@pagopa/io-react-native-wallet 1.2.3 → 1.2.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (54) hide show
  1. package/lib/commonjs/credential/presentation/01-start-flow.js +12 -28
  2. package/lib/commonjs/credential/presentation/01-start-flow.js.map +1 -1
  3. package/lib/commonjs/credential/presentation/04-retrieve-rp-jwks.js +96 -24
  4. package/lib/commonjs/credential/presentation/04-retrieve-rp-jwks.js.map +1 -1
  5. package/lib/commonjs/credential/presentation/05-verify-request-object.js +7 -2
  6. package/lib/commonjs/credential/presentation/05-verify-request-object.js.map +1 -1
  7. package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js +9 -5
  8. package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js.map +1 -1
  9. package/lib/commonjs/credential/presentation/README.md +4 -4
  10. package/lib/commonjs/credential/presentation/errors.js +2 -19
  11. package/lib/commonjs/credential/presentation/errors.js.map +1 -1
  12. package/lib/commonjs/credential/presentation/types.js +7 -1
  13. package/lib/commonjs/credential/presentation/types.js.map +1 -1
  14. package/lib/commonjs/utils/crypto.js +41 -1
  15. package/lib/commonjs/utils/crypto.js.map +1 -1
  16. package/lib/module/credential/presentation/01-start-flow.js +12 -28
  17. package/lib/module/credential/presentation/01-start-flow.js.map +1 -1
  18. package/lib/module/credential/presentation/04-retrieve-rp-jwks.js +96 -24
  19. package/lib/module/credential/presentation/04-retrieve-rp-jwks.js.map +1 -1
  20. package/lib/module/credential/presentation/05-verify-request-object.js +7 -2
  21. package/lib/module/credential/presentation/05-verify-request-object.js.map +1 -1
  22. package/lib/module/credential/presentation/07-evaluate-input-descriptor.js +9 -5
  23. package/lib/module/credential/presentation/07-evaluate-input-descriptor.js.map +1 -1
  24. package/lib/module/credential/presentation/README.md +4 -4
  25. package/lib/module/credential/presentation/errors.js +0 -16
  26. package/lib/module/credential/presentation/errors.js.map +1 -1
  27. package/lib/module/credential/presentation/types.js +7 -1
  28. package/lib/module/credential/presentation/types.js.map +1 -1
  29. package/lib/module/utils/crypto.js +38 -0
  30. package/lib/module/utils/crypto.js.map +1 -1
  31. package/lib/typescript/credential/presentation/01-start-flow.d.ts +3 -3
  32. package/lib/typescript/credential/presentation/01-start-flow.d.ts.map +1 -1
  33. package/lib/typescript/credential/presentation/03-get-request-object.d.ts +1 -1
  34. package/lib/typescript/credential/presentation/04-retrieve-rp-jwks.d.ts +15 -8
  35. package/lib/typescript/credential/presentation/04-retrieve-rp-jwks.d.ts.map +1 -1
  36. package/lib/typescript/credential/presentation/05-verify-request-object.d.ts.map +1 -1
  37. package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts +3 -2
  38. package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts.map +1 -1
  39. package/lib/typescript/credential/presentation/errors.d.ts +0 -11
  40. package/lib/typescript/credential/presentation/errors.d.ts.map +1 -1
  41. package/lib/typescript/credential/presentation/types.d.ts +242 -3
  42. package/lib/typescript/credential/presentation/types.d.ts.map +1 -1
  43. package/lib/typescript/utils/crypto.d.ts +24 -0
  44. package/lib/typescript/utils/crypto.d.ts.map +1 -1
  45. package/package.json +3 -1
  46. package/src/credential/presentation/01-start-flow.ts +16 -32
  47. package/src/credential/presentation/03-get-request-object.ts +1 -1
  48. package/src/credential/presentation/04-retrieve-rp-jwks.ts +122 -34
  49. package/src/credential/presentation/05-verify-request-object.ts +4 -3
  50. package/src/credential/presentation/07-evaluate-input-descriptor.ts +20 -6
  51. package/src/credential/presentation/README.md +4 -4
  52. package/src/credential/presentation/errors.ts +0 -16
  53. package/src/credential/presentation/types.ts +8 -1
  54. package/src/utils/crypto.ts +43 -0
package/lib/commonjs/credential/presentation/01-start-flow.js CHANGED
@@ -5,15 +5,12 @@ Object.defineProperty(exports, "__esModule", {
5
5
  });
6
6
  exports.startFlowFromQR = void 0;
7
7
  var z = _interopRequireWildcard(require("zod"));
8
- var _errors = require("./errors");
8
+ var _errors = require("../../utils/errors");
9
9
  function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
10
10
  function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
11
- const QRCodePayload = z.object({
12
- protocol: z.string(),
13
- resource: z.string(),
14
- // TODO: refine to known paths using literals
15
- clientId: z.string(),
16
- requestURI: z.string()
11
+ const PresentationParams = z.object({
12
+ clientId: z.string().nonempty(),
13
+ requestUri: z.string().url()
17
14
  });
18
15
 
19
16
  /**
@@ -25,37 +22,24 @@ const QRCodePayload = z.object({
25
22
  */
26
23
 
27
24
  /**
28
- * Start a presentation flow by decoding an incoming QR-code
25
+ * Start a presentation flow by decoding the parameters needed to start the presentation flow.
29
26
  *
30
27
  * @param qrcode The encoded QR-code content
31
28
  * @returns The url for the Relying Party to connect with
32
29
  * @throws If the provided qr code fails to be decoded
33
30
  */
34
- const startFlowFromQR = qrcode => {
35
- let decodedUrl;
36
- try {
37
- var _originalQrCode$;
38
- // splitting qrcode to identify which is link format
39
- const originalQrCode = qrcode.split("://");
40
- const replacedQrcode = (_originalQrCode$ = originalQrCode[1]) !== null && _originalQrCode$ !== void 0 && _originalQrCode$.startsWith("?") ? qrcode.replace(`${originalQrCode[0]}://`, "https://wallet.example/") : qrcode;
41
- decodedUrl = new URL(replacedQrcode);
42
- } catch (error) {
43
- throw new _errors.InvalidQRCodeError(`Failed to decode QR code: ${qrcode}`);
44
- }
45
- const protocol = decodedUrl.protocol;
46
- const resource = decodedUrl.hostname;
47
- const requestURI = decodedUrl.searchParams.get("request_uri");
48
- const clientId = decodedUrl.searchParams.get("client_id");
49
- const result = QRCodePayload.safeParse({
50
- protocol,
51
- resource,
52
- requestURI,
31
+ const startFlowFromQR = (requestUri, clientId) => {
32
+ const result = PresentationParams.safeParse({
33
+ requestUri,
53
34
  clientId
54
35
  });
55
36
  if (result.success) {
56
37
  return result.data;
57
38
  } else {
58
- throw new _errors.InvalidQRCodeError(`${result.error.message}, ${decodedUrl}`);
39
+ throw new _errors.ValidationFailed({
40
+ message: "Invalid parameters provided",
41
+ reason: result.error.message
42
+ });
59
43
  }
60
44
  };
61
45
  exports.startFlowFromQR = startFlowFromQR;
package/lib/commonjs/credential/presentation/01-start-flow.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["z","_interopRequireWildcard","require","_errors","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","QRCodePayload","object","protocol","string","resource","clientId","requestURI","startFlowFromQR","qrcode","decodedUrl","_originalQrCode$","originalQrCode","split","replacedQrcode","startsWith","replace","URL","error","InvalidQRCodeError","hostname","searchParams","result","safeParse","success","data","message","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AAA8C,SAAAE,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAE9C,MAAMW,aAAa,GAAG1B,CAAC,CAAC2B,MAAM,CAAC;EAC7BC,QAAQ,EAAE5B,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACpBC,QAAQ,EAAE9B,CAAC,CAAC6B,MAAM,CAAC,CAAC;EAAE;EACtBE,QAAQ,EAAE/B,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACpBG,UAAU,EAAEhC,CAAC,CAAC6B,MAAM,CAAC;AACvB,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMI,eAAoC,GAAIC,MAAM,IAAK;EAC9D,IAAIC,UAAe;EACnB,IAAI;IAAA,IAAAC,gBAAA;IACF;IACA,MAAMC,cAAc,GAAGH,MAAM,CAACI,KAAK,CAAC,KAAK,CAAC;IAC1C,MAAMC,cAAc,GAAG,CAAAH,gBAAA,GAAAC,cAAc,CAAC,CAAC,CAAC,cAAAD,gBAAA,eAAjBA,gBAAA,CAAmBI,UAAU,CAAC,GAAG,CAAC,GACrDN,MAAM,CAACO,OAAO,CAAE,GAAEJ,cAAc,CAAC,CAAC,CAAE,KAAI,EAAE,yBAAyB,CAAC,GACpEH,MAAM;IAEVC,UAAU,GAAG,IAAIO,GAAG,CAACH,cAAc,CAAC;EACtC,CAAC,CAAC,OAAOI,KAAK,EAAE;IACd,MAAM,IAAIC,0BAAkB,CAAE,8BAA6BV,MAAO,EAAC,CAAC;EACtE;EAEA,MAAMN,QAAQ,GAAGO,UAAU,CAACP,QAAQ;EACpC,MAAME,QAAQ,GAAGK,UAAU,CAACU,QAAQ;EACpC,MAAMb,UAAU,GAAGG,UAAU,CAACW,YAAY,CAAChC,GAAG,CAAC,aAAa,CAAC;EAC7D,MAAMiB,QAAQ,GAAGI,UAAU,CAACW,YAAY,CAAChC,GAAG,CAAC,WAAW,CAAC;EAEzD,MAAMiC,MAAM,GAAGrB,aAAa,CAACsB,SAAS,CAAC;IACrCpB,QAAQ;IACRE,QAAQ;IACRE,UAAU;IACVD;EACF,CAAC,CAAC;EAEF,IAAIgB,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIN,0BAAkB,CAAE,GAAEG,MAAM,CAACJ,KAAK,CAACQ,OAAQ,KAAIhB,UAAW,EAAC,CAAC;EACxE;AACF,CAAC;AAACiB,OAAA,CAAAnB,eAAA,GAAAA,eAAA"}
1
+ {"version":3,"names":["z","_interopRequireWildcard","require","_errors","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","PresentationParams","object","clientId","string","nonempty","requestUri","url","startFlowFromQR","result","safeParse","success","data","ValidationFailed","message","reason","error","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AAAsD,SAAAE,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEtD,MAAMW,kBAAkB,GAAG1B,CAAC,CAAC2B,MAAM,CAAC;EAClCC,QAAQ,EAAE5B,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC/BC,UAAU,EAAE/B,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,GAAG,CAAC;AAC7B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,eAA4C,GAAGA,CAC1DF,UAAkB,EAClBH,QAAgB,KACb;EACH,MAAMM,MAAM,GAAGR,kBAAkB,CAACS,SAAS,CAAC;IAC1CJ,UAAU;IACVH;EACF,CAAC,CAAC;EAEF,IAAIM,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIC,wBAAgB,CAAC;MACzBC,OAAO,EAAE,6BAA6B;MACtCC,MAAM,EAAEN,MAAM,CAACO,KAAK,CAACF;IACvB,CAAC,CAAC;EACJ;AACF,CAAC;AAACG,OAAA,CAAAT,eAAA,GAAAA,eAAA"}
package/lib/commonjs/credential/presentation/04-retrieve-rp-jwks.js CHANGED
@@ -8,6 +8,8 @@ var _jwk = require("../../utils/jwk");
8
8
  var _misc = require("../../utils/misc");
9
9
  var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
10
10
  var _errors = require("./errors");
11
+ var _types = require("./types");
12
+ var _crypto = require("../../utils/crypto");
11
13
  /**
12
14
  * Defines the signature for a function that retrieves JSON Web Key Sets (JWKS) from a client.
13
15
  *
@@ -17,15 +19,68 @@ var _errors = require("./errors");
17
19
  */
18
20
 
19
21
  /**
20
- * Retrieves the JSON Web Key Set (JWKS) from the specified client's well-known endpoint.
21
- * It is formed using `{issUrl.base}/.well-known/jar-issuer${issUrl.pah}` as explained in SD-JWT VC issuer metadata section
22
+ * Fetches and parses JWKS from a given URI.
22
23
  *
23
- * @param requestObjectEncodedJwt - Request Object in JWT format.
24
- * @param options - Optional context containing a custom fetch implementation.
25
- * @param options.context - Optional context object.
26
- * @param options.context.appFetch - Optional custom fetch function to use instead of the global `fetch`.
27
- * @returns A promise resolving to an object containing an array of JWKs.
28
- * @throws Will throw an error if the JWKS retrieval fails.
24
+ * @param jwksUri - The JWKS URI.
25
+ * @param fetchFn - The fetch function to use.
26
+ * @returns An array of JWKs.
27
+ */
28
+ const fetchJwksFromUri = async (jwksUri, appFetch) => {
29
+ const jwks = await appFetch(jwksUri, {
30
+ method: "GET"
31
+ }).then((0, _misc.hasStatusOrThrow)(200)).then(raw => raw.json()).then(json => json.jwks ? _jwk.JWKS.parse(json.jwks) : _jwk.JWKS.parse(json));
32
+ return jwks.keys;
33
+ };
34
+
35
+ /**
36
+ * Retrieves JWKS when the client ID scheme includes x509 SAN DNS.
37
+ *
38
+ * @param decodedJwt - The decoded JWT.
39
+ * @param fetchFn - The fetch function to use.
40
+ * @returns An array of JWKs.
41
+ * @throws Will throw an error if no suitable keys are found.
42
+ */
43
+ const getJwksFromX509Cert = async certChain => {
44
+ if (!Array.isArray(certChain) || certChain.length === 0 || !certChain[0]) {
45
+ throw new _errors.NoSuitableKeysFoundInEntityConfiguration("No RP encrypt key found!");
46
+ }
47
+ const pemCert = (0, _crypto.convertCertToPem)(certChain[0]);
48
+ const publicKey = (0, _crypto.parsePublicKey)(pemCert);
49
+ if (!publicKey) {
50
+ throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Unsupported public key type.");
51
+ }
52
+ const signingJwk = (0, _crypto.getSigningJwk)(publicKey);
53
+ return [signingJwk];
54
+ };
55
+
56
+ /**
57
+ * Constructs the well-known JWKS URL based on the issuer claim.
58
+ *
59
+ * @param issuer - The issuer URL.
60
+ * @returns The well-known JWKS URL.
61
+ */
62
+ const constructWellKnownJwksUrl = issuer => {
63
+ const issuerUrl = new URL(issuer);
64
+ return new URL(`/.well-known/jar-issuer${issuerUrl.pathname}`, `${issuerUrl.protocol}//${issuerUrl.host}`).toString();
65
+ };
66
+
67
+ /**
68
+ * Fetches the JSON Web Key Set (JWKS) based on the provided Request Object encoded as a JWT.
69
+ * The retrieval process follows these steps in order:
70
+ *
71
+ * 1. **Direct JWK Retrieval**: If the JWT's protected header contains a `jwk` attribute, it uses this key directly.
72
+ * 2. **X.509 Certificate Retrieval**: If the protected header includes an `x5c` attribute, it extracts the JWKs from the provided X.509 certificate chain.
73
+ * 3. **Issuer's Well-Known Endpoint**: If neither `jwk` nor `x5c` are present, it constructs the JWKS URL using the issuer (`iss`) claim and fetches the keys from the issuer's well-known JWKS endpoint.
74
+ *
75
+ * The JWKS URL is constructed in the format `{issUrl.base}/.well-known/jar-issuer${issUrl.path}`,
76
+ * as detailed in the SD-JWT VC issuer metadata specification.
77
+ *
78
+ * @param requestObjectEncodedJwt - The Request Object encoded as a JWT.
79
+ * @param options - Optional parameters for fetching the JWKS.
80
+ * @param options.context - Optional context providing a custom fetch implementation.
81
+ * @param options.context.appFetch - A custom fetch function to replace the global `fetch` if provided.
82
+ * @returns A promise that resolves to an object containing an array of JSON Web Keys (JWKs).
83
+ * @throws {NoSuitableKeysFoundInEntityConfiguration} Throws an error if JWKS retrieval or key extraction fails.
29
84
  */
30
85
  const fetchJwksFromRequestObject = async function (requestObjectEncodedJwt) {
31
86
  var _requestObjectJwt$pro, _requestObjectJwt$pay;
@@ -36,29 +91,46 @@ const fetchJwksFromRequestObject = async function (requestObjectEncodedJwt) {
36
91
  appFetch = fetch
37
92
  } = context;
38
93
  const requestObjectJwt = (0, _ioReactNativeJwt.decode)(requestObjectEncodedJwt);
94
+ const jwks = [];
39
95
 
40
96
  // 1. check if request object jwt contains the 'jwk' attribute
41
97
  if ((_requestObjectJwt$pro = requestObjectJwt.protectedHeader) !== null && _requestObjectJwt$pro !== void 0 && _requestObjectJwt$pro.jwk) {
42
- return {
43
- keys: [_jwk.JWK.parse(requestObjectJwt.protectedHeader.jwk)]
44
- };
98
+ const keys = [_jwk.JWK.parse(requestObjectJwt.protectedHeader.jwk)];
99
+ jwks.push(...keys);
100
+ }
101
+
102
+ // 2. check if request object jwt contains the 'x5c' attribute
103
+ if (requestObjectJwt.protectedHeader.x5c) {
104
+ const keys = await getJwksFromX509Cert(requestObjectJwt.protectedHeader.x5c);
105
+ jwks.push(...keys);
45
106
  }
46
107
 
47
- // 2. According to Potential profile, retrieve from RP endpoint using iss claim
48
- const issClaimValue = (_requestObjectJwt$pay = requestObjectJwt.payload) === null || _requestObjectJwt$pay === void 0 ? void 0 : _requestObjectJwt$pay.iss;
49
- if (issClaimValue) {
50
- const issUrl = new URL(issClaimValue);
51
- const wellKnownUrl = new URL(`/.well-known/jar-issuer${issUrl.pathname}`, `${issUrl.protocol}//${issUrl.host}`).toString();
108
+ // 3. check if client_metadata contains the 'jwks' or 'jwks_uri' attribute
109
+ const requestObject = _types.RequestObject.parse(requestObjectJwt.payload);
110
+ const {
111
+ client_metadata
112
+ } = requestObject;
113
+ if (client_metadata !== null && client_metadata !== void 0 && client_metadata.jwks_uri) {
114
+ const fetchedJwks = await fetchJwksFromUri(new URL(client_metadata.jwks_uri).toString(), appFetch);
115
+ jwks.push(...fetchedJwks);
116
+ }
117
+ if (client_metadata !== null && client_metadata !== void 0 && client_metadata.jwks) {
118
+ jwks.push(...client_metadata.jwks.keys);
119
+ }
52
120
 
53
- // Fetches the JWKS from a specific endpoint of the entity's well-known configuration
54
- const jwks = await appFetch(wellKnownUrl, {
55
- method: "GET"
56
- }).then((0, _misc.hasStatusOrThrow)(200)).then(raw => raw.json()).then(json => _jwk.JWKS.parse(json.jwks));
57
- return {
58
- keys: jwks.keys
59
- };
121
+ // 3. According to Potential profile, retrieve from RP endpoint using iss claim
122
+ const issuer = (_requestObjectJwt$pay = requestObjectJwt.payload) === null || _requestObjectJwt$pay === void 0 ? void 0 : _requestObjectJwt$pay.iss;
123
+ if (jwks.length === 0 && typeof issuer === "string") {
124
+ const wellKnownJwksUrl = constructWellKnownJwksUrl(issuer);
125
+ const jwksKeys = await fetchJwksFromUri(wellKnownJwksUrl, appFetch);
126
+ jwks.push(...jwksKeys);
60
127
  }
61
- throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Request Object signature verification");
128
+ if (jwks.length === 0) {
129
+ throw new _errors.NoSuitableKeysFoundInEntityConfiguration("Request Object signature verification");
130
+ }
131
+ return {
132
+ keys: jwks
133
+ };
62
134
  };
63
135
 
64
136
  /**
package/lib/commonjs/credential/presentation/04-retrieve-rp-jwks.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_jwk","require","_misc","_ioReactNativeJwt","_errors","fetchJwksFromRequestObject","requestObjectEncodedJwt","_requestObjectJwt$pro","_requestObjectJwt$pay","context","arguments","length","undefined","appFetch","fetch","requestObjectJwt","decodeJwt","protectedHeader","jwk","keys","JWK","parse","issClaimValue","payload","iss","issUrl","URL","wellKnownUrl","pathname","protocol","host","toString","jwks","method","then","hasStatusOrThrow","raw","json","JWKS","NoSuitableKeysFoundInEntityConfiguration","exports","fetchJwksFromConfig","rpConfig","wallet_relying_party","Array","isArray","Error"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-retrieve-rp-jwks.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AAEA,IAAAE,iBAAA,GAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMI,0BAEZ,GAAG,eAAAA,CAAOC,uBAAuB,EAA4B;EAAA,IAAAC,qBAAA,EAAAC,qBAAA;EAAA,IAA1B;IAAEC,OAAO,GAAG,CAAC;EAAE,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EACvD,MAAM;IAAEG,QAAQ,GAAGC;EAAM,CAAC,GAAGL,OAAO;EACpC,MAAMM,gBAAgB,GAAG,IAAAC,wBAAS,EAACV,uBAAuB,CAAC;;EAE3D;EACA,KAAAC,qBAAA,GAAIQ,gBAAgB,CAACE,eAAe,cAAAV,qBAAA,eAAhCA,qBAAA,CAAkCW,GAAG,EAAE;IACzC,OAAO;MACLC,IAAI,EAAE,CAACC,QAAG,CAACC,KAAK,CAACN,gBAAgB,CAACE,eAAe,CAACC,GAAG,CAAC;IACxD,CAAC;EACH;;EAEA;EACA,MAAMI,aAAa,IAAAd,qBAAA,GAAGO,gBAAgB,CAACQ,OAAO,cAAAf,qBAAA,uBAAxBA,qBAAA,CAA0BgB,GAAa;EAC7D,IAAIF,aAAa,EAAE;IACjB,MAAMG,MAAM,GAAG,IAAIC,GAAG,CAACJ,aAAa,CAAC;IACrC,MAAMK,YAAY,GAAG,IAAID,GAAG,CACzB,0BAAyBD,MAAM,CAACG,QAAS,EAAC,EAC1C,GAAEH,MAAM,CAACI,QAAS,KAAIJ,MAAM,CAACK,IAAK,EACrC,CAAC,CAACC,QAAQ,CAAC,CAAC;;IAEZ;IACA,MAAMC,IAAI,GAAG,MAAMnB,QAAQ,CAACc,YAAY,EAAE;MACxCM,MAAM,EAAE;IACV,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAAEG,IAAI,IAAKC,SAAI,CAACjB,KAAK,CAACgB,IAAI,CAACL,IAAI,CAAC,CAAC;IAExC,OAAO;MACLb,IAAI,EAAEa,IAAI,CAACb;IACb,CAAC;EACH;EAEA,MAAM,IAAIoB,gDAAwC,CAChD,uCACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AANAC,OAAA,CAAAnC,0BAAA,GAAAA,0BAAA;AAOO,MAAMoC,mBAEZ,GAAG,MAAOC,QAAQ,IAAK;EACtB,MAAMV,IAAI,GAAGU,QAAQ,CAACC,oBAAoB,CAACX,IAAI;EAE/C,IAAI,CAACA,IAAI,IAAI,CAACY,KAAK,CAACC,OAAO,CAACb,IAAI,CAACb,IAAI,CAAC,EAAE;IACtC,MAAM,IAAI2B,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,OAAO;IACL3B,IAAI,EAAEa,IAAI,CAACb;EACb,CAAC;AACH,CAAC;AAACqB,OAAA,CAAAC,mBAAA,GAAAA,mBAAA"}
1
+ {"version":3,"names":["_jwk","require","_misc","_ioReactNativeJwt","_errors","_types","_crypto","fetchJwksFromUri","jwksUri","appFetch","jwks","method","then","hasStatusOrThrow","raw","json","JWKS","parse","keys","getJwksFromX509Cert","certChain","Array","isArray","length","NoSuitableKeysFoundInEntityConfiguration","pemCert","convertCertToPem","publicKey","parsePublicKey","signingJwk","getSigningJwk","constructWellKnownJwksUrl","issuer","issuerUrl","URL","pathname","protocol","host","toString","fetchJwksFromRequestObject","requestObjectEncodedJwt","_requestObjectJwt$pro","_requestObjectJwt$pay","context","arguments","undefined","fetch","requestObjectJwt","decodeJwt","protectedHeader","jwk","JWK","push","x5c","requestObject","RequestObject","payload","client_metadata","jwks_uri","fetchedJwks","iss","wellKnownJwksUrl","jwksKeys","exports","fetchJwksFromConfig","rpConfig","wallet_relying_party","Error"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-retrieve-rp-jwks.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AAEA,IAAAE,iBAAA,GAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,MAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMM,gBAAgB,GAAG,MAAAA,CACvBC,OAAe,EACfC,QAA8B,KACX;EACnB,MAAMC,IAAI,GAAG,MAAMD,QAAQ,CAACD,OAAO,EAAE;IACnCG,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAAEG,IAAI,IAAMA,IAAI,CAACL,IAAI,GAAGM,SAAI,CAACC,KAAK,CAACF,IAAI,CAACL,IAAI,CAAC,GAAGM,SAAI,CAACC,KAAK,CAACF,IAAI,CAAE,CAAC;EACzE,OAAOL,IAAI,CAACQ,IAAI;AAClB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,mBAAmB,GAAG,MAAOC,SAAmB,IAAqB;EACzE,IAAI,CAACC,KAAK,CAACC,OAAO,CAACF,SAAS,CAAC,IAAIA,SAAS,CAACG,MAAM,KAAK,CAAC,IAAI,CAACH,SAAS,CAAC,CAAC,CAAC,EAAE;IACxE,MAAM,IAAII,gDAAwC,CAChD,0BACF,CAAC;EACH;EAEA,MAAMC,OAAO,GAAG,IAAAC,wBAAgB,EAACN,SAAS,CAAC,CAAC,CAAC,CAAC;EAC9C,MAAMO,SAAS,GAAG,IAAAC,sBAAc,EAACH,OAAO,CAAC;EACzC,IAAI,CAACE,SAAS,EAAE;IACd,MAAM,IAAIH,gDAAwC,CAChD,8BACF,CAAC;EACH;EACA,MAAMK,UAAU,GAAG,IAAAC,qBAAa,EAACH,SAAS,CAAC;EAE3C,OAAO,CAACE,UAAU,CAAC;AACrB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAME,yBAAyB,GAAIC,MAAc,IAAa;EAC5D,MAAMC,SAAS,GAAG,IAAIC,GAAG,CAACF,MAAM,CAAC;EACjC,OAAO,IAAIE,GAAG,CACX,0BAAyBD,SAAS,CAACE,QAAS,EAAC,EAC7C,GAAEF,SAAS,CAACG,QAAS,KAAIH,SAAS,CAACI,IAAK,EAC3C,CAAC,CAACC,QAAQ,CAAC,CAAC;AACd,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,0BAEZ,GAAG,eAAAA,CAAOC,uBAAuB,EAA4B;EAAA,IAAAC,qBAAA,EAAAC,qBAAA;EAAA,IAA1B;IAAEC,OAAO,GAAG,CAAC;EAAE,CAAC,GAAAC,SAAA,CAAArB,MAAA,QAAAqB,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAG,CAAC,CAAC;EACvD,MAAM;IAAEnC,QAAQ,GAAGqC;EAAM,CAAC,GAAGH,OAAO;EACpC,MAAMI,gBAAgB,GAAG,IAAAC,wBAAS,EAACR,uBAAuB,CAAC;EAC3D,MAAM9B,IAAW,GAAG,EAAE;;EAEtB;EACA,KAAA+B,qBAAA,GAAIM,gBAAgB,CAACE,eAAe,cAAAR,qBAAA,eAAhCA,qBAAA,CAAkCS,GAAG,EAAE;IACzC,MAAMhC,IAAI,GAAG,CAACiC,QAAG,CAAClC,KAAK,CAAC8B,gBAAgB,CAACE,eAAe,CAACC,GAAG,CAAC,CAAC;IAC9DxC,IAAI,CAAC0C,IAAI,CAAC,GAAGlC,IAAI,CAAC;EACpB;;EAEA;EACA,IAAI6B,gBAAgB,CAACE,eAAe,CAACI,GAAG,EAAE;IACxC,MAAMnC,IAAI,GAAG,MAAMC,mBAAmB,CACpC4B,gBAAgB,CAACE,eAAe,CAACI,GACnC,CAAC;IACD3C,IAAI,CAAC0C,IAAI,CAAC,GAAGlC,IAAI,CAAC;EACpB;;EAEA;EACA,MAAMoC,aAAa,GAAGC,oBAAa,CAACtC,KAAK,CAAC8B,gBAAgB,CAACS,OAAO,CAAC;EACnE,MAAM;IAAEC;EAAgB,CAAC,GAAGH,aAAa;EAEzC,IAAIG,eAAe,aAAfA,eAAe,eAAfA,eAAe,CAAEC,QAAQ,EAAE;IAC7B,MAAMC,WAAW,GAAG,MAAMpD,gBAAgB,CACxC,IAAI2B,GAAG,CAACuB,eAAe,CAACC,QAAQ,CAAC,CAACpB,QAAQ,CAAC,CAAC,EAC5C7B,QACF,CAAC;IACDC,IAAI,CAAC0C,IAAI,CAAC,GAAGO,WAAW,CAAC;EAC3B;EAEA,IAAIF,eAAe,aAAfA,eAAe,eAAfA,eAAe,CAAE/C,IAAI,EAAE;IACzBA,IAAI,CAAC0C,IAAI,CAAC,GAAGK,eAAe,CAAC/C,IAAI,CAACQ,IAAI,CAAC;EACzC;;EAEA;EACA,MAAMc,MAAM,IAAAU,qBAAA,GAAGK,gBAAgB,CAACS,OAAO,cAAAd,qBAAA,uBAAxBA,qBAAA,CAA0BkB,GAAG;EAC5C,IAAIlD,IAAI,CAACa,MAAM,KAAK,CAAC,IAAI,OAAOS,MAAM,KAAK,QAAQ,EAAE;IACnD,MAAM6B,gBAAgB,GAAG9B,yBAAyB,CAACC,MAAM,CAAC;IAC1D,MAAM8B,QAAQ,GAAG,MAAMvD,gBAAgB,CAACsD,gBAAgB,EAAEpD,QAAQ,CAAC;IACnEC,IAAI,CAAC0C,IAAI,CAAC,GAAGU,QAAQ,CAAC;EACxB;EAEA,IAAIpD,IAAI,CAACa,MAAM,KAAK,CAAC,EAAE;IACrB,MAAM,IAAIC,gDAAwC,CAChD,uCACF,CAAC;EACH;EAEA,OAAO;IAAEN,IAAI,EAAER;EAAK,CAAC;AACvB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AANAqD,OAAA,CAAAxB,0BAAA,GAAAA,0BAAA;AAOO,MAAMyB,mBAEZ,GAAG,MAAOC,QAAQ,IAAK;EACtB,MAAMvD,IAAI,GAAGuD,QAAQ,CAACC,oBAAoB,CAACxD,IAAI;EAE/C,IAAI,CAACA,IAAI,IAAI,CAACW,KAAK,CAACC,OAAO,CAACZ,IAAI,CAACQ,IAAI,CAAC,EAAE;IACtC,MAAM,IAAIiD,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,OAAO;IACLjD,IAAI,EAAER,IAAI,CAACQ;EACb,CAAC;AACH,CAAC;AAAC6C,OAAA,CAAAC,mBAAA,GAAAA,mBAAA"}
package/lib/commonjs/credential/presentation/05-verify-request-object.js CHANGED
@@ -11,12 +11,17 @@ const verifyRequestObjectSignature = async (requestObjectEncodedJwt, jwkKeys) =>
11
11
  const requestObjectJwt = (0, _ioReactNativeJwt.decode)(requestObjectEncodedJwt);
12
12
 
13
13
  // verify token signature to ensure the request object is authentic
14
- const pubKey = jwkKeys === null || jwkKeys === void 0 ? void 0 : jwkKeys.find(_ref => {
14
+ const pubKey = (jwkKeys === null || jwkKeys === void 0 ? void 0 : jwkKeys.find(_ref => {
15
15
  let {
16
16
  kid
17
17
  } = _ref;
18
18
  return kid === requestObjectJwt.protectedHeader.kid;
19
- });
19
+ })) || (jwkKeys === null || jwkKeys === void 0 ? void 0 : jwkKeys.find(_ref2 => {
20
+ let {
21
+ use
22
+ } = _ref2;
23
+ return use === "sig";
24
+ }));
20
25
  if (!pubKey) {
21
26
  throw new _errors.UnverifiedEntityError("Request Object signature verification!");
22
27
  }
package/lib/commonjs/credential/presentation/05-verify-request-object.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_errors","require","_ioReactNativeJwt","_types","verifyRequestObjectSignature","requestObjectEncodedJwt","jwkKeys","requestObjectJwt","decodeJwt","pubKey","find","_ref","kid","protectedHeader","UnverifiedEntityError","verify","requestObject","RequestObject","parse","payload","exp","Date","now","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-verify-request-object.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAEA,IAAAC,iBAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AASO,MAAMG,4BAA0D,GACrE,MAAAA,CAAOC,uBAAuB,EAAEC,OAAO,KAAK;EAC1C,MAAMC,gBAAgB,GAAG,IAAAC,wBAAS,EAACH,uBAAuB,CAAC;;EAE3D;EACA,MAAMI,MAAM,GAAGH,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEI,IAAI,CAC1BC,IAAA;IAAA,IAAC;MAAEC;IAAI,CAAC,GAAAD,IAAA;IAAA,OAAKC,GAAG,KAAKL,gBAAgB,CAACM,eAAe,CAACD,GAAG;EAAA,CAC3D,CAAC;EAED,IAAI,CAACH,MAAM,EAAE;IACX,MAAM,IAAIK,6BAAqB,CAAC,wCAAwC,CAAC;EAC3E;EACA,MAAM,IAAAC,wBAAM,EAACV,uBAAuB,EAAEI,MAAM,CAAC;EAE7C,MAAMO,aAAa,GAAGC,oBAAa,CAACC,KAAK,CAACX,gBAAgB,CAACY,OAAO,CAAC;EACnE;EACA;EACA,IAAIH,aAAa,CAACI,GAAG,IAAIJ,aAAa,CAACI,GAAG,IAAIC,IAAI,CAACC,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE;IAC/D,MAAM,IAAIR,6BAAqB,CAAC,4BAA4B,CAAC;EAC/D;EAEA,OAAO;IAAEE;EAAc,CAAC;AAC1B,CAAC;AAACO,OAAA,CAAAnB,4BAAA,GAAAA,4BAAA"}
1
+ {"version":3,"names":["_errors","require","_ioReactNativeJwt","_types","verifyRequestObjectSignature","requestObjectEncodedJwt","jwkKeys","requestObjectJwt","decodeJwt","pubKey","find","_ref","kid","protectedHeader","_ref2","use","UnverifiedEntityError","verify","requestObject","RequestObject","parse","payload","exp","Date","now","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-verify-request-object.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAEA,IAAAC,iBAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AASO,MAAMG,4BAA0D,GACrE,MAAAA,CAAOC,uBAAuB,EAAEC,OAAO,KAAK;EAC1C,MAAMC,gBAAgB,GAAG,IAAAC,wBAAS,EAACH,uBAAuB,CAAC;;EAE3D;EACA,MAAMI,MAAM,GACV,CAAAH,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEI,IAAI,CACXC,IAAA;IAAA,IAAC;MAAEC;IAAI,CAAC,GAAAD,IAAA;IAAA,OAAKC,GAAG,KAAKL,gBAAgB,CAACM,eAAe,CAACD,GAAG;EAAA,CAC3D,CAAC,MAAIN,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEI,IAAI,CAACI,KAAA;IAAA,IAAC;MAAEC;IAAI,CAAC,GAAAD,KAAA;IAAA,OAAKC,GAAG,KAAK,KAAK;EAAA,EAAC;EAEhD,IAAI,CAACN,MAAM,EAAE;IACX,MAAM,IAAIO,6BAAqB,CAAC,wCAAwC,CAAC;EAC3E;EACA,MAAM,IAAAC,wBAAM,EAACZ,uBAAuB,EAAEI,MAAM,CAAC;EAE7C,MAAMS,aAAa,GAAGC,oBAAa,CAACC,KAAK,CAACb,gBAAgB,CAACc,OAAO,CAAC;EACnE;EACA;EACA,IAAIH,aAAa,CAACI,GAAG,IAAIJ,aAAa,CAACI,GAAG,IAAIC,IAAI,CAACC,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE;IAC/D,MAAM,IAAIR,6BAAqB,CAAC,4BAA4B,CAAC;EAC/D;EAEA,OAAO;IAAEE;EAAc,CAAC;AAC1B,CAAC;AAACO,OAAA,CAAArB,4BAAA,GAAAA,4BAAA"}
package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js CHANGED
@@ -89,8 +89,8 @@ const extractClaimName = path => {
89
89
  * - Validates whether required fields are present (unless marked optional)
90
90
  * and match any specified JSONPath.
91
91
  * - If a field includes a JSON Schema filter, validates the claim value against that schema.
92
- * - Enforces `limit_disclosure` rules by returning only disclosures matching the specified fields
93
- * if set to "required". Otherwise return the array of all disclosures.
92
+ * - Enforces `limit_disclosure` rules by returning only disclosures, required and optional, matching the specified fields
93
+ * if set to "required". Otherwise also return the array unrequestedDisclosures with disclosures which can be passed for a particular use case.
94
94
  * - Throws an error if a required field is invalid or missing.
95
95
  *
96
96
  * @param inputDescriptor - Describes constraints (fields, filters, etc.) that must be satisfied.
@@ -105,7 +105,8 @@ const evaluateInputDescriptorForSdJwt4VC = (inputDescriptor, payloadCredential,
105
105
  // No validation, all field are optional
106
106
  return {
107
107
  requiredDisclosures: [],
108
- optionalDisclosures: disclosures
108
+ optionalDisclosures: [],
109
+ unrequestedDisclosures: disclosures
109
110
  };
110
111
  }
111
112
  const requiredClaimNames = [];
@@ -157,12 +158,15 @@ const evaluateInputDescriptorForSdJwt4VC = (inputDescriptor, payloadCredential,
157
158
  }
158
159
 
159
160
  // Categorizes disclosures into required and optional based on claim names and disclosure constraints.
160
- const isNotLimitDisclosure = !(inputDescriptor.constraints.limit_disclosure === "required");
161
+
161
162
  const requiredDisclosures = disclosures.filter(disclosure => requiredClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]));
162
163
  const optionalDisclosures = disclosures.filter(disclosure => optionalClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]) || isNotLimitDisclosure && !requiredClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]));
164
+ const isNotLimitDisclosure = !(inputDescriptor.constraints.limit_disclosure === "required");
165
+ const unrequestedDisclosures = isNotLimitDisclosure ? disclosures.filter(disclosure => !optionalClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]) && !requiredClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME])) : [];
163
166
  return {
164
167
  requiredDisclosures,
165
- optionalDisclosures
168
+ optionalDisclosures,
169
+ unrequestedDisclosures
166
170
  };
167
171
  };
168
172
  exports.evaluateInputDescriptorForSdJwt4VC = evaluateInputDescriptorForSdJwt4VC;
package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_jsonpathPlus","require","_errors","_ajv","_interopRequireDefault","obj","__esModule","default","ajv","Ajv","allErrors","INDEX_CLAIM_NAME","mapDisclosuresToObject","disclosures","reduce","_ref","decoded","claimName","claimValue","findMatchedClaim","paths","payload","matchedPath","matchedValue","some","singlePath","result","JSONPath","path","json","length","error","MissingDataError","extractClaimName","regex","match","Error","evaluateInputDescriptorForSdJwt4VC","inputDescriptor","payloadCredential","_inputDescriptor$cons","constraints","fields","requiredDisclosures","optionalDisclosures","requiredClaimNames","optionalClaimNames","disclosuresAsPayload","allFieldsValid","every","field","optional","push","filter","validateSchema","compile","isNotLimitDisclosure","limit_disclosure","disclosure","includes","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/07-evaluate-input-descriptor.ts"],"mappings":";;;;;;AAEA,IAAAA,aAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,IAAA,GAAAC,sBAAA,CAAAH,OAAA;AAAsB,SAAAG,uBAAAC,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AACtB,MAAMG,GAAG,GAAG,IAAIC,YAAG,CAAC;EAAEC,SAAS,EAAE;AAAK,CAAC,CAAC;AACxC,MAAMC,gBAAgB,GAAG,CAAC;AAa1B;AACA;AACA;AACA;AACA;AACA,MAAMC,sBAAsB,GAC1BC,WAAoC,IACR;EAC5B,OAAOA,WAAW,CAACC,MAAM,CAAC,CAACT,GAAG,EAAAU,IAAA,KAAkB;IAAA,IAAhB;MAAEC;IAAQ,CAAC,GAAAD,IAAA;IACzC,MAAM,GAAGE,SAAS,EAAEC,UAAU,CAAC,GAAGF,OAAO;IACzCX,GAAG,CAACY,SAAS,CAAC,GAAGC,UAAU;IAC3B,OAAOb,GAAG;EACZ,CAAC,EAAE,CAAC,CAA4B,CAAC;AACnC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMc,gBAAgB,GAAGA,CACvBC,KAAe,EACfC,OAAY,KACW;EACvB,IAAIC,WAAW;EACf,IAAIC,YAAY;EAChBH,KAAK,CAACI,IAAI,CAAEC,UAAU,IAAK;IACzB,IAAI;MACF,MAAMC,MAAM,GAAG,IAAAC,sBAAQ,EAAC;QAAEC,IAAI,EAAEH,UAAU;QAAEI,IAAI,EAAER;MAAQ,CAAC,CAAC;MAC5D,IAAIK,MAAM,CAACI,MAAM,GAAG,CAAC,EAAE;QACrBR,WAAW,GAAGG,UAAU;QACxBF,YAAY,GAAGG,MAAM,CAAC,CAAC,CAAC;QACxB,OAAO,IAAI;MACb;IACF,CAAC,CAAC,OAAOK,KAAK,EAAE;MACd,MAAM,IAAIC,wBAAgB,CACvB,iBAAgBP,UAAW,wCAC9B,CAAC;IACH;IACA,OAAO,KAAK;EACd,CAAC,CAAC;EAEF,OAAO,CAACH,WAAW,EAAEC,YAAY,CAAC;AACpC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMU,gBAAgB,GAAIL,IAAY,IAAyB;EAC7D;EACA;EACA;EACA,MAAMM,KAAK,GAAG,yCAAyC;EAEvD,MAAMC,KAAK,GAAGP,IAAI,CAACO,KAAK,CAACD,KAAK,CAAC;EAC/B,IAAIC,KAAK,EAAE;IACT;IACA;IACA,OAAOA,KAAK,CAAC,CAAC,CAAC,IAAIA,KAAK,CAAC,CAAC,CAAC;EAC7B;;EAEA;;EAEA,MAAM,IAAIC,KAAK,CACZ,0BAAyBR,IAAK,wFACjC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMS,kCAAmE,GAC9EA,CAACC,eAAe,EAAEC,iBAAiB,EAAE1B,WAAW,KAAK;EAAA,IAAA2B,qBAAA;EACnD,IAAI,EAACF,eAAe,aAAfA,eAAe,gBAAAE,qBAAA,GAAfF,eAAe,CAAEG,WAAW,cAAAD,qBAAA,eAA5BA,qBAAA,CAA8BE,MAAM,GAAE;IACzC;IACA,OAAO;MACLC,mBAAmB,EAAE,EAAE;MACvBC,mBAAmB,EAAE/B;IACvB,CAAC;EACH;EACA,MAAMgC,kBAA4B,GAAG,EAAE;EACvC,MAAMC,kBAA4B,GAAG,EAAE;;EAEvC;EACA,MAAMC,oBAAoB,GAAGnC,sBAAsB,CAACC,WAAW,CAAC;;EAEhE;EACA;EACA,MAAMmC,cAAc,GAAGV,eAAe,CAACG,WAAW,CAACC,MAAM,CAACO,KAAK,CAAEC,KAAK,IAAK;IACzE;IACA;IACA;IACA,IAAI,CAAC5B,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAChD+B,KAAK,CAACtB,IAAI,EACVmB,oBACF,CAAC;IAED,IAAI,CAACzB,WAAW,EAAE;MAChB,CAACA,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAC5C+B,KAAK,CAACtB,IAAI,EACVW,iBACF,CAAC;MAED,IAAI,CAACjB,WAAW,EAAE;QAChB;QACA,OAAO4B,KAAK,aAALA,KAAK,uBAALA,KAAK,CAAEC,QAAQ;MACxB;IACF,CAAC,MAAM;MACL;MACA,MAAMlC,SAAS,GAAGgB,gBAAgB,CAACX,WAAW,CAAC;MAC/C,IAAIL,SAAS,EAAE;QACb,CAACiC,KAAK,aAALA,KAAK,eAALA,KAAK,CAAEC,QAAQ,GAAGL,kBAAkB,GAAGD,kBAAkB,EAAEO,IAAI,CAC9DnC,SACF,CAAC;MACH;IACF;;IAEA;IACA;IACA,IAAIiC,KAAK,CAACG,MAAM,EAAE;MAChB,IAAI;QACF,MAAMC,cAAc,GAAG9C,GAAG,CAAC+C,OAAO,CAACL,KAAK,CAACG,MAAM,CAAC;QAChD,IAAI,CAACC,cAAc,CAAC/B,YAAY,CAAC,EAAE;UACjC,MAAM,IAAIS,wBAAgB,CACvB,gBAAeT,YAAa,eAAcD,WAAY,4CACzD,CAAC;QACH;MACF,CAAC,CAAC,OAAOS,KAAK,EAAE;QACd,OAAO,KAAK;MACd;IACF;IACA;IACA;;IAEA,OAAO,IAAI;EACb,CAAC,CAAC;EAEF,IAAI,CAACiB,cAAc,EAAE;IACnB,MAAM,IAAIhB,wBAAgB,CACxB,iGACF,CAAC;EACH;;EAEA;EACA,MAAMwB,oBAAoB,GAAG,EAC3BlB,eAAe,CAACG,WAAW,CAACgB,gBAAgB,KAAK,UAAU,CAC5D;EAED,MAAMd,mBAAmB,GAAG9B,WAAW,CAACwC,MAAM,CAAEK,UAAU,IACxDb,kBAAkB,CAACc,QAAQ,CAACD,UAAU,CAAC1C,OAAO,CAACL,gBAAgB,CAAC,CAClE,CAAC;EAED,MAAMiC,mBAAmB,GAAG/B,WAAW,CAACwC,MAAM,CAC3CK,UAAU,IACTZ,kBAAkB,CAACa,QAAQ,CAACD,UAAU,CAAC1C,OAAO,CAACL,gBAAgB,CAAC,CAAC,IAChE6C,oBAAoB,IACnB,CAACX,kBAAkB,CAACc,QAAQ,CAACD,UAAU,CAAC1C,OAAO,CAACL,gBAAgB,CAAC,CACvE,CAAC;EAED,OAAO;IACLgC,mBAAmB;IACnBC;EACF,CAAC;AACH,CAAC;AAACgB,OAAA,CAAAvB,kCAAA,GAAAA,kCAAA"}
1
+ {"version":3,"names":["_jsonpathPlus","require","_errors","_ajv","_interopRequireDefault","obj","__esModule","default","ajv","Ajv","allErrors","INDEX_CLAIM_NAME","mapDisclosuresToObject","disclosures","reduce","_ref","decoded","claimName","claimValue","findMatchedClaim","paths","payload","matchedPath","matchedValue","some","singlePath","result","JSONPath","path","json","length","error","MissingDataError","extractClaimName","regex","match","Error","evaluateInputDescriptorForSdJwt4VC","inputDescriptor","payloadCredential","_inputDescriptor$cons","constraints","fields","requiredDisclosures","optionalDisclosures","unrequestedDisclosures","requiredClaimNames","optionalClaimNames","disclosuresAsPayload","allFieldsValid","every","field","optional","push","filter","validateSchema","compile","disclosure","includes","isNotLimitDisclosure","limit_disclosure","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/07-evaluate-input-descriptor.ts"],"mappings":";;;;;;AAEA,IAAAA,aAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,IAAA,GAAAC,sBAAA,CAAAH,OAAA;AAAsB,SAAAG,uBAAAC,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AACtB,MAAMG,GAAG,GAAG,IAAIC,YAAG,CAAC;EAAEC,SAAS,EAAE;AAAK,CAAC,CAAC;AACxC,MAAMC,gBAAgB,GAAG,CAAC;AAc1B;AACA;AACA;AACA;AACA;AACA,MAAMC,sBAAsB,GAC1BC,WAAoC,IACR;EAC5B,OAAOA,WAAW,CAACC,MAAM,CAAC,CAACT,GAAG,EAAAU,IAAA,KAAkB;IAAA,IAAhB;MAAEC;IAAQ,CAAC,GAAAD,IAAA;IACzC,MAAM,GAAGE,SAAS,EAAEC,UAAU,CAAC,GAAGF,OAAO;IACzCX,GAAG,CAACY,SAAS,CAAC,GAAGC,UAAU;IAC3B,OAAOb,GAAG;EACZ,CAAC,EAAE,CAAC,CAA4B,CAAC;AACnC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMc,gBAAgB,GAAGA,CACvBC,KAAe,EACfC,OAAY,KACW;EACvB,IAAIC,WAAW;EACf,IAAIC,YAAY;EAChBH,KAAK,CAACI,IAAI,CAAEC,UAAU,IAAK;IACzB,IAAI;MACF,MAAMC,MAAM,GAAG,IAAAC,sBAAQ,EAAC;QAAEC,IAAI,EAAEH,UAAU;QAAEI,IAAI,EAAER;MAAQ,CAAC,CAAC;MAC5D,IAAIK,MAAM,CAACI,MAAM,GAAG,CAAC,EAAE;QACrBR,WAAW,GAAGG,UAAU;QACxBF,YAAY,GAAGG,MAAM,CAAC,CAAC,CAAC;QACxB,OAAO,IAAI;MACb;IACF,CAAC,CAAC,OAAOK,KAAK,EAAE;MACd,MAAM,IAAIC,wBAAgB,CACvB,iBAAgBP,UAAW,wCAC9B,CAAC;IACH;IACA,OAAO,KAAK;EACd,CAAC,CAAC;EAEF,OAAO,CAACH,WAAW,EAAEC,YAAY,CAAC;AACpC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMU,gBAAgB,GAAIL,IAAY,IAAyB;EAC7D;EACA;EACA;EACA,MAAMM,KAAK,GAAG,yCAAyC;EAEvD,MAAMC,KAAK,GAAGP,IAAI,CAACO,KAAK,CAACD,KAAK,CAAC;EAC/B,IAAIC,KAAK,EAAE;IACT;IACA;IACA,OAAOA,KAAK,CAAC,CAAC,CAAC,IAAIA,KAAK,CAAC,CAAC,CAAC;EAC7B;;EAEA;;EAEA,MAAM,IAAIC,KAAK,CACZ,0BAAyBR,IAAK,wFACjC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMS,kCAAmE,GAC9EA,CAACC,eAAe,EAAEC,iBAAiB,EAAE1B,WAAW,KAAK;EAAA,IAAA2B,qBAAA;EACnD,IAAI,EAACF,eAAe,aAAfA,eAAe,gBAAAE,qBAAA,GAAfF,eAAe,CAAEG,WAAW,cAAAD,qBAAA,eAA5BA,qBAAA,CAA8BE,MAAM,GAAE;IACzC;IACA,OAAO;MACLC,mBAAmB,EAAE,EAAE;MACvBC,mBAAmB,EAAE,EAAE;MACvBC,sBAAsB,EAAEhC;IAC1B,CAAC;EACH;EACA,MAAMiC,kBAA4B,GAAG,EAAE;EACvC,MAAMC,kBAA4B,GAAG,EAAE;;EAEvC;EACA,MAAMC,oBAAoB,GAAGpC,sBAAsB,CAACC,WAAW,CAAC;;EAEhE;EACA;EACA,MAAMoC,cAAc,GAAGX,eAAe,CAACG,WAAW,CAACC,MAAM,CAACQ,KAAK,CAAEC,KAAK,IAAK;IACzE;IACA;IACA;IACA,IAAI,CAAC7B,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAChDgC,KAAK,CAACvB,IAAI,EACVoB,oBACF,CAAC;IAED,IAAI,CAAC1B,WAAW,EAAE;MAChB,CAACA,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAC5CgC,KAAK,CAACvB,IAAI,EACVW,iBACF,CAAC;MAED,IAAI,CAACjB,WAAW,EAAE;QAChB;QACA,OAAO6B,KAAK,aAALA,KAAK,uBAALA,KAAK,CAAEC,QAAQ;MACxB;IACF,CAAC,MAAM;MACL;MACA,MAAMnC,SAAS,GAAGgB,gBAAgB,CAACX,WAAW,CAAC;MAC/C,IAAIL,SAAS,EAAE;QACb,CAACkC,KAAK,aAALA,KAAK,eAALA,KAAK,CAAEC,QAAQ,GAAGL,kBAAkB,GAAGD,kBAAkB,EAAEO,IAAI,CAC9DpC,SACF,CAAC;MACH;IACF;;IAEA;IACA;IACA,IAAIkC,KAAK,CAACG,MAAM,EAAE;MAChB,IAAI;QACF,MAAMC,cAAc,GAAG/C,GAAG,CAACgD,OAAO,CAACL,KAAK,CAACG,MAAM,CAAC;QAChD,IAAI,CAACC,cAAc,CAAChC,YAAY,CAAC,EAAE;UACjC,MAAM,IAAIS,wBAAgB,CACvB,gBAAeT,YAAa,eAAcD,WAAY,4CACzD,CAAC;QACH;MACF,CAAC,CAAC,OAAOS,KAAK,EAAE;QACd,OAAO,KAAK;MACd;IACF;IACA;IACA;;IAEA,OAAO,IAAI;EACb,CAAC,CAAC;EAEF,IAAI,CAACkB,cAAc,EAAE;IACnB,MAAM,IAAIjB,wBAAgB,CACxB,iGACF,CAAC;EACH;;EAEA;;EAEA,MAAMW,mBAAmB,GAAG9B,WAAW,CAACyC,MAAM,CAAEG,UAAU,IACxDX,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CAAC,CAClE,CAAC;EAED,MAAMiC,mBAAmB,GAAG/B,WAAW,CAACyC,MAAM,CAC3CG,UAAU,IACTV,kBAAkB,CAACW,QAAQ,CAACD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CAAC,CAAC,IAChEgD,oBAAoB,IACnB,CAACb,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CAAC,CACvE,CAAC;EAED,MAAMgD,oBAAoB,GAAG,EAC3BrB,eAAe,CAACG,WAAW,CAACmB,gBAAgB,KAAK,UAAU,CAC5D;EAED,MAAMf,sBAAsB,GAAGc,oBAAoB,GAC/C9C,WAAW,CAACyC,MAAM,CACfG,UAAU,IACT,CAACV,kBAAkB,CAACW,QAAQ,CAC1BD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CACrC,CAAC,IACD,CAACmC,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CAAC,CACrE,CAAC,GACD,EAAE;EAEN,OAAO;IACLgC,mBAAmB;IACnBC,mBAAmB;IACnBC;EACF,CAAC;AACH,CAAC;AAACgB,OAAA,CAAAxB,kCAAA,GAAAA,kCAAA"}
package/lib/commonjs/credential/presentation/README.md CHANGED
@@ -29,8 +29,8 @@ sequenceDiagram
29
29
  <summary>Remote Presentation flow</summary>
30
30
 
31
31
  ```ts
32
- // Scan e retrive qr-code
33
- const qrcode = ...
32
+ // Scan e retrive qr-code, decode it and get its parameters
33
+ const {requestUri, clientId} = ...
34
34
 
35
35
  // Retrieve the integrity key tag from the store and create its context
36
36
  const integrityKeyTag = "example"; // Let's assume this is the key tag used to create the wallet instance
@@ -55,7 +55,7 @@ const walletInstanceAttestation =
55
55
  });
56
56
 
57
57
  // Start the issuance flow
58
- const { requestURI, clientId } = Credential.Presentation.startFlowFromQR(qrcode);
58
+ const { requestURI, clientId } = Credential.Presentation.startFlowFromQR(requestUri, clientId);
59
59
 
60
60
  // If use trust federation: Evaluate issuer trust
61
61
  const { rpConf } = await Credential.Presentation.evaluateRelyingPartyTrust(clientId);
@@ -111,4 +111,4 @@ const { presentationDefinition } = await Credential.Presentation.fetchPresentDef
111
111
 
112
112
  ```
113
113
 
114
- </details>
114
+ </details>
package/lib/commonjs/credential/presentation/errors.js CHANGED
@@ -3,7 +3,7 @@
3
3
  Object.defineProperty(exports, "__esModule", {
4
4
  value: true
5
5
  });
6
- exports.UnverifiedEntityError = exports.NoSuitableKeysFoundInEntityConfiguration = exports.MissingDataError = exports.InvalidQRCodeError = exports.AuthRequestDecodeError = void 0;
6
+ exports.UnverifiedEntityError = exports.NoSuitableKeysFoundInEntityConfiguration = exports.MissingDataError = exports.AuthRequestDecodeError = void 0;
7
7
  var _errors = require("../../utils/errors");
8
8
  /**
9
9
  * An error subclass thrown when auth request decode fail
@@ -46,28 +46,11 @@ class NoSuitableKeysFoundInEntityConfiguration extends _errors.IoWalletError {
46
46
  }
47
47
  }
48
48
 
49
- /**
50
- * When a QR code is not valid.
51
- *
52
- */
53
- exports.NoSuitableKeysFoundInEntityConfiguration = NoSuitableKeysFoundInEntityConfiguration;
54
- class InvalidQRCodeError extends _errors.IoWalletError {
55
- code = "ERR_INVALID_QR_CODE";
56
-
57
- /**
58
- * @param detail A description of why the QR code is considered invalid.
59
- */
60
- constructor(detail) {
61
- const message = `QR code is not valid: ${detail}.`;
62
- super(message);
63
- }
64
- }
65
-
66
49
  /**
67
50
  * When the entity is unverified because the Relying Party is not trusted.
68
51
  *
69
52
  */
70
- exports.InvalidQRCodeError = InvalidQRCodeError;
53
+ exports.NoSuitableKeysFoundInEntityConfiguration = NoSuitableKeysFoundInEntityConfiguration;
71
54
  class UnverifiedEntityError extends _errors.IoWalletError {
72
55
  code = "ERR_UNVERIFIED_RP_ENTITY";
73
56
 
package/lib/commonjs/credential/presentation/errors.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_errors","require","AuthRequestDecodeError","IoWalletError","code","constructor","message","claim","arguments","length","undefined","reason","serializeAttrs","exports","NoSuitableKeysFoundInEntityConfiguration","scenario","InvalidQRCodeError","detail","UnverifiedEntityError","MissingDataError","missingAttributes"],"sourceRoot":"../../../../src","sources":["credential/presentation/errors.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAEA;AACA;AACA;AACA;AACO,MAAMC,sBAAsB,SAASC,qBAAa,CAAC;EACxDC,IAAI,GAAG,oDAAoD;;EAE3D;;EAGA;;EAGAC,WAAWA,CACTC,OAAe,EAGf;IAAA,IAFAC,KAAa,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAC7BG,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAE9B,KAAK,CAAC,IAAAI,sBAAc,EAAC;MAAEN,OAAO;MAAEC,KAAK;MAAEI;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACJ,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AAHAE,OAAA,CAAAX,sBAAA,GAAAA,sBAAA;AAIO,MAAMY,wCAAwC,SAASX,qBAAa,CAAC;EAC1EC,IAAI,GAAG,gCAAgC;;EAEvC;AACF;AACA;EACEC,WAAWA,CAACU,QAAgB,EAAE;IAC5B,MAAMT,OAAO,GAAI,0DAAyDS,QAAS,IAAG;IACtF,KAAK,CAACT,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AAHAO,OAAA,CAAAC,wCAAA,GAAAA,wCAAA;AAIO,MAAME,kBAAkB,SAASb,qBAAa,CAAC;EACpDC,IAAI,GAAG,qBAAqB;;EAE5B;AACF;AACA;EACEC,WAAWA,CAACY,MAAc,EAAE;IAC1B,MAAMX,OAAO,GAAI,yBAAwBW,MAAO,GAAE;IAClD,KAAK,CAACX,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AAHAO,OAAA,CAAAG,kBAAA,GAAAA,kBAAA;AAIO,MAAME,qBAAqB,SAASf,qBAAa,CAAC;EACvDC,IAAI,GAAG,0BAA0B;;EAEjC;AACF;AACA;EACEC,WAAWA,CAACM,MAAc,EAAE;IAC1B,MAAML,OAAO,GAAI,sBAAqBK,MAAO,GAAE;IAC/C,KAAK,CAACL,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AAHAO,OAAA,CAAAK,qBAAA,GAAAA,qBAAA;AAIO,MAAMC,gBAAgB,SAAShB,qBAAa,CAAC;EAClDC,IAAI,GAAG,kBAAkB;;EAEzB;AACF;AACA;EACEC,WAAWA,CAACe,iBAAyB,EAAE;IACrC,MAAMd,OAAO,GAAI,kCAAiCc,iBAAkB,GAAE;IACtE,KAAK,CAACd,OAAO,CAAC;EAChB;AACF;AAACO,OAAA,CAAAM,gBAAA,GAAAA,gBAAA"}
1
+ {"version":3,"names":["_errors","require","AuthRequestDecodeError","IoWalletError","code","constructor","message","claim","arguments","length","undefined","reason","serializeAttrs","exports","NoSuitableKeysFoundInEntityConfiguration","scenario","UnverifiedEntityError","MissingDataError","missingAttributes"],"sourceRoot":"../../../../src","sources":["credential/presentation/errors.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAEA;AACA;AACA;AACA;AACO,MAAMC,sBAAsB,SAASC,qBAAa,CAAC;EACxDC,IAAI,GAAG,oDAAoD;;EAE3D;;EAGA;;EAGAC,WAAWA,CACTC,OAAe,EAGf;IAAA,IAFAC,KAAa,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAC7BG,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAE9B,KAAK,CAAC,IAAAI,sBAAc,EAAC;MAAEN,OAAO;MAAEC,KAAK;MAAEI;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACJ,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AAHAE,OAAA,CAAAX,sBAAA,GAAAA,sBAAA;AAIO,MAAMY,wCAAwC,SAASX,qBAAa,CAAC;EAC1EC,IAAI,GAAG,gCAAgC;;EAEvC;AACF;AACA;EACEC,WAAWA,CAACU,QAAgB,EAAE;IAC5B,MAAMT,OAAO,GAAI,0DAAyDS,QAAS,IAAG;IACtF,KAAK,CAACT,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AAHAO,OAAA,CAAAC,wCAAA,GAAAA,wCAAA;AAIO,MAAME,qBAAqB,SAASb,qBAAa,CAAC;EACvDC,IAAI,GAAG,0BAA0B;;EAEjC;AACF;AACA;EACEC,WAAWA,CAACM,MAAc,EAAE;IAC1B,MAAML,OAAO,GAAI,sBAAqBK,MAAO,GAAE;IAC/C,KAAK,CAACL,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AAHAO,OAAA,CAAAG,qBAAA,GAAAA,qBAAA;AAIO,MAAMC,gBAAgB,SAASd,qBAAa,CAAC;EAClDC,IAAI,GAAG,kBAAkB;;EAEzB;AACF;AACA;EACEC,WAAWA,CAACa,iBAAyB,EAAE;IACrC,MAAMZ,OAAO,GAAI,kCAAiCY,iBAAkB,GAAE;IACtE,KAAK,CAACZ,OAAO,CAAC;EAChB;AACF;AAACO,OAAA,CAAAI,gBAAA,GAAAA,gBAAA"}
package/lib/commonjs/credential/presentation/types.js CHANGED
@@ -6,6 +6,7 @@ Object.defineProperty(exports, "__esModule", {
6
6
  exports.RequestObject = exports.PresentationDefinition = exports.InputDescriptor = void 0;
7
7
  var _types = require("../../sd-jwt/types");
8
8
  var z = _interopRequireWildcard(require("zod"));
9
+ var _jwk = require("../../utils/jwk");
9
10
  function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
10
11
  function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
11
12
  /**
@@ -87,7 +88,12 @@ const RequestObject = z.object({
87
88
  response_type: z.literal("vp_token"),
88
89
  response_mode: z.enum(["direct_post.jwt", "direct_post"]),
89
90
  client_id: z.string(),
90
- client_id_scheme: z.string(),
91
+ client_id_scheme: z.string().optional(),
92
+ // previous z.literal("entity_id"),
93
+ client_metadata: z.object({
94
+ jwks_uri: z.string().optional(),
95
+ jwks: _jwk.JWKS.optional()
96
+ }).optional(),
91
97
  // previous z.literal("entity_id"),
92
98
  scope: z.string().optional(),
93
99
  presentation_definition: PresentationDefinition.optional()
package/lib/commonjs/credential/presentation/types.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_types","require","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","Fields","object","path","array","string","min","id","optional","purpose","name","filter","any","boolean","intent_to_retain","Constraints","fields","limit_disclosure","enum","InputDescriptor","format","record","constraints","group","exports","SubmissionRequirement","rule","from","from_nested","count","number","PresentationDefinition","input_descriptors","submission_requirements","RequestObject","iss","iat","UnixTime","exp","state","nonce","response_uri","response_type","literal","response_mode","client_id","client_id_scheme","scope","presentation_definition"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":";;;;;;AACA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;AAAyB,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEzB;AACA;AACA;;AAOA,MAAMW,MAAM,GAAGxB,CAAC,CAACyB,MAAM,CAAC;EACtBC,IAAI,EAAE1B,CAAC,CAAC2B,KAAK,CAAC3B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAAC;EAAE;EAClCC,EAAE,EAAE9B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC3BC,OAAO,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCE,IAAI,EAAEjC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BG,MAAM,EAAElC,CAAC,CAACmC,GAAG,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAC5BA,QAAQ,EAAE/B,CAAC,CAACoC,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAAE;EAClCM,gBAAgB,EAAErC,CAAC,CAACoC,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC,CAAE;AAC5C,CAAC,CAAC;;AAEF;AACA,MAAMO,WAAW,GAAGtC,CAAC,CAACyB,MAAM,CAAC;EAC3Bc,MAAM,EAAEvC,CAAC,CAAC2B,KAAK,CAACH,MAAM,CAAC,CAACO,QAAQ,CAAC,CAAC;EAAE;EACpCS,gBAAgB,EAAExC,CAAC,CAACyC,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAACV,QAAQ,CAAC,CAAC,CAAE;AAClE,CAAC,CAAC;;AAEF;;AAEO,MAAMW,eAAe,GAAG1C,CAAC,CAACyB,MAAM,CAAC;EACtCK,EAAE,EAAE9B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC;EAAE;EACvBI,IAAI,EAAEjC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BC,OAAO,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCY,MAAM,EAAE3C,CAAC,CAAC4C,MAAM,CAAC5C,CAAC,CAAC4B,MAAM,CAAC,CAAC,EAAE5B,CAAC,CAACmC,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAClDc,WAAW,EAAEP,WAAW;EAAE;EAC1BQ,KAAK,EAAE9C,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;AAChC,CAAC,CAAC;AAACgB,OAAA,CAAAL,eAAA,GAAAA,eAAA;AAEH,MAAMM,qBAAqB,GAAGhD,CAAC,CAACyB,MAAM,CAAC;EACrCQ,IAAI,EAAEjC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BkB,IAAI,EAAEjD,CAAC,CAAC4B,MAAM,CAAC,CAAC;EAAE;EAClBsB,IAAI,EAAElD,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BoB,WAAW,EAAEnD,CAAC,CACX2B,KAAK,CACJ3B,CAAC,CAACyB,MAAM,CAAC;IACPQ,IAAI,EAAEjC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3BC,OAAO,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC9BkB,IAAI,EAAEjD,CAAC,CAAC4B,MAAM,CAAC,CAAC;IAChBsB,IAAI,EAAElD,CAAC,CAAC4B,MAAM,CAAC;EACjB,CAAC,CACH,CAAC,CACAG,QAAQ,CAAC,CAAC;EACbqB,KAAK,EAAEpD,CAAC,CAACqD,MAAM,CAAC,CAAC,CAACtB,QAAQ,CAAC;EAC3B;AACF,CAAC,CAAC;;AAGK,MAAMuB,sBAAsB,GAAGtD,CAAC,CAACyB,MAAM,CAAC;EAC7CK,EAAE,EAAE9B,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACdK,IAAI,EAAEjC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BwB,iBAAiB,EAAEvD,CAAC,CAAC2B,KAAK,CAACe,eAAe,CAAC;EAC3Cc,uBAAuB,EAAExD,CAAC,CAAC2B,KAAK,CAACqB,qBAAqB,CAAC,CAACjB,QAAQ,CAAC;AACnE,CAAC,CAAC;AAACgB,OAAA,CAAAO,sBAAA,GAAAA,sBAAA;AAGI,MAAMG,aAAa,GAAGzD,CAAC,CAACyB,MAAM,CAAC;EACpCiC,GAAG,EAAE1D,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC5B4B,GAAG,EAAEC,eAAQ,CAAC7B,QAAQ,CAAC,CAAC;EACxB8B,GAAG,EAAED,eAAQ,CAAC7B,QAAQ,CAAC,CAAC;EACxB+B,KAAK,EAAE9D,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACjBmC,KAAK,EAAE/D,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACjBoC,YAAY,EAAEhE,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACxBqC,aAAa,EAAEjE,CAAC,CAACkE,OAAO,CAAC,UAAU,CAAC;EACpCC,aAAa,EAAEnE,CAAC,CAACyC,IAAI,CAAC,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC;EACzD2B,SAAS,EAAEpE,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACrByC,gBAAgB,EAAErE,CAAC,CAAC4B,MAAM,CAAC,CAAC;EAAE;EAC9B0C,KAAK,EAAEtE,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC5BwC,uBAAuB,EAAEjB,sBAAsB,CAACvB,QAAQ,CAAC;AAC3D,CAAC,CAAC;AAACgB,OAAA,CAAAU,aAAA,GAAAA,aAAA"}
1
+ {"version":3,"names":["_types","require","z","_interopRequireWildcard","_jwk","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","Fields","object","path","array","string","min","id","optional","purpose","name","filter","any","boolean","intent_to_retain","Constraints","fields","limit_disclosure","enum","InputDescriptor","format","record","constraints","group","exports","SubmissionRequirement","rule","from","from_nested","count","number","PresentationDefinition","input_descriptors","submission_requirements","RequestObject","iss","iat","UnixTime","exp","state","nonce","response_uri","response_type","literal","response_mode","client_id","client_id_scheme","client_metadata","jwks_uri","jwks","JWKS","scope","presentation_definition"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":";;;;;;AACA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,IAAA,GAAAH,OAAA;AAAuC,SAAAI,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEvC;AACA;AACA;;AAOA,MAAMW,MAAM,GAAGzB,CAAC,CAAC0B,MAAM,CAAC;EACtBC,IAAI,EAAE3B,CAAC,CAAC4B,KAAK,CAAC5B,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAAC;EAAE;EAClCC,EAAE,EAAE/B,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC3BC,OAAO,EAAEjC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCE,IAAI,EAAElC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BG,MAAM,EAAEnC,CAAC,CAACoC,GAAG,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAC5BA,QAAQ,EAAEhC,CAAC,CAACqC,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAAE;EAClCM,gBAAgB,EAAEtC,CAAC,CAACqC,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC,CAAE;AAC5C,CAAC,CAAC;;AAEF;AACA,MAAMO,WAAW,GAAGvC,CAAC,CAAC0B,MAAM,CAAC;EAC3Bc,MAAM,EAAExC,CAAC,CAAC4B,KAAK,CAACH,MAAM,CAAC,CAACO,QAAQ,CAAC,CAAC;EAAE;EACpCS,gBAAgB,EAAEzC,CAAC,CAAC0C,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAACV,QAAQ,CAAC,CAAC,CAAE;AAClE,CAAC,CAAC;;AAEF;;AAEO,MAAMW,eAAe,GAAG3C,CAAC,CAAC0B,MAAM,CAAC;EACtCK,EAAE,EAAE/B,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC;EAAE;EACvBI,IAAI,EAAElC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BC,OAAO,EAAEjC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCY,MAAM,EAAE5C,CAAC,CAAC6C,MAAM,CAAC7C,CAAC,CAAC6B,MAAM,CAAC,CAAC,EAAE7B,CAAC,CAACoC,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAClDc,WAAW,EAAEP,WAAW;EAAE;EAC1BQ,KAAK,EAAE/C,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;AAChC,CAAC,CAAC;AAACgB,OAAA,CAAAL,eAAA,GAAAA,eAAA;AAEH,MAAMM,qBAAqB,GAAGjD,CAAC,CAAC0B,MAAM,CAAC;EACrCQ,IAAI,EAAElC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAEjC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BkB,IAAI,EAAElD,CAAC,CAAC6B,MAAM,CAAC,CAAC;EAAE;EAClBsB,IAAI,EAAEnD,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BoB,WAAW,EAAEpD,CAAC,CACX4B,KAAK,CACJ5B,CAAC,CAAC0B,MAAM,CAAC;IACPQ,IAAI,EAAElC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3BC,OAAO,EAAEjC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC9BkB,IAAI,EAAElD,CAAC,CAAC6B,MAAM,CAAC,CAAC;IAChBsB,IAAI,EAAEnD,CAAC,CAAC6B,MAAM,CAAC;EACjB,CAAC,CACH,CAAC,CACAG,QAAQ,CAAC,CAAC;EACbqB,KAAK,EAAErD,CAAC,CAACsD,MAAM,CAAC,CAAC,CAACtB,QAAQ,CAAC;EAC3B;AACF,CAAC,CAAC;;AAGK,MAAMuB,sBAAsB,GAAGvD,CAAC,CAAC0B,MAAM,CAAC;EAC7CK,EAAE,EAAE/B,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACdK,IAAI,EAAElC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAEjC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BwB,iBAAiB,EAAExD,CAAC,CAAC4B,KAAK,CAACe,eAAe,CAAC;EAC3Cc,uBAAuB,EAAEzD,CAAC,CAAC4B,KAAK,CAACqB,qBAAqB,CAAC,CAACjB,QAAQ,CAAC;AACnE,CAAC,CAAC;AAACgB,OAAA,CAAAO,sBAAA,GAAAA,sBAAA;AAGI,MAAMG,aAAa,GAAG1D,CAAC,CAAC0B,MAAM,CAAC;EACpCiC,GAAG,EAAE3D,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC5B4B,GAAG,EAAEC,eAAQ,CAAC7B,QAAQ,CAAC,CAAC;EACxB8B,GAAG,EAAED,eAAQ,CAAC7B,QAAQ,CAAC,CAAC;EACxB+B,KAAK,EAAE/D,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACjBmC,KAAK,EAAEhE,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACjBoC,YAAY,EAAEjE,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACxBqC,aAAa,EAAElE,CAAC,CAACmE,OAAO,CAAC,UAAU,CAAC;EACpCC,aAAa,EAAEpE,CAAC,CAAC0C,IAAI,CAAC,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC;EACzD2B,SAAS,EAAErE,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACrByC,gBAAgB,EAAEtE,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EACzCuC,eAAe,EAAEvE,CAAC,CACf0B,MAAM,CAAC;IACN8C,QAAQ,EAAExE,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC/ByC,IAAI,EAAEC,SAAI,CAAC1C,QAAQ,CAAC;EACtB,CAAC,CAAC,CACDA,QAAQ,CAAC,CAAC;EAAE;EACf2C,KAAK,EAAE3E,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC5B4C,uBAAuB,EAAErB,sBAAsB,CAACvB,QAAQ,CAAC;AAC3D,CAAC,CAAC;AAACgB,OAAA,CAAAU,aAAA,GAAAA,aAAA"}
package/lib/commonjs/utils/crypto.js CHANGED
@@ -3,11 +3,12 @@
3
3
  Object.defineProperty(exports, "__esModule", {
4
4
  value: true
5
5
  });
6
- exports.withEphemeralKey = exports.createCryptoContextFor = void 0;
6
+ exports.withEphemeralKey = exports.parsePublicKey = exports.getSigningJwk = exports.createCryptoContextFor = exports.convertCertToPem = void 0;
7
7
  var _ioReactNativeCrypto = require("@pagopa/io-react-native-crypto");
8
8
  var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
9
9
  var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
10
10
  var _jwk = require("./jwk");
11
+ var _jsrsasign = require("jsrsasign");
11
12
  function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
12
13
  /**
13
14
  * Create a CryptoContext bound to a key pair.
@@ -61,5 +62,44 @@ const withEphemeralKey = async fn => {
61
62
  const ephemeralContext = createCryptoContextFor(keytag);
62
63
  return fn(ephemeralContext).finally(() => (0, _ioReactNativeCrypto.deleteKey)(keytag));
63
64
  };
65
+
66
+ /**
67
+ * Converts a certificate string to PEM format.
68
+ *
69
+ * @param certificate - The certificate string.
70
+ * @returns The PEM-formatted certificate.
71
+ */
64
72
  exports.withEphemeralKey = withEphemeralKey;
73
+ const convertCertToPem = certificate => `-----BEGIN CERTIFICATE-----\n${certificate}\n-----END CERTIFICATE-----`;
74
+
75
+ /**
76
+ * Parses the public key from a PEM-formatted certificate.
77
+ *
78
+ * @param pemCert - The PEM-formatted certificate.
79
+ * @returns The public key object.
80
+ * @throws Will throw an error if the public key is unsupported.
81
+ */
82
+ exports.convertCertToPem = convertCertToPem;
83
+ const parsePublicKey = pemCert => {
84
+ const x509 = new _jsrsasign.X509();
85
+ x509.readCertPEM(pemCert);
86
+ const publicKey = x509.getPublicKey();
87
+ if (publicKey instanceof _jsrsasign.RSAKey || publicKey instanceof _jsrsasign.KJUR.crypto.ECDSA) {
88
+ return publicKey;
89
+ }
90
+ return undefined;
91
+ };
92
+
93
+ /**
94
+ * Retrieves the signing JWK from the public key.
95
+ *
96
+ * @param publicKey - The public key object.
97
+ * @returns The signing JWK.
98
+ */
99
+ exports.parsePublicKey = parsePublicKey;
100
+ const getSigningJwk = publicKey => ({
101
+ ..._jwk.JWK.parse(_jsrsasign.KEYUTIL.getJWKFromKey(publicKey)),
102
+ use: "sig"
103
+ });
104
+ exports.getSigningJwk = getSigningJwk;
65
105
  //# sourceMappingURL=crypto.js.map
package/lib/commonjs/utils/crypto.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_ioReactNativeCrypto","require","_reactNativeUuid","_interopRequireDefault","_ioReactNativeJwt","_jwk","obj","__esModule","default","createCryptoContextFor","keytag","getPublicKey","then","fixBase64EncodingOnKey","jwk","kid","thumbprint","getSignature","value","sign","exports","withEphemeralKey","fn","uuid","v4","generate","ephemeralContext","finally","deleteKey"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":";;;;;;AAAA,IAAAA,oBAAA,GAAAC,OAAA;AAMA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA;AACA,IAAAI,IAAA,GAAAJ,OAAA;AAA+C,SAAAE,uBAAAG,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAE/C;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,sBAAsB,GAAIC,MAAc,IAAoB;EACvE,OAAO;IACL;AACJ;AACA;AACA;AACA;IACI,MAAMC,YAAYA,CAAA,EAAG;MACnB,OAAO,IAAAA,iCAAY,EAACD,MAAM,CAAC,CACxBE,IAAI,CAACC,2BAAsB,CAAC,CAC5BD,IAAI,CAAC,MAAOE,GAAG,KAAM;QACpB,GAAGA,GAAG;QACN;QACA;QACA;QACA;QACAC,GAAG,EAAE,MAAM,IAAAC,4BAAU,EAACF,GAAG;MAC3B,CAAC,CAAC,CAAC;IACP,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;IACI,MAAMG,YAAYA,CAACC,KAAa,EAAE;MAChC,OAAO,IAAAC,yBAAI,EAACD,KAAK,EAAER,MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAU,OAAA,CAAAX,sBAAA,GAAAA,sBAAA;AAQO,MAAMY,gBAAgB,GAAG,MAC9BC,EAAmD,IACpC;EACf;EACA,MAAMZ,MAAM,GAAI,aAAYa,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;EACvC,MAAM,IAAAC,6BAAQ,EAACf,MAAM,CAAC;EACtB,MAAMgB,gBAAgB,GAAGjB,sBAAsB,CAACC,MAAM,CAAC;EACvD,OAAOY,EAAE,CAACI,gBAAgB,CAAC,CAACC,OAAO,CAAC,MAAM,IAAAC,8BAAS,EAAClB,MAAM,CAAC,CAAC;AAC9D,CAAC;AAACU,OAAA,CAAAC,gBAAA,GAAAA,gBAAA"}
1
+ {"version":3,"names":["_ioReactNativeCrypto","require","_reactNativeUuid","_interopRequireDefault","_ioReactNativeJwt","_jwk","_jsrsasign","obj","__esModule","default","createCryptoContextFor","keytag","getPublicKey","then","fixBase64EncodingOnKey","jwk","kid","thumbprint","getSignature","value","sign","exports","withEphemeralKey","fn","uuid","v4","generate","ephemeralContext","finally","deleteKey","convertCertToPem","certificate","parsePublicKey","pemCert","x509","X509","readCertPEM","publicKey","RSAKey","KJUR","crypto","ECDSA","undefined","getSigningJwk","JWK","parse","KEYUTIL","getJWKFromKey","use"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":";;;;;;AAAA,IAAAA,oBAAA,GAAAC,OAAA;AAMA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA;AACA,IAAAI,IAAA,GAAAJ,OAAA;AACA,IAAAK,UAAA,GAAAL,OAAA;AAAwD,SAAAE,uBAAAI,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAGxD;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,sBAAsB,GAAIC,MAAc,IAAoB;EACvE,OAAO;IACL;AACJ;AACA;AACA;AACA;IACI,MAAMC,YAAYA,CAAA,EAAG;MACnB,OAAO,IAAAA,iCAAY,EAACD,MAAM,CAAC,CACxBE,IAAI,CAACC,2BAAsB,CAAC,CAC5BD,IAAI,CAAC,MAAOE,GAAG,KAAM;QACpB,GAAGA,GAAG;QACN;QACA;QACA;QACA;QACAC,GAAG,EAAE,MAAM,IAAAC,4BAAU,EAACF,GAAG;MAC3B,CAAC,CAAC,CAAC;IACP,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;IACI,MAAMG,YAAYA,CAACC,KAAa,EAAE;MAChC,OAAO,IAAAC,yBAAI,EAACD,KAAK,EAAER,MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAU,OAAA,CAAAX,sBAAA,GAAAA,sBAAA;AAQO,MAAMY,gBAAgB,GAAG,MAC9BC,EAAmD,IACpC;EACf;EACA,MAAMZ,MAAM,GAAI,aAAYa,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;EACvC,MAAM,IAAAC,6BAAQ,EAACf,MAAM,CAAC;EACtB,MAAMgB,gBAAgB,GAAGjB,sBAAsB,CAACC,MAAM,CAAC;EACvD,OAAOY,EAAE,CAACI,gBAAgB,CAAC,CAACC,OAAO,CAAC,MAAM,IAAAC,8BAAS,EAAClB,MAAM,CAAC,CAAC;AAC9D,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AALAU,OAAA,CAAAC,gBAAA,GAAAA,gBAAA;AAMO,MAAMQ,gBAAgB,GAAIC,WAAmB,IACjD,gCAA+BA,WAAY,6BAA4B;;AAE1E;AACA;AACA;AACA;AACA;AACA;AACA;AANAV,OAAA,CAAAS,gBAAA,GAAAA,gBAAA;AAOO,MAAME,cAAc,GACzBC,OAAe,IAC4B;EAC3C,MAAMC,IAAI,GAAG,IAAIC,eAAI,CAAC,CAAC;EACvBD,IAAI,CAACE,WAAW,CAACH,OAAO,CAAC;EACzB,MAAMI,SAAS,GAAGH,IAAI,CAACtB,YAAY,CAAC,CAAC;EAErC,IAAIyB,SAAS,YAAYC,iBAAM,IAAID,SAAS,YAAYE,eAAI,CAACC,MAAM,CAACC,KAAK,EAAE;IACzE,OAAOJ,SAAS;EAClB;EAEA,OAAOK,SAAS;AAClB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AALArB,OAAA,CAAAW,cAAA,GAAAA,cAAA;AAMO,MAAMW,aAAa,GAAIN,SAAqC,KAAW;EAC5E,GAAGO,QAAG,CAACC,KAAK,CAACC,kBAAO,CAACC,aAAa,CAACV,SAAS,CAAC,CAAC;EAC9CW,GAAG,EAAE;AACP,CAAC,CAAC;AAAC3B,OAAA,CAAAsB,aAAA,GAAAA,aAAA"}