@pagopa/io-react-native-wallet 2.0.0-next.3 → 2.0.0-next.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js +75 -57
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js +3 -3
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/README.md +45 -34
- package/lib/commonjs/credential/issuance/types.js +1 -0
- package/lib/commonjs/credential/issuance/types.js.map +1 -1
- package/lib/commonjs/credential/presentation/07-evaluate-dcql-query.js +6 -13
- package/lib/commonjs/credential/presentation/07-evaluate-dcql-query.js.map +1 -1
- package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js +7 -8
- package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js.map +1 -1
- package/lib/commonjs/credential/presentation/types.js +1 -1
- package/lib/commonjs/credential/presentation/types.js.map +1 -1
- package/lib/commonjs/credential/status/{02-status-attestation.js → 02-status-assertion.js} +28 -22
- package/lib/commonjs/credential/status/02-status-assertion.js.map +1 -0
- package/lib/commonjs/credential/status/03-verify-and-parse-status-assertion.js +85 -0
- package/lib/commonjs/credential/status/03-verify-and-parse-status-assertion.js.map +1 -0
- package/lib/commonjs/credential/status/README.md +22 -20
- package/lib/commonjs/credential/status/index.js +6 -6
- package/lib/commonjs/credential/status/index.js.map +1 -1
- package/lib/commonjs/credential/status/types.js +48 -15
- package/lib/commonjs/credential/status/types.js.map +1 -1
- package/lib/commonjs/sd-jwt/index.js +6 -1
- package/lib/commonjs/sd-jwt/index.js.map +1 -1
- package/lib/commonjs/sd-jwt/types.js +25 -9
- package/lib/commonjs/sd-jwt/types.js.map +1 -1
- package/lib/commonjs/utils/credentials.js +33 -0
- package/lib/commonjs/utils/credentials.js.map +1 -0
- package/lib/commonjs/utils/crypto.js +1 -7
- package/lib/commonjs/utils/crypto.js.map +1 -1
- package/lib/commonjs/utils/jwk.js +12 -0
- package/lib/commonjs/utils/jwk.js.map +1 -1
- package/lib/commonjs/wallet-instance-attestation/types.js +1 -2
- package/lib/commonjs/wallet-instance-attestation/types.js.map +1 -1
- package/lib/module/credential/issuance/04-complete-user-authorization.js +76 -58
- package/lib/module/credential/issuance/04-complete-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js +4 -4
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
- package/lib/module/credential/issuance/README.md +45 -34
- package/lib/module/credential/issuance/types.js +1 -0
- package/lib/module/credential/issuance/types.js.map +1 -1
- package/lib/module/credential/presentation/07-evaluate-dcql-query.js +6 -13
- package/lib/module/credential/presentation/07-evaluate-dcql-query.js.map +1 -1
- package/lib/module/credential/presentation/07-evaluate-input-descriptor.js +7 -8
- package/lib/module/credential/presentation/07-evaluate-input-descriptor.js.map +1 -1
- package/lib/module/credential/presentation/types.js +1 -1
- package/lib/module/credential/presentation/types.js.map +1 -1
- package/lib/module/credential/status/{02-status-attestation.js → 02-status-assertion.js} +28 -22
- package/lib/module/credential/status/02-status-assertion.js.map +1 -0
- package/lib/module/credential/status/03-verify-and-parse-status-assertion.js +78 -0
- package/lib/module/credential/status/03-verify-and-parse-status-assertion.js.map +1 -0
- package/lib/module/credential/status/README.md +22 -20
- package/lib/module/credential/status/index.js +3 -3
- package/lib/module/credential/status/index.js.map +1 -1
- package/lib/module/credential/status/types.js +43 -12
- package/lib/module/credential/status/types.js.map +1 -1
- package/lib/module/sd-jwt/index.js +6 -1
- package/lib/module/sd-jwt/index.js.map +1 -1
- package/lib/module/sd-jwt/types.js +25 -9
- package/lib/module/sd-jwt/types.js.map +1 -1
- package/lib/module/utils/credentials.js +26 -0
- package/lib/module/utils/credentials.js.map +1 -0
- package/lib/module/utils/crypto.js +2 -8
- package/lib/module/utils/crypto.js.map +1 -1
- package/lib/module/utils/jwk.js +11 -1
- package/lib/module/utils/jwk.js.map +1 -1
- package/lib/module/wallet-instance-attestation/types.js +1 -2
- package/lib/module/wallet-instance-attestation/types.js.map +1 -1
- package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts +7 -14
- package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/types.d.ts +3 -0
- package/lib/typescript/credential/issuance/types.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/01-start-flow.d.ts +2 -2
- package/lib/typescript/credential/presentation/07-evaluate-dcql-query.d.ts +4 -3
- package/lib/typescript/credential/presentation/07-evaluate-dcql-query.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts +9 -5
- package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/types.d.ts +3 -4
- package/lib/typescript/credential/presentation/types.d.ts.map +1 -1
- package/lib/typescript/credential/status/02-status-assertion.d.ts +23 -0
- package/lib/typescript/credential/status/02-status-assertion.d.ts.map +1 -0
- package/lib/typescript/credential/status/03-verify-and-parse-status-assertion.d.ts +21 -0
- package/lib/typescript/credential/status/03-verify-and-parse-status-assertion.d.ts.map +1 -0
- package/lib/typescript/credential/status/index.d.ts +4 -4
- package/lib/typescript/credential/status/index.d.ts.map +1 -1
- package/lib/typescript/credential/status/types.d.ts +499 -22
- package/lib/typescript/credential/status/types.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/index.d.ts +68 -40
- package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/types.d.ts +97 -46
- package/lib/typescript/sd-jwt/types.d.ts.map +1 -1
- package/lib/typescript/utils/credentials.d.ts +11 -0
- package/lib/typescript/utils/credentials.d.ts.map +1 -0
- package/lib/typescript/utils/crypto.d.ts.map +1 -1
- package/lib/typescript/utils/jwk.d.ts +7 -0
- package/lib/typescript/utils/jwk.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/credential/issuance/04-complete-user-authorization.ts +79 -85
- package/src/credential/issuance/06-obtain-credential.ts +4 -1
- package/src/credential/issuance/07-verify-and-parse-credential.ts +4 -6
- package/src/credential/issuance/README.md +45 -34
- package/src/credential/issuance/types.ts +1 -0
- package/src/credential/presentation/07-evaluate-dcql-query.ts +16 -17
- package/src/credential/presentation/07-evaluate-input-descriptor.ts +16 -13
- package/src/credential/presentation/types.ts +1 -2
- package/src/credential/status/{02-status-attestation.ts → 02-status-assertion.ts} +37 -28
- package/src/credential/status/03-verify-and-parse-status-assertion.ts +109 -0
- package/src/credential/status/README.md +22 -20
- package/src/credential/status/index.ts +7 -14
- package/src/credential/status/types.ts +62 -15
- package/src/sd-jwt/index.ts +5 -1
- package/src/sd-jwt/types.ts +24 -10
- package/src/utils/credentials.ts +29 -0
- package/src/utils/crypto.ts +12 -20
- package/src/utils/jwk.ts +15 -1
- package/src/wallet-instance-attestation/types.ts +1 -1
- package/lib/commonjs/credential/status/02-status-attestation.js.map +0 -1
- package/lib/commonjs/credential/status/03-verify-and-parse-status-attestation.js +0 -55
- package/lib/commonjs/credential/status/03-verify-and-parse-status-attestation.js.map +0 -1
- package/lib/module/credential/status/02-status-attestation.js.map +0 -1
- package/lib/module/credential/status/03-verify-and-parse-status-attestation.js +0 -49
- package/lib/module/credential/status/03-verify-and-parse-status-attestation.js.map +0 -1
- package/lib/typescript/credential/status/02-status-attestation.d.ts +0 -19
- package/lib/typescript/credential/status/02-status-attestation.d.ts.map +0 -1
- package/lib/typescript/credential/status/03-verify-and-parse-status-attestation.d.ts +0 -24
- package/lib/typescript/credential/status/03-verify-and-parse-status-attestation.d.ts.map +0 -1
- package/src/credential/status/03-verify-and-parse-status-attestation.ts +0 -70
|
@@ -5,7 +5,6 @@ Object.defineProperty(exports, "__esModule", {
|
|
|
5
5
|
});
|
|
6
6
|
exports.prepareLegacyRemotePresentations = exports.findCredentialSdJwt = exports.evaluateInputDescriptors = exports.evaluateInputDescriptorForSdJwt4VC = void 0;
|
|
7
7
|
var _sdJwt = require("../../sd-jwt");
|
|
8
|
-
var _crypto = require("../../utils/crypto");
|
|
9
8
|
var _jsonpathPlus = require("jsonpath-plus");
|
|
10
9
|
var _errors = require("./errors");
|
|
11
10
|
var _ajv = _interopRequireDefault(require("ajv"));
|
|
@@ -185,7 +184,7 @@ exports.evaluateInputDescriptorForSdJwt4VC = evaluateInputDescriptorForSdJwt4VC;
|
|
|
185
184
|
*/
|
|
186
185
|
const findCredentialSdJwt = (inputDescriptor, decodedSdJwtCredentials) => {
|
|
187
186
|
for (const {
|
|
188
|
-
|
|
187
|
+
cryptoContext,
|
|
189
188
|
credential,
|
|
190
189
|
sdJwt,
|
|
191
190
|
disclosures
|
|
@@ -194,7 +193,7 @@ const findCredentialSdJwt = (inputDescriptor, decodedSdJwtCredentials) => {
|
|
|
194
193
|
const evaluatedDisclosure = evaluateInputDescriptorForSdJwt4VC(inputDescriptor, sdJwt.payload, disclosures);
|
|
195
194
|
return {
|
|
196
195
|
matchedEvaluation: evaluatedDisclosure,
|
|
197
|
-
|
|
196
|
+
cryptoContext,
|
|
198
197
|
matchedCredential: credential
|
|
199
198
|
};
|
|
200
199
|
} catch {
|
|
@@ -226,13 +225,13 @@ exports.findCredentialSdJwt = findCredentialSdJwt;
|
|
|
226
225
|
const evaluateInputDescriptors = async (inputDescriptors, credentialsSdJwt) => {
|
|
227
226
|
// We need decode SD-JWT credentials for evaluation
|
|
228
227
|
const decodedSdJwtCredentials = (credentialsSdJwt === null || credentialsSdJwt === void 0 ? void 0 : credentialsSdJwt.map(_ref2 => {
|
|
229
|
-
let [
|
|
228
|
+
let [cryptoContext, credential] = _ref2;
|
|
230
229
|
const {
|
|
231
230
|
sdJwt,
|
|
232
231
|
disclosures
|
|
233
232
|
} = (0, _sdJwt.decode)(credential);
|
|
234
233
|
return {
|
|
235
|
-
|
|
234
|
+
cryptoContext,
|
|
236
235
|
credential,
|
|
237
236
|
sdJwt,
|
|
238
237
|
disclosures
|
|
@@ -249,14 +248,14 @@ const evaluateInputDescriptors = async (inputDescriptors, credentialsSdJwt) => {
|
|
|
249
248
|
}
|
|
250
249
|
const {
|
|
251
250
|
matchedEvaluation,
|
|
252
|
-
|
|
251
|
+
cryptoContext,
|
|
253
252
|
matchedCredential
|
|
254
253
|
} = findCredentialSdJwt(descriptor, decodedSdJwtCredentials);
|
|
255
254
|
return {
|
|
256
255
|
evaluatedDisclosure: matchedEvaluation,
|
|
257
256
|
inputDescriptor: descriptor,
|
|
258
257
|
credential: matchedCredential,
|
|
259
|
-
|
|
258
|
+
cryptoContext
|
|
260
259
|
};
|
|
261
260
|
}
|
|
262
261
|
throw new _errors.CredentialsNotFoundError([{
|
|
@@ -290,7 +289,7 @@ const prepareLegacyRemotePresentations = async (credentialAndDescriptors, nonce,
|
|
|
290
289
|
if ((_descriptor$format2 = descriptor.format) !== null && _descriptor$format2 !== void 0 && _descriptor$format2["dc+sd-jwt"]) {
|
|
291
290
|
const {
|
|
292
291
|
vp_token
|
|
293
|
-
} = await (0, _sdJwt.prepareVpToken)(nonce, client_id, [item.credential, item.requestedClaims,
|
|
292
|
+
} = await (0, _sdJwt.prepareVpToken)(nonce, client_id, [item.credential, item.requestedClaims, item.cryptoContext]);
|
|
294
293
|
return {
|
|
295
294
|
requestedClaims: item.requestedClaims,
|
|
296
295
|
inputDescriptor: descriptor,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_sdJwt","require","
|
|
1
|
+
{"version":3,"names":["_sdJwt","require","_jsonpathPlus","_errors","_ajv","_interopRequireDefault","obj","__esModule","default","ajv","Ajv","allErrors","INDEX_CLAIM_NAME","mapDisclosuresToObject","disclosures","reduce","_ref","decoded","claimName","claimValue","findMatchedClaim","paths","payload","matchedPath","matchedValue","some","singlePath","result","JSONPath","path","json","length","error","MissingDataError","extractClaimName","regex","match","Error","evaluateInputDescriptorForSdJwt4VC","inputDescriptor","payloadCredential","_inputDescriptor$cons","constraints","fields","requiredDisclosures","optionalDisclosures","unrequestedDisclosures","requiredClaimNames","optionalClaimNames","disclosuresAsPayload","allFieldsValid","every","field","optional","push","filter","validateSchema","compile","disclosure","includes","isNotLimitDisclosure","limit_disclosure","exports","findCredentialSdJwt","decodedSdJwtCredentials","cryptoContext","credential","sdJwt","evaluatedDisclosure","matchedEvaluation","matchedCredential","CredentialsNotFoundError","id","reason","evaluateInputDescriptors","inputDescriptors","credentialsSdJwt","map","_ref2","decode","Promise","all","descriptor","_descriptor$format","format","prepareLegacyRemotePresentations","credentialAndDescriptors","nonce","client_id","item","_descriptor$format2","vp_token","prepareVpToken","requestedClaims","vpToken"],"sourceRoot":"../../../../src","sources":["credential/presentation/07-evaluate-input-descriptor.ts"],"mappings":";;;;;;AAEA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,aAAA,GAAAD,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AACA,IAAAG,IAAA,GAAAC,sBAAA,CAAAJ,OAAA;AAAsB,SAAAI,uBAAAC,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAGtB,MAAMG,GAAG,GAAG,IAAIC,YAAG,CAAC;EAAEC,SAAS,EAAE;AAAK,CAAC,CAAC;AACxC,MAAMC,gBAAgB,GAAG,CAAC;;AA6B1B;AACA;AACA;;AAYA;AACA;AACA;AACA;AACA;AACA,MAAMC,sBAAsB,GAC1BC,WAAoC,IACR;EAC5B,OAAOA,WAAW,CAACC,MAAM,CACvB,CAACT,GAAG,EAAAU,IAAA,KAAkB;IAAA,IAAhB;MAAEC;IAAQ,CAAC,GAAAD,IAAA;IACf,MAAM,GAAGE,SAAS,EAAEC,UAAU,CAAC,GAAGF,OAAO;IACzCX,GAAG,CAACY,SAAS,CAAC,GAAGC,UAAU;IAC3B,OAAOb,GAAG;EACZ,CAAC,EACD,CAAC,CACH,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMc,gBAAgB,GAAGA,CACvBC,KAAe,EACfC,OAAY,KACW;EACvB,IAAIC,WAAW;EACf,IAAIC,YAAY;EAChBH,KAAK,CAACI,IAAI,CAAEC,UAAU,IAAK;IACzB,IAAI;MACF,MAAMC,MAAM,GAAG,IAAAC,sBAAQ,EAAC;QAAEC,IAAI,EAAEH,UAAU;QAAEI,IAAI,EAAER;MAAQ,CAAC,CAAC;MAC5D,IAAIK,MAAM,CAACI,MAAM,GAAG,CAAC,EAAE;QACrBR,WAAW,GAAGG,UAAU;QACxBF,YAAY,GAAGG,MAAM,CAAC,CAAC,CAAC;QACxB,OAAO,IAAI;MACb;IACF,CAAC,CAAC,OAAOK,KAAK,EAAE;MACd,MAAM,IAAIC,wBAAgB,CACvB,iBAAgBP,UAAW,wCAC9B,CAAC;IACH;IACA,OAAO,KAAK;EACd,CAAC,CAAC;EAEF,OAAO,CAACH,WAAW,EAAEC,YAAY,CAAC;AACpC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMU,gBAAgB,GAAIL,IAAY,IAAyB;EAC7D;EACA;EACA;EACA,MAAMM,KAAK,GAAG,yCAAyC;EAEvD,MAAMC,KAAK,GAAGP,IAAI,CAACO,KAAK,CAACD,KAAK,CAAC;EAC/B,IAAIC,KAAK,EAAE;IACT;IACA;IACA,OAAOA,KAAK,CAAC,CAAC,CAAC,IAAIA,KAAK,CAAC,CAAC,CAAC;EAC7B;;EAEA;;EAEA,MAAM,IAAIC,KAAK,CACZ,0BAAyBR,IAAK,wFACjC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMS,kCAAmE,GAC9EA,CAACC,eAAe,EAAEC,iBAAiB,EAAE1B,WAAW,KAAK;EAAA,IAAA2B,qBAAA;EACnD,IAAI,EAACF,eAAe,aAAfA,eAAe,gBAAAE,qBAAA,GAAfF,eAAe,CAAEG,WAAW,cAAAD,qBAAA,eAA5BA,qBAAA,CAA8BE,MAAM,GAAE;IACzC;IACA,OAAO;MACLC,mBAAmB,EAAE,EAAE;MACvBC,mBAAmB,EAAE,EAAE;MACvBC,sBAAsB,EAAEhC;IAC1B,CAAC;EACH;EACA,MAAMiC,kBAA4B,GAAG,EAAE;EACvC,MAAMC,kBAA4B,GAAG,EAAE;;EAEvC;EACA,MAAMC,oBAAoB,GAAGpC,sBAAsB,CAACC,WAAW,CAAC;;EAEhE;EACA;EACA,MAAMoC,cAAc,GAAGX,eAAe,CAACG,WAAW,CAACC,MAAM,CAACQ,KAAK,CAAEC,KAAK,IAAK;IACzE;IACA;IACA;IACA,IAAI,CAAC7B,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAChDgC,KAAK,CAACvB,IAAI,EACVoB,oBACF,CAAC;IAED,IAAI,CAAC1B,WAAW,EAAE;MAChB,CAACA,WAAW,EAAEC,YAAY,CAAC,GAAGJ,gBAAgB,CAC5CgC,KAAK,CAACvB,IAAI,EACVW,iBACF,CAAC;MAED,IAAI,CAACjB,WAAW,EAAE;QAChB;QACA,OAAO6B,KAAK,aAALA,KAAK,uBAALA,KAAK,CAAEC,QAAQ;MACxB;IACF,CAAC,MAAM;MACL;MACA,MAAMnC,SAAS,GAAGgB,gBAAgB,CAACX,WAAW,CAAC;MAC/C,IAAIL,SAAS,EAAE;QACb,CAACkC,KAAK,aAALA,KAAK,eAALA,KAAK,CAAEC,QAAQ,GAAGL,kBAAkB,GAAGD,kBAAkB,EAAEO,IAAI,CAC9DpC,SACF,CAAC;MACH;IACF;;IAEA;IACA;IACA,IAAIkC,KAAK,CAACG,MAAM,EAAE;MAChB,IAAI;QACF,MAAMC,cAAc,GAAG/C,GAAG,CAACgD,OAAO,CAACL,KAAK,CAACG,MAAM,CAAC;QAChD,IAAI,CAACC,cAAc,CAAChC,YAAY,CAAC,EAAE;UACjC,MAAM,IAAIS,wBAAgB,CACvB,gBAAeT,YAAa,eAAcD,WAAY,4CACzD,CAAC;QACH;MACF,CAAC,CAAC,OAAOS,KAAK,EAAE;QACd,OAAO,KAAK;MACd;IACF;IACA;IACA;;IAEA,OAAO,IAAI;EACb,CAAC,CAAC;EAEF,IAAI,CAACkB,cAAc,EAAE;IACnB,MAAM,IAAIjB,wBAAgB,CACxB,iGACF,CAAC;EACH;;EAEA;;EAEA,MAAMW,mBAAmB,GAAG9B,WAAW,CAACyC,MAAM,CAAEG,UAAU,IACxDX,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CAAC,CAClE,CAAC;EAED,MAAMiC,mBAAmB,GAAG/B,WAAW,CAACyC,MAAM,CAAEG,UAAU,IACxDV,kBAAkB,CAACW,QAAQ,CAACD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CAAC,CAClE,CAAC;EAED,MAAMgD,oBAAoB,GAAG,EAC3BrB,eAAe,CAACG,WAAW,CAACmB,gBAAgB,KAAK,UAAU,CAC5D;EAED,MAAMf,sBAAsB,GAAGc,oBAAoB,GAC/C9C,WAAW,CAACyC,MAAM,CACfG,UAAU,IACT,CAACV,kBAAkB,CAACW,QAAQ,CAC1BD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CACrC,CAAC,IACD,CAACmC,kBAAkB,CAACY,QAAQ,CAACD,UAAU,CAACzC,OAAO,CAACL,gBAAgB,CAAC,CACrE,CAAC,GACD,EAAE;EAEN,OAAO;IACLgC,mBAAmB;IACnBC,mBAAmB;IACnBC;EACF,CAAC;AACH,CAAC;AAACgB,OAAA,CAAAxB,kCAAA,GAAAA,kCAAA;AASJ;AACA;AACA;AACA;AACA;AACA;AACO,MAAMyB,mBAAmB,GAAGA,CACjCxB,eAAgC,EAChCyB,uBAAiD,KAK9C;EACH,KAAK,MAAM;IACTC,aAAa;IACbC,UAAU;IACVC,KAAK;IACLrD;EACF,CAAC,IAAIkD,uBAAuB,EAAE;IAC5B,IAAI;MACF,MAAMI,mBAAmB,GAAG9B,kCAAkC,CAC5DC,eAAe,EACf4B,KAAK,CAAC7C,OAAO,EACbR,WACF,CAAC;MAED,OAAO;QACLuD,iBAAiB,EAAED,mBAAmB;QACtCH,aAAa;QACbK,iBAAiB,EAAEJ;MACrB,CAAC;IACH,CAAC,CAAC,MAAM;MACN;MACA;IACF;EACF;EAEA,MAAM,IAAIK,gCAAwB,CAAC,CACjC;IACEC,EAAE,EAAE,EAAE;IACNC,MAAM,EAAE;EACV,CAAC,CACF,CAAC;AACJ,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAbAX,OAAA,CAAAC,mBAAA,GAAAA,mBAAA;AAcO,MAAMW,wBAAkD,GAAG,MAAAA,CAChEC,gBAAgB,EAChBC,gBAAgB,KACb;EACH;EACA,MAAMZ,uBAAuB,GAC3B,CAAAY,gBAAgB,aAAhBA,gBAAgB,uBAAhBA,gBAAgB,CAAEC,GAAG,CAACC,KAAA,IAAiC;IAAA,IAAhC,CAACb,aAAa,EAAEC,UAAU,CAAC,GAAAY,KAAA;IAChD,MAAM;MAAEX,KAAK;MAAErD;IAAY,CAAC,GAAG,IAAAiE,aAAM,EAACb,UAAU,CAAC;IACjD,OAAO;MAAED,aAAa;MAAEC,UAAU;MAAEC,KAAK;MAAErD;IAAY,CAAC;EAC1D,CAAC,CAAC,KAAI,EAAE;EAEV,OAAOkE,OAAO,CAACC,GAAG,CAChBN,gBAAgB,CAACE,GAAG,CAAC,MAAOK,UAAU,IAAK;IAAA,IAAAC,kBAAA;IACzC,KAAAA,kBAAA,GAAID,UAAU,CAACE,MAAM,cAAAD,kBAAA,eAAjBA,kBAAA,CAAoB,WAAW,CAAC,EAAE;MACpC,IAAI,CAACnB,uBAAuB,CAACjC,MAAM,EAAE;QACnC,MAAM,IAAIwC,gCAAwB,CAAC,CACjC;UACEC,EAAE,EAAEU,UAAU,CAACV,EAAE;UACjBC,MAAM,EAAE;QACV,CAAC,CACF,CAAC;MACJ;MAEA,MAAM;QAAEJ,iBAAiB;QAAEJ,aAAa;QAAEK;MAAkB,CAAC,GAC3DP,mBAAmB,CAACmB,UAAU,EAAElB,uBAAuB,CAAC;MAE1D,OAAO;QACLI,mBAAmB,EAAEC,iBAAiB;QACtC9B,eAAe,EAAE2C,UAAU;QAC3BhB,UAAU,EAAEI,iBAAiB;QAC7BL;MACF,CAAC;IACH;IAEA,MAAM,IAAIM,gCAAwB,CAAC,CACjC;MACEC,EAAE,EAAEU,UAAU,CAACV,EAAE;MACjBC,MAAM,EAAG,GAAES,UAAU,CAACE,MAAO;IAC/B,CAAC,CACF,CAAC;EACJ,CAAC,CACH,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAfAtB,OAAA,CAAAY,wBAAA,GAAAA,wBAAA;AAgBO,MAAMW,gCAAkE,GAC7E,MAAAA,CAAOC,wBAAwB,EAAEC,KAAK,EAAEC,SAAS,KAAK;EACpD,OAAOR,OAAO,CAACC,GAAG,CAChBK,wBAAwB,CAACT,GAAG,CAAC,MAAOY,IAAI,IAAK;IAAA,IAAAC,mBAAA;IAC3C,MAAMR,UAAU,GAAGO,IAAI,CAAClD,eAAe;IAEvC,KAAAmD,mBAAA,GAAIR,UAAU,CAACE,MAAM,cAAAM,mBAAA,eAAjBA,mBAAA,CAAoB,WAAW,CAAC,EAAE;MACpC,MAAM;QAAEC;MAAS,CAAC,GAAG,MAAM,IAAAC,qBAAc,EAACL,KAAK,EAAEC,SAAS,EAAE,CAC1DC,IAAI,CAACvB,UAAU,EACfuB,IAAI,CAACI,eAAe,EACpBJ,IAAI,CAACxB,aAAa,CACnB,CAAC;MAEF,OAAO;QACL4B,eAAe,EAAEJ,IAAI,CAACI,eAAe;QACrCtD,eAAe,EAAE2C,UAAU;QAC3BY,OAAO,EAAEH,QAAQ;QACjBP,MAAM,EAAE;MACV,CAAC;IACH;IAEA,MAAM,IAAIb,gCAAwB,CAAC,CACjC;MACEC,EAAE,EAAEU,UAAU,CAACV,EAAE;MACjBC,MAAM,EAAG,GAAES,UAAU,CAACE,MAAO;IAC/B,CAAC,CACF,CAAC;EACJ,CAAC,CACH,CAAC;AACH,CAAC;AAACtB,OAAA,CAAAuB,gCAAA,GAAAA,gCAAA"}
|
|
@@ -94,7 +94,7 @@ const RequestObject = z.object({
|
|
|
94
94
|
state: z.string().optional(),
|
|
95
95
|
nonce: z.string(),
|
|
96
96
|
response_uri: z.string(),
|
|
97
|
-
|
|
97
|
+
request_uri_method: z.string().optional(),
|
|
98
98
|
response_type: z.literal("vp_token"),
|
|
99
99
|
response_mode: z.literal("direct_post.jwt"),
|
|
100
100
|
client_id: z.string(),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_types","require","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","Fields","object","path","array","string","min","id","optional","purpose","name","filter","any","boolean","intent_to_retain","Constraints","fields","limit_disclosure","enum","InputDescriptor","format","record","constraints","group","exports","SubmissionRequirement","rule","from","from_nested","count","number","PresentationDefinition","input_descriptors","submission_requirements","RequestObject","iss","iat","UnixTime","exp","state","nonce","response_uri","
|
|
1
|
+
{"version":3,"names":["_types","require","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","Fields","object","path","array","string","min","id","optional","purpose","name","filter","any","boolean","intent_to_retain","Constraints","fields","limit_disclosure","enum","InputDescriptor","format","record","constraints","group","exports","SubmissionRequirement","rule","from","from_nested","count","number","PresentationDefinition","input_descriptors","submission_requirements","RequestObject","iss","iat","UnixTime","exp","state","nonce","response_uri","request_uri_method","response_type","literal","response_mode","client_id","dcql_query","scope","presentation_definition","WalletMetadata","presentation_definition_uri_supported","client_id_schemes_supported","request_object_signing_alg_values_supported","vp_formats_supported","RequestObjectWalletCapabilities","wallet_metadata","wallet_nonce","ErrorResponse","LegacyDirectAuthorizationBodyPayload","vp_token","union","presentation_submission","unknown","DirectAuthorizationBodyPayload","error","error_description"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":";;;;;;AACA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;AAAyB,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEzB;AACA;AACA;;AAOA;AACA;AACA;AACA;AACA;;AAQA;AACA;AACA;AACA;;AAOA,MAAMW,MAAM,GAAGxB,CAAC,CAACyB,MAAM,CAAC;EACtBC,IAAI,EAAE1B,CAAC,CAAC2B,KAAK,CAAC3B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAAC;EAAE;EAClCC,EAAE,EAAE9B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC3BC,OAAO,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCE,IAAI,EAAEjC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BG,MAAM,EAAElC,CAAC,CAACmC,GAAG,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAC5BA,QAAQ,EAAE/B,CAAC,CAACoC,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAAE;EAClCM,gBAAgB,EAAErC,CAAC,CAACoC,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC,CAAE;AAC5C,CAAC,CAAC;;AAEF;AACA,MAAMO,WAAW,GAAGtC,CAAC,CAACyB,MAAM,CAAC;EAC3Bc,MAAM,EAAEvC,CAAC,CAAC2B,KAAK,CAACH,MAAM,CAAC,CAACO,QAAQ,CAAC,CAAC;EAAE;EACpCS,gBAAgB,EAAExC,CAAC,CAACyC,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAACV,QAAQ,CAAC,CAAC,CAAE;AAClE,CAAC,CAAC;;AAEF;;AAEO,MAAMW,eAAe,GAAG1C,CAAC,CAACyB,MAAM,CAAC;EACtCK,EAAE,EAAE9B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC;EAAE;EACvBI,IAAI,EAAEjC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BC,OAAO,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCY,MAAM,EAAE3C,CAAC,CAAC4C,MAAM,CAAC5C,CAAC,CAAC4B,MAAM,CAAC,CAAC,EAAE5B,CAAC,CAACmC,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAClDc,WAAW,EAAEP,WAAW;EAAE;EAC1BQ,KAAK,EAAE9C,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;AAChC,CAAC,CAAC;AAACgB,OAAA,CAAAL,eAAA,GAAAA,eAAA;AAEH,MAAMM,qBAAqB,GAAGhD,CAAC,CAACyB,MAAM,CAAC;EACrCQ,IAAI,EAAEjC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BkB,IAAI,EAAEjD,CAAC,CAAC4B,MAAM,CAAC,CAAC;EAAE;EAClBsB,IAAI,EAAElD,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BoB,WAAW,EAAEnD,CAAC,CACX2B,KAAK,CACJ3B,CAAC,CAACyB,MAAM,CAAC;IACPQ,IAAI,EAAEjC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3BC,OAAO,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC9BkB,IAAI,EAAEjD,CAAC,CAAC4B,MAAM,CAAC,CAAC;IAChBsB,IAAI,EAAElD,CAAC,CAAC4B,MAAM,CAAC;EACjB,CAAC,CACH,CAAC,CACAG,QAAQ,CAAC,CAAC;EACbqB,KAAK,EAAEpD,CAAC,CAACqD,MAAM,CAAC,CAAC,CAACtB,QAAQ,CAAC;EAC3B;AACF,CAAC,CAAC;;AAGK,MAAMuB,sBAAsB,GAAGtD,CAAC,CAACyB,MAAM,CAAC;EAC7CK,EAAE,EAAE9B,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACdK,IAAI,EAAEjC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BwB,iBAAiB,EAAEvD,CAAC,CAAC2B,KAAK,CAACe,eAAe,CAAC;EAC3Cc,uBAAuB,EAAExD,CAAC,CAAC2B,KAAK,CAACqB,qBAAqB,CAAC,CAACjB,QAAQ,CAAC;AACnE,CAAC,CAAC;AAACgB,OAAA,CAAAO,sBAAA,GAAAA,sBAAA;AAGI,MAAMG,aAAa,GAAGzD,CAAC,CAACyB,MAAM,CAAC;EACpCiC,GAAG,EAAE1D,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACf+B,GAAG,EAAEC,eAAQ;EACbC,GAAG,EAAED,eAAQ;EACbE,KAAK,EAAE9D,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC5BgC,KAAK,EAAE/D,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACjBoC,YAAY,EAAEhE,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACxBqC,kBAAkB,EAAEjE,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EACzCmC,aAAa,EAAElE,CAAC,CAACmE,OAAO,CAAC,UAAU,CAAC;EACpCC,aAAa,EAAEpE,CAAC,CAACmE,OAAO,CAAC,iBAAiB,CAAC;EAC3CE,SAAS,EAAErE,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACrB0C,UAAU,EAAEtE,CAAC,CAAC4C,MAAM,CAAC5C,CAAC,CAAC4B,MAAM,CAAC,CAAC,EAAE5B,CAAC,CAACmC,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EACtDwC,KAAK,EAAEvE,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC5ByC,uBAAuB,EAAElB,sBAAsB,CAACvB,QAAQ,CAAC;AAC3D,CAAC,CAAC;AAACgB,OAAA,CAAAU,aAAA,GAAAA,aAAA;AAGI,MAAMgB,cAAc,GAAGzE,CAAC,CAACyB,MAAM,CAAC;EACrCiD,qCAAqC,EAAE1E,CAAC,CAACoC,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAC7D4C,2BAA2B,EAAE3E,CAAC,CAAC2B,KAAK,CAAC3B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3D6C,2CAA2C,EAAE5E,CAAC,CAAC2B,KAAK,CAAC3B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3E8C,oBAAoB,EAAE7E,CAAC,CAAC4C,MAAM,CAC5B5C,CAAC,CAAC4B,MAAM,CAAC,CAAC;EAAE;EACZ5B,CAAC,CAACyB,MAAM,CAAC;IACP,mBAAmB,EAAEzB,CAAC,CAAC2B,KAAK,CAAC3B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;EACvD,CAAC,CACH;EACA;AACF,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AAHAgB,OAAA,CAAA0B,cAAA,GAAAA,cAAA;AAOO,MAAMK,+BAA+B,GAAG9E,CAAC,CAACyB,MAAM,CAAC;EACtDsD,eAAe,EAAEN,cAAc;EAC/BO,YAAY,EAAEhF,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC;AACpC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AAJAgB,OAAA,CAAA+B,+BAAA,GAAAA,+BAAA;AAMO,MAAMG,aAAa,GAAGjF,CAAC,CAACyC,IAAI,CAAC,CAClC,wBAAwB,EACxB,qBAAqB,EACrB,0BAA0B,EAC1B,iBAAiB,EACjB,eAAe,EACf,gBAAgB,CACjB,CAAC;;AAEF;AACA;AACA;AAFAM,OAAA,CAAAkC,aAAA,GAAAA,aAAA;AAGA,MAAMC,oCAAoC,GAAGlF,CAAC,CAACyB,MAAM,CAAC;EACpD0D,QAAQ,EAAEnF,CAAC,CAACoF,KAAK,CAAC,CAACpF,CAAC,CAAC4B,MAAM,CAAC,CAAC,EAAE5B,CAAC,CAAC2B,KAAK,CAAC3B,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC/DsD,uBAAuB,EAAErF,CAAC,CAAC4C,MAAM,CAAC5C,CAAC,CAAC4B,MAAM,CAAC,CAAC,EAAE5B,CAAC,CAACsF,OAAO,CAAC,CAAC;AAC3D,CAAC,CAAC;;AAEF;AACA;AACA;;AAIO,MAAMC,8BAA8B,GAAGvF,CAAC,CAACoF,KAAK,CAAC,CACpDpF,CAAC,CAACyB,MAAM,CAAC;EACP0D,QAAQ,EAAEnF,CAAC,CAAC4C,MAAM,CAAC5C,CAAC,CAAC4B,MAAM,CAAC,CAAC,EAAE5B,CAAC,CAAC4B,MAAM,CAAC,CAAC;AAC3C,CAAC,CAAC,EACF5B,CAAC,CAACyB,MAAM,CAAC;EAAE+D,KAAK,EAAEP,aAAa;EAAEQ,iBAAiB,EAAEzF,CAAC,CAAC4B,MAAM,CAAC;AAAE,CAAC,CAAC,EACjEsD,oCAAoC,CACrC,CAAC;AAACnC,OAAA,CAAAwC,8BAAA,GAAAA,8BAAA"}
|
|
@@ -3,40 +3,48 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.
|
|
6
|
+
exports.statusAssertion = void 0;
|
|
7
7
|
var _misc = require("../../utils/misc");
|
|
8
8
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
9
9
|
var _uuid = require("uuid");
|
|
10
10
|
var _types = require("./types");
|
|
11
11
|
var _errors = require("../../utils/errors");
|
|
12
12
|
var _logging = require("../../utils/logging");
|
|
13
|
+
var _credentials = require("../../utils/credentials");
|
|
13
14
|
/**
|
|
14
|
-
*
|
|
15
|
-
* Verify the status of the credential attestation.
|
|
15
|
+
* Get the status assertion of a digital credential.
|
|
16
16
|
* @param issuerConf - The issuer's configuration
|
|
17
17
|
* @param credential - The credential to be verified
|
|
18
|
-
* @param
|
|
18
|
+
* @param format - The format of the credential, e.g. "sd-jwt"
|
|
19
|
+
* @param context.credentialCryptoContext - The credential's crypto context
|
|
20
|
+
* @param context.wiaCryptoContext - The Wallet Attestation's crypto context
|
|
19
21
|
* @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
|
|
20
22
|
* @throws {IssuerResponseError} with a specific code for more context
|
|
21
|
-
* @returns The credential status
|
|
23
|
+
* @returns The credential status assertion
|
|
22
24
|
*/
|
|
23
|
-
const
|
|
24
|
-
|
|
25
|
-
|
|
25
|
+
const statusAssertion = async (issuerConf, credential, format, ctx) => {
|
|
26
|
+
const {
|
|
27
|
+
credentialCryptoContext,
|
|
28
|
+
wiaCryptoContext,
|
|
29
|
+
appFetch = fetch
|
|
30
|
+
} = ctx;
|
|
31
|
+
const jwk = await (0, _credentials.extractJwkFromCredential)(credential, format);
|
|
32
|
+
const issuerJwk = await wiaCryptoContext.getPublicKey();
|
|
26
33
|
const credentialHash = await (0, _misc.getCredentialHashWithouDiscloures)(credential);
|
|
27
34
|
const statusAttUrl = issuerConf.openid_credential_issuer.status_attestation_endpoint;
|
|
28
35
|
const credentialPop = await new _ioReactNativeJwt.SignJWT(credentialCryptoContext).setPayload({
|
|
36
|
+
iss: issuerJwk.kid,
|
|
29
37
|
aud: statusAttUrl,
|
|
30
38
|
jti: (0, _uuid.v4)().toString(),
|
|
31
39
|
credential_hash: credentialHash,
|
|
32
|
-
credential_hash_alg: "
|
|
40
|
+
credential_hash_alg: "sha-256"
|
|
33
41
|
}).setProtectedHeader({
|
|
34
42
|
alg: "ES256",
|
|
35
|
-
typ: "status-
|
|
43
|
+
typ: "status-assertion-request+jwt",
|
|
36
44
|
kid: jwk.kid
|
|
37
45
|
}).setIssuedAt().setExpirationTime("5m").sign();
|
|
38
46
|
const body = {
|
|
39
|
-
|
|
47
|
+
status_assertion_requests: [credentialPop]
|
|
40
48
|
};
|
|
41
49
|
_logging.Logger.log(_logging.LogLevel.DEBUG, `Credential pop: ${credentialPop}`);
|
|
42
50
|
const result = await appFetch(statusAttUrl, {
|
|
@@ -45,29 +53,27 @@ const statusAttestation = async function (issuerConf, credential, credentialCryp
|
|
|
45
53
|
"Content-Type": "application/json"
|
|
46
54
|
},
|
|
47
55
|
body: JSON.stringify(body)
|
|
48
|
-
}).then((0, _misc.hasStatusOrThrow)(
|
|
56
|
+
}).then((0, _misc.hasStatusOrThrow)(200)).then(raw => raw.json()).then(json => _types.StatusAssertionResponse.parse(json)).catch(handleStatusAssertionError);
|
|
57
|
+
const [statusAttestationJwt] = result.status_assertion_responses;
|
|
49
58
|
return {
|
|
50
|
-
|
|
59
|
+
statusAssertion: statusAttestationJwt
|
|
51
60
|
};
|
|
52
61
|
};
|
|
53
62
|
|
|
54
63
|
/**
|
|
55
|
-
* Handle the status
|
|
64
|
+
* Handle the status assertion error by mapping it to a custom exception.
|
|
56
65
|
* If the error is not an instance of {@link UnexpectedStatusCodeError}, it is thrown as is.
|
|
57
66
|
* @param e - The error to be handled
|
|
58
67
|
* @throws {IssuerResponseError} with a specific code for more context
|
|
59
68
|
*/
|
|
60
|
-
exports.
|
|
61
|
-
const
|
|
69
|
+
exports.statusAssertion = statusAssertion;
|
|
70
|
+
const handleStatusAssertionError = e => {
|
|
62
71
|
if (!(e instanceof _errors.UnexpectedStatusCodeError)) {
|
|
63
72
|
throw e;
|
|
64
73
|
}
|
|
65
|
-
throw new _errors.ResponseErrorBuilder(_errors.IssuerResponseError).handle(
|
|
66
|
-
code: _errors.IssuerResponseErrorCodes.CredentialInvalidStatus,
|
|
67
|
-
message: "Invalid status found for the given credential"
|
|
68
|
-
}).handle("*", {
|
|
74
|
+
throw new _errors.ResponseErrorBuilder(_errors.IssuerResponseError).handle("*", {
|
|
69
75
|
code: _errors.IssuerResponseErrorCodes.StatusAttestationRequestFailed,
|
|
70
|
-
message: `Unable to obtain the status
|
|
76
|
+
message: `Unable to obtain the status assertion for the given credential`
|
|
71
77
|
}).buildFrom(e);
|
|
72
78
|
};
|
|
73
|
-
//# sourceMappingURL=02-status-
|
|
79
|
+
//# sourceMappingURL=02-status-assertion.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["_misc","require","_ioReactNativeJwt","_uuid","_types","_errors","_logging","_credentials","statusAssertion","issuerConf","credential","format","ctx","credentialCryptoContext","wiaCryptoContext","appFetch","fetch","jwk","extractJwkFromCredential","issuerJwk","getPublicKey","credentialHash","getCredentialHashWithouDiscloures","statusAttUrl","openid_credential_issuer","status_attestation_endpoint","credentialPop","SignJWT","setPayload","iss","kid","aud","jti","uuidv4","toString","credential_hash","credential_hash_alg","setProtectedHeader","alg","typ","setIssuedAt","setExpirationTime","sign","body","status_assertion_requests","Logger","log","LogLevel","DEBUG","result","method","headers","JSON","stringify","then","hasStatusOrThrow","raw","json","StatusAssertionResponse","parse","catch","handleStatusAssertionError","statusAttestationJwt","status_assertion_responses","exports","e","UnexpectedStatusCodeError","ResponseErrorBuilder","IssuerResponseError","handle","code","IssuerResponseErrorCodes","StatusAttestationRequestFailed","message","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/status/02-status-assertion.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAMA,IAAAC,iBAAA,GAAAD,OAAA;AACA,IAAAE,KAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAMA,IAAAK,QAAA,GAAAL,OAAA;AACA,IAAAM,YAAA,GAAAN,OAAA;AAeA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMO,eAAgC,GAAG,MAAAA,CAC9CC,UAAU,EACVC,UAAU,EACVC,MAAM,EACNC,GAAG,KACA;EACH,MAAM;IAAEC,uBAAuB;IAAEC,gBAAgB;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAGJ,GAAG;EAE3E,MAAMK,GAAG,GAAG,MAAM,IAAAC,qCAAwB,EAACR,UAAU,EAAEC,MAAM,CAAC;EAC9D,MAAMQ,SAAS,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC;EACvD,MAAMC,cAAc,GAAG,MAAM,IAAAC,uCAAiC,EAACZ,UAAU,CAAC;EAC1E,MAAMa,YAAY,GAChBd,UAAU,CAACe,wBAAwB,CAACC,2BAA2B;EAEjE,MAAMC,aAAa,GAAG,MAAM,IAAIC,yBAAO,CAACd,uBAAuB,CAAC,CAC7De,UAAU,CAAC;IACVC,GAAG,EAAEV,SAAS,CAACW,GAAG;IAClBC,GAAG,EAAER,YAAY;IACjBS,GAAG,EAAE,IAAAC,QAAM,EAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;IACxBC,eAAe,EAAEd,cAAc;IAC/Be,mBAAmB,EAAE;EACvB,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,8BAA8B;IACnCT,GAAG,EAAEb,GAAG,CAACa;EACX,CAAC,CAAC,CACDU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,IAAI,GAAG;IACXC,yBAAyB,EAAE,CAAClB,aAAa;EAC3C,CAAC;EAEDmB,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAG,mBAAkBtB,aAAc,EAAC,CAAC;EAE9D,MAAMuB,MAAM,GAAG,MAAMlC,QAAQ,CAACQ,YAAY,EAAE;IAC1C2B,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDR,IAAI,EAAES,IAAI,CAACC,SAAS,CAACV,IAAI;EAC3B,CAAC,CAAC,CACCW,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAAEG,IAAI,IAAKC,8BAAuB,CAACC,KAAK,CAACF,IAAI,CAAC,CAAC,CACnDG,KAAK,CAACC,0BAA0B,CAAC;EAEpC,MAAM,CAACC,oBAAoB,CAAC,GAAGb,MAAM,CAACc,0BAA0B;EAEhE,OAAO;IAAEvD,eAAe,EAAEsD;EAAsB,CAAC;AACnD,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AALAE,OAAA,CAAAxD,eAAA,GAAAA,eAAA;AAMA,MAAMqD,0BAA0B,GAAII,CAAU,IAAK;EACjD,IAAI,EAAEA,CAAC,YAAYC,iCAAyB,CAAC,EAAE;IAC7C,MAAMD,CAAC;EACT;EAEA,MAAM,IAAIE,4BAAoB,CAACC,2BAAmB,CAAC,CAChDC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,gCAAwB,CAACC,8BAA8B;IAC7DC,OAAO,EAAG;EACZ,CAAC,CAAC,CACDC,SAAS,CAACT,CAAC,CAAC;AACjB,CAAC"}
|
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
|
4
|
+
value: true
|
|
5
|
+
});
|
|
6
|
+
exports.verifyAndParseStatusAssertion = void 0;
|
|
7
|
+
var _errors = require("../../utils/errors");
|
|
8
|
+
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
9
|
+
var _types = require("./types");
|
|
10
|
+
var _logging = require("../../utils/logging");
|
|
11
|
+
var _credentials = require("../../utils/credentials");
|
|
12
|
+
var _jwk = require("../../utils/jwk");
|
|
13
|
+
/**
|
|
14
|
+
* Given a status assertion, verifies that:
|
|
15
|
+
* - It's in the supported format;
|
|
16
|
+
* - The assertion is correctly signed;
|
|
17
|
+
* - It's bound to the given key.
|
|
18
|
+
* @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
|
|
19
|
+
* @param statusAssertion The encoded status assertion returned by {@link statusAssertion}
|
|
20
|
+
* @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
|
|
21
|
+
* @returns A parsed status assertion
|
|
22
|
+
* @throws {IoWalletError} If the credential signature is not verified with the Issuer key set
|
|
23
|
+
* @throws {IssuerResponseError} If the status assertion contains an error or the credential status is invalid
|
|
24
|
+
*/
|
|
25
|
+
const verifyAndParseStatusAssertion = async (issuerConf, rawStatusAssertion, credential, format) => {
|
|
26
|
+
const {
|
|
27
|
+
statusAssertion
|
|
28
|
+
} = rawStatusAssertion;
|
|
29
|
+
await (0, _ioReactNativeJwt.verify)(statusAssertion, issuerConf.openid_credential_issuer.jwks.keys);
|
|
30
|
+
const decodedJwt = (0, _ioReactNativeJwt.decode)(statusAssertion);
|
|
31
|
+
const parsedStatusAssertion = _types.ParsedStatusAssertionResponse.parse({
|
|
32
|
+
header: decodedJwt.protectedHeader,
|
|
33
|
+
payload: decodedJwt.payload
|
|
34
|
+
});
|
|
35
|
+
_logging.Logger.log(_logging.LogLevel.DEBUG, `Parsed status assertion: ${JSON.stringify(parsedStatusAssertion)}`);
|
|
36
|
+
|
|
37
|
+
// Errors are transmitted in the JWT and use a 200 HTTP status code
|
|
38
|
+
if (isStatusAssertionError(parsedStatusAssertion)) {
|
|
39
|
+
throw new _errors.IssuerResponseError({
|
|
40
|
+
code: _errors.IssuerResponseErrorCodes.CredentialInvalidStatus,
|
|
41
|
+
message: "The status assertion contains an error",
|
|
42
|
+
statusCode: 200,
|
|
43
|
+
reason: buildErrorReason(parsedStatusAssertion)
|
|
44
|
+
});
|
|
45
|
+
}
|
|
46
|
+
const {
|
|
47
|
+
cnf,
|
|
48
|
+
credential_status_type
|
|
49
|
+
} = parsedStatusAssertion.payload;
|
|
50
|
+
const holderBindingKey = await (0, _credentials.extractJwkFromCredential)(credential, format);
|
|
51
|
+
if (!(await (0, _jwk.isSameThumbprint)(cnf.jwk, holderBindingKey))) {
|
|
52
|
+
const errorMessage = `Failed to verify holder binding for status assertion: the thumbprints of keys ${cnf.jwk.kid} and ${holderBindingKey.kid} do not match`;
|
|
53
|
+
_logging.Logger.log(_logging.LogLevel.ERROR, errorMessage);
|
|
54
|
+
throw new _errors.IoWalletError(errorMessage);
|
|
55
|
+
}
|
|
56
|
+
if (credential_status_type !== _types.StatusType.VALID) {
|
|
57
|
+
throw new _errors.IssuerResponseError({
|
|
58
|
+
code: _errors.IssuerResponseErrorCodes.CredentialInvalidStatus,
|
|
59
|
+
message: "Invalid status found for the given credential",
|
|
60
|
+
statusCode: 200,
|
|
61
|
+
reason: buildErrorReason(parsedStatusAssertion)
|
|
62
|
+
});
|
|
63
|
+
}
|
|
64
|
+
return {
|
|
65
|
+
parsedStatusAssertion
|
|
66
|
+
};
|
|
67
|
+
};
|
|
68
|
+
exports.verifyAndParseStatusAssertion = verifyAndParseStatusAssertion;
|
|
69
|
+
const isStatusAssertionError = assertion => assertion.header.typ === "status-assertion-error+jwt";
|
|
70
|
+
|
|
71
|
+
/**
|
|
72
|
+
* Build an object containing the details on the error to use as the IssuerResponseError's reason
|
|
73
|
+
* @param assertion The status assertion response, both success or failure
|
|
74
|
+
* @returns The error's reason object
|
|
75
|
+
*/
|
|
76
|
+
const buildErrorReason = _ref => {
|
|
77
|
+
let {
|
|
78
|
+
payload
|
|
79
|
+
} = _ref;
|
|
80
|
+
return "error" in payload ? payload : {
|
|
81
|
+
error: payload.credential_status_detail.state,
|
|
82
|
+
error_description: payload.credential_status_detail.description
|
|
83
|
+
};
|
|
84
|
+
};
|
|
85
|
+
//# sourceMappingURL=03-verify-and-parse-status-assertion.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["_errors","require","_ioReactNativeJwt","_types","_logging","_credentials","_jwk","verifyAndParseStatusAssertion","issuerConf","rawStatusAssertion","credential","format","statusAssertion","verify","openid_credential_issuer","jwks","keys","decodedJwt","decodeJwt","parsedStatusAssertion","ParsedStatusAssertionResponse","parse","header","protectedHeader","payload","Logger","log","LogLevel","DEBUG","JSON","stringify","isStatusAssertionError","IssuerResponseError","code","IssuerResponseErrorCodes","CredentialInvalidStatus","message","statusCode","reason","buildErrorReason","cnf","credential_status_type","holderBindingKey","extractJwkFromCredential","isSameThumbprint","jwk","errorMessage","kid","ERROR","IoWalletError","StatusType","VALID","exports","assertion","typ","_ref","error","credential_status_detail","state","error_description","description"],"sourceRoot":"../../../../src","sources":["credential/status/03-verify-and-parse-status-assertion.ts"],"mappings":";;;;;;AACA,IAAAA,OAAA,GAAAC,OAAA;AAKA,IAAAC,iBAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AAOA,IAAAG,QAAA,GAAAH,OAAA;AAEA,IAAAI,YAAA,GAAAJ,OAAA;AACA,IAAAK,IAAA,GAAAL,OAAA;AASA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMM,6BAA4D,GACvE,MAAAA,CAAOC,UAAU,EAAEC,kBAAkB,EAAEC,UAAU,EAAEC,MAAM,KAAK;EAC5D,MAAM;IAAEC;EAAgB,CAAC,GAAGH,kBAAkB;EAE9C,MAAM,IAAAI,wBAAM,EACVD,eAAe,EACfJ,UAAU,CAACM,wBAAwB,CAACC,IAAI,CAACC,IAC3C,CAAC;EAED,MAAMC,UAAU,GAAG,IAAAC,wBAAS,EAACN,eAAe,CAAC;EAC7C,MAAMO,qBAAqB,GAAGC,oCAA6B,CAACC,KAAK,CAAC;IAChEC,MAAM,EAAEL,UAAU,CAACM,eAAe;IAClCC,OAAO,EAAEP,UAAU,CAACO;EACtB,CAAC,CAAC;EAEFC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,4BAA2BC,IAAI,CAACC,SAAS,CAACX,qBAAqB,CAAE,EACpE,CAAC;;EAED;EACA,IAAIY,sBAAsB,CAACZ,qBAAqB,CAAC,EAAE;IACjD,MAAM,IAAIa,2BAAmB,CAAC;MAC5BC,IAAI,EAAEC,gCAAwB,CAACC,uBAAuB;MACtDC,OAAO,EAAE,wCAAwC;MACjDC,UAAU,EAAE,GAAG;MACfC,MAAM,EAAEC,gBAAgB,CAACpB,qBAAqB;IAChD,CAAC,CAAC;EACJ;EAEA,MAAM;IAAEqB,GAAG;IAAEC;EAAuB,CAAC,GAAGtB,qBAAqB,CAACK,OAAO;EACrE,MAAMkB,gBAAgB,GAAG,MAAM,IAAAC,qCAAwB,EAACjC,UAAU,EAAEC,MAAM,CAAC;EAE3E,IAAI,EAAE,MAAM,IAAAiC,qBAAgB,EAACJ,GAAG,CAACK,GAAG,EAAEH,gBAAgB,CAAC,CAAC,EAAE;IACxD,MAAMI,YAAY,GAAI,iFAAgFN,GAAG,CAACK,GAAG,CAACE,GAAI,QAAOL,gBAAgB,CAACK,GAAI,eAAc;IAC5JtB,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACqB,KAAK,EAAEF,YAAY,CAAC;IACxC,MAAM,IAAIG,qBAAa,CAACH,YAAY,CAAC;EACvC;EAEA,IAAIL,sBAAsB,KAAKS,iBAAU,CAACC,KAAK,EAAE;IAC/C,MAAM,IAAInB,2BAAmB,CAAC;MAC5BC,IAAI,EAAEC,gCAAwB,CAACC,uBAAuB;MACtDC,OAAO,EAAE,+CAA+C;MACxDC,UAAU,EAAE,GAAG;MACfC,MAAM,EAAEC,gBAAgB,CAACpB,qBAAqB;IAChD,CAAC,CAAC;EACJ;EAEA,OAAO;IAAEA;EAAsB,CAAC;AAClC,CAAC;AAACiC,OAAA,CAAA7C,6BAAA,GAAAA,6BAAA;AAEJ,MAAMwB,sBAAsB,GAC1BsB,SAAwC,IAExCA,SAAS,CAAC/B,MAAM,CAACgC,GAAG,KAAK,4BAA4B;;AAEvD;AACA;AACA;AACA;AACA;AACA,MAAMf,gBAAgB,GAAGgB,IAAA;EAAA,IAAC;IACxB/B;EAC6B,CAAC,GAAA+B,IAAA;EAAA,OAC9B,OAAO,IAAI/B,OAAO,GACdA,OAAO,GACP;IACEgC,KAAK,EAAEhC,OAAO,CAACiC,wBAAwB,CAAEC,KAAK;IAC9CC,iBAAiB,EAAEnC,OAAO,CAACiC,wBAAwB,CAAEG;EACvD,CAAC;AAAA"}
|
|
@@ -1,16 +1,16 @@
|
|
|
1
|
-
# Credential Status
|
|
1
|
+
# Credential Status Assertion
|
|
2
2
|
|
|
3
|
-
This flow is used to obtain a credential status
|
|
4
|
-
The credential status
|
|
5
|
-
The status
|
|
3
|
+
This flow is used to obtain a credential status assertion from its credential issuer. Each step in the flow is imported from the related file which is named with a sequential number.
|
|
4
|
+
The credential status assertion is a JWT which contains the credential status which indicates if the credential is valid or not (see [OAuth Status Assertions](https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/credential-revocation.html#oauth-status-assertions)).
|
|
5
|
+
The status assertion is supposed to be stored securely along with the credential. It has a limited lifetime and should be refreshed periodically according to the `exp` field in the JWT payload.
|
|
6
6
|
|
|
7
7
|
## Sequence Diagram
|
|
8
8
|
|
|
9
9
|
```mermaid
|
|
10
10
|
graph TD;
|
|
11
11
|
0[startFlow]
|
|
12
|
-
1[
|
|
13
|
-
2[
|
|
12
|
+
1[statusAssertion]
|
|
13
|
+
2[verifyAndParseStatusAssertion]
|
|
14
14
|
|
|
15
15
|
0 --> 1
|
|
16
16
|
1 --> 2
|
|
@@ -21,14 +21,14 @@ graph TD;
|
|
|
21
21
|
|
|
22
22
|
The following errors are mapped to a `IssuerResponseError` with specific codes.
|
|
23
23
|
|
|
24
|
-
|
|
|
25
|
-
|
|
26
|
-
|`
|
|
24
|
+
|Error Code|Description|
|
|
25
|
+
|----------|-----------|
|
|
26
|
+
|`ERR_CREDENTIAL_INVALID_STATUS`|This error is thrown when the status assertion for a given credential is invalid. It might contain more details in the `reason` property.|
|
|
27
27
|
|
|
28
28
|
## Example
|
|
29
29
|
|
|
30
30
|
<details>
|
|
31
|
-
<summary>Credential status
|
|
31
|
+
<summary>Credential status assertion flow</summary>
|
|
32
32
|
|
|
33
33
|
```ts
|
|
34
34
|
// Start the issuance flow
|
|
@@ -42,24 +42,26 @@ const { issuerUrl } = startFlow();
|
|
|
42
42
|
// Evaluate issuer trust
|
|
43
43
|
const { issuerConf } = await Credential.Status.evaluateIssuerTrust(issuerUrl);
|
|
44
44
|
|
|
45
|
-
// Get the credential
|
|
46
|
-
const res = await Credential.Status.
|
|
45
|
+
// Get the credential assertion
|
|
46
|
+
const res = await Credential.Status.statusAssertion(
|
|
47
47
|
issuerConf,
|
|
48
48
|
credential,
|
|
49
|
-
|
|
49
|
+
format,
|
|
50
|
+
{ credentialCryptoContext, wiaCryptoContext }
|
|
50
51
|
);
|
|
51
52
|
|
|
52
|
-
// Verify and parse the status
|
|
53
|
-
const {
|
|
54
|
-
await Credential.Status.
|
|
53
|
+
// Verify and parse the status assertion
|
|
54
|
+
const { parsedStatusAssertion } =
|
|
55
|
+
await Credential.Status.verifyAndParseStatusAssertion(
|
|
55
56
|
issuerConf,
|
|
56
|
-
res.
|
|
57
|
-
|
|
57
|
+
res.statusAssertion,
|
|
58
|
+
credential,
|
|
59
|
+
format
|
|
58
60
|
);
|
|
59
61
|
|
|
60
62
|
return {
|
|
61
|
-
|
|
62
|
-
|
|
63
|
+
statusAssertion: res.statusAssertion,
|
|
64
|
+
parsedStatusAssertion,
|
|
63
65
|
};
|
|
64
66
|
```
|
|
65
67
|
|
|
@@ -9,19 +9,19 @@ Object.defineProperty(exports, "evaluateIssuerTrust", {
|
|
|
9
9
|
return _issuance.evaluateIssuerTrust;
|
|
10
10
|
}
|
|
11
11
|
});
|
|
12
|
-
Object.defineProperty(exports, "
|
|
12
|
+
Object.defineProperty(exports, "statusAssertion", {
|
|
13
13
|
enumerable: true,
|
|
14
14
|
get: function () {
|
|
15
|
-
return
|
|
15
|
+
return _statusAssertion.statusAssertion;
|
|
16
16
|
}
|
|
17
17
|
});
|
|
18
|
-
Object.defineProperty(exports, "
|
|
18
|
+
Object.defineProperty(exports, "verifyAndParseStatusAssertion", {
|
|
19
19
|
enumerable: true,
|
|
20
20
|
get: function () {
|
|
21
|
-
return
|
|
21
|
+
return _verifyAndParseStatusAssertion.verifyAndParseStatusAssertion;
|
|
22
22
|
}
|
|
23
23
|
});
|
|
24
|
-
var
|
|
24
|
+
var _statusAssertion = require("./02-status-assertion");
|
|
25
25
|
var _issuance = require("../issuance");
|
|
26
|
-
var
|
|
26
|
+
var _verifyAndParseStatusAssertion = require("./03-verify-and-parse-status-assertion");
|
|
27
27
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["_statusAssertion","require","_issuance","_verifyAndParseStatusAssertion"],"sourceRoot":"../../../../src","sources":["credential/status/index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AACA,IAAAA,gBAAA,GAAAC,OAAA;AACA,IAAAC,SAAA,GAAAD,OAAA;AACA,IAAAE,8BAAA,GAAAF,OAAA"}
|
|
@@ -3,38 +3,40 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.
|
|
6
|
+
exports.StatusType = exports.StatusAssertionResponse = exports.ParsedStatusAssertionResponse = exports.ParsedStatusAssertionError = exports.ParsedStatusAssertion = void 0;
|
|
7
7
|
var _types = require("../../sd-jwt/types");
|
|
8
8
|
var _jwk = require("../../utils/jwk");
|
|
9
9
|
var z = _interopRequireWildcard(require("zod"));
|
|
10
10
|
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
|
11
11
|
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
|
12
12
|
/**
|
|
13
|
-
* Shape from parsing a status
|
|
13
|
+
* Shape from parsing a status assertion response in case of 201.
|
|
14
14
|
*/
|
|
15
|
-
const
|
|
16
|
-
|
|
15
|
+
const StatusAssertionResponse = z.object({
|
|
16
|
+
status_assertion_responses: z.array(z.string())
|
|
17
17
|
});
|
|
18
18
|
|
|
19
19
|
/**
|
|
20
|
-
* Type from parsing a status
|
|
21
|
-
* Inferred from {@link
|
|
20
|
+
* Type from parsing a status assertion response in case of 201.
|
|
21
|
+
* Inferred from {@link StatusAssertionResponse}.
|
|
22
22
|
*/
|
|
23
|
-
|
|
24
|
-
/**
|
|
25
|
-
* Type for a parsed status attestation.
|
|
26
|
-
*/
|
|
27
|
-
exports.StatusAttestationResponse = StatusAttestationResponse;
|
|
23
|
+
exports.StatusAssertionResponse = StatusAssertionResponse;
|
|
28
24
|
/**
|
|
29
|
-
* Shape for parsing a status
|
|
25
|
+
* Shape for parsing a successful status assertion in a JWT.
|
|
30
26
|
*/
|
|
31
|
-
const
|
|
27
|
+
const ParsedStatusAssertion = z.object({
|
|
32
28
|
header: z.object({
|
|
33
|
-
typ: z.literal("status-
|
|
29
|
+
typ: z.literal("status-assertion+jwt"),
|
|
34
30
|
alg: z.string(),
|
|
35
31
|
kid: z.string().optional()
|
|
36
32
|
}),
|
|
37
33
|
payload: z.object({
|
|
34
|
+
iss: z.string(),
|
|
35
|
+
credential_status_type: z.string(),
|
|
36
|
+
credential_status_detail: z.object({
|
|
37
|
+
state: z.string(),
|
|
38
|
+
description: z.string()
|
|
39
|
+
}).optional(),
|
|
38
40
|
credential_hash_alg: z.string(),
|
|
39
41
|
credential_hash: z.string(),
|
|
40
42
|
cnf: z.object({
|
|
@@ -44,5 +46,36 @@ const ParsedStatusAttestation = z.object({
|
|
|
44
46
|
iat: _types.UnixTime
|
|
45
47
|
})
|
|
46
48
|
});
|
|
47
|
-
exports.
|
|
49
|
+
exports.ParsedStatusAssertion = ParsedStatusAssertion;
|
|
50
|
+
/**
|
|
51
|
+
* The JWT that contains the errors occurred for the status assertion request.
|
|
52
|
+
* @see https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/credential-revocation.html#http-status-assertion-response
|
|
53
|
+
*/
|
|
54
|
+
const ParsedStatusAssertionError = z.object({
|
|
55
|
+
header: z.object({
|
|
56
|
+
typ: z.literal("status-assertion-error+jwt"),
|
|
57
|
+
alg: z.string(),
|
|
58
|
+
kid: z.string().optional()
|
|
59
|
+
}),
|
|
60
|
+
payload: z.object({
|
|
61
|
+
credential_hash_alg: z.string(),
|
|
62
|
+
credential_hash: z.string(),
|
|
63
|
+
error: z.string(),
|
|
64
|
+
error_description: z.string()
|
|
65
|
+
})
|
|
66
|
+
});
|
|
67
|
+
|
|
68
|
+
/**
|
|
69
|
+
* The status assertion response that might include either a successful assertion or an error
|
|
70
|
+
*/
|
|
71
|
+
exports.ParsedStatusAssertionError = ParsedStatusAssertionError;
|
|
72
|
+
const ParsedStatusAssertionResponse = z.union([ParsedStatusAssertion, ParsedStatusAssertionError]);
|
|
73
|
+
exports.ParsedStatusAssertionResponse = ParsedStatusAssertionResponse;
|
|
74
|
+
let StatusType = /*#__PURE__*/function (StatusType) {
|
|
75
|
+
StatusType["VALID"] = "0x00";
|
|
76
|
+
StatusType["INVALID"] = "0x01";
|
|
77
|
+
StatusType["SUSPENDED"] = "0x02";
|
|
78
|
+
return StatusType;
|
|
79
|
+
}({});
|
|
80
|
+
exports.StatusType = StatusType;
|
|
48
81
|
//# sourceMappingURL=types.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_types","require","_jwk","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","
|
|
1
|
+
{"version":3,"names":["_types","require","_jwk","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","StatusAssertionResponse","object","status_assertion_responses","array","string","exports","ParsedStatusAssertion","header","typ","literal","alg","kid","optional","payload","iss","credential_status_type","credential_status_detail","state","description","credential_hash_alg","credential_hash","cnf","jwk","JWK","exp","UnixTime","iat","ParsedStatusAssertionError","error","error_description","ParsedStatusAssertionResponse","union","StatusType"],"sourceRoot":"../../../../src","sources":["credential/status/types.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,CAAA,GAAAC,uBAAA,CAAAH,OAAA;AAAyB,SAAAI,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEzB;AACA;AACA;AACO,MAAMW,uBAAuB,GAAGxB,CAAC,CAACyB,MAAM,CAAC;EAC9CC,0BAA0B,EAAE1B,CAAC,CAAC2B,KAAK,CAAC3B,CAAC,CAAC4B,MAAM,CAAC,CAAC;AAChD,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AAHAC,OAAA,CAAAL,uBAAA,GAAAA,uBAAA;AAQA;AACA;AACA;AACO,MAAMM,qBAAqB,GAAG9B,CAAC,CAACyB,MAAM,CAAC;EAC5CM,MAAM,EAAE/B,CAAC,CAACyB,MAAM,CAAC;IACfO,GAAG,EAAEhC,CAAC,CAACiC,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAElC,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEnC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACQ,QAAQ,CAAC;EAC3B,CAAC,CAAC;EACFC,OAAO,EAAErC,CAAC,CAACyB,MAAM,CAAC;IAChBa,GAAG,EAAEtC,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACfW,sBAAsB,EAAEvC,CAAC,CAAC4B,MAAM,CAAC,CAAC;IAClCY,wBAAwB,EAAExC,CAAC,CACxByB,MAAM,CAAC;MACNgB,KAAK,EAAEzC,CAAC,CAAC4B,MAAM,CAAC,CAAC;MACjBc,WAAW,EAAE1C,CAAC,CAAC4B,MAAM,CAAC;IACxB,CAAC,CAAC,CACDQ,QAAQ,CAAC,CAAC;IACbO,mBAAmB,EAAE3C,CAAC,CAAC4B,MAAM,CAAC,CAAC;IAC/BgB,eAAe,EAAE5C,CAAC,CAAC4B,MAAM,CAAC,CAAC;IAC3BiB,GAAG,EAAE7C,CAAC,CAACyB,MAAM,CAAC;MACZqB,GAAG,EAAEC;IACP,CAAC,CAAC;IACFC,GAAG,EAAEC,eAAQ;IACbC,GAAG,EAAED;EACP,CAAC;AACH,CAAC,CAAC;AAACpB,OAAA,CAAAC,qBAAA,GAAAA,qBAAA;AAMH;AACA;AACA;AACA;AACO,MAAMqB,0BAA0B,GAAGnD,CAAC,CAACyB,MAAM,CAAC;EACjDM,MAAM,EAAE/B,CAAC,CAACyB,MAAM,CAAC;IACfO,GAAG,EAAEhC,CAAC,CAACiC,OAAO,CAAC,4BAA4B,CAAC;IAC5CC,GAAG,EAAElC,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEnC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACQ,QAAQ,CAAC;EAC3B,CAAC,CAAC;EACFC,OAAO,EAAErC,CAAC,CAACyB,MAAM,CAAC;IAChBkB,mBAAmB,EAAE3C,CAAC,CAAC4B,MAAM,CAAC,CAAC;IAC/BgB,eAAe,EAAE5C,CAAC,CAAC4B,MAAM,CAAC,CAAC;IAC3BwB,KAAK,EAAEpD,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACjByB,iBAAiB,EAAErD,CAAC,CAAC4B,MAAM,CAAC;EAC9B,CAAC;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AAFAC,OAAA,CAAAsB,0BAAA,GAAAA,0BAAA;AAMO,MAAMG,6BAA6B,GAAGtD,CAAC,CAACuD,KAAK,CAAC,CACnDzB,qBAAqB,EACrBqB,0BAA0B,CAC3B,CAAC;AAACtB,OAAA,CAAAyB,6BAAA,GAAAA,6BAAA;AAAA,IAESE,UAAU,0BAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAA,OAAVA,UAAU;AAAA;AAAA3B,OAAA,CAAA2B,UAAA,GAAAA,UAAA"}
|
|
@@ -137,7 +137,12 @@ const disclose = async (token, claims) => {
|
|
|
137
137
|
}
|
|
138
138
|
throw new Errors.ClaimsNotFoundInToken(claim);
|
|
139
139
|
}));
|
|
140
|
-
|
|
140
|
+
|
|
141
|
+
// The disclosures in the new SD-JWT aligned with version 1.0
|
|
142
|
+
// include a trailing "~" character.
|
|
143
|
+
// To avoid parsing errors, it is necessary to filter the array
|
|
144
|
+
// to remove any empty strings
|
|
145
|
+
const filteredDisclosures = rawDisclosures.filter(Boolean).filter(d => {
|
|
141
146
|
const {
|
|
142
147
|
decoded: [, name]
|
|
143
148
|
} = decodeDisclosure(d);
|