@pagopa/io-react-native-wallet 1.2.3 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- package/lib/commonjs/credential/issuance/03-start-user-authorization.js +3 -0
- package/lib/commonjs/credential/issuance/03-start-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/presentation/01-start-flow.js +12 -28
- package/lib/commonjs/credential/presentation/01-start-flow.js.map +1 -1
- package/lib/commonjs/credential/presentation/04-retrieve-rp-jwks.js +96 -24
- package/lib/commonjs/credential/presentation/04-retrieve-rp-jwks.js.map +1 -1
- package/lib/commonjs/credential/presentation/05-verify-request-object.js +7 -2
- package/lib/commonjs/credential/presentation/05-verify-request-object.js.map +1 -1
- package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js +9 -5
- package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js.map +1 -1
- package/lib/commonjs/credential/presentation/08-send-authorization-response.js +20 -16
- package/lib/commonjs/credential/presentation/08-send-authorization-response.js.map +1 -1
- package/lib/commonjs/credential/presentation/README.md +4 -4
- package/lib/commonjs/credential/presentation/errors.js +2 -19
- package/lib/commonjs/credential/presentation/errors.js.map +1 -1
- package/lib/commonjs/credential/presentation/types.js +9 -1
- package/lib/commonjs/credential/presentation/types.js.map +1 -1
- package/lib/commonjs/entity/trust/chain.js.map +1 -1
- package/lib/commonjs/utils/crypto.js +41 -1
- package/lib/commonjs/utils/crypto.js.map +1 -1
- package/lib/commonjs/utils/decoder.js.map +1 -1
- package/lib/module/credential/issuance/03-start-user-authorization.js +3 -0
- package/lib/module/credential/issuance/03-start-user-authorization.js.map +1 -1
- package/lib/module/credential/presentation/01-start-flow.js +12 -28
- package/lib/module/credential/presentation/01-start-flow.js.map +1 -1
- package/lib/module/credential/presentation/04-retrieve-rp-jwks.js +96 -24
- package/lib/module/credential/presentation/04-retrieve-rp-jwks.js.map +1 -1
- package/lib/module/credential/presentation/05-verify-request-object.js +7 -2
- package/lib/module/credential/presentation/05-verify-request-object.js.map +1 -1
- package/lib/module/credential/presentation/07-evaluate-input-descriptor.js +9 -5
- package/lib/module/credential/presentation/07-evaluate-input-descriptor.js.map +1 -1
- package/lib/module/credential/presentation/08-send-authorization-response.js +18 -14
- package/lib/module/credential/presentation/08-send-authorization-response.js.map +1 -1
- package/lib/module/credential/presentation/README.md +4 -4
- package/lib/module/credential/presentation/errors.js +0 -16
- package/lib/module/credential/presentation/errors.js.map +1 -1
- package/lib/module/credential/presentation/types.js +9 -1
- package/lib/module/credential/presentation/types.js.map +1 -1
- package/lib/module/entity/trust/chain.js.map +1 -1
- package/lib/module/utils/crypto.js +38 -0
- package/lib/module/utils/crypto.js.map +1 -1
- package/lib/module/utils/decoder.js +0 -1
- package/lib/module/utils/decoder.js.map +1 -1
- package/lib/module/utils/jwk.js.map +1 -1
- package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/01-start-flow.d.ts +3 -3
- package/lib/typescript/credential/presentation/01-start-flow.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/03-get-request-object.d.ts +1 -1
- package/lib/typescript/credential/presentation/04-retrieve-rp-jwks.d.ts +15 -8
- package/lib/typescript/credential/presentation/04-retrieve-rp-jwks.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/05-verify-request-object.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts +3 -2
- package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts +5 -5
- package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/errors.d.ts +0 -11
- package/lib/typescript/credential/presentation/errors.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/types.d.ts +252 -3
- package/lib/typescript/credential/presentation/types.d.ts.map +1 -1
- package/lib/typescript/entity/trust/chain.d.ts +1 -1
- package/lib/typescript/entity/trust/chain.d.ts.map +1 -1
- package/lib/typescript/utils/crypto.d.ts +24 -0
- package/lib/typescript/utils/crypto.d.ts.map +1 -1
- package/lib/typescript/utils/decoder.d.ts +1 -1
- package/lib/typescript/utils/decoder.d.ts.map +1 -1
- package/lib/typescript/utils/jwk.d.ts +2 -0
- package/lib/typescript/utils/jwk.d.ts.map +1 -1
- package/package.json +4 -2
- package/src/credential/issuance/03-start-user-authorization.ts +3 -0
- package/src/credential/presentation/01-start-flow.ts +16 -32
- package/src/credential/presentation/03-get-request-object.ts +1 -1
- package/src/credential/presentation/04-retrieve-rp-jwks.ts +122 -34
- package/src/credential/presentation/05-verify-request-object.ts +4 -3
- package/src/credential/presentation/07-evaluate-input-descriptor.ts +20 -6
- package/src/credential/presentation/08-send-authorization-response.ts +25 -17
- package/src/credential/presentation/README.md +4 -4
- package/src/credential/presentation/errors.ts +0 -16
- package/src/credential/presentation/types.ts +10 -1
- package/src/entity/trust/chain.ts +1 -2
- package/src/utils/crypto.ts +43 -0
- package/src/utils/decoder.ts +1 -1
- package/src/utils/jwk.ts +3 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_types","require","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","Fields","object","path","array","string","min","id","optional","purpose","name","filter","any","boolean","intent_to_retain","Constraints","fields","limit_disclosure","enum","InputDescriptor","format","record","constraints","group","exports","SubmissionRequirement","rule","from","from_nested","count","number","PresentationDefinition","input_descriptors","submission_requirements","RequestObject","iss","iat","UnixTime","exp","state","nonce","response_uri","response_type","literal","response_mode","client_id","client_id_scheme","scope","presentation_definition"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":";;;;;;AACA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;
|
|
1
|
+
{"version":3,"names":["_types","require","z","_interopRequireWildcard","_jwk","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","Fields","object","path","array","string","min","id","optional","purpose","name","filter","any","boolean","intent_to_retain","Constraints","fields","limit_disclosure","enum","InputDescriptor","format","record","constraints","group","exports","SubmissionRequirement","rule","from","from_nested","count","number","PresentationDefinition","input_descriptors","submission_requirements","RequestObject","iss","iat","UnixTime","exp","state","nonce","response_uri","response_type","literal","response_mode","client_id","client_id_scheme","client_metadata","authorization_encrypted_response_alg","authorization_encrypted_response_enc","jwks_uri","jwks","JWKS","scope","presentation_definition"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":";;;;;;AACA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,IAAA,GAAAH,OAAA;AAAuC,SAAAI,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEvC;AACA;AACA;;AAOA,MAAMW,MAAM,GAAGzB,CAAC,CAAC0B,MAAM,CAAC;EACtBC,IAAI,EAAE3B,CAAC,CAAC4B,KAAK,CAAC5B,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAAC;EAAE;EAClCC,EAAE,EAAE/B,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC3BC,OAAO,EAAEjC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCE,IAAI,EAAElC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BG,MAAM,EAAEnC,CAAC,CAACoC,GAAG,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAC5BA,QAAQ,EAAEhC,CAAC,CAACqC,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAAE;EAClCM,gBAAgB,EAAEtC,CAAC,CAACqC,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC,CAAE;AAC5C,CAAC,CAAC;;AAEF;AACA,MAAMO,WAAW,GAAGvC,CAAC,CAAC0B,MAAM,CAAC;EAC3Bc,MAAM,EAAExC,CAAC,CAAC4B,KAAK,CAACH,MAAM,CAAC,CAACO,QAAQ,CAAC,CAAC;EAAE;EACpCS,gBAAgB,EAAEzC,CAAC,CAAC0C,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAACV,QAAQ,CAAC,CAAC,CAAE;AAClE,CAAC,CAAC;;AAEF;;AAEO,MAAMW,eAAe,GAAG3C,CAAC,CAAC0B,MAAM,CAAC;EACtCK,EAAE,EAAE/B,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC;EAAE;EACvBI,IAAI,EAAElC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BC,OAAO,EAAEjC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCY,MAAM,EAAE5C,CAAC,CAAC6C,MAAM,CAAC7C,CAAC,CAAC6B,MAAM,CAAC,CAAC,EAAE7B,CAAC,CAACoC,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAClDc,WAAW,EAAEP,WAAW;EAAE;EAC1BQ,KAAK,EAAE/C,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;AAChC,CAAC,CAAC;AAACgB,OAAA,CAAAL,eAAA,GAAAA,eAAA;AAEH,MAAMM,qBAAqB,GAAGjD,CAAC,CAAC0B,MAAM,CAAC;EACrCQ,IAAI,EAAElC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAEjC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BkB,IAAI,EAAElD,CAAC,CAAC6B,MAAM,CAAC,CAAC;EAAE;EAClBsB,IAAI,EAAEnD,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BoB,WAAW,EAAEpD,CAAC,CACX4B,KAAK,CACJ5B,CAAC,CAAC0B,MAAM,CAAC;IACPQ,IAAI,EAAElC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3BC,OAAO,EAAEjC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC9BkB,IAAI,EAAElD,CAAC,CAAC6B,MAAM,CAAC,CAAC;IAChBsB,IAAI,EAAEnD,CAAC,CAAC6B,MAAM,CAAC;EACjB,CAAC,CACH,CAAC,CACAG,QAAQ,CAAC,CAAC;EACbqB,KAAK,EAAErD,CAAC,CAACsD,MAAM,CAAC,CAAC,CAACtB,QAAQ,CAAC;EAC3B;AACF,CAAC,CAAC;;AAGK,MAAMuB,sBAAsB,GAAGvD,CAAC,CAAC0B,MAAM,CAAC;EAC7CK,EAAE,EAAE/B,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACdK,IAAI,EAAElC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAEjC,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BwB,iBAAiB,EAAExD,CAAC,CAAC4B,KAAK,CAACe,eAAe,CAAC;EAC3Cc,uBAAuB,EAAEzD,CAAC,CAAC4B,KAAK,CAACqB,qBAAqB,CAAC,CAACjB,QAAQ,CAAC;AACnE,CAAC,CAAC;AAACgB,OAAA,CAAAO,sBAAA,GAAAA,sBAAA;AAGI,MAAMG,aAAa,GAAG1D,CAAC,CAAC0B,MAAM,CAAC;EACpCiC,GAAG,EAAE3D,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC5B4B,GAAG,EAAEC,eAAQ,CAAC7B,QAAQ,CAAC,CAAC;EACxB8B,GAAG,EAAED,eAAQ,CAAC7B,QAAQ,CAAC,CAAC;EACxB+B,KAAK,EAAE/D,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACjBmC,KAAK,EAAEhE,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACjBoC,YAAY,EAAEjE,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACxBqC,aAAa,EAAElE,CAAC,CAACmE,OAAO,CAAC,UAAU,CAAC;EACpCC,aAAa,EAAEpE,CAAC,CAAC0C,IAAI,CAAC,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC;EACzD2B,SAAS,EAAErE,CAAC,CAAC6B,MAAM,CAAC,CAAC;EACrByC,gBAAgB,EAAEtE,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EACzCuC,eAAe,EAAEvE,CAAC,CACf0B,MAAM,CAAC;IACN8C,oCAAoC,EAAExE,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3DyC,oCAAoC,EAAEzE,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3D0C,QAAQ,EAAE1E,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC/B2C,IAAI,EAAEC,SAAI,CAAC5C,QAAQ,CAAC;EACtB,CAAC,CAAC,CACDA,QAAQ,CAAC,CAAC;EAAE;EACf6C,KAAK,EAAE7E,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC5B8C,uBAAuB,EAAEvB,sBAAsB,CAACvB,QAAQ,CAAC;AAC3D,CAAC,CAAC;AAACgB,OAAA,CAAAU,aAAA,GAAAA,aAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_types","_errors","z","_interopRequireWildcard","_","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","verify","token","kid","jwks","jwk","find","k","Error","protectedHeader","header","payload","verifyJwt","decode","decodeJwt","FirstElementShape","EntityConfiguration","MiddleElementShape","EntityStatement","LastElementShape","union","TrustAnchorEntityConfiguration","validateTrustChain","trustAnchorEntity","chain","length","IoWalletError","selectTokenShape","elementIndex","selectKid","currentIndex","shape","parse","selectKeys","keys","nextIndex","nextToken","Promise","all","map","i","args","renewTrustChain","appFetch","arguments","undefined","fetch","e","safeParse","_ref","es","ec","success","getSignedEntityConfiguration","data","iss","getSignedEntityStatement","sub","reject"],"sourceRoot":"../../../../src","sources":["entity/trust/chain.ts"],"mappings":";;;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAIA,IAAAC,MAAA,GAAAD,OAAA;AAMA,IAAAE,OAAA,GAAAF,OAAA;AACA,IAAAG,CAAA,GAAAC,uBAAA,CAAAJ,OAAA;
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_types","_errors","z","_interopRequireWildcard","_","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","verify","token","kid","jwks","jwk","find","k","Error","protectedHeader","header","payload","verifyJwt","decode","decodeJwt","FirstElementShape","EntityConfiguration","MiddleElementShape","EntityStatement","LastElementShape","union","TrustAnchorEntityConfiguration","validateTrustChain","trustAnchorEntity","chain","length","IoWalletError","selectTokenShape","elementIndex","selectKid","currentIndex","shape","parse","selectKeys","keys","nextIndex","nextToken","Promise","all","map","i","args","renewTrustChain","appFetch","arguments","undefined","fetch","e","safeParse","_ref","es","ec","success","getSignedEntityConfiguration","data","iss","getSignedEntityStatement","sub","reject"],"sourceRoot":"../../../../src","sources":["entity/trust/chain.ts"],"mappings":";;;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAIA,IAAAC,MAAA,GAAAD,OAAA;AAMA,IAAAE,OAAA,GAAAF,OAAA;AACA,IAAAG,CAAA,GAAAC,uBAAA,CAAAJ,OAAA;AACA,IAAAK,CAAA,GAAAL,OAAA;AAA2E,SAAAM,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAO3E;AACA;AACA,MAAMW,MAAM,GAAG,MAAAA,CACbC,KAAa,EACbC,GAAW,EACXC,IAAW,KACc;EACzB,MAAMC,GAAG,GAAGD,IAAI,CAACE,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,GAAG,KAAKA,GAAG,CAAC;EAC3C,IAAI,CAACE,GAAG,EAAE;IACR,MAAM,IAAIG,KAAK,CAAE,gBAAeL,GAAI,YAAWD,KAAM,EAAC,CAAC;EACzD;EACA,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAM,IAAAC,wBAAS,EAACV,KAAK,EAAEG,GAAG,CAAC;EACxE,OAAO;IAAEK,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;AAED,MAAME,MAAM,GAAIX,KAAa,IAAK;EAChC,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,IAAAG,wBAAS,EAACZ,KAAK,CAAC;EAC7D,OAAO;IAAEQ,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;;AAED;AACA,MAAMI,iBAAiB,GAAGC,0BAAmB;AAC7C;AACA,MAAMC,kBAAkB,GAAGC,sBAAe;AAC1C;AACA;AACA,MAAMC,gBAAgB,GAAG3C,CAAC,CAAC4C,KAAK,CAAC,CAC/BF,sBAAe,EACfG,qCAA8B,CAC/B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeC,kBAAkBA,CACtCC,iBAAiD,EACjDC,KAAe,EACS;EACxB;EACA,IAAIA,KAAK,CAACC,MAAM,KAAK,CAAC,EAAE;IACtB,MAAM,IAAIC,qBAAa,CAAC,iCAAiC,CAAC;EAC5D;;EAEA;EACA,MAAMC,gBAAgB,GAAIC,YAAoB,IAC5CA,YAAY,KAAK,CAAC,GACdb,iBAAiB,GACjBa,YAAY,KAAKJ,KAAK,CAACC,MAAM,GAAG,CAAC,GACjCN,gBAAgB,GAChBF,kBAAkB;;EAExB;EACA,MAAMY,SAAS,GAAIC,YAAoB,IAAa;IAClD,MAAM5B,KAAK,GAAGsB,KAAK,CAACM,YAAY,CAAC;IACjC,IAAI,CAAC5B,KAAK,EAAE;MACV,MAAM,IAAIwB,qBAAa,CAAE,gCAA+B,CAAC;IAC3D;IACA,MAAMK,KAAK,GAAGJ,gBAAgB,CAACG,YAAY,CAAC;IAC5C,OAAOC,KAAK,CAACC,KAAK,CAACnB,MAAM,CAACX,KAAK,CAAC,CAAC,CAACQ,MAAM,CAACP,GAAG;EAC9C,CAAC;;EAED;EACA;EACA,MAAM8B,UAAU,GAAIH,YAAoB,IAAY;IAClD,IAAIA,YAAY,KAAKN,KAAK,CAACC,MAAM,GAAG,CAAC,EAAE;MACrC,OAAOF,iBAAiB,CAACZ,OAAO,CAACP,IAAI,CAAC8B,IAAI;IAC5C;IAEA,MAAMC,SAAS,GAAGL,YAAY,GAAG,CAAC;IAClC,MAAMM,SAAS,GAAGZ,KAAK,CAACW,SAAS,CAAC;IAClC,IAAI,CAACC,SAAS,EAAE;MACd,MAAM,IAAIV,qBAAa,CAAE,qCAAoC,CAAC;IAChE;IACA,MAAMK,KAAK,GAAGJ,gBAAgB,CAACQ,SAAS,CAAC;IACzC,OAAOJ,KAAK,CAACC,KAAK,CAACnB,MAAM,CAACuB,SAAS,CAAC,CAAC,CAACzB,OAAO,CAACP,IAAI,CAAC8B,IAAI;EACzD,CAAC;;EAED;EACA;EACA,OAAOG,OAAO,CAACC,GAAG,CAChBd,KAAK,CACFe,GAAG,CAAC,CAACrC,KAAK,EAAEsC,CAAC,KAAK,CAACtC,KAAK,EAAE2B,SAAS,CAACW,CAAC,CAAC,EAAEP,UAAU,CAACO,CAAC,CAAC,CAAU,CAAC,CAChED,GAAG,CAAEE,IAAI,IAAKxC,MAAM,CAAC,GAAGwC,IAAI,CAAC,CAClC,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASC,eAAeA,CAC7BlB,KAAe,EAEf;EAAA,IADAmB,QAA8B,GAAAC,SAAA,CAAAnB,MAAA,QAAAmB,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAGE,KAAK;EAEtC,OAAOT,OAAO,CAACC,GAAG,CAChBd;EACE;EAAA,CACCe,GAAG,CAAC1B,MAAM,CAAC,CACX0B,GAAG,CACDQ,CAAC,IACA,CACE7B,sBAAe,CAAC8B,SAAS,CAACD,CAAC,CAAC,EAC5B/B,0BAAmB,CAACgC,SAAS,CAACD,CAAC,CAAC,CAEtC;EACA;EAAA,CACCR,GAAG,CAAC,CAAAU,IAAA,EAAWT,CAAC;IAAA,IAAX,CAACU,EAAE,EAAEC,EAAE,CAAC,GAAAF,IAAA;IAAA,OACZE,EAAE,CAACC,OAAO,GACN,IAAAC,8BAA4B,EAACF,EAAE,CAACG,IAAI,CAAC3C,OAAO,CAAC4C,GAAG,EAAE;MAAEZ;IAAS,CAAC,CAAC,GAC/DO,EAAE,CAACE,OAAO,GACV,IAAAI,0BAAwB,EAACN,EAAE,CAACI,IAAI,CAAC3C,OAAO,CAAC4C,GAAG,EAAEL,EAAE,CAACI,IAAI,CAAC3C,OAAO,CAAC8C,GAAG,EAAE;MACjEd;IACF,CAAC,CAAC;IACF;IACAN,OAAO,CAACqB,MAAM,CACZ,IAAIhC,qBAAa,CACd,iDAAgDc,CAAE,uBACrD,CACF,CAAC;EAAA,CACP,CACJ,CAAC;AACH"}
|
|
@@ -3,11 +3,12 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.withEphemeralKey = exports.createCryptoContextFor = void 0;
|
|
6
|
+
exports.withEphemeralKey = exports.parsePublicKey = exports.getSigningJwk = exports.createCryptoContextFor = exports.convertCertToPem = void 0;
|
|
7
7
|
var _ioReactNativeCrypto = require("@pagopa/io-react-native-crypto");
|
|
8
8
|
var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
|
|
9
9
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
10
10
|
var _jwk = require("./jwk");
|
|
11
|
+
var _jsrsasign = require("jsrsasign");
|
|
11
12
|
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
|
|
12
13
|
/**
|
|
13
14
|
* Create a CryptoContext bound to a key pair.
|
|
@@ -61,5 +62,44 @@ const withEphemeralKey = async fn => {
|
|
|
61
62
|
const ephemeralContext = createCryptoContextFor(keytag);
|
|
62
63
|
return fn(ephemeralContext).finally(() => (0, _ioReactNativeCrypto.deleteKey)(keytag));
|
|
63
64
|
};
|
|
65
|
+
|
|
66
|
+
/**
|
|
67
|
+
* Converts a certificate string to PEM format.
|
|
68
|
+
*
|
|
69
|
+
* @param certificate - The certificate string.
|
|
70
|
+
* @returns The PEM-formatted certificate.
|
|
71
|
+
*/
|
|
64
72
|
exports.withEphemeralKey = withEphemeralKey;
|
|
73
|
+
const convertCertToPem = certificate => `-----BEGIN CERTIFICATE-----\n${certificate}\n-----END CERTIFICATE-----`;
|
|
74
|
+
|
|
75
|
+
/**
|
|
76
|
+
* Parses the public key from a PEM-formatted certificate.
|
|
77
|
+
*
|
|
78
|
+
* @param pemCert - The PEM-formatted certificate.
|
|
79
|
+
* @returns The public key object.
|
|
80
|
+
* @throws Will throw an error if the public key is unsupported.
|
|
81
|
+
*/
|
|
82
|
+
exports.convertCertToPem = convertCertToPem;
|
|
83
|
+
const parsePublicKey = pemCert => {
|
|
84
|
+
const x509 = new _jsrsasign.X509();
|
|
85
|
+
x509.readCertPEM(pemCert);
|
|
86
|
+
const publicKey = x509.getPublicKey();
|
|
87
|
+
if (publicKey instanceof _jsrsasign.RSAKey || publicKey instanceof _jsrsasign.KJUR.crypto.ECDSA) {
|
|
88
|
+
return publicKey;
|
|
89
|
+
}
|
|
90
|
+
return undefined;
|
|
91
|
+
};
|
|
92
|
+
|
|
93
|
+
/**
|
|
94
|
+
* Retrieves the signing JWK from the public key.
|
|
95
|
+
*
|
|
96
|
+
* @param publicKey - The public key object.
|
|
97
|
+
* @returns The signing JWK.
|
|
98
|
+
*/
|
|
99
|
+
exports.parsePublicKey = parsePublicKey;
|
|
100
|
+
const getSigningJwk = publicKey => ({
|
|
101
|
+
..._jwk.JWK.parse(_jsrsasign.KEYUTIL.getJWKFromKey(publicKey)),
|
|
102
|
+
use: "sig"
|
|
103
|
+
});
|
|
104
|
+
exports.getSigningJwk = getSigningJwk;
|
|
65
105
|
//# sourceMappingURL=crypto.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeCrypto","require","_reactNativeUuid","_interopRequireDefault","_ioReactNativeJwt","_jwk","obj","__esModule","default","createCryptoContextFor","keytag","getPublicKey","then","fixBase64EncodingOnKey","jwk","kid","thumbprint","getSignature","value","sign","exports","withEphemeralKey","fn","uuid","v4","generate","ephemeralContext","finally","deleteKey"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":";;;;;;AAAA,IAAAA,oBAAA,GAAAC,OAAA;AAMA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA;AACA,IAAAI,IAAA,GAAAJ,OAAA;
|
|
1
|
+
{"version":3,"names":["_ioReactNativeCrypto","require","_reactNativeUuid","_interopRequireDefault","_ioReactNativeJwt","_jwk","_jsrsasign","obj","__esModule","default","createCryptoContextFor","keytag","getPublicKey","then","fixBase64EncodingOnKey","jwk","kid","thumbprint","getSignature","value","sign","exports","withEphemeralKey","fn","uuid","v4","generate","ephemeralContext","finally","deleteKey","convertCertToPem","certificate","parsePublicKey","pemCert","x509","X509","readCertPEM","publicKey","RSAKey","KJUR","crypto","ECDSA","undefined","getSigningJwk","JWK","parse","KEYUTIL","getJWKFromKey","use"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":";;;;;;AAAA,IAAAA,oBAAA,GAAAC,OAAA;AAMA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA;AACA,IAAAI,IAAA,GAAAJ,OAAA;AACA,IAAAK,UAAA,GAAAL,OAAA;AAAwD,SAAAE,uBAAAI,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAGxD;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,sBAAsB,GAAIC,MAAc,IAAoB;EACvE,OAAO;IACL;AACJ;AACA;AACA;AACA;IACI,MAAMC,YAAYA,CAAA,EAAG;MACnB,OAAO,IAAAA,iCAAY,EAACD,MAAM,CAAC,CACxBE,IAAI,CAACC,2BAAsB,CAAC,CAC5BD,IAAI,CAAC,MAAOE,GAAG,KAAM;QACpB,GAAGA,GAAG;QACN;QACA;QACA;QACA;QACAC,GAAG,EAAE,MAAM,IAAAC,4BAAU,EAACF,GAAG;MAC3B,CAAC,CAAC,CAAC;IACP,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;IACI,MAAMG,YAAYA,CAACC,KAAa,EAAE;MAChC,OAAO,IAAAC,yBAAI,EAACD,KAAK,EAAER,MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAU,OAAA,CAAAX,sBAAA,GAAAA,sBAAA;AAQO,MAAMY,gBAAgB,GAAG,MAC9BC,EAAmD,IACpC;EACf;EACA,MAAMZ,MAAM,GAAI,aAAYa,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;EACvC,MAAM,IAAAC,6BAAQ,EAACf,MAAM,CAAC;EACtB,MAAMgB,gBAAgB,GAAGjB,sBAAsB,CAACC,MAAM,CAAC;EACvD,OAAOY,EAAE,CAACI,gBAAgB,CAAC,CAACC,OAAO,CAAC,MAAM,IAAAC,8BAAS,EAAClB,MAAM,CAAC,CAAC;AAC9D,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AALAU,OAAA,CAAAC,gBAAA,GAAAA,gBAAA;AAMO,MAAMQ,gBAAgB,GAAIC,WAAmB,IACjD,gCAA+BA,WAAY,6BAA4B;;AAE1E;AACA;AACA;AACA;AACA;AACA;AACA;AANAV,OAAA,CAAAS,gBAAA,GAAAA,gBAAA;AAOO,MAAME,cAAc,GACzBC,OAAe,IAC4B;EAC3C,MAAMC,IAAI,GAAG,IAAIC,eAAI,CAAC,CAAC;EACvBD,IAAI,CAACE,WAAW,CAACH,OAAO,CAAC;EACzB,MAAMI,SAAS,GAAGH,IAAI,CAACtB,YAAY,CAAC,CAAC;EAErC,IAAIyB,SAAS,YAAYC,iBAAM,IAAID,SAAS,YAAYE,eAAI,CAACC,MAAM,CAACC,KAAK,EAAE;IACzE,OAAOJ,SAAS;EAClB;EAEA,OAAOK,SAAS;AAClB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AALArB,OAAA,CAAAW,cAAA,GAAAA,cAAA;AAMO,MAAMW,aAAa,GAAIN,SAAqC,KAAW;EAC5E,GAAGO,QAAG,CAACC,KAAK,CAACC,kBAAO,CAACC,aAAa,CAACV,SAAS,CAAC,CAAC;EAC9CW,GAAG,EAAE;AACP,CAAC,CAAC;AAAC3B,OAAA,CAAAsB,aAAA,GAAAA,aAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_errors","getJwtFromFormPost","formData","formPostRegex","lineExpressionRegex","match","exec","responseJwt","jwt","replace","decodedJwt","decodeJwt","ValidationFailed","message","exports"],"sourceRoot":"../../../src","sources":["utils/decoder.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_errors","getJwtFromFormPost","formData","formPostRegex","lineExpressionRegex","match","exec","responseJwt","jwt","replace","decodedJwt","decodeJwt","ValidationFailed","message","exports"],"sourceRoot":"../../../src","sources":["utils/decoder.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAME,kBAAkB,GAAG,MAChCC,QAAgB,IAC0C;EAC1D,MAAMC,aAAa,GAAG,iDAAiD;EACvE,MAAMC,mBAAmB,GAAG,sBAAsB;EAElD,MAAMC,KAAK,GAAGF,aAAa,CAACG,IAAI,CAACJ,QAAQ,CAAC;EAC1C,IAAIG,KAAK,IAAIA,KAAK,CAAC,CAAC,CAAC,EAAE;IACrB,MAAME,WAAW,GAAGF,KAAK,CAAC,CAAC,CAAC;IAE5B,IAAIE,WAAW,EAAE;MACf,MAAMC,GAAG,GAAGD,WAAW,CAACE,OAAO,CAACL,mBAAmB,EAAE,EAAE,CAAC;MACxD,MAAMM,UAAU,GAAG,IAAAC,wBAAS,EAACH,GAAG,CAAC;MACjC,OAAO;QAAEA,GAAG;QAAEE;MAAW,CAAC;IAC5B;EACF;EAEA,MAAM,IAAIE,wBAAgB,CAAC;IACzBC,OAAO,EAAG,uDAAsDX,QAAS;EAC3E,CAAC,CAAC;AACJ,CAAC;AAACY,OAAA,CAAAb,kBAAA,GAAAA,kBAAA"}
|
|
@@ -62,6 +62,9 @@ export const startUserAuthorization = async (issuerConf, credentialType, ctx) =>
|
|
|
62
62
|
appFetch = fetch
|
|
63
63
|
} = ctx;
|
|
64
64
|
const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
|
|
65
|
+
if (!clientId) {
|
|
66
|
+
throw new Error("No public key found");
|
|
67
|
+
}
|
|
65
68
|
const codeVerifier = generateRandomAlphaNumericString(64);
|
|
66
69
|
const parEndpoint = issuerConf.pushed_authorization_request_endpoint;
|
|
67
70
|
const credentialDefinition = selectCredentialDefinition(issuerConf, credentialType);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["generateRandomAlphaNumericString","makeParRequest","selectCredentialDefinition","issuerConf","credentialType","credential_configurations_supported","credential","Error","result","credential_configuration_id","format","type","selectResponseMode","responseMode","startUserAuthorization","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","parEndpoint","pushed_authorization_request_endpoint","credentialDefinition","getPar","issuerRequestUri"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-user-authorization.ts"],"mappings":"AAEA,SAASA,gCAAgC,QAAkB,kBAAkB;AAE7E,SAA8BC,cAAc,QAAQ,iBAAiB;AAmBrE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,0BAA0B,GAAGA,CACjCC,UAA8C,EAC9CC,cAAgD,KACxB;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACE,mCAAmC;EAEhD,MAAMC,UAAU,GAAGD,mCAAmC,CAACD,cAAc,CAAC;EAEtE,IAAI,CAACE,UAAU,EAAE;IACf,MAAM,IAAIC,KAAK,CAAE,mCAAkCH,cAAe,GAAE,CAAC;EACvE;EAEA,MAAMI,MAAM,GAAG;IACbC,2BAA2B,EAAEL,cAAc;IAC3CM,MAAM,EAAEJ,UAAU,CAACI,MAAM;IACzBC,IAAI,EAAE;EACR,CAAC;EAED,OAAOH,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMI,kBAAkB,GACtBR,cAAgD,IAC/B;EACjB,MAAMS,YAAY,GAChBT,cAAc,KAAK,6BAA6B,GAC5C,OAAO,GACP,eAAe;EAErB,OAAOS,YAAY;AACrB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAA8C,GAAG,MAAAA,CAC5DX,UAAU,EACVC,cAAc,EACdW,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EACzE,
|
|
1
|
+
{"version":3,"names":["generateRandomAlphaNumericString","makeParRequest","selectCredentialDefinition","issuerConf","credentialType","credential_configurations_supported","credential","Error","result","credential_configuration_id","format","type","selectResponseMode","responseMode","startUserAuthorization","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","parEndpoint","pushed_authorization_request_endpoint","credentialDefinition","getPar","issuerRequestUri"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-user-authorization.ts"],"mappings":"AAEA,SAASA,gCAAgC,QAAkB,kBAAkB;AAE7E,SAA8BC,cAAc,QAAQ,iBAAiB;AAmBrE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,0BAA0B,GAAGA,CACjCC,UAA8C,EAC9CC,cAAgD,KACxB;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACE,mCAAmC;EAEhD,MAAMC,UAAU,GAAGD,mCAAmC,CAACD,cAAc,CAAC;EAEtE,IAAI,CAACE,UAAU,EAAE;IACf,MAAM,IAAIC,KAAK,CAAE,mCAAkCH,cAAe,GAAE,CAAC;EACvE;EAEA,MAAMI,MAAM,GAAG;IACbC,2BAA2B,EAAEL,cAAc;IAC3CM,MAAM,EAAEJ,UAAU,CAACI,MAAM;IACzBC,IAAI,EAAE;EACR,CAAC;EAED,OAAOH,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMI,kBAAkB,GACtBR,cAAgD,IAC/B;EACjB,MAAMS,YAAY,GAChBT,cAAc,KAAK,6BAA6B,GAC5C,OAAO,GACP,eAAe;EAErB,OAAOS,YAAY;AACrB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAA8C,GAAG,MAAAA,CAC5DX,UAAU,EACVC,cAAc,EACdW,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EACzE,IAAI,CAACJ,QAAQ,EAAE;IACb,MAAM,IAAId,KAAK,CAAC,qBAAqB,CAAC;EACxC;EACA,MAAMmB,YAAY,GAAG1B,gCAAgC,CAAC,EAAE,CAAC;EACzD,MAAM2B,WAAW,GAAGxB,UAAU,CAACyB,qCAAqC;EACpE,MAAMC,oBAAoB,GAAG3B,0BAA0B,CACrDC,UAAU,EACVC,cACF,CAAC;EACD,MAAMS,YAAY,GAAGD,kBAAkB,CAACR,cAAc,CAAC;EAEvD,MAAM0B,MAAM,GAAG7B,cAAc,CAAC;IAAEe,gBAAgB;IAAEG;EAAS,CAAC,CAAC;EAC7D,MAAMY,gBAAgB,GAAG,MAAMD,MAAM,CACnCT,QAAQ,EACRK,YAAY,EACZR,WAAW,EACXL,YAAY,EACZc,WAAW,EACXV,yBAAyB,EACzB,CAACY,oBAAoB,CACvB,CAAC;EAED,OAAO;IAAEE,gBAAgB;IAAEV,QAAQ;IAAEK,YAAY;IAAEG;EAAqB,CAAC;AAC3E,CAAC"}
|
|
@@ -1,11 +1,8 @@
|
|
|
1
1
|
import * as z from "zod";
|
|
2
|
-
import {
|
|
3
|
-
const
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
// TODO: refine to known paths using literals
|
|
7
|
-
clientId: z.string(),
|
|
8
|
-
requestURI: z.string()
|
|
2
|
+
import { ValidationFailed } from "../../utils/errors";
|
|
3
|
+
const PresentationParams = z.object({
|
|
4
|
+
clientId: z.string().nonempty(),
|
|
5
|
+
requestUri: z.string().url()
|
|
9
6
|
});
|
|
10
7
|
|
|
11
8
|
/**
|
|
@@ -17,37 +14,24 @@ const QRCodePayload = z.object({
|
|
|
17
14
|
*/
|
|
18
15
|
|
|
19
16
|
/**
|
|
20
|
-
* Start a presentation flow by decoding
|
|
17
|
+
* Start a presentation flow by decoding the parameters needed to start the presentation flow.
|
|
21
18
|
*
|
|
22
19
|
* @param qrcode The encoded QR-code content
|
|
23
20
|
* @returns The url for the Relying Party to connect with
|
|
24
21
|
* @throws If the provided qr code fails to be decoded
|
|
25
22
|
*/
|
|
26
|
-
export const startFlowFromQR =
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
var _originalQrCode$;
|
|
30
|
-
// splitting qrcode to identify which is link format
|
|
31
|
-
const originalQrCode = qrcode.split("://");
|
|
32
|
-
const replacedQrcode = (_originalQrCode$ = originalQrCode[1]) !== null && _originalQrCode$ !== void 0 && _originalQrCode$.startsWith("?") ? qrcode.replace(`${originalQrCode[0]}://`, "https://wallet.example/") : qrcode;
|
|
33
|
-
decodedUrl = new URL(replacedQrcode);
|
|
34
|
-
} catch (error) {
|
|
35
|
-
throw new InvalidQRCodeError(`Failed to decode QR code: ${qrcode}`);
|
|
36
|
-
}
|
|
37
|
-
const protocol = decodedUrl.protocol;
|
|
38
|
-
const resource = decodedUrl.hostname;
|
|
39
|
-
const requestURI = decodedUrl.searchParams.get("request_uri");
|
|
40
|
-
const clientId = decodedUrl.searchParams.get("client_id");
|
|
41
|
-
const result = QRCodePayload.safeParse({
|
|
42
|
-
protocol,
|
|
43
|
-
resource,
|
|
44
|
-
requestURI,
|
|
23
|
+
export const startFlowFromQR = (requestUri, clientId) => {
|
|
24
|
+
const result = PresentationParams.safeParse({
|
|
25
|
+
requestUri,
|
|
45
26
|
clientId
|
|
46
27
|
});
|
|
47
28
|
if (result.success) {
|
|
48
29
|
return result.data;
|
|
49
30
|
} else {
|
|
50
|
-
throw new
|
|
31
|
+
throw new ValidationFailed({
|
|
32
|
+
message: "Invalid parameters provided",
|
|
33
|
+
reason: result.error.message
|
|
34
|
+
});
|
|
51
35
|
}
|
|
52
36
|
};
|
|
53
37
|
//# sourceMappingURL=01-start-flow.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","
|
|
1
|
+
{"version":3,"names":["z","ValidationFailed","PresentationParams","object","clientId","string","nonempty","requestUri","url","startFlowFromQR","result","safeParse","success","data","message","reason","error"],"sourceRoot":"../../../../src","sources":["credential/presentation/01-start-flow.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,gBAAgB,QAAQ,oBAAoB;AAErD,MAAMC,kBAAkB,GAAGF,CAAC,CAACG,MAAM,CAAC;EAClCC,QAAQ,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC/BC,UAAU,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,GAAG,CAAC;AAC7B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAA4C,GAAGA,CAC1DF,UAAkB,EAClBH,QAAgB,KACb;EACH,MAAMM,MAAM,GAAGR,kBAAkB,CAACS,SAAS,CAAC;IAC1CJ,UAAU;IACVH;EACF,CAAC,CAAC;EAEF,IAAIM,MAAM,CAACE,OAAO,EAAE;IAClB,OAAOF,MAAM,CAACG,IAAI;EACpB,CAAC,MAAM;IACL,MAAM,IAAIZ,gBAAgB,CAAC;MACzBa,OAAO,EAAE,6BAA6B;MACtCC,MAAM,EAAEL,MAAM,CAACM,KAAK,CAACF;IACvB,CAAC,CAAC;EACJ;AACF,CAAC"}
|
|
@@ -2,6 +2,8 @@ import { JWKS, JWK } from "../../utils/jwk";
|
|
|
2
2
|
import { hasStatusOrThrow } from "../../utils/misc";
|
|
3
3
|
import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
|
|
4
4
|
import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
|
|
5
|
+
import { RequestObject } from "./types";
|
|
6
|
+
import { convertCertToPem, parsePublicKey, getSigningJwk } from "../../utils/crypto";
|
|
5
7
|
|
|
6
8
|
/**
|
|
7
9
|
* Defines the signature for a function that retrieves JSON Web Key Sets (JWKS) from a client.
|
|
@@ -12,15 +14,68 @@ import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
|
|
|
12
14
|
*/
|
|
13
15
|
|
|
14
16
|
/**
|
|
15
|
-
*
|
|
16
|
-
* It is formed using `{issUrl.base}/.well-known/jar-issuer${issUrl.pah}` as explained in SD-JWT VC issuer metadata section
|
|
17
|
+
* Fetches and parses JWKS from a given URI.
|
|
17
18
|
*
|
|
18
|
-
* @param
|
|
19
|
-
* @param
|
|
20
|
-
* @
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
19
|
+
* @param jwksUri - The JWKS URI.
|
|
20
|
+
* @param fetchFn - The fetch function to use.
|
|
21
|
+
* @returns An array of JWKs.
|
|
22
|
+
*/
|
|
23
|
+
const fetchJwksFromUri = async (jwksUri, appFetch) => {
|
|
24
|
+
const jwks = await appFetch(jwksUri, {
|
|
25
|
+
method: "GET"
|
|
26
|
+
}).then(hasStatusOrThrow(200)).then(raw => raw.json()).then(json => json.jwks ? JWKS.parse(json.jwks) : JWKS.parse(json));
|
|
27
|
+
return jwks.keys;
|
|
28
|
+
};
|
|
29
|
+
|
|
30
|
+
/**
|
|
31
|
+
* Retrieves JWKS when the client ID scheme includes x509 SAN DNS.
|
|
32
|
+
*
|
|
33
|
+
* @param decodedJwt - The decoded JWT.
|
|
34
|
+
* @param fetchFn - The fetch function to use.
|
|
35
|
+
* @returns An array of JWKs.
|
|
36
|
+
* @throws Will throw an error if no suitable keys are found.
|
|
37
|
+
*/
|
|
38
|
+
const getJwksFromX509Cert = async certChain => {
|
|
39
|
+
if (!Array.isArray(certChain) || certChain.length === 0 || !certChain[0]) {
|
|
40
|
+
throw new NoSuitableKeysFoundInEntityConfiguration("No RP encrypt key found!");
|
|
41
|
+
}
|
|
42
|
+
const pemCert = convertCertToPem(certChain[0]);
|
|
43
|
+
const publicKey = parsePublicKey(pemCert);
|
|
44
|
+
if (!publicKey) {
|
|
45
|
+
throw new NoSuitableKeysFoundInEntityConfiguration("Unsupported public key type.");
|
|
46
|
+
}
|
|
47
|
+
const signingJwk = getSigningJwk(publicKey);
|
|
48
|
+
return [signingJwk];
|
|
49
|
+
};
|
|
50
|
+
|
|
51
|
+
/**
|
|
52
|
+
* Constructs the well-known JWKS URL based on the issuer claim.
|
|
53
|
+
*
|
|
54
|
+
* @param issuer - The issuer URL.
|
|
55
|
+
* @returns The well-known JWKS URL.
|
|
56
|
+
*/
|
|
57
|
+
const constructWellKnownJwksUrl = issuer => {
|
|
58
|
+
const issuerUrl = new URL(issuer);
|
|
59
|
+
return new URL(`/.well-known/jar-issuer${issuerUrl.pathname}`, `${issuerUrl.protocol}//${issuerUrl.host}`).toString();
|
|
60
|
+
};
|
|
61
|
+
|
|
62
|
+
/**
|
|
63
|
+
* Fetches the JSON Web Key Set (JWKS) based on the provided Request Object encoded as a JWT.
|
|
64
|
+
* The retrieval process follows these steps in order:
|
|
65
|
+
*
|
|
66
|
+
* 1. **Direct JWK Retrieval**: If the JWT's protected header contains a `jwk` attribute, it uses this key directly.
|
|
67
|
+
* 2. **X.509 Certificate Retrieval**: If the protected header includes an `x5c` attribute, it extracts the JWKs from the provided X.509 certificate chain.
|
|
68
|
+
* 3. **Issuer's Well-Known Endpoint**: If neither `jwk` nor `x5c` are present, it constructs the JWKS URL using the issuer (`iss`) claim and fetches the keys from the issuer's well-known JWKS endpoint.
|
|
69
|
+
*
|
|
70
|
+
* The JWKS URL is constructed in the format `{issUrl.base}/.well-known/jar-issuer${issUrl.path}`,
|
|
71
|
+
* as detailed in the SD-JWT VC issuer metadata specification.
|
|
72
|
+
*
|
|
73
|
+
* @param requestObjectEncodedJwt - The Request Object encoded as a JWT.
|
|
74
|
+
* @param options - Optional parameters for fetching the JWKS.
|
|
75
|
+
* @param options.context - Optional context providing a custom fetch implementation.
|
|
76
|
+
* @param options.context.appFetch - A custom fetch function to replace the global `fetch` if provided.
|
|
77
|
+
* @returns A promise that resolves to an object containing an array of JSON Web Keys (JWKs).
|
|
78
|
+
* @throws {NoSuitableKeysFoundInEntityConfiguration} Throws an error if JWKS retrieval or key extraction fails.
|
|
24
79
|
*/
|
|
25
80
|
export const fetchJwksFromRequestObject = async function (requestObjectEncodedJwt) {
|
|
26
81
|
var _requestObjectJwt$pro, _requestObjectJwt$pay;
|
|
@@ -31,29 +86,46 @@ export const fetchJwksFromRequestObject = async function (requestObjectEncodedJw
|
|
|
31
86
|
appFetch = fetch
|
|
32
87
|
} = context;
|
|
33
88
|
const requestObjectJwt = decodeJwt(requestObjectEncodedJwt);
|
|
89
|
+
const jwks = [];
|
|
34
90
|
|
|
35
91
|
// 1. check if request object jwt contains the 'jwk' attribute
|
|
36
92
|
if ((_requestObjectJwt$pro = requestObjectJwt.protectedHeader) !== null && _requestObjectJwt$pro !== void 0 && _requestObjectJwt$pro.jwk) {
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
93
|
+
const keys = [JWK.parse(requestObjectJwt.protectedHeader.jwk)];
|
|
94
|
+
jwks.push(...keys);
|
|
95
|
+
}
|
|
96
|
+
|
|
97
|
+
// 2. check if request object jwt contains the 'x5c' attribute
|
|
98
|
+
if (requestObjectJwt.protectedHeader.x5c) {
|
|
99
|
+
const keys = await getJwksFromX509Cert(requestObjectJwt.protectedHeader.x5c);
|
|
100
|
+
jwks.push(...keys);
|
|
40
101
|
}
|
|
41
102
|
|
|
42
|
-
//
|
|
43
|
-
const
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
103
|
+
// 3. check if client_metadata contains the 'jwks' or 'jwks_uri' attribute
|
|
104
|
+
const requestObject = RequestObject.parse(requestObjectJwt.payload);
|
|
105
|
+
const {
|
|
106
|
+
client_metadata
|
|
107
|
+
} = requestObject;
|
|
108
|
+
if (client_metadata !== null && client_metadata !== void 0 && client_metadata.jwks_uri) {
|
|
109
|
+
const fetchedJwks = await fetchJwksFromUri(new URL(client_metadata.jwks_uri).toString(), appFetch);
|
|
110
|
+
jwks.push(...fetchedJwks);
|
|
111
|
+
}
|
|
112
|
+
if (client_metadata !== null && client_metadata !== void 0 && client_metadata.jwks) {
|
|
113
|
+
jwks.push(...client_metadata.jwks.keys);
|
|
114
|
+
}
|
|
47
115
|
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
};
|
|
116
|
+
// 3. According to Potential profile, retrieve from RP endpoint using iss claim
|
|
117
|
+
const issuer = (_requestObjectJwt$pay = requestObjectJwt.payload) === null || _requestObjectJwt$pay === void 0 ? void 0 : _requestObjectJwt$pay.iss;
|
|
118
|
+
if (jwks.length === 0 && typeof issuer === "string") {
|
|
119
|
+
const wellKnownJwksUrl = constructWellKnownJwksUrl(issuer);
|
|
120
|
+
const jwksKeys = await fetchJwksFromUri(wellKnownJwksUrl, appFetch);
|
|
121
|
+
jwks.push(...jwksKeys);
|
|
55
122
|
}
|
|
56
|
-
|
|
123
|
+
if (jwks.length === 0) {
|
|
124
|
+
throw new NoSuitableKeysFoundInEntityConfiguration("Request Object signature verification");
|
|
125
|
+
}
|
|
126
|
+
return {
|
|
127
|
+
keys: jwks
|
|
128
|
+
};
|
|
57
129
|
};
|
|
58
130
|
|
|
59
131
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["JWKS","JWK","hasStatusOrThrow","decode","decodeJwt","NoSuitableKeysFoundInEntityConfiguration","
|
|
1
|
+
{"version":3,"names":["JWKS","JWK","hasStatusOrThrow","decode","decodeJwt","NoSuitableKeysFoundInEntityConfiguration","RequestObject","convertCertToPem","parsePublicKey","getSigningJwk","fetchJwksFromUri","jwksUri","appFetch","jwks","method","then","raw","json","parse","keys","getJwksFromX509Cert","certChain","Array","isArray","length","pemCert","publicKey","signingJwk","constructWellKnownJwksUrl","issuer","issuerUrl","URL","pathname","protocol","host","toString","fetchJwksFromRequestObject","requestObjectEncodedJwt","_requestObjectJwt$pro","_requestObjectJwt$pay","context","arguments","undefined","fetch","requestObjectJwt","protectedHeader","jwk","push","x5c","requestObject","payload","client_metadata","jwks_uri","fetchedJwks","iss","wellKnownJwksUrl","jwksKeys","fetchJwksFromConfig","rpConfig","wallet_relying_party","Error"],"sourceRoot":"../../../../src","sources":["credential/presentation/04-retrieve-rp-jwks.ts"],"mappings":"AAAA,SAASA,IAAI,EAAEC,GAAG,QAAQ,iBAAiB;AAC3C,SAASC,gBAAgB,QAAQ,kBAAkB;AAEnD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,wCAAwC,QAAQ,UAAU;AACnE,SAASC,aAAa,QAAQ,SAAS;AACvC,SACEC,gBAAgB,EAChBC,cAAc,EACdC,aAAa,QACR,oBAAoB;;AAE3B;AACA;AACA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,gBAAgB,GAAG,MAAAA,CACvBC,OAAe,EACfC,QAA8B,KACX;EACnB,MAAMC,IAAI,GAAG,MAAMD,QAAQ,CAACD,OAAO,EAAE;IACnCG,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAACb,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3Ba,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEE,IAAI,IAAMA,IAAI,CAACJ,IAAI,GAAGb,IAAI,CAACkB,KAAK,CAACD,IAAI,CAACJ,IAAI,CAAC,GAAGb,IAAI,CAACkB,KAAK,CAACD,IAAI,CAAE,CAAC;EACzE,OAAOJ,IAAI,CAACM,IAAI;AAClB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,mBAAmB,GAAG,MAAOC,SAAmB,IAAqB;EACzE,IAAI,CAACC,KAAK,CAACC,OAAO,CAACF,SAAS,CAAC,IAAIA,SAAS,CAACG,MAAM,KAAK,CAAC,IAAI,CAACH,SAAS,CAAC,CAAC,CAAC,EAAE;IACxE,MAAM,IAAIhB,wCAAwC,CAChD,0BACF,CAAC;EACH;EAEA,MAAMoB,OAAO,GAAGlB,gBAAgB,CAACc,SAAS,CAAC,CAAC,CAAC,CAAC;EAC9C,MAAMK,SAAS,GAAGlB,cAAc,CAACiB,OAAO,CAAC;EACzC,IAAI,CAACC,SAAS,EAAE;IACd,MAAM,IAAIrB,wCAAwC,CAChD,8BACF,CAAC;EACH;EACA,MAAMsB,UAAU,GAAGlB,aAAa,CAACiB,SAAS,CAAC;EAE3C,OAAO,CAACC,UAAU,CAAC;AACrB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,yBAAyB,GAAIC,MAAc,IAAa;EAC5D,MAAMC,SAAS,GAAG,IAAIC,GAAG,CAACF,MAAM,CAAC;EACjC,OAAO,IAAIE,GAAG,CACX,0BAAyBD,SAAS,CAACE,QAAS,EAAC,EAC7C,GAAEF,SAAS,CAACG,QAAS,KAAIH,SAAS,CAACI,IAAK,EAC3C,CAAC,CAACC,QAAQ,CAAC,CAAC;AACd,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,0BAEZ,GAAG,eAAAA,CAAOC,uBAAuB,EAA4B;EAAA,IAAAC,qBAAA,EAAAC,qBAAA;EAAA,IAA1B;IAAEC,OAAO,GAAG,CAAC;EAAE,CAAC,GAAAC,SAAA,CAAAjB,MAAA,QAAAiB,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAG,CAAC,CAAC;EACvD,MAAM;IAAE7B,QAAQ,GAAG+B;EAAM,CAAC,GAAGH,OAAO;EACpC,MAAMI,gBAAgB,GAAGxC,SAAS,CAACiC,uBAAuB,CAAC;EAC3D,MAAMxB,IAAW,GAAG,EAAE;;EAEtB;EACA,KAAAyB,qBAAA,GAAIM,gBAAgB,CAACC,eAAe,cAAAP,qBAAA,eAAhCA,qBAAA,CAAkCQ,GAAG,EAAE;IACzC,MAAM3B,IAAI,GAAG,CAAClB,GAAG,CAACiB,KAAK,CAAC0B,gBAAgB,CAACC,eAAe,CAACC,GAAG,CAAC,CAAC;IAC9DjC,IAAI,CAACkC,IAAI,CAAC,GAAG5B,IAAI,CAAC;EACpB;;EAEA;EACA,IAAIyB,gBAAgB,CAACC,eAAe,CAACG,GAAG,EAAE;IACxC,MAAM7B,IAAI,GAAG,MAAMC,mBAAmB,CACpCwB,gBAAgB,CAACC,eAAe,CAACG,GACnC,CAAC;IACDnC,IAAI,CAACkC,IAAI,CAAC,GAAG5B,IAAI,CAAC;EACpB;;EAEA;EACA,MAAM8B,aAAa,GAAG3C,aAAa,CAACY,KAAK,CAAC0B,gBAAgB,CAACM,OAAO,CAAC;EACnE,MAAM;IAAEC;EAAgB,CAAC,GAAGF,aAAa;EAEzC,IAAIE,eAAe,aAAfA,eAAe,eAAfA,eAAe,CAAEC,QAAQ,EAAE;IAC7B,MAAMC,WAAW,GAAG,MAAM3C,gBAAgB,CACxC,IAAIqB,GAAG,CAACoB,eAAe,CAACC,QAAQ,CAAC,CAACjB,QAAQ,CAAC,CAAC,EAC5CvB,QACF,CAAC;IACDC,IAAI,CAACkC,IAAI,CAAC,GAAGM,WAAW,CAAC;EAC3B;EAEA,IAAIF,eAAe,aAAfA,eAAe,eAAfA,eAAe,CAAEtC,IAAI,EAAE;IACzBA,IAAI,CAACkC,IAAI,CAAC,GAAGI,eAAe,CAACtC,IAAI,CAACM,IAAI,CAAC;EACzC;;EAEA;EACA,MAAMU,MAAM,IAAAU,qBAAA,GAAGK,gBAAgB,CAACM,OAAO,cAAAX,qBAAA,uBAAxBA,qBAAA,CAA0Be,GAAG;EAC5C,IAAIzC,IAAI,CAACW,MAAM,KAAK,CAAC,IAAI,OAAOK,MAAM,KAAK,QAAQ,EAAE;IACnD,MAAM0B,gBAAgB,GAAG3B,yBAAyB,CAACC,MAAM,CAAC;IAC1D,MAAM2B,QAAQ,GAAG,MAAM9C,gBAAgB,CAAC6C,gBAAgB,EAAE3C,QAAQ,CAAC;IACnEC,IAAI,CAACkC,IAAI,CAAC,GAAGS,QAAQ,CAAC;EACxB;EAEA,IAAI3C,IAAI,CAACW,MAAM,KAAK,CAAC,EAAE;IACrB,MAAM,IAAInB,wCAAwC,CAChD,uCACF,CAAC;EACH;EAEA,OAAO;IAAEc,IAAI,EAAEN;EAAK,CAAC;AACvB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM4C,mBAEZ,GAAG,MAAOC,QAAQ,IAAK;EACtB,MAAM7C,IAAI,GAAG6C,QAAQ,CAACC,oBAAoB,CAAC9C,IAAI;EAE/C,IAAI,CAACA,IAAI,IAAI,CAACS,KAAK,CAACC,OAAO,CAACV,IAAI,CAACM,IAAI,CAAC,EAAE;IACtC,MAAM,IAAIyC,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,OAAO;IACLzC,IAAI,EAAEN,IAAI,CAACM;EACb,CAAC;AACH,CAAC"}
|
|
@@ -5,12 +5,17 @@ export const verifyRequestObjectSignature = async (requestObjectEncodedJwt, jwkK
|
|
|
5
5
|
const requestObjectJwt = decodeJwt(requestObjectEncodedJwt);
|
|
6
6
|
|
|
7
7
|
// verify token signature to ensure the request object is authentic
|
|
8
|
-
const pubKey = jwkKeys === null || jwkKeys === void 0 ? void 0 : jwkKeys.find(_ref => {
|
|
8
|
+
const pubKey = (jwkKeys === null || jwkKeys === void 0 ? void 0 : jwkKeys.find(_ref => {
|
|
9
9
|
let {
|
|
10
10
|
kid
|
|
11
11
|
} = _ref;
|
|
12
12
|
return kid === requestObjectJwt.protectedHeader.kid;
|
|
13
|
-
})
|
|
13
|
+
})) || (jwkKeys === null || jwkKeys === void 0 ? void 0 : jwkKeys.find(_ref2 => {
|
|
14
|
+
let {
|
|
15
|
+
use
|
|
16
|
+
} = _ref2;
|
|
17
|
+
return use === "sig";
|
|
18
|
+
}));
|
|
14
19
|
if (!pubKey) {
|
|
15
20
|
throw new UnverifiedEntityError("Request Object signature verification!");
|
|
16
21
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["UnverifiedEntityError","decode","decodeJwt","verify","RequestObject","verifyRequestObjectSignature","requestObjectEncodedJwt","jwkKeys","requestObjectJwt","pubKey","find","_ref","kid","protectedHeader","requestObject","parse","payload","exp","Date","now"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-verify-request-object.ts"],"mappings":"AAAA,SAASA,qBAAqB,QAAQ,UAAU;AAEhD,SAASC,MAAM,IAAIC,SAAS,EAAEC,MAAM,QAAQ,6BAA6B;AACzE,SAASC,aAAa,QAAQ,SAAS;AASvC,OAAO,MAAMC,4BAA0D,GACrE,MAAAA,CAAOC,uBAAuB,EAAEC,OAAO,KAAK;EAC1C,MAAMC,gBAAgB,GAAGN,SAAS,CAACI,uBAAuB,CAAC;;EAE3D;EACA,MAAMG,MAAM,
|
|
1
|
+
{"version":3,"names":["UnverifiedEntityError","decode","decodeJwt","verify","RequestObject","verifyRequestObjectSignature","requestObjectEncodedJwt","jwkKeys","requestObjectJwt","pubKey","find","_ref","kid","protectedHeader","_ref2","use","requestObject","parse","payload","exp","Date","now"],"sourceRoot":"../../../../src","sources":["credential/presentation/05-verify-request-object.ts"],"mappings":"AAAA,SAASA,qBAAqB,QAAQ,UAAU;AAEhD,SAASC,MAAM,IAAIC,SAAS,EAAEC,MAAM,QAAQ,6BAA6B;AACzE,SAASC,aAAa,QAAQ,SAAS;AASvC,OAAO,MAAMC,4BAA0D,GACrE,MAAAA,CAAOC,uBAAuB,EAAEC,OAAO,KAAK;EAC1C,MAAMC,gBAAgB,GAAGN,SAAS,CAACI,uBAAuB,CAAC;;EAE3D;EACA,MAAMG,MAAM,GACV,CAAAF,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEG,IAAI,CACXC,IAAA;IAAA,IAAC;MAAEC;IAAI,CAAC,GAAAD,IAAA;IAAA,OAAKC,GAAG,KAAKJ,gBAAgB,CAACK,eAAe,CAACD,GAAG;EAAA,CAC3D,CAAC,MAAIL,OAAO,aAAPA,OAAO,uBAAPA,OAAO,CAAEG,IAAI,CAACI,KAAA;IAAA,IAAC;MAAEC;IAAI,CAAC,GAAAD,KAAA;IAAA,OAAKC,GAAG,KAAK,KAAK;EAAA,EAAC;EAEhD,IAAI,CAACN,MAAM,EAAE;IACX,MAAM,IAAIT,qBAAqB,CAAC,wCAAwC,CAAC;EAC3E;EACA,MAAMG,MAAM,CAACG,uBAAuB,EAAEG,MAAM,CAAC;EAE7C,MAAMO,aAAa,GAAGZ,aAAa,CAACa,KAAK,CAACT,gBAAgB,CAACU,OAAO,CAAC;EACnE;EACA;EACA,IAAIF,aAAa,CAACG,GAAG,IAAIH,aAAa,CAACG,GAAG,IAAIC,IAAI,CAACC,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE;IAC/D,MAAM,IAAIrB,qBAAqB,CAAC,4BAA4B,CAAC;EAC/D;EAEA,OAAO;IAAEgB;EAAc,CAAC;AAC1B,CAAC"}
|
|
@@ -82,8 +82,8 @@ const extractClaimName = path => {
|
|
|
82
82
|
* - Validates whether required fields are present (unless marked optional)
|
|
83
83
|
* and match any specified JSONPath.
|
|
84
84
|
* - If a field includes a JSON Schema filter, validates the claim value against that schema.
|
|
85
|
-
* - Enforces `limit_disclosure` rules by returning only disclosures matching the specified fields
|
|
86
|
-
* if set to "required". Otherwise return the array
|
|
85
|
+
* - Enforces `limit_disclosure` rules by returning only disclosures, required and optional, matching the specified fields
|
|
86
|
+
* if set to "required". Otherwise also return the array unrequestedDisclosures with disclosures which can be passed for a particular use case.
|
|
87
87
|
* - Throws an error if a required field is invalid or missing.
|
|
88
88
|
*
|
|
89
89
|
* @param inputDescriptor - Describes constraints (fields, filters, etc.) that must be satisfied.
|
|
@@ -98,7 +98,8 @@ export const evaluateInputDescriptorForSdJwt4VC = (inputDescriptor, payloadCrede
|
|
|
98
98
|
// No validation, all field are optional
|
|
99
99
|
return {
|
|
100
100
|
requiredDisclosures: [],
|
|
101
|
-
optionalDisclosures:
|
|
101
|
+
optionalDisclosures: [],
|
|
102
|
+
unrequestedDisclosures: disclosures
|
|
102
103
|
};
|
|
103
104
|
}
|
|
104
105
|
const requiredClaimNames = [];
|
|
@@ -150,12 +151,15 @@ export const evaluateInputDescriptorForSdJwt4VC = (inputDescriptor, payloadCrede
|
|
|
150
151
|
}
|
|
151
152
|
|
|
152
153
|
// Categorizes disclosures into required and optional based on claim names and disclosure constraints.
|
|
153
|
-
|
|
154
|
+
|
|
154
155
|
const requiredDisclosures = disclosures.filter(disclosure => requiredClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]));
|
|
155
156
|
const optionalDisclosures = disclosures.filter(disclosure => optionalClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]) || isNotLimitDisclosure && !requiredClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]));
|
|
157
|
+
const isNotLimitDisclosure = !(inputDescriptor.constraints.limit_disclosure === "required");
|
|
158
|
+
const unrequestedDisclosures = isNotLimitDisclosure ? disclosures.filter(disclosure => !optionalClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME]) && !requiredClaimNames.includes(disclosure.decoded[INDEX_CLAIM_NAME])) : [];
|
|
156
159
|
return {
|
|
157
160
|
requiredDisclosures,
|
|
158
|
-
optionalDisclosures
|
|
161
|
+
optionalDisclosures,
|
|
162
|
+
unrequestedDisclosures
|
|
159
163
|
};
|
|
160
164
|
};
|
|
161
165
|
//# sourceMappingURL=07-evaluate-input-descriptor.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["JSONPath","MissingDataError","Ajv","ajv","allErrors","INDEX_CLAIM_NAME","mapDisclosuresToObject","disclosures","reduce","obj","_ref","decoded","claimName","claimValue","findMatchedClaim","paths","payload","matchedPath","matchedValue","some","singlePath","result","path","json","length","error","extractClaimName","regex","match","Error","evaluateInputDescriptorForSdJwt4VC","inputDescriptor","payloadCredential","_inputDescriptor$cons","constraints","fields","requiredDisclosures","optionalDisclosures","requiredClaimNames","optionalClaimNames","disclosuresAsPayload","allFieldsValid","every","field","optional","push","filter","validateSchema","compile","
|
|
1
|
+
{"version":3,"names":["JSONPath","MissingDataError","Ajv","ajv","allErrors","INDEX_CLAIM_NAME","mapDisclosuresToObject","disclosures","reduce","obj","_ref","decoded","claimName","claimValue","findMatchedClaim","paths","payload","matchedPath","matchedValue","some","singlePath","result","path","json","length","error","extractClaimName","regex","match","Error","evaluateInputDescriptorForSdJwt4VC","inputDescriptor","payloadCredential","_inputDescriptor$cons","constraints","fields","requiredDisclosures","optionalDisclosures","unrequestedDisclosures","requiredClaimNames","optionalClaimNames","disclosuresAsPayload","allFieldsValid","every","field","optional","push","filter","validateSchema","compile","disclosure","includes","isNotLimitDisclosure","limit_disclosure"],"sourceRoot":"../../../../src","sources":["credential/presentation/07-evaluate-input-descriptor.ts"],"mappings":"AAEA,SAASA,QAAQ,QAAQ,eAAe;AACxC,SAASC,gBAAgB,QAAQ,UAAU;AAC3C,OAAOC,GAAG,MAAM,KAAK;AACrB,MAAMC,GAAG,GAAG,IAAID,GAAG,CAAC;EAAEE,SAAS,EAAE;AAAK,CAAC,CAAC;AACxC,MAAMC,gBAAgB,GAAG,CAAC;AAc1B;AACA;AACA;AACA;AACA;AACA,MAAMC,sBAAsB,GAC1BC,WAAoC,IACR;EAC5B,OAAOA,WAAW,CAACC,MAAM,CAAC,CAACC,GAAG,EAAAC,IAAA,KAAkB;IAAA,IAAhB;MAAEC;IAAQ,CAAC,GAAAD,IAAA;IACzC,MAAM,GAAGE,SAAS,EAAEC,UAAU,CAAC,GAAGF,OAAO;IACzCF,GAAG,CAACG,SAAS,CAAC,GAAGC,UAAU;IAC3B,OAAOJ,GAAG;EACZ,CAAC,EAAE,CAAC,CAA4B,CAAC;AACnC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMK,gBAAgB,GAAGA,CACvBC,KAAe,EACfC,OAAY,KACW;EACvB,IAAIC,WAAW;EACf,IAAIC,YAAY;EAChBH,KAAK,CAACI,IAAI,CAAEC,UAAU,IAAK;IACzB,IAAI;MACF,MAAMC,MAAM,GAAGrB,QAAQ,CAAC;QAAEsB,IAAI,EAAEF,UAAU;QAAEG,IAAI,EAAEP;MAAQ,CAAC,CAAC;MAC5D,IAAIK,MAAM,CAACG,MAAM,GAAG,CAAC,EAAE;QACrBP,WAAW,GAAGG,UAAU;QACxBF,YAAY,GAAGG,MAAM,CAAC,CAAC,CAAC;QACxB,OAAO,IAAI;MACb;IACF,CAAC,CAAC,OAAOI,KAAK,EAAE;MACd,MAAM,IAAIxB,gBAAgB,CACvB,iBAAgBmB,UAAW,wCAC9B,CAAC;IACH;IACA,OAAO,KAAK;EACd,CAAC,CAAC;EAEF,OAAO,CAACH,WAAW,EAAEC,YAAY,CAAC;AACpC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMQ,gBAAgB,GAAIJ,IAAY,IAAyB;EAC7D;EACA;EACA;EACA,MAAMK,KAAK,GAAG,yCAAyC;EAEvD,MAAMC,KAAK,GAAGN,IAAI,CAACM,KAAK,CAACD,KAAK,CAAC;EAC/B,IAAIC,KAAK,EAAE;IACT;IACA;IACA,OAAOA,KAAK,CAAC,CAAC,CAAC,IAAIA,KAAK,CAAC,CAAC,CAAC;EAC7B;;EAEA;;EAEA,MAAM,IAAIC,KAAK,CACZ,0BAAyBP,IAAK,wFACjC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,kCAAmE,GAC9EA,CAACC,eAAe,EAAEC,iBAAiB,EAAEzB,WAAW,KAAK;EAAA,IAAA0B,qBAAA;EACnD,IAAI,EAACF,eAAe,aAAfA,eAAe,gBAAAE,qBAAA,GAAfF,eAAe,CAAEG,WAAW,cAAAD,qBAAA,eAA5BA,qBAAA,CAA8BE,MAAM,GAAE;IACzC;IACA,OAAO;MACLC,mBAAmB,EAAE,EAAE;MACvBC,mBAAmB,EAAE,EAAE;MACvBC,sBAAsB,EAAE/B;IAC1B,CAAC;EACH;EACA,MAAMgC,kBAA4B,GAAG,EAAE;EACvC,MAAMC,kBAA4B,GAAG,EAAE;;EAEvC;EACA,MAAMC,oBAAoB,GAAGnC,sBAAsB,CAACC,WAAW,CAAC;;EAEhE;EACA;EACA,MAAMmC,cAAc,GAAGX,eAAe,CAACG,WAAW,CAACC,MAAM,CAACQ,KAAK,CAAEC,KAAK,IAAK;IACzE;IACA;IACA;IACA,IAAI,CAAC3B,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAChD8B,KAAK,CAACtB,IAAI,EACVmB,oBACF,CAAC;IAED,IAAI,CAACxB,WAAW,EAAE;MAChB,CAACA,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAC5C8B,KAAK,CAACtB,IAAI,EACVU,iBACF,CAAC;MAED,IAAI,CAACf,WAAW,EAAE;QAChB;QACA,OAAO2B,KAAK,aAALA,KAAK,uBAALA,KAAK,CAAEC,QAAQ;MACxB;IACF,CAAC,MAAM;MACL;MACA,MAAMjC,SAAS,GAAGc,gBAAgB,CAACT,WAAW,CAAC;MAC/C,IAAIL,SAAS,EAAE;QACb,CAACgC,KAAK,aAALA,KAAK,eAALA,KAAK,CAAEC,QAAQ,GAAGL,kBAAkB,GAAGD,kBAAkB,EAAEO,IAAI,CAC9DlC,SACF,CAAC;MACH;IACF;;IAEA;IACA;IACA,IAAIgC,KAAK,CAACG,MAAM,EAAE;MAChB,IAAI;QACF,MAAMC,cAAc,GAAG7C,GAAG,CAAC8C,OAAO,CAACL,KAAK,CAACG,MAAM,CAAC;QAChD,IAAI,CAACC,cAAc,CAAC9B,YAAY,CAAC,EAAE;UACjC,MAAM,IAAIjB,gBAAgB,CACvB,gBAAeiB,YAAa,eAAcD,WAAY,4CACzD,CAAC;QACH;MACF,CAAC,CAAC,OAAOQ,KAAK,EAAE;QACd,OAAO,KAAK;MACd;IACF;IACA;IACA;;IAEA,OAAO,IAAI;EACb,CAAC,CAAC;EAEF,IAAI,CAACiB,cAAc,EAAE;IACnB,MAAM,IAAIzC,gBAAgB,CACxB,iGACF,CAAC;EACH;;EAEA;;EAEA,MAAMmC,mBAAmB,GAAG7B,WAAW,CAACwC,MAAM,CAAEG,UAAU,IACxDX,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACvC,OAAO,CAACN,gBAAgB,CAAC,CAClE,CAAC;EAED,MAAMgC,mBAAmB,GAAG9B,WAAW,CAACwC,MAAM,CAC3CG,UAAU,IACTV,kBAAkB,CAACW,QAAQ,CAACD,UAAU,CAACvC,OAAO,CAACN,gBAAgB,CAAC,CAAC,IAChE+C,oBAAoB,IACnB,CAACb,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACvC,OAAO,CAACN,gBAAgB,CAAC,CACvE,CAAC;EAED,MAAM+C,oBAAoB,GAAG,EAC3BrB,eAAe,CAACG,WAAW,CAACmB,gBAAgB,KAAK,UAAU,CAC5D;EAED,MAAMf,sBAAsB,GAAGc,oBAAoB,GAC/C7C,WAAW,CAACwC,MAAM,CACfG,UAAU,IACT,CAACV,kBAAkB,CAACW,QAAQ,CAC1BD,UAAU,CAACvC,OAAO,CAACN,gBAAgB,CACrC,CAAC,IACD,CAACkC,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACvC,OAAO,CAACN,gBAAgB,CAAC,CACrE,CAAC,GACD,EAAE;EAEN,OAAO;IACL+B,mBAAmB;IACnBC,mBAAmB;IACnBC;EACF,CAAC;AACH,CAAC"}
|
|
@@ -15,21 +15,21 @@ export const AuthorizationResponse = z.object({
|
|
|
15
15
|
});
|
|
16
16
|
|
|
17
17
|
/**
|
|
18
|
-
* Selects
|
|
18
|
+
* Selects a public key (with `use = enc`) from the set of JWK keys
|
|
19
19
|
* offered by the Relying Party (RP) for encryption.
|
|
20
20
|
*
|
|
21
21
|
* @param rpJwkKeys - The array of JWKs retrieved from the RP entity configuration.
|
|
22
|
-
* @returns The first suitable
|
|
23
|
-
* @throws {NoSuitableKeysFoundInEntityConfiguration} If no suitable
|
|
22
|
+
* @returns The first suitable public key found in the list.
|
|
23
|
+
* @throws {NoSuitableKeysFoundInEntityConfiguration} If no suitable encryption key is found.
|
|
24
24
|
*/
|
|
25
|
-
export const
|
|
26
|
-
const [
|
|
27
|
-
if (
|
|
28
|
-
return
|
|
25
|
+
export const choosePublicKeyToEncrypt = rpJwkKeys => {
|
|
26
|
+
const [encKey] = rpJwkKeys.filter(jwk => jwk.use === "enc");
|
|
27
|
+
if (encKey) {
|
|
28
|
+
return encKey;
|
|
29
29
|
}
|
|
30
30
|
|
|
31
31
|
// No suitable key found
|
|
32
|
-
throw new NoSuitableKeysFoundInEntityConfiguration("No suitable
|
|
32
|
+
throw new NoSuitableKeysFoundInEntityConfiguration("No suitable public key found for encryption.");
|
|
33
33
|
};
|
|
34
34
|
|
|
35
35
|
/**
|
|
@@ -131,18 +131,22 @@ export const buildDirectPostJwtBody = async (jwkKeys, requestObject, vpToken, pr
|
|
|
131
131
|
});
|
|
132
132
|
|
|
133
133
|
// Choose a suitable RSA public key for encryption
|
|
134
|
-
const
|
|
134
|
+
const encPublicJwk = choosePublicKeyToEncrypt(jwkKeys);
|
|
135
135
|
|
|
136
136
|
// Encrypt the authorization payload
|
|
137
|
+
const {
|
|
138
|
+
client_metadata
|
|
139
|
+
} = requestObject;
|
|
137
140
|
const encryptedResponse = await new EncryptJwe(authzResponsePayload, {
|
|
138
|
-
alg: "RSA-OAEP-256",
|
|
139
|
-
enc: "A256CBC-HS512",
|
|
140
|
-
kid:
|
|
141
|
-
}).encrypt(
|
|
141
|
+
alg: (client_metadata === null || client_metadata === void 0 ? void 0 : client_metadata.authorization_encrypted_response_alg) || "RSA-OAEP-256",
|
|
142
|
+
enc: (client_metadata === null || client_metadata === void 0 ? void 0 : client_metadata.authorization_encrypted_response_enc) || "A256CBC-HS512",
|
|
143
|
+
kid: encPublicJwk.kid
|
|
144
|
+
}).encrypt(encPublicJwk);
|
|
142
145
|
|
|
143
146
|
// Build the x-www-form-urlencoded form body
|
|
144
147
|
const formBody = new URLSearchParams({
|
|
145
|
-
response: encryptedResponse
|
|
148
|
+
response: encryptedResponse,
|
|
149
|
+
state: requestObject.state
|
|
146
150
|
});
|
|
147
151
|
return formBody.toString();
|
|
148
152
|
};
|