@pagopa/io-react-native-wallet 0.7.4 → 0.9.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (217) hide show
  1. package/README.md +49 -31
  2. package/lib/commonjs/credential/index.js +13 -0
  3. package/lib/commonjs/credential/index.js.map +1 -0
  4. package/lib/commonjs/credential/issuance/01-start-flow.js +2 -0
  5. package/lib/commonjs/credential/issuance/01-start-flow.js.map +1 -0
  6. package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js +26 -0
  7. package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js.map +1 -0
  8. package/lib/commonjs/credential/issuance/03-start-user-authorization.js +119 -0
  9. package/lib/commonjs/credential/issuance/03-start-user-authorization.js.map +1 -0
  10. package/lib/commonjs/credential/issuance/04-complete-user-authorization.js +6 -0
  11. package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map +1 -0
  12. package/lib/commonjs/credential/issuance/05-authorize-access.js +63 -0
  13. package/lib/commonjs/credential/issuance/05-authorize-access.js.map +1 -0
  14. package/lib/commonjs/credential/issuance/06-obtain-credential.js +128 -0
  15. package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -0
  16. package/lib/commonjs/credential/issuance/07-confirm-credential.js +6 -0
  17. package/lib/commonjs/credential/issuance/07-confirm-credential.js.map +1 -0
  18. package/lib/commonjs/credential/issuance/const.js +9 -0
  19. package/lib/commonjs/credential/issuance/const.js.map +1 -0
  20. package/lib/commonjs/credential/issuance/index.js +34 -0
  21. package/lib/commonjs/credential/issuance/index.js.map +1 -0
  22. package/lib/commonjs/credential/presentation/01-start-flow.js +55 -0
  23. package/lib/commonjs/credential/presentation/01-start-flow.js.map +1 -0
  24. package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js +32 -0
  25. package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js.map +1 -0
  26. package/lib/commonjs/credential/presentation/03-get-request-object.js +68 -0
  27. package/lib/commonjs/credential/presentation/03-get-request-object.js.map +1 -0
  28. package/lib/commonjs/credential/presentation/04-send-authorization-response.js +139 -0
  29. package/lib/commonjs/credential/presentation/04-send-authorization-response.js.map +1 -0
  30. package/lib/commonjs/credential/presentation/index.js +34 -0
  31. package/lib/commonjs/credential/presentation/index.js.map +1 -0
  32. package/lib/commonjs/{rp → credential/presentation}/types.js +17 -34
  33. package/lib/commonjs/credential/presentation/types.js.map +1 -0
  34. package/lib/commonjs/index.js +10 -61
  35. package/lib/commonjs/index.js.map +1 -1
  36. package/lib/commonjs/pid/index.js +1 -3
  37. package/lib/commonjs/pid/index.js.map +1 -1
  38. package/lib/commonjs/sd-jwt/index.js +1 -1
  39. package/lib/commonjs/sd-jwt/index.js.map +1 -1
  40. package/lib/commonjs/sd-jwt/types.js +1 -1
  41. package/lib/commonjs/sd-jwt/types.js.map +1 -1
  42. package/lib/commonjs/trust/chain.js +32 -4
  43. package/lib/commonjs/trust/chain.js.map +1 -1
  44. package/lib/commonjs/trust/index.js +105 -20
  45. package/lib/commonjs/trust/index.js.map +1 -1
  46. package/lib/commonjs/trust/types.js +54 -35
  47. package/lib/commonjs/trust/types.js.map +1 -1
  48. package/lib/commonjs/utils/crypto.js +5 -18
  49. package/lib/commonjs/utils/crypto.js.map +1 -1
  50. package/lib/commonjs/utils/errors.js +35 -4
  51. package/lib/commonjs/utils/errors.js.map +1 -1
  52. package/lib/commonjs/utils/misc.js +23 -0
  53. package/lib/commonjs/utils/misc.js.map +1 -0
  54. package/lib/commonjs/utils/par.js +86 -0
  55. package/lib/commonjs/utils/par.js.map +1 -0
  56. package/lib/module/credential/index.js +4 -0
  57. package/lib/module/credential/index.js.map +1 -0
  58. package/lib/module/credential/issuance/01-start-flow.js +2 -0
  59. package/lib/module/credential/issuance/01-start-flow.js.map +1 -0
  60. package/lib/module/credential/issuance/02-evaluate-issuer-trust.js +19 -0
  61. package/lib/module/credential/issuance/02-evaluate-issuer-trust.js.map +1 -0
  62. package/lib/module/credential/issuance/03-start-user-authorization.js +109 -0
  63. package/lib/module/credential/issuance/03-start-user-authorization.js.map +1 -0
  64. package/lib/module/credential/issuance/04-complete-user-authorization.js +2 -0
  65. package/lib/module/credential/issuance/04-complete-user-authorization.js.map +1 -0
  66. package/lib/module/credential/issuance/05-authorize-access.js +55 -0
  67. package/lib/module/credential/issuance/05-authorize-access.js.map +1 -0
  68. package/lib/module/credential/issuance/06-obtain-credential.js +117 -0
  69. package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -0
  70. package/lib/module/credential/issuance/07-confirm-credential.js +2 -0
  71. package/lib/module/credential/issuance/07-confirm-credential.js.map +1 -0
  72. package/lib/module/credential/issuance/const.js +2 -0
  73. package/lib/module/credential/issuance/const.js.map +1 -0
  74. package/lib/module/credential/issuance/index.js +6 -0
  75. package/lib/module/credential/issuance/index.js.map +1 -0
  76. package/lib/module/credential/presentation/01-start-flow.js +46 -0
  77. package/lib/module/credential/presentation/01-start-flow.js.map +1 -0
  78. package/lib/module/credential/presentation/02-evaluate-rp-trust.js +25 -0
  79. package/lib/module/credential/presentation/02-evaluate-rp-trust.js.map +1 -0
  80. package/lib/module/credential/presentation/03-get-request-object.js +60 -0
  81. package/lib/module/credential/presentation/03-get-request-object.js.map +1 -0
  82. package/lib/module/credential/presentation/04-send-authorization-response.js +128 -0
  83. package/lib/module/credential/presentation/04-send-authorization-response.js.map +1 -0
  84. package/lib/module/credential/presentation/index.js +6 -0
  85. package/lib/module/credential/presentation/index.js.map +1 -0
  86. package/lib/module/credential/presentation/types.js +21 -0
  87. package/lib/module/credential/presentation/types.js.map +1 -0
  88. package/lib/module/index.js +4 -5
  89. package/lib/module/index.js.map +1 -1
  90. package/lib/module/pid/index.js +1 -2
  91. package/lib/module/pid/index.js.map +1 -1
  92. package/lib/module/sd-jwt/index.js +1 -1
  93. package/lib/module/sd-jwt/index.js.map +1 -1
  94. package/lib/module/sd-jwt/types.js +1 -1
  95. package/lib/module/sd-jwt/types.js.map +1 -1
  96. package/lib/module/trust/chain.js +30 -3
  97. package/lib/module/trust/chain.js.map +1 -1
  98. package/lib/module/trust/index.js +99 -16
  99. package/lib/module/trust/index.js.map +1 -1
  100. package/lib/module/trust/types.js +50 -31
  101. package/lib/module/trust/types.js.map +1 -1
  102. package/lib/module/utils/crypto.js +2 -15
  103. package/lib/module/utils/crypto.js.map +1 -1
  104. package/lib/module/utils/errors.js +35 -4
  105. package/lib/module/utils/errors.js.map +1 -1
  106. package/lib/module/utils/misc.js +17 -0
  107. package/lib/module/utils/misc.js.map +1 -0
  108. package/lib/module/utils/par.js +74 -0
  109. package/lib/module/utils/par.js.map +1 -0
  110. package/lib/typescript/credential/index.d.ts +4 -0
  111. package/lib/typescript/credential/index.d.ts.map +1 -0
  112. package/lib/typescript/credential/issuance/01-start-flow.d.ts +11 -0
  113. package/lib/typescript/credential/issuance/01-start-flow.d.ts.map +1 -0
  114. package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts +18 -0
  115. package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts.map +1 -0
  116. package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts +31 -0
  117. package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts.map +1 -0
  118. package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts +16 -0
  119. package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts.map +1 -0
  120. package/lib/typescript/credential/issuance/05-authorize-access.d.ts +26 -0
  121. package/lib/typescript/credential/issuance/05-authorize-access.d.ts.map +1 -0
  122. package/lib/typescript/credential/issuance/06-obtain-credential.d.ts +32 -0
  123. package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -0
  124. package/lib/typescript/credential/issuance/07-confirm-credential.d.ts +11 -0
  125. package/lib/typescript/credential/issuance/07-confirm-credential.d.ts.map +1 -0
  126. package/lib/typescript/credential/issuance/const.d.ts +2 -0
  127. package/lib/typescript/credential/issuance/const.d.ts.map +1 -0
  128. package/lib/typescript/credential/issuance/index.d.ts +10 -0
  129. package/lib/typescript/credential/issuance/index.d.ts.map +1 -0
  130. package/lib/typescript/credential/presentation/01-start-flow.d.ts +20 -0
  131. package/lib/typescript/credential/presentation/01-start-flow.d.ts.map +1 -0
  132. package/lib/typescript/credential/presentation/02-evaluate-rp-trust.d.ts +18 -0
  133. package/lib/typescript/credential/presentation/02-evaluate-rp-trust.d.ts.map +1 -0
  134. package/lib/typescript/credential/presentation/03-get-request-object.d.ts +25 -0
  135. package/lib/typescript/credential/presentation/03-get-request-object.d.ts.map +1 -0
  136. package/lib/typescript/credential/presentation/04-send-authorization-response.d.ts +34 -0
  137. package/lib/typescript/credential/presentation/04-send-authorization-response.d.ts.map +1 -0
  138. package/lib/typescript/credential/presentation/index.d.ts +7 -0
  139. package/lib/typescript/credential/presentation/index.d.ts.map +1 -0
  140. package/lib/typescript/credential/presentation/types.d.ts +49 -0
  141. package/lib/typescript/credential/presentation/types.d.ts.map +1 -0
  142. package/lib/typescript/index.d.ts +4 -5
  143. package/lib/typescript/index.d.ts.map +1 -1
  144. package/lib/typescript/pid/index.d.ts +1 -2
  145. package/lib/typescript/pid/index.d.ts.map +1 -1
  146. package/lib/typescript/sd-jwt/index.d.ts +2 -2
  147. package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
  148. package/lib/typescript/sd-jwt/types.d.ts +5 -5
  149. package/lib/typescript/trust/chain.d.ts +12 -3
  150. package/lib/typescript/trust/chain.d.ts.map +1 -1
  151. package/lib/typescript/trust/index.d.ts +198 -24
  152. package/lib/typescript/trust/index.d.ts.map +1 -1
  153. package/lib/typescript/trust/types.d.ts +1299 -623
  154. package/lib/typescript/trust/types.d.ts.map +1 -1
  155. package/lib/typescript/utils/crypto.d.ts +1 -1
  156. package/lib/typescript/utils/crypto.d.ts.map +1 -1
  157. package/lib/typescript/utils/dpop.d.ts +2 -2
  158. package/lib/typescript/utils/errors.d.ts.map +1 -1
  159. package/lib/typescript/utils/misc.d.ts +8 -0
  160. package/lib/typescript/utils/misc.d.ts.map +1 -0
  161. package/lib/typescript/utils/par.d.ts +68 -0
  162. package/lib/typescript/utils/par.d.ts.map +1 -0
  163. package/package.json +2 -2
  164. package/src/credential/index.ts +4 -0
  165. package/src/credential/issuance/01-start-flow.ts +10 -0
  166. package/src/credential/issuance/02-evaluate-issuer-trust.ts +31 -0
  167. package/src/credential/issuance/03-start-user-authorization.ts +138 -0
  168. package/src/credential/issuance/04-complete-user-authorization.ts +17 -0
  169. package/src/credential/issuance/05-authorize-access.ts +92 -0
  170. package/src/credential/issuance/06-obtain-credential.ts +179 -0
  171. package/src/credential/issuance/07-confirm-credential.ts +14 -0
  172. package/src/credential/issuance/const.ts +2 -0
  173. package/src/credential/issuance/index.ts +32 -0
  174. package/src/credential/presentation/01-start-flow.ts +51 -0
  175. package/src/credential/presentation/02-evaluate-rp-trust.ts +33 -0
  176. package/src/credential/presentation/03-get-request-object.ts +85 -0
  177. package/src/credential/presentation/04-send-authorization-response.ts +168 -0
  178. package/src/credential/presentation/index.ts +26 -0
  179. package/src/credential/presentation/types.ts +27 -0
  180. package/src/index.ts +7 -28
  181. package/src/pid/index.ts +1 -2
  182. package/src/sd-jwt/index.ts +2 -2
  183. package/src/sd-jwt/types.ts +1 -1
  184. package/src/trust/chain.ts +45 -3
  185. package/src/trust/index.ts +136 -19
  186. package/src/trust/types.ts +57 -35
  187. package/src/utils/crypto.ts +2 -20
  188. package/src/utils/errors.ts +40 -8
  189. package/src/utils/misc.ts +23 -0
  190. package/src/utils/par.ts +103 -0
  191. package/lib/commonjs/pid/issuing.js +0 -276
  192. package/lib/commonjs/pid/issuing.js.map +0 -1
  193. package/lib/commonjs/rp/__test__/index.test.js +0 -172
  194. package/lib/commonjs/rp/__test__/index.test.js.map +0 -1
  195. package/lib/commonjs/rp/index.js +0 -239
  196. package/lib/commonjs/rp/index.js.map +0 -1
  197. package/lib/commonjs/rp/types.js.map +0 -1
  198. package/lib/module/pid/issuing.js +0 -266
  199. package/lib/module/pid/issuing.js.map +0 -1
  200. package/lib/module/rp/__test__/index.test.js +0 -168
  201. package/lib/module/rp/__test__/index.test.js.map +0 -1
  202. package/lib/module/rp/index.js +0 -228
  203. package/lib/module/rp/index.js.map +0 -1
  204. package/lib/module/rp/types.js +0 -36
  205. package/lib/module/rp/types.js.map +0 -1
  206. package/lib/typescript/pid/issuing.d.ts +0 -57
  207. package/lib/typescript/pid/issuing.d.ts.map +0 -1
  208. package/lib/typescript/rp/__test__/index.test.d.ts +0 -2
  209. package/lib/typescript/rp/__test__/index.test.d.ts.map +0 -1
  210. package/lib/typescript/rp/index.d.ts +0 -43
  211. package/lib/typescript/rp/index.d.ts.map +0 -1
  212. package/lib/typescript/rp/types.d.ts +0 -122
  213. package/lib/typescript/rp/types.d.ts.map +0 -1
  214. package/src/pid/issuing.ts +0 -405
  215. package/src/rp/__test__/index.test.ts +0 -250
  216. package/src/rp/index.ts +0 -287
  217. package/src/rp/types.ts +0 -42
@@ -0,0 +1,60 @@
1
+ import uuid from "react-native-uuid";
2
+ import { decode as decodeJwt, sha256ToBase64, verify } from "@pagopa/io-react-native-jwt";
3
+ import { createDPopToken } from "../../utils/dpop";
4
+ import { NoSuitableKeysFoundInEntityConfiguration } from "../../utils/errors";
5
+ import { hasStatus } from "../../utils/misc";
6
+ import { RequestObject } from "./types";
7
+ /**
8
+ * Obtain the Request Object for RP authentication
9
+ * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
10
+ *
11
+ * @param requestUri The url for the Relying Party to connect with
12
+ * @param rpConf The Relying Party's configuration
13
+ * @param context.wiaCryptoContext The context to access the key associated with the Wallet Instance Attestation
14
+ * @param context.walletInstanceAttestation The Wallet Instance Attestation token
15
+ * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
16
+ * @returns The Request Object that describes the presentation
17
+ */
18
+ export const getRequestObject = async (requestUri, rpConf, _ref) => {
19
+ let {
20
+ wiaCryptoContext,
21
+ appFetch = fetch,
22
+ walletInstanceAttestation
23
+ } = _ref;
24
+ const signedWalletInstanceDPoP = await createDPopToken({
25
+ jti: `${uuid.v4()}`,
26
+ htm: "GET",
27
+ htu: requestUri,
28
+ ath: await sha256ToBase64(walletInstanceAttestation)
29
+ }, wiaCryptoContext);
30
+ const responseEncodedJwt = await appFetch(requestUri, {
31
+ method: "GET",
32
+ headers: {
33
+ Authorization: `DPoP ${walletInstanceAttestation}`,
34
+ DPoP: signedWalletInstanceDPoP
35
+ }
36
+ }).then(hasStatus(200)).then(res => res.json()).then(responseJson => responseJson.response);
37
+ const responseJwt = decodeJwt(responseEncodedJwt);
38
+
39
+ // verify token signature according to RP's entity configuration
40
+ // to ensure the request object is authentic
41
+ {
42
+ const pubKey = rpConf.wallet_relying_party.jwks.keys.find(_ref2 => {
43
+ let {
44
+ kid
45
+ } = _ref2;
46
+ return kid === responseJwt.protectedHeader.kid;
47
+ });
48
+ if (!pubKey) {
49
+ throw new NoSuitableKeysFoundInEntityConfiguration("Request Object signature verification");
50
+ }
51
+ await verify(responseEncodedJwt, pubKey);
52
+ }
53
+
54
+ // Ensure that the request object conforms to the expected specification.
55
+ const requestObject = RequestObject.parse(responseJwt.payload);
56
+ return {
57
+ requestObject
58
+ };
59
+ };
60
+ //# sourceMappingURL=03-get-request-object.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"names":["uuid","decode","decodeJwt","sha256ToBase64","verify","createDPopToken","NoSuitableKeysFoundInEntityConfiguration","hasStatus","RequestObject","getRequestObject","requestUri","rpConf","_ref","wiaCryptoContext","appFetch","fetch","walletInstanceAttestation","signedWalletInstanceDPoP","jti","v4","htm","htu","ath","responseEncodedJwt","method","headers","Authorization","DPoP","then","res","json","responseJson","response","responseJwt","pubKey","wallet_relying_party","jwks","keys","find","_ref2","kid","protectedHeader","requestObject","parse","payload"],"sourceRoot":"../../../../src","sources":["credential/presentation/03-get-request-object.ts"],"mappings":"AAAA,OAAOA,IAAI,MAAM,mBAAmB;AACpC,SACEC,MAAM,IAAIC,SAAS,EACnBC,cAAc,EACdC,MAAM,QAED,6BAA6B;AAEpC,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,wCAAwC,QAAQ,oBAAoB;AAE7E,SAASC,SAAS,QAAkB,kBAAkB;AAEtD,SAASC,aAAa,QAAQ,SAAS;AAYvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,MAAM,EAAAC,IAAA,KAEH;EAAA,IADH;IAAEC,gBAAgB;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAA0B,CAAC,GAAAJ,IAAA;EAEjE,MAAMK,wBAAwB,GAAG,MAAMZ,eAAe,CACpD;IACEa,GAAG,EAAG,GAAElB,IAAI,CAACmB,EAAE,CAAC,CAAE,EAAC;IACnBC,GAAG,EAAE,KAAK;IACVC,GAAG,EAAEX,UAAU;IACfY,GAAG,EAAE,MAAMnB,cAAc,CAACa,yBAAyB;EACrD,CAAC,EACDH,gBACF,CAAC;EAED,MAAMU,kBAAkB,GAAG,MAAMT,QAAQ,CAACJ,UAAU,EAAE;IACpDc,MAAM,EAAE,KAAK;IACbC,OAAO,EAAE;MACPC,aAAa,EAAG,QAAOV,yBAA0B,EAAC;MAClDW,IAAI,EAAEV;IACR;EACF,CAAC,CAAC,CACCW,IAAI,CAACrB,SAAS,CAAC,GAAG,CAAC,CAAC,CACpBqB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,YAAY,IAAKA,YAAY,CAACC,QAAQ,CAAC;EAEhD,MAAMC,WAAW,GAAG/B,SAAS,CAACqB,kBAAkB,CAAC;;EAEjD;EACA;EACA;IACE,MAAMW,MAAM,GAAGvB,MAAM,CAACwB,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACC,IAAI,CACvDC,KAAA;MAAA,IAAC;QAAEC;MAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,GAAG,KAAKP,WAAW,CAACQ,eAAe,CAACD,GAAG;IAAA,CACtD,CAAC;IACD,IAAI,CAACN,MAAM,EAAE;MACX,MAAM,IAAI5B,wCAAwC,CAChD,uCACF,CAAC;IACH;IACA,MAAMF,MAAM,CAACmB,kBAAkB,EAAEW,MAAM,CAAC;EAC1C;;EAEA;EACA,MAAMQ,aAAa,GAAGlC,aAAa,CAACmC,KAAK,CAACV,WAAW,CAACW,OAAO,CAAC;EAE9D,OAAO;IACLF;EACF,CAAC;AACH,CAAC"}
@@ -0,0 +1,128 @@
1
+ import { EncryptJwe, SignJWT } from "@pagopa/io-react-native-jwt";
2
+ import uuid from "react-native-uuid";
3
+ import * as WalletInstanceAttestation from "../../wallet-instance-attestation";
4
+ import { NoSuitableKeysFoundInEntityConfiguration } from "../../utils/errors";
5
+ import { hasStatus } from "../../utils/misc";
6
+ import { disclose } from "../../sd-jwt";
7
+ import * as z from "zod";
8
+ export const AuthorizationResponse = z.object({
9
+ status: z.string(),
10
+ response_code: z.string() /**
11
+ FIXME: [SIW-627] we expect this value from every RP implementation
12
+ Actually some RP does not return the value
13
+ We make it optional to not break the flow.
14
+ */.optional()
15
+ });
16
+
17
+ /**
18
+ * Choose an RSA public key from those offered by the RP for encryption.
19
+ *
20
+ * @param entity The RP entity configuration
21
+ * @returns A suitable public key with its compatible encryption algorithm
22
+ * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
23
+ */
24
+ const chooseRSAPublicKeyToEncrypt = entity => {
25
+ const [usingRsa256] = entity.wallet_relying_party.jwks.keys.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
26
+ if (usingRsa256) {
27
+ return usingRsa256;
28
+ }
29
+
30
+ // No suitable key has been found
31
+ throw new NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
32
+ };
33
+
34
+ /**
35
+ * Generate a Verified Presentation token for a received request object within the context of an authorization request flow.
36
+ * The presentation is created by revealing data from the provided credentials based on the requested claims.
37
+ * Each Verified Credential is accompanied by the claims that the user consents to disclose from it.
38
+ *
39
+ * @todo: Allow for handling more than one Verified Credential.
40
+ */
41
+ const prepareVpToken = async (requestObject, walletInstanceAttestation, _ref) => {
42
+ let [vc, claims, cryptoCtx] = _ref;
43
+ // this throws if vc cannot satisfy all the requested claims
44
+ const {
45
+ token: vp,
46
+ paths
47
+ } = await disclose(vc, claims);
48
+
49
+ // obtain issuer from Wallet Instance
50
+ const {
51
+ payload: {
52
+ iss
53
+ }
54
+ } = WalletInstanceAttestation.decode(walletInstanceAttestation);
55
+ const pidKid = await cryptoCtx.getPublicKey().then(_ => _.kid);
56
+
57
+ // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
58
+ const vp_token = await new SignJWT(cryptoCtx).setProtectedHeader({
59
+ typ: "JWT",
60
+ kid: pidKid
61
+ }).setPayload({
62
+ vp: vp,
63
+ jti: `${uuid.v4()}`,
64
+ iss,
65
+ nonce: requestObject.nonce
66
+ }).setAudience(requestObject.response_uri).setIssuedAt().setExpirationTime("1h").sign();
67
+ const vc_scope = requestObject.scope;
68
+ const presentation_submission = {
69
+ definition_id: `${uuid.v4()}`,
70
+ id: `${uuid.v4()}`,
71
+ descriptor_map: paths.map(p => ({
72
+ id: vc_scope,
73
+ path: `$.vp_token.${p.path}`,
74
+ format: "vc+sd-jwt"
75
+ }))
76
+ };
77
+ return {
78
+ vp_token,
79
+ presentation_submission
80
+ };
81
+ };
82
+ /**
83
+ * Complete the presentation flow by sending the authorization response to the Relying Party
84
+ *
85
+ * @param requestObject The Request Object that describes the presentation
86
+ * @param rpConf The Relying Party's configuration
87
+ * @param presentation The presentation tuple consisting in the signed credential,
88
+ * the list of claims to be disclosed, and the context to access the key that proves the holder binding
89
+ * @param context.walletInstanceAttestation The Wallet Instance Attestation token
90
+ * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
91
+ * @returns The result of the presentation flow
92
+ */
93
+ export const sendAuthorizationResponse = async (requestObject, rpConf, presentation, _ref2) => {
94
+ let {
95
+ appFetch = fetch,
96
+ walletInstanceAttestation
97
+ } = _ref2;
98
+ // the request is an unsigned jws without iss, aud, exp
99
+ // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
100
+ const rsaPublicJwk = chooseRSAPublicKeyToEncrypt(rpConf);
101
+ const {
102
+ vp_token,
103
+ presentation_submission
104
+ } = await prepareVpToken(requestObject, walletInstanceAttestation, presentation);
105
+ const authzResponsePayload = JSON.stringify({
106
+ state: requestObject.state,
107
+ presentation_submission,
108
+ nonce: requestObject.nonce,
109
+ vp_token
110
+ });
111
+ const encrypted = await new EncryptJwe(authzResponsePayload, {
112
+ alg: "RSA-OAEP-256",
113
+ enc: "A256CBC-HS512",
114
+ kid: rsaPublicJwk.kid
115
+ }).encrypt(rsaPublicJwk);
116
+ const formBody = new URLSearchParams({
117
+ response: encrypted
118
+ });
119
+ const body = formBody.toString();
120
+ return appFetch(requestObject.response_uri, {
121
+ method: "POST",
122
+ headers: {
123
+ "Content-Type": "application/x-www-form-urlencoded"
124
+ },
125
+ body
126
+ }).then(hasStatus(200)).then(res => res.json()).then(AuthorizationResponse.parse);
127
+ };
128
+ //# sourceMappingURL=04-send-authorization-response.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"names":["EncryptJwe","SignJWT","uuid","WalletInstanceAttestation","NoSuitableKeysFoundInEntityConfiguration","hasStatus","disclose","z","AuthorizationResponse","object","status","string","response_code","optional","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","wallet_relying_party","jwks","keys","filter","jwk","use","kty","prepareVpToken","requestObject","walletInstanceAttestation","_ref","vc","claims","cryptoCtx","token","vp","paths","payload","iss","decode","pidKid","getPublicKey","then","_","kid","vp_token","setProtectedHeader","typ","setPayload","jti","v4","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","rpConf","presentation","_ref2","appFetch","fetch","rsaPublicJwk","authzResponsePayload","JSON","stringify","state","encrypted","alg","enc","encrypt","formBody","URLSearchParams","response","body","toString","method","headers","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-send-authorization-response.ts"],"mappings":"AAAA,SAASA,UAAU,EAAEC,OAAO,QAAQ,6BAA6B;AACjE,OAAOC,IAAI,MAAM,mBAAmB;AACpC,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAE9E,SAASC,wCAAwC,QAAQ,oBAAoB;AAC7E,SAASC,SAAS,QAAkB,kBAAkB;AAEtD,SAASC,QAAQ,QAAQ,cAAc;AAGvC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAGxB,OAAO,MAAMC,qBAAqB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAC5CC,MAAM,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBC,aAAa,EAAEL,CAAC,CACbI,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTE,QAAQ,CAAC;AACd,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,2BAA2B,GAC/BC,MAAgD,IACxC;EACR,MAAM,CAACC,WAAW,CAAC,GAAGD,MAAM,CAACE,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACC,MAAM,CAC/DC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAED,IAAIP,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAIZ,wCAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMoB,cAAc,GAAG,MAAAA,CACrBC,aAAqD,EACrDC,yBAAiC,EAAAC,IAAA,KAK7B;EAAA,IAJJ,CAACC,EAAE,EAAEC,MAAM,EAAEC,SAAS,CAAe,GAAAH,IAAA;EAKrC;EACA,MAAM;IAAEI,KAAK,EAAEC,EAAE;IAAEC;EAAM,CAAC,GAAG,MAAM3B,QAAQ,CAACsB,EAAE,EAAEC,MAAM,CAAC;;EAEvD;EACA,MAAM;IACJK,OAAO,EAAE;MAAEC;IAAI;EACjB,CAAC,GAAGhC,yBAAyB,CAACiC,MAAM,CAACV,yBAAyB,CAAC;EAE/D,MAAMW,MAAM,GAAG,MAAMP,SAAS,CAACQ,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;;EAEhE;EACA,MAAMC,QAAQ,GAAG,MAAM,IAAIzC,OAAO,CAAC6B,SAAS,CAAC,CAC1Ca,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVH,GAAG,EAAEJ;EACP,CAAC,CAAC,CACDQ,UAAU,CAAC;IACVb,EAAE,EAAEA,EAAE;IACNc,GAAG,EAAG,GAAE5C,IAAI,CAAC6C,EAAE,CAAC,CAAE,EAAC;IACnBZ,GAAG;IACHa,KAAK,EAAEvB,aAAa,CAACuB;EACvB,CAAC,CAAC,CACDC,WAAW,CAACxB,aAAa,CAACyB,YAAY,CAAC,CACvCC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,QAAQ,GAAG7B,aAAa,CAAC8B,KAAK;EACpC,MAAMC,uBAAuB,GAAG;IAC9BC,aAAa,EAAG,GAAEvD,IAAI,CAAC6C,EAAE,CAAC,CAAE,EAAC;IAC7BW,EAAE,EAAG,GAAExD,IAAI,CAAC6C,EAAE,CAAC,CAAE,EAAC;IAClBY,cAAc,EAAE1B,KAAK,CAAC2B,GAAG,CAAEC,CAAC,KAAM;MAChCH,EAAE,EAAEJ,QAAQ;MACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;MAC5BC,MAAM,EAAE;IACV,CAAC,CAAC;EACJ,CAAC;EAED,OAAO;IAAErB,QAAQ;IAAEc;EAAwB,CAAC;AAC9C,CAAC;AAYD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,yBAAoD,GAAG,MAAAA,CAClEvC,aAAa,EACbwC,MAAM,EACNC,YAAY,EAAAC,KAAA,KAEuB;EAAA,IADnC;IAAEC,QAAQ,GAAGC,KAAK;IAAE3C;EAA0B,CAAC,GAAAyC,KAAA;EAE/C;EACA;EACA,MAAMG,YAAY,GAAGxD,2BAA2B,CAACmD,MAAM,CAAC;EAExD,MAAM;IAAEvB,QAAQ;IAAEc;EAAwB,CAAC,GAAG,MAAMhC,cAAc,CAChEC,aAAa,EACbC,yBAAyB,EACzBwC,YACF,CAAC;EAED,MAAMK,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEjD,aAAa,CAACiD,KAAK;IAC1BlB,uBAAuB;IACvBR,KAAK,EAAEvB,aAAa,CAACuB,KAAK;IAC1BN;EACF,CAAC,CAAC;EAEF,MAAMiC,SAAS,GAAG,MAAM,IAAI3E,UAAU,CAACuE,oBAAoB,EAAE;IAC3DK,GAAG,EAAE,cAAc;IACnBC,GAAG,EAAE,eAAe;IACpBpC,GAAG,EAAE6B,YAAY,CAAC7B;EACpB,CAAC,CAAC,CAACqC,OAAO,CAACR,YAAY,CAAC;EAExB,MAAMS,QAAQ,GAAG,IAAIC,eAAe,CAAC;IAAEC,QAAQ,EAAEN;EAAU,CAAC,CAAC;EAC7D,MAAMO,IAAI,GAAGH,QAAQ,CAACI,QAAQ,CAAC,CAAC;EAEhC,OAAOf,QAAQ,CAAC3C,aAAa,CAACyB,YAAY,EAAE;IAC1CkC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC3C,IAAI,CAAClC,SAAS,CAAC,GAAG,CAAC,CAAC,CACpBkC,IAAI,CAAE+C,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBhD,IAAI,CAAC/B,qBAAqB,CAACgF,KAAK,CAAC;AACtC,CAAC"}
@@ -0,0 +1,6 @@
1
+ import { startFlowFromQR } from "./01-start-flow";
2
+ import { evaluateRelyingPartyTrust } from "./02-evaluate-rp-trust";
3
+ import { getRequestObject } from "./03-get-request-object";
4
+ import { sendAuthorizationResponse } from "./04-send-authorization-response";
5
+ export { startFlowFromQR, evaluateRelyingPartyTrust, getRequestObject, sendAuthorizationResponse };
6
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"names":["startFlowFromQR","evaluateRelyingPartyTrust","getRequestObject","sendAuthorizationResponse"],"sourceRoot":"../../../../src","sources":["credential/presentation/index.ts"],"mappings":"AAAA,SAASA,eAAe,QAAwB,iBAAiB;AACjE,SACEC,yBAAyB,QAEpB,wBAAwB;AAC/B,SACEC,gBAAgB,QAEX,yBAAyB;AAChC,SACEC,yBAAyB,QAEpB,kCAAkC;AAEzC,SACEH,eAAe,EACfC,yBAAyB,EACzBC,gBAAgB,EAChBC,yBAAyB"}
@@ -0,0 +1,21 @@
1
+ import { UnixTime } from "../../sd-jwt/types";
2
+ import * as z from "zod";
3
+
4
+ /**
5
+ * A pair that associate a tokenized Verified Credential with the claims presented or requested to present.
6
+ */
7
+
8
+ export const RequestObject = z.object({
9
+ iss: z.string(),
10
+ iat: UnixTime,
11
+ exp: UnixTime,
12
+ state: z.string(),
13
+ nonce: z.string(),
14
+ response_uri: z.string(),
15
+ response_type: z.literal("vp_token"),
16
+ response_mode: z.literal("direct_post.jwt"),
17
+ client_id: z.string(),
18
+ client_id_scheme: z.literal("entity_id"),
19
+ scope: z.string()
20
+ });
21
+ //# sourceMappingURL=types.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"names":["UnixTime","z","RequestObject","object","iss","string","iat","exp","state","nonce","response_uri","response_type","literal","response_mode","client_id","client_id_scheme","scope"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":"AACA,SAASA,QAAQ,QAAQ,oBAAoB;AAC7C,OAAO,KAAKC,CAAC,MAAM,KAAK;;AAExB;AACA;AACA;;AAQA,OAAO,MAAMC,aAAa,GAAGD,CAAC,CAACE,MAAM,CAAC;EACpCC,GAAG,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEN,QAAQ;EACbO,GAAG,EAAEP,QAAQ;EACbQ,KAAK,EAAEP,CAAC,CAACI,MAAM,CAAC,CAAC;EACjBI,KAAK,EAAER,CAAC,CAACI,MAAM,CAAC,CAAC;EACjBK,YAAY,EAAET,CAAC,CAACI,MAAM,CAAC,CAAC;EACxBM,aAAa,EAAEV,CAAC,CAACW,OAAO,CAAC,UAAU,CAAC;EACpCC,aAAa,EAAEZ,CAAC,CAACW,OAAO,CAAC,iBAAiB,CAAC;EAC3CE,SAAS,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;EACrBU,gBAAgB,EAAEd,CAAC,CAACW,OAAO,CAAC,WAAW,CAAC;EACxCI,KAAK,EAAEf,CAAC,CAACI,MAAM,CAAC;AAClB,CAAC,CAAC"}
@@ -1,13 +1,12 @@
1
1
  // polyfill due to known bugs on URL implementation for react native
2
2
  // https://github.com/facebook/react-native/issues/24428
3
3
  import "react-native-url-polyfill/auto";
4
+ import * as Credential from "./credential";
4
5
  import * as PID from "./pid";
5
- import * as RP from "./rp";
6
6
  import * as Errors from "./utils/errors";
7
7
  import * as WalletInstanceAttestation from "./wallet-instance-attestation";
8
- import * as RelyingPartySolution from "./rp";
9
- import { verifyTrustChain, getEntityConfiguration, getCredentialIssuerEntityConfiguration, getRelyingPartyEntityConfiguration, getTrustAnchorEntityConfiguration, getWalletProviderEntityConfiguration } from "./trust";
10
- import { RelyingPartyEntityConfiguration, WalletProviderEntityConfiguration, TrustAnchorEntityConfiguration, CredentialIssuerEntityConfiguration } from "./trust/types";
8
+ import * as Trust from "./trust";
9
+ import { AuthorizationDetail, AuthorizationDetails } from "./utils/par";
11
10
  import { createCryptoContextFor } from "./utils/crypto";
12
- export { PID, RP, WalletInstanceAttestation, Errors, RelyingPartySolution, verifyTrustChain, getEntityConfiguration, getCredentialIssuerEntityConfiguration, getRelyingPartyEntityConfiguration, getTrustAnchorEntityConfiguration, getWalletProviderEntityConfiguration, createCryptoContextFor, RelyingPartyEntityConfiguration, WalletProviderEntityConfiguration, TrustAnchorEntityConfiguration, CredentialIssuerEntityConfiguration };
11
+ export { PID, Credential, WalletInstanceAttestation, Errors, Trust, createCryptoContextFor, AuthorizationDetail, AuthorizationDetails };
13
12
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"names":["PID","RP","Errors","WalletInstanceAttestation","RelyingPartySolution","verifyTrustChain","getEntityConfiguration","getCredentialIssuerEntityConfiguration","getRelyingPartyEntityConfiguration","getTrustAnchorEntityConfiguration","getWalletProviderEntityConfiguration","RelyingPartyEntityConfiguration","WalletProviderEntityConfiguration","TrustAnchorEntityConfiguration","CredentialIssuerEntityConfiguration","createCryptoContextFor"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":"AAAA;AACA;AACA,OAAO,gCAAgC;AAEvC,OAAO,KAAKA,GAAG,MAAM,OAAO;AAC5B,OAAO,KAAKC,EAAE,MAAM,MAAM;AAC1B,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,yBAAyB,MAAM,+BAA+B;AAC1E,OAAO,KAAKC,oBAAoB,MAAM,MAAM;AAC5C,SACEC,gBAAgB,EAChBC,sBAAsB,EACtBC,sCAAsC,EACtCC,kCAAkC,EAClCC,iCAAiC,EACjCC,oCAAoC,QAC/B,SAAS;AAChB,SACEC,+BAA+B,EAC/BC,iCAAiC,EACjCC,8BAA8B,EAC9BC,mCAAmC,QAC9B,eAAe;AACtB,SAASC,sBAAsB,QAAQ,gBAAgB;AAEvD,SACEf,GAAG,EACHC,EAAE,EACFE,yBAAyB,EACzBD,MAAM,EACNE,oBAAoB,EACpBC,gBAAgB,EAChBC,sBAAsB,EACtBC,sCAAsC,EACtCC,kCAAkC,EAClCC,iCAAiC,EACjCC,oCAAoC,EACpCK,sBAAsB,EACtBJ,+BAA+B,EAC/BC,iCAAiC,EACjCC,8BAA8B,EAC9BC,mCAAmC"}
1
+ {"version":3,"names":["Credential","PID","Errors","WalletInstanceAttestation","Trust","AuthorizationDetail","AuthorizationDetails","createCryptoContextFor"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":"AAAA;AACA;AACA,OAAO,gCAAgC;AAEvC,OAAO,KAAKA,UAAU,MAAM,cAAc;AAC1C,OAAO,KAAKC,GAAG,MAAM,OAAO;AAC5B,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,yBAAyB,MAAM,+BAA+B;AAC1E,OAAO,KAAKC,KAAK,MAAM,SAAS;AAChC,SAASC,mBAAmB,EAAEC,oBAAoB,QAAQ,aAAa;AACvE,SAASC,sBAAsB,QAAQ,gBAAgB;AAEvD,SACEN,GAAG,EACHD,UAAU,EACVG,yBAAyB,EACzBD,MAAM,EACNE,KAAK,EACLG,sBAAsB,EACtBF,mBAAmB,EACnBC,oBAAoB"}
@@ -1,4 +1,3 @@
1
1
  import * as SdJwt from "./sd-jwt";
2
- import * as Issuing from "./issuing";
3
- export { SdJwt, Issuing };
2
+ export { SdJwt };
4
3
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"names":["SdJwt","Issuing"],"sourceRoot":"../../../src","sources":["pid/index.ts"],"mappings":"AAAA,OAAO,KAAKA,KAAK,MAAM,UAAU;AACjC,OAAO,KAAKC,OAAO,MAAM,WAAW;AACpC,SAASD,KAAK,EAAEC,OAAO"}
1
+ {"version":3,"names":["SdJwt"],"sourceRoot":"../../../src","sources":["pid/index.ts"],"mappings":"AAAA,OAAO,KAAKA,KAAK,MAAM,UAAU;AACjC,SAASA,KAAK"}
@@ -129,7 +129,7 @@ export const disclose = async (token, claims) => {
129
129
  *
130
130
  *
131
131
  * @param token The encoded token that represents a valid sd-jwt for verifiable credentials
132
- * @param publicKey The public key to validate the signature
132
+ * @param publicKey The single public key or an array of public keys to validate the signature.
133
133
  * @param schema Schema to use to parse the SD-JWT
134
134
  *
135
135
  * @returns The parsed SD-JWT token and the parsed disclosures
@@ -1 +1 @@
1
- {"version":3,"names":["decode","decodeJwt","verify","verifyJwt","sha256ToBase64","decodeBase64","Disclosure","SdJwt4VC","verifyDisclosure","ClaimsNotFoundBetweenDislosures","ClaimsNotFoundInToken","decodeDisclosure","encoded","decoded","parse","JSON","token","schema","slice","rawSdJwt","rawDisclosures","split","decodedJwt","sdJwt","header","protectedHeader","payload","disclosures","map","disclose","claims","paths","Promise","all","claim","disclosure","find","_ref","name","hash","verified_claims","_sd","includes","index","indexOf","path","verification","filteredDisclosures","filter","d","disclosedToken","join","publicKey"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":"AAEA,SAASA,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,cAAc,QAAQ,6BAA6B;AAE5D,SAASC,YAAY,QAAQ,6BAA6B;AAC1D,SAASC,UAAU,EAAEC,QAAQ,QAAoC,SAAS;AAC1E,SAASC,gBAAgB,QAAQ,YAAY;AAE7C,SACEC,+BAA+B,EAC/BC,qBAAqB,QAChB,iBAAiB;AAExB,MAAMC,gBAAgB,GAAIC,OAAe,IAA4B;EACnE,MAAMC,OAAO,GAAGP,UAAU,CAACQ,KAAK,CAACC,IAAI,CAACD,KAAK,CAACT,YAAY,CAACO,OAAO,CAAC,CAAC,CAAC;EACnE,OAAO;IAAEC,OAAO;IAAED;EAAQ,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMZ,MAAM,GAAGA,CACpBgB,KAAa,EACbC,MAAS,KAIN;EACH;EACA,IAAID,KAAK,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE;IAC3BF,KAAK,GAAGA,KAAK,CAACE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;EAC5B;EACA,MAAM,CAACC,QAAQ,GAAG,EAAE,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;;EAE3D;EACA;EACA,MAAMC,UAAU,GAAGrB,SAAS,CAACkB,QAAQ,CAAC;EACtC,MAAMI,KAAK,GAAGN,MAAM,CAACH,KAAK,CAAC;IACzBU,MAAM,EAAEF,UAAU,CAACG,eAAe;IAClCC,OAAO,EAAEJ,UAAU,CAACI;EACtB,CAAC,CAAC;;EAEF;EACA;EACA;EACA,MAAMC,WAAW,GAAGP,cAAc,CAACQ,GAAG,CAACjB,gBAAgB,CAAC;EAExD,OAAO;IAAEY,KAAK;IAAEI;EAAY,CAAC;AAC/B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,QAAQ,GAAG,MAAAA,CACtBb,KAAa,EACbc,MAAgB,KACyD;EACzE,MAAM,CAACX,QAAQ,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACtD,MAAM;IAAEE,KAAK;IAAEI;EAAY,CAAC,GAAG3B,MAAM,CAACgB,KAAK,EAAET,QAAQ,CAAC;;EAEtD;EACA,MAAMwB,KAAK,GAAG,MAAMC,OAAO,CAACC,GAAG,CAC7BH,MAAM,CAACF,GAAG,CAAC,MAAOM,KAAK,IAAK;IAC1B,MAAMC,UAAU,GAAGR,WAAW,CAACS,IAAI,CACjCC,IAAA;MAAA,IAAC;QAAExB,OAAO,EAAE,GAAGyB,IAAI;MAAE,CAAC,GAAAD,IAAA;MAAA,OAAKC,IAAI,KAAKJ,KAAK;IAAA,CAC3C,CAAC;;IAED;IACA,IAAI,CAACC,UAAU,EAAE;MACf,MAAM,IAAI1B,+BAA+B,CAACyB,KAAK,CAAC;IAClD;IAEA,MAAMK,IAAI,GAAG,MAAMnC,cAAc,CAAC+B,UAAU,CAACvB,OAAO,CAAC;;IAErD;IACA;IACA,IAAIW,KAAK,CAACG,OAAO,CAACc,eAAe,CAACV,MAAM,CAACW,GAAG,CAACC,QAAQ,CAACH,IAAI,CAAC,EAAE;MAC3D,MAAMI,KAAK,GAAGpB,KAAK,CAACG,OAAO,CAACc,eAAe,CAACV,MAAM,CAACW,GAAG,CAACG,OAAO,CAACL,IAAI,CAAC;MACpE,OAAO;QAAEL,KAAK;QAAEW,IAAI,EAAG,8BAA6BF,KAAM;MAAG,CAAC;IAChE,CAAC,MAAM,IACLpB,KAAK,CAACG,OAAO,CAACc,eAAe,CAACM,YAAY,CAACL,GAAG,CAACC,QAAQ,CAACH,IAAI,CAAC,EAC7D;MACA,MAAMI,KAAK,GACTpB,KAAK,CAACG,OAAO,CAACc,eAAe,CAACM,YAAY,CAACL,GAAG,CAACG,OAAO,CAACL,IAAI,CAAC;MAC9D,OAAO;QAAEL,KAAK;QAAEW,IAAI,EAAG,oCAAmCF,KAAM;MAAG,CAAC;IACtE;IAEA,MAAM,IAAIjC,qBAAqB,CAACwB,KAAK,CAAC;EACxC,CAAC,CACH,CAAC;EAED,MAAMa,mBAAmB,GAAG3B,cAAc,CAAC4B,MAAM,CAAEC,CAAC,IAAK;IACvD,MAAM;MACJpC,OAAO,EAAE,GAAGyB,IAAI;IAClB,CAAC,GAAG3B,gBAAgB,CAACsC,CAAC,CAAC;IACvB,OAAOnB,MAAM,CAACY,QAAQ,CAACJ,IAAI,CAAC;EAC9B,CAAC,CAAC;;EAEF;EACA,MAAMY,cAAc,GAAG,CAAC/B,QAAQ,EAAE,GAAG4B,mBAAmB,CAAC,CAACI,IAAI,CAAC,GAAG,CAAC;EAEnE,OAAO;IAAEnC,KAAK,EAAEkC,cAAc;IAAEnB;EAAM,CAAC;AACzC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM7B,MAAM,GAAG,MAAAA,CACpBc,KAAa,EACboC,SAAc,EACdnC,MAAS,KACqD;EAC9D;EACA,MAAM,CAACE,QAAQ,GAAG,EAAE,CAAC,GAAGH,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACxC,MAAMR,OAAO,GAAGb,MAAM,CAACgB,KAAK,EAAEC,MAAM,CAAC;;EAErC;EACA,MAAMd,SAAS,CAACgB,QAAQ,EAAEiC,SAAS,CAAC;;EAEpC;EACA,MAAMtB,MAAM,GAAG,CACb,GAAGjB,OAAO,CAACU,KAAK,CAACG,OAAO,CAACc,eAAe,CAACM,YAAY,CAACL,GAAG,EACzD,GAAG5B,OAAO,CAACU,KAAK,CAACG,OAAO,CAACc,eAAe,CAACV,MAAM,CAACW,GAAG,CACpD;EAED,MAAMT,OAAO,CAACC,GAAG,CACfpB,OAAO,CAACc,WAAW,CAACC,GAAG,CACrB,MAAOO,UAAU,IAAK,MAAM3B,gBAAgB,CAAC2B,UAAU,EAAEL,MAAM,CACjE,CACF,CAAC;EAED,OAAO;IACLP,KAAK,EAAEV,OAAO,CAACU,KAAK;IACpBI,WAAW,EAAEd,OAAO,CAACc,WAAW,CAACC,GAAG,CAAEqB,CAAC,IAAKA,CAAC,CAACpC,OAAO;EACvD,CAAC;AACH,CAAC"}
1
+ {"version":3,"names":["decode","decodeJwt","verify","verifyJwt","sha256ToBase64","decodeBase64","Disclosure","SdJwt4VC","verifyDisclosure","ClaimsNotFoundBetweenDislosures","ClaimsNotFoundInToken","decodeDisclosure","encoded","decoded","parse","JSON","token","schema","slice","rawSdJwt","rawDisclosures","split","decodedJwt","sdJwt","header","protectedHeader","payload","disclosures","map","disclose","claims","paths","Promise","all","claim","disclosure","find","_ref","name","hash","verified_claims","_sd","includes","index","indexOf","path","verification","filteredDisclosures","filter","d","disclosedToken","join","publicKey"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":"AAEA,SAASA,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,cAAc,QAAQ,6BAA6B;AAE5D,SAASC,YAAY,QAAQ,6BAA6B;AAC1D,SAASC,UAAU,EAAEC,QAAQ,QAAoC,SAAS;AAC1E,SAASC,gBAAgB,QAAQ,YAAY;AAE7C,SACEC,+BAA+B,EAC/BC,qBAAqB,QAChB,iBAAiB;AAExB,MAAMC,gBAAgB,GAAIC,OAAe,IAA4B;EACnE,MAAMC,OAAO,GAAGP,UAAU,CAACQ,KAAK,CAACC,IAAI,CAACD,KAAK,CAACT,YAAY,CAACO,OAAO,CAAC,CAAC,CAAC;EACnE,OAAO;IAAEC,OAAO;IAAED;EAAQ,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMZ,MAAM,GAAGA,CACpBgB,KAAa,EACbC,MAAS,KAIN;EACH;EACA,IAAID,KAAK,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE;IAC3BF,KAAK,GAAGA,KAAK,CAACE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;EAC5B;EACA,MAAM,CAACC,QAAQ,GAAG,EAAE,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;;EAE3D;EACA;EACA,MAAMC,UAAU,GAAGrB,SAAS,CAACkB,QAAQ,CAAC;EACtC,MAAMI,KAAK,GAAGN,MAAM,CAACH,KAAK,CAAC;IACzBU,MAAM,EAAEF,UAAU,CAACG,eAAe;IAClCC,OAAO,EAAEJ,UAAU,CAACI;EACtB,CAAC,CAAC;;EAEF;EACA;EACA;EACA,MAAMC,WAAW,GAAGP,cAAc,CAACQ,GAAG,CAACjB,gBAAgB,CAAC;EAExD,OAAO;IAAEY,KAAK;IAAEI;EAAY,CAAC;AAC/B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,QAAQ,GAAG,MAAAA,CACtBb,KAAa,EACbc,MAAgB,KACyD;EACzE,MAAM,CAACX,QAAQ,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACtD,MAAM;IAAEE,KAAK;IAAEI;EAAY,CAAC,GAAG3B,MAAM,CAACgB,KAAK,EAAET,QAAQ,CAAC;;EAEtD;EACA,MAAMwB,KAAK,GAAG,MAAMC,OAAO,CAACC,GAAG,CAC7BH,MAAM,CAACF,GAAG,CAAC,MAAOM,KAAK,IAAK;IAC1B,MAAMC,UAAU,GAAGR,WAAW,CAACS,IAAI,CACjCC,IAAA;MAAA,IAAC;QAAExB,OAAO,EAAE,GAAGyB,IAAI;MAAE,CAAC,GAAAD,IAAA;MAAA,OAAKC,IAAI,KAAKJ,KAAK;IAAA,CAC3C,CAAC;;IAED;IACA,IAAI,CAACC,UAAU,EAAE;MACf,MAAM,IAAI1B,+BAA+B,CAACyB,KAAK,CAAC;IAClD;IAEA,MAAMK,IAAI,GAAG,MAAMnC,cAAc,CAAC+B,UAAU,CAACvB,OAAO,CAAC;;IAErD;IACA;IACA,IAAIW,KAAK,CAACG,OAAO,CAACc,eAAe,CAACV,MAAM,CAACW,GAAG,CAACC,QAAQ,CAACH,IAAI,CAAC,EAAE;MAC3D,MAAMI,KAAK,GAAGpB,KAAK,CAACG,OAAO,CAACc,eAAe,CAACV,MAAM,CAACW,GAAG,CAACG,OAAO,CAACL,IAAI,CAAC;MACpE,OAAO;QAAEL,KAAK;QAAEW,IAAI,EAAG,8BAA6BF,KAAM;MAAG,CAAC;IAChE,CAAC,MAAM,IACLpB,KAAK,CAACG,OAAO,CAACc,eAAe,CAACM,YAAY,CAACL,GAAG,CAACC,QAAQ,CAACH,IAAI,CAAC,EAC7D;MACA,MAAMI,KAAK,GACTpB,KAAK,CAACG,OAAO,CAACc,eAAe,CAACM,YAAY,CAACL,GAAG,CAACG,OAAO,CAACL,IAAI,CAAC;MAC9D,OAAO;QAAEL,KAAK;QAAEW,IAAI,EAAG,oCAAmCF,KAAM;MAAG,CAAC;IACtE;IAEA,MAAM,IAAIjC,qBAAqB,CAACwB,KAAK,CAAC;EACxC,CAAC,CACH,CAAC;EAED,MAAMa,mBAAmB,GAAG3B,cAAc,CAAC4B,MAAM,CAAEC,CAAC,IAAK;IACvD,MAAM;MACJpC,OAAO,EAAE,GAAGyB,IAAI;IAClB,CAAC,GAAG3B,gBAAgB,CAACsC,CAAC,CAAC;IACvB,OAAOnB,MAAM,CAACY,QAAQ,CAACJ,IAAI,CAAC;EAC9B,CAAC,CAAC;;EAEF;EACA,MAAMY,cAAc,GAAG,CAAC/B,QAAQ,EAAE,GAAG4B,mBAAmB,CAAC,CAACI,IAAI,CAAC,GAAG,CAAC;EAEnE,OAAO;IAAEnC,KAAK,EAAEkC,cAAc;IAAEnB;EAAM,CAAC;AACzC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM7B,MAAM,GAAG,MAAAA,CACpBc,KAAa,EACboC,SAAsB,EACtBnC,MAAS,KACqD;EAC9D;EACA,MAAM,CAACE,QAAQ,GAAG,EAAE,CAAC,GAAGH,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACxC,MAAMR,OAAO,GAAGb,MAAM,CAACgB,KAAK,EAAEC,MAAM,CAAC;;EAErC;EACA,MAAMd,SAAS,CAACgB,QAAQ,EAAEiC,SAAS,CAAC;;EAEpC;EACA,MAAMtB,MAAM,GAAG,CACb,GAAGjB,OAAO,CAACU,KAAK,CAACG,OAAO,CAACc,eAAe,CAACM,YAAY,CAACL,GAAG,EACzD,GAAG5B,OAAO,CAACU,KAAK,CAACG,OAAO,CAACc,eAAe,CAACV,MAAM,CAACW,GAAG,CACpD;EAED,MAAMT,OAAO,CAACC,GAAG,CACfpB,OAAO,CAACc,WAAW,CAACC,GAAG,CACrB,MAAOO,UAAU,IAAK,MAAM3B,gBAAgB,CAAC2B,UAAU,EAAEL,MAAM,CACjE,CACF,CAAC;EAED,OAAO;IACLP,KAAK,EAAEV,OAAO,CAACU,KAAK;IACpBI,WAAW,EAAEd,OAAO,CAACc,WAAW,CAACC,GAAG,CAAEqB,CAAC,IAAKA,CAAC,CAACpC,OAAO;EACvD,CAAC;AACH,CAAC"}
@@ -40,7 +40,7 @@ export const SdJwt4VC = z.object({
40
40
  cnf: z.object({
41
41
  jwk: JWK
42
42
  }),
43
- type: z.literal("PersonIdentificationData"),
43
+ type: z.string(),
44
44
  verified_claims: z.object({
45
45
  verification: z.intersection(z.object({
46
46
  trust_framework: z.literal("eidas"),
@@ -1 +1 @@
1
- {"version":3,"names":["JWK","z","UnixTime","number","min","max","ObfuscatedDisclosures","object","_sd","array","string","Disclosure","tuple","unknown","SdJwt4VC","header","typ","literal","alg","kid","optional","trust_chain","payload","iss","sub","jti","iat","exp","status","cnf","jwk","type","verified_claims","verification","intersection","trust_framework","assurance_level","claims","_sd_alg"],"sourceRoot":"../../../src","sources":["sd-jwt/types.ts"],"mappings":"AAAA,SAASA,GAAG,QAAQ,cAAc;AAClC,SAASC,CAAC,QAAQ,KAAK;AAEvB,OAAO,MAAMC,QAAQ,GAAGD,CAAC,CAACE,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAACC,GAAG,CAAC,aAAa,CAAC;AAI5D,OAAO,MAAMC,qBAAqB,GAAGL,CAAC,CAACM,MAAM,CAAC;EAAEC,GAAG,EAAEP,CAAC,CAACQ,KAAK,CAACR,CAAC,CAACS,MAAM,CAAC,CAAC;AAAE,CAAC,CAAC;;AAE3E;AACA;AACA;AACA;AACA;AACA;;AAEA,OAAO,MAAMC,UAAU,GAAGV,CAAC,CAACW,KAAK,CAAC,CAChC,UAAWX,CAAC,CAACS,MAAM,CAAC,CAAC,EACrB,gBAAiBT,CAAC,CAACS,MAAM,CAAC,CAAC,EAC3B,iBAAkBT,CAAC,CAACY,OAAO,CAAC,CAAC,CAC9B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAOA,OAAO,MAAMC,QAAQ,GAAGb,CAAC,CAACM,MAAM,CAAC;EAC/BQ,MAAM,EAAEd,CAAC,CAACM,MAAM,CAAC;IACfS,GAAG,EAAEf,CAAC,CAACgB,OAAO,CAAC,WAAW,CAAC;IAC3BC,GAAG,EAAEjB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfS,GAAG,EAAElB,CAAC,CAACS,MAAM,CAAC,CAAC,CAACU,QAAQ,CAAC,CAAC;IAC1BC,WAAW,EAAEpB,CAAC,CAACQ,KAAK,CAACR,CAAC,CAACS,MAAM,CAAC,CAAC;EACjC,CAAC,CAAC;EACFY,OAAO,EAAErB,CAAC,CAACM,MAAM,CAAC;IAChBgB,GAAG,EAAEtB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfc,GAAG,EAAEvB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfe,GAAG,EAAExB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfgB,GAAG,EAAExB,QAAQ;IACbyB,GAAG,EAAEzB,QAAQ;IACb0B,MAAM,EAAE3B,CAAC,CAACS,MAAM,CAAC,CAAC;IAClBmB,GAAG,EAAE5B,CAAC,CAACM,MAAM,CAAC;MACZuB,GAAG,EAAE9B;IACP,CAAC,CAAC;IACF+B,IAAI,EAAE9B,CAAC,CAACgB,OAAO,CAAC,0BAA0B,CAAC;IAC3Ce,eAAe,EAAE/B,CAAC,CAACM,MAAM,CAAC;MACxB0B,YAAY,EAAEhC,CAAC,CAACiC,YAAY,CAC1BjC,CAAC,CAACM,MAAM,CAAC;QACP4B,eAAe,EAAElC,CAAC,CAACgB,OAAO,CAAC,OAAO,CAAC;QACnCmB,eAAe,EAAEnC,CAAC,CAACS,MAAM,CAAC;MAC5B,CAAC,CAAC,EACFJ,qBACF,CAAC;MACD+B,MAAM,EAAE/B;IACV,CAAC,CAAC;IACFgC,OAAO,EAAErC,CAAC,CAACgB,OAAO,CAAC,SAAS;EAC9B,CAAC;AACH,CAAC,CAAC"}
1
+ {"version":3,"names":["JWK","z","UnixTime","number","min","max","ObfuscatedDisclosures","object","_sd","array","string","Disclosure","tuple","unknown","SdJwt4VC","header","typ","literal","alg","kid","optional","trust_chain","payload","iss","sub","jti","iat","exp","status","cnf","jwk","type","verified_claims","verification","intersection","trust_framework","assurance_level","claims","_sd_alg"],"sourceRoot":"../../../src","sources":["sd-jwt/types.ts"],"mappings":"AAAA,SAASA,GAAG,QAAQ,cAAc;AAClC,SAASC,CAAC,QAAQ,KAAK;AAEvB,OAAO,MAAMC,QAAQ,GAAGD,CAAC,CAACE,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAACC,GAAG,CAAC,aAAa,CAAC;AAI5D,OAAO,MAAMC,qBAAqB,GAAGL,CAAC,CAACM,MAAM,CAAC;EAAEC,GAAG,EAAEP,CAAC,CAACQ,KAAK,CAACR,CAAC,CAACS,MAAM,CAAC,CAAC;AAAE,CAAC,CAAC;;AAE3E;AACA;AACA;AACA;AACA;AACA;;AAEA,OAAO,MAAMC,UAAU,GAAGV,CAAC,CAACW,KAAK,CAAC,CAChC,UAAWX,CAAC,CAACS,MAAM,CAAC,CAAC,EACrB,gBAAiBT,CAAC,CAACS,MAAM,CAAC,CAAC,EAC3B,iBAAkBT,CAAC,CAACY,OAAO,CAAC,CAAC,CAC9B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAOA,OAAO,MAAMC,QAAQ,GAAGb,CAAC,CAACM,MAAM,CAAC;EAC/BQ,MAAM,EAAEd,CAAC,CAACM,MAAM,CAAC;IACfS,GAAG,EAAEf,CAAC,CAACgB,OAAO,CAAC,WAAW,CAAC;IAC3BC,GAAG,EAAEjB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfS,GAAG,EAAElB,CAAC,CAACS,MAAM,CAAC,CAAC,CAACU,QAAQ,CAAC,CAAC;IAC1BC,WAAW,EAAEpB,CAAC,CAACQ,KAAK,CAACR,CAAC,CAACS,MAAM,CAAC,CAAC;EACjC,CAAC,CAAC;EACFY,OAAO,EAAErB,CAAC,CAACM,MAAM,CAAC;IAChBgB,GAAG,EAAEtB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfc,GAAG,EAAEvB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfe,GAAG,EAAExB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfgB,GAAG,EAAExB,QAAQ;IACbyB,GAAG,EAAEzB,QAAQ;IACb0B,MAAM,EAAE3B,CAAC,CAACS,MAAM,CAAC,CAAC;IAClBmB,GAAG,EAAE5B,CAAC,CAACM,MAAM,CAAC;MACZuB,GAAG,EAAE9B;IACP,CAAC,CAAC;IACF+B,IAAI,EAAE9B,CAAC,CAACS,MAAM,CAAC,CAAC;IAChBsB,eAAe,EAAE/B,CAAC,CAACM,MAAM,CAAC;MACxB0B,YAAY,EAAEhC,CAAC,CAACiC,YAAY,CAC1BjC,CAAC,CAACM,MAAM,CAAC;QACP4B,eAAe,EAAElC,CAAC,CAACgB,OAAO,CAAC,OAAO,CAAC;QACnCmB,eAAe,EAAEnC,CAAC,CAACS,MAAM,CAAC;MAC5B,CAAC,CAAC,EACFJ,qBACF,CAAC;MACD+B,MAAM,EAAE/B;IACV,CAAC,CAAC;IACFgC,OAAO,EAAErC,CAAC,CAACgB,OAAO,CAAC,SAAS;EAC9B,CAAC;AACH,CAAC,CAAC"}
@@ -2,6 +2,7 @@ import { decode as decodeJwt, verify as verifyJwt } from "@pagopa/io-react-nativ
2
2
  import { EntityConfiguration, EntityStatement, TrustAnchorEntityConfiguration } from "./types";
3
3
  import { IoWalletError } from "../utils/errors";
4
4
  import * as z from "zod";
5
+ import { getSignedEntityConfiguration, getSignedEntityStatement } from ".";
5
6
  // Verify a token signature
6
7
  // The kid is extracted from the token header
7
8
  const verify = async (token, kid, jwks) => {
@@ -40,12 +41,12 @@ const LastElementShape = z.union([EntityStatement, TrustAnchorEntityConfiguratio
40
41
  /**
41
42
  * Validates a provided trust chain against a known trust
42
43
  *
43
- * @param trustAnchorEntity
44
- * @param chain
44
+ * @param trustAnchorEntity The entity configuration of the known trust anchor
45
+ * @param chain The chain of statements to be validate
45
46
  * @returns The list of parsed token representing the chain
46
47
  * @throws {IoWalletError} If the chain is not valid
47
48
  */
48
- export async function verifyTrustChain(trustAnchorEntity, chain) {
49
+ export async function validateTrustChain(trustAnchorEntity, chain) {
49
50
  // If the chain is empty, fail
50
51
  if (chain.length === 0) {
51
52
  throw new IoWalletError("Cannot verify empty trust chain");
@@ -83,4 +84,30 @@ export async function verifyTrustChain(trustAnchorEntity, chain) {
83
84
  // If there is no next, hence it's the end of the chain and it must be verified by the Trust Anchor
84
85
  return Promise.all(chain.map((token, i) => [token, selectKid(i), selectKeys(i)]).map(args => verify(...args)));
85
86
  }
87
+
88
+ /**
89
+ * Given a trust chain, obtain a new trust chain by fetching each element's fresh version
90
+ *
91
+ * @param chain The original chain
92
+ * @param appFetch (optional) fetch api implementation
93
+ * @returns A list of signed token that reprensent the trust chain, in the same order of the provided chain
94
+ * @throws When an element of the chain fails to parse
95
+ */
96
+ export function renewTrustChain(chain) {
97
+ let appFetch = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : fetch;
98
+ return Promise.all(chain
99
+ // Decode each item to determine its shape
100
+ .map(decode).map(e => [EntityStatement.safeParse(e), EntityConfiguration.safeParse(e)])
101
+ // fetch the element according to its shape
102
+ .map((_ref, i) => {
103
+ let [es, ec] = _ref;
104
+ return ec.success ? getSignedEntityConfiguration(ec.data.payload.iss, {
105
+ appFetch
106
+ }) : es.success ? getSignedEntityStatement(es.data.payload.iss, es.data.payload.sub, {
107
+ appFetch
108
+ }) :
109
+ // if the element fail to parse in both EntityStatement and EntityConfiguration, raise an error
110
+ Promise.reject(new IoWalletError(`Cannot renew trust chain because the element #${i} failed to be parsed.`));
111
+ }));
112
+ }
86
113
  //# sourceMappingURL=chain.js.map
@@ -1 +1 @@
1
- {"version":3,"names":["decode","decodeJwt","verify","verifyJwt","EntityConfiguration","EntityStatement","TrustAnchorEntityConfiguration","IoWalletError","z","token","kid","jwks","jwk","find","k","Error","protectedHeader","header","payload","FirstElementShape","MiddleElementShape","LastElementShape","union","verifyTrustChain","trustAnchorEntity","chain","length","selectTokenShape","elementIndex","selectKid","currentIndex","shape","parse","selectKeys","keys","nextIndex","nextToken","Promise","all","map","i","args"],"sourceRoot":"../../../src","sources":["trust/chain.ts"],"mappings":"AAAA,SACEA,MAAM,IAAIC,SAAS,EACnBC,MAAM,IAAIC,SAAS,QACd,6BAA6B;AACpC,SACEC,mBAAmB,EACnBC,eAAe,EACfC,8BAA8B,QACzB,SAAS;AAEhB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,OAAO,KAAKC,CAAC,MAAM,KAAK;AAQxB;AACA;AACA,MAAMN,MAAM,GAAG,MAAAA,CACbO,KAAa,EACbC,GAAW,EACXC,IAAW,KACc;EACzB,MAAMC,GAAG,GAAGD,IAAI,CAACE,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,GAAG,KAAKA,GAAG,CAAC;EAC3C,IAAI,CAACE,GAAG,EAAE;IACR,MAAM,IAAIG,KAAK,CAAE,gBAAeL,GAAI,YAAWD,KAAM,EAAC,CAAC;EACzD;EACA,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAMf,SAAS,CAACM,KAAK,EAAEG,GAAG,CAAC;EACxE,OAAO;IAAEK,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;AAED,MAAMlB,MAAM,GAAIS,KAAa,IAAK;EAChC,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAGjB,SAAS,CAACQ,KAAK,CAAC;EAC7D,OAAO;IAAEQ,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;;AAED;AACA,MAAMC,iBAAiB,GAAGf,mBAAmB;AAC7C;AACA,MAAMgB,kBAAkB,GAAGf,eAAe;AAC1C;AACA;AACA,MAAMgB,gBAAgB,GAAGb,CAAC,CAACc,KAAK,CAAC,CAC/BjB,eAAe,EACfC,8BAA8B,CAC/B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeiB,gBAAgBA,CACpCC,iBAAiD,EACjDC,KAAe,EACS;EACxB;EACA,IAAIA,KAAK,CAACC,MAAM,KAAK,CAAC,EAAE;IACtB,MAAM,IAAInB,aAAa,CAAC,iCAAiC,CAAC;EAC5D;;EAEA;EACA,MAAMoB,gBAAgB,GAAIC,YAAoB,IAC5CA,YAAY,KAAK,CAAC,GACdT,iBAAiB,GACjBS,YAAY,KAAKH,KAAK,CAACC,MAAM,GAAG,CAAC,GACjCL,gBAAgB,GAChBD,kBAAkB;;EAExB;EACA,MAAMS,SAAS,GAAIC,YAAoB,IAAa;IAClD,MAAMrB,KAAK,GAAGgB,KAAK,CAACK,YAAY,CAAC;IACjC,IAAI,CAACrB,KAAK,EAAE;MACV,MAAM,IAAIF,aAAa,CAAE,gCAA+B,CAAC;IAC3D;IACA,MAAMwB,KAAK,GAAGJ,gBAAgB,CAACG,YAAY,CAAC;IAC5C,OAAOC,KAAK,CAACC,KAAK,CAAChC,MAAM,CAACS,KAAK,CAAC,CAAC,CAACQ,MAAM,CAACP,GAAG;EAC9C,CAAC;;EAED;EACA;EACA,MAAMuB,UAAU,GAAIH,YAAoB,IAAY;IAClD,IAAIA,YAAY,KAAKL,KAAK,CAACC,MAAM,GAAG,CAAC,EAAE;MACrC,OAAOF,iBAAiB,CAACN,OAAO,CAACP,IAAI,CAACuB,IAAI;IAC5C;IAEA,MAAMC,SAAS,GAAGL,YAAY,GAAG,CAAC;IAClC,MAAMM,SAAS,GAAGX,KAAK,CAACU,SAAS,CAAC;IAClC,IAAI,CAACC,SAAS,EAAE;MACd,MAAM,IAAI7B,aAAa,CAAE,qCAAoC,CAAC;IAChE;IACA,MAAMwB,KAAK,GAAGJ,gBAAgB,CAACQ,SAAS,CAAC;IACzC,OAAOJ,KAAK,CAACC,KAAK,CAAChC,MAAM,CAACoC,SAAS,CAAC,CAAC,CAAClB,OAAO,CAACP,IAAI,CAACuB,IAAI;EACzD,CAAC;;EAED;EACA;EACA,OAAOG,OAAO,CAACC,GAAG,CAChBb,KAAK,CACFc,GAAG,CAAC,CAAC9B,KAAK,EAAE+B,CAAC,KAAK,CAAC/B,KAAK,EAAEoB,SAAS,CAACW,CAAC,CAAC,EAAEP,UAAU,CAACO,CAAC,CAAC,CAAU,CAAC,CAChED,GAAG,CAAEE,IAAI,IAAKvC,MAAM,CAAC,GAAGuC,IAAI,CAAC,CAClC,CAAC;AACH"}
1
+ {"version":3,"names":["decode","decodeJwt","verify","verifyJwt","EntityConfiguration","EntityStatement","TrustAnchorEntityConfiguration","IoWalletError","z","getSignedEntityConfiguration","getSignedEntityStatement","token","kid","jwks","jwk","find","k","Error","protectedHeader","header","payload","FirstElementShape","MiddleElementShape","LastElementShape","union","validateTrustChain","trustAnchorEntity","chain","length","selectTokenShape","elementIndex","selectKid","currentIndex","shape","parse","selectKeys","keys","nextIndex","nextToken","Promise","all","map","i","args","renewTrustChain","appFetch","arguments","undefined","fetch","e","safeParse","_ref","es","ec","success","data","iss","sub","reject"],"sourceRoot":"../../../src","sources":["trust/chain.ts"],"mappings":"AAAA,SACEA,MAAM,IAAIC,SAAS,EACnBC,MAAM,IAAIC,SAAS,QACd,6BAA6B;AACpC,SACEC,mBAAmB,EACnBC,eAAe,EACfC,8BAA8B,QACzB,SAAS;AAEhB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,SAASC,4BAA4B,EAAEC,wBAAwB,QAAQ,GAAG;AAO1E;AACA;AACA,MAAMR,MAAM,GAAG,MAAAA,CACbS,KAAa,EACbC,GAAW,EACXC,IAAW,KACc;EACzB,MAAMC,GAAG,GAAGD,IAAI,CAACE,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,GAAG,KAAKA,GAAG,CAAC;EAC3C,IAAI,CAACE,GAAG,EAAE;IACR,MAAM,IAAIG,KAAK,CAAE,gBAAeL,GAAI,YAAWD,KAAM,EAAC,CAAC;EACzD;EACA,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAMjB,SAAS,CAACQ,KAAK,EAAEG,GAAG,CAAC;EACxE,OAAO;IAAEK,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;AAED,MAAMpB,MAAM,GAAIW,KAAa,IAAK;EAChC,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAGnB,SAAS,CAACU,KAAK,CAAC;EAC7D,OAAO;IAAEQ,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;;AAED;AACA,MAAMC,iBAAiB,GAAGjB,mBAAmB;AAC7C;AACA,MAAMkB,kBAAkB,GAAGjB,eAAe;AAC1C;AACA;AACA,MAAMkB,gBAAgB,GAAGf,CAAC,CAACgB,KAAK,CAAC,CAC/BnB,eAAe,EACfC,8BAA8B,CAC/B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAemB,kBAAkBA,CACtCC,iBAAiD,EACjDC,KAAe,EACS;EACxB;EACA,IAAIA,KAAK,CAACC,MAAM,KAAK,CAAC,EAAE;IACtB,MAAM,IAAIrB,aAAa,CAAC,iCAAiC,CAAC;EAC5D;;EAEA;EACA,MAAMsB,gBAAgB,GAAIC,YAAoB,IAC5CA,YAAY,KAAK,CAAC,GACdT,iBAAiB,GACjBS,YAAY,KAAKH,KAAK,CAACC,MAAM,GAAG,CAAC,GACjCL,gBAAgB,GAChBD,kBAAkB;;EAExB;EACA,MAAMS,SAAS,GAAIC,YAAoB,IAAa;IAClD,MAAMrB,KAAK,GAAGgB,KAAK,CAACK,YAAY,CAAC;IACjC,IAAI,CAACrB,KAAK,EAAE;MACV,MAAM,IAAIJ,aAAa,CAAE,gCAA+B,CAAC;IAC3D;IACA,MAAM0B,KAAK,GAAGJ,gBAAgB,CAACG,YAAY,CAAC;IAC5C,OAAOC,KAAK,CAACC,KAAK,CAAClC,MAAM,CAACW,KAAK,CAAC,CAAC,CAACQ,MAAM,CAACP,GAAG;EAC9C,CAAC;;EAED;EACA;EACA,MAAMuB,UAAU,GAAIH,YAAoB,IAAY;IAClD,IAAIA,YAAY,KAAKL,KAAK,CAACC,MAAM,GAAG,CAAC,EAAE;MACrC,OAAOF,iBAAiB,CAACN,OAAO,CAACP,IAAI,CAACuB,IAAI;IAC5C;IAEA,MAAMC,SAAS,GAAGL,YAAY,GAAG,CAAC;IAClC,MAAMM,SAAS,GAAGX,KAAK,CAACU,SAAS,CAAC;IAClC,IAAI,CAACC,SAAS,EAAE;MACd,MAAM,IAAI/B,aAAa,CAAE,qCAAoC,CAAC;IAChE;IACA,MAAM0B,KAAK,GAAGJ,gBAAgB,CAACQ,SAAS,CAAC;IACzC,OAAOJ,KAAK,CAACC,KAAK,CAAClC,MAAM,CAACsC,SAAS,CAAC,CAAC,CAAClB,OAAO,CAACP,IAAI,CAACuB,IAAI;EACzD,CAAC;;EAED;EACA;EACA,OAAOG,OAAO,CAACC,GAAG,CAChBb,KAAK,CACFc,GAAG,CAAC,CAAC9B,KAAK,EAAE+B,CAAC,KAAK,CAAC/B,KAAK,EAAEoB,SAAS,CAACW,CAAC,CAAC,EAAEP,UAAU,CAACO,CAAC,CAAC,CAAU,CAAC,CAChED,GAAG,CAAEE,IAAI,IAAKzC,MAAM,CAAC,GAAGyC,IAAI,CAAC,CAClC,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,eAAeA,CAC7BjB,KAAe,EAEf;EAAA,IADAkB,QAA8B,GAAAC,SAAA,CAAAlB,MAAA,QAAAkB,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAGE,KAAK;EAEtC,OAAOT,OAAO,CAACC,GAAG,CAChBb;EACE;EAAA,CACCc,GAAG,CAACzC,MAAM,CAAC,CACXyC,GAAG,CACDQ,CAAC,IACA,CACE5C,eAAe,CAAC6C,SAAS,CAACD,CAAC,CAAC,EAC5B7C,mBAAmB,CAAC8C,SAAS,CAACD,CAAC,CAAC,CAEtC;EACA;EAAA,CACCR,GAAG,CAAC,CAAAU,IAAA,EAAWT,CAAC;IAAA,IAAX,CAACU,EAAE,EAAEC,EAAE,CAAC,GAAAF,IAAA;IAAA,OACZE,EAAE,CAACC,OAAO,GACN7C,4BAA4B,CAAC4C,EAAE,CAACE,IAAI,CAACnC,OAAO,CAACoC,GAAG,EAAE;MAAEX;IAAS,CAAC,CAAC,GAC/DO,EAAE,CAACE,OAAO,GACV5C,wBAAwB,CAAC0C,EAAE,CAACG,IAAI,CAACnC,OAAO,CAACoC,GAAG,EAAEJ,EAAE,CAACG,IAAI,CAACnC,OAAO,CAACqC,GAAG,EAAE;MACjEZ;IACF,CAAC,CAAC;IACF;IACAN,OAAO,CAACmB,MAAM,CACZ,IAAInD,aAAa,CACd,iDAAgDmC,CAAE,uBACrD,CACF,CAAC;EAAA,CACP,CACJ,CAAC;AACH"}
@@ -1,8 +1,51 @@
1
1
  import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
2
- import { WalletProviderEntityConfiguration, TrustAnchorEntityConfiguration, CredentialIssuerEntityConfiguration, RelyingPartyEntityConfiguration, EntityConfiguration } from "./types";
3
- import { IoWalletError } from "../utils/errors";
4
- import { verifyTrustChain } from "./chain";
5
- export { verifyTrustChain };
2
+ import { WalletProviderEntityConfiguration, TrustAnchorEntityConfiguration, CredentialIssuerEntityConfiguration, RelyingPartyEntityConfiguration, EntityConfiguration, EntityStatement } from "./types";
3
+ import { validateTrustChain, renewTrustChain } from "./chain";
4
+ import { hasStatus } from "../utils/misc";
5
+ /**
6
+ * Verify a given trust chain is actually valid.
7
+ * It can handle fast chain renewal, which means we try to fetch a fresh version of each statement.
8
+ *
9
+ * @param trustAnchorEntity The entity configuration of the known trust anchor
10
+ * @param chain The chain of statements to be validate
11
+ * @param options.renewOnFail Whether to renew the provided chain if the validation fails at first. Default: true
12
+ * @param options.appFetch Fetch api implementation. Default: the built-in implementation
13
+ * @returns The result of the chain validation
14
+ * @throws {IoWalletError} When either validation or renewal fail
15
+ */
16
+ export async function verifyTrustChain(trustAnchorEntity, chain) {
17
+ let {
18
+ appFetch = fetch,
19
+ renewOnFail = true
20
+ } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
21
+ try {
22
+ return validateTrustChain(trustAnchorEntity, chain);
23
+ } catch (error) {
24
+ if (renewOnFail) {
25
+ const renewedChain = await renewTrustChain(chain, appFetch);
26
+ return validateTrustChain(trustAnchorEntity, renewedChain);
27
+ } else {
28
+ throw error;
29
+ }
30
+ }
31
+ }
32
+
33
+ /**
34
+ * Fetch the signed entity configuration token for an entity
35
+ *
36
+ * @param entityBaseUrl The url of the entity to fetch
37
+ * @param param.appFetch (optional) fetch api implemention
38
+ * @returns The signed Entity Configuration token
39
+ */
40
+ export async function getSignedEntityConfiguration(entityBaseUrl) {
41
+ let {
42
+ appFetch = fetch
43
+ } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
44
+ const wellKnownUrl = `${entityBaseUrl}/.well-known/openid-federation`;
45
+ return await appFetch(wellKnownUrl, {
46
+ method: "GET"
47
+ }).then(hasStatus(200)).then(res => res.text());
48
+ }
6
49
 
7
50
  /**
8
51
  * Fetch and parse the entity configuration document for a given federation entity.
@@ -26,23 +69,63 @@ async function fetchAndParseEntityConfiguration(entityBaseUrl, schema) {
26
69
  let {
27
70
  appFetch = fetch
28
71
  } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
29
- const wellKnownUrl = `${entityBaseUrl}/.well-known/openid-federation`;
30
- const response = await appFetch(wellKnownUrl, {
31
- method: "GET"
72
+ const responseText = await getSignedEntityConfiguration(entityBaseUrl, {
73
+ appFetch
74
+ });
75
+ const responseJwt = decodeJwt(responseText);
76
+ return schema.parse({
77
+ header: responseJwt.protectedHeader,
78
+ payload: responseJwt.payload
32
79
  });
33
- if (response.status === 200) {
34
- const responseText = await response.text();
35
- const responseJwt = decodeJwt(responseText);
36
- return schema.parse({
37
- header: responseJwt.protectedHeader,
38
- payload: responseJwt.payload
39
- });
40
- }
41
- throw new IoWalletError(`Unable to obtain Entity Configuration at ${wellKnownUrl}. Response code: ${response.status}`);
42
80
  }
43
81
  export const getWalletProviderEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, WalletProviderEntityConfiguration, options);
44
82
  export const getCredentialIssuerEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, CredentialIssuerEntityConfiguration, options);
45
83
  export const getTrustAnchorEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, TrustAnchorEntityConfiguration, options);
46
84
  export const getRelyingPartyEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, RelyingPartyEntityConfiguration, options);
47
85
  export const getEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, EntityConfiguration, options);
86
+
87
+ /**
88
+ * Fetch and parse the entity statement document for a given federation entity.
89
+ *
90
+ * @param accreditationBodyBaseUrl The base url of the accreditaion body which holds and signs the required entity statement
91
+ * @param subordinatedEntityBaseUrl The url that identifies the subordinate entity
92
+ * @param options.appFetch An optional instance of the http client to be used.
93
+ * @returns The parsed entity configuration object
94
+ * @throws {IoWalletError} If the http request fails
95
+ * @throws Parse error if the document is not in the expected shape.
96
+ */
97
+ export async function getEntityStatement(accreditationBodyBaseUrl, subordinatedEntityBaseUrl) {
98
+ let {
99
+ appFetch = fetch
100
+ } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
101
+ const responseText = await getSignedEntityStatement(accreditationBodyBaseUrl, subordinatedEntityBaseUrl, {
102
+ appFetch
103
+ });
104
+ const responseJwt = decodeJwt(responseText);
105
+ return EntityStatement.parse({
106
+ header: responseJwt.protectedHeader,
107
+ payload: responseJwt.payload
108
+ });
109
+ }
110
+
111
+ /**
112
+ * Fetch the entity statement document for a given federation entity.
113
+ *
114
+ * @param accreditationBodyBaseUrl The base url of the accreditaion body which holds and signs the required entity statement
115
+ * @param subordinatedEntityBaseUrl The url that identifies the subordinate entity
116
+ * @param options.appFetch An optional instance of the http client to be used.
117
+ * @returns The signed entity statement token
118
+ * @throws {IoWalletError} If the http request fails
119
+ */
120
+ export async function getSignedEntityStatement(accreditationBodyBaseUrl, subordinatedEntityBaseUrl) {
121
+ let {
122
+ appFetch = fetch
123
+ } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
124
+ const url = `${accreditationBodyBaseUrl}/fetch?${new URLSearchParams({
125
+ sub: subordinatedEntityBaseUrl
126
+ })}`;
127
+ return await appFetch(url, {
128
+ method: "GET"
129
+ }).then(hasStatus(200)).then(res => res.text());
130
+ }
48
131
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"names":["decode","decodeJwt","WalletProviderEntityConfiguration","TrustAnchorEntityConfiguration","CredentialIssuerEntityConfiguration","RelyingPartyEntityConfiguration","EntityConfiguration","IoWalletError","verifyTrustChain","fetchAndParseEntityConfiguration","entityBaseUrl","schema","appFetch","fetch","arguments","length","undefined","wellKnownUrl","response","method","status","responseText","text","responseJwt","parse","header","protectedHeader","payload","getWalletProviderEntityConfiguration","options","getCredentialIssuerEntityConfiguration","getTrustAnchorEntityConfiguration","getRelyingPartyEntityConfiguration","getEntityConfiguration"],"sourceRoot":"../../../src","sources":["trust/index.ts"],"mappings":"AAAA,SAASA,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SACEC,iCAAiC,EACjCC,8BAA8B,EAC9BC,mCAAmC,EACnCC,+BAA+B,EAC/BC,mBAAmB,QACd,SAAS;AAChB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,gBAAgB,QAAQ,SAAS;AAE1C,SAASA,gBAAgB;;AAEzB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAoCA,eAAeC,gCAAgCA,CAC7CC,aAAqB,EACrBC,MAK8B,EAM9B;EAAA,IALA;IACEC,QAAQ,GAAGC;EAGb,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMG,YAAY,GAAI,GAAEP,aAAc,gCAA+B;EAErE,MAAMQ,QAAQ,GAAG,MAAMN,QAAQ,CAACK,YAAY,EAAE;IAC5CE,MAAM,EAAE;EACV,CAAC,CAAC;EAEF,IAAID,QAAQ,CAACE,MAAM,KAAK,GAAG,EAAE;IAC3B,MAAMC,YAAY,GAAG,MAAMH,QAAQ,CAACI,IAAI,CAAC,CAAC;IAC1C,MAAMC,WAAW,GAAGtB,SAAS,CAACoB,YAAY,CAAC;IAC3C,OAAOV,MAAM,CAACa,KAAK,CAAC;MAClBC,MAAM,EAAEF,WAAW,CAACG,eAAe;MACnCC,OAAO,EAAEJ,WAAW,CAACI;IACvB,CAAC,CAAC;EACJ;EAEA,MAAM,IAAIpB,aAAa,CACpB,4CAA2CU,YAAa,oBAAmBC,QAAQ,CAACE,MAAO,EAC9F,CAAC;AACH;AAEA,OAAO,MAAMQ,oCAAoC,GAAGA,CAClDlB,aAAqE,EACrEmB,OAAgE,KAEhEpB,gCAAgC,CAC9BC,aAAa,EACbR,iCAAiC,EACjC2B,OACF,CAAC;AAEH,OAAO,MAAMC,sCAAsC,GAAGA,CACpDpB,aAAqE,EACrEmB,OAAgE,KAEhEpB,gCAAgC,CAC9BC,aAAa,EACbN,mCAAmC,EACnCyB,OACF,CAAC;AAEH,OAAO,MAAME,iCAAiC,GAAGA,CAC/CrB,aAAqE,EACrEmB,OAAgE,KAEhEpB,gCAAgC,CAC9BC,aAAa,EACbP,8BAA8B,EAC9B0B,OACF,CAAC;AAEH,OAAO,MAAMG,kCAAkC,GAAGA,CAChDtB,aAAqE,EACrEmB,OAAgE,KAEhEpB,gCAAgC,CAC9BC,aAAa,EACbL,+BAA+B,EAC/BwB,OACF,CAAC;AAEH,OAAO,MAAMI,sBAAsB,GAAGA,CACpCvB,aAAqE,EACrEmB,OAAgE,KAEhEpB,gCAAgC,CAACC,aAAa,EAAEJ,mBAAmB,EAAEuB,OAAO,CAAC"}
1
+ {"version":3,"names":["decode","decodeJwt","WalletProviderEntityConfiguration","TrustAnchorEntityConfiguration","CredentialIssuerEntityConfiguration","RelyingPartyEntityConfiguration","EntityConfiguration","EntityStatement","validateTrustChain","renewTrustChain","hasStatus","verifyTrustChain","trustAnchorEntity","chain","appFetch","fetch","renewOnFail","arguments","length","undefined","error","renewedChain","getSignedEntityConfiguration","entityBaseUrl","wellKnownUrl","method","then","res","text","fetchAndParseEntityConfiguration","schema","responseText","responseJwt","parse","header","protectedHeader","payload","getWalletProviderEntityConfiguration","options","getCredentialIssuerEntityConfiguration","getTrustAnchorEntityConfiguration","getRelyingPartyEntityConfiguration","getEntityConfiguration","getEntityStatement","accreditationBodyBaseUrl","subordinatedEntityBaseUrl","getSignedEntityStatement","url","URLSearchParams","sub"],"sourceRoot":"../../../src","sources":["trust/index.ts"],"mappings":"AAAA,SAASA,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SACEC,iCAAiC,EACjCC,8BAA8B,EAC9BC,mCAAmC,EACnCC,+BAA+B,EAC/BC,mBAAmB,EACnBC,eAAe,QACV,SAAS;AAChB,SAASC,kBAAkB,EAAEC,eAAe,QAAQ,SAAS;AAC7D,SAASC,SAAS,QAAQ,eAAe;AAWzC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,gBAAgBA,CACpCC,iBAAiD,EACjDC,KAAe,EAKiC;EAAA,IAJhD;IACEC,QAAQ,GAAGC,KAAK;IAChBC,WAAW,GAAG;EAC4C,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAElE,IAAI;IACF,OAAOT,kBAAkB,CAACI,iBAAiB,EAAEC,KAAK,CAAC;EACrD,CAAC,CAAC,OAAOO,KAAK,EAAE;IACd,IAAIJ,WAAW,EAAE;MACf,MAAMK,YAAY,GAAG,MAAMZ,eAAe,CAACI,KAAK,EAAEC,QAAQ,CAAC;MAC3D,OAAON,kBAAkB,CAACI,iBAAiB,EAAES,YAAY,CAAC;IAC5D,CAAC,MAAM;MACL,MAAMD,KAAK;IACb;EACF;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeE,4BAA4BA,CAChDC,aAAqB,EAMJ;EAAA,IALjB;IACET,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMO,YAAY,GAAI,GAAED,aAAc,gCAA+B;EAErE,OAAO,MAAMT,QAAQ,CAACU,YAAY,EAAE;IAClCC,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAAChB,SAAS,CAAC,GAAG,CAAC,CAAC,CACpBgB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;AAC9B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAoCA,eAAeC,gCAAgCA,CAC7CN,aAAqB,EACrBO,MAK8B,EAM9B;EAAA,IALA;IACEhB,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMc,YAAY,GAAG,MAAMT,4BAA4B,CAACC,aAAa,EAAE;IACrET;EACF,CAAC,CAAC;EAEF,MAAMkB,WAAW,GAAG/B,SAAS,CAAC8B,YAAY,CAAC;EAC3C,OAAOD,MAAM,CAACG,KAAK,CAAC;IAClBC,MAAM,EAAEF,WAAW,CAACG,eAAe;IACnCC,OAAO,EAAEJ,WAAW,CAACI;EACvB,CAAC,CAAC;AACJ;AAEA,OAAO,MAAMC,oCAAoC,GAAGA,CAClDd,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACbrB,iCAAiC,EACjCoC,OACF,CAAC;AAEH,OAAO,MAAMC,sCAAsC,GAAGA,CACpDhB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACbnB,mCAAmC,EACnCkC,OACF,CAAC;AAEH,OAAO,MAAME,iCAAiC,GAAGA,CAC/CjB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACbpB,8BAA8B,EAC9BmC,OACF,CAAC;AAEH,OAAO,MAAMG,kCAAkC,GAAGA,CAChDlB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACblB,+BAA+B,EAC/BiC,OACF,CAAC;AAEH,OAAO,MAAMI,sBAAsB,GAAGA,CACpCnB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAACN,aAAa,EAAEjB,mBAAmB,EAAEgC,OAAO,CAAC;;AAE/E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeK,kBAAkBA,CACtCC,wBAAgC,EAChCC,yBAAiC,EAMjC;EAAA,IALA;IACE/B,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMc,YAAY,GAAG,MAAMe,wBAAwB,CACjDF,wBAAwB,EACxBC,yBAAyB,EACzB;IACE/B;EACF,CACF,CAAC;EAED,MAAMkB,WAAW,GAAG/B,SAAS,CAAC8B,YAAY,CAAC;EAC3C,OAAOxB,eAAe,CAAC0B,KAAK,CAAC;IAC3BC,MAAM,EAAEF,WAAW,CAACG,eAAe;IACnCC,OAAO,EAAEJ,WAAW,CAACI;EACvB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeU,wBAAwBA,CAC5CF,wBAAgC,EAChCC,yBAAiC,EAMjC;EAAA,IALA;IACE/B,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAM8B,GAAG,GAAI,GAAEH,wBAAyB,UAAS,IAAII,eAAe,CAAC;IACnEC,GAAG,EAAEJ;EACP,CAAC,CAAE,EAAC;EAEJ,OAAO,MAAM/B,QAAQ,CAACiC,GAAG,EAAE;IACzBtB,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAAChB,SAAS,CAAC,GAAG,CAAC,CAAC,CACpBgB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;AAC9B"}