npm - @pagopa/io-react-native-wallet - Versions diffs - 1.1.2 → 1.2.2 - Mend

@pagopa/io-react-native-wallet 1.1.2 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (99) hide show

package/src/credential/presentation/08-send-authorization-response.ts ADDED Viewed

@@ -0,0 +1,251 @@
+import {
+  EncryptJwe,
+  SignJWT,
+  sha256ToBase64,
+} from "@pagopa/io-react-native-jwt";
+import uuid from "react-native-uuid";
+import type { FetchJwks } from "./04-retrieve-rp-jwks";
+import type { VerifyRequestObjectSignature } from "./05-verify-request-object";
+import type { JWK } from "@pagopa/io-react-native-jwt/lib/typescript/types";
+import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
+import { hasStatusOrThrow, type Out } from "../../utils/misc";
+import { disclose } from "../../sd-jwt";
+import { PresentationDefinition, type Presentation } from "./types";
+import * as z from "zod";
+export type AuthorizationResponse = z.infer<typeof AuthorizationResponse>;
+export const AuthorizationResponse = z.object({
+  status: z.string().optional(),
+  response_code: z
+    .string() /**
+      FIXME: [SIW-627] we expect this value from every RP implementation
+      Actually some RP does not return the value
+      We make it optional to not break the flow.
+    */
+    .optional(),
+  redirect_uri: z.string().optional(),
+});
+/**
+ * Selects an RSA public key (with `use = enc` and `kty = RSA`) from the set of JWK keys
+ * offered by the Relying Party (RP) for encryption.
+ *
+ * @param rpJwkKeys - The array of JWKs retrieved from the RP entity configuration.
+ * @returns The first suitable RSA public key found in the list.
+ * @throws {NoSuitableKeysFoundInEntityConfiguration} If no suitable RSA encryption key is found.
+ */
+export const chooseRSAPublicKeyToEncrypt = (
+  rpJwkKeys: Out<FetchJwks>["keys"]
+): JWK => {
+  const [rsaEncKey] = rpJwkKeys.filter(
+    (jwk) => jwk.use === "enc" && jwk.kty === "RSA"
+  );
+  if (rsaEncKey) {
+    return rsaEncKey;
+  }
+  // No suitable key found
+  throw new NoSuitableKeysFoundInEntityConfiguration(
+    "No suitable RSA public key found for encryption."
+  );
+};
+/**
+ * Prepares a Verified Presentation (VP) token to be sent as part of an
+ * authorization response in an OpenID 4 Verifiable Presentations flow.
+ *
+ * @param requestObject - The request object containing the nonce, response URI, and other necessary info.
+ * @param presentationTuple - A tuple containing a verifiable credential, the claims to disclose,
+ *                            and a cryptographic context for signing.
+ * @returns An object containing the signed VP token (`vp_token`) and a `presentation_submission` object.
+ * @param presentationDefinition - Definition outlining presentation requirements.
+ * @param presentationTuple - Tuple containing:
+ *    - A verifiable credential.
+ *    - Claims that should be disclosed.
+ *    - Cryptographic context for signing.
+ * @returns An object with:
+ *    - `vp_token`: The signed VP token.
+ *    - `presentation_submission`: Object mapping disclosed credentials to the request.
+ *
+ * @remarks
+ *  1. The `disclose()` function is used to produce a token with only the requested claims.
+ *  2. A new JWT is then signed, including the VP, `jti`, `iss`, `nonce`, audience, and expiration.
+ *  3. The `presentation_submission` object follows the OpenID 4 VP specification for describing
+ *     how the disclosed credentials map to the request.
+ *
+ * @todo [SIW-353] Support multiple verifiable credentials in a single request.
+ */
+export const prepareVpToken = async (
+  requestObject: Out<VerifyRequestObjectSignature>["requestObject"],
+  presentationDefinition: PresentationDefinition,
+  [verifiableCredential, requestedClaims, cryptoContext]: Presentation
+): Promise<{
+  vp_token: string;
+  presentation_submission: Record<string, unknown>;
+}> => {
+  // Produce a VP token with only requested claims from the verifiable credential
+  const { token: vp } = await disclose(verifiableCredential, requestedClaims);
+  // <Issuer-signed JWT>~<Disclosure 1>~<Disclosure N>~
+  const sd_hash = await sha256ToBase64(`${vp}~`);
+  const kbJwt = await new SignJWT(cryptoContext)
+    .setProtectedHeader({
+      typ: "kb+jwt",
+      alg: "ES256",
+    })
+    .setPayload({
+      sd_hash,
+      nonce: requestObject.nonce,
+    })
+    .setAudience(requestObject.client_id)
+    .setIssuedAt()
+    .sign();
+  // <Issuer-signed JWT>~<Disclosure 1>~...~<Disclosure N>~<KB-JWT>
+  const vp_token = [vp, kbJwt].join("~");
+  // Determine the descriptor ID to use for mapping. Fallback to first input descriptor ID if not specified
+  // We support only one credential for now, so we get first input_descriptor and create just one descriptor_map
+  const presentation_submission = {
+    id: uuid.v4(),
+    definition_id: presentationDefinition.id,
+    descriptor_map: [
+      {
+        id: presentationDefinition?.input_descriptors[0]?.id,
+        path: `$`,
+        format: "vc+sd-jwt",
+      },
+    ],
+  };
+  return { vp_token, presentation_submission };
+};
+/**
+ * Builds a URL-encoded form body for a direct POST response without encryption.
+ *
+ * @param requestObject - Contains state, nonce, and other relevant info.
+ * @param vpToken - The signed VP token to include.
+ * @param presentationSubmission - Object mapping credential disclosures.
+ * @returns A URL-encoded string suitable for an `application/x-www-form-urlencoded` POST body.
+ */
+export const buildDirectPostBody = async (
+  requestObject: Out<VerifyRequestObjectSignature>["requestObject"],
+  vpToken: string,
+  presentationSubmission: Record<string, unknown>
+): Promise<string> => {
+  const formUrlEncodedBody = new URLSearchParams({
+    state: requestObject.state,
+    presentation_submission: JSON.stringify(presentationSubmission),
+    vp_token: vpToken,
+  });
+  return formUrlEncodedBody.toString();
+};
+/**
+ * Builds a URL-encoded form body for a direct POST response using JWT encryption.
+ *
+ * @param jwkKeys - Array of JWKs from the Relying Party for encryption.
+ * @param requestObject - Contains state, nonce, and other relevant info.
+ * @param vpToken - The signed VP token to encrypt.
+ * @param presentationSubmission - Object mapping credential disclosures.
+ * @returns A URL-encoded string for an `application/x-www-form-urlencoded` POST body,
+ *          where `response` contains the encrypted JWE.
+ */
+export const buildDirectPostJwtBody = async (
+  jwkKeys: Out<FetchJwks>["keys"],
+  requestObject: Out<VerifyRequestObjectSignature>["requestObject"],
+  vpToken: string,
+  presentationSubmission: Record<string, unknown>
+): Promise<string> => {
+  // Prepare the authorization response payload to be encrypted
+  const authzResponsePayload = JSON.stringify({
+    state: requestObject.state,
+    presentation_submission: presentationSubmission,
+    vp_token: vpToken,
+  });
+  // Choose a suitable RSA public key for encryption
+  const rsaPublicJwk = chooseRSAPublicKeyToEncrypt(jwkKeys);
+  // Encrypt the authorization payload
+  const encryptedResponse = await new EncryptJwe(authzResponsePayload, {
+    alg: "RSA-OAEP-256",
+    enc: "A256CBC-HS512",
+    kid: rsaPublicJwk.kid,
+  }).encrypt(rsaPublicJwk);
+  // Build the x-www-form-urlencoded form body
+  const formBody = new URLSearchParams({ response: encryptedResponse });
+  return formBody.toString();
+};
+/**
+ * Type definition for the function that sends the authorization response
+ * to the Relying Party, completing the presentation flow.
+ */
+export type SendAuthorizationResponse = (
+  requestObject: Out<VerifyRequestObjectSignature>["requestObject"],
+  presentationDefinition: PresentationDefinition,
+  jwkKeys: Out<FetchJwks>["keys"],
+  presentation: Presentation, // TODO: [SIW-353] support multiple presentations
+  context: {
+    appFetch?: GlobalFetch["fetch"];
+  }
+) => Promise<AuthorizationResponse>;
+/**
+ * Sends the authorization response to the Relying Party (RP) using the specified `response_mode`.
+ * This function completes the presentation flow in an OpenID 4 Verifiable Presentations scenario.
+ *
+ * @param requestObject - The request details, including presentation requirements.
+ * @param presentationDefinition - The definition of the expected presentation.
+ * @param jwkKeys - Array of JWKs from the Relying Party for optional encryption.
+ * @param presentation - Tuple with verifiable credential, claims, and crypto context.
+ * @param context - Contains optional custom fetch implementation.
+ * @returns Parsed and validated authorization response from the Relying Party.
+ */
+export const sendAuthorizationResponse: SendAuthorizationResponse = async (
+  requestObject,
+  presentationDefinition,
+  jwkKeys,
+  presentation,
+  { appFetch = fetch }
+): Promise<AuthorizationResponse> => {
+  // 1. Create the VP token and associated submission mapping
+  const { vp_token, presentation_submission } = await prepareVpToken(
+    requestObject,
+    presentationDefinition,
+    presentation
+  );
+  // 2. Choose the appropriate request body builder based on response mode
+  const requestBody =
+    requestObject.response_mode === "direct_post.jwt"
+      ? await buildDirectPostJwtBody(
+          jwkKeys,
+          requestObject,
+          vp_token,
+          presentation_submission
+        )
+      : await buildDirectPostBody(
+          requestObject,
+          vp_token,
+          presentation_submission
+        );
+  // 3. Send the authorization response via HTTP POST and validate the response
+  return await appFetch(requestObject.response_uri, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+    },
+    body: requestBody,
+  })
+    .then(hasStatusOrThrow(200))
+    .then((res) => res.json())
+    .then(AuthorizationResponse.parse);
+};

package/src/credential/presentation/README.md CHANGED Viewed

@@ -60,15 +60,54 @@ const { requestURI, clientId } = Credential.Presentation.startFlowFromQR(qrcode)
 // If use trust federation: Evaluate issuer trust
 const { rpConf } = await Credential.Presentation.evaluateRelyingPartyTrust(clientId);
+const { requestObjectEncodedJwt } =
+    await Credential.Presentation.getRequestObject(requestURI, {
+      wiaCryptoContext: wiaCryptoContext,
+      appFetch: appFetch,
+      walletInstanceAttestation: walletInstanceAttestation,
+    });
+// Retrieve RP JWK
 // If use trust federation: Fetch Jwks from rpConf
 const jwks = await Credential.Presentation.fetchJwksFromConfig(rpConf);
-// If not use trust: Fetch Jwks from well-know
-const jwks = await Credential.Presentation.fetchJwksFromUri(
-  requestURI,
-  appFetch,
+// If not use trust: Fetch Jwks from request object
+const jwks = await Credential.Presentation.fetchJwksFromRequestObject(
+  requestObjectEncodedJwt,
+  { context: { appFetch } }
 );
+// Verify signature Request Object
+const { requestObject } =
+    await Credential.Presentation.verifyRequestObjectSignature(
+      requestObjectEncodedJwt,
+      jwks.keys
+    );
+const { presentationDefinition } = await Credential.Presentation.fetchPresentDefinition(
+  requestObject,
+  {
+    appFetch: appFetch,
+  },
+  rpConf // If trust federation is used
+);
+// For each credential, find it and evaluate input descriptor and disclosures
+  const { requiredDisclosures } = Credential.Presentation.evaluateInputDescriptionForSdJwt4VC(
+    inputDescriptor,
+    credential.payload,
+    disclosures
+  );
+// After confirm disclosures in app
+  const authResponse = Credential.Presentation.sendAuthorizationResponse(
+    requestObject,
+    presentationDefinition,
+    jwks,
+    [credential, disclosuresRequested, { appFetch: appFetch }]
+  );
 ```

package/src/credential/presentation/errors.ts CHANGED Viewed

@@ -39,3 +39,51 @@ export class NoSuitableKeysFoundInEntityConfiguration extends IoWalletError {
     super(message);
   }
 }
+/**
+ * When a QR code is not valid.
+ *
+ */
+export class InvalidQRCodeError extends IoWalletError {
+  code = "ERR_INVALID_QR_CODE";
+  /**
+   * @param detail A description of why the QR code is considered invalid.
+   */
+  constructor(detail: string) {
+    const message = `QR code is not valid: ${detail}.`;
+    super(message);
+  }
+}
+/**
+ * When the entity is unverified because the Relying Party is not trusted.
+ *
+ */
+export class UnverifiedEntityError extends IoWalletError {
+  code = "ERR_UNVERIFIED_RP_ENTITY";
+  /**
+   * @param reason A description of why the entity cannot be verified.
+   */
+  constructor(reason: string) {
+    const message = `Unverified entity: ${reason}.`;
+    super(message);
+  }
+}
+/**
+ * When some required data is missing to continue because certain attributes are not contained inside the wallet.
+ *
+ */
+export class MissingDataError extends IoWalletError {
+  code = "ERR_MISSING_DATA";
+  /**
+   * @param missingAttributes An array or description of the attributes that are missing.
+   */
+  constructor(missingAttributes: string) {
+    const message = `Some required data is missing: ${missingAttributes}.`;
+    super(message);
+  }
+}

package/src/credential/presentation/index.ts CHANGED Viewed

@@ -4,33 +4,51 @@ import {
   type EvaluateRelyingPartyTrust,
 } from "./02-evaluate-rp-trust";
 import {
-  fetchJwksFromUri,
+  getRequestObject,
+  type GetRequestObject,
+} from "./03-get-request-object";
+import {
+  fetchJwksFromRequestObject,
   fetchJwksFromConfig,
   type FetchJwks,
-} from "./03-retrieve-jwks";
+} from "./04-retrieve-rp-jwks";
 import {
-  getRequestObject,
-  type GetRequestObject,
-} from "./04-get-request-object";
+  verifyRequestObjectSignature,
+  type VerifyRequestObjectSignature,
+} from "./05-verify-request-object";
+import {
+  fetchPresentDefinition,
+  type FetchPresentationDefinition,
+} from "./06-fetch-presentation-definition";
+import {
+  evaluateInputDescriptorForSdJwt4VC,
+  type EvaluateInputDescriptorSdJwt4VC,
+} from "./07-evaluate-input-descriptor";
 import {
   sendAuthorizationResponse,
   type SendAuthorizationResponse,
-} from "./05-send-authorization-response";
+} from "./08-send-authorization-response";
 import * as Errors from "./errors";
 export {
   startFlowFromQR,
   evaluateRelyingPartyTrust,
-  fetchJwksFromUri,
-  fetchJwksFromConfig,
   getRequestObject,
+  fetchJwksFromRequestObject,
+  fetchJwksFromConfig,
+  verifyRequestObjectSignature,
+  fetchPresentDefinition,
+  evaluateInputDescriptorForSdJwt4VC,
   sendAuthorizationResponse,
   Errors,
 };
 export type {
   StartFlow,
   EvaluateRelyingPartyTrust,
-  FetchJwks,
   GetRequestObject,
+  FetchJwks,
+  VerifyRequestObjectSignature,
+  FetchPresentationDefinition,
+  EvaluateInputDescriptorSdJwt4VC,
   SendAuthorizationResponse,
 };

package/src/credential/presentation/types.ts CHANGED Viewed

@@ -11,17 +11,73 @@ export type Presentation = [
   /* the context for the key associated to the credential */ CryptoContext
 ];
+const Fields = z.object({
+  path: z.array(z.string().min(1)), // Array of JSONPath string expressions
+  id: z.string().optional(), // Unique string ID
+  purpose: z.string().optional(), // Purpose of the field
+  name: z.string().optional(), // Human-friendly name
+  filter: z.any().optional(), // JSON Schema descriptor for filtering
+  optional: z.boolean().optional(), // Boolean indicating if the field is optional
+  intent_to_retain: z.boolean().optional(), // Boolean indicating that the Verifier intends to retain the Claim's data being requested
+});
+// Define the Constraints Object Schema
+const Constraints = z.object({
+  fields: z.array(Fields).optional(), // Array of Field Objects
+  limit_disclosure: z.enum(["required", "preferred"]).optional(), // Limit disclosure property
+});
+// Define the Input Descriptor Object Schema
+export type InputDescriptor = z.infer<typeof InputDescriptor>;
+export const InputDescriptor = z.object({
+  id: z.string().min(1), // Mandatory unique string ID
+  name: z.string().optional(), // Human-friendly name
+  purpose: z.string().optional(), // Purpose of the schema
+  format: z.record(z.string(), z.any()).optional(), // Object with Claim Format Designations
+  constraints: Constraints, // Constraints Object (mandatory)
+  group: z.string().optional(), // Match one of the grouping strings listed in the "from" values of a Submission Requirement Rule
+});
+const SubmissionRequirement = z.object({
+  name: z.string().optional(),
+  purpose: z.string().optional(),
+  rule: z.string(), // "all": all group's rules must be present, or "pick": at least group's "count" rules must be present
+  from: z.string().optional(), // MUST contain either a "from" or "from_nested" property
+  from_nested: z
+    .array(
+      z.object({
+        name: z.string().optional(),
+        purpose: z.string().optional(),
+        rule: z.string(),
+        from: z.string(),
+      })
+    )
+    .optional(),
+  count: z.number().optional(),
+  //"count", "min", and "max" may be present with a "pick" rule
+});
+export type PresentationDefinition = z.infer<typeof PresentationDefinition>;
+export const PresentationDefinition = z.object({
+  id: z.string(),
+  name: z.string().optional(),
+  purpose: z.string().optional(),
+  input_descriptors: z.array(InputDescriptor),
+  submission_requirements: z.array(SubmissionRequirement).optional(),
+});
 export type RequestObject = z.infer<typeof RequestObject>;
 export const RequestObject = z.object({
   iss: z.string().optional(), //optional by RFC 7519, mandatory for Potential
-  iat: UnixTime,
+  iat: UnixTime.optional(),
   exp: UnixTime.optional(),
   state: z.string(),
   nonce: z.string(),
   response_uri: z.string(),
   response_type: z.literal("vp_token"),
-  response_mode: z.literal("direct_post.jwt"),
+  response_mode: z.enum(["direct_post.jwt", "direct_post"]),
   client_id: z.string(),
   client_id_scheme: z.string(), // previous z.literal("entity_id"),
-  scope: z.string(),
+  scope: z.string().optional(),
+  presentation_definition: PresentationDefinition.optional(),
 });

package/src/entity/trust/types.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { UnixTime } from "../../sd-jwt/types";
 import { JWK } from "../../utils/jwk";
 import * as z from "zod";
+import { PresentationDefinition } from "../../credential/presentation/types";
 export const TrustMark = z.object({ id: z.string(), trust_mark: z.string() });
 export type TrustMark = z.infer<typeof TrustMark>;
@@ -11,6 +12,8 @@ const RelyingPartyMetadata = z.object({
   client_name: z.string().optional(),
   jwks: z.object({ keys: z.array(JWK) }),
   contacts: z.array(z.string()).optional(),
+  presentation_definition: PresentationDefinition.optional(),
+  presentation_definition_uri: z.string().optional(),
 });
 //.passthrough();

package/lib/commonjs/credential/presentation/03-retrieve-jwks.js DELETED Viewed

@@ -1,68 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.fetchJwksFromUri = exports.fetchJwksFromConfig = void 0;
-var _jwk = require("../../utils/jwk");
-var _misc = require("../../utils/misc");
-var _types = require("../../entity/trust/types");
-/**
- * Defines the signature for a function that retrieves JSON Web Key Sets (JWKS) from a client.
- *
- * @template T - The tuple type representing the function arguments.
- * @param args - The arguments passed to the function.
- * @returns A promise resolving to an object containing an array of JWKs.
- */
-/**
- * Retrieves the JSON Web Key Set (JWKS) from the specified client's well-known endpoint.
- *
- * @param clientUrl - The base URL of the client entity from which to retrieve the JWKS.
- * @param options - Optional context containing a custom fetch implementation.
- * @param options.context - Optional context object.
- * @param options.context.appFetch - Optional custom fetch function to use instead of the global `fetch`.
- * @returns A promise resolving to an object containing an array of JWKs.
- * @throws Will throw an error if the JWKS retrieval fails.
- */
-const fetchJwksFromUri = async function (clientUrl) {
-  let {
-    context = {}
-  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  const {
-    appFetch = fetch
-  } = context;
-  const wellKnownUrl = new URL("/.well-known/jar-issuer/jwk", clientUrl).toString();
-  // Fetches the JWKS from a specific endpoint of the entity's well-known configuration
-  const jwks = await appFetch(wellKnownUrl, {
-    method: "GET"
-  }).then((0, _misc.hasStatusOrThrow)(200)).then(raw => raw.json()).then(json => _jwk.JWKS.parse(json));
-  return {
-    keys: jwks.keys
-  };
-};
-/**
- * Retrieves the JSON Web Key Set (JWKS) from a Relying Party's entity configuration.
- *
- * @param rpConfig - The configuration object of the Relying Party entity.
- * @returns An object containing an array of JWKs.
- * @throws Will throw an error if the configuration is invalid or if JWKS is not found.
- */
-exports.fetchJwksFromUri = fetchJwksFromUri;
-const fetchJwksFromConfig = async rpConfig => {
-  const parsedConfig = _types.RelyingPartyEntityConfiguration.safeParse(rpConfig);
-  if (!parsedConfig.success) {
-    throw new Error("Invalid Relying Party configuration.");
-  }
-  const jwks = parsedConfig.data.payload.metadata.wallet_relying_party.jwks;
-  if (!jwks || !Array.isArray(jwks.keys)) {
-    throw new Error("JWKS not found in Relying Party configuration.");
-  }
-  return {
-    keys: jwks.keys
-  };
-};
-exports.fetchJwksFromConfig = fetchJwksFromConfig;
-//# sourceMappingURL=03-retrieve-jwks.js.map

package/lib/commonjs/credential/presentation/03-retrieve-jwks.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["_jwk","require","_misc","_types","fetchJwksFromUri","clientUrl","context","arguments","length","undefined","appFetch","fetch","wellKnownUrl","URL","toString","jwks","method","then","hasStatusOrThrow","raw","json","JWKS","parse","keys","exports","fetchJwksFromConfig","rpConfig","parsedConfig","RelyingPartyEntityConfiguration","safeParse","success","Error","data","payload","metadata","wallet_relying_party","Array","isArray"],"sourceRoot":"../../../../src","sources":["credential/presentation/03-retrieve-jwks.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,gBAEZ,GAAG,eAAAA,CAAOC,SAAS,EAA4B;EAAA,IAA1B;IAAEC,OAAO,GAAG,CAAC;EAAE,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EACzC,MAAM;IAAEG,QAAQ,GAAGC;EAAM,CAAC,GAAGL,OAAO;EAEpC,MAAMM,YAAY,GAAG,IAAIC,GAAG,CAC1B,6BAA6B,EAC7BR,SACF,CAAC,CAACS,QAAQ,CAAC,CAAC;;EAEZ;EACA,MAAMC,IAAI,GAAG,MAAML,QAAQ,CAACE,YAAY,EAAE;IACxCI,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAAEG,IAAI,IAAKC,SAAI,CAACC,KAAK,CAACF,IAAI,CAAC,CAAC;EAEnC,OAAO;IACLG,IAAI,EAAER,IAAI,CAACQ;EACb,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AANAC,OAAA,CAAApB,gBAAA,GAAAA,gBAAA;AAOO,MAAMqB,mBAEZ,GAAG,MAAOC,QAAQ,IAAK;EACtB,MAAMC,YAAY,GAAGC,sCAA+B,CAACC,SAAS,CAACH,QAAQ,CAAC;EACxE,IAAI,CAACC,YAAY,CAACG,OAAO,EAAE;IACzB,MAAM,IAAIC,KAAK,CAAC,sCAAsC,CAAC;EACzD;EAEA,MAAMhB,IAAI,GAAGY,YAAY,CAACK,IAAI,CAACC,OAAO,CAACC,QAAQ,CAACC,oBAAoB,CAACpB,IAAI;EAEzE,IAAI,CAACA,IAAI,IAAI,CAACqB,KAAK,CAACC,OAAO,CAACtB,IAAI,CAACQ,IAAI,CAAC,EAAE;IACtC,MAAM,IAAIQ,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,OAAO;IACLR,IAAI,EAAER,IAAI,CAACQ;EACb,CAAC;AACH,CAAC;AAACC,OAAA,CAAAC,mBAAA,GAAAA,mBAAA"}

package/lib/commonjs/credential/presentation/04-get-request-object.js DELETED Viewed

@@ -1,82 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.getRequestObject = void 0;
-var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
-var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
-var _dpop = require("../../utils/dpop");
-var _errors = require("./errors");
-var _misc = require("../../utils/misc");
-var _types = require("./types");
-function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
-/**
- * Obtain the Request Object for RP authentication
- * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
- *
- * @param requestUri The url for the Relying Party to connect with
- * @param rpConf The Relying Party's configuration
- * @param context.wiaCryptoContext The context to access the key associated with the Wallet Instance Attestation
- * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The Request Object that describes the presentation
- */
-const getRequestObject = async (requestUri, _ref, jwkKeys) => {
-  let {
-    wiaCryptoContext,
-    appFetch = fetch,
-    walletInstanceAttestation
-  } = _ref;
-  const signedWalletInstanceDPoP = await (0, _dpop.createDPopToken)({
-    jti: `${_reactNativeUuid.default.v4()}`,
-    htm: "GET",
-    htu: requestUri,
-    ath: await (0, _ioReactNativeJwt.sha256ToBase64)(walletInstanceAttestation)
-  }, wiaCryptoContext);
-  const responseEncodedJwt = await appFetch(requestUri, {
-    method: "GET",
-    headers: {
-      Authorization: `DPoP ${walletInstanceAttestation}`,
-      DPoP: signedWalletInstanceDPoP
-    }
-  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.json()).then(responseJson => responseJson.response);
-  const responseJwt = (0, _ioReactNativeJwt.decode)(responseEncodedJwt);
-  await verifyTokenSignature(jwkKeys, responseJwt);
-  // Ensure that the request object conforms to the expected specification.
-  const requestObject = _types.RequestObject.parse(responseJwt.payload);
-  return {
-    requestObject
-  };
-};
-exports.getRequestObject = getRequestObject;
-const verifyTokenSignature = async (jwkKeys, responseJwt) => {
-  var _responseJwt$protecte;
-  // verify token signature to ensure the request object is authentic
-  // 1. according to entity configuration if present
-  if (jwkKeys) {
-    const pubKey = jwkKeys.find(_ref2 => {
-      let {
-        kid
-      } = _ref2;
-      return kid === responseJwt.protectedHeader.kid;
-    });
-    if (!pubKey) {
-      throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Request Object signature verification");
-    }
-    await (0, _ioReactNativeJwt.verify)(responseJwt, pubKey);
-    return;
-  }
-  // 2. If jwk is not retrieved from entity config, check if the token contains the 'jwk' attribute
-  if ((_responseJwt$protecte = responseJwt.protectedHeader) !== null && _responseJwt$protecte !== void 0 && _responseJwt$protecte.jwk) {
-    const pubKey = responseJwt.protectedHeader.jwk;
-    await (0, _ioReactNativeJwt.verify)(responseJwt, pubKey);
-    return;
-  }
-  // No verification condition matched: skipping signature verification for now.
-  // TODO: [EUDIW-215] Remove skipping signature verification
-};
-//# sourceMappingURL=04-get-request-object.js.map

package/lib/commonjs/credential/presentation/04-get-request-object.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["_reactNativeUuid","_interopRequireDefault","require","_ioReactNativeJwt","_dpop","_errors","_misc","_types","obj","__esModule","default","getRequestObject","requestUri","_ref","jwkKeys","wiaCryptoContext","appFetch","fetch","walletInstanceAttestation","signedWalletInstanceDPoP","createDPopToken","jti","uuid","v4","htm","htu","ath","sha256ToBase64","responseEncodedJwt","method","headers","Authorization","DPoP","then","hasStatusOrThrow","res","json","responseJson","response","responseJwt","decodeJwt","verifyTokenSignature","requestObject","RequestObject","parse","payload","exports","_responseJwt$protecte","pubKey","find","_ref2","kid","protectedHeader","NoSuitableKeysFoundInEntityConfiguration","verify","jwk"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-get-request-object.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,iBAAA,GAAAD,OAAA;AAOA,IAAAE,KAAA,GAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AAEA,IAAAI,KAAA,GAAAJ,OAAA;AAEA,IAAAK,MAAA,GAAAL,OAAA;AAAwC,SAAAD,uBAAAO,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAYxC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EAAAC,IAAA,EAEVC,OAAO,KACJ;EAAA,IAFH;IAAEC,gBAAgB;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAA0B,CAAC,GAAAL,IAAA;EAGjE,MAAMM,wBAAwB,GAAG,MAAM,IAAAC,qBAAe,EACpD;IACEC,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IACnBC,GAAG,EAAE,KAAK;IACVC,GAAG,EAAEb,UAAU;IACfc,GAAG,EAAE,MAAM,IAAAC,gCAAc,EAACT,yBAAyB;EACrD,CAAC,EACDH,gBACF,CAAC;EAED,MAAMa,kBAAkB,GAAG,MAAMZ,QAAQ,CAACJ,UAAU,EAAE;IACpDiB,MAAM,EAAE,KAAK;IACbC,OAAO,EAAE;MACPC,aAAa,EAAG,QAAOb,yBAA0B,EAAC;MAClDc,IAAI,EAAEb;IACR;EACF,CAAC,CAAC,CACCc,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAAEI,YAAY,IAAKA,YAAY,CAACC,QAAQ,CAAC;EAEhD,MAAMC,WAAW,GAAG,IAAAC,wBAAS,EAACZ,kBAAkB,CAAC;EAEjD,MAAMa,oBAAoB,CAAC3B,OAAO,EAAEyB,WAAW,CAAC;;EAEhD;EACA,MAAMG,aAAa,GAAGC,oBAAa,CAACC,KAAK,CAACL,WAAW,CAACM,OAAO,CAAC;EAE9D,OAAO;IACLH;EACF,CAAC;AACH,CAAC;AAACI,OAAA,CAAAnC,gBAAA,GAAAA,gBAAA;AAEF,MAAM8B,oBAAoB,GAAG,MAAAA,CAC3B3B,OAAgC,EAChCyB,WAAiB,KACC;EAAA,IAAAQ,qBAAA;EAClB;EACA;EACA,IAAIjC,OAAO,EAAE;IACX,MAAMkC,MAAM,GAAGlC,OAAO,CAACmC,IAAI,CACzBC,KAAA;MAAA,IAAC;QAAEC;MAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,GAAG,KAAKZ,WAAW,CAACa,eAAe,CAACD,GAAG;IAAA,CACtD,CAAC;IACD,IAAI,CAACH,MAAM,EAAE;MACX,MAAM,IAAIK,gDAAwC,CAChD,uCACF,CAAC;IACH;IACA,MAAM,IAAAC,wBAAM,EAACf,WAAW,EAAES,MAAM,CAAC;IACjC;EACF;;EAEA;EACA,KAAAD,qBAAA,GAAIR,WAAW,CAACa,eAAe,cAAAL,qBAAA,eAA3BA,qBAAA,CAA6BQ,GAAG,EAAE;IACpC,MAAMP,MAAM,GAAGT,WAAW,CAACa,eAAe,CAACG,GAAG;IAC9C,MAAM,IAAAD,wBAAM,EAACf,WAAW,EAAES,MAAM,CAAC;IACjC;EACF;;EAEA;EACA;AACF,CAAC"}