@pagopa/io-react-native-wallet 2.0.0-next.4 → 2.0.0-next.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js +3 -3
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
- package/lib/commonjs/credential/status/{02-status-attestation.js → 02-status-assertion.js} +28 -22
- package/lib/commonjs/credential/status/02-status-assertion.js.map +1 -0
- package/lib/commonjs/credential/status/03-verify-and-parse-status-assertion.js +85 -0
- package/lib/commonjs/credential/status/03-verify-and-parse-status-assertion.js.map +1 -0
- package/lib/commonjs/credential/status/README.md +22 -20
- package/lib/commonjs/credential/status/index.js +6 -6
- package/lib/commonjs/credential/status/index.js.map +1 -1
- package/lib/commonjs/credential/status/types.js +48 -15
- package/lib/commonjs/credential/status/types.js.map +1 -1
- package/lib/commonjs/trust/types.js +2 -1
- package/lib/commonjs/trust/types.js.map +1 -1
- package/lib/commonjs/utils/credentials.js +33 -0
- package/lib/commonjs/utils/credentials.js.map +1 -0
- package/lib/commonjs/utils/crypto.js +1 -7
- package/lib/commonjs/utils/crypto.js.map +1 -1
- package/lib/commonjs/utils/jwk.js +12 -0
- package/lib/commonjs/utils/jwk.js.map +1 -1
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js +4 -4
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
- package/lib/module/credential/status/{02-status-attestation.js → 02-status-assertion.js} +28 -22
- package/lib/module/credential/status/02-status-assertion.js.map +1 -0
- package/lib/module/credential/status/03-verify-and-parse-status-assertion.js +78 -0
- package/lib/module/credential/status/03-verify-and-parse-status-assertion.js.map +1 -0
- package/lib/module/credential/status/README.md +22 -20
- package/lib/module/credential/status/index.js +3 -3
- package/lib/module/credential/status/index.js.map +1 -1
- package/lib/module/credential/status/types.js +43 -12
- package/lib/module/credential/status/types.js.map +1 -1
- package/lib/module/trust/types.js +2 -1
- package/lib/module/trust/types.js.map +1 -1
- package/lib/module/utils/credentials.js +26 -0
- package/lib/module/utils/credentials.js.map +1 -0
- package/lib/module/utils/crypto.js +2 -8
- package/lib/module/utils/crypto.js.map +1 -1
- package/lib/module/utils/jwk.js +11 -1
- package/lib/module/utils/jwk.js.map +1 -1
- package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts.map +1 -1
- package/lib/typescript/credential/status/02-status-assertion.d.ts +23 -0
- package/lib/typescript/credential/status/02-status-assertion.d.ts.map +1 -0
- package/lib/typescript/credential/status/03-verify-and-parse-status-assertion.d.ts +21 -0
- package/lib/typescript/credential/status/03-verify-and-parse-status-assertion.d.ts.map +1 -0
- package/lib/typescript/credential/status/index.d.ts +4 -4
- package/lib/typescript/credential/status/index.d.ts.map +1 -1
- package/lib/typescript/credential/status/types.d.ts +495 -18
- package/lib/typescript/credential/status/types.d.ts.map +1 -1
- package/lib/typescript/trust/build-chain.d.ts +2 -2
- package/lib/typescript/trust/types.d.ts +26 -26
- package/lib/typescript/utils/credentials.d.ts +11 -0
- package/lib/typescript/utils/credentials.d.ts.map +1 -0
- package/lib/typescript/utils/crypto.d.ts.map +1 -1
- package/lib/typescript/utils/jwk.d.ts +7 -0
- package/lib/typescript/utils/jwk.d.ts.map +1 -1
- package/package.json +6 -8
- package/src/credential/issuance/07-verify-and-parse-credential.ts +4 -6
- package/src/credential/status/{02-status-attestation.ts → 02-status-assertion.ts} +37 -28
- package/src/credential/status/03-verify-and-parse-status-assertion.ts +109 -0
- package/src/credential/status/README.md +22 -20
- package/src/credential/status/index.ts +7 -14
- package/src/credential/status/types.ts +62 -15
- package/src/trust/types.ts +1 -1
- package/src/utils/credentials.ts +29 -0
- package/src/utils/crypto.ts +12 -20
- package/src/utils/jwk.ts +15 -1
- package/lib/commonjs/credential/status/02-status-attestation.js.map +0 -1
- package/lib/commonjs/credential/status/03-verify-and-parse-status-attestation.js +0 -55
- package/lib/commonjs/credential/status/03-verify-and-parse-status-attestation.js.map +0 -1
- package/lib/module/credential/status/02-status-attestation.js.map +0 -1
- package/lib/module/credential/status/03-verify-and-parse-status-attestation.js +0 -49
- package/lib/module/credential/status/03-verify-and-parse-status-attestation.js.map +0 -1
- package/lib/typescript/credential/status/02-status-attestation.d.ts +0 -19
- package/lib/typescript/credential/status/02-status-attestation.d.ts.map +0 -1
- package/lib/typescript/credential/status/03-verify-and-parse-status-attestation.d.ts +0 -24
- package/lib/typescript/credential/status/03-verify-and-parse-status-attestation.d.ts.map +0 -1
- package/src/credential/status/03-verify-and-parse-status-attestation.ts +0 -70
|
@@ -7,7 +7,6 @@ exports.withEphemeralKey = exports.createCryptoContextFor = void 0;
|
|
|
7
7
|
var _ioReactNativeCrypto = require("@pagopa/io-react-native-crypto");
|
|
8
8
|
var _uuid = require("uuid");
|
|
9
9
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
10
|
-
var _jwk = require("./jwk");
|
|
11
10
|
/**
|
|
12
11
|
* Create a CryptoContext bound to a key pair.
|
|
13
12
|
* Key pair is supposed to exist already in the device's keychain.
|
|
@@ -17,13 +16,8 @@ var _jwk = require("./jwk");
|
|
|
17
16
|
*/
|
|
18
17
|
const createCryptoContextFor = keytag => {
|
|
19
18
|
return {
|
|
20
|
-
/**
|
|
21
|
-
* Retrieve the public key of the pair.
|
|
22
|
-
* If the key pair doesn't exist yet, an error is raised
|
|
23
|
-
* @returns The public key.
|
|
24
|
-
*/
|
|
25
19
|
async getPublicKey() {
|
|
26
|
-
return (0, _ioReactNativeCrypto.
|
|
20
|
+
return (0, _ioReactNativeCrypto.getPublicKeyFixed)(keytag).then(async jwk => ({
|
|
27
21
|
...jwk,
|
|
28
22
|
// Keys in the TEE are not stored with their KID, which is supposed to be assigned when they are included in JWK sets.
|
|
29
23
|
// (that is, KID is not a propoerty of the key itself, but it's property used to identify a key in a set).
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeCrypto","require","_uuid","_ioReactNativeJwt","
|
|
1
|
+
{"version":3,"names":["_ioReactNativeCrypto","require","_uuid","_ioReactNativeJwt","createCryptoContextFor","keytag","getPublicKey","getPublicKeyFixed","then","jwk","kid","thumbprint","getSignature","value","sign","exports","withEphemeralKey","fn","uuidv4","generate","ephemeralContext","finally","deleteKey"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":";;;;;;AAAA,IAAAA,oBAAA,GAAAC,OAAA;AAMA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,iBAAA,GAAAF,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,sBAAsB,GAAIC,MAAc,IAAoB;EACvE,OAAO;IACL,MAAMC,YAAYA,CAAA,EAAG;MACnB,OAAO,IAAAC,sCAAiB,EAACF,MAAM,CAAC,CAACG,IAAI,CAAC,MAAOC,GAAG,KAAM;QACpD,GAAGA,GAAG;QACN;QACA;QACA;QACA;QACAC,GAAG,EAAE,MAAM,IAAAC,4BAAU,EAACF,GAAG;MAC3B,CAAC,CAAC,CAAC;IACL,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;IACI,MAAMG,YAAYA,CAACC,KAAa,EAAE;MAChC,OAAO,IAAAC,yBAAI,EAACD,KAAK,EAAER,MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAU,OAAA,CAAAX,sBAAA,GAAAA,sBAAA;AAQO,MAAMY,gBAAgB,GAAG,MAC9BC,EAAmD,IACpC;EACf;EACA,MAAMZ,MAAM,GAAI,aAAY,IAAAa,QAAM,EAAC,CAAE,EAAC;EACtC,MAAM,IAAAC,6BAAQ,EAACd,MAAM,CAAC;EACtB,MAAMe,gBAAgB,GAAGhB,sBAAsB,CAACC,MAAM,CAAC;EACvD,OAAOY,EAAE,CAACG,gBAAgB,CAAC,CAACC,OAAO,CAAC,MAAM,IAAAC,8BAAS,EAACjB,MAAM,CAAC,CAAC;AAC9D,CAAC;AAACU,OAAA,CAAAC,gBAAA,GAAAA,gBAAA"}
|
|
@@ -5,6 +5,7 @@ Object.defineProperty(exports, "__esModule", {
|
|
|
5
5
|
});
|
|
6
6
|
exports.JWKS = exports.JWK = void 0;
|
|
7
7
|
exports.fixBase64EncodingOnKey = fixBase64EncodingOnKey;
|
|
8
|
+
exports.isSameThumbprint = void 0;
|
|
8
9
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
9
10
|
var _zod = require("zod");
|
|
10
11
|
const JWK = _zod.z.object({
|
|
@@ -81,4 +82,15 @@ const JWKS = _zod.z.object({
|
|
|
81
82
|
keys: _zod.z.array(JWK)
|
|
82
83
|
});
|
|
83
84
|
exports.JWKS = JWKS;
|
|
85
|
+
/**
|
|
86
|
+
* Utility function that checks if two JWKs have the same thumbprint.
|
|
87
|
+
* @param jwkA The first JWK
|
|
88
|
+
* @param jwkB The second JWK
|
|
89
|
+
* @returns Whether the thumbprints match
|
|
90
|
+
*/
|
|
91
|
+
const isSameThumbprint = async (jwkA, jwkB) => {
|
|
92
|
+
const [thumbprintJwkA, thumbprintJwkB] = await Promise.all([(0, _ioReactNativeJwt.thumbprint)(jwkA), (0, _ioReactNativeJwt.thumbprint)(jwkB)]);
|
|
93
|
+
return thumbprintJwkA === thumbprintJwkB;
|
|
94
|
+
};
|
|
95
|
+
exports.isSameThumbprint = isSameThumbprint;
|
|
84
96
|
//# sourceMappingURL=jwk.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_zod","JWK","z","object","alg","string","optional","crv","d","dp","dq","e","ext","boolean","k","key_ops","array","kid","kty","union","literal","n","p","q","qi","use","x","y","x5c","x5t","x5u","exports","fixBase64EncodingOnKey","key","pk","removePadding","JWKS","keys"],"sourceRoot":"../../../src","sources":["utils/jwk.ts"],"mappings":"
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_zod","JWK","z","object","alg","string","optional","crv","d","dp","dq","e","ext","boolean","k","key_ops","array","kid","kty","union","literal","n","p","q","qi","use","x","y","x5c","x5t","x5u","exports","fixBase64EncodingOnKey","key","pk","removePadding","JWKS","keys","isSameThumbprint","jwkA","jwkB","thumbprintJwkA","thumbprintJwkB","Promise","all","thumbprint"],"sourceRoot":"../../../src","sources":["utils/jwk.ts"],"mappings":";;;;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AAGO,MAAME,GAAG,GAAGC,MAAC,CAACC,MAAM,CAAC;EAC1B;EACAC,GAAG,EAAEF,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1BC,GAAG,EAAEL,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1BE,CAAC,EAAEN,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBG,EAAE,EAAEP,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACzBI,EAAE,EAAER,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACzBK,CAAC,EAAET,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxB;EACAM,GAAG,EAAEV,MAAC,CAACW,OAAO,CAAC,CAAC,CAACP,QAAQ,CAAC,CAAC;EAC3BQ,CAAC,EAAEZ,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxB;EACAS,OAAO,EAAEb,MAAC,CAACc,KAAK,CAACd,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACvC;EACAW,GAAG,EAAEf,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1B;AACF;AACA;EACEY,GAAG,EAAEhB,MAAC,CAACiB,KAAK,CAAC,CAACjB,MAAC,CAACkB,OAAO,CAAC,KAAK,CAAC,EAAElB,MAAC,CAACkB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;EACjDC,CAAC,EAAEnB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBgB,CAAC,EAAEpB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBiB,CAAC,EAAErB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBkB,EAAE,EAAEtB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACzB;EACAmB,GAAG,EAAEvB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1BoB,CAAC,EAAExB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBqB,CAAC,EAAEzB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxB;EACAsB,GAAG,EAAE1B,MAAC,CAACc,KAAK,CAACd,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACnC;EACAuB,GAAG,EAAE3B,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1B;EACA,UAAU,EAAEJ,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACjC;EACAwB,GAAG,EAAE5B,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC;AAC3B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAyB,OAAA,CAAA9B,GAAA,GAAAA,GAAA;AAQO,SAAS+B,sBAAsBA,CAACC,GAAQ,EAAO;EACpD,MAAM;IAAEP,CAAC;IAAEC,CAAC;IAAEhB,CAAC;IAAEU,CAAC;IAAE,GAAGa;EAAG,CAAC,GAAGD,GAAG;EAEjC,OAAO;IACL,GAAGC,EAAE;IACL,IAAIR,CAAC,GAAG;MAAEA,CAAC,EAAE,IAAAS,+BAAa,EAACT,CAAC;IAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrC,IAAIC,CAAC,GAAG;MAAEA,CAAC,EAAE,IAAAQ,+BAAa,EAACR,CAAC;IAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrC,IAAIhB,CAAC,GAAG;MAAEA,CAAC,EAAE,IAAAwB,+BAAa,EAACxB,CAAC;IAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrC,IAAIU,CAAC,GAAG;MAAEA,CAAC,EAAE,IAAAc,+BAAa,EAACd,CAAC;IAAE,CAAC,GAAG,CAAC,CAAC;EACtC,CAAC;AACH;AAGO,MAAMe,IAAI,GAAGlC,MAAC,CAACC,MAAM,CAAC;EAC3BkC,IAAI,EAAEnC,MAAC,CAACc,KAAK,CAACf,GAAG;AACnB,CAAC,CAAC;AAAC8B,OAAA,CAAAK,IAAA,GAAAA,IAAA;AAIH;AACA;AACA;AACA;AACA;AACA;AACO,MAAME,gBAAgB,GAAG,MAAAA,CAAOC,IAAS,EAAEC,IAAS,KAAK;EAC9D,MAAM,CAACC,cAAc,EAAEC,cAAc,CAAC,GAAG,MAAMC,OAAO,CAACC,GAAG,CAAC,CACzD,IAAAC,4BAAU,EAACN,IAAI,CAAC,EAChB,IAAAM,4BAAU,EAACL,IAAI,CAAC,CACjB,CAAC;EACF,OAAOC,cAAc,KAAKC,cAAc;AAC1C,CAAC;AAACX,OAAA,CAAAO,gBAAA,GAAAA,gBAAA"}
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { IoWalletError } from "../../utils/errors";
|
|
2
|
-
import { SdJwt4VC } from "../../sd-jwt
|
|
3
|
-
import { verify as verifySdJwt } from "../../sd-jwt";
|
|
2
|
+
import { SdJwt4VC, verify as verifySdJwt } from "../../sd-jwt";
|
|
4
3
|
import { getValueFromDisclosures } from "../../sd-jwt/converters";
|
|
5
|
-
import {
|
|
4
|
+
import { isSameThumbprint } from "../../utils/jwk";
|
|
5
|
+
import { Logger, LogLevel } from "../../utils/logging";
|
|
6
6
|
|
|
7
7
|
// The credential as a collection of attributes in plain value
|
|
8
8
|
|
|
@@ -120,7 +120,7 @@ async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingCon
|
|
|
120
120
|
const {
|
|
121
121
|
cnf
|
|
122
122
|
} = decodedCredential.sdJwt.payload;
|
|
123
|
-
if (!
|
|
123
|
+
if (!(await isSameThumbprint(cnf.jwk, holderBindingKey))) {
|
|
124
124
|
const message = `Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`;
|
|
125
125
|
Logger.log(LogLevel.ERROR, message);
|
|
126
126
|
throw new IoWalletError(message);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","getValueFromDisclosures","
|
|
1
|
+
{"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","getValueFromDisclosures","isSameThumbprint","Logger","LogLevel","parseCredentialSdJwt","credentialConfig","_ref","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","format","header","typ","message","log","ERROR","claims","attrDefinitions","attrsNotInDisclosures","filter","definition","some","_ref2","name","path","missing","map","_","join","received","definedValues","Object","fromEntries","_ref3","_disclosures$find","value","find","_ref4","attrKey","display","reduce","names","_ref5","locale","undefinedValues","keys","includes","_ref6","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","payload","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","credentialConfigurationId","_ref7","credentialCryptoContext","decoded","openid_credential_issuer","jwks","DEBUG","JSON","stringify","credential_configurations_supported","parsedCredential","maybeIssuedAt","expiration","Date","exp","issuedAt","verifyAndParseCredential","context","_issuerConf$openid_cr"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":"AAGA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,QAAQ,EAAEC,MAAM,IAAIC,WAAW,QAAQ,cAAc;AAC9D,SAASC,uBAAuB,QAAQ,yBAAyB;AACjE,SAASC,gBAAgB,QAAkB,iBAAiB;AAE5D,SAASC,MAAM,EAAEC,QAAQ,QAAQ,qBAAqB;;AA2BtD;;AAkBA;;AAKA,MAAMC,oBAAoB,GAAG,SAAAA,CAE3BC,gBAAgC,EAAAC,IAAA,EAIX;EAAA,IAHrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAF,IAAA;EAAA,IAC9CG,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,IAAIL,gBAAgB,CAACS,MAAM,KAAKP,KAAK,CAACQ,MAAM,CAACC,GAAG,EAAE;IAChD,MAAMC,OAAO,GAAI,gEAA+DZ,gBAAgB,CAACS,MAAO,gBAAeP,KAAK,CAACQ,MAAM,CAACC,GAAI,GAAE;IAC1Id,MAAM,CAACgB,GAAG,CAACf,QAAQ,CAACgB,KAAK,EAAEF,OAAO,CAAC;IACnC,MAAM,IAAIrB,aAAa,CAACqB,OAAO,CAAC;EAClC;EAEA,IAAI,CAACZ,gBAAgB,CAACe,MAAM,EAAE;IAC5BlB,MAAM,CAACgB,GAAG,CAACf,QAAQ,CAACgB,KAAK,EAAE,0CAA0C,CAAC;IACtE,MAAM,IAAIvB,aAAa,CAAC,0CAA0C,CAAC,CAAC,CAAC;EACvE;;EACA,MAAMyB,eAAe,GAAGhB,gBAAgB,CAACe,MAAM;;EAE/C;EACA,MAAME,qBAAqB,GAAGD,eAAe,CAACE,MAAM,CACjDC,UAAU,IAAK,CAAChB,WAAW,CAACiB,IAAI,CAACC,KAAA;IAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;IAAA,OAAKC,IAAI,KAAKH,UAAU,CAACI,IAAI,CAAC,CAAC,CAAC;EAAA,EAAC,CAAC;EAC/E,CAAC;;EACD,IAAIN,qBAAqB,CAACX,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMkB,OAAO,GAAGP,qBAAqB,CAACQ,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAACH,IAAI,CAAC,CAAC,CAAC,CAAC,CAACI,IAAI,CAAC,IAAI,CAAC;IACtE,MAAMC,QAAQ,GAAGzB,WAAW,CAACsB,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE,IAAI,CAACvB,uBAAuB,EAAE;MAC5B,MAAMQ,OAAO,GAAI,4DAA2DY,OAAQ,iBAAgBI,QAAS,GAAE;MAC/G/B,MAAM,CAACgB,GAAG,CAACf,QAAQ,CAACgB,KAAK,EAAEF,OAAO,CAAC;MACnC,MAAM,IAAIrB,aAAa,CAACqB,OAAO,CAAC;IAClC;EACF;;EAEA;EACA;EACA,MAAMiB,aAAa,GAAGC,MAAM,CAACC,WAAW,CACtCf;EACE;EAAA,CACCS,GAAG,CACFO,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC;MAAEV,IAAI;MAAE,GAAGJ;IAAW,CAAC,GAAAa,KAAA;IAAA,OACtB,CACET,IAAI,CAAC,CAAC,CAAC,EACP;MACE,GAAGJ,UAAU;MACbe,KAAK,GAAAD,iBAAA,GAAE9B,WAAW,CAACgC,IAAI,CACpBT,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKH,IAAI,CAAC,CAAC,CACnC,CAAC,cAAAU,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCR,GAAG,CACFW,KAAA;IAAA,IAAC,CAACC,OAAO,EAAE;MAAEC,OAAO;MAAE,GAAGnB;IAAW,CAAC,CAAC,GAAAiB,KAAA;IAAA,OACpC,CACEC,OAAO,EACP;MACE,GAAGlB,UAAU;MACbG,IAAI,EAAEgB,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEpB;QAAK,CAAC,GAAAmB,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGpB;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;EAED,IAAId,0BAA0B,EAAE;IAC9B;IACA;IACA,MAAMmC,eAAe,GAAGb,MAAM,CAACC,WAAW,CACxC5B,WAAW,CACRe,MAAM,CAAEQ,CAAC,IAAK,CAACI,MAAM,CAACc,IAAI,CAACf,aAAa,CAAC,CAACgB,QAAQ,CAACnB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDD,GAAG,CAACqB,KAAA;MAAA,IAAC,GAAGC,GAAG,EAAEb,KAAK,CAAC,GAAAY,KAAA;MAAA,OAAK,CAACC,GAAG,EAAE;QAAEb,KAAK;QAAEZ,IAAI,EAAEyB;MAAI,CAAC,CAAC;IAAA,EACxD,CAAC;IACD,OAAO;MACL,GAAGlB,aAAa;MAChB,GAAGc;IACL,CAAC;EACH;EAEA,OAAOd,aAAa;AACtB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAemB,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB7D,WAAW,CAACuD,aAAa,EAAEC,UAAU,EAAE1D,QAAQ,CAAC,EAChD2D,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGL,iBAAiB,CAAClD,KAAK,CAACwD,OAAO;EAC/C,IAAI,EAAE,MAAM9D,gBAAgB,CAAC6D,GAAG,CAACE,GAAG,EAAEN,gBAAuB,CAAC,CAAC,EAAE;IAC/D,MAAMzC,OAAO,GAAI,kDAAiDyC,gBAAgB,CAACO,GAAI,UAASR,iBAAiB,CAAClD,KAAK,CAACwD,OAAO,CAACD,GAAG,CAACE,GAAG,CAACC,GAAI,EAAC;IAC7I/D,MAAM,CAACgB,GAAG,CAACf,QAAQ,CAACgB,KAAK,EAAEF,OAAO,CAAC;IACnC,MAAM,IAAIrB,aAAa,CAACqB,OAAO,CAAC;EAClC;EAEA,OAAOwC,iBAAiB;AAC1B;AAEA,MAAMS,6BAAuD,GAAG,MAAAA,CAC9DC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EAAAC,KAAA,KAMtB;EAAA,IALH;IACEC,uBAAuB;IACvB9D,uBAAuB;IACvBI;EACF,CAAC,GAAAyD,KAAA;EAED,MAAME,OAAO,GAAG,MAAMnB,qBAAqB,CACzCe,UAAU,EACVD,UAAU,CAACM,wBAAwB,CAACC,IAAI,CAACzB,IAAI,EAC7CsB,uBACF,CAAC;EAEDrE,MAAM,CAACgB,GAAG,CAACf,QAAQ,CAACwE,KAAK,EAAG,uBAAsBC,IAAI,CAACC,SAAS,CAACL,OAAO,CAAE,EAAC,CAAC;EAE5E,MAAMnE,gBAAgB,GACpB8D,UAAU,CAACM,wBAAwB,CAACK,mCAAmC,CACrET,yBAAyB,CAC1B;EAEH,IAAI,CAAChE,gBAAgB,EAAE;IACrBH,MAAM,CAACgB,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,gDAA+CkD,yBAA0B,EAC5E,CAAC;IACD,MAAM,IAAIzE,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,MAAMmF,gBAAgB,GAAG3E,oBAAoB,CAC3CC,gBAAgB,EAChBmE,OAAO,EACP/D,uBAAuB,EACvBI,0BACF,CAAC;EACD,MAAMmE,aAAa,GAAGhF,uBAAuB,CAACwE,OAAO,CAAChE,WAAW,EAAE,KAAK,CAAC;EAEzEN,MAAM,CAACgB,GAAG,CACRf,QAAQ,CAACwE,KAAK,EACb,sBAAqBC,IAAI,CAACC,SAAS,CAACE,gBAAgB,CAAE,gBAAeC,aAAc,EACtF,CAAC;EAED,OAAO;IACLD,gBAAgB;IAChBE,UAAU,EAAE,IAAIC,IAAI,CAACV,OAAO,CAACjE,KAAK,CAACwD,OAAO,CAACoB,GAAG,GAAG,IAAI,CAAC;IACtDC,QAAQ,EACN,OAAOJ,aAAa,KAAK,QAAQ,GAC7B,IAAIE,IAAI,CAACF,aAAa,GAAG,IAAI,CAAC,GAC9BpE;EACR,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMyE,wBAAkD,GAAG,MAAAA,CAChElB,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzBiB,OAAO,KACJ;EAAA,IAAAC,qBAAA;EACH,MAAMzE,MAAM,IAAAyE,qBAAA,GACVpB,UAAU,CAACM,wBAAwB,CAACK,mCAAmC,CACrET,yBAAyB,CAC1B,cAAAkB,qBAAA,uBAFDA,qBAAA,CAEGzE,MAAM;EAEX,IAAIA,MAAM,KAAK,WAAW,EAAE;IAC1BZ,MAAM,CAACgB,GAAG,CAACf,QAAQ,CAACwE,KAAK,EAAE,wCAAwC,CAAC;IACpE,OAAOT,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzBiB,OACF,CAAC;EACH;EAEA,MAAMrE,OAAO,GAAI,kCAAiCH,MAAO,EAAC;EAC1DZ,MAAM,CAACgB,GAAG,CAACf,QAAQ,CAACgB,KAAK,EAAEF,OAAO,CAAC;EACnC,MAAM,IAAIrB,aAAa,CAACqB,OAAO,CAAC;AAClC,CAAC"}
|
|
@@ -1,36 +1,44 @@
|
|
|
1
1
|
import { getCredentialHashWithouDiscloures, hasStatusOrThrow } from "../../utils/misc";
|
|
2
2
|
import { SignJWT } from "@pagopa/io-react-native-jwt";
|
|
3
3
|
import { v4 as uuidv4 } from "uuid";
|
|
4
|
-
import {
|
|
4
|
+
import { StatusAssertionResponse } from "./types";
|
|
5
5
|
import { IssuerResponseError, IssuerResponseErrorCodes, ResponseErrorBuilder, UnexpectedStatusCodeError } from "../../utils/errors";
|
|
6
|
-
import {
|
|
6
|
+
import { Logger, LogLevel } from "../../utils/logging";
|
|
7
|
+
import { extractJwkFromCredential } from "../../utils/credentials";
|
|
7
8
|
/**
|
|
8
|
-
*
|
|
9
|
-
* Verify the status of the credential attestation.
|
|
9
|
+
* Get the status assertion of a digital credential.
|
|
10
10
|
* @param issuerConf - The issuer's configuration
|
|
11
11
|
* @param credential - The credential to be verified
|
|
12
|
-
* @param
|
|
12
|
+
* @param format - The format of the credential, e.g. "sd-jwt"
|
|
13
|
+
* @param context.credentialCryptoContext - The credential's crypto context
|
|
14
|
+
* @param context.wiaCryptoContext - The Wallet Attestation's crypto context
|
|
13
15
|
* @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
|
|
14
16
|
* @throws {IssuerResponseError} with a specific code for more context
|
|
15
|
-
* @returns The credential status
|
|
17
|
+
* @returns The credential status assertion
|
|
16
18
|
*/
|
|
17
|
-
export const
|
|
18
|
-
|
|
19
|
-
|
|
19
|
+
export const statusAssertion = async (issuerConf, credential, format, ctx) => {
|
|
20
|
+
const {
|
|
21
|
+
credentialCryptoContext,
|
|
22
|
+
wiaCryptoContext,
|
|
23
|
+
appFetch = fetch
|
|
24
|
+
} = ctx;
|
|
25
|
+
const jwk = await extractJwkFromCredential(credential, format);
|
|
26
|
+
const issuerJwk = await wiaCryptoContext.getPublicKey();
|
|
20
27
|
const credentialHash = await getCredentialHashWithouDiscloures(credential);
|
|
21
28
|
const statusAttUrl = issuerConf.openid_credential_issuer.status_attestation_endpoint;
|
|
22
29
|
const credentialPop = await new SignJWT(credentialCryptoContext).setPayload({
|
|
30
|
+
iss: issuerJwk.kid,
|
|
23
31
|
aud: statusAttUrl,
|
|
24
32
|
jti: uuidv4().toString(),
|
|
25
33
|
credential_hash: credentialHash,
|
|
26
|
-
credential_hash_alg: "
|
|
34
|
+
credential_hash_alg: "sha-256"
|
|
27
35
|
}).setProtectedHeader({
|
|
28
36
|
alg: "ES256",
|
|
29
|
-
typ: "status-
|
|
37
|
+
typ: "status-assertion-request+jwt",
|
|
30
38
|
kid: jwk.kid
|
|
31
39
|
}).setIssuedAt().setExpirationTime("5m").sign();
|
|
32
40
|
const body = {
|
|
33
|
-
|
|
41
|
+
status_assertion_requests: [credentialPop]
|
|
34
42
|
};
|
|
35
43
|
Logger.log(LogLevel.DEBUG, `Credential pop: ${credentialPop}`);
|
|
36
44
|
const result = await appFetch(statusAttUrl, {
|
|
@@ -39,28 +47,26 @@ export const statusAttestation = async function (issuerConf, credential, credent
|
|
|
39
47
|
"Content-Type": "application/json"
|
|
40
48
|
},
|
|
41
49
|
body: JSON.stringify(body)
|
|
42
|
-
}).then(hasStatusOrThrow(
|
|
50
|
+
}).then(hasStatusOrThrow(200)).then(raw => raw.json()).then(json => StatusAssertionResponse.parse(json)).catch(handleStatusAssertionError);
|
|
51
|
+
const [statusAttestationJwt] = result.status_assertion_responses;
|
|
43
52
|
return {
|
|
44
|
-
|
|
53
|
+
statusAssertion: statusAttestationJwt
|
|
45
54
|
};
|
|
46
55
|
};
|
|
47
56
|
|
|
48
57
|
/**
|
|
49
|
-
* Handle the status
|
|
58
|
+
* Handle the status assertion error by mapping it to a custom exception.
|
|
50
59
|
* If the error is not an instance of {@link UnexpectedStatusCodeError}, it is thrown as is.
|
|
51
60
|
* @param e - The error to be handled
|
|
52
61
|
* @throws {IssuerResponseError} with a specific code for more context
|
|
53
62
|
*/
|
|
54
|
-
const
|
|
63
|
+
const handleStatusAssertionError = e => {
|
|
55
64
|
if (!(e instanceof UnexpectedStatusCodeError)) {
|
|
56
65
|
throw e;
|
|
57
66
|
}
|
|
58
|
-
throw new ResponseErrorBuilder(IssuerResponseError).handle(
|
|
59
|
-
code: IssuerResponseErrorCodes.CredentialInvalidStatus,
|
|
60
|
-
message: "Invalid status found for the given credential"
|
|
61
|
-
}).handle("*", {
|
|
67
|
+
throw new ResponseErrorBuilder(IssuerResponseError).handle("*", {
|
|
62
68
|
code: IssuerResponseErrorCodes.StatusAttestationRequestFailed,
|
|
63
|
-
message: `Unable to obtain the status
|
|
69
|
+
message: `Unable to obtain the status assertion for the given credential`
|
|
64
70
|
}).buildFrom(e);
|
|
65
71
|
};
|
|
66
|
-
//# sourceMappingURL=02-status-
|
|
72
|
+
//# sourceMappingURL=02-status-assertion.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["getCredentialHashWithouDiscloures","hasStatusOrThrow","SignJWT","v4","uuidv4","StatusAssertionResponse","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","Logger","LogLevel","extractJwkFromCredential","statusAssertion","issuerConf","credential","format","ctx","credentialCryptoContext","wiaCryptoContext","appFetch","fetch","jwk","issuerJwk","getPublicKey","credentialHash","statusAttUrl","openid_credential_issuer","status_attestation_endpoint","credentialPop","setPayload","iss","kid","aud","jti","toString","credential_hash","credential_hash_alg","setProtectedHeader","alg","typ","setIssuedAt","setExpirationTime","sign","body","status_assertion_requests","log","DEBUG","result","method","headers","JSON","stringify","then","raw","json","parse","catch","handleStatusAssertionError","statusAttestationJwt","status_assertion_responses","e","handle","code","StatusAttestationRequestFailed","message","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/status/02-status-assertion.ts"],"mappings":"AAAA,SACEA,iCAAiC,EACjCC,gBAAgB,QAEX,kBAAkB;AAEzB,SAA6BC,OAAO,QAAQ,6BAA6B;AACzE,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,uBAAuB,QAAQ,SAAS;AACjD,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,EACpBC,yBAAyB,QACpB,oBAAoB;AAC3B,SAASC,MAAM,EAAEC,QAAQ,QAAQ,qBAAqB;AACtD,SAASC,wBAAwB,QAAQ,yBAAyB;AAelE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAgC,GAAG,MAAAA,CAC9CC,UAAU,EACVC,UAAU,EACVC,MAAM,EACNC,GAAG,KACA;EACH,MAAM;IAAEC,uBAAuB;IAAEC,gBAAgB;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAGJ,GAAG;EAE3E,MAAMK,GAAG,GAAG,MAAMV,wBAAwB,CAACG,UAAU,EAAEC,MAAM,CAAC;EAC9D,MAAMO,SAAS,GAAG,MAAMJ,gBAAgB,CAACK,YAAY,CAAC,CAAC;EACvD,MAAMC,cAAc,GAAG,MAAMzB,iCAAiC,CAACe,UAAU,CAAC;EAC1E,MAAMW,YAAY,GAChBZ,UAAU,CAACa,wBAAwB,CAACC,2BAA2B;EAEjE,MAAMC,aAAa,GAAG,MAAM,IAAI3B,OAAO,CAACgB,uBAAuB,CAAC,CAC7DY,UAAU,CAAC;IACVC,GAAG,EAAER,SAAS,CAACS,GAAG;IAClBC,GAAG,EAAEP,YAAY;IACjBQ,GAAG,EAAE9B,MAAM,CAAC,CAAC,CAAC+B,QAAQ,CAAC,CAAC;IACxBC,eAAe,EAAEX,cAAc;IAC/BY,mBAAmB,EAAE;EACvB,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,8BAA8B;IACnCR,GAAG,EAAEV,GAAG,CAACU;EACX,CAAC,CAAC,CACDS,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,IAAI,GAAG;IACXC,yBAAyB,EAAE,CAAChB,aAAa;EAC3C,CAAC;EAEDnB,MAAM,CAACoC,GAAG,CAACnC,QAAQ,CAACoC,KAAK,EAAG,mBAAkBlB,aAAc,EAAC,CAAC;EAE9D,MAAMmB,MAAM,GAAG,MAAM5B,QAAQ,CAACM,YAAY,EAAE;IAC1CuB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDN,IAAI,EAAEO,IAAI,CAACC,SAAS,CAACR,IAAI;EAC3B,CAAC,CAAC,CACCS,IAAI,CAACpD,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BoD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEE,IAAI,IAAKlD,uBAAuB,CAACmD,KAAK,CAACD,IAAI,CAAC,CAAC,CACnDE,KAAK,CAACC,0BAA0B,CAAC;EAEpC,MAAM,CAACC,oBAAoB,CAAC,GAAGX,MAAM,CAACY,0BAA0B;EAEhE,OAAO;IAAE/C,eAAe,EAAE8C;EAAsB,CAAC;AACnD,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMD,0BAA0B,GAAIG,CAAU,IAAK;EACjD,IAAI,EAAEA,CAAC,YAAYpD,yBAAyB,CAAC,EAAE;IAC7C,MAAMoD,CAAC;EACT;EAEA,MAAM,IAAIrD,oBAAoB,CAACF,mBAAmB,CAAC,CAChDwD,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAExD,wBAAwB,CAACyD,8BAA8B;IAC7DC,OAAO,EAAG;EACZ,CAAC,CAAC,CACDC,SAAS,CAACL,CAAC,CAAC;AACjB,CAAC"}
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
import { IoWalletError, IssuerResponseError, IssuerResponseErrorCodes } from "../../utils/errors";
|
|
2
|
+
import { decode as decodeJwt, verify } from "@pagopa/io-react-native-jwt";
|
|
3
|
+
import { ParsedStatusAssertionResponse, StatusType } from "./types";
|
|
4
|
+
import { Logger, LogLevel } from "../../utils/logging";
|
|
5
|
+
import { extractJwkFromCredential } from "../../utils/credentials";
|
|
6
|
+
import { isSameThumbprint } from "../../utils/jwk";
|
|
7
|
+
/**
|
|
8
|
+
* Given a status assertion, verifies that:
|
|
9
|
+
* - It's in the supported format;
|
|
10
|
+
* - The assertion is correctly signed;
|
|
11
|
+
* - It's bound to the given key.
|
|
12
|
+
* @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
|
|
13
|
+
* @param statusAssertion The encoded status assertion returned by {@link statusAssertion}
|
|
14
|
+
* @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
|
|
15
|
+
* @returns A parsed status assertion
|
|
16
|
+
* @throws {IoWalletError} If the credential signature is not verified with the Issuer key set
|
|
17
|
+
* @throws {IssuerResponseError} If the status assertion contains an error or the credential status is invalid
|
|
18
|
+
*/
|
|
19
|
+
export const verifyAndParseStatusAssertion = async (issuerConf, rawStatusAssertion, credential, format) => {
|
|
20
|
+
const {
|
|
21
|
+
statusAssertion
|
|
22
|
+
} = rawStatusAssertion;
|
|
23
|
+
await verify(statusAssertion, issuerConf.openid_credential_issuer.jwks.keys);
|
|
24
|
+
const decodedJwt = decodeJwt(statusAssertion);
|
|
25
|
+
const parsedStatusAssertion = ParsedStatusAssertionResponse.parse({
|
|
26
|
+
header: decodedJwt.protectedHeader,
|
|
27
|
+
payload: decodedJwt.payload
|
|
28
|
+
});
|
|
29
|
+
Logger.log(LogLevel.DEBUG, `Parsed status assertion: ${JSON.stringify(parsedStatusAssertion)}`);
|
|
30
|
+
|
|
31
|
+
// Errors are transmitted in the JWT and use a 200 HTTP status code
|
|
32
|
+
if (isStatusAssertionError(parsedStatusAssertion)) {
|
|
33
|
+
throw new IssuerResponseError({
|
|
34
|
+
code: IssuerResponseErrorCodes.CredentialInvalidStatus,
|
|
35
|
+
message: "The status assertion contains an error",
|
|
36
|
+
statusCode: 200,
|
|
37
|
+
reason: buildErrorReason(parsedStatusAssertion)
|
|
38
|
+
});
|
|
39
|
+
}
|
|
40
|
+
const {
|
|
41
|
+
cnf,
|
|
42
|
+
credential_status_type
|
|
43
|
+
} = parsedStatusAssertion.payload;
|
|
44
|
+
const holderBindingKey = await extractJwkFromCredential(credential, format);
|
|
45
|
+
if (!(await isSameThumbprint(cnf.jwk, holderBindingKey))) {
|
|
46
|
+
const errorMessage = `Failed to verify holder binding for status assertion: the thumbprints of keys ${cnf.jwk.kid} and ${holderBindingKey.kid} do not match`;
|
|
47
|
+
Logger.log(LogLevel.ERROR, errorMessage);
|
|
48
|
+
throw new IoWalletError(errorMessage);
|
|
49
|
+
}
|
|
50
|
+
if (credential_status_type !== StatusType.VALID) {
|
|
51
|
+
throw new IssuerResponseError({
|
|
52
|
+
code: IssuerResponseErrorCodes.CredentialInvalidStatus,
|
|
53
|
+
message: "Invalid status found for the given credential",
|
|
54
|
+
statusCode: 200,
|
|
55
|
+
reason: buildErrorReason(parsedStatusAssertion)
|
|
56
|
+
});
|
|
57
|
+
}
|
|
58
|
+
return {
|
|
59
|
+
parsedStatusAssertion
|
|
60
|
+
};
|
|
61
|
+
};
|
|
62
|
+
const isStatusAssertionError = assertion => assertion.header.typ === "status-assertion-error+jwt";
|
|
63
|
+
|
|
64
|
+
/**
|
|
65
|
+
* Build an object containing the details on the error to use as the IssuerResponseError's reason
|
|
66
|
+
* @param assertion The status assertion response, both success or failure
|
|
67
|
+
* @returns The error's reason object
|
|
68
|
+
*/
|
|
69
|
+
const buildErrorReason = _ref => {
|
|
70
|
+
let {
|
|
71
|
+
payload
|
|
72
|
+
} = _ref;
|
|
73
|
+
return "error" in payload ? payload : {
|
|
74
|
+
error: payload.credential_status_detail.state,
|
|
75
|
+
error_description: payload.credential_status_detail.description
|
|
76
|
+
};
|
|
77
|
+
};
|
|
78
|
+
//# sourceMappingURL=03-verify-and-parse-status-assertion.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["IoWalletError","IssuerResponseError","IssuerResponseErrorCodes","decode","decodeJwt","verify","ParsedStatusAssertionResponse","StatusType","Logger","LogLevel","extractJwkFromCredential","isSameThumbprint","verifyAndParseStatusAssertion","issuerConf","rawStatusAssertion","credential","format","statusAssertion","openid_credential_issuer","jwks","keys","decodedJwt","parsedStatusAssertion","parse","header","protectedHeader","payload","log","DEBUG","JSON","stringify","isStatusAssertionError","code","CredentialInvalidStatus","message","statusCode","reason","buildErrorReason","cnf","credential_status_type","holderBindingKey","jwk","errorMessage","kid","ERROR","VALID","assertion","typ","_ref","error","credential_status_detail","state","error_description","description"],"sourceRoot":"../../../../src","sources":["credential/status/03-verify-and-parse-status-assertion.ts"],"mappings":"AACA,SACEA,aAAa,EACbC,mBAAmB,EACnBC,wBAAwB,QACnB,oBAAoB;AAC3B,SAASC,MAAM,IAAIC,SAAS,EAAEC,MAAM,QAAQ,6BAA6B;AAEzE,SAIEC,6BAA6B,EAC7BC,UAAU,QACL,SAAS;AAChB,SAASC,MAAM,EAAEC,QAAQ,QAAQ,qBAAqB;AAEtD,SAASC,wBAAwB,QAAQ,yBAAyB;AAClE,SAASC,gBAAgB,QAAQ,iBAAiB;AASlD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,6BAA4D,GACvE,MAAAA,CAAOC,UAAU,EAAEC,kBAAkB,EAAEC,UAAU,EAAEC,MAAM,KAAK;EAC5D,MAAM;IAAEC;EAAgB,CAAC,GAAGH,kBAAkB;EAE9C,MAAMT,MAAM,CACVY,eAAe,EACfJ,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACC,IAC3C,CAAC;EAED,MAAMC,UAAU,GAAGjB,SAAS,CAACa,eAAe,CAAC;EAC7C,MAAMK,qBAAqB,GAAGhB,6BAA6B,CAACiB,KAAK,CAAC;IAChEC,MAAM,EAAEH,UAAU,CAACI,eAAe;IAClCC,OAAO,EAAEL,UAAU,CAACK;EACtB,CAAC,CAAC;EAEFlB,MAAM,CAACmB,GAAG,CACRlB,QAAQ,CAACmB,KAAK,EACb,4BAA2BC,IAAI,CAACC,SAAS,CAACR,qBAAqB,CAAE,EACpE,CAAC;;EAED;EACA,IAAIS,sBAAsB,CAACT,qBAAqB,CAAC,EAAE;IACjD,MAAM,IAAIrB,mBAAmB,CAAC;MAC5B+B,IAAI,EAAE9B,wBAAwB,CAAC+B,uBAAuB;MACtDC,OAAO,EAAE,wCAAwC;MACjDC,UAAU,EAAE,GAAG;MACfC,MAAM,EAAEC,gBAAgB,CAACf,qBAAqB;IAChD,CAAC,CAAC;EACJ;EAEA,MAAM;IAAEgB,GAAG;IAAEC;EAAuB,CAAC,GAAGjB,qBAAqB,CAACI,OAAO;EACrE,MAAMc,gBAAgB,GAAG,MAAM9B,wBAAwB,CAACK,UAAU,EAAEC,MAAM,CAAC;EAE3E,IAAI,EAAE,MAAML,gBAAgB,CAAC2B,GAAG,CAACG,GAAG,EAAED,gBAAgB,CAAC,CAAC,EAAE;IACxD,MAAME,YAAY,GAAI,iFAAgFJ,GAAG,CAACG,GAAG,CAACE,GAAI,QAAOH,gBAAgB,CAACG,GAAI,eAAc;IAC5JnC,MAAM,CAACmB,GAAG,CAAClB,QAAQ,CAACmC,KAAK,EAAEF,YAAY,CAAC;IACxC,MAAM,IAAI1C,aAAa,CAAC0C,YAAY,CAAC;EACvC;EAEA,IAAIH,sBAAsB,KAAKhC,UAAU,CAACsC,KAAK,EAAE;IAC/C,MAAM,IAAI5C,mBAAmB,CAAC;MAC5B+B,IAAI,EAAE9B,wBAAwB,CAAC+B,uBAAuB;MACtDC,OAAO,EAAE,+CAA+C;MACxDC,UAAU,EAAE,GAAG;MACfC,MAAM,EAAEC,gBAAgB,CAACf,qBAAqB;IAChD,CAAC,CAAC;EACJ;EAEA,OAAO;IAAEA;EAAsB,CAAC;AAClC,CAAC;AAEH,MAAMS,sBAAsB,GAC1Be,SAAwC,IAExCA,SAAS,CAACtB,MAAM,CAACuB,GAAG,KAAK,4BAA4B;;AAEvD;AACA;AACA;AACA;AACA;AACA,MAAMV,gBAAgB,GAAGW,IAAA;EAAA,IAAC;IACxBtB;EAC6B,CAAC,GAAAsB,IAAA;EAAA,OAC9B,OAAO,IAAItB,OAAO,GACdA,OAAO,GACP;IACEuB,KAAK,EAAEvB,OAAO,CAACwB,wBAAwB,CAAEC,KAAK;IAC9CC,iBAAiB,EAAE1B,OAAO,CAACwB,wBAAwB,CAAEG;EACvD,CAAC;AAAA"}
|
|
@@ -1,16 +1,16 @@
|
|
|
1
|
-
# Credential Status
|
|
1
|
+
# Credential Status Assertion
|
|
2
2
|
|
|
3
|
-
This flow is used to obtain a credential status
|
|
4
|
-
The credential status
|
|
5
|
-
The status
|
|
3
|
+
This flow is used to obtain a credential status assertion from its credential issuer. Each step in the flow is imported from the related file which is named with a sequential number.
|
|
4
|
+
The credential status assertion is a JWT which contains the credential status which indicates if the credential is valid or not (see [OAuth Status Assertions](https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/credential-revocation.html#oauth-status-assertions)).
|
|
5
|
+
The status assertion is supposed to be stored securely along with the credential. It has a limited lifetime and should be refreshed periodically according to the `exp` field in the JWT payload.
|
|
6
6
|
|
|
7
7
|
## Sequence Diagram
|
|
8
8
|
|
|
9
9
|
```mermaid
|
|
10
10
|
graph TD;
|
|
11
11
|
0[startFlow]
|
|
12
|
-
1[
|
|
13
|
-
2[
|
|
12
|
+
1[statusAssertion]
|
|
13
|
+
2[verifyAndParseStatusAssertion]
|
|
14
14
|
|
|
15
15
|
0 --> 1
|
|
16
16
|
1 --> 2
|
|
@@ -21,14 +21,14 @@ graph TD;
|
|
|
21
21
|
|
|
22
22
|
The following errors are mapped to a `IssuerResponseError` with specific codes.
|
|
23
23
|
|
|
24
|
-
|
|
|
25
|
-
|
|
26
|
-
|`
|
|
24
|
+
|Error Code|Description|
|
|
25
|
+
|----------|-----------|
|
|
26
|
+
|`ERR_CREDENTIAL_INVALID_STATUS`|This error is thrown when the status assertion for a given credential is invalid. It might contain more details in the `reason` property.|
|
|
27
27
|
|
|
28
28
|
## Example
|
|
29
29
|
|
|
30
30
|
<details>
|
|
31
|
-
<summary>Credential status
|
|
31
|
+
<summary>Credential status assertion flow</summary>
|
|
32
32
|
|
|
33
33
|
```ts
|
|
34
34
|
// Start the issuance flow
|
|
@@ -42,24 +42,26 @@ const { issuerUrl } = startFlow();
|
|
|
42
42
|
// Evaluate issuer trust
|
|
43
43
|
const { issuerConf } = await Credential.Status.evaluateIssuerTrust(issuerUrl);
|
|
44
44
|
|
|
45
|
-
// Get the credential
|
|
46
|
-
const res = await Credential.Status.
|
|
45
|
+
// Get the credential assertion
|
|
46
|
+
const res = await Credential.Status.statusAssertion(
|
|
47
47
|
issuerConf,
|
|
48
48
|
credential,
|
|
49
|
-
|
|
49
|
+
format,
|
|
50
|
+
{ credentialCryptoContext, wiaCryptoContext }
|
|
50
51
|
);
|
|
51
52
|
|
|
52
|
-
// Verify and parse the status
|
|
53
|
-
const {
|
|
54
|
-
await Credential.Status.
|
|
53
|
+
// Verify and parse the status assertion
|
|
54
|
+
const { parsedStatusAssertion } =
|
|
55
|
+
await Credential.Status.verifyAndParseStatusAssertion(
|
|
55
56
|
issuerConf,
|
|
56
|
-
res.
|
|
57
|
-
|
|
57
|
+
res.statusAssertion,
|
|
58
|
+
credential,
|
|
59
|
+
format
|
|
58
60
|
);
|
|
59
61
|
|
|
60
62
|
return {
|
|
61
|
-
|
|
62
|
-
|
|
63
|
+
statusAssertion: res.statusAssertion,
|
|
64
|
+
parsedStatusAssertion,
|
|
63
65
|
};
|
|
64
66
|
```
|
|
65
67
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { statusAssertion } from "./02-status-assertion";
|
|
2
2
|
import { evaluateIssuerTrust } from "../issuance";
|
|
3
|
-
import {
|
|
4
|
-
export { evaluateIssuerTrust,
|
|
3
|
+
import { verifyAndParseStatusAssertion } from "./03-verify-and-parse-status-assertion";
|
|
4
|
+
export { evaluateIssuerTrust, statusAssertion, verifyAndParseStatusAssertion };
|
|
5
5
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["statusAssertion","evaluateIssuerTrust","verifyAndParseStatusAssertion"],"sourceRoot":"../../../../src","sources":["credential/status/index.ts"],"mappings":"AACA,SAASA,eAAe,QAA8B,uBAAuB;AAC7E,SAASC,mBAAmB,QAAkC,aAAa;AAC3E,SACEC,6BAA6B,QAExB,wCAAwC;AAE/C,SAASD,mBAAmB,EAAED,eAAe,EAAEE,6BAA6B"}
|
|
@@ -3,31 +3,33 @@ import { JWK } from "../../utils/jwk";
|
|
|
3
3
|
import * as z from "zod";
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
|
-
* Shape from parsing a status
|
|
6
|
+
* Shape from parsing a status assertion response in case of 201.
|
|
7
7
|
*/
|
|
8
|
-
export const
|
|
9
|
-
|
|
8
|
+
export const StatusAssertionResponse = z.object({
|
|
9
|
+
status_assertion_responses: z.array(z.string())
|
|
10
10
|
});
|
|
11
11
|
|
|
12
12
|
/**
|
|
13
|
-
* Type from parsing a status
|
|
14
|
-
* Inferred from {@link
|
|
13
|
+
* Type from parsing a status assertion response in case of 201.
|
|
14
|
+
* Inferred from {@link StatusAssertionResponse}.
|
|
15
15
|
*/
|
|
16
16
|
|
|
17
17
|
/**
|
|
18
|
-
*
|
|
18
|
+
* Shape for parsing a successful status assertion in a JWT.
|
|
19
19
|
*/
|
|
20
|
-
|
|
21
|
-
/**
|
|
22
|
-
* Shape for parsing a status attestation in a JWT.
|
|
23
|
-
*/
|
|
24
|
-
export const ParsedStatusAttestation = z.object({
|
|
20
|
+
export const ParsedStatusAssertion = z.object({
|
|
25
21
|
header: z.object({
|
|
26
|
-
typ: z.literal("status-
|
|
22
|
+
typ: z.literal("status-assertion+jwt"),
|
|
27
23
|
alg: z.string(),
|
|
28
24
|
kid: z.string().optional()
|
|
29
25
|
}),
|
|
30
26
|
payload: z.object({
|
|
27
|
+
iss: z.string(),
|
|
28
|
+
credential_status_type: z.string(),
|
|
29
|
+
credential_status_detail: z.object({
|
|
30
|
+
state: z.string(),
|
|
31
|
+
description: z.string()
|
|
32
|
+
}).optional(),
|
|
31
33
|
credential_hash_alg: z.string(),
|
|
32
34
|
credential_hash: z.string(),
|
|
33
35
|
cnf: z.object({
|
|
@@ -37,4 +39,33 @@ export const ParsedStatusAttestation = z.object({
|
|
|
37
39
|
iat: UnixTime
|
|
38
40
|
})
|
|
39
41
|
});
|
|
42
|
+
/**
|
|
43
|
+
* The JWT that contains the errors occurred for the status assertion request.
|
|
44
|
+
* @see https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/credential-revocation.html#http-status-assertion-response
|
|
45
|
+
*/
|
|
46
|
+
export const ParsedStatusAssertionError = z.object({
|
|
47
|
+
header: z.object({
|
|
48
|
+
typ: z.literal("status-assertion-error+jwt"),
|
|
49
|
+
alg: z.string(),
|
|
50
|
+
kid: z.string().optional()
|
|
51
|
+
}),
|
|
52
|
+
payload: z.object({
|
|
53
|
+
credential_hash_alg: z.string(),
|
|
54
|
+
credential_hash: z.string(),
|
|
55
|
+
error: z.string(),
|
|
56
|
+
error_description: z.string()
|
|
57
|
+
})
|
|
58
|
+
});
|
|
59
|
+
|
|
60
|
+
/**
|
|
61
|
+
* The status assertion response that might include either a successful assertion or an error
|
|
62
|
+
*/
|
|
63
|
+
|
|
64
|
+
export const ParsedStatusAssertionResponse = z.union([ParsedStatusAssertion, ParsedStatusAssertionError]);
|
|
65
|
+
export let StatusType = /*#__PURE__*/function (StatusType) {
|
|
66
|
+
StatusType["VALID"] = "0x00";
|
|
67
|
+
StatusType["INVALID"] = "0x01";
|
|
68
|
+
StatusType["SUSPENDED"] = "0x02";
|
|
69
|
+
return StatusType;
|
|
70
|
+
}({});
|
|
40
71
|
//# sourceMappingURL=types.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["UnixTime","JWK","z","
|
|
1
|
+
{"version":3,"names":["UnixTime","JWK","z","StatusAssertionResponse","object","status_assertion_responses","array","string","ParsedStatusAssertion","header","typ","literal","alg","kid","optional","payload","iss","credential_status_type","credential_status_detail","state","description","credential_hash_alg","credential_hash","cnf","jwk","exp","iat","ParsedStatusAssertionError","error","error_description","ParsedStatusAssertionResponse","union","StatusType"],"sourceRoot":"../../../../src","sources":["credential/status/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,GAAG,QAAQ,iBAAiB;AACrC,OAAO,KAAKC,CAAC,MAAM,KAAK;;AAExB;AACA;AACA;AACA,OAAO,MAAMC,uBAAuB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAC9CC,0BAA0B,EAAEH,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC;AAChD,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA,OAAO,MAAMC,qBAAqB,GAAGN,CAAC,CAACE,MAAM,CAAC;EAC5CK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC;IACfM,GAAG,EAAEX,CAAC,CAACK,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC;EAC3B,CAAC,CAAC;EACFC,OAAO,EAAEb,CAAC,CAACE,MAAM,CAAC;IAChBY,GAAG,EAAEd,CAAC,CAACK,MAAM,CAAC,CAAC;IACfU,sBAAsB,EAAEf,CAAC,CAACK,MAAM,CAAC,CAAC;IAClCW,wBAAwB,EAAEhB,CAAC,CACxBE,MAAM,CAAC;MACNe,KAAK,EAAEjB,CAAC,CAACK,MAAM,CAAC,CAAC;MACjBa,WAAW,EAAElB,CAAC,CAACK,MAAM,CAAC;IACxB,CAAC,CAAC,CACDO,QAAQ,CAAC,CAAC;IACbO,mBAAmB,EAAEnB,CAAC,CAACK,MAAM,CAAC,CAAC;IAC/Be,eAAe,EAAEpB,CAAC,CAACK,MAAM,CAAC,CAAC;IAC3BgB,GAAG,EAAErB,CAAC,CAACE,MAAM,CAAC;MACZoB,GAAG,EAAEvB;IACP,CAAC,CAAC;IACFwB,GAAG,EAAEzB,QAAQ;IACb0B,GAAG,EAAE1B;EACP,CAAC;AACH,CAAC,CAAC;AAMF;AACA;AACA;AACA;AACA,OAAO,MAAM2B,0BAA0B,GAAGzB,CAAC,CAACE,MAAM,CAAC;EACjDK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,4BAA4B,CAAC;IAC5CC,GAAG,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC;IACfM,GAAG,EAAEX,CAAC,CAACK,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC;EAC3B,CAAC,CAAC;EACFC,OAAO,EAAEb,CAAC,CAACE,MAAM,CAAC;IAChBiB,mBAAmB,EAAEnB,CAAC,CAACK,MAAM,CAAC,CAAC;IAC/Be,eAAe,EAAEpB,CAAC,CAACK,MAAM,CAAC,CAAC;IAC3BqB,KAAK,EAAE1B,CAAC,CAACK,MAAM,CAAC,CAAC;IACjBsB,iBAAiB,EAAE3B,CAAC,CAACK,MAAM,CAAC;EAC9B,CAAC;AACH,CAAC,CAAC;;AAEF;AACA;AACA;;AAIA,OAAO,MAAMuB,6BAA6B,GAAG5B,CAAC,CAAC6B,KAAK,CAAC,CACnDvB,qBAAqB,EACrBmB,0BAA0B,CAC3B,CAAC;AAEF,WAAYK,UAAU,0BAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAA,OAAVA,UAAU;AAAA"}
|
|
@@ -35,7 +35,8 @@ const CredentialIssuerDisplayMetadata = z.object({
|
|
|
35
35
|
locale: z.string()
|
|
36
36
|
});
|
|
37
37
|
const ClaimsMetadata = z.object({
|
|
38
|
-
path: z.array(z.string()),
|
|
38
|
+
path: z.array(z.union([z.string(), z.number(), z.null()])),
|
|
39
|
+
// https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-15.html#name-claims-path-pointer
|
|
39
40
|
display: z.array(CredentialDisplayMetadata)
|
|
40
41
|
});
|
|
41
42
|
const IssuanceErrorSupported = z.object({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["UnixTime","JWK","z","PresentationDefinition","TrustMark","object","id","string","trust_mark","RelyingPartyMetadata","application_type","optional","client_id","client_name","jwks","keys","array","contacts","presentation_definition","request_uris","authorization_signed_response_alg","authorization_encrypted_response_alg","authorization_encrypted_response_enc","CredentialDisplayMetadata","name","locale","CredentialIssuerDisplayMetadata","ClaimsMetadata","path","display","IssuanceErrorSupported","title","description","SupportedCredentialMetadata","intersection","discriminatedUnion","format","literal","vct","doctype","scope","claims","cryptographic_binding_methods_supported","credential_signing_alg_values_supported","authentic_source","issuance_errors_supported","record","EntityStatement","header","typ","alg","kid","payload","iss","sub","trust_marks","iat","number","exp","EntityConfigurationHeader","FederationEntityMetadata","federation_fetch_endpoint","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","federation_trust_mark_endpoint","federation_historical_keys_endpoint","endpoint_auth_signing_alg_values_supported","organization_name","homepage_uri","policy_uri","logo_uri","passthrough","BaseEntityConfiguration","authority_hints","metadata","federation_entity","TrustAnchorEntityConfiguration","CredentialIssuerEntityConfiguration","and","openid_credential_issuer","credential_issuer","credential_endpoint","revocation_endpoint","nonce_endpoint","status_attestation_endpoint","credential_configurations_supported","trust_frameworks_supported","evidence_supported","oauth_authorization_server","authorization_endpoint","pushed_authorization_request_endpoint","token_endpoint","client_registration_types_supported","code_challenge_methods_supported","acr_values_supported","grant_types_supported","issuer","scopes_supported","response_modes_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","request_object_signing_alg_values_supported","openid_credential_verifier","RelyingPartyEntityConfiguration","WalletProviderEntityConfiguration","wallet_provider","aal_values_supported","EntityConfiguration","union","FederationListResponse"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,sBAAsB,QAAQ,kCAAkC;AAEzE,OAAO,MAAMC,SAAS,GAAGF,CAAC,CAACG,MAAM,CAAC;EAAEC,EAAE,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEN,CAAC,CAACK,MAAM,CAAC;AAAE,CAAC,CAAC;AAG7E,MAAME,oBAAoB,GAAGP,CAAC,CAACG,MAAM,CAAC;EACpCK,gBAAgB,EAAER,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACvCC,SAAS,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAChCE,WAAW,EAAEX,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAClCG,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;IAAEU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;EAAE,CAAC,CAAC;EACtCgB,QAAQ,EAAEf,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACxCO,uBAAuB,EAAEf,sBAAsB,CAACQ,QAAQ,CAAC,CAAC;EAC1DQ,YAAY,EAAEjB,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC5CS,iCAAiC,EAAElB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACxDU,oCAAoC,EAAEnB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC3DW,oCAAoC,EAAEpB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC;AAC5D,CAAC,CAAC;;AAEF;AACA;AAEA,MAAMY,yBAAyB,GAAGrB,CAAC,CAACG,MAAM,CAAC;EACzCmB,IAAI,EAAEtB,CAAC,CAACK,MAAM,CAAC,CAAC;EAChBkB,MAAM,EAAEvB,CAAC,CAACK,MAAM,CAAC;AACnB,CAAC,CAAC;;AAEF;;AAIA,MAAMmB,+BAA+B,GAAGxB,CAAC,CAACG,MAAM,CAAC;EAC/CmB,IAAI,EAAEtB,CAAC,CAACK,MAAM,CAAC,CAAC;EAChBkB,MAAM,EAAEvB,CAAC,CAACK,MAAM,CAAC;AACnB,CAAC,CAAC;AAGF,MAAMoB,cAAc,GAAGzB,CAAC,CAACG,MAAM,CAAC;EAC9BuB,IAAI,EAAE1B,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;EACzBsB,OAAO,EAAE3B,CAAC,CAACc,KAAK,CAACO,yBAAyB;AAC5C,CAAC,CAAC;AAGF,MAAMO,sBAAsB,GAAG5B,CAAC,CAACG,MAAM,CAAC;EACtCwB,OAAO,EAAE3B,CAAC,CAACc,KAAK,CACdd,CAAC,CAACG,MAAM,CAAC;IACP0B,KAAK,EAAE7B,CAAC,CAACK,MAAM,CAAC,CAAC;IACjByB,WAAW,EAAE9B,CAAC,CAACK,MAAM,CAAC,CAAC;IACvBkB,MAAM,EAAEvB,CAAC,CAACK,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;;AAEF;;AAEA,MAAM0B,2BAA2B,GAAG/B,CAAC,CAACgC,YAAY,CAChDhC,CAAC,CAACiC,kBAAkB,CAAC,QAAQ,EAAE,CAC7BjC,CAAC,CAACG,MAAM,CAAC;EAAE+B,MAAM,EAAElC,CAAC,CAACmC,OAAO,CAAC,WAAW,CAAC;EAAEC,GAAG,EAAEpC,CAAC,CAACK,MAAM,CAAC;AAAE,CAAC,CAAC,EAC7DL,CAAC,CAACG,MAAM,CAAC;EAAE+B,MAAM,EAAElC,CAAC,CAACmC,OAAO,CAAC,UAAU,CAAC;EAAEE,OAAO,EAAErC,CAAC,CAACK,MAAM,CAAC;AAAE,CAAC,CAAC,CACjE,CAAC,EACFL,CAAC,CAACG,MAAM,CAAC;EACPmC,KAAK,EAAEtC,CAAC,CAACK,MAAM,CAAC,CAAC;EACjBsB,OAAO,EAAE3B,CAAC,CAACc,KAAK,CAACO,yBAAyB,CAAC;EAC3CkB,MAAM,EAAEvC,CAAC,CAACc,KAAK,CAACW,cAAc,CAAC;EAC/Be,uCAAuC,EAAExC,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;EAC5DoC,uCAAuC,EAAEzC,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;EAC5DqC,gBAAgB,EAAE1C,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACvCkC,yBAAyB,EAAE3C,CAAC,CAAC4C,MAAM,CAAChB,sBAAsB,CAAC,CAACnB,QAAQ,CAAC;AACvE,CAAC,CACH,CAAC;AAGD,OAAO,MAAMoC,eAAe,GAAG7C,CAAC,CAACG,MAAM,CAAC;EACtC2C,MAAM,EAAE9C,CAAC,CAACG,MAAM,CAAC;IACf4C,GAAG,EAAE/C,CAAC,CAACmC,OAAO,CAAC,sBAAsB,CAAC;IACtCa,GAAG,EAAEhD,CAAC,CAACK,MAAM,CAAC,CAAC;IACf4C,GAAG,EAAEjD,CAAC,CAACK,MAAM,CAAC;EAChB,CAAC,CAAC;EACF6C,OAAO,EAAElD,CAAC,CAACG,MAAM,CAAC;IAChBgD,GAAG,EAAEnD,CAAC,CAACK,MAAM,CAAC,CAAC;IACf+C,GAAG,EAAEpD,CAAC,CAACK,MAAM,CAAC,CAAC;IACfO,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;MAAEU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;IAAE,CAAC,CAAC;IACtCsD,WAAW,EAAErD,CAAC,CAACc,KAAK,CAACZ,SAAS,CAAC,CAACO,QAAQ,CAAC,CAAC;IAC1C6C,GAAG,EAAEtD,CAAC,CAACuD,MAAM,CAAC,CAAC;IACfC,GAAG,EAAExD,CAAC,CAACuD,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAME,yBAAyB,GAAGzD,CAAC,CAACG,MAAM,CAAC;EAChD4C,GAAG,EAAE/C,CAAC,CAACmC,OAAO,CAAC,sBAAsB,CAAC;EACtCa,GAAG,EAAEhD,CAAC,CAACK,MAAM,CAAC,CAAC;EACf4C,GAAG,EAAEjD,CAAC,CAACK,MAAM,CAAC;AAChB,CAAC,CAAC;;AAEF;AACA;AACA;AACA,MAAMqD,wBAAwB,GAAG1D,CAAC,CAC/BG,MAAM,CAAC;EACNwD,yBAAyB,EAAE3D,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAChDmD,wBAAwB,EAAE5D,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC/CoD,2BAA2B,EAAE7D,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAClDqD,qCAAqC,EAAE9D,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC5DsD,mCAAmC,EAAE/D,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC1DuD,8BAA8B,EAAEhE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACrDwD,mCAAmC,EAAEjE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC1DyD,0CAA0C,EAAElE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACjE0D,iBAAiB,EAAEnE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACxC2D,YAAY,EAAEpE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACnC4D,UAAU,EAAErE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACjC6D,QAAQ,EAAEtE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC/BM,QAAQ,EAAEf,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC;AACzC,CAAC,CAAC,CACD8D,WAAW,CAAC,CAAC;;AAEhB;AACA,MAAMC,uBAAuB,GAAGxE,CAAC,CAACG,MAAM,CAAC;EACvC2C,MAAM,EAAEW,yBAAyB;EACjCP,OAAO,EAAElD,CAAC,CACPG,MAAM,CAAC;IACNgD,GAAG,EAAEnD,CAAC,CAACK,MAAM,CAAC,CAAC;IACf+C,GAAG,EAAEpD,CAAC,CAACK,MAAM,CAAC,CAAC;IACfiD,GAAG,EAAExD,QAAQ;IACb0D,GAAG,EAAE1D,QAAQ;IACb2E,eAAe,EAAEzE,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;IAC/CiE,QAAQ,EAAE1E,CAAC,CACRG,MAAM,CAAC;MACNwE,iBAAiB,EAAEjB;IACrB,CAAC,CAAC,CACDa,WAAW,CAAC,CAAC;IAChB3D,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;MACbU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;IACnB,CAAC;EACH,CAAC,CAAC,CACDwE,WAAW,CAAC;AACjB,CAAC,CAAC;;AAEF;;AAIA,OAAO,MAAMK,8BAA8B,GAAGJ,uBAAuB;;AAErE;;AAIA,OAAO,MAAMK,mCAAmC,GAAGL,uBAAuB,CAACM,GAAG,CAC5E9E,CAAC,CAACG,MAAM,CAAC;EACP+C,OAAO,EAAElD,CAAC,CAACG,MAAM,CAAC;IAChBS,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;MAAEU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;IAAE,CAAC,CAAC;IACtC2E,QAAQ,EAAE1E,CAAC,CAACG,MAAM,CAAC;MACjB4E,wBAAwB,EAAE/E,CAAC,CAACG,MAAM,CAAC;QACjC6E,iBAAiB,EAAEhF,CAAC,CAACK,MAAM,CAAC,CAAC;QAC7B4E,mBAAmB,EAAEjF,CAAC,CAACK,MAAM,CAAC,CAAC;QAC/B6E,mBAAmB,EAAElF,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QAC1C0E,cAAc,EAAEnF,CAAC,CAACK,MAAM,CAAC,CAAC;QAC1B+E,2BAA2B,EAAEpF,CAAC,CAACK,MAAM,CAAC,CAAC;QACvCsB,OAAO,EAAE3B,CAAC,CAACc,KAAK,CAACU,+BAA+B,CAAC;QACjD6D,mCAAmC,EAAErF,CAAC,CAAC4C,MAAM,CAC3Cb,2BACF,CAAC;QACDnB,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;UAAEU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;QAAE,CAAC,CAAC;QACtCuF,0BAA0B,EAAEtF,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QAC/CkF,kBAAkB,EAAEvF,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC;MACxC,CAAC,CAAC;MACFmF,0BAA0B,EAAExF,CAAC,CAACG,MAAM,CAAC;QACnCsF,sBAAsB,EAAEzF,CAAC,CAACK,MAAM,CAAC,CAAC;QAClCqF,qCAAqC,EAAE1F,CAAC,CAACK,MAAM,CAAC,CAAC;QACjDsF,cAAc,EAAE3F,CAAC,CAACK,MAAM,CAAC,CAAC;QAC1BuF,mCAAmC,EAAE5F,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QACxDwF,gCAAgC,EAAE7F,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QACrDyF,oBAAoB,EAAE9F,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QACzC0F,qBAAqB,EAAE/F,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QAC1C2F,MAAM,EAAEhG,CAAC,CAACK,MAAM,CAAC,CAAC;QAClBO,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;UAAEU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;QAAE,CAAC,CAAC;QACtCkG,gBAAgB,EAAEjG,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QACrC6F,wBAAwB,EAAElG,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QAC7C8F,qCAAqC,EAAEnG,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QAC1D+F,gDAAgD,EAAEpG,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QACrEgG,2CAA2C,EAAErG,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC;MACjE,CAAC,CAAC;MACF;AACR;AACA;AACA;MACQiG,0BAA0B,EAAE/F,oBAAoB,CAACE,QAAQ,CAAC;IAC5D,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAM8F,+BAA+B,GAAG/B,uBAAuB,CAACM,GAAG,CACxE9E,CAAC,CAACG,MAAM,CAAC;EACP+C,OAAO,EAAElD,CAAC,CAACG,MAAM,CAAC;IAChBuE,QAAQ,EAAE1E,CAAC,CAACG,MAAM,CAAC;MACjBmG,0BAA0B,EAAE/F;IAC9B,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAMiG,iCAAiC,GAAGhC,uBAAuB,CAACM,GAAG,CAC1E9E,CAAC,CAACG,MAAM,CAAC;EACP+C,OAAO,EAAElD,CAAC,CAACG,MAAM,CAAC;IAChBuE,QAAQ,EAAE1E,CAAC,CAACG,MAAM,CAAC;MACjBsG,eAAe,EAAEzG,CAAC,CACfG,MAAM,CAAC;QACNwF,cAAc,EAAE3F,CAAC,CAACK,MAAM,CAAC,CAAC;QAC1BqG,oBAAoB,EAAE1G,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QACpDsF,qBAAqB,EAAE/F,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QAC1C8F,qCAAqC,EAAEnG,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QAC1D+F,gDAAgD,EAAEpG,CAAC,CAACc,KAAK,CACvDd,CAAC,CAACK,MAAM,CAAC,CACX,CAAC;QACDO,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;UAAEU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;QAAE,CAAC;MACvC,CAAC,CAAC,CACDwE,WAAW,CAAC;IACjB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAEA,OAAO,MAAMoC,mBAAmB,GAAG3G,CAAC,CAAC4G,KAAK,CACxC,CACEJ,iCAAiC,EACjC3B,mCAAmC,EACnCD,8BAA8B,EAC9B2B,+BAA+B,CAChC,EACD;EACEzE,WAAW,EAAE;AACf,CACF,CAAC;AAED,OAAO,MAAM+E,sBAAsB,GAAG7G,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"names":["UnixTime","JWK","z","PresentationDefinition","TrustMark","object","id","string","trust_mark","RelyingPartyMetadata","application_type","optional","client_id","client_name","jwks","keys","array","contacts","presentation_definition","request_uris","authorization_signed_response_alg","authorization_encrypted_response_alg","authorization_encrypted_response_enc","CredentialDisplayMetadata","name","locale","CredentialIssuerDisplayMetadata","ClaimsMetadata","path","union","number","null","display","IssuanceErrorSupported","title","description","SupportedCredentialMetadata","intersection","discriminatedUnion","format","literal","vct","doctype","scope","claims","cryptographic_binding_methods_supported","credential_signing_alg_values_supported","authentic_source","issuance_errors_supported","record","EntityStatement","header","typ","alg","kid","payload","iss","sub","trust_marks","iat","exp","EntityConfigurationHeader","FederationEntityMetadata","federation_fetch_endpoint","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","federation_trust_mark_endpoint","federation_historical_keys_endpoint","endpoint_auth_signing_alg_values_supported","organization_name","homepage_uri","policy_uri","logo_uri","passthrough","BaseEntityConfiguration","authority_hints","metadata","federation_entity","TrustAnchorEntityConfiguration","CredentialIssuerEntityConfiguration","and","openid_credential_issuer","credential_issuer","credential_endpoint","revocation_endpoint","nonce_endpoint","status_attestation_endpoint","credential_configurations_supported","trust_frameworks_supported","evidence_supported","oauth_authorization_server","authorization_endpoint","pushed_authorization_request_endpoint","token_endpoint","client_registration_types_supported","code_challenge_methods_supported","acr_values_supported","grant_types_supported","issuer","scopes_supported","response_modes_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","request_object_signing_alg_values_supported","openid_credential_verifier","RelyingPartyEntityConfiguration","WalletProviderEntityConfiguration","wallet_provider","aal_values_supported","EntityConfiguration","FederationListResponse"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,iBAAiB;AAC1C,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,sBAAsB,QAAQ,kCAAkC;AAEzE,OAAO,MAAMC,SAAS,GAAGF,CAAC,CAACG,MAAM,CAAC;EAAEC,EAAE,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAEN,CAAC,CAACK,MAAM,CAAC;AAAE,CAAC,CAAC;AAG7E,MAAME,oBAAoB,GAAGP,CAAC,CAACG,MAAM,CAAC;EACpCK,gBAAgB,EAAER,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACvCC,SAAS,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAChCE,WAAW,EAAEX,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAClCG,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;IAAEU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;EAAE,CAAC,CAAC;EACtCgB,QAAQ,EAAEf,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACxCO,uBAAuB,EAAEf,sBAAsB,CAACQ,QAAQ,CAAC,CAAC;EAC1DQ,YAAY,EAAEjB,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC5CS,iCAAiC,EAAElB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACxDU,oCAAoC,EAAEnB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC3DW,oCAAoC,EAAEpB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC;AAC5D,CAAC,CAAC;;AAEF;AACA;AAEA,MAAMY,yBAAyB,GAAGrB,CAAC,CAACG,MAAM,CAAC;EACzCmB,IAAI,EAAEtB,CAAC,CAACK,MAAM,CAAC,CAAC;EAChBkB,MAAM,EAAEvB,CAAC,CAACK,MAAM,CAAC;AACnB,CAAC,CAAC;;AAEF;;AAIA,MAAMmB,+BAA+B,GAAGxB,CAAC,CAACG,MAAM,CAAC;EAC/CmB,IAAI,EAAEtB,CAAC,CAACK,MAAM,CAAC,CAAC;EAChBkB,MAAM,EAAEvB,CAAC,CAACK,MAAM,CAAC;AACnB,CAAC,CAAC;AAGF,MAAMoB,cAAc,GAAGzB,CAAC,CAACG,MAAM,CAAC;EAC9BuB,IAAI,EAAE1B,CAAC,CAACc,KAAK,CAACd,CAAC,CAAC2B,KAAK,CAAC,CAAC3B,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAAC4B,MAAM,CAAC,CAAC,EAAE5B,CAAC,CAAC6B,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;EAAE;EAC5DC,OAAO,EAAE9B,CAAC,CAACc,KAAK,CAACO,yBAAyB;AAC5C,CAAC,CAAC;AAGF,MAAMU,sBAAsB,GAAG/B,CAAC,CAACG,MAAM,CAAC;EACtC2B,OAAO,EAAE9B,CAAC,CAACc,KAAK,CACdd,CAAC,CAACG,MAAM,CAAC;IACP6B,KAAK,EAAEhC,CAAC,CAACK,MAAM,CAAC,CAAC;IACjB4B,WAAW,EAAEjC,CAAC,CAACK,MAAM,CAAC,CAAC;IACvBkB,MAAM,EAAEvB,CAAC,CAACK,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;;AAEF;;AAEA,MAAM6B,2BAA2B,GAAGlC,CAAC,CAACmC,YAAY,CAChDnC,CAAC,CAACoC,kBAAkB,CAAC,QAAQ,EAAE,CAC7BpC,CAAC,CAACG,MAAM,CAAC;EAAEkC,MAAM,EAAErC,CAAC,CAACsC,OAAO,CAAC,WAAW,CAAC;EAAEC,GAAG,EAAEvC,CAAC,CAACK,MAAM,CAAC;AAAE,CAAC,CAAC,EAC7DL,CAAC,CAACG,MAAM,CAAC;EAAEkC,MAAM,EAAErC,CAAC,CAACsC,OAAO,CAAC,UAAU,CAAC;EAAEE,OAAO,EAAExC,CAAC,CAACK,MAAM,CAAC;AAAE,CAAC,CAAC,CACjE,CAAC,EACFL,CAAC,CAACG,MAAM,CAAC;EACPsC,KAAK,EAAEzC,CAAC,CAACK,MAAM,CAAC,CAAC;EACjByB,OAAO,EAAE9B,CAAC,CAACc,KAAK,CAACO,yBAAyB,CAAC;EAC3CqB,MAAM,EAAE1C,CAAC,CAACc,KAAK,CAACW,cAAc,CAAC;EAC/BkB,uCAAuC,EAAE3C,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;EAC5DuC,uCAAuC,EAAE5C,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;EAC5DwC,gBAAgB,EAAE7C,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACvCqC,yBAAyB,EAAE9C,CAAC,CAAC+C,MAAM,CAAChB,sBAAsB,CAAC,CAACtB,QAAQ,CAAC;AACvE,CAAC,CACH,CAAC;AAGD,OAAO,MAAMuC,eAAe,GAAGhD,CAAC,CAACG,MAAM,CAAC;EACtC8C,MAAM,EAAEjD,CAAC,CAACG,MAAM,CAAC;IACf+C,GAAG,EAAElD,CAAC,CAACsC,OAAO,CAAC,sBAAsB,CAAC;IACtCa,GAAG,EAAEnD,CAAC,CAACK,MAAM,CAAC,CAAC;IACf+C,GAAG,EAAEpD,CAAC,CAACK,MAAM,CAAC;EAChB,CAAC,CAAC;EACFgD,OAAO,EAAErD,CAAC,CAACG,MAAM,CAAC;IAChBmD,GAAG,EAAEtD,CAAC,CAACK,MAAM,CAAC,CAAC;IACfkD,GAAG,EAAEvD,CAAC,CAACK,MAAM,CAAC,CAAC;IACfO,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;MAAEU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;IAAE,CAAC,CAAC;IACtCyD,WAAW,EAAExD,CAAC,CAACc,KAAK,CAACZ,SAAS,CAAC,CAACO,QAAQ,CAAC,CAAC;IAC1CgD,GAAG,EAAEzD,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACf8B,GAAG,EAAE1D,CAAC,CAAC4B,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAM+B,yBAAyB,GAAG3D,CAAC,CAACG,MAAM,CAAC;EAChD+C,GAAG,EAAElD,CAAC,CAACsC,OAAO,CAAC,sBAAsB,CAAC;EACtCa,GAAG,EAAEnD,CAAC,CAACK,MAAM,CAAC,CAAC;EACf+C,GAAG,EAAEpD,CAAC,CAACK,MAAM,CAAC;AAChB,CAAC,CAAC;;AAEF;AACA;AACA;AACA,MAAMuD,wBAAwB,GAAG5D,CAAC,CAC/BG,MAAM,CAAC;EACN0D,yBAAyB,EAAE7D,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAChDqD,wBAAwB,EAAE9D,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC/CsD,2BAA2B,EAAE/D,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAClDuD,qCAAqC,EAAEhE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC5DwD,mCAAmC,EAAEjE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC1DyD,8BAA8B,EAAElE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACrD0D,mCAAmC,EAAEnE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC1D2D,0CAA0C,EAAEpE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACjE4D,iBAAiB,EAAErE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACxC6D,YAAY,EAAEtE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACnC8D,UAAU,EAAEvE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EACjC+D,QAAQ,EAAExE,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;EAC/BM,QAAQ,EAAEf,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC;AACzC,CAAC,CAAC,CACDgE,WAAW,CAAC,CAAC;;AAEhB;AACA,MAAMC,uBAAuB,GAAG1E,CAAC,CAACG,MAAM,CAAC;EACvC8C,MAAM,EAAEU,yBAAyB;EACjCN,OAAO,EAAErD,CAAC,CACPG,MAAM,CAAC;IACNmD,GAAG,EAAEtD,CAAC,CAACK,MAAM,CAAC,CAAC;IACfkD,GAAG,EAAEvD,CAAC,CAACK,MAAM,CAAC,CAAC;IACfoD,GAAG,EAAE3D,QAAQ;IACb4D,GAAG,EAAE5D,QAAQ;IACb6E,eAAe,EAAE3E,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;IAC/CmE,QAAQ,EAAE5E,CAAC,CACRG,MAAM,CAAC;MACN0E,iBAAiB,EAAEjB;IACrB,CAAC,CAAC,CACDa,WAAW,CAAC,CAAC;IAChB7D,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;MACbU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;IACnB,CAAC;EACH,CAAC,CAAC,CACD0E,WAAW,CAAC;AACjB,CAAC,CAAC;;AAEF;;AAIA,OAAO,MAAMK,8BAA8B,GAAGJ,uBAAuB;;AAErE;;AAIA,OAAO,MAAMK,mCAAmC,GAAGL,uBAAuB,CAACM,GAAG,CAC5EhF,CAAC,CAACG,MAAM,CAAC;EACPkD,OAAO,EAAErD,CAAC,CAACG,MAAM,CAAC;IAChBS,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;MAAEU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;IAAE,CAAC,CAAC;IACtC6E,QAAQ,EAAE5E,CAAC,CAACG,MAAM,CAAC;MACjB8E,wBAAwB,EAAEjF,CAAC,CAACG,MAAM,CAAC;QACjC+E,iBAAiB,EAAElF,CAAC,CAACK,MAAM,CAAC,CAAC;QAC7B8E,mBAAmB,EAAEnF,CAAC,CAACK,MAAM,CAAC,CAAC;QAC/B+E,mBAAmB,EAAEpF,CAAC,CAACK,MAAM,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QAC1C4E,cAAc,EAAErF,CAAC,CAACK,MAAM,CAAC,CAAC;QAC1BiF,2BAA2B,EAAEtF,CAAC,CAACK,MAAM,CAAC,CAAC;QACvCyB,OAAO,EAAE9B,CAAC,CAACc,KAAK,CAACU,+BAA+B,CAAC;QACjD+D,mCAAmC,EAAEvF,CAAC,CAAC+C,MAAM,CAC3Cb,2BACF,CAAC;QACDtB,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;UAAEU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;QAAE,CAAC,CAAC;QACtCyF,0BAA0B,EAAExF,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QAC/CoF,kBAAkB,EAAEzF,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC;MACxC,CAAC,CAAC;MACFqF,0BAA0B,EAAE1F,CAAC,CAACG,MAAM,CAAC;QACnCwF,sBAAsB,EAAE3F,CAAC,CAACK,MAAM,CAAC,CAAC;QAClCuF,qCAAqC,EAAE5F,CAAC,CAACK,MAAM,CAAC,CAAC;QACjDwF,cAAc,EAAE7F,CAAC,CAACK,MAAM,CAAC,CAAC;QAC1ByF,mCAAmC,EAAE9F,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QACxD0F,gCAAgC,EAAE/F,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QACrD2F,oBAAoB,EAAEhG,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QACzC4F,qBAAqB,EAAEjG,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QAC1C6F,MAAM,EAAElG,CAAC,CAACK,MAAM,CAAC,CAAC;QAClBO,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;UAAEU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;QAAE,CAAC,CAAC;QACtCoG,gBAAgB,EAAEnG,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QACrC+F,wBAAwB,EAAEpG,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QAC7CgG,qCAAqC,EAAErG,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QAC1DiG,gDAAgD,EAAEtG,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QACrEkG,2CAA2C,EAAEvG,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC;MACjE,CAAC,CAAC;MACF;AACR;AACA;AACA;MACQmG,0BAA0B,EAAEjG,oBAAoB,CAACE,QAAQ,CAAC;IAC5D,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAMgG,+BAA+B,GAAG/B,uBAAuB,CAACM,GAAG,CACxEhF,CAAC,CAACG,MAAM,CAAC;EACPkD,OAAO,EAAErD,CAAC,CAACG,MAAM,CAAC;IAChByE,QAAQ,EAAE5E,CAAC,CAACG,MAAM,CAAC;MACjBqG,0BAA0B,EAAEjG;IAC9B,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAMmG,iCAAiC,GAAGhC,uBAAuB,CAACM,GAAG,CAC1EhF,CAAC,CAACG,MAAM,CAAC;EACPkD,OAAO,EAAErD,CAAC,CAACG,MAAM,CAAC;IAChByE,QAAQ,EAAE5E,CAAC,CAACG,MAAM,CAAC;MACjBwG,eAAe,EAAE3G,CAAC,CACfG,MAAM,CAAC;QACN0F,cAAc,EAAE7F,CAAC,CAACK,MAAM,CAAC,CAAC;QAC1BuG,oBAAoB,EAAE5G,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACI,QAAQ,CAAC,CAAC;QACpDwF,qBAAqB,EAAEjG,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QAC1CgG,qCAAqC,EAAErG,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC;QAC1DiG,gDAAgD,EAAEtG,CAAC,CAACc,KAAK,CACvDd,CAAC,CAACK,MAAM,CAAC,CACX,CAAC;QACDO,IAAI,EAAEZ,CAAC,CAACG,MAAM,CAAC;UAAEU,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;QAAE,CAAC;MACvC,CAAC,CAAC,CACD0E,WAAW,CAAC;IACjB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAEA,OAAO,MAAMoC,mBAAmB,GAAG7G,CAAC,CAAC2B,KAAK,CACxC,CACE+E,iCAAiC,EACjC3B,mCAAmC,EACnCD,8BAA8B,EAC9B2B,+BAA+B,CAChC,EACD;EACExE,WAAW,EAAE;AACf,CACF,CAAC;AAED,OAAO,MAAM6E,sBAAsB,GAAG9G,CAAC,CAACc,KAAK,CAACd,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import { decode } from "../sd-jwt";
|
|
2
|
+
import { thumbprint } from "@pagopa/io-react-native-jwt";
|
|
3
|
+
import { IoWalletError } from "./errors";
|
|
4
|
+
const SD_JWT = ["vc+sd-jwt", "dc+sd-jwt"];
|
|
5
|
+
|
|
6
|
+
/**
|
|
7
|
+
* Extracts a JWK from a credential.
|
|
8
|
+
* @param credential - The credential string, which can be in SD-JWT or CBOR format.
|
|
9
|
+
* @param format - The format of the credential
|
|
10
|
+
* @return A Promise that resolves to a JWK object if the credential is in SD-JWT format and contains a JWK, or undefined otherwise.
|
|
11
|
+
*/
|
|
12
|
+
export const extractJwkFromCredential = async (credential, format) => {
|
|
13
|
+
if (SD_JWT.includes(format)) {
|
|
14
|
+
// 1. SD-JWT case
|
|
15
|
+
const decoded = decode(credential);
|
|
16
|
+
const jwk = decoded.sdJwt.payload.cnf.jwk;
|
|
17
|
+
if (jwk) {
|
|
18
|
+
return {
|
|
19
|
+
...jwk,
|
|
20
|
+
kid: await thumbprint(jwk)
|
|
21
|
+
};
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
throw new IoWalletError(`Credential format ${format} not supported`);
|
|
25
|
+
};
|
|
26
|
+
//# sourceMappingURL=credentials.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["decode","thumbprint","IoWalletError","SD_JWT","extractJwkFromCredential","credential","format","includes","decoded","jwk","sdJwt","payload","cnf","kid"],"sourceRoot":"../../../src","sources":["utils/credentials.ts"],"mappings":"AAAA,SAASA,MAAM,QAAQ,WAAW;AAClC,SAASC,UAAU,QAAQ,6BAA6B;AAIxD,SAASC,aAAa,QAAQ,UAAU;AAExC,MAAMC,MAAM,GAAG,CAAC,WAAW,EAAE,WAAW,CAAC;;AAEzC;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,wBAAwB,GAAG,MAAAA,CACtCC,UAA+C,EAC/CC,MAAuC,KACtB;EACjB,IAAIH,MAAM,CAACI,QAAQ,CAACD,MAAM,CAAC,EAAE;IAC3B;IACA,MAAME,OAAO,GAAGR,MAAM,CAACK,UAAU,CAAC;IAClC,MAAMI,GAAG,GAAGD,OAAO,CAACE,KAAK,CAACC,OAAO,CAACC,GAAG,CAACH,GAAG;IACzC,IAAIA,GAAG,EAAE;MACP,OAAO;QAAE,GAAGA,GAAG;QAAEI,GAAG,EAAE,MAAMZ,UAAU,CAACQ,GAAG;MAAE,CAAC;IAC/C;EACF;EACA,MAAM,IAAIP,aAAa,CAAE,qBAAoBI,MAAO,gBAAe,CAAC;AACtE,CAAC"}
|