@pagopa/io-react-native-wallet 2.5.0 → 3.0.0

package/lib/commonjs/credential/presentation/v1.0.0/05-evaluate-dcql-query.js

@@ -0,0 +1,85 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.evaluateDcqlQuery = void 0;
+var _dcql = require("dcql");
+var _valibot = require("valibot");
+var _errors = require("../common/errors");
+var sdJwtUtils = _interopRequireWildcard(require("../common/utils/sd-jwt"));
+var _dcql2 = require("../common/utils/dcql");
+var _types = require("../../../sd-jwt/types");
+function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
+function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+const evaluateDcqlQuery = async (query, credentialsSdJwt) => {
+  const credentials = await sdJwtUtils.mapCredentialsToObj(credentialsSdJwt);
+  const credentialsByVct = credentials.reduce((acc, c) => {
+    acc[c.vct] = c.original_credential;
+    return acc;
+  }, {});
+  try {
+    // Validate the query
+    const parsedQuery = _dcql.DcqlQuery.parse(query);
+    _dcql.DcqlQuery.validate(parsedQuery);
+    const queryResult = _dcql.DcqlQuery.query(parsedQuery, credentials);
+    if (!queryResult.can_be_satisfied) {
+      throw new _errors.CredentialsNotFoundError((0, _dcql2.extractFailedCredentialsDetails)(queryResult));
+    }
+    return (0, _dcql2.getDcqlQueryMatches)(queryResult).map(_ref => {
+      var _queryResult$credenti, _match$valid_credenti;
+      let [id, match] = _ref;
+      const purposes = (_queryResult$credenti = queryResult.credential_sets) === null || _queryResult$credenti === void 0 || (_queryResult$credenti = _queryResult$credenti.filter(set => {
+        var _set$matching_options;
+        return (_set$matching_options = set.matching_options) === null || _set$matching_options === void 0 ? void 0 : _set$matching_options.flat().includes(id);
+      })) === null || _queryResult$credenti === void 0 ? void 0 : _queryResult$credenti.map(credentialSet => {
+        var _credentialSet$purpos;
+        return {
+          description: (_credentialSet$purpos = credentialSet.purpose) === null || _credentialSet$purpos === void 0 ? void 0 : _credentialSet$purpos.toString(),
+          required: Boolean(credentialSet.required)
+        };
+      });
+      const matchOutput = (_match$valid_credenti = match.valid_credentials[0]) === null || _match$valid_credenti === void 0 ? void 0 : _match$valid_credenti.meta.output;
+
+      // The legacy SD-JWT format is still supported because `evaluateDcqlQuery`
+      // is also used when presenting the legacy 0.7.1 eID to get other credentials.
+      if ((matchOutput === null || matchOutput === void 0 ? void 0 : matchOutput.credential_format) === "dc+sd-jwt" || (matchOutput === null || matchOutput === void 0 ? void 0 : matchOutput.credential_format) === _types.LEGACY_SD_JWT && "vct" in matchOutput) {
+        const {
+          vct
+        } = matchOutput;
+        const [keyTag, credential] = credentialsByVct[vct];
+        const requiredDisclosures = (0, _dcql2.getClaimsFromDcqlMatch)(match);
+        const presentationFrame = (0, _dcql2.getPresentationFrameFromDcqlMatch)(match, parsedQuery);
+        return {
+          id,
+          vct,
+          keyTag,
+          format: matchOutput.credential_format,
+          credential,
+          requiredDisclosures,
+          presentationFrame,
+          // When it is a match but no credential_sets are found, the credential is required by default
+          // See https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#section-6.4.2
+          purposes: purposes ?? [{
+            required: true
+          }]
+        };
+      }
+      throw new Error(`Unsupported credential format: ${matchOutput === null || matchOutput === void 0 ? void 0 : matchOutput.credential_format}`);
+    });
+  } catch (error) {
+    // Invalid DCQL query structure. Remap to `DcqlError` for consistency.
+    if ((0, _valibot.isValiError)(error)) {
+      throw new _dcql.DcqlError({
+        message: "Failed to parse the provided DCQL query",
+        code: "PARSE_ERROR",
+        cause: error.issues
+      });
+    }
+
+    // Let other errors propagate so they can be caught with `err instanceof DcqlError`
+    throw error;
+  }
+};
+exports.evaluateDcqlQuery = evaluateDcqlQuery;
+//# sourceMappingURL=05-evaluate-dcql-query.js.map

package/lib/commonjs/credential/presentation/v1.0.0/05-evaluate-dcql-query.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_dcql","require","_valibot","_errors","sdJwtUtils","_interopRequireWildcard","_dcql2","_types","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","evaluateDcqlQuery","query","credentialsSdJwt","credentials","mapCredentialsToObj","credentialsByVct","reduce","acc","c","vct","original_credential","parsedQuery","DcqlQuery","parse","validate","queryResult","can_be_satisfied","CredentialsNotFoundError","extractFailedCredentialsDetails","getDcqlQueryMatches","map","_ref","_queryResult$credenti","_match$valid_credenti","id","match","purposes","credential_sets","filter","_set$matching_options","matching_options","flat","includes","credentialSet","_credentialSet$purpos","description","purpose","toString","required","Boolean","matchOutput","valid_credentials","meta","output","credential_format","LEGACY_SD_JWT","keyTag","credential","requiredDisclosures","getClaimsFromDcqlMatch","presentationFrame","getPresentationFrameFromDcqlMatch","format","Error","error","isValiError","DcqlError","message","code","cause","issues","exports"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/05-evaluate-dcql-query.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AACA,IAAAC,QAAA,GAAAD,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AAGA,IAAAG,UAAA,GAAAC,uBAAA,CAAAJ,OAAA;AACA,IAAAK,MAAA,GAAAL,OAAA;AAMA,IAAAM,MAAA,GAAAN,OAAA;AAAsD,SAAAO,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAE/C,MAAMW,iBAA6D,GACxE,MAAAA,CAAOC,KAAK,EAAEC,gBAAgB,KAAK;EACjC,MAAMC,WAAW,GAAG,MAAM7B,UAAU,CAAC8B,mBAAmB,CAACF,gBAAgB,CAAC;EAE1E,MAAMG,gBAAgB,GAAGF,WAAW,CAACG,MAAM,CACzC,CAACC,GAAG,EAAEC,CAAC,KAAK;IACVD,GAAG,CAACC,CAAC,CAACC,GAAG,CAAC,GAAGD,CAAC,CAACE,mBAAmB;IAClC,OAAOH,GAAG;EACZ,CAAC,EACD,CAAC,CACH,CAAC;EAED,IAAI;IACF;IACA,MAAMI,WAAW,GAAGC,eAAS,CAACC,KAAK,CAACZ,KAAK,CAAC;IAC1CW,eAAS,CAACE,QAAQ,CAACH,WAAW,CAAC;IAE/B,MAAMI,WAAW,GAAGH,eAAS,CAACX,KAAK,CAACU,WAAW,EAAER,WAAW,CAAC;IAE7D,IAAI,CAACY,WAAW,CAACC,gBAAgB,EAAE;MACjC,MAAM,IAAIC,gCAAwB,CAChC,IAAAC,sCAA+B,EAACH,WAAW,CAC7C,CAAC;IACH;IAEA,OAAO,IAAAI,0BAAmB,EAACJ,WAAW,CAAC,CAACK,GAAG,CAACC,IAAA,IAAiB;MAAA,IAAAC,qBAAA,EAAAC,qBAAA;MAAA,IAAhB,CAACC,EAAE,EAAEC,KAAK,CAAC,GAAAJ,IAAA;MACtD,MAAMK,QAAQ,IAAAJ,qBAAA,GAAGP,WAAW,CAACY,eAAe,cAAAL,qBAAA,gBAAAA,qBAAA,GAA3BA,qBAAA,CACbM,MAAM,CAAE7B,GAAG;QAAA,IAAA8B,qBAAA;QAAA,QAAAA,qBAAA,GAAK9B,GAAG,CAAC+B,gBAAgB,cAAAD,qBAAA,uBAApBA,qBAAA,CAAsBE,IAAI,CAAC,CAAC,CAACC,QAAQ,CAACR,EAAE,CAAC;MAAA,EAAC,cAAAF,qBAAA,uBAD7CA,qBAAA,CAEbF,GAAG,CAAqBa,aAAa;QAAA,IAAAC,qBAAA;QAAA,OAAM;UAC3CC,WAAW,GAAAD,qBAAA,GAAED,aAAa,CAACG,OAAO,cAAAF,qBAAA,uBAArBA,qBAAA,CAAuBG,QAAQ,CAAC,CAAC;UAC9CC,QAAQ,EAAEC,OAAO,CAACN,aAAa,CAACK,QAAQ;QAC1C,CAAC;MAAA,CAAC,CAAC;MAEL,MAAME,WAAW,IAAAjB,qBAAA,GAAGE,KAAK,CAACgB,iBAAiB,CAAC,CAAC,CAAC,cAAAlB,qBAAA,uBAA1BA,qBAAA,CAA4BmB,IAAI,CAACC,MAAM;;MAE3D;MACA;MACA,IACE,CAAAH,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEI,iBAAiB,MAAK,WAAW,IAC7C,CAAAJ,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEI,iBAAiB,MAAKC,oBAAa,IAC/C,KAAK,IAAIL,WAAY,EACvB;QACA,MAAM;UAAE/B;QAAI,CAAC,GAAG+B,WAAW;QAC3B,MAAM,CAACM,MAAM,EAAEC,UAAU,CAAC,GAAG1C,gBAAgB,CAACI,GAAG,CAAE;QAEnD,MAAMuC,mBAAmB,GAAG,IAAAC,6BAAsB,EAACxB,KAAK,CAAC;QACzD,MAAMyB,iBAAiB,GAAG,IAAAC,wCAAiC,EACzD1B,KAAK,EACLd,WACF,CAAC;QAED,OAAO;UACLa,EAAE;UACFf,GAAG;UACHqC,MAAM;UACNM,MAAM,EAAEZ,WAAW,CAACI,iBAAiB;UACrCG,UAAU;UACVC,mBAAmB;UACnBE,iBAAiB;UACjB;UACA;UACAxB,QAAQ,EAAEA,QAAQ,IAAI,CAAC;YAAEY,QAAQ,EAAE;UAAK,CAAC;QAC3C,CAAC;MACH;MAEA,MAAM,IAAIe,KAAK,CACZ,kCAAiCb,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEI,iBAAkB,EACnE,CAAC;IACH,CAAC,CAAC;EACJ,CAAC,CAAC,OAAOU,KAAK,EAAE;IACd;IACA,IAAI,IAAAC,oBAAW,EAACD,KAAK,CAAC,EAAE;MACtB,MAAM,IAAIE,eAAS,CAAC;QAClBC,OAAO,EAAE,yCAAyC;QAClDC,IAAI,EAAE,aAAa;QACnBC,KAAK,EAAEL,KAAK,CAACM;MACf,CAAC,CAAC;IACJ;;IAEA;IACA,MAAMN,KAAK;EACb;AACF,CAAC;AAACO,OAAA,CAAA7D,iBAAA,GAAAA,iBAAA"}

package/lib/commonjs/credential/presentation/v1.0.0/06-send-authorization-response.js

@@ -0,0 +1,165 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.sendAuthorizationResponse = exports.sendAuthorizationErrorResponse = exports.prepareRemotePresentations = exports.choosePublicKeyToEncrypt = exports.buildDirectPostJwtBody = void 0;
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _errors = require("../common/errors");
+var _misc = require("../../../utils/misc");
+var _errors2 = require("../../../utils/errors");
+var _sdJwt = require("../../../sd-jwt");
+var _types = require("./types");
+var _utils = require("./utils.jwks");
+var _http = require("../common/utils/http");
+var _crypto = require("../../../utils/crypto");
+/**
+ * Selects a public key (with `use = enc`) from the set of JWK keys
+ * offered by the Relying Party (RP) for encryption.
+ *
+ * @param rpJwkKeys - The array of JWKs retrieved from the RP entity configuration.
+ * @returns The first suitable public key found in the list.
+ * @throws {NoSuitableKeysFoundInEntityConfiguration} If no suitable encryption key is found.
+ */
+const choosePublicKeyToEncrypt = rpJwkKeys => {
+  const encKey = rpJwkKeys.find(jwk => jwk.use === "enc");
+  if (encKey) {
+    return encKey;
+  }
+
+  // No suitable key found
+  throw new _errors.NoSuitableKeysFoundInEntityConfiguration("No suitable public key found for encryption.");
+};
+
+/**
+ * Builds a URL-encoded form body for a direct POST response using JWT encryption.
+ *
+ * @param jwkKeys - Array of JWKs from the Relying Party for encryption.
+ * @param requestObject - Contains state, nonce, and other relevant info.
+ * @param payload - Object that contains the VP token to encrypt and the mapping of the credential disclosures
+ * @returns A URL-encoded string for an `application/x-www-form-urlencoded` POST body, where `response` contains the encrypted JWE.
+ */
+exports.choosePublicKeyToEncrypt = choosePublicKeyToEncrypt;
+const buildDirectPostJwtBody = async (requestObject, rpConf, payload) => {
+  // Prepare the authorization response payload to be encrypted
+  const authzResponsePayload = JSON.stringify({
+    state: requestObject.state,
+    ...payload
+  });
+  // Choose a suitable public key for encryption
+  const {
+    keys
+  } = (0, _utils.getJwksFromRpConfig)(rpConf);
+  const encPublicJwk = choosePublicKeyToEncrypt(keys);
+
+  // Encrypt the authorization payload
+  const {
+    authorization_encrypted_response_alg,
+    authorization_encrypted_response_enc
+  } = rpConf;
+  const defaultAlg = encPublicJwk.kty === "EC" ? "ECDH-ES" : "RSA-OAEP-256";
+  const encryptedResponse = await new _ioReactNativeJwt.EncryptJwe(authzResponsePayload, {
+    alg: authorization_encrypted_response_alg || defaultAlg,
+    enc: authorization_encrypted_response_enc || "A256CBC-HS512",
+    kid: encPublicJwk.kid
+  }).encrypt(encPublicJwk);
+
+  // Build the x-www-form-urlencoded form body
+  const formBody = new URLSearchParams({
+    response: encryptedResponse,
+    state: requestObject.state
+  });
+  return formBody.toString();
+};
+exports.buildDirectPostJwtBody = buildDirectPostJwtBody;
+const prepareRemotePresentations = async (credentials, authRequestObject) => {
+  const presentations = await Promise.all(credentials.map(async item => {
+    const {
+      vp_token
+    } = await (0, _sdJwt.prepareVpToken)(authRequestObject.nonce, authRequestObject.clientId, [item.credential, item.presentationFrame, (0, _crypto.createCryptoContextFor)(item.keyTag)]);
+    return {
+      requestedClaims: item.requiredDisclosures.map(_ref => {
+        let {
+          name
+        } = _ref;
+        return name;
+      }),
+      credentialId: item.id,
+      vpToken: vp_token,
+      format: item.format
+    };
+  }));
+  return {
+    presentations
+  };
+};
+exports.prepareRemotePresentations = prepareRemotePresentations;
+const sendAuthorizationResponse = async function (requestObject, remotePresentation, rpConf) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {};
+  const {
+    presentations
+  } = remotePresentation;
+  // 1. Prepare the VP token as a JSON object with keys corresponding to the DCQL query credential IDs
+  const requestBody = await buildDirectPostJwtBody(requestObject, rpConf, {
+    vp_token: presentations.reduce((acc, presentation) => ({
+      ...acc,
+      [presentation.credentialId]: presentation.vpToken
+    }), {})
+  });
+
+  // 2. Send the authorization response via HTTP POST and validate the response
+  return await appFetch(requestObject.response_uri, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded"
+    },
+    body: requestBody
+  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.json()).then(_types.AuthorizationResponse.parse).catch(handleAuthorizationResponseError);
+};
+exports.sendAuthorizationResponse = sendAuthorizationResponse;
+const sendAuthorizationErrorResponse = async function (requestObject, _ref2) {
+  let {
+    error,
+    errorDescription
+  } = _ref2;
+  let {
+    appFetch = fetch
+  } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
+  const requestBody = await (0, _http.buildDirectPostBody)(requestObject, {
+    error,
+    error_description: errorDescription
+  });
+  return await appFetch(requestObject.response_uri, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded"
+    },
+    body: requestBody
+  }).then((0, _misc.hasStatusOrThrow)(200, _errors2.RelyingPartyResponseError)).then(res => res.json()).then(_types.AuthorizationResponse.parse);
+};
+
+/**
+ * Handle the the presentation error by mapping it to a custom exception.
+ * If the error is not an instance of {@link UnexpectedStatusCodeError}, it is thrown as is.
+ * @param e - The error to be handled
+ * @throws {RelyingPartyResponseError} with a specific code for more context
+ */
+exports.sendAuthorizationErrorResponse = sendAuthorizationErrorResponse;
+const handleAuthorizationResponseError = e => {
+  if (!(e instanceof _errors2.UnexpectedStatusCodeError)) {
+    throw e;
+  }
+  throw new _errors2.ResponseErrorBuilder(_errors2.RelyingPartyResponseError).handle(400, {
+    code: _errors2.RelyingPartyResponseErrorCodes.InvalidAuthorizationResponse,
+    message: "The Authorization Response contains invalid parameters or it is malformed"
+  }).handle(403, {
+    code: _errors2.RelyingPartyResponseErrorCodes.InvalidAuthorizationResponse,
+    message: "The Authorization Response was forbidden"
+  }).handle("*", {
+    code: _errors2.RelyingPartyResponseErrorCodes.RelyingPartyGenericError,
+    message: "Unable to successfully send the Authorization Response"
+  }).buildFrom(e);
+};
+//# sourceMappingURL=06-send-authorization-response.js.map

package/lib/commonjs/credential/presentation/v1.0.0/06-send-authorization-response.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_ioReactNativeJwt","require","_errors","_misc","_errors2","_sdJwt","_types","_utils","_http","_crypto","choosePublicKeyToEncrypt","rpJwkKeys","encKey","find","jwk","use","NoSuitableKeysFoundInEntityConfiguration","exports","buildDirectPostJwtBody","requestObject","rpConf","payload","authzResponsePayload","JSON","stringify","state","keys","getJwksFromRpConfig","encPublicJwk","authorization_encrypted_response_alg","authorization_encrypted_response_enc","defaultAlg","kty","encryptedResponse","EncryptJwe","alg","enc","kid","encrypt","formBody","URLSearchParams","response","toString","prepareRemotePresentations","credentials","authRequestObject","presentations","Promise","all","map","item","vp_token","prepareVpToken","nonce","clientId","credential","presentationFrame","createCryptoContextFor","keyTag","requestedClaims","requiredDisclosures","_ref","name","credentialId","id","vpToken","format","sendAuthorizationResponse","remotePresentation","appFetch","fetch","arguments","length","undefined","requestBody","reduce","acc","presentation","response_uri","method","headers","body","then","hasStatusOrThrow","res","json","AuthorizationResponse","parse","catch","handleAuthorizationResponseError","sendAuthorizationErrorResponse","_ref2","error","errorDescription","buildDirectPostBody","error_description","RelyingPartyResponseError","e","UnexpectedStatusCodeError","ResponseErrorBuilder","handle","code","RelyingPartyResponseErrorCodes","InvalidAuthorizationResponse","message","RelyingPartyGenericError","buildFrom"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/06-send-authorization-response.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,KAAA,GAAAF,OAAA;AAEA,IAAAG,QAAA,GAAAH,OAAA;AAMA,IAAAI,MAAA,GAAAJ,OAAA;AAGA,IAAAK,MAAA,GAAAL,OAAA;AACA,IAAAM,MAAA,GAAAN,OAAA;AACA,IAAAO,KAAA,GAAAP,OAAA;AACA,IAAAQ,OAAA,GAAAR,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMS,wBAAwB,GAAIC,SAAgB,IAAU;EACjE,MAAMC,MAAM,GAAGD,SAAS,CAACE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,CAAC;EAEzD,IAAIH,MAAM,EAAE;IACV,OAAOA,MAAM;EACf;;EAEA;EACA,MAAM,IAAII,gDAAwC,CAChD,8CACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAC,OAAA,CAAAP,wBAAA,GAAAA,wBAAA;AAQO,MAAMQ,sBAAsB,GAAG,MAAAA,CACpCC,aAA4B,EAC5BC,MAA0B,EAC1BC,OAAuC,KACnB;EAGpB;EACA,MAAMC,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEN,aAAa,CAACM,KAAK;IAC1B,GAAGJ;EACL,CAAC,CAAC;EACF;EACA,MAAM;IAAEK;EAAK,CAAC,GAAG,IAAAC,0BAAmB,EAACP,MAAM,CAAC;EAC5C,MAAMQ,YAAY,GAAGlB,wBAAwB,CAACgB,IAAI,CAAC;;EAEnD;EACA,MAAM;IACJG,oCAAoC;IACpCC;EACF,CAAC,GAAGV,MAAM;EAEV,MAAMW,UAAsB,GAC1BH,YAAY,CAACI,GAAG,KAAK,IAAI,GAAG,SAAS,GAAG,cAAc;EAExD,MAAMC,iBAAiB,GAAG,MAAM,IAAIC,4BAAU,CAACZ,oBAAoB,EAAE;IACnEa,GAAG,EAAGN,oCAAoC,IAAmBE,UAAU;IACvEK,GAAG,EACAN,oCAAoC,IAAmB,eAAe;IACzEO,GAAG,EAAET,YAAY,CAACS;EACpB,CAAC,CAAC,CAACC,OAAO,CAACV,YAAY,CAAC;;EAExB;EACA,MAAMW,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCC,QAAQ,EAAER,iBAAiB;IAC3BR,KAAK,EAAEN,aAAa,CAACM;EACvB,CAAC,CAAC;EACF,OAAOc,QAAQ,CAACG,QAAQ,CAAC,CAAC;AAC5B,CAAC;AAACzB,OAAA,CAAAC,sBAAA,GAAAA,sBAAA;AAEK,MAAMyB,0BAA+E,GAC1F,MAAAA,CAAOC,WAAW,EAAEC,iBAAiB,KAAK;EACxC,MAAMC,aAAa,GAAG,MAAMC,OAAO,CAACC,GAAG,CACrCJ,WAAW,CAACK,GAAG,CAAC,MAAOC,IAAI,IAAK;IAC9B,MAAM;MAAEC;IAAS,CAAC,GAAG,MAAM,IAAAC,qBAAc,EACvCP,iBAAiB,CAACQ,KAAK,EACvBR,iBAAiB,CAACS,QAAQ,EAC1B,CACEJ,IAAI,CAACK,UAAU,EACfL,IAAI,CAACM,iBAAiB,EACtB,IAAAC,8BAAsB,EAACP,IAAI,CAACQ,MAAM,CAAC,CAEvC,CAAC;IAED,OAAO;MACLC,eAAe,EAAET,IAAI,CAACU,mBAAmB,CAACX,GAAG,CAACY,IAAA;QAAA,IAAC;UAAEC;QAAK,CAAC,GAAAD,IAAA;QAAA,OAAKC,IAAI;MAAA,EAAC;MACjEC,YAAY,EAAEb,IAAI,CAACc,EAAE;MACrBC,OAAO,EAAEd,QAAQ;MACjBe,MAAM,EAAEhB,IAAI,CAACgB;IACf,CAAC;EACH,CAAC,CACH,CAAC;EAED,OAAO;IAAEpB;EAAc,CAAC;AAC1B,CAAC;AAAC7B,OAAA,CAAA0B,0BAAA,GAAAA,0BAAA;AAEG,MAAMwB,yBAA6E,GACxF,eAAAA,CACEhD,aAAa,EACbiD,kBAAkB,EAClBhD,MAAM,EAEH;EAAA,IADH;IAAEiD,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IAAEzB;EAAc,CAAC,GAAGsB,kBAAkB;EAC5C;EACA,MAAMM,WAAW,GAAG,MAAMxD,sBAAsB,CAACC,aAAa,EAAEC,MAAM,EAAE;IACtE+B,QAAQ,EAAEL,aAAa,CAAC6B,MAAM,CAC5B,CAACC,GAAG,EAAEC,YAAY,MAAM;MACtB,GAAGD,GAAG;MACN,CAACC,YAAY,CAACd,YAAY,GAAGc,YAAY,CAACZ;IAC5C,CAAC,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC;;EAEF;EACA,OAAO,MAAMI,QAAQ,CAAClD,aAAa,CAAC2D,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEP;EACR,CAAC,CAAC,CACCQ,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAACI,4BAAqB,CAACC,KAAK,CAAC,CACjCC,KAAK,CAACC,gCAAgC,CAAC;AAC5C,CAAC;AAACxE,OAAA,CAAAkD,yBAAA,GAAAA,yBAAA;AAEG,MAAMuB,8BAAuF,GAClG,eAAAA,CACEvE,aAAa,EAAAwE,KAAA,EAGV;EAAA,IAFH;IAAEC,KAAK;IAAEC;EAAiB,CAAC,GAAAF,KAAA;EAAA,IAC3B;IAAEtB,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAMG,WAAW,GAAG,MAAM,IAAAoB,yBAAmB,EAAC3E,aAAa,EAAE;IAC3DyE,KAAK;IACLG,iBAAiB,EAAEF;EACrB,CAAC,CAAC;EAEF,OAAO,MAAMxB,QAAQ,CAAClD,aAAa,CAAC2D,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEP;EACR,CAAC,CAAC,CACCQ,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEa,kCAAyB,CAAC,CAAC,CACtDd,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAACI,4BAAqB,CAACC,KAAK,CAAC;AACtC,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AALAtE,OAAA,CAAAyE,8BAAA,GAAAA,8BAAA;AAMA,MAAMD,gCAAgC,GAAIQ,CAAU,IAAK;EACvD,IAAI,EAAEA,CAAC,YAAYC,kCAAyB,CAAC,EAAE;IAC7C,MAAMD,CAAC;EACT;EAEA,MAAM,IAAIE,6BAAoB,CAACH,kCAAyB,CAAC,CACtDI,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,uCAA8B,CAACC,4BAA4B;IACjEC,OAAO,EACL;EACJ,CAAC,CAAC,CACDJ,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,uCAA8B,CAACC,4BAA4B;IACjEC,OAAO,EAAE;EACX,CAAC,CAAC,CACDJ,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,uCAA8B,CAACG,wBAAwB;IAC7DD,OAAO,EAAE;EACX,CAAC,CAAC,CACDE,SAAS,CAACT,CAAC,CAAC;AACjB,CAAC"}

package/lib/commonjs/credential/presentation/v1.0.0/index.js

@@ -0,0 +1,24 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.RemotePresentation = void 0;
+var _startFlow = require("./01-start-flow");
+var _evaluateRpTrust = require("./02-evaluate-rp-trust");
+var _getRequestObject = require("./03-get-request-object");
+var _verifyRequestObject = require("./04-verify-request-object");
+var _evaluateDcqlQuery = require("./05-evaluate-dcql-query");
+var _sendAuthorizationResponse = require("./06-send-authorization-response");
+const RemotePresentation = {
+  startFlowFromQR: _startFlow.startFlowFromQR,
+  evaluateRelyingPartyTrust: _evaluateRpTrust.evaluateRelyingPartyTrust,
+  getRequestObject: _getRequestObject.getRequestObject,
+  verifyRequestObject: _verifyRequestObject.verifyRequestObject,
+  evaluateDcqlQuery: _evaluateDcqlQuery.evaluateDcqlQuery,
+  prepareRemotePresentations: _sendAuthorizationResponse.prepareRemotePresentations,
+  sendAuthorizationResponse: _sendAuthorizationResponse.sendAuthorizationResponse,
+  sendAuthorizationErrorResponse: _sendAuthorizationResponse.sendAuthorizationErrorResponse
+};
+exports.RemotePresentation = RemotePresentation;
+//# sourceMappingURL=index.js.map

package/lib/commonjs/credential/presentation/v1.0.0/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_startFlow","require","_evaluateRpTrust","_getRequestObject","_verifyRequestObject","_evaluateDcqlQuery","_sendAuthorizationResponse","RemotePresentation","startFlowFromQR","evaluateRelyingPartyTrust","getRequestObject","verifyRequestObject","evaluateDcqlQuery","prepareRemotePresentations","sendAuthorizationResponse","sendAuthorizationErrorResponse","exports"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/index.ts"],"mappings":";;;;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAD,OAAA;AACA,IAAAE,iBAAA,GAAAF,OAAA;AACA,IAAAG,oBAAA,GAAAH,OAAA;AACA,IAAAI,kBAAA,GAAAJ,OAAA;AACA,IAAAK,0BAAA,GAAAL,OAAA;AAMO,MAAMM,kBAAyC,GAAG;EACvDC,eAAe,EAAfA,0BAAe;EACfC,yBAAyB,EAAzBA,0CAAyB;EACzBC,gBAAgB,EAAhBA,kCAAgB;EAChBC,mBAAmB,EAAnBA,wCAAmB;EACnBC,iBAAiB,EAAjBA,oCAAiB;EACjBC,0BAA0B,EAA1BA,qDAA0B;EAC1BC,yBAAyB,EAAzBA,oDAAyB;EACzBC,8BAA8B,EAA9BA;AACF,CAAC;AAACC,OAAA,CAAAT,kBAAA,GAAAA,kBAAA"}

package/lib/commonjs/credential/presentation/v1.0.0/mappers.js

@@ -0,0 +1,33 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.mapToRequestObject = exports.mapToRelyingPartyConfig = void 0;
+var _mappers = require("../../../utils/mappers");
+const mapToRelyingPartyConfig = (0, _mappers.createMapper)(x => {
+  const {
+    federation_entity,
+    openid_credential_verifier
+  } = x.payload.metadata;
+  return {
+    subject: x.payload.sub,
+    jwks: openid_credential_verifier.jwks,
+    authorization_encrypted_response_alg: openid_credential_verifier.authorization_encrypted_response_alg,
+    authorization_encrypted_response_enc: openid_credential_verifier.authorization_encrypted_response_enc,
+    federation_entity
+  };
+});
+exports.mapToRelyingPartyConfig = mapToRelyingPartyConfig;
+const mapToRequestObject = (0, _mappers.createMapper)(x => ({
+  iss: x.iss,
+  client_id: x.client_id,
+  dcql_query: x.dcql_query,
+  nonce: x.nonce,
+  response_uri: x.response_uri,
+  state: x.state,
+  response_mode: x.response_mode,
+  response_type: x.response_type
+}));
+exports.mapToRequestObject = mapToRequestObject;
+//# sourceMappingURL=mappers.js.map

package/lib/commonjs/credential/presentation/v1.0.0/mappers.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_mappers","require","mapToRelyingPartyConfig","createMapper","x","federation_entity","openid_credential_verifier","payload","metadata","subject","sub","jwks","authorization_encrypted_response_alg","authorization_encrypted_response_enc","exports","mapToRequestObject","iss","client_id","dcql_query","nonce","response_uri","state","response_mode","response_type"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/mappers.ts"],"mappings":";;;;;;AAAA,IAAAA,QAAA,GAAAC,OAAA;AAMO,MAAMC,uBAAuB,GAAG,IAAAC,qBAAY,EAGhDC,CAAC,IAAK;EACP,MAAM;IAAEC,iBAAiB;IAAEC;EAA2B,CAAC,GAAGF,CAAC,CAACG,OAAO,CAACC,QAAQ;EAC5E,OAAO;IACLC,OAAO,EAAEL,CAAC,CAACG,OAAO,CAACG,GAAG;IACtBC,IAAI,EAAEL,0BAA0B,CAACK,IAAI;IACrCC,oCAAoC,EAClCN,0BAA0B,CAACM,oCAAoC;IACjEC,oCAAoC,EAClCP,0BAA0B,CAACO,oCAAoC;IACjER;EACF,CAAC;AACH,CAAC,CAAC;AAACS,OAAA,CAAAZ,uBAAA,GAAAA,uBAAA;AAEI,MAAMa,kBAAkB,GAAG,IAAAZ,qBAAY,EAG3CC,CAAC,KAAM;EACRY,GAAG,EAAEZ,CAAC,CAACY,GAAG;EACVC,SAAS,EAAEb,CAAC,CAACa,SAAS;EACtBC,UAAU,EAAEd,CAAC,CAACc,UAAU;EACxBC,KAAK,EAAEf,CAAC,CAACe,KAAK;EACdC,YAAY,EAAEhB,CAAC,CAACgB,YAAY;EAC5BC,KAAK,EAAEjB,CAAC,CAACiB,KAAK;EACdC,aAAa,EAAElB,CAAC,CAACkB,aAAa;EAC9BC,aAAa,EAAEnB,CAAC,CAACmB;AACnB,CAAC,CAAC,CAAC;AAACT,OAAA,CAAAC,kBAAA,GAAAA,kBAAA"}

package/lib/commonjs/credential/presentation/v1.0.0/types.js

@@ -0,0 +1,46 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.RequestObjectPayload = exports.DirectAuthorizationBodyPayload = exports.AuthorizationResponse = void 0;
+var z = _interopRequireWildcard(require("zod"));
+var _zod2 = require("../../../utils/zod");
+var _types = require("../api/types");
+function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
+function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+const RequestObjectPayload = z.object({
+  iss: z.string(),
+  iat: _zod2.UnixTime,
+  exp: _zod2.UnixTime,
+  state: z.string(),
+  nonce: z.string(),
+  response_uri: z.string(),
+  request_uri_method: z.string().optional(),
+  response_type: z.literal("vp_token"),
+  response_mode: z.literal("direct_post.jwt"),
+  client_id: z.string(),
+  dcql_query: z.record(z.string(), z.any()),
+  // Validation happens within the `dcql` library, no need to duplicate it here
+  scope: z.string().optional(),
+  wallet_nonce: z.string().optional()
+});
+
+/**
+ * Authorization Response payload sent to the Relying Party.
+ */
+exports.RequestObjectPayload = RequestObjectPayload;
+const DirectAuthorizationBodyPayload = z.union([z.object({
+  vp_token: z.record(z.string(), z.string())
+}), z.object({
+  error: _types.ErrorResponse,
+  error_description: z.string()
+})]);
+exports.DirectAuthorizationBodyPayload = DirectAuthorizationBodyPayload;
+const AuthorizationResponse = z.object({
+  status: z.string().optional(),
+  response_code: z.string().optional(),
+  redirect_uri: z.string().optional()
+});
+exports.AuthorizationResponse = AuthorizationResponse;
+//# sourceMappingURL=types.js.map

package/lib/commonjs/credential/presentation/v1.0.0/types.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["z","_interopRequireWildcard","require","_zod2","_types","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","RequestObjectPayload","object","iss","string","iat","UnixTime","exp","state","nonce","response_uri","request_uri_method","optional","response_type","literal","response_mode","client_id","dcql_query","record","any","scope","wallet_nonce","exports","DirectAuthorizationBodyPayload","union","vp_token","error","ErrorResponse","error_description","AuthorizationResponse","status","response_code","redirect_uri"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/types.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAA6C,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAGtC,MAAMW,oBAAoB,GAAG3B,CAAC,CAAC4B,MAAM,CAAC;EAC3CC,GAAG,EAAE7B,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEC,cAAQ;EACbC,GAAG,EAAED,cAAQ;EACbE,KAAK,EAAElC,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACjBK,KAAK,EAAEnC,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACjBM,YAAY,EAAEpC,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACxBO,kBAAkB,EAAErC,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACQ,QAAQ,CAAC,CAAC;EACzCC,aAAa,EAAEvC,CAAC,CAACwC,OAAO,CAAC,UAAU,CAAC;EACpCC,aAAa,EAAEzC,CAAC,CAACwC,OAAO,CAAC,iBAAiB,CAAC;EAC3CE,SAAS,EAAE1C,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACrBa,UAAU,EAAE3C,CAAC,CAAC4C,MAAM,CAAC5C,CAAC,CAAC8B,MAAM,CAAC,CAAC,EAAE9B,CAAC,CAAC6C,GAAG,CAAC,CAAC,CAAC;EAAE;EAC3CC,KAAK,EAAE9C,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACQ,QAAQ,CAAC,CAAC;EAC5BS,YAAY,EAAE/C,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACQ,QAAQ,CAAC;AACpC,CAAC,CAAC;;AAEF;AACA;AACA;AAFAU,OAAA,CAAArB,oBAAA,GAAAA,oBAAA;AAMO,MAAMsB,8BAA8B,GAAGjD,CAAC,CAACkD,KAAK,CAAC,CACpDlD,CAAC,CAAC4B,MAAM,CAAC;EACPuB,QAAQ,EAAEnD,CAAC,CAAC4C,MAAM,CAAC5C,CAAC,CAAC8B,MAAM,CAAC,CAAC,EAAE9B,CAAC,CAAC8B,MAAM,CAAC,CAAC;AAC3C,CAAC,CAAC,EACF9B,CAAC,CAAC4B,MAAM,CAAC;EAAEwB,KAAK,EAAEC,oBAAa;EAAEC,iBAAiB,EAAEtD,CAAC,CAAC8B,MAAM,CAAC;AAAE,CAAC,CAAC,CAClE,CAAC;AAACkB,OAAA,CAAAC,8BAAA,GAAAA,8BAAA;AAGI,MAAMM,qBAAqB,GAAGvD,CAAC,CAAC4B,MAAM,CAAC;EAC5C4B,MAAM,EAAExD,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACQ,QAAQ,CAAC,CAAC;EAC7BmB,aAAa,EAAEzD,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACQ,QAAQ,CAAC,CAAC;EACpCoB,YAAY,EAAE1D,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACQ,QAAQ,CAAC;AACpC,CAAC,CAAC;AAACU,OAAA,CAAAO,qBAAA,GAAAA,qBAAA"}

package/lib/commonjs/credential/presentation/v1.0.0/utils.js

@@ -0,0 +1,27 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.getJwksFromRpConfig = void 0;
+var _jwk = require("../../../utils/jwk");
+/**
+ * Fetches the JSON Web Key Set (JWKS) from the Relying Party's Entity Configuration.
+ * @param rpConfig - The Relying Party's common configuration,
+ * @returns An object containing an array of JSON Web Keys (JWKs).
+ */
+const getJwksFromRpConfig = rpConfig => {
+  const jwks = rpConfig.jwks.keys;
+  if (!jwks || !Array.isArray(jwks)) {
+    throw new Error("JWKS not found in Relying Party configuration.");
+  }
+  const parsed = _jwk.JWKS.safeParse({
+    keys: jwks
+  });
+  if (!parsed.success) {
+    throw new Error("JWKS contains unsupported or invalid keys (only RSA/EC JWK supported)");
+  }
+  return parsed.data;
+};
+exports.getJwksFromRpConfig = getJwksFromRpConfig;
+//# sourceMappingURL=utils.js.map

package/lib/commonjs/credential/presentation/v1.0.0/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_jwk","require","getJwksFromRpConfig","rpConfig","jwks","keys","Array","isArray","Error","parsed","JWKS","safeParse","success","data","exports"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/utils.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AAGA;AACA;AACA;AACA;AACA;AACO,MAAMC,mBAAmB,GAC9BC,QAA4B,IACR;EACpB,MAAMC,IAAI,GAAGD,QAAQ,CAACC,IAAI,CAACC,IAAI;EAE/B,IAAI,CAACD,IAAI,IAAI,CAACE,KAAK,CAACC,OAAO,CAACH,IAAI,CAAC,EAAE;IACjC,MAAM,IAAII,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,MAAMC,MAAM,GAAGC,SAAI,CAACC,SAAS,CAAC;IAAEN,IAAI,EAAED;EAAK,CAAC,CAAC;EAC7C,IAAI,CAACK,MAAM,CAACG,OAAO,EAAE;IACnB,MAAM,IAAIJ,KAAK,CACb,uEACF,CAAC;EACH;EAEA,OAAOC,MAAM,CAACI,IAAI;AACpB,CAAC;AAACC,OAAA,CAAAZ,mBAAA,GAAAA,mBAAA"}

package/lib/commonjs/credential/presentation/v1.0.0/utils.jwks.js

@@ -0,0 +1,27 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.getJwksFromRpConfig = void 0;
+var _jwk = require("../../../utils/jwk");
+/**
+ * Fetches the JSON Web Key Set (JWKS) from the Relying Party's Entity Configuration.
+ * @param rpConfig - The Relying Party's common configuration,
+ * @returns An object containing an array of JSON Web Keys (JWKs).
+ */
+const getJwksFromRpConfig = rpConfig => {
+  const jwks = rpConfig.jwks.keys;
+  if (!jwks || !Array.isArray(jwks)) {
+    throw new Error("JWKS not found in Relying Party configuration.");
+  }
+  const parsed = _jwk.JWKS.safeParse({
+    keys: jwks
+  });
+  if (!parsed.success) {
+    throw new Error("JWKS contains unsupported or invalid keys (only RSA/EC JWK supported)");
+  }
+  return parsed.data;
+};
+exports.getJwksFromRpConfig = getJwksFromRpConfig;
+//# sourceMappingURL=utils.jwks.js.map

package/lib/commonjs/credential/presentation/v1.0.0/utils.jwks.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_jwk","require","getJwksFromRpConfig","rpConfig","jwks","keys","Array","isArray","Error","parsed","JWKS","safeParse","success","data","exports"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/utils.jwks.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AAGA;AACA;AACA;AACA;AACA;AACO,MAAMC,mBAAmB,GAC9BC,QAA4B,IACR;EACpB,MAAMC,IAAI,GAAGD,QAAQ,CAACC,IAAI,CAACC,IAAI;EAE/B,IAAI,CAACD,IAAI,IAAI,CAACE,KAAK,CAACC,OAAO,CAACH,IAAI,CAAC,EAAE;IACjC,MAAM,IAAII,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,MAAMC,MAAM,GAAGC,SAAI,CAACC,SAAS,CAAC;IAAEN,IAAI,EAAED;EAAK,CAAC,CAAC;EAC7C,IAAI,CAACK,MAAM,CAACG,OAAO,EAAE;IACnB,MAAM,IAAIJ,KAAK,CACb,uEACF,CAAC;EACH;EAEA,OAAOC,MAAM,CAACI,IAAI;AACpB,CAAC;AAACC,OAAA,CAAAZ,mBAAA,GAAAA,mBAAA"}

package/lib/commonjs/credential/presentation/v1.3.3/01-start-flow.js

@@ -0,0 +1,23 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.startFlowFromQR = void 0;
+var _errors = require("../common/errors");
+var _types = require("../api/types");
+var _ioWalletOid4vp = require("@pagopa/io-wallet-oid4vp");
+const startFlowFromQR = params => {
+  const parsed = _types.PresentationParams.safeParse(params);
+  if (!parsed.success) {
+    throw new _errors.InvalidQRCodeError(parsed.error.message);
+  }
+  try {
+    const validatedParams = (0, _ioWalletOid4vp.validateAuthorizationRequestParams)(parsed.data);
+    return validatedParams;
+  } catch (e) {
+    throw new _errors.InvalidQRCodeError(e instanceof Error ? e.message : String(e));
+  }
+};
+exports.startFlowFromQR = startFlowFromQR;
+//# sourceMappingURL=01-start-flow.js.map

package/lib/commonjs/credential/presentation/v1.3.3/01-start-flow.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_errors","require","_types","_ioWalletOid4vp","startFlowFromQR","params","parsed","PresentationParams","safeParse","success","InvalidQRCodeError","error","message","validatedParams","validateAuthorizationRequestParams","data","e","Error","String","exports"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/01-start-flow.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAEA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,eAAA,GAAAF,OAAA;AAEO,MAAMG,eAAyD,GACpEC,MAAM,IACH;EACH,MAAMC,MAAM,GAAGC,yBAAkB,CAACC,SAAS,CAACH,MAAM,CAAC;EAEnD,IAAI,CAACC,MAAM,CAACG,OAAO,EAAE;IACnB,MAAM,IAAIC,0BAAkB,CAACJ,MAAM,CAACK,KAAK,CAACC,OAAO,CAAC;EACpD;EAEA,IAAI;IACF,MAAMC,eAAe,GAAG,IAAAC,kDAAkC,EAACR,MAAM,CAACS,IAAI,CAAC;IAEvE,OAAOF,eAAe;EACxB,CAAC,CAAC,OAAOG,CAAC,EAAE;IACV,MAAM,IAAIN,0BAAkB,CAACM,CAAC,YAAYC,KAAK,GAAGD,CAAC,CAACJ,OAAO,GAAGM,MAAM,CAACF,CAAC,CAAC,CAAC;EAC1E;AACF,CAAC;AAACG,OAAA,CAAAf,eAAA,GAAAA,eAAA"}

package/lib/commonjs/credential/presentation/v1.3.3/02-evaluate-rp-trust.js

@@ -0,0 +1,22 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.evaluateRelyingPartyTrust = void 0;
+var _entities = require("../../../trust/v1.3.3/entities");
+var _mappers = require("./mappers");
+const evaluateRelyingPartyTrust = async function (rpUrl) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  const rpEntityConfiguration = await (0, _entities.getRelyingPartyEntityConfiguration)(rpUrl, {
+    appFetch
+  });
+  const rpConf = (0, _mappers.mapToRelyingPartyConfig)(rpEntityConfiguration);
+  return {
+    rpConf
+  };
+};
+exports.evaluateRelyingPartyTrust = evaluateRelyingPartyTrust;
+//# sourceMappingURL=02-evaluate-rp-trust.js.map

package/lib/commonjs/credential/presentation/v1.3.3/02-evaluate-rp-trust.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_entities","require","_mappers","evaluateRelyingPartyTrust","rpUrl","appFetch","fetch","arguments","length","undefined","rpEntityConfiguration","getRelyingPartyEntityConfiguration","rpConf","mapToRelyingPartyConfig","exports"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/02-evaluate-rp-trust.ts"],"mappings":";;;;;;AAAA,IAAAA,SAAA,GAAAC,OAAA;AAEA,IAAAC,QAAA,GAAAD,OAAA;AAEO,MAAME,yBAA6E,GACxF,eAAAA,CAAOC,KAAK,EAAgC;EAAA,IAA9B;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EACrC,MAAMG,qBAAqB,GAAG,MAAM,IAAAC,4CAAkC,EACpEP,KAAK,EACL;IAAEC;EAAS,CACb,CAAC;EAED,MAAMO,MAAM,GAAG,IAAAC,gCAAuB,EAACH,qBAAqB,CAAC;EAE7D,OAAO;IAAEE;EAAO,CAAC;AACnB,CAAC;AAACE,OAAA,CAAAX,yBAAA,GAAAA,yBAAA"}

package/lib/commonjs/credential/presentation/v1.3.3/03-get-request-object.js

@@ -0,0 +1,37 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.getRequestObject = void 0;
+var _types = require("../api/types");
+var _ioWalletOid4vp = require("@pagopa/io-wallet-oid4vp");
+var _sdkErrorMapper = require("./sdkErrorMapper");
+const getRequestObject = async function (authorizationRequestUrl) {
+  let {
+    appFetch = fetch,
+    walletCapabilities
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  const walletParams = walletCapabilities ? (() => {
+    const {
+      wallet_metadata,
+      wallet_nonce
+    } = _types.RequestObjectWalletCapabilities.parse(walletCapabilities);
+    return {
+      walletMetadata: wallet_metadata,
+      walletNonce: wallet_nonce
+    };
+  })() : {};
+  const result = await (0, _ioWalletOid4vp.fetchAuthorizationRequest)({
+    authorizeRequestUrl: authorizationRequestUrl,
+    callbacks: {
+      fetch: appFetch
+    },
+    ...walletParams
+  }).catch(_sdkErrorMapper.mapSdkFetchAuthRequestError);
+  return {
+    requestObjectEncodedJwt: result.requestObjectJwt
+  };
+};
+exports.getRequestObject = getRequestObject;
+//# sourceMappingURL=03-get-request-object.js.map

package/lib/commonjs/credential/presentation/v1.3.3/03-get-request-object.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_types","require","_ioWalletOid4vp","_sdkErrorMapper","getRequestObject","authorizationRequestUrl","appFetch","fetch","walletCapabilities","arguments","length","undefined","walletParams","wallet_metadata","wallet_nonce","RequestObjectWalletCapabilities","parse","walletMetadata","walletNonce","result","sdkFetchAuthorizationRequest","authorizeRequestUrl","callbacks","catch","mapSdkFetchAuthRequestError","requestObjectEncodedJwt","requestObjectJwt","exports"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/03-get-request-object.ts"],"mappings":";;;;;;AACA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,eAAA,GAAAD,OAAA;AACA,IAAAE,eAAA,GAAAF,OAAA;AAEO,MAAMG,gBAA2D,GACtE,eAAAA,CACEC,uBAAuB,EAEpB;EAAA,IADH;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAAmB,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAE7C,MAAMG,YAAY,GAAGJ,kBAAkB,GACnC,CAAC,MAAM;IACL,MAAM;MAAEK,eAAe;MAAEC;IAAa,CAAC,GACrCC,sCAA+B,CAACC,KAAK,CAACR,kBAAkB,CAAC;IAC3D,OAAO;MAAES,cAAc,EAAEJ,eAAe;MAAEK,WAAW,EAAEJ;IAAa,CAAC;EACvE,CAAC,EAAE,CAAC,GACJ,CAAC,CAAC;EAEN,MAAMK,MAAM,GAAG,MAAM,IAAAC,yCAA4B,EAAC;IAChDC,mBAAmB,EAAEhB,uBAAuB;IAC5CiB,SAAS,EAAE;MAAEf,KAAK,EAAED;IAAS,CAAC;IAC9B,GAAGM;EACL,CAAC,CAAC,CAACW,KAAK,CAACC,2CAA2B,CAAC;EAErC,OAAO;IACLC,uBAAuB,EAAEN,MAAM,CAACO;EAClC,CAAC;AACH,CAAC;AAACC,OAAA,CAAAvB,gBAAA,GAAAA,gBAAA"}

package/lib/commonjs/credential/presentation/v1.3.3/04-verify-request-object.js

@@ -0,0 +1,33 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.verifyRequestObject = void 0;
+var _ioWalletOid4vp = require("@pagopa/io-wallet-oid4vp");
+var _callbacks = require("../../../utils/callbacks");
+var _mappers = require("./mappers");
+var _sdkErrorMapper = require("./sdkErrorMapper");
+var _errors = require("../common/errors");
+const verifyRequestObject = async (requestObjectEncodedJwt, _ref) => {
+  let {
+    clientId,
+    rpConf
+  } = _ref;
+  const parsedRequestObject = await (0, _ioWalletOid4vp.parseAuthorizeRequest)({
+    requestObjectJwt: requestObjectEncodedJwt,
+    callbacks: {
+      verifyJwt: _callbacks.partialCallbacks.verifyJwt
+    }
+  }).catch(_sdkErrorMapper.mapSdkRequestObjectError);
+  const payload = parsedRequestObject.payload;
+  const isClientIdMatch = clientId === payload.client_id && clientId === rpConf.subject;
+  if (!isClientIdMatch) {
+    throw new _errors.InvalidRequestObjectError("Client ID does not match Request Object or Entity Configuration");
+  }
+  return {
+    requestObject: (0, _mappers.mapToRequestObject)(payload)
+  };
+};
+exports.verifyRequestObject = verifyRequestObject;
+//# sourceMappingURL=04-verify-request-object.js.map

package/lib/commonjs/credential/presentation/v1.3.3/04-verify-request-object.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_ioWalletOid4vp","require","_callbacks","_mappers","_sdkErrorMapper","_errors","verifyRequestObject","requestObjectEncodedJwt","_ref","clientId","rpConf","parsedRequestObject","sdkParseAuthorizeRequest","requestObjectJwt","callbacks","verifyJwt","partialCallbacks","catch","mapSdkRequestObjectError","payload","isClientIdMatch","client_id","subject","InvalidRequestObjectError","requestObject","mapToRequestObject","exports"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/04-verify-request-object.ts"],"mappings":";;;;;;AACA,IAAAA,eAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AACA,IAAAE,QAAA,GAAAF,OAAA;AACA,IAAAG,eAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAEO,MAAMK,mBAAiE,GAC5E,MAAAA,CAAOC,uBAAuB,EAAAC,IAAA,KAA2B;EAAA,IAAzB;IAAEC,QAAQ;IAAEC;EAAO,CAAC,GAAAF,IAAA;EAClD,MAAMG,mBAAmB,GAAG,MAAM,IAAAC,qCAAwB,EAAC;IACzDC,gBAAgB,EAAEN,uBAAuB;IACzCO,SAAS,EAAE;MACTC,SAAS,EAAEC,2BAAgB,CAACD;IAC9B;EACF,CAAC,CAAC,CAACE,KAAK,CAACC,wCAAwB,CAAC;EAElC,MAAMC,OAAO,GAAGR,mBAAmB,CAACQ,OAAO;EAE3C,MAAMC,eAAe,GACnBX,QAAQ,KAAKU,OAAO,CAACE,SAAS,IAAIZ,QAAQ,KAAKC,MAAM,CAACY,OAAO;EAE/D,IAAI,CAACF,eAAe,EAAE;IACpB,MAAM,IAAIG,iCAAyB,CACjC,iEACF,CAAC;EACH;EAEA,OAAO;IACLC,aAAa,EAAE,IAAAC,2BAAkB,EAACN,OAAO;EAC3C,CAAC;AACH,CAAC;AAACO,OAAA,CAAApB,mBAAA,GAAAA,mBAAA"}