@pagopa/io-react-native-wallet 1.7.0 → 2.0.0-next.0

package/lib/module/trust/errors.js

@@ -0,0 +1,94 @@
+import { IoWalletError, serializeAttrs } from "../utils/errors"; // Ensure this path is correct
+
+/**
+ * Base class for all federation-specific errors.
+ */
+export class FederationError extends IoWalletError {
+  constructor(message, details) {
+    super(details ? serializeAttrs({
+      message,
+      ...details
+    }) : message);
+    this.name = this.constructor.name;
+  }
+}
+
+/**
+ * Error thrown when a trust chain is unexpectedly empty.
+ */
+export class TrustChainEmptyError extends FederationError {
+  code = "ERR_FED_TRUST_CHAIN_EMPTY";
+  constructor() {
+    let message = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : "Trust chain cannot be empty.";
+    super(message, undefined);
+  }
+}
+
+/**
+ * Error thrown when a token is unexpectedly missing from a trust chain during processing.
+ */
+export class TrustChainTokenMissingError extends FederationError {
+  code = "ERR_FED_TRUST_CHAIN_TOKEN_MISSING";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+
+/**
+ * Error thrown when renewing a trust chain fails.
+ * This class itself might be used or could be considered a more general renewal error.
+ */
+export class TrustChainRenewalError extends FederationError {
+  code = "ERR_FED_TRUST_CHAIN_RENEWAL_FAILED";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+export class FederationListParseError extends FederationError {
+  code = "ERR_FED_FEDERATION_LIST_PARSE_FAILED";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+
+/**
+ * General error thrown during the trust chain building process.
+ */
+export class BuildTrustChainError extends FederationError {
+  code = "ERR_FED_BUILD_TRUST_CHAIN_FAILED";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+
+/**
+ * Error thrown when the Trust Anchor's key is missing a 'kid'.
+ */
+export class TrustAnchorKidMissingError extends FederationError {
+  code = "ERR_FED_TRUST_ANCHOR_KID_MISSING";
+  constructor() {
+    let message = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : "Missing 'kid' in provided Trust Anchor key.";
+    super(message, undefined);
+  }
+}
+
+/**
+ * Error thrown if the Relying Party is not found in the Trust Anchor's federation list.
+ */
+export class RelyingPartyNotAuthorizedError extends FederationError {
+  code = "ERR_FED_RELYING_PARTY_NOT_AUTHORIZED";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+
+/**
+ * Error thrown when a 'federation_fetch_endpoint' is missing in an entity's configuration.
+ */
+export class MissingFederationFetchEndpointError extends FederationError {
+  code = "ERR_FED_MISSING_FEDERATION_FETCH_ENDPOINT";
+  constructor(message, details) {
+    super(message, details);
+  }
+}
+//# sourceMappingURL=errors.js.map

package/lib/module/trust/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["IoWalletError","serializeAttrs","FederationError","constructor","message","details","name","TrustChainEmptyError","code","arguments","length","undefined","TrustChainTokenMissingError","TrustChainRenewalError","FederationListParseError","BuildTrustChainError","TrustAnchorKidMissingError","RelyingPartyNotAuthorizedError","MissingFederationFetchEndpointError"],"sourceRoot":"../../../src","sources":["trust/errors.ts"],"mappings":"AAAA,SAASA,aAAa,EAAEC,cAAc,QAAQ,iBAAiB,CAAC,CAAC;;AAEjE;AACA;AACA;AACA,OAAO,MAAMC,eAAe,SAASF,aAAa,CAAC;EACjDG,WAAWA,CAACC,OAAe,EAAEC,OAAiC,EAAE;IAC9D,KAAK,CAACA,OAAO,GAAGJ,cAAc,CAAC;MAAEG,OAAO;MAAE,GAAGC;IAAQ,CAAC,CAAC,GAAGD,OAAO,CAAC;IAClE,IAAI,CAACE,IAAI,GAAG,IAAI,CAACH,WAAW,CAACG,IAAI;EACnC;AACF;;AAEA;AACA;AACA;AACA,OAAO,MAAMC,oBAAoB,SAASL,eAAe,CAAC;EACxDM,IAAI,GAAG,2BAA2B;EAClCL,WAAWA,CAAA,EAA2C;IAAA,IAA1CC,OAAO,GAAAK,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,8BAA8B;IAClD,KAAK,CAACL,OAAO,EAAEO,SAAS,CAAC;EAC3B;AACF;;AAEA;AACA;AACA;AACA,OAAO,MAAMC,2BAA2B,SAASV,eAAe,CAAC;EAC/DM,IAAI,GAAG,mCAAmC;EAC1CL,WAAWA,CAACC,OAAe,EAAEC,OAA4B,EAAE;IACzD,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,sBAAsB,SAASX,eAAe,CAAC;EAC1DM,IAAI,GAAG,oCAAoC;EAC3CL,WAAWA,CACTC,OAAe,EACfC,OAA8D,EAC9D;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;AAEA,OAAO,MAAMS,wBAAwB,SAASZ,eAAe,CAAC;EAC5DM,IAAI,GAAG,sCAAsC;EAC7CL,WAAWA,CAACC,OAAe,EAAEC,OAA6C,EAAE;IAC1E,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AACA,OAAO,MAAMU,oBAAoB,SAASb,eAAe,CAAC;EACxDM,IAAI,GAAG,kCAAkC;EACzCL,WAAWA,CACTC,OAAe,EACfC,OAIC,EACD;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AACA,OAAO,MAAMW,0BAA0B,SAASd,eAAe,CAAC;EAC9DM,IAAI,GAAG,kCAAkC;EACzCL,WAAWA,CAAA,EAA0D;IAAA,IAAzDC,OAAO,GAAAK,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,6CAA6C;IACjE,KAAK,CAACL,OAAO,EAAEO,SAAS,CAAC;EAC3B;AACF;;AAEA;AACA;AACA;AACA,OAAO,MAAMM,8BAA8B,SAASf,eAAe,CAAC;EAClEM,IAAI,GAAG,sCAAsC;EAC7CL,WAAWA,CACTC,OAAe,EACfC,OAAqE,EACrE;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AACA,OAAO,MAAMa,mCAAmC,SAAShB,eAAe,CAAC;EACvEM,IAAI,GAAG,2CAA2C;EAClDL,WAAWA,CACTC,OAAe,EACfC,OAA8D,EAC9D;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF"}

package/lib/module/trust/index.js

@@ -0,0 +1,263 @@
+import { decode, verify } from "./utils";
+import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
+import { CredentialIssuerEntityConfiguration, EntityConfiguration, EntityStatement, FederationListResponse, RelyingPartyEntityConfiguration, TrustAnchorEntityConfiguration, WalletProviderEntityConfiguration } from "./types";
+import { renewTrustChain, validateTrustChain } from "./chain";
+import { hasStatusOrThrow } from "../utils/misc";
+import { BuildTrustChainError, FederationListParseError, MissingFederationFetchEndpointError, RelyingPartyNotAuthorizedError, TrustAnchorKidMissingError } from "./errors";
+/**
+ * Verify a given trust chain is actually valid.
+ * It can handle fast chain renewal, which means we try to fetch a fresh version of each statement.
+ *
+ * @param trustAnchorEntity The entity configuration of the known trust anchor
+ * @param chain The chain of statements to be validated
+ * @param renewOnFail Whether to renew the provided chain if the validation fails at first. Default: true
+ * @param appFetch Fetch api implementation. Default: the built-in implementation
+ * @returns The result of the chain validation
+ * @throws {FederationError} If the chain is not valid
+ */
+export async function verifyTrustChain(trustAnchorEntity, chain) {
+  let {
+    appFetch = fetch,
+    renewOnFail = true
+  } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
+  try {
+    return validateTrustChain(trustAnchorEntity, chain);
+  } catch (error) {
+    if (renewOnFail) {
+      const renewedChain = await renewTrustChain(chain, appFetch);
+      return validateTrustChain(trustAnchorEntity, renewedChain);
+    } else {
+      throw error;
+    }
+  }
+}
+
+/**
+ * Fetch the signed entity configuration token for an entity
+ *
+ * @param entityBaseUrl The url of the entity to fetch
+ * @param appFetch (optional) fetch api implementation
+ * @returns The signed Entity Configuration token
+ */
+export async function getSignedEntityConfiguration(entityBaseUrl) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  const wellKnownUrl = `${entityBaseUrl}/.well-known/openid-federation`;
+  return await appFetch(wellKnownUrl, {
+    method: "GET"
+  }).then(hasStatusOrThrow(200)).then(res => res.text());
+}
+
+/**
+ * Fetch and parse the entity configuration document for a given federation entity.
+ * This is an inner method to serve public interfaces.
+ *
+ * To add another entity configuration type (example: Foo entity type):
+ *  - create its zod schema and type by inherit from the base type (example: FooEntityConfiguration = BaseEntityConfiguration.and(...))
+ *  - add such type to EntityConfiguration union
+ *  - add an overload to this function
+ *  - create a public function which use such type (example: getFooEntityConfiguration = (url, options) => Promise<FooEntityConfiguration>)
+ *
+ * @param entityBaseUrl The base url of the entity.
+ * @param schema The expected schema of the entity configuration, according to the kind of entity we are fetching from.
+ * @param options An optional object with additional options.
+ * @param options.appFetch An optional instance of the http client to be used.
+ * @returns The parsed entity configuration object
+ * @throws {IoWalletError} If the http request fails
+ * @throws Parse error if the document is not in the expected shape.
+ */
+
+async function fetchAndParseEntityConfiguration(entityBaseUrl, schema) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
+  const responseText = await getSignedEntityConfiguration(entityBaseUrl, {
+    appFetch
+  });
+  const responseJwt = decodeJwt(responseText);
+  return schema.parse({
+    header: responseJwt.protectedHeader,
+    payload: responseJwt.payload
+  });
+}
+export const getWalletProviderEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, WalletProviderEntityConfiguration, options);
+export const getCredentialIssuerEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, CredentialIssuerEntityConfiguration, options);
+export const getTrustAnchorEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, TrustAnchorEntityConfiguration, options);
+export const getRelyingPartyEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, RelyingPartyEntityConfiguration, options);
+export const getEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, EntityConfiguration, options);
+
+/**
+ * Fetch and parse the entity statement document for a given federation entity.
+ *
+ * @param accreditationBodyBaseUrl The base url of the accreditation body which holds and signs the required entity statement
+ * @param subordinatedEntityBaseUrl The url that identifies the subordinate entity
+ * @param appFetch An optional instance of the http client to be used.
+ * @returns The parsed entity configuration object
+ * @throws {IoWalletError} If the http request fails
+ */
+export async function getEntityStatement(accreditationBodyBaseUrl, subordinatedEntityBaseUrl) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
+  const responseText = await getSignedEntityStatement(accreditationBodyBaseUrl, subordinatedEntityBaseUrl, {
+    appFetch
+  });
+  const responseJwt = decodeJwt(responseText);
+  return EntityStatement.parse({
+    header: responseJwt.protectedHeader,
+    payload: responseJwt.payload
+  });
+}
+
+/**
+ * Fetch the entity statement document for a given federation entity.
+ *
+ * @param federationFetchEndpoint The exact endpoint provided by the parent EC's metadata.
+ * @param subordinatedEntityBaseUrl The url that identifies the subordinate entity.
+ * @param appFetch An optional instance of the http client to be used.
+ * @returns The signed entity statement token.
+ * @throws {IoWalletError} If the http request fails.
+ */
+export async function getSignedEntityStatement(federationFetchEndpoint, subordinatedEntityBaseUrl) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
+  const url = new URL(federationFetchEndpoint);
+  url.searchParams.set("sub", subordinatedEntityBaseUrl);
+  return await appFetch(url.toString(), {
+    method: "GET"
+  }).then(hasStatusOrThrow(200)).then(res => res.text());
+}
+
+/**
+ * Fetch the federation list document from a given endpoint.
+ *
+ * @param federationListEndpoint The URL of the federation list endpoint.
+ * @param appFetch An optional instance of the http client to be used.
+ * @returns The federation list as an array of strings.
+ * @throws {IoWalletError} If the HTTP request fails.
+ * @throws {FederationError} If the result is not in the expected format.
+ */
+export async function getFederationList(federationListEndpoint) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  return await appFetch(federationListEndpoint, {
+    method: "GET"
+  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(json => {
+    const result = FederationListResponse.safeParse(json);
+    if (!result.success) {
+      throw new FederationListParseError(`Invalid federation list format received from ${federationListEndpoint}. Error: ${result.error.message}`, {
+        url: federationListEndpoint,
+        parseError: result.error.toString()
+      });
+    }
+    return result.data;
+  });
+}
+
+/**
+ * Build a not-verified trust chain for a given Relying Party (RP) entity.
+ *
+ * @param relyingPartyEntityBaseUrl The base URL of the RP entity
+ * @param trustAnchorKey The public key of the Trust Anchor (TA) entity
+ * @param appFetch An optional instance of the http client to be used.
+ * @returns A list of signed tokens that represent the trust chain, in the order of the chain (from the RP to the Trust Anchor)
+ * @throws {FederationError} When an element of the chain fails to parse or other build steps fail.
+ */
+export async function buildTrustChain(relyingPartyEntityBaseUrl, trustAnchorKey) {
+  let appFetch = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : fetch;
+  // 1: Recursively gather the trust chain from the RP up to the Trust Anchor
+  const trustChain = await gatherTrustChain(relyingPartyEntityBaseUrl, appFetch);
+
+  // 2: Trust Anchor signature verification
+  const trustAnchorJwt = trustChain[trustChain.length - 1];
+  if (!trustAnchorJwt) {
+    throw new BuildTrustChainError("Cannot verify trust anchor: missing entity configuration in gathered chain.", {
+      relyingPartyUrl: relyingPartyEntityBaseUrl
+    });
+  }
+  if (!trustAnchorKey.kid) {
+    throw new TrustAnchorKidMissingError();
+  }
+  await verify(trustAnchorJwt, trustAnchorKey.kid, [trustAnchorKey]);
+
+  // 3: Check the federation list
+  const trustAnchorConfig = EntityConfiguration.parse(decode(trustAnchorJwt));
+  const federationListEndpoint = trustAnchorConfig.payload.metadata.federation_entity.federation_list_endpoint;
+  if (federationListEndpoint) {
+    const federationList = await getFederationList(federationListEndpoint, {
+      appFetch
+    });
+    if (!federationList.includes(relyingPartyEntityBaseUrl)) {
+      throw new RelyingPartyNotAuthorizedError("Relying Party entity base URL is not authorized by the Trust Anchor's federation list.", {
+        relyingPartyUrl: relyingPartyEntityBaseUrl,
+        federationListEndpoint
+      });
+    }
+  }
+  return trustChain;
+}
+
+/**
+ * Recursively gather the trust chain for an entity and all its superiors.
+ * @param entityBaseUrl The base URL of the entity for which to gather the chain.
+ * @param appFetch An optional instance of the http client to be used.
+ * @param isLeaf Whether the current entity is the leaf of the chain.
+ * @returns A full ordered list of JWTs (ECs and ESs) forming the trust chain.
+ * @throws {FederationError} If any of the fetched documents fail to parse or other errors occur during the gathering process.
+ */
+async function gatherTrustChain(entityBaseUrl, appFetch) {
+  let isLeaf = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : true;
+  const chain = [];
+
+  // Fetch self-signed EC (only needed for the leaf)
+  const entityECJwt = await getSignedEntityConfiguration(entityBaseUrl, {
+    appFetch
+  });
+  const entityEC = EntityConfiguration.parse(decode(entityECJwt));
+  if (isLeaf) {
+    // Only push EC for the leaf
+    chain.push(entityECJwt);
+  }
+
+  // Find authority_hints (parent, if any)
+  const authorityHints = entityEC.payload.authority_hints ?? [];
+  if (authorityHints.length === 0) {
+    // This is the Trust Anchor (no parent)
+    if (!isLeaf) {
+      chain.push(entityECJwt);
+    }
+    return chain;
+  }
+  const parentEntityBaseUrl = authorityHints[0];
+
+  // Fetch parent EC
+  const parentECJwt = await getSignedEntityConfiguration(parentEntityBaseUrl, {
+    appFetch
+  });
+  const parentEC = EntityConfiguration.parse(decode(parentECJwt));
+
+  // Fetch ES
+  const federationFetchEndpoint = parentEC.payload.metadata.federation_entity.federation_fetch_endpoint;
+  if (!federationFetchEndpoint) {
+    throw new MissingFederationFetchEndpointError(`Missing federation_fetch_endpoint in parent's (${parentEntityBaseUrl}) configuration when gathering chain for ${entityBaseUrl}.`, {
+      entityBaseUrl,
+      missingInEntityUrl: parentEntityBaseUrl
+    });
+  }
+  const entityStatementJwt = await getSignedEntityStatement(federationFetchEndpoint, entityBaseUrl, {
+    appFetch
+  });
+  // Validate the ES
+  EntityStatement.parse(decode(entityStatementJwt));
+
+  // Push this ES into the chain
+  chain.push(entityStatementJwt);
+
+  // Recurse into the parent
+  const parentChain = await gatherTrustChain(parentEntityBaseUrl, appFetch, false);
+  return chain.concat(parentChain);
+}
+//# sourceMappingURL=index.js.map

package/lib/module/trust/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["decode","verify","decodeJwt","CredentialIssuerEntityConfiguration","EntityConfiguration","EntityStatement","FederationListResponse","RelyingPartyEntityConfiguration","TrustAnchorEntityConfiguration","WalletProviderEntityConfiguration","renewTrustChain","validateTrustChain","hasStatusOrThrow","BuildTrustChainError","FederationListParseError","MissingFederationFetchEndpointError","RelyingPartyNotAuthorizedError","TrustAnchorKidMissingError","verifyTrustChain","trustAnchorEntity","chain","appFetch","fetch","renewOnFail","arguments","length","undefined","error","renewedChain","getSignedEntityConfiguration","entityBaseUrl","wellKnownUrl","method","then","res","text","fetchAndParseEntityConfiguration","schema","responseText","responseJwt","parse","header","protectedHeader","payload","getWalletProviderEntityConfiguration","options","getCredentialIssuerEntityConfiguration","getTrustAnchorEntityConfiguration","getRelyingPartyEntityConfiguration","getEntityConfiguration","getEntityStatement","accreditationBodyBaseUrl","subordinatedEntityBaseUrl","getSignedEntityStatement","federationFetchEndpoint","url","URL","searchParams","set","toString","getFederationList","federationListEndpoint","json","result","safeParse","success","message","parseError","data","buildTrustChain","relyingPartyEntityBaseUrl","trustAnchorKey","trustChain","gatherTrustChain","trustAnchorJwt","relyingPartyUrl","kid","trustAnchorConfig","metadata","federation_entity","federation_list_endpoint","federationList","includes","isLeaf","entityECJwt","entityEC","push","authorityHints","authority_hints","parentEntityBaseUrl","parentECJwt","parentEC","federation_fetch_endpoint","missingInEntityUrl","entityStatementJwt","parentChain","concat"],"sourceRoot":"../../../src","sources":["trust/index.ts"],"mappings":"AAAA,SAASA,MAAM,EAAEC,MAAM,QAAQ,SAAS;AACxC,SAASD,MAAM,IAAIE,SAAS,QAAQ,6BAA6B;AACjE,SACEC,mCAAmC,EACnCC,mBAAmB,EACnBC,eAAe,EACfC,sBAAsB,EACtBC,+BAA+B,EAC/BC,8BAA8B,EAC9BC,iCAAiC,QAC5B,SAAS;AAChB,SAASC,eAAe,EAAEC,kBAAkB,QAAQ,SAAS;AAC7D,SAASC,gBAAgB,QAAQ,eAAe;AAEhD,SACEC,oBAAoB,EACpBC,wBAAwB,EACxBC,mCAAmC,EACnCC,8BAA8B,EAC9BC,0BAA0B,QACrB,UAAU;AAWjB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,gBAAgBA,CACpCC,iBAAiD,EACjDC,KAAe,EAKiC;EAAA,IAJhD;IACEC,QAAQ,GAAGC,KAAK;IAChBC,WAAW,GAAG;EAC4C,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAElE,IAAI;IACF,OAAOb,kBAAkB,CAACQ,iBAAiB,EAAEC,KAAK,CAAC;EACrD,CAAC,CAAC,OAAOO,KAAK,EAAE;IACd,IAAIJ,WAAW,EAAE;MACf,MAAMK,YAAY,GAAG,MAAMlB,eAAe,CAACU,KAAK,EAAEC,QAAQ,CAAC;MAC3D,OAAOV,kBAAkB,CAACQ,iBAAiB,EAAES,YAAY,CAAC;IAC5D,CAAC,MAAM;MACL,MAAMD,KAAK;IACb;EACF;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeE,4BAA4BA,CAChDC,aAAqB,EAMJ;EAAA,IALjB;IACET,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMO,YAAY,GAAI,GAAED,aAAc,gCAA+B;EAErE,OAAO,MAAMT,QAAQ,CAACU,YAAY,EAAE;IAClCC,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAACrB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BqB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;AAC9B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAoCA,eAAeC,gCAAgCA,CAC7CN,aAAqB,EACrBO,MAK8B,EAM9B;EAAA,IALA;IACEhB,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMc,YAAY,GAAG,MAAMT,4BAA4B,CAACC,aAAa,EAAE;IACrET;EACF,CAAC,CAAC;EAEF,MAAMkB,WAAW,GAAGrC,SAAS,CAACoC,YAAY,CAAC;EAC3C,OAAOD,MAAM,CAACG,KAAK,CAAC;IAClBC,MAAM,EAAEF,WAAW,CAACG,eAAe;IACnCC,OAAO,EAAEJ,WAAW,CAACI;EACvB,CAAC,CAAC;AACJ;AAEA,OAAO,MAAMC,oCAAoC,GAAGA,CAClDd,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACbrB,iCAAiC,EACjCoC,OACF,CAAC;AAEH,OAAO,MAAMC,sCAAsC,GAAGA,CACpDhB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACb3B,mCAAmC,EACnC0C,OACF,CAAC;AAEH,OAAO,MAAME,iCAAiC,GAAGA,CAC/CjB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACbtB,8BAA8B,EAC9BqC,OACF,CAAC;AAEH,OAAO,MAAMG,kCAAkC,GAAGA,CAChDlB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAC9BN,aAAa,EACbvB,+BAA+B,EAC/BsC,OACF,CAAC;AAEH,OAAO,MAAMI,sBAAsB,GAAGA,CACpCnB,aAAqE,EACrEe,OAAgE,KAEhET,gCAAgC,CAACN,aAAa,EAAE1B,mBAAmB,EAAEyC,OAAO,CAAC;;AAE/E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeK,kBAAkBA,CACtCC,wBAAgC,EAChCC,yBAAiC,EAMjC;EAAA,IALA;IACE/B,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMc,YAAY,GAAG,MAAMe,wBAAwB,CACjDF,wBAAwB,EACxBC,yBAAyB,EACzB;IACE/B;EACF,CACF,CAAC;EAED,MAAMkB,WAAW,GAAGrC,SAAS,CAACoC,YAAY,CAAC;EAC3C,OAAOjC,eAAe,CAACmC,KAAK,CAAC;IAC3BC,MAAM,EAAEF,WAAW,CAACG,eAAe;IACnCC,OAAO,EAAEJ,WAAW,CAACI;EACvB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeU,wBAAwBA,CAC5CC,uBAA+B,EAC/BF,yBAAiC,EAMjC;EAAA,IALA;IACE/B,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAM+B,GAAG,GAAG,IAAIC,GAAG,CAACF,uBAAuB,CAAC;EAC5CC,GAAG,CAACE,YAAY,CAACC,GAAG,CAAC,KAAK,EAAEN,yBAAyB,CAAC;EAEtD,OAAO,MAAM/B,QAAQ,CAACkC,GAAG,CAACI,QAAQ,CAAC,CAAC,EAAE;IACpC3B,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAACrB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BqB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;AAC9B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeyB,iBAAiBA,CACrCC,sBAA8B,EAMX;EAAA,IALnB;IACExC,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,OAAO,MAAMH,QAAQ,CAACwC,sBAAsB,EAAE;IAC5C7B,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAACrB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BqB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAAC4B,IAAI,CAAC,CAAC,CAAC,CACzB7B,IAAI,CAAE6B,IAAI,IAAK;IACd,MAAMC,MAAM,GAAGzD,sBAAsB,CAAC0D,SAAS,CAACF,IAAI,CAAC;IACrD,IAAI,CAACC,MAAM,CAACE,OAAO,EAAE;MACnB,MAAM,IAAInD,wBAAwB,CAC/B,gDAA+C+C,sBAAuB,YAAWE,MAAM,CAACpC,KAAK,CAACuC,OAAQ,EAAC,EACxG;QAAEX,GAAG,EAAEM,sBAAsB;QAAEM,UAAU,EAAEJ,MAAM,CAACpC,KAAK,CAACgC,QAAQ,CAAC;MAAE,CACrE,CAAC;IACH;IACA,OAAOI,MAAM,CAACK,IAAI;EACpB,CAAC,CAAC;AACN;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,eAAeA,CACnCC,yBAAiC,EACjCC,cAAmB,EAEA;EAAA,IADnBlD,QAA8B,GAAAG,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGF,KAAK;EAEtC;EACA,MAAMkD,UAAU,GAAG,MAAMC,gBAAgB,CACvCH,yBAAyB,EACzBjD,QACF,CAAC;;EAED;EACA,MAAMqD,cAAc,GAAGF,UAAU,CAACA,UAAU,CAAC/C,MAAM,GAAG,CAAC,CAAC;EACxD,IAAI,CAACiD,cAAc,EAAE;IACnB,MAAM,IAAI7D,oBAAoB,CAC5B,6EAA6E,EAC7E;MAAE8D,eAAe,EAAEL;IAA0B,CAC/C,CAAC;EACH;EAEA,IAAI,CAACC,cAAc,CAACK,GAAG,EAAE;IACvB,MAAM,IAAI3D,0BAA0B,CAAC,CAAC;EACxC;EAEA,MAAMhB,MAAM,CAACyE,cAAc,EAAEH,cAAc,CAACK,GAAG,EAAE,CAACL,cAAc,CAAC,CAAC;;EAElE;EACA,MAAMM,iBAAiB,GAAGzE,mBAAmB,CAACoC,KAAK,CAACxC,MAAM,CAAC0E,cAAc,CAAC,CAAC;EAC3E,MAAMb,sBAAsB,GAC1BgB,iBAAiB,CAAClC,OAAO,CAACmC,QAAQ,CAACC,iBAAiB,CACjDC,wBAAwB;EAE7B,IAAInB,sBAAsB,EAAE;IAC1B,MAAMoB,cAAc,GAAG,MAAMrB,iBAAiB,CAACC,sBAAsB,EAAE;MACrExC;IACF,CAAC,CAAC;IAEF,IAAI,CAAC4D,cAAc,CAACC,QAAQ,CAACZ,yBAAyB,CAAC,EAAE;MACvD,MAAM,IAAItD,8BAA8B,CACtC,wFAAwF,EACxF;QAAE2D,eAAe,EAAEL,yBAAyB;QAAET;MAAuB,CACvE,CAAC;IACH;EACF;EAEA,OAAOW,UAAU;AACnB;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeC,gBAAgBA,CAC7B3C,aAAqB,EACrBT,QAA8B,EAEX;EAAA,IADnB8D,MAAe,GAAA3D,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,IAAI;EAEtB,MAAMJ,KAAe,GAAG,EAAE;;EAE1B;EACA,MAAMgE,WAAW,GAAG,MAAMvD,4BAA4B,CAACC,aAAa,EAAE;IACpET;EACF,CAAC,CAAC;EACF,MAAMgE,QAAQ,GAAGjF,mBAAmB,CAACoC,KAAK,CAACxC,MAAM,CAACoF,WAAW,CAAC,CAAC;EAE/D,IAAID,MAAM,EAAE;IACV;IACA/D,KAAK,CAACkE,IAAI,CAACF,WAAW,CAAC;EACzB;;EAEA;EACA,MAAMG,cAAc,GAAGF,QAAQ,CAAC1C,OAAO,CAAC6C,eAAe,IAAI,EAAE;EAC7D,IAAID,cAAc,CAAC9D,MAAM,KAAK,CAAC,EAAE;IAC/B;IACA,IAAI,CAAC0D,MAAM,EAAE;MACX/D,KAAK,CAACkE,IAAI,CAACF,WAAW,CAAC;IACzB;IACA,OAAOhE,KAAK;EACd;EAEA,MAAMqE,mBAAmB,GAAGF,cAAc,CAAC,CAAC,CAAE;;EAE9C;EACA,MAAMG,WAAW,GAAG,MAAM7D,4BAA4B,CAAC4D,mBAAmB,EAAE;IAC1EpE;EACF,CAAC,CAAC;EACF,MAAMsE,QAAQ,GAAGvF,mBAAmB,CAACoC,KAAK,CAACxC,MAAM,CAAC0F,WAAW,CAAC,CAAC;;EAE/D;EACA,MAAMpC,uBAAuB,GAC3BqC,QAAQ,CAAChD,OAAO,CAACmC,QAAQ,CAACC,iBAAiB,CAACa,yBAAyB;EACvE,IAAI,CAACtC,uBAAuB,EAAE;IAC5B,MAAM,IAAIvC,mCAAmC,CAC1C,kDAAiD0E,mBAAoB,4CAA2C3D,aAAc,GAAE,EACjI;MAAEA,aAAa;MAAE+D,kBAAkB,EAAEJ;IAAoB,CAC3D,CAAC;EACH;EAEA,MAAMK,kBAAkB,GAAG,MAAMzC,wBAAwB,CACvDC,uBAAuB,EACvBxB,aAAa,EACb;IAAET;EAAS,CACb,CAAC;EACD;EACAhB,eAAe,CAACmC,KAAK,CAACxC,MAAM,CAAC8F,kBAAkB,CAAC,CAAC;;EAEjD;EACA1E,KAAK,CAACkE,IAAI,CAACQ,kBAAkB,CAAC;;EAE9B;EACA,MAAMC,WAAW,GAAG,MAAMtB,gBAAgB,CACxCgB,mBAAmB,EACnBpE,QAAQ,EACR,KACF,CAAC;EAED,OAAOD,KAAK,CAAC4E,MAAM,CAACD,WAAW,CAAC;AAClC"}

package/lib/module/{entity/trust → trust}/types.js

@@ -1,7 +1,7 @@
-import { UnixTime } from "../../sd-jwt/types";
-import { JWK } from "../../utils/jwk";
+import { UnixTime } from "../sd-jwt/types";
+import { JWK } from "../utils/jwk";
 import * as z from "zod";
-import { PresentationDefinition } from "../../credential/presentation/types";
+import { PresentationDefinition } from "../credential/presentation/types";
 export const TrustMark = z.object({
   id: z.string(),
   trust_mark: z.string()
@@ -15,36 +15,25 @@ const RelyingPartyMetadata = z.object({
   }),
   contacts: z.array(z.string()).optional(),
   presentation_definition: PresentationDefinition.optional(),
-  presentation_definition_uri: z.string().optional()
+  request_uris: z.array(z.string()).optional(),
+  authorization_signed_response_alg: z.string().optional(),
+  authorization_encrypted_response_alg: z.string().optional(),
+  authorization_encrypted_response_enc: z.string().optional()
 });
-//.passthrough();
 
 // Display metadata for a credential, used by the issuer to
 // instruct the Wallet Solution on how to render the credential correctly
 const CredentialDisplayMetadata = z.object({
   name: z.string(),
-  locale: z.string(),
-  logo: z.object({
-    url: z.string(),
-    alt_text: z.string()
-  }).optional(),
-  // TODO [SIW-1268]: should not be optional
-  background_color: z.string().optional(),
-  // TODO [SIW-1268]: should not be optional
-  text_color: z.string().optional() // TODO [SIW-1268]: should not be optional
+  locale: z.string()
 });
 
 // Metadata for displaying issuer information
 
 const CredentialIssuerDisplayMetadata = z.object({
   name: z.string(),
-  locale: z.string(),
-  logo: z.object({
-    url: z.string(),
-    alt_text: z.string()
-  }).optional() // TODO [SIW-1268]: should not be optional
+  locale: z.string()
 });
-
 const ClaimsMetadata = z.record(z.object({
   value_type: z.string(),
   display: z.array(z.object({
@@ -60,14 +49,13 @@ const IssuanceErrorSupported = z.object({
   }))
 });
 
-// Metadata for a credentia which is supported by a Issuer
+// Metadata for a credential which is supported by an Issuer
 
 const SupportedCredentialMetadata = z.object({
-  format: z.union([z.literal("vc+sd-jwt"), z.literal("mso_mdoc")]),
+  format: z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]),
   scope: z.string(),
   display: z.array(CredentialDisplayMetadata),
-  claims: ClaimsMetadata.optional(),
-  // TODO [SIW-1268]: should not be optional
+  claims: ClaimsMetadata,
   cryptographic_binding_methods_supported: z.array(z.string()),
   credential_signing_alg_values_supported: z.array(z.string()),
   authentic_source: z.string().optional(),
@@ -85,7 +73,7 @@ export const EntityStatement = z.object({
     jwks: z.object({
       keys: z.array(JWK)
     }),
-    trust_marks: z.array(TrustMark),
+    trust_marks: z.array(TrustMark).optional(),
     iat: z.number(),
     exp: z.number()
   })
@@ -97,7 +85,7 @@ export const EntityConfigurationHeader = z.object({
 });
 
 /**
- * @see https://openid.net/specs/openid-connect-federation-1_0-29.html#name-federation-entity
+ * @see https://openid.net/specs/openid-federation-1_0-41.html
  */
 const FederationEntityMetadata = z.object({
   federation_fetch_endpoint: z.string().optional(),
@@ -105,6 +93,9 @@ const FederationEntityMetadata = z.object({
   federation_resolve_endpoint: z.string().optional(),
   federation_trust_mark_status_endpoint: z.string().optional(),
   federation_trust_mark_list_endpoint: z.string().optional(),
+  federation_trust_mark_endpoint: z.string().optional(),
+  federation_historical_keys_endpoint: z.string().optional(),
+  endpoint_auth_signing_alg_values_supported: z.string().optional(),
   organization_name: z.string().optional(),
   homepage_uri: z.string().optional(),
   policy_uri: z.string().optional(),
@@ -112,7 +103,7 @@ const FederationEntityMetadata = z.object({
   contacts: z.array(z.string()).optional()
 }).passthrough();
 
-// Structuire common to every Entity Configuration document
+// Structure common to every Entity Configuration document
 const BaseEntityConfiguration = z.object({
   header: EntityConfigurationHeader,
   payload: z.object({
@@ -156,15 +147,9 @@ export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(z
       oauth_authorization_server: z.object({
         authorization_endpoint: z.string(),
         pushed_authorization_request_endpoint: z.string(),
-        dpop_signing_alg_values_supported: z.array(z.string()).optional(),
-        // TODO [SIW-1268]: should not be optional
         token_endpoint: z.string(),
-        introspection_endpoint: z.string().optional(),
-        // TODO [SIW-1268]: should not be optional
         client_registration_types_supported: z.array(z.string()),
         code_challenge_methods_supported: z.array(z.string()),
-        authorization_details_types_supported: z.array(z.string()).optional(),
-        // TODO [SIW-1268]: should not be optional,
         acr_values_supported: z.array(z.string()),
         grant_types_supported: z.array(z.string()),
         issuer: z.string(),
@@ -172,23 +157,16 @@ export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(z
           keys: z.array(JWK)
         }),
         scopes_supported: z.array(z.string()),
-        request_parameter_supported: z.boolean().optional(),
-        // TODO [SIW-1268]: should not be optional
-        request_uri_parameter_supported: z.boolean().optional(),
-        // TODO [SIW-1268]: should not be optional
-        response_types_supported: z.array(z.string()).optional(),
-        // TODO [SIW-1268]: should not be optional
         response_modes_supported: z.array(z.string()),
-        subject_types_supported: z.array(z.string()).optional(),
-        // TODO [SIW-1268]: should not be optional
         token_endpoint_auth_methods_supported: z.array(z.string()),
         token_endpoint_auth_signing_alg_values_supported: z.array(z.string()),
         request_object_signing_alg_values_supported: z.array(z.string())
       }),
-      /** Credential Issuers act as Relying Party
-          when they require the presentation of other credentials.
-          This does not apply for PID issuance, which requires CIE authz. */
-      wallet_relying_party: RelyingPartyMetadata.optional()
+      /**
+       * Credential Issuers act as Relying Party when they require the presentation of other credentials.
+       * This does not apply for PID issuance, which requires CIE authz.
+       */
+      openid_credential_verifier: RelyingPartyMetadata.optional()
     })
   })
 }));
@@ -198,7 +176,7 @@ export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(z
 export const RelyingPartyEntityConfiguration = BaseEntityConfiguration.and(z.object({
   payload: z.object({
     metadata: z.object({
-      wallet_relying_party: RelyingPartyMetadata
+      openid_credential_verifier: RelyingPartyMetadata
     })
   })
 }));
@@ -227,4 +205,5 @@ export const WalletProviderEntityConfiguration = BaseEntityConfiguration.and(z.o
 export const EntityConfiguration = z.union([WalletProviderEntityConfiguration, CredentialIssuerEntityConfiguration, TrustAnchorEntityConfiguration, RelyingPartyEntityConfiguration], {
   description: "Any kind of Entity Configuration allowed in the ecosystem"
 });
+export const FederationListResponse = z.array(z.string());
 //# sourceMappingURL=types.js.map

package/lib/module/trust/types.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["UnixTime","JWK","z","PresentationDefinition","TrustMark","object","id","string","trust_mark","RelyingPartyMetadata","application_type","optional","client_id","client_name","jwks","keys","array","contacts","presentation_definition","request_uris","authorization_signed_response_alg","authorization_encrypted_response_alg","authorization_encrypted_response_enc","CredentialDisplayMetadata","name","locale","CredentialIssuerDisplayMetadata","ClaimsMetadata","record","value_type","display","IssuanceErrorSupported","title","description","SupportedCredentialMetadata","format","union","literal","scope","claims","cryptographic_binding_methods_supported","credential_signing_alg_values_supported","authentic_source","issuance_errors_supported","EntityStatement","header","typ","alg","kid","payload","iss","sub","trust_marks","iat","number","exp","EntityConfigurationHeader","FederationEntityMetadata","federation_fetch_endpoint","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","federation_trust_mark_endpoint","federation_historical_keys_endpoint","endpoint_auth_signing_alg_values_supported","organization_name","homepage_uri","policy_uri","logo_uri","passthrough","BaseEntityConfiguration","authority_hints","metadata","federation_entity","TrustAnchorEntityConfiguration","CredentialIssuerEntityConfiguration","and","openid_credential_issuer","credential_issuer","credential_endpoint","revocation_endpoint","status_attestation_endpoint","credential_configurations_supported","oauth_authorization_server","authorization_endpoint","pushed_authorization_request_endpoint","token_endpoint","client_registration_types_supported","code_challenge_methods_supported","acr_values_supported","grant_types_supported","issuer","scopes_supported","response_modes_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","request_object_signing_alg_values_supported","openid_credential_verifier","RelyingPartyEntityConfiguration","WalletProviderEntityConfiguration","wallet_provider","aal_values_supported","EntityConfiguration","FederationListResponse"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,sBAAsB,QAAQ,kCAAkC;AAEzE,OAAO,MAAMC,SAAS,GAAGF,CAAC,CAACG,MAAM,CAAC;EAAEC,EAAE,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEN,CAAC,CAACK,MAAM,CAAC;AAAE,CAAC,CAAC;AAG7E,MAAME,oBAAoB,GAAGP,CAAC,CAACG,MAAM,CAAC;EACpCK,gBAAgB,EAAER,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACvCC,SAAS,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAChCE,WAAW,EAAEX,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAClCG,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;IAAEU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;EAAE,CAAC,CAAC;EACtCgB,QAAQ,EAAEf,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACxCO,uBAAuB,EAAEf,sBAAsB,CAACQ,QAAQ,CAAC,CAAC;EAC1DQ,YAAY,EAAEjB,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC5CS,iCAAiC,EAAElB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACxDU,oCAAoC,EAAEnB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC3DW,oCAAoC,EAAEpB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC;AAC5D,CAAC,CAAC;;AAEF;AACA;AAEA,MAAMY,yBAAyB,GAAGrB,CAAC,CAACG,MAAM,CAAC;EACzCmB,IAAI,EAAEtB,CAAC,CAACK,MAAM,CAAC,CAAC;EAChBkB,MAAM,EAAEvB,CAAC,CAACK,MAAM,CAAC;AACnB,CAAC,CAAC;;AAEF;;AAIA,MAAMmB,+BAA+B,GAAGxB,CAAC,CAACG,MAAM,CAAC;EAC/CmB,IAAI,EAAEtB,CAAC,CAACK,MAAM,CAAC,CAAC;EAChBkB,MAAM,EAAEvB,CAAC,CAACK,MAAM,CAAC;AACnB,CAAC,CAAC;AAGF,MAAMoB,cAAc,GAAGzB,CAAC,CAAC0B,MAAM,CAC7B1B,CAAC,CAACG,MAAM,CAAC;EACPwB,UAAU,EAAE3B,CAAC,CAACK,MAAM,CAAC,CAAC;EACtBuB,OAAO,EAAE5B,CAAC,CAACc,KAAK,CAACd,CAAC,CAACG,MAAM,CAAC;IAAEmB,IAAI,EAAEtB,CAAC,CAACK,MAAM,CAAC,CAAC;IAAEkB,MAAM,EAAEvB,CAAC,CAACK,MAAM,CAAC;EAAE,CAAC,CAAC;AACrE,CAAC,CACH,CAAC;AAGD,MAAMwB,sBAAsB,GAAG7B,CAAC,CAACG,MAAM,CAAC;EACtCyB,OAAO,EAAE5B,CAAC,CAACc,KAAK,CACdd,CAAC,CAACG,MAAM,CAAC;IACP2B,KAAK,EAAE9B,CAAC,CAACK,MAAM,CAAC,CAAC;IACjB0B,WAAW,EAAE/B,CAAC,CAACK,MAAM,CAAC,CAAC;IACvBkB,MAAM,EAAEvB,CAAC,CAACK,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;;AAEF;;AAEA,MAAM2B,2BAA2B,GAAGhC,CAAC,CAACG,MAAM,CAAC;EAC3C8B,MAAM,EAAEjC,CAAC,CAACkC,KAAK,CAAC,CAAClC,CAAC,CAACmC,OAAO,CAAC,WAAW,CAAC,EAAEnC,CAAC,CAACmC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC;EACpEC,KAAK,EAAEpC,CAAC,CAACK,MAAM,CAAC,CAAC;EACjBuB,OAAO,EAAE5B,CAAC,CAACc,KAAK,CAACO,yBAAyB,CAAC;EAC3CgB,MAAM,EAAEZ,cAAc;EACtBa,uCAAuC,EAAEtC,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;EAC5DkC,uCAAuC,EAAEvC,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;EAC5DmC,gBAAgB,EAAExC,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACvCgC,yBAAyB,EAAEzC,CAAC,CAAC0B,MAAM,CAACG,sBAAsB,CAAC,CAACpB,QAAQ,CAAC;AACvE,CAAC,CAAC;AAGF,OAAO,MAAMiC,eAAe,GAAG1C,CAAC,CAACG,MAAM,CAAC;EACtCwC,MAAM,EAAE3C,CAAC,CAACG,MAAM,CAAC;IACfyC,GAAG,EAAE5C,CAAC,CAACmC,OAAO,CAAC,sBAAsB,CAAC;IACtCU,GAAG,EAAE7C,CAAC,CAACK,MAAM,CAAC,CAAC;IACfyC,GAAG,EAAE9C,CAAC,CAACK,MAAM,CAAC;EAChB,CAAC,CAAC;EACF0C,OAAO,EAAE/C,CAAC,CAACG,MAAM,CAAC;IAChB6C,GAAG,EAAEhD,CAAC,CAACK,MAAM,CAAC,CAAC;IACf4C,GAAG,EAAEjD,CAAC,CAACK,MAAM,CAAC,CAAC;IACfO,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;MAAEU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;IAAE,CAAC,CAAC;IACtCmD,WAAW,EAAElD,CAAC,CAACc,KAAK,CAACZ,SAAS,CAAC,CAACO,QAAQ,CAAC,CAAC;IAC1C0C,GAAG,EAAEnD,CAAC,CAACoD,MAAM,CAAC,CAAC;IACfC,GAAG,EAAErD,CAAC,CAACoD,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAME,yBAAyB,GAAGtD,CAAC,CAACG,MAAM,CAAC;EAChDyC,GAAG,EAAE5C,CAAC,CAACmC,OAAO,CAAC,sBAAsB,CAAC;EACtCU,GAAG,EAAE7C,CAAC,CAACK,MAAM,CAAC,CAAC;EACfyC,GAAG,EAAE9C,CAAC,CAACK,MAAM,CAAC;AAChB,CAAC,CAAC;;AAEF;AACA;AACA;AACA,MAAMkD,wBAAwB,GAAGvD,CAAC,CAC/BG,MAAM,CAAC;EACNqD,yBAAyB,EAAExD,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAChDgD,wBAAwB,EAAEzD,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC/CiD,2BAA2B,EAAE1D,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAClDkD,qCAAqC,EAAE3D,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC5DmD,mCAAmC,EAAE5D,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC1DoD,8BAA8B,EAAE7D,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACrDqD,mCAAmC,EAAE9D,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC1DsD,0CAA0C,EAAE/D,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACjEuD,iBAAiB,EAAEhE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACxCwD,YAAY,EAAEjE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACnCyD,UAAU,EAAElE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACjC0D,QAAQ,EAAEnE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC/BM,QAAQ,EAAEf,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC;AACzC,CAAC,CAAC,CACD2D,WAAW,CAAC,CAAC;;AAEhB;AACA,MAAMC,uBAAuB,GAAGrE,CAAC,CAACG,MAAM,CAAC;EACvCwC,MAAM,EAAEW,yBAAyB;EACjCP,OAAO,EAAE/C,CAAC,CACPG,MAAM,CAAC;IACN6C,GAAG,EAAEhD,CAAC,CAACK,MAAM,CAAC,CAAC;IACf4C,GAAG,EAAEjD,CAAC,CAACK,MAAM,CAAC,CAAC;IACf8C,GAAG,EAAErD,QAAQ;IACbuD,GAAG,EAAEvD,QAAQ;IACbwE,eAAe,EAAEtE,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;IAC/C8D,QAAQ,EAAEvE,CAAC,CACRG,MAAM,CAAC;MACNqE,iBAAiB,EAAEjB;IACrB,CAAC,CAAC,CACDa,WAAW,CAAC,CAAC;IAChBxD,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;MACbU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;IACnB,CAAC;EACH,CAAC,CAAC,CACDqE,WAAW,CAAC;AACjB,CAAC,CAAC;;AAEF;;AAIA,OAAO,MAAMK,8BAA8B,GAAGJ,uBAAuB;;AAErE;;AAIA,OAAO,MAAMK,mCAAmC,GAAGL,uBAAuB,CAACM,GAAG,CAC5E3E,CAAC,CAACG,MAAM,CAAC;EACP4C,OAAO,EAAE/C,CAAC,CAACG,MAAM,CAAC;IAChBS,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;MAAEU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;IAAE,CAAC,CAAC;IACtCwE,QAAQ,EAAEvE,CAAC,CAACG,MAAM,CAAC;MACjByE,wBAAwB,EAAE5E,CAAC,CAACG,MAAM,CAAC;QACjC0E,iBAAiB,EAAE7E,CAAC,CAACK,MAAM,CAAC,CAAC;QAC7ByE,mBAAmB,EAAE9E,CAAC,CAACK,MAAM,CAAC,CAAC;QAC/B0E,mBAAmB,EAAE/E,CAAC,CAACK,MAAM,CAAC,CAAC;QAC/B2E,2BAA2B,EAAEhF,CAAC,CAACK,MAAM,CAAC,CAAC;QACvCuB,OAAO,EAAE5B,CAAC,CAACc,KAAK,CAACU,+BAA+B,CAAC;QACjDyD,mCAAmC,EAAEjF,CAAC,CAAC0B,MAAM,CAC3CM,2BACF,CAAC;QACDpB,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;UAAEU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;QAAE,CAAC;MACvC,CAAC,CAAC;MACFmF,0BAA0B,EAAElF,CAAC,CAACG,MAAM,CAAC;QACnCgF,sBAAsB,EAAEnF,CAAC,CAACK,MAAM,CAAC,CAAC;QAClC+E,qCAAqC,EAAEpF,CAAC,CAACK,MAAM,CAAC,CAAC;QACjDgF,cAAc,EAAErF,CAAC,CAACK,MAAM,CAAC,CAAC;QAC1BiF,mCAAmC,EAAEtF,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QACxDkF,gCAAgC,EAAEvF,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QACrDmF,oBAAoB,EAAExF,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QACzCoF,qBAAqB,EAAEzF,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QAC1CqF,MAAM,EAAE1F,CAAC,CAACK,MAAM,CAAC,CAAC;QAClBO,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;UAAEU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;QAAE,CAAC,CAAC;QACtC4F,gBAAgB,EAAE3F,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QACrCuF,wBAAwB,EAAE5F,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QAC7CwF,qCAAqC,EAAE7F,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QAC1DyF,gDAAgD,EAAE9F,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QACrE0F,2CAA2C,EAAE/F,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC;MACjE,CAAC,CAAC;MACF;AACR;AACA;AACA;MACQ2F,0BAA0B,EAAEzF,oBAAoB,CAACE,QAAQ,CAAC;IAC5D,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAMwF,+BAA+B,GAAG5B,uBAAuB,CAACM,GAAG,CACxE3E,CAAC,CAACG,MAAM,CAAC;EACP4C,OAAO,EAAE/C,CAAC,CAACG,MAAM,CAAC;IAChBoE,QAAQ,EAAEvE,CAAC,CAACG,MAAM,CAAC;MACjB6F,0BAA0B,EAAEzF;IAC9B,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAM2F,iCAAiC,GAAG7B,uBAAuB,CAACM,GAAG,CAC1E3E,CAAC,CAACG,MAAM,CAAC;EACP4C,OAAO,EAAE/C,CAAC,CAACG,MAAM,CAAC;IAChBoE,QAAQ,EAAEvE,CAAC,CAACG,MAAM,CAAC;MACjBgG,eAAe,EAAEnG,CAAC,CACfG,MAAM,CAAC;QACNkF,cAAc,EAAErF,CAAC,CAACK,MAAM,CAAC,CAAC;QAC1B+F,oBAAoB,EAAEpG,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QACpDgF,qBAAqB,EAAEzF,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QAC1CwF,qCAAqC,EAAE7F,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QAC1DyF,gDAAgD,EAAE9F,CAAC,CAACc,KAAK,CACvDd,CAAC,CAACK,MAAM,CAAC,CACX,CAAC;QACDO,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;UAAEU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;QAAE,CAAC;MACvC,CAAC,CAAC,CACDqE,WAAW,CAAC;IACjB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAEA,OAAO,MAAMiC,mBAAmB,GAAGrG,CAAC,CAACkC,KAAK,CACxC,CACEgE,iCAAiC,EACjCxB,mCAAmC,EACnCD,8BAA8B,EAC9BwB,+BAA+B,CAChC,EACD;EACElE,WAAW,EAAE;AACf,CACF,CAAC;AAED,OAAO,MAAMuE,sBAAsB,GAAGtG,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC"}

package/lib/module/trust/utils.js

@@ -0,0 +1,33 @@
+import { decode as decodeJwt, verify as verifyJwt } from "@pagopa/io-react-native-jwt";
+// Verify a token signature
+// The kid is extracted from the token header
+export const verify = async (token, kid, jwks) => {
+  const jwk = jwks.find(k => k.kid === kid);
+  if (!jwk) {
+    throw new Error(`Invalid kid: ${kid}, token: ${token}`);
+  }
+  const {
+    protectedHeader: header,
+    payload
+  } = await verifyJwt(token, jwk);
+  return {
+    header,
+    payload
+  };
+};
+
+/**
+ * Return type for this function is necessary to avoid an issue during the bob build process.
+ * It seems like typescript can't correctly infer the return type of the function.
+ */
+export const decode = token => {
+  const {
+    protectedHeader: header,
+    payload
+  } = decodeJwt(token);
+  return {
+    header,
+    payload
+  };
+};
+//# sourceMappingURL=utils.js.map

package/lib/module/trust/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["decode","decodeJwt","verify","verifyJwt","token","kid","jwks","jwk","find","k","Error","protectedHeader","header","payload"],"sourceRoot":"../../../src","sources":["trust/utils.ts"],"mappings":"AAAA,SACEA,MAAM,IAAIC,SAAS,EACnBC,MAAM,IAAIC,SAAS,QACd,6BAA6B;AASpC;AACA;AACA,OAAO,MAAMD,MAAM,GAAG,MAAAA,CACpBE,KAAa,EACbC,GAAW,EACXC,IAAW,KACc;EACzB,MAAMC,GAAG,GAAGD,IAAI,CAACE,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,GAAG,KAAKA,GAAG,CAAC;EAC3C,IAAI,CAACE,GAAG,EAAE;IACR,MAAM,IAAIG,KAAK,CAAE,gBAAeL,GAAI,YAAWD,KAAM,EAAC,CAAC;EACzD;EACA,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAMV,SAAS,CAACC,KAAK,EAAEG,GAAG,CAAC;EACxE,OAAO;IAAEK,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;;AAED;AACA;AACA;AACA;AACA,OAAO,MAAMb,MAAM,GAAII,KAAa,IAAkB;EACpD,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAGZ,SAAS,CAACG,KAAK,CAAC;EAC7D,OAAO;IAAEQ,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC"}