@pagopa/io-react-native-wallet 1.2.3 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/credential/issuance/03-start-user-authorization.js +3 -0
- package/lib/commonjs/credential/issuance/03-start-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/presentation/01-start-flow.js +12 -28
- package/lib/commonjs/credential/presentation/01-start-flow.js.map +1 -1
- package/lib/commonjs/credential/presentation/04-retrieve-rp-jwks.js +96 -24
- package/lib/commonjs/credential/presentation/04-retrieve-rp-jwks.js.map +1 -1
- package/lib/commonjs/credential/presentation/05-verify-request-object.js +7 -2
- package/lib/commonjs/credential/presentation/05-verify-request-object.js.map +1 -1
- package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js +9 -5
- package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js.map +1 -1
- package/lib/commonjs/credential/presentation/08-send-authorization-response.js +20 -16
- package/lib/commonjs/credential/presentation/08-send-authorization-response.js.map +1 -1
- package/lib/commonjs/credential/presentation/README.md +4 -4
- package/lib/commonjs/credential/presentation/errors.js +2 -19
- package/lib/commonjs/credential/presentation/errors.js.map +1 -1
- package/lib/commonjs/credential/presentation/types.js +9 -1
- package/lib/commonjs/credential/presentation/types.js.map +1 -1
- package/lib/commonjs/entity/trust/chain.js.map +1 -1
- package/lib/commonjs/utils/crypto.js +41 -1
- package/lib/commonjs/utils/crypto.js.map +1 -1
- package/lib/commonjs/utils/decoder.js.map +1 -1
- package/lib/module/credential/issuance/03-start-user-authorization.js +3 -0
- package/lib/module/credential/issuance/03-start-user-authorization.js.map +1 -1
- package/lib/module/credential/presentation/01-start-flow.js +12 -28
- package/lib/module/credential/presentation/01-start-flow.js.map +1 -1
- package/lib/module/credential/presentation/04-retrieve-rp-jwks.js +96 -24
- package/lib/module/credential/presentation/04-retrieve-rp-jwks.js.map +1 -1
- package/lib/module/credential/presentation/05-verify-request-object.js +7 -2
- package/lib/module/credential/presentation/05-verify-request-object.js.map +1 -1
- package/lib/module/credential/presentation/07-evaluate-input-descriptor.js +9 -5
- package/lib/module/credential/presentation/07-evaluate-input-descriptor.js.map +1 -1
- package/lib/module/credential/presentation/08-send-authorization-response.js +18 -14
- package/lib/module/credential/presentation/08-send-authorization-response.js.map +1 -1
- package/lib/module/credential/presentation/README.md +4 -4
- package/lib/module/credential/presentation/errors.js +0 -16
- package/lib/module/credential/presentation/errors.js.map +1 -1
- package/lib/module/credential/presentation/types.js +9 -1
- package/lib/module/credential/presentation/types.js.map +1 -1
- package/lib/module/entity/trust/chain.js.map +1 -1
- package/lib/module/utils/crypto.js +38 -0
- package/lib/module/utils/crypto.js.map +1 -1
- package/lib/module/utils/decoder.js +0 -1
- package/lib/module/utils/decoder.js.map +1 -1
- package/lib/module/utils/jwk.js.map +1 -1
- package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/01-start-flow.d.ts +3 -3
- package/lib/typescript/credential/presentation/01-start-flow.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/03-get-request-object.d.ts +1 -1
- package/lib/typescript/credential/presentation/04-retrieve-rp-jwks.d.ts +15 -8
- package/lib/typescript/credential/presentation/04-retrieve-rp-jwks.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/05-verify-request-object.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts +3 -2
- package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts +5 -5
- package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/errors.d.ts +0 -11
- package/lib/typescript/credential/presentation/errors.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/types.d.ts +252 -3
- package/lib/typescript/credential/presentation/types.d.ts.map +1 -1
- package/lib/typescript/entity/trust/chain.d.ts +1 -1
- package/lib/typescript/entity/trust/chain.d.ts.map +1 -1
- package/lib/typescript/utils/crypto.d.ts +24 -0
- package/lib/typescript/utils/crypto.d.ts.map +1 -1
- package/lib/typescript/utils/decoder.d.ts +1 -1
- package/lib/typescript/utils/decoder.d.ts.map +1 -1
- package/lib/typescript/utils/jwk.d.ts +2 -0
- package/lib/typescript/utils/jwk.d.ts.map +1 -1
- package/package.json +4 -2
- package/src/credential/issuance/03-start-user-authorization.ts +3 -0
- package/src/credential/presentation/01-start-flow.ts +16 -32
- package/src/credential/presentation/03-get-request-object.ts +1 -1
- package/src/credential/presentation/04-retrieve-rp-jwks.ts +122 -34
- package/src/credential/presentation/05-verify-request-object.ts +4 -3
- package/src/credential/presentation/07-evaluate-input-descriptor.ts +20 -6
- package/src/credential/presentation/08-send-authorization-response.ts +25 -17
- package/src/credential/presentation/README.md +4 -4
- package/src/credential/presentation/errors.ts +0 -16
- package/src/credential/presentation/types.ts +10 -1
- package/src/entity/trust/chain.ts +1 -2
- package/src/utils/crypto.ts +43 -0
- package/src/utils/decoder.ts +1 -1
- package/src/utils/jwk.ts +3 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_types","require","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","Fields","object","path","array","string","min","id","optional","purpose","name","filter","any","boolean","intent_to_retain","Constraints","fields","limit_disclosure","enum","InputDescriptor","format","record","constraints","group","exports","SubmissionRequirement","rule","from","from_nested","count","number","PresentationDefinition","input_descriptors","submission_requirements","RequestObject","iss","iat","UnixTime","exp","state","nonce","response_uri","response_type","literal","response_mode","client_id","client_id_scheme","scope","presentation_definition"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":";;;;;;AACA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;
|
|
1
|
+
{"version":3,"names":["_types","require","z","_interopRequireWildcard","_jwk","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","Fields","object","path","array","string","min","id","optional","purpose","name","filter","any","boolean","intent_to_retain","Constraints","fields","limit_disclosure","enum","InputDescriptor","format","record","constraints","group","exports","SubmissionRequirement","rule","from","from_nested","count","number","PresentationDefinition","input_descriptors","submission_requirements","RequestObject","iss","iat","UnixTime","exp","state","nonce","response_uri","response_type","literal","response_mode","client_id","client_id_scheme","client_metadata","authorization_encrypted_response_alg","authorization_encrypted_response_enc","jwks_uri","jwks","JWKS","scope","presentation_definition"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":";;;;;;AACA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,IAAA,GAAAH,OAAA;AAAuC,SAAAI,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEvC;AACA;AACA;;AAOA,MAAMW,MAAM,GAAGzB,CAAC,CAAC0B,MAAM,CAAC;EACtBC,IAAI,EAAE3B,CAAC,CAAC4B,KAAK,CAAC5B,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAAC;EAAE;EAClCC,EAAE,EAAE/B,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC3BC,OAAO,EAAEjC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCE,IAAI,EAAElC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BG,MAAM,EAAEnC,CAAC,CAACoC,GAAG,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAC5BA,QAAQ,EAAEhC,CAAC,CAACqC,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAAE;EAClCM,gBAAgB,EAAEtC,CAAC,CAACqC,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC,CAAE;AAC5C,CAAC,CAAC;;AAEF;AACA,MAAMO,WAAW,GAAGvC,CAAC,CAAC0B,MAAM,CAAC;EAC3Bc,MAAM,EAAExC,CAAC,CAAC4B,KAAK,CAACH,MAAM,CAAC,CAACO,QAAQ,CAAC,CAAC;EAAE;EACpCS,gBAAgB,EAAEzC,CAAC,CAAC0C,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAACV,QAAQ,CAAC,CAAC,CAAE;AAClE,CAAC,CAAC;;AAEF;;AAEO,MAAMW,eAAe,GAAG3C,CAAC,CAAC0B,MAAM,CAAC;EACtCK,EAAE,EAAE/B,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC;EAAE;EACvBI,IAAI,EAAElC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BC,OAAO,EAAEjC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCY,MAAM,EAAE5C,CAAC,CAAC6C,MAAM,CAAC7C,CAAC,CAAC6B,MAAM,CAAC,CAAC,EAAE7B,CAAC,CAACoC,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAClDc,WAAW,EAAEP,WAAW;EAAE;EAC1BQ,KAAK,EAAE/C,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;AAChC,CAAC,CAAC;AAACgB,OAAA,CAAAL,eAAA,GAAAA,eAAA;AAEH,MAAMM,qBAAqB,GAAGjD,CAAC,CAAC0B,MAAM,CAAC;EACrCQ,IAAI,EAAElC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAEjC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BkB,IAAI,EAAElD,CAAC,CAAC6B,MAAM,CAAC,CAAC;EAAE;EAClBsB,IAAI,EAAEnD,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BoB,WAAW,EAAEpD,CAAC,CACX4B,KAAK,CACJ5B,CAAC,CAAC0B,MAAM,CAAC;IACPQ,IAAI,EAAElC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3BC,OAAO,EAAEjC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC9BkB,IAAI,EAAElD,CAAC,CAAC6B,MAAM,CAAC,CAAC;IAChBsB,IAAI,EAAEnD,CAAC,CAAC6B,MAAM,CAAC;EACjB,CAAC,CACH,CAAC,CACAG,QAAQ,CAAC,CAAC;EACbqB,KAAK,EAAErD,CAAC,CAACsD,MAAM,CAAC,CAAC,CAACtB,QAAQ,CAAC;EAC3B;AACF,CAAC,CAAC;;AAGK,MAAMuB,sBAAsB,GAAGvD,CAAC,CAAC0B,MAAM,CAAC;EAC7CK,EAAE,EAAE/B,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACdK,IAAI,EAAElC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAEjC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BwB,iBAAiB,EAAExD,CAAC,CAAC4B,KAAK,CAACe,eAAe,CAAC;EAC3Cc,uBAAuB,EAAEzD,CAAC,CAAC4B,KAAK,CAACqB,qBAAqB,CAAC,CAACjB,QAAQ,CAAC;AACnE,CAAC,CAAC;AAACgB,OAAA,CAAAO,sBAAA,GAAAA,sBAAA;AAGI,MAAMG,aAAa,GAAG1D,CAAC,CAAC0B,MAAM,CAAC;EACpCiC,GAAG,EAAE3D,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC5B4B,GAAG,EAAEC,eAAQ,CAAC7B,QAAQ,CAAC,CAAC;EACxB8B,GAAG,EAAED,eAAQ,CAAC7B,QAAQ,CAAC,CAAC;EACxB+B,KAAK,EAAE/D,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACjBmC,KAAK,EAAEhE,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACjBoC,YAAY,EAAEjE,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACxBqC,aAAa,EAAElE,CAAC,CAACmE,OAAO,CAAC,UAAU,CAAC;EACpCC,aAAa,EAAEpE,CAAC,CAAC0C,IAAI,CAAC,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC;EACzD2B,SAAS,EAAErE,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACrByC,gBAAgB,EAAEtE,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EACzCuC,eAAe,EAAEvE,CAAC,CACf0B,MAAM,CAAC;IACN8C,oCAAoC,EAAExE,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3DyC,oCAAoC,EAAEzE,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3D0C,QAAQ,EAAE1E,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC/B2C,IAAI,EAAEC,SAAI,CAAC5C,QAAQ,CAAC;EACtB,CAAC,CAAC,CACDA,QAAQ,CAAC,CAAC;EAAE;EACf6C,KAAK,EAAE7E,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC5B8C,uBAAuB,EAAEvB,sBAAsB,CAACvB,QAAQ,CAAC;AAC3D,CAAC,CAAC;AAACgB,OAAA,CAAAU,aAAA,GAAAA,aAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_types","_errors","z","_interopRequireWildcard","_","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","verify","token","kid","jwks","jwk","find","k","Error","protectedHeader","header","payload","verifyJwt","decode","decodeJwt","FirstElementShape","EntityConfiguration","MiddleElementShape","EntityStatement","LastElementShape","union","TrustAnchorEntityConfiguration","validateTrustChain","trustAnchorEntity","chain","length","IoWalletError","selectTokenShape","elementIndex","selectKid","currentIndex","shape","parse","selectKeys","keys","nextIndex","nextToken","Promise","all","map","i","args","renewTrustChain","appFetch","arguments","undefined","fetch","e","safeParse","_ref","es","ec","success","getSignedEntityConfiguration","data","iss","getSignedEntityStatement","sub","reject"],"sourceRoot":"../../../../src","sources":["entity/trust/chain.ts"],"mappings":";;;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAIA,IAAAC,MAAA,GAAAD,OAAA;AAMA,IAAAE,OAAA,GAAAF,OAAA;AACA,IAAAG,CAAA,GAAAC,uBAAA,CAAAJ,OAAA;
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_types","_errors","z","_interopRequireWildcard","_","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","verify","token","kid","jwks","jwk","find","k","Error","protectedHeader","header","payload","verifyJwt","decode","decodeJwt","FirstElementShape","EntityConfiguration","MiddleElementShape","EntityStatement","LastElementShape","union","TrustAnchorEntityConfiguration","validateTrustChain","trustAnchorEntity","chain","length","IoWalletError","selectTokenShape","elementIndex","selectKid","currentIndex","shape","parse","selectKeys","keys","nextIndex","nextToken","Promise","all","map","i","args","renewTrustChain","appFetch","arguments","undefined","fetch","e","safeParse","_ref","es","ec","success","getSignedEntityConfiguration","data","iss","getSignedEntityStatement","sub","reject"],"sourceRoot":"../../../../src","sources":["entity/trust/chain.ts"],"mappings":";;;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAIA,IAAAC,MAAA,GAAAD,OAAA;AAMA,IAAAE,OAAA,GAAAF,OAAA;AACA,IAAAG,CAAA,GAAAC,uBAAA,CAAAJ,OAAA;AACA,IAAAK,CAAA,GAAAL,OAAA;AAA2E,SAAAM,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAO3E;AACA;AACA,MAAMW,MAAM,GAAG,MAAAA,CACbC,KAAa,EACbC,GAAW,EACXC,IAAW,KACc;EACzB,MAAMC,GAAG,GAAGD,IAAI,CAACE,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,GAAG,KAAKA,GAAG,CAAC;EAC3C,IAAI,CAACE,GAAG,EAAE;IACR,MAAM,IAAIG,KAAK,CAAE,gBAAeL,GAAI,YAAWD,KAAM,EAAC,CAAC;EACzD;EACA,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAM,IAAAC,wBAAS,EAACV,KAAK,EAAEG,GAAG,CAAC;EACxE,OAAO;IAAEK,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;AAED,MAAME,MAAM,GAAIX,KAAa,IAAK;EAChC,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,IAAAG,wBAAS,EAACZ,KAAK,CAAC;EAC7D,OAAO;IAAEQ,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;;AAED;AACA,MAAMI,iBAAiB,GAAGC,0BAAmB;AAC7C;AACA,MAAMC,kBAAkB,GAAGC,sBAAe;AAC1C;AACA;AACA,MAAMC,gBAAgB,GAAG3C,CAAC,CAAC4C,KAAK,CAAC,CAC/BF,sBAAe,EACfG,qCAA8B,CAC/B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeC,kBAAkBA,CACtCC,iBAAiD,EACjDC,KAAe,EACS;EACxB;EACA,IAAIA,KAAK,CAACC,MAAM,KAAK,CAAC,EAAE;IACtB,MAAM,IAAIC,qBAAa,CAAC,iCAAiC,CAAC;EAC5D;;EAEA;EACA,MAAMC,gBAAgB,GAAIC,YAAoB,IAC5CA,YAAY,KAAK,CAAC,GACdb,iBAAiB,GACjBa,YAAY,KAAKJ,KAAK,CAACC,MAAM,GAAG,CAAC,GACjCN,gBAAgB,GAChBF,kBAAkB;;EAExB;EACA,MAAMY,SAAS,GAAIC,YAAoB,IAAa;IAClD,MAAM5B,KAAK,GAAGsB,KAAK,CAACM,YAAY,CAAC;IACjC,IAAI,CAAC5B,KAAK,EAAE;MACV,MAAM,IAAIwB,qBAAa,CAAE,gCAA+B,CAAC;IAC3D;IACA,MAAMK,KAAK,GAAGJ,gBAAgB,CAACG,YAAY,CAAC;IAC5C,OAAOC,KAAK,CAACC,KAAK,CAACnB,MAAM,CAACX,KAAK,CAAC,CAAC,CAACQ,MAAM,CAACP,GAAG;EAC9C,CAAC;;EAED;EACA;EACA,MAAM8B,UAAU,GAAIH,YAAoB,IAAY;IAClD,IAAIA,YAAY,KAAKN,KAAK,CAACC,MAAM,GAAG,CAAC,EAAE;MACrC,OAAOF,iBAAiB,CAACZ,OAAO,CAACP,IAAI,CAAC8B,IAAI;IAC5C;IAEA,MAAMC,SAAS,GAAGL,YAAY,GAAG,CAAC;IAClC,MAAMM,SAAS,GAAGZ,KAAK,CAACW,SAAS,CAAC;IAClC,IAAI,CAACC,SAAS,EAAE;MACd,MAAM,IAAIV,qBAAa,CAAE,qCAAoC,CAAC;IAChE;IACA,MAAMK,KAAK,GAAGJ,gBAAgB,CAACQ,SAAS,CAAC;IACzC,OAAOJ,KAAK,CAACC,KAAK,CAACnB,MAAM,CAACuB,SAAS,CAAC,CAAC,CAACzB,OAAO,CAACP,IAAI,CAAC8B,IAAI;EACzD,CAAC;;EAED;EACA;EACA,OAAOG,OAAO,CAACC,GAAG,CAChBd,KAAK,CACFe,GAAG,CAAC,CAACrC,KAAK,EAAEsC,CAAC,KAAK,CAACtC,KAAK,EAAE2B,SAAS,CAACW,CAAC,CAAC,EAAEP,UAAU,CAACO,CAAC,CAAC,CAAU,CAAC,CAChED,GAAG,CAAEE,IAAI,IAAKxC,MAAM,CAAC,GAAGwC,IAAI,CAAC,CAClC,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASC,eAAeA,CAC7BlB,KAAe,EAEf;EAAA,IADAmB,QAA8B,GAAAC,SAAA,CAAAnB,MAAA,QAAAmB,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAGE,KAAK;EAEtC,OAAOT,OAAO,CAACC,GAAG,CAChBd;EACE;EAAA,CACCe,GAAG,CAAC1B,MAAM,CAAC,CACX0B,GAAG,CACDQ,CAAC,IACA,CACE7B,sBAAe,CAAC8B,SAAS,CAACD,CAAC,CAAC,EAC5B/B,0BAAmB,CAACgC,SAAS,CAACD,CAAC,CAAC,CAEtC;EACA;EAAA,CACCR,GAAG,CAAC,CAAAU,IAAA,EAAWT,CAAC;IAAA,IAAX,CAACU,EAAE,EAAEC,EAAE,CAAC,GAAAF,IAAA;IAAA,OACZE,EAAE,CAACC,OAAO,GACN,IAAAC,8BAA4B,EAACF,EAAE,CAACG,IAAI,CAAC3C,OAAO,CAAC4C,GAAG,EAAE;MAAEZ;IAAS,CAAC,CAAC,GAC/DO,EAAE,CAACE,OAAO,GACV,IAAAI,0BAAwB,EAACN,EAAE,CAACI,IAAI,CAAC3C,OAAO,CAAC4C,GAAG,EAAEL,EAAE,CAACI,IAAI,CAAC3C,OAAO,CAAC8C,GAAG,EAAE;MACjEd;IACF,CAAC,CAAC;IACF;IACAN,OAAO,CAACqB,MAAM,CACZ,IAAIhC,qBAAa,CACd,iDAAgDc,CAAE,uBACrD,CACF,CAAC;EAAA,CACP,CACJ,CAAC;AACH"}
|
|
@@ -3,11 +3,12 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.withEphemeralKey = exports.createCryptoContextFor = void 0;
|
|
6
|
+
exports.withEphemeralKey = exports.parsePublicKey = exports.getSigningJwk = exports.createCryptoContextFor = exports.convertCertToPem = void 0;
|
|
7
7
|
var _ioReactNativeCrypto = require("@pagopa/io-react-native-crypto");
|
|
8
8
|
var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
|
|
9
9
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
10
10
|
var _jwk = require("./jwk");
|
|
11
|
+
var _jsrsasign = require("jsrsasign");
|
|
11
12
|
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
|
|
12
13
|
/**
|
|
13
14
|
* Create a CryptoContext bound to a key pair.
|
|
@@ -61,5 +62,44 @@ const withEphemeralKey = async fn => {
|
|
|
61
62
|
const ephemeralContext = createCryptoContextFor(keytag);
|
|
62
63
|
return fn(ephemeralContext).finally(() => (0, _ioReactNativeCrypto.deleteKey)(keytag));
|
|
63
64
|
};
|
|
65
|
+
|
|
66
|
+
/**
|
|
67
|
+
* Converts a certificate string to PEM format.
|
|
68
|
+
*
|
|
69
|
+
* @param certificate - The certificate string.
|
|
70
|
+
* @returns The PEM-formatted certificate.
|
|
71
|
+
*/
|
|
64
72
|
exports.withEphemeralKey = withEphemeralKey;
|
|
73
|
+
const convertCertToPem = certificate => `-----BEGIN CERTIFICATE-----\n${certificate}\n-----END CERTIFICATE-----`;
|
|
74
|
+
|
|
75
|
+
/**
|
|
76
|
+
* Parses the public key from a PEM-formatted certificate.
|
|
77
|
+
*
|
|
78
|
+
* @param pemCert - The PEM-formatted certificate.
|
|
79
|
+
* @returns The public key object.
|
|
80
|
+
* @throws Will throw an error if the public key is unsupported.
|
|
81
|
+
*/
|
|
82
|
+
exports.convertCertToPem = convertCertToPem;
|
|
83
|
+
const parsePublicKey = pemCert => {
|
|
84
|
+
const x509 = new _jsrsasign.X509();
|
|
85
|
+
x509.readCertPEM(pemCert);
|
|
86
|
+
const publicKey = x509.getPublicKey();
|
|
87
|
+
if (publicKey instanceof _jsrsasign.RSAKey || publicKey instanceof _jsrsasign.KJUR.crypto.ECDSA) {
|
|
88
|
+
return publicKey;
|
|
89
|
+
}
|
|
90
|
+
return undefined;
|
|
91
|
+
};
|
|
92
|
+
|
|
93
|
+
/**
|
|
94
|
+
* Retrieves the signing JWK from the public key.
|
|
95
|
+
*
|
|
96
|
+
* @param publicKey - The public key object.
|
|
97
|
+
* @returns The signing JWK.
|
|
98
|
+
*/
|
|
99
|
+
exports.parsePublicKey = parsePublicKey;
|
|
100
|
+
const getSigningJwk = publicKey => ({
|
|
101
|
+
..._jwk.JWK.parse(_jsrsasign.KEYUTIL.getJWKFromKey(publicKey)),
|
|
102
|
+
use: "sig"
|
|
103
|
+
});
|
|
104
|
+
exports.getSigningJwk = getSigningJwk;
|
|
65
105
|
//# sourceMappingURL=crypto.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeCrypto","require","_reactNativeUuid","_interopRequireDefault","_ioReactNativeJwt","_jwk","obj","__esModule","default","createCryptoContextFor","keytag","getPublicKey","then","fixBase64EncodingOnKey","jwk","kid","thumbprint","getSignature","value","sign","exports","withEphemeralKey","fn","uuid","v4","generate","ephemeralContext","finally","deleteKey"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":";;;;;;AAAA,IAAAA,oBAAA,GAAAC,OAAA;AAMA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA;AACA,IAAAI,IAAA,GAAAJ,OAAA;
|
|
1
|
+
{"version":3,"names":["_ioReactNativeCrypto","require","_reactNativeUuid","_interopRequireDefault","_ioReactNativeJwt","_jwk","_jsrsasign","obj","__esModule","default","createCryptoContextFor","keytag","getPublicKey","then","fixBase64EncodingOnKey","jwk","kid","thumbprint","getSignature","value","sign","exports","withEphemeralKey","fn","uuid","v4","generate","ephemeralContext","finally","deleteKey","convertCertToPem","certificate","parsePublicKey","pemCert","x509","X509","readCertPEM","publicKey","RSAKey","KJUR","crypto","ECDSA","undefined","getSigningJwk","JWK","parse","KEYUTIL","getJWKFromKey","use"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":";;;;;;AAAA,IAAAA,oBAAA,GAAAC,OAAA;AAMA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA;AACA,IAAAI,IAAA,GAAAJ,OAAA;AACA,IAAAK,UAAA,GAAAL,OAAA;AAAwD,SAAAE,uBAAAI,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAGxD;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,sBAAsB,GAAIC,MAAc,IAAoB;EACvE,OAAO;IACL;AACJ;AACA;AACA;AACA;IACI,MAAMC,YAAYA,CAAA,EAAG;MACnB,OAAO,IAAAA,iCAAY,EAACD,MAAM,CAAC,CACxBE,IAAI,CAACC,2BAAsB,CAAC,CAC5BD,IAAI,CAAC,MAAOE,GAAG,KAAM;QACpB,GAAGA,GAAG;QACN;QACA;QACA;QACA;QACAC,GAAG,EAAE,MAAM,IAAAC,4BAAU,EAACF,GAAG;MAC3B,CAAC,CAAC,CAAC;IACP,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;IACI,MAAMG,YAAYA,CAACC,KAAa,EAAE;MAChC,OAAO,IAAAC,yBAAI,EAACD,KAAK,EAAER,MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAU,OAAA,CAAAX,sBAAA,GAAAA,sBAAA;AAQO,MAAMY,gBAAgB,GAAG,MAC9BC,EAAmD,IACpC;EACf;EACA,MAAMZ,MAAM,GAAI,aAAYa,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;EACvC,MAAM,IAAAC,6BAAQ,EAACf,MAAM,CAAC;EACtB,MAAMgB,gBAAgB,GAAGjB,sBAAsB,CAACC,MAAM,CAAC;EACvD,OAAOY,EAAE,CAACI,gBAAgB,CAAC,CAACC,OAAO,CAAC,MAAM,IAAAC,8BAAS,EAAClB,MAAM,CAAC,CAAC;AAC9D,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AALAU,OAAA,CAAAC,gBAAA,GAAAA,gBAAA;AAMO,MAAMQ,gBAAgB,GAAIC,WAAmB,IACjD,gCAA+BA,WAAY,6BAA4B;;AAE1E;AACA;AACA;AACA;AACA;AACA;AACA;AANAV,OAAA,CAAAS,gBAAA,GAAAA,gBAAA;AAOO,MAAME,cAAc,GACzBC,OAAe,IAC4B;EAC3C,MAAMC,IAAI,GAAG,IAAIC,eAAI,CAAC,CAAC;EACvBD,IAAI,CAACE,WAAW,CAACH,OAAO,CAAC;EACzB,MAAMI,SAAS,GAAGH,IAAI,CAACtB,YAAY,CAAC,CAAC;EAErC,IAAIyB,SAAS,YAAYC,iBAAM,IAAID,SAAS,YAAYE,eAAI,CAACC,MAAM,CAACC,KAAK,EAAE;IACzE,OAAOJ,SAAS;EAClB;EAEA,OAAOK,SAAS;AAClB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AALArB,OAAA,CAAAW,cAAA,GAAAA,cAAA;AAMO,MAAMW,aAAa,GAAIN,SAAqC,KAAW;EAC5E,GAAGO,QAAG,CAACC,KAAK,CAACC,kBAAO,CAACC,aAAa,CAACV,SAAS,CAAC,CAAC;EAC9CW,GAAG,EAAE;AACP,CAAC,CAAC;AAAC3B,OAAA,CAAAsB,aAAA,GAAAA,aAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_errors","getJwtFromFormPost","formData","formPostRegex","lineExpressionRegex","match","exec","responseJwt","jwt","replace","decodedJwt","decodeJwt","ValidationFailed","message","exports"],"sourceRoot":"../../../src","sources":["utils/decoder.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_errors","getJwtFromFormPost","formData","formPostRegex","lineExpressionRegex","match","exec","responseJwt","jwt","replace","decodedJwt","decodeJwt","ValidationFailed","message","exports"],"sourceRoot":"../../../src","sources":["utils/decoder.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAME,kBAAkB,GAAG,MAChCC,QAAgB,IAC0C;EAC1D,MAAMC,aAAa,GAAG,iDAAiD;EACvE,MAAMC,mBAAmB,GAAG,sBAAsB;EAElD,MAAMC,KAAK,GAAGF,aAAa,CAACG,IAAI,CAACJ,QAAQ,CAAC;EAC1C,IAAIG,KAAK,IAAIA,KAAK,CAAC,CAAC,CAAC,EAAE;IACrB,MAAME,WAAW,GAAGF,KAAK,CAAC,CAAC,CAAC;IAE5B,IAAIE,WAAW,EAAE;MACf,MAAMC,GAAG,GAAGD,WAAW,CAACE,OAAO,CAACL,mBAAmB,EAAE,EAAE,CAAC;MACxD,MAAMM,UAAU,GAAG,IAAAC,wBAAS,EAACH,GAAG,CAAC;MACjC,OAAO;QAAEA,GAAG;QAAEE;MAAW,CAAC;IAC5B;EACF;EAEA,MAAM,IAAIE,wBAAgB,CAAC;IACzBC,OAAO,EAAG,uDAAsDX,QAAS;EAC3E,CAAC,CAAC;AACJ,CAAC;AAACY,OAAA,CAAAb,kBAAA,GAAAA,kBAAA"}
|
|
@@ -62,6 +62,9 @@ export const startUserAuthorization = async (issuerConf, credentialType, ctx) =>
|
|
|
62
62
|
appFetch = fetch
|
|
63
63
|
} = ctx;
|
|
64
64
|
const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
|
|
65
|
+
if (!clientId) {
|
|
66
|
+
throw new Error("No public key found");
|
|
67
|
+
}
|
|
65
68
|
const codeVerifier = generateRandomAlphaNumericString(64);
|
|
66
69
|
const parEndpoint = issuerConf.pushed_authorization_request_endpoint;
|
|
67
70
|
const credentialDefinition = selectCredentialDefinition(issuerConf, credentialType);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["generateRandomAlphaNumericString","makeParRequest","selectCredentialDefinition","issuerConf","credentialType","credential_configurations_supported","credential","Error","result","credential_configuration_id","format","type","selectResponseMode","responseMode","startUserAuthorization","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","parEndpoint","pushed_authorization_request_endpoint","credentialDefinition","getPar","issuerRequestUri"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-user-authorization.ts"],"mappings":"AAEA,SAASA,gCAAgC,QAAkB,kBAAkB;AAE7E,SAA8BC,cAAc,QAAQ,iBAAiB;AAmBrE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,0BAA0B,GAAGA,CACjCC,UAA8C,EAC9CC,cAAgD,KACxB;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACE,mCAAmC;EAEhD,MAAMC,UAAU,GAAGD,mCAAmC,CAACD,cAAc,CAAC;EAEtE,IAAI,CAACE,UAAU,EAAE;IACf,MAAM,IAAIC,KAAK,CAAE,mCAAkCH,cAAe,GAAE,CAAC;EACvE;EAEA,MAAMI,MAAM,GAAG;IACbC,2BAA2B,EAAEL,cAAc;IAC3CM,MAAM,EAAEJ,UAAU,CAACI,MAAM;IACzBC,IAAI,EAAE;EACR,CAAC;EAED,OAAOH,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMI,kBAAkB,GACtBR,cAAgD,IAC/B;EACjB,MAAMS,YAAY,GAChBT,cAAc,KAAK,6BAA6B,GAC5C,OAAO,GACP,eAAe;EAErB,OAAOS,YAAY;AACrB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAA8C,GAAG,MAAAA,CAC5DX,UAAU,EACVC,cAAc,EACdW,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EACzE,
|
|
1
|
+
{"version":3,"names":["generateRandomAlphaNumericString","makeParRequest","selectCredentialDefinition","issuerConf","credentialType","credential_configurations_supported","credential","Error","result","credential_configuration_id","format","type","selectResponseMode","responseMode","startUserAuthorization","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","parEndpoint","pushed_authorization_request_endpoint","credentialDefinition","getPar","issuerRequestUri"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-user-authorization.ts"],"mappings":"AAEA,SAASA,gCAAgC,QAAkB,kBAAkB;AAE7E,SAA8BC,cAAc,QAAQ,iBAAiB;AAmBrE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,0BAA0B,GAAGA,CACjCC,UAA8C,EAC9CC,cAAgD,KACxB;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACE,mCAAmC;EAEhD,MAAMC,UAAU,GAAGD,mCAAmC,CAACD,cAAc,CAAC;EAEtE,IAAI,CAACE,UAAU,EAAE;IACf,MAAM,IAAIC,KAAK,CAAE,mCAAkCH,cAAe,GAAE,CAAC;EACvE;EAEA,MAAMI,MAAM,GAAG;IACbC,2BAA2B,EAAEL,cAAc;IAC3CM,MAAM,EAAEJ,UAAU,CAACI,MAAM;IACzBC,IAAI,EAAE;EACR,CAAC;EAED,OAAOH,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMI,kBAAkB,GACtBR,cAAgD,IAC/B;EACjB,MAAMS,YAAY,GAChBT,cAAc,KAAK,6BAA6B,GAC5C,OAAO,GACP,eAAe;EAErB,OAAOS,YAAY;AACrB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAA8C,GAAG,MAAAA,CAC5DX,UAAU,EACVC,cAAc,EACdW,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EACzE,IAAI,CAACJ,QAAQ,EAAE;IACb,MAAM,IAAId,KAAK,CAAC,qBAAqB,CAAC;EACxC;EACA,MAAMmB,YAAY,GAAG1B,gCAAgC,CAAC,EAAE,CAAC;EACzD,MAAM2B,WAAW,GAAGxB,UAAU,CAACyB,qCAAqC;EACpE,MAAMC,oBAAoB,GAAG3B,0BAA0B,CACrDC,UAAU,EACVC,cACF,CAAC;EACD,MAAMS,YAAY,GAAGD,kBAAkB,CAACR,cAAc,CAAC;EAEvD,MAAM0B,MAAM,GAAG7B,cAAc,CAAC;IAAEe,gBAAgB;IAAEG;EAAS,CAAC,CAAC;EAC7D,MAAMY,gBAAgB,GAAG,MAAMD,MAAM,CACnCT,QAAQ,EACRK,YAAY,EACZR,WAAW,EACXL,YAAY,EACZc,WAAW,EACXV,yBAAyB,EACzB,CAACY,oBAAoB,CACvB,CAAC;EAED,OAAO;IAAEE,gBAAgB;IAAEV,QAAQ;IAAEK,YAAY;IAAEG;EAAqB,CAAC;AAC3E,CAAC"}
|
|
@@ -1,11 +1,8 @@
|
|
|
1
1
|
import * as z from "zod";
|
|
2
|
-
import {
|
|
3
|
-
const
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
// TODO: refine to known paths using literals
|
|
7
|
-
clientId: z.string(),
|
|
8
|
-
requestURI: z.string()
|
|
2
|
+
import { ValidationFailed } from "../../utils/errors";
|
|
3
|
+
const PresentationParams = z.object({
|
|
4
|
+
clientId: z.string().nonempty(),
|
|
5
|
+
requestUri: z.string().url()
|
|
9
6
|
});
|
|
10
7
|
|
|
11
8
|
/**
|
|
@@ -17,37 +14,24 @@ const QRCodePayload = z.object({
|
|
|
17
14
|
*/
|
|
18
15
|
|
|
19
16
|
/**
|
|
20
|
-
* Start a presentation flow by decoding
|
|
17
|
+
* Start a presentation flow by decoding the parameters needed to start the presentation flow.
|
|
21
18
|
*
|
|
22
19
|
* @param qrcode The encoded QR-code content
|
|
23
20
|
* @returns The url for the Relying Party to connect with
|
|
24
21
|
* @throws If the provided qr code fails to be decoded
|
|
25
22
|
*/
|
|
26
|
-
export const startFlowFromQR =
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
var _originalQrCode$;
|
|
30
|
-
// splitting qrcode to identify which is link format
|
|
31
|
-
const originalQrCode = qrcode.split("://");
|
|
32
|
-
const replacedQrcode = (_originalQrCode$ = originalQrCode[1]) !== null && _originalQrCode$ !== void 0 && _originalQrCode$.startsWith("?") ? qrcode.replace(`${originalQrCode[0]}://`, "https://wallet.example/") : qrcode;
|
|
33
|
-
decodedUrl = new URL(replacedQrcode);
|
|
34
|
-
} catch (error) {
|
|
35
|
-
throw new InvalidQRCodeError(`Failed to decode QR code: ${qrcode}`);
|
|
36
|
-
}
|
|
37
|
-
const protocol = decodedUrl.protocol;
|
|
38
|
-
const resource = decodedUrl.hostname;
|
|
39
|
-
const requestURI = decodedUrl.searchParams.get("request_uri");
|
|
40
|
-
const clientId = decodedUrl.searchParams.get("client_id");
|
|
41
|
-
const result = QRCodePayload.safeParse({
|
|
42
|
-
protocol,
|
|
43
|
-
resource,
|
|
44
|
-
requestURI,
|
|
23
|
+
export const startFlowFromQR = (requestUri, clientId) => {
|
|
24
|
+
const result = PresentationParams.safeParse({
|
|
25
|
+
requestUri,
|
|
45
26
|
clientId
|
|
46
27
|
});
|
|
47
28
|
if (result.success) {
|
|
48
29
|
return result.data;
|
|
49
30
|
} else {
|
|
50
|
-
throw new
|
|
31
|
+
throw new ValidationFailed({
|
|
32
|
+
message: "Invalid parameters provided",
|
|
33
|
+
reason: result.error.message
|
|
34
|
+
});
|
|
51
35
|
}
|
|
52
36
|
};
|
|
53
37
|
//# sourceMappingURL=01-start-flow.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","
|
|
1
|
+
{"version":3,"names":["z","ValidationFailed","PresentationParams","object","clientId","string","nonempty","requestUri","url","startFlowFromQR","result","safeParse","success","data","message","reason","error"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,gBAAgB,QAAQ,oBAAoB;AAErD,MAAMC,kBAAkB,GAAGF,CAAC,CAACG,MAAM,CAAC;EAClCC,QAAQ,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC/BC,UAAU,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,GAAG,CAAC;AAC7B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAA4C,GAAGA,CAC1DF,UAAkB,EAClBH,QAAgB,KACb;EACH,MAAMM,MAAM,GAAGR,kBAAkB,CAACS,SAAS,CAAC;IAC1CJ,UAAU;IACVH;EACF,CAAC,CAAC;EAEF,IAAIM,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIZ,gBAAgB,CAAC;MACzBa,OAAO,EAAE,6BAA6B;MACtCC,MAAM,EAAEL,MAAM,CAACM,KAAK,CAACF;IACvB,CAAC,CAAC;EACJ;AACF,CAAC"}
|
|
@@ -2,6 +2,8 @@ import { JWKS, JWK } from "../../utils/jwk";
|
|
|
2
2
|
import { hasStatusOrThrow } from "../../utils/misc";
|
|
3
3
|
import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
|
|
4
4
|
import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
|
|
5
|
+
import { RequestObject } from "./types";
|
|
6
|
+
import { convertCertToPem, parsePublicKey, getSigningJwk } from "../../utils/crypto";
|
|
5
7
|
|
|
6
8
|
/**
|
|
7
9
|
* Defines the signature for a function that retrieves JSON Web Key Sets (JWKS) from a client.
|
|
@@ -12,15 +14,68 @@ import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
|
|
|
12
14
|
*/
|
|
13
15
|
|
|
14
16
|
/**
|
|
15
|
-
*
|
|
16
|
-
* It is formed using `{issUrl.base}/.well-known/jar-issuer${issUrl.pah}` as explained in SD-JWT VC issuer metadata section
|
|
17
|
+
* Fetches and parses JWKS from a given URI.
|
|
17
18
|
*
|
|
18
|
-
* @param
|
|
19
|
-
* @param
|
|
20
|
-
* @
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
19
|
+
* @param jwksUri - The JWKS URI.
|
|
20
|
+
* @param fetchFn - The fetch function to use.
|
|
21
|
+
* @returns An array of JWKs.
|
|
22
|
+
*/
|
|
23
|
+
const fetchJwksFromUri = async (jwksUri, appFetch) => {
|
|
24
|
+
const jwks = await appFetch(jwksUri, {
|
|
25
|
+
method: "GET"
|
|
26
|
+
}).then(hasStatusOrThrow(200)).then(raw => raw.json()).then(json => json.jwks ? JWKS.parse(json.jwks) : JWKS.parse(json));
|
|
27
|
+
return jwks.keys;
|
|
28
|
+
};
|
|
29
|
+
|
|
30
|
+
/**
|
|
31
|
+
* Retrieves JWKS when the client ID scheme includes x509 SAN DNS.
|
|
32
|
+
*
|
|
33
|
+
* @param decodedJwt - The decoded JWT.
|
|
34
|
+
* @param fetchFn - The fetch function to use.
|
|
35
|
+
* @returns An array of JWKs.
|
|
36
|
+
* @throws Will throw an error if no suitable keys are found.
|
|
37
|
+
*/
|
|
38
|
+
const getJwksFromX509Cert = async certChain => {
|
|
39
|
+
if (!Array.isArray(certChain) || certChain.length === 0 || !certChain[0]) {
|
|
40
|
+
throw new NoSuitableKeysFoundInEntityConfiguration("No RP encrypt key found!");
|
|
41
|
+
}
|
|
42
|
+
const pemCert = convertCertToPem(certChain[0]);
|
|
43
|
+
const publicKey = parsePublicKey(pemCert);
|
|
44
|
+
if (!publicKey) {
|
|
45
|
+
throw new NoSuitableKeysFoundInEntityConfiguration("Unsupported public key type.");
|
|
46
|
+
}
|
|
47
|
+
const signingJwk = getSigningJwk(publicKey);
|
|
48
|
+
return [signingJwk];
|
|
49
|
+
};
|
|
50
|
+
|
|
51
|
+
/**
|
|
52
|
+
* Constructs the well-known JWKS URL based on the issuer claim.
|
|
53
|
+
*
|
|
54
|
+
* @param issuer - The issuer URL.
|
|
55
|
+
* @returns The well-known JWKS URL.
|
|
56
|
+
*/
|
|
57
|
+
const constructWellKnownJwksUrl = issuer => {
|
|
58
|
+
const issuerUrl = new URL(issuer);
|
|
59
|
+
return new URL(`/.well-known/jar-issuer${issuerUrl.pathname}`, `${issuerUrl.protocol}//${issuerUrl.host}`).toString();
|
|
60
|
+
};
|
|
61
|
+
|
|
62
|
+
/**
|
|
63
|
+
* Fetches the JSON Web Key Set (JWKS) based on the provided Request Object encoded as a JWT.
|
|
64
|
+
* The retrieval process follows these steps in order:
|
|
65
|
+
*
|
|
66
|
+
* 1. **Direct JWK Retrieval**: If the JWT's protected header contains a `jwk` attribute, it uses this key directly.
|
|
67
|
+
* 2. **X.509 Certificate Retrieval**: If the protected header includes an `x5c` attribute, it extracts the JWKs from the provided X.509 certificate chain.
|
|
68
|
+
* 3. **Issuer's Well-Known Endpoint**: If neither `jwk` nor `x5c` are present, it constructs the JWKS URL using the issuer (`iss`) claim and fetches the keys from the issuer's well-known JWKS endpoint.
|
|
69
|
+
*
|
|
70
|
+
* The JWKS URL is constructed in the format `{issUrl.base}/.well-known/jar-issuer${issUrl.path}`,
|
|
71
|
+
* as detailed in the SD-JWT VC issuer metadata specification.
|
|
72
|
+
*
|
|
73
|
+
* @param requestObjectEncodedJwt - The Request Object encoded as a JWT.
|
|
74
|
+
* @param options - Optional parameters for fetching the JWKS.
|
|
75
|
+
* @param options.context - Optional context providing a custom fetch implementation.
|
|
76
|
+
* @param options.context.appFetch - A custom fetch function to replace the global `fetch` if provided.
|
|
77
|
+
* @returns A promise that resolves to an object containing an array of JSON Web Keys (JWKs).
|
|
78
|
+
* @throws {NoSuitableKeysFoundInEntityConfiguration} Throws an error if JWKS retrieval or key extraction fails.
|
|
24
79
|
*/
|
|
25
80
|
export const fetchJwksFromRequestObject = async function (requestObjectEncodedJwt) {
|
|
26
81
|
var _requestObjectJwt$pro, _requestObjectJwt$pay;
|
|
@@ -31,29 +86,46 @@ export const fetchJwksFromRequestObject = async function (requestObjectEncodedJw
|
|
|
31
86
|
appFetch = fetch
|
|
32
87
|
} = context;
|
|
33
88
|
const requestObjectJwt = decodeJwt(requestObjectEncodedJwt);
|
|
89
|
+
const jwks = [];
|
|
34
90
|
|
|
35
91
|
// 1. check if request object jwt contains the 'jwk' attribute
|
|
36
92
|
if ((_requestObjectJwt$pro = requestObjectJwt.protectedHeader) !== null && _requestObjectJwt$pro !== void 0 && _requestObjectJwt$pro.jwk) {
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
93
|
+
const keys = [JWK.parse(requestObjectJwt.protectedHeader.jwk)];
|
|
94
|
+
jwks.push(...keys);
|
|
95
|
+
}
|
|
96
|
+
|
|
97
|
+
// 2. check if request object jwt contains the 'x5c' attribute
|
|
98
|
+
if (requestObjectJwt.protectedHeader.x5c) {
|
|
99
|
+
const keys = await getJwksFromX509Cert(requestObjectJwt.protectedHeader.x5c);
|
|
100
|
+
jwks.push(...keys);
|
|
40
101
|
}
|
|
41
102
|
|
|
42
|
-
//
|
|
43
|
-
const
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
103
|
+
// 3. check if client_metadata contains the 'jwks' or 'jwks_uri' attribute
|
|
104
|
+
const requestObject = RequestObject.parse(requestObjectJwt.payload);
|
|
105
|
+
const {
|
|
106
|
+
client_metadata
|
|
107
|
+
} = requestObject;
|
|
108
|
+
if (client_metadata !== null && client_metadata !== void 0 && client_metadata.jwks_uri) {
|
|
109
|
+
const fetchedJwks = await fetchJwksFromUri(new URL(client_metadata.jwks_uri).toString(), appFetch);
|
|
110
|
+
jwks.push(...fetchedJwks);
|
|
111
|
+
}
|
|
112
|
+
if (client_metadata !== null && client_metadata !== void 0 && client_metadata.jwks) {
|
|
113
|
+
jwks.push(...client_metadata.jwks.keys);
|
|
114
|
+
}
|
|
47
115
|
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
};
|
|
116
|
+
// 3. According to Potential profile, retrieve from RP endpoint using iss claim
|
|
117
|
+
const issuer = (_requestObjectJwt$pay = requestObjectJwt.payload) === null || _requestObjectJwt$pay === void 0 ? void 0 : _requestObjectJwt$pay.iss;
|
|
118
|
+
if (jwks.length === 0 && typeof issuer === "string") {
|
|
119
|
+
const wellKnownJwksUrl = constructWellKnownJwksUrl(issuer);
|
|
120
|
+
const jwksKeys = await fetchJwksFromUri(wellKnownJwksUrl, appFetch);
|
|
121
|
+
jwks.push(...jwksKeys);
|
|
55
122
|
}
|
|
56
|
-
|
|
123
|
+
if (jwks.length === 0) {
|
|
124
|
+
throw new NoSuitableKeysFoundInEntityConfiguration("Request Object signature verification");
|
|
125
|
+
}
|
|
126
|
+
return {
|
|
127
|
+
keys: jwks
|
|
128
|
+
};
|
|
57
129
|
};
|
|
58
130
|
|
|
59
131
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["JWKS","JWK","hasStatusOrThrow","decode","decodeJwt","NoSuitableKeysFoundInEntityConfiguration","
|
|
1
|
+
{"version":3,"names":["JWKS","JWK","hasStatusOrThrow","decode","decodeJwt","NoSuitableKeysFoundInEntityConfiguration","RequestObject","convertCertToPem","parsePublicKey","getSigningJwk","fetchJwksFromUri","jwksUri","appFetch","jwks","method","then","raw","json","parse","keys","getJwksFromX509Cert","certChain","Array","isArray","length","pemCert","publicKey","signingJwk","constructWellKnownJwksUrl","issuer","issuerUrl","URL","pathname","protocol","host","toString","fetchJwksFromRequestObject","requestObjectEncodedJwt","_requestObjectJwt$pro","_requestObjectJwt$pay","context","arguments","undefined","fetch","requestObjectJwt","protectedHeader","jwk","push","x5c","requestObject","payload","client_metadata","jwks_uri","fetchedJwks","iss","wellKnownJwksUrl","jwksKeys","fetchJwksFromConfig","rpConfig","wallet_relying_party","Error"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-retrieve-rp-jwks.ts"],"mappings":"AAAA,SAASA,IAAI,EAAEC,GAAG,QAAQ,iBAAiB;AAC3C,SAASC,gBAAgB,QAAQ,kBAAkB;AAEnD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,wCAAwC,QAAQ,UAAU;AACnE,SAASC,aAAa,QAAQ,SAAS;AACvC,SACEC,gBAAgB,EAChBC,cAAc,EACdC,aAAa,QACR,oBAAoB;;AAE3B;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,gBAAgB,GAAG,MAAAA,CACvBC,OAAe,EACfC,QAA8B,KACX;EACnB,MAAMC,IAAI,GAAG,MAAMD,QAAQ,CAACD,OAAO,EAAE;IACnCG,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAACb,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3Ba,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEE,IAAI,IAAMA,IAAI,CAACJ,IAAI,GAAGb,IAAI,CAACkB,KAAK,CAACD,IAAI,CAACJ,IAAI,CAAC,GAAGb,IAAI,CAACkB,KAAK,CAACD,IAAI,CAAE,CAAC;EACzE,OAAOJ,IAAI,CAACM,IAAI;AAClB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,mBAAmB,GAAG,MAAOC,SAAmB,IAAqB;EACzE,IAAI,CAACC,KAAK,CAACC,OAAO,CAACF,SAAS,CAAC,IAAIA,SAAS,CAACG,MAAM,KAAK,CAAC,IAAI,CAACH,SAAS,CAAC,CAAC,CAAC,EAAE;IACxE,MAAM,IAAIhB,wCAAwC,CAChD,0BACF,CAAC;EACH;EAEA,MAAMoB,OAAO,GAAGlB,gBAAgB,CAACc,SAAS,CAAC,CAAC,CAAC,CAAC;EAC9C,MAAMK,SAAS,GAAGlB,cAAc,CAACiB,OAAO,CAAC;EACzC,IAAI,CAACC,SAAS,EAAE;IACd,MAAM,IAAIrB,wCAAwC,CAChD,8BACF,CAAC;EACH;EACA,MAAMsB,UAAU,GAAGlB,aAAa,CAACiB,SAAS,CAAC;EAE3C,OAAO,CAACC,UAAU,CAAC;AACrB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,yBAAyB,GAAIC,MAAc,IAAa;EAC5D,MAAMC,SAAS,GAAG,IAAIC,GAAG,CAACF,MAAM,CAAC;EACjC,OAAO,IAAIE,GAAG,CACX,0BAAyBD,SAAS,CAACE,QAAS,EAAC,EAC7C,GAAEF,SAAS,CAACG,QAAS,KAAIH,SAAS,CAACI,IAAK,EAC3C,CAAC,CAACC,QAAQ,CAAC,CAAC;AACd,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,0BAEZ,GAAG,eAAAA,CAAOC,uBAAuB,EAA4B;EAAA,IAAAC,qBAAA,EAAAC,qBAAA;EAAA,IAA1B;IAAEC,OAAO,GAAG,CAAC;EAAE,CAAC,GAAAC,SAAA,CAAAjB,MAAA,QAAAiB,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAG,CAAC,CAAC;EACvD,MAAM;IAAE7B,QAAQ,GAAG+B;EAAM,CAAC,GAAGH,OAAO;EACpC,MAAMI,gBAAgB,GAAGxC,SAAS,CAACiC,uBAAuB,CAAC;EAC3D,MAAMxB,IAAW,GAAG,EAAE;;EAEtB;EACA,KAAAyB,qBAAA,GAAIM,gBAAgB,CAACC,eAAe,cAAAP,qBAAA,eAAhCA,qBAAA,CAAkCQ,GAAG,EAAE;IACzC,MAAM3B,IAAI,GAAG,CAAClB,GAAG,CAACiB,KAAK,CAAC0B,gBAAgB,CAACC,eAAe,CAACC,GAAG,CAAC,CAAC;IAC9DjC,IAAI,CAACkC,IAAI,CAAC,GAAG5B,IAAI,CAAC;EACpB;;EAEA;EACA,IAAIyB,gBAAgB,CAACC,eAAe,CAACG,GAAG,EAAE;IACxC,MAAM7B,IAAI,GAAG,MAAMC,mBAAmB,CACpCwB,gBAAgB,CAACC,eAAe,CAACG,GACnC,CAAC;IACDnC,IAAI,CAACkC,IAAI,CAAC,GAAG5B,IAAI,CAAC;EACpB;;EAEA;EACA,MAAM8B,aAAa,GAAG3C,aAAa,CAACY,KAAK,CAAC0B,gBAAgB,CAACM,OAAO,CAAC;EACnE,MAAM;IAAEC;EAAgB,CAAC,GAAGF,aAAa;EAEzC,IAAIE,eAAe,aAAfA,eAAe,eAAfA,eAAe,CAAEC,QAAQ,EAAE;IAC7B,MAAMC,WAAW,GAAG,MAAM3C,gBAAgB,CACxC,IAAIqB,GAAG,CAACoB,eAAe,CAACC,QAAQ,CAAC,CAACjB,QAAQ,CAAC,CAAC,EAC5CvB,QACF,CAAC;IACDC,IAAI,CAACkC,IAAI,CAAC,GAAGM,WAAW,CAAC;EAC3B;EAEA,IAAIF,eAAe,aAAfA,eAAe,eAAfA,eAAe,CAAEtC,IAAI,EAAE;IACzBA,IAAI,CAACkC,IAAI,CAAC,GAAGI,eAAe,CAACtC,IAAI,CAACM,IAAI,CAAC;EACzC;;EAEA;EACA,MAAMU,MAAM,IAAAU,qBAAA,GAAGK,gBAAgB,CAACM,OAAO,cAAAX,qBAAA,uBAAxBA,qBAAA,CAA0Be,GAAG;EAC5C,IAAIzC,IAAI,CAACW,MAAM,KAAK,CAAC,IAAI,OAAOK,MAAM,KAAK,QAAQ,EAAE;IACnD,MAAM0B,gBAAgB,GAAG3B,yBAAyB,CAACC,MAAM,CAAC;IAC1D,MAAM2B,QAAQ,GAAG,MAAM9C,gBAAgB,CAAC6C,gBAAgB,EAAE3C,QAAQ,CAAC;IACnEC,IAAI,CAACkC,IAAI,CAAC,GAAGS,QAAQ,CAAC;EACxB;EAEA,IAAI3C,IAAI,CAACW,MAAM,KAAK,CAAC,EAAE;IACrB,MAAM,IAAInB,wCAAwC,CAChD,uCACF,CAAC;EACH;EAEA,OAAO;IAAEc,IAAI,EAAEN;EAAK,CAAC;AACvB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM4C,mBAEZ,GAAG,MAAOC,QAAQ,IAAK;EACtB,MAAM7C,IAAI,GAAG6C,QAAQ,CAACC,oBAAoB,CAAC9C,IAAI;EAE/C,IAAI,CAACA,IAAI,IAAI,CAACS,KAAK,CAACC,OAAO,CAACV,IAAI,CAACM,IAAI,CAAC,EAAE;IACtC,MAAM,IAAIyC,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,OAAO;IACLzC,IAAI,EAAEN,IAAI,CAACM;EACb,CAAC;AACH,CAAC"}
|
|
@@ -5,12 +5,17 @@ export const verifyRequestObjectSignature = async (requestObjectEncodedJwt, jwkK
|
|
|
5
5
|
const requestObjectJwt = decodeJwt(requestObjectEncodedJwt);
|
|
6
6
|
|
|
7
7
|
// verify token signature to ensure the request object is authentic
|
|
8
|
-
const pubKey = jwkKeys === null || jwkKeys === void 0 ? void 0 : jwkKeys.find(_ref => {
|
|
8
|
+
const pubKey = (jwkKeys === null || jwkKeys === void 0 ? void 0 : jwkKeys.find(_ref => {
|
|
9
9
|
let {
|
|
10
10
|
kid
|
|
11
11
|
} = _ref;
|
|
12
12
|
return kid === requestObjectJwt.protectedHeader.kid;
|
|
13
|
-
})
|
|
13
|
+
})) || (jwkKeys === null || jwkKeys === void 0 ? void 0 : jwkKeys.find(_ref2 => {
|
|
14
|
+
let {
|
|
15
|
+
use
|
|
16
|
+
} = _ref2;
|
|
17
|
+
return use === "sig";
|
|
18
|
+
}));
|
|
14
19
|
if (!pubKey) {
|
|
15
20
|
throw new UnverifiedEntityError("Request Object signature verification!");
|
|
16
21
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["UnverifiedEntityError","decode","decodeJwt","verify","RequestObject","verifyRequestObjectSignature","requestObjectEncodedJwt","jwkKeys","requestObjectJwt","pubKey","find","_ref","kid","protectedHeader","requestObject","parse","payload","exp","Date","now"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-verify-request-object.ts"],"mappings":"AAAA,SAASA,qBAAqB,QAAQ,UAAU;AAEhD,SAASC,MAAM,IAAIC,SAAS,EAAEC,MAAM,QAAQ,6BAA6B;AACzE,SAASC,aAAa,QAAQ,SAAS;AASvC,OAAO,MAAMC,4BAA0D,GACrE,MAAAA,CAAOC,uBAAuB,EAAEC,OAAO,KAAK;EAC1C,MAAMC,gBAAgB,GAAGN,SAAS,CAACI,uBAAuB,CAAC;;EAE3D;EACA,MAAMG,MAAM,
|
|
1
|
+
{"version":3,"names":["UnverifiedEntityError","decode","decodeJwt","verify","RequestObject","verifyRequestObjectSignature","requestObjectEncodedJwt","jwkKeys","requestObjectJwt","pubKey","find","_ref","kid","protectedHeader","_ref2","use","requestObject","parse","payload","exp","Date","now"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-verify-request-object.ts"],"mappings":"AAAA,SAASA,qBAAqB,QAAQ,UAAU;AAEhD,SAASC,MAAM,IAAIC,SAAS,EAAEC,MAAM,QAAQ,6BAA6B;AACzE,SAASC,aAAa,QAAQ,SAAS;AASvC,OAAO,MAAMC,4BAA0D,GACrE,MAAAA,CAAOC,uBAAuB,EAAEC,OAAO,KAAK;EAC1C,MAAMC,gBAAgB,GAAGN,SAAS,CAACI,uBAAuB,CAAC;;EAE3D;EACA,MAAMG,MAAM,GACV,CAAAF,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEG,IAAI,CACXC,IAAA;IAAA,IAAC;MAAEC;IAAI,CAAC,GAAAD,IAAA;IAAA,OAAKC,GAAG,KAAKJ,gBAAgB,CAACK,eAAe,CAACD,GAAG;EAAA,CAC3D,CAAC,MAAIL,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEG,IAAI,CAACI,KAAA;IAAA,IAAC;MAAEC;IAAI,CAAC,GAAAD,KAAA;IAAA,OAAKC,GAAG,KAAK,KAAK;EAAA,EAAC;EAEhD,IAAI,CAACN,MAAM,EAAE;IACX,MAAM,IAAIT,qBAAqB,CAAC,wCAAwC,CAAC;EAC3E;EACA,MAAMG,MAAM,CAACG,uBAAuB,EAAEG,MAAM,CAAC;EAE7C,MAAMO,aAAa,GAAGZ,aAAa,CAACa,KAAK,CAACT,gBAAgB,CAACU,OAAO,CAAC;EACnE;EACA;EACA,IAAIF,aAAa,CAACG,GAAG,IAAIH,aAAa,CAACG,GAAG,IAAIC,IAAI,CAACC,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE;IAC/D,MAAM,IAAIrB,qBAAqB,CAAC,4BAA4B,CAAC;EAC/D;EAEA,OAAO;IAAEgB;EAAc,CAAC;AAC1B,CAAC"}
|
|
@@ -82,8 +82,8 @@ const extractClaimName = path => {
|
|
|
82
82
|
* - Validates whether required fields are present (unless marked optional)
|
|
83
83
|
* and match any specified JSONPath.
|
|
84
84
|
* - If a field includes a JSON Schema filter, validates the claim value against that schema.
|
|
85
|
-
* - Enforces `limit_disclosure` rules by returning only disclosures matching the specified fields
|
|
86
|
-
* if set to "required". Otherwise return the array
|
|
85
|
+
* - Enforces `limit_disclosure` rules by returning only disclosures, required and optional, matching the specified fields
|
|
86
|
+
* if set to "required". Otherwise also return the array unrequestedDisclosures with disclosures which can be passed for a particular use case.
|
|
87
87
|
* - Throws an error if a required field is invalid or missing.
|
|
88
88
|
*
|
|
89
89
|
* @param inputDescriptor - Describes constraints (fields, filters, etc.) that must be satisfied.
|
|
@@ -98,7 +98,8 @@ export const evaluateInputDescriptorForSdJwt4VC = (inputDescriptor, payloadCrede
|
|
|
98
98
|
// No validation, all field are optional
|
|
99
99
|
return {
|
|
100
100
|
requiredDisclosures: [],
|
|
101
|
-
optionalDisclosures:
|
|
101
|
+
optionalDisclosures: [],
|
|
102
|
+
unrequestedDisclosures: disclosures
|
|
102
103
|
};
|
|
103
104
|
}
|
|
104
105
|
const requiredClaimNames = [];
|
|
@@ -150,12 +151,15 @@ export const evaluateInputDescriptorForSdJwt4VC = (inputDescriptor, payloadCrede
|
|
|
150
151
|
}
|
|
151
152
|
|
|
152
153
|
// Categorizes disclosures into required and optional based on claim names and disclosure constraints.
|
|
153
|
-
|
|
154
|
+
|
|
154
155
|
const requiredDisclosures = disclosures.filter(disclosure => requiredClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]));
|
|
155
156
|
const optionalDisclosures = disclosures.filter(disclosure => optionalClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]) || isNotLimitDisclosure && !requiredClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]));
|
|
157
|
+
const isNotLimitDisclosure = !(inputDescriptor.constraints.limit_disclosure === "required");
|
|
158
|
+
const unrequestedDisclosures = isNotLimitDisclosure ? disclosures.filter(disclosure => !optionalClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]) && !requiredClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME])) : [];
|
|
156
159
|
return {
|
|
157
160
|
requiredDisclosures,
|
|
158
|
-
optionalDisclosures
|
|
161
|
+
optionalDisclosures,
|
|
162
|
+
unrequestedDisclosures
|
|
159
163
|
};
|
|
160
164
|
};
|
|
161
165
|
//# sourceMappingURL=07-evaluate-input-descriptor.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["JSONPath","MissingDataError","Ajv","ajv","allErrors","INDEX_CLAIM_NAME","mapDisclosuresToObject","disclosures","reduce","obj","_ref","decoded","claimName","claimValue","findMatchedClaim","paths","payload","matchedPath","matchedValue","some","singlePath","result","path","json","length","error","extractClaimName","regex","match","Error","evaluateInputDescriptorForSdJwt4VC","inputDescriptor","payloadCredential","_inputDescriptor$cons","constraints","fields","requiredDisclosures","optionalDisclosures","requiredClaimNames","optionalClaimNames","disclosuresAsPayload","allFieldsValid","every","field","optional","push","filter","validateSchema","compile","
|
|
1
|
+
{"version":3,"names":["JSONPath","MissingDataError","Ajv","ajv","allErrors","INDEX_CLAIM_NAME","mapDisclosuresToObject","disclosures","reduce","obj","_ref","decoded","claimName","claimValue","findMatchedClaim","paths","payload","matchedPath","matchedValue","some","singlePath","result","path","json","length","error","extractClaimName","regex","match","Error","evaluateInputDescriptorForSdJwt4VC","inputDescriptor","payloadCredential","_inputDescriptor$cons","constraints","fields","requiredDisclosures","optionalDisclosures","unrequestedDisclosures","requiredClaimNames","optionalClaimNames","disclosuresAsPayload","allFieldsValid","every","field","optional","push","filter","validateSchema","compile","disclosure","includes","isNotLimitDisclosure","limit_disclosure"],"sourceRoot":"../../../../src","sources":["credential/presentation/07-evaluate-input-descriptor.ts"],"mappings":"AAEA,SAASA,QAAQ,QAAQ,eAAe;AACxC,SAASC,gBAAgB,QAAQ,UAAU;AAC3C,OAAOC,GAAG,MAAM,KAAK;AACrB,MAAMC,GAAG,GAAG,IAAID,GAAG,CAAC;EAAEE,SAAS,EAAE;AAAK,CAAC,CAAC;AACxC,MAAMC,gBAAgB,GAAG,CAAC;AAc1B;AACA;AACA;AACA;AACA;AACA,MAAMC,sBAAsB,GAC1BC,WAAoC,IACR;EAC5B,OAAOA,WAAW,CAACC,MAAM,CAAC,CAACC,GAAG,EAAAC,IAAA,KAAkB;IAAA,IAAhB;MAAEC;IAAQ,CAAC,GAAAD,IAAA;IACzC,MAAM,GAAGE,SAAS,EAAEC,UAAU,CAAC,GAAGF,OAAO;IACzCF,GAAG,CAACG,SAAS,CAAC,GAAGC,UAAU;IAC3B,OAAOJ,GAAG;EACZ,CAAC,EAAE,CAAC,CAA4B,CAAC;AACnC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMK,gBAAgB,GAAGA,CACvBC,KAAe,EACfC,OAAY,KACW;EACvB,IAAIC,WAAW;EACf,IAAIC,YAAY;EAChBH,KAAK,CAACI,IAAI,CAAEC,UAAU,IAAK;IACzB,IAAI;MACF,MAAMC,MAAM,GAAGrB,QAAQ,CAAC;QAAEsB,IAAI,EAAEF,UAAU;QAAEG,IAAI,EAAEP;MAAQ,CAAC,CAAC;MAC5D,IAAIK,MAAM,CAACG,MAAM,GAAG,CAAC,EAAE;QACrBP,WAAW,GAAGG,UAAU;QACxBF,YAAY,GAAGG,MAAM,CAAC,CAAC,CAAC;QACxB,OAAO,IAAI;MACb;IACF,CAAC,CAAC,OAAOI,KAAK,EAAE;MACd,MAAM,IAAIxB,gBAAgB,CACvB,iBAAgBmB,UAAW,wCAC9B,CAAC;IACH;IACA,OAAO,KAAK;EACd,CAAC,CAAC;EAEF,OAAO,CAACH,WAAW,EAAEC,YAAY,CAAC;AACpC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMQ,gBAAgB,GAAIJ,IAAY,IAAyB;EAC7D;EACA;EACA;EACA,MAAMK,KAAK,GAAG,yCAAyC;EAEvD,MAAMC,KAAK,GAAGN,IAAI,CAACM,KAAK,CAACD,KAAK,CAAC;EAC/B,IAAIC,KAAK,EAAE;IACT;IACA;IACA,OAAOA,KAAK,CAAC,CAAC,CAAC,IAAIA,KAAK,CAAC,CAAC,CAAC;EAC7B;;EAEA;;EAEA,MAAM,IAAIC,KAAK,CACZ,0BAAyBP,IAAK,wFACjC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,kCAAmE,GAC9EA,CAACC,eAAe,EAAEC,iBAAiB,EAAEzB,WAAW,KAAK;EAAA,IAAA0B,qBAAA;EACnD,IAAI,EAACF,eAAe,aAAfA,eAAe,gBAAAE,qBAAA,GAAfF,eAAe,CAAEG,WAAW,cAAAD,qBAAA,eAA5BA,qBAAA,CAA8BE,MAAM,GAAE;IACzC;IACA,OAAO;MACLC,mBAAmB,EAAE,EAAE;MACvBC,mBAAmB,EAAE,EAAE;MACvBC,sBAAsB,EAAE/B;IAC1B,CAAC;EACH;EACA,MAAMgC,kBAA4B,GAAG,EAAE;EACvC,MAAMC,kBAA4B,GAAG,EAAE;;EAEvC;EACA,MAAMC,oBAAoB,GAAGnC,sBAAsB,CAACC,WAAW,CAAC;;EAEhE;EACA;EACA,MAAMmC,cAAc,GAAGX,eAAe,CAACG,WAAW,CAACC,MAAM,CAACQ,KAAK,CAAEC,KAAK,IAAK;IACzE;IACA;IACA;IACA,IAAI,CAAC3B,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAChD8B,KAAK,CAACtB,IAAI,EACVmB,oBACF,CAAC;IAED,IAAI,CAACxB,WAAW,EAAE;MAChB,CAACA,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAC5C8B,KAAK,CAACtB,IAAI,EACVU,iBACF,CAAC;MAED,IAAI,CAACf,WAAW,EAAE;QAChB;QACA,OAAO2B,KAAK,aAALA,KAAK,uBAALA,KAAK,CAAEC,QAAQ;MACxB;IACF,CAAC,MAAM;MACL;MACA,MAAMjC,SAAS,GAAGc,gBAAgB,CAACT,WAAW,CAAC;MAC/C,IAAIL,SAAS,EAAE;QACb,CAACgC,KAAK,aAALA,KAAK,eAALA,KAAK,CAAEC,QAAQ,GAAGL,kBAAkB,GAAGD,kBAAkB,EAAEO,IAAI,CAC9DlC,SACF,CAAC;MACH;IACF;;IAEA;IACA;IACA,IAAIgC,KAAK,CAACG,MAAM,EAAE;MAChB,IAAI;QACF,MAAMC,cAAc,GAAG7C,GAAG,CAAC8C,OAAO,CAACL,KAAK,CAACG,MAAM,CAAC;QAChD,IAAI,CAACC,cAAc,CAAC9B,YAAY,CAAC,EAAE;UACjC,MAAM,IAAIjB,gBAAgB,CACvB,gBAAeiB,YAAa,eAAcD,WAAY,4CACzD,CAAC;QACH;MACF,CAAC,CAAC,OAAOQ,KAAK,EAAE;QACd,OAAO,KAAK;MACd;IACF;IACA;IACA;;IAEA,OAAO,IAAI;EACb,CAAC,CAAC;EAEF,IAAI,CAACiB,cAAc,EAAE;IACnB,MAAM,IAAIzC,gBAAgB,CACxB,iGACF,CAAC;EACH;;EAEA;;EAEA,MAAMmC,mBAAmB,GAAG7B,WAAW,CAACwC,MAAM,CAAEG,UAAU,IACxDX,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACvC,OAAO,CAACN,gBAAgB,CAAC,CAClE,CAAC;EAED,MAAMgC,mBAAmB,GAAG9B,WAAW,CAACwC,MAAM,CAC3CG,UAAU,IACTV,kBAAkB,CAACW,QAAQ,CAACD,UAAU,CAACvC,OAAO,CAACN,gBAAgB,CAAC,CAAC,IAChE+C,oBAAoB,IACnB,CAACb,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACvC,OAAO,CAACN,gBAAgB,CAAC,CACvE,CAAC;EAED,MAAM+C,oBAAoB,GAAG,EAC3BrB,eAAe,CAACG,WAAW,CAACmB,gBAAgB,KAAK,UAAU,CAC5D;EAED,MAAMf,sBAAsB,GAAGc,oBAAoB,GAC/C7C,WAAW,CAACwC,MAAM,CACfG,UAAU,IACT,CAACV,kBAAkB,CAACW,QAAQ,CAC1BD,UAAU,CAACvC,OAAO,CAACN,gBAAgB,CACrC,CAAC,IACD,CAACkC,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACvC,OAAO,CAACN,gBAAgB,CAAC,CACrE,CAAC,GACD,EAAE;EAEN,OAAO;IACL+B,mBAAmB;IACnBC,mBAAmB;IACnBC;EACF,CAAC;AACH,CAAC"}
|
|
@@ -15,21 +15,21 @@ export const AuthorizationResponse = z.object({
|
|
|
15
15
|
});
|
|
16
16
|
|
|
17
17
|
/**
|
|
18
|
-
* Selects
|
|
18
|
+
* Selects a public key (with `use = enc`) from the set of JWK keys
|
|
19
19
|
* offered by the Relying Party (RP) for encryption.
|
|
20
20
|
*
|
|
21
21
|
* @param rpJwkKeys - The array of JWKs retrieved from the RP entity configuration.
|
|
22
|
-
* @returns The first suitable
|
|
23
|
-
* @throws {NoSuitableKeysFoundInEntityConfiguration} If no suitable
|
|
22
|
+
* @returns The first suitable public key found in the list.
|
|
23
|
+
* @throws {NoSuitableKeysFoundInEntityConfiguration} If no suitable encryption key is found.
|
|
24
24
|
*/
|
|
25
|
-
export const
|
|
26
|
-
const [
|
|
27
|
-
if (
|
|
28
|
-
return
|
|
25
|
+
export const choosePublicKeyToEncrypt = rpJwkKeys => {
|
|
26
|
+
const [encKey] = rpJwkKeys.filter(jwk => jwk.use === "enc");
|
|
27
|
+
if (encKey) {
|
|
28
|
+
return encKey;
|
|
29
29
|
}
|
|
30
30
|
|
|
31
31
|
// No suitable key found
|
|
32
|
-
throw new NoSuitableKeysFoundInEntityConfiguration("No suitable
|
|
32
|
+
throw new NoSuitableKeysFoundInEntityConfiguration("No suitable public key found for encryption.");
|
|
33
33
|
};
|
|
34
34
|
|
|
35
35
|
/**
|
|
@@ -131,18 +131,22 @@ export const buildDirectPostJwtBody = async (jwkKeys, requestObject, vpToken, pr
|
|
|
131
131
|
});
|
|
132
132
|
|
|
133
133
|
// Choose a suitable RSA public key for encryption
|
|
134
|
-
const
|
|
134
|
+
const encPublicJwk = choosePublicKeyToEncrypt(jwkKeys);
|
|
135
135
|
|
|
136
136
|
// Encrypt the authorization payload
|
|
137
|
+
const {
|
|
138
|
+
client_metadata
|
|
139
|
+
} = requestObject;
|
|
137
140
|
const encryptedResponse = await new EncryptJwe(authzResponsePayload, {
|
|
138
|
-
alg: "RSA-OAEP-256",
|
|
139
|
-
enc: "A256CBC-HS512",
|
|
140
|
-
kid:
|
|
141
|
-
}).encrypt(
|
|
141
|
+
alg: (client_metadata === null || client_metadata === void 0 ? void 0 : client_metadata.authorization_encrypted_response_alg) || "RSA-OAEP-256",
|
|
142
|
+
enc: (client_metadata === null || client_metadata === void 0 ? void 0 : client_metadata.authorization_encrypted_response_enc) || "A256CBC-HS512",
|
|
143
|
+
kid: encPublicJwk.kid
|
|
144
|
+
}).encrypt(encPublicJwk);
|
|
142
145
|
|
|
143
146
|
// Build the x-www-form-urlencoded form body
|
|
144
147
|
const formBody = new URLSearchParams({
|
|
145
|
-
response: encryptedResponse
|
|
148
|
+
response: encryptedResponse,
|
|
149
|
+
state: requestObject.state
|
|
146
150
|
});
|
|
147
151
|
return formBody.toString();
|
|
148
152
|
};
|