@pagopa/io-react-native-wallet 0.9.1 → 0.10.0
Sign up to get free protection for your applications and to get access to all the features.
- package/lib/commonjs/credential/issuance/06-obtain-credential.js +2 -34
- package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js +169 -0
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map +1 -0
- package/lib/commonjs/credential/issuance/08-confirm-credential.js +6 -0
- package/lib/commonjs/credential/issuance/08-confirm-credential.js.map +1 -0
- package/lib/commonjs/credential/issuance/const.js +6 -1
- package/lib/commonjs/credential/issuance/const.js.map +1 -1
- package/lib/commonjs/credential/issuance/index.js +7 -0
- package/lib/commonjs/credential/issuance/index.js.map +1 -1
- package/lib/commonjs/credential/presentation/01-start-flow.js +1 -1
- package/lib/commonjs/credential/presentation/01-start-flow.js.map +1 -1
- package/lib/commonjs/index.js +3 -1
- package/lib/commonjs/index.js.map +1 -1
- package/lib/commonjs/sd-jwt/__test__/index.test.js +33 -1
- package/lib/commonjs/sd-jwt/__test__/index.test.js.map +1 -1
- package/lib/commonjs/sd-jwt/index.js +15 -6
- package/lib/commonjs/sd-jwt/index.js.map +1 -1
- package/lib/commonjs/sd-jwt/types.js +1 -1
- package/lib/commonjs/trust/types.js +5 -0
- package/lib/commonjs/trust/types.js.map +1 -1
- package/lib/commonjs/utils/misc.js +2 -2
- package/lib/commonjs/utils/misc.js.map +1 -1
- package/lib/module/credential/issuance/06-obtain-credential.js +3 -34
- package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js +163 -0
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map +1 -0
- package/lib/module/credential/issuance/08-confirm-credential.js +2 -0
- package/lib/module/credential/issuance/08-confirm-credential.js.map +1 -0
- package/lib/module/credential/issuance/const.js +2 -0
- package/lib/module/credential/issuance/const.js.map +1 -1
- package/lib/module/credential/issuance/index.js +2 -1
- package/lib/module/credential/issuance/index.js.map +1 -1
- package/lib/module/credential/presentation/01-start-flow.js +1 -1
- package/lib/module/credential/presentation/01-start-flow.js.map +1 -1
- package/lib/module/index.js +2 -1
- package/lib/module/index.js.map +1 -1
- package/lib/module/sd-jwt/__test__/index.test.js +33 -1
- package/lib/module/sd-jwt/__test__/index.test.js.map +1 -1
- package/lib/module/sd-jwt/index.js +10 -6
- package/lib/module/sd-jwt/index.js.map +1 -1
- package/lib/module/sd-jwt/types.js +1 -1
- package/lib/module/trust/types.js +5 -0
- package/lib/module/trust/types.js.map +1 -1
- package/lib/module/utils/misc.js +2 -2
- package/lib/module/utils/misc.js.map +1 -1
- package/lib/typescript/credential/issuance/01-start-flow.d.ts +2 -2
- package/lib/typescript/credential/issuance/01-start-flow.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts +2 -1
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts +36 -0
- package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/08-confirm-credential.d.ts +11 -0
- package/lib/typescript/credential/issuance/08-confirm-credential.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/const.d.ts +3 -0
- package/lib/typescript/credential/issuance/const.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/index.d.ts +4 -3
- package/lib/typescript/credential/issuance/index.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/01-start-flow.d.ts +2 -2
- package/lib/typescript/credential/presentation/01-start-flow.d.ts.map +1 -1
- package/lib/typescript/index.d.ts +2 -1
- package/lib/typescript/index.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/index.d.ts +222 -5
- package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/types.d.ts +1 -1
- package/lib/typescript/trust/index.d.ts +8 -0
- package/lib/typescript/trust/index.d.ts.map +1 -1
- package/lib/typescript/trust/types.d.ts +232 -0
- package/lib/typescript/trust/types.d.ts.map +1 -1
- package/lib/typescript/utils/misc.d.ts +2 -2
- package/lib/typescript/utils/misc.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/credential/issuance/01-start-flow.ts +2 -2
- package/src/credential/issuance/06-obtain-credential.ts +3 -51
- package/src/credential/issuance/07-verify-and-parse-credential.ts +229 -0
- package/src/credential/issuance/08-confirm-credential.ts +14 -0
- package/src/credential/issuance/const.ts +6 -0
- package/src/credential/issuance/index.ts +7 -1
- package/src/credential/presentation/01-start-flow.ts +3 -3
- package/src/index.ts +2 -0
- package/src/sd-jwt/__test__/index.test.ts +32 -1
- package/src/sd-jwt/index.ts +14 -8
- package/src/sd-jwt/types.ts +1 -1
- package/src/trust/types.ts +4 -0
- package/src/utils/misc.ts +6 -2
|
@@ -7,11 +7,9 @@ exports.obtainCredential = exports.createNonceProof = void 0;
|
|
|
7
7
|
var z = _interopRequireWildcard(require("zod"));
|
|
8
8
|
var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
|
|
9
9
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
10
|
-
var _sdJwt = require("../../sd-jwt");
|
|
11
10
|
var _dpop = require("../../utils/dpop");
|
|
12
11
|
var _misc = require("../../utils/misc");
|
|
13
|
-
var
|
|
14
|
-
var _errors = require("../../utils/errors");
|
|
12
|
+
var _const = require("./const");
|
|
15
13
|
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
|
|
16
14
|
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
|
17
15
|
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
|
@@ -26,36 +24,10 @@ const createNonceProof = async (nonce, issuer, audience, ctx) => {
|
|
|
26
24
|
type: "openid4vci-proof+jwt"
|
|
27
25
|
}).setAudience(audience).setIssuer(issuer).setIssuedAt().setExpirationTime("1h").sign();
|
|
28
26
|
};
|
|
29
|
-
|
|
30
|
-
/**
|
|
31
|
-
* Given a credential, verify it's in the supported format
|
|
32
|
-
* and the credential is correctly signed
|
|
33
|
-
* and it's bound to the given key
|
|
34
|
-
*
|
|
35
|
-
* @param rawCredential The received credential
|
|
36
|
-
* @param issuerKeys The set of public keys of the issuer,
|
|
37
|
-
* which will be used to verify the signature
|
|
38
|
-
* @param holderBindingContext The access to the holder's key
|
|
39
|
-
*
|
|
40
|
-
* @throws If the signature verification fails
|
|
41
|
-
* @throws If the credential is not in the SdJwt4VC format
|
|
42
|
-
* @throws If the holder binding is not properly configured
|
|
43
|
-
*
|
|
44
|
-
*/
|
|
45
27
|
exports.createNonceProof = createNonceProof;
|
|
46
|
-
async function verifyCredential(rawCredential, issuerKeys, holderBindingContext) {
|
|
47
|
-
const [{
|
|
48
|
-
sdJwt
|
|
49
|
-
}, holderBindingKey] =
|
|
50
|
-
// parallel for optimization
|
|
51
|
-
await Promise.all([(0, _sdJwt.verify)(rawCredential, issuerKeys, _types.SdJwt4VC), holderBindingContext.getPublicKey()]);
|
|
52
|
-
if (!sdJwt.payload.cnf.jwk.kid || sdJwt.payload.cnf.jwk.kid !== holderBindingKey.kid) {
|
|
53
|
-
throw new _errors.IoWalletError(`Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${sdJwt.payload.cnf.jwk.kid}`);
|
|
54
|
-
}
|
|
55
|
-
}
|
|
56
28
|
const CredentialEndpointResponse = z.object({
|
|
57
29
|
credential: z.string(),
|
|
58
|
-
format:
|
|
30
|
+
format: _const.SupportedCredentialFormat
|
|
59
31
|
});
|
|
60
32
|
/**
|
|
61
33
|
* Fetch a credential from the issuer
|
|
@@ -115,10 +87,6 @@ const obtainCredential = async (issuerConf, accessToken, nonce, clientId, creden
|
|
|
115
87
|
},
|
|
116
88
|
body: formBody.toString()
|
|
117
89
|
}).then((0, _misc.hasStatus)(200)).then(res => res.json()).then(CredentialEndpointResponse.parse);
|
|
118
|
-
|
|
119
|
-
/** validate the received credential signature
|
|
120
|
-
is correct and refers to the public keys of the issuer */
|
|
121
|
-
await verifyCredential(credential, issuerConf.openid_credential_issuer.jwks.keys, credentialCryptoContext);
|
|
122
90
|
return {
|
|
123
91
|
credential,
|
|
124
92
|
format
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","_interopRequireWildcard","require","_reactNativeUuid","_interopRequireDefault","_ioReactNativeJwt","
|
|
1
|
+
{"version":3,"names":["z","_interopRequireWildcard","require","_reactNativeUuid","_interopRequireDefault","_ioReactNativeJwt","_dpop","_misc","_const","obj","__esModule","default","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","createNonceProof","nonce","issuer","audience","ctx","SignJWT","setPayload","jwk","getPublicKey","setProtectedHeader","type","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","exports","CredentialEndpointResponse","object","credential","string","format","SupportedCredentialFormat","obtainCredential","issuerConf","accessToken","clientId","credentialType","context","credentialCryptoContext","walletProviderBaseUrl","appFetch","fetch","credentialUrl","openid_credential_issuer","credential_endpoint","signedDPopForPid","createDPopToken","htm","htu","jti","uuid","v4","signedNonceProof","formBody","URLSearchParams","credential_definition","JSON","stringify","proof","jwt","proof_type","method","headers","DPoP","Authorization","body","toString","then","hasStatus","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA;AACA,IAAAI,KAAA,GAAAJ,OAAA;AAGA,IAAAK,KAAA,GAAAL,OAAA;AAGA,IAAAM,MAAA,GAAAN,OAAA;AAAoD,SAAAE,uBAAAK,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAAA,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAZ,wBAAAQ,GAAA,EAAAI,WAAA,SAAAA,WAAA,IAAAJ,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAQ,KAAA,GAAAL,wBAAA,CAAAC,WAAA,OAAAI,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAT,GAAA,YAAAQ,KAAA,CAAAE,GAAA,CAAAV,GAAA,SAAAW,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAhB,GAAA,QAAAgB,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAnB,GAAA,EAAAgB,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAf,GAAA,EAAAgB,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAhB,GAAA,CAAAgB,GAAA,SAAAL,MAAA,CAAAT,OAAA,GAAAF,GAAA,MAAAQ,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAArB,GAAA,EAAAW,MAAA,YAAAA,MAAA;AAEpD;AACA;AACA;AACO,MAAMW,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAIC,yBAAO,CAACD,GAAG,CAAC,CACpBE,UAAU,CAAC;IACVL,KAAK;IACLM,GAAG,EAAE,MAAMH,GAAG,CAACI,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,IAAI,EAAE;EACR,CAAC,CAAC,CACDC,WAAW,CAACR,QAAQ,CAAC,CACrBS,SAAS,CAACV,MAAM,CAAC,CACjBW,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;AAACC,OAAA,CAAAhB,gBAAA,GAAAA,gBAAA;AAEF,MAAMiB,0BAA0B,GAAGhD,CAAC,CAACiD,MAAM,CAAC;EAC1CC,UAAU,EAAElD,CAAC,CAACmD,MAAM,CAAC,CAAC;EACtBC,MAAM,EAAEC;AACV,CAAC,CAAC;AAeF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXxB,KAAK,EACLyB,QAAQ,EACRC,cAAc,EACdC,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,qBAAqB;IACrBC,QAAQ,GAAGC;EACb,CAAC,GAAGJ,OAAO;EAEX,MAAMK,aAAa,GAAGT,UAAU,CAACU,wBAAwB,CAACC,mBAAmB;;EAE7E;AACF;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM,IAAAC,qBAAe,EAC5C;IACEC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEN,aAAa;IAClBO,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE;EACpB,CAAC,EACDb,uBACF,CAAC;;EAED;AACF;AACA;EACE,MAAMc,gBAAgB,GAAG,MAAM3C,gBAAgB,CAC7CC,KAAK,EACLyB,QAAQ,EACRI,qBAAqB,EACrBD,uBACF,CAAC;;EAED;EACA,MAAMe,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCC,qBAAqB,EAAEC,IAAI,CAACC,SAAS,CAAC;MACpCtC,IAAI,EAAE,CAACiB,cAAc;IACvB,CAAC,CAAC;IACFN,MAAM,EAAE,WAAW;IACnB4B,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;MACpBE,GAAG,EAAEP,gBAAgB;MACrBQ,UAAU,EAAE;IACd,CAAC;EACH,CAAC,CAAC;EAEF,MAAM;IAAEhC,UAAU;IAAEE;EAAO,CAAC,GAAG,MAAMU,QAAQ,CAACE,aAAa,EAAE;IAC3DmB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAElB,gBAAgB;MACtBmB,aAAa,EAAE9B;IACjB,CAAC;IACD+B,IAAI,EAAEZ,QAAQ,CAACa,QAAQ,CAAC;EAC1B,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,eAAS,EAAC,GAAG,CAAC,CAAC,CACpBD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAACzC,0BAA0B,CAAC6C,KAAK,CAAC;EAEzC,OAAO;IAAE3C,UAAU;IAAEE;EAAO,CAAC;AAC/B,CAAC;AAACL,OAAA,CAAAO,gBAAA,GAAAA,gBAAA"}
|
|
@@ -0,0 +1,169 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
|
4
|
+
value: true
|
|
5
|
+
});
|
|
6
|
+
exports.verifyAndParseCredential = void 0;
|
|
7
|
+
var _errors = require("../../utils/errors");
|
|
8
|
+
var _types = require("../../sd-jwt/types");
|
|
9
|
+
var _sdJwt = require("../../sd-jwt");
|
|
10
|
+
// The credential as a collection of attributes in plain value
|
|
11
|
+
|
|
12
|
+
// handy alias
|
|
13
|
+
|
|
14
|
+
const parseCredentialSdJwt = function (credentials_supported, _ref) {
|
|
15
|
+
var _credentials_supporte;
|
|
16
|
+
let {
|
|
17
|
+
sdJwt,
|
|
18
|
+
disclosures
|
|
19
|
+
} = _ref;
|
|
20
|
+
let ignoreMissingAttributes = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
|
|
21
|
+
// find the definition that matches the received credential's type
|
|
22
|
+
// warning: if more then a defintion is found, the first is retrieved
|
|
23
|
+
const credentialSubject = (_credentials_supporte = credentials_supported.find(c => c.credential_definition.type.includes(sdJwt.payload.type))) === null || _credentials_supporte === void 0 ? void 0 : _credentials_supporte.credential_definition.credentialSubject;
|
|
24
|
+
|
|
25
|
+
// the received credential matches no supported credential, throw an exception
|
|
26
|
+
if (!credentialSubject) {
|
|
27
|
+
const expected = credentials_supported.flatMap(_ => _.credential_definition.type).join(", ");
|
|
28
|
+
throw new _errors.IoWalletError(`Received credential is of an unknwown type. Expected one of [${expected}], received '${sdJwt.payload.type}', `);
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
// transfrom a record { key: value } in an iterable of pairs [key, value]
|
|
32
|
+
const attrDefinitions = Object.entries(credentialSubject);
|
|
33
|
+
|
|
34
|
+
// every mandatory attribute must be present in the credential's disclosures
|
|
35
|
+
// the key of the attribute defintion must match the disclosure's name
|
|
36
|
+
const attrsNotInDisclosures = attrDefinitions.filter(_ref2 => {
|
|
37
|
+
let [attrKey, {
|
|
38
|
+
mandatory
|
|
39
|
+
}] = _ref2;
|
|
40
|
+
return mandatory && !disclosures.some(_ref3 => {
|
|
41
|
+
let [, name] = _ref3;
|
|
42
|
+
return name === attrKey;
|
|
43
|
+
});
|
|
44
|
+
});
|
|
45
|
+
if (attrsNotInDisclosures.length > 0) {
|
|
46
|
+
const missing = attrsNotInDisclosures.map(_ => _[0 /* key */]).join(", ");
|
|
47
|
+
const received = disclosures.map(_ => _[1 /* name */]).join(", ");
|
|
48
|
+
// the rationale of this condition is that we may want to be permissive
|
|
49
|
+
// on incomplete credentials in the test phase of the project.
|
|
50
|
+
// we might want to be strict once in production, hence remove this condition
|
|
51
|
+
if (!ignoreMissingAttributes) {
|
|
52
|
+
throw new _errors.IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
// attributes that are defined in the issuer configuration
|
|
57
|
+
// and are present in the disclosure set
|
|
58
|
+
const definedValues = attrDefinitions
|
|
59
|
+
// retrieve the value from the disclosure set
|
|
60
|
+
.map(_ref4 => {
|
|
61
|
+
var _disclosures$find;
|
|
62
|
+
let [attrKey, definition] = _ref4;
|
|
63
|
+
return [attrKey, {
|
|
64
|
+
...definition,
|
|
65
|
+
value: (_disclosures$find = disclosures.find(_ => _[1 /* name */] === attrKey)) === null || _disclosures$find === void 0 ? void 0 : _disclosures$find[2 /* value */]
|
|
66
|
+
}];
|
|
67
|
+
})
|
|
68
|
+
// add a human readable attribute name, with i18n, in the form { locale: name }
|
|
69
|
+
// example: { "it-IT": "Nome", "en-EN": "Name", "es-ES": "Nombre" }
|
|
70
|
+
.map(_ref5 => {
|
|
71
|
+
let [attrKey, {
|
|
72
|
+
display,
|
|
73
|
+
...definition
|
|
74
|
+
}] = _ref5;
|
|
75
|
+
return [attrKey, {
|
|
76
|
+
...definition,
|
|
77
|
+
name: display.reduce((names, _ref6) => {
|
|
78
|
+
let {
|
|
79
|
+
locale,
|
|
80
|
+
name
|
|
81
|
+
} = _ref6;
|
|
82
|
+
return {
|
|
83
|
+
...names,
|
|
84
|
+
[locale]: name
|
|
85
|
+
};
|
|
86
|
+
}, {})
|
|
87
|
+
}];
|
|
88
|
+
});
|
|
89
|
+
|
|
90
|
+
// attributes that are in the disclosure set
|
|
91
|
+
// but are not defined in the issuer configuration
|
|
92
|
+
const undefinedValues = disclosures.filter(_ => !Object.keys(definedValues).includes(_[1])).map(_ref7 => {
|
|
93
|
+
let [, key, value] = _ref7;
|
|
94
|
+
return [key, {
|
|
95
|
+
value,
|
|
96
|
+
mandatory: false,
|
|
97
|
+
name: key
|
|
98
|
+
}];
|
|
99
|
+
});
|
|
100
|
+
return {
|
|
101
|
+
...Object.fromEntries(definedValues),
|
|
102
|
+
...Object.fromEntries(undefinedValues)
|
|
103
|
+
};
|
|
104
|
+
};
|
|
105
|
+
|
|
106
|
+
/**
|
|
107
|
+
* Given a credential, verify it's in the supported format
|
|
108
|
+
* and the credential is correctly signed
|
|
109
|
+
* and it's bound to the given key
|
|
110
|
+
*
|
|
111
|
+
* @param rawCredential The received credential
|
|
112
|
+
* @param issuerKeys The set of public keys of the issuer,
|
|
113
|
+
* which will be used to verify the signature
|
|
114
|
+
* @param holderBindingContext The access to the holder's key
|
|
115
|
+
*
|
|
116
|
+
* @throws If the signature verification fails
|
|
117
|
+
* @throws If the credential is not in the SdJwt4VC format
|
|
118
|
+
* @throws If the holder binding is not properly configured
|
|
119
|
+
*
|
|
120
|
+
*/
|
|
121
|
+
async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingContext) {
|
|
122
|
+
const [decodedCredential, holderBindingKey] =
|
|
123
|
+
// parallel for optimization
|
|
124
|
+
await Promise.all([(0, _sdJwt.verify)(rawCredential, issuerKeys, _types.SdJwt4VC), holderBindingContext.getPublicKey()]);
|
|
125
|
+
const {
|
|
126
|
+
cnf
|
|
127
|
+
} = decodedCredential.sdJwt.payload;
|
|
128
|
+
if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
|
|
129
|
+
throw new _errors.IoWalletError(`Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`);
|
|
130
|
+
}
|
|
131
|
+
return decodedCredential;
|
|
132
|
+
}
|
|
133
|
+
|
|
134
|
+
// utility type that specialize VerifyAndParseCredential for given format
|
|
135
|
+
|
|
136
|
+
const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) => {
|
|
137
|
+
let {
|
|
138
|
+
credentialCryptoContext,
|
|
139
|
+
ignoreMissingAttributes
|
|
140
|
+
} = _ref8;
|
|
141
|
+
const decoded = await verifyCredentialSdJwt(credential, issuerConf.openid_credential_issuer.jwks.keys, credentialCryptoContext);
|
|
142
|
+
const parsedCredential = parseCredentialSdJwt(issuerConf.openid_credential_issuer.credentials_supported, decoded, ignoreMissingAttributes);
|
|
143
|
+
return {
|
|
144
|
+
parsedCredential
|
|
145
|
+
};
|
|
146
|
+
};
|
|
147
|
+
|
|
148
|
+
/**
|
|
149
|
+
* Verify and parse an encoded credential
|
|
150
|
+
*
|
|
151
|
+
* @param issuerConf The Issuer configuration
|
|
152
|
+
* @param credential The encoded credential
|
|
153
|
+
* @param format The format of the credentual
|
|
154
|
+
* @param context.credentialCryptoContext The context to access the key the Credential will be bound to
|
|
155
|
+
* @param context.ignoreMissingAttributes (optional) Whether to fail if a defined attribute is note present in the credentual. Default: false
|
|
156
|
+
* @returns A parsed credential with attributes in plain value
|
|
157
|
+
* @throws If the credential signature is not verified with the Issuer key set
|
|
158
|
+
* @throws If the credential is not bound to the provided user key
|
|
159
|
+
* @throws If the credential data fail to parse
|
|
160
|
+
*/
|
|
161
|
+
const verifyAndParseCredential = async (issuerConf, credential, format, context) => {
|
|
162
|
+
if (format === "vc+sd-jwt") {
|
|
163
|
+
return verifyAndParseCredentialSdJwt(issuerConf, credential, format, context);
|
|
164
|
+
}
|
|
165
|
+
const _ = format;
|
|
166
|
+
throw new _errors.IoWalletError(`Unsupported credential format: ${_}`);
|
|
167
|
+
};
|
|
168
|
+
exports.verifyAndParseCredential = verifyAndParseCredential;
|
|
169
|
+
//# sourceMappingURL=07-verify-and-parse-credential.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["_errors","require","_types","_sdJwt","parseCredentialSdJwt","credentials_supported","_ref","_credentials_supporte","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","credentialSubject","find","c","credential_definition","type","includes","payload","expected","flatMap","_","join","IoWalletError","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","mandatory","some","_ref3","name","missing","map","received","definedValues","_ref4","_disclosures$find","definition","value","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","_ref7","key","fromEntries","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","verifySdJwt","SdJwt4VC","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","parsedCredential","verifyAndParseCredential","format","context","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":";;;;;;AAGA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAcA;;AAmBA;;AAKA,MAAMG,oBAAoB,GAAG,SAAAA,CAE3BC,qBAAkH,EAAAC,IAAA,EAG7F;EAAA,IAAAC,qBAAA;EAAA,IAFrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAH,IAAA;EAAA,IAC9CI,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAExC;EACA;EACA,MAAMG,iBAAiB,IAAAP,qBAAA,GAAGF,qBAAqB,CAACU,IAAI,CAAEC,CAAC,IACrDA,CAAC,CAACC,qBAAqB,CAACC,IAAI,CAACC,QAAQ,CAACX,KAAK,CAACY,OAAO,CAACF,IAAI,CAC1D,CAAC,cAAAX,qBAAA,uBAFyBA,qBAAA,CAEvBU,qBAAqB,CAACH,iBAAiB;;EAE1C;EACA,IAAI,CAACA,iBAAiB,EAAE;IACtB,MAAMO,QAAQ,GAAGhB,qBAAqB,CACnCiB,OAAO,CAAEC,CAAC,IAAKA,CAAC,CAACN,qBAAqB,CAACC,IAAI,CAAC,CAC5CM,IAAI,CAAC,IAAI,CAAC;IACb,MAAM,IAAIC,qBAAa,CACpB,gEAA+DJ,QAAS,gBAAeb,KAAK,CAACY,OAAO,CAACF,IAAK,KAC7G,CAAC;EACH;;EAEA;EACA,MAAMQ,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACd,iBAAiB,CAAC;;EAEzD;EACA;EACA,MAAMe,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,EAAE;MAAEC;IAAU,CAAC,CAAC,GAAAF,KAAA;IAAA,OACvBE,SAAS,IAAI,CAACxB,WAAW,CAACyB,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKJ,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAACjB,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMyB,OAAO,GAAGR,qBAAqB,CAACS,GAAG,CAAEf,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMe,QAAQ,GAAG9B,WAAW,CAAC6B,GAAG,CAAEf,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE;IACA;IACA;IACA,IAAI,CAACd,uBAAuB,EAAE;MAC5B,MAAM,IAAIe,qBAAa,CACpB,4DAA2DY,OAAQ,iBAAgBE,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGd;EACpB;EAAA,CACCY,GAAG,CACFG,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACV,OAAO,EAAEW,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACET,OAAO,EACP;MACE,GAAGW,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAEjC,WAAW,CAACM,IAAI,CACpBQ,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKS,OAC7B,CAAC,cAAAU,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCJ,GAAG,CACFO,KAAA;IAAA,IAAC,CAACb,OAAO,EAAE;MAAEc,OAAO;MAAE,GAAGH;IAAW,CAAC,CAAC,GAAAE,KAAA;IAAA,OACpC,CACEb,OAAO,EACP;MACE,GAAGW,UAAU;MACbP,IAAI,EAAEU,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEd;QAAK,CAAC,GAAAa,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGd;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CAAC;;EAEH;EACA;EACA,MAAMe,eAAe,GAAG1C,WAAW,CAChCqB,MAAM,CAAEP,CAAC,IAAK,CAACI,MAAM,CAACyB,IAAI,CAACZ,aAAa,CAAC,CAACrB,QAAQ,CAACI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDe,GAAG,CAACe,KAAA;IAAA,IAAC,GAAGC,GAAG,EAAEV,KAAK,CAAC,GAAAS,KAAA;IAAA,OAAK,CAACC,GAAG,EAAE;MAAEV,KAAK;MAAEX,SAAS,EAAE,KAAK;MAAEG,IAAI,EAAEkB;IAAI,CAAC,CAAC;EAAA,EAAC;EAEzE,OAAO;IACL,GAAG3B,MAAM,CAAC4B,WAAW,CAACf,aAAa,CAAC;IACpC,GAAGb,MAAM,CAAC4B,WAAW,CAACJ,eAAe;EACvC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeK,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB,IAAAC,aAAW,EAACP,aAAa,EAAEC,UAAU,EAAEO,eAAQ,CAAC,EAChDN,oBAAoB,CAACO,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGP,iBAAiB,CAACpD,KAAK,CAACY,OAAO;EAE/C,IAAI,CAAC+C,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKR,gBAAgB,CAACQ,GAAG,EAAE;IACxD,MAAM,IAAI5C,qBAAa,CACpB,kDAAiDoC,gBAAgB,CAACQ,GAAI,UAAST,iBAAiB,CAACpD,KAAK,CAACY,OAAO,CAAC+C,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOT,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMU,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACVjD,CAAC,EAAAkD,KAAA,KAEE;EAAA,IADH;IAAEC,uBAAuB;IAAEhE;EAAwB,CAAC,GAAA+D,KAAA;EAEpD,MAAME,OAAO,GAAG,MAAMnB,qBAAqB,CACzCgB,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACzB,IAAI,EAC7CsB,uBACF,CAAC;EAED,MAAMI,gBAAgB,GAAG1E,oBAAoB,CAC3CmE,UAAU,CAACK,wBAAwB,CAACvE,qBAAqB,EACzDsE,OAAO,EACPjE,uBACF,CAAC;EAED,OAAO;IAAEoE;EAAiB,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,wBAAkD,GAAG,MAAAA,CAChER,UAAU,EACVC,UAAU,EACVQ,MAAM,EACNC,OAAO,KACJ;EACH,IAAID,MAAM,KAAK,WAAW,EAAE;IAC1B,OAAOV,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVQ,MAAM,EACNC,OACF,CAAC;EACH;EAEA,MAAM1D,CAAQ,GAAGyD,MAAM;EACvB,MAAM,IAAIvD,qBAAa,CAAE,kCAAiCF,CAAE,EAAC,CAAC;AAChE,CAAC;AAAC2D,OAAA,CAAAH,wBAAA,GAAAA,wBAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":[],"sourceRoot":"../../../../src","sources":["credential/issuance/08-confirm-credential.ts"],"mappings":""}
|
|
@@ -3,7 +3,12 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.ASSERTION_TYPE = void 0;
|
|
6
|
+
exports.SupportedCredentialFormat = exports.ASSERTION_TYPE = void 0;
|
|
7
|
+
var z = _interopRequireWildcard(require("zod"));
|
|
8
|
+
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
|
9
|
+
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
|
7
10
|
const ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
|
|
8
11
|
exports.ASSERTION_TYPE = ASSERTION_TYPE;
|
|
12
|
+
const SupportedCredentialFormat = z.literal("vc+sd-jwt");
|
|
13
|
+
exports.SupportedCredentialFormat = SupportedCredentialFormat;
|
|
9
14
|
//# sourceMappingURL=const.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["ASSERTION_TYPE","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":";;;;;;
|
|
1
|
+
{"version":3,"names":["z","_interopRequireWildcard","require","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","ASSERTION_TYPE","exports","SupportedCredentialFormat","literal"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAyB,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAClB,MAAMW,cAAc,GACzB,oEAAoE;AAACC,OAAA,CAAAD,cAAA,GAAAA,cAAA;AAKhE,MAAME,yBAAyB,GAAG3B,CAAC,CAAC4B,OAAO,CAAC,WAAW,CAAC;AAACF,OAAA,CAAAC,yBAAA,GAAAA,yBAAA"}
|
|
@@ -27,8 +27,15 @@ Object.defineProperty(exports, "startUserAuthorization", {
|
|
|
27
27
|
return _startUserAuthorization.startUserAuthorization;
|
|
28
28
|
}
|
|
29
29
|
});
|
|
30
|
+
Object.defineProperty(exports, "verifyAndParseCredential", {
|
|
31
|
+
enumerable: true,
|
|
32
|
+
get: function () {
|
|
33
|
+
return _verifyAndParseCredential.verifyAndParseCredential;
|
|
34
|
+
}
|
|
35
|
+
});
|
|
30
36
|
var _evaluateIssuerTrust = require("./02-evaluate-issuer-trust");
|
|
31
37
|
var _startUserAuthorization = require("./03-start-user-authorization");
|
|
32
38
|
var _authorizeAccess = require("./05-authorize-access");
|
|
33
39
|
var _obtainCredential = require("./06-obtain-credential");
|
|
40
|
+
var _verifyAndParseCredential = require("./07-verify-and-parse-credential");
|
|
34
41
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_evaluateIssuerTrust","require","_startUserAuthorization","_authorizeAccess","_obtainCredential"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":"
|
|
1
|
+
{"version":3,"names":["_evaluateIssuerTrust","require","_startUserAuthorization","_authorizeAccess","_obtainCredential","_verifyAndParseCredential"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,IAAAA,oBAAA,GAAAC,OAAA;AAIA,IAAAC,uBAAA,GAAAD,OAAA;AAKA,IAAAE,gBAAA,GAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA;AAIA,IAAAI,yBAAA,GAAAJ,OAAA"}
|
|
@@ -32,7 +32,7 @@ const QRCodePayload = z.object({
|
|
|
32
32
|
* @returns The url for the Relying Party to connect with
|
|
33
33
|
* @throws If the provided qr code fails to be decoded
|
|
34
34
|
*/
|
|
35
|
-
const startFlowFromQR =
|
|
35
|
+
const startFlowFromQR = qrcode => {
|
|
36
36
|
const decoded = (0, _ioReactNativeJwt.decodeBase64)(qrcode);
|
|
37
37
|
const decodedUrl = new URL(decoded);
|
|
38
38
|
const protocol = decodedUrl.protocol;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","_interopRequireWildcard","require","_ioReactNativeJwt","_errors","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","QRCodePayload","object","protocol","string","resource","clientId","requestURI","startFlowFromQR","qrcode","decoded","decodeBase64","decodedUrl","URL","hostname","searchParams","result","safeParse","success","data","AuthRequestDecodeError","error","message","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,iBAAA,GAAAD,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AAA4D,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAE5D,MAAMW,aAAa,GAAG3B,CAAC,CAAC4B,MAAM,CAAC;EAC7BC,QAAQ,EAAE7B,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACpBC,QAAQ,EAAE/B,CAAC,CAAC8B,MAAM,CAAC,CAAC;EAAE;EACtBE,QAAQ,EAAEhC,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACpBG,UAAU,EAAEjC,CAAC,CAAC8B,MAAM,CAAC;AACvB,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMI,eAAoC,
|
|
1
|
+
{"version":3,"names":["z","_interopRequireWildcard","require","_ioReactNativeJwt","_errors","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","QRCodePayload","object","protocol","string","resource","clientId","requestURI","startFlowFromQR","qrcode","decoded","decodeBase64","decodedUrl","URL","hostname","searchParams","result","safeParse","success","data","AuthRequestDecodeError","error","message","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,iBAAA,GAAAD,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AAA4D,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAE5D,MAAMW,aAAa,GAAG3B,CAAC,CAAC4B,MAAM,CAAC;EAC7BC,QAAQ,EAAE7B,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACpBC,QAAQ,EAAE/B,CAAC,CAAC8B,MAAM,CAAC,CAAC;EAAE;EACtBE,QAAQ,EAAEhC,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACpBG,UAAU,EAAEjC,CAAC,CAAC8B,MAAM,CAAC;AACvB,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMI,eAAoC,GAAIC,MAAM,IAAK;EAC9D,MAAMC,OAAO,GAAG,IAAAC,8BAAY,EAACF,MAAM,CAAC;EACpC,MAAMG,UAAU,GAAG,IAAIC,GAAG,CAACH,OAAO,CAAC;EACnC,MAAMP,QAAQ,GAAGS,UAAU,CAACT,QAAQ;EACpC,MAAME,QAAQ,GAAGO,UAAU,CAACE,QAAQ;EACpC,MAAMP,UAAU,GAAGK,UAAU,CAACG,YAAY,CAAC1B,GAAG,CAAC,aAAa,CAAC;EAC7D,MAAMiB,QAAQ,GAAGM,UAAU,CAACG,YAAY,CAAC1B,GAAG,CAAC,WAAW,CAAC;EAEzD,MAAM2B,MAAM,GAAGf,aAAa,CAACgB,SAAS,CAAC;IACrCd,QAAQ;IACRE,QAAQ;IACRE,UAAU;IACVD;EACF,CAAC,CAAC;EAEF,IAAIU,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIC,8BAAsB,CAACJ,MAAM,CAACK,KAAK,CAACC,OAAO,EAAG,GAAEV,UAAW,EAAC,CAAC;EACzE;AACF,CAAC;AAACW,OAAA,CAAAf,eAAA,GAAAA,eAAA"}
|
package/lib/commonjs/index.js
CHANGED
|
@@ -15,7 +15,7 @@ Object.defineProperty(exports, "AuthorizationDetails", {
|
|
|
15
15
|
return _par.AuthorizationDetails;
|
|
16
16
|
}
|
|
17
17
|
});
|
|
18
|
-
exports.WalletInstanceAttestation = exports.Trust = exports.PID = exports.Errors = exports.Credential = void 0;
|
|
18
|
+
exports.WalletInstanceAttestation = exports.Trust = exports.SdJwt = exports.PID = exports.Errors = exports.Credential = void 0;
|
|
19
19
|
Object.defineProperty(exports, "createCryptoContextFor", {
|
|
20
20
|
enumerable: true,
|
|
21
21
|
get: function () {
|
|
@@ -27,6 +27,8 @@ var Credential = _interopRequireWildcard(require("./credential"));
|
|
|
27
27
|
exports.Credential = Credential;
|
|
28
28
|
var PID = _interopRequireWildcard(require("./pid"));
|
|
29
29
|
exports.PID = PID;
|
|
30
|
+
var SdJwt = _interopRequireWildcard(require("./sd-jwt"));
|
|
31
|
+
exports.SdJwt = SdJwt;
|
|
30
32
|
var Errors = _interopRequireWildcard(require("./utils/errors"));
|
|
31
33
|
exports.Errors = Errors;
|
|
32
34
|
var WalletInstanceAttestation = _interopRequireWildcard(require("./wallet-instance-attestation"));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["require","Credential","_interopRequireWildcard","exports","PID","Errors","WalletInstanceAttestation","Trust","_par","_crypto","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAEAA,OAAA;AAEA,IAAAC,UAAA,GAAAC,uBAAA,CAAAF,OAAA;AAA2CG,OAAA,CAAAF,UAAA,GAAAA,UAAA;AAC3C,IAAAG,GAAA,GAAAF,uBAAA,CAAAF,OAAA;AAA6BG,OAAA,CAAAC,GAAA,GAAAA,GAAA;AAC7B,IAAAC,
|
|
1
|
+
{"version":3,"names":["require","Credential","_interopRequireWildcard","exports","PID","SdJwt","Errors","WalletInstanceAttestation","Trust","_par","_crypto","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAEAA,OAAA;AAEA,IAAAC,UAAA,GAAAC,uBAAA,CAAAF,OAAA;AAA2CG,OAAA,CAAAF,UAAA,GAAAA,UAAA;AAC3C,IAAAG,GAAA,GAAAF,uBAAA,CAAAF,OAAA;AAA6BG,OAAA,CAAAC,GAAA,GAAAA,GAAA;AAC7B,IAAAC,KAAA,GAAAH,uBAAA,CAAAF,OAAA;AAAkCG,OAAA,CAAAE,KAAA,GAAAA,KAAA;AAClC,IAAAC,MAAA,GAAAJ,uBAAA,CAAAF,OAAA;AAAyCG,OAAA,CAAAG,MAAA,GAAAA,MAAA;AACzC,IAAAC,yBAAA,GAAAL,uBAAA,CAAAF,OAAA;AAA2EG,OAAA,CAAAI,yBAAA,GAAAA,yBAAA;AAC3E,IAAAC,KAAA,GAAAN,uBAAA,CAAAF,OAAA;AAAiCG,OAAA,CAAAK,KAAA,GAAAA,KAAA;AACjC,IAAAC,IAAA,GAAAT,OAAA;AACA,IAAAU,OAAA,GAAAV,OAAA;AAAwD,SAAAW,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAV,wBAAAc,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
|
|
3
|
+
var _zod = require("zod");
|
|
3
4
|
var _index = require("../index");
|
|
4
5
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
5
6
|
var _types = require("../types");
|
|
6
|
-
// Examples from https://www.ietf.org/id/draft-terbu-sd-jwt-vc-02.html#name-example-4
|
|
7
|
+
// Examples from https://www.ietf.org/archive/id/draft-terbu-sd-jwt-vc-02.html#name-example-4
|
|
7
8
|
// but adapted to adhere to format declared in https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/pid-eaa-data-model.html#id2
|
|
8
9
|
// In short, the token is a Frankenstein composed as follows:
|
|
9
10
|
// - the header is taken from the italian specification, with kid and alg valued according to the signing keys
|
|
@@ -76,6 +77,37 @@ describe("decode", () => {
|
|
|
76
77
|
}))
|
|
77
78
|
});
|
|
78
79
|
});
|
|
80
|
+
it("should decode with default decoder", () => {
|
|
81
|
+
const result = (0, _index.decode)(token);
|
|
82
|
+
expect(result).toEqual({
|
|
83
|
+
sdJwt,
|
|
84
|
+
disclosures: disclosures.map((decoded, i) => ({
|
|
85
|
+
decoded,
|
|
86
|
+
encoded: tokenizedDisclosures[i]
|
|
87
|
+
}))
|
|
88
|
+
});
|
|
89
|
+
});
|
|
90
|
+
it("should accept only decoders that extend SdJwt4VC", () => {
|
|
91
|
+
const validDecoder = _types.SdJwt4VC.and(_zod.z.object({
|
|
92
|
+
payload: _zod.z.object({
|
|
93
|
+
customField: _zod.z.string()
|
|
94
|
+
})
|
|
95
|
+
}));
|
|
96
|
+
const invalidDecoder = _zod.z.object({
|
|
97
|
+
payload: _zod.z.object({
|
|
98
|
+
customField: _zod.z.string()
|
|
99
|
+
})
|
|
100
|
+
});
|
|
101
|
+
try {
|
|
102
|
+
// ts is fine
|
|
103
|
+
(0, _index.decode)(token, validDecoder);
|
|
104
|
+
// @ts-expect-error break types
|
|
105
|
+
(0, _index.decode)(token, invalidDecoder);
|
|
106
|
+
} catch (error) {
|
|
107
|
+
// ignore actual result, just focus on types
|
|
108
|
+
// spot the error during type checking phase
|
|
109
|
+
}
|
|
110
|
+
});
|
|
79
111
|
});
|
|
80
112
|
describe("disclose", () => {
|
|
81
113
|
it("should encode a valid sdjwt (one claim)", async () => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["_zod","require","_index","_ioReactNativeJwt","_types","token","unsigned","signature","signed","tokenizedDisclosures","sdJwt","header","typ","alg","kid","trust_chain","payload","iss","sub","jti","iat","exp","status","cnf","jwk","kty","use","n","e","type","verified_claims","verification","_sd","trust_framework","assurance_level","claims","_sd_alg","disclosures","street_address","locality","region","country","it","expect","JSON","parse","decodeBase64","encodeBase64","stringify","toEqual","join","toBe","describe","result","decode","SdJwt4VC","map","decoded","i","encoded","validDecoder","and","z","object","customField","string","invalidDecoder","error","disclose","expected","paths","claim","path","fn","rejects","any","Error"],"sourceRoot":"../../../../src","sources":["sd-jwt/__test__/index.test.ts"],"mappings":";;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AAEA,IAAAE,iBAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMI,KAAK,GACT,kvEAAkvE;AAEpvE,MAAMC,QAAQ,GACZ,87CAA87C;AAEh8C,MAAMC,SAAS,GACb,wFAAwF;AAE1F,MAAMC,MAAM,GAAI,GAAEF,QAAS,IAAGC,SAAU,EAAC;AAEzC,MAAME,oBAAoB,GAAG,CAC3B,kEAAkE,EAClE,kEAAkE,EAClE,gFAAgF,EAChF,oFAAoF,EACpF,yEAAyE,EACzE,gEAAgE,EAChE,gEAAgE,EAChE,gEAAgE,EAChE,qLAAqL,CACtL;AAED,MAAMC,KAAK,GAAG;EACZC,MAAM,EAAE;IACNC,GAAG,EAAE,WAAW;IAChBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,kCAAkC;IACvCC,WAAW,EAAE,CACX,kCAAkC,EAClC,kCAAkC,EAClC,kCAAkC;EAEtC,CAAC;EACDC,OAAO,EAAE;IACPC,GAAG,EAAE,4BAA4B;IACjCC,GAAG,EAAE,sCAAsC;IAC3CC,GAAG,EAAE,+CAA+C;IACpDC,GAAG,EAAE,UAAU;IACfC,GAAG,EAAE,UAAU;IACfC,MAAM,EAAE,4BAA4B;IACpCC,GAAG,EAAE;MACHC,GAAG,EAAE;QACHC,GAAG,EAAE,KAAK;QACVC,GAAG,EAAE,KAAK;QACVC,CAAC,EAAE,QAAQ;QACXC,CAAC,EAAE,MAAM;QACTd,GAAG,EAAE;MACP;IACF,CAAC;IACDe,IAAI,EAAE,0BAA0B;IAChCC,eAAe,EAAE;MACfC,YAAY,EAAE;QACZC,GAAG,EAAE,CAAC,6CAA6C,CAAC;QACpDC,eAAe,EAAE,OAAO;QACxBC,eAAe,EAAE;MACnB,CAAC;MACDC,MAAM,EAAE;QACNH,GAAG,EAAE,CACH,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C;MAEjD;IACF,CAAC;IACDI,OAAO,EAAE;EACX;AACF,CAAC;;AAED;AACA,MAAMC,WAAW,GAAG,CAClB,CAAC,wBAAwB,EAAE,YAAY,EAAE,MAAM,CAAC,EAChD,CAAC,wBAAwB,EAAE,aAAa,EAAE,KAAK,CAAC,EAChD,CAAC,wBAAwB,EAAE,OAAO,EAAE,qBAAqB,CAAC,EAC1D,CAAC,wBAAwB,EAAE,cAAc,EAAE,iBAAiB,CAAC,EAC7D,CAAC,wBAAwB,EAAE,WAAW,EAAE,YAAY,CAAC,EACrD,CAAC,wBAAwB,EAAE,YAAY,EAAE,IAAI,CAAC,EAC9C,CAAC,wBAAwB,EAAE,YAAY,EAAE,IAAI,CAAC,EAC9C,CAAC,wBAAwB,EAAE,YAAY,EAAE,IAAI,CAAC,EAC9C,CACE,wBAAwB,EACxB,SAAS,EACT;EACEC,cAAc,EAAE,aAAa;EAC7BC,QAAQ,EAAE,SAAS;EACnBC,MAAM,EAAE,UAAU;EAClBC,OAAO,EAAE;AACX,CAAC,CACF,CACF;AACDC,EAAE,CAAC,kCAAkC,EAAE,MAAM;EAC3CC,MAAM,CACJC,IAAI,CAACC,KAAK,CAAC,IAAAC,8BAAY,EAAC,IAAAC,8BAAY,EAACH,IAAI,CAACI,SAAS,CAACtC,KAAK,CAACC,MAAM,CAAC,CAAC,CAAC,CACrE,CAAC,CAACsC,OAAO,CAACvC,KAAK,CAACC,MAAM,CAAC;EACvBgC,MAAM,CAAC,CAACnC,MAAM,EAAE,GAAGC,oBAAoB,CAAC,CAACyC,IAAI,CAAC,GAAG,CAAC,CAAC,CAACC,IAAI,CAAC9C,KAAK,CAAC;AACjE,CAAC,CAAC;AAEF+C,QAAQ,CAAC,QAAQ,EAAE,MAAM;EACvBV,EAAE,CAAC,6BAA6B,EAAE,MAAM;IACtC,MAAMW,MAAM,GAAG,IAAAC,aAAM,EAACjD,KAAK,EAAEkD,eAAQ,CAAC;IACtCZ,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAAC;MACrBvC,KAAK;MACL2B,WAAW,EAAEA,WAAW,CAACmB,GAAG,CAAC,CAACC,OAAO,EAAEC,CAAC,MAAM;QAC5CD,OAAO;QACPE,OAAO,EAAElD,oBAAoB,CAACiD,CAAC;MACjC,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC,CAAC;EAEFhB,EAAE,CAAC,oCAAoC,EAAE,MAAM;IAC7C,MAAMW,MAAM,GAAG,IAAAC,aAAM,EAACjD,KAAK,CAAC;IAC5BsC,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAAC;MACrBvC,KAAK;MACL2B,WAAW,EAAEA,WAAW,CAACmB,GAAG,CAAC,CAACC,OAAO,EAAEC,CAAC,MAAM;QAC5CD,OAAO;QACPE,OAAO,EAAElD,oBAAoB,CAACiD,CAAC;MACjC,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC,CAAC;EAEFhB,EAAE,CAAC,kDAAkD,EAAE,MAAM;IAC3D,MAAMkB,YAAY,GAAGL,eAAQ,CAACM,GAAG,CAC/BC,MAAC,CAACC,MAAM,CAAC;MAAE/C,OAAO,EAAE8C,MAAC,CAACC,MAAM,CAAC;QAAEC,WAAW,EAAEF,MAAC,CAACG,MAAM,CAAC;MAAE,CAAC;IAAE,CAAC,CAC7D,CAAC;IACD,MAAMC,cAAc,GAAGJ,MAAC,CAACC,MAAM,CAAC;MAC9B/C,OAAO,EAAE8C,MAAC,CAACC,MAAM,CAAC;QAAEC,WAAW,EAAEF,MAAC,CAACG,MAAM,CAAC;MAAE,CAAC;IAC/C,CAAC,CAAC;IAEF,IAAI;MACF;MACA,IAAAX,aAAM,EAACjD,KAAK,EAAEuD,YAAY,CAAC;MAC3B;MACA,IAAAN,aAAM,EAACjD,KAAK,EAAE6D,cAAc,CAAC;IAC/B,CAAC,CAAC,OAAOC,KAAK,EAAE;MACd;MACA;IAAA;EAEJ,CAAC,CAAC;AACJ,CAAC,CAAC;AAEFf,QAAQ,CAAC,UAAU,EAAE,MAAM;EACzBV,EAAE,CAAC,yCAAyC,EAAE,YAAY;IACxD,MAAMW,MAAM,GAAG,MAAM,IAAAe,eAAQ,EAAC/D,KAAK,EAAE,CAAC,YAAY,CAAC,CAAC;IACpD,MAAMgE,QAAQ,GAAG;MACfhE,KAAK,EAAG,GAAEG,MAAO,mEAAkE;MACnF8D,KAAK,EAAE,CAAC;QAAEC,KAAK,EAAE,YAAY;QAAEC,IAAI,EAAE;MAAgC,CAAC;IACxE,CAAC;IAED7B,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAACoB,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEF3B,EAAE,CAAC,yCAAyC,EAAE,YAAY;IACxD,MAAMW,MAAM,GAAG,MAAM,IAAAe,eAAQ,EAAC/D,KAAK,EAAE,EAAE,CAAC;IACxC,MAAMgE,QAAQ,GAAG;MAAEhE,KAAK,EAAG,GAAEG,MAAO,EAAC;MAAE8D,KAAK,EAAE;IAAG,CAAC;IAElD3B,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAACoB,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEF3B,EAAE,CAAC,+CAA+C,EAAE,YAAY;IAC9D,MAAMW,MAAM,GAAG,MAAM,IAAAe,eAAQ,EAAC/D,KAAK,EAAE,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAC7D,MAAMgE,QAAQ,GAAG;MACfhE,KAAK,EAAG,GAAEG,MAAO,kJAAiJ;MAClK8D,KAAK,EAAE,CACL;QACEC,KAAK,EAAE,YAAY;QACnBC,IAAI,EAAE;MACR,CAAC,EACD;QACED,KAAK,EAAE,OAAO;QACdC,IAAI,EAAE;MACR,CAAC;IAEL,CAAC;IAED7B,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAACoB,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEF3B,EAAE,CAAC,8BAA8B,EAAE,YAAY;IAC7C,MAAM+B,EAAE,GAAG,MAAAA,CAAA,KAAY,IAAAL,eAAQ,EAAC/D,KAAK,EAAE,CAAC,SAAS,CAAC,CAAC;IAEnD,MAAMsC,MAAM,CAAC8B,EAAE,CAAC,CAAC,CAAC,CAACC,OAAO,CAACzB,OAAO,CAACN,MAAM,CAACgC,GAAG,CAACC,KAAK,CAAC,CAAC;EACvD,CAAC,CAAC;AACJ,CAAC,CAAC"}
|
|
@@ -3,6 +3,12 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
+
Object.defineProperty(exports, "SdJwt4VC", {
|
|
7
|
+
enumerable: true,
|
|
8
|
+
get: function () {
|
|
9
|
+
return _types.SdJwt4VC;
|
|
10
|
+
}
|
|
11
|
+
});
|
|
6
12
|
exports.verify = exports.disclose = exports.decode = void 0;
|
|
7
13
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
8
14
|
var _types = require("./types");
|
|
@@ -25,12 +31,12 @@ const decodeDisclosure = encoded => {
|
|
|
25
31
|
*
|
|
26
32
|
* @function
|
|
27
33
|
* @param token The encoded token that represents a valid sd-jwt for verifiable credentials
|
|
28
|
-
* @param
|
|
34
|
+
* @param customSchema (optional) Schema to use to parse the SD-JWT. Default: SdJwt4VC
|
|
29
35
|
*
|
|
30
36
|
* @returns The parsed SD-JWT token and the parsed disclosures
|
|
31
37
|
*
|
|
32
38
|
*/
|
|
33
|
-
const decode = (token,
|
|
39
|
+
const decode = (token, customSchema) => {
|
|
34
40
|
// token are expected in the form "sd-jwt~disclosure0~disclosure1~...~disclosureN~"
|
|
35
41
|
if (token.slice(-1) === "~") {
|
|
36
42
|
token = token.slice(0, -1);
|
|
@@ -40,7 +46,10 @@ const decode = (token, schema) => {
|
|
|
40
46
|
// get the sd-jwt as object
|
|
41
47
|
// validate it's a valid SD-JWT for Verifiable Credentials
|
|
42
48
|
const decodedJwt = (0, _ioReactNativeJwt.decode)(rawSdJwt);
|
|
43
|
-
|
|
49
|
+
|
|
50
|
+
// use a custom parsed if provided, otherwise use base SdJwt4VC
|
|
51
|
+
const parser = customSchema || _types.SdJwt4VC;
|
|
52
|
+
const sdJwt = parser.parse({
|
|
44
53
|
header: decodedJwt.protectedHeader,
|
|
45
54
|
payload: decodedJwt.payload
|
|
46
55
|
});
|
|
@@ -134,16 +143,16 @@ const disclose = async (token, claims) => {
|
|
|
134
143
|
*
|
|
135
144
|
* @param token The encoded token that represents a valid sd-jwt for verifiable credentials
|
|
136
145
|
* @param publicKey The single public key or an array of public keys to validate the signature.
|
|
137
|
-
* @param
|
|
146
|
+
* @param customSchema Schema to use to parse the SD-JWT
|
|
138
147
|
*
|
|
139
148
|
* @returns The parsed SD-JWT token and the parsed disclosures
|
|
140
149
|
*
|
|
141
150
|
*/
|
|
142
151
|
exports.disclose = disclose;
|
|
143
|
-
const verify = async (token, publicKey,
|
|
152
|
+
const verify = async (token, publicKey, customSchema) => {
|
|
144
153
|
// get decoded data
|
|
145
154
|
const [rawSdJwt = ""] = token.split("~");
|
|
146
|
-
const decoded = decode(token,
|
|
155
|
+
const decoded = decode(token, customSchema);
|
|
147
156
|
|
|
148
157
|
//Check signature
|
|
149
158
|
await (0, _ioReactNativeJwt.verify)(rawSdJwt, publicKey);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_types","_verifier","_errors","decodeDisclosure","encoded","decoded","Disclosure","parse","JSON","decodeBase64","decode","token","
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_types","_verifier","_errors","decodeDisclosure","encoded","decoded","Disclosure","parse","JSON","decodeBase64","decode","token","customSchema","slice","rawSdJwt","rawDisclosures","split","decodedJwt","decodeJwt","parser","SdJwt4VC","sdJwt","header","protectedHeader","payload","disclosures","map","exports","disclose","claims","paths","Promise","all","claim","disclosure","find","_ref","name","ClaimsNotFoundBetweenDislosures","hash","sha256ToBase64","verified_claims","_sd","includes","index","indexOf","path","verification","ClaimsNotFoundInToken","filteredDisclosures","filter","d","disclosedToken","join","verify","publicKey","verifyJwt","verifyDisclosure"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":";;;;;;;;;;;;AAEA,IAAAA,iBAAA,GAAAC,OAAA;AAKA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,SAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AAKA,MAAMI,gBAAgB,GAAIC,OAAe,IAA4B;EACnE,MAAMC,OAAO,GAAGC,iBAAU,CAACC,KAAK,CAACC,IAAI,CAACD,KAAK,CAAC,IAAAE,8BAAY,EAACL,OAAO,CAAC,CAAC,CAAC;EACnE,OAAO;IAAEC,OAAO;IAAED;EAAQ,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMM,MAAM,GAAGA,CACpBC,KAAa,EACbC,YAAgB,KAIb;EACH;EACA,IAAID,KAAK,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE;IAC3BF,KAAK,GAAGA,KAAK,CAACE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;EAC5B;EACA,MAAM,CAACC,QAAQ,GAAG,EAAE,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;;EAE3D;EACA;EACA,MAAMC,UAAU,GAAG,IAAAC,wBAAS,EAACJ,QAAQ,CAAC;;EAEtC;EACA,MAAMK,MAAM,GAAGP,YAAY,IAAIQ,eAAQ;EAEvC,MAAMC,KAAK,GAAGF,MAAM,CAACZ,KAAK,CAAC;IACzBe,MAAM,EAAEL,UAAU,CAACM,eAAe;IAClCC,OAAO,EAAEP,UAAU,CAACO;EACtB,CAAC,CAAC;;EAEF;EACA;EACA;EACA,MAAMC,WAAW,GAAGV,cAAc,CAACW,GAAG,CAACvB,gBAAgB,CAAC;EAExD,OAAO;IAAEkB,KAAK;IAAEI;EAAY,CAAC;AAC/B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAZAE,OAAA,CAAAjB,MAAA,GAAAA,MAAA;AAaO,MAAMkB,QAAQ,GAAG,MAAAA,CACtBjB,KAAa,EACbkB,MAAgB,KACyD;EACzE,MAAM,CAACf,QAAQ,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACtD,MAAM;IAAEK,KAAK;IAAEI;EAAY,CAAC,GAAGf,MAAM,CAACC,KAAK,EAAES,eAAQ,CAAC;;EAEtD;EACA,MAAMU,KAAK,GAAG,MAAMC,OAAO,CAACC,GAAG,CAC7BH,MAAM,CAACH,GAAG,CAAC,MAAOO,KAAK,IAAK;IAC1B,MAAMC,UAAU,GAAGT,WAAW,CAACU,IAAI,CACjCC,IAAA;MAAA,IAAC;QAAE/B,OAAO,EAAE,GAAGgC,IAAI;MAAE,CAAC,GAAAD,IAAA;MAAA,OAAKC,IAAI,KAAKJ,KAAK;IAAA,CAC3C,CAAC;;IAED;IACA,IAAI,CAACC,UAAU,EAAE;MACf,MAAM,IAAII,uCAA+B,CAACL,KAAK,CAAC;IAClD;IAEA,MAAMM,IAAI,GAAG,MAAM,IAAAC,gCAAc,EAACN,UAAU,CAAC9B,OAAO,CAAC;;IAErD;IACA;IACA,IAAIiB,KAAK,CAACG,OAAO,CAACiB,eAAe,CAACZ,MAAM,CAACa,GAAG,CAACC,QAAQ,CAACJ,IAAI,CAAC,EAAE;MAC3D,MAAMK,KAAK,GAAGvB,KAAK,CAACG,OAAO,CAACiB,eAAe,CAACZ,MAAM,CAACa,GAAG,CAACG,OAAO,CAACN,IAAI,CAAC;MACpE,OAAO;QAAEN,KAAK;QAAEa,IAAI,EAAG,8BAA6BF,KAAM;MAAG,CAAC;IAChE,CAAC,MAAM,IACLvB,KAAK,CAACG,OAAO,CAACiB,eAAe,CAACM,YAAY,CAACL,GAAG,CAACC,QAAQ,CAACJ,IAAI,CAAC,EAC7D;MACA,MAAMK,KAAK,GACTvB,KAAK,CAACG,OAAO,CAACiB,eAAe,CAACM,YAAY,CAACL,GAAG,CAACG,OAAO,CAACN,IAAI,CAAC;MAC9D,OAAO;QAAEN,KAAK;QAAEa,IAAI,EAAG,oCAAmCF,KAAM;MAAG,CAAC;IACtE;IAEA,MAAM,IAAII,6BAAqB,CAACf,KAAK,CAAC;EACxC,CAAC,CACH,CAAC;EAED,MAAMgB,mBAAmB,GAAGlC,cAAc,CAACmC,MAAM,CAAEC,CAAC,IAAK;IACvD,MAAM;MACJ9C,OAAO,EAAE,GAAGgC,IAAI;IAClB,CAAC,GAAGlC,gBAAgB,CAACgD,CAAC,CAAC;IACvB,OAAOtB,MAAM,CAACc,QAAQ,CAACN,IAAI,CAAC;EAC9B,CAAC,CAAC;;EAEF;EACA,MAAMe,cAAc,GAAG,CAACtC,QAAQ,EAAE,GAAGmC,mBAAmB,CAAC,CAACI,IAAI,CAAC,GAAG,CAAC;EAEnE,OAAO;IAAE1C,KAAK,EAAEyC,cAAc;IAAEtB;EAAM,CAAC;AACzC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAfAH,OAAA,CAAAC,QAAA,GAAAA,QAAA;AAgBO,MAAM0B,MAAM,GAAG,MAAAA,CACpB3C,KAAa,EACb4C,SAAsB,EACtB3C,YAAgB,KAC8C;EAC9D;EACA,MAAM,CAACE,QAAQ,GAAG,EAAE,CAAC,GAAGH,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACxC,MAAMX,OAAO,GAAGK,MAAM,CAACC,KAAK,EAAEC,YAAY,CAAC;;EAE3C;EACA,MAAM,IAAA4C,wBAAS,EAAC1C,QAAQ,EAAEyC,SAAS,CAAC;;EAEpC;EACA,MAAM1B,MAAM,GAAG,CACb,GAAGxB,OAAO,CAACgB,KAAK,CAACG,OAAO,CAACiB,eAAe,CAACM,YAAY,CAACL,GAAG,EACzD,GAAGrC,OAAO,CAACgB,KAAK,CAACG,OAAO,CAACiB,eAAe,CAACZ,MAAM,CAACa,GAAG,CACpD;EAED,MAAMX,OAAO,CAACC,GAAG,CACf3B,OAAO,CAACoB,WAAW,CAACC,GAAG,CACrB,MAAOQ,UAAU,IAAK,MAAM,IAAAuB,0BAAgB,EAACvB,UAAU,EAAEL,MAAM,CACjE,CACF,CAAC;EAED,OAAO;IACLR,KAAK,EAAEhB,OAAO,CAACgB,KAAK;IACpBI,WAAW,EAAEpB,OAAO,CAACoB,WAAW,CAACC,GAAG,CAAEyB,CAAC,IAAKA,CAAC,CAAC9C,OAAO;EACvD,CAAC;AACH,CAAC;AAACsB,OAAA,CAAA2B,MAAA,GAAAA,MAAA"}
|
|
@@ -27,7 +27,7 @@ const Disclosure = _zod.z.tuple([/* salt */_zod.z.string(), /* claim name */_zod
|
|
|
27
27
|
* For such reason, we may find conveninent to have encoded and decode values stored explicitly in the same structure.
|
|
28
28
|
* Please note that `encoded` can always decode into `decode`, but `decode` may or may not be encoded with the same value of `encoded`
|
|
29
29
|
*
|
|
30
|
-
* @see https://www.ietf.org/id/draft-ietf-oauth-selective-disclosure-jwt-05.html#name-disclosures-for-object-prop
|
|
30
|
+
* @see https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-05.html#name-disclosures-for-object-prop
|
|
31
31
|
*/
|
|
32
32
|
exports.Disclosure = Disclosure;
|
|
33
33
|
const SdJwt4VC = _zod.z.object({
|
|
@@ -81,6 +81,10 @@ const EntityConfigurationHeader = z.object({
|
|
|
81
81
|
alg: z.string(),
|
|
82
82
|
kid: z.string()
|
|
83
83
|
});
|
|
84
|
+
|
|
85
|
+
/**
|
|
86
|
+
* @see https://openid.net/specs/openid-connect-federation-1_0-29.html#name-federation-entity
|
|
87
|
+
*/
|
|
84
88
|
exports.EntityConfigurationHeader = EntityConfigurationHeader;
|
|
85
89
|
const FederationEntityMetadata = z.object({
|
|
86
90
|
federation_fetch_endpoint: z.string().optional(),
|
|
@@ -88,6 +92,7 @@ const FederationEntityMetadata = z.object({
|
|
|
88
92
|
federation_resolve_endpoint: z.string().optional(),
|
|
89
93
|
federation_trust_mark_status_endpoint: z.string().optional(),
|
|
90
94
|
federation_trust_mark_list_endpoint: z.string().optional(),
|
|
95
|
+
organization_name: z.string().optional(),
|
|
91
96
|
homepage_uri: z.string().optional(),
|
|
92
97
|
policy_uri: z.string().optional(),
|
|
93
98
|
logo_uri: z.string().optional(),
|