@pagopa/io-react-native-wallet 2.0.0-next.0 → 2.0.0-next.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (77) hide show
  1. package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js +2 -2
  2. package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js.map +1 -1
  3. package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js +2 -2
  4. package/lib/commonjs/credential/presentation/02-evaluate-rp-trust.js.map +1 -1
  5. package/lib/commonjs/credential/presentation/05-verify-request-object.js.map +1 -1
  6. package/lib/commonjs/credential/presentation/08-send-authorization-response.js.map +1 -1
  7. package/lib/commonjs/trust/README.md +147 -0
  8. package/lib/commonjs/trust/build-chain.js +252 -0
  9. package/lib/commonjs/trust/build-chain.js.map +1 -0
  10. package/lib/commonjs/trust/errors.js +24 -1
  11. package/lib/commonjs/trust/errors.js.map +1 -1
  12. package/lib/commonjs/trust/index.js +11 -276
  13. package/lib/commonjs/trust/index.js.map +1 -1
  14. package/lib/commonjs/trust/utils.js +30 -1
  15. package/lib/commonjs/trust/utils.js.map +1 -1
  16. package/lib/commonjs/trust/{chain.js → verify-chain.js} +87 -15
  17. package/lib/commonjs/trust/verify-chain.js.map +1 -0
  18. package/lib/commonjs/utils/errors.js.map +1 -1
  19. package/lib/module/credential/issuance/02-evaluate-issuer-trust.js +1 -1
  20. package/lib/module/credential/issuance/02-evaluate-issuer-trust.js.map +1 -1
  21. package/lib/module/credential/presentation/02-evaluate-rp-trust.js +1 -1
  22. package/lib/module/credential/presentation/02-evaluate-rp-trust.js.map +1 -1
  23. package/lib/module/credential/presentation/05-verify-request-object.js.map +1 -1
  24. package/lib/module/credential/presentation/08-send-authorization-response.js +1 -1
  25. package/lib/module/credential/presentation/08-send-authorization-response.js.map +1 -1
  26. package/lib/module/trust/README.md +147 -0
  27. package/lib/module/trust/build-chain.js +235 -0
  28. package/lib/module/trust/build-chain.js.map +1 -0
  29. package/lib/module/trust/errors.js +23 -2
  30. package/lib/module/trust/errors.js.map +1 -1
  31. package/lib/module/trust/index.js +5 -262
  32. package/lib/module/trust/index.js.map +1 -1
  33. package/lib/module/trust/utils.js +27 -0
  34. package/lib/module/trust/utils.js.map +1 -1
  35. package/lib/module/trust/{chain.js → verify-chain.js} +85 -14
  36. package/lib/module/trust/verify-chain.js.map +1 -0
  37. package/lib/module/utils/errors.js +1 -1
  38. package/lib/module/utils/errors.js.map +1 -1
  39. package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts.map +1 -1
  40. package/lib/typescript/credential/presentation/02-evaluate-rp-trust.d.ts.map +1 -1
  41. package/lib/typescript/credential/presentation/05-verify-request-object.d.ts +1 -1
  42. package/lib/typescript/credential/presentation/05-verify-request-object.d.ts.map +1 -1
  43. package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts +2 -2
  44. package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts.map +1 -1
  45. package/lib/typescript/credential/status/types.d.ts +6 -6
  46. package/lib/typescript/sd-jwt/index.d.ts +12 -12
  47. package/lib/typescript/sd-jwt/types.d.ts +6 -6
  48. package/lib/typescript/trust/build-chain.d.ts +1284 -0
  49. package/lib/typescript/trust/build-chain.d.ts.map +1 -0
  50. package/lib/typescript/trust/errors.d.ts +22 -0
  51. package/lib/typescript/trust/errors.d.ts.map +1 -1
  52. package/lib/typescript/trust/index.d.ts +5 -1299
  53. package/lib/typescript/trust/index.d.ts.map +1 -1
  54. package/lib/typescript/trust/types.d.ts +54 -54
  55. package/lib/typescript/trust/utils.d.ts +10 -0
  56. package/lib/typescript/trust/utils.d.ts.map +1 -1
  57. package/lib/typescript/trust/verify-chain.d.ts +39 -0
  58. package/lib/typescript/trust/verify-chain.d.ts.map +1 -0
  59. package/lib/typescript/utils/errors.d.ts +2 -2
  60. package/lib/typescript/utils/errors.d.ts.map +1 -1
  61. package/lib/typescript/wallet-instance-attestation/types.d.ts +21 -21
  62. package/package.json +2 -2
  63. package/src/credential/issuance/02-evaluate-issuer-trust.ts +1 -1
  64. package/src/credential/presentation/02-evaluate-rp-trust.ts +1 -1
  65. package/src/credential/presentation/05-verify-request-object.ts +1 -1
  66. package/src/credential/presentation/08-send-authorization-response.ts +4 -4
  67. package/src/trust/README.md +147 -0
  68. package/src/trust/build-chain.ts +395 -0
  69. package/src/trust/errors.ts +32 -1
  70. package/src/trust/index.ts +5 -435
  71. package/src/trust/utils.ts +35 -0
  72. package/src/trust/{chain.ts → verify-chain.ts} +132 -16
  73. package/src/utils/errors.ts +4 -4
  74. package/lib/commonjs/trust/chain.js.map +0 -1
  75. package/lib/module/trust/chain.js.map +0 -1
  76. package/lib/typescript/trust/chain.d.ts +0 -21
  77. package/lib/typescript/trust/chain.d.ts.map +0 -1
package/lib/commonjs/trust/index.js CHANGED
@@ -3,280 +3,15 @@
3
3
  Object.defineProperty(exports, "__esModule", {
4
4
  value: true
5
5
  });
6
- exports.buildTrustChain = buildTrustChain;
7
- exports.getEntityConfiguration = exports.getCredentialIssuerEntityConfiguration = void 0;
8
- exports.getEntityStatement = getEntityStatement;
9
- exports.getFederationList = getFederationList;
10
- exports.getRelyingPartyEntityConfiguration = void 0;
11
- exports.getSignedEntityConfiguration = getSignedEntityConfiguration;
12
- exports.getSignedEntityStatement = getSignedEntityStatement;
13
- exports.getWalletProviderEntityConfiguration = exports.getTrustAnchorEntityConfiguration = void 0;
14
- exports.verifyTrustChain = verifyTrustChain;
15
- var _utils = require("./utils");
16
- var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
17
- var _types = require("./types");
18
- var _chain = require("./chain");
19
- var _misc = require("../utils/misc");
20
- var _errors = require("./errors");
21
- /**
22
- * Verify a given trust chain is actually valid.
23
- * It can handle fast chain renewal, which means we try to fetch a fresh version of each statement.
24
- *
25
- * @param trustAnchorEntity The entity configuration of the known trust anchor
26
- * @param chain The chain of statements to be validated
27
- * @param renewOnFail Whether to renew the provided chain if the validation fails at first. Default: true
28
- * @param appFetch Fetch api implementation. Default: the built-in implementation
29
- * @returns The result of the chain validation
30
- * @throws {FederationError} If the chain is not valid
31
- */
32
- async function verifyTrustChain(trustAnchorEntity, chain) {
33
- let {
34
- appFetch = fetch,
35
- renewOnFail = true
36
- } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
37
- try {
38
- return (0, _chain.validateTrustChain)(trustAnchorEntity, chain);
39
- } catch (error) {
40
- if (renewOnFail) {
41
- const renewedChain = await (0, _chain.renewTrustChain)(chain, appFetch);
42
- return (0, _chain.validateTrustChain)(trustAnchorEntity, renewedChain);
43
- } else {
44
- throw error;
45
- }
46
- }
47
- }
48
-
49
- /**
50
- * Fetch the signed entity configuration token for an entity
51
- *
52
- * @param entityBaseUrl The url of the entity to fetch
53
- * @param appFetch (optional) fetch api implementation
54
- * @returns The signed Entity Configuration token
55
- */
56
- async function getSignedEntityConfiguration(entityBaseUrl) {
57
- let {
58
- appFetch = fetch
59
- } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
60
- const wellKnownUrl = `${entityBaseUrl}/.well-known/openid-federation`;
61
- return await appFetch(wellKnownUrl, {
62
- method: "GET"
63
- }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.text());
64
- }
65
-
66
- /**
67
- * Fetch and parse the entity configuration document for a given federation entity.
68
- * This is an inner method to serve public interfaces.
69
- *
70
- * To add another entity configuration type (example: Foo entity type):
71
- * - create its zod schema and type by inherit from the base type (example: FooEntityConfiguration = BaseEntityConfiguration.and(...))
72
- * - add such type to EntityConfiguration union
73
- * - add an overload to this function
74
- * - create a public function which use such type (example: getFooEntityConfiguration = (url, options) => Promise<FooEntityConfiguration>)
75
- *
76
- * @param entityBaseUrl The base url of the entity.
77
- * @param schema The expected schema of the entity configuration, according to the kind of entity we are fetching from.
78
- * @param options An optional object with additional options.
79
- * @param options.appFetch An optional instance of the http client to be used.
80
- * @returns The parsed entity configuration object
81
- * @throws {IoWalletError} If the http request fails
82
- * @throws Parse error if the document is not in the expected shape.
83
- */
84
-
85
- async function fetchAndParseEntityConfiguration(entityBaseUrl, schema) {
86
- let {
87
- appFetch = fetch
88
- } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
89
- const responseText = await getSignedEntityConfiguration(entityBaseUrl, {
90
- appFetch
91
- });
92
- const responseJwt = (0, _ioReactNativeJwt.decode)(responseText);
93
- return schema.parse({
94
- header: responseJwt.protectedHeader,
95
- payload: responseJwt.payload
96
- });
97
- }
98
- const getWalletProviderEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, _types.WalletProviderEntityConfiguration, options);
99
- exports.getWalletProviderEntityConfiguration = getWalletProviderEntityConfiguration;
100
- const getCredentialIssuerEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, _types.CredentialIssuerEntityConfiguration, options);
101
- exports.getCredentialIssuerEntityConfiguration = getCredentialIssuerEntityConfiguration;
102
- const getTrustAnchorEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, _types.TrustAnchorEntityConfiguration, options);
103
- exports.getTrustAnchorEntityConfiguration = getTrustAnchorEntityConfiguration;
104
- const getRelyingPartyEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, _types.RelyingPartyEntityConfiguration, options);
105
- exports.getRelyingPartyEntityConfiguration = getRelyingPartyEntityConfiguration;
106
- const getEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, _types.EntityConfiguration, options);
107
-
108
- /**
109
- * Fetch and parse the entity statement document for a given federation entity.
110
- *
111
- * @param accreditationBodyBaseUrl The base url of the accreditation body which holds and signs the required entity statement
112
- * @param subordinatedEntityBaseUrl The url that identifies the subordinate entity
113
- * @param appFetch An optional instance of the http client to be used.
114
- * @returns The parsed entity configuration object
115
- * @throws {IoWalletError} If the http request fails
116
- */
117
- exports.getEntityConfiguration = getEntityConfiguration;
118
- async function getEntityStatement(accreditationBodyBaseUrl, subordinatedEntityBaseUrl) {
119
- let {
120
- appFetch = fetch
121
- } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
122
- const responseText = await getSignedEntityStatement(accreditationBodyBaseUrl, subordinatedEntityBaseUrl, {
123
- appFetch
124
- });
125
- const responseJwt = (0, _ioReactNativeJwt.decode)(responseText);
126
- return _types.EntityStatement.parse({
127
- header: responseJwt.protectedHeader,
128
- payload: responseJwt.payload
129
- });
130
- }
131
-
132
- /**
133
- * Fetch the entity statement document for a given federation entity.
134
- *
135
- * @param federationFetchEndpoint The exact endpoint provided by the parent EC's metadata.
136
- * @param subordinatedEntityBaseUrl The url that identifies the subordinate entity.
137
- * @param appFetch An optional instance of the http client to be used.
138
- * @returns The signed entity statement token.
139
- * @throws {IoWalletError} If the http request fails.
140
- */
141
- async function getSignedEntityStatement(federationFetchEndpoint, subordinatedEntityBaseUrl) {
142
- let {
143
- appFetch = fetch
144
- } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
145
- const url = new URL(federationFetchEndpoint);
146
- url.searchParams.set("sub", subordinatedEntityBaseUrl);
147
- return await appFetch(url.toString(), {
148
- method: "GET"
149
- }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.text());
150
- }
151
-
152
- /**
153
- * Fetch the federation list document from a given endpoint.
154
- *
155
- * @param federationListEndpoint The URL of the federation list endpoint.
156
- * @param appFetch An optional instance of the http client to be used.
157
- * @returns The federation list as an array of strings.
158
- * @throws {IoWalletError} If the HTTP request fails.
159
- * @throws {FederationError} If the result is not in the expected format.
160
- */
161
- async function getFederationList(federationListEndpoint) {
162
- let {
163
- appFetch = fetch
164
- } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
165
- return await appFetch(federationListEndpoint, {
166
- method: "GET"
167
- }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.json()).then(json => {
168
- const result = _types.FederationListResponse.safeParse(json);
169
- if (!result.success) {
170
- throw new _errors.FederationListParseError(`Invalid federation list format received from ${federationListEndpoint}. Error: ${result.error.message}`, {
171
- url: federationListEndpoint,
172
- parseError: result.error.toString()
173
- });
174
- }
175
- return result.data;
176
- });
177
- }
178
-
179
- /**
180
- * Build a not-verified trust chain for a given Relying Party (RP) entity.
181
- *
182
- * @param relyingPartyEntityBaseUrl The base URL of the RP entity
183
- * @param trustAnchorKey The public key of the Trust Anchor (TA) entity
184
- * @param appFetch An optional instance of the http client to be used.
185
- * @returns A list of signed tokens that represent the trust chain, in the order of the chain (from the RP to the Trust Anchor)
186
- * @throws {FederationError} When an element of the chain fails to parse or other build steps fail.
187
- */
188
- async function buildTrustChain(relyingPartyEntityBaseUrl, trustAnchorKey) {
189
- let appFetch = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : fetch;
190
- // 1: Recursively gather the trust chain from the RP up to the Trust Anchor
191
- const trustChain = await gatherTrustChain(relyingPartyEntityBaseUrl, appFetch);
192
-
193
- // 2: Trust Anchor signature verification
194
- const trustAnchorJwt = trustChain[trustChain.length - 1];
195
- if (!trustAnchorJwt) {
196
- throw new _errors.BuildTrustChainError("Cannot verify trust anchor: missing entity configuration in gathered chain.", {
197
- relyingPartyUrl: relyingPartyEntityBaseUrl
198
- });
199
- }
200
- if (!trustAnchorKey.kid) {
201
- throw new _errors.TrustAnchorKidMissingError();
202
- }
203
- await (0, _utils.verify)(trustAnchorJwt, trustAnchorKey.kid, [trustAnchorKey]);
204
-
205
- // 3: Check the federation list
206
- const trustAnchorConfig = _types.EntityConfiguration.parse((0, _utils.decode)(trustAnchorJwt));
207
- const federationListEndpoint = trustAnchorConfig.payload.metadata.federation_entity.federation_list_endpoint;
208
- if (federationListEndpoint) {
209
- const federationList = await getFederationList(federationListEndpoint, {
210
- appFetch
211
- });
212
- if (!federationList.includes(relyingPartyEntityBaseUrl)) {
213
- throw new _errors.RelyingPartyNotAuthorizedError("Relying Party entity base URL is not authorized by the Trust Anchor's federation list.", {
214
- relyingPartyUrl: relyingPartyEntityBaseUrl,
215
- federationListEndpoint
216
- });
217
- }
218
- }
219
- return trustChain;
220
- }
221
-
222
- /**
223
- * Recursively gather the trust chain for an entity and all its superiors.
224
- * @param entityBaseUrl The base URL of the entity for which to gather the chain.
225
- * @param appFetch An optional instance of the http client to be used.
226
- * @param isLeaf Whether the current entity is the leaf of the chain.
227
- * @returns A full ordered list of JWTs (ECs and ESs) forming the trust chain.
228
- * @throws {FederationError} If any of the fetched documents fail to parse or other errors occur during the gathering process.
229
- */
230
- async function gatherTrustChain(entityBaseUrl, appFetch) {
231
- let isLeaf = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : true;
232
- const chain = [];
233
-
234
- // Fetch self-signed EC (only needed for the leaf)
235
- const entityECJwt = await getSignedEntityConfiguration(entityBaseUrl, {
236
- appFetch
237
- });
238
- const entityEC = _types.EntityConfiguration.parse((0, _utils.decode)(entityECJwt));
239
- if (isLeaf) {
240
- // Only push EC for the leaf
241
- chain.push(entityECJwt);
242
- }
243
-
244
- // Find authority_hints (parent, if any)
245
- const authorityHints = entityEC.payload.authority_hints ?? [];
246
- if (authorityHints.length === 0) {
247
- // This is the Trust Anchor (no parent)
248
- if (!isLeaf) {
249
- chain.push(entityECJwt);
250
- }
251
- return chain;
252
- }
253
- const parentEntityBaseUrl = authorityHints[0];
254
-
255
- // Fetch parent EC
256
- const parentECJwt = await getSignedEntityConfiguration(parentEntityBaseUrl, {
257
- appFetch
258
- });
259
- const parentEC = _types.EntityConfiguration.parse((0, _utils.decode)(parentECJwt));
260
-
261
- // Fetch ES
262
- const federationFetchEndpoint = parentEC.payload.metadata.federation_entity.federation_fetch_endpoint;
263
- if (!federationFetchEndpoint) {
264
- throw new _errors.MissingFederationFetchEndpointError(`Missing federation_fetch_endpoint in parent's (${parentEntityBaseUrl}) configuration when gathering chain for ${entityBaseUrl}.`, {
265
- entityBaseUrl,
266
- missingInEntityUrl: parentEntityBaseUrl
267
- });
268
- }
269
- const entityStatementJwt = await getSignedEntityStatement(federationFetchEndpoint, entityBaseUrl, {
270
- appFetch
271
- });
272
- // Validate the ES
273
- _types.EntityStatement.parse((0, _utils.decode)(entityStatementJwt));
274
-
275
- // Push this ES into the chain
276
- chain.push(entityStatementJwt);
277
-
278
- // Recurse into the parent
279
- const parentChain = await gatherTrustChain(parentEntityBaseUrl, appFetch, false);
280
- return chain.concat(parentChain);
281
- }
6
+ exports.Verify = exports.Types = exports.Errors = exports.Build = void 0;
7
+ var Build = _interopRequireWildcard(require("./build-chain"));
8
+ exports.Build = Build;
9
+ var Verify = _interopRequireWildcard(require("./verify-chain"));
10
+ exports.Verify = Verify;
11
+ var Errors = _interopRequireWildcard(require("./errors"));
12
+ exports.Errors = Errors;
13
+ var Types = _interopRequireWildcard(require("./types"));
14
+ exports.Types = Types;
15
+ function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
16
+ function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
282
17
  //# sourceMappingURL=index.js.map
package/lib/commonjs/trust/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_utils","require","_ioReactNativeJwt","_types","_chain","_misc","_errors","verifyTrustChain","trustAnchorEntity","chain","appFetch","fetch","renewOnFail","arguments","length","undefined","validateTrustChain","error","renewedChain","renewTrustChain","getSignedEntityConfiguration","entityBaseUrl","wellKnownUrl","method","then","hasStatusOrThrow","res","text","fetchAndParseEntityConfiguration","schema","responseText","responseJwt","decodeJwt","parse","header","protectedHeader","payload","getWalletProviderEntityConfiguration","options","WalletProviderEntityConfiguration","exports","getCredentialIssuerEntityConfiguration","CredentialIssuerEntityConfiguration","getTrustAnchorEntityConfiguration","TrustAnchorEntityConfiguration","getRelyingPartyEntityConfiguration","RelyingPartyEntityConfiguration","getEntityConfiguration","EntityConfiguration","getEntityStatement","accreditationBodyBaseUrl","subordinatedEntityBaseUrl","getSignedEntityStatement","EntityStatement","federationFetchEndpoint","url","URL","searchParams","set","toString","getFederationList","federationListEndpoint","json","result","FederationListResponse","safeParse","success","FederationListParseError","message","parseError","data","buildTrustChain","relyingPartyEntityBaseUrl","trustAnchorKey","trustChain","gatherTrustChain","trustAnchorJwt","BuildTrustChainError","relyingPartyUrl","kid","TrustAnchorKidMissingError","verify","trustAnchorConfig","decode","metadata","federation_entity","federation_list_endpoint","federationList","includes","RelyingPartyNotAuthorizedError","isLeaf","entityECJwt","entityEC","push","authorityHints","authority_hints","parentEntityBaseUrl","parentECJwt","parentEC","federation_fetch_endpoint","MissingFederationFetchEndpointError","missingInEntityUrl","entityStatementJwt","parentChain","concat"],"sourceRoot":"../../../src","sources":["trust/index.ts"],"mappings":";;;;;;;;;;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,iBAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AASA,IAAAG,MAAA,GAAAH,OAAA;AACA,IAAAI,KAAA,GAAAJ,OAAA;AAEA,IAAAK,OAAA,GAAAL,OAAA;AAiBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeM,gBAAgBA,CACpCC,iBAAiD,EACjDC,KAAe,EAKiC;EAAA,IAJhD;IACEC,QAAQ,GAAGC,KAAK;IAChBC,WAAW,GAAG;EAC4C,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAElE,IAAI;IACF,OAAO,IAAAG,yBAAkB,EAACR,iBAAiB,EAAEC,KAAK,CAAC;EACrD,CAAC,CAAC,OAAOQ,KAAK,EAAE;IACd,IAAIL,WAAW,EAAE;MACf,MAAMM,YAAY,GAAG,MAAM,IAAAC,sBAAe,EAACV,KAAK,EAAEC,QAAQ,CAAC;MAC3D,OAAO,IAAAM,yBAAkB,EAACR,iBAAiB,EAAEU,YAAY,CAAC;IAC5D,CAAC,MAAM;MACL,MAAMD,KAAK;IACb;EACF;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeG,4BAA4BA,CAChDC,aAAqB,EAMJ;EAAA,IALjB;IACEX,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMS,YAAY,GAAI,GAAED,aAAc,gCAA+B;EAErE,OAAO,MAAMX,QAAQ,CAACY,YAAY,EAAE;IAClCC,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;AAC9B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAoCA,eAAeC,gCAAgCA,CAC7CP,aAAqB,EACrBQ,MAK8B,EAM9B;EAAA,IALA;IACEnB,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMiB,YAAY,GAAG,MAAMV,4BAA4B,CAACC,aAAa,EAAE;IACrEX;EACF,CAAC,CAAC;EAEF,MAAMqB,WAAW,GAAG,IAAAC,wBAAS,EAACF,YAAY,CAAC;EAC3C,OAAOD,MAAM,CAACI,KAAK,CAAC;IAClBC,MAAM,EAAEH,WAAW,CAACI,eAAe;IACnCC,OAAO,EAAEL,WAAW,CAACK;EACvB,CAAC,CAAC;AACJ;AAEO,MAAMC,oCAAoC,GAAGA,CAClDhB,aAAqE,EACrEiB,OAAgE,KAEhEV,gCAAgC,CAC9BP,aAAa,EACbkB,wCAAiC,EACjCD,OACF,CAAC;AAACE,OAAA,CAAAH,oCAAA,GAAAA,oCAAA;AAEG,MAAMI,sCAAsC,GAAGA,CACpDpB,aAAqE,EACrEiB,OAAgE,KAEhEV,gCAAgC,CAC9BP,aAAa,EACbqB,0CAAmC,EACnCJ,OACF,CAAC;AAACE,OAAA,CAAAC,sCAAA,GAAAA,sCAAA;AAEG,MAAME,iCAAiC,GAAGA,CAC/CtB,aAAqE,EACrEiB,OAAgE,KAEhEV,gCAAgC,CAC9BP,aAAa,EACbuB,qCAA8B,EAC9BN,OACF,CAAC;AAACE,OAAA,CAAAG,iCAAA,GAAAA,iCAAA;AAEG,MAAME,kCAAkC,GAAGA,CAChDxB,aAAqE,EACrEiB,OAAgE,KAEhEV,gCAAgC,CAC9BP,aAAa,EACbyB,sCAA+B,EAC/BR,OACF,CAAC;AAACE,OAAA,CAAAK,kCAAA,GAAAA,kCAAA;AAEG,MAAME,sBAAsB,GAAGA,CACpC1B,aAAqE,EACrEiB,OAAgE,KAEhEV,gCAAgC,CAACP,aAAa,EAAE2B,0BAAmB,EAAEV,OAAO,CAAC;;AAE/E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AARAE,OAAA,CAAAO,sBAAA,GAAAA,sBAAA;AASO,eAAeE,kBAAkBA,CACtCC,wBAAgC,EAChCC,yBAAiC,EAMjC;EAAA,IALA;IACEzC,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAMiB,YAAY,GAAG,MAAMsB,wBAAwB,CACjDF,wBAAwB,EACxBC,yBAAyB,EACzB;IACEzC;EACF,CACF,CAAC;EAED,MAAMqB,WAAW,GAAG,IAAAC,wBAAS,EAACF,YAAY,CAAC;EAC3C,OAAOuB,sBAAe,CAACpB,KAAK,CAAC;IAC3BC,MAAM,EAAEH,WAAW,CAACI,eAAe;IACnCC,OAAO,EAAEL,WAAW,CAACK;EACvB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAegB,wBAAwBA,CAC5CE,uBAA+B,EAC/BH,yBAAiC,EAMjC;EAAA,IALA;IACEzC,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAM0C,GAAG,GAAG,IAAIC,GAAG,CAACF,uBAAuB,CAAC;EAC5CC,GAAG,CAACE,YAAY,CAACC,GAAG,CAAC,KAAK,EAAEP,yBAAyB,CAAC;EAEtD,OAAO,MAAMzC,QAAQ,CAAC6C,GAAG,CAACI,QAAQ,CAAC,CAAC,EAAE;IACpCpC,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;AAC9B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeiC,iBAAiBA,CACrCC,sBAA8B,EAMX;EAAA,IALnB;IACEnD,QAAQ,GAAGC;EAGb,CAAC,GAAAE,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,OAAO,MAAMH,QAAQ,CAACmD,sBAAsB,EAAE;IAC5CtC,MAAM,EAAE;EACV,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACoC,IAAI,CAAC,CAAC,CAAC,CACzBtC,IAAI,CAAEsC,IAAI,IAAK;IACd,MAAMC,MAAM,GAAGC,6BAAsB,CAACC,SAAS,CAACH,IAAI,CAAC;IACrD,IAAI,CAACC,MAAM,CAACG,OAAO,EAAE;MACnB,MAAM,IAAIC,gCAAwB,CAC/B,gDAA+CN,sBAAuB,YAAWE,MAAM,CAAC9C,KAAK,CAACmD,OAAQ,EAAC,EACxG;QAAEb,GAAG,EAAEM,sBAAsB;QAAEQ,UAAU,EAAEN,MAAM,CAAC9C,KAAK,CAAC0C,QAAQ,CAAC;MAAE,CACrE,CAAC;IACH;IACA,OAAOI,MAAM,CAACO,IAAI;EACpB,CAAC,CAAC;AACN;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeC,eAAeA,CACnCC,yBAAiC,EACjCC,cAAmB,EAEA;EAAA,IADnB/D,QAA8B,GAAAG,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGF,KAAK;EAEtC;EACA,MAAM+D,UAAU,GAAG,MAAMC,gBAAgB,CACvCH,yBAAyB,EACzB9D,QACF,CAAC;;EAED;EACA,MAAMkE,cAAc,GAAGF,UAAU,CAACA,UAAU,CAAC5D,MAAM,GAAG,CAAC,CAAC;EACxD,IAAI,CAAC8D,cAAc,EAAE;IACnB,MAAM,IAAIC,4BAAoB,CAC5B,6EAA6E,EAC7E;MAAEC,eAAe,EAAEN;IAA0B,CAC/C,CAAC;EACH;EAEA,IAAI,CAACC,cAAc,CAACM,GAAG,EAAE;IACvB,MAAM,IAAIC,kCAA0B,CAAC,CAAC;EACxC;EAEA,MAAM,IAAAC,aAAM,EAACL,cAAc,EAAEH,cAAc,CAACM,GAAG,EAAE,CAACN,cAAc,CAAC,CAAC;;EAElE;EACA,MAAMS,iBAAiB,GAAGlC,0BAAmB,CAACf,KAAK,CAAC,IAAAkD,aAAM,EAACP,cAAc,CAAC,CAAC;EAC3E,MAAMf,sBAAsB,GAC1BqB,iBAAiB,CAAC9C,OAAO,CAACgD,QAAQ,CAACC,iBAAiB,CACjDC,wBAAwB;EAE7B,IAAIzB,sBAAsB,EAAE;IAC1B,MAAM0B,cAAc,GAAG,MAAM3B,iBAAiB,CAACC,sBAAsB,EAAE;MACrEnD;IACF,CAAC,CAAC;IAEF,IAAI,CAAC6E,cAAc,CAACC,QAAQ,CAAChB,yBAAyB,CAAC,EAAE;MACvD,MAAM,IAAIiB,sCAA8B,CACtC,wFAAwF,EACxF;QAAEX,eAAe,EAAEN,yBAAyB;QAAEX;MAAuB,CACvE,CAAC;IACH;EACF;EAEA,OAAOa,UAAU;AACnB;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeC,gBAAgBA,CAC7BtD,aAAqB,EACrBX,QAA8B,EAEX;EAAA,IADnBgF,MAAe,GAAA7E,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,IAAI;EAEtB,MAAMJ,KAAe,GAAG,EAAE;;EAE1B;EACA,MAAMkF,WAAW,GAAG,MAAMvE,4BAA4B,CAACC,aAAa,EAAE;IACpEX;EACF,CAAC,CAAC;EACF,MAAMkF,QAAQ,GAAG5C,0BAAmB,CAACf,KAAK,CAAC,IAAAkD,aAAM,EAACQ,WAAW,CAAC,CAAC;EAE/D,IAAID,MAAM,EAAE;IACV;IACAjF,KAAK,CAACoF,IAAI,CAACF,WAAW,CAAC;EACzB;;EAEA;EACA,MAAMG,cAAc,GAAGF,QAAQ,CAACxD,OAAO,CAAC2D,eAAe,IAAI,EAAE;EAC7D,IAAID,cAAc,CAAChF,MAAM,KAAK,CAAC,EAAE;IAC/B;IACA,IAAI,CAAC4E,MAAM,EAAE;MACXjF,KAAK,CAACoF,IAAI,CAACF,WAAW,CAAC;IACzB;IACA,OAAOlF,KAAK;EACd;EAEA,MAAMuF,mBAAmB,GAAGF,cAAc,CAAC,CAAC,CAAE;;EAE9C;EACA,MAAMG,WAAW,GAAG,MAAM7E,4BAA4B,CAAC4E,mBAAmB,EAAE;IAC1EtF;EACF,CAAC,CAAC;EACF,MAAMwF,QAAQ,GAAGlD,0BAAmB,CAACf,KAAK,CAAC,IAAAkD,aAAM,EAACc,WAAW,CAAC,CAAC;;EAE/D;EACA,MAAM3C,uBAAuB,GAC3B4C,QAAQ,CAAC9D,OAAO,CAACgD,QAAQ,CAACC,iBAAiB,CAACc,yBAAyB;EACvE,IAAI,CAAC7C,uBAAuB,EAAE;IAC5B,MAAM,IAAI8C,2CAAmC,CAC1C,kDAAiDJ,mBAAoB,4CAA2C3E,aAAc,GAAE,EACjI;MAAEA,aAAa;MAAEgF,kBAAkB,EAAEL;IAAoB,CAC3D,CAAC;EACH;EAEA,MAAMM,kBAAkB,GAAG,MAAMlD,wBAAwB,CACvDE,uBAAuB,EACvBjC,aAAa,EACb;IAAEX;EAAS,CACb,CAAC;EACD;EACA2C,sBAAe,CAACpB,KAAK,CAAC,IAAAkD,aAAM,EAACmB,kBAAkB,CAAC,CAAC;;EAEjD;EACA7F,KAAK,CAACoF,IAAI,CAACS,kBAAkB,CAAC;;EAE9B;EACA,MAAMC,WAAW,GAAG,MAAM5B,gBAAgB,CACxCqB,mBAAmB,EACnBtF,QAAQ,EACR,KACF,CAAC;EAED,OAAOD,KAAK,CAAC+F,MAAM,CAACD,WAAW,CAAC;AAClC"}
1
+ {"version":3,"names":["Build","_interopRequireWildcard","require","exports","Verify","Errors","Types","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../../src","sources":["trust/index.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAuCC,OAAA,CAAAH,KAAA,GAAAA,KAAA;AACvC,IAAAI,MAAA,GAAAH,uBAAA,CAAAC,OAAA;AAAyCC,OAAA,CAAAC,MAAA,GAAAA,MAAA;AACzC,IAAAC,MAAA,GAAAJ,uBAAA,CAAAC,OAAA;AAAmCC,OAAA,CAAAE,MAAA,GAAAA,MAAA;AACnC,IAAAC,KAAA,GAAAL,uBAAA,CAAAC,OAAA;AAAiCC,OAAA,CAAAG,KAAA,GAAAA,KAAA;AAAA,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAP,wBAAAW,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}
package/lib/commonjs/trust/utils.js CHANGED
@@ -3,8 +3,11 @@
3
3
  Object.defineProperty(exports, "__esModule", {
4
4
  value: true
5
5
  });
6
- exports.verify = exports.decode = void 0;
6
+ exports.decode = void 0;
7
+ exports.getTrustAnchorX509Certificate = getTrustAnchorX509Certificate;
8
+ exports.verify = void 0;
7
9
  var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
10
+ var _errors = require("./errors");
8
11
  // Verify a token signature
9
12
  // The kid is extracted from the token header
10
13
  const verify = async (token, kid, jwks) => {
@@ -37,5 +40,31 @@ const decode = token => {
37
40
  payload
38
41
  };
39
42
  };
43
+
44
+ /**
45
+ * Extracts the X.509 Trust Anchor certificate (Base64 encoded) from the
46
+ * Trust Anchor's Entity Configuration.
47
+ *
48
+ * @param trustAnchorEntity The entity configuration of the known trust anchor.
49
+ * @returns The Base64 encoded X.509 certificate string.
50
+ * @throws {FederationError} If the certificate cannot be derived.
51
+ */
40
52
  exports.decode = decode;
53
+ function getTrustAnchorX509Certificate(trustAnchorEntity) {
54
+ const taHeaderKid = trustAnchorEntity.header.kid;
55
+ const taSigningJwk = trustAnchorEntity.payload.jwks.keys.find(key => key.kid === taHeaderKid);
56
+ if (!taSigningJwk) {
57
+ throw new _errors.FederationError(`Cannot derive X.509 Trust Anchor certificate: JWK with kid '${taHeaderKid}' not found in Trust Anchor's JWKS.`, {
58
+ trustAnchorKid: taHeaderKid,
59
+ reason: "JWK not found for header kid"
60
+ });
61
+ }
62
+ if (taSigningJwk.x5c && taSigningJwk.x5c.length > 0 && taSigningJwk.x5c[0]) {
63
+ return taSigningJwk.x5c[0];
64
+ }
65
+ throw new _errors.FederationError(`Cannot derive X.509 Trust Anchor certificate: JWK with kid '${taHeaderKid}' does not contain a valid 'x5c' certificate array.`, {
66
+ trustAnchorKid: taHeaderKid,
67
+ reason: "Missing or empty x5c in JWK"
68
+ });
69
+ }
41
70
  //# sourceMappingURL=utils.js.map
package/lib/commonjs/trust/utils.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_ioReactNativeJwt","require","verify","token","kid","jwks","jwk","find","k","Error","protectedHeader","header","payload","verifyJwt","exports","decode","decodeJwt"],"sourceRoot":"../../../src","sources":["trust/utils.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAYA;AACA;AACO,MAAMC,MAAM,GAAG,MAAAA,CACpBC,KAAa,EACbC,GAAW,EACXC,IAAW,KACc;EACzB,MAAMC,GAAG,GAAGD,IAAI,CAACE,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,GAAG,KAAKA,GAAG,CAAC;EAC3C,IAAI,CAACE,GAAG,EAAE;IACR,MAAM,IAAIG,KAAK,CAAE,gBAAeL,GAAI,YAAWD,KAAM,EAAC,CAAC;EACzD;EACA,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAM,IAAAC,wBAAS,EAACV,KAAK,EAAEG,GAAG,CAAC;EACxE,OAAO;IAAEK,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;;AAED;AACA;AACA;AACA;AAHAE,OAAA,CAAAZ,MAAA,GAAAA,MAAA;AAIO,MAAMa,MAAM,GAAIZ,KAAa,IAAkB;EACpD,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,IAAAI,wBAAS,EAACb,KAAK,CAAC;EAC7D,OAAO;IAAEQ,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;AAACE,OAAA,CAAAC,MAAA,GAAAA,MAAA"}
1
+ {"version":3,"names":["_ioReactNativeJwt","require","_errors","verify","token","kid","jwks","jwk","find","k","Error","protectedHeader","header","payload","verifyJwt","exports","decode","decodeJwt","getTrustAnchorX509Certificate","trustAnchorEntity","taHeaderKid","taSigningJwk","keys","key","FederationError","trustAnchorKid","reason","x5c","length"],"sourceRoot":"../../../src","sources":["trust/utils.ts"],"mappings":";;;;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAMA,IAAAC,OAAA,GAAAD,OAAA;AAQA;AACA;AACO,MAAME,MAAM,GAAG,MAAAA,CACpBC,KAAa,EACbC,GAAW,EACXC,IAAW,KACc;EACzB,MAAMC,GAAG,GAAGD,IAAI,CAACE,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,GAAG,KAAKA,GAAG,CAAC;EAC3C,IAAI,CAACE,GAAG,EAAE;IACR,MAAM,IAAIG,KAAK,CAAE,gBAAeL,GAAI,YAAWD,KAAM,EAAC,CAAC;EACzD;EACA,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAM,IAAAC,wBAAS,EAACV,KAAK,EAAEG,GAAG,CAAC;EACxE,OAAO;IAAEK,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;;AAED;AACA;AACA;AACA;AAHAE,OAAA,CAAAZ,MAAA,GAAAA,MAAA;AAIO,MAAMa,MAAM,GAAIZ,KAAa,IAAkB;EACpD,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,IAAAI,wBAAS,EAACb,KAAK,CAAC;EAC7D,OAAO;IAAEQ,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAE,OAAA,CAAAC,MAAA,GAAAA,MAAA;AAQO,SAASE,6BAA6BA,CAC3CC,iBAAiD,EACzC;EACR,MAAMC,WAAW,GAAGD,iBAAiB,CAACP,MAAM,CAACP,GAAG;EAChD,MAAMgB,YAAY,GAAGF,iBAAiB,CAACN,OAAO,CAACP,IAAI,CAACgB,IAAI,CAACd,IAAI,CAC1De,GAAG,IAAKA,GAAG,CAAClB,GAAG,KAAKe,WACvB,CAAC;EAED,IAAI,CAACC,YAAY,EAAE;IACjB,MAAM,IAAIG,uBAAe,CACtB,+DAA8DJ,WAAY,qCAAoC,EAC/G;MAAEK,cAAc,EAAEL,WAAW;MAAEM,MAAM,EAAE;IAA+B,CACxE,CAAC;EACH;EAEA,IAAIL,YAAY,CAACM,GAAG,IAAIN,YAAY,CAACM,GAAG,CAACC,MAAM,GAAG,CAAC,IAAIP,YAAY,CAACM,GAAG,CAAC,CAAC,CAAC,EAAE;IAC1E,OAAON,YAAY,CAACM,GAAG,CAAC,CAAC,CAAC;EAC5B;EAEA,MAAM,IAAIH,uBAAe,CACtB,+DAA8DJ,WAAY,qDAAoD,EAC/H;IAAEK,cAAc,EAAEL,WAAW;IAAEM,MAAM,EAAE;EAA8B,CACvE,CAAC;AACH"}
package/lib/commonjs/trust/{chain.js → verify-chain.js} RENAMED
@@ -5,11 +5,13 @@ Object.defineProperty(exports, "__esModule", {
5
5
  });
6
6
  exports.renewTrustChain = renewTrustChain;
7
7
  exports.validateTrustChain = validateTrustChain;
8
+ exports.verifyTrustChain = verifyTrustChain;
8
9
  var _types = require("./types");
9
10
  var z = _interopRequireWildcard(require("zod"));
10
- var _ = require(".");
11
11
  var _utils = require("./utils");
12
12
  var _errors = require("./errors");
13
+ var _ioReactNativeCrypto = require("@pagopa/io-react-native-crypto");
14
+ var _buildChain = require("./build-chain");
13
15
  function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
14
16
  function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
15
17
  // The first element of the chain is supposed to be the Entity Configuration for the document issuer
@@ -21,14 +23,15 @@ const MiddleElementShape = _types.EntityStatement;
21
23
  const LastElementShape = z.union([_types.EntityStatement, _types.TrustAnchorEntityConfiguration]);
22
24
 
23
25
  /**
24
- * Validates a provided trust chain against a known trust
26
+ * Validates a provided trust chain against a known trust anchor, including X.509 certificate checks.
25
27
  *
26
- * @param trustAnchorEntity The entity configuration of the known trust anchor
27
- * @param chain The chain of statements to be validated
28
- * @returns The list of parsed token representing the chain
29
- * @throws {FederationError} If the chain is not valid
28
+ * @param trustAnchorEntity The entity configuration of the known trust anchor (for JWT validation).
29
+ * @param chain The chain of statements to be validated.
30
+ * @param x509Options Options for X.509 certificate validation.
31
+ * @returns The list of parsed tokens representing the chain.
32
+ * @throws {FederationError} If the chain is not valid (JWT or X.509). Specific errors like TrustChainEmptyError, X509ValidationError may be thrown.
30
33
  */
31
- async function validateTrustChain(trustAnchorEntity, chain) {
34
+ async function validateTrustChain(trustAnchorEntity, chain, x509Options) {
32
35
  // If the chain is empty, fail
33
36
  if (chain.length === 0) {
34
37
  throw new _errors.TrustChainEmptyError("Cannot verify empty trust chain.");
@@ -37,7 +40,7 @@ async function validateTrustChain(trustAnchorEntity, chain) {
37
40
  // Select the expected token shape
38
41
  const selectTokenShape = elementIndex => elementIndex === 0 ? FirstElementShape : elementIndex === chain.length - 1 ? LastElementShape : MiddleElementShape;
39
42
 
40
- // select the kid from the current index
43
+ // Select the kid from the current index
41
44
  const selectKid = currentIndex => {
42
45
  const token = chain[currentIndex];
43
46
  if (!token) {
@@ -49,8 +52,8 @@ async function validateTrustChain(trustAnchorEntity, chain) {
49
52
  return shape.parse((0, _utils.decode)(token)).header.kid;
50
53
  };
51
54
 
52
- // select keys from the next token
53
- // if the current token is the last, keys from trust anchor will be used
55
+ // Select keys from the next token
56
+ // If the current token is the last, keys from trust anchor will be used
54
57
  const selectKeys = currentIndex => {
55
58
  if (currentIndex === chain.length - 1) {
56
59
  return trustAnchorEntity.payload.jwks.keys;
@@ -65,10 +68,45 @@ async function validateTrustChain(trustAnchorEntity, chain) {
65
68
  const shape = selectTokenShape(nextIndex);
66
69
  return shape.parse((0, _utils.decode)(nextToken)).payload.jwks.keys;
67
70
  };
71
+ const x509TrustAnchorCertBase64 = (0, _utils.getTrustAnchorX509Certificate)(trustAnchorEntity);
68
72
 
69
73
  // Iterate the chain and validate each element's signature against the public keys of its next
70
74
  // If there is no next, hence it's the end of the chain, and it must be verified by the Trust Anchor
71
- return Promise.all(chain.map((token, i) => [token, selectKid(i), selectKeys(i)]).map(args => (0, _utils.verify)(...args)));
75
+ const validationPromises = chain.map(async (tokenString, i) => {
76
+ const kidFromTokenHeader = selectKid(i);
77
+ const signerJwks = selectKeys(i);
78
+
79
+ // Step 1: Verify JWT signature
80
+ const parsedToken = await (0, _utils.verify)(tokenString, kidFromTokenHeader, signerJwks);
81
+
82
+ // Step 2: X.509 Certificate Chain Validation
83
+ const jwkUsedForVerification = signerJwks.find(k => k.kid === kidFromTokenHeader);
84
+ if (!jwkUsedForVerification) {
85
+ throw new _errors.FederationError(`JWK with kid '${kidFromTokenHeader}' was not found in signer's JWKS for token at index ${i}, though JWT verification passed.`, {
86
+ tokenIndex: i,
87
+ kid: kidFromTokenHeader
88
+ });
89
+ }
90
+ if (!jwkUsedForVerification.x5c || jwkUsedForVerification.x5c.length === 0) {
91
+ throw new _errors.MissingX509CertsError(`JWK with kid '${kidFromTokenHeader}' does not contain an X.509 certificate chain (x5c) for token at index ${i}.`);
92
+ }
93
+
94
+ // If the chain has more than one certificate AND
95
+ // the last certificate in the x5c chain is the same as the trust anchor,
96
+ // remove the anchor from the chain being passed, as it's supplied separately.
97
+ const certChainBase64 = jwkUsedForVerification.x5c.length > 1 && jwkUsedForVerification.x5c.at(-1) === x509TrustAnchorCertBase64 ? jwkUsedForVerification.x5c.slice(0, -1) : jwkUsedForVerification.x5c;
98
+ const x509ValidationResult = await (0, _ioReactNativeCrypto.verifyCertificateChain)(certChainBase64, x509TrustAnchorCertBase64, x509Options);
99
+ if (!x509ValidationResult.isValid) {
100
+ throw new _errors.X509ValidationError(`X.509 certificate chain validation failed for token at index ${i} (kid: ${kidFromTokenHeader}). Status: ${x509ValidationResult.validationStatus}. Error: ${x509ValidationResult.errorMessage}`, {
101
+ tokenIndex: i,
102
+ kid: kidFromTokenHeader,
103
+ x509ValidationStatus: x509ValidationResult.validationStatus,
104
+ x509ErrorMessage: x509ValidationResult.errorMessage
105
+ });
106
+ }
107
+ return parsedToken;
108
+ });
109
+ return Promise.all(validationPromises);
72
110
  }
73
111
 
74
112
  /**
@@ -86,14 +124,14 @@ async function renewTrustChain(chain) {
86
124
  const entityStatementResult = _types.EntityStatement.safeParse(decoded);
87
125
  const entityConfigurationResult = _types.EntityConfiguration.safeParse(decoded);
88
126
  if (entityConfigurationResult.success) {
89
- return (0, _.getSignedEntityConfiguration)(entityConfigurationResult.data.payload.iss, {
127
+ return (0, _buildChain.getSignedEntityConfiguration)(entityConfigurationResult.data.payload.iss, {
90
128
  appFetch
91
129
  });
92
130
  }
93
131
  if (entityStatementResult.success) {
94
132
  const entityStatement = entityStatementResult.data;
95
133
  const parentBaseUrl = entityStatement.payload.iss;
96
- const parentECJwt = await (0, _.getSignedEntityConfiguration)(parentBaseUrl, {
134
+ const parentECJwt = await (0, _buildChain.getSignedEntityConfiguration)(parentBaseUrl, {
97
135
  appFetch
98
136
  });
99
137
  const parentEC = _types.EntityConfiguration.parse((0, _utils.decode)(parentECJwt));
@@ -104,7 +142,7 @@ async function renewTrustChain(chain) {
104
142
  missingInEntityUrl: parentBaseUrl
105
143
  });
106
144
  }
107
- return (0, _.getSignedEntityStatement)(federationFetchEndpoint, entityStatement.payload.sub, {
145
+ return (0, _buildChain.getSignedEntityStatement)(federationFetchEndpoint, entityStatement.payload.sub, {
108
146
  appFetch
109
147
  });
110
148
  }
@@ -113,4 +151,38 @@ async function renewTrustChain(chain) {
113
151
  });
114
152
  }));
115
153
  }
116
- //# sourceMappingURL=chain.js.map
154
+
155
+ /**
156
+ * Verify a given trust chain is actually valid.
157
+ * It can handle fast chain renewal, which means we try to fetch a fresh version of each statement.
158
+ *
159
+ * @param trustAnchorEntity The entity configuration of the known trust anchor
160
+ * @param chain The chain of statements to be validated
161
+ * @param x509Options Options for the verification process
162
+ * @param appFetch (optional) fetch api implementation
163
+ * @param renewOnFail Whether to attempt to renew the trust chain if the initial validation fails
164
+ * @returns The result of the chain validation
165
+ * @throws {FederationError} If the chain is not valid
166
+ */
167
+ async function verifyTrustChain(trustAnchorEntity, chain) {
168
+ let x509Options = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {
169
+ connectTimeout: 10000,
170
+ readTimeout: 10000,
171
+ requireCrl: true
172
+ };
173
+ let {
174
+ appFetch = fetch,
175
+ renewOnFail = true
176
+ } = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {};
177
+ try {
178
+ return validateTrustChain(trustAnchorEntity, chain, x509Options);
179
+ } catch (error) {
180
+ if (renewOnFail) {
181
+ const renewedChain = await renewTrustChain(chain, appFetch);
182
+ return validateTrustChain(trustAnchorEntity, renewedChain, x509Options);
183
+ } else {
184
+ throw error;
185
+ }
186
+ }
187
+ }
188
+ //# sourceMappingURL=verify-chain.js.map
package/lib/commonjs/trust/verify-chain.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"names":["_types","require","z","_interopRequireWildcard","_utils","_errors","_ioReactNativeCrypto","_buildChain","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","FirstElementShape","EntityConfiguration","MiddleElementShape","EntityStatement","LastElementShape","union","TrustAnchorEntityConfiguration","validateTrustChain","trustAnchorEntity","chain","x509Options","length","TrustChainEmptyError","selectTokenShape","elementIndex","selectKid","currentIndex","token","TrustChainTokenMissingError","index","shape","parse","decode","header","kid","selectKeys","payload","jwks","keys","nextIndex","nextToken","x509TrustAnchorCertBase64","getTrustAnchorX509Certificate","validationPromises","map","tokenString","i","kidFromTokenHeader","signerJwks","parsedToken","verify","jwkUsedForVerification","find","k","FederationError","tokenIndex","x5c","MissingX509CertsError","certChainBase64","at","slice","x509ValidationResult","verifyCertificateChain","isValid","X509ValidationError","validationStatus","errorMessage","x509ValidationStatus","x509ErrorMessage","Promise","all","renewTrustChain","appFetch","arguments","undefined","fetch","decoded","entityStatementResult","safeParse","entityConfigurationResult","success","getSignedEntityConfiguration","data","iss","entityStatement","parentBaseUrl","parentECJwt","parentEC","federationFetchEndpoint","metadata","federation_entity","federation_fetch_endpoint","MissingFederationFetchEndpointError","sub","entityBaseUrl","missingInEntityUrl","getSignedEntityStatement","TrustChainRenewalError","originalChain","verifyTrustChain","connectTimeout","readTimeout","requireCrl","renewOnFail","error","renewedChain"],"sourceRoot":"../../../src","sources":["trust/verify-chain.ts"],"mappings":";;;;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAMA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AAMA,IAAAI,OAAA,GAAAJ,OAAA;AASA,IAAAK,oBAAA,GAAAL,OAAA;AAKA,IAAAM,WAAA,GAAAN,OAAA;AAGuB,SAAAO,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAN,wBAAAU,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEvB;AACA,MAAMW,iBAAiB,GAAGC,0BAAmB;AAC7C;AACA,MAAMC,kBAAkB,GAAGC,sBAAe;AAC1C;AACA;AACA,MAAMC,gBAAgB,GAAGhC,CAAC,CAACiC,KAAK,CAAC,CAC/BF,sBAAe,EACfG,qCAA8B,CAC/B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeC,kBAAkBA,CACtCC,iBAAiD,EACjDC,KAAe,EACfC,WAAmC,EACX;EACxB;EACA,IAAID,KAAK,CAACE,MAAM,KAAK,CAAC,EAAE;IACtB,MAAM,IAAIC,4BAAoB,CAAC,kCAAkC,CAAC;EACpE;;EAEA;EACA,MAAMC,gBAAgB,GAAIC,YAAoB,IAC5CA,YAAY,KAAK,CAAC,GACdd,iBAAiB,GACjBc,YAAY,KAAKL,KAAK,CAACE,MAAM,GAAG,CAAC,GAC/BP,gBAAgB,GAChBF,kBAAkB;;EAE1B;EACA,MAAMa,SAAS,GAAIC,YAAoB,IAAa;IAClD,MAAMC,KAAK,GAAGR,KAAK,CAACO,YAAY,CAAC;IACjC,IAAI,CAACC,KAAK,EAAE;MACV,MAAM,IAAIC,mCAA2B,CAClC,0BAAyBF,YAAa,kBAAiB,EACxD;QAAEG,KAAK,EAAEH;MAAa,CACxB,CAAC;IACH;IACA,MAAMI,KAAK,GAAGP,gBAAgB,CAACG,YAAY,CAAC;IAC5C,OAAOI,KAAK,CAACC,KAAK,CAAC,IAAAC,aAAM,EAACL,KAAK,CAAC,CAAC,CAACM,MAAM,CAACC,GAAG;EAC9C,CAAC;;EAED;EACA;EACA,MAAMC,UAAU,GAAIT,YAAoB,IAAY;IAClD,IAAIA,YAAY,KAAKP,KAAK,CAACE,MAAM,GAAG,CAAC,EAAE;MACrC,OAAOH,iBAAiB,CAACkB,OAAO,CAACC,IAAI,CAACC,IAAI;IAC5C;IAEA,MAAMC,SAAS,GAAGb,YAAY,GAAG,CAAC;IAClC,MAAMc,SAAS,GAAGrB,KAAK,CAACoB,SAAS,CAAC;IAClC,IAAI,CAACC,SAAS,EAAE;MACd,MAAM,IAAIZ,mCAA2B,CAClC,+BAA8BW,SAAU,kCAAiCb,YAAa,IAAG,EAC1F;QAAEG,KAAK,EAAEU;MAAU,CACrB,CAAC;IACH;IACA,MAAMT,KAAK,GAAGP,gBAAgB,CAACgB,SAAS,CAAC;IACzC,OAAOT,KAAK,CAACC,KAAK,CAAC,IAAAC,aAAM,EAACQ,SAAS,CAAC,CAAC,CAACJ,OAAO,CAACC,IAAI,CAACC,IAAI;EACzD,CAAC;EAED,MAAMG,yBAAyB,GAC7B,IAAAC,oCAA6B,EAACxB,iBAAiB,CAAC;;EAElD;EACA;EACA,MAAMyB,kBAAkB,GAAGxB,KAAK,CAACyB,GAAG,CAAC,OAAOC,WAAW,EAAEC,CAAC,KAAK;IAC7D,MAAMC,kBAAkB,GAAGtB,SAAS,CAACqB,CAAC,CAAC;IACvC,MAAME,UAAU,GAAGb,UAAU,CAACW,CAAC,CAAC;;IAEhC;IACA,MAAMG,WAAW,GAAG,MAAM,IAAAC,aAAM,EAC9BL,WAAW,EACXE,kBAAkB,EAClBC,UACF,CAAC;;IAED;IACA,MAAMG,sBAAsB,GAAGH,UAAU,CAACI,IAAI,CAC3CC,CAAC,IAAKA,CAAC,CAACnB,GAAG,KAAKa,kBACnB,CAAC;IAED,IAAI,CAACI,sBAAsB,EAAE;MAC3B,MAAM,IAAIG,uBAAe,CACtB,iBAAgBP,kBAAmB,uDAAsDD,CAAE,mCAAkC,EAC9H;QAAES,UAAU,EAAET,CAAC;QAAEZ,GAAG,EAAEa;MAAmB,CAC3C,CAAC;IACH;IAEA,IACE,CAACI,sBAAsB,CAACK,GAAG,IAC3BL,sBAAsB,CAACK,GAAG,CAACnC,MAAM,KAAK,CAAC,EACvC;MACA,MAAM,IAAIoC,6BAAqB,CAC5B,iBAAgBV,kBAAmB,0EAAyED,CAAE,GACjH,CAAC;IACH;;IAEA;IACA;IACA;IACA,MAAMY,eAAe,GACnBP,sBAAsB,CAACK,GAAG,CAACnC,MAAM,GAAG,CAAC,IACrC8B,sBAAsB,CAACK,GAAG,CAACG,EAAE,CAAC,CAAC,CAAC,CAAC,KAAKlB,yBAAyB,GAC3DU,sBAAsB,CAACK,GAAG,CAACI,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GACvCT,sBAAsB,CAACK,GAAG;IAEhC,MAAMK,oBAAiD,GACrD,MAAM,IAAAC,2CAAsB,EAC1BJ,eAAe,EACfjB,yBAAyB,EACzBrB,WACF,CAAC;IAEH,IAAI,CAACyC,oBAAoB,CAACE,OAAO,EAAE;MACjC,MAAM,IAAIC,2BAAmB,CAC1B,gEAA+DlB,CAAE,UAASC,kBAAmB,cAAac,oBAAoB,CAACI,gBAAiB,YAAWJ,oBAAoB,CAACK,YAAa,EAAC,EAC/L;QACEX,UAAU,EAAET,CAAC;QACbZ,GAAG,EAAEa,kBAAkB;QACvBoB,oBAAoB,EAAEN,oBAAoB,CAACI,gBAAgB;QAC3DG,gBAAgB,EAAEP,oBAAoB,CAACK;MACzC,CACF,CAAC;IACH;IACA,OAAOjB,WAAW;EACpB,CAAC,CAAC;EAEF,OAAOoB,OAAO,CAACC,GAAG,CAAC3B,kBAAkB,CAAC;AACxC;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAe4B,eAAeA,CACnCpD,KAAe,EAEI;EAAA,IADnBqD,QAA8B,GAAAC,SAAA,CAAApD,MAAA,QAAAoD,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAGE,KAAK;EAEtC,OAAON,OAAO,CAACC,GAAG,CAChBnD,KAAK,CAACyB,GAAG,CAAC,OAAOjB,KAAK,EAAEE,KAAK,KAAK;IAChC,MAAM+C,OAAO,GAAG,IAAA5C,aAAM,EAACL,KAAK,CAAC;IAE7B,MAAMkD,qBAAqB,GAAGhE,sBAAe,CAACiE,SAAS,CAACF,OAAO,CAAC;IAChE,MAAMG,yBAAyB,GAAGpE,0BAAmB,CAACmE,SAAS,CAACF,OAAO,CAAC;IAExE,IAAIG,yBAAyB,CAACC,OAAO,EAAE;MACrC,OAAO,IAAAC,wCAA4B,EACjCF,yBAAyB,CAACG,IAAI,CAAC9C,OAAO,CAAC+C,GAAG,EAC1C;QAAEX;MAAS,CACb,CAAC;IACH;IACA,IAAIK,qBAAqB,CAACG,OAAO,EAAE;MACjC,MAAMI,eAAe,GAAGP,qBAAqB,CAACK,IAAI;MAElD,MAAMG,aAAa,GAAGD,eAAe,CAAChD,OAAO,CAAC+C,GAAG;MACjD,MAAMG,WAAW,GAAG,MAAM,IAAAL,wCAA4B,EAACI,aAAa,EAAE;QACpEb;MACF,CAAC,CAAC;MACF,MAAMe,QAAQ,GAAG5E,0BAAmB,CAACoB,KAAK,CAAC,IAAAC,aAAM,EAACsD,WAAW,CAAC,CAAC;MAE/D,MAAME,uBAAuB,GAC3BD,QAAQ,CAACnD,OAAO,CAACqD,QAAQ,CAACC,iBAAiB,CAACC,yBAAyB;MACvE,IAAI,CAACH,uBAAuB,EAAE;QAC5B,MAAM,IAAII,2CAAmC,CAC1C,gBAAeP,aAAc,8DAA6DD,eAAe,CAAChD,OAAO,CAACyD,GAAI,GAAE,EACzH;UACEC,aAAa,EAAEV,eAAe,CAAChD,OAAO,CAACyD,GAAG;UAC1CE,kBAAkB,EAAEV;QACtB,CACF,CAAC;MACH;MACA,OAAO,IAAAW,oCAAwB,EAC7BR,uBAAuB,EACvBJ,eAAe,CAAChD,OAAO,CAACyD,GAAG,EAC3B;QAAErB;MAAS,CACb,CAAC;IACH;IACA,MAAM,IAAIyB,8BAAsB,CAC7B,iDAAgDpE,KAAM,mBAAkB,EACzE;MAAEqE,aAAa,EAAE/E;IAAM,CACzB,CAAC;EACH,CAAC,CACH,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAegF,gBAAgBA,CACpCjF,iBAAiD,EACjDC,KAAe,EAUiC;EAAA,IAThDC,WAAmC,GAAAqD,SAAA,CAAApD,MAAA,QAAAoD,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAG;IACpC2B,cAAc,EAAE,KAAK;IACrBC,WAAW,EAAE,KAAK;IAClBC,UAAU,EAAE;EACd,CAAC;EAAA,IACD;IACE9B,QAAQ,GAAGG,KAAK;IAChB4B,WAAW,GAAG;EAC4C,CAAC,GAAA9B,SAAA,CAAApD,MAAA,QAAAoD,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAG,CAAC,CAAC;EAElE,IAAI;IACF,OAAOxD,kBAAkB,CAACC,iBAAiB,EAAEC,KAAK,EAAEC,WAAW,CAAC;EAClE,CAAC,CAAC,OAAOoF,KAAK,EAAE;IACd,IAAID,WAAW,EAAE;MACf,MAAME,YAAY,GAAG,MAAMlC,eAAe,CAACpD,KAAK,EAAEqD,QAAQ,CAAC;MAC3D,OAAOvD,kBAAkB,CAACC,iBAAiB,EAAEuF,YAAY,EAAErF,WAAW,CAAC;IACzE,CAAC,MAAM;MACL,MAAMoF,KAAK;IACb;EACF;AACF"}
package/lib/commonjs/utils/errors.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_errorCodes","require","serializeAttrs","attrs","Object","entries","filter","_ref","v","undefined","map","_ref2","k","Array","isArray","join","JSON","stringify","_","exports","IoWalletError","Error","code","constructor","message","name","ValidationFailed","_ref3","claim","reason","UnexpectedStatusCodeError","_ref4","statusCode","IssuerResponseError","params","IssuerResponseErrorCodes","IssuerGenericError","WalletProviderResponseError","WalletProviderResponseErrorCodes","WalletProviderGenericError","RelyingPartyResponseError","RelyingPartyResponseErrorCodes","RelyingPartyGenericError","extractErrorMessageFromIssuerConf","errorCode","_ref5","issuerConf","credentialType","credentialConfiguration","openid_credential_issuer","credential_configurations_supported","issuance_errors_supported","localesList","display","reduce","acc","_ref6","locale","rest","makeErrorTypeGuard","ErrorClass","error","isIssuerResponseError","isWalletProviderResponseError","isRelyingPartyResponseError","ResponseErrorBuilder","errorCases","handle","status","buildFrom","originalError"],"sourceRoot":"../../../src","sources":["utils/errors.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,IAAAA,WAAA,GAAAC,OAAA;AAeA;;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,cAAc,GACzBC,KAA8E,IAE9EC,MAAM,CAACC,OAAO,CAACF,KAAK,CAAC,CAClBG,MAAM,CAACC,IAAA;EAAA,IAAC,GAAGC,CAAC,CAAC,GAAAD,IAAA;EAAA,OAAKC,CAAC,KAAKC,SAAS;AAAA,EAAC,CAClCC,GAAG,CAACC,KAAA,IAAY;EAAA,IAAX,CAACC,CAAC,EAAEJ,CAAC,CAAC,GAAAG,KAAA;EACV,IAAIE,KAAK,CAACC,OAAO,CAACN,CAAC,CAAC,EAAE,OAAO,CAACI,CAAC,EAAG,IAAGJ,CAAC,CAACO,IAAI,CAAC,IAAI,CAAE,GAAE,CAAC;EACrD,IAAI,OAAOP,CAAC,KAAK,QAAQ,EAAE,OAAO,CAACI,CAAC,EAAEI,IAAI,CAACC,SAAS,CAACT,CAAC,CAAC,CAAC;EACxD,OAAO,CAACI,CAAC,EAAEJ,CAAC,CAAC;AACf,CAAC,CAAC,CACDE,GAAG,CAAEQ,CAAC,IAAKA,CAAC,CAACH,IAAI,CAAC,GAAG,CAAC,CAAC,CACvBA,IAAI,CAAC,GAAG,CAAC;;AAEd;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAVAI,OAAA,CAAAjB,cAAA,GAAAA,cAAA;AAWO,MAAMkB,aAAa,SAASC,KAAK,CAAC;EACvC;EACAC,IAAI,GAAW,uBAAuB;EAEtCC,WAAWA,CAACC,OAAgB,EAAE;IAC5B,KAAK,CAACA,OAAO,CAAC;IACd,IAAI,CAACC,IAAI,GAAG,IAAI,CAACF,WAAW,CAACE,IAAI;EACnC;AACF;;AAEA;AACA;AACA;AACA;AAHAN,OAAA,CAAAC,aAAA,GAAAA,aAAA;AAIO,MAAMM,gBAAgB,SAASN,aAAa,CAAC;EAClDE,IAAI,GAAG,iCAAiC;;EAExC;;EAGA;;EAGAC,WAAWA,CAAAI,KAAA,EAQR;IAAA,IARS;MACVH,OAAO;MACPI,KAAK,GAAG,aAAa;MACrBC,MAAM,GAAG;IAKX,CAAC,GAAAF,KAAA;IACC,KAAK,CAACzB,cAAc,CAAC;MAAEsB,OAAO;MAAEI,KAAK;MAAEC;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACD,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACC,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AAFAV,OAAA,CAAAO,gBAAA,GAAAA,gBAAA;AAGO,MAAMI,yBAAyB,SAASV,aAAa,CAAC;EAC3DE,IAAI,GAAW,4BAA4B;EAI3CC,WAAWA,CAAAQ,KAAA,EAQR;IAAA,IARS;MACVP,OAAO;MACPK,MAAM;MACNG;IAKF,CAAC,GAAAD,KAAA;IACC,KAAK,CAAC7B,cAAc,CAAC;MAAEsB,OAAO;MAAEK,MAAM;MAAEG;IAAW,CAAC,CAAC,CAAC;IACtD,IAAI,CAACH,MAAM,GAAGA,MAAM;IACpB,IAAI,CAACG,UAAU,GAAGA,UAAU;EAC9B;AACF;;AAEA;AACA;AACA;AACA;AAHAb,OAAA,CAAAW,yBAAA,GAAAA,yBAAA;AAIO,MAAMG,mBAAmB,SAASH,yBAAyB,CAAC;EAGjEP,WAAWA,CAACW,MAKX,EAAE;IACD,KAAK,CAACA,MAAM,CAAC;IACb,IAAI,CAACZ,IAAI,GAAGY,MAAM,CAACZ,IAAI,IAAIa,oCAAwB,CAACC,kBAAkB;EACxE;AACF;;AAEA;AACA;AACA;AACA;AAHAjB,OAAA,CAAAc,mBAAA,GAAAA,mBAAA;AAIO,MAAMI,2BAA2B,SAASP,yBAAyB,CAAC;EAIzEP,WAAWA,CAACW,MAKX,EAAE;IACD,KAAK,CAACA,MAAM,CAAC;IACb,IAAI,CAACL,MAAM,GAAGK,MAAM,CAACL,MAAM;IAC3B,IAAI,CAACP,IAAI,GACPY,MAAM,CAACZ,IAAI,IACXgB,4CAAgC,CAACC,0BAA0B;EAC/D;AACF;;AAEA;AACA;AACA;AACA;AAHApB,OAAA,CAAAkB,2BAAA,GAAAA,2BAAA;AAIO,MAAMG,yBAAyB,SAASV,yBAAyB,CAAC;EAGvEP,WAAWA,CAACW,MAKX,EAAE;IACD,KAAK,CAACA,MAAM,CAAC;IACb,IAAI,CAACZ,IAAI,GACPY,MAAM,CAACZ,IAAI,IAAImB,0CAA8B,CAACC,wBAAwB;EAC1E;AACF;AAACvB,OAAA,CAAAqB,yBAAA,GAAAA,yBAAA;AASD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASG,iCAAiCA,CAC/CC,SAAiB,EAAAC,KAAA,EAQmB;EAAA,IAPpC;IACEC,UAAU;IACVC;EAIF,CAAC,GAAAF,KAAA;EAED,MAAMG,uBAAuB,GAC3BF,UAAU,CAACG,wBAAwB,CAACC,mCAAmC,CACrEH,cAAc,CACf;EAEH,IAAI,CAACC,uBAAuB,EAAE;IAC5B,MAAM,IAAI5B,aAAa,CACpB,8BAA6B2B,cAAe,qBAC/C,CAAC;EACH;EAEA,MAAM;IAAEI;EAA0B,CAAC,GAAGH,uBAAuB;EAE7D,IAAI,EAACG,yBAAyB,aAAzBA,yBAAyB,eAAzBA,yBAAyB,CAAGP,SAAS,CAAC,GAAE;IAC3C,OAAOnC,SAAS;EAClB;EAEA,MAAM2C,WAAW,GAAGD,yBAAyB,CAACP,SAAS,CAAC,CAAES,OAAO;EAEjE,OAAOD,WAAW,CAACE,MAAM,CACvB,CAACC,GAAG,EAAAC,KAAA;IAAA,IAAE;MAAEC,MAAM;MAAE,GAAGC;IAAK,CAAC,GAAAF,KAAA;IAAA,OAAM;MAAE,GAAGD,GAAG;MAAE,CAACE,MAAM,GAAGC;IAAK,CAAC;EAAA,CAAC,EAC1D,CAAC,CACH,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,kBAAkB,GACuBC,UAAa,IAC1D,CAACC,KAAc,EAAEvC,IAA0B,KACzCuC,KAAK,YAAYD,UAAU,IAAIC,KAAK,CAACvC,IAAI,MAAMA,IAAI,IAAIuC,KAAK,CAACvC,IAAI,CAAC;AAE/D,MAAMwC,qBAAqB,GAAGH,kBAAkB,CAAC1B,mBAAmB,CAAC;AAACd,OAAA,CAAA2C,qBAAA,GAAAA,qBAAA;AACtE,MAAMC,6BAA6B,GAAGJ,kBAAkB,CAC7DtB,2BACF,CAAC;AAAClB,OAAA,CAAA4C,6BAAA,GAAAA,6BAAA;AACK,MAAMC,2BAA2B,GAAGL,kBAAkB,CAC3DnB,yBACF,CAAC;;AAED;AAAArB,OAAA,CAAA6C,2BAAA,GAAAA,2BAAA;AAuBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,oBAAoB,CAA6C;EACpEC,UAAU,GAEd,CAAC,CAAC;EAEN3C,WAAWA,CAASqC,UAAa,EAAE;IAAA,KAAfA,UAAa,GAAbA,UAAa;EAAG;EAEpCO,MAAMA,CAACC,MAAoB,EAAElC,MAAoB,EAAE;IACjD,IAAI,CAACgC,UAAU,CAACE,MAAM,CAAC,GAAGlC,MAAM;IAChC,OAAO,IAAI;EACb;EAEAmC,SAASA,CAACC,aAAwC,EAAE;IAClD,MAAMpC,MAAM,GACV,IAAI,CAACgC,UAAU,CAACI,aAAa,CAACtC,UAAU,CAAC,IAAI,IAAI,CAACkC,UAAU,CAAC,GAAG,CAAC;IAEnE,IAAIhC,MAAM,EAAE;MACV,OAAO,IAAI,IAAI,CAAC0B,UAAU,CAAC;QAAE,GAAGU,aAAa;QAAE,GAAGpC;MAAO,CAAC,CAAC;IAC7D;IAEA,OAAOoC,aAAa;EACtB;AACF;AAACnD,OAAA,CAAA8C,oBAAA,GAAAA,oBAAA"}
1
+ {"version":3,"names":["_errorCodes","require","serializeAttrs","attrs","Object","entries","filter","_ref","v","undefined","map","_ref2","k","Array","isArray","join","JSON","stringify","_","exports","IoWalletError","Error","code","constructor","message","name","ValidationFailed","_ref3","claim","reason","UnexpectedStatusCodeError","_ref4","statusCode","IssuerResponseError","params","IssuerResponseErrorCodes","IssuerGenericError","WalletProviderResponseError","WalletProviderResponseErrorCodes","WalletProviderGenericError","RelyingPartyResponseError","RelyingPartyResponseErrorCodes","RelyingPartyGenericError","extractErrorMessageFromIssuerConf","errorCode","_ref5","issuerConf","credentialType","credentialConfiguration","openid_credential_issuer","credential_configurations_supported","issuance_errors_supported","localesList","display","reduce","acc","_ref6","locale","rest","makeErrorTypeGuard","ErrorClass","error","isIssuerResponseError","isWalletProviderResponseError","isRelyingPartyResponseError","ResponseErrorBuilder","errorCases","handle","status","buildFrom","originalError"],"sourceRoot":"../../../src","sources":["utils/errors.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,IAAAA,WAAA,GAAAC,OAAA;AAgBA;;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,cAAc,GACzBC,KAA8E,IAE9EC,MAAM,CAACC,OAAO,CAACF,KAAK,CAAC,CAClBG,MAAM,CAACC,IAAA;EAAA,IAAC,GAAGC,CAAC,CAAC,GAAAD,IAAA;EAAA,OAAKC,CAAC,KAAKC,SAAS;AAAA,EAAC,CAClCC,GAAG,CAACC,KAAA,IAAY;EAAA,IAAX,CAACC,CAAC,EAAEJ,CAAC,CAAC,GAAAG,KAAA;EACV,IAAIE,KAAK,CAACC,OAAO,CAACN,CAAC,CAAC,EAAE,OAAO,CAACI,CAAC,EAAG,IAAGJ,CAAC,CAACO,IAAI,CAAC,IAAI,CAAE,GAAE,CAAC;EACrD,IAAI,OAAOP,CAAC,KAAK,QAAQ,EAAE,OAAO,CAACI,CAAC,EAAEI,IAAI,CAACC,SAAS,CAACT,CAAC,CAAC,CAAC;EACxD,OAAO,CAACI,CAAC,EAAEJ,CAAC,CAAC;AACf,CAAC,CAAC,CACDE,GAAG,CAAEQ,CAAC,IAAKA,CAAC,CAACH,IAAI,CAAC,GAAG,CAAC,CAAC,CACvBA,IAAI,CAAC,GAAG,CAAC;;AAEd;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAVAI,OAAA,CAAAjB,cAAA,GAAAA,cAAA;AAWO,MAAMkB,aAAa,SAASC,KAAK,CAAC;EACvC;EACAC,IAAI,GAAW,uBAAuB;EAEtCC,WAAWA,CAACC,OAAgB,EAAE;IAC5B,KAAK,CAACA,OAAO,CAAC;IACd,IAAI,CAACC,IAAI,GAAG,IAAI,CAACF,WAAW,CAACE,IAAI;EACnC;AACF;;AAEA;AACA;AACA;AACA;AAHAN,OAAA,CAAAC,aAAA,GAAAA,aAAA;AAIO,MAAMM,gBAAgB,SAASN,aAAa,CAAC;EAClDE,IAAI,GAAG,iCAAiC;;EAExC;;EAGA;;EAGAC,WAAWA,CAAAI,KAAA,EAQR;IAAA,IARS;MACVH,OAAO;MACPI,KAAK,GAAG,aAAa;MACrBC,MAAM,GAAG;IAKX,CAAC,GAAAF,KAAA;IACC,KAAK,CAACzB,cAAc,CAAC;MAAEsB,OAAO;MAAEI,KAAK;MAAEC;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACD,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACC,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AAFAV,OAAA,CAAAO,gBAAA,GAAAA,gBAAA;AAGO,MAAMI,yBAAyB,SAASV,aAAa,CAAC;EAC3DE,IAAI,GAAW,4BAA4B;EAI3CC,WAAWA,CAAAQ,KAAA,EAQR;IAAA,IARS;MACVP,OAAO;MACPK,MAAM;MACNG;IAKF,CAAC,GAAAD,KAAA;IACC,KAAK,CAAC7B,cAAc,CAAC;MAAEsB,OAAO;MAAEK,MAAM;MAAEG;IAAW,CAAC,CAAC,CAAC;IACtD,IAAI,CAACH,MAAM,GAAGA,MAAM;IACpB,IAAI,CAACG,UAAU,GAAGA,UAAU;EAC9B;AACF;;AAEA;AACA;AACA;AACA;AAHAb,OAAA,CAAAW,yBAAA,GAAAA,yBAAA;AAIO,MAAMG,mBAAmB,SAASH,yBAAyB,CAAC;EAGjEP,WAAWA,CAACW,MAKX,EAAE;IACD,KAAK,CAACA,MAAM,CAAC;IACb,IAAI,CAACZ,IAAI,GAAGY,MAAM,CAACZ,IAAI,IAAIa,oCAAwB,CAACC,kBAAkB;EACxE;AACF;;AAEA;AACA;AACA;AACA;AAHAjB,OAAA,CAAAc,mBAAA,GAAAA,mBAAA;AAIO,MAAMI,2BAA2B,SAASP,yBAAyB,CAAC;EAIzEP,WAAWA,CAACW,MAKX,EAAE;IACD,KAAK,CAACA,MAAM,CAAC;IACb,IAAI,CAACL,MAAM,GAAGK,MAAM,CAACL,MAAM;IAC3B,IAAI,CAACP,IAAI,GACPY,MAAM,CAACZ,IAAI,IACXgB,4CAAgC,CAACC,0BAA0B;EAC/D;AACF;;AAEA;AACA;AACA;AACA;AAHApB,OAAA,CAAAkB,2BAAA,GAAAA,2BAAA;AAIO,MAAMG,yBAAyB,SAASV,yBAAyB,CAAC;EAGvEP,WAAWA,CAACW,MAKX,EAAE;IACD,KAAK,CAACA,MAAM,CAAC;IACb,IAAI,CAACZ,IAAI,GACPY,MAAM,CAACZ,IAAI,IAAImB,0CAA8B,CAACC,wBAAwB;EAC1E;AACF;AAACvB,OAAA,CAAAqB,yBAAA,GAAAA,yBAAA;AASD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASG,iCAAiCA,CAC/CC,SAAiB,EAAAC,KAAA,EAQmB;EAAA,IAPpC;IACEC,UAAU;IACVC;EAIF,CAAC,GAAAF,KAAA;EAED,MAAMG,uBAAuB,GAC3BF,UAAU,CAACG,wBAAwB,CAACC,mCAAmC,CACrEH,cAAc,CACf;EAEH,IAAI,CAACC,uBAAuB,EAAE;IAC5B,MAAM,IAAI5B,aAAa,CACpB,8BAA6B2B,cAAe,qBAC/C,CAAC;EACH;EAEA,MAAM;IAAEI;EAA0B,CAAC,GAAGH,uBAAuB;EAE7D,IAAI,EAACG,yBAAyB,aAAzBA,yBAAyB,eAAzBA,yBAAyB,CAAGP,SAAS,CAAC,GAAE;IAC3C,OAAOnC,SAAS;EAClB;EAEA,MAAM2C,WAAW,GAAGD,yBAAyB,CAACP,SAAS,CAAC,CAAES,OAAO;EAEjE,OAAOD,WAAW,CAACE,MAAM,CACvB,CAACC,GAAG,EAAAC,KAAA;IAAA,IAAE;MAAEC,MAAM;MAAE,GAAGC;IAAK,CAAC,GAAAF,KAAA;IAAA,OAAM;MAAE,GAAGD,GAAG;MAAE,CAACE,MAAM,GAAGC;IAAK,CAAC;EAAA,CAAC,EAC1D,CAAC,CACH,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,kBAAkB,GACuBC,UAAa,IAC1D,CAACC,KAAc,EAAEvC,IAA0B,KACzCuC,KAAK,YAAYD,UAAU,IAAIC,KAAK,CAACvC,IAAI,MAAMA,IAAI,IAAIuC,KAAK,CAACvC,IAAI,CAAC;AAE/D,MAAMwC,qBAAqB,GAAGH,kBAAkB,CAAC1B,mBAAmB,CAAC;AAACd,OAAA,CAAA2C,qBAAA,GAAAA,qBAAA;AACtE,MAAMC,6BAA6B,GAAGJ,kBAAkB,CAC7DtB,2BACF,CAAC;AAAClB,OAAA,CAAA4C,6BAAA,GAAAA,6BAAA;AACK,MAAMC,2BAA2B,GAAGL,kBAAkB,CAC3DnB,yBACF,CAAC;;AAED;AAAArB,OAAA,CAAA6C,2BAAA,GAAAA,2BAAA;AAuBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,oBAAoB,CAA6C;EACpEC,UAAU,GAEd,CAAC,CAAC;EAEN3C,WAAWA,CAASqC,UAAa,EAAE;IAAA,KAAfA,UAAa,GAAbA,UAAa;EAAG;EAEpCO,MAAMA,CAACC,MAAoB,EAAElC,MAAoB,EAAE;IACjD,IAAI,CAACgC,UAAU,CAACE,MAAM,CAAC,GAAGlC,MAAM;IAChC,OAAO,IAAI;EACb;EAEAmC,SAASA,CAACC,aAAwC,EAAE;IAClD,MAAMpC,MAAM,GACV,IAAI,CAACgC,UAAU,CAACI,aAAa,CAACtC,UAAU,CAAC,IAAI,IAAI,CAACkC,UAAU,CAAC,GAAG,CAAC;IAEnE,IAAIhC,MAAM,EAAE;MACV,OAAO,IAAI,IAAI,CAAC0B,UAAU,CAAC;QAAE,GAAGU,aAAa;QAAE,GAAGpC;MAAO,CAAC,CAAC;IAC7D;IAEA,OAAOoC,aAAa;EACtB;AACF;AAACnD,OAAA,CAAA8C,oBAAA,GAAAA,oBAAA"}
package/lib/module/credential/issuance/02-evaluate-issuer-trust.js CHANGED
@@ -1,4 +1,4 @@
1
- import { getCredentialIssuerEntityConfiguration } from "../../trust";
1
+ import { getCredentialIssuerEntityConfiguration } from "../../trust/build-chain";
2
2
  /**
3
3
  * WARNING: This function must be called after {@link startFlow}. The next function to be called is {@link startUserAuthorization}.
4
4
  * The Issuer trust evaluation phase.
package/lib/module/credential/issuance/02-evaluate-issuer-trust.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["getCredentialIssuerEntityConfiguration","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerConf","appFetch","then","_","payload","metadata"],"sourceRoot":"../../../../src","sources":["credential/issuance/02-evaluate-issuer-trust.ts"],"mappings":"AAAA,SAASA,sCAAsC,QAAQ,aAAa;AAcpE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAwC,GAAG,eAAAA,CACtDC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,UAAU,GAAG,MAAMP,sCAAsC,CAACE,SAAS,EAAE;IACzEM,QAAQ,EAAEL,OAAO,CAACK;EACpB,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,OAAO,CAACC,QAAQ,CAAC;EAClC,OAAO;IAAEL;EAAW,CAAC;AACvB,CAAC"}
1
+ {"version":3,"names":["getCredentialIssuerEntityConfiguration","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerConf","appFetch","then","_","payload","metadata"],"sourceRoot":"../../../../src","sources":["credential/issuance/02-evaluate-issuer-trust.ts"],"mappings":"AAGA,SAASA,sCAAsC,QAAQ,yBAAyB;AAWhF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAwC,GAAG,eAAAA,CACtDC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,UAAU,GAAG,MAAMP,sCAAsC,CAACE,SAAS,EAAE;IACzEM,QAAQ,EAAEL,OAAO,CAACK;EACpB,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,OAAO,CAACC,QAAQ,CAAC;EAClC,OAAO;IAAEL;EAAW,CAAC;AACvB,CAAC"}
package/lib/module/credential/presentation/02-evaluate-rp-trust.js CHANGED
@@ -1,4 +1,4 @@
1
- import { getRelyingPartyEntityConfiguration } from "../../trust";
1
+ import { getRelyingPartyEntityConfiguration } from "../../trust/build-chain";
2
2
  /**
3
3
  * The Relying Party trust evaluation phase.
4
4
  * Fetch the Relying Party's configuration and verify trust.
package/lib/module/credential/presentation/02-evaluate-rp-trust.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["getRelyingPartyEntityConfiguration","evaluateRelyingPartyTrust","rpUrl","appFetch","fetch","arguments","length","undefined","payload","metadata","rpConf","sub","subject"],"sourceRoot":"../../../../src","sources":["credential/presentation/02-evaluate-rp-trust.ts"],"mappings":"AAAA,SAASA,kCAAkC,QAAQ,aAAa;AAehE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,yBAAoD,GAAG,eAAAA,CAClEC,KAAK,EAEF;EAAA,IADH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IACJG,OAAO,EAAE;MAAEC,QAAQ,EAAEC,MAAM;MAAEC;IAAI;EACnC,CAAC,GAAG,MAAMX,kCAAkC,CAACE,KAAK,EAAE;IAClDC;EACF,CAAC,CAAC;EACF,OAAO;IAAEO,MAAM;IAAEE,OAAO,EAAED;EAAI,CAAC;AACjC,CAAC"}
1
+ {"version":3,"names":["getRelyingPartyEntityConfiguration","evaluateRelyingPartyTrust","rpUrl","appFetch","fetch","arguments","length","undefined","payload","metadata","rpConf","sub","subject"],"sourceRoot":"../../../../src","sources":["credential/presentation/02-evaluate-rp-trust.ts"],"mappings":"AAGA,SAASA,kCAAkC,QAAQ,yBAAyB;AAY5E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,yBAAoD,GAAG,eAAAA,CAClEC,KAAK,EAEF;EAAA,IADH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IACJG,OAAO,EAAE;MAAEC,QAAQ,EAAEC,MAAM;MAAEC;IAAI;EACnC,CAAC,GAAG,MAAMX,kCAAkC,CAACE,KAAK,EAAE;IAClDC;EACF,CAAC,CAAC;EACF,OAAO;IAAEO,MAAM;IAAEE,OAAO,EAAED;EAAI,CAAC;AACjC,CAAC"}