npm - @pagopa/io-react-native-wallet - Versions diffs - 2.5.0 → 3.0.0 - Mend

@pagopa/io-react-native-wallet 2.5.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1562) hide show

package/lib/module/credential/presentation/v1.0.0/03-get-request-object.js ADDED Viewed

@@ -0,0 +1,51 @@
+import { RelyingPartyResponseError } from "../../../utils/errors";
+import { hasStatusOrThrow } from "../../../utils/misc";
+import { RequestObjectWalletCapabilities } from "../api/types";
+import { InvalidQRCodeError } from "../common/errors";
+export const getRequestObject = async function (authorizationRequestUrl) {
+  let {
+    appFetch = fetch,
+    walletCapabilities
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  const authorizationUrl = new URL(authorizationRequestUrl);
+  /*
+   * The QR code parameters are validated in step 1.
+   * For consistency with the 1.3 flow we accept the full authorization URL,
+   * but here we only extract the `request_uri` to retrieve the Request Object.
+   */
+  const requestUri = authorizationUrl.searchParams.get("request_uri") ?? undefined;
+  if (!requestUri) {
+    throw new InvalidQRCodeError("The QR code is missing the required 'request_uri' parameter.");
+  }
+  if (walletCapabilities) {
+    // Validate external input
+    const {
+      wallet_metadata,
+      wallet_nonce
+    } = RequestObjectWalletCapabilities.parse(walletCapabilities);
+    const formUrlEncodedBody = new URLSearchParams({
+      wallet_metadata: JSON.stringify(wallet_metadata),
+      ...(wallet_nonce && {
+        wallet_nonce
+      })
+    });
+    const requestObjectEncodedJwt = await appFetch(requestUri, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: formUrlEncodedBody.toString()
+    }).then(hasStatusOrThrow(200, RelyingPartyResponseError)).then(res => res.text());
+    return {
+      requestObjectEncodedJwt
+    };
+  }
+  const requestObjectEncodedJwt = await appFetch(requestUri, {
+    method: "GET"
+  }).then(hasStatusOrThrow(200, RelyingPartyResponseError)).then(res => res.text());
+  return {
+    requestObjectEncodedJwt
+  };
+};
+//# sourceMappingURL=03-get-request-object.js.map

package/lib/module/credential/presentation/v1.0.0/03-get-request-object.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["RelyingPartyResponseError","hasStatusOrThrow","RequestObjectWalletCapabilities","InvalidQRCodeError","getRequestObject","authorizationRequestUrl","appFetch","fetch","walletCapabilities","arguments","length","undefined","authorizationUrl","URL","requestUri","searchParams","get","wallet_metadata","wallet_nonce","parse","formUrlEncodedBody","URLSearchParams","JSON","stringify","requestObjectEncodedJwt","method","headers","body","toString","then","res","text"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/03-get-request-object.ts"],"mappings":"AAAA,SAASA,yBAAyB,QAAQ,uBAAuB;AACjE,SAASC,gBAAgB,QAAQ,qBAAqB;AAEtD,SAASC,+BAA+B,QAAQ,cAAc;AAC9D,SAASC,kBAAkB,QAAQ,kBAAkB;AAErD,OAAO,MAAMC,gBAA2D,GACtE,eAAAA,CACEC,uBAAuB,EAEpB;EAAA,IADH;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAAmB,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAE7C,MAAMG,gBAAgB,GAAG,IAAIC,GAAG,CAACR,uBAAuB,CAAC;;EAEzD;AACJ;AACA;AACA;AACA;EACI,MAAMS,UAAU,GACdF,gBAAgB,CAACG,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC,IAAIL,SAAS;EAC/D,IAAI,CAACG,UAAU,EAAE;IACf,MAAM,IAAIX,kBAAkB,CAC1B,8DACF,CAAC;EACH;EAEA,IAAIK,kBAAkB,EAAE;IACtB;IACA,MAAM;MAAES,eAAe;MAAEC;IAAa,CAAC,GACrChB,+BAA+B,CAACiB,KAAK,CAACX,kBAAkB,CAAC;IAE3D,MAAMY,kBAAkB,GAAG,IAAIC,eAAe,CAAC;MAC7CJ,eAAe,EAAEK,IAAI,CAACC,SAAS,CAACN,eAAe,CAAC;MAChD,IAAIC,YAAY,IAAI;QAAEA;MAAa,CAAC;IACtC,CAAC,CAAC;IAEF,MAAMM,uBAAuB,GAAG,MAAMlB,QAAQ,CAACQ,UAAU,EAAE;MACzDW,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEP,kBAAkB,CAACQ,QAAQ,CAAC;IACpC,CAAC,CAAC,CACCC,IAAI,CAAC5B,gBAAgB,CAAC,GAAG,EAAED,yBAAyB,CAAC,CAAC,CACtD6B,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;IAE5B,OAAO;MACLP;IACF,CAAC;EACH;EAEA,MAAMA,uBAAuB,GAAG,MAAMlB,QAAQ,CAACQ,UAAU,EAAE;IACzDW,MAAM,EAAE;EACV,CAAC,CAAC,CACCI,IAAI,CAAC5B,gBAAgB,CAAC,GAAG,EAAED,yBAAyB,CAAC,CAAC,CACtD6B,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;EAE5B,OAAO;IACLP;EACF,CAAC;AACH,CAAC"}

package/lib/module/credential/presentation/v1.0.0/04-verify-request-object.js ADDED Viewed

@@ -0,0 +1,79 @@
+import { decode as decodeJwt, verify } from "@pagopa/io-react-native-jwt";
+import { InvalidRequestObjectError } from "../common/errors";
+import { RequestObjectPayload } from "./types";
+import { mapToRequestObject } from "./mappers";
+import { getJwksFromRpConfig } from "./utils.jwks";
+export const verifyRequestObject = async (requestObjectEncodedJwt, _ref) => {
+  let {
+    clientId,
+    rpConf,
+    state
+  } = _ref;
+  const requestObjectJwt = decodeJwt(requestObjectEncodedJwt);
+  const pubKey = getSigPublicKey(rpConf, requestObjectJwt.protectedHeader.kid);
+  try {
+    // Standard claims are verified within `verify`
+    await verify(requestObjectEncodedJwt, pubKey, {
+      issuer: clientId
+    });
+  } catch (_) {
+    throw new InvalidRequestObjectError("The Request Object signature verification failed");
+  }
+  const requestObject = validateRequestObjectShape(requestObjectJwt.payload);
+  const isClientIdMatch = clientId === requestObject.client_id && clientId === rpConf.subject;
+  if (!isClientIdMatch) {
+    throw new InvalidRequestObjectError("Client ID does not match Request Object or Entity Configuration");
+  }
+  const isStateMatch = state ? state === requestObject.state : true;
+  if (!isStateMatch) {
+    throw new InvalidRequestObjectError("The provided state does not match the Request Object's");
+  }
+  return {
+    requestObject: mapToRequestObject(requestObject)
+  };
+};
+/**
+ * Validate the shape of the Request Object to ensure all required properties are present and are of the expected type.
+ *
+ * @param payload The Request Object to validate
+ * @returns A valid Request Object
+ * @throws {InvalidRequestObjectError} when the Request Object cannot be parsed
+ */
+const validateRequestObjectShape = payload => {
+  const requestObjectParse = RequestObjectPayload.safeParse(payload);
+  if (requestObjectParse.success) {
+    return requestObjectParse.data;
+  }
+  throw new InvalidRequestObjectError("The Request Object cannot be parsed successfully", formatFlattenedZodErrors(requestObjectParse.error.flatten()));
+};
+/**
+ * Get the public key to verify the Request Object's signature from the Relying Party's EC.
+ *
+ * @param rpConf The Relying Party's EC
+ * @param kid The identifier of the key to find
+ * @returns The corresponding public key to verify the signature
+ * @throws {InvalidRequestObjectError} when the key cannot be found
+ */
+const getSigPublicKey = (rpConf, kid) => {
+  try {
+    const {
+      keys
+    } = getJwksFromRpConfig(rpConf);
+    const pubKey = keys.find(k => k.kid === kid);
+    if (!pubKey) throw new Error();
+    return pubKey;
+  } catch (_) {
+    throw new InvalidRequestObjectError(`The public key for signature verification (${kid}) cannot be found in the Entity Configuration`);
+  }
+};
+/**
+ * Utility to format flattened Zod errors into a simplified string `key1: key1_error, key2: key2_error`
+ */
+const formatFlattenedZodErrors = errors => Object.entries(errors.fieldErrors).map(_ref2 => {
+  let [key, error] = _ref2;
+  return `${key}: ${error[0]}`;
+}).join(", ");
+//# sourceMappingURL=04-verify-request-object.js.map

package/lib/module/credential/presentation/v1.0.0/04-verify-request-object.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["decode","decodeJwt","verify","InvalidRequestObjectError","RequestObjectPayload","mapToRequestObject","getJwksFromRpConfig","verifyRequestObject","requestObjectEncodedJwt","_ref","clientId","rpConf","state","requestObjectJwt","pubKey","getSigPublicKey","protectedHeader","kid","issuer","_","requestObject","validateRequestObjectShape","payload","isClientIdMatch","client_id","subject","isStateMatch","requestObjectParse","safeParse","success","data","formatFlattenedZodErrors","error","flatten","keys","find","k","Error","errors","Object","entries","fieldErrors","map","_ref2","key","join"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/04-verify-request-object.ts"],"mappings":"AAAA,SAASA,MAAM,IAAIC,SAAS,EAAEC,MAAM,QAAQ,6BAA6B;AAGzE,SAASC,yBAAyB,QAAQ,kBAAkB;AAC5D,SAASC,oBAAoB,QAAQ,SAAS;AAC9C,SAASC,kBAAkB,QAAQ,WAAW;AAC9C,SAASC,mBAAmB,QAAQ,cAAc;AAElD,OAAO,MAAMC,mBAAiE,GAC5E,MAAAA,CAAOC,uBAAuB,EAAAC,IAAA,KAAkC;EAAA,IAAhC;IAAEC,QAAQ;IAAEC,MAAM;IAAEC;EAAM,CAAC,GAAAH,IAAA;EACzD,MAAMI,gBAAgB,GAAGZ,SAAS,CAACO,uBAAuB,CAAC;EAE3D,MAAMM,MAAM,GAAGC,eAAe,CAC5BJ,MAAM,EACNE,gBAAgB,CAACG,eAAe,CAACC,GACnC,CAAC;EAED,IAAI;IACF;IACA,MAAMf,MAAM,CAACM,uBAAuB,EAAEM,MAAM,EAAE;MAAEI,MAAM,EAAER;IAAS,CAAC,CAAC;EACrE,CAAC,CAAC,OAAOS,CAAC,EAAE;IACV,MAAM,IAAIhB,yBAAyB,CACjC,kDACF,CAAC;EACH;EAEA,MAAMiB,aAAa,GAAGC,0BAA0B,CAACR,gBAAgB,CAACS,OAAO,CAAC;EAE1E,MAAMC,eAAe,GACnBb,QAAQ,KAAKU,aAAa,CAACI,SAAS,IAAId,QAAQ,KAAKC,MAAM,CAACc,OAAO;EAErE,IAAI,CAACF,eAAe,EAAE;IACpB,MAAM,IAAIpB,yBAAyB,CACjC,iEACF,CAAC;EACH;EAEA,MAAMuB,YAAY,GAAGd,KAAK,GAAGA,KAAK,KAAKQ,aAAa,CAACR,KAAK,GAAG,IAAI;EAEjE,IAAI,CAACc,YAAY,EAAE;IACjB,MAAM,IAAIvB,yBAAyB,CACjC,wDACF,CAAC;EACH;EAEA,OAAO;IAAEiB,aAAa,EAAEf,kBAAkB,CAACe,aAAa;EAAE,CAAC;AAC7D,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,0BAA0B,GAAIC,OAAgB,IAA2B;EAC7E,MAAMK,kBAAkB,GAAGvB,oBAAoB,CAACwB,SAAS,CAACN,OAAO,CAAC;EAElE,IAAIK,kBAAkB,CAACE,OAAO,EAAE;IAC9B,OAAOF,kBAAkB,CAACG,IAAI;EAChC;EAEA,MAAM,IAAI3B,yBAAyB,CACjC,kDAAkD,EAClD4B,wBAAwB,CAACJ,kBAAkB,CAACK,KAAK,CAACC,OAAO,CAAC,CAAC,CAC7D,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMlB,eAAe,GAAGA,CACtBJ,MAA0B,EAC1BM,GAAuB,KACpB;EACH,IAAI;IACF,MAAM;MAAEiB;IAAK,CAAC,GAAG5B,mBAAmB,CAACK,MAAM,CAAC;IAE5C,MAAMG,MAAM,GAAGoB,IAAI,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACnB,GAAG,KAAKA,GAAG,CAAC;IAE9C,IAAI,CAACH,MAAM,EAAE,MAAM,IAAIuB,KAAK,CAAC,CAAC;IAE9B,OAAOvB,MAAM;EACf,CAAC,CAAC,OAAOK,CAAC,EAAE;IACV,MAAM,IAAIhB,yBAAyB,CAChC,8CAA6Cc,GAAI,+CACpD,CAAC;EACH;AACF,CAAC;;AAED;AACA;AACA;AACA,MAAMc,wBAAwB,GAC5BO,MAAkD,IAElDC,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,WAAW,CAAC,CAC/BC,GAAG,CAACC,KAAA;EAAA,IAAC,CAACC,GAAG,EAAEZ,KAAK,CAAC,GAAAW,KAAA;EAAA,OAAM,GAAEC,GAAI,KAAIZ,KAAK,CAAC,CAAC,CAAE,EAAC;AAAA,EAAC,CAC5Ca,IAAI,CAAC,IAAI,CAAC"}

package/lib/module/credential/presentation/v1.0.0/05-evaluate-dcql-query.js ADDED Viewed

@@ -0,0 +1,76 @@
+import { DcqlQuery, DcqlError } from "dcql";
+import { isValiError } from "valibot";
+import { CredentialsNotFoundError } from "../common/errors";
+import * as sdJwtUtils from "../common/utils/sd-jwt";
+import { extractFailedCredentialsDetails, getClaimsFromDcqlMatch, getDcqlQueryMatches, getPresentationFrameFromDcqlMatch } from "../common/utils/dcql";
+import { LEGACY_SD_JWT } from "../../../sd-jwt/types";
+export const evaluateDcqlQuery = async (query, credentialsSdJwt) => {
+  const credentials = await sdJwtUtils.mapCredentialsToObj(credentialsSdJwt);
+  const credentialsByVct = credentials.reduce((acc, c) => {
+    acc[c.vct] = c.original_credential;
+    return acc;
+  }, {});
+  try {
+    // Validate the query
+    const parsedQuery = DcqlQuery.parse(query);
+    DcqlQuery.validate(parsedQuery);
+    const queryResult = DcqlQuery.query(parsedQuery, credentials);
+    if (!queryResult.can_be_satisfied) {
+      throw new CredentialsNotFoundError(extractFailedCredentialsDetails(queryResult));
+    }
+    return getDcqlQueryMatches(queryResult).map(_ref => {
+      var _queryResult$credenti, _match$valid_credenti;
+      let [id, match] = _ref;
+      const purposes = (_queryResult$credenti = queryResult.credential_sets) === null || _queryResult$credenti === void 0 || (_queryResult$credenti = _queryResult$credenti.filter(set => {
+        var _set$matching_options;
+        return (_set$matching_options = set.matching_options) === null || _set$matching_options === void 0 ? void 0 : _set$matching_options.flat().includes(id);
+      })) === null || _queryResult$credenti === void 0 ? void 0 : _queryResult$credenti.map(credentialSet => {
+        var _credentialSet$purpos;
+        return {
+          description: (_credentialSet$purpos = credentialSet.purpose) === null || _credentialSet$purpos === void 0 ? void 0 : _credentialSet$purpos.toString(),
+          required: Boolean(credentialSet.required)
+        };
+      });
+      const matchOutput = (_match$valid_credenti = match.valid_credentials[0]) === null || _match$valid_credenti === void 0 ? void 0 : _match$valid_credenti.meta.output;
+      // The legacy SD-JWT format is still supported because `evaluateDcqlQuery`
+      // is also used when presenting the legacy 0.7.1 eID to get other credentials.
+      if ((matchOutput === null || matchOutput === void 0 ? void 0 : matchOutput.credential_format) === "dc+sd-jwt" || (matchOutput === null || matchOutput === void 0 ? void 0 : matchOutput.credential_format) === LEGACY_SD_JWT && "vct" in matchOutput) {
+        const {
+          vct
+        } = matchOutput;
+        const [keyTag, credential] = credentialsByVct[vct];
+        const requiredDisclosures = getClaimsFromDcqlMatch(match);
+        const presentationFrame = getPresentationFrameFromDcqlMatch(match, parsedQuery);
+        return {
+          id,
+          vct,
+          keyTag,
+          format: matchOutput.credential_format,
+          credential,
+          requiredDisclosures,
+          presentationFrame,
+          // When it is a match but no credential_sets are found, the credential is required by default
+          // See https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#section-6.4.2
+          purposes: purposes ?? [{
+            required: true
+          }]
+        };
+      }
+      throw new Error(`Unsupported credential format: ${matchOutput === null || matchOutput === void 0 ? void 0 : matchOutput.credential_format}`);
+    });
+  } catch (error) {
+    // Invalid DCQL query structure. Remap to `DcqlError` for consistency.
+    if (isValiError(error)) {
+      throw new DcqlError({
+        message: "Failed to parse the provided DCQL query",
+        code: "PARSE_ERROR",
+        cause: error.issues
+      });
+    }
+    // Let other errors propagate so they can be caught with `err instanceof DcqlError`
+    throw error;
+  }
+};
+//# sourceMappingURL=05-evaluate-dcql-query.js.map

package/lib/module/credential/presentation/v1.0.0/05-evaluate-dcql-query.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["DcqlQuery","DcqlError","isValiError","CredentialsNotFoundError","sdJwtUtils","extractFailedCredentialsDetails","getClaimsFromDcqlMatch","getDcqlQueryMatches","getPresentationFrameFromDcqlMatch","LEGACY_SD_JWT","evaluateDcqlQuery","query","credentialsSdJwt","credentials","mapCredentialsToObj","credentialsByVct","reduce","acc","c","vct","original_credential","parsedQuery","parse","validate","queryResult","can_be_satisfied","map","_ref","_queryResult$credenti","_match$valid_credenti","id","match","purposes","credential_sets","filter","set","_set$matching_options","matching_options","flat","includes","credentialSet","_credentialSet$purpos","description","purpose","toString","required","Boolean","matchOutput","valid_credentials","meta","output","credential_format","keyTag","credential","requiredDisclosures","presentationFrame","format","Error","error","message","code","cause","issues"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/05-evaluate-dcql-query.ts"],"mappings":"AAAA,SAASA,SAAS,EAAEC,SAAS,QAAQ,MAAM;AAC3C,SAASC,WAAW,QAAQ,SAAS;AACrC,SAASC,wBAAwB,QAAQ,kBAAkB;AAG3D,OAAO,KAAKC,UAAU,MAAM,wBAAwB;AACpD,SACEC,+BAA+B,EAC/BC,sBAAsB,EACtBC,mBAAmB,EACnBC,iCAAiC,QAC5B,sBAAsB;AAC7B,SAASC,aAAa,QAAQ,uBAAuB;AAErD,OAAO,MAAMC,iBAA6D,GACxE,MAAAA,CAAOC,KAAK,EAAEC,gBAAgB,KAAK;EACjC,MAAMC,WAAW,GAAG,MAAMT,UAAU,CAACU,mBAAmB,CAACF,gBAAgB,CAAC;EAE1E,MAAMG,gBAAgB,GAAGF,WAAW,CAACG,MAAM,CACzC,CAACC,GAAG,EAAEC,CAAC,KAAK;IACVD,GAAG,CAACC,CAAC,CAACC,GAAG,CAAC,GAAGD,CAAC,CAACE,mBAAmB;IAClC,OAAOH,GAAG;EACZ,CAAC,EACD,CAAC,CACH,CAAC;EAED,IAAI;IACF;IACA,MAAMI,WAAW,GAAGrB,SAAS,CAACsB,KAAK,CAACX,KAAK,CAAC;IAC1CX,SAAS,CAACuB,QAAQ,CAACF,WAAW,CAAC;IAE/B,MAAMG,WAAW,GAAGxB,SAAS,CAACW,KAAK,CAACU,WAAW,EAAER,WAAW,CAAC;IAE7D,IAAI,CAACW,WAAW,CAACC,gBAAgB,EAAE;MACjC,MAAM,IAAItB,wBAAwB,CAChCE,+BAA+B,CAACmB,WAAW,CAC7C,CAAC;IACH;IAEA,OAAOjB,mBAAmB,CAACiB,WAAW,CAAC,CAACE,GAAG,CAACC,IAAA,IAAiB;MAAA,IAAAC,qBAAA,EAAAC,qBAAA;MAAA,IAAhB,CAACC,EAAE,EAAEC,KAAK,CAAC,GAAAJ,IAAA;MACtD,MAAMK,QAAQ,IAAAJ,qBAAA,GAAGJ,WAAW,CAACS,eAAe,cAAAL,qBAAA,gBAAAA,qBAAA,GAA3BA,qBAAA,CACbM,MAAM,CAAEC,GAAG;QAAA,IAAAC,qBAAA;QAAA,QAAAA,qBAAA,GAAKD,GAAG,CAACE,gBAAgB,cAAAD,qBAAA,uBAApBA,qBAAA,CAAsBE,IAAI,CAAC,CAAC,CAACC,QAAQ,CAACT,EAAE,CAAC;MAAA,EAAC,cAAAF,qBAAA,uBAD7CA,qBAAA,CAEbF,GAAG,CAAqBc,aAAa;QAAA,IAAAC,qBAAA;QAAA,OAAM;UAC3CC,WAAW,GAAAD,qBAAA,GAAED,aAAa,CAACG,OAAO,cAAAF,qBAAA,uBAArBA,qBAAA,CAAuBG,QAAQ,CAAC,CAAC;UAC9CC,QAAQ,EAAEC,OAAO,CAACN,aAAa,CAACK,QAAQ;QAC1C,CAAC;MAAA,CAAC,CAAC;MAEL,MAAME,WAAW,IAAAlB,qBAAA,GAAGE,KAAK,CAACiB,iBAAiB,CAAC,CAAC,CAAC,cAAAnB,qBAAA,uBAA1BA,qBAAA,CAA4BoB,IAAI,CAACC,MAAM;;MAE3D;MACA;MACA,IACE,CAAAH,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEI,iBAAiB,MAAK,WAAW,IAC7C,CAAAJ,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEI,iBAAiB,MAAK1C,aAAa,IAC/C,KAAK,IAAIsC,WAAY,EACvB;QACA,MAAM;UAAE5B;QAAI,CAAC,GAAG4B,WAAW;QAC3B,MAAM,CAACK,MAAM,EAAEC,UAAU,CAAC,GAAGtC,gBAAgB,CAACI,GAAG,CAAE;QAEnD,MAAMmC,mBAAmB,GAAGhD,sBAAsB,CAACyB,KAAK,CAAC;QACzD,MAAMwB,iBAAiB,GAAG/C,iCAAiC,CACzDuB,KAAK,EACLV,WACF,CAAC;QAED,OAAO;UACLS,EAAE;UACFX,GAAG;UACHiC,MAAM;UACNI,MAAM,EAAET,WAAW,CAACI,iBAAiB;UACrCE,UAAU;UACVC,mBAAmB;UACnBC,iBAAiB;UACjB;UACA;UACAvB,QAAQ,EAAEA,QAAQ,IAAI,CAAC;YAAEa,QAAQ,EAAE;UAAK,CAAC;QAC3C,CAAC;MACH;MAEA,MAAM,IAAIY,KAAK,CACZ,kCAAiCV,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEI,iBAAkB,EACnE,CAAC;IACH,CAAC,CAAC;EACJ,CAAC,CAAC,OAAOO,KAAK,EAAE;IACd;IACA,IAAIxD,WAAW,CAACwD,KAAK,CAAC,EAAE;MACtB,MAAM,IAAIzD,SAAS,CAAC;QAClB0D,OAAO,EAAE,yCAAyC;QAClDC,IAAI,EAAE,aAAa;QACnBC,KAAK,EAAEH,KAAK,CAACI;MACf,CAAC,CAAC;IACJ;;IAEA;IACA,MAAMJ,KAAK;EACb;AACF,CAAC"}

package/lib/module/credential/presentation/v1.0.0/06-send-authorization-response.js ADDED Viewed

@@ -0,0 +1,155 @@
+import { EncryptJwe } from "@pagopa/io-react-native-jwt";
+import { NoSuitableKeysFoundInEntityConfiguration } from "../common/errors";
+import { hasStatusOrThrow } from "../../../utils/misc";
+import { RelyingPartyResponseError, RelyingPartyResponseErrorCodes, ResponseErrorBuilder, UnexpectedStatusCodeError } from "../../../utils/errors";
+import { prepareVpToken } from "../../../sd-jwt";
+import { AuthorizationResponse } from "./types";
+import { getJwksFromRpConfig } from "./utils.jwks";
+import { buildDirectPostBody } from "../common/utils/http";
+import { createCryptoContextFor } from "../../../utils/crypto";
+/**
+ * Selects a public key (with `use = enc`) from the set of JWK keys
+ * offered by the Relying Party (RP) for encryption.
+ *
+ * @param rpJwkKeys - The array of JWKs retrieved from the RP entity configuration.
+ * @returns The first suitable public key found in the list.
+ * @throws {NoSuitableKeysFoundInEntityConfiguration} If no suitable encryption key is found.
+ */
+export const choosePublicKeyToEncrypt = rpJwkKeys => {
+  const encKey = rpJwkKeys.find(jwk => jwk.use === "enc");
+  if (encKey) {
+    return encKey;
+  }
+  // No suitable key found
+  throw new NoSuitableKeysFoundInEntityConfiguration("No suitable public key found for encryption.");
+};
+/**
+ * Builds a URL-encoded form body for a direct POST response using JWT encryption.
+ *
+ * @param jwkKeys - Array of JWKs from the Relying Party for encryption.
+ * @param requestObject - Contains state, nonce, and other relevant info.
+ * @param payload - Object that contains the VP token to encrypt and the mapping of the credential disclosures
+ * @returns A URL-encoded string for an `application/x-www-form-urlencoded` POST body, where `response` contains the encrypted JWE.
+ */
+export const buildDirectPostJwtBody = async (requestObject, rpConf, payload) => {
+  // Prepare the authorization response payload to be encrypted
+  const authzResponsePayload = JSON.stringify({
+    state: requestObject.state,
+    ...payload
+  });
+  // Choose a suitable public key for encryption
+  const {
+    keys
+  } = getJwksFromRpConfig(rpConf);
+  const encPublicJwk = choosePublicKeyToEncrypt(keys);
+  // Encrypt the authorization payload
+  const {
+    authorization_encrypted_response_alg,
+    authorization_encrypted_response_enc
+  } = rpConf;
+  const defaultAlg = encPublicJwk.kty === "EC" ? "ECDH-ES" : "RSA-OAEP-256";
+  const encryptedResponse = await new EncryptJwe(authzResponsePayload, {
+    alg: authorization_encrypted_response_alg || defaultAlg,
+    enc: authorization_encrypted_response_enc || "A256CBC-HS512",
+    kid: encPublicJwk.kid
+  }).encrypt(encPublicJwk);
+  // Build the x-www-form-urlencoded form body
+  const formBody = new URLSearchParams({
+    response: encryptedResponse,
+    state: requestObject.state
+  });
+  return formBody.toString();
+};
+export const prepareRemotePresentations = async (credentials, authRequestObject) => {
+  const presentations = await Promise.all(credentials.map(async item => {
+    const {
+      vp_token
+    } = await prepareVpToken(authRequestObject.nonce, authRequestObject.clientId, [item.credential, item.presentationFrame, createCryptoContextFor(item.keyTag)]);
+    return {
+      requestedClaims: item.requiredDisclosures.map(_ref => {
+        let {
+          name
+        } = _ref;
+        return name;
+      }),
+      credentialId: item.id,
+      vpToken: vp_token,
+      format: item.format
+    };
+  }));
+  return {
+    presentations
+  };
+};
+export const sendAuthorizationResponse = async function (requestObject, remotePresentation, rpConf) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {};
+  const {
+    presentations
+  } = remotePresentation;
+  // 1. Prepare the VP token as a JSON object with keys corresponding to the DCQL query credential IDs
+  const requestBody = await buildDirectPostJwtBody(requestObject, rpConf, {
+    vp_token: presentations.reduce((acc, presentation) => ({
+      ...acc,
+      [presentation.credentialId]: presentation.vpToken
+    }), {})
+  });
+  // 2. Send the authorization response via HTTP POST and validate the response
+  return await appFetch(requestObject.response_uri, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded"
+    },
+    body: requestBody
+  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(AuthorizationResponse.parse).catch(handleAuthorizationResponseError);
+};
+export const sendAuthorizationErrorResponse = async function (requestObject, _ref2) {
+  let {
+    error,
+    errorDescription
+  } = _ref2;
+  let {
+    appFetch = fetch
+  } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
+  const requestBody = await buildDirectPostBody(requestObject, {
+    error,
+    error_description: errorDescription
+  });
+  return await appFetch(requestObject.response_uri, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded"
+    },
+    body: requestBody
+  }).then(hasStatusOrThrow(200, RelyingPartyResponseError)).then(res => res.json()).then(AuthorizationResponse.parse);
+};
+/**
+ * Handle the the presentation error by mapping it to a custom exception.
+ * If the error is not an instance of {@link UnexpectedStatusCodeError}, it is thrown as is.
+ * @param e - The error to be handled
+ * @throws {RelyingPartyResponseError} with a specific code for more context
+ */
+const handleAuthorizationResponseError = e => {
+  if (!(e instanceof UnexpectedStatusCodeError)) {
+    throw e;
+  }
+  throw new ResponseErrorBuilder(RelyingPartyResponseError).handle(400, {
+    code: RelyingPartyResponseErrorCodes.InvalidAuthorizationResponse,
+    message: "The Authorization Response contains invalid parameters or it is malformed"
+  }).handle(403, {
+    code: RelyingPartyResponseErrorCodes.InvalidAuthorizationResponse,
+    message: "The Authorization Response was forbidden"
+  }).handle("*", {
+    code: RelyingPartyResponseErrorCodes.RelyingPartyGenericError,
+    message: "Unable to successfully send the Authorization Response"
+  }).buildFrom(e);
+};
+//# sourceMappingURL=06-send-authorization-response.js.map

package/lib/module/credential/presentation/v1.0.0/06-send-authorization-response.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["EncryptJwe","NoSuitableKeysFoundInEntityConfiguration","hasStatusOrThrow","RelyingPartyResponseError","RelyingPartyResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","prepareVpToken","AuthorizationResponse","getJwksFromRpConfig","buildDirectPostBody","createCryptoContextFor","choosePublicKeyToEncrypt","rpJwkKeys","encKey","find","jwk","use","buildDirectPostJwtBody","requestObject","rpConf","payload","authzResponsePayload","JSON","stringify","state","keys","encPublicJwk","authorization_encrypted_response_alg","authorization_encrypted_response_enc","defaultAlg","kty","encryptedResponse","alg","enc","kid","encrypt","formBody","URLSearchParams","response","toString","prepareRemotePresentations","credentials","authRequestObject","presentations","Promise","all","map","item","vp_token","nonce","clientId","credential","presentationFrame","keyTag","requestedClaims","requiredDisclosures","_ref","name","credentialId","id","vpToken","format","sendAuthorizationResponse","remotePresentation","appFetch","fetch","arguments","length","undefined","requestBody","reduce","acc","presentation","response_uri","method","headers","body","then","res","json","parse","catch","handleAuthorizationResponseError","sendAuthorizationErrorResponse","_ref2","error","errorDescription","error_description","e","handle","code","InvalidAuthorizationResponse","message","RelyingPartyGenericError","buildFrom"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/06-send-authorization-response.ts"],"mappings":"AAAA,SAASA,UAAU,QAAQ,6BAA6B;AACxD,SAASC,wCAAwC,QAAQ,kBAAkB;AAC3E,SAASC,gBAAgB,QAAQ,qBAAqB;AAEtD,SACEC,yBAAyB,EACzBC,8BAA8B,EAC9BC,oBAAoB,EACpBC,yBAAyB,QACpB,uBAAuB;AAC9B,SAASC,cAAc,QAAQ,iBAAiB;AAGhD,SAASC,qBAAqB,QAAwC,SAAS;AAC/E,SAASC,mBAAmB,QAAQ,cAAc;AAClD,SAASC,mBAAmB,QAAQ,sBAAsB;AAC1D,SAASC,sBAAsB,QAAQ,uBAAuB;;AAE9D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,wBAAwB,GAAIC,SAAgB,IAAU;EACjE,MAAMC,MAAM,GAAGD,SAAS,CAACE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,CAAC;EAEzD,IAAIH,MAAM,EAAE;IACV,OAAOA,MAAM;EACf;;EAEA;EACA,MAAM,IAAIb,wCAAwC,CAChD,8CACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMiB,sBAAsB,GAAG,MAAAA,CACpCC,aAA4B,EAC5BC,MAA0B,EAC1BC,OAAuC,KACnB;EAGpB;EACA,MAAMC,oBAAoB,GAAGC,IAAI,CAACC,SAAS,CAAC;IAC1CC,KAAK,EAAEN,aAAa,CAACM,KAAK;IAC1B,GAAGJ;EACL,CAAC,CAAC;EACF;EACA,MAAM;IAAEK;EAAK,CAAC,GAAGjB,mBAAmB,CAACW,MAAM,CAAC;EAC5C,MAAMO,YAAY,GAAGf,wBAAwB,CAACc,IAAI,CAAC;;EAEnD;EACA,MAAM;IACJE,oCAAoC;IACpCC;EACF,CAAC,GAAGT,MAAM;EAEV,MAAMU,UAAsB,GAC1BH,YAAY,CAACI,GAAG,KAAK,IAAI,GAAG,SAAS,GAAG,cAAc;EAExD,MAAMC,iBAAiB,GAAG,MAAM,IAAIhC,UAAU,CAACsB,oBAAoB,EAAE;IACnEW,GAAG,EAAGL,oCAAoC,IAAmBE,UAAU;IACvEI,GAAG,EACAL,oCAAoC,IAAmB,eAAe;IACzEM,GAAG,EAAER,YAAY,CAACQ;EACpB,CAAC,CAAC,CAACC,OAAO,CAACT,YAAY,CAAC;;EAExB;EACA,MAAMU,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCC,QAAQ,EAAEP,iBAAiB;IAC3BP,KAAK,EAAEN,aAAa,CAACM;EACvB,CAAC,CAAC;EACF,OAAOY,QAAQ,CAACG,QAAQ,CAAC,CAAC;AAC5B,CAAC;AAED,OAAO,MAAMC,0BAA+E,GAC1F,MAAAA,CAAOC,WAAW,EAAEC,iBAAiB,KAAK;EACxC,MAAMC,aAAa,GAAG,MAAMC,OAAO,CAACC,GAAG,CACrCJ,WAAW,CAACK,GAAG,CAAC,MAAOC,IAAI,IAAK;IAC9B,MAAM;MAAEC;IAAS,CAAC,GAAG,MAAM1C,cAAc,CACvCoC,iBAAiB,CAACO,KAAK,EACvBP,iBAAiB,CAACQ,QAAQ,EAC1B,CACEH,IAAI,CAACI,UAAU,EACfJ,IAAI,CAACK,iBAAiB,EACtB1C,sBAAsB,CAACqC,IAAI,CAACM,MAAM,CAAC,CAEvC,CAAC;IAED,OAAO;MACLC,eAAe,EAAEP,IAAI,CAACQ,mBAAmB,CAACT,GAAG,CAACU,IAAA;QAAA,IAAC;UAAEC;QAAK,CAAC,GAAAD,IAAA;QAAA,OAAKC,IAAI;MAAA,EAAC;MACjEC,YAAY,EAAEX,IAAI,CAACY,EAAE;MACrBC,OAAO,EAAEZ,QAAQ;MACjBa,MAAM,EAAEd,IAAI,CAACc;IACf,CAAC;EACH,CAAC,CACH,CAAC;EAED,OAAO;IAAElB;EAAc,CAAC;AAC1B,CAAC;AAEH,OAAO,MAAMmB,yBAA6E,GACxF,eAAAA,CACE5C,aAAa,EACb6C,kBAAkB,EAClB5C,MAAM,EAEH;EAAA,IADH;IAAE6C,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAM;IAAEvB;EAAc,CAAC,GAAGoB,kBAAkB;EAC5C;EACA,MAAMM,WAAW,GAAG,MAAMpD,sBAAsB,CAACC,aAAa,EAAEC,MAAM,EAAE;IACtE6B,QAAQ,EAAEL,aAAa,CAAC2B,MAAM,CAC5B,CAACC,GAAG,EAAEC,YAAY,MAAM;MACtB,GAAGD,GAAG;MACN,CAACC,YAAY,CAACd,YAAY,GAAGc,YAAY,CAACZ;IAC5C,CAAC,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC;;EAEF;EACA,OAAO,MAAMI,QAAQ,CAAC9C,aAAa,CAACuD,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEP;EACR,CAAC,CAAC,CACCQ,IAAI,CAAC5E,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3B4E,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAACtE,qBAAqB,CAACyE,KAAK,CAAC,CACjCC,KAAK,CAACC,gCAAgC,CAAC;AAC5C,CAAC;AAEH,OAAO,MAAMC,8BAAuF,GAClG,eAAAA,CACEjE,aAAa,EAAAkE,KAAA,EAGV;EAAA,IAFH;IAAEC,KAAK;IAAEC;EAAiB,CAAC,GAAAF,KAAA;EAAA,IAC3B;IAAEpB,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAMG,WAAW,GAAG,MAAM5D,mBAAmB,CAACS,aAAa,EAAE;IAC3DmE,KAAK;IACLE,iBAAiB,EAAED;EACrB,CAAC,CAAC;EAEF,OAAO,MAAMtB,QAAQ,CAAC9C,aAAa,CAACuD,YAAY,EAAE;IAChDC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEP;EACR,CAAC,CAAC,CACCQ,IAAI,CAAC5E,gBAAgB,CAAC,GAAG,EAAEC,yBAAyB,CAAC,CAAC,CACtD2E,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAACtE,qBAAqB,CAACyE,KAAK,CAAC;AACtC,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA,MAAME,gCAAgC,GAAIM,CAAU,IAAK;EACvD,IAAI,EAAEA,CAAC,YAAYnF,yBAAyB,CAAC,EAAE;IAC7C,MAAMmF,CAAC;EACT;EAEA,MAAM,IAAIpF,oBAAoB,CAACF,yBAAyB,CAAC,CACtDuF,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEvF,8BAA8B,CAACwF,4BAA4B;IACjEC,OAAO,EACL;EACJ,CAAC,CAAC,CACDH,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEvF,8BAA8B,CAACwF,4BAA4B;IACjEC,OAAO,EAAE;EACX,CAAC,CAAC,CACDH,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEvF,8BAA8B,CAAC0F,wBAAwB;IAC7DD,OAAO,EAAE;EACX,CAAC,CAAC,CACDE,SAAS,CAACN,CAAC,CAAC;AACjB,CAAC"}

package/lib/module/credential/presentation/v1.0.0/index.js ADDED Viewed

@@ -0,0 +1,17 @@
+import { startFlowFromQR } from "./01-start-flow";
+import { evaluateRelyingPartyTrust } from "./02-evaluate-rp-trust";
+import { getRequestObject } from "./03-get-request-object";
+import { verifyRequestObject } from "./04-verify-request-object";
+import { evaluateDcqlQuery } from "./05-evaluate-dcql-query";
+import { prepareRemotePresentations, sendAuthorizationResponse, sendAuthorizationErrorResponse } from "./06-send-authorization-response";
+export const RemotePresentation = {
+  startFlowFromQR,
+  evaluateRelyingPartyTrust,
+  getRequestObject,
+  verifyRequestObject,
+  evaluateDcqlQuery,
+  prepareRemotePresentations,
+  sendAuthorizationResponse,
+  sendAuthorizationErrorResponse
+};
+//# sourceMappingURL=index.js.map

package/lib/module/credential/presentation/v1.0.0/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["startFlowFromQR","evaluateRelyingPartyTrust","getRequestObject","verifyRequestObject","evaluateDcqlQuery","prepareRemotePresentations","sendAuthorizationResponse","sendAuthorizationErrorResponse","RemotePresentation"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/index.ts"],"mappings":"AACA,SAASA,eAAe,QAAQ,iBAAiB;AACjD,SAASC,yBAAyB,QAAQ,wBAAwB;AAClE,SAASC,gBAAgB,QAAQ,yBAAyB;AAC1D,SAASC,mBAAmB,QAAQ,4BAA4B;AAChE,SAASC,iBAAiB,QAAQ,0BAA0B;AAC5D,SACEC,0BAA0B,EAC1BC,yBAAyB,EACzBC,8BAA8B,QACzB,kCAAkC;AAEzC,OAAO,MAAMC,kBAAyC,GAAG;EACvDR,eAAe;EACfC,yBAAyB;EACzBC,gBAAgB;EAChBC,mBAAmB;EACnBC,iBAAiB;EACjBC,0BAA0B;EAC1BC,yBAAyB;EACzBC;AACF,CAAC"}

package/lib/module/credential/presentation/v1.0.0/mappers.js ADDED Viewed

@@ -0,0 +1,25 @@
+import { createMapper } from "../../../utils/mappers";
+export const mapToRelyingPartyConfig = createMapper(x => {
+  const {
+    federation_entity,
+    openid_credential_verifier
+  } = x.payload.metadata;
+  return {
+    subject: x.payload.sub,
+    jwks: openid_credential_verifier.jwks,
+    authorization_encrypted_response_alg: openid_credential_verifier.authorization_encrypted_response_alg,
+    authorization_encrypted_response_enc: openid_credential_verifier.authorization_encrypted_response_enc,
+    federation_entity
+  };
+});
+export const mapToRequestObject = createMapper(x => ({
+  iss: x.iss,
+  client_id: x.client_id,
+  dcql_query: x.dcql_query,
+  nonce: x.nonce,
+  response_uri: x.response_uri,
+  state: x.state,
+  response_mode: x.response_mode,
+  response_type: x.response_type
+}));
+//# sourceMappingURL=mappers.js.map

package/lib/module/credential/presentation/v1.0.0/mappers.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["createMapper","mapToRelyingPartyConfig","x","federation_entity","openid_credential_verifier","payload","metadata","subject","sub","jwks","authorization_encrypted_response_alg","authorization_encrypted_response_enc","mapToRequestObject","iss","client_id","dcql_query","nonce","response_uri","state","response_mode","response_type"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/mappers.ts"],"mappings":"AAAA,SAASA,YAAY,QAAQ,wBAAwB;AAMrD,OAAO,MAAMC,uBAAuB,GAAGD,YAAY,CAGhDE,CAAC,IAAK;EACP,MAAM;IAAEC,iBAAiB;IAAEC;EAA2B,CAAC,GAAGF,CAAC,CAACG,OAAO,CAACC,QAAQ;EAC5E,OAAO;IACLC,OAAO,EAAEL,CAAC,CAACG,OAAO,CAACG,GAAG;IACtBC,IAAI,EAAEL,0BAA0B,CAACK,IAAI;IACrCC,oCAAoC,EAClCN,0BAA0B,CAACM,oCAAoC;IACjEC,oCAAoC,EAClCP,0BAA0B,CAACO,oCAAoC;IACjER;EACF,CAAC;AACH,CAAC,CAAC;AAEF,OAAO,MAAMS,kBAAkB,GAAGZ,YAAY,CAG3CE,CAAC,KAAM;EACRW,GAAG,EAAEX,CAAC,CAACW,GAAG;EACVC,SAAS,EAAEZ,CAAC,CAACY,SAAS;EACtBC,UAAU,EAAEb,CAAC,CAACa,UAAU;EACxBC,KAAK,EAAEd,CAAC,CAACc,KAAK;EACdC,YAAY,EAAEf,CAAC,CAACe,YAAY;EAC5BC,KAAK,EAAEhB,CAAC,CAACgB,KAAK;EACdC,aAAa,EAAEjB,CAAC,CAACiB,aAAa;EAC9BC,aAAa,EAAElB,CAAC,CAACkB;AACnB,CAAC,CAAC,CAAC"}

package/lib/module/credential/presentation/v1.0.0/types.js ADDED Viewed

@@ -0,0 +1,36 @@
+import * as z from "zod";
+import { UnixTime } from "../../../utils/zod";
+import { ErrorResponse } from "../api/types";
+export const RequestObjectPayload = z.object({
+  iss: z.string(),
+  iat: UnixTime,
+  exp: UnixTime,
+  state: z.string(),
+  nonce: z.string(),
+  response_uri: z.string(),
+  request_uri_method: z.string().optional(),
+  response_type: z.literal("vp_token"),
+  response_mode: z.literal("direct_post.jwt"),
+  client_id: z.string(),
+  dcql_query: z.record(z.string(), z.any()),
+  // Validation happens within the `dcql` library, no need to duplicate it here
+  scope: z.string().optional(),
+  wallet_nonce: z.string().optional()
+});
+/**
+ * Authorization Response payload sent to the Relying Party.
+ */
+export const DirectAuthorizationBodyPayload = z.union([z.object({
+  vp_token: z.record(z.string(), z.string())
+}), z.object({
+  error: ErrorResponse,
+  error_description: z.string()
+})]);
+export const AuthorizationResponse = z.object({
+  status: z.string().optional(),
+  response_code: z.string().optional(),
+  redirect_uri: z.string().optional()
+});
+//# sourceMappingURL=types.js.map

package/lib/module/credential/presentation/v1.0.0/types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["z","UnixTime","ErrorResponse","RequestObjectPayload","object","iss","string","iat","exp","state","nonce","response_uri","request_uri_method","optional","response_type","literal","response_mode","client_id","dcql_query","record","any","scope","wallet_nonce","DirectAuthorizationBodyPayload","union","vp_token","error","error_description","AuthorizationResponse","status","response_code","redirect_uri"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/types.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,aAAa,QAAQ,cAAc;AAG5C,OAAO,MAAMC,oBAAoB,GAAGH,CAAC,CAACI,MAAM,CAAC;EAC3CC,GAAG,EAAEL,CAAC,CAACM,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEN,QAAQ;EACbO,GAAG,EAAEP,QAAQ;EACbQ,KAAK,EAAET,CAAC,CAACM,MAAM,CAAC,CAAC;EACjBI,KAAK,EAAEV,CAAC,CAACM,MAAM,CAAC,CAAC;EACjBK,YAAY,EAAEX,CAAC,CAACM,MAAM,CAAC,CAAC;EACxBM,kBAAkB,EAAEZ,CAAC,CAACM,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC,CAAC;EACzCC,aAAa,EAAEd,CAAC,CAACe,OAAO,CAAC,UAAU,CAAC;EACpCC,aAAa,EAAEhB,CAAC,CAACe,OAAO,CAAC,iBAAiB,CAAC;EAC3CE,SAAS,EAAEjB,CAAC,CAACM,MAAM,CAAC,CAAC;EACrBY,UAAU,EAAElB,CAAC,CAACmB,MAAM,CAACnB,CAAC,CAACM,MAAM,CAAC,CAAC,EAAEN,CAAC,CAACoB,GAAG,CAAC,CAAC,CAAC;EAAE;EAC3CC,KAAK,EAAErB,CAAC,CAACM,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC,CAAC;EAC5BS,YAAY,EAAEtB,CAAC,CAACM,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC;AACpC,CAAC,CAAC;;AAEF;AACA;AACA;;AAIA,OAAO,MAAMU,8BAA8B,GAAGvB,CAAC,CAACwB,KAAK,CAAC,CACpDxB,CAAC,CAACI,MAAM,CAAC;EACPqB,QAAQ,EAAEzB,CAAC,CAACmB,MAAM,CAACnB,CAAC,CAACM,MAAM,CAAC,CAAC,EAAEN,CAAC,CAACM,MAAM,CAAC,CAAC;AAC3C,CAAC,CAAC,EACFN,CAAC,CAACI,MAAM,CAAC;EAAEsB,KAAK,EAAExB,aAAa;EAAEyB,iBAAiB,EAAE3B,CAAC,CAACM,MAAM,CAAC;AAAE,CAAC,CAAC,CAClE,CAAC;AAGF,OAAO,MAAMsB,qBAAqB,GAAG5B,CAAC,CAACI,MAAM,CAAC;EAC5CyB,MAAM,EAAE7B,CAAC,CAACM,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC,CAAC;EAC7BiB,aAAa,EAAE9B,CAAC,CAACM,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC,CAAC;EACpCkB,YAAY,EAAE/B,CAAC,CAACM,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC;AACpC,CAAC,CAAC"}

package/lib/module/credential/presentation/v1.0.0/utils.js ADDED Viewed

@@ -0,0 +1,20 @@
+import { JWKS } from "../../../utils/jwk";
+/**
+ * Fetches the JSON Web Key Set (JWKS) from the Relying Party's Entity Configuration.
+ * @param rpConfig - The Relying Party's common configuration,
+ * @returns An object containing an array of JSON Web Keys (JWKs).
+ */
+export const getJwksFromRpConfig = rpConfig => {
+  const jwks = rpConfig.jwks.keys;
+  if (!jwks || !Array.isArray(jwks)) {
+    throw new Error("JWKS not found in Relying Party configuration.");
+  }
+  const parsed = JWKS.safeParse({
+    keys: jwks
+  });
+  if (!parsed.success) {
+    throw new Error("JWKS contains unsupported or invalid keys (only RSA/EC JWK supported)");
+  }
+  return parsed.data;
+};
+//# sourceMappingURL=utils.js.map

package/lib/module/credential/presentation/v1.0.0/utils.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["JWKS","getJwksFromRpConfig","rpConfig","jwks","keys","Array","isArray","Error","parsed","safeParse","success","data"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/utils.ts"],"mappings":"AAAA,SAASA,IAAI,QAAkB,oBAAoB;AAGnD;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAmB,GAC9BC,QAA4B,IACR;EACpB,MAAMC,IAAI,GAAGD,QAAQ,CAACC,IAAI,CAACC,IAAI;EAE/B,IAAI,CAACD,IAAI,IAAI,CAACE,KAAK,CAACC,OAAO,CAACH,IAAI,CAAC,EAAE;IACjC,MAAM,IAAII,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,MAAMC,MAAM,GAAGR,IAAI,CAACS,SAAS,CAAC;IAAEL,IAAI,EAAED;EAAK,CAAC,CAAC;EAC7C,IAAI,CAACK,MAAM,CAACE,OAAO,EAAE;IACnB,MAAM,IAAIH,KAAK,CACb,uEACF,CAAC;EACH;EAEA,OAAOC,MAAM,CAACG,IAAI;AACpB,CAAC"}

package/lib/module/credential/presentation/v1.0.0/utils.jwks.js ADDED Viewed

@@ -0,0 +1,20 @@
+import { JWKS } from "../../../utils/jwk";
+/**
+ * Fetches the JSON Web Key Set (JWKS) from the Relying Party's Entity Configuration.
+ * @param rpConfig - The Relying Party's common configuration,
+ * @returns An object containing an array of JSON Web Keys (JWKs).
+ */
+export const getJwksFromRpConfig = rpConfig => {
+  const jwks = rpConfig.jwks.keys;
+  if (!jwks || !Array.isArray(jwks)) {
+    throw new Error("JWKS not found in Relying Party configuration.");
+  }
+  const parsed = JWKS.safeParse({
+    keys: jwks
+  });
+  if (!parsed.success) {
+    throw new Error("JWKS contains unsupported or invalid keys (only RSA/EC JWK supported)");
+  }
+  return parsed.data;
+};
+//# sourceMappingURL=utils.jwks.js.map

package/lib/module/credential/presentation/v1.0.0/utils.jwks.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["JWKS","getJwksFromRpConfig","rpConfig","jwks","keys","Array","isArray","Error","parsed","safeParse","success","data"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/utils.jwks.ts"],"mappings":"AAAA,SAASA,IAAI,QAAkB,oBAAoB;AAGnD;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAmB,GAC9BC,QAA4B,IACR;EACpB,MAAMC,IAAI,GAAGD,QAAQ,CAACC,IAAI,CAACC,IAAI;EAE/B,IAAI,CAACD,IAAI,IAAI,CAACE,KAAK,CAACC,OAAO,CAACH,IAAI,CAAC,EAAE;IACjC,MAAM,IAAII,KAAK,CAAC,gDAAgD,CAAC;EACnE;EAEA,MAAMC,MAAM,GAAGR,IAAI,CAACS,SAAS,CAAC;IAAEL,IAAI,EAAED;EAAK,CAAC,CAAC;EAC7C,IAAI,CAACK,MAAM,CAACE,OAAO,EAAE;IACnB,MAAM,IAAIH,KAAK,CACb,uEACF,CAAC;EACH;EAEA,OAAOC,MAAM,CAACG,IAAI;AACpB,CAAC"}

package/lib/module/credential/presentation/v1.3.3/01-start-flow.js ADDED Viewed

@@ -0,0 +1,16 @@
+import { InvalidQRCodeError } from "../common/errors";
+import { PresentationParams } from "../api/types";
+import { validateAuthorizationRequestParams } from "@pagopa/io-wallet-oid4vp";
+export const startFlowFromQR = params => {
+  const parsed = PresentationParams.safeParse(params);
+  if (!parsed.success) {
+    throw new InvalidQRCodeError(parsed.error.message);
+  }
+  try {
+    const validatedParams = validateAuthorizationRequestParams(parsed.data);
+    return validatedParams;
+  } catch (e) {
+    throw new InvalidQRCodeError(e instanceof Error ? e.message : String(e));
+  }
+};
+//# sourceMappingURL=01-start-flow.js.map

package/lib/module/credential/presentation/v1.3.3/01-start-flow.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["InvalidQRCodeError","PresentationParams","validateAuthorizationRequestParams","startFlowFromQR","params","parsed","safeParse","success","error","message","validatedParams","data","e","Error","String"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/01-start-flow.ts"],"mappings":"AAAA,SAASA,kBAAkB,QAAQ,kBAAkB;AAErD,SAASC,kBAAkB,QAAQ,cAAc;AACjD,SAASC,kCAAkC,QAAQ,0BAA0B;AAE7E,OAAO,MAAMC,eAAyD,GACpEC,MAAM,IACH;EACH,MAAMC,MAAM,GAAGJ,kBAAkB,CAACK,SAAS,CAACF,MAAM,CAAC;EAEnD,IAAI,CAACC,MAAM,CAACE,OAAO,EAAE;IACnB,MAAM,IAAIP,kBAAkB,CAACK,MAAM,CAACG,KAAK,CAACC,OAAO,CAAC;EACpD;EAEA,IAAI;IACF,MAAMC,eAAe,GAAGR,kCAAkC,CAACG,MAAM,CAACM,IAAI,CAAC;IAEvE,OAAOD,eAAe;EACxB,CAAC,CAAC,OAAOE,CAAC,EAAE;IACV,MAAM,IAAIZ,kBAAkB,CAACY,CAAC,YAAYC,KAAK,GAAGD,CAAC,CAACH,OAAO,GAAGK,MAAM,CAACF,CAAC,CAAC,CAAC;EAC1E;AACF,CAAC"}

package/lib/module/credential/presentation/v1.3.3/02-evaluate-rp-trust.js ADDED Viewed

@@ -0,0 +1,15 @@
+import { getRelyingPartyEntityConfiguration } from "../../../trust/v1.3.3/entities";
+import { mapToRelyingPartyConfig } from "./mappers";
+export const evaluateRelyingPartyTrust = async function (rpUrl) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  const rpEntityConfiguration = await getRelyingPartyEntityConfiguration(rpUrl, {
+    appFetch
+  });
+  const rpConf = mapToRelyingPartyConfig(rpEntityConfiguration);
+  return {
+    rpConf
+  };
+};
+//# sourceMappingURL=02-evaluate-rp-trust.js.map

package/lib/module/credential/presentation/v1.3.3/02-evaluate-rp-trust.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["getRelyingPartyEntityConfiguration","mapToRelyingPartyConfig","evaluateRelyingPartyTrust","rpUrl","appFetch","fetch","arguments","length","undefined","rpEntityConfiguration","rpConf"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/02-evaluate-rp-trust.ts"],"mappings":"AAAA,SAASA,kCAAkC,QAAQ,gCAAgC;AAEnF,SAASC,uBAAuB,QAAQ,WAAW;AAEnD,OAAO,MAAMC,yBAA6E,GACxF,eAAAA,CAAOC,KAAK,EAAgC;EAAA,IAA9B;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EACrC,MAAMG,qBAAqB,GAAG,MAAMT,kCAAkC,CACpEG,KAAK,EACL;IAAEC;EAAS,CACb,CAAC;EAED,MAAMM,MAAM,GAAGT,uBAAuB,CAACQ,qBAAqB,CAAC;EAE7D,OAAO;IAAEC;EAAO,CAAC;AACnB,CAAC"}

package/lib/module/credential/presentation/v1.3.3/03-get-request-object.js ADDED Viewed

@@ -0,0 +1,30 @@
+import { RequestObjectWalletCapabilities } from "../api/types";
+import { fetchAuthorizationRequest as sdkFetchAuthorizationRequest } from "@pagopa/io-wallet-oid4vp";
+import { mapSdkFetchAuthRequestError } from "./sdkErrorMapper";
+export const getRequestObject = async function (authorizationRequestUrl) {
+  let {
+    appFetch = fetch,
+    walletCapabilities
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  const walletParams = walletCapabilities ? (() => {
+    const {
+      wallet_metadata,
+      wallet_nonce
+    } = RequestObjectWalletCapabilities.parse(walletCapabilities);
+    return {
+      walletMetadata: wallet_metadata,
+      walletNonce: wallet_nonce
+    };
+  })() : {};
+  const result = await sdkFetchAuthorizationRequest({
+    authorizeRequestUrl: authorizationRequestUrl,
+    callbacks: {
+      fetch: appFetch
+    },
+    ...walletParams
+  }).catch(mapSdkFetchAuthRequestError);
+  return {
+    requestObjectEncodedJwt: result.requestObjectJwt
+  };
+};
+//# sourceMappingURL=03-get-request-object.js.map

package/lib/module/credential/presentation/v1.3.3/03-get-request-object.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["RequestObjectWalletCapabilities","fetchAuthorizationRequest","sdkFetchAuthorizationRequest","mapSdkFetchAuthRequestError","getRequestObject","authorizationRequestUrl","appFetch","fetch","walletCapabilities","arguments","length","undefined","walletParams","wallet_metadata","wallet_nonce","parse","walletMetadata","walletNonce","result","authorizeRequestUrl","callbacks","catch","requestObjectEncodedJwt","requestObjectJwt"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/03-get-request-object.ts"],"mappings":"AACA,SAASA,+BAA+B,QAAQ,cAAc;AAC9D,SAASC,yBAAyB,IAAIC,4BAA4B,QAAQ,0BAA0B;AACpG,SAASC,2BAA2B,QAAQ,kBAAkB;AAE9D,OAAO,MAAMC,gBAA2D,GACtE,eAAAA,CACEC,uBAAuB,EAEpB;EAAA,IADH;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAAmB,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAE7C,MAAMG,YAAY,GAAGJ,kBAAkB,GACnC,CAAC,MAAM;IACL,MAAM;MAAEK,eAAe;MAAEC;IAAa,CAAC,GACrCd,+BAA+B,CAACe,KAAK,CAACP,kBAAkB,CAAC;IAC3D,OAAO;MAAEQ,cAAc,EAAEH,eAAe;MAAEI,WAAW,EAAEH;IAAa,CAAC;EACvE,CAAC,EAAE,CAAC,GACJ,CAAC,CAAC;EAEN,MAAMI,MAAM,GAAG,MAAMhB,4BAA4B,CAAC;IAChDiB,mBAAmB,EAAEd,uBAAuB;IAC5Ce,SAAS,EAAE;MAAEb,KAAK,EAAED;IAAS,CAAC;IAC9B,GAAGM;EACL,CAAC,CAAC,CAACS,KAAK,CAAClB,2BAA2B,CAAC;EAErC,OAAO;IACLmB,uBAAuB,EAAEJ,MAAM,CAACK;EAClC,CAAC;AACH,CAAC"}