@pagopa/io-react-native-wallet 1.1.1 → 1.2.2

package/lib/commonjs/credential/presentation/05-send-authorization-response.js

@@ -1,139 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.sendAuthorizationResponse = exports.AuthorizationResponse = void 0;
-var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
-var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
-var WalletInstanceAttestation = _interopRequireWildcard(require("../../wallet-instance-attestation"));
-var _errors = require("./errors");
-var _misc = require("../../utils/misc");
-var _sdJwt = require("../../sd-jwt");
-var z = _interopRequireWildcard(require("zod"));
-function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
-function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
-function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
-const AuthorizationResponse = z.object({
-  status: z.string(),
-  response_code: z.string() /**
-                            FIXME: [SIW-627] we expect this value from every RP implementation
-                            Actually some RP does not return the value
-                            We make it optional to not break the flow.
-                            */.optional()
-});
-
-/**
- * Choose an RSA public key from those offered by the RP for encryption.
- *
- * @param entity The RP entity configuration
- * @returns A suitable public key with its compatible encryption algorithm
- * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
- */
-exports.AuthorizationResponse = AuthorizationResponse;
-const chooseRSAPublicKeyToEncrypt = entity => {
-  const [usingRsa256] = entity.wallet_relying_party.jwks.keys.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
-  if (usingRsa256) {
-    return usingRsa256;
-  }
-
-  // No suitable key has been found
-  throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
-};
-
-/**
- * Generate a Verified Presentation token for a received request object within the context of an authorization request flow.
- * The presentation is created by revealing data from the provided credentials based on the requested claims.
- * Each Verified Credential is accompanied by the claims that the user consents to disclose from it.
- *
- * @todo: Allow for handling more than one Verified Credential.
- */
-const prepareVpToken = async (requestObject, walletInstanceAttestation, _ref) => {
-  let [vc, claims, cryptoCtx] = _ref;
-  // this throws if vc cannot satisfy all the requested claims
-  const {
-    token: vp,
-    paths
-  } = await (0, _sdJwt.disclose)(vc, claims);
-
-  // obtain issuer from Wallet Instance
-  const {
-    payload: {
-      iss
-    }
-  } = WalletInstanceAttestation.decode(walletInstanceAttestation);
-  const pidKid = await cryptoCtx.getPublicKey().then(_ => _.kid);
-
-  // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
-  const vp_token = await new _ioReactNativeJwt.SignJWT(cryptoCtx).setProtectedHeader({
-    typ: "JWT",
-    kid: pidKid
-  }).setPayload({
-    vp: vp,
-    jti: `${_reactNativeUuid.default.v4()}`,
-    iss,
-    nonce: requestObject.nonce
-  }).setAudience(requestObject.response_uri).setIssuedAt().setExpirationTime("1h").sign();
-  const vc_scope = requestObject.scope;
-  const presentation_submission = {
-    definition_id: `${_reactNativeUuid.default.v4()}`,
-    id: `${_reactNativeUuid.default.v4()}`,
-    descriptor_map: paths.map(p => ({
-      id: vc_scope,
-      path: `$.vp_token.${p.path}`,
-      format: "vc+sd-jwt"
-    }))
-  };
-  return {
-    vp_token,
-    presentation_submission
-  };
-};
-/**
- * Complete the presentation flow by sending the authorization response to the Relying Party
- *
- * @param requestObject The Request Object that describes the presentation
- * @param rpConf The Relying Party's configuration
- * @param presentation The presentation tuple consisting in the signed credential,
- * the list of claims to be disclosed, and the context to access the key that proves the holder binding
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The result of the presentation flow
- */
-const sendAuthorizationResponse = async (requestObject, rpConf, presentation, _ref2) => {
-  let {
-    appFetch = fetch,
-    walletInstanceAttestation
-  } = _ref2;
-  // the request is an unsigned jws without iss, aud, exp
-  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
-  const rsaPublicJwk = chooseRSAPublicKeyToEncrypt(rpConf);
-  const {
-    vp_token,
-    presentation_submission
-  } = await prepareVpToken(requestObject, walletInstanceAttestation, presentation);
-  const authzResponsePayload = JSON.stringify({
-    state: requestObject.state,
-    presentation_submission,
-    nonce: requestObject.nonce,
-    vp_token
-  });
-  const encrypted = await new _ioReactNativeJwt.EncryptJwe(authzResponsePayload, {
-    alg: "RSA-OAEP-256",
-    enc: "A256CBC-HS512",
-    kid: rsaPublicJwk.kid
-  }).encrypt(rsaPublicJwk);
-  const formBody = new URLSearchParams({
-    response: encrypted
-  });
-  const body = formBody.toString();
-  return appFetch(requestObject.response_uri, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded"
-    },
-    body
-  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.json()).then(AuthorizationResponse.parse);
-};
-exports.sendAuthorizationResponse = sendAuthorizationResponse;
-//# sourceMappingURL=05-send-authorization-response.js.map

package/lib/commonjs/credential/presentation/05-send-authorization-response.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["_ioReactNativeJwt","require","_reactNativeUuid","_interopRequireDefault","WalletInstanceAttestation","_interopRequireWildcard","_errors","_misc","_sdJwt","z","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","AuthorizationResponse","object","status","string","response_code","optional","exports","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","wallet_relying_party","jwks","keys","filter","jwk","use","kty","NoSuitableKeysFoundInEntityConfiguration","prepareVpToken","requestObject","walletInstanceAttestation","_ref","vc","claims","cryptoCtx","token","vp","paths","disclose","payload","iss","decode","pidKid","getPublicKey","then","_","kid","vp_token","SignJWT","setProtectedHeader","typ","setPayload","jti","uuid","v4","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","rpConf","presentation","_ref2","appFetch","fetch","rsaPublicJwk","authzResponsePayload","JSON","stringify","state","encrypted","EncryptJwe","alg","enc","encrypt","formBody","URLSearchParams","response","body","toString","method","headers","hasStatusOrThrow","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-send-authorization-response.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,yBAAA,GAAAC,uBAAA,CAAAJ,OAAA;AAEA,IAAAK,OAAA,GAAAL,OAAA;AACA,IAAAM,KAAA,GAAAN,OAAA;AAEA,IAAAO,MAAA,GAAAP,OAAA;AAGA,IAAAQ,CAAA,GAAAJ,uBAAA,CAAAJ,OAAA;AAAyB,SAAAS,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAN,wBAAAU,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAAA,SAAAlB,uBAAAY,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAGlB,MAAMiB,qBAAqB,GAAGvB,CAAC,CAACwB,MAAM,CAAC;EAC5CC,MAAM,EAAEzB,CAAC,CAAC0B,MAAM,CAAC,CAAC;EAClBC,aAAa,EAAE3B,CAAC,CACb0B,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTE,QAAQ,CAAC;AACd,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AANAC,OAAA,CAAAN,qBAAA,GAAAA,qBAAA;AAOA,MAAMO,2BAA2B,GAC/BC,MAAgD,IACxC;EACR,MAAM,CAACC,WAAW,CAAC,GAAGD,MAAM,CAACE,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACC,MAAM,CAC/DC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAED,IAAIP,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAIQ,gDAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,cAAc,GAAG,MAAAA,CACrBC,aAAqD,EACrDC,yBAAiC,EAAAC,IAAA,KAK7B;EAAA,IAJJ,CAACC,EAAE,EAAEC,MAAM,EAAEC,SAAS,CAAe,GAAAH,IAAA;EAKrC;EACA,MAAM;IAAEI,KAAK,EAAEC,EAAE;IAAEC;EAAM,CAAC,GAAG,MAAM,IAAAC,eAAQ,EAACN,EAAE,EAAEC,MAAM,CAAC;;EAEvD;EACA,MAAM;IACJM,OAAO,EAAE;MAAEC;IAAI;EACjB,CAAC,GAAG1D,yBAAyB,CAAC2D,MAAM,CAACX,yBAAyB,CAAC;EAE/D,MAAMY,MAAM,GAAG,MAAMR,SAAS,CAACS,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;;EAEhE;EACA,MAAMC,QAAQ,GAAG,MAAM,IAAIC,yBAAO,CAACd,SAAS,CAAC,CAC1Ce,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVJ,GAAG,EAAEJ;EACP,CAAC,CAAC,CACDS,UAAU,CAAC;IACVf,EAAE,EAAEA,EAAE;IACNgB,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IACnBd,GAAG;IACHe,KAAK,EAAE1B,aAAa,CAAC0B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC3B,aAAa,CAAC4B,YAAY,CAAC,CACvCC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,QAAQ,GAAGhC,aAAa,CAACiC,KAAK;EACpC,MAAMC,uBAAuB,GAAG;IAC9BC,aAAa,EAAG,GAAEX,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IAC7BW,EAAE,EAAG,GAAEZ,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IAClBY,cAAc,EAAE7B,KAAK,CAAC8B,GAAG,CAAEC,CAAC,KAAM;MAChCH,EAAE,EAAEJ,QAAQ;MACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;MAC5BC,MAAM,EAAE;IACV,CAAC,CAAC;EACJ,CAAC;EAED,OAAO;IAAEvB,QAAQ;IAAEgB;EAAwB,CAAC;AAC9C,CAAC;AAYD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMQ,yBAAoD,GAAG,MAAAA,CAClE1C,aAAa,EACb2C,MAAM,EACNC,YAAY,EAAAC,KAAA,KAEuB;EAAA,IADnC;IAAEC,QAAQ,GAAGC,KAAK;IAAE9C;EAA0B,CAAC,GAAA4C,KAAA;EAE/C;EACA;EACA,MAAMG,YAAY,GAAG5D,2BAA2B,CAACuD,MAAM,CAAC;EAExD,MAAM;IAAEzB,QAAQ;IAAEgB;EAAwB,CAAC,GAAG,MAAMnC,cAAc,CAChEC,aAAa,EACbC,yBAAyB,EACzB2C,YACF,CAAC;EAED,MAAMK,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEpD,aAAa,CAACoD,KAAK;IAC1BlB,uBAAuB;IACvBR,KAAK,EAAE1B,aAAa,CAAC0B,KAAK;IAC1BR;EACF,CAAC,CAAC;EAEF,MAAMmC,SAAS,GAAG,MAAM,IAAIC,4BAAU,CAACL,oBAAoB,EAAE;IAC3DM,GAAG,EAAE,cAAc;IACnBC,GAAG,EAAE,eAAe;IACpBvC,GAAG,EAAE+B,YAAY,CAAC/B;EACpB,CAAC,CAAC,CAACwC,OAAO,CAACT,YAAY,CAAC;EAExB,MAAMU,QAAQ,GAAG,IAAIC,eAAe,CAAC;IAAEC,QAAQ,EAAEP;EAAU,CAAC,CAAC;EAC7D,MAAMQ,IAAI,GAAGH,QAAQ,CAACI,QAAQ,CAAC,CAAC;EAEhC,OAAOhB,QAAQ,CAAC9C,aAAa,CAAC4B,YAAY,EAAE;IAC1CmC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC9C,IAAI,CAAC,IAAAkD,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BlD,IAAI,CAAEmD,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBpD,IAAI,CAAClC,qBAAqB,CAACuF,KAAK,CAAC;AACtC,CAAC;AAACjF,OAAA,CAAAuD,yBAAA,GAAAA,yBAAA"}

package/lib/module/credential/presentation/03-retrieve-jwks.js

@@ -1,61 +0,0 @@
-import { JWKS } from "../../utils/jwk";
-import { hasStatusOrThrow } from "../../utils/misc";
-import { RelyingPartyEntityConfiguration } from "../../entity/trust/types";
-
-/**
- * Defines the signature for a function that retrieves JSON Web Key Sets (JWKS) from a client.
- *
- * @template T - The tuple type representing the function arguments.
- * @param args - The arguments passed to the function.
- * @returns A promise resolving to an object containing an array of JWKs.
- */
-
-/**
- * Retrieves the JSON Web Key Set (JWKS) from the specified client's well-known endpoint.
- *
- * @param clientUrl - The base URL of the client entity from which to retrieve the JWKS.
- * @param options - Optional context containing a custom fetch implementation.
- * @param options.context - Optional context object.
- * @param options.context.appFetch - Optional custom fetch function to use instead of the global `fetch`.
- * @returns A promise resolving to an object containing an array of JWKs.
- * @throws Will throw an error if the JWKS retrieval fails.
- */
-export const fetchJwksFromUri = async function (clientUrl) {
-  let {
-    context = {}
-  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  const {
-    appFetch = fetch
-  } = context;
-  const wellKnownUrl = new URL("/.well-known/jar-issuer/jwk", clientUrl).toString();
-
-  // Fetches the JWKS from a specific endpoint of the entity's well-known configuration
-  const jwks = await appFetch(wellKnownUrl, {
-    method: "GET"
-  }).then(hasStatusOrThrow(200)).then(raw => raw.json()).then(json => JWKS.parse(json));
-  return {
-    keys: jwks.keys
-  };
-};
-
-/**
- * Retrieves the JSON Web Key Set (JWKS) from a Relying Party's entity configuration.
- *
- * @param rpConfig - The configuration object of the Relying Party entity.
- * @returns An object containing an array of JWKs.
- * @throws Will throw an error if the configuration is invalid or if JWKS is not found.
- */
-export const fetchJwksFromConfig = async rpConfig => {
-  const parsedConfig = RelyingPartyEntityConfiguration.safeParse(rpConfig);
-  if (!parsedConfig.success) {
-    throw new Error("Invalid Relying Party configuration.");
-  }
-  const jwks = parsedConfig.data.payload.metadata.wallet_relying_party.jwks;
-  if (!jwks || !Array.isArray(jwks.keys)) {
-    throw new Error("JWKS not found in Relying Party configuration.");
-  }
-  return {
-    keys: jwks.keys
-  };
-};
-//# sourceMappingURL=03-retrieve-jwks.js.map

package/lib/module/credential/presentation/03-retrieve-jwks.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["JWKS","hasStatusOrThrow","RelyingPartyEntityConfiguration","fetchJwksFromUri","clientUrl","context","arguments","length","undefined","appFetch","fetch","wellKnownUrl","URL","toString","jwks","method","then","raw","json","parse","keys","fetchJwksFromConfig","rpConfig","parsedConfig","safeParse","success","Error","data","payload","metadata","wallet_relying_party","Array","isArray"],"sourceRoot":"../../../../src","sources":["credential/presentation/03-retrieve-jwks.ts"],"mappings":"AAAA,SAASA,IAAI,QAAa,iBAAiB;AAC3C,SAASC,gBAAgB,QAAQ,kBAAkB;AACnD,SAASC,+BAA+B,QAAQ,0BAA0B;;AAE1E;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAEZ,GAAG,eAAAA,CAAOC,SAAS,EAA4B;EAAA,IAA1B;IAAEC,OAAO,GAAG,CAAC;EAAE,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EACzC,MAAM;IAAEG,QAAQ,GAAGC;EAAM,CAAC,GAAGL,OAAO;EAEpC,MAAMM,YAAY,GAAG,IAAIC,GAAG,CAC1B,6BAA6B,EAC7BR,SACF,CAAC,CAACS,QAAQ,CAAC,CAAC;;EAEZ;EACA,MAAMC,IAAI,GAAG,MAAML,QAAQ,CAACE,YAAY,EAAE;IACxCI,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAACf,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3Be,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEE,IAAI,IAAKlB,IAAI,CAACmB,KAAK,CAACD,IAAI,CAAC,CAAC;EAEnC,OAAO;IACLE,IAAI,EAAEN,IAAI,CAACM;EACb,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAEZ,GAAG,MAAOC,QAAQ,IAAK;EACtB,MAAMC,YAAY,GAAGrB,+BAA+B,CAACsB,SAAS,CAACF,QAAQ,CAAC;EACxE,IAAI,CAACC,YAAY,CAACE,OAAO,EAAE;IACzB,MAAM,IAAIC,KAAK,CAAC,sCAAsC,CAAC;EACzD;EAEA,MAAMZ,IAAI,GAAGS,YAAY,CAACI,IAAI,CAACC,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAAChB,IAAI;EAEzE,IAAI,CAACA,IAAI,IAAI,CAACiB,KAAK,CAACC,OAAO,CAAClB,IAAI,CAACM,IAAI,CAAC,EAAE;IACtC,MAAM,IAAIM,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,OAAO;IACLN,IAAI,EAAEN,IAAI,CAACM;EACb,CAAC;AACH,CAAC"}

package/lib/module/credential/presentation/04-get-request-object.js

@@ -1,74 +0,0 @@
-import uuid from "react-native-uuid";
-import { decode as decodeJwt, sha256ToBase64, verify } from "@pagopa/io-react-native-jwt";
-import { createDPopToken } from "../../utils/dpop";
-import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
-import { hasStatusOrThrow } from "../../utils/misc";
-import { RequestObject } from "./types";
-/**
- * Obtain the Request Object for RP authentication
- * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
- *
- * @param requestUri The url for the Relying Party to connect with
- * @param rpConf The Relying Party's configuration
- * @param context.wiaCryptoContext The context to access the key associated with the Wallet Instance Attestation
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The Request Object that describes the presentation
- */
-export const getRequestObject = async (requestUri, _ref, jwkKeys) => {
-  let {
-    wiaCryptoContext,
-    appFetch = fetch,
-    walletInstanceAttestation
-  } = _ref;
-  const signedWalletInstanceDPoP = await createDPopToken({
-    jti: `${uuid.v4()}`,
-    htm: "GET",
-    htu: requestUri,
-    ath: await sha256ToBase64(walletInstanceAttestation)
-  }, wiaCryptoContext);
-  const responseEncodedJwt = await appFetch(requestUri, {
-    method: "GET",
-    headers: {
-      Authorization: `DPoP ${walletInstanceAttestation}`,
-      DPoP: signedWalletInstanceDPoP
-    }
-  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(responseJson => responseJson.response);
-  const responseJwt = decodeJwt(responseEncodedJwt);
-  await verifyTokenSignature(jwkKeys, responseJwt);
-
-  // Ensure that the request object conforms to the expected specification.
-  const requestObject = RequestObject.parse(responseJwt.payload);
-  return {
-    requestObject
-  };
-};
-const verifyTokenSignature = async (jwkKeys, responseJwt) => {
-  var _responseJwt$protecte;
-  // verify token signature to ensure the request object is authentic
-  // 1. according to entity configuration if present
-  if (jwkKeys) {
-    const pubKey = jwkKeys.find(_ref2 => {
-      let {
-        kid
-      } = _ref2;
-      return kid === responseJwt.protectedHeader.kid;
-    });
-    if (!pubKey) {
-      throw new NoSuitableKeysFoundInEntityConfiguration("Request Object signature verification");
-    }
-    await verify(responseJwt, pubKey);
-    return;
-  }
-
-  // 2. If jwk is not retrieved from entity config, check if the token contains the 'jwk' attribute
-  if ((_responseJwt$protecte = responseJwt.protectedHeader) !== null && _responseJwt$protecte !== void 0 && _responseJwt$protecte.jwk) {
-    const pubKey = responseJwt.protectedHeader.jwk;
-    await verify(responseJwt, pubKey);
-    return;
-  }
-
-  // No verification condition matched: skipping signature verification for now.
-  // TODO: [EUDIW-215] Remove skipping signature verification
-};
-//# sourceMappingURL=04-get-request-object.js.map

package/lib/module/credential/presentation/04-get-request-object.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["uuid","decode","decodeJwt","sha256ToBase64","verify","createDPopToken","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","RequestObject","getRequestObject","requestUri","_ref","jwkKeys","wiaCryptoContext","appFetch","fetch","walletInstanceAttestation","signedWalletInstanceDPoP","jti","v4","htm","htu","ath","responseEncodedJwt","method","headers","Authorization","DPoP","then","res","json","responseJson","response","responseJwt","verifyTokenSignature","requestObject","parse","payload","_responseJwt$protecte","pubKey","find","_ref2","kid","protectedHeader","jwk"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-get-request-object.ts"],"mappings":"AAAA,OAAOA,IAAI,MAAM,mBAAmB;AACpC,SACEC,MAAM,IAAIC,SAAS,EACnBC,cAAc,EACdC,MAAM,QAED,6BAA6B;AAEpC,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,wCAAwC,QAAQ,UAAU;AAEnE,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SAASC,aAAa,QAAQ,SAAS;AAYvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EAAAC,IAAA,EAEVC,OAAO,KACJ;EAAA,IAFH;IAAEC,gBAAgB;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAA0B,CAAC,GAAAL,IAAA;EAGjE,MAAMM,wBAAwB,GAAG,MAAMZ,eAAe,CACpD;IACEa,GAAG,EAAG,GAAElB,IAAI,CAACmB,EAAE,CAAC,CAAE,EAAC;IACnBC,GAAG,EAAE,KAAK;IACVC,GAAG,EAAEX,UAAU;IACfY,GAAG,EAAE,MAAMnB,cAAc,CAACa,yBAAyB;EACrD,CAAC,EACDH,gBACF,CAAC;EAED,MAAMU,kBAAkB,GAAG,MAAMT,QAAQ,CAACJ,UAAU,EAAE;IACpDc,MAAM,EAAE,KAAK;IACbC,OAAO,EAAE;MACPC,aAAa,EAAG,QAAOV,yBAA0B,EAAC;MAClDW,IAAI,EAAEV;IACR;EACF,CAAC,CAAC,CACCW,IAAI,CAACrB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BqB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,YAAY,IAAKA,YAAY,CAACC,QAAQ,CAAC;EAEhD,MAAMC,WAAW,GAAG/B,SAAS,CAACqB,kBAAkB,CAAC;EAEjD,MAAMW,oBAAoB,CAACtB,OAAO,EAAEqB,WAAW,CAAC;;EAEhD;EACA,MAAME,aAAa,GAAG3B,aAAa,CAAC4B,KAAK,CAACH,WAAW,CAACI,OAAO,CAAC;EAE9D,OAAO;IACLF;EACF,CAAC;AACH,CAAC;AAED,MAAMD,oBAAoB,GAAG,MAAAA,CAC3BtB,OAAgC,EAChCqB,WAAiB,KACC;EAAA,IAAAK,qBAAA;EAClB;EACA;EACA,IAAI1B,OAAO,EAAE;IACX,MAAM2B,MAAM,GAAG3B,OAAO,CAAC4B,IAAI,CACzBC,KAAA;MAAA,IAAC;QAAEC;MAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,GAAG,KAAKT,WAAW,CAACU,eAAe,CAACD,GAAG;IAAA,CACtD,CAAC;IACD,IAAI,CAACH,MAAM,EAAE;MACX,MAAM,IAAIjC,wCAAwC,CAChD,uCACF,CAAC;IACH;IACA,MAAMF,MAAM,CAAC6B,WAAW,EAAEM,MAAM,CAAC;IACjC;EACF;;EAEA;EACA,KAAAD,qBAAA,GAAIL,WAAW,CAACU,eAAe,cAAAL,qBAAA,eAA3BA,qBAAA,CAA6BM,GAAG,EAAE;IACpC,MAAML,MAAM,GAAGN,WAAW,CAACU,eAAe,CAACC,GAAG;IAC9C,MAAMxC,MAAM,CAAC6B,WAAW,EAAEM,MAAM,CAAC;IACjC;EACF;;EAEA;EACA;AACF,CAAC"}

package/lib/module/credential/presentation/05-send-authorization-response.js

@@ -1,128 +0,0 @@
-import { EncryptJwe, SignJWT } from "@pagopa/io-react-native-jwt";
-import uuid from "react-native-uuid";
-import * as WalletInstanceAttestation from "../../wallet-instance-attestation";
-import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
-import { hasStatusOrThrow } from "../../utils/misc";
-import { disclose } from "../../sd-jwt";
-import * as z from "zod";
-export const AuthorizationResponse = z.object({
-  status: z.string(),
-  response_code: z.string() /**
-                            FIXME: [SIW-627] we expect this value from every RP implementation
-                            Actually some RP does not return the value
-                            We make it optional to not break the flow.
-                            */.optional()
-});
-
-/**
- * Choose an RSA public key from those offered by the RP for encryption.
- *
- * @param entity The RP entity configuration
- * @returns A suitable public key with its compatible encryption algorithm
- * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
- */
-const chooseRSAPublicKeyToEncrypt = entity => {
-  const [usingRsa256] = entity.wallet_relying_party.jwks.keys.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
-  if (usingRsa256) {
-    return usingRsa256;
-  }
-
-  // No suitable key has been found
-  throw new NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
-};
-
-/**
- * Generate a Verified Presentation token for a received request object within the context of an authorization request flow.
- * The presentation is created by revealing data from the provided credentials based on the requested claims.
- * Each Verified Credential is accompanied by the claims that the user consents to disclose from it.
- *
- * @todo: Allow for handling more than one Verified Credential.
- */
-const prepareVpToken = async (requestObject, walletInstanceAttestation, _ref) => {
-  let [vc, claims, cryptoCtx] = _ref;
-  // this throws if vc cannot satisfy all the requested claims
-  const {
-    token: vp,
-    paths
-  } = await disclose(vc, claims);
-
-  // obtain issuer from Wallet Instance
-  const {
-    payload: {
-      iss
-    }
-  } = WalletInstanceAttestation.decode(walletInstanceAttestation);
-  const pidKid = await cryptoCtx.getPublicKey().then(_ => _.kid);
-
-  // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
-  const vp_token = await new SignJWT(cryptoCtx).setProtectedHeader({
-    typ: "JWT",
-    kid: pidKid
-  }).setPayload({
-    vp: vp,
-    jti: `${uuid.v4()}`,
-    iss,
-    nonce: requestObject.nonce
-  }).setAudience(requestObject.response_uri).setIssuedAt().setExpirationTime("1h").sign();
-  const vc_scope = requestObject.scope;
-  const presentation_submission = {
-    definition_id: `${uuid.v4()}`,
-    id: `${uuid.v4()}`,
-    descriptor_map: paths.map(p => ({
-      id: vc_scope,
-      path: `$.vp_token.${p.path}`,
-      format: "vc+sd-jwt"
-    }))
-  };
-  return {
-    vp_token,
-    presentation_submission
-  };
-};
-/**
- * Complete the presentation flow by sending the authorization response to the Relying Party
- *
- * @param requestObject The Request Object that describes the presentation
- * @param rpConf The Relying Party's configuration
- * @param presentation The presentation tuple consisting in the signed credential,
- * the list of claims to be disclosed, and the context to access the key that proves the holder binding
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The result of the presentation flow
- */
-export const sendAuthorizationResponse = async (requestObject, rpConf, presentation, _ref2) => {
-  let {
-    appFetch = fetch,
-    walletInstanceAttestation
-  } = _ref2;
-  // the request is an unsigned jws without iss, aud, exp
-  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
-  const rsaPublicJwk = chooseRSAPublicKeyToEncrypt(rpConf);
-  const {
-    vp_token,
-    presentation_submission
-  } = await prepareVpToken(requestObject, walletInstanceAttestation, presentation);
-  const authzResponsePayload = JSON.stringify({
-    state: requestObject.state,
-    presentation_submission,
-    nonce: requestObject.nonce,
-    vp_token
-  });
-  const encrypted = await new EncryptJwe(authzResponsePayload, {
-    alg: "RSA-OAEP-256",
-    enc: "A256CBC-HS512",
-    kid: rsaPublicJwk.kid
-  }).encrypt(rsaPublicJwk);
-  const formBody = new URLSearchParams({
-    response: encrypted
-  });
-  const body = formBody.toString();
-  return appFetch(requestObject.response_uri, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded"
-    },
-    body
-  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(AuthorizationResponse.parse);
-};
-//# sourceMappingURL=05-send-authorization-response.js.map

package/lib/module/credential/presentation/05-send-authorization-response.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["EncryptJwe","SignJWT","uuid","WalletInstanceAttestation","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","disclose","z","AuthorizationResponse","object","status","string","response_code","optional","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","wallet_relying_party","jwks","keys","filter","jwk","use","kty","prepareVpToken","requestObject","walletInstanceAttestation","_ref","vc","claims","cryptoCtx","token","vp","paths","payload","iss","decode","pidKid","getPublicKey","then","_","kid","vp_token","setProtectedHeader","typ","setPayload","jti","v4","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","rpConf","presentation","_ref2","appFetch","fetch","rsaPublicJwk","authzResponsePayload","JSON","stringify","state","encrypted","alg","enc","encrypt","formBody","URLSearchParams","response","body","toString","method","headers","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-send-authorization-response.ts"],"mappings":"AAAA,SAASA,UAAU,EAAEC,OAAO,QAAQ,6BAA6B;AACjE,OAAOC,IAAI,MAAM,mBAAmB;AACpC,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAE9E,SAASC,wCAAwC,QAAQ,UAAU;AACnE,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SAASC,QAAQ,QAAQ,cAAc;AAGvC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAGxB,OAAO,MAAMC,qBAAqB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAC5CC,MAAM,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBC,aAAa,EAAEL,CAAC,CACbI,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTE,QAAQ,CAAC;AACd,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,2BAA2B,GAC/BC,MAAgD,IACxC;EACR,MAAM,CAACC,WAAW,CAAC,GAAGD,MAAM,CAACE,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACC,MAAM,CAC/DC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAED,IAAIP,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAIZ,wCAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMoB,cAAc,GAAG,MAAAA,CACrBC,aAAqD,EACrDC,yBAAiC,EAAAC,IAAA,KAK7B;EAAA,IAJJ,CAACC,EAAE,EAAEC,MAAM,EAAEC,SAAS,CAAe,GAAAH,IAAA;EAKrC;EACA,MAAM;IAAEI,KAAK,EAAEC,EAAE;IAAEC;EAAM,CAAC,GAAG,MAAM3B,QAAQ,CAACsB,EAAE,EAAEC,MAAM,CAAC;;EAEvD;EACA,MAAM;IACJK,OAAO,EAAE;MAAEC;IAAI;EACjB,CAAC,GAAGhC,yBAAyB,CAACiC,MAAM,CAACV,yBAAyB,CAAC;EAE/D,MAAMW,MAAM,GAAG,MAAMP,SAAS,CAACQ,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;;EAEhE;EACA,MAAMC,QAAQ,GAAG,MAAM,IAAIzC,OAAO,CAAC6B,SAAS,CAAC,CAC1Ca,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVH,GAAG,EAAEJ;EACP,CAAC,CAAC,CACDQ,UAAU,CAAC;IACVb,EAAE,EAAEA,EAAE;IACNc,GAAG,EAAG,GAAE5C,IAAI,CAAC6C,EAAE,CAAC,CAAE,EAAC;IACnBZ,GAAG;IACHa,KAAK,EAAEvB,aAAa,CAACuB;EACvB,CAAC,CAAC,CACDC,WAAW,CAACxB,aAAa,CAACyB,YAAY,CAAC,CACvCC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,QAAQ,GAAG7B,aAAa,CAAC8B,KAAK;EACpC,MAAMC,uBAAuB,GAAG;IAC9BC,aAAa,EAAG,GAAEvD,IAAI,CAAC6C,EAAE,CAAC,CAAE,EAAC;IAC7BW,EAAE,EAAG,GAAExD,IAAI,CAAC6C,EAAE,CAAC,CAAE,EAAC;IAClBY,cAAc,EAAE1B,KAAK,CAAC2B,GAAG,CAAEC,CAAC,KAAM;MAChCH,EAAE,EAAEJ,QAAQ;MACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;MAC5BC,MAAM,EAAE;IACV,CAAC,CAAC;EACJ,CAAC;EAED,OAAO;IAAErB,QAAQ;IAAEc;EAAwB,CAAC;AAC9C,CAAC;AAYD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,yBAAoD,GAAG,MAAAA,CAClEvC,aAAa,EACbwC,MAAM,EACNC,YAAY,EAAAC,KAAA,KAEuB;EAAA,IADnC;IAAEC,QAAQ,GAAGC,KAAK;IAAE3C;EAA0B,CAAC,GAAAyC,KAAA;EAE/C;EACA;EACA,MAAMG,YAAY,GAAGxD,2BAA2B,CAACmD,MAAM,CAAC;EAExD,MAAM;IAAEvB,QAAQ;IAAEc;EAAwB,CAAC,GAAG,MAAMhC,cAAc,CAChEC,aAAa,EACbC,yBAAyB,EACzBwC,YACF,CAAC;EAED,MAAMK,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEjD,aAAa,CAACiD,KAAK;IAC1BlB,uBAAuB;IACvBR,KAAK,EAAEvB,aAAa,CAACuB,KAAK;IAC1BN;EACF,CAAC,CAAC;EAEF,MAAMiC,SAAS,GAAG,MAAM,IAAI3E,UAAU,CAACuE,oBAAoB,EAAE;IAC3DK,GAAG,EAAE,cAAc;IACnBC,GAAG,EAAE,eAAe;IACpBpC,GAAG,EAAE6B,YAAY,CAAC7B;EACpB,CAAC,CAAC,CAACqC,OAAO,CAACR,YAAY,CAAC;EAExB,MAAMS,QAAQ,GAAG,IAAIC,eAAe,CAAC;IAAEC,QAAQ,EAAEN;EAAU,CAAC,CAAC;EAC7D,MAAMO,IAAI,GAAGH,QAAQ,CAACI,QAAQ,CAAC,CAAC;EAEhC,OAAOf,QAAQ,CAAC3C,aAAa,CAACyB,YAAY,EAAE;IAC1CkC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC3C,IAAI,CAAClC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BkC,IAAI,CAAE+C,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBhD,IAAI,CAAC/B,qBAAqB,CAACgF,KAAK,CAAC;AACtC,CAAC"}

package/lib/typescript/credential/presentation/03-retrieve-jwks.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"03-retrieve-jwks.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/03-retrieve-jwks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAQ,GAAG,EAAE,MAAM,iBAAiB,CAAC;AAE5C,OAAO,EAAE,+BAA+B,EAAE,MAAM,0BAA0B,CAAC;AAE3E;;;;;;GAMG;AACH,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC,KAAK,OAAO,CAAC;IAC7E,IAAI,EAAE,GAAG,EAAE,CAAC;CACb,CAAC,CAAC;AAEH;;;;;;;;;GASG;AACH,eAAO,MAAM,gBAAgB,EAAE,SAAS,CACtC;IAAC,MAAM;IAAE;QAAE,OAAO,CAAC,EAAE;YAAE,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAA;SAAE,CAAA;KAAE;CAAC,CAoB5D,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,mBAAmB,EAAE,SAAS,CACzC;IAAC,+BAA+B;CAAC,CAgBlC,CAAC"}

package/lib/typescript/credential/presentation/04-get-request-object.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"04-get-request-object.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/04-get-request-object.ts"],"names":[],"mappings":"AACA,OAAO,EAIL,KAAK,aAAa,EACnB,MAAM,6BAA6B,CAAC;AAIrC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAExC,MAAM,MAAM,gBAAgB,GAAG,CAC7B,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,EACxC,OAAO,EAAE;IACP,gBAAgB,EAAE,aAAa,CAAC;IAChC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;IAChC,yBAAyB,EAAE,MAAM,CAAC;CACnC,EACD,OAAO,CAAC,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAC7B,OAAO,CAAC;IAAE,aAAa,EAAE,aAAa,CAAA;CAAE,CAAC,CAAC;AAE/C;;;;;;;;;;GAUG;AACH,eAAO,MAAM,gBAAgB,EAAE,gBAoC9B,CAAC"}

package/lib/typescript/credential/presentation/05-send-authorization-response.d.ts

@@ -1,34 +0,0 @@
-import { type Out } from "../../utils/misc";
-import type { GetRequestObject } from "./04-get-request-object";
-import type { EvaluateRelyingPartyTrust } from "./02-evaluate-rp-trust";
-import { type Presentation } from "./types";
-import * as z from "zod";
-export type AuthorizationResponse = z.infer<typeof AuthorizationResponse>;
-export declare const AuthorizationResponse: z.ZodObject<{
-    status: z.ZodString;
-    response_code: z.ZodOptional<z.ZodString>;
-}, "strip", z.ZodTypeAny, {
-    status: string;
-    response_code?: string | undefined;
-}, {
-    status: string;
-    response_code?: string | undefined;
-}>;
-export type SendAuthorizationResponse = (requestObject: Out<GetRequestObject>["requestObject"], rpConf: Out<EvaluateRelyingPartyTrust>["rpConf"], presentation: Presentation, // TODO: [SIW-353] support multiple presentations
-context: {
-    walletInstanceAttestation: string;
-    appFetch?: GlobalFetch["fetch"];
-}) => Promise<AuthorizationResponse>;
-/**
- * Complete the presentation flow by sending the authorization response to the Relying Party
- *
- * @param requestObject The Request Object that describes the presentation
- * @param rpConf The Relying Party's configuration
- * @param presentation The presentation tuple consisting in the signed credential,
- * the list of claims to be disclosed, and the context to access the key that proves the holder binding
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The result of the presentation flow
- */
-export declare const sendAuthorizationResponse: SendAuthorizationResponse;
-//# sourceMappingURL=05-send-authorization-response.d.ts.map

package/lib/typescript/credential/presentation/05-send-authorization-response.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"05-send-authorization-response.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/05-send-authorization-response.ts"],"names":[],"mappings":"AAKA,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAEhE,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AACxE,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAC1E,eAAO,MAAM,qBAAqB;;;;;;;;;EAShC,CAAC;AAkFH,MAAM,MAAM,yBAAyB,GAAG,CACtC,aAAa,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,eAAe,CAAC,EACrD,MAAM,EAAE,GAAG,CAAC,yBAAyB,CAAC,CAAC,QAAQ,CAAC,EAChD,YAAY,EAAE,YAAY,EAAE,iDAAiD;AAC7E,OAAO,EAAE;IACP,yBAAyB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC,qBAAqB,CAAC,CAAC;AAEpC;;;;;;;;;;GAUG;AACH,eAAO,MAAM,yBAAyB,EAAE,yBA0CvC,CAAC"}

package/src/credential/presentation/05-send-authorization-response.ts

@@ -1,168 +0,0 @@
-import { EncryptJwe, SignJWT } from "@pagopa/io-react-native-jwt";
-import uuid from "react-native-uuid";
-import * as WalletInstanceAttestation from "../../wallet-instance-attestation";
-import type { JWK } from "@pagopa/io-react-native-jwt/lib/typescript/types";
-import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
-import { hasStatusOrThrow, type Out } from "../../utils/misc";
-import type { GetRequestObject } from "./04-get-request-object";
-import { disclose } from "../../sd-jwt";
-import type { EvaluateRelyingPartyTrust } from "./02-evaluate-rp-trust";
-import { type Presentation } from "./types";
-import * as z from "zod";
-
-export type AuthorizationResponse = z.infer<typeof AuthorizationResponse>;
-export const AuthorizationResponse = z.object({
-  status: z.string(),
-  response_code: z
-    .string() /**
-      FIXME: [SIW-627] we expect this value from every RP implementation
-      Actually some RP does not return the value
-      We make it optional to not break the flow.
-    */
-    .optional(),
-});
-
-/**
- * Choose an RSA public key from those offered by the RP for encryption.
- *
- * @param entity The RP entity configuration
- * @returns A suitable public key with its compatible encryption algorithm
- * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
- */
-const chooseRSAPublicKeyToEncrypt = (
-  entity: Out<EvaluateRelyingPartyTrust>["rpConf"]
-): JWK => {
-  const [usingRsa256] = entity.wallet_relying_party.jwks.keys.filter(
-    (jwk) => jwk.use === "enc" && jwk.kty === "RSA"
-  );
-
-  if (usingRsa256) {
-    return usingRsa256;
-  }
-
-  // No suitable key has been found
-  throw new NoSuitableKeysFoundInEntityConfiguration(
-    "Encrypt with RP public key"
-  );
-};
-
-/**
- * Generate a Verified Presentation token for a received request object within the context of an authorization request flow.
- * The presentation is created by revealing data from the provided credentials based on the requested claims.
- * Each Verified Credential is accompanied by the claims that the user consents to disclose from it.
- *
- * @todo: Allow for handling more than one Verified Credential.
- */
-const prepareVpToken = async (
-  requestObject: Out<GetRequestObject>["requestObject"],
-  walletInstanceAttestation: string,
-  [vc, claims, cryptoCtx]: Presentation // TODO: [SIW-353] support multiple presentations,
-): Promise<{
-  vp_token: string;
-  presentation_submission: Record<string, unknown>;
-}> => {
-  // this throws if vc cannot satisfy all the requested claims
-  const { token: vp, paths } = await disclose(vc, claims);
-
-  // obtain issuer from Wallet Instance
-  const {
-    payload: { iss },
-  } = WalletInstanceAttestation.decode(walletInstanceAttestation);
-
-  const pidKid = await cryptoCtx.getPublicKey().then((_) => _.kid);
-
-  // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
-  const vp_token = await new SignJWT(cryptoCtx)
-    .setProtectedHeader({
-      typ: "JWT",
-      kid: pidKid,
-    })
-    .setPayload({
-      vp: vp,
-      jti: `${uuid.v4()}`,
-      iss,
-      nonce: requestObject.nonce,
-    })
-    .setAudience(requestObject.response_uri)
-    .setIssuedAt()
-    .setExpirationTime("1h")
-    .sign();
-
-  const vc_scope = requestObject.scope;
-  const presentation_submission = {
-    definition_id: `${uuid.v4()}`,
-    id: `${uuid.v4()}`,
-    descriptor_map: paths.map((p) => ({
-      id: vc_scope,
-      path: `$.vp_token.${p.path}`,
-      format: "vc+sd-jwt",
-    })),
-  };
-
-  return { vp_token, presentation_submission };
-};
-
-export type SendAuthorizationResponse = (
-  requestObject: Out<GetRequestObject>["requestObject"],
-  rpConf: Out<EvaluateRelyingPartyTrust>["rpConf"],
-  presentation: Presentation, // TODO: [SIW-353] support multiple presentations
-  context: {
-    walletInstanceAttestation: string;
-    appFetch?: GlobalFetch["fetch"];
-  }
-) => Promise<AuthorizationResponse>;
-
-/**
- * Complete the presentation flow by sending the authorization response to the Relying Party
- *
- * @param requestObject The Request Object that describes the presentation
- * @param rpConf The Relying Party's configuration
- * @param presentation The presentation tuple consisting in the signed credential,
- * the list of claims to be disclosed, and the context to access the key that proves the holder binding
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The result of the presentation flow
- */
-export const sendAuthorizationResponse: SendAuthorizationResponse = async (
-  requestObject,
-  rpConf,
-  presentation,
-  { appFetch = fetch, walletInstanceAttestation }
-): Promise<AuthorizationResponse> => {
-  // the request is an unsigned jws without iss, aud, exp
-  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
-  const rsaPublicJwk = chooseRSAPublicKeyToEncrypt(rpConf);
-
-  const { vp_token, presentation_submission } = await prepareVpToken(
-    requestObject,
-    walletInstanceAttestation,
-    presentation
-  );
-
-  const authzResponsePayload = JSON.stringify({
-    state: requestObject.state,
-    presentation_submission,
-    nonce: requestObject.nonce,
-    vp_token,
-  });
-
-  const encrypted = await new EncryptJwe(authzResponsePayload, {
-    alg: "RSA-OAEP-256",
-    enc: "A256CBC-HS512",
-    kid: rsaPublicJwk.kid,
-  }).encrypt(rsaPublicJwk);
-
-  const formBody = new URLSearchParams({ response: encrypted });
-  const body = formBody.toString();
-
-  return appFetch(requestObject.response_uri, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded",
-    },
-    body,
-  })
-    .then(hasStatusOrThrow(200))
-    .then((res) => res.json())
-    .then(AuthorizationResponse.parse);
-};