoF,KAAK;MAAED,WAAW;MAAEtF,QAAQ;MAAEE;IAAyC,CAAC,GAAA+F,KAAA;IAG1E,MAAMC,gBAAgB,GAAG,MAAMtH,eAAe,CAC5C;MACEmG,GAAG,EAAE,MAAM;MACXC,GAAG,EAAE7E,8BAA8B,CAACO,OAAO,CAACyB,QAAQ,CACjDC,wBAAwB,CAACqC,cAAc;MAC1CtD,GAAG,EAAG,GAAEzC,IAAI,CAAC0C,EAAE,CAAC,CAAE;IACpB,CAAC,EACD4E,gBACF,CAAC;IACD,MAAMG,gBAAgB,GAAG,MAAMX,gBAAgB,CAC7CD,KAAK,EACLvF,QAAQ,EACRE,qBAAqB,EACrB8F,gBACF,CAAC;IAED,MAAMI,aAAa,GACjBjG,8BAA8B,CAACO,OAAO,CAACyB,QAAQ,CAACC,wBAAwB,CACrEiE,mBAAmB;IAExB,MAAM/D,WAAW,GAAG;MAClBf,qBAAqB,EAAE+E,IAAI,CAACC,SAAS,CAAC;QACpC/E,IAAI,EAAE,CAAC,0BAA0B;MACnC,CAAC,CAAC;MACFC,MAAM,EAAE,WAAW;MACnB+E,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;QACpBE,GAAG,EAAEN,gBAAgB;QACrBO,UAAU,EAAE;MACd,CAAC;IACH,CAAC;IACD,MAAMjE,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAEjD,MAAMK,QAAQ,GAAG,MAAM7C,QAAQ,CAACsG,aAAa,EAAE;MAC7CxD,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnDsC,IAAI,EAAEe,gBAAgB;QACtBS,aAAa,EAAErB;MACjB,CAAC;MACDxC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM4D,WAAW,GAAI,MAAMjE,QAAQ,CAACO,IAAI,CAAC,CAAiB;MAC1D,MAAM2D,WAAW,CAACD,WAAW,CAACE,UAAU,EAAEd,gBAAgB,CAAC;MAC3D,OAAOY,WAAW;IACpB;IAEA,MAAM,IAAIjI,eAAe,CACtB,oCAAmCyH,aAAc,WAChDzD,QAAQ,CAACK,MACV,SAAQ,MAAML,QAAQ,CAACS,IAAI,CAAC,CAAE,EACjC,CAAC;EACH,CAAC;AAAA;AAEH,MAAMyD,WAAW,GAAG,MAAAA,CAAOE,MAAc,EAAEf,gBAA+B,KAAK;EAC7E,MAAMgB,OAAO,GAAGhI,KAAK,CAACyB,MAAM,CAACsG,MAAM,CAAC;EACpC,MAAME,MAAM,GAAG,MAAMjB,gBAAgB,CAAC1F,YAAY,CAAC,CAAC;EACpD,MAAM4G,eAAe,GAAGF,OAAO,CAACG,KAAK,CAACzG,OAAO,CAACC,GAAG,CAACC,GAAG;EAErD,IAAI,CAAC,MAAMpC,UAAU,CAACyI,MAAM,CAAC,OAAO,MAAMzI,UAAU,CAAC0I,eAAe,CAAC,CAAC,EAAE;IACtE,MAAM,IAAIvI,eAAe,CACtB,uGAAsG2H,IAAI,CAACC,SAAS,CACnHU,MACF,CAAE,kCAAiCX,IAAI,CAACC,SAAS,CAACW,eAAe,CAAE,EACrE,CAAC;EACH;AACF,CAAC"}
@@ -0,0 +1,40 @@
1
+ import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
2
+ import { ValidationFailed } from "./errors";
3
+
4
+ /*
5
+ * Decode a form_post.jwt and return the final JWT.
6
+ * The formData here is in form_post.jwt format as defined in
7
+ * JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
8
+ * HTTP/1.1 200 OK
9
+ * Content-Type: text/html;charset=UTF-8
10
+ * Cache-Control: no-cache, no-store
11
+ * Pragma: no-cache
12
+ *
13
+ * <html>
14
+ * <head><title>Submit This Form</title></head>
15
+ * <body onload="javascript:document.forms[0].submit()">
16
+ * <form method="post" action="https://client.example.com/cb">
17
+ * <input type="hidden" name="response"
18
+ * value="eyJhbGciOiJSUz....."/>
19
+ * </form>
20
+ * </body>
21
+ * </html>
22
+ */
23
+ export const getJwtFromFormPost = async formData => {
24
+ const formPostRegex = /<input(.|\n)*value\s*=\s*"((.|\n)*)"(.|\n)*>/gm;
25
+ const lineExpressionRegex = /\r\n|\n\r|\n|\r|\s+/g;
26
+ const matches = formPostRegex.exec(formData);
27
+ if (matches && matches.length >= 2) {
28
+ const responseJwt = matches[2];
29
+ if (responseJwt) {
30
+ const jwt = responseJwt.replace(lineExpressionRegex, "");
31
+ const decodedJwt = await decodeJwt(jwt);
32
+ return {
33
+ jwt,
34
+ decodedJwt
35
+ };
36
+ }
37
+ }
38
+ throw new ValidationFailed(`Unable to obtain JWT from form_post.jwt. Form data: ${formData}`);
39
+ };
40
+ //# sourceMappingURL=decoder.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"names":["decode","decodeJwt","ValidationFailed","getJwtFromFormPost","formData","formPostRegex","lineExpressionRegex","matches","exec","length","responseJwt","jwt","replace","decodedJwt"],"sourceRoot":"../../../src","sources":["utils/decoder.ts"],"mappings":"AAAA,SAASA,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AAEjE,SAASC,gBAAgB,QAAQ,UAAU;;AAE3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,kBAAkB,GAAG,MAChCC,QAAgB,IAC0C;EAC1D,MAAMC,aAAa,GAAG,gDAAgD;EACtE,MAAMC,mBAAmB,GAAG,sBAAsB;EAElD,MAAMC,OAAO,GAAGF,aAAa,CAACG,IAAI,CAACJ,QAAQ,CAAC;EAC5C,IAAIG,OAAO,IAAIA,OAAO,CAACE,MAAM,IAAI,CAAC,EAAE;IAClC,MAAMC,WAAW,GAAGH,OAAO,CAAC,CAAC,CAAC;IAE9B,IAAIG,WAAW,EAAE;MACf,MAAMC,GAAG,GAAGD,WAAW,CAACE,OAAO,CAACN,mBAAmB,EAAE,EAAE,CAAC;MACxD,MAAMO,UAAU,GAAG,MAAMZ,SAAS,CAACU,GAAG,CAAC;MACvC,OAAO;QAAEA,GAAG;QAAEE;MAAW,CAAC;IAC5B;EACF;EAEA,MAAM,IAAIX,gBAAgB,CACvB,uDAAsDE,QAAS,EAClE,CAAC;AACH,CAAC"}
@@ -27,8 +27,9 @@ export type PidResponse = {
27
27
  * @param params.wiaCryptoContext The key pair associated with the WIA. Will be use to prove the ownership of the attestation.
28
28
  * @param params.appFetch (optional) Http client
29
29
  * @param walletInstanceAttestation Wallet Instance Attestation token.
30
- * @param walletProviderBaseUrl Base url for the Wallet Provider
30
+ * @param walletProviderBaseUrl Base url for the Wallet Provider.
31
31
  * @param pidProviderEntityConfiguration The Entity Configuration of the PID Provider, from which discover public endooints.
32
+ * @param cieData Data red from the CIE login process
32
33
  * @returns The access token along with the values that identify the issuing session.
33
34
  */
34
35
  export declare const authorizeIssuing: ({ wiaCryptoContext, appFetch, }: {
@@ -37,14 +38,13 @@ export declare const authorizeIssuing: ({ wiaCryptoContext, appFetch, }: {
37
38
  (input: RequestInfo, init?: RequestInit | undefined): Promise<Response>;
38
39
  (input: RequestInfo, init?: RequestInit | undefined): Promise<Response>;
39
40
  } | undefined;
40
- }) => (walletInstanceAttestation: string, walletProviderBaseUrl: string, pidProviderEntityConfiguration: CredentialIssuerEntityConfiguration) => Promise<AuthorizationConf>;
41
+ }) => (walletInstanceAttestation: string, walletProviderBaseUrl: string, pidProviderEntityConfiguration: CredentialIssuerEntityConfiguration, cieData: CieData) => Promise<AuthorizationConf>;
41
42
  /**
42
43
  * Complete the issuing flow and get the PID credential.
43
44
  *
44
45
  * @param params.pidCryptoContext The key pair associated with the PID. Will be use to prove the ownership of the credential.
45
46
  * @param params.appFetch (optional) Http client
46
47
  * @param authConf The authorization configuration retrieved with the access token
47
- * @param cieData Data red from the CIE login process
48
48
  * @returns The PID credential token
49
49
  */
50
50
  export declare const getCredential: ({ pidCryptoContext, appFetch, }: {
@@ -53,5 +53,5 @@ export declare const getCredential: ({ pidCryptoContext, appFetch, }: {
53
53
  (input: RequestInfo, init?: RequestInit | undefined): Promise<Response>;
54
54
  (input: RequestInfo, init?: RequestInit | undefined): Promise<Response>;
55
55
  } | undefined;
56
- }) => ({ nonce, accessToken, clientId, walletProviderBaseUrl }: AuthorizationConf, pidProviderEntityConfiguration: CredentialIssuerEntityConfiguration, cieData: CieData) => Promise<PidResponse>;
56
+ }) => ({ nonce, accessToken, clientId, walletProviderBaseUrl }: AuthorizationConf, pidProviderEntityConfiguration: CredentialIssuerEntityConfiguration) => Promise<PidResponse>;
57
57
  //# sourceMappingURL=issuing.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"issuing.d.ts","sourceRoot":"","sources":["../../../src/pid/issuing.ts"],"names":[],"mappings":";AAAA,OAAO,EAEL,KAAK,aAAa,EAGnB,MAAM,6BAA6B,CAAC;AAKrC,OAAO,EAAE,mCAAmC,EAAE,MAAM,gBAAgB,CAAC;AAMrE,MAAM,MAAM,OAAO,GAAG;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,qBAAqB,EAAE,MAAM,CAAC;CAC/B,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAoGF;;;;;;;;;GASG;AACH,eAAO,MAAM,gBAAgB;sBAKP,aAAa;;;;;kCAIJ,MAAM,yBACV,MAAM,kCACG,mCAAmC,KAClE,QAAQ,iBAAiB,CAoE3B,CAAC;AA0BJ;;;;;;;;GAQG;AACH,eAAO,MAAM,aAAa;sBAKJ,aAAa;;;;;gEAI0B,iBAAiB,kCAC1C,mCAAmC,WAC1D,OAAO,KACf,QAAQ,WAAW,CAuDrB,CAAC"}
1
+ {"version":3,"file":"issuing.d.ts","sourceRoot":"","sources":["../../../src/pid/issuing.ts"],"names":[],"mappings":";AAAA,OAAO,EAEL,KAAK,aAAa,EAGnB,MAAM,6BAA6B,CAAC;AAMrC,OAAO,EAAE,mCAAmC,EAAE,MAAM,gBAAgB,CAAC;AAUrE,MAAM,MAAM,OAAO,GAAG;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,qBAAqB,EAAE,MAAM,CAAC;CAC/B,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AA0JF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,gBAAgB;sBAKP,aAAa;;;;;kCAIJ,MAAM,yBACV,MAAM,kCACG,mCAAmC,WAC1D,OAAO,KACf,QAAQ,iBAAiB,CA6E3B,CAAC;AA0BJ;;;;;;;GAOG;AACH,eAAO,MAAM,aAAa;sBAKJ,aAAa;;;;;gEAI0B,iBAAiB,kCAC1C,mCAAmC,KAClE,QAAQ,WAAW,CAsDrB,CAAC"}
@@ -35,8 +35,8 @@ export declare const RequestObject: z.ZodObject<{
35
35
  exp: number;
36
36
  client_id: string;
37
37
  nonce: string;
38
- response_type: "vp_token";
39
38
  state: string;
39
+ response_type: "vp_token";
40
40
  response_uri: string;
41
41
  response_mode: "direct_post.jwt";
42
42
  client_id_scheme: "entity_id";
@@ -47,8 +47,8 @@ export declare const RequestObject: z.ZodObject<{
47
47
  exp: number;
48
48
  client_id: string;
49
49
  nonce: string;
50
- response_type: "vp_token";
51
50
  state: string;
51
+ response_type: "vp_token";
52
52
  response_uri: string;
53
53
  response_mode: "direct_post.jwt";
54
54
  client_id_scheme: "entity_id";
@@ -67,8 +67,8 @@ export declare const RequestObject: z.ZodObject<{
67
67
  exp: number;
68
68
  client_id: string;
69
69
  nonce: string;
70
- response_type: "vp_token";
71
70
  state: string;
71
+ response_type: "vp_token";
72
72
  response_uri: string;
73
73
  response_mode: "direct_post.jwt";
74
74
  client_id_scheme: "entity_id";
@@ -87,8 +87,8 @@ export declare const RequestObject: z.ZodObject<{
87
87
  exp: number;
88
88
  client_id: string;
89
89
  nonce: string;
90
- response_type: "vp_token";
91
90
  state: string;
91
+ response_type: "vp_token";
92
92
  response_uri: string;
93
93
  response_mode: "direct_post.jwt";
94
94
  client_id_scheme: "entity_id";
@@ -0,0 +1,6 @@
1
+ import type { JWTDecodeResult } from "@pagopa/io-react-native-jwt/lib/typescript/types";
2
+ export declare const getJwtFromFormPost: (formData: string) => Promise<{
3
+ jwt: string;
4
+ decodedJwt: JWTDecodeResult;
5
+ }>;
6
+ //# sourceMappingURL=decoder.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"decoder.d.ts","sourceRoot":"","sources":["../../../src/utils/decoder.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kDAAkD,CAAC;AAsBxF,eAAO,MAAM,kBAAkB,aACnB,MAAM,KACf,QAAQ;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,eAAe,CAAA;CAAE,CAkBtD,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pagopa/io-react-native-wallet",
3
- "version": "0.6.1",
3
+ "version": "0.7.0",
4
4
  "description": "Provide data structures, helpers and API for IO Wallet",
5
5
  "main": "lib/commonjs/index",
6
6
  "module": "lib/module/index",
@@ -4,6 +4,7 @@ import {
4
4
  SignJWT,
5
5
  thumbprint,
6
6
  } from "@pagopa/io-react-native-jwt";
7
+
7
8
  import { JWK } from "../utils/jwk";
8
9
  import uuid from "react-native-uuid";
9
10
  import { PidIssuingError } from "../utils/errors";
@@ -13,6 +14,10 @@ import * as WalletInstanceAttestation from "../wallet-instance-attestation";
13
14
  import { generate, deleteKey } from "@pagopa/io-react-native-crypto";
14
15
  import { SdJwt } from ".";
15
16
  import { createCryptoContextFor } from "../utils/crypto";
17
+
18
+ import * as z from "zod";
19
+ import { getJwtFromFormPost } from "../utils/decoder";
20
+
16
21
  // This is a temporary type that will be used for demo purposes only
17
22
  export type CieData = {
18
23
  birthDate: string;
@@ -37,6 +42,15 @@ export type PidResponse = {
37
42
  format: string;
38
43
  };
39
44
 
45
+ type AuthenticationRequestResponse = z.infer<
46
+ typeof AuthenticationRequestResponse
47
+ >;
48
+ const AuthenticationRequestResponse = z.object({
49
+ code: z.string(),
50
+ state: z.string(), // TODO: refine to known paths using literals
51
+ iss: z.string(),
52
+ });
53
+
40
54
  const assertionType =
41
55
  "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
42
56
 
@@ -135,14 +149,60 @@ const getPar =
135
149
  );
136
150
  };
137
151
 
152
+ /**
153
+ * Make an authorization request
154
+ */
155
+ const getAuthenticationRequest =
156
+ ({ appFetch = fetch }: { appFetch?: GlobalFetch["fetch"] }) =>
157
+ async (
158
+ clientId: string,
159
+ requestUri: string,
160
+ pidProviderEntityConfiguration: CredentialIssuerEntityConfiguration,
161
+ cieData: CieData
162
+ ): Promise<AuthenticationRequestResponse> => {
163
+ const authzRequestEndpoint =
164
+ pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer
165
+ .authorization_endpoint;
166
+
167
+ /* User's personal data is not supposed to transit in this flow,
168
+ * but to be provided to the PID issuer directly by its chosen authentication method (CIE).
169
+ * Being the project in an initial phase, and being we were still unable to fully comply with authentication,
170
+ * we temporarily provide data from the App's logged user.
171
+ * */
172
+ const params = new URLSearchParams({
173
+ client_id: clientId,
174
+ request_uri: requestUri,
175
+ name: cieData.name,
176
+ surname: cieData.surname,
177
+ birth_date: cieData.birthDate,
178
+ fiscal_code: cieData.fiscalCode,
179
+ });
180
+
181
+ const response = await appFetch(authzRequestEndpoint + "?" + params, {
182
+ method: "GET",
183
+ });
184
+
185
+ if (response.status === 200) {
186
+ const formData = await response.text();
187
+ const { decodedJwt } = await getJwtFromFormPost(formData);
188
+ const parsed = AuthenticationRequestResponse.parse(decodedJwt.payload);
189
+ return parsed;
190
+ }
191
+
192
+ throw new PidIssuingError(
193
+ `Unable to obtain Authorization Request. Response code: ${await response.text()}`
194
+ );
195
+ };
196
+
138
197
  /**
139
198
  * Start the issuing flow by generating an authorization request to the PID Provider. Obtain from the PID Provider an access token to be used to complete the issuing flow.
140
199
  *
141
200
  * @param params.wiaCryptoContext The key pair associated with the WIA. Will be use to prove the ownership of the attestation.
142
201
  * @param params.appFetch (optional) Http client
143
202
  * @param walletInstanceAttestation Wallet Instance Attestation token.
144
- * @param walletProviderBaseUrl Base url for the Wallet Provider
203
+ * @param walletProviderBaseUrl Base url for the Wallet Provider.
145
204
  * @param pidProviderEntityConfiguration The Entity Configuration of the PID Provider, from which discover public endooints.
205
+ * @param cieData Data red from the CIE login process
146
206
  * @returns The access token along with the values that identify the issuing session.
147
207
  */
148
208
  export const authorizeIssuing =
@@ -156,17 +216,18 @@ export const authorizeIssuing =
156
216
  async (
157
217
  walletInstanceAttestation: string,
158
218
  walletProviderBaseUrl: string,
159
- pidProviderEntityConfiguration: CredentialIssuerEntityConfiguration
219
+ pidProviderEntityConfiguration: CredentialIssuerEntityConfiguration,
220
+ cieData: CieData
160
221
  ): Promise<AuthorizationConf> => {
161
222
  // FIXME: do better
162
223
  const clientId = await wiaCryptoContext.getPublicKey().then((_) => _.kid);
163
224
  const codeVerifier = `${uuid.v4()}`;
164
- const authorizationCode = `${uuid.v4()}`;
225
+
165
226
  const tokenUrl =
166
227
  pidProviderEntityConfiguration.payload.metadata.openid_credential_issuer
167
228
  .token_endpoint;
168
229
 
169
- await getPar({ wiaCryptoContext, appFetch })(
230
+ const requestUri = await getPar({ wiaCryptoContext, appFetch })(
170
231
  clientId,
171
232
  codeVerifier,
172
233
  walletProviderBaseUrl,
@@ -174,6 +235,15 @@ export const authorizeIssuing =
174
235
  walletInstanceAttestation
175
236
  );
176
237
 
238
+ const authenticationRequest = await getAuthenticationRequest({})(
239
+ clientId,
240
+ requestUri,
241
+ pidProviderEntityConfiguration,
242
+ cieData
243
+ );
244
+
245
+ const authorizationCode = authenticationRequest.code;
246
+
177
247
  // Use an ephemeral key to be destroyed after use
178
248
  const keytag = `ephemeral-${uuid.v4()}`;
179
249
  await generate(keytag);
@@ -257,7 +327,6 @@ const createNonceProof = async (
257
327
  * @param params.pidCryptoContext The key pair associated with the PID. Will be use to prove the ownership of the credential.
258
328
  * @param params.appFetch (optional) Http client
259
329
  * @param authConf The authorization configuration retrieved with the access token
260
- * @param cieData Data red from the CIE login process
261
330
  * @returns The PID credential token
262
331
  */
263
332
  export const getCredential =
@@ -270,8 +339,7 @@ export const getCredential =
270
339
  }) =>
271
340
  async (
272
341
  { nonce, accessToken, clientId, walletProviderBaseUrl }: AuthorizationConf,
273
- pidProviderEntityConfiguration: CredentialIssuerEntityConfiguration,
274
- cieData: CieData
342
+ pidProviderEntityConfiguration: CredentialIssuerEntityConfiguration
275
343
  ): Promise<PidResponse> => {
276
344
  const signedDPopForPid = await createDPopToken(
277
345
  {
@@ -300,7 +368,6 @@ export const getCredential =
300
368
  format: "vc+sd-jwt",
301
369
  proof: JSON.stringify({
302
370
  jwt: signedNonceProof,
303
- cieData,
304
371
  proof_type: "jwt",
305
372
  }),
306
373
  };
@@ -0,0 +1,44 @@
1
+ import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
2
+ import type { JWTDecodeResult } from "@pagopa/io-react-native-jwt/lib/typescript/types";
3
+ import { ValidationFailed } from "./errors";
4
+
5
+ /*
6
+ * Decode a form_post.jwt and return the final JWT.
7
+ * The formData here is in form_post.jwt format as defined in
8
+ * JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
9
+ * HTTP/1.1 200 OK
10
+ * Content-Type: text/html;charset=UTF-8
11
+ * Cache-Control: no-cache, no-store
12
+ * Pragma: no-cache
13
+ *
14
+ * <html>
15
+ * <head><title>Submit This Form</title></head>
16
+ * <body onload="javascript:document.forms[0].submit()">
17
+ * <form method="post" action="https://client.example.com/cb">
18
+ * <input type="hidden" name="response"
19
+ * value="eyJhbGciOiJSUz....."/>
20
+ * </form>
21
+ * </body>
22
+ * </html>
23
+ */
24
+ export const getJwtFromFormPost = async (
25
+ formData: string
26
+ ): Promise<{ jwt: string; decodedJwt: JWTDecodeResult }> => {
27
+ const formPostRegex = /<input(.|\n)*value\s*=\s*"((.|\n)*)"(.|\n)*>/gm;
28
+ const lineExpressionRegex = /\r\n|\n\r|\n|\r|\s+/g;
29
+
30
+ const matches = formPostRegex.exec(formData);
31
+ if (matches && matches.length >= 2) {
32
+ const responseJwt = matches[2];
33
+
34
+ if (responseJwt) {
35
+ const jwt = responseJwt.replace(lineExpressionRegex, "");
36
+ const decodedJwt = await decodeJwt(jwt);
37
+ return { jwt, decodedJwt };
38
+ }
39
+ }
40
+
41
+ throw new ValidationFailed(
42
+ `Unable to obtain JWT from form_post.jwt. Form data: ${formData}`
43
+ );
44
+ };