npm - @pagopa/io-react-native-wallet - Versions diffs - 2.5.0 → 3.0.0 - Mend

@pagopa/io-react-native-wallet 2.5.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1562) hide show

package/lib/module/trust/common/verify-chain.js ADDED Viewed

@@ -0,0 +1,188 @@
+import { decode, getTrustAnchorX509Certificate, verify } from "./utils";
+import { FederationError, MissingFederationFetchEndpointError, MissingX509CertsError, TrustChainEmptyError, TrustChainRenewalError, TrustChainTokenMissingError, X509ValidationError } from "./errors";
+import { verifyCertificateChain } from "@pagopa/io-react-native-crypto";
+import { getSignedEntityConfiguration, getSignedEntityStatement } from "./utils";
+/**
+ * Factory function to create `validateTrustChain`.
+ * @param config Version specific Entity shapes
+ * @returns `validateTrustChain` function compliant with the public API
+ */
+function createValidateTrustChain(_ref) {
+  let {
+    FirstElementShape,
+    MiddleElementShape,
+    LastElementShape
+  } = _ref;
+  /**
+   * Validates a provided trust chain against a known trust anchor, including X.509 certificate checks.
+   *
+   * @param trustAnchorEntity The entity configuration of the known trust anchor (for JWT validation).
+   * @param chain The chain of statements to be validated.
+   * @param x509Options Options for X.509 certificate validation.
+   * @returns The list of parsed tokens representing the chain.
+   * @throws {FederationError} If the chain is not valid (JWT or X.509). Specific errors like TrustChainEmptyError, X509ValidationError may be thrown.
+   */
+  return async function validateTrustChain(trustAnchorEntity, chain, x509Options) {
+    // If the chain is empty, fail
+    if (chain.length === 0) {
+      throw new TrustChainEmptyError("Cannot verify empty trust chain.");
+    }
+    // Select the expected token shape
+    const selectTokenShape = elementIndex => elementIndex === 0 ? FirstElementShape : elementIndex === chain.length - 1 ? LastElementShape : MiddleElementShape;
+    // Select the kid from the current index
+    const selectKid = currentIndex => {
+      const token = chain[currentIndex];
+      if (!token) {
+        throw new TrustChainTokenMissingError(`Token missing at index ${currentIndex} in trust chain.`, {
+          index: currentIndex
+        });
+      }
+      const shape = selectTokenShape(currentIndex);
+      return shape.parse(decode(token)).header.kid;
+    };
+    // Select keys from the next token
+    // If the current token is the last, keys from trust anchor will be used
+    const selectKeys = currentIndex => {
+      if (currentIndex === chain.length - 1) {
+        return trustAnchorEntity.keys;
+      }
+      const nextIndex = currentIndex + 1;
+      const nextToken = chain[nextIndex];
+      if (!nextToken) {
+        throw new TrustChainTokenMissingError(`Next token missing at index ${nextIndex} (needed for keys for token at ${currentIndex}).`, {
+          index: nextIndex
+        });
+      }
+      const shape = selectTokenShape(nextIndex);
+      return shape.parse(decode(nextToken)).payload.jwks.keys;
+    };
+    const x509TrustAnchorCertBase64 = getTrustAnchorX509Certificate(trustAnchorEntity);
+    // Iterate the chain and validate each element's signature against the public keys of its next
+    // If there is no next, hence it's the end of the chain, and it must be verified by the Trust Anchor
+    const validationPromises = chain.map(async (tokenString, i) => {
+      const kidFromTokenHeader = selectKid(i);
+      const signerJwks = selectKeys(i);
+      // Step 1: Verify JWT signature
+      const parsedToken = await verify(tokenString, kidFromTokenHeader, signerJwks);
+      // Step 2: X.509 Certificate Chain Validation
+      const jwkUsedForVerification = signerJwks.find(k => k.kid === kidFromTokenHeader);
+      if (!jwkUsedForVerification) {
+        throw new FederationError(`JWK with kid '${kidFromTokenHeader}' was not found in signer's JWKS for token at index ${i}, though JWT verification passed.`, {
+          tokenIndex: i,
+          kid: kidFromTokenHeader
+        });
+      }
+      if (!jwkUsedForVerification.x5c || jwkUsedForVerification.x5c.length === 0) {
+        throw new MissingX509CertsError(`JWK with kid '${kidFromTokenHeader}' does not contain an X.509 certificate chain (x5c) for token at index ${i}.`);
+      }
+      // If the chain has more than one certificate AND
+      // the last certificate in the x5c chain is the same as the trust anchor,
+      // remove the anchor from the chain being passed, as it's supplied separately.
+      const certChainBase64 = jwkUsedForVerification.x5c.length > 1 && jwkUsedForVerification.x5c.at(-1) === x509TrustAnchorCertBase64 ? jwkUsedForVerification.x5c.slice(0, -1) : jwkUsedForVerification.x5c;
+      const x509ValidationResult = await verifyCertificateChain(certChainBase64, x509TrustAnchorCertBase64, x509Options);
+      if (!x509ValidationResult.isValid) {
+        throw new X509ValidationError(`X.509 certificate chain validation failed for token at index ${i} (kid: ${kidFromTokenHeader}). Status: ${x509ValidationResult.validationStatus}. Error: ${x509ValidationResult.errorMessage}`, {
+          tokenIndex: i,
+          kid: kidFromTokenHeader,
+          x509ValidationStatus: x509ValidationResult.validationStatus,
+          x509ErrorMessage: x509ValidationResult.errorMessage
+        });
+      }
+      return parsedToken;
+    });
+    return Promise.all(validationPromises);
+  };
+}
+/**
+ * Factory function to create `renewTrustChain`.
+ * @param config Version specific Entity shapes
+ * @returns `renewTrustChain` function
+ */
+function createRenewTrustChain(_ref2) {
+  let {
+    EntityStatementShape,
+    EntityConfigurationShape
+  } = _ref2;
+  /**
+   * Given a trust chain, obtain a new trust chain by fetching each element's fresh version
+   *
+   * @param chain The original chain
+   * @param appFetch (optional) fetch api implementation
+   * @returns A list of signed token that represent the trust chain, in the same order of the provided chain
+   * @throws {FederationError} If the chain is not valid
+   */
+  return async function renewTrustChain(chain) {
+    let appFetch = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : fetch;
+    return Promise.all(chain.map(async (token, index) => {
+      const decoded = decode(token);
+      const entityStatementResult = EntityStatementShape.safeParse(decoded);
+      const entityConfigurationResult = EntityConfigurationShape.safeParse(decoded);
+      if (entityConfigurationResult.success) {
+        return getSignedEntityConfiguration(entityConfigurationResult.data.payload.iss, {
+          appFetch
+        });
+      }
+      if (entityStatementResult.success) {
+        const entityStatement = entityStatementResult.data;
+        const parentBaseUrl = entityStatement.payload.iss;
+        const parentECJwt = await getSignedEntityConfiguration(parentBaseUrl, {
+          appFetch
+        });
+        const parentEC = EntityConfigurationShape.parse(decode(parentECJwt));
+        const federationFetchEndpoint = parentEC.payload.metadata.federation_entity.federation_fetch_endpoint;
+        if (!federationFetchEndpoint) {
+          throw new MissingFederationFetchEndpointError(`Parent EC at ${parentBaseUrl} is missing federation_fetch_endpoint, cannot renew ES for ${entityStatement.payload.sub}.`, {
+            entityBaseUrl: entityStatement.payload.sub,
+            missingInEntityUrl: parentBaseUrl
+          });
+        }
+        return getSignedEntityStatement(federationFetchEndpoint, entityStatement.payload.sub, {
+          appFetch
+        });
+      }
+      throw new TrustChainRenewalError(`Failed to renew trust chain. Reason: element #${index} failed to parse.`, {
+        originalChain: chain
+      });
+    }));
+  };
+}
+/**
+ * Factory function to create `verifyTrustChain`.
+ * @param config Version specific Entity shapes
+ * @returns `verifyTrustChain` function compliant with the public API
+ */
+export function createVerifyTrustChain(config) {
+  return async function verifyTrustChain(trustAnchorEntity, chain) {
+    let x509Options = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {
+      connectTimeout: 10000,
+      readTimeout: 10000,
+      requireCrl: true
+    };
+    let {
+      appFetch = fetch,
+      renewOnFail = true
+    } = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {};
+    const validateTrustChain = createValidateTrustChain(config);
+    const renewTrustChain = createRenewTrustChain(config);
+    try {
+      return await validateTrustChain(trustAnchorEntity, chain, x509Options);
+    } catch (error) {
+      if (renewOnFail) {
+        const renewedChain = await renewTrustChain(chain, appFetch);
+        return validateTrustChain(trustAnchorEntity, renewedChain, x509Options);
+      } else {
+        throw error;
+      }
+    }
+  };
+}
+//# sourceMappingURL=verify-chain.js.map

package/lib/module/trust/common/verify-chain.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["decode","getTrustAnchorX509Certificate","verify","FederationError","MissingFederationFetchEndpointError","MissingX509CertsError","TrustChainEmptyError","TrustChainRenewalError","TrustChainTokenMissingError","X509ValidationError","verifyCertificateChain","getSignedEntityConfiguration","getSignedEntityStatement","createValidateTrustChain","_ref","FirstElementShape","MiddleElementShape","LastElementShape","validateTrustChain","trustAnchorEntity","chain","x509Options","length","selectTokenShape","elementIndex","selectKid","currentIndex","token","index","shape","parse","header","kid","selectKeys","keys","nextIndex","nextToken","payload","jwks","x509TrustAnchorCertBase64","validationPromises","map","tokenString","i","kidFromTokenHeader","signerJwks","parsedToken","jwkUsedForVerification","find","k","tokenIndex","x5c","certChainBase64","at","slice","x509ValidationResult","isValid","validationStatus","errorMessage","x509ValidationStatus","x509ErrorMessage","Promise","all","createRenewTrustChain","_ref2","EntityStatementShape","EntityConfigurationShape","renewTrustChain","appFetch","arguments","undefined","fetch","decoded","entityStatementResult","safeParse","entityConfigurationResult","success","data","iss","entityStatement","parentBaseUrl","parentECJwt","parentEC","federationFetchEndpoint","metadata","federation_entity","federation_fetch_endpoint","sub","entityBaseUrl","missingInEntityUrl","originalChain","createVerifyTrustChain","config","verifyTrustChain","connectTimeout","readTimeout","requireCrl","renewOnFail","error","renewedChain"],"sourceRoot":"../../../../src","sources":["trust/common/verify-chain.ts"],"mappings":"AAGA,SACEA,MAAM,EACNC,6BAA6B,EAC7BC,MAAM,QAED,SAAS;AAChB,SACEC,eAAe,EACfC,mCAAmC,EACnCC,qBAAqB,EACrBC,oBAAoB,EACpBC,sBAAsB,EACtBC,2BAA2B,EAC3BC,mBAAmB,QACd,UAAU;AACjB,SAEEC,sBAAsB,QAEjB,gCAAgC;AACvC,SACEC,4BAA4B,EAC5BC,wBAAwB,QACnB,SAAS;AAsBhB;AACA;AACA;AACA;AACA;AACA,SAASC,wBAAwBA,CAAAC,IAAA,EAIf;EAAA,IAJgB;IAChCC,iBAAiB;IACjBC,kBAAkB;IAClBC;EACa,CAAC,GAAAH,IAAA;EACd;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,OAAO,eAAeI,kBAAkBA,CACtCC,iBAAoC,EACpCC,KAAe,EACfC,WAAmC,EACX;IACxB;IACA,IAAID,KAAK,CAACE,MAAM,KAAK,CAAC,EAAE;MACtB,MAAM,IAAIhB,oBAAoB,CAAC,kCAAkC,CAAC;IACpE;;IAEA;IACA,MAAMiB,gBAAgB,GAAIC,YAAoB,IAC5CA,YAAY,KAAK,CAAC,GACdT,iBAAiB,GACjBS,YAAY,KAAKJ,KAAK,CAACE,MAAM,GAAG,CAAC,GAC/BL,gBAAgB,GAChBD,kBAAkB;;IAE1B;IACA,MAAMS,SAAS,GAAIC,YAAoB,IAAa;MAClD,MAAMC,KAAK,GAAGP,KAAK,CAACM,YAAY,CAAC;MACjC,IAAI,CAACC,KAAK,EAAE;QACV,MAAM,IAAInB,2BAA2B,CAClC,0BAAyBkB,YAAa,kBAAiB,EACxD;UAAEE,KAAK,EAAEF;QAAa,CACxB,CAAC;MACH;MACA,MAAMG,KAAK,GAAGN,gBAAgB,CAACG,YAAY,CAAC;MAC5C,OAAOG,KAAK,CAACC,KAAK,CAAC9B,MAAM,CAAC2B,KAAK,CAAC,CAAC,CAACI,MAAM,CAACC,GAAG;IAC9C,CAAC;;IAED;IACA;IACA,MAAMC,UAAU,GAAIP,YAAoB,IAAY;MAClD,IAAIA,YAAY,KAAKN,KAAK,CAACE,MAAM,GAAG,CAAC,EAAE;QACrC,OAAOH,iBAAiB,CAACe,IAAI;MAC/B;MAEA,MAAMC,SAAS,GAAGT,YAAY,GAAG,CAAC;MAClC,MAAMU,SAAS,GAAGhB,KAAK,CAACe,SAAS,CAAC;MAClC,IAAI,CAACC,SAAS,EAAE;QACd,MAAM,IAAI5B,2BAA2B,CAClC,+BAA8B2B,SAAU,kCAAiCT,YAAa,IAAG,EAC1F;UAAEE,KAAK,EAAEO;QAAU,CACrB,CAAC;MACH;MACA,MAAMN,KAAK,GAAGN,gBAAgB,CAACY,SAAS,CAAC;MACzC,OAAON,KAAK,CAACC,KAAK,CAAC9B,MAAM,CAACoC,SAAS,CAAC,CAAC,CAACC,OAAO,CAACC,IAAI,CAACJ,IAAI;IACzD,CAAC;IAED,MAAMK,yBAAyB,GAC7BtC,6BAA6B,CAACkB,iBAAiB,CAAC;;IAElD;IACA;IACA,MAAMqB,kBAAkB,GAAGpB,KAAK,CAACqB,GAAG,CAAC,OAAOC,WAAW,EAAEC,CAAC,KAAK;MAC7D,MAAMC,kBAAkB,GAAGnB,SAAS,CAACkB,CAAC,CAAC;MACvC,MAAME,UAAU,GAAGZ,UAAU,CAACU,CAAC,CAAC;;MAEhC;MACA,MAAMG,WAAW,GAAG,MAAM5C,MAAM,CAC9BwC,WAAW,EACXE,kBAAkB,EAClBC,UACF,CAAC;;MAED;MACA,MAAME,sBAAsB,GAAGF,UAAU,CAACG,IAAI,CAC3CC,CAAC,IAAKA,CAAC,CAACjB,GAAG,KAAKY,kBACnB,CAAC;MAED,IAAI,CAACG,sBAAsB,EAAE;QAC3B,MAAM,IAAI5C,eAAe,CACtB,iBAAgByC,kBAAmB,uDAAsDD,CAAE,mCAAkC,EAC9H;UAAEO,UAAU,EAAEP,CAAC;UAAEX,GAAG,EAAEY;QAAmB,CAC3C,CAAC;MACH;MAEA,IACE,CAACG,sBAAsB,CAACI,GAAG,IAC3BJ,sBAAsB,CAACI,GAAG,CAAC7B,MAAM,KAAK,CAAC,EACvC;QACA,MAAM,IAAIjB,qBAAqB,CAC5B,iBAAgBuC,kBAAmB,0EAAyED,CAAE,GACjH,CAAC;MACH;;MAEA;MACA;MACA;MACA,MAAMS,eAAe,GACnBL,sBAAsB,CAACI,GAAG,CAAC7B,MAAM,GAAG,CAAC,IACrCyB,sBAAsB,CAACI,GAAG,CAACE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAKd,yBAAyB,GAC3DQ,sBAAsB,CAACI,GAAG,CAACG,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GACvCP,sBAAsB,CAACI,GAAG;MAEhC,MAAMI,oBAAiD,GACrD,MAAM7C,sBAAsB,CAC1B0C,eAAe,EACfb,yBAAyB,EACzBlB,WACF,CAAC;MAEH,IAAI,CAACkC,oBAAoB,CAACC,OAAO,EAAE;QACjC,MAAM,IAAI/C,mBAAmB,CAC1B,gEAA+DkC,CAAE,UAASC,kBAAmB,cAAaW,oBAAoB,CAACE,gBAAiB,YAAWF,oBAAoB,CAACG,YAAa,EAAC,EAC/L;UACER,UAAU,EAAEP,CAAC;UACbX,GAAG,EAAEY,kBAAkB;UACvBe,oBAAoB,EAAEJ,oBAAoB,CAACE,gBAAgB;UAC3DG,gBAAgB,EAAEL,oBAAoB,CAACG;QACzC,CACF,CAAC;MACH;MACA,OAAOZ,WAAW;IACpB,CAAC,CAAC;IAEF,OAAOe,OAAO,CAACC,GAAG,CAACtB,kBAAkB,CAAC;EACxC,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA,SAASuB,qBAAqBA,CAAAC,KAAA,EAGZ;EAAA,IAHa;IAC7BC,oBAAoB;IACpBC;EACa,CAAC,GAAAF,KAAA;EACd;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACE,OAAO,eAAeG,eAAeA,CACnC/C,KAAe,EAEI;IAAA,IADnBgD,QAA8B,GAAAC,SAAA,CAAA/C,MAAA,QAAA+C,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAGE,KAAK;IAEtC,OAAOV,OAAO,CAACC,GAAG,CAChB1C,KAAK,CAACqB,GAAG,CAAC,OAAOd,KAAK,EAAEC,KAAK,KAAK;MAChC,MAAM4C,OAAO,GAAGxE,MAAM,CAAC2B,KAAK,CAAC;MAE7B,MAAM8C,qBAAqB,GAAGR,oBAAoB,CAACS,SAAS,CAACF,OAAO,CAAC;MACrE,MAAMG,yBAAyB,GAC7BT,wBAAwB,CAACQ,SAAS,CAACF,OAAO,CAAC;MAE7C,IAAIG,yBAAyB,CAACC,OAAO,EAAE;QACrC,OAAOjE,4BAA4B,CACjCgE,yBAAyB,CAACE,IAAI,CAACxC,OAAO,CAACyC,GAAG,EAC1C;UAAEV;QAAS,CACb,CAAC;MACH;MACA,IAAIK,qBAAqB,CAACG,OAAO,EAAE;QACjC,MAAMG,eAAe,GAAGN,qBAAqB,CAACI,IAAI;QAElD,MAAMG,aAAa,GAAGD,eAAe,CAAC1C,OAAO,CAACyC,GAAG;QACjD,MAAMG,WAAW,GAAG,MAAMtE,4BAA4B,CACpDqE,aAAa,EACb;UAAEZ;QAAS,CACb,CAAC;QACD,MAAMc,QAAQ,GAAGhB,wBAAwB,CAACpC,KAAK,CAAC9B,MAAM,CAACiF,WAAW,CAAC,CAAC;QAEpE,MAAME,uBAAuB,GAC3BD,QAAQ,CAAC7C,OAAO,CAAC+C,QAAQ,CAACC,iBAAiB,CACxCC,yBAAyB;QAC9B,IAAI,CAACH,uBAAuB,EAAE;UAC5B,MAAM,IAAI/E,mCAAmC,CAC1C,gBAAe4E,aAAc,8DAA6DD,eAAe,CAAC1C,OAAO,CAACkD,GAAI,GAAE,EACzH;YACEC,aAAa,EAAET,eAAe,CAAC1C,OAAO,CAACkD,GAAG;YAC1CE,kBAAkB,EAAET;UACtB,CACF,CAAC;QACH;QACA,OAAOpE,wBAAwB,CAC7BuE,uBAAuB,EACvBJ,eAAe,CAAC1C,OAAO,CAACkD,GAAG,EAC3B;UAAEnB;QAAS,CACb,CAAC;MACH;MACA,MAAM,IAAI7D,sBAAsB,CAC7B,iDAAgDqB,KAAM,mBAAkB,EACzE;QAAE8D,aAAa,EAAEtE;MAAM,CACzB,CAAC;IACH,CAAC,CACH,CAAC;EACH,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASuE,sBAAsBA,CACpCC,MAAqB,EACS;EAC9B,OAAO,eAAeC,gBAAgBA,CACpC1E,iBAAiB,EACjBC,KAAK,EAOL;IAAA,IANAC,WAAW,GAAAgD,SAAA,CAAA/C,MAAA,QAAA+C,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAG;MACZyB,cAAc,EAAE,KAAK;MACrBC,WAAW,EAAE,KAAK;MAClBC,UAAU,EAAE;IACd,CAAC;IAAA,IACD;MAAE5B,QAAQ,GAAGG,KAAK;MAAE0B,WAAW,GAAG;IAAK,CAAC,GAAA5B,SAAA,CAAA/C,MAAA,QAAA+C,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAG,CAAC,CAAC;IAE7C,MAAMnD,kBAAkB,GAAGL,wBAAwB,CAAC+E,MAAM,CAAC;IAC3D,MAAMzB,eAAe,GAAGJ,qBAAqB,CAAC6B,MAAM,CAAC;IAErD,IAAI;MACF,OAAO,MAAM1E,kBAAkB,CAACC,iBAAiB,EAAEC,KAAK,EAAEC,WAAW,CAAC;IACxE,CAAC,CAAC,OAAO6E,KAAK,EAAE;MACd,IAAID,WAAW,EAAE;QACf,MAAME,YAAY,GAAG,MAAMhC,eAAe,CAAC/C,KAAK,EAAEgD,QAAQ,CAAC;QAC3D,OAAOlD,kBAAkB,CAACC,iBAAiB,EAAEgF,YAAY,EAAE9E,WAAW,CAAC;MACzE,CAAC,MAAM;QACL,MAAM6E,KAAK;MACb;IACF;EACF,CAAC;AACH"}

package/lib/module/trust/index.js CHANGED Viewed

@@ -1,6 +1,4 @@
-import * as Build from "./build-chain";
-import * as Verify from "./verify-chain";
-import * as Errors from "./errors";
-import * as Types from "./types";
-export { Build, Verify, Errors, Types };
+import * as Errors from "./common/errors";
+export { Errors };
+export { Trust as V1_0_0 } from "./v1.0.0";
 //# sourceMappingURL=index.js.map

package/lib/module/trust/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["~~Build~~","~~Verify~~","~~Errors~~"~~,"Types"~~],"sourceRoot":"../../../src","sources":["trust/index.ts"],"mappings":"AAAA,OAAO,KAAKA,~~KAAK,~~MAAM,~~eAAe;AACtC,OAAO,KAAKC,~~MAAM,~~MAAM,gBAAgB~~;~~AACxC~~,~~OAAO~~,~~KAAKC,~~MAAM~~,MAAM,UAAU~~;~~AAClC~~,~~OAAO~~,~~KAAKC,~~KAAK,~~MAAM~~,~~SAAS;AAEhC,SAASH,KAAK,EAAEC,~~MAAM,~~EAAEC~~,~~MAAM,EAAEC,KAAK~~"}
1	+ {"version":3,"names":["Errors","Trust","V1_0_0"],"sourceRoot":"../../../src","sources":["trust/index.ts"],"mappings":"AAAA,OAAO,KAAKA,MAAM,MAAM,iBAAiB;AACzC,SAASA,MAAM;AAEf,SAASC,KAAK,IAAIC,MAAM,QAAQ,UAAU"}

package/lib/module/trust/v1.0.0/build-chain.js ADDED Viewed

@@ -0,0 +1,8 @@
+import { createBuildTrustChain } from "../common/build-chain";
+import { EntityStatement } from "../common/types";
+import { EntityConfiguration } from "./types";
+export const buildTrustChain = createBuildTrustChain({
+  EntityStatementShape: EntityStatement,
+  EntityConfigurationShape: EntityConfiguration
+});
+//# sourceMappingURL=build-chain.js.map

package/lib/module/trust/v1.0.0/build-chain.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["createBuildTrustChain","EntityStatement","EntityConfiguration","buildTrustChain","EntityStatementShape","EntityConfigurationShape"],"sourceRoot":"../../../../src","sources":["trust/v1.0.0/build-chain.ts"],"mappings":"AAAA,SAASA,qBAAqB,QAAQ,uBAAuB;AAC7D,SAASC,eAAe,QAAQ,iBAAiB;AACjD,SAASC,mBAAmB,QAAQ,SAAS;AAE7C,OAAO,MAAMC,eAAe,GAAGH,qBAAqB,CAAC;EACnDI,oBAAoB,EAAEH,eAAe;EACrCI,wBAAwB,EAAEH;AAC5B,CAAC,CAAC"}

package/lib/module/trust/v1.0.0/entities.js ADDED Viewed

@@ -0,0 +1,41 @@
+import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
+import { WalletProviderEntityConfiguration, CredentialIssuerEntityConfiguration, EntityConfiguration, RelyingPartyEntityConfiguration, TrustAnchorEntityConfiguration } from "./types";
+import { getSignedEntityConfiguration } from "../common/utils";
+/**
+ * Fetch and parse the entity configuration document for a given federation entity.
+ * This is an inner method to serve public interfaces.
+ * @version 1.0.0
+ *
+ * To add another entity configuration type (example: Foo entity type):
+ *  - create its zod schema and type by inherit from the base type (example: FooEntityConfiguration = BaseEntityConfiguration.and(...))
+ *  - add such type to EntityConfiguration union
+ *  - create a public function which use such type (example: getFooEntityConfiguration = (url, options) => Promise<FooEntityConfiguration>)
+ *
+ * @param entityBaseUrl The base url of the entity.
+ * @param schema The expected schema of the entity configuration, according to the kind of entity we are fetching from.
+ * @param options An optional object with additional options.
+ * @param options.appFetch An optional instance of the http client to be used.
+ * @returns The parsed entity configuration object
+ * @throws {IoWalletError} If the http request fails
+ * @throws Parse error if the document is not in the expected shape.
+ */
+async function fetchAndParseEntityConfiguration(entityBaseUrl, schema) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
+  const responseText = await getSignedEntityConfiguration(entityBaseUrl, {
+    appFetch
+  });
+  const responseJwt = decodeJwt(responseText);
+  return schema.parse({
+    header: responseJwt.protectedHeader,
+    payload: responseJwt.payload
+  });
+}
+export const getWalletProviderEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, WalletProviderEntityConfiguration, options);
+export const getCredentialIssuerEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, CredentialIssuerEntityConfiguration, options);
+export const getTrustAnchorEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, TrustAnchorEntityConfiguration, options);
+export const getRelyingPartyEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, RelyingPartyEntityConfiguration, options);
+export const getEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, EntityConfiguration, options);
+//# sourceMappingURL=entities.js.map

package/lib/module/trust/v1.0.0/entities.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["decode","decodeJwt","WalletProviderEntityConfiguration","CredentialIssuerEntityConfiguration","EntityConfiguration","RelyingPartyEntityConfiguration","TrustAnchorEntityConfiguration","getSignedEntityConfiguration","fetchAndParseEntityConfiguration","entityBaseUrl","schema","appFetch","fetch","arguments","length","undefined","responseText","responseJwt","parse","header","protectedHeader","payload","getWalletProviderEntityConfiguration","options","getCredentialIssuerEntityConfiguration","getTrustAnchorEntityConfiguration","getRelyingPartyEntityConfiguration","getEntityConfiguration"],"sourceRoot":"../../../../src","sources":["trust/v1.0.0/entities.ts"],"mappings":"AAAA,SAASA,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SACEC,iCAAiC,EACjCC,mCAAmC,EACnCC,mBAAmB,EACnBC,+BAA+B,EAC/BC,8BAA8B,QACzB,SAAS;AAEhB,SACEC,4BAA4B,QAEvB,iBAAiB;;AAExB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeC,gCAAgCA,CAC7CC,aAAqB,EACrBC,MAAoB,EAER;EAAA,IADZ;IAAEC,QAAQ,GAAGC;EAAoB,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEvC,MAAMG,YAAY,GAAG,MAAMT,4BAA4B,CAACE,aAAa,EAAE;IACrEE;EACF,CAAC,CAAC;EAEF,MAAMM,WAAW,GAAGhB,SAAS,CAACe,YAAY,CAAC;EAC3C,OAAON,MAAM,CAACQ,KAAK,CAAC;IAClBC,MAAM,EAAEF,WAAW,CAACG,eAAe;IACnCC,OAAO,EAAEJ,WAAW,CAACI;EACvB,CAAC,CAAC;AACJ;AAEA,OAAO,MAAMC,oCAAoC,GAAGA,CAClDb,aAAqB,EACrBc,OAAsB,KAEtBf,gCAAgC,CAC9BC,aAAa,EACbP,iCAAiC,EACjCqB,OACF,CAAC;AAEH,OAAO,MAAMC,sCAAsC,GAAGA,CACpDf,aAAqB,EACrBc,OAAsB,KAEtBf,gCAAgC,CAC9BC,aAAa,EACbN,mCAAmC,EACnCoB,OACF,CAAC;AAEH,OAAO,MAAME,iCAAiC,GAAGA,CAC/ChB,aAAqB,EACrBc,OAAsB,KAEtBf,gCAAgC,CAC9BC,aAAa,EACbH,8BAA8B,EAC9BiB,OACF,CAAC;AAEH,OAAO,MAAMG,kCAAkC,GAAGA,CAChDjB,aAAqB,EACrBc,OAAsB,KAEtBf,gCAAgC,CAC9BC,aAAa,EACbJ,+BAA+B,EAC/BkB,OACF,CAAC;AAEH,OAAO,MAAMI,sBAAsB,GAAGA,CACpClB,aAAqB,EACrBc,OAAsB,KAEtBf,gCAAgC,CAACC,aAAa,EAAEL,mBAAmB,EAAEmB,OAAO,CAAC"}

package/lib/module/trust/v1.0.0/index.js ADDED Viewed

@@ -0,0 +1,11 @@
+import { getTrustAnchorEntityConfiguration } from "./entities";
+import { withMapperAsync } from "../../utils/mappers";
+import { mapToTrustAnchorConfig } from "./mappers";
+import { buildTrustChain } from "./build-chain";
+import { verifyTrustChain } from "./verify-chain";
+export const Trust = {
+  getTrustAnchorEntityConfiguration: withMapperAsync(mapToTrustAnchorConfig, getTrustAnchorEntityConfiguration),
+  buildTrustChain,
+  verifyTrustChain
+};
+//# sourceMappingURL=index.js.map

package/lib/module/trust/v1.0.0/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["getTrustAnchorEntityConfiguration","withMapperAsync","mapToTrustAnchorConfig","buildTrustChain","verifyTrustChain","Trust"],"sourceRoot":"../../../../src","sources":["trust/v1.0.0/index.ts"],"mappings":"AACA,SAASA,iCAAiC,QAAQ,YAAY;AAC9D,SAASC,eAAe,QAAQ,qBAAqB;AACrD,SAASC,sBAAsB,QAAQ,WAAW;AAClD,SAASC,eAAe,QAAQ,eAAe;AAC/C,SAASC,gBAAgB,QAAQ,gBAAgB;AAEjD,OAAO,MAAMC,KAAe,GAAG;EAC7BL,iCAAiC,EAAEC,eAAe,CAChDC,sBAAsB,EACtBF,iCACF,CAAC;EACDG,eAAe;EACfC;AACF,CAAC"}

package/lib/module/trust/v1.0.0/mappers.js ADDED Viewed

@@ -0,0 +1,14 @@
+import { createMapper } from "../../utils/mappers";
+export const mapToTrustAnchorConfig = createMapper(x => {
+  const {
+    federation_entity
+  } = x.payload.metadata;
+  return {
+    jwt: {
+      header: x.header
+    },
+    keys: x.payload.jwks.keys,
+    federation_entity
+  };
+});
+//# sourceMappingURL=mappers.js.map

package/lib/module/trust/v1.0.0/mappers.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["createMapper","mapToTrustAnchorConfig","x","federation_entity","payload","metadata","jwt","header","keys","jwks"],"sourceRoot":"../../../../src","sources":["trust/v1.0.0/mappers.ts"],"mappings":"AAAA,SAASA,YAAY,QAAQ,qBAAqB;AAIlD,OAAO,MAAMC,sBAAsB,GAAGD,YAAY,CAG/CE,CAAC,IAAK;EACP,MAAM;IAAEC;EAAkB,CAAC,GAAGD,CAAC,CAACE,OAAO,CAACC,QAAQ;EAChD,OAAO;IACLC,GAAG,EAAE;MAAEC,MAAM,EAAEL,CAAC,CAACK;IAAO,CAAC;IACzBC,IAAI,EAAEN,CAAC,CAACE,OAAO,CAACK,IAAI,CAACD,IAAI;IACzBL;EACF,CAAC;AACH,CAAC,CAAC"}

package/lib/module/trust/v1.0.0/types.js ADDED Viewed

@@ -0,0 +1,150 @@
+import * as z from "zod";
+import { JWK } from "../../utils/jwk";
+import { BaseEntityConfiguration } from "../common/types";
+import { jsonWebKeySchema } from "@openid-federation/core";
+const RelyingPartyMetadata = z.object({
+  application_type: z.string().optional(),
+  client_id: z.string().optional(),
+  client_name: z.string().optional(),
+  jwks: z.object({
+    keys: z.array(jsonWebKeySchema)
+  }),
+  contacts: z.array(z.string()).optional(),
+  request_uris: z.array(z.string()).optional(),
+  authorization_signed_response_alg: z.string().optional(),
+  authorization_encrypted_response_alg: z.string().optional(),
+  authorization_encrypted_response_enc: z.string().optional()
+});
+// Display metadata for a credential, used by the issuer to
+// instruct the Wallet Solution on how to render the credential correctly
+const CredentialDisplayMetadata = z.object({
+  name: z.string(),
+  locale: z.string()
+});
+// Metadata for displaying issuer information
+const CredentialIssuerDisplayMetadata = z.object({
+  name: z.string(),
+  locale: z.string()
+});
+const ClaimsMetadata = z.object({
+  path: z.array(z.union([z.string(), z.number(), z.null()])),
+  // https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-15.html#name-claims-path-pointer
+  display: z.array(CredentialDisplayMetadata)
+});
+const IssuanceErrorSupported = z.object({
+  display: z.array(z.object({
+    title: z.string(),
+    description: z.string(),
+    locale: z.string()
+  }))
+});
+// Metadata for a credential which is supported by an Issuer
+const SupportedCredentialMetadata = z.intersection(z.discriminatedUnion("format", [z.object({
+  format: z.literal("dc+sd-jwt"),
+  vct: z.string()
+}), z.object({
+  format: z.literal("mso_mdoc"),
+  doctype: z.string()
+})]), z.object({
+  scope: z.string(),
+  display: z.array(CredentialDisplayMetadata),
+  claims: z.array(ClaimsMetadata),
+  cryptographic_binding_methods_supported: z.array(z.string()),
+  credential_signing_alg_values_supported: z.array(z.string()),
+  authentic_source: z.string().optional(),
+  issuance_errors_supported: z.record(IssuanceErrorSupported).optional()
+}));
+// Entity configuration for a Trust Anchor (it has no specific metadata section)
+export const TrustAnchorEntityConfiguration = BaseEntityConfiguration;
+// Entity configuration for a Credential Issuer
+export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(z.object({
+  payload: z.object({
+    jwks: z.object({
+      keys: z.array(JWK)
+    }),
+    metadata: z.object({
+      openid_credential_issuer: z.object({
+        credential_issuer: z.string(),
+        credential_endpoint: z.string(),
+        revocation_endpoint: z.string().optional(),
+        nonce_endpoint: z.string(),
+        status_attestation_endpoint: z.string(),
+        display: z.array(CredentialIssuerDisplayMetadata),
+        credential_configurations_supported: z.record(SupportedCredentialMetadata),
+        jwks: z.object({
+          keys: z.array(JWK)
+        }),
+        trust_frameworks_supported: z.array(z.string()),
+        evidence_supported: z.array(z.string())
+      }),
+      oauth_authorization_server: z.object({
+        authorization_endpoint: z.string(),
+        pushed_authorization_request_endpoint: z.string(),
+        token_endpoint: z.string(),
+        client_registration_types_supported: z.array(z.string()),
+        code_challenge_methods_supported: z.array(z.string()),
+        acr_values_supported: z.array(z.string()),
+        grant_types_supported: z.array(z.string()),
+        issuer: z.string(),
+        jwks: z.object({
+          keys: z.array(JWK)
+        }),
+        scopes_supported: z.array(z.string()),
+        response_modes_supported: z.array(z.string()),
+        token_endpoint_auth_methods_supported: z.array(z.string()),
+        token_endpoint_auth_signing_alg_values_supported: z.array(z.string()),
+        request_object_signing_alg_values_supported: z.array(z.string())
+      }),
+      /**
+       * Credential Issuers act as Relying Party when they require the presentation of other credentials.
+       * This does not apply for PID issuance, which requires CIE authz.
+       */
+      openid_credential_verifier: RelyingPartyMetadata.optional()
+    })
+  })
+}));
+// Entity configuration for a Relying Party
+export const RelyingPartyEntityConfiguration = BaseEntityConfiguration.and(z.object({
+  payload: z.object({
+    metadata: z.object({
+      openid_credential_verifier: RelyingPartyMetadata
+    })
+  })
+}));
+// Entity configuration for a Wallet Provider
+export const WalletProviderEntityConfiguration = BaseEntityConfiguration.and(z.object({
+  payload: z.object({
+    metadata: z.object({
+      wallet_provider: z.object({
+        token_endpoint: z.string(),
+        aal_values_supported: z.array(z.string()).optional(),
+        grant_types_supported: z.array(z.string()),
+        token_endpoint_auth_methods_supported: z.array(z.string()),
+        token_endpoint_auth_signing_alg_values_supported: z.array(z.string()),
+        jwks: z.object({
+          keys: z.array(JWK)
+        })
+      }).passthrough()
+    })
+  })
+}));
+// Maps any entity configuration by the union of every possible shapes
+export const EntityConfiguration = z.union([WalletProviderEntityConfiguration, CredentialIssuerEntityConfiguration, TrustAnchorEntityConfiguration, RelyingPartyEntityConfiguration], {
+  description: "Any kind of Entity Configuration allowed in the ecosystem"
+});
+//# sourceMappingURL=types.js.map

package/lib/module/trust/v1.0.0/types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["z","JWK","BaseEntityConfiguration","jsonWebKeySchema","RelyingPartyMetadata","object","application_type","string","optional","client_id","client_name","jwks","keys","array","contacts","request_uris","authorization_signed_response_alg","authorization_encrypted_response_alg","authorization_encrypted_response_enc","CredentialDisplayMetadata","name","locale","CredentialIssuerDisplayMetadata","ClaimsMetadata","path","union","number","null","display","IssuanceErrorSupported","title","description","SupportedCredentialMetadata","intersection","discriminatedUnion","format","literal","vct","doctype","scope","claims","cryptographic_binding_methods_supported","credential_signing_alg_values_supported","authentic_source","issuance_errors_supported","record","TrustAnchorEntityConfiguration","CredentialIssuerEntityConfiguration","and","payload","metadata","openid_credential_issuer","credential_issuer","credential_endpoint","revocation_endpoint","nonce_endpoint","status_attestation_endpoint","credential_configurations_supported","trust_frameworks_supported","evidence_supported","oauth_authorization_server","authorization_endpoint","pushed_authorization_request_endpoint","token_endpoint","client_registration_types_supported","code_challenge_methods_supported","acr_values_supported","grant_types_supported","issuer","scopes_supported","response_modes_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","request_object_signing_alg_values_supported","openid_credential_verifier","RelyingPartyEntityConfiguration","WalletProviderEntityConfiguration","wallet_provider","aal_values_supported","passthrough","EntityConfiguration"],"sourceRoot":"../../../../src","sources":["trust/v1.0.0/types.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,GAAG,QAAQ,iBAAiB;AACrC,SAASC,uBAAuB,QAAQ,iBAAiB;AACzD,SAASC,gBAAgB,QAAQ,yBAAyB;AAE1D,MAAMC,oBAAoB,GAAGJ,CAAC,CAACK,MAAM,CAAC;EACpCC,gBAAgB,EAAEN,CAAC,CAACO,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACvCC,SAAS,EAAET,CAAC,CAACO,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAChCE,WAAW,EAAEV,CAAC,CAACO,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAClCG,IAAI,EAAEX,CAAC,CAACK,MAAM,CAAC;IACbO,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACV,gBAAgB;EAChC,CAAC,CAAC;EACFW,QAAQ,EAAEd,CAAC,CAACa,KAAK,CAACb,CAAC,CAACO,MAAM,CAAC,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxCO,YAAY,EAAEf,CAAC,CAACa,KAAK,CAACb,CAAC,CAACO,MAAM,CAAC,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC5CQ,iCAAiC,EAAEhB,CAAC,CAACO,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxDS,oCAAoC,EAAEjB,CAAC,CAACO,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC3DU,oCAAoC,EAAElB,CAAC,CAACO,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC;AAC5D,CAAC,CAAC;;AAEF;AACA;AAEA,MAAMW,yBAAyB,GAAGnB,CAAC,CAACK,MAAM,CAAC;EACzCe,IAAI,EAAEpB,CAAC,CAACO,MAAM,CAAC,CAAC;EAChBc,MAAM,EAAErB,CAAC,CAACO,MAAM,CAAC;AACnB,CAAC,CAAC;;AAEF;;AAIA,MAAMe,+BAA+B,GAAGtB,CAAC,CAACK,MAAM,CAAC;EAC/Ce,IAAI,EAAEpB,CAAC,CAACO,MAAM,CAAC,CAAC;EAChBc,MAAM,EAAErB,CAAC,CAACO,MAAM,CAAC;AACnB,CAAC,CAAC;AAGF,MAAMgB,cAAc,GAAGvB,CAAC,CAACK,MAAM,CAAC;EAC9BmB,IAAI,EAAExB,CAAC,CAACa,KAAK,CAACb,CAAC,CAACyB,KAAK,CAAC,CAACzB,CAAC,CAACO,MAAM,CAAC,CAAC,EAAEP,CAAC,CAAC0B,MAAM,CAAC,CAAC,EAAE1B,CAAC,CAAC2B,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;EAAE;EAC5DC,OAAO,EAAE5B,CAAC,CAACa,KAAK,CAACM,yBAAyB;AAC5C,CAAC,CAAC;AAGF,MAAMU,sBAAsB,GAAG7B,CAAC,CAACK,MAAM,CAAC;EACtCuB,OAAO,EAAE5B,CAAC,CAACa,KAAK,CACdb,CAAC,CAACK,MAAM,CAAC;IACPyB,KAAK,EAAE9B,CAAC,CAACO,MAAM,CAAC,CAAC;IACjBwB,WAAW,EAAE/B,CAAC,CAACO,MAAM,CAAC,CAAC;IACvBc,MAAM,EAAErB,CAAC,CAACO,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;;AAEF;;AAEA,MAAMyB,2BAA2B,GAAGhC,CAAC,CAACiC,YAAY,CAChDjC,CAAC,CAACkC,kBAAkB,CAAC,QAAQ,EAAE,CAC7BlC,CAAC,CAACK,MAAM,CAAC;EAAE8B,MAAM,EAAEnC,CAAC,CAACoC,OAAO,CAAC,WAAW,CAAC;EAAEC,GAAG,EAAErC,CAAC,CAACO,MAAM,CAAC;AAAE,CAAC,CAAC,EAC7DP,CAAC,CAACK,MAAM,CAAC;EAAE8B,MAAM,EAAEnC,CAAC,CAACoC,OAAO,CAAC,UAAU,CAAC;EAAEE,OAAO,EAAEtC,CAAC,CAACO,MAAM,CAAC;AAAE,CAAC,CAAC,CACjE,CAAC,EACFP,CAAC,CAACK,MAAM,CAAC;EACPkC,KAAK,EAAEvC,CAAC,CAACO,MAAM,CAAC,CAAC;EACjBqB,OAAO,EAAE5B,CAAC,CAACa,KAAK,CAACM,yBAAyB,CAAC;EAC3CqB,MAAM,EAAExC,CAAC,CAACa,KAAK,CAACU,cAAc,CAAC;EAC/BkB,uCAAuC,EAAEzC,CAAC,CAACa,KAAK,CAACb,CAAC,CAACO,MAAM,CAAC,CAAC,CAAC;EAC5DmC,uCAAuC,EAAE1C,CAAC,CAACa,KAAK,CAACb,CAAC,CAACO,MAAM,CAAC,CAAC,CAAC;EAC5DoC,gBAAgB,EAAE3C,CAAC,CAACO,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACvCoC,yBAAyB,EAAE5C,CAAC,CAAC6C,MAAM,CAAChB,sBAAsB,CAAC,CAACrB,QAAQ,CAAC;AACvE,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAMsC,8BAA8B,GAAG5C,uBAAuB;;AAErE;;AAIA,OAAO,MAAM6C,mCAAmC,GAAG7C,uBAAuB,CAAC8C,GAAG,CAC5EhD,CAAC,CAACK,MAAM,CAAC;EACP4C,OAAO,EAAEjD,CAAC,CAACK,MAAM,CAAC;IAChBM,IAAI,EAAEX,CAAC,CAACK,MAAM,CAAC;MAAEO,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACZ,GAAG;IAAE,CAAC,CAAC;IACtCiD,QAAQ,EAAElD,CAAC,CAACK,MAAM,CAAC;MACjB8C,wBAAwB,EAAEnD,CAAC,CAACK,MAAM,CAAC;QACjC+C,iBAAiB,EAAEpD,CAAC,CAACO,MAAM,CAAC,CAAC;QAC7B8C,mBAAmB,EAAErD,CAAC,CAACO,MAAM,CAAC,CAAC;QAC/B+C,mBAAmB,EAAEtD,CAAC,CAACO,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;QAC1C+C,cAAc,EAAEvD,CAAC,CAACO,MAAM,CAAC,CAAC;QAC1BiD,2BAA2B,EAAExD,CAAC,CAACO,MAAM,CAAC,CAAC;QACvCqB,OAAO,EAAE5B,CAAC,CAACa,KAAK,CAACS,+BAA+B,CAAC;QACjDmC,mCAAmC,EAAEzD,CAAC,CAAC6C,MAAM,CAC3Cb,2BACF,CAAC;QACDrB,IAAI,EAAEX,CAAC,CAACK,MAAM,CAAC;UAAEO,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACZ,GAAG;QAAE,CAAC,CAAC;QACtCyD,0BAA0B,EAAE1D,CAAC,CAACa,KAAK,CAACb,CAAC,CAACO,MAAM,CAAC,CAAC,CAAC;QAC/CoD,kBAAkB,EAAE3D,CAAC,CAACa,KAAK,CAACb,CAAC,CAACO,MAAM,CAAC,CAAC;MACxC,CAAC,CAAC;MACFqD,0BAA0B,EAAE5D,CAAC,CAACK,MAAM,CAAC;QACnCwD,sBAAsB,EAAE7D,CAAC,CAACO,MAAM,CAAC,CAAC;QAClCuD,qCAAqC,EAAE9D,CAAC,CAACO,MAAM,CAAC,CAAC;QACjDwD,cAAc,EAAE/D,CAAC,CAACO,MAAM,CAAC,CAAC;QAC1ByD,mCAAmC,EAAEhE,CAAC,CAACa,KAAK,CAACb,CAAC,CAACO,MAAM,CAAC,CAAC,CAAC;QACxD0D,gCAAgC,EAAEjE,CAAC,CAACa,KAAK,CAACb,CAAC,CAACO,MAAM,CAAC,CAAC,CAAC;QACrD2D,oBAAoB,EAAElE,CAAC,CAACa,KAAK,CAACb,CAAC,CAACO,MAAM,CAAC,CAAC,CAAC;QACzC4D,qBAAqB,EAAEnE,CAAC,CAACa,KAAK,CAACb,CAAC,CAACO,MAAM,CAAC,CAAC,CAAC;QAC1C6D,MAAM,EAAEpE,CAAC,CAACO,MAAM,CAAC,CAAC;QAClBI,IAAI,EAAEX,CAAC,CAACK,MAAM,CAAC;UAAEO,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACZ,GAAG;QAAE,CAAC,CAAC;QACtCoE,gBAAgB,EAAErE,CAAC,CAACa,KAAK,CAACb,CAAC,CAACO,MAAM,CAAC,CAAC,CAAC;QACrC+D,wBAAwB,EAAEtE,CAAC,CAACa,KAAK,CAACb,CAAC,CAACO,MAAM,CAAC,CAAC,CAAC;QAC7CgE,qCAAqC,EAAEvE,CAAC,CAACa,KAAK,CAACb,CAAC,CAACO,MAAM,CAAC,CAAC,CAAC;QAC1DiE,gDAAgD,EAAExE,CAAC,CAACa,KAAK,CAACb,CAAC,CAACO,MAAM,CAAC,CAAC,CAAC;QACrEkE,2CAA2C,EAAEzE,CAAC,CAACa,KAAK,CAACb,CAAC,CAACO,MAAM,CAAC,CAAC;MACjE,CAAC,CAAC;MACF;AACR;AACA;AACA;MACQmE,0BAA0B,EAAEtE,oBAAoB,CAACI,QAAQ,CAAC;IAC5D,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAMmE,+BAA+B,GAAGzE,uBAAuB,CAAC8C,GAAG,CACxEhD,CAAC,CAACK,MAAM,CAAC;EACP4C,OAAO,EAAEjD,CAAC,CAACK,MAAM,CAAC;IAChB6C,QAAQ,EAAElD,CAAC,CAACK,MAAM,CAAC;MACjBqE,0BAA0B,EAAEtE;IAC9B,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAMwE,iCAAiC,GAAG1E,uBAAuB,CAAC8C,GAAG,CAC1EhD,CAAC,CAACK,MAAM,CAAC;EACP4C,OAAO,EAAEjD,CAAC,CAACK,MAAM,CAAC;IAChB6C,QAAQ,EAAElD,CAAC,CAACK,MAAM,CAAC;MACjBwE,eAAe,EAAE7E,CAAC,CACfK,MAAM,CAAC;QACN0D,cAAc,EAAE/D,CAAC,CAACO,MAAM,CAAC,CAAC;QAC1BuE,oBAAoB,EAAE9E,CAAC,CAACa,KAAK,CAACb,CAAC,CAACO,MAAM,CAAC,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;QACpD2D,qBAAqB,EAAEnE,CAAC,CAACa,KAAK,CAACb,CAAC,CAACO,MAAM,CAAC,CAAC,CAAC;QAC1CgE,qCAAqC,EAAEvE,CAAC,CAACa,KAAK,CAACb,CAAC,CAACO,MAAM,CAAC,CAAC,CAAC;QAC1DiE,gDAAgD,EAAExE,CAAC,CAACa,KAAK,CACvDb,CAAC,CAACO,MAAM,CAAC,CACX,CAAC;QACDI,IAAI,EAAEX,CAAC,CAACK,MAAM,CAAC;UAAEO,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACZ,GAAG;QAAE,CAAC;MACvC,CAAC,CAAC,CACD8E,WAAW,CAAC;IACjB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAEA,OAAO,MAAMC,mBAAmB,GAAGhF,CAAC,CAACyB,KAAK,CACxC,CACEmD,iCAAiC,EACjC7B,mCAAmC,EACnCD,8BAA8B,EAC9B6B,+BAA+B,CAChC,EACD;EACE5C,WAAW,EAAE;AACf,CACF,CAAC"}

package/lib/module/trust/v1.0.0/verify-chain.js ADDED Viewed

@@ -0,0 +1,12 @@
+import { z } from "zod";
+import { EntityStatement } from "../common/types";
+import { createVerifyTrustChain } from "../common/verify-chain";
+import { EntityConfiguration, TrustAnchorEntityConfiguration } from "./types";
+export const verifyTrustChain = createVerifyTrustChain({
+  EntityStatementShape: EntityStatement,
+  EntityConfigurationShape: EntityConfiguration,
+  FirstElementShape: EntityConfiguration,
+  MiddleElementShape: EntityStatement,
+  LastElementShape: z.union([EntityStatement, TrustAnchorEntityConfiguration])
+});
+//# sourceMappingURL=verify-chain.js.map

package/lib/module/trust/v1.0.0/verify-chain.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["z","EntityStatement","createVerifyTrustChain","EntityConfiguration","TrustAnchorEntityConfiguration","verifyTrustChain","EntityStatementShape","EntityConfigurationShape","FirstElementShape","MiddleElementShape","LastElementShape","union"],"sourceRoot":"../../../../src","sources":["trust/v1.0.0/verify-chain.ts"],"mappings":"AAAA,SAASA,CAAC,QAAQ,KAAK;AACvB,SAASC,eAAe,QAAQ,iBAAiB;AACjD,SAASC,sBAAsB,QAAQ,wBAAwB;AAC/D,SAASC,mBAAmB,EAAEC,8BAA8B,QAAQ,SAAS;AAE7E,OAAO,MAAMC,gBAAgB,GAAGH,sBAAsB,CAAC;EACrDI,oBAAoB,EAAEL,eAAe;EACrCM,wBAAwB,EAAEJ,mBAAmB;EAC7CK,iBAAiB,EAAEL,mBAAmB;EACtCM,kBAAkB,EAAER,eAAe;EACnCS,gBAAgB,EAAEV,CAAC,CAACW,KAAK,CAAC,CAACV,eAAe,EAAEG,8BAA8B,CAAC;AAC7E,CAAC,CAAC"}

package/lib/module/trust/v1.3.3/entities.js ADDED Viewed

@@ -0,0 +1,37 @@
+import { getSignedEntityConfiguration } from "../common/utils";
+import { RelyingPartyEntityConfiguration } from "./types";
+import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
+/**
+ * Fetch and parse the entity configuration document for a given federation entity.
+ * This is an inner method to serve public interfaces.
+ * @version 1.3.3
+ *
+ * To add another entity configuration type (example: Foo entity type):
+ *  - create its zod schema and type by inherit from the base type (example: FooEntityConfiguration = BaseEntityConfiguration.and(...))
+ *  - add such type to EntityConfiguration union
+ *  - create a public function which use such type (example: getFooEntityConfiguration = (url, options) => Promise<FooEntityConfiguration>)
+ *
+ * @param entityBaseUrl The base url of the entity.
+ * @param schema The expected schema of the entity configuration, according to the kind of entity we are fetching from.
+ * @param options An optional object with additional options.
+ * @param options.appFetch An optional instance of the http client to be used.
+ * @returns The parsed entity configuration object
+ * @throws {IoWalletError} If the http request fails
+ * @throws Parse error if the document is not in the expected shape.
+ */
+async function fetchAndParseEntityConfiguration(entityBaseUrl, schema) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
+  const responseText = await getSignedEntityConfiguration(entityBaseUrl, {
+    appFetch
+  });
+  const responseJwt = decodeJwt(responseText);
+  return schema.parse({
+    header: responseJwt.protectedHeader,
+    payload: responseJwt.payload
+  });
+}
+export const getRelyingPartyEntityConfiguration = (entityBaseUrl, options) => fetchAndParseEntityConfiguration(entityBaseUrl, RelyingPartyEntityConfiguration, options);
+//# sourceMappingURL=entities.js.map

package/lib/module/trust/v1.3.3/entities.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["getSignedEntityConfiguration","RelyingPartyEntityConfiguration","decode","decodeJwt","fetchAndParseEntityConfiguration","entityBaseUrl","schema","appFetch","fetch","arguments","length","undefined","responseText","responseJwt","parse","header","protectedHeader","payload","getRelyingPartyEntityConfiguration","options"],"sourceRoot":"../../../../src","sources":["trust/v1.3.3/entities.ts"],"mappings":"AACA,SAEEA,4BAA4B,QACvB,iBAAiB;AACxB,SAA8BC,+BAA+B,QAAQ,SAAS;AAC9E,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;;AAEjE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeC,gCAAgCA,CAC7CC,aAAqB,EACrBC,MAAoB,EAER;EAAA,IADZ;IAAEC,QAAQ,GAAGC;EAAoB,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEvC,MAAMG,YAAY,GAAG,MAAMZ,4BAA4B,CAACK,aAAa,EAAE;IACrEE;EACF,CAAC,CAAC;EAEF,MAAMM,WAAW,GAAGV,SAAS,CAACS,YAAY,CAAC;EAC3C,OAAON,MAAM,CAACQ,KAAK,CAAC;IAClBC,MAAM,EAAEF,WAAW,CAACG,eAAe;IACnCC,OAAO,EAAEJ,WAAW,CAACI;EACvB,CAAC,CAAC;AACJ;AAEA,OAAO,MAAMC,kCAAkC,GAAGA,CAChDb,aAAqB,EACrBc,OAAsB,KAEtBf,gCAAgC,CAC9BC,aAAa,EACbJ,+BAA+B,EAC/BkB,OACF,CAAC"}

package/lib/module/trust/v1.3.3/types.js ADDED Viewed

@@ -0,0 +1,46 @@
+import * as z from "zod";
+import { JWK } from "../../utils/jwk";
+import { BaseEntityConfiguration } from "../common/types";
+import { itWalletCredentialIssuerMetadataV1_3, itWalletAuthorizationServerMetadataV1_3, itWalletSolutionEntityMetadataV1_3, itWalletCredentialVerifierMetadataV1_3 } from "@pagopa/io-wallet-oid-federation";
+// Entity configuration for a Credential Issuer
+export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(z.object({
+  payload: z.object({
+    jwks: z.object({
+      keys: z.array(JWK)
+    }),
+    metadata: z.object({
+      openid_credential_issuer: itWalletCredentialIssuerMetadataV1_3,
+      oauth_authorization_server: itWalletAuthorizationServerMetadataV1_3,
+      openid_credential_verifier: itWalletCredentialVerifierMetadataV1_3.optional()
+    })
+  })
+}));
+// Entity configuration for a Relying Party
+export const RelyingPartyEntityConfiguration = BaseEntityConfiguration.and(z.object({
+  payload: z.object({
+    metadata: z.object({
+      openid_credential_verifier: itWalletCredentialVerifierMetadataV1_3
+    })
+  })
+}));
+// Entity configuration for a Wallet Provider
+export const WalletProviderEntityConfiguration = BaseEntityConfiguration.and(z.object({
+  payload: z.object({
+    metadata: z.object({
+      wallet_solution: itWalletSolutionEntityMetadataV1_3
+    })
+  })
+}));
+// Maps any entity configuration by the union of every possible shapes
+export const EntityConfiguration = z.union([WalletProviderEntityConfiguration, CredentialIssuerEntityConfiguration, RelyingPartyEntityConfiguration], {
+  description: "Any kind of Entity Configuration allowed in the ecosystem"
+});
+//# sourceMappingURL=types.js.map

package/lib/module/trust/v1.3.3/types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["z","JWK","BaseEntityConfiguration","itWalletCredentialIssuerMetadataV1_3","itWalletAuthorizationServerMetadataV1_3","itWalletSolutionEntityMetadataV1_3","itWalletCredentialVerifierMetadataV1_3","CredentialIssuerEntityConfiguration","and","object","payload","jwks","keys","array","metadata","openid_credential_issuer","oauth_authorization_server","openid_credential_verifier","optional","RelyingPartyEntityConfiguration","WalletProviderEntityConfiguration","wallet_solution","EntityConfiguration","union","description"],"sourceRoot":"../../../../src","sources":["trust/v1.3.3/types.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,GAAG,QAAQ,iBAAiB;AACrC,SAASC,uBAAuB,QAAQ,iBAAiB;AACzD,SACEC,oCAAoC,EACpCC,uCAAuC,EACvCC,kCAAkC,EAClCC,sCAAsC,QACjC,kCAAkC;;AAEzC;;AAIA,OAAO,MAAMC,mCAAmC,GAAGL,uBAAuB,CAACM,GAAG,CAC5ER,CAAC,CAACS,MAAM,CAAC;EACPC,OAAO,EAAEV,CAAC,CAACS,MAAM,CAAC;IAChBE,IAAI,EAAEX,CAAC,CAACS,MAAM,CAAC;MAAEG,IAAI,EAAEZ,CAAC,CAACa,KAAK,CAACZ,GAAG;IAAE,CAAC,CAAC;IACtCa,QAAQ,EAAEd,CAAC,CAACS,MAAM,CAAC;MACjBM,wBAAwB,EAAEZ,oCAAoC;MAC9Da,0BAA0B,EAAEZ,uCAAuC;MACnEa,0BAA0B,EACxBX,sCAAsC,CAACY,QAAQ,CAAC;IACpD,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAMC,+BAA+B,GAAGjB,uBAAuB,CAACM,GAAG,CACxER,CAAC,CAACS,MAAM,CAAC;EACPC,OAAO,EAAEV,CAAC,CAACS,MAAM,CAAC;IAChBK,QAAQ,EAAEd,CAAC,CAACS,MAAM,CAAC;MACjBQ,0BAA0B,EAAEX;IAC9B,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAIA,OAAO,MAAMc,iCAAiC,GAAGlB,uBAAuB,CAACM,GAAG,CAC1ER,CAAC,CAACS,MAAM,CAAC;EACPC,OAAO,EAAEV,CAAC,CAACS,MAAM,CAAC;IAChBK,QAAQ,EAAEd,CAAC,CAACS,MAAM,CAAC;MACjBY,eAAe,EAAEhB;IACnB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;;AAEA,OAAO,MAAMiB,mBAAmB,GAAGtB,CAAC,CAACuB,KAAK,CACxC,CACEH,iCAAiC,EACjCb,mCAAmC,EACnCY,+BAA+B,CAChC,EACD;EACEK,WAAW,EAAE;AACf,CACF,CAAC"}