npm - @pagopa/io-react-native-wallet - Versions diffs - 2.5.0 → 3.0.0 - Mend

@pagopa/io-react-native-wallet 2.5.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1562) hide show

package/lib/commonjs/credential/issuance/common/06-verify-and-parse-credential.mdoc.js ADDED Viewed

@@ -0,0 +1,178 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.verifyAndParseCredentialMDoc = void 0;
+var _converter = require("../../../mdoc/converter");
+var _mdoc = require("../../../mdoc");
+var _const = require("../../../mdoc/const");
+var _errors = require("../../../utils/errors");
+var _jwk = require("../../../utils/jwk");
+/**
+ * Given a credential, verify it's in the supported format
+ * and the credential is correctly signed
+ * and it's bound to the given key
+ *
+ * @param rawCredential The received credential
+ * @param x509CertRoot The root certificate of the issuer, which will be used to verify the signature
+ * @param holderBindingContext The access to the holder's key
+ *
+ * @throws If the signature verification fails
+ * @throws If the credential is not in the SdJwt4VC format
+ * @throws If the holder binding is not properly configured
+ *
+ */
+async function verifyCredentialMDoc(rawCredential, x509CertRoot, holderBindingContext) {
+  const [decodedCredential, holderBindingKey] =
+  // parallel for optimization
+  await Promise.all([(0, _mdoc.verify)(rawCredential, x509CertRoot), holderBindingContext.getPublicKey()]);
+  if (!decodedCredential) {
+    throw new _errors.IoWalletError("No MDOC credentials found!");
+  }
+  const key = decodedCredential.issuerSigned.issuerAuth.payload.deviceKeyInfo.deviceKey;
+  if (!(await (0, _jwk.isSameThumbprint)(key, holderBindingKey))) {
+    throw new _errors.IoWalletError(`Failed to verify holder binding, holder binding key and mDoc deviceKey don't match`);
+  }
+  return decodedCredential;
+}
+const parseCredentialMDoc = function (credentialConfig, _ref) {
+  let {
+    issuerSigned
+  } = _ref;
+  let ignoreMissingAttributes = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
+  let includeUndefinedAttributes = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : false;
+  if (!credentialConfig) {
+    throw new _errors.IoWalletError("Credential type not supported by the issuer");
+  }
+  if (!credentialConfig.claims) {
+    throw new _errors.IoWalletError("Missing claims in the credential subject");
+  }
+  const attrDefinitions = credentialConfig.claims.map(_ref2 => {
+    let {
+      path: [namespace, attribute],
+      display
+    } = _ref2;
+    return [namespace, attribute, display];
+  });
+  if (!issuerSigned.nameSpaces) {
+    throw new _errors.IoWalletError("Missing claims in the credential");
+  }
+  const flatNamespaces = Object.entries(issuerSigned.nameSpaces).flatMap(_ref3 => {
+    let [namespace, values] = _ref3;
+    return values.map(v => [namespace, v.elementIdentifier, v.elementValue]);
+  });
+  // Check that all mandatory attributes defined in the issuer configuration are present in the disclosure set
+  // and filter the non present ones
+  const attrsNotInDisclosures = attrDefinitions.filter(_ref4 => {
+    let [attrDefNamespace, attrKey] = _ref4;
+    return !flatNamespaces.some(_ref5 => {
+      let [namespace, claim] = _ref5;
+      return attrDefNamespace === namespace && attrKey === claim;
+    });
+  });
+  if (attrsNotInDisclosures.length > 0) {
+    const missing = attrsNotInDisclosures.map(_ref6 => {
+      let [, attrKey] = _ref6;
+      return attrKey;
+    }).join(", ");
+    const received = flatNamespaces.map(_ref7 => {
+      let [, attrKey] = _ref7;
+      return attrKey;
+    }).join(", ");
+    if (!ignoreMissingAttributes) {
+      throw new _errors.IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
+    }
+  }
+  // Attributes defined in the issuer configuration and present in the disclosure set
+  const definedValues = attrDefinitions
+  // Retrieve the value from the corresponding disclosure
+  .map(_ref8 => {
+    var _flatNamespaces$find;
+    let [attrDefNamespace, attrKey, display] = _ref8;
+    return [attrDefNamespace, attrKey, {
+      display,
+      value: (_flatNamespaces$find = flatNamespaces.find(_ref9 => {
+        let [namespace, name] = _ref9;
+        return attrDefNamespace === namespace && name === attrKey;
+      })) === null || _flatNamespaces$find === void 0 ? void 0 : _flatNamespaces$find[2]
+    }];
+  })
+  //filter the not found elements
+  .filter(_ref10 => {
+    let [_, __, definition] = _ref10;
+    return definition.value !== undefined;
+  })
+  // Add a human-readable attribute name, with i18n, in the form { locale: name }
+  // Example: { "it-IT": "Nome", "en-EN": "Name", "es-ES": "Nombre" }
+  .reduce((acc, _ref11) => {
+    let [attrDefNamespace, attrKey, {
+      display,
+      value
+    }] = _ref11;
+    return {
+      ...acc,
+      [(0, _mdoc.getParsedCredentialClaimKey)(attrDefNamespace, attrKey)]: {
+        value,
+        name: display.reduce((names, _ref12) => {
+          let {
+            locale,
+            name
+          } = _ref12;
+          return {
+            ...names,
+            [locale]: name
+          };
+        }, {})
+      }
+    };
+  }, {});
+  if (includeUndefinedAttributes) {
+    const undefinedValues = Object.fromEntries(Object.values(flatNamespaces).filter(_ref13 => {
+      let [namespace, key] = _ref13;
+      return !definedValues[(0, _mdoc.getParsedCredentialClaimKey)(namespace, key)];
+    }).map(_ref14 => {
+      let [namespace, key, value] = _ref14;
+      return [(0, _mdoc.getParsedCredentialClaimKey)(namespace, key), {
+        value,
+        name: key
+      }];
+    }));
+    return {
+      ...definedValues,
+      ...undefinedValues
+    };
+  }
+  return definedValues;
+};
+const verifyAndParseCredentialMDoc = async (issuerConf, credential, credentialConfigurationId, _ref15, x509CertRoot) => {
+  var _parsedCredential$get, _parsedCredential$get2;
+  let {
+    credentialCryptoContext,
+    ignoreMissingAttributes
+  } = _ref15;
+  if (!x509CertRoot) {
+    throw new _errors.IoWalletError("Missing x509CertRoot");
+  }
+  const decoded = await verifyCredentialMDoc(credential, x509CertRoot, credentialCryptoContext);
+  const credentialConfig = issuerConf.credential_configurations_supported[credentialConfigurationId];
+  const parsedCredential = parseCredentialMDoc(credentialConfig, decoded, ignoreMissingAttributes, ignoreMissingAttributes);
+  const expirationDate = (0, _converter.extractElementValueAsDate)(parsedCredential === null || parsedCredential === void 0 || (_parsedCredential$get = parsedCredential[(0, _mdoc.getParsedCredentialClaimKey)(_const.MDOC_DEFAULT_NAMESPACE, "expiry_date")]) === null || _parsedCredential$get === void 0 ? void 0 : _parsedCredential$get.value);
+  if (!expirationDate) {
+    throw new _errors.IoWalletError(`expirationDate must be present!!`);
+  }
+  expirationDate.setDate(expirationDate.getDate() + 1);
+  const maybeIssuedAt = (0, _converter.extractElementValueAsDate)(parsedCredential === null || parsedCredential === void 0 || (_parsedCredential$get2 = parsedCredential[(0, _mdoc.getParsedCredentialClaimKey)(_const.MDOC_DEFAULT_NAMESPACE, "issue_date")]) === null || _parsedCredential$get2 === void 0 ? void 0 : _parsedCredential$get2.value);
+  maybeIssuedAt === null || maybeIssuedAt === void 0 ? void 0 : maybeIssuedAt.setDate(maybeIssuedAt.getDate() + 1);
+  return {
+    parsedCredential,
+    credential,
+    credentialConfigurationId,
+    expiration: expirationDate,
+    issuedAt: maybeIssuedAt ?? undefined
+  };
+};
+exports.verifyAndParseCredentialMDoc = verifyAndParseCredentialMDoc;
+//# sourceMappingURL=06-verify-and-parse-credential.mdoc.js.map

package/lib/commonjs/credential/issuance/common/06-verify-and-parse-credential.mdoc.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_converter","require","_mdoc","_const","_errors","_jwk","verifyCredentialMDoc","rawCredential","x509CertRoot","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","verifyMdoc","getPublicKey","IoWalletError","key","issuerSigned","issuerAuth","payload","deviceKeyInfo","deviceKey","isSameThumbprint","parseCredentialMDoc","credentialConfig","_ref","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","claims","attrDefinitions","map","_ref2","path","namespace","attribute","display","nameSpaces","flatNamespaces","Object","entries","flatMap","_ref3","values","v","elementIdentifier","elementValue","attrsNotInDisclosures","filter","_ref4","attrDefNamespace","attrKey","some","_ref5","claim","missing","_ref6","join","received","_ref7","definedValues","_ref8","_flatNamespaces$find","value","find","_ref9","name","_ref10","_","__","definition","reduce","acc","_ref11","getParsedCredentialClaimKey","names","_ref12","locale","undefinedValues","fromEntries","_ref13","_ref14","verifyAndParseCredentialMDoc","issuerConf","credential","credentialConfigurationId","_ref15","_parsedCredential$get","_parsedCredential$get2","credentialCryptoContext","decoded","credential_configurations_supported","parsedCredential","expirationDate","extractElementValueAsDate","MDOC_DEFAULT_NAMESPACE","setDate","getDate","maybeIssuedAt","expiration","issuedAt","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/common/06-verify-and-parse-credential.mdoc.ts"],"mappings":";;;;;;AAGA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AAIA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AAEA,IAAAI,IAAA,GAAAJ,OAAA;AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeK,oBAAoBA,CACjCC,aAAqB,EACrBC,YAAoB,EACpBC,oBAAmC,EACH;EAChC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB,IAAAC,YAAU,EAACP,aAAa,EAAEC,YAAY,CAAC,EACvCC,oBAAoB,CAACM,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,IAAI,CAACL,iBAAiB,EAAE;IACtB,MAAM,IAAIM,qBAAa,CAAC,4BAA4B,CAAC;EACvD;EAEA,MAAMC,GAAG,GACPP,iBAAiB,CAACQ,YAAY,CAACC,UAAU,CAACC,OAAO,CAACC,aAAa,CAACC,SAAS;EAE3E,IAAI,EAAE,MAAM,IAAAC,qBAAgB,EAACN,GAAG,EAAEN,gBAA6B,CAAC,CAAC,EAAE;IACjE,MAAM,IAAIK,qBAAa,CACpB,oFACH,CAAC;EACH;EAEA,OAAON,iBAAiB;AAC1B;AAEA,MAAMc,mBAAmB,GAAG,SAAAA,CAE1BC,gBAAgC,EAAAC,IAAA,EAKX;EAAA,IAHrB;IAAER;EAAoC,CAAC,GAAAQ,IAAA;EAAA,IACvCC,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,IAAI,CAACH,gBAAgB,EAAE;IACrB,MAAM,IAAIT,qBAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,IAAI,CAACS,gBAAgB,CAACO,MAAM,EAAE;IAC5B,MAAM,IAAIhB,qBAAa,CAAC,0CAA0C,CAAC;EACrE;EAEA,MAAMiB,eAAe,GAAGR,gBAAgB,CAACO,MAAM,CAACE,GAAG,CAEjDC,KAAA;IAAA,IAAC;MAAEC,IAAI,EAAE,CAACC,SAAS,EAAEC,SAAS,CAAC;MAAEC;IAAQ,CAAC,GAAAJ,KAAA;IAAA,OAAK,CAC/CE,SAAS,EACTC,SAAS,EACTC,OAAO,CACR;EAAA,EAAC;EAEF,IAAI,CAACrB,YAAY,CAACsB,UAAU,EAAE;IAC5B,MAAM,IAAIxB,qBAAa,CAAC,kCAAkC,CAAC;EAC7D;EAEA,MAAMyB,cAAc,GAAGC,MAAM,CAACC,OAAO,CAACzB,YAAY,CAACsB,UAAU,CAAC,CAACI,OAAO,CACpEC,KAAA;IAAA,IAAC,CAACR,SAAS,EAAES,MAAM,CAAC,GAAAD,KAAA;IAAA,OAClBC,MAAM,CAACZ,GAAG,CAA4Ba,CAAC,IAAK,CAC1CV,SAAS,EACTU,CAAC,CAACC,iBAAiB,EACnBD,CAAC,CAACE,YAAY,CACf,CAAC;EAAA,CACN,CAAC;;EAED;EACA;EACA,MAAMC,qBAAqB,GAAGjB,eAAe,CAACkB,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,gBAAgB,EAAEC,OAAO,CAAC,GAAAF,KAAA;IAAA,OAC1B,CAACX,cAAc,CAACc,IAAI,CAClBC,KAAA;MAAA,IAAC,CAACnB,SAAS,EAAEoB,KAAK,CAAC,GAAAD,KAAA;MAAA,OACjBH,gBAAgB,KAAKhB,SAAS,IAAIiB,OAAO,KAAKG,KAAK;IAAA,CACvD,CAAC;EAAA,CACL,CAAC;EAED,IAAIP,qBAAqB,CAACrB,MAAM,GAAG,CAAC,EAAE;IACpC,MAAM6B,OAAO,GAAGR,qBAAqB,CAClChB,GAAG,CAACyB,KAAA;MAAA,IAAC,GAAGL,OAAO,CAAC,GAAAK,KAAA;MAAA,OAAKL,OAAO;IAAA,EAAC,CAC7BM,IAAI,CAAC,IAAI,CAAC;IACb,MAAMC,QAAQ,GAAGpB,cAAc,CAACP,GAAG,CAAC4B,KAAA;MAAA,IAAC,GAAGR,OAAO,CAAC,GAAAQ,KAAA;MAAA,OAAKR,OAAO;IAAA,EAAC,CAACM,IAAI,CAAC,IAAI,CAAC;IAExE,IAAI,CAACjC,uBAAuB,EAAE;MAC5B,MAAM,IAAIX,qBAAa,CACpB,4DAA2D0C,OAAQ,iBAAgBG,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA,MAAME,aAAa,GAAG9B;EACpB;EAAA,CACCC,GAAG,CACF8B,KAAA;IAAA,IAAAC,oBAAA;IAAA,IAAC,CAACZ,gBAAgB,EAAEC,OAAO,EAAEf,OAAO,CAAC,GAAAyB,KAAA;IAAA,OACnC,CACEX,gBAAgB,EAChBC,OAAO,EACP;MACEf,OAAO;MACP2B,KAAK,GAAAD,oBAAA,GAAExB,cAAc,CAAC0B,IAAI,CACxBC,KAAA;QAAA,IAAC,CAAC/B,SAAS,EAAEgC,IAAI,CAAC,GAAAD,KAAA;QAAA,OAChBf,gBAAgB,KAAKhB,SAAS,IAAIgC,IAAI,KAAKf,OAAO;MAAA,CACtD,CAAC,cAAAW,oBAAA,uBAHMA,oBAAA,CAGH,CAAC;IACP,CAAC,CACF;EAAA,CACL;EACA;EAAA,CACCd,MAAM,CAACmB,MAAA;IAAA,IAAC,CAACC,CAAC,EAAEC,EAAE,EAAEC,UAAU,CAAC,GAAAH,MAAA;IAAA,OAAKG,UAAU,CAACP,KAAK,KAAKpC,SAAS;EAAA;EAC/D;EACA;EAAA,CACC4C,MAAM,CACL,CAACC,GAAG,EAAAC,MAAA;IAAA,IAAE,CAACvB,gBAAgB,EAAEC,OAAO,EAAE;MAAEf,OAAO;MAAE2B;IAAM,CAAC,CAAC,GAAAU,MAAA;IAAA,OAAM;MACzD,GAAGD,GAAG;MACN,CAAC,IAAAE,iCAA2B,EAACxB,gBAAgB,EAAEC,OAAO,CAAC,GAAG;QACxDY,KAAK;QACLG,IAAI,EAAE9B,OAAO,CAACmC,MAAM,CAClB,CAACI,KAAK,EAAAC,MAAA;UAAA,IAAE;YAAEC,MAAM;YAAEX;UAAK,CAAC,GAAAU,MAAA;UAAA,OAAM;YAC5B,GAAGD,KAAK;YACR,CAACE,MAAM,GAAGX;UACZ,CAAC;QAAA,CAAC,EACF,CAAC,CACH;MACF;IACF,CAAC;EAAA,CAAC,EACF,CAAC,CACH,CAAC;EAEH,IAAItC,0BAA0B,EAAE;IAC9B,MAAMkD,eAAiC,GAAGvC,MAAM,CAACwC,WAAW,CAC1DxC,MAAM,CAACI,MAAM,CAACL,cAAc,CAAC,CAC1BU,MAAM,CACLgC,MAAA;MAAA,IAAC,CAAC9C,SAAS,EAAEpB,GAAG,CAAC,GAAAkE,MAAA;MAAA,OACf,CAACpB,aAAa,CAAC,IAAAc,iCAA2B,EAACxC,SAAS,EAAEpB,GAAG,CAAC,CAAC;IAAA,CAC/D,CAAC,CACAiB,GAAG,CAACkD,MAAA;MAAA,IAAC,CAAC/C,SAAS,EAAEpB,GAAG,EAAEiD,KAAK,CAAC,GAAAkB,MAAA;MAAA,OAAK,CAChC,IAAAP,iCAA2B,EAACxC,SAAS,EAAEpB,GAAG,CAAC,EAC3C;QAAEiD,KAAK;QAAEG,IAAI,EAAEpD;MAAI,CAAC,CACrB;IAAA,EACL,CAAC;IACD,OAAO;MACL,GAAG8C,aAAa;MAChB,GAAGkB;IACL,CAAC;EACH;EAEA,OAAOlB,aAAa;AACtB,CAAC;AAEM,MAAMsB,4BAAqE,GAChF,MAAAA,CACEC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EAAAC,MAAA,EAEzBjF,YAAY,KACT;EAAA,IAAAkF,qBAAA,EAAAC,sBAAA;EAAA,IAFH;IAAEC,uBAAuB;IAAEjE;EAAwB,CAAC,GAAA8D,MAAA;EAGpD,IAAI,CAACjF,YAAY,EAAE;IACjB,MAAM,IAAIQ,qBAAa,CAAC,sBAAsB,CAAC;EACjD;EAEA,MAAM6E,OAAO,GAAG,MAAMvF,oBAAoB,CACxCiF,UAAU,EACV/E,YAAY,EACZoF,uBACF,CAAC;EAED,MAAMnE,gBAAgB,GACpB6D,UAAU,CAACQ,mCAAmC,CAC5CN,yBAAyB,CACzB;EACJ,MAAMO,gBAAgB,GAAGvE,mBAAmB,CAC1CC,gBAAgB,EAChBoE,OAAO,EACPlE,uBAAuB,EACvBA,uBACF,CAAC;EAED,MAAMqE,cAAc,GAAG,IAAAC,oCAAyB,EAC9CF,gBAAgB,aAAhBA,gBAAgB,gBAAAL,qBAAA,GAAhBK,gBAAgB,CACd,IAAAlB,iCAA2B,EAACqB,6BAAsB,EAAE,aAAa,CAAC,CACnE,cAAAR,qBAAA,uBAFDA,qBAAA,CAEGxB,KACL,CAAC;EACD,IAAI,CAAC8B,cAAc,EAAE;IACnB,MAAM,IAAIhF,qBAAa,CAAE,kCAAiC,CAAC;EAC7D;EACAgF,cAAc,CAACG,OAAO,CAACH,cAAc,CAACI,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC;EAEpD,MAAMC,aAAa,GAAG,IAAAJ,oCAAyB,EAC7CF,gBAAgB,aAAhBA,gBAAgB,gBAAAJ,sBAAA,GAAhBI,gBAAgB,CACd,IAAAlB,iCAA2B,EAACqB,6BAAsB,EAAE,YAAY,CAAC,CAClE,cAAAP,sBAAA,uBAFDA,sBAAA,CAEGzB,KACL,CAAC;EACDmC,aAAa,aAAbA,aAAa,uBAAbA,aAAa,CAAEF,OAAO,CAACE,aAAa,CAACD,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC;EAEnD,OAAO;IACLL,gBAAgB;IAChBR,UAAU;IACVC,yBAAyB;IACzBc,UAAU,EAAEN,cAAc;IAC1BO,QAAQ,EAAEF,aAAa,IAAIvE;EAC7B,CAAC;AACH,CAAC;AAAC0E,OAAA,CAAAnB,4BAAA,GAAAA,4BAAA"}

package/lib/commonjs/credential/issuance/common/06-verify-and-parse-credential.sdjwt.js ADDED Viewed

@@ -0,0 +1,183 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.verifyAndParseCredentialSdJwt = void 0;
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _core = require("@sd-jwt/core");
+var _cryptoNodejs = require("@sd-jwt/crypto-nodejs");
+var _parser = require("../../../utils/parser");
+var _errors = require("../../../utils/errors");
+var _logging = require("../../../utils/logging");
+var _jwk = require("../../../utils/jwk");
+/**
+ * Parse a Sd-Jwt credential according to the issuer configuration
+ * @param credentialConfig - the list of supported credentials, as defined in the issuer configuration with their claims metadata
+ * @param parsedCredentialRaw - the raw parsed credential
+ * @param ignoreMissingAttributes - skip error when attributes declared in the issuer configuration are not found within disclosures
+ * @param includeUndefinedAttributes - include attributes not explicitly declared in the issuer configuration
+ * @returns The parsed credential with attributes in plain value
+ */
+const parseCredentialSdJwt = function (credentialConfig, parsedCredentialRaw) {
+  let ignoreMissingAttributes = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
+  let includeUndefinedAttributes = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : false;
+  const claimsMetadata = credentialConfig.claims || [];
+  // Check that all mandatory attributes defined in the issuer configuration are present in the credential
+  if (!ignoreMissingAttributes) {
+    const missingPaths = [];
+    const rootKeysToVerify = new Set(claimsMetadata.map(c => c.path[0]).filter(p => typeof p === "string"));
+    for (const rootKey of rootKeysToVerify) {
+      if (!(rootKey in parsedCredentialRaw)) {
+        missingPaths.push(rootKey);
+      }
+    }
+    if (missingPaths.length > 0) {
+      const missing = missingPaths.join(", ");
+      const received = Object.keys(parsedCredentialRaw).join(", ");
+      throw new _errors.IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
+    }
+  }
+  /**
+   * Helper to find display metadata for any given path
+   */
+  const getDisplayNames = path => {
+    const match = claimsMetadata.find(c => (0, _parser.isPathEqual)(c.path, path));
+    if (!match) return undefined;
+    const nameMap = {};
+    for (const entry of match.display) {
+      nameMap[entry.locale] = entry.name;
+    }
+    return nameMap;
+  };
+  /**
+   * Recursive function to build the localized structure
+   */
+  const processLevel = (currentData, currentPath) => {
+    // Handle Arrays
+    if (Array.isArray(currentData)) {
+      return currentData.map(item => processLevel(item, [...currentPath, null]));
+    }
+    // Handle Objects
+    if (typeof currentData !== "object" || currentData === null) {
+      return currentData;
+    }
+    const dataObj = currentData;
+    const result = {};
+    const processedKeys = new Set();
+    // Identify unique keys in config at this level
+    const configKeysAtThisLevel = [];
+    for (const claim of claimsMetadata) {
+      // Check if the claim path starts with the current path
+      if ((0, _parser.isPrefixOf)(currentPath, claim.path)) {
+        const nextPart = claim.path[currentPath.length];
+        if ((typeof nextPart === "string" || typeof nextPart === "number") && !configKeysAtThisLevel.includes(nextPart)) {
+          configKeysAtThisLevel.push(nextPart);
+        }
+      }
+    }
+    // Process keys
+    for (const key of configKeysAtThisLevel) {
+      const stringKey = key.toString();
+      const dataValue = dataObj[stringKey];
+      if (dataValue === undefined) continue;
+      const newPath = [...currentPath, key];
+      let localizedNames = getDisplayNames(newPath);
+      // Fallback for arrays
+      if (!localizedNames && Array.isArray(dataValue)) {
+        localizedNames = getDisplayNames([...newPath, null]);
+      }
+      result[stringKey] = {
+        name: localizedNames || stringKey,
+        value: processLevel(dataValue, newPath)
+      };
+      processedKeys.add(key);
+    }
+    // Handle Undefined Attributes
+    if (includeUndefinedAttributes) {
+      for (const [key, value] of Object.entries(dataObj)) {
+        if (!processedKeys.has(key)) {
+          result[key] = {
+            name: key,
+            value: value
+          };
+        }
+      }
+    }
+    return result;
+  };
+  return processLevel(parsedCredentialRaw, []);
+};
+/**
+ * Given a credential, verify it's in the supported format
+ * and the credential is correctly signed
+ * and it's bound to the given key
+ *
+ * @param rawCredential The received credential
+ * @param issuerKeys The set of public keys of the issuer,
+ * which will be used to verify the signature
+ * @param holderBindingContext The access to the holder's key
+ *
+ * @throws If the signature verification fails
+ * @throws If the credential is not in the SdJwt4VC format
+ * @throws If the holder binding is not properly configured
+ *
+ */
+async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingContext) {
+  const {
+    protectedHeader
+  } = (0, _ioReactNativeJwt.decode)(rawCredential);
+  const verifierJwk = (0, _ioReactNativeJwt.getJwkFromHeader)(protectedHeader, issuerKeys);
+  const sdJwtInstance = new _core.SDJwtInstance({
+    hasher: _cryptoNodejs.digest,
+    verifier: await _cryptoNodejs.ES256.getVerifier(verifierJwk)
+  });
+  const [verifiedCredential, holderBindingKey] = await Promise.all([sdJwtInstance.verify(rawCredential), holderBindingContext.getPublicKey()]);
+  const {
+    cnf
+  } = verifiedCredential.payload;
+  if (!(await (0, _jwk.isSameThumbprint)(cnf.jwk, holderBindingKey))) {
+    const message = `Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${cnf.jwk.kid}`;
+    _logging.Logger.log(_logging.LogLevel.ERROR, message);
+    throw new _errors.IoWalletError(message);
+  }
+  return await sdJwtInstance.decode(rawCredential);
+}
+const verifyAndParseCredentialSdJwt = async (issuerConf, credential, credentialConfigurationId, _ref) => {
+  let {
+    credentialCryptoContext,
+    ignoreMissingAttributes,
+    includeUndefinedAttributes
+  } = _ref;
+  const decoded = await verifyCredentialSdJwt(credential, issuerConf.keys, credentialCryptoContext);
+  _logging.Logger.log(_logging.LogLevel.DEBUG, `Decoded credential: ${JSON.stringify(decoded)}`);
+  const credentialConfig = issuerConf.credential_configurations_supported[credentialConfigurationId];
+  if (!credentialConfig) {
+    _logging.Logger.log(_logging.LogLevel.ERROR, `Credential type not supported by the issuer: ${credentialConfigurationId}`);
+    throw new _errors.IoWalletError("Credential type not supported by the issuer");
+  }
+  const parsedCredentialRaw = await decoded.getClaims(_cryptoNodejs.digest);
+  const parsedCredential = parseCredentialSdJwt(credentialConfig, parsedCredentialRaw, ignoreMissingAttributes, includeUndefinedAttributes);
+  const issuedAt = typeof parsedCredentialRaw.iat === "number" ? new Date(parsedCredentialRaw.iat * 1000) : undefined;
+  if (typeof parsedCredentialRaw.exp !== "number") {
+    throw new _errors.IoWalletError("Invalid or missing expiration claim (exp)");
+  }
+  const expiration = new Date(parsedCredentialRaw.exp * 1000);
+  _logging.Logger.log(_logging.LogLevel.DEBUG, `Parsed credential: ${JSON.stringify(parsedCredential)}\nIssued at: ${issuedAt}`);
+  return {
+    parsedCredential,
+    expiration,
+    issuedAt
+  };
+};
+exports.verifyAndParseCredentialSdJwt = verifyAndParseCredentialSdJwt;
+//# sourceMappingURL=06-verify-and-parse-credential.sdjwt.js.map

package/lib/commonjs/credential/issuance/common/06-verify-and-parse-credential.sdjwt.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_ioReactNativeJwt","require","_core","_cryptoNodejs","_parser","_errors","_logging","_jwk","parseCredentialSdJwt","credentialConfig","parsedCredentialRaw","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","claimsMetadata","claims","missingPaths","rootKeysToVerify","Set","map","c","path","filter","p","rootKey","push","missing","join","received","Object","keys","IoWalletError","getDisplayNames","match","find","isPathEqual","nameMap","entry","display","locale","name","processLevel","currentData","currentPath","Array","isArray","item","dataObj","result","processedKeys","configKeysAtThisLevel","claim","isPrefixOf","nextPart","includes","key","stringKey","toString","dataValue","newPath","localizedNames","value","add","entries","has","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","protectedHeader","decode","verifierJwk","getJwkFromHeader","sdJwtInstance","SDJwtInstance","hasher","digest","verifier","ES256","getVerifier","verifiedCredential","holderBindingKey","Promise","all","verify","getPublicKey","cnf","payload","isSameThumbprint","jwk","message","kid","Logger","log","LogLevel","ERROR","verifyAndParseCredentialSdJwt","issuerConf","credential","credentialConfigurationId","_ref","credentialCryptoContext","decoded","DEBUG","JSON","stringify","credential_configurations_supported","getClaims","parsedCredential","issuedAt","iat","Date","exp","expiration","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/common/06-verify-and-parse-credential.sdjwt.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAKA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,aAAA,GAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AACA,IAAAM,IAAA,GAAAN,OAAA;AAOA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMO,oBAAoB,GAAG,SAAAA,CAC3BC,gBAAgC,EAChCC,mBAA4C,EAGvB;EAAA,IAFrBC,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,MAAMI,cAAc,GAAGP,gBAAgB,CAACQ,MAAM,IAAI,EAAE;;EAEpD;EACA,IAAI,CAACN,uBAAuB,EAAE;IAC5B,MAAMO,YAAsB,GAAG,EAAE;IACjC,MAAMC,gBAAgB,GAAG,IAAIC,GAAG,CAC9BJ,cAAc,CACXK,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAACC,IAAI,CAAC,CAAC,CAAC,CAAC,CACrBC,MAAM,CAAEC,CAAC,IAAkB,OAAOA,CAAC,KAAK,QAAQ,CACrD,CAAC;IAED,KAAK,MAAMC,OAAO,IAAIP,gBAAgB,EAAE;MACtC,IAAI,EAAEO,OAAO,IAAIhB,mBAAmB,CAAC,EAAE;QACrCQ,YAAY,CAACS,IAAI,CAACD,OAAO,CAAC;MAC5B;IACF;IAEA,IAAIR,YAAY,CAACL,MAAM,GAAG,CAAC,EAAE;MAC3B,MAAMe,OAAO,GAAGV,YAAY,CAACW,IAAI,CAAC,IAAI,CAAC;MACvC,MAAMC,QAAQ,GAAGC,MAAM,CAACC,IAAI,CAACtB,mBAAmB,CAAC,CAACmB,IAAI,CAAC,IAAI,CAAC;MAC5D,MAAM,IAAII,qBAAa,CACpB,4DAA2DL,OAAQ,iBAAgBE,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;AACF;AACA;EACE,MAAMI,eAAe,GACnBX,IAAgC,IACO;IACvC,MAAMY,KAAK,GAAGnB,cAAc,CAACoB,IAAI,CAAEd,CAAC,IAAK,IAAAe,mBAAW,EAACf,CAAC,CAACC,IAAI,EAAEA,IAAI,CAAC,CAAC;IACnE,IAAI,CAACY,KAAK,EAAE,OAAOrB,SAAS;IAE5B,MAAMwB,OAA+B,GAAG,CAAC,CAAC;IAC1C,KAAK,MAAMC,KAAK,IAAIJ,KAAK,CAACK,OAAO,EAAE;MACjCF,OAAO,CAACC,KAAK,CAACE,MAAM,CAAC,GAAGF,KAAK,CAACG,IAAI;IACpC;IACA,OAAOJ,OAAO;EAChB,CAAC;;EAED;AACF;AACA;EACE,MAAMK,YAAY,GAAGA,CACnBC,WAAoB,EACpBC,WAAuC,KAC3B;IACZ;IACA,IAAIC,KAAK,CAACC,OAAO,CAACH,WAAW,CAAC,EAAE;MAC9B,OAAOA,WAAW,CAACvB,GAAG,CAAE2B,IAAI,IAC1BL,YAAY,CAACK,IAAI,EAAE,CAAC,GAAGH,WAAW,EAAE,IAAI,CAAC,CAC3C,CAAC;IACH;;IAEA;IACA,IAAI,OAAOD,WAAW,KAAK,QAAQ,IAAIA,WAAW,KAAK,IAAI,EAAE;MAC3D,OAAOA,WAAW;IACpB;IAEA,MAAMK,OAAO,GAAGL,WAAsC;IACtD,MAAMM,MAAwB,GAAG,CAAC,CAAC;IACnC,MAAMC,aAAa,GAAG,IAAI/B,GAAG,CAAkB,CAAC;;IAEhD;IACA,MAAMgC,qBAA0C,GAAG,EAAE;IACrD,KAAK,MAAMC,KAAK,IAAIrC,cAAc,EAAE;MAClC;MACA,IAAI,IAAAsC,kBAAU,EAACT,WAAW,EAAEQ,KAAK,CAAC9B,IAAI,CAAC,EAAE;QACvC,MAAMgC,QAAQ,GAAGF,KAAK,CAAC9B,IAAI,CAACsB,WAAW,CAAChC,MAAM,CAAC;QAC/C,IACE,CAAC,OAAO0C,QAAQ,KAAK,QAAQ,IAAI,OAAOA,QAAQ,KAAK,QAAQ,KAC7D,CAACH,qBAAqB,CAACI,QAAQ,CAACD,QAAQ,CAAC,EACzC;UACAH,qBAAqB,CAACzB,IAAI,CAAC4B,QAAQ,CAAC;QACtC;MACF;IACF;;IAEA;IACA,KAAK,MAAME,GAAG,IAAIL,qBAAqB,EAAE;MACvC,MAAMM,SAAS,GAAGD,GAAG,CAACE,QAAQ,CAAC,CAAC;MAChC,MAAMC,SAAS,GAAGX,OAAO,CAACS,SAAS,CAAC;MACpC,IAAIE,SAAS,KAAK9C,SAAS,EAAE;MAE7B,MAAM+C,OAAO,GAAG,CAAC,GAAGhB,WAAW,EAAEY,GAAG,CAAC;MAErC,IAAIK,cAAc,GAAG5B,eAAe,CAAC2B,OAAO,CAAC;;MAE7C;MACA,IAAI,CAACC,cAAc,IAAIhB,KAAK,CAACC,OAAO,CAACa,SAAS,CAAC,EAAE;QAC/CE,cAAc,GAAG5B,eAAe,CAAC,CAAC,GAAG2B,OAAO,EAAE,IAAI,CAAC,CAAC;MACtD;MAEAX,MAAM,CAACQ,SAAS,CAAC,GAAG;QAClBhB,IAAI,EAAEoB,cAAc,IAAIJ,SAAS;QACjCK,KAAK,EAAEpB,YAAY,CAACiB,SAAS,EAAEC,OAAO;MACxC,CAAC;MAEDV,aAAa,CAACa,GAAG,CAACP,GAAG,CAAC;IACxB;;IAEA;IACA,IAAI1C,0BAA0B,EAAE;MAC9B,KAAK,MAAM,CAAC0C,GAAG,EAAEM,KAAK,CAAC,IAAIhC,MAAM,CAACkC,OAAO,CAAChB,OAAO,CAAC,EAAE;QAClD,IAAI,CAACE,aAAa,CAACe,GAAG,CAACT,GAAG,CAAC,EAAE;UAC3BP,MAAM,CAACO,GAAG,CAAC,GAAG;YACZf,IAAI,EAAEe,GAAG;YACTM,KAAK,EAAEA;UACT,CAAC;QACH;MACF;IACF;IAEA,OAAOb,MAAM;EACf,CAAC;EAED,OAAOP,YAAY,CAACjC,mBAAmB,EAAE,EAAE,CAAC;AAC9C,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeyD,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACnB;EAChB,MAAM;IAAEC;EAAgB,CAAC,GAAG,IAAAC,wBAAM,EAACJ,aAAa,CAAC;EACjD,MAAMK,WAAW,GAAG,IAAAC,kCAAgB,EAACH,eAAe,EAAEF,UAAU,CAAC;EAEjE,MAAMM,aAAa,GAAG,IAAIC,mBAAa,CAAC;IACtCC,MAAM,EAAEC,oBAAM;IACdC,QAAQ,EAAE,MAAMC,mBAAK,CAACC,WAAW,CAACR,WAAW;EAC/C,CAAC,CAAC;EAEF,MAAM,CAACS,kBAAkB,EAAEC,gBAAgB,CAAC,GAAG,MAAMC,OAAO,CAACC,GAAG,CAAC,CAC/DV,aAAa,CAACW,MAAM,CAAClB,aAAa,CAAC,EACnCE,oBAAoB,CAACiB,YAAY,CAAC,CAAC,CACpC,CAAC;EAEF,MAAM;IAAEC;EAAI,CAAC,GAAGN,kBAAkB,CAACO,OAAkC;EACrE,IAAI,EAAE,MAAM,IAAAC,qBAAgB,EAACF,GAAG,CAACG,GAAG,EAAER,gBAAuB,CAAC,CAAC,EAAE;IAC/D,MAAMS,OAAO,GAAI,kDAAiDT,gBAAgB,CAACU,GAAI,UAASL,GAAG,CAACG,GAAG,CAACE,GAAI,EAAC;IAC7GC,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAEL,OAAO,CAAC;IACnC,MAAM,IAAI3D,qBAAa,CAAC2D,OAAO,CAAC;EAClC;EAEA,OAAO,MAAMjB,aAAa,CAACH,MAAM,CAACJ,aAAa,CAAC;AAClD;AAEO,MAAM8B,6BAAsE,GACjF,MAAAA,CACEC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EAAAC,IAAA,KAMtB;EAAA,IALH;IACEC,uBAAuB;IACvB5F,uBAAuB;IACvBI;EACF,CAAC,GAAAuF,IAAA;EAED,MAAME,OAAO,GAAG,MAAMrC,qBAAqB,CACzCiC,UAAU,EACVD,UAAU,CAACnE,IAAI,EACfuE,uBACF,CAAC;EAEDT,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACS,KAAK,EACb,uBAAsBC,IAAI,CAACC,SAAS,CAACH,OAAO,CAAE,EACjD,CAAC;EAED,MAAM/F,gBAAgB,GACpB0F,UAAU,CAACS,mCAAmC,CAACP,yBAAyB,CAAC;EAE3E,IAAI,CAAC5F,gBAAgB,EAAE;IACrBqF,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,gDAA+CI,yBAA0B,EAC5E,CAAC;IACD,MAAM,IAAIpE,qBAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,MAAMvB,mBAAmB,GAAI,MAAM8F,OAAO,CAACK,SAAS,CAAC/B,oBAAM,CAG1D;EAED,MAAMgC,gBAAgB,GAAGtG,oBAAoB,CAC3CC,gBAAgB,EAChBC,mBAAmB,EACnBC,uBAAuB,EACvBI,0BACF,CAAC;EAED,MAAMgG,QAAQ,GACZ,OAAOrG,mBAAmB,CAACsG,GAAG,KAAK,QAAQ,GACvC,IAAIC,IAAI,CAACvG,mBAAmB,CAACsG,GAAG,GAAG,IAAI,CAAC,GACxClG,SAAS;EAEf,IAAI,OAAOJ,mBAAmB,CAACwG,GAAG,KAAK,QAAQ,EAAE;IAC/C,MAAM,IAAIjF,qBAAa,CAAC,2CAA2C,CAAC;EACtE;EACA,MAAMkF,UAAU,GAAG,IAAIF,IAAI,CAACvG,mBAAmB,CAACwG,GAAG,GAAG,IAAI,CAAC;EAE3DpB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACS,KAAK,EACb,sBAAqBC,IAAI,CAACC,SAAS,CAACG,gBAAgB,CAAE,gBAAeC,QAAS,EACjF,CAAC;EAED,OAAO;IACLD,gBAAgB;IAChBK,UAAU;IACVJ;EACF,CAAC;AACH,CAAC;AAACK,OAAA,CAAAlB,6BAAA,GAAAA,6BAAA"}

package/lib/commonjs/credential/issuance/common/authorization.js ADDED Viewed

@@ -0,0 +1,56 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.selectResponseMode = exports.selectCredentialDefinition = void 0;
+var _errors = require("../../../utils/errors");
+var _logging = require("../../../utils/logging");
+/**
+ * Ensures that the credential type requested is supported by the issuer and contained in the
+ * issuer configuration.
+ * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
+ * @param credentialId The credential configuration ID to be requested;
+ * @returns The credential definition to be used in the request which includes the format and the type and its type
+ */
+const selectCredentialDefinition = (issuerConf, credentialId) => {
+  const credential_configurations_supported = issuerConf.credential_configurations_supported;
+  const [result] = Object.keys(credential_configurations_supported).filter(e => e.includes(credentialId)).map(() => ({
+    credential_configuration_id: credentialId,
+    type: "openid_credential"
+  }));
+  if (!result) {
+    _logging.Logger.log(_logging.LogLevel.ERROR, `Requested credential ${credentialId} is not supported by the issuer according to its configuration ${JSON.stringify(credential_configurations_supported)}`);
+    throw new _errors.IoWalletError(`No credential support the type '${credentialId}'`);
+  }
+  return result;
+};
+/**
+ * Ensures that the response mode requested is supported by the issuer and contained in the issuer configuration.
+ * When multiple credentials are provided, all of them must support the same response_mode.
+ * @param issuerConf The issuer configuration
+ * @param credentialIds The credential configuration IDs to be requested
+ * @returns The response mode to be used in the request, "query" for PersonIdentificationData and "form_post.jwt" for all other types.
+ */
+exports.selectCredentialDefinition = selectCredentialDefinition;
+const selectResponseMode = (issuerConf, credentialIds) => {
+  const responseModeSet = new Set();
+  for (const credentialId of credentialIds) {
+    responseModeSet.add(credentialId.match(/PersonIdentificationData/i) ? "query" : "form_post.jwt");
+  }
+  if (responseModeSet.size !== 1) {
+    _logging.Logger.log(_logging.LogLevel.ERROR, `${credentialIds} have incompatible response_mode: ${[...responseModeSet.values()]}`);
+    throw new _errors.IoWalletError("Requested credentials have incompatible response_mode and cannot be requested with the same PAR request");
+  }
+  const [responseMode] = responseModeSet.values();
+  _logging.Logger.log(_logging.LogLevel.DEBUG, `Selected response mode ${responseMode} for credential IDs ${credentialIds}`);
+  const responseModeSupported = issuerConf.response_modes_supported;
+  if (responseModeSupported && !responseModeSupported.includes(responseMode)) {
+    _logging.Logger.log(_logging.LogLevel.ERROR, `Requested response mode ${responseMode} is not supported by the issuer according to its configuration ${JSON.stringify(responseModeSupported)}`);
+    throw new _errors.IoWalletError(`No response mode support for IDs '${credentialIds}'`);
+  }
+  return responseMode;
+};
+exports.selectResponseMode = selectResponseMode;
+//# sourceMappingURL=authorization.js.map

package/lib/commonjs/credential/issuance/common/authorization.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_errors","require","_logging","selectCredentialDefinition","issuerConf","credentialId","credential_configurations_supported","result","Object","keys","filter","e","includes","map","credential_configuration_id","type","Logger","log","LogLevel","ERROR","JSON","stringify","IoWalletError","exports","selectResponseMode","credentialIds","responseModeSet","Set","add","match","size","values","responseMode","DEBUG","responseModeSupported","response_modes_supported"],"sourceRoot":"../../../../../src","sources":["credential/issuance/common/authorization.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,QAAA,GAAAD,OAAA;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAME,0BAA0B,GAAGA,CACxCC,UAAwB,EACxBC,YAAoB,KACI;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACE,mCAAmC;EAEhD,MAAM,CAACC,MAAM,CAAC,GAAGC,MAAM,CAACC,IAAI,CAACH,mCAAmC,CAAC,CAC9DI,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACP,YAAY,CAAC,CAAC,CACvCQ,GAAG,CAAC,OAAO;IACVC,2BAA2B,EAAET,YAAY;IACzCU,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACR,MAAM,EAAE;IACXS,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,wBAAuBd,YAAa,kEAAiEe,IAAI,CAACC,SAAS,CAACf,mCAAmC,CAAE,EAC5J,CAAC;IACD,MAAM,IAAIgB,qBAAa,CAAE,mCAAkCjB,YAAa,GAAE,CAAC;EAC7E;EACA,OAAOE,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AANAgB,OAAA,CAAApB,0BAAA,GAAAA,0BAAA;AAOO,MAAMqB,kBAAkB,GAAGA,CAChCpB,UAAwB,EACxBqB,aAAuB,KACN;EACjB,MAAMC,eAAe,GAAG,IAAIC,GAAG,CAAe,CAAC;EAE/C,KAAK,MAAMtB,YAAY,IAAIoB,aAAa,EAAE;IACxCC,eAAe,CAACE,GAAG,CACjBvB,YAAY,CAACwB,KAAK,CAAC,2BAA2B,CAAC,GAC3C,OAAO,GACP,eACN,CAAC;EACH;EAEA,IAAIH,eAAe,CAACI,IAAI,KAAK,CAAC,EAAE;IAC9Bd,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,GAAEM,aAAc,qCAAoC,CAAC,GAAGC,eAAe,CAACK,MAAM,CAAC,CAAC,CAAE,EACrF,CAAC;IACD,MAAM,IAAIT,qBAAa,CACrB,yGACF,CAAC;EACH;EAEA,MAAM,CAACU,YAAY,CAAC,GAAGN,eAAe,CAACK,MAAM,CAAC,CAAC;EAE/Cf,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACe,KAAK,EACb,0BAAyBD,YAAa,uBAAsBP,aAAc,EAC7E,CAAC;EAED,MAAMS,qBAAqB,GAAG9B,UAAU,CAAC+B,wBAAwB;EACjE,IAAID,qBAAqB,IAAI,CAACA,qBAAqB,CAACtB,QAAQ,CAACoB,YAAa,CAAC,EAAE;IAC3EhB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,2BAA0Ba,YAAa,kEAAiEZ,IAAI,CAACC,SAAS,CAACa,qBAAqB,CAAE,EACjJ,CAAC;IACD,MAAM,IAAIZ,qBAAa,CACpB,qCAAoCG,aAAc,GACrD,CAAC;EACH;EAEA,OAAOO,YAAY;AACrB,CAAC;AAACT,OAAA,CAAAC,kBAAA,GAAAA,kBAAA"}

package/lib/commonjs/credential/issuance/common/errors.js ADDED Viewed

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.AuthorizationIdpError = exports.AuthorizationError = void 0;
+var _errors = require("../../../utils/errors");
+/**
+ * An error subclass thrown when an error occurs during the authorization process.
+ */
+class AuthorizationError extends _errors.IoWalletError {
+  code = "ERR_IO_WALLET_AUTHORIZATION_ERROR";
+  constructor(message) {
+    super(message);
+  }
+}
+/**
+ * An error subclass thrown when an error occurs during the authorization process with the IDP.
+ * It contains the error and error description returned by the IDP.
+ */
+exports.AuthorizationError = AuthorizationError;
+class AuthorizationIdpError extends _errors.IoWalletError {
+  code = "ERR_IO_WALLET_IDENTIFICATION_RESPONSE_PARSING_FAILED";
+  constructor(error, errorDescription) {
+    super((0, _errors.serializeAttrs)({
+      error,
+      errorDescription
+    }));
+    this.error = error;
+    this.errorDescription = errorDescription;
+  }
+}
+exports.AuthorizationIdpError = AuthorizationIdpError;
+//# sourceMappingURL=errors.js.map

package/lib/commonjs/credential/issuance/common/errors.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_errors","require","AuthorizationError","IoWalletError","code","constructor","message","exports","AuthorizationIdpError","error","errorDescription","serializeAttrs"],"sourceRoot":"../../../../../src","sources":["credential/issuance/common/errors.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAEA;AACA;AACA;AACO,MAAMC,kBAAkB,SAASC,qBAAa,CAAC;EACpDC,IAAI,GAAG,mCAAmC;EAE1CC,WAAWA,CAACC,OAAgB,EAAE;IAC5B,KAAK,CAACA,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AAHAC,OAAA,CAAAL,kBAAA,GAAAA,kBAAA;AAIO,MAAMM,qBAAqB,SAASL,qBAAa,CAAC;EACvDC,IAAI,GAAG,sDAAsD;EAK7DC,WAAWA,CAACI,KAAa,EAAEC,gBAAyB,EAAE;IACpD,KAAK,CAAC,IAAAC,sBAAc,EAAC;MAAEF,KAAK;MAAEC;IAAiB,CAAC,CAAC,CAAC;IAClD,IAAI,CAACD,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACC,gBAAgB,GAAGA,gBAAgB;EAC1C;AACF;AAACH,OAAA,CAAAC,qBAAA,GAAAA,qBAAA"}

package/lib/commonjs/credential/issuance/index.js CHANGED Viewed

@@ -3,83 +3,23 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.MRTDPoP = exports.Errors = void 0;
-Object.defineProperty(exports, "authorizeAccess", {
+exports.Errors = void 0;
+Object.defineProperty(exports, "V1_0_0", {
   enumerable: true,
   get: function () {
-    return _authorizeAccess.authorizeAccess;
+    return _v.Issuance;
   }
 });
-Object.defineProperty(exports, "buildAuthorizationUrl", {
+Object.defineProperty(exports, "V1_3_3", {
   enumerable: true,
   get: function () {
-    return _completeUserAuthorization.buildAuthorizationUrl;
+    return _v2.Issuance;
   }
 });
-Object.defineProperty(exports, "completeUserAuthorizationWithFormPostJwtMode", {
-  enumerable: true,
-  get: function () {
-    return _completeUserAuthorization.completeUserAuthorizationWithFormPostJwtMode;
-  }
-});
-Object.defineProperty(exports, "completeUserAuthorizationWithQueryMode", {
-  enumerable: true,
-  get: function () {
-    return _completeUserAuthorization.completeUserAuthorizationWithQueryMode;
-  }
-});
-Object.defineProperty(exports, "continueUserAuthorizationWithMRTDPoPChallenge", {
-  enumerable: true,
-  get: function () {
-    return _completeUserAuthorization.continueUserAuthorizationWithMRTDPoPChallenge;
-  }
-});
-Object.defineProperty(exports, "evaluateIssuerTrust", {
-  enumerable: true,
-  get: function () {
-    return _evaluateIssuerTrust.evaluateIssuerTrust;
-  }
-});
-Object.defineProperty(exports, "getRequestedCredentialToBePresented", {
-  enumerable: true,
-  get: function () {
-    return _completeUserAuthorization.getRequestedCredentialToBePresented;
-  }
-});
-Object.defineProperty(exports, "obtainCredential", {
-  enumerable: true,
-  get: function () {
-    return _obtainCredential.obtainCredential;
-  }
-});
-Object.defineProperty(exports, "parseAuthorizationResponse", {
-  enumerable: true,
-  get: function () {
-    return _completeUserAuthorization.parseAuthorizationResponse;
-  }
-});
-Object.defineProperty(exports, "startUserAuthorization", {
-  enumerable: true,
-  get: function () {
-    return _startUserAuthorization.startUserAuthorization;
-  }
-});
-Object.defineProperty(exports, "verifyAndParseCredential", {
-  enumerable: true,
-  get: function () {
-    return _verifyAndParseCredential.verifyAndParseCredential;
-  }
-});
-var _evaluateIssuerTrust = require("./02-evaluate-issuer-trust");
-var _startUserAuthorization = require("./03-start-user-authorization");
-var _completeUserAuthorization = require("./04-complete-user-authorization");
-var _authorizeAccess = require("./05-authorize-access");
-var _obtainCredential = require("./06-obtain-credential");
-var _verifyAndParseCredential = require("./07-verify-and-parse-credential");
-var Errors = _interopRequireWildcard(require("./errors"));
+var Errors = _interopRequireWildcard(require("./common/errors"));
 exports.Errors = Errors;
-var MRTDPoP = _interopRequireWildcard(require("./mrtd-pop"));
-exports.MRTDPoP = MRTDPoP;
+var _v = require("./v1.0.0");
+var _v2 = require("./v1.3.3");
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
 //# sourceMappingURL=index.js.map

package/lib/commonjs/credential/issuance/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["~~_evaluateIssuerTrust~~","~~require~~","~~_startUserAuthorization~~","~~_completeUserAuthorization~~","~~_authorizeAccess~~","~~_obtainCredential~~","~~_verifyAndParseCredential","Errors","_interopRequireWildcard","exports","MRTDPoP","~~_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":"~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA~~,IAAAA,~~oBAAA,GAAAC,OAAA;AAIA,IAAAC,uBAAA,GAAAD,OAAA;AAIA,IAAAE,0BAAA,GAAAF,OAAA;AAaA,IAAAG,gBAAA,GAAAH,OAAA;AACA,IAAAI,iBAAA,GAAAJ,OAAA;AAIA,IAAAK,yBAAA,GAAAL,OAAA;AAIA,IAAAM,~~MAAA,GAAAC,uBAAA,~~CAAAP~~,OAAA;~~AAAmCQ~~,OAAA,~~CAAAF~~,MAAA,GAAAA,MAAA;~~AACnC~~,~~IAAAG~~,~~OAAA~~,GAAAF,~~uBAAA,CAAAP,~~OAAA;~~AAAsCQ~~,~~OAAA~~,~~CAAAC~~,~~OAAA~~,~~GAAAA,~~OAAA;~~AAAA~~,~~SAAAC~~,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,~~SAAAJ~~,~~wBAAAQ~~,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}
1	+ {"version":3,"names":["Errors","_interopRequireWildcard","require","exports","_v","_v2","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":";;;;;;;;;;;;;;;;;;AAAA,IAAAA,MAAA,GAAAC,uBAAA,CAAAC,OAAA;AAA0CC,OAAA,CAAAH,MAAA,GAAAA,MAAA;AAG1C,IAAAI,EAAA,GAAAF,OAAA;AACA,IAAAG,GAAA,GAAAH,OAAA;AAA8C,SAAAI,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAN,wBAAAU,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}