npm - @pagopa/io-react-native-wallet - Versions diffs - 2.5.0 → 3.0.0 - Mend

@pagopa/io-react-native-wallet 2.5.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1562) hide show

package/lib/commonjs/trust/verify-chain.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["_types","require","z","_interopRequireWildcard","_utils","_errors","_ioReactNativeCrypto","_buildChain","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","FirstElementShape","EntityConfiguration","MiddleElementShape","EntityStatement","LastElementShape","union","TrustAnchorEntityConfiguration","validateTrustChain","trustAnchorEntity","chain","x509Options","length","TrustChainEmptyError","selectTokenShape","elementIndex","selectKid","currentIndex","token","TrustChainTokenMissingError","index","shape","parse","decode","header","kid","selectKeys","payload","jwks","keys","nextIndex","nextToken","x509TrustAnchorCertBase64","getTrustAnchorX509Certificate","validationPromises","map","tokenString","i","kidFromTokenHeader","signerJwks","parsedToken","verify","jwkUsedForVerification","find","k","FederationError","tokenIndex","x5c","MissingX509CertsError","certChainBase64","at","slice","x509ValidationResult","verifyCertificateChain","isValid","X509ValidationError","validationStatus","errorMessage","x509ValidationStatus","x509ErrorMessage","Promise","all","renewTrustChain","appFetch","arguments","undefined","fetch","decoded","entityStatementResult","safeParse","entityConfigurationResult","success","getSignedEntityConfiguration","data","iss","entityStatement","parentBaseUrl","parentECJwt","parentEC","federationFetchEndpoint","metadata","federation_entity","federation_fetch_endpoint","MissingFederationFetchEndpointError","sub","entityBaseUrl","missingInEntityUrl","getSignedEntityStatement","TrustChainRenewalError","originalChain","verifyTrustChain","connectTimeout","readTimeout","requireCrl","renewOnFail","error","renewedChain"],"sourceRoot":"../../../src","sources":["trust/verify-chain.ts"],"mappings":";;;;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAMA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AAMA,IAAAI,OAAA,GAAAJ,OAAA;AASA,IAAAK,oBAAA,GAAAL,OAAA;AAKA,IAAAM,WAAA,GAAAN,OAAA;AAGuB,SAAAO,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAN,wBAAAU,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEvB;AACA,MAAMW,iBAAiB,GAAGC,0BAAmB;AAC7C;AACA,MAAMC,kBAAkB,GAAGC,sBAAe;AAC1C;AACA;AACA,MAAMC,gBAAgB,GAAGhC,CAAC,CAACiC,KAAK,CAAC,CAC/BF,sBAAe,EACfG,qCAA8B,CAC/B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeC,kBAAkBA,CACtCC,iBAAiD,EACjDC,KAAe,EACfC,WAAmC,EACX;EACxB;EACA,IAAID,KAAK,CAACE,MAAM,KAAK,CAAC,EAAE;IACtB,MAAM,IAAIC,4BAAoB,CAAC,kCAAkC,CAAC;EACpE;;EAEA;EACA,MAAMC,gBAAgB,GAAIC,YAAoB,IAC5CA,YAAY,KAAK,CAAC,GACdd,iBAAiB,GACjBc,YAAY,KAAKL,KAAK,CAACE,MAAM,GAAG,CAAC,GAC/BP,gBAAgB,GAChBF,kBAAkB;;EAE1B;EACA,MAAMa,SAAS,GAAIC,YAAoB,IAAa;IAClD,MAAMC,KAAK,GAAGR,KAAK,CAACO,YAAY,CAAC;IACjC,IAAI,CAACC,KAAK,EAAE;MACV,MAAM,IAAIC,mCAA2B,CAClC,0BAAyBF,YAAa,kBAAiB,EACxD;QAAEG,KAAK,EAAEH;MAAa,CACxB,CAAC;IACH;IACA,MAAMI,KAAK,GAAGP,gBAAgB,CAACG,YAAY,CAAC;IAC5C,OAAOI,KAAK,CAACC,KAAK,CAAC,IAAAC,aAAM,EAACL,KAAK,CAAC,CAAC,CAACM,MAAM,CAACC,GAAG;EAC9C,CAAC;;EAED;EACA;EACA,MAAMC,UAAU,GAAIT,YAAoB,IAAY;IAClD,IAAIA,YAAY,KAAKP,KAAK,CAACE,MAAM,GAAG,CAAC,EAAE;MACrC,OAAOH,iBAAiB,CAACkB,OAAO,CAACC,IAAI,CAACC,IAAI;IAC5C;IAEA,MAAMC,SAAS,GAAGb,YAAY,GAAG,CAAC;IAClC,MAAMc,SAAS,GAAGrB,KAAK,CAACoB,SAAS,CAAC;IAClC,IAAI,CAACC,SAAS,EAAE;MACd,MAAM,IAAIZ,mCAA2B,CAClC,+BAA8BW,SAAU,kCAAiCb,YAAa,IAAG,EAC1F;QAAEG,KAAK,EAAEU;MAAU,CACrB,CAAC;IACH;IACA,MAAMT,KAAK,GAAGP,gBAAgB,CAACgB,SAAS,CAAC;IACzC,OAAOT,KAAK,CAACC,KAAK,CAAC,IAAAC,aAAM,EAACQ,SAAS,CAAC,CAAC,CAACJ,OAAO,CAACC,IAAI,CAACC,IAAI;EACzD,CAAC;EAED,MAAMG,yBAAyB,GAC7B,IAAAC,oCAA6B,EAACxB,iBAAiB,CAAC;;EAElD;EACA;EACA,MAAMyB,kBAAkB,GAAGxB,KAAK,CAACyB,GAAG,CAAC,OAAOC,WAAW,EAAEC,CAAC,KAAK;IAC7D,MAAMC,kBAAkB,GAAGtB,SAAS,CAACqB,CAAC,CAAC;IACvC,MAAME,UAAU,GAAGb,UAAU,CAACW,CAAC,CAAC;;IAEhC;IACA,MAAMG,WAAW,GAAG,MAAM,IAAAC,aAAM,EAC9BL,WAAW,EACXE,kBAAkB,EAClBC,UACF,CAAC;;IAED;IACA,MAAMG,sBAAsB,GAAGH,UAAU,CAACI,IAAI,CAC3CC,CAAC,IAAKA,CAAC,CAACnB,GAAG,KAAKa,kBACnB,CAAC;IAED,IAAI,CAACI,sBAAsB,EAAE;MAC3B,MAAM,IAAIG,uBAAe,CACtB,iBAAgBP,kBAAmB,uDAAsDD,CAAE,mCAAkC,EAC9H;QAAES,UAAU,EAAET,CAAC;QAAEZ,GAAG,EAAEa;MAAmB,CAC3C,CAAC;IACH;IAEA,IACE,CAACI,sBAAsB,CAACK,GAAG,IAC3BL,sBAAsB,CAACK,GAAG,CAACnC,MAAM,KAAK,CAAC,EACvC;MACA,MAAM,IAAIoC,6BAAqB,CAC5B,iBAAgBV,kBAAmB,0EAAyED,CAAE,GACjH,CAAC;IACH;;IAEA;IACA;IACA;IACA,MAAMY,eAAe,GACnBP,sBAAsB,CAACK,GAAG,CAACnC,MAAM,GAAG,CAAC,IACrC8B,sBAAsB,CAACK,GAAG,CAACG,EAAE,CAAC,CAAC,CAAC,CAAC,KAAKlB,yBAAyB,GAC3DU,sBAAsB,CAACK,GAAG,CAACI,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GACvCT,sBAAsB,CAACK,GAAG;IAEhC,MAAMK,oBAAiD,GACrD,MAAM,IAAAC,2CAAsB,EAC1BJ,eAAe,EACfjB,yBAAyB,EACzBrB,WACF,CAAC;IAEH,IAAI,CAACyC,oBAAoB,CAACE,OAAO,EAAE;MACjC,MAAM,IAAIC,2BAAmB,CAC1B,gEAA+DlB,CAAE,UAASC,kBAAmB,cAAac,oBAAoB,CAACI,gBAAiB,YAAWJ,oBAAoB,CAACK,YAAa,EAAC,EAC/L;QACEX,UAAU,EAAET,CAAC;QACbZ,GAAG,EAAEa,kBAAkB;QACvBoB,oBAAoB,EAAEN,oBAAoB,CAACI,gBAAgB;QAC3DG,gBAAgB,EAAEP,oBAAoB,CAACK;MACzC,CACF,CAAC;IACH;IACA,OAAOjB,WAAW;EACpB,CAAC,CAAC;EAEF,OAAOoB,OAAO,CAACC,GAAG,CAAC3B,kBAAkB,CAAC;AACxC;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAe4B,eAAeA,CACnCpD,KAAe,EAEI;EAAA,IADnBqD,QAA8B,GAAAC,SAAA,CAAApD,MAAA,QAAAoD,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAGE,KAAK;EAEtC,OAAON,OAAO,CAACC,GAAG,CAChBnD,KAAK,CAACyB,GAAG,CAAC,OAAOjB,KAAK,EAAEE,KAAK,KAAK;IAChC,MAAM+C,OAAO,GAAG,IAAA5C,aAAM,EAACL,KAAK,CAAC;IAE7B,MAAMkD,qBAAqB,GAAGhE,sBAAe,CAACiE,SAAS,CAACF,OAAO,CAAC;IAChE,MAAMG,yBAAyB,GAAGpE,0BAAmB,CAACmE,SAAS,CAACF,OAAO,CAAC;IAExE,IAAIG,yBAAyB,CAACC,OAAO,EAAE;MACrC,OAAO,IAAAC,wCAA4B,EACjCF,yBAAyB,CAACG,IAAI,CAAC9C,OAAO,CAAC+C,GAAG,EAC1C;QAAEX;MAAS,CACb,CAAC;IACH;IACA,IAAIK,qBAAqB,CAACG,OAAO,EAAE;MACjC,MAAMI,eAAe,GAAGP,qBAAqB,CAACK,IAAI;MAElD,MAAMG,aAAa,GAAGD,eAAe,CAAChD,OAAO,CAAC+C,GAAG;MACjD,MAAMG,WAAW,GAAG,MAAM,IAAAL,wCAA4B,EAACI,aAAa,EAAE;QACpEb;MACF,CAAC,CAAC;MACF,MAAMe,QAAQ,GAAG5E,0BAAmB,CAACoB,KAAK,CAAC,IAAAC,aAAM,EAACsD,WAAW,CAAC,CAAC;MAE/D,MAAME,uBAAuB,GAC3BD,QAAQ,CAACnD,OAAO,CAACqD,QAAQ,CAACC,iBAAiB,CAACC,yBAAyB;MACvE,IAAI,CAACH,uBAAuB,EAAE;QAC5B,MAAM,IAAII,2CAAmC,CAC1C,gBAAeP,aAAc,8DAA6DD,eAAe,CAAChD,OAAO,CAACyD,GAAI,GAAE,EACzH;UACEC,aAAa,EAAEV,eAAe,CAAChD,OAAO,CAACyD,GAAG;UAC1CE,kBAAkB,EAAEV;QACtB,CACF,CAAC;MACH;MACA,OAAO,IAAAW,oCAAwB,EAC7BR,uBAAuB,EACvBJ,eAAe,CAAChD,OAAO,CAACyD,GAAG,EAC3B;QAAErB;MAAS,CACb,CAAC;IACH;IACA,MAAM,IAAIyB,8BAAsB,CAC7B,iDAAgDpE,KAAM,mBAAkB,EACzE;MAAEqE,aAAa,EAAE/E;IAAM,CACzB,CAAC;EACH,CAAC,CACH,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAegF,gBAAgBA,CACpCjF,iBAAiD,EACjDC,KAAe,EAUiC;EAAA,IAThDC,WAAmC,GAAAqD,SAAA,CAAApD,MAAA,QAAAoD,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAG;IACpC2B,cAAc,EAAE,KAAK;IACrBC,WAAW,EAAE,KAAK;IAClBC,UAAU,EAAE;EACd,CAAC;EAAA,IACD;IACE9B,QAAQ,GAAGG,KAAK;IAChB4B,WAAW,GAAG;EAC4C,CAAC,GAAA9B,SAAA,CAAApD,MAAA,QAAAoD,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAG,CAAC,CAAC;EAElE,IAAI;IACF,OAAOxD,kBAAkB,CAACC,iBAAiB,EAAEC,KAAK,EAAEC,WAAW,CAAC;EAClE,CAAC,CAAC,OAAOoF,KAAK,EAAE;IACd,IAAID,WAAW,EAAE;MACf,MAAME,YAAY,GAAG,MAAMlC,eAAe,CAACpD,KAAK,EAAEqD,QAAQ,CAAC;MAC3D,OAAOvD,kBAAkB,CAACC,iBAAiB,EAAEuF,YAAY,EAAErF,WAAW,CAAC;IACzE,CAAC,MAAM;MACL,MAAMoF,KAAK;IACb;EACF;AACF"}

package/lib/commonjs/wallet-instance-attestation/issuing.js DELETED Viewed

@@ -1,117 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.getAttestation = void 0;
-exports.getAttestationRequest = getAttestationRequest;
-var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
-var _jwk = require("../utils/jwk");
-var _client = require("../client");
-var _logging = require("../utils/logging");
-var _errors = require("../utils/errors");
-var _types = require("./types");
-/**
- * Getter for an attestation request. The attestation request is a JWT that will be sent to the Wallet Provider to request a Wallet Instance Attestation.
- *
- * @param challenge - The nonce received from the Wallet Provider which is part of the signed clientData
- * @param wiaCryptoContext - The key pair associated with the WIA. Will be use to prove the ownership of the attestation
- * @param integrityContext - The integrity context which exposes a set of functions to interact with the device integrity service
- * @param walletProviderBaseUrl - Base url for the Wallet Provider
- * @returns A JWT containing the attestation request
- */
-async function getAttestationRequest(challenge, wiaCryptoContext, integrityContext, walletProviderBaseUrl) {
-  const jwk = await wiaCryptoContext.getPublicKey();
-  const parsedJwk = _jwk.JWK.parse(jwk);
-  const keyThumbprint = await (0, _ioReactNativeJwt.thumbprint)(parsedJwk);
-  const publicKey = {
-    ...parsedJwk,
-    kid: keyThumbprint
-  };
-  const clientData = {
-    challenge,
-    jwk_thumbprint: keyThumbprint
-  };
-  const hardwareKeyTag = integrityContext.getHardwareKeyTag();
-  const {
-    signature,
-    authenticatorData
-  } = await integrityContext.getHardwareSignatureWithAuthData(JSON.stringify(clientData));
-  return new _ioReactNativeJwt.SignJWT(wiaCryptoContext).setPayload({
-    iss: keyThumbprint,
-    aud: walletProviderBaseUrl,
-    nonce: challenge,
-    hardware_signature: signature,
-    integrity_assertion: authenticatorData,
-    hardware_key_tag: hardwareKeyTag,
-    cnf: {
-      jwk: (0, _jwk.fixBase64EncodingOnKey)(publicKey)
-    }
-  }).setProtectedHeader({
-    kid: publicKey.kid,
-    typ: "wp-war+jwt"
-  }).setIssuedAt().setExpirationTime("1h").sign();
-}
-/**
- * Request a Wallet Instance Attestation (WIA) to the Wallet provider
- * @version 1.0.0
- *
- * @param params.wiaCryptoContext The key pair associated with the WIA. Will be use to prove the ownership of the attestation.
- * @param params.appFetch (optional) Http client
- * @param walletProviderBaseUrl Base url for the Wallet Provider
- * @returns The retrieved Wallet Instance Attestation token
- * @throws {WalletProviderResponseError} with a specific code for more context
- */
-const getAttestation = async _ref => {
-  let {
-    wiaCryptoContext,
-    integrityContext,
-    walletProviderBaseUrl,
-    appFetch = fetch
-  } = _ref;
-  const api = (0, _client.getWalletProviderClient)({
-    walletProviderBaseUrl,
-    appFetch
-  });
-  // 1. Get nonce from backend
-  const challenge = await api.get("/nonce").then(response => response.nonce);
-  _logging.Logger.log(_logging.LogLevel.DEBUG, `Challenge obtained from ${walletProviderBaseUrl}: ${challenge} `);
-  // 2. Get a signed attestation request
-  const signedAttestationRequest = await getAttestationRequest(challenge, wiaCryptoContext, integrityContext, walletProviderBaseUrl);
-  _logging.Logger.log(_logging.LogLevel.DEBUG, `Signed attestation request: ${signedAttestationRequest}`);
-  // 3. Request WIA in multiple formats
-  const response = await api.post("/wallet-attestations", {
-    body: {
-      assertion: signedAttestationRequest
-    }
-  }).then(_types.WalletAttestationResponse.parse).catch(handleAttestationCreationError);
-  for (const attestation of response.wallet_attestations) {
-    _logging.Logger.log(_logging.LogLevel.DEBUG, `Obtained wallet attestation in ${attestation.format} format: ${attestation.wallet_attestation}`);
-  }
-  return response.wallet_attestations;
-};
-exports.getAttestation = getAttestation;
-const handleAttestationCreationError = e => {
-  _logging.Logger.log(_logging.LogLevel.ERROR, `An error occurred while calling /wallet-attestation endpoint: ${e}`);
-  if (!(e instanceof _errors.WalletProviderResponseError)) {
-    throw e;
-  }
-  throw new _errors.ResponseErrorBuilder(_errors.WalletProviderResponseError).handle(403, {
-    code: _errors.WalletProviderResponseErrorCodes.WalletInstanceRevoked,
-    message: "Unable to get an attestation for a revoked Wallet Instance"
-  }).handle(404, {
-    code: _errors.WalletProviderResponseErrorCodes.WalletInstanceNotFound,
-    message: "Unable to get an attestation for a Wallet Instance that does not exist"
-  }).handle(409, {
-    code: _errors.WalletProviderResponseErrorCodes.WalletInstanceIntegrityFailed,
-    message: "Unable to get an attestation for a Wallet Instance that failed the integrity check"
-  }).handle("*", {
-    code: _errors.WalletProviderResponseErrorCodes.WalletInstanceAttestationIssuingFailed,
-    message: "Unable to obtain wallet instance attestation"
-  }).buildFrom(e);
-};
-//# sourceMappingURL=issuing.js.map

package/lib/commonjs/wallet-instance-attestation/issuing.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["_ioReactNativeJwt","require","_jwk","_client","_logging","_errors","_types","getAttestationRequest","challenge","wiaCryptoContext","integrityContext","walletProviderBaseUrl","jwk","getPublicKey","parsedJwk","JWK","parse","keyThumbprint","thumbprint","publicKey","kid","clientData","jwk_thumbprint","hardwareKeyTag","getHardwareKeyTag","signature","authenticatorData","getHardwareSignatureWithAuthData","JSON","stringify","SignJWT","setPayload","iss","aud","nonce","hardware_signature","integrity_assertion","hardware_key_tag","cnf","fixBase64EncodingOnKey","setProtectedHeader","typ","setIssuedAt","setExpirationTime","sign","getAttestation","_ref","appFetch","fetch","api","getWalletProviderClient","get","then","response","Logger","log","LogLevel","DEBUG","signedAttestationRequest","post","body","assertion","WalletAttestationResponse","catch","handleAttestationCreationError","attestation","wallet_attestations","format","wallet_attestation","exports","e","ERROR","WalletProviderResponseError","ResponseErrorBuilder","handle","code","WalletProviderResponseErrorCodes","WalletInstanceRevoked","message","WalletInstanceNotFound","WalletInstanceIntegrityFailed","WalletInstanceAttestationIssuingFailed","buildFrom"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/issuing.ts"],"mappings":";;;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAKA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,OAAA,GAAAF,OAAA;AAEA,IAAAG,QAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAKA,IAAAK,MAAA,GAAAL,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeM,qBAAqBA,CACzCC,SAAiB,EACjBC,gBAA+B,EAC/BC,gBAAkC,EAClCC,qBAA6B,EACZ;EACjB,MAAMC,GAAG,GAAG,MAAMH,gBAAgB,CAACI,YAAY,CAAC,CAAC;EACjD,MAAMC,SAAS,GAAGC,QAAG,CAACC,KAAK,CAACJ,GAAG,CAAC;EAChC,MAAMK,aAAa,GAAG,MAAM,IAAAC,4BAAU,EAACJ,SAAS,CAAC;EACjD,MAAMK,SAAS,GAAG;IAAE,GAAGL,SAAS;IAAEM,GAAG,EAAEH;EAAc,CAAC;EAEtD,MAAMI,UAAU,GAAG;IACjBb,SAAS;IACTc,cAAc,EAAEL;EAClB,CAAC;EAED,MAAMM,cAAc,GAAGb,gBAAgB,CAACc,iBAAiB,CAAC,CAAC;EAC3D,MAAM;IAAEC,SAAS;IAAEC;EAAkB,CAAC,GACpC,MAAMhB,gBAAgB,CAACiB,gCAAgC,CACrDC,IAAI,CAACC,SAAS,CAACR,UAAU,CAC3B,CAAC;EAEH,OAAO,IAAIS,yBAAO,CAACrB,gBAAgB,CAAC,CACjCsB,UAAU,CAAC;IACVC,GAAG,EAAEf,aAAa;IAClBgB,GAAG,EAAEtB,qBAAqB;IAC1BuB,KAAK,EAAE1B,SAAS;IAChB2B,kBAAkB,EAAEV,SAAS;IAC7BW,mBAAmB,EAAEV,iBAAiB;IACtCW,gBAAgB,EAAEd,cAAc;IAChCe,GAAG,EAAE;MACH1B,GAAG,EAAE,IAAA2B,2BAAsB,EAACpB,SAAS;IACvC;EACF,CAAC,CAAC,CACDqB,kBAAkB,CAAC;IAClBpB,GAAG,EAAED,SAAS,CAACC,GAAG;IAClBqB,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,cAAc,GAAG,MAAAC,IAAA,IAUmC;EAAA,IAV5B;IACnCrC,gBAAgB;IAChBC,gBAAgB;IAChBC,qBAAqB;IACrBoC,QAAQ,GAAGC;EAMb,CAAC,GAAAF,IAAA;EACC,MAAMG,GAAG,GAAG,IAAAC,+BAAuB,EAAC;IAClCvC,qBAAqB;IACrBoC;EACF,CAAC,CAAC;;EAEF;EACA,MAAMvC,SAAS,GAAG,MAAMyC,GAAG,CAACE,GAAG,CAAC,QAAQ,CAAC,CAACC,IAAI,CAAEC,QAAQ,IAAKA,QAAQ,CAACnB,KAAK,CAAC;EAC5EoB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,2BAA0B9C,qBAAsB,KAAIH,SAAU,GACjE,CAAC;;EAED;EACA,MAAMkD,wBAAwB,GAAG,MAAMnD,qBAAqB,CAC1DC,SAAS,EACTC,gBAAgB,EAChBC,gBAAgB,EAChBC,qBACF,CAAC;EACD2C,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,+BAA8BC,wBAAyB,EAC1D,CAAC;;EAED;EACA,MAAML,QAAQ,GAAG,MAAMJ,GAAG,CACvBU,IAAI,CAAC,sBAAsB,EAAE;IAC5BC,IAAI,EAAE;MACJC,SAAS,EAAEH;IACb;EACF,CAAC,CAAC,CACDN,IAAI,CAACU,gCAAyB,CAAC9C,KAAK,CAAC,CACrC+C,KAAK,CAACC,8BAA8B,CAAC;EAExC,KAAK,MAAMC,WAAW,IAAIZ,QAAQ,CAACa,mBAAmB,EAAE;IACtDZ,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,kCAAiCQ,WAAW,CAACE,MAAO,YAAWF,WAAW,CAACG,kBAAmB,EACjG,CAAC;EACH;EAEA,OAAOf,QAAQ,CAACa,mBAAmB;AACrC,CAAC;AAACG,OAAA,CAAAxB,cAAA,GAAAA,cAAA;AAEF,MAAMmB,8BAA8B,GAAIM,CAAU,IAAK;EACrDhB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACe,KAAK,EACb,iEAAgED,CAAE,EACrE,CAAC;EAED,IAAI,EAAEA,CAAC,YAAYE,mCAA2B,CAAC,EAAE;IAC/C,MAAMF,CAAC;EACT;EAEA,MAAM,IAAIG,4BAAoB,CAACD,mCAA2B,CAAC,CACxDE,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,wCAAgC,CAACC,qBAAqB;IAC5DC,OAAO,EAAE;EACX,CAAC,CAAC,CACDJ,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,wCAAgC,CAACG,sBAAsB;IAC7DD,OAAO,EACL;EACJ,CAAC,CAAC,CACDJ,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,wCAAgC,CAACI,6BAA6B;IACpEF,OAAO,EACL;EACJ,CAAC,CAAC,CACDJ,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,wCAAgC,CAACK,sCAAsC;IAC7EH,OAAO,EAAE;EACX,CAAC,CAAC,CACDI,SAAS,CAACZ,CAAC,CAAC;AACjB,CAAC"}

package/lib/commonjs/wallet-instance-attestation/types.js DELETED Viewed

@@ -1,69 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.WalletInstanceAttestationRequestJwt = exports.WalletInstanceAttestationJwt = exports.WalletAttestationResponse = void 0;
-var _jwk = require("../utils/jwk");
-var z = _interopRequireWildcard(require("zod"));
-function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
-function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
-const UnixTime = z.number().min(0).max(2147483647000);
-const Jwt = z.object({
-  header: z.object({
-    alg: z.string(),
-    kid: z.string(),
-    typ: z.string(),
-    x5c: z.array(z.string()).optional(),
-    trust_chain: z.array(z.string()).optional()
-  }),
-  payload: z.object({
-    iss: z.string(),
-    iat: UnixTime,
-    exp: UnixTime,
-    cnf: z.object({
-      jwk: z.intersection(_jwk.JWK,
-      // this key requires a kis because it must be referenced for DPoP
-      z.object({
-        kid: z.string()
-      }))
-    })
-  })
-});
-const WalletInstanceAttestationRequestJwt = z.object({
-  header: z.intersection(Jwt.shape.header, z.object({
-    typ: z.literal("wp-war+jwt")
-  })),
-  payload: z.intersection(Jwt.shape.payload, z.object({
-    aud: z.string(),
-    nonce: z.string(),
-    hardware_signature: z.string(),
-    integrity_assertion: z.string(),
-    hardware_key_tag: z.string()
-  }))
-});
-// TODO: [SIW-2089] add type for Wallet Attestation in SD-JWT and MDOC format
-// See https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/wallet-solution.html#wallet-attestation-issuance step 18
-exports.WalletInstanceAttestationRequestJwt = WalletInstanceAttestationRequestJwt;
-const WalletInstanceAttestationJwt = z.object({
-  header: z.intersection(Jwt.shape.header, z.object({
-    typ: z.literal("oauth-client-attestation+jwt"),
-    trust_chain: z.array(z.string()).optional()
-  })),
-  payload: z.intersection(Jwt.shape.payload, z.object({
-    sub: z.string(),
-    aal: z.string(),
-    wallet_link: z.string().optional(),
-    wallet_name: z.string().optional()
-  }))
-});
-exports.WalletInstanceAttestationJwt = WalletInstanceAttestationJwt;
-const WalletAttestationResponse = z.object({
-  wallet_attestations: z.array(z.object({
-    wallet_attestation: z.string(),
-    format: z.enum(["jwt", "dc+sd-jwt", "mso_mdoc"])
-  }))
-});
-exports.WalletAttestationResponse = WalletAttestationResponse;
-//# sourceMappingURL=types.js.map

package/lib/commonjs/wallet-instance-attestation/types.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["_jwk","require","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","UnixTime","number","min","max","Jwt","object","header","alg","string","kid","typ","x5c","array","optional","trust_chain","payload","iss","iat","exp","cnf","jwk","intersection","JWK","WalletInstanceAttestationRequestJwt","shape","literal","aud","nonce","hardware_signature","integrity_assertion","hardware_key_tag","exports","WalletInstanceAttestationJwt","sub","aal","wallet_link","wallet_name","WalletAttestationResponse","wallet_attestations","wallet_attestation","format","enum"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/types.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,CAAA,GAAAC,uBAAA,CAAAF,OAAA;AAAyB,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEzB,MAAMW,QAAQ,GAAGxB,CAAC,CAACyB,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAACC,GAAG,CAAC,aAAa,CAAC;AAGrD,MAAMC,GAAG,GAAG5B,CAAC,CAAC6B,MAAM,CAAC;EACnBC,MAAM,EAAE9B,CAAC,CAAC6B,MAAM,CAAC;IACfE,GAAG,EAAE/B,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEjC,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfE,GAAG,EAAElC,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfG,GAAG,EAAEnC,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;IACnCC,WAAW,EAAEtC,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC;EAC5C,CAAC,CAAC;EACFE,OAAO,EAAEvC,CAAC,CAAC6B,MAAM,CAAC;IAChBW,GAAG,EAAExC,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfS,GAAG,EAAEjB,QAAQ;IACbkB,GAAG,EAAElB,QAAQ;IACbmB,GAAG,EAAE3C,CAAC,CAAC6B,MAAM,CAAC;MACZe,GAAG,EAAE5C,CAAC,CAAC6C,YAAY,CACjBC,QAAG;MACH;MACA9C,CAAC,CAAC6B,MAAM,CAAC;QAAEI,GAAG,EAAEjC,CAAC,CAACgC,MAAM,CAAC;MAAE,CAAC,CAC9B;IACF,CAAC;EACH,CAAC;AACH,CAAC,CAAC;AAKK,MAAMe,mCAAmC,GAAG/C,CAAC,CAAC6B,MAAM,CAAC;EAC1DC,MAAM,EAAE9B,CAAC,CAAC6C,YAAY,CACpBjB,GAAG,CAACoB,KAAK,CAAClB,MAAM,EAChB9B,CAAC,CAAC6B,MAAM,CAAC;IACPK,GAAG,EAAElC,CAAC,CAACiD,OAAO,CAAC,YAAY;EAC7B,CAAC,CACH,CAAC;EACDV,OAAO,EAAEvC,CAAC,CAAC6C,YAAY,CACrBjB,GAAG,CAACoB,KAAK,CAACT,OAAO,EACjBvC,CAAC,CAAC6B,MAAM,CAAC;IACPqB,GAAG,EAAElD,CAAC,CAACgC,MAAM,CAAC,CAAC;IACfmB,KAAK,EAAEnD,CAAC,CAACgC,MAAM,CAAC,CAAC;IACjBoB,kBAAkB,EAAEpD,CAAC,CAACgC,MAAM,CAAC,CAAC;IAC9BqB,mBAAmB,EAAErD,CAAC,CAACgC,MAAM,CAAC,CAAC;IAC/BsB,gBAAgB,EAAEtD,CAAC,CAACgC,MAAM,CAAC;EAC7B,CAAC,CACH;AACF,CAAC,CAAC;;AAEF;AACA;AAAAuB,OAAA,CAAAR,mCAAA,GAAAA,mCAAA;AAIO,MAAMS,4BAA4B,GAAGxD,CAAC,CAAC6B,MAAM,CAAC;EACnDC,MAAM,EAAE9B,CAAC,CAAC6C,YAAY,CACpBjB,GAAG,CAACoB,KAAK,CAAClB,MAAM,EAChB9B,CAAC,CAAC6B,MAAM,CAAC;IACPK,GAAG,EAAElC,CAAC,CAACiD,OAAO,CAAC,8BAA8B,CAAC;IAC9CX,WAAW,EAAEtC,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACgC,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC;EAC5C,CAAC,CACH,CAAC;EACDE,OAAO,EAAEvC,CAAC,CAAC6C,YAAY,CACrBjB,GAAG,CAACoB,KAAK,CAACT,OAAO,EACjBvC,CAAC,CAAC6B,MAAM,CAAC;IACP4B,GAAG,EAAEzD,CAAC,CAACgC,MAAM,CAAC,CAAC;IACf0B,GAAG,EAAE1D,CAAC,CAACgC,MAAM,CAAC,CAAC;IACf2B,WAAW,EAAE3D,CAAC,CAACgC,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;IAClCuB,WAAW,EAAE5D,CAAC,CAACgC,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC;EACnC,CAAC,CACH;AACF,CAAC,CAAC;AAACkB,OAAA,CAAAC,4BAAA,GAAAA,4BAAA;AAKI,MAAMK,yBAAyB,GAAG7D,CAAC,CAAC6B,MAAM,CAAC;EAChDiC,mBAAmB,EAAE9D,CAAC,CAACoC,KAAK,CAC1BpC,CAAC,CAAC6B,MAAM,CAAC;IACPkC,kBAAkB,EAAE/D,CAAC,CAACgC,MAAM,CAAC,CAAC;IAC9BgC,MAAM,EAAEhE,CAAC,CAACiE,IAAI,CAAC,CAAC,KAAK,EAAE,WAAW,EAAE,UAAU,CAAC;EACjD,CAAC,CACH;AACF,CAAC,CAAC;AAACV,OAAA,CAAAM,yBAAA,GAAAA,yBAAA"}

package/lib/module/credential/issuance/01-start-flow.js DELETED Viewed

	@@ -1,2 +0,0 @@
1	-
2	- //# sourceMappingURL=01-start-flow.js.map

package/lib/module/credential/issuance/01-start-flow.js.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"names":[],"sourceRoot":"../../../../src","sources":["credential/issuance/01-start-flow.ts"],"mappings":""}

package/lib/module/credential/issuance/02-evaluate-issuer-trust.js DELETED Viewed

@@ -1,25 +0,0 @@
-import { getCredentialIssuerEntityConfiguration } from "../../trust/build-chain";
-/**
- * WARNING: This function must be called after {@link startFlow}. The next function to be called is {@link startUserAuthorization}.
- * The Issuer trust evaluation phase.
- * Fetch the Issuer's configuration and verify trust.
- *
- * @param issuerUrl The base url of the Issuer returned by {@link startFlow}
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The Issuer's configuration
- */
-export const evaluateIssuerTrust = async function (issuerUrl) {
-  let context = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  const issuerConf = await getCredentialIssuerEntityConfiguration(issuerUrl, {
-    appFetch: context.appFetch
-  }).then(_ref => {
-    let {
-      payload
-    } = _ref;
-    return payload.metadata;
-  });
-  return {
-    issuerConf
-  };
-};
-//# sourceMappingURL=02-evaluate-issuer-trust.js.map

package/lib/module/credential/issuance/02-evaluate-issuer-trust.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["getCredentialIssuerEntityConfiguration","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerConf","appFetch","then","_ref","payload","metadata"],"sourceRoot":"../../../../src","sources":["credential/issuance/02-evaluate-issuer-trust.ts"],"mappings":"AAGA,SAASA,sCAAsC,QAAQ,yBAAyB;AAWhF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAwC,GAAG,eAAAA,CACtDC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,UAAU,GAAG,MAAMP,sCAAsC,CAACE,SAAS,EAAE;IACzEM,QAAQ,EAAEL,OAAO,CAACK;EACpB,CAAC,CAAC,CAACC,IAAI,CAACC,IAAA;IAAA,IAAC;MAAEC;IAAQ,CAAC,GAAAD,IAAA;IAAA,OAAKC,OAAO,CAACC,QAAQ;EAAA,EAAC;EAE1C,OAAO;IAAEL;EAAW,CAAC;AACvB,CAAC"}

package/lib/module/credential/issuance/03-start-user-authorization.js DELETED Viewed

@@ -1,125 +0,0 @@
-import { generateRandomAlphaNumericString } from "../../utils/misc";
-import { makeParRequest } from "../../utils/par";
-import { LogLevel, Logger } from "../../utils/logging";
-/**
- * Ensures that the credential type requested is supported by the issuer and contained in the
- * issuer configuration.
- * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
- * @param credentialId The credential configuration ID to be requested;
- * @returns The credential definition to be used in the request which includes the format and the type and its type
- */
-const selectCredentialDefinition = (issuerConf, credentialId) => {
-  const credential_configurations_supported = issuerConf.openid_credential_issuer.credential_configurations_supported;
-  const [result] = Object.keys(credential_configurations_supported).filter(e => e.includes(credentialId)).map(() => ({
-    credential_configuration_id: credentialId,
-    type: "openid_credential"
-  }));
-  if (!result) {
-    Logger.log(LogLevel.ERROR, `Requested credential ${credentialId} is not supported by the issuer according to its configuration ${JSON.stringify(credential_configurations_supported)}`);
-    throw new Error(`No credential support the type '${credentialId}'`);
-  }
-  return result;
-};
-/**
- * Ensures that the response mode requested is supported by the issuer and contained in the issuer configuration.
- * When multiple credentials are provided, all of them must support the same response_mode.
- * @param issuerConf The issuer configuration
- * @param credentialIds The credential configuration IDs to be requested
- * @returns The response mode to be used in the request, "query" for PersonIdentificationData and "form_post.jwt" for all other types.
- */
-const selectResponseMode = (issuerConf, credentialIds) => {
-  const responseModeSupported = issuerConf.oauth_authorization_server.response_modes_supported;
-  const responseModeSet = new Set();
-  for (const credentialId of credentialIds) {
-    responseModeSet.add(credentialId.match(/PersonIdentificationData/i) ? "query" : "form_post.jwt");
-  }
-  if (responseModeSet.size !== 1) {
-    Logger.log(LogLevel.ERROR, `${credentialIds} have incompatible response_mode: ${[...responseModeSet.values()]}`);
-    throw new Error("Requested credentials have incompatible response_mode and cannot be requested with the same PAR request");
-  }
-  const [responseMode] = responseModeSet.values();
-  Logger.log(LogLevel.DEBUG, `Selected response mode ${responseMode} for credential IDs ${credentialIds}`);
-  if (!responseModeSupported.includes(responseMode)) {
-    Logger.log(LogLevel.ERROR, `Requested response mode ${responseMode} is not supported by the issuer according to its configuration ${JSON.stringify(responseModeSupported)}`);
-    throw new Error(`No response mode support for IDs '${credentialIds}'`);
-  }
-  return responseMode;
-};
-/**
- * WARNING: This function must be called after {@link evaluateIssuerTrust} and {@link startFlow}. The next steam is {@link compeUserAuthorizationWithQueryMode} or {@link compeUserAuthorizationWithFormPostJwtMode}
- *
- * Creates and sends a PAR request to the /as/par endpoint of the authorization server.
- * This starts the authentication flow to obtain an access token.
- * This token enables the Wallet Instance to request a digital credential from the Credential Endpoint of the Credential Issuer; when multiple credential types are passed,
- * it is possible to use the same access token for the issuance of all requested credentials.
- * This is an HTTP POST request containing the Wallet Instance identifier (client id), the code challenge and challenge method as specified by PKCE according to RFC 9126
- * along with the WTE and its proof of possession (WTE-PoP).
- * Additionally, it includes a request object, which is a signed JWT encapsulating the type of digital credential requested (authorization_details), challenge method and
- * redirect URI for the document proof step (if L2 flow), the application session identifier on the Wallet Instance side (state),
- * the method (query or form_post.jwt) by which the Authorization Server
- * should transmit the Authorization Response containing the authorization code issued upon the end user's authentication (response_mode)
- * to the Wallet Instance's Token Endpoint to obtain the Access Token, and the redirectUri of the Wallet Instance where the Authorization Response
- * should be delivered. The redirect is achived by using a custom URL scheme that the Wallet Instance is registered to handle.
- * @param issuerConf The issuer configuration
- * @param credentialIds The credential configuration IDs to be requested
- * @param proof The configuration for the proof to be used in the request: "none" for standard flows, "document" for L2+ with MRTD verification.
- * @param ctx The context object containing;
- *  - wiaCryptoContext: the Wallet Instance's cryptographic context
- *  - walletInstanceAttestation: the Wallet Instance's attestation
- *  - redirectUri: the redirect URI
- *  - appFetch: (optional) the fetch implementation
- * @returns The URI to which the end user should be redirected to start the authentication flow, along with the client id, the code verifier and the credential definition(s)
- */
-export const startUserAuthorization = async (issuerConf, credentialIds, proof, ctx) => {
-  const {
-    wiaCryptoContext,
-    walletInstanceAttestation,
-    redirectUri,
-    appFetch = fetch
-  } = ctx;
-  const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
-  if (!clientId) {
-    Logger.log(LogLevel.ERROR, `Public key associated with kid ${clientId} not found in the device`);
-    throw new Error("No public key found");
-  }
-  const codeVerifier = generateRandomAlphaNumericString(64);
-  const parEndpoint = issuerConf.oauth_authorization_server.pushed_authorization_request_endpoint;
-  const aud = issuerConf.openid_credential_issuer.credential_issuer;
-  const responseMode = selectResponseMode(issuerConf, credentialIds);
-  const getPar = makeParRequest({
-    wiaCryptoContext,
-    appFetch
-  });
-  const credentialDefinition = [...credentialIds.map(c => selectCredentialDefinition(issuerConf, c))];
-  if (proof.proofType === "mrtd-pop") {
-    /**
-     * When we requests a PID using eID Substantial Authentication with MRTD Verification, we must include
-     * an additional Authorization Details Object in the authorization_details
-     *
-     * See https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/credential-issuance-endpoint.html#pushed-authorization-request-endpoint
-     */
-    credentialDefinition.push({
-      type: "it_l2+document_proof",
-      idphinting: proof.idpHinting,
-      challenge_method: "mrtd+ias",
-      challenge_redirect_uri: redirectUri
-    });
-  }
-  const issuerRequestUri = await getPar(parEndpoint, walletInstanceAttestation, {
-    aud,
-    clientId,
-    codeVerifier,
-    redirectUri,
-    responseMode,
-    authorizationDetails: credentialDefinition
-  });
-  return {
-    issuerRequestUri,
-    clientId,
-    codeVerifier,
-    credentialDefinition
-  };
-};
-//# sourceMappingURL=03-start-user-authorization.js.map

package/lib/module/credential/issuance/03-start-user-authorization.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["generateRandomAlphaNumericString","makeParRequest","LogLevel","Logger","selectCredentialDefinition","issuerConf","credentialId","credential_configurations_supported","openid_credential_issuer","result","Object","keys","filter","e","includes","map","credential_configuration_id","type","log","ERROR","JSON","stringify","Error","selectResponseMode","credentialIds","responseModeSupported","oauth_authorization_server","response_modes_supported","responseModeSet","Set","add","match","size","values","responseMode","DEBUG","startUserAuthorization","proof","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","codeVerifier","parEndpoint","pushed_authorization_request_endpoint","aud","credential_issuer","getPar","credentialDefinition","c","proofType","push","idphinting","idpHinting","challenge_method","challenge_redirect_uri","issuerRequestUri","authorizationDetails"],"sourceRoot":"../../../../src","sources":["credential/issuance/03-start-user-authorization.ts"],"mappings":"AAEA,SAASA,gCAAgC,QAAkB,kBAAkB;AAG7E,SAA8BC,cAAc,QAAQ,iBAAiB;AACrE,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAmBtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,0BAA0B,GAAGA,CACjCC,UAAkD,EAClDC,YAA4C,KACpB;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACG,wBAAwB,CAACD,mCAAmC;EAEzE,MAAM,CAACE,MAAM,CAAC,GAAGC,MAAM,CAACC,IAAI,CAACJ,mCAAmC,CAAC,CAC9DK,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACR,YAAY,CAAC,CAAC,CACvCS,GAAG,CAAC,OAAO;IACVC,2BAA2B,EAAEV,YAAY;IACzCW,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACR,MAAM,EAAE;IACXN,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiB,KAAK,EACb,wBAAuBb,YAAa,kEAAiEc,IAAI,CAACC,SAAS,CAACd,mCAAmC,CAAE,EAC5J,CAAC;IACD,MAAM,IAAIe,KAAK,CAAE,mCAAkChB,YAAa,GAAE,CAAC;EACrE;EACA,OAAOG,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMc,kBAAkB,GAAGA,CACzBlB,UAAkD,EAClDmB,aAAuB,KACN;EACjB,MAAMC,qBAAqB,GACzBpB,UAAU,CAACqB,0BAA0B,CAACC,wBAAwB;EAEhE,MAAMC,eAAe,GAAG,IAAIC,GAAG,CAAe,CAAC;EAE/C,KAAK,MAAMvB,YAAY,IAAIkB,aAAa,EAAE;IACxCI,eAAe,CAACE,GAAG,CACjBxB,YAAY,CAACyB,KAAK,CAAC,2BAA2B,CAAC,GAC3C,OAAO,GACP,eACN,CAAC;EACH;EAEA,IAAIH,eAAe,CAACI,IAAI,KAAK,CAAC,EAAE;IAC9B7B,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiB,KAAK,EACb,GAAEK,aAAc,qCAAoC,CAAC,GAAGI,eAAe,CAACK,MAAM,CAAC,CAAC,CAAE,EACrF,CAAC;IACD,MAAM,IAAIX,KAAK,CACb,yGACF,CAAC;EACH;EAEA,MAAM,CAACY,YAAY,CAAC,GAAGN,eAAe,CAACK,MAAM,CAAC,CAAC;EAE/C9B,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiC,KAAK,EACb,0BAAyBD,YAAa,uBAAsBV,aAAc,EAC7E,CAAC;EAED,IAAI,CAACC,qBAAqB,CAACX,QAAQ,CAACoB,YAAa,CAAC,EAAE;IAClD/B,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiB,KAAK,EACb,2BAA0Be,YAAa,kEAAiEd,IAAI,CAACC,SAAS,CAACI,qBAAqB,CAAE,EACjJ,CAAC;IACD,MAAM,IAAIH,KAAK,CAAE,qCAAoCE,aAAc,GAAE,CAAC;EACxE;EAEA,OAAOU,YAAY;AACrB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,sBAA8C,GAAG,MAAAA,CAC5D/B,UAAU,EACVmB,aAAa,EACba,KAAK,EACLC,GAAG,KACA;EACH,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EAEzE,IAAI,CAACJ,QAAQ,EAAE;IACbzC,MAAM,CAACe,GAAG,CACRhB,QAAQ,CAACiB,KAAK,EACb,kCAAiCyB,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAItB,KAAK,CAAC,qBAAqB,CAAC;EACxC;EACA,MAAM2B,YAAY,GAAGjD,gCAAgC,CAAC,EAAE,CAAC;EACzD,MAAMkD,WAAW,GACf7C,UAAU,CAACqB,0BAA0B,CAACyB,qCAAqC;EAC7E,MAAMC,GAAG,GAAG/C,UAAU,CAACG,wBAAwB,CAAC6C,iBAAiB;EACjE,MAAMnB,YAAY,GAAGX,kBAAkB,CAAClB,UAAU,EAAEmB,aAAa,CAAC;EAClE,MAAM8B,MAAM,GAAGrD,cAAc,CAAC;IAAEsC,gBAAgB;IAAEG;EAAS,CAAC,CAAC;EAE7D,MAAMa,oBAAoB,GAAG,CAC3B,GAAG/B,aAAa,CAACT,GAAG,CAAEyC,CAAC,IAAKpD,0BAA0B,CAACC,UAAU,EAAEmD,CAAC,CAAC,CAAC,CACvE;EAED,IAAInB,KAAK,CAACoB,SAAS,KAAK,UAAU,EAAE;IAClC;AACJ;AACA;AACA;AACA;AACA;IACIF,oBAAoB,CAACG,IAAI,CAAC;MACxBzC,IAAI,EAAE,sBAAsB;MAC5B0C,UAAU,EAAEtB,KAAK,CAACuB,UAAU;MAC5BC,gBAAgB,EAAE,UAAU;MAC5BC,sBAAsB,EAAErB;IAC1B,CAAC,CAAC;EACJ;EAEA,MAAMsB,gBAAgB,GAAG,MAAMT,MAAM,CACnCJ,WAAW,EACXV,yBAAyB,EACzB;IACEY,GAAG;IACHR,QAAQ;IACRK,YAAY;IACZR,WAAW;IACXP,YAAY;IACZ8B,oBAAoB,EAAET;EACxB,CACF,CAAC;EAED,OAAO;IAAEQ,gBAAgB;IAAEnB,QAAQ;IAAEK,YAAY;IAAEM;EAAqB,CAAC;AAC3E,CAAC"}