npm - @pagopa/io-react-native-wallet - Versions diffs - 1.1.2 → 1.2.2 - Mend

@pagopa/io-react-native-wallet 1.1.2 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (99) hide show

package/lib/commonjs/credential/presentation/05-send-authorization-response.js DELETED Viewed

@@ -1,139 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.sendAuthorizationResponse = exports.AuthorizationResponse = void 0;
-var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
-var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
-var WalletInstanceAttestation = _interopRequireWildcard(require("../../wallet-instance-attestation"));
-var _errors = require("./errors");
-var _misc = require("../../utils/misc");
-var _sdJwt = require("../../sd-jwt");
-var z = _interopRequireWildcard(require("zod"));
-function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
-function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
-function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
-const AuthorizationResponse = z.object({
-  status: z.string(),
-  response_code: z.string() /**
-                            FIXME: [SIW-627] we expect this value from every RP implementation
-                            Actually some RP does not return the value
-                            We make it optional to not break the flow.
-                            */.optional()
-});
-/**
- * Choose an RSA public key from those offered by the RP for encryption.
- *
- * @param entity The RP entity configuration
- * @returns A suitable public key with its compatible encryption algorithm
- * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
- */
-exports.AuthorizationResponse = AuthorizationResponse;
-const chooseRSAPublicKeyToEncrypt = entity => {
-  const [usingRsa256] = entity.wallet_relying_party.jwks.keys.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
-  if (usingRsa256) {
-    return usingRsa256;
-  }
-  // No suitable key has been found
-  throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
-};
-/**
- * Generate a Verified Presentation token for a received request object within the context of an authorization request flow.
- * The presentation is created by revealing data from the provided credentials based on the requested claims.
- * Each Verified Credential is accompanied by the claims that the user consents to disclose from it.
- *
- * @todo: Allow for handling more than one Verified Credential.
- */
-const prepareVpToken = async (requestObject, walletInstanceAttestation, _ref) => {
-  let [vc, claims, cryptoCtx] = _ref;
-  // this throws if vc cannot satisfy all the requested claims
-  const {
-    token: vp,
-    paths
-  } = await (0, _sdJwt.disclose)(vc, claims);
-  // obtain issuer from Wallet Instance
-  const {
-    payload: {
-      iss
-    }
-  } = WalletInstanceAttestation.decode(walletInstanceAttestation);
-  const pidKid = await cryptoCtx.getPublicKey().then(_ => _.kid);
-  // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
-  const vp_token = await new _ioReactNativeJwt.SignJWT(cryptoCtx).setProtectedHeader({
-    typ: "JWT",
-    kid: pidKid
-  }).setPayload({
-    vp: vp,
-    jti: `${_reactNativeUuid.default.v4()}`,
-    iss,
-    nonce: requestObject.nonce
-  }).setAudience(requestObject.response_uri).setIssuedAt().setExpirationTime("1h").sign();
-  const vc_scope = requestObject.scope;
-  const presentation_submission = {
-    definition_id: `${_reactNativeUuid.default.v4()}`,
-    id: `${_reactNativeUuid.default.v4()}`,
-    descriptor_map: paths.map(p => ({
-      id: vc_scope,
-      path: `$.vp_token.${p.path}`,
-      format: "vc+sd-jwt"
-    }))
-  };
-  return {
-    vp_token,
-    presentation_submission
-  };
-};
-/**
- * Complete the presentation flow by sending the authorization response to the Relying Party
- *
- * @param requestObject The Request Object that describes the presentation
- * @param rpConf The Relying Party's configuration
- * @param presentation The presentation tuple consisting in the signed credential,
- * the list of claims to be disclosed, and the context to access the key that proves the holder binding
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The result of the presentation flow
- */
-const sendAuthorizationResponse = async (requestObject, rpConf, presentation, _ref2) => {
-  let {
-    appFetch = fetch,
-    walletInstanceAttestation
-  } = _ref2;
-  // the request is an unsigned jws without iss, aud, exp
-  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
-  const rsaPublicJwk = chooseRSAPublicKeyToEncrypt(rpConf);
-  const {
-    vp_token,
-    presentation_submission
-  } = await prepareVpToken(requestObject, walletInstanceAttestation, presentation);
-  const authzResponsePayload = JSON.stringify({
-    state: requestObject.state,
-    presentation_submission,
-    nonce: requestObject.nonce,
-    vp_token
-  });
-  const encrypted = await new _ioReactNativeJwt.EncryptJwe(authzResponsePayload, {
-    alg: "RSA-OAEP-256",
-    enc: "A256CBC-HS512",
-    kid: rsaPublicJwk.kid
-  }).encrypt(rsaPublicJwk);
-  const formBody = new URLSearchParams({
-    response: encrypted
-  });
-  const body = formBody.toString();
-  return appFetch(requestObject.response_uri, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded"
-    },
-    body
-  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.json()).then(AuthorizationResponse.parse);
-};
-exports.sendAuthorizationResponse = sendAuthorizationResponse;
-//# sourceMappingURL=05-send-authorization-response.js.map

package/lib/commonjs/credential/presentation/05-send-authorization-response.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["_ioReactNativeJwt","require","_reactNativeUuid","_interopRequireDefault","WalletInstanceAttestation","_interopRequireWildcard","_errors","_misc","_sdJwt","z","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","AuthorizationResponse","object","status","string","response_code","optional","exports","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","wallet_relying_party","jwks","keys","filter","jwk","use","kty","NoSuitableKeysFoundInEntityConfiguration","prepareVpToken","requestObject","walletInstanceAttestation","_ref","vc","claims","cryptoCtx","token","vp","paths","disclose","payload","iss","decode","pidKid","getPublicKey","then","_","kid","vp_token","SignJWT","setProtectedHeader","typ","setPayload","jti","uuid","v4","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","rpConf","presentation","_ref2","appFetch","fetch","rsaPublicJwk","authzResponsePayload","JSON","stringify","state","encrypted","EncryptJwe","alg","enc","encrypt","formBody","URLSearchParams","response","body","toString","method","headers","hasStatusOrThrow","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-send-authorization-response.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,yBAAA,GAAAC,uBAAA,CAAAJ,OAAA;AAEA,IAAAK,OAAA,GAAAL,OAAA;AACA,IAAAM,KAAA,GAAAN,OAAA;AAEA,IAAAO,MAAA,GAAAP,OAAA;AAGA,IAAAQ,CAAA,GAAAJ,uBAAA,CAAAJ,OAAA;AAAyB,SAAAS,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAN,wBAAAU,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAAA,SAAAlB,uBAAAY,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAGlB,MAAMiB,qBAAqB,GAAGvB,CAAC,CAACwB,MAAM,CAAC;EAC5CC,MAAM,EAAEzB,CAAC,CAAC0B,MAAM,CAAC,CAAC;EAClBC,aAAa,EAAE3B,CAAC,CACb0B,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTE,QAAQ,CAAC;AACd,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AANAC,OAAA,CAAAN,qBAAA,GAAAA,qBAAA;AAOA,MAAMO,2BAA2B,GAC/BC,MAAgD,IACxC;EACR,MAAM,CAACC,WAAW,CAAC,GAAGD,MAAM,CAACE,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACC,MAAM,CAC/DC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAED,IAAIP,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAIQ,gDAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,cAAc,GAAG,MAAAA,CACrBC,aAAqD,EACrDC,yBAAiC,EAAAC,IAAA,KAK7B;EAAA,IAJJ,CAACC,EAAE,EAAEC,MAAM,EAAEC,SAAS,CAAe,GAAAH,IAAA;EAKrC;EACA,MAAM;IAAEI,KAAK,EAAEC,EAAE;IAAEC;EAAM,CAAC,GAAG,MAAM,IAAAC,eAAQ,EAACN,EAAE,EAAEC,MAAM,CAAC;;EAEvD;EACA,MAAM;IACJM,OAAO,EAAE;MAAEC;IAAI;EACjB,CAAC,GAAG1D,yBAAyB,CAAC2D,MAAM,CAACX,yBAAyB,CAAC;EAE/D,MAAMY,MAAM,GAAG,MAAMR,SAAS,CAACS,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;;EAEhE;EACA,MAAMC,QAAQ,GAAG,MAAM,IAAIC,yBAAO,CAACd,SAAS,CAAC,CAC1Ce,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVJ,GAAG,EAAEJ;EACP,CAAC,CAAC,CACDS,UAAU,CAAC;IACVf,EAAE,EAAEA,EAAE;IACNgB,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IACnBd,GAAG;IACHe,KAAK,EAAE1B,aAAa,CAAC0B;EACvB,CAAC,CAAC,CACDC,WAAW,CAAC3B,aAAa,CAAC4B,YAAY,CAAC,CACvCC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,QAAQ,GAAGhC,aAAa,CAACiC,KAAK;EACpC,MAAMC,uBAAuB,GAAG;IAC9BC,aAAa,EAAG,GAAEX,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IAC7BW,EAAE,EAAG,GAAEZ,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IAClBY,cAAc,EAAE7B,KAAK,CAAC8B,GAAG,CAAEC,CAAC,KAAM;MAChCH,EAAE,EAAEJ,QAAQ;MACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;MAC5BC,MAAM,EAAE;IACV,CAAC,CAAC;EACJ,CAAC;EAED,OAAO;IAAEvB,QAAQ;IAAEgB;EAAwB,CAAC;AAC9C,CAAC;AAYD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMQ,yBAAoD,GAAG,MAAAA,CAClE1C,aAAa,EACb2C,MAAM,EACNC,YAAY,EAAAC,KAAA,KAEuB;EAAA,IADnC;IAAEC,QAAQ,GAAGC,KAAK;IAAE9C;EAA0B,CAAC,GAAA4C,KAAA;EAE/C;EACA;EACA,MAAMG,YAAY,GAAG5D,2BAA2B,CAACuD,MAAM,CAAC;EAExD,MAAM;IAAEzB,QAAQ;IAAEgB;EAAwB,CAAC,GAAG,MAAMnC,cAAc,CAChEC,aAAa,EACbC,yBAAyB,EACzB2C,YACF,CAAC;EAED,MAAMK,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEpD,aAAa,CAACoD,KAAK;IAC1BlB,uBAAuB;IACvBR,KAAK,EAAE1B,aAAa,CAAC0B,KAAK;IAC1BR;EACF,CAAC,CAAC;EAEF,MAAMmC,SAAS,GAAG,MAAM,IAAIC,4BAAU,CAACL,oBAAoB,EAAE;IAC3DM,GAAG,EAAE,cAAc;IACnBC,GAAG,EAAE,eAAe;IACpBvC,GAAG,EAAE+B,YAAY,CAAC/B;EACpB,CAAC,CAAC,CAACwC,OAAO,CAACT,YAAY,CAAC;EAExB,MAAMU,QAAQ,GAAG,IAAIC,eAAe,CAAC;IAAEC,QAAQ,EAAEP;EAAU,CAAC,CAAC;EAC7D,MAAMQ,IAAI,GAAGH,QAAQ,CAACI,QAAQ,CAAC,CAAC;EAEhC,OAAOhB,QAAQ,CAAC9C,aAAa,CAAC4B,YAAY,EAAE;IAC1CmC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC9C,IAAI,CAAC,IAAAkD,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BlD,IAAI,CAAEmD,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBpD,IAAI,CAAClC,qBAAqB,CAACuF,KAAK,CAAC;AACtC,CAAC;AAACjF,OAAA,CAAAuD,yBAAA,GAAAA,yBAAA"}

package/lib/module/credential/presentation/03-retrieve-jwks.js DELETED Viewed

@@ -1,61 +0,0 @@
-import { JWKS } from "../../utils/jwk";
-import { hasStatusOrThrow } from "../../utils/misc";
-import { RelyingPartyEntityConfiguration } from "../../entity/trust/types";
-/**
- * Defines the signature for a function that retrieves JSON Web Key Sets (JWKS) from a client.
- *
- * @template T - The tuple type representing the function arguments.
- * @param args - The arguments passed to the function.
- * @returns A promise resolving to an object containing an array of JWKs.
- */
-/**
- * Retrieves the JSON Web Key Set (JWKS) from the specified client's well-known endpoint.
- *
- * @param clientUrl - The base URL of the client entity from which to retrieve the JWKS.
- * @param options - Optional context containing a custom fetch implementation.
- * @param options.context - Optional context object.
- * @param options.context.appFetch - Optional custom fetch function to use instead of the global `fetch`.
- * @returns A promise resolving to an object containing an array of JWKs.
- * @throws Will throw an error if the JWKS retrieval fails.
- */
-export const fetchJwksFromUri = async function (clientUrl) {
-  let {
-    context = {}
-  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  const {
-    appFetch = fetch
-  } = context;
-  const wellKnownUrl = new URL("/.well-known/jar-issuer/jwk", clientUrl).toString();
-  // Fetches the JWKS from a specific endpoint of the entity's well-known configuration
-  const jwks = await appFetch(wellKnownUrl, {
-    method: "GET"
-  }).then(hasStatusOrThrow(200)).then(raw => raw.json()).then(json => JWKS.parse(json));
-  return {
-    keys: jwks.keys
-  };
-};
-/**
- * Retrieves the JSON Web Key Set (JWKS) from a Relying Party's entity configuration.
- *
- * @param rpConfig - The configuration object of the Relying Party entity.
- * @returns An object containing an array of JWKs.
- * @throws Will throw an error if the configuration is invalid or if JWKS is not found.
- */
-export const fetchJwksFromConfig = async rpConfig => {
-  const parsedConfig = RelyingPartyEntityConfiguration.safeParse(rpConfig);
-  if (!parsedConfig.success) {
-    throw new Error("Invalid Relying Party configuration.");
-  }
-  const jwks = parsedConfig.data.payload.metadata.wallet_relying_party.jwks;
-  if (!jwks || !Array.isArray(jwks.keys)) {
-    throw new Error("JWKS not found in Relying Party configuration.");
-  }
-  return {
-    keys: jwks.keys
-  };
-};
-//# sourceMappingURL=03-retrieve-jwks.js.map

package/lib/module/credential/presentation/03-retrieve-jwks.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["JWKS","hasStatusOrThrow","RelyingPartyEntityConfiguration","fetchJwksFromUri","clientUrl","context","arguments","length","undefined","appFetch","fetch","wellKnownUrl","URL","toString","jwks","method","then","raw","json","parse","keys","fetchJwksFromConfig","rpConfig","parsedConfig","safeParse","success","Error","data","payload","metadata","wallet_relying_party","Array","isArray"],"sourceRoot":"../../../../src","sources":["credential/presentation/03-retrieve-jwks.ts"],"mappings":"AAAA,SAASA,IAAI,QAAa,iBAAiB;AAC3C,SAASC,gBAAgB,QAAQ,kBAAkB;AACnD,SAASC,+BAA+B,QAAQ,0BAA0B;;AAE1E;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAEZ,GAAG,eAAAA,CAAOC,SAAS,EAA4B;EAAA,IAA1B;IAAEC,OAAO,GAAG,CAAC;EAAE,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EACzC,MAAM;IAAEG,QAAQ,GAAGC;EAAM,CAAC,GAAGL,OAAO;EAEpC,MAAMM,YAAY,GAAG,IAAIC,GAAG,CAC1B,6BAA6B,EAC7BR,SACF,CAAC,CAACS,QAAQ,CAAC,CAAC;;EAEZ;EACA,MAAMC,IAAI,GAAG,MAAML,QAAQ,CAACE,YAAY,EAAE;IACxCI,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAACf,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3Be,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEE,IAAI,IAAKlB,IAAI,CAACmB,KAAK,CAACD,IAAI,CAAC,CAAC;EAEnC,OAAO;IACLE,IAAI,EAAEN,IAAI,CAACM;EACb,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAEZ,GAAG,MAAOC,QAAQ,IAAK;EACtB,MAAMC,YAAY,GAAGrB,+BAA+B,CAACsB,SAAS,CAACF,QAAQ,CAAC;EACxE,IAAI,CAACC,YAAY,CAACE,OAAO,EAAE;IACzB,MAAM,IAAIC,KAAK,CAAC,sCAAsC,CAAC;EACzD;EAEA,MAAMZ,IAAI,GAAGS,YAAY,CAACI,IAAI,CAACC,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAAChB,IAAI;EAEzE,IAAI,CAACA,IAAI,IAAI,CAACiB,KAAK,CAACC,OAAO,CAAClB,IAAI,CAACM,IAAI,CAAC,EAAE;IACtC,MAAM,IAAIM,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,OAAO;IACLN,IAAI,EAAEN,IAAI,CAACM;EACb,CAAC;AACH,CAAC"}

package/lib/module/credential/presentation/04-get-request-object.js DELETED Viewed

@@ -1,74 +0,0 @@
-import uuid from "react-native-uuid";
-import { decode as decodeJwt, sha256ToBase64, verify } from "@pagopa/io-react-native-jwt";
-import { createDPopToken } from "../../utils/dpop";
-import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
-import { hasStatusOrThrow } from "../../utils/misc";
-import { RequestObject } from "./types";
-/**
- * Obtain the Request Object for RP authentication
- * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
- *
- * @param requestUri The url for the Relying Party to connect with
- * @param rpConf The Relying Party's configuration
- * @param context.wiaCryptoContext The context to access the key associated with the Wallet Instance Attestation
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The Request Object that describes the presentation
- */
-export const getRequestObject = async (requestUri, _ref, jwkKeys) => {
-  let {
-    wiaCryptoContext,
-    appFetch = fetch,
-    walletInstanceAttestation
-  } = _ref;
-  const signedWalletInstanceDPoP = await createDPopToken({
-    jti: `${uuid.v4()}`,
-    htm: "GET",
-    htu: requestUri,
-    ath: await sha256ToBase64(walletInstanceAttestation)
-  }, wiaCryptoContext);
-  const responseEncodedJwt = await appFetch(requestUri, {
-    method: "GET",
-    headers: {
-      Authorization: `DPoP ${walletInstanceAttestation}`,
-      DPoP: signedWalletInstanceDPoP
-    }
-  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(responseJson => responseJson.response);
-  const responseJwt = decodeJwt(responseEncodedJwt);
-  await verifyTokenSignature(jwkKeys, responseJwt);
-  // Ensure that the request object conforms to the expected specification.
-  const requestObject = RequestObject.parse(responseJwt.payload);
-  return {
-    requestObject
-  };
-};
-const verifyTokenSignature = async (jwkKeys, responseJwt) => {
-  var _responseJwt$protecte;
-  // verify token signature to ensure the request object is authentic
-  // 1. according to entity configuration if present
-  if (jwkKeys) {
-    const pubKey = jwkKeys.find(_ref2 => {
-      let {
-        kid
-      } = _ref2;
-      return kid === responseJwt.protectedHeader.kid;
-    });
-    if (!pubKey) {
-      throw new NoSuitableKeysFoundInEntityConfiguration("Request Object signature verification");
-    }
-    await verify(responseJwt, pubKey);
-    return;
-  }
-  // 2. If jwk is not retrieved from entity config, check if the token contains the 'jwk' attribute
-  if ((_responseJwt$protecte = responseJwt.protectedHeader) !== null && _responseJwt$protecte !== void 0 && _responseJwt$protecte.jwk) {
-    const pubKey = responseJwt.protectedHeader.jwk;
-    await verify(responseJwt, pubKey);
-    return;
-  }
-  // No verification condition matched: skipping signature verification for now.
-  // TODO: [EUDIW-215] Remove skipping signature verification
-};
-//# sourceMappingURL=04-get-request-object.js.map

package/lib/module/credential/presentation/04-get-request-object.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["uuid","decode","decodeJwt","sha256ToBase64","verify","createDPopToken","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","RequestObject","getRequestObject","requestUri","_ref","jwkKeys","wiaCryptoContext","appFetch","fetch","walletInstanceAttestation","signedWalletInstanceDPoP","jti","v4","htm","htu","ath","responseEncodedJwt","method","headers","Authorization","DPoP","then","res","json","responseJson","response","responseJwt","verifyTokenSignature","requestObject","parse","payload","_responseJwt$protecte","pubKey","find","_ref2","kid","protectedHeader","jwk"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-get-request-object.ts"],"mappings":"AAAA,OAAOA,IAAI,MAAM,mBAAmB;AACpC,SACEC,MAAM,IAAIC,SAAS,EACnBC,cAAc,EACdC,MAAM,QAED,6BAA6B;AAEpC,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,wCAAwC,QAAQ,UAAU;AAEnE,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SAASC,aAAa,QAAQ,SAAS;AAYvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EAAAC,IAAA,EAEVC,OAAO,KACJ;EAAA,IAFH;IAAEC,gBAAgB;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAA0B,CAAC,GAAAL,IAAA;EAGjE,MAAMM,wBAAwB,GAAG,MAAMZ,eAAe,CACpD;IACEa,GAAG,EAAG,GAAElB,IAAI,CAACmB,EAAE,CAAC,CAAE,EAAC;IACnBC,GAAG,EAAE,KAAK;IACVC,GAAG,EAAEX,UAAU;IACfY,GAAG,EAAE,MAAMnB,cAAc,CAACa,yBAAyB;EACrD,CAAC,EACDH,gBACF,CAAC;EAED,MAAMU,kBAAkB,GAAG,MAAMT,QAAQ,CAACJ,UAAU,EAAE;IACpDc,MAAM,EAAE,KAAK;IACbC,OAAO,EAAE;MACPC,aAAa,EAAG,QAAOV,yBAA0B,EAAC;MAClDW,IAAI,EAAEV;IACR;EACF,CAAC,CAAC,CACCW,IAAI,CAACrB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BqB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,YAAY,IAAKA,YAAY,CAACC,QAAQ,CAAC;EAEhD,MAAMC,WAAW,GAAG/B,SAAS,CAACqB,kBAAkB,CAAC;EAEjD,MAAMW,oBAAoB,CAACtB,OAAO,EAAEqB,WAAW,CAAC;;EAEhD;EACA,MAAME,aAAa,GAAG3B,aAAa,CAAC4B,KAAK,CAACH,WAAW,CAACI,OAAO,CAAC;EAE9D,OAAO;IACLF;EACF,CAAC;AACH,CAAC;AAED,MAAMD,oBAAoB,GAAG,MAAAA,CAC3BtB,OAAgC,EAChCqB,WAAiB,KACC;EAAA,IAAAK,qBAAA;EAClB;EACA;EACA,IAAI1B,OAAO,EAAE;IACX,MAAM2B,MAAM,GAAG3B,OAAO,CAAC4B,IAAI,CACzBC,KAAA;MAAA,IAAC;QAAEC;MAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,GAAG,KAAKT,WAAW,CAACU,eAAe,CAACD,GAAG;IAAA,CACtD,CAAC;IACD,IAAI,CAACH,MAAM,EAAE;MACX,MAAM,IAAIjC,wCAAwC,CAChD,uCACF,CAAC;IACH;IACA,MAAMF,MAAM,CAAC6B,WAAW,EAAEM,MAAM,CAAC;IACjC;EACF;;EAEA;EACA,KAAAD,qBAAA,GAAIL,WAAW,CAACU,eAAe,cAAAL,qBAAA,eAA3BA,qBAAA,CAA6BM,GAAG,EAAE;IACpC,MAAML,MAAM,GAAGN,WAAW,CAACU,eAAe,CAACC,GAAG;IAC9C,MAAMxC,MAAM,CAAC6B,WAAW,EAAEM,MAAM,CAAC;IACjC;EACF;;EAEA;EACA;AACF,CAAC"}

package/lib/module/credential/presentation/05-send-authorization-response.js DELETED Viewed

@@ -1,128 +0,0 @@
-import { EncryptJwe, SignJWT } from "@pagopa/io-react-native-jwt";
-import uuid from "react-native-uuid";
-import * as WalletInstanceAttestation from "../../wallet-instance-attestation";
-import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
-import { hasStatusOrThrow } from "../../utils/misc";
-import { disclose } from "../../sd-jwt";
-import * as z from "zod";
-export const AuthorizationResponse = z.object({
-  status: z.string(),
-  response_code: z.string() /**
-                            FIXME: [SIW-627] we expect this value from every RP implementation
-                            Actually some RP does not return the value
-                            We make it optional to not break the flow.
-                            */.optional()
-});
-/**
- * Choose an RSA public key from those offered by the RP for encryption.
- *
- * @param entity The RP entity configuration
- * @returns A suitable public key with its compatible encryption algorithm
- * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
- */
-const chooseRSAPublicKeyToEncrypt = entity => {
-  const [usingRsa256] = entity.wallet_relying_party.jwks.keys.filter(jwk => jwk.use === "enc" && jwk.kty === "RSA");
-  if (usingRsa256) {
-    return usingRsa256;
-  }
-  // No suitable key has been found
-  throw new NoSuitableKeysFoundInEntityConfiguration("Encrypt with RP public key");
-};
-/**
- * Generate a Verified Presentation token for a received request object within the context of an authorization request flow.
- * The presentation is created by revealing data from the provided credentials based on the requested claims.
- * Each Verified Credential is accompanied by the claims that the user consents to disclose from it.
- *
- * @todo: Allow for handling more than one Verified Credential.
- */
-const prepareVpToken = async (requestObject, walletInstanceAttestation, _ref) => {
-  let [vc, claims, cryptoCtx] = _ref;
-  // this throws if vc cannot satisfy all the requested claims
-  const {
-    token: vp,
-    paths
-  } = await disclose(vc, claims);
-  // obtain issuer from Wallet Instance
-  const {
-    payload: {
-      iss
-    }
-  } = WalletInstanceAttestation.decode(walletInstanceAttestation);
-  const pidKid = await cryptoCtx.getPublicKey().then(_ => _.kid);
-  // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
-  const vp_token = await new SignJWT(cryptoCtx).setProtectedHeader({
-    typ: "JWT",
-    kid: pidKid
-  }).setPayload({
-    vp: vp,
-    jti: `${uuid.v4()}`,
-    iss,
-    nonce: requestObject.nonce
-  }).setAudience(requestObject.response_uri).setIssuedAt().setExpirationTime("1h").sign();
-  const vc_scope = requestObject.scope;
-  const presentation_submission = {
-    definition_id: `${uuid.v4()}`,
-    id: `${uuid.v4()}`,
-    descriptor_map: paths.map(p => ({
-      id: vc_scope,
-      path: `$.vp_token.${p.path}`,
-      format: "vc+sd-jwt"
-    }))
-  };
-  return {
-    vp_token,
-    presentation_submission
-  };
-};
-/**
- * Complete the presentation flow by sending the authorization response to the Relying Party
- *
- * @param requestObject The Request Object that describes the presentation
- * @param rpConf The Relying Party's configuration
- * @param presentation The presentation tuple consisting in the signed credential,
- * the list of claims to be disclosed, and the context to access the key that proves the holder binding
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The result of the presentation flow
- */
-export const sendAuthorizationResponse = async (requestObject, rpConf, presentation, _ref2) => {
-  let {
-    appFetch = fetch,
-    walletInstanceAttestation
-  } = _ref2;
-  // the request is an unsigned jws without iss, aud, exp
-  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
-  const rsaPublicJwk = chooseRSAPublicKeyToEncrypt(rpConf);
-  const {
-    vp_token,
-    presentation_submission
-  } = await prepareVpToken(requestObject, walletInstanceAttestation, presentation);
-  const authzResponsePayload = JSON.stringify({
-    state: requestObject.state,
-    presentation_submission,
-    nonce: requestObject.nonce,
-    vp_token
-  });
-  const encrypted = await new EncryptJwe(authzResponsePayload, {
-    alg: "RSA-OAEP-256",
-    enc: "A256CBC-HS512",
-    kid: rsaPublicJwk.kid
-  }).encrypt(rsaPublicJwk);
-  const formBody = new URLSearchParams({
-    response: encrypted
-  });
-  const body = formBody.toString();
-  return appFetch(requestObject.response_uri, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded"
-    },
-    body
-  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(AuthorizationResponse.parse);
-};
-//# sourceMappingURL=05-send-authorization-response.js.map

package/lib/module/credential/presentation/05-send-authorization-response.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["EncryptJwe","SignJWT","uuid","WalletInstanceAttestation","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","disclose","z","AuthorizationResponse","object","status","string","response_code","optional","chooseRSAPublicKeyToEncrypt","entity","usingRsa256","wallet_relying_party","jwks","keys","filter","jwk","use","kty","prepareVpToken","requestObject","walletInstanceAttestation","_ref","vc","claims","cryptoCtx","token","vp","paths","payload","iss","decode","pidKid","getPublicKey","then","_","kid","vp_token","setProtectedHeader","typ","setPayload","jti","v4","nonce","setAudience","response_uri","setIssuedAt","setExpirationTime","sign","vc_scope","scope","presentation_submission","definition_id","id","descriptor_map","map","p","path","format","sendAuthorizationResponse","rpConf","presentation","_ref2","appFetch","fetch","rsaPublicJwk","authzResponsePayload","JSON","stringify","state","encrypted","alg","enc","encrypt","formBody","URLSearchParams","response","body","toString","method","headers","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-send-authorization-response.ts"],"mappings":"AAAA,SAASA,UAAU,EAAEC,OAAO,QAAQ,6BAA6B;AACjE,OAAOC,IAAI,MAAM,mBAAmB;AACpC,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAE9E,SAASC,wCAAwC,QAAQ,UAAU;AACnE,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SAASC,QAAQ,QAAQ,cAAc;AAGvC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAGxB,OAAO,MAAMC,qBAAqB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAC5CC,MAAM,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBC,aAAa,EAAEL,CAAC,CACbI,MAAM,CAAC,CAAC,CAAC;AACd;AACA;AACA;AACA,8BAJc,CAKTE,QAAQ,CAAC;AACd,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,2BAA2B,GAC/BC,MAAgD,IACxC;EACR,MAAM,CAACC,WAAW,CAAC,GAAGD,MAAM,CAACE,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACC,MAAM,CAC/DC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,IAAID,GAAG,CAACE,GAAG,KAAK,KAC5C,CAAC;EAED,IAAIP,WAAW,EAAE;IACf,OAAOA,WAAW;EACpB;;EAEA;EACA,MAAM,IAAIZ,wCAAwC,CAChD,4BACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMoB,cAAc,GAAG,MAAAA,CACrBC,aAAqD,EACrDC,yBAAiC,EAAAC,IAAA,KAK7B;EAAA,IAJJ,CAACC,EAAE,EAAEC,MAAM,EAAEC,SAAS,CAAe,GAAAH,IAAA;EAKrC;EACA,MAAM;IAAEI,KAAK,EAAEC,EAAE;IAAEC;EAAM,CAAC,GAAG,MAAM3B,QAAQ,CAACsB,EAAE,EAAEC,MAAM,CAAC;;EAEvD;EACA,MAAM;IACJK,OAAO,EAAE;MAAEC;IAAI;EACjB,CAAC,GAAGhC,yBAAyB,CAACiC,MAAM,CAACV,yBAAyB,CAAC;EAE/D,MAAMW,MAAM,GAAG,MAAMP,SAAS,CAACQ,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;;EAEhE;EACA,MAAMC,QAAQ,GAAG,MAAM,IAAIzC,OAAO,CAAC6B,SAAS,CAAC,CAC1Ca,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVH,GAAG,EAAEJ;EACP,CAAC,CAAC,CACDQ,UAAU,CAAC;IACVb,EAAE,EAAEA,EAAE;IACNc,GAAG,EAAG,GAAE5C,IAAI,CAAC6C,EAAE,CAAC,CAAE,EAAC;IACnBZ,GAAG;IACHa,KAAK,EAAEvB,aAAa,CAACuB;EACvB,CAAC,CAAC,CACDC,WAAW,CAACxB,aAAa,CAACyB,YAAY,CAAC,CACvCC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,QAAQ,GAAG7B,aAAa,CAAC8B,KAAK;EACpC,MAAMC,uBAAuB,GAAG;IAC9BC,aAAa,EAAG,GAAEvD,IAAI,CAAC6C,EAAE,CAAC,CAAE,EAAC;IAC7BW,EAAE,EAAG,GAAExD,IAAI,CAAC6C,EAAE,CAAC,CAAE,EAAC;IAClBY,cAAc,EAAE1B,KAAK,CAAC2B,GAAG,CAAEC,CAAC,KAAM;MAChCH,EAAE,EAAEJ,QAAQ;MACZQ,IAAI,EAAG,cAAaD,CAAC,CAACC,IAAK,EAAC;MAC5BC,MAAM,EAAE;IACV,CAAC,CAAC;EACJ,CAAC;EAED,OAAO;IAAErB,QAAQ;IAAEc;EAAwB,CAAC;AAC9C,CAAC;AAYD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,yBAAoD,GAAG,MAAAA,CAClEvC,aAAa,EACbwC,MAAM,EACNC,YAAY,EAAAC,KAAA,KAEuB;EAAA,IADnC;IAAEC,QAAQ,GAAGC,KAAK;IAAE3C;EAA0B,CAAC,GAAAyC,KAAA;EAE/C;EACA;EACA,MAAMG,YAAY,GAAGxD,2BAA2B,CAACmD,MAAM,CAAC;EAExD,MAAM;IAAEvB,QAAQ;IAAEc;EAAwB,CAAC,GAAG,MAAMhC,cAAc,CAChEC,aAAa,EACbC,yBAAyB,EACzBwC,YACF,CAAC;EAED,MAAMK,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEjD,aAAa,CAACiD,KAAK;IAC1BlB,uBAAuB;IACvBR,KAAK,EAAEvB,aAAa,CAACuB,KAAK;IAC1BN;EACF,CAAC,CAAC;EAEF,MAAMiC,SAAS,GAAG,MAAM,IAAI3E,UAAU,CAACuE,oBAAoB,EAAE;IAC3DK,GAAG,EAAE,cAAc;IACnBC,GAAG,EAAE,eAAe;IACpBpC,GAAG,EAAE6B,YAAY,CAAC7B;EACpB,CAAC,CAAC,CAACqC,OAAO,CAACR,YAAY,CAAC;EAExB,MAAMS,QAAQ,GAAG,IAAIC,eAAe,CAAC;IAAEC,QAAQ,EAAEN;EAAU,CAAC,CAAC;EAC7D,MAAMO,IAAI,GAAGH,QAAQ,CAACI,QAAQ,CAAC,CAAC;EAEhC,OAAOf,QAAQ,CAAC3C,aAAa,CAACyB,YAAY,EAAE;IAC1CkC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDH;EACF,CAAC,CAAC,CACC3C,IAAI,CAAClC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BkC,IAAI,CAAE+C,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBhD,IAAI,CAAC/B,qBAAqB,CAACgF,KAAK,CAAC;AACtC,CAAC"}

package/lib/typescript/credential/presentation/03-retrieve-jwks.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"03-retrieve-jwks.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/03-retrieve-jwks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAQ,GAAG,EAAE,MAAM,iBAAiB,CAAC;AAE5C,OAAO,EAAE,+BAA+B,EAAE,MAAM,0BAA0B,CAAC;AAE3E;;;;;;GAMG;AACH,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC,KAAK,OAAO,CAAC;IAC7E,IAAI,EAAE,GAAG,EAAE,CAAC;CACb,CAAC,CAAC;AAEH;;;;;;;;;GASG;AACH,eAAO,MAAM,gBAAgB,EAAE,SAAS,CACtC;IAAC,MAAM;IAAE;QAAE,OAAO,CAAC,EAAE;YAAE,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAA;SAAE,CAAA;KAAE;CAAC,CAoB5D,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,mBAAmB,EAAE,SAAS,CACzC;IAAC,+BAA+B;CAAC,CAgBlC,CAAC"}

package/lib/typescript/credential/presentation/04-get-request-object.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"04-get-request-object.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/04-get-request-object.ts"],"names":[],"mappings":"AACA,OAAO,EAIL,KAAK,aAAa,EACnB,MAAM,6BAA6B,CAAC;AAIrC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAExC,MAAM,MAAM,gBAAgB,GAAG,CAC7B,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,EACxC,OAAO,EAAE;IACP,gBAAgB,EAAE,aAAa,CAAC;IAChC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;IAChC,yBAAyB,EAAE,MAAM,CAAC;CACnC,EACD,OAAO,CAAC,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAC7B,OAAO,CAAC;IAAE,aAAa,EAAE,aAAa,CAAA;CAAE,CAAC,CAAC;AAE/C;;;;;;;;;;GAUG;AACH,eAAO,MAAM,gBAAgB,EAAE,gBAoC9B,CAAC"}

package/lib/typescript/credential/presentation/05-send-authorization-response.d.ts DELETED Viewed

@@ -1,34 +0,0 @@
-import { type Out } from "../../utils/misc";
-import type { GetRequestObject } from "./04-get-request-object";
-import type { EvaluateRelyingPartyTrust } from "./02-evaluate-rp-trust";
-import { type Presentation } from "./types";
-import * as z from "zod";
-export type AuthorizationResponse = z.infer<typeof AuthorizationResponse>;
-export declare const AuthorizationResponse: z.ZodObject<{
-    status: z.ZodString;
-    response_code: z.ZodOptional<z.ZodString>;
-}, "strip", z.ZodTypeAny, {
-    status: string;
-    response_code?: string | undefined;
-}, {
-    status: string;
-    response_code?: string | undefined;
-}>;
-export type SendAuthorizationResponse = (requestObject: Out<GetRequestObject>["requestObject"], rpConf: Out<EvaluateRelyingPartyTrust>["rpConf"], presentation: Presentation, // TODO: [SIW-353] support multiple presentations
-context: {
-    walletInstanceAttestation: string;
-    appFetch?: GlobalFetch["fetch"];
-}) => Promise<AuthorizationResponse>;
-/**
- * Complete the presentation flow by sending the authorization response to the Relying Party
- *
- * @param requestObject The Request Object that describes the presentation
- * @param rpConf The Relying Party's configuration
- * @param presentation The presentation tuple consisting in the signed credential,
- * the list of claims to be disclosed, and the context to access the key that proves the holder binding
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The result of the presentation flow
- */
-export declare const sendAuthorizationResponse: SendAuthorizationResponse;
-//# sourceMappingURL=05-send-authorization-response.d.ts.map

package/lib/typescript/credential/presentation/05-send-authorization-response.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"05-send-authorization-response.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/05-send-authorization-response.ts"],"names":[],"mappings":"AAKA,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAEhE,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AACxE,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAC1E,eAAO,MAAM,qBAAqB;;;;;;;;;EAShC,CAAC;AAkFH,MAAM,MAAM,yBAAyB,GAAG,CACtC,aAAa,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,eAAe,CAAC,EACrD,MAAM,EAAE,GAAG,CAAC,yBAAyB,CAAC,CAAC,QAAQ,CAAC,EAChD,YAAY,EAAE,YAAY,EAAE,iDAAiD;AAC7E,OAAO,EAAE;IACP,yBAAyB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC,qBAAqB,CAAC,CAAC;AAEpC;;;;;;;;;;GAUG;AACH,eAAO,MAAM,yBAAyB,EAAE,yBA0CvC,CAAC"}

package/src/credential/presentation/05-send-authorization-response.ts DELETED Viewed

@@ -1,168 +0,0 @@
-import { EncryptJwe, SignJWT } from "@pagopa/io-react-native-jwt";
-import uuid from "react-native-uuid";
-import * as WalletInstanceAttestation from "../../wallet-instance-attestation";
-import type { JWK } from "@pagopa/io-react-native-jwt/lib/typescript/types";
-import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
-import { hasStatusOrThrow, type Out } from "../../utils/misc";
-import type { GetRequestObject } from "./04-get-request-object";
-import { disclose } from "../../sd-jwt";
-import type { EvaluateRelyingPartyTrust } from "./02-evaluate-rp-trust";
-import { type Presentation } from "./types";
-import * as z from "zod";
-export type AuthorizationResponse = z.infer<typeof AuthorizationResponse>;
-export const AuthorizationResponse = z.object({
-  status: z.string(),
-  response_code: z
-    .string() /**
-      FIXME: [SIW-627] we expect this value from every RP implementation
-      Actually some RP does not return the value
-      We make it optional to not break the flow.
-    */
-    .optional(),
-});
-/**
- * Choose an RSA public key from those offered by the RP for encryption.
- *
- * @param entity The RP entity configuration
- * @returns A suitable public key with its compatible encryption algorithm
- * @throws {NoSuitableKeysFoundInEntityConfiguration} If entity do not contain any public key suitable for encrypting
- */
-const chooseRSAPublicKeyToEncrypt = (
-  entity: Out<EvaluateRelyingPartyTrust>["rpConf"]
-): JWK => {
-  const [usingRsa256] = entity.wallet_relying_party.jwks.keys.filter(
-    (jwk) => jwk.use === "enc" && jwk.kty === "RSA"
-  );
-  if (usingRsa256) {
-    return usingRsa256;
-  }
-  // No suitable key has been found
-  throw new NoSuitableKeysFoundInEntityConfiguration(
-    "Encrypt with RP public key"
-  );
-};
-/**
- * Generate a Verified Presentation token for a received request object within the context of an authorization request flow.
- * The presentation is created by revealing data from the provided credentials based on the requested claims.
- * Each Verified Credential is accompanied by the claims that the user consents to disclose from it.
- *
- * @todo: Allow for handling more than one Verified Credential.
- */
-const prepareVpToken = async (
-  requestObject: Out<GetRequestObject>["requestObject"],
-  walletInstanceAttestation: string,
-  [vc, claims, cryptoCtx]: Presentation // TODO: [SIW-353] support multiple presentations,
-): Promise<{
-  vp_token: string;
-  presentation_submission: Record<string, unknown>;
-}> => {
-  // this throws if vc cannot satisfy all the requested claims
-  const { token: vp, paths } = await disclose(vc, claims);
-  // obtain issuer from Wallet Instance
-  const {
-    payload: { iss },
-  } = WalletInstanceAttestation.decode(walletInstanceAttestation);
-  const pidKid = await cryptoCtx.getPublicKey().then((_) => _.kid);
-  // TODO: [SIW-359] check all requeste claims of the requestedObj are satisfied
-  const vp_token = await new SignJWT(cryptoCtx)
-    .setProtectedHeader({
-      typ: "JWT",
-      kid: pidKid,
-    })
-    .setPayload({
-      vp: vp,
-      jti: `${uuid.v4()}`,
-      iss,
-      nonce: requestObject.nonce,
-    })
-    .setAudience(requestObject.response_uri)
-    .setIssuedAt()
-    .setExpirationTime("1h")
-    .sign();
-  const vc_scope = requestObject.scope;
-  const presentation_submission = {
-    definition_id: `${uuid.v4()}`,
-    id: `${uuid.v4()}`,
-    descriptor_map: paths.map((p) => ({
-      id: vc_scope,
-      path: `$.vp_token.${p.path}`,
-      format: "vc+sd-jwt",
-    })),
-  };
-  return { vp_token, presentation_submission };
-};
-export type SendAuthorizationResponse = (
-  requestObject: Out<GetRequestObject>["requestObject"],
-  rpConf: Out<EvaluateRelyingPartyTrust>["rpConf"],
-  presentation: Presentation, // TODO: [SIW-353] support multiple presentations
-  context: {
-    walletInstanceAttestation: string;
-    appFetch?: GlobalFetch["fetch"];
-  }
-) => Promise<AuthorizationResponse>;
-/**
- * Complete the presentation flow by sending the authorization response to the Relying Party
- *
- * @param requestObject The Request Object that describes the presentation
- * @param rpConf The Relying Party's configuration
- * @param presentation The presentation tuple consisting in the signed credential,
- * the list of claims to be disclosed, and the context to access the key that proves the holder binding
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The result of the presentation flow
- */
-export const sendAuthorizationResponse: SendAuthorizationResponse = async (
-  requestObject,
-  rpConf,
-  presentation,
-  { appFetch = fetch, walletInstanceAttestation }
-): Promise<AuthorizationResponse> => {
-  // the request is an unsigned jws without iss, aud, exp
-  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-respon
-  const rsaPublicJwk = chooseRSAPublicKeyToEncrypt(rpConf);
-  const { vp_token, presentation_submission } = await prepareVpToken(
-    requestObject,
-    walletInstanceAttestation,
-    presentation
-  );
-  const authzResponsePayload = JSON.stringify({
-    state: requestObject.state,
-    presentation_submission,
-    nonce: requestObject.nonce,
-    vp_token,
-  });
-  const encrypted = await new EncryptJwe(authzResponsePayload, {
-    alg: "RSA-OAEP-256",
-    enc: "A256CBC-HS512",
-    kid: rsaPublicJwk.kid,
-  }).encrypt(rsaPublicJwk);
-  const formBody = new URLSearchParams({ response: encrypted });
-  const body = formBody.toString();
-  return appFetch(requestObject.response_uri, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded",
-    },
-    body,
-  })
-    .then(hasStatusOrThrow(200))
-    .then((res) => res.json())
-    .then(AuthorizationResponse.parse);
-};