npm - @pagopa/io-react-native-wallet - Versions diffs - 2.5.1 → 3.0.0 - Mend

@pagopa/io-react-native-wallet 2.5.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1551) hide show

package/lib/module/trust/utils.js DELETED Viewed

@@ -1,60 +0,0 @@
-import { decode as decodeJwt, verify as verifyJwt } from "@pagopa/io-react-native-jwt";
-import { FederationError } from "./errors";
-// Verify a token signature
-// The kid is extracted from the token header
-export const verify = async (token, kid, jwks) => {
-  const jwk = jwks.find(k => k.kid === kid);
-  if (!jwk) {
-    throw new Error(`Invalid kid: ${kid}, token: ${token}`);
-  }
-  const {
-    protectedHeader: header,
-    payload
-  } = await verifyJwt(token, jwk);
-  return {
-    header,
-    payload
-  };
-};
-/**
- * Return type for this function is necessary to avoid an issue during the bob build process.
- * It seems like typescript can't correctly infer the return type of the function.
- */
-export const decode = token => {
-  const {
-    protectedHeader: header,
-    payload
-  } = decodeJwt(token);
-  return {
-    header,
-    payload
-  };
-};
-/**
- * Extracts the X.509 Trust Anchor certificate (Base64 encoded) from the
- * Trust Anchor's Entity Configuration.
- *
- * @param trustAnchorEntity The entity configuration of the known trust anchor.
- * @returns The Base64 encoded X.509 certificate string.
- * @throws {FederationError} If the certificate cannot be derived.
- */
-export function getTrustAnchorX509Certificate(trustAnchorEntity) {
-  const taHeaderKid = trustAnchorEntity.header.kid;
-  const taSigningJwk = trustAnchorEntity.payload.jwks.keys.find(key => key.kid === taHeaderKid);
-  if (!taSigningJwk) {
-    throw new FederationError(`Cannot derive X.509 Trust Anchor certificate: JWK with kid '${taHeaderKid}' not found in Trust Anchor's JWKS.`, {
-      trustAnchorKid: taHeaderKid,
-      reason: "JWK not found for header kid"
-    });
-  }
-  if (taSigningJwk.x5c && taSigningJwk.x5c.length > 0 && taSigningJwk.x5c[0]) {
-    return taSigningJwk.x5c[0];
-  }
-  throw new FederationError(`Cannot derive X.509 Trust Anchor certificate: JWK with kid '${taHeaderKid}' does not contain a valid 'x5c' certificate array.`, {
-    trustAnchorKid: taHeaderKid,
-    reason: "Missing or empty x5c in JWK"
-  });
-}
-//# sourceMappingURL=utils.js.map

package/lib/module/trust/utils.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["decode","decodeJwt","verify","verifyJwt","FederationError","token","kid","jwks","jwk","find","k","Error","protectedHeader","header","payload","getTrustAnchorX509Certificate","trustAnchorEntity","taHeaderKid","taSigningJwk","keys","key","trustAnchorKid","reason","x5c","length"],"sourceRoot":"../../../src","sources":["trust/utils.ts"],"mappings":"AAAA,SACEA,MAAM,IAAIC,SAAS,EACnBC,MAAM,IAAIC,SAAS,QACd,6BAA6B;AAGpC,SAASC,eAAe,QAAQ,UAAU;AAQ1C;AACA;AACA,OAAO,MAAMF,MAAM,GAAG,MAAAA,CACpBG,KAAa,EACbC,GAAW,EACXC,IAAW,KACc;EACzB,MAAMC,GAAG,GAAGD,IAAI,CAACE,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,GAAG,KAAKA,GAAG,CAAC;EAC3C,IAAI,CAACE,GAAG,EAAE;IACR,MAAM,IAAIG,KAAK,CAAE,gBAAeL,GAAI,YAAWD,KAAM,EAAC,CAAC;EACzD;EACA,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAMX,SAAS,CAACE,KAAK,EAAEG,GAAG,CAAC;EACxE,OAAO;IAAEK,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;;AAED;AACA;AACA;AACA;AACA,OAAO,MAAMd,MAAM,GAAIK,KAAa,IAAkB;EACpD,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAGb,SAAS,CAACI,KAAK,CAAC;EAC7D,OAAO;IAAEQ,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,6BAA6BA,CAC3CC,iBAAiD,EACzC;EACR,MAAMC,WAAW,GAAGD,iBAAiB,CAACH,MAAM,CAACP,GAAG;EAChD,MAAMY,YAAY,GAAGF,iBAAiB,CAACF,OAAO,CAACP,IAAI,CAACY,IAAI,CAACV,IAAI,CAC1DW,GAAG,IAAKA,GAAG,CAACd,GAAG,KAAKW,WACvB,CAAC;EAED,IAAI,CAACC,YAAY,EAAE;IACjB,MAAM,IAAId,eAAe,CACtB,+DAA8Da,WAAY,qCAAoC,EAC/G;MAAEI,cAAc,EAAEJ,WAAW;MAAEK,MAAM,EAAE;IAA+B,CACxE,CAAC;EACH;EAEA,IAAIJ,YAAY,CAACK,GAAG,IAAIL,YAAY,CAACK,GAAG,CAACC,MAAM,GAAG,CAAC,IAAIN,YAAY,CAACK,GAAG,CAAC,CAAC,CAAC,EAAE;IAC1E,OAAOL,YAAY,CAACK,GAAG,CAAC,CAAC,CAAC;EAC5B;EAEA,MAAM,IAAInB,eAAe,CACtB,+DAA8Da,WAAY,qDAAoD,EAC/H;IAAEI,cAAc,EAAEJ,WAAW;IAAEK,MAAM,EAAE;EAA8B,CACvE,CAAC;AACH"}

package/lib/module/trust/verify-chain.js DELETED Viewed

@@ -1,179 +0,0 @@
-import { EntityConfiguration, EntityStatement, TrustAnchorEntityConfiguration } from "./types";
-import * as z from "zod";
-import { decode, getTrustAnchorX509Certificate, verify } from "./utils";
-import { FederationError, MissingFederationFetchEndpointError, MissingX509CertsError, TrustChainEmptyError, TrustChainRenewalError, TrustChainTokenMissingError, X509ValidationError } from "./errors";
-import { verifyCertificateChain } from "@pagopa/io-react-native-crypto";
-import { getSignedEntityConfiguration, getSignedEntityStatement } from "./build-chain";
-// The first element of the chain is supposed to be the Entity Configuration for the document issuer
-const FirstElementShape = EntityConfiguration;
-// Each element but the first is supposed to be an Entity Statement
-const MiddleElementShape = EntityStatement;
-// The last element of the chain can either be an Entity Statement
-//  or the Entity Configuration for the known Trust Anchor
-const LastElementShape = z.union([EntityStatement, TrustAnchorEntityConfiguration]);
-/**
- * Validates a provided trust chain against a known trust anchor, including X.509 certificate checks.
- *
- * @param trustAnchorEntity The entity configuration of the known trust anchor (for JWT validation).
- * @param chain The chain of statements to be validated.
- * @param x509Options Options for X.509 certificate validation.
- * @returns The list of parsed tokens representing the chain.
- * @throws {FederationError} If the chain is not valid (JWT or X.509). Specific errors like TrustChainEmptyError, X509ValidationError may be thrown.
- */
-export async function validateTrustChain(trustAnchorEntity, chain, x509Options) {
-  // If the chain is empty, fail
-  if (chain.length === 0) {
-    throw new TrustChainEmptyError("Cannot verify empty trust chain.");
-  }
-  // Select the expected token shape
-  const selectTokenShape = elementIndex => elementIndex === 0 ? FirstElementShape : elementIndex === chain.length - 1 ? LastElementShape : MiddleElementShape;
-  // Select the kid from the current index
-  const selectKid = currentIndex => {
-    const token = chain[currentIndex];
-    if (!token) {
-      throw new TrustChainTokenMissingError(`Token missing at index ${currentIndex} in trust chain.`, {
-        index: currentIndex
-      });
-    }
-    const shape = selectTokenShape(currentIndex);
-    return shape.parse(decode(token)).header.kid;
-  };
-  // Select keys from the next token
-  // If the current token is the last, keys from trust anchor will be used
-  const selectKeys = currentIndex => {
-    if (currentIndex === chain.length - 1) {
-      return trustAnchorEntity.payload.jwks.keys;
-    }
-    const nextIndex = currentIndex + 1;
-    const nextToken = chain[nextIndex];
-    if (!nextToken) {
-      throw new TrustChainTokenMissingError(`Next token missing at index ${nextIndex} (needed for keys for token at ${currentIndex}).`, {
-        index: nextIndex
-      });
-    }
-    const shape = selectTokenShape(nextIndex);
-    return shape.parse(decode(nextToken)).payload.jwks.keys;
-  };
-  const x509TrustAnchorCertBase64 = getTrustAnchorX509Certificate(trustAnchorEntity);
-  // Iterate the chain and validate each element's signature against the public keys of its next
-  // If there is no next, hence it's the end of the chain, and it must be verified by the Trust Anchor
-  const validationPromises = chain.map(async (tokenString, i) => {
-    const kidFromTokenHeader = selectKid(i);
-    const signerJwks = selectKeys(i);
-    // Step 1: Verify JWT signature
-    const parsedToken = await verify(tokenString, kidFromTokenHeader, signerJwks);
-    // Step 2: X.509 Certificate Chain Validation
-    const jwkUsedForVerification = signerJwks.find(k => k.kid === kidFromTokenHeader);
-    if (!jwkUsedForVerification) {
-      throw new FederationError(`JWK with kid '${kidFromTokenHeader}' was not found in signer's JWKS for token at index ${i}, though JWT verification passed.`, {
-        tokenIndex: i,
-        kid: kidFromTokenHeader
-      });
-    }
-    if (!jwkUsedForVerification.x5c || jwkUsedForVerification.x5c.length === 0) {
-      throw new MissingX509CertsError(`JWK with kid '${kidFromTokenHeader}' does not contain an X.509 certificate chain (x5c) for token at index ${i}.`);
-    }
-    // If the chain has more than one certificate AND
-    // the last certificate in the x5c chain is the same as the trust anchor,
-    // remove the anchor from the chain being passed, as it's supplied separately.
-    const certChainBase64 = jwkUsedForVerification.x5c.length > 1 && jwkUsedForVerification.x5c.at(-1) === x509TrustAnchorCertBase64 ? jwkUsedForVerification.x5c.slice(0, -1) : jwkUsedForVerification.x5c;
-    const x509ValidationResult = await verifyCertificateChain(certChainBase64, x509TrustAnchorCertBase64, x509Options);
-    if (!x509ValidationResult.isValid) {
-      throw new X509ValidationError(`X.509 certificate chain validation failed for token at index ${i} (kid: ${kidFromTokenHeader}). Status: ${x509ValidationResult.validationStatus}. Error: ${x509ValidationResult.errorMessage}`, {
-        tokenIndex: i,
-        kid: kidFromTokenHeader,
-        x509ValidationStatus: x509ValidationResult.validationStatus,
-        x509ErrorMessage: x509ValidationResult.errorMessage
-      });
-    }
-    return parsedToken;
-  });
-  return Promise.all(validationPromises);
-}
-/**
- * Given a trust chain, obtain a new trust chain by fetching each element's fresh version
- *
- * @param chain The original chain
- * @param appFetch (optional) fetch api implementation
- * @returns A list of signed token that represent the trust chain, in the same order of the provided chain
- * @throws {FederationError} If the chain is not valid
- */
-export async function renewTrustChain(chain) {
-  let appFetch = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : fetch;
-  return Promise.all(chain.map(async (token, index) => {
-    const decoded = decode(token);
-    const entityStatementResult = EntityStatement.safeParse(decoded);
-    const entityConfigurationResult = EntityConfiguration.safeParse(decoded);
-    if (entityConfigurationResult.success) {
-      return getSignedEntityConfiguration(entityConfigurationResult.data.payload.iss, {
-        appFetch
-      });
-    }
-    if (entityStatementResult.success) {
-      const entityStatement = entityStatementResult.data;
-      const parentBaseUrl = entityStatement.payload.iss;
-      const parentECJwt = await getSignedEntityConfiguration(parentBaseUrl, {
-        appFetch
-      });
-      const parentEC = EntityConfiguration.parse(decode(parentECJwt));
-      const federationFetchEndpoint = parentEC.payload.metadata.federation_entity.federation_fetch_endpoint;
-      if (!federationFetchEndpoint) {
-        throw new MissingFederationFetchEndpointError(`Parent EC at ${parentBaseUrl} is missing federation_fetch_endpoint, cannot renew ES for ${entityStatement.payload.sub}.`, {
-          entityBaseUrl: entityStatement.payload.sub,
-          missingInEntityUrl: parentBaseUrl
-        });
-      }
-      return getSignedEntityStatement(federationFetchEndpoint, entityStatement.payload.sub, {
-        appFetch
-      });
-    }
-    throw new TrustChainRenewalError(`Failed to renew trust chain. Reason: element #${index} failed to parse.`, {
-      originalChain: chain
-    });
-  }));
-}
-/**
- * Verify a given trust chain is actually valid.
- * It can handle fast chain renewal, which means we try to fetch a fresh version of each statement.
- *
- * @param trustAnchorEntity The entity configuration of the known trust anchor
- * @param chain The chain of statements to be validated
- * @param x509Options Options for the verification process
- * @param appFetch (optional) fetch api implementation
- * @param renewOnFail Whether to attempt to renew the trust chain if the initial validation fails
- * @returns The result of the chain validation
- * @throws {FederationError} If the chain is not valid
- */
-export async function verifyTrustChain(trustAnchorEntity, chain) {
-  let x509Options = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {
-    connectTimeout: 10000,
-    readTimeout: 10000,
-    requireCrl: true
-  };
-  let {
-    appFetch = fetch,
-    renewOnFail = true
-  } = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {};
-  try {
-    return validateTrustChain(trustAnchorEntity, chain, x509Options);
-  } catch (error) {
-    if (renewOnFail) {
-      const renewedChain = await renewTrustChain(chain, appFetch);
-      return validateTrustChain(trustAnchorEntity, renewedChain, x509Options);
-    } else {
-      throw error;
-    }
-  }
-}
-//# sourceMappingURL=verify-chain.js.map

package/lib/module/trust/verify-chain.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["EntityConfiguration","EntityStatement","TrustAnchorEntityConfiguration","z","decode","getTrustAnchorX509Certificate","verify","FederationError","MissingFederationFetchEndpointError","MissingX509CertsError","TrustChainEmptyError","TrustChainRenewalError","TrustChainTokenMissingError","X509ValidationError","verifyCertificateChain","getSignedEntityConfiguration","getSignedEntityStatement","FirstElementShape","MiddleElementShape","LastElementShape","union","validateTrustChain","trustAnchorEntity","chain","x509Options","length","selectTokenShape","elementIndex","selectKid","currentIndex","token","index","shape","parse","header","kid","selectKeys","payload","jwks","keys","nextIndex","nextToken","x509TrustAnchorCertBase64","validationPromises","map","tokenString","i","kidFromTokenHeader","signerJwks","parsedToken","jwkUsedForVerification","find","k","tokenIndex","x5c","certChainBase64","at","slice","x509ValidationResult","isValid","validationStatus","errorMessage","x509ValidationStatus","x509ErrorMessage","Promise","all","renewTrustChain","appFetch","arguments","undefined","fetch","decoded","entityStatementResult","safeParse","entityConfigurationResult","success","data","iss","entityStatement","parentBaseUrl","parentECJwt","parentEC","federationFetchEndpoint","metadata","federation_entity","federation_fetch_endpoint","sub","entityBaseUrl","missingInEntityUrl","originalChain","verifyTrustChain","connectTimeout","readTimeout","requireCrl","renewOnFail","error","renewedChain"],"sourceRoot":"../../../src","sources":["trust/verify-chain.ts"],"mappings":"AAAA,SACEA,mBAAmB,EACnBC,eAAe,EACfC,8BAA8B,QACzB,SAAS;AAEhB,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SACEC,MAAM,EACNC,6BAA6B,EAE7BC,MAAM,QACD,SAAS;AAChB,SACEC,eAAe,EACfC,mCAAmC,EACnCC,qBAAqB,EACrBC,oBAAoB,EACpBC,sBAAsB,EACtBC,2BAA2B,EAC3BC,mBAAmB,QACd,UAAU;AACjB,SAEEC,sBAAsB,QAEjB,gCAAgC;AACvC,SACEC,4BAA4B,EAC5BC,wBAAwB,QACnB,eAAe;;AAEtB;AACA,MAAMC,iBAAiB,GAAGjB,mBAAmB;AAC7C;AACA,MAAMkB,kBAAkB,GAAGjB,eAAe;AAC1C;AACA;AACA,MAAMkB,gBAAgB,GAAGhB,CAAC,CAACiB,KAAK,CAAC,CAC/BnB,eAAe,EACfC,8BAA8B,CAC/B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAemB,kBAAkBA,CACtCC,iBAAiD,EACjDC,KAAe,EACfC,WAAmC,EACX;EACxB;EACA,IAAID,KAAK,CAACE,MAAM,KAAK,CAAC,EAAE;IACtB,MAAM,IAAIf,oBAAoB,CAAC,kCAAkC,CAAC;EACpE;;EAEA;EACA,MAAMgB,gBAAgB,GAAIC,YAAoB,IAC5CA,YAAY,KAAK,CAAC,GACdV,iBAAiB,GACjBU,YAAY,KAAKJ,KAAK,CAACE,MAAM,GAAG,CAAC,GAC/BN,gBAAgB,GAChBD,kBAAkB;;EAE1B;EACA,MAAMU,SAAS,GAAIC,YAAoB,IAAa;IAClD,MAAMC,KAAK,GAAGP,KAAK,CAACM,YAAY,CAAC;IACjC,IAAI,CAACC,KAAK,EAAE;MACV,MAAM,IAAIlB,2BAA2B,CAClC,0BAAyBiB,YAAa,kBAAiB,EACxD;QAAEE,KAAK,EAAEF;MAAa,CACxB,CAAC;IACH;IACA,MAAMG,KAAK,GAAGN,gBAAgB,CAACG,YAAY,CAAC;IAC5C,OAAOG,KAAK,CAACC,KAAK,CAAC7B,MAAM,CAAC0B,KAAK,CAAC,CAAC,CAACI,MAAM,CAACC,GAAG;EAC9C,CAAC;;EAED;EACA;EACA,MAAMC,UAAU,GAAIP,YAAoB,IAAY;IAClD,IAAIA,YAAY,KAAKN,KAAK,CAACE,MAAM,GAAG,CAAC,EAAE;MACrC,OAAOH,iBAAiB,CAACe,OAAO,CAACC,IAAI,CAACC,IAAI;IAC5C;IAEA,MAAMC,SAAS,GAAGX,YAAY,GAAG,CAAC;IAClC,MAAMY,SAAS,GAAGlB,KAAK,CAACiB,SAAS,CAAC;IAClC,IAAI,CAACC,SAAS,EAAE;MACd,MAAM,IAAI7B,2BAA2B,CAClC,+BAA8B4B,SAAU,kCAAiCX,YAAa,IAAG,EAC1F;QAAEE,KAAK,EAAES;MAAU,CACrB,CAAC;IACH;IACA,MAAMR,KAAK,GAAGN,gBAAgB,CAACc,SAAS,CAAC;IACzC,OAAOR,KAAK,CAACC,KAAK,CAAC7B,MAAM,CAACqC,SAAS,CAAC,CAAC,CAACJ,OAAO,CAACC,IAAI,CAACC,IAAI;EACzD,CAAC;EAED,MAAMG,yBAAyB,GAC7BrC,6BAA6B,CAACiB,iBAAiB,CAAC;;EAElD;EACA;EACA,MAAMqB,kBAAkB,GAAGpB,KAAK,CAACqB,GAAG,CAAC,OAAOC,WAAW,EAAEC,CAAC,KAAK;IAC7D,MAAMC,kBAAkB,GAAGnB,SAAS,CAACkB,CAAC,CAAC;IACvC,MAAME,UAAU,GAAGZ,UAAU,CAACU,CAAC,CAAC;;IAEhC;IACA,MAAMG,WAAW,GAAG,MAAM3C,MAAM,CAC9BuC,WAAW,EACXE,kBAAkB,EAClBC,UACF,CAAC;;IAED;IACA,MAAME,sBAAsB,GAAGF,UAAU,CAACG,IAAI,CAC3CC,CAAC,IAAKA,CAAC,CAACjB,GAAG,KAAKY,kBACnB,CAAC;IAED,IAAI,CAACG,sBAAsB,EAAE;MAC3B,MAAM,IAAI3C,eAAe,CACtB,iBAAgBwC,kBAAmB,uDAAsDD,CAAE,mCAAkC,EAC9H;QAAEO,UAAU,EAAEP,CAAC;QAAEX,GAAG,EAAEY;MAAmB,CAC3C,CAAC;IACH;IAEA,IACE,CAACG,sBAAsB,CAACI,GAAG,IAC3BJ,sBAAsB,CAACI,GAAG,CAAC7B,MAAM,KAAK,CAAC,EACvC;MACA,MAAM,IAAIhB,qBAAqB,CAC5B,iBAAgBsC,kBAAmB,0EAAyED,CAAE,GACjH,CAAC;IACH;;IAEA;IACA;IACA;IACA,MAAMS,eAAe,GACnBL,sBAAsB,CAACI,GAAG,CAAC7B,MAAM,GAAG,CAAC,IACrCyB,sBAAsB,CAACI,GAAG,CAACE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAKd,yBAAyB,GAC3DQ,sBAAsB,CAACI,GAAG,CAACG,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GACvCP,sBAAsB,CAACI,GAAG;IAEhC,MAAMI,oBAAiD,GACrD,MAAM5C,sBAAsB,CAC1ByC,eAAe,EACfb,yBAAyB,EACzBlB,WACF,CAAC;IAEH,IAAI,CAACkC,oBAAoB,CAACC,OAAO,EAAE;MACjC,MAAM,IAAI9C,mBAAmB,CAC1B,gEAA+DiC,CAAE,UAASC,kBAAmB,cAAaW,oBAAoB,CAACE,gBAAiB,YAAWF,oBAAoB,CAACG,YAAa,EAAC,EAC/L;QACER,UAAU,EAAEP,CAAC;QACbX,GAAG,EAAEY,kBAAkB;QACvBe,oBAAoB,EAAEJ,oBAAoB,CAACE,gBAAgB;QAC3DG,gBAAgB,EAAEL,oBAAoB,CAACG;MACzC,CACF,CAAC;IACH;IACA,OAAOZ,WAAW;EACpB,CAAC,CAAC;EAEF,OAAOe,OAAO,CAACC,GAAG,CAACtB,kBAAkB,CAAC;AACxC;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeuB,eAAeA,CACnC3C,KAAe,EAEI;EAAA,IADnB4C,QAA8B,GAAAC,SAAA,CAAA3C,MAAA,QAAA2C,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAGE,KAAK;EAEtC,OAAON,OAAO,CAACC,GAAG,CAChB1C,KAAK,CAACqB,GAAG,CAAC,OAAOd,KAAK,EAAEC,KAAK,KAAK;IAChC,MAAMwC,OAAO,GAAGnE,MAAM,CAAC0B,KAAK,CAAC;IAE7B,MAAM0C,qBAAqB,GAAGvE,eAAe,CAACwE,SAAS,CAACF,OAAO,CAAC;IAChE,MAAMG,yBAAyB,GAAG1E,mBAAmB,CAACyE,SAAS,CAACF,OAAO,CAAC;IAExE,IAAIG,yBAAyB,CAACC,OAAO,EAAE;MACrC,OAAO5D,4BAA4B,CACjC2D,yBAAyB,CAACE,IAAI,CAACvC,OAAO,CAACwC,GAAG,EAC1C;QAAEV;MAAS,CACb,CAAC;IACH;IACA,IAAIK,qBAAqB,CAACG,OAAO,EAAE;MACjC,MAAMG,eAAe,GAAGN,qBAAqB,CAACI,IAAI;MAElD,MAAMG,aAAa,GAAGD,eAAe,CAACzC,OAAO,CAACwC,GAAG;MACjD,MAAMG,WAAW,GAAG,MAAMjE,4BAA4B,CAACgE,aAAa,EAAE;QACpEZ;MACF,CAAC,CAAC;MACF,MAAMc,QAAQ,GAAGjF,mBAAmB,CAACiC,KAAK,CAAC7B,MAAM,CAAC4E,WAAW,CAAC,CAAC;MAE/D,MAAME,uBAAuB,GAC3BD,QAAQ,CAAC5C,OAAO,CAAC8C,QAAQ,CAACC,iBAAiB,CAACC,yBAAyB;MACvE,IAAI,CAACH,uBAAuB,EAAE;QAC5B,MAAM,IAAI1E,mCAAmC,CAC1C,gBAAeuE,aAAc,8DAA6DD,eAAe,CAACzC,OAAO,CAACiD,GAAI,GAAE,EACzH;UACEC,aAAa,EAAET,eAAe,CAACzC,OAAO,CAACiD,GAAG;UAC1CE,kBAAkB,EAAET;QACtB,CACF,CAAC;MACH;MACA,OAAO/D,wBAAwB,CAC7BkE,uBAAuB,EACvBJ,eAAe,CAACzC,OAAO,CAACiD,GAAG,EAC3B;QAAEnB;MAAS,CACb,CAAC;IACH;IACA,MAAM,IAAIxD,sBAAsB,CAC7B,iDAAgDoB,KAAM,mBAAkB,EACzE;MAAE0D,aAAa,EAAElE;IAAM,CACzB,CAAC;EACH,CAAC,CACH,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAemE,gBAAgBA,CACpCpE,iBAAiD,EACjDC,KAAe,EAUiC;EAAA,IAThDC,WAAmC,GAAA4C,SAAA,CAAA3C,MAAA,QAAA2C,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAG;IACpCuB,cAAc,EAAE,KAAK;IACrBC,WAAW,EAAE,KAAK;IAClBC,UAAU,EAAE;EACd,CAAC;EAAA,IACD;IACE1B,QAAQ,GAAGG,KAAK;IAChBwB,WAAW,GAAG;EAC4C,CAAC,GAAA1B,SAAA,CAAA3C,MAAA,QAAA2C,SAAA,QAAAC,SAAA,GAAAD,SAAA,MAAG,CAAC,CAAC;EAElE,IAAI;IACF,OAAO/C,kBAAkB,CAACC,iBAAiB,EAAEC,KAAK,EAAEC,WAAW,CAAC;EAClE,CAAC,CAAC,OAAOuE,KAAK,EAAE;IACd,IAAID,WAAW,EAAE;MACf,MAAME,YAAY,GAAG,MAAM9B,eAAe,CAAC3C,KAAK,EAAE4C,QAAQ,CAAC;MAC3D,OAAO9C,kBAAkB,CAACC,iBAAiB,EAAE0E,YAAY,EAAExE,WAAW,CAAC;IACzE,CAAC,MAAM;MACL,MAAMuE,KAAK;IACb;EACF;AACF"}

package/lib/module/wallet-instance-attestation/issuing.js DELETED Viewed

@@ -1,110 +0,0 @@
-import { SignJWT, thumbprint } from "@pagopa/io-react-native-jwt";
-import { fixBase64EncodingOnKey, JWK } from "../utils/jwk";
-import { getWalletProviderClient } from "../client";
-import { LogLevel, Logger } from "../utils/logging";
-import { ResponseErrorBuilder, WalletProviderResponseError, WalletProviderResponseErrorCodes } from "../utils/errors";
-import { WalletAttestationResponse } from "./types";
-/**
- * Getter for an attestation request. The attestation request is a JWT that will be sent to the Wallet Provider to request a Wallet Instance Attestation.
- *
- * @param challenge - The nonce received from the Wallet Provider which is part of the signed clientData
- * @param wiaCryptoContext - The key pair associated with the WIA. Will be use to prove the ownership of the attestation
- * @param integrityContext - The integrity context which exposes a set of functions to interact with the device integrity service
- * @param walletProviderBaseUrl - Base url for the Wallet Provider
- * @returns A JWT containing the attestation request
- */
-export async function getAttestationRequest(challenge, wiaCryptoContext, integrityContext, walletProviderBaseUrl) {
-  const jwk = await wiaCryptoContext.getPublicKey();
-  const parsedJwk = JWK.parse(jwk);
-  const keyThumbprint = await thumbprint(parsedJwk);
-  const publicKey = {
-    ...parsedJwk,
-    kid: keyThumbprint
-  };
-  const clientData = {
-    challenge,
-    jwk_thumbprint: keyThumbprint
-  };
-  const hardwareKeyTag = integrityContext.getHardwareKeyTag();
-  const {
-    signature,
-    authenticatorData
-  } = await integrityContext.getHardwareSignatureWithAuthData(JSON.stringify(clientData));
-  return new SignJWT(wiaCryptoContext).setPayload({
-    iss: keyThumbprint,
-    aud: walletProviderBaseUrl,
-    nonce: challenge,
-    hardware_signature: signature,
-    integrity_assertion: authenticatorData,
-    hardware_key_tag: hardwareKeyTag,
-    cnf: {
-      jwk: fixBase64EncodingOnKey(publicKey)
-    }
-  }).setProtectedHeader({
-    kid: publicKey.kid,
-    typ: "wp-war+jwt"
-  }).setIssuedAt().setExpirationTime("1h").sign();
-}
-/**
- * Request a Wallet Instance Attestation (WIA) to the Wallet provider
- * @version 1.0.0
- *
- * @param params.wiaCryptoContext The key pair associated with the WIA. Will be use to prove the ownership of the attestation.
- * @param params.appFetch (optional) Http client
- * @param walletProviderBaseUrl Base url for the Wallet Provider
- * @returns The retrieved Wallet Instance Attestation token
- * @throws {WalletProviderResponseError} with a specific code for more context
- */
-export const getAttestation = async _ref => {
-  let {
-    wiaCryptoContext,
-    integrityContext,
-    walletProviderBaseUrl,
-    appFetch = fetch
-  } = _ref;
-  const api = getWalletProviderClient({
-    walletProviderBaseUrl,
-    appFetch
-  });
-  // 1. Get nonce from backend
-  const challenge = await api.get("/nonce").then(response => response.nonce);
-  Logger.log(LogLevel.DEBUG, `Challenge obtained from ${walletProviderBaseUrl}: ${challenge} `);
-  // 2. Get a signed attestation request
-  const signedAttestationRequest = await getAttestationRequest(challenge, wiaCryptoContext, integrityContext, walletProviderBaseUrl);
-  Logger.log(LogLevel.DEBUG, `Signed attestation request: ${signedAttestationRequest}`);
-  // 3. Request WIA in multiple formats
-  const response = await api.post("/wallet-attestations", {
-    body: {
-      assertion: signedAttestationRequest
-    }
-  }).then(WalletAttestationResponse.parse).catch(handleAttestationCreationError);
-  for (const attestation of response.wallet_attestations) {
-    Logger.log(LogLevel.DEBUG, `Obtained wallet attestation in ${attestation.format} format: ${attestation.wallet_attestation}`);
-  }
-  return response.wallet_attestations;
-};
-const handleAttestationCreationError = e => {
-  Logger.log(LogLevel.ERROR, `An error occurred while calling /wallet-attestation endpoint: ${e}`);
-  if (!(e instanceof WalletProviderResponseError)) {
-    throw e;
-  }
-  throw new ResponseErrorBuilder(WalletProviderResponseError).handle(403, {
-    code: WalletProviderResponseErrorCodes.WalletInstanceRevoked,
-    message: "Unable to get an attestation for a revoked Wallet Instance"
-  }).handle(404, {
-    code: WalletProviderResponseErrorCodes.WalletInstanceNotFound,
-    message: "Unable to get an attestation for a Wallet Instance that does not exist"
-  }).handle(409, {
-    code: WalletProviderResponseErrorCodes.WalletInstanceIntegrityFailed,
-    message: "Unable to get an attestation for a Wallet Instance that failed the integrity check"
-  }).handle("*", {
-    code: WalletProviderResponseErrorCodes.WalletInstanceAttestationIssuingFailed,
-    message: "Unable to obtain wallet instance attestation"
-  }).buildFrom(e);
-};
-//# sourceMappingURL=issuing.js.map

package/lib/module/wallet-instance-attestation/issuing.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["SignJWT","thumbprint","fixBase64EncodingOnKey","JWK","getWalletProviderClient","LogLevel","Logger","ResponseErrorBuilder","WalletProviderResponseError","WalletProviderResponseErrorCodes","WalletAttestationResponse","getAttestationRequest","challenge","wiaCryptoContext","integrityContext","walletProviderBaseUrl","jwk","getPublicKey","parsedJwk","parse","keyThumbprint","publicKey","kid","clientData","jwk_thumbprint","hardwareKeyTag","getHardwareKeyTag","signature","authenticatorData","getHardwareSignatureWithAuthData","JSON","stringify","setPayload","iss","aud","nonce","hardware_signature","integrity_assertion","hardware_key_tag","cnf","setProtectedHeader","typ","setIssuedAt","setExpirationTime","sign","getAttestation","_ref","appFetch","fetch","api","get","then","response","log","DEBUG","signedAttestationRequest","post","body","assertion","catch","handleAttestationCreationError","attestation","wallet_attestations","format","wallet_attestation","e","ERROR","handle","code","WalletInstanceRevoked","message","WalletInstanceNotFound","WalletInstanceIntegrityFailed","WalletInstanceAttestationIssuingFailed","buildFrom"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/issuing.ts"],"mappings":"AAAA,SAEEA,OAAO,EACPC,UAAU,QACL,6BAA6B;AACpC,SAASC,sBAAsB,EAAEC,GAAG,QAAQ,cAAc;AAC1D,SAASC,uBAAuB,QAAQ,WAAW;AAEnD,SAASC,QAAQ,EAAEC,MAAM,QAAQ,kBAAkB;AACnD,SACEC,oBAAoB,EACpBC,2BAA2B,EAC3BC,gCAAgC,QAC3B,iBAAiB;AACxB,SAASC,yBAAyB,QAAQ,SAAS;;AAEnD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeC,qBAAqBA,CACzCC,SAAiB,EACjBC,gBAA+B,EAC/BC,gBAAkC,EAClCC,qBAA6B,EACZ;EACjB,MAAMC,GAAG,GAAG,MAAMH,gBAAgB,CAACI,YAAY,CAAC,CAAC;EACjD,MAAMC,SAAS,GAAGf,GAAG,CAACgB,KAAK,CAACH,GAAG,CAAC;EAChC,MAAMI,aAAa,GAAG,MAAMnB,UAAU,CAACiB,SAAS,CAAC;EACjD,MAAMG,SAAS,GAAG;IAAE,GAAGH,SAAS;IAAEI,GAAG,EAAEF;EAAc,CAAC;EAEtD,MAAMG,UAAU,GAAG;IACjBX,SAAS;IACTY,cAAc,EAAEJ;EAClB,CAAC;EAED,MAAMK,cAAc,GAAGX,gBAAgB,CAACY,iBAAiB,CAAC,CAAC;EAC3D,MAAM;IAAEC,SAAS;IAAEC;EAAkB,CAAC,GACpC,MAAMd,gBAAgB,CAACe,gCAAgC,CACrDC,IAAI,CAACC,SAAS,CAACR,UAAU,CAC3B,CAAC;EAEH,OAAO,IAAIvB,OAAO,CAACa,gBAAgB,CAAC,CACjCmB,UAAU,CAAC;IACVC,GAAG,EAAEb,aAAa;IAClBc,GAAG,EAAEnB,qBAAqB;IAC1BoB,KAAK,EAAEvB,SAAS;IAChBwB,kBAAkB,EAAET,SAAS;IAC7BU,mBAAmB,EAAET,iBAAiB;IACtCU,gBAAgB,EAAEb,cAAc;IAChCc,GAAG,EAAE;MACHvB,GAAG,EAAEd,sBAAsB,CAACmB,SAAS;IACvC;EACF,CAAC,CAAC,CACDmB,kBAAkB,CAAC;IAClBlB,GAAG,EAAED,SAAS,CAACC,GAAG;IAClBmB,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,cAAc,GAAG,MAAAC,IAAA,IAUmC;EAAA,IAV5B;IACnCjC,gBAAgB;IAChBC,gBAAgB;IAChBC,qBAAqB;IACrBgC,QAAQ,GAAGC;EAMb,CAAC,GAAAF,IAAA;EACC,MAAMG,GAAG,GAAG7C,uBAAuB,CAAC;IAClCW,qBAAqB;IACrBgC;EACF,CAAC,CAAC;;EAEF;EACA,MAAMnC,SAAS,GAAG,MAAMqC,GAAG,CAACC,GAAG,CAAC,QAAQ,CAAC,CAACC,IAAI,CAAEC,QAAQ,IAAKA,QAAQ,CAACjB,KAAK,CAAC;EAC5E7B,MAAM,CAAC+C,GAAG,CACRhD,QAAQ,CAACiD,KAAK,EACb,2BAA0BvC,qBAAsB,KAAIH,SAAU,GACjE,CAAC;;EAED;EACA,MAAM2C,wBAAwB,GAAG,MAAM5C,qBAAqB,CAC1DC,SAAS,EACTC,gBAAgB,EAChBC,gBAAgB,EAChBC,qBACF,CAAC;EACDT,MAAM,CAAC+C,GAAG,CACRhD,QAAQ,CAACiD,KAAK,EACb,+BAA8BC,wBAAyB,EAC1D,CAAC;;EAED;EACA,MAAMH,QAAQ,GAAG,MAAMH,GAAG,CACvBO,IAAI,CAAC,sBAAsB,EAAE;IAC5BC,IAAI,EAAE;MACJC,SAAS,EAAEH;IACb;EACF,CAAC,CAAC,CACDJ,IAAI,CAACzC,yBAAyB,CAACS,KAAK,CAAC,CACrCwC,KAAK,CAACC,8BAA8B,CAAC;EAExC,KAAK,MAAMC,WAAW,IAAIT,QAAQ,CAACU,mBAAmB,EAAE;IACtDxD,MAAM,CAAC+C,GAAG,CACRhD,QAAQ,CAACiD,KAAK,EACb,kCAAiCO,WAAW,CAACE,MAAO,YAAWF,WAAW,CAACG,kBAAmB,EACjG,CAAC;EACH;EAEA,OAAOZ,QAAQ,CAACU,mBAAmB;AACrC,CAAC;AAED,MAAMF,8BAA8B,GAAIK,CAAU,IAAK;EACrD3D,MAAM,CAAC+C,GAAG,CACRhD,QAAQ,CAAC6D,KAAK,EACb,iEAAgED,CAAE,EACrE,CAAC;EAED,IAAI,EAAEA,CAAC,YAAYzD,2BAA2B,CAAC,EAAE;IAC/C,MAAMyD,CAAC;EACT;EAEA,MAAM,IAAI1D,oBAAoB,CAACC,2BAA2B,CAAC,CACxD2D,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAE3D,gCAAgC,CAAC4D,qBAAqB;IAC5DC,OAAO,EAAE;EACX,CAAC,CAAC,CACDH,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAE3D,gCAAgC,CAAC8D,sBAAsB;IAC7DD,OAAO,EACL;EACJ,CAAC,CAAC,CACDH,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAE3D,gCAAgC,CAAC+D,6BAA6B;IACpEF,OAAO,EACL;EACJ,CAAC,CAAC,CACDH,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAE3D,gCAAgC,CAACgE,sCAAsC;IAC7EH,OAAO,EAAE;EACX,CAAC,CAAC,CACDI,SAAS,CAACT,CAAC,CAAC;AACjB,CAAC"}

package/lib/module/wallet-instance-attestation/types.js DELETED Viewed

@@ -1,58 +0,0 @@
-import { JWK } from "../utils/jwk";
-import * as z from "zod";
-const UnixTime = z.number().min(0).max(2147483647000);
-const Jwt = z.object({
-  header: z.object({
-    alg: z.string(),
-    kid: z.string(),
-    typ: z.string(),
-    x5c: z.array(z.string()).optional(),
-    trust_chain: z.array(z.string()).optional()
-  }),
-  payload: z.object({
-    iss: z.string(),
-    iat: UnixTime,
-    exp: UnixTime,
-    cnf: z.object({
-      jwk: z.intersection(JWK,
-      // this key requires a kis because it must be referenced for DPoP
-      z.object({
-        kid: z.string()
-      }))
-    })
-  })
-});
-export const WalletInstanceAttestationRequestJwt = z.object({
-  header: z.intersection(Jwt.shape.header, z.object({
-    typ: z.literal("wp-war+jwt")
-  })),
-  payload: z.intersection(Jwt.shape.payload, z.object({
-    aud: z.string(),
-    nonce: z.string(),
-    hardware_signature: z.string(),
-    integrity_assertion: z.string(),
-    hardware_key_tag: z.string()
-  }))
-});
-// TODO: [SIW-2089] add type for Wallet Attestation in SD-JWT and MDOC format
-// See https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/wallet-solution.html#wallet-attestation-issuance step 18
-export const WalletInstanceAttestationJwt = z.object({
-  header: z.intersection(Jwt.shape.header, z.object({
-    typ: z.literal("oauth-client-attestation+jwt"),
-    trust_chain: z.array(z.string()).optional()
-  })),
-  payload: z.intersection(Jwt.shape.payload, z.object({
-    sub: z.string(),
-    aal: z.string(),
-    wallet_link: z.string().optional(),
-    wallet_name: z.string().optional()
-  }))
-});
-export const WalletAttestationResponse = z.object({
-  wallet_attestations: z.array(z.object({
-    wallet_attestation: z.string(),
-    format: z.enum(["jwt", "dc+sd-jwt", "mso_mdoc"])
-  }))
-});
-//# sourceMappingURL=types.js.map

package/lib/module/wallet-instance-attestation/types.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["JWK","z","UnixTime","number","min","max","Jwt","object","header","alg","string","kid","typ","x5c","array","optional","trust_chain","payload","iss","iat","exp","cnf","jwk","intersection","WalletInstanceAttestationRequestJwt","shape","literal","aud","nonce","hardware_signature","integrity_assertion","hardware_key_tag","WalletInstanceAttestationJwt","sub","aal","wallet_link","wallet_name","WalletAttestationResponse","wallet_attestations","wallet_attestation","format","enum"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/types.ts"],"mappings":"AAAA,SAASA,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,MAAMC,QAAQ,GAAGD,CAAC,CAACE,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAACC,GAAG,CAAC,aAAa,CAAC;AAGrD,MAAMC,GAAG,GAAGL,CAAC,CAACM,MAAM,CAAC;EACnBC,MAAM,EAAEP,CAAC,CAACM,MAAM,CAAC;IACfE,GAAG,EAAER,CAAC,CAACS,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEV,CAAC,CAACS,MAAM,CAAC,CAAC;IACfE,GAAG,EAAEX,CAAC,CAACS,MAAM,CAAC,CAAC;IACfG,GAAG,EAAEZ,CAAC,CAACa,KAAK,CAACb,CAAC,CAACS,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;IACnCC,WAAW,EAAEf,CAAC,CAACa,KAAK,CAACb,CAAC,CAACS,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC;EAC5C,CAAC,CAAC;EACFE,OAAO,EAAEhB,CAAC,CAACM,MAAM,CAAC;IAChBW,GAAG,EAAEjB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfS,GAAG,EAAEjB,QAAQ;IACbkB,GAAG,EAAElB,QAAQ;IACbmB,GAAG,EAAEpB,CAAC,CAACM,MAAM,CAAC;MACZe,GAAG,EAAErB,CAAC,CAACsB,YAAY,CACjBvB,GAAG;MACH;MACAC,CAAC,CAACM,MAAM,CAAC;QAAEI,GAAG,EAAEV,CAAC,CAACS,MAAM,CAAC;MAAE,CAAC,CAC9B;IACF,CAAC;EACH,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAMc,mCAAmC,GAAGvB,CAAC,CAACM,MAAM,CAAC;EAC1DC,MAAM,EAAEP,CAAC,CAACsB,YAAY,CACpBjB,GAAG,CAACmB,KAAK,CAACjB,MAAM,EAChBP,CAAC,CAACM,MAAM,CAAC;IACPK,GAAG,EAAEX,CAAC,CAACyB,OAAO,CAAC,YAAY;EAC7B,CAAC,CACH,CAAC;EACDT,OAAO,EAAEhB,CAAC,CAACsB,YAAY,CACrBjB,GAAG,CAACmB,KAAK,CAACR,OAAO,EACjBhB,CAAC,CAACM,MAAM,CAAC;IACPoB,GAAG,EAAE1B,CAAC,CAACS,MAAM,CAAC,CAAC;IACfkB,KAAK,EAAE3B,CAAC,CAACS,MAAM,CAAC,CAAC;IACjBmB,kBAAkB,EAAE5B,CAAC,CAACS,MAAM,CAAC,CAAC;IAC9BoB,mBAAmB,EAAE7B,CAAC,CAACS,MAAM,CAAC,CAAC;IAC/BqB,gBAAgB,EAAE9B,CAAC,CAACS,MAAM,CAAC;EAC7B,CAAC,CACH;AACF,CAAC,CAAC;;AAEF;AACA;AAIA,OAAO,MAAMsB,4BAA4B,GAAG/B,CAAC,CAACM,MAAM,CAAC;EACnDC,MAAM,EAAEP,CAAC,CAACsB,YAAY,CACpBjB,GAAG,CAACmB,KAAK,CAACjB,MAAM,EAChBP,CAAC,CAACM,MAAM,CAAC;IACPK,GAAG,EAAEX,CAAC,CAACyB,OAAO,CAAC,8BAA8B,CAAC;IAC9CV,WAAW,EAAEf,CAAC,CAACa,KAAK,CAACb,CAAC,CAACS,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC;EAC5C,CAAC,CACH,CAAC;EACDE,OAAO,EAAEhB,CAAC,CAACsB,YAAY,CACrBjB,GAAG,CAACmB,KAAK,CAACR,OAAO,EACjBhB,CAAC,CAACM,MAAM,CAAC;IACP0B,GAAG,EAAEhC,CAAC,CAACS,MAAM,CAAC,CAAC;IACfwB,GAAG,EAAEjC,CAAC,CAACS,MAAM,CAAC,CAAC;IACfyB,WAAW,EAAElC,CAAC,CAACS,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;IAClCqB,WAAW,EAAEnC,CAAC,CAACS,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC;EACnC,CAAC,CACH;AACF,CAAC,CAAC;AAKF,OAAO,MAAMsB,yBAAyB,GAAGpC,CAAC,CAACM,MAAM,CAAC;EAChD+B,mBAAmB,EAAErC,CAAC,CAACa,KAAK,CAC1Bb,CAAC,CAACM,MAAM,CAAC;IACPgC,kBAAkB,EAAEtC,CAAC,CAACS,MAAM,CAAC,CAAC;IAC9B8B,MAAM,EAAEvC,CAAC,CAACwC,IAAI,CAAC,CAAC,KAAK,EAAE,WAAW,EAAE,UAAU,CAAC;EACjD,CAAC,CACH;AACF,CAAC,CAAC"}

package/lib/typescript/credential/issuance/01-start-flow.d.ts DELETED Viewed

@@ -1,12 +0,0 @@
-/**
- * WARNING: This is the first function to be called in the issuing flow. The next function to be called is {@link evaluateIssuerTrust}.
- * The beginning of the issuing flow.
- * To be implemented according to the user touchpoint
- *
- * @returns The configuration ID of the Credential to be issued and the url of the Issuer
- */
-export type StartFlow = () => {
-    issuerUrl: string;
-    credentialId: string;
-};
-//# sourceMappingURL=01-start-flow.d.ts.map

package/lib/typescript/credential/issuance/01-start-flow.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"01-start-flow.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/01-start-flow.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC"}

package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts DELETED Viewed

@@ -1,19 +0,0 @@
-import { CredentialIssuerEntityConfiguration } from "../../trust/types";
-import type { StartFlow } from "./01-start-flow";
-import type { Out } from "../../utils/misc";
-export type EvaluateIssuerTrust = (issuerUrl: Out<StartFlow>["issuerUrl"], context?: {
-    appFetch?: GlobalFetch["fetch"];
-}) => Promise<{
-    issuerConf: CredentialIssuerEntityConfiguration["payload"]["metadata"];
-}>;
-/**
- * WARNING: This function must be called after {@link startFlow}. The next function to be called is {@link startUserAuthorization}.
- * The Issuer trust evaluation phase.
- * Fetch the Issuer's configuration and verify trust.
- *
- * @param issuerUrl The base url of the Issuer returned by {@link startFlow}
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The Issuer's configuration
- */
-export declare const evaluateIssuerTrust: EvaluateIssuerTrust;
-//# sourceMappingURL=02-evaluate-issuer-trust.d.ts.map

package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"02-evaluate-issuer-trust.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/02-evaluate-issuer-trust.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mCAAmC,EAAE,MAAM,mBAAmB,CAAC;AACxE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAG5C,MAAM,MAAM,mBAAmB,GAAG,CAChC,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,WAAW,CAAC,EACtC,OAAO,CAAC,EAAE;IACR,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC;IACX,UAAU,EAAE,mCAAmC,CAAC,SAAS,CAAC,CAAC,UAAU,CAAC,CAAC;CACxE,CAAC,CAAC;AAEH;;;;;;;;GAQG;AACH,eAAO,MAAM,mBAAmB,EAAE,mBASjC,CAAC"}

package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts DELETED Viewed

@@ -1,47 +0,0 @@
-import type { CryptoContext } from "@pagopa/io-react-native-jwt";
-import { type Out } from "../../utils/misc";
-import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
-import { AuthorizationDetail } from "../../utils/par";
-export type StartUserAuthorization = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], credentialIds: string[], proof: {
-    proofType: "none";
-} | {
-    proofType: "mrtd-pop";
-    idpHinting: string;
-}, context: {
-    wiaCryptoContext: CryptoContext;
-    walletInstanceAttestation: string;
-    redirectUri: string;
-    appFetch?: GlobalFetch["fetch"];
-}) => Promise<{
-    issuerRequestUri: string;
-    clientId: string;
-    codeVerifier: string;
-    credentialDefinition: AuthorizationDetail[];
-}>;
-/**
- * WARNING: This function must be called after {@link evaluateIssuerTrust} and {@link startFlow}. The next steam is {@link compeUserAuthorizationWithQueryMode} or {@link compeUserAuthorizationWithFormPostJwtMode}
- *
- * Creates and sends a PAR request to the /as/par endpoint of the authorization server.
- * This starts the authentication flow to obtain an access token.
- * This token enables the Wallet Instance to request a digital credential from the Credential Endpoint of the Credential Issuer; when multiple credential types are passed,
- * it is possible to use the same access token for the issuance of all requested credentials.
- * This is an HTTP POST request containing the Wallet Instance identifier (client id), the code challenge and challenge method as specified by PKCE according to RFC 9126
- * along with the WTE and its proof of possession (WTE-PoP).
- * Additionally, it includes a request object, which is a signed JWT encapsulating the type of digital credential requested (authorization_details), challenge method and
- * redirect URI for the document proof step (if L2 flow), the application session identifier on the Wallet Instance side (state),
- * the method (query or form_post.jwt) by which the Authorization Server
- * should transmit the Authorization Response containing the authorization code issued upon the end user's authentication (response_mode)
- * to the Wallet Instance's Token Endpoint to obtain the Access Token, and the redirectUri of the Wallet Instance where the Authorization Response
- * should be delivered. The redirect is achived by using a custom URL scheme that the Wallet Instance is registered to handle.
- * @param issuerConf The issuer configuration
- * @param credentialIds The credential configuration IDs to be requested
- * @param proof The configuration for the proof to be used in the request: "none" for standard flows, "document" for L2+ with MRTD verification.
- * @param ctx The context object containing;
- *  - wiaCryptoContext: the Wallet Instance's cryptographic context
- *  - walletInstanceAttestation: the Wallet Instance's attestation
- *  - redirectUri: the redirect URI
- *  - appFetch: (optional) the fetch implementation
- * @returns The URI to which the end user should be redirected to start the authentication flow, along with the client id, the code verifier and the credential definition(s)
- */
-export declare const startUserAuthorization: StartUserAuthorization;
-//# sourceMappingURL=03-start-user-authorization.d.ts.map

package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"03-start-user-authorization.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/03-start-user-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAEjE,OAAO,EAAoC,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC9E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEtE,OAAO,EAAE,mBAAmB,EAAkB,MAAM,iBAAiB,CAAC;AAGtE,MAAM,MAAM,sBAAsB,GAAG,CACnC,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,aAAa,EAAE,MAAM,EAAE,EACvB,KAAK,EAAE;IAAE,SAAS,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,SAAS,EAAE,UAAU,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,EAC5E,OAAO,EAAE;IACP,gBAAgB,EAAE,aAAa,CAAC;IAChC,yBAAyB,EAAE,MAAM,CAAC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC;IACX,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;CAC7C,CAAC,CAAC;AAqFH;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,eAAO,MAAM,sBAAsB,EAAE,sBA8DpC,CAAC"}

package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts DELETED Viewed

@@ -1,79 +0,0 @@
-import { type AuthorizationChallengeResult, type AuthorizationResult } from "../../utils/auth";
-import { type Out } from "../../utils/misc";
-import type { StartUserAuthorization } from "./03-start-user-authorization";
-import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
-import { type CryptoContext } from "@pagopa/io-react-native-jwt";
-import { RequestObject } from "../presentation/types";
-/**
- * The interface of the phase to complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
- */
-export type CompleteUserAuthorizationWithQueryMode = (authRedirectUrl: string) => Promise<AuthorizationResult>;
-export type ContinueUserAuthorizationWithMRTDPoPChallenge = (authRedirectUrl: string) => Promise<AuthorizationChallengeResult>;
-export type CompleteUserAuthorizationWithFormPostJwtMode = (requestObject: Out<GetRequestedCredentialToBePresented>, pid: string, context: {
-    wiaCryptoContext: CryptoContext;
-    pidCryptoContext: CryptoContext;
-    appFetch?: GlobalFetch["fetch"];
-}) => Promise<AuthorizationResult>;
-export type GetRequestedCredentialToBePresented = (issuerRequestUri: Out<StartUserAuthorization>["issuerRequestUri"], clientId: Out<StartUserAuthorization>["clientId"], issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], appFetch?: GlobalFetch["fetch"]) => Promise<RequestObject>;
-export type BuildAuthorizationUrl = (issuerRequestUri: Out<StartUserAuthorization>["issuerRequestUri"], clientId: Out<StartUserAuthorization>["clientId"], issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], idpHint?: string) => Promise<{
-    authUrl: string;
-}>;
-/**
- * WARNING: this function must be called after obtaining the authorization redirect URL from the webviews (SPID and CIE L3) or browser for CIEID, and the PID
- * issuance requires a MRTD PoP challenge.
- * @param authRedirectUrl The URL to which the end user should be redirected to start the MRTD PoP validation flow
- * @returns the authorization response which contains the challenge
- */
-export declare const continueUserAuthorizationWithMRTDPoPChallenge: ContinueUserAuthorizationWithMRTDPoPChallenge;
-/**
- * WARNING: This function must be called after {@link startUserAuthorization}. The generated authUrl must be used to open a browser or webview capable of catching the redirectSchema to perform a get request to the authorization endpoint.
- * Builds the authorization URL to which the end user should be redirected to continue the authentication flow.
- * @param issuerRequestUri the URI of the issuer where the request is sent
- * @param clientId Identifies the current client across all the requests of the issuing flow returned by {@link startUserAuthorization}
- * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
- * @param idpHint Unique identifier of the IDP selected by the user (optional)
- * @returns An object containing the authorization URL
- */
-export declare const buildAuthorizationUrl: BuildAuthorizationUrl;
-/**
- * WARNING: This function must be called after obtaining the authorization redirect URL from the webviews (SPID and CIE L3) or browser for CIEID.
- * Complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
- * This function parses the authorization redirect URL to extract the authorization response.
- * @param authRedirectUrl The URL to which the end user should be redirected to start the authentication flow
- * @returns the authorization response which contains code, state and iss
- */
-export declare const completeUserAuthorizationWithQueryMode: CompleteUserAuthorizationWithQueryMode;
-/**
- * WARNING: This function must be called after {@link startUserAuthorization}. The next function to be called is {@link completeUserAuthorizationWithFormPostJwtMode}.
- * The interface of the phase to complete User authorization via presentation of existing credentials when the response mode is "form_post.jwt".
- * It is used as a first step to complete the user authorization by obtaining the requested credential to be presented from the authorization server.
- * The information is obtained by performing a GET request to the authorization endpoint with request_uri and client_id parameters.
- * @param issuerRequestUri the URI of the issuer where the request is sent
- * @param clientId Identifies the current client across all the requests of the issuing flow returned by {@link startUserAuthorization}
- * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
- * @param appFetch (optional) fetch api implementation. Default: built-in fetch
- * @throws {ValidationFailed} if an error while validating the response
- * @returns the request object which contains the credential to be presented in order to obtain the requested credential
- */
-export declare const getRequestedCredentialToBePresented: GetRequestedCredentialToBePresented;
-/**
- * WARNING: This function must be called after {@link getRequestedCredentialToBePresented}. The next function to be called is {@link authorizeAccess}.
- * The interface of the phase to complete User authorization via presentation of existing credentials when the response mode is "form_post.jwt".
- * The information is obtained by performing a POST request to the endpoint received in the response_uri field of the requestObject, where the Authorization Response payload is posted.
- * Following this,the redirect_uri from the response is used to obtain the final authorization response.
- * @param requestObject - The request object containing the necessary parameters for authorization.
- * @param pid The `PID` that must be presented for the issuance of credentials.
- * @param appFetch (optional) fetch api implementation. Default: built-in fetch
- * @throws {ValidationFailed} if an error while validating the response
- * @returns the authorization response which contains code, state and iss
- */
-export declare const completeUserAuthorizationWithFormPostJwtMode: CompleteUserAuthorizationWithFormPostJwtMode;
-/**
- * Parse the authorization response and return the result which contains code, state and iss.
- * @throws {AuthorizationError} if an error occurs during the parsing process
- * @throws {AuthorizationIdpError} if an error occurs during the parsing process and the error is related to the IDP
- * @param authRes the authorization response to be parsed
- * @returns the authorization result which contains code, state and iss
- */
-export declare const parseAuthorizationResponse: (authRes: unknown) => AuthorizationResult;
-//# sourceMappingURL=04-complete-user-authorization.d.ts.map

package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"04-complete-user-authorization.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/04-complete-user-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,KAAK,4BAA4B,EACjC,KAAK,mBAAmB,EACzB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAG5E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAGL,KAAK,aAAa,EACnB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAA2B,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAQ/E;;GAEG;AACH,MAAM,MAAM,sCAAsC,GAAG,CACnD,eAAe,EAAE,MAAM,KACpB,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAElC,MAAM,MAAM,6CAA6C,GAAG,CAC1D,eAAe,EAAE,MAAM,KACpB,OAAO,CAAC,4BAA4B,CAAC,CAAC;AAE3C,MAAM,MAAM,4CAA4C,GAAG,CACzD,aAAa,EAAE,GAAG,CAAC,mCAAmC,CAAC,EACvD,GAAG,EAAE,MAAM,EACX,OAAO,EAAE;IACP,gBAAgB,EAAE,aAAa,CAAC;IAChC,gBAAgB,EAAE,aAAa,CAAC;IAChC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAElC,MAAM,MAAM,mCAAmC,GAAG,CAChD,gBAAgB,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,kBAAkB,CAAC,EACjE,QAAQ,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,UAAU,CAAC,EACjD,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC,aAAa,CAAC,CAAC;AAE5B,MAAM,MAAM,qBAAqB,GAAG,CAClC,gBAAgB,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,kBAAkB,CAAC,EACjE,QAAQ,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,UAAU,CAAC,EACjD,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,OAAO,CAAC,EAAE,MAAM,KACb,OAAO,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,6CAA6C,EAAE,6CA4BzD,CAAC;AAEJ;;;;;;;;GAQG;AACH,eAAO,MAAM,qBAAqB,EAAE,qBAqBnC,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,sCAAsC,EAAE,sCASlD,CAAC;AAEJ;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,mCAAmC,EAAE,mCAsC/C,CAAC;AAEJ;;;;;;;;;;GAUG;AACH,eAAO,MAAM,4CAA4C,EAAE,4CAoFxD,CAAC;AAEJ;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,YAC5B,OAAO,KACf,mBAqBF,CAAC"}