@pagopa/io-react-native-wallet 2.0.0-next.2 → 2.0.0-next.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/credential/issuance/03-start-user-authorization.js +38 -24
- package/lib/commonjs/credential/issuance/03-start-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/05-authorize-access.js +6 -10
- package/lib/commonjs/credential/issuance/05-authorize-access.js.map +1 -1
- package/lib/commonjs/credential/issuance/06-obtain-credential.js +43 -11
- package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js +51 -48
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/README.md +34 -13
- package/lib/commonjs/credential/issuance/const.js +1 -1
- package/lib/commonjs/credential/issuance/types.js +16 -10
- package/lib/commonjs/credential/issuance/types.js.map +1 -1
- package/lib/commonjs/credential/presentation/07-evaluate-dcql-query.js +4 -4
- package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js +3 -3
- package/lib/commonjs/credential/status/README.md +0 -1
- package/lib/commonjs/sd-jwt/__test__/index.test.js +11 -15
- package/lib/commonjs/sd-jwt/__test__/index.test.js.map +1 -1
- package/lib/commonjs/sd-jwt/__test__/types.test.js +5 -2
- package/lib/commonjs/sd-jwt/__test__/types.test.js.map +1 -1
- package/lib/commonjs/sd-jwt/__test__/utils.test.js +37 -0
- package/lib/commonjs/sd-jwt/__test__/utils.test.js.map +1 -0
- package/lib/commonjs/sd-jwt/index.js +20 -0
- package/lib/commonjs/sd-jwt/index.js.map +1 -1
- package/lib/commonjs/sd-jwt/types.js +51 -4
- package/lib/commonjs/sd-jwt/types.js.map +1 -1
- package/lib/commonjs/sd-jwt/utils.js +64 -0
- package/lib/commonjs/sd-jwt/utils.js.map +1 -0
- package/lib/commonjs/trust/types.js +18 -13
- package/lib/commonjs/trust/types.js.map +1 -1
- package/lib/commonjs/utils/par.js +32 -22
- package/lib/commonjs/utils/par.js.map +1 -1
- package/lib/commonjs/utils/pop.js +1 -1
- package/lib/commonjs/utils/pop.js.map +1 -1
- package/lib/commonjs/wallet-instance-attestation/types.js +5 -1
- package/lib/commonjs/wallet-instance-attestation/types.js.map +1 -1
- package/lib/module/credential/issuance/03-start-user-authorization.js +38 -24
- package/lib/module/credential/issuance/03-start-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/05-authorize-access.js +6 -10
- package/lib/module/credential/issuance/05-authorize-access.js.map +1 -1
- package/lib/module/credential/issuance/06-obtain-credential.js +44 -12
- package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js +51 -48
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
- package/lib/module/credential/issuance/README.md +34 -13
- package/lib/module/credential/issuance/const.js +1 -1
- package/lib/module/credential/issuance/types.js +12 -8
- package/lib/module/credential/issuance/types.js.map +1 -1
- package/lib/module/credential/presentation/07-evaluate-dcql-query.js +4 -4
- package/lib/module/credential/presentation/07-evaluate-input-descriptor.js +3 -3
- package/lib/module/credential/status/README.md +0 -1
- package/lib/module/sd-jwt/__test__/index.test.js +11 -16
- package/lib/module/sd-jwt/__test__/index.test.js.map +1 -1
- package/lib/module/sd-jwt/__test__/types.test.js +5 -2
- package/lib/module/sd-jwt/__test__/types.test.js.map +1 -1
- package/lib/module/sd-jwt/__test__/utils.test.js +35 -0
- package/lib/module/sd-jwt/__test__/utils.test.js.map +1 -0
- package/lib/module/sd-jwt/index.js +1 -0
- package/lib/module/sd-jwt/index.js.map +1 -1
- package/lib/module/sd-jwt/types.js +50 -3
- package/lib/module/sd-jwt/types.js.map +1 -1
- package/lib/module/sd-jwt/utils.js +57 -0
- package/lib/module/sd-jwt/utils.js.map +1 -0
- package/lib/module/trust/types.js +18 -13
- package/lib/module/trust/types.js.map +1 -1
- package/lib/module/utils/par.js +29 -20
- package/lib/module/utils/par.js.map +1 -1
- package/lib/module/utils/pop.js +1 -1
- package/lib/module/utils/pop.js.map +1 -1
- package/lib/module/wallet-instance-attestation/types.js +5 -1
- package/lib/module/wallet-instance-attestation/types.js.map +1 -1
- package/lib/typescript/client/generated/wallet-provider.d.ts +12 -12
- package/lib/typescript/credential/issuance/01-start-flow.d.ts +2 -2
- package/lib/typescript/credential/issuance/01-start-flow.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts +7 -6
- package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/05-authorize-access.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts +10 -5
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts +3 -2
- package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/const.d.ts +1 -1
- package/lib/typescript/credential/issuance/types.d.ts +46 -26
- package/lib/typescript/credential/issuance/types.d.ts.map +1 -1
- package/lib/typescript/pid/sd-jwt/types.d.ts +7 -7
- package/lib/typescript/sd-jwt/__test__/utils.test.d.ts +2 -0
- package/lib/typescript/sd-jwt/__test__/utils.test.d.ts.map +1 -0
- package/lib/typescript/sd-jwt/index.d.ts +21 -8
- package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/types.d.ts +194 -12
- package/lib/typescript/sd-jwt/types.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/utils.d.ts +18 -0
- package/lib/typescript/sd-jwt/utils.d.ts.map +1 -0
- package/lib/typescript/trust/build-chain.d.ts +30 -14
- package/lib/typescript/trust/build-chain.d.ts.map +1 -1
- package/lib/typescript/trust/types.d.ts +322 -158
- package/lib/typescript/trust/types.d.ts.map +1 -1
- package/lib/typescript/utils/par.d.ts +29 -13
- package/lib/typescript/utils/par.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/types.d.ts +9 -9
- package/lib/typescript/wallet-instance-attestation/types.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/credential/issuance/01-start-flow.ts +2 -2
- package/src/credential/issuance/03-start-user-authorization.ts +57 -38
- package/src/credential/issuance/05-authorize-access.ts +5 -11
- package/src/credential/issuance/06-obtain-credential.ts +53 -23
- package/src/credential/issuance/07-verify-and-parse-credential.ts +54 -62
- package/src/credential/issuance/README.md +34 -13
- package/src/credential/issuance/const.ts +1 -1
- package/src/credential/issuance/types.ts +18 -8
- package/src/credential/presentation/07-evaluate-dcql-query.ts +4 -4
- package/src/credential/presentation/07-evaluate-input-descriptor.ts +3 -3
- package/src/credential/status/README.md +0 -1
- package/src/sd-jwt/__test__/index.test.ts +8 -29
- package/src/sd-jwt/__test__/types.test.ts +6 -2
- package/src/sd-jwt/__test__/utils.test.ts +37 -0
- package/src/sd-jwt/index.ts +2 -0
- package/src/sd-jwt/types.ts +49 -2
- package/src/sd-jwt/utils.ts +73 -0
- package/src/trust/types.ts +23 -17
- package/src/utils/par.ts +37 -21
- package/src/utils/pop.ts +1 -1
- package/src/wallet-instance-attestation/types.ts +3 -1
|
@@ -6,7 +6,7 @@ There's a fork in the flow which is based on the type of the credential that is
|
|
|
6
6
|
This is due to the fact that eID credentials require a different authorization flow than other credentials, which is accomplished by a strong authentication method like SPID or CIE.
|
|
7
7
|
Credentials instead require a simpler authorization flow and they require other credentials to be presented in order to be issued.
|
|
8
8
|
|
|
9
|
-
The supported credentials are defined in the entity configuration of the issuer which is evaluted and parsed in the `evaluateIssuerTrust` step.
|
|
9
|
+
The supported credentials are defined in the entity configuration of the issuer which is evaluted and parsed in the `evaluateIssuerTrust` step. Available credentials are identified with a unique `credential_configuration_id`, that must be used when requesting authorization. The Authorization Server returns an array of **credential identifiers** that map to the `credential_configuration_id` provided: to obtain the credential, one of the credential identifiers (or all of them) must be requested to the credential endpoint.
|
|
10
10
|
|
|
11
11
|
## Sequence Diagram
|
|
12
12
|
|
|
@@ -72,6 +72,8 @@ The expected result from the authentication process is in `form_post.jwt` format
|
|
|
72
72
|
<summary>Credential issuance flow</summary>
|
|
73
73
|
|
|
74
74
|
```ts
|
|
75
|
+
// TODO: [SIW-2209] update documentation in PR #219
|
|
76
|
+
|
|
75
77
|
// Retrieve the integrity key tag from the store and create its context
|
|
76
78
|
const integrityKeyTag = "example"; // Let's assume this is the key tag used to create the wallet instance
|
|
77
79
|
const integrityContext = getIntegrityContext(integrityKeyTag);
|
|
@@ -251,11 +253,10 @@ const credentialCryptoContext = createCryptoContextFor(credentialKeyTag);
|
|
|
251
253
|
// Start the issuance flow
|
|
252
254
|
const startFlow: Credential.Issuance.StartFlow = () => ({
|
|
253
255
|
issuerUrl: WALLET_EID_PROVIDER_BASE_URL,
|
|
254
|
-
|
|
255
|
-
appFetch,
|
|
256
|
+
credentialId: "dc_sd_jwt_PersonIdentificationData",
|
|
256
257
|
});
|
|
257
258
|
|
|
258
|
-
const { issuerUrl } = startFlow();
|
|
259
|
+
const { issuerUrl, credentialId } = startFlow();
|
|
259
260
|
|
|
260
261
|
// Evaluate issuer trust
|
|
261
262
|
const { issuerConf } = await Credential.Issuance.evaluateIssuerTrust(
|
|
@@ -265,12 +266,16 @@ const { issuerConf } = await Credential.Issuance.evaluateIssuerTrust(
|
|
|
265
266
|
|
|
266
267
|
// Start user authorization
|
|
267
268
|
const { issuerRequestUri, clientId, codeVerifier, credentialDefinition } =
|
|
268
|
-
await Credential.Issuance.startUserAuthorization(
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
269
|
+
await Credential.Issuance.startUserAuthorization(
|
|
270
|
+
issuerConf,
|
|
271
|
+
[credentialId], // Request authorization for one or more credentials
|
|
272
|
+
{
|
|
273
|
+
walletInstanceAttestation,
|
|
274
|
+
redirectUri,
|
|
275
|
+
wiaCryptoContext,
|
|
276
|
+
appFetch,
|
|
277
|
+
}
|
|
278
|
+
);
|
|
274
279
|
|
|
275
280
|
// Complete the authorization process with query mode with the authorizationContext which opens the browser
|
|
276
281
|
const { code } =
|
|
@@ -301,12 +306,27 @@ const { accessToken } = await Credential.Issuance.authorizeAccess(
|
|
|
301
306
|
}
|
|
302
307
|
);
|
|
303
308
|
|
|
309
|
+
|
|
310
|
+
const [pidCredentialDefinition] = credentialDefinition;
|
|
311
|
+
|
|
312
|
+
// Extract the credential_identifier(s) from the access token
|
|
313
|
+
// For each one of them, a credential can be obtained by calling `obtainCredential`
|
|
314
|
+
const { credential_configuration_id, credential_identifiers } =
|
|
315
|
+
accessToken.authorization_details.find(
|
|
316
|
+
(authDetails) =>
|
|
317
|
+
authDetails.credential_configuration_id ===
|
|
318
|
+
pidCredentialDefinition.credential_configuration_id
|
|
319
|
+
);
|
|
320
|
+
|
|
304
321
|
// Obtain che eID credential
|
|
305
322
|
const { credential, format } = await Credential.Issuance.obtainCredential(
|
|
306
323
|
issuerConf,
|
|
307
324
|
accessToken,
|
|
308
325
|
clientId,
|
|
309
|
-
|
|
326
|
+
{
|
|
327
|
+
credential_configuration_id,
|
|
328
|
+
credential_identifier: credential_identifiers.at(0),
|
|
329
|
+
},
|
|
310
330
|
{
|
|
311
331
|
credentialCryptoContext,
|
|
312
332
|
dPopCryptoContext,
|
|
@@ -318,15 +338,16 @@ const { credential, format } = await Credential.Issuance.obtainCredential(
|
|
|
318
338
|
const { parsedCredential, issuedAt, expiration } = await Credential.Issuance.verifyAndParseCredential(
|
|
319
339
|
issuerConf,
|
|
320
340
|
credential,
|
|
321
|
-
|
|
341
|
+
credential_configuration_id,
|
|
322
342
|
{ credentialCryptoContext }
|
|
323
343
|
);
|
|
324
344
|
|
|
325
345
|
return {
|
|
326
346
|
parsedCredential,
|
|
327
347
|
credential,
|
|
348
|
+
credentialConfigurationId: credential_configuration_id
|
|
349
|
+
credentialType: "PersonIdentificationData",
|
|
328
350
|
keyTag: credentialKeyTag,
|
|
329
|
-
credentialType,
|
|
330
351
|
issuedAt,
|
|
331
352
|
expiration
|
|
332
353
|
};
|
|
@@ -9,6 +9,6 @@ function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "functio
|
|
|
9
9
|
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
|
10
10
|
const ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
|
|
11
11
|
exports.ASSERTION_TYPE = ASSERTION_TYPE;
|
|
12
|
-
const SupportedCredentialFormat = z.union([z.literal("
|
|
12
|
+
const SupportedCredentialFormat = z.union([z.literal("dc+sd-jwt"), z.literal("vc+mdoc-cbor")]);
|
|
13
13
|
exports.SupportedCredentialFormat = SupportedCredentialFormat;
|
|
14
14
|
//# sourceMappingURL=const.js.map
|
|
@@ -3,26 +3,28 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.TokenResponse = exports.ResponseUriResultShape = exports.CredentialResponse = void 0;
|
|
7
|
-
var _par = require("../../utils/par");
|
|
6
|
+
exports.TokenResponse = exports.ResponseUriResultShape = exports.NonceResponse = exports.CredentialResponse = exports.AuthorizationDetail = void 0;
|
|
8
7
|
var z = _interopRequireWildcard(require("zod"));
|
|
9
|
-
var _const = require("./const");
|
|
10
8
|
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
|
11
9
|
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
|
10
|
+
const AuthorizationDetail = z.object({
|
|
11
|
+
type: z.literal("openid_credential"),
|
|
12
|
+
credential_configuration_id: z.string(),
|
|
13
|
+
credential_identifiers: z.array(z.string())
|
|
14
|
+
});
|
|
15
|
+
exports.AuthorizationDetail = AuthorizationDetail;
|
|
12
16
|
const TokenResponse = z.object({
|
|
13
17
|
access_token: z.string(),
|
|
14
|
-
authorization_details: z.array(
|
|
15
|
-
c_nonce: z.string(),
|
|
16
|
-
c_nonce_expires_in: z.number(),
|
|
18
|
+
authorization_details: z.array(AuthorizationDetail),
|
|
17
19
|
expires_in: z.number(),
|
|
18
20
|
token_type: z.string()
|
|
19
21
|
});
|
|
20
22
|
exports.TokenResponse = TokenResponse;
|
|
21
23
|
const CredentialResponse = z.object({
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
24
|
+
credentials: z.array(z.object({
|
|
25
|
+
credential: z.string()
|
|
26
|
+
})),
|
|
27
|
+
notification_id: z.string().optional()
|
|
26
28
|
});
|
|
27
29
|
|
|
28
30
|
/**
|
|
@@ -33,4 +35,8 @@ const ResponseUriResultShape = z.object({
|
|
|
33
35
|
redirect_uri: z.string()
|
|
34
36
|
});
|
|
35
37
|
exports.ResponseUriResultShape = ResponseUriResultShape;
|
|
38
|
+
const NonceResponse = z.object({
|
|
39
|
+
c_nonce: z.string()
|
|
40
|
+
});
|
|
41
|
+
exports.NonceResponse = NonceResponse;
|
|
36
42
|
//# sourceMappingURL=types.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["z","_interopRequireWildcard","require","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","AuthorizationDetail","object","type","literal","credential_configuration_id","string","credential_identifiers","array","exports","TokenResponse","access_token","authorization_details","expires_in","number","token_type","CredentialResponse","credentials","credential","notification_id","optional","ResponseUriResultShape","redirect_uri","NonceResponse","c_nonce"],"sourceRoot":"../../../../src","sources":["credential/issuance/types.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAyB,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAGlB,MAAMW,mBAAmB,GAAGzB,CAAC,CAAC0B,MAAM,CAAC;EAC1CC,IAAI,EAAE3B,CAAC,CAAC4B,OAAO,CAAC,mBAAmB,CAAC;EACpCC,2BAA2B,EAAE7B,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACvCC,sBAAsB,EAAE/B,CAAC,CAACgC,KAAK,CAAChC,CAAC,CAAC8B,MAAM,CAAC,CAAC;AAC5C,CAAC,CAAC;AAACG,OAAA,CAAAR,mBAAA,GAAAA,mBAAA;AAII,MAAMS,aAAa,GAAGlC,CAAC,CAAC0B,MAAM,CAAC;EACpCS,YAAY,EAAEnC,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACxBM,qBAAqB,EAAEpC,CAAC,CAACgC,KAAK,CAACP,mBAAmB,CAAC;EACnDY,UAAU,EAAErC,CAAC,CAACsC,MAAM,CAAC,CAAC;EACtBC,UAAU,EAAEvC,CAAC,CAAC8B,MAAM,CAAC;AACvB,CAAC,CAAC;AAACG,OAAA,CAAAC,aAAA,GAAAA,aAAA;AAII,MAAMM,kBAAkB,GAAGxC,CAAC,CAAC0B,MAAM,CAAC;EACzCe,WAAW,EAAEzC,CAAC,CAACgC,KAAK,CAClBhC,CAAC,CAAC0B,MAAM,CAAC;IACPgB,UAAU,EAAE1C,CAAC,CAAC8B,MAAM,CAAC;EACvB,CAAC,CACH,CAAC;EACDa,eAAe,EAAE3C,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACc,QAAQ,CAAC;AACvC,CAAC,CAAC;;AAEF;AACA;AACA;AAFAX,OAAA,CAAAO,kBAAA,GAAAA,kBAAA;AAGO,MAAMK,sBAAsB,GAAG7C,CAAC,CAAC0B,MAAM,CAAC;EAC7CoB,YAAY,EAAE9C,CAAC,CAAC8B,MAAM,CAAC;AACzB,CAAC,CAAC;AAACG,OAAA,CAAAY,sBAAA,GAAAA,sBAAA;AAKI,MAAME,aAAa,GAAG/C,CAAC,CAAC0B,MAAM,CAAC;EACpCsB,OAAO,EAAEhD,CAAC,CAAC8B,MAAM,CAAC;AACpB,CAAC,CAAC;AAACG,OAAA,CAAAc,aAAA,GAAAA,aAAA"}
|
|
@@ -25,7 +25,7 @@ const mapCredentialToObject = jwt => {
|
|
|
25
25
|
const credentialFormat = sdJwt.header.typ;
|
|
26
26
|
|
|
27
27
|
// TODO [SIW-2082]: support MDOC credentials
|
|
28
|
-
if (credentialFormat !== "
|
|
28
|
+
if (credentialFormat !== "dc+sd-jwt") {
|
|
29
29
|
throw new Error(`Unsupported credential format: ${credentialFormat}`);
|
|
30
30
|
}
|
|
31
31
|
return {
|
|
@@ -64,7 +64,7 @@ const extractMissingCredentials = (queryResult, originalQuery) => {
|
|
|
64
64
|
var _credential$meta;
|
|
65
65
|
let [id] = _ref3;
|
|
66
66
|
const credential = originalQuery.credentials.find(c => c.id === id);
|
|
67
|
-
if ((credential === null || credential === void 0 ? void 0 : credential.format) !== "
|
|
67
|
+
if ((credential === null || credential === void 0 ? void 0 : credential.format) !== "dc+sd-jwt") {
|
|
68
68
|
throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
|
|
69
69
|
}
|
|
70
70
|
|
|
@@ -96,7 +96,7 @@ const evaluateDcqlQuery = (credentialsSdJwt, query) => {
|
|
|
96
96
|
return getDcqlQueryMatches(queryResult).map(_ref5 => {
|
|
97
97
|
var _queryResult$credenti;
|
|
98
98
|
let [id, match] = _ref5;
|
|
99
|
-
if (match.output.credential_format !== "
|
|
99
|
+
if (match.output.credential_format !== "dc+sd-jwt") {
|
|
100
100
|
throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
|
|
101
101
|
}
|
|
102
102
|
|
|
@@ -153,7 +153,7 @@ const prepareRemotePresentations = async (credentials, nonce, clientId) => {
|
|
|
153
153
|
credentialId: item.id,
|
|
154
154
|
requestedClaims: item.requestedClaims,
|
|
155
155
|
vpToken: vp_token,
|
|
156
|
-
format: "
|
|
156
|
+
format: "dc+sd-jwt"
|
|
157
157
|
};
|
|
158
158
|
}));
|
|
159
159
|
};
|
|
@@ -240,7 +240,7 @@ const evaluateInputDescriptors = async (inputDescriptors, credentialsSdJwt) => {
|
|
|
240
240
|
})) || [];
|
|
241
241
|
return Promise.all(inputDescriptors.map(async descriptor => {
|
|
242
242
|
var _descriptor$format;
|
|
243
|
-
if ((_descriptor$format = descriptor.format) !== null && _descriptor$format !== void 0 && _descriptor$format["
|
|
243
|
+
if ((_descriptor$format = descriptor.format) !== null && _descriptor$format !== void 0 && _descriptor$format["dc+sd-jwt"]) {
|
|
244
244
|
if (!decodedSdJwtCredentials.length) {
|
|
245
245
|
throw new _errors.CredentialsNotFoundError([{
|
|
246
246
|
id: descriptor.id,
|
|
@@ -287,7 +287,7 @@ const prepareLegacyRemotePresentations = async (credentialAndDescriptors, nonce,
|
|
|
287
287
|
return Promise.all(credentialAndDescriptors.map(async item => {
|
|
288
288
|
var _descriptor$format2;
|
|
289
289
|
const descriptor = item.inputDescriptor;
|
|
290
|
-
if ((_descriptor$format2 = descriptor.format) !== null && _descriptor$format2 !== void 0 && _descriptor$format2["
|
|
290
|
+
if ((_descriptor$format2 = descriptor.format) !== null && _descriptor$format2 !== void 0 && _descriptor$format2["dc+sd-jwt"]) {
|
|
291
291
|
const {
|
|
292
292
|
vp_token
|
|
293
293
|
} = await (0, _sdJwt.prepareVpToken)(nonce, client_id, [item.credential, item.requestedClaims, (0, _crypto.createCryptoContextFor)(item.keyTag)]);
|
|
@@ -295,7 +295,7 @@ const prepareLegacyRemotePresentations = async (credentialAndDescriptors, nonce,
|
|
|
295
295
|
requestedClaims: item.requestedClaims,
|
|
296
296
|
inputDescriptor: descriptor,
|
|
297
297
|
vpToken: vp_token,
|
|
298
|
-
format: "
|
|
298
|
+
format: "dc+sd-jwt"
|
|
299
299
|
};
|
|
300
300
|
}
|
|
301
301
|
throw new _errors.CredentialsNotFoundError([{
|
|
@@ -4,23 +4,16 @@ var _zod = require("zod");
|
|
|
4
4
|
var _index = require("../index");
|
|
5
5
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
6
6
|
var _types = require("../types");
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
// - "address" is used as verification._sd
|
|
14
|
-
// - all others disclosures are in claims._sd
|
|
15
|
-
const token = "eyJraWQiOiItRl82VWdhOG4zVmVnalkyVTdZVUhLMXpMb2FELU5QVGM2M1JNSVNuTGF3IiwidHlwIjoidmMrc2Qtand0IiwiYWxnIjoiRVMyNTYifQ.eyJfc2QiOlsiMHExRDVKbWF2NnBRYUVoX0pfRmN2X3VOTk1RSWdDeWhRT3hxbFk0bDNxVSIsIktDSi1BVk52ODhkLXhqNnNVSUFPSnhGbmJVaDNySFhES2tJSDFsRnFiUnMiLCJNOWxvOVl4RE5JWHJBcTJxV2VpQ0E0MHpwSl96WWZGZFJfNEFFQUxjUnRVIiwiY3pnalVrMG5xUkNzd1NoQ2hDamRTNkExLXY0N2RfcVRDU0ZJdklIaE1vSSIsIm5HblFyN2NsbTN0ZlRwOHlqTF91SHJEU090elIyUFZiOFM3R2VMZEFxQlEiLCJ4TklWd2xwU3NhWjhDSlNmMGd6NXhfNzVWUldXYzZWMW1scGVqZENycVVzIl0sInN1YiI6IjIxNmY4OTQ2LTllY2ItNDgxOS05MzA5LWMwNzZmMzRhN2UxMSIsIl9zZF9hbGciOiJzaGEtMjU2IiwidmN0IjoiUGVyc29uSWRlbnRpZmljYXRpb25EYXRhIiwiaXNzIjoiaHR0cHM6Ly9wcmUuZWlkLndhbGxldC5pcHpzLml0IiwiY25mIjp7Imp3ayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2Iiwia2lkIjoiUnYzVy1FaUtwdkJUeWs1eVp4dnJldi03TURCNlNselVDQm9fQ1FqamRkVSIsIngiOiIwV294N1F0eVBxQnlnMzVNSF9YeUNjbmQ1TGUtSm0wQVhIbFVnREJBMDNZIiwieSI6ImVFaFZ2ZzFKUHFOZDNEVFNhNG1HREdCbHdZNk5QLUVaYkxiTkZYU1h3SWcifX0sImV4cCI6MTc1MTU0NjU3Niwic3RhdHVzIjp7InN0YXR1c19hdHRlc3RhdGlvbiI6eyJjcmVkZW50aWFsX2hhc2hfYWxnIjoic2hhLTI1NiJ9fX0.qXHA2oqr8trX4fGxpxpUft2GX380TM3pzfo1MYAsDjUC8HsODA-4rdRWAvDe2zYP57x4tJU7eiABkd1Kmln9yQ~WyJrSkRFUDhFYU5URU1CRE9aelp6VDR3IiwidW5pcXVlX2lkIiwiVElOSVQtTFZMREFBODVUNTBHNzAyQiJd~WyJ6SUF5VUZ2UGZJcEUxekJxeEk1aGFRIiwiYmlydGhfZGF0ZSIsIjE5ODUtMTItMTAiXQ~WyJHcjNSM3MyOTBPa1FVbS1ORlR1OTZBIiwidGF4X2lkX2NvZGUiLCJUSU5JVC1MVkxEQUE4NVQ1MEc3MDJCIl0~WyJHeE9SYWxNQWVsZlowZWRGSmpqWVV3IiwiZ2l2ZW5fbmFtZSIsIkFkYSJd~WyJfdlY1UklrbDBJT0VYS290czlrdDF3IiwiZmFtaWx5X25hbWUiLCJMb3ZlbGFjZSJd~WyJDajV0Y2NSNzJKd3J6ZTJUVzRhLXdnIiwiaWF0IiwxNzIwMDEwNTc1XQ";
|
|
16
|
-
const unsigned = "eyJraWQiOiItRl82VWdhOG4zVmVnalkyVTdZVUhLMXpMb2FELU5QVGM2M1JNSVNuTGF3IiwidHlwIjoidmMrc2Qtand0IiwiYWxnIjoiRVMyNTYifQ.eyJfc2QiOlsiMHExRDVKbWF2NnBRYUVoX0pfRmN2X3VOTk1RSWdDeWhRT3hxbFk0bDNxVSIsIktDSi1BVk52ODhkLXhqNnNVSUFPSnhGbmJVaDNySFhES2tJSDFsRnFiUnMiLCJNOWxvOVl4RE5JWHJBcTJxV2VpQ0E0MHpwSl96WWZGZFJfNEFFQUxjUnRVIiwiY3pnalVrMG5xUkNzd1NoQ2hDamRTNkExLXY0N2RfcVRDU0ZJdklIaE1vSSIsIm5HblFyN2NsbTN0ZlRwOHlqTF91SHJEU090elIyUFZiOFM3R2VMZEFxQlEiLCJ4TklWd2xwU3NhWjhDSlNmMGd6NXhfNzVWUldXYzZWMW1scGVqZENycVVzIl0sInN1YiI6IjIxNmY4OTQ2LTllY2ItNDgxOS05MzA5LWMwNzZmMzRhN2UxMSIsIl9zZF9hbGciOiJzaGEtMjU2IiwidmN0IjoiUGVyc29uSWRlbnRpZmljYXRpb25EYXRhIiwiaXNzIjoiaHR0cHM6Ly9wcmUuZWlkLndhbGxldC5pcHpzLml0IiwiY25mIjp7Imp3ayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2Iiwia2lkIjoiUnYzVy1FaUtwdkJUeWs1eVp4dnJldi03TURCNlNselVDQm9fQ1FqamRkVSIsIngiOiIwV294N1F0eVBxQnlnMzVNSF9YeUNjbmQ1TGUtSm0wQVhIbFVnREJBMDNZIiwieSI6ImVFaFZ2ZzFKUHFOZDNEVFNhNG1HREdCbHdZNk5QLUVaYkxiTkZYU1h3SWcifX0sImV4cCI6MTc1MTU0NjU3Niwic3RhdHVzIjp7InN0YXR1c19hdHRlc3RhdGlvbiI6eyJjcmVkZW50aWFsX2hhc2hfYWxnIjoic2hhLTI1NiJ9fX0";
|
|
17
|
-
const signature = "qXHA2oqr8trX4fGxpxpUft2GX380TM3pzfo1MYAsDjUC8HsODA-4rdRWAvDe2zYP57x4tJU7eiABkd1Kmln9yQ";
|
|
18
|
-
const signed = `${unsigned}.${signature}`;
|
|
19
|
-
const tokenizedDisclosures = ["WyJrSkRFUDhFYU5URU1CRE9aelp6VDR3IiwidW5pcXVlX2lkIiwiVElOSVQtTFZMREFBODVUNTBHNzAyQiJd", "WyJ6SUF5VUZ2UGZJcEUxekJxeEk1aGFRIiwiYmlydGhfZGF0ZSIsIjE5ODUtMTItMTAiXQ", "WyJHcjNSM3MyOTBPa1FVbS1ORlR1OTZBIiwidGF4X2lkX2NvZGUiLCJUSU5JVC1MVkxEQUE4NVQ1MEc3MDJCIl0", "WyJHeE9SYWxNQWVsZlowZWRGSmpqWVV3IiwiZ2l2ZW5fbmFtZSIsIkFkYSJd", "WyJfdlY1UklrbDBJT0VYS290czlrdDF3IiwiZmFtaWx5X25hbWUiLCJMb3ZlbGFjZSJd", "WyJDajV0Y2NSNzJKd3J6ZTJUVzRhLXdnIiwiaWF0IiwxNzIwMDEwNTc1XQ"];
|
|
7
|
+
var _sdJwt = require("../__mocks__/sd-jwt");
|
|
8
|
+
const {
|
|
9
|
+
token,
|
|
10
|
+
signed,
|
|
11
|
+
tokenizedDisclosures
|
|
12
|
+
} = _sdJwt.pid;
|
|
20
13
|
const sdJwt = {
|
|
21
14
|
header: {
|
|
22
15
|
kid: "-F_6Uga8n3VegjY2U7YUHK1zLoaD-NPTc63RMISnLaw",
|
|
23
|
-
typ: "
|
|
16
|
+
typ: "dc+sd-jwt",
|
|
24
17
|
alg: "ES256"
|
|
25
18
|
},
|
|
26
19
|
payload: {
|
|
@@ -28,7 +21,10 @@ const sdJwt = {
|
|
|
28
21
|
sub: "216f8946-9ecb-4819-9309-c076f34a7e11",
|
|
29
22
|
_sd_alg: "sha-256",
|
|
30
23
|
vct: "PersonIdentificationData",
|
|
24
|
+
"vct#integrity": "13e25888ac7b8a3a6d61440da787fccc81654e61085732bcacd89b36aec32675",
|
|
31
25
|
iss: "https://pre.eid.wallet.ipzs.it",
|
|
26
|
+
issuing_country: "IT",
|
|
27
|
+
issuing_authority: "Istituto Poligrafico e Zecca dello Stato",
|
|
32
28
|
cnf: {
|
|
33
29
|
jwk: {
|
|
34
30
|
kty: "EC",
|
|
@@ -40,7 +36,7 @@ const sdJwt = {
|
|
|
40
36
|
},
|
|
41
37
|
exp: 1751546576,
|
|
42
38
|
status: {
|
|
43
|
-
|
|
39
|
+
status_assertion: {
|
|
44
40
|
credential_hash_alg: "sha-256"
|
|
45
41
|
}
|
|
46
42
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_zod","require","_index","_ioReactNativeJwt","_types","
|
|
1
|
+
{"version":3,"names":["_zod","require","_index","_ioReactNativeJwt","_types","_sdJwt","token","signed","tokenizedDisclosures","pid","sdJwt","header","kid","typ","alg","payload","_sd","sub","_sd_alg","vct","iss","issuing_country","issuing_authority","cnf","jwk","kty","crv","x","y","exp","status","status_assertion","credential_hash_alg","disclosures","it","expect","JSON","parse","decodeBase64","encodeBase64","stringify","toEqual","join","toBe","describe","result","decode","SdJwt4VC","map","decoded","i","encoded","validDecoder","and","z","object","customField","string","invalidDecoder","error","disclose","expected","paths","claim","path","fn","rejects","any","Error"],"sourceRoot":"../../../../src","sources":["sd-jwt/__test__/index.test.ts"],"mappings":";;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AAEA,IAAAE,iBAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AACA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,MAAM;EAAEK,KAAK;EAAEC,MAAM;EAAEC;AAAqB,CAAC,GAAGC,UAAG;AAEnD,MAAMC,KAAK,GAAG;EACZC,MAAM,EAAE;IACNC,GAAG,EAAE,6CAA6C;IAClDC,GAAG,EAAE,WAAW;IAChBC,GAAG,EAAE;EACP,CAAC;EACDC,OAAO,EAAE;IACPC,GAAG,EAAE,CACH,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,CAC9C;IACDC,GAAG,EAAE,sCAAsC;IAC3CC,OAAO,EAAE,SAAS;IAClBC,GAAG,EAAE,0BAA0B;IAC/B,eAAe,EACb,kEAAkE;IACpEC,GAAG,EAAE,gCAAgC;IACrCC,eAAe,EAAE,IAAI;IACrBC,iBAAiB,EAAE,0CAA0C;IAC7DC,GAAG,EAAE;MACHC,GAAG,EAAE;QACHC,GAAG,EAAE,IAAI;QACTC,GAAG,EAAE,OAAO;QACZd,GAAG,EAAE,6CAA6C;QAClDe,CAAC,EAAE,6CAA6C;QAChDC,CAAC,EAAE;MACL;IACF,CAAC;IACDC,GAAG,EAAE,UAAU;IACfC,MAAM,EAAE;MACNC,gBAAgB,EAAE;QAChBC,mBAAmB,EAAE;MACvB;IACF;EACF;AACF,CAAC;;AAED;AACA,MAAMC,WAAW,GAAG,CAClB,CAAC,wBAAwB,EAAE,WAAW,EAAE,wBAAwB,CAAC,EACjE,CAAC,wBAAwB,EAAE,YAAY,EAAE,YAAY,CAAC,EACtD,CAAC,wBAAwB,EAAE,aAAa,EAAE,wBAAwB,CAAC,EACnE,CAAC,wBAAwB,EAAE,YAAY,EAAE,KAAK,CAAC,EAC/C,CAAC,wBAAwB,EAAE,aAAa,EAAE,UAAU,CAAC,EACrD,CAAC,wBAAwB,EAAE,KAAK,EAAE,UAAU,CAAC,CAC9C;AACDC,EAAE,CAAC,kCAAkC,EAAE,MAAM;EAC3CC,MAAM,CACJC,IAAI,CAACC,KAAK,CAAC,IAAAC,8BAAY,EAAC,IAAAC,8BAAY,EAACH,IAAI,CAACI,SAAS,CAAC9B,KAAK,CAACC,MAAM,CAAC,CAAC,CAAC,CACrE,CAAC,CAAC8B,OAAO,CAAC/B,KAAK,CAACC,MAAM,CAAC;EACvBwB,MAAM,CAAC,CAAC5B,MAAM,EAAE,GAAGC,oBAAoB,CAAC,CAACkC,IAAI,CAAC,GAAG,CAAC,CAAC,CAACC,IAAI,CAACrC,KAAK,CAAC;AACjE,CAAC,CAAC;AAEFsC,QAAQ,CAAC,QAAQ,EAAE,MAAM;EACvBV,EAAE,CAAC,6BAA6B,EAAE,MAAM;IACtC,MAAMW,MAAM,GAAG,IAAAC,aAAM,EAACxC,KAAK,EAAEyC,eAAQ,CAAC;IACtCZ,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAAC;MACrB/B,KAAK;MACLuB,WAAW,EAAEA,WAAW,CAACe,GAAG,CAAC,CAACC,OAAO,EAAEC,CAAC,MAAM;QAC5CD,OAAO;QACPE,OAAO,EAAE3C,oBAAoB,CAAC0C,CAAC;MACjC,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC,CAAC;EAEFhB,EAAE,CAAC,oCAAoC,EAAE,MAAM;IAC7C,MAAMW,MAAM,GAAG,IAAAC,aAAM,EAACxC,KAAK,CAAC;IAC5B6B,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAAC;MACrB/B,KAAK;MACLuB,WAAW,EAAEA,WAAW,CAACe,GAAG,CAAC,CAACC,OAAO,EAAEC,CAAC,MAAM;QAC5CD,OAAO;QACPE,OAAO,EAAE3C,oBAAoB,CAAC0C,CAAC;MACjC,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC,CAAC;EAEFhB,EAAE,CAAC,kDAAkD,EAAE,MAAM;IAC3D,MAAMkB,YAAY,GAAGL,eAAQ,CAACM,GAAG,CAC/BC,MAAC,CAACC,MAAM,CAAC;MAAExC,OAAO,EAAEuC,MAAC,CAACC,MAAM,CAAC;QAAEC,WAAW,EAAEF,MAAC,CAACG,MAAM,CAAC;MAAE,CAAC;IAAE,CAAC,CAC7D,CAAC;IACD,MAAMC,cAAc,GAAGJ,MAAC,CAACC,MAAM,CAAC;MAC9BxC,OAAO,EAAEuC,MAAC,CAACC,MAAM,CAAC;QAAEC,WAAW,EAAEF,MAAC,CAACG,MAAM,CAAC;MAAE,CAAC;IAC/C,CAAC,CAAC;IAEF,IAAI;MACF;MACA,IAAAX,aAAM,EAACxC,KAAK,EAAE8C,YAAY,CAAC;MAC3B;MACA,IAAAN,aAAM,EAACxC,KAAK,EAAEoD,cAAc,CAAC;IAC/B,CAAC,CAAC,OAAOC,KAAK,EAAE;MACd;MACA;IAAA;EAEJ,CAAC,CAAC;AACJ,CAAC,CAAC;AAEFf,QAAQ,CAAC,UAAU,EAAE,MAAM;EACzBV,EAAE,CAAC,yCAAyC,EAAE,YAAY;IACxD,MAAMW,MAAM,GAAG,MAAM,IAAAe,eAAQ,EAACtD,KAAK,EAAE,CAAC,YAAY,CAAC,CAAC;IACpD,MAAMuD,QAAQ,GAAG;MACfvD,KAAK,EAAG,GAAEC,MAAO,+DAA8D;MAC/EuD,KAAK,EAAE,CAAC;QAAEC,KAAK,EAAE,YAAY;QAAEC,IAAI,EAAE;MAAgC,CAAC;IACxE,CAAC;IAED7B,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAACoB,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEF3B,EAAE,CAAC,yCAAyC,EAAE,YAAY;IACxD,MAAMW,MAAM,GAAG,MAAM,IAAAe,eAAQ,EAACtD,KAAK,EAAE,EAAE,CAAC;IACxC,MAAMuD,QAAQ,GAAG;MAAEvD,KAAK,EAAG,GAAEC,MAAO,EAAC;MAAEuD,KAAK,EAAE;IAAG,CAAC;IAElD3B,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAACoB,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEF3B,EAAE,CAAC,+CAA+C,EAAE,YAAY;IAC9D,MAAMW,MAAM,GAAG,MAAM,IAAAe,eAAQ,EAACtD,KAAK,EAAE,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC;IAC5D,MAAMuD,QAAQ,GAAG;MACfvD,KAAK,EAAG,GAAEC,MAAO,kIAAiI;MAClJuD,KAAK,EAAE,CACL;QACEC,KAAK,EAAE,KAAK;QACZC,IAAI,EAAE;MACR,CAAC,EACD;QACED,KAAK,EAAE,aAAa;QACpBC,IAAI,EAAE;MACR,CAAC;IAEL,CAAC;IAED7B,MAAM,CAACU,MAAM,CAAC,CAACJ,OAAO,CAACoB,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEF3B,EAAE,CAAC,8BAA8B,EAAE,YAAY;IAC7C,MAAM+B,EAAE,GAAG,MAAAA,CAAA,KAAY,IAAAL,eAAQ,EAACtD,KAAK,EAAE,CAAC,SAAS,CAAC,CAAC;IAEnD,MAAM6B,MAAM,CAAC8B,EAAE,CAAC,CAAC,CAAC,CAACC,OAAO,CAACzB,OAAO,CAACN,MAAM,CAACgC,GAAG,CAACC,KAAK,CAAC,CAAC;EACvD,CAAC,CAAC;AACJ,CAAC,CAAC"}
|
|
@@ -6,7 +6,7 @@ describe("SdJwt4VC", () => {
|
|
|
6
6
|
// example provided at https://italia.github.io/eidas-it-wallet-docs/en/pid-data-model.html
|
|
7
7
|
const token = {
|
|
8
8
|
header: {
|
|
9
|
-
typ: "
|
|
9
|
+
typ: "dc+sd-jwt",
|
|
10
10
|
alg: "RS512",
|
|
11
11
|
kid: "dB67gL7ck3TFiIAf7N6_7SHvqk0MDYMEQcoGGlkUAAw"
|
|
12
12
|
},
|
|
@@ -15,7 +15,10 @@ describe("SdJwt4VC", () => {
|
|
|
15
15
|
sub: "216f8946-9ecb-4819-9309-c076f34a7e11",
|
|
16
16
|
_sd_alg: "sha-256",
|
|
17
17
|
vct: "PersonIdentificationData",
|
|
18
|
+
"vct#integrity": "13e25888ac7b8a3a6d61440da787fccc81654e61085732bcacd89b36aec32675",
|
|
18
19
|
iss: "https://pidprovider.example.com",
|
|
20
|
+
issuing_country: "IT",
|
|
21
|
+
issuing_authority: "Istituto Poligrafico e Zecca dello Stato",
|
|
19
22
|
cnf: {
|
|
20
23
|
jwk: {
|
|
21
24
|
kty: "EC",
|
|
@@ -27,7 +30,7 @@ describe("SdJwt4VC", () => {
|
|
|
27
30
|
},
|
|
28
31
|
exp: 1751107255,
|
|
29
32
|
status: {
|
|
30
|
-
|
|
33
|
+
status_assertion: {
|
|
31
34
|
credential_hash_alg: "sha-256"
|
|
32
35
|
}
|
|
33
36
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_types","require","describe","it","token","header","typ","alg","kid","payload","_sd","sub","_sd_alg","vct","iss","cnf","jwk","kty","crv","x","y","exp","status","
|
|
1
|
+
{"version":3,"names":["_types","require","describe","it","token","header","typ","alg","kid","payload","_sd","sub","_sd_alg","vct","iss","issuing_country","issuing_authority","cnf","jwk","kty","crv","x","y","exp","status","status_assertion","credential_hash_alg","success","SdJwt4VC","safeParse","expect","toBe","value","type","record","source","organization_name","organization_id","country_code","Disclosure"],"sourceRoot":"../../../../src","sources":["sd-jwt/__test__/types.test.ts"],"mappings":";;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAEAC,QAAQ,CAAC,UAAU,EAAE,MAAM;EACzBC,EAAE,CAAC,6BAA6B,EAAE,MAAM;IACtC;IACA,MAAMC,KAAK,GAAG;MACZC,MAAM,EAAE;QACNC,GAAG,EAAE,WAAW;QAChBC,GAAG,EAAE,OAAO;QACZC,GAAG,EAAE;MACP,CAAC;MACDC,OAAO,EAAE;QACPC,GAAG,EAAE,CACH,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,CAC9C;QACDC,GAAG,EAAE,sCAAsC;QAC3CC,OAAO,EAAE,SAAS;QAClBC,GAAG,EAAE,0BAA0B;QAC/B,eAAe,EACb,kEAAkE;QACpEC,GAAG,EAAE,iCAAiC;QACtCC,eAAe,EAAE,IAAI;QACrBC,iBAAiB,EAAE,0CAA0C;QAC7DC,GAAG,EAAE;UACHC,GAAG,EAAE;YACHC,GAAG,EAAE,IAAI;YACTC,GAAG,EAAE,OAAO;YACZZ,GAAG,EAAE,6CAA6C;YAClDa,CAAC,EAAE,6CAA6C;YAChDC,CAAC,EAAE;UACL;QACF,CAAC;QACDC,GAAG,EAAE,UAAU;QACfC,MAAM,EAAE;UACNC,gBAAgB,EAAE;YAChBC,mBAAmB,EAAE;UACvB;QACF;MACF;IACF,CAAC;IAED,MAAM;MAAEC;IAAQ,CAAC,GAAGC,eAAQ,CAACC,SAAS,CAACzB,KAAK,CAAC;IAE7C0B,MAAM,CAACH,OAAO,CAAC,CAACI,IAAI,CAAC,IAAI,CAAC;EAC5B,CAAC,CAAC;AACJ,CAAC,CAAC;AAEF7B,QAAQ,CAAC,YAAY,EAAE,MAAM;EAC3BC,EAAE,CAAC,kCAAkC,EAAE,MAAM;IAC3C;IACA,MAAM6B,KAAK,GAAG,CACZ,wBAAwB,EACxB,UAAU,EACV,CACE;MACEC,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACND,IAAI,EAAE,cAAc;QACpBE,MAAM,EAAE;UACNC,iBAAiB,EAAE,wBAAwB;UAC3CC,eAAe,EAAE,MAAM;UACvBC,YAAY,EAAE;QAChB;MACF;IACF,CAAC,CACF,CACF;IAED,MAAM;MAAEX;IAAQ,CAAC,GAAGY,iBAAU,CAACV,SAAS,CAACG,KAAK,CAAC;IAC/CF,MAAM,CAACH,OAAO,CAAC,CAACI,IAAI,CAAC,IAAI,CAAC;EAC5B,CAAC,CAAC;AACJ,CAAC,CAAC"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
var _ = require("..");
|
|
4
|
+
var _sdJwt = require("../__mocks__/sd-jwt");
|
|
5
|
+
const {
|
|
6
|
+
signed,
|
|
7
|
+
token
|
|
8
|
+
} = _sdJwt.pid;
|
|
9
|
+
describe("SD-JWT getVerification", () => {
|
|
10
|
+
it("extracts the verification claims correctly", () => {
|
|
11
|
+
const disclosure = "WyJxTGxVdkNKY3hwX3d4MVY5dHFPbFFRIiwidmVyaWZpY2F0aW9uIix7ImV2aWRlbmNlIjpbeyJhdHRlc3RhdGlvbiI6eyJkYXRlX29mX2lzc3VhbmNlIjoiMjAyNS0wNi0yMyIsInZvdWNoZXIiOnsib3JnYW5pemF0aW9uIjoiTWluaXN0ZXJvIGRlbGwnSW50ZXJubyJ9LCJ0eXBlIjoiZGlnaXRhbF9hdHRlc3RhdGlvbiIsInJlZmVyZW5jZV9udW1iZXIiOiIxMjM0NTY3ODkifSwidGltZSI6IjIwMjUtMDYtMjNUMTM6MTQ6MjVaIiwidHlwZSI6InZvdWNoIn1dLCJ0cnVzdF9mcmFtZXdvcmsiOiJpdF9jaWUiLCJhc3N1cmFuY2VfbGV2ZWwiOiJoaWdoIn1d";
|
|
12
|
+
expect((0, _.getVerification)(`${signed}~${disclosure}`)).toEqual({
|
|
13
|
+
evidence: [{
|
|
14
|
+
attestation: {
|
|
15
|
+
date_of_issuance: "2025-06-23",
|
|
16
|
+
voucher: {
|
|
17
|
+
organization: "Ministero dell'Interno"
|
|
18
|
+
},
|
|
19
|
+
type: "digital_attestation",
|
|
20
|
+
reference_number: "123456789"
|
|
21
|
+
},
|
|
22
|
+
time: "2025-06-23T13:14:25Z",
|
|
23
|
+
type: "vouch"
|
|
24
|
+
}],
|
|
25
|
+
trust_framework: "it_cie",
|
|
26
|
+
assurance_level: "high"
|
|
27
|
+
});
|
|
28
|
+
});
|
|
29
|
+
it("returns undefined when the verification claim is not found", () => {
|
|
30
|
+
expect((0, _.getVerification)(token)).toBeUndefined();
|
|
31
|
+
});
|
|
32
|
+
it("throws when the verification claim is invalid", () => {
|
|
33
|
+
const disclosure = "WyJxTGxVdkNKY3hwX3d4MVY5dHFPbFFRIiwidmVyaWZpY2F0aW9uIix7InRydXN0X2ZyYW1ld29yayI6ICJpdF9jaWUiLCJhc3N1cmFuY2VfbGV2ZWwiOiAic3Vic3RhbnRpYWwifV0";
|
|
34
|
+
expect(() => (0, _.getVerification)(`${signed}~${disclosure}`)).toThrow();
|
|
35
|
+
});
|
|
36
|
+
});
|
|
37
|
+
//# sourceMappingURL=utils.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["_","require","_sdJwt","signed","token","pid","describe","it","disclosure","expect","getVerification","toEqual","evidence","attestation","date_of_issuance","voucher","organization","type","reference_number","time","trust_framework","assurance_level","toBeUndefined","toThrow"],"sourceRoot":"../../../../src","sources":["sd-jwt/__test__/utils.test.ts"],"mappings":";;AAAA,IAAAA,CAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AAEA,MAAM;EAAEE,MAAM;EAAEC;AAAM,CAAC,GAAGC,UAAG;AAE7BC,QAAQ,CAAC,wBAAwB,EAAE,MAAM;EACvCC,EAAE,CAAC,4CAA4C,EAAE,MAAM;IACrD,MAAMC,UAAU,GACd,saAAsa;IACxaC,MAAM,CAAC,IAAAC,iBAAe,EAAE,GAAEP,MAAO,IAAGK,UAAW,EAAC,CAAC,CAAC,CAACG,OAAO,CAAC;MACzDC,QAAQ,EAAE,CACR;QACEC,WAAW,EAAE;UACXC,gBAAgB,EAAE,YAAY;UAC9BC,OAAO,EAAE;YAAEC,YAAY,EAAE;UAAyB,CAAC;UACnDC,IAAI,EAAE,qBAAqB;UAC3BC,gBAAgB,EAAE;QACpB,CAAC;QACDC,IAAI,EAAE,sBAAsB;QAC5BF,IAAI,EAAE;MACR,CAAC,CACF;MACDG,eAAe,EAAE,QAAQ;MACzBC,eAAe,EAAE;IACnB,CAAC,CAAC;EACJ,CAAC,CAAC;EAEFd,EAAE,CAAC,4DAA4D,EAAE,MAAM;IACrEE,MAAM,CAAC,IAAAC,iBAAe,EAACN,KAAK,CAAC,CAAC,CAACkB,aAAa,CAAC,CAAC;EAChD,CAAC,CAAC;EAEFf,EAAE,CAAC,+CAA+C,EAAE,MAAM;IACxD,MAAMC,UAAU,GACd,6IAA6I;IAC/IC,MAAM,CAAC,MAAM,IAAAC,iBAAe,EAAE,GAAEP,MAAO,IAAGK,UAAW,EAAC,CAAC,CAAC,CAACe,OAAO,CAAC,CAAC;EACpE,CAAC,CAAC;AACJ,CAAC,CAAC"}
|
|
@@ -3,6 +3,14 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
+
var _exportNames = {
|
|
7
|
+
decode: true,
|
|
8
|
+
disclose: true,
|
|
9
|
+
verify: true,
|
|
10
|
+
prepareVpToken: true,
|
|
11
|
+
SdJwt4VC: true,
|
|
12
|
+
Errors: true
|
|
13
|
+
};
|
|
6
14
|
exports.Errors = void 0;
|
|
7
15
|
Object.defineProperty(exports, "SdJwt4VC", {
|
|
8
16
|
enumerable: true,
|
|
@@ -17,6 +25,18 @@ var _verifier = require("./verifier");
|
|
|
17
25
|
var Errors = _interopRequireWildcard(require("./errors"));
|
|
18
26
|
exports.Errors = Errors;
|
|
19
27
|
var _jsBase = require("js-base64");
|
|
28
|
+
var _utils = require("./utils");
|
|
29
|
+
Object.keys(_utils).forEach(function (key) {
|
|
30
|
+
if (key === "default" || key === "__esModule") return;
|
|
31
|
+
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
32
|
+
if (key in exports && exports[key] === _utils[key]) return;
|
|
33
|
+
Object.defineProperty(exports, key, {
|
|
34
|
+
enumerable: true,
|
|
35
|
+
get: function () {
|
|
36
|
+
return _utils[key];
|
|
37
|
+
}
|
|
38
|
+
});
|
|
39
|
+
});
|
|
20
40
|
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
|
21
41
|
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
|
22
42
|
const decodeDisclosure = encoded => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_types","_verifier","Errors","_interopRequireWildcard","exports","_jsBase","
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_types","_verifier","Errors","_interopRequireWildcard","exports","_jsBase","_utils","Object","keys","forEach","key","prototype","hasOwnProperty","call","_exportNames","defineProperty","enumerable","get","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","newObj","hasPropertyDescriptor","getOwnPropertyDescriptor","desc","set","decodeDisclosure","encoded","utf8String","Base64","decode","decoded","Disclosure","parse","JSON","token","customSchema","slice","rawSdJwt","rawDisclosures","split","decodedJwt","decodeJwt","parser","SdJwt4VC","sdJwt","header","protectedHeader","payload","disclosures","map","disclose","claims","paths","Promise","all","claim","disclosure","find","_ref","name","ClaimsNotFoundBetweenDisclosures","hash","sha256ToBase64","_sd","includes","index","indexOf","path","ClaimsNotFoundInToken","filteredDisclosures","filter","d","disclosedToken","join","verify","publicKey","verifyJwt","verifyDisclosure","prepareVpToken","nonce","client_id","_ref2","verifiableCredential","requestedClaims","cryptoContext","vp","sd_hash","kbJwt","SignJWT","setProtectedHeader","typ","alg","setPayload","setAudience","setIssuedAt","sign","vp_token"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAEA,IAAAA,iBAAA,GAAAC,OAAA;AAGA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,SAAA,GAAAF,OAAA;AAEA,IAAAG,MAAA,GAAAC,uBAAA,CAAAJ,OAAA;AAAmCK,OAAA,CAAAF,MAAA,GAAAA,MAAA;AACnC,IAAAG,OAAA,GAAAN,OAAA;AAGA,IAAAO,MAAA,GAAAP,OAAA;AAAAQ,MAAA,CAAAC,IAAA,CAAAF,MAAA,EAAAG,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAC,YAAA,EAAAJ,GAAA;EAAA,IAAAA,GAAA,IAAAN,OAAA,IAAAA,OAAA,CAAAM,GAAA,MAAAJ,MAAA,CAAAI,GAAA;EAAAH,MAAA,CAAAQ,cAAA,CAAAX,OAAA,EAAAM,GAAA;IAAAM,UAAA;IAAAC,GAAA,WAAAA,CAAA;MAAA,OAAAX,MAAA,CAAAI,GAAA;IAAA;EAAA;AAAA;AAAwB,SAAAQ,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAhB,wBAAAoB,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAT,GAAA,CAAAM,GAAA,SAAAK,MAAA,WAAAC,qBAAA,GAAAtB,MAAA,CAAAQ,cAAA,IAAAR,MAAA,CAAAuB,wBAAA,WAAApB,GAAA,IAAAa,GAAA,QAAAb,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAU,GAAA,EAAAb,GAAA,SAAAqB,IAAA,GAAAF,qBAAA,GAAAtB,MAAA,CAAAuB,wBAAA,CAAAP,GAAA,EAAAb,GAAA,cAAAqB,IAAA,KAAAA,IAAA,CAAAd,GAAA,IAAAc,IAAA,CAAAC,GAAA,KAAAzB,MAAA,CAAAQ,cAAA,CAAAa,MAAA,EAAAlB,GAAA,EAAAqB,IAAA,YAAAH,MAAA,CAAAlB,GAAA,IAAAa,GAAA,CAAAb,GAAA,SAAAkB,MAAA,CAAAH,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAM,GAAA,CAAAT,GAAA,EAAAK,MAAA,YAAAA,MAAA;AAExB,MAAMK,gBAAgB,GAAIC,OAAe,IAA4B;EACnE,MAAMC,UAAU,GAAGC,cAAM,CAACC,MAAM,CAACH,OAAO,CAAC,CAAC,CAAC;EAC3C,MAAMI,OAAO,GAAGC,iBAAU,CAACC,KAAK,CAACC,IAAI,CAACD,KAAK,CAACL,UAAU,CAAC,CAAC;EACxD,OAAO;IAAEG,OAAO;IAAEJ;EAAQ,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,MAAM,GAAGA,CACpBK,KAAa,EACbC,YAAgB,KAIb;EACH;EACA,IAAID,KAAK,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE;IAC3BF,KAAK,GAAGA,KAAK,CAACE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;EAC5B;EACA,MAAM,CAACC,QAAQ,GAAG,EAAE,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;;EAE3D;EACA;EACA,MAAMC,UAAU,GAAG,IAAAC,wBAAS,EAACJ,QAAQ,CAAC;;EAEtC;EACA,MAAMK,MAAM,GAAGP,YAAY,IAAIQ,eAAQ;EAEvC,MAAMC,KAAK,GAAGF,MAAM,CAACV,KAAK,CAAC;IACzBa,MAAM,EAAEL,UAAU,CAACM,eAAe;IAClCC,OAAO,EAAEP,UAAU,CAACO;EACtB,CAAC,CAAC;;EAEF;EACA;EACA;EACA,MAAMC,WAAW,GAAGV,cAAc,CAACW,GAAG,CAACxB,gBAAgB,CAAC;EAExD,OAAO;IAAEmB,KAAK;IAAEI;EAAY,CAAC;AAC/B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAZApD,OAAA,CAAAiC,MAAA,GAAAA,MAAA;AAaO,MAAMqB,QAAQ,GAAG,MAAAA,CACtBhB,KAAa,EACbiB,MAAgB,KACyD;EACzE,MAAM,CAACd,QAAQ,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACtD,MAAM;IAAEK,KAAK;IAAEI;EAAY,CAAC,GAAGnB,MAAM,CAACK,KAAK,EAAES,eAAQ,CAAC;;EAEtD;EACA,MAAMS,KAAK,GAAG,MAAMC,OAAO,CAACC,GAAG,CAC7BH,MAAM,CAACF,GAAG,CAAC,MAAOM,KAAK,IAAK;IAC1B,MAAMC,UAAU,GAAGR,WAAW,CAACS,IAAI,CACjCC,IAAA;MAAA,IAAC;QAAE5B,OAAO,EAAE,GAAG6B,IAAI;MAAE,CAAC,GAAAD,IAAA;MAAA,OAAKC,IAAI,KAAKJ,KAAK;IAAA,CAC3C,CAAC;;IAED;IACA,IAAI,CAACC,UAAU,EAAE;MACf,MAAM,IAAI9D,MAAM,CAACkE,gCAAgC,CAACL,KAAK,CAAC;IAC1D;IAEA,MAAMM,IAAI,GAAG,MAAM,IAAAC,gCAAc,EAACN,UAAU,CAAC9B,OAAO,CAAC;;IAErD;IACA;IACA,IAAIkB,KAAK,CAACG,OAAO,CAACgB,GAAG,CAACC,QAAQ,CAACH,IAAI,CAAC,EAAE;MACpC,MAAMI,KAAK,GAAGrB,KAAK,CAACG,OAAO,CAACgB,GAAG,CAACG,OAAO,CAACL,IAAI,CAAC;MAC7C,OAAO;QAAEN,KAAK;QAAEY,IAAI,EAAG,8BAA6BF,KAAM;MAAG,CAAC;IAChE;IAEA,MAAM,IAAIvE,MAAM,CAAC0E,qBAAqB,CAACb,KAAK,CAAC;EAC/C,CAAC,CACH,CAAC;EAED,MAAMc,mBAAmB,GAAG/B,cAAc,CAACgC,MAAM,CAAEC,CAAC,IAAK;IACvD,MAAM;MACJzC,OAAO,EAAE,GAAG6B,IAAI;IAClB,CAAC,GAAGlC,gBAAgB,CAAC8C,CAAC,CAAC;IACvB,OAAOpB,MAAM,CAACa,QAAQ,CAACL,IAAI,CAAC;EAC9B,CAAC,CAAC;;EAEF;EACA,MAAMa,cAAc,GAAG,CAACnC,QAAQ,EAAE,GAAGgC,mBAAmB,CAAC,CAACI,IAAI,CAAC,GAAG,CAAC;EAEnE,OAAO;IAAEvC,KAAK,EAAEsC,cAAc;IAAEpB;EAAM,CAAC;AACzC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAfAxD,OAAA,CAAAsD,QAAA,GAAAA,QAAA;AAgBO,MAAMwB,MAAM,GAAG,MAAAA,CACpBxC,KAAa,EACbyC,SAAsB,EACtBxC,YAAgB,KAC8C;EAC9D;EACA,MAAM,CAACE,QAAQ,GAAG,EAAE,CAAC,GAAGH,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACxC,MAAMT,OAAO,GAAGD,MAAM,CAACK,KAAK,EAAEC,YAAY,CAAC;;EAE3C;EACA,MAAM,IAAAyC,wBAAS,EAACvC,QAAQ,EAAEsC,SAAS,CAAC;;EAEpC;EACA,MAAMxB,MAAM,GAAG,CAAC,GAAGrB,OAAO,CAACc,KAAK,CAACG,OAAO,CAACgB,GAAG,CAAC;EAE7C,MAAMV,OAAO,CAACC,GAAG,CACfxB,OAAO,CAACkB,WAAW,CAACC,GAAG,CACrB,MAAOO,UAAU,IAAK,MAAM,IAAAqB,0BAAgB,EAACrB,UAAU,EAAEL,MAAM,CACjE,CACF,CAAC;EAED,OAAO;IACLP,KAAK,EAAEd,OAAO,CAACc,KAAK;IACpBI,WAAW,EAAElB,OAAO,CAACkB,WAAW,CAACC,GAAG,CAAEsB,CAAC,IAAKA,CAAC,CAACzC,OAAO;EACvD,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAdAlC,OAAA,CAAA8E,MAAA,GAAAA,MAAA;AAeO,MAAMI,cAAc,GAAG,MAAAA,CAC5BC,KAAa,EACbC,SAAiB,EAAAC,KAAA,KAIb;EAAA,IAHJ,CAACC,oBAAoB,EAAEC,eAAe,EAAEC,aAAa,CAAe,GAAAH,KAAA;EAIpE;EACA,MAAM;IAAE/C,KAAK,EAAEmD;EAAG,CAAC,GAAG,MAAMnC,QAAQ,CAACgC,oBAAoB,EAAEC,eAAe,CAAC;;EAE3E;EACA,MAAMG,OAAO,GAAG,MAAM,IAAAxB,gCAAc,EAAE,GAAEuB,EAAG,GAAE,CAAC;EAE9C,MAAME,KAAK,GAAG,MAAM,IAAIC,yBAAO,CAACJ,aAAa,CAAC,CAC3CK,kBAAkB,CAAC;IAClBC,GAAG,EAAE,QAAQ;IACbC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVN,OAAO;IACPP,KAAK,EAAEA;EACT,CAAC,CAAC,CACDc,WAAW,CAACb,SAAS,CAAC,CACtBc,WAAW,CAAC,CAAC,CACbC,IAAI,CAAC,CAAC;;EAET;EACA,MAAMC,QAAQ,GAAG,CAACX,EAAE,EAAEE,KAAK,CAAC,CAACd,IAAI,CAAC,GAAG,CAAC;EAEtC,OAAO;IAAEuB;EAAS,CAAC;AACrB,CAAC;AAACpG,OAAA,CAAAkF,cAAA,GAAAA,cAAA"}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.UnixTime = exports.SdJwt4VC = exports.ObfuscatedDisclosures = exports.Disclosure = void 0;
|
|
6
|
+
exports.Verification = exports.UnixTime = exports.TypeMetadata = exports.SdJwt4VC = exports.ObfuscatedDisclosures = exports.Disclosure = void 0;
|
|
7
7
|
var _jwk = require("../utils/jwk");
|
|
8
8
|
var _zod = require("zod");
|
|
9
9
|
const UnixTime = _zod.z.number().min(0).max(2147483647000);
|
|
@@ -32,7 +32,7 @@ const Disclosure = _zod.z.tuple([/* salt */_zod.z.string(), /* claim name */_zod
|
|
|
32
32
|
exports.Disclosure = Disclosure;
|
|
33
33
|
const SdJwt4VC = _zod.z.object({
|
|
34
34
|
header: _zod.z.object({
|
|
35
|
-
typ: _zod.z.literal("
|
|
35
|
+
typ: _zod.z.literal("dc+sd-jwt"),
|
|
36
36
|
alg: _zod.z.string(),
|
|
37
37
|
kid: _zod.z.string().optional()
|
|
38
38
|
}),
|
|
@@ -43,15 +43,62 @@ const SdJwt4VC = _zod.z.object({
|
|
|
43
43
|
exp: UnixTime,
|
|
44
44
|
_sd_alg: _zod.z.literal("sha-256"),
|
|
45
45
|
status: _zod.z.object({
|
|
46
|
-
|
|
46
|
+
status_assertion: _zod.z.object({
|
|
47
47
|
credential_hash_alg: _zod.z.literal("sha-256")
|
|
48
48
|
})
|
|
49
49
|
}),
|
|
50
50
|
cnf: _zod.z.object({
|
|
51
51
|
jwk: _jwk.JWK
|
|
52
52
|
}),
|
|
53
|
-
vct: _zod.z.string()
|
|
53
|
+
vct: _zod.z.string(),
|
|
54
|
+
"vct#integrity": _zod.z.string(),
|
|
55
|
+
issuing_authority: _zod.z.string(),
|
|
56
|
+
issuing_country: _zod.z.string()
|
|
54
57
|
}), ObfuscatedDisclosures)
|
|
55
58
|
});
|
|
59
|
+
|
|
60
|
+
/**
|
|
61
|
+
* Object containing User authentication and User data verification information.
|
|
62
|
+
* Useful to extract the assurance level to determine L2/L3 authentication.
|
|
63
|
+
*/
|
|
56
64
|
exports.SdJwt4VC = SdJwt4VC;
|
|
65
|
+
const Verification = _zod.z.object({
|
|
66
|
+
trust_framework: _zod.z.string(),
|
|
67
|
+
assurance_level: _zod.z.string(),
|
|
68
|
+
evidence: _zod.z.array(_zod.z.object({
|
|
69
|
+
type: _zod.z.literal("vouch"),
|
|
70
|
+
time: _zod.z.string(),
|
|
71
|
+
attestation: _zod.z.object({
|
|
72
|
+
type: _zod.z.literal("digital_attestation"),
|
|
73
|
+
reference_number: _zod.z.string(),
|
|
74
|
+
date_of_issuance: _zod.z.string(),
|
|
75
|
+
voucher: _zod.z.object({
|
|
76
|
+
organization: _zod.z.string()
|
|
77
|
+
})
|
|
78
|
+
})
|
|
79
|
+
}))
|
|
80
|
+
});
|
|
81
|
+
|
|
82
|
+
/**
|
|
83
|
+
* Metadata for a digital credential. This information is retrieved from the URL defined in the `vct` claim.
|
|
84
|
+
*
|
|
85
|
+
* @see https://italia.github.io/eid-wallet-it-docs/v0.9.1/en/pid-eaa-data-model.html#digital-credential-metadata-type
|
|
86
|
+
*/
|
|
87
|
+
exports.Verification = Verification;
|
|
88
|
+
const TypeMetadata = _zod.z.object({
|
|
89
|
+
name: _zod.z.string(),
|
|
90
|
+
description: _zod.z.string(),
|
|
91
|
+
data_source: _zod.z.object({
|
|
92
|
+
trust_framework: _zod.z.string(),
|
|
93
|
+
authentic_source: _zod.z.object({
|
|
94
|
+
organization_name: _zod.z.string(),
|
|
95
|
+
organization_code: _zod.z.string(),
|
|
96
|
+
contacts: _zod.z.array(_zod.z.string()),
|
|
97
|
+
homepage_uri: _zod.z.string().url(),
|
|
98
|
+
logo_uri: _zod.z.string().url()
|
|
99
|
+
})
|
|
100
|
+
})
|
|
101
|
+
// TODO: add more fields
|
|
102
|
+
});
|
|
103
|
+
exports.TypeMetadata = TypeMetadata;
|
|
57
104
|
//# sourceMappingURL=types.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_jwk","require","_zod","UnixTime","z","number","min","max","exports","ObfuscatedDisclosures","object","_sd","array","string","Disclosure","tuple","unknown","SdJwt4VC","header","typ","literal","alg","kid","optional","payload","intersection","iss","sub","iat","exp","_sd_alg","status","
|
|
1
|
+
{"version":3,"names":["_jwk","require","_zod","UnixTime","z","number","min","max","exports","ObfuscatedDisclosures","object","_sd","array","string","Disclosure","tuple","unknown","SdJwt4VC","header","typ","literal","alg","kid","optional","payload","intersection","iss","sub","iat","exp","_sd_alg","status","status_assertion","credential_hash_alg","cnf","jwk","JWK","vct","issuing_authority","issuing_country","Verification","trust_framework","assurance_level","evidence","type","time","attestation","reference_number","date_of_issuance","voucher","organization","TypeMetadata","name","description","data_source","authentic_source","organization_name","organization_code","contacts","homepage_uri","url","logo_uri"],"sourceRoot":"../../../src","sources":["sd-jwt/types.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AAEO,MAAME,QAAQ,GAAGC,MAAC,CAACC,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAACC,GAAG,CAAC,aAAa,CAAC;AAACC,OAAA,CAAAL,QAAA,GAAAA,QAAA;AAItD,MAAMM,qBAAqB,GAAGL,MAAC,CAACM,MAAM,CAAC;EAAEC,GAAG,EAAEP,MAAC,CAACQ,KAAK,CAACR,MAAC,CAACS,MAAM,CAAC,CAAC;AAAE,CAAC,CAAC;;AAE3E;AACA;AACA;AACA;AACA;AACA;AALAL,OAAA,CAAAC,qBAAA,GAAAA,qBAAA;AAOO,MAAMK,UAAU,GAAGV,MAAC,CAACW,KAAK,CAAC,CAChC,UAAWX,MAAC,CAACS,MAAM,CAAC,CAAC,EACrB,gBAAiBT,MAAC,CAACS,MAAM,CAAC,CAAC,EAC3B,iBAAkBT,MAAC,CAACY,OAAO,CAAC,CAAC,CAC9B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAR,OAAA,CAAAM,UAAA,GAAAA,UAAA;AAcO,MAAMG,QAAQ,GAAGb,MAAC,CAACM,MAAM,CAAC;EAC/BQ,MAAM,EAAEd,MAAC,CAACM,MAAM,CAAC;IACfS,GAAG,EAAEf,MAAC,CAACgB,OAAO,CAAC,WAAW,CAAC;IAC3BC,GAAG,EAAEjB,MAAC,CAACS,MAAM,CAAC,CAAC;IACfS,GAAG,EAAElB,MAAC,CAACS,MAAM,CAAC,CAAC,CAACU,QAAQ,CAAC;EAC3B,CAAC,CAAC;EACFC,OAAO,EAAEpB,MAAC,CAACqB,YAAY,CACrBrB,MAAC,CAACM,MAAM,CAAC;IACPgB,GAAG,EAAEtB,MAAC,CAACS,MAAM,CAAC,CAAC;IACfc,GAAG,EAAEvB,MAAC,CAACS,MAAM,CAAC,CAAC;IACfe,GAAG,EAAEzB,QAAQ,CAACoB,QAAQ,CAAC,CAAC;IACxBM,GAAG,EAAE1B,QAAQ;IACb2B,OAAO,EAAE1B,MAAC,CAACgB,OAAO,CAAC,SAAS,CAAC;IAC7BW,MAAM,EAAE3B,MAAC,CAACM,MAAM,CAAC;MACfsB,gBAAgB,EAAE5B,MAAC,CAACM,MAAM,CAAC;QACzBuB,mBAAmB,EAAE7B,MAAC,CAACgB,OAAO,CAAC,SAAS;MAC1C,CAAC;IACH,CAAC,CAAC;IACFc,GAAG,EAAE9B,MAAC,CAACM,MAAM,CAAC;MACZyB,GAAG,EAAEC;IACP,CAAC,CAAC;IACFC,GAAG,EAAEjC,MAAC,CAACS,MAAM,CAAC,CAAC;IACf,eAAe,EAAET,MAAC,CAACS,MAAM,CAAC,CAAC;IAC3ByB,iBAAiB,EAAElC,MAAC,CAACS,MAAM,CAAC,CAAC;IAC7B0B,eAAe,EAAEnC,MAAC,CAACS,MAAM,CAAC;EAC5B,CAAC,CAAC,EACFJ,qBACF;AACF,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AAHAD,OAAA,CAAAS,QAAA,GAAAA,QAAA;AAKO,MAAMuB,YAAY,GAAGpC,MAAC,CAACM,MAAM,CAAC;EACnC+B,eAAe,EAAErC,MAAC,CAACS,MAAM,CAAC,CAAC;EAC3B6B,eAAe,EAAEtC,MAAC,CAACS,MAAM,CAAC,CAAC;EAC3B8B,QAAQ,EAAEvC,MAAC,CAACQ,KAAK,CACfR,MAAC,CAACM,MAAM,CAAC;IACPkC,IAAI,EAAExC,MAAC,CAACgB,OAAO,CAAC,OAAO,CAAC;IACxByB,IAAI,EAAEzC,MAAC,CAACS,MAAM,CAAC,CAAC;IAChBiC,WAAW,EAAE1C,MAAC,CAACM,MAAM,CAAC;MACpBkC,IAAI,EAAExC,MAAC,CAACgB,OAAO,CAAC,qBAAqB,CAAC;MACtC2B,gBAAgB,EAAE3C,MAAC,CAACS,MAAM,CAAC,CAAC;MAC5BmC,gBAAgB,EAAE5C,MAAC,CAACS,MAAM,CAAC,CAAC;MAC5BoC,OAAO,EAAE7C,MAAC,CAACM,MAAM,CAAC;QAAEwC,YAAY,EAAE9C,MAAC,CAACS,MAAM,CAAC;MAAE,CAAC;IAChD,CAAC;EACH,CAAC,CACH;AACF,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AAJAL,OAAA,CAAAgC,YAAA,GAAAA,YAAA;AAMO,MAAMW,YAAY,GAAG/C,MAAC,CAACM,MAAM,CAAC;EACnC0C,IAAI,EAAEhD,MAAC,CAACS,MAAM,CAAC,CAAC;EAChBwC,WAAW,EAAEjD,MAAC,CAACS,MAAM,CAAC,CAAC;EACvByC,WAAW,EAAElD,MAAC,CAACM,MAAM,CAAC;IACpB+B,eAAe,EAAErC,MAAC,CAACS,MAAM,CAAC,CAAC;IAC3B0C,gBAAgB,EAAEnD,MAAC,CAACM,MAAM,CAAC;MACzB8C,iBAAiB,EAAEpD,MAAC,CAACS,MAAM,CAAC,CAAC;MAC7B4C,iBAAiB,EAAErD,MAAC,CAACS,MAAM,CAAC,CAAC;MAC7B6C,QAAQ,EAAEtD,MAAC,CAACQ,KAAK,CAACR,MAAC,CAACS,MAAM,CAAC,CAAC,CAAC;MAC7B8C,YAAY,EAAEvD,MAAC,CAACS,MAAM,CAAC,CAAC,CAAC+C,GAAG,CAAC,CAAC;MAC9BC,QAAQ,EAAEzD,MAAC,CAACS,MAAM,CAAC,CAAC,CAAC+C,GAAG,CAAC;IAC3B,CAAC;EACH,CAAC;EACD;AACF,CAAC,CAAC;AAACpD,OAAA,CAAA2C,YAAA,GAAAA,YAAA"}
|