npm - @pagopa/io-react-native-wallet - Versions diffs - 2.5.1 → 3.0.0 - Mend

@pagopa/io-react-native-wallet 2.5.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1551) hide show

package/lib/module/credential/issuance/README.md CHANGED Viewed

@@ -98,6 +98,10 @@ The expected result from the authentication process is in `form_post.jwt` format
   <summary>Credential issuance flow</summary>
 ```ts
+import { IoWallet } from "@pagopa/io-react-native-wallet";
+const wallet = new IoWallet({ version: "1.0.0" });
 // Retrieve the integrity key tag from the store and create its context
 const integrityKeyTag = "example"; // Let's assume this is the key tag used to create the wallet instance
 const integrityContext = getIntegrityContext(integrityKeyTag);
@@ -134,22 +138,14 @@ const credentialKeyTag = uuidv4().toString();
 await generate(credentialKeyTag); // Let's assume this function generates a new hardware-backed key pair
 const credentialCryptoContext = createCryptoContextFor(credentialKeyTag);
-// Start the issuance flow
-const startFlow: Credential.Issuance.StartFlow = () => ({
-  issuerUrl: WALLET_EAA_PROVIDER_BASE_URL,
-  credentialId: "someCredentialId",
-});
-const { issuerUrl, credentialId } = startFlow();
 // Evaluate issuer trust
-const { issuerConf } = await Credential.Issuance.evaluateIssuerTrust(issuerUrl);
+const { issuerConf } = await wallet.CredentialIssuance.evaluateIssuerTrust(WALLET_EAA_PROVIDER_BASE_URL);
 // Start user authorization
 const { issuerRequestUri, clientId, codeVerifier } =
-  await Credential.Issuance.startUserAuthorization(
+  await wallet.CredentialIssuance.startUserAuthorization(
     issuerConf,
-    [credentialId],
+    ["someCredentialId"],
     { proofType: "none" },
     {
       walletInstanceAttestation,
@@ -160,7 +156,7 @@ const { issuerRequestUri, clientId, codeVerifier } =
   );
 const requestObject =
-  await Credential.Issuance.getRequestedCredentialToBePresented(
+  await wallet.CredentialIssuance.getRequestedCredentialToBePresented(
     issuerRequestUri,
     clientId,
     issuerConf,
@@ -169,7 +165,7 @@ const requestObject =
 // Complete the user authorization via form_post.jwt mode
 const { code } =
-  await Credential.Issuance.completeUserAuthorizationWithFormPostJwtMode(
+  await wallet.CredentialIssuance.completeUserAuthorizationWithFormPostJwtMode(
     requestObject,
     pid.credential,
     { wiaCryptoContext, pidCryptoContext: createCryptoContextFor(pid.keyTag) }
@@ -179,11 +175,10 @@ const { code } =
 await regenerateCryptoKey(DPOP_KEYTAG); // Let's assume this function regenerates this ephemeral key for the DPoP
 const dPopCryptoContext = createCryptoContextFor(DPOP_KEYTAG);
-const { accessToken } = await Credential.Issuance.authorizeAccess(
+const { accessToken } = await wallet.CredentialIssuance.authorizeAccess(
   issuerConf,
   code,
-  clientId,
-  redirectUri: REDIRECT_URI,
+  REDIRECT_URI,
   codeVerifier,
   {
     walletInstanceAttestation,
@@ -198,7 +193,7 @@ const { credential_configuration_id, credential_identifiers } =
     accessToken.authorization_details[0]!;
  // Obtain the credential
-const { credential, format } = await Credential.Issuance.obtainCredential(
+const { credential, format } = await wallet.CredentialIssuance.obtainCredential(
   issuerConf,
   accessToken,
   clientId,
@@ -222,7 +217,7 @@ const mockX509CertRoot = format === "mso_mdoc" ? "base64encodedX509CertRoot" : u
  * WARNING: includeUndefinedAttributes should not be set to true in production in order to get only claims explicitly declared by the issuer.
  */
 const { parsedCredential } =
-  await Credential.Issuance.verifyAndParseCredential(
+  await wallet.CredentialIssuance.verifyAndParseCredential(
     issuerConf,
     credential,
     credential_configuration_id,
@@ -254,6 +249,10 @@ return {
   <summary>eID issuance flow</summary>
 ```ts
+import { IoWallet } from "@pagopa/io-react-native-wallet";
+const wallet = new IoWallet({ version: "1.0.0" });
 // Retrieve the integrity key tag from the store and create its context
 const integrityKeyTag = "example"; // Let's assume this is the key tag used to create the wallet instance
 const integrityContext = getIntegrityContext(integrityKeyTag);
@@ -293,25 +292,17 @@ const credentialKeyTag = uuidv4().toString();
 await generate(credentialKeyTag);
 const credentialCryptoContext = createCryptoContextFor(credentialKeyTag);
-// Start the issuance flow
-const startFlow: Credential.Issuance.StartFlow = () => ({
-  issuerUrl: WALLET_EID_PROVIDER_BASE_URL,
-  credentialId: "dc_sd_jwt_PersonIdentificationData",
-});
-const { issuerUrl, credentialId } = startFlow();
 // Evaluate issuer trust
-const { issuerConf } = await Credential.Issuance.evaluateIssuerTrust(
-  issuerUrl,
+const { issuerConf } = await wallet.CredentialIssuance.evaluateIssuerTrust(
+  WALLET_EID_PROVIDER_BASE_URL,
   { appFetch }
 );
 // Start user authorization
 const { issuerRequestUri, clientId, codeVerifier, credentialDefinition } =
-  await Credential.Issuance.startUserAuthorization(
+  await wallet.CredentialIssuance.startUserAuthorization(
     issuerConf,
-    [credentialId], // Request authorization for one or more credentials
+    ["dc_sd_jwt_PersonIdentificationData"], // Request authorization for one or more credentials
     { proofType: "none" },
     {
       walletInstanceAttestation,
@@ -323,7 +314,7 @@ const { issuerRequestUri, clientId, codeVerifier, credentialDefinition } =
 // Complete the authorization process with query mode with the authorizationContext which opens the browser
 const { code } =
-  await Credential.Issuance.completeUserAuthorizationWithQueryMode(
+  await wallet.CredentialIssuance.completeUserAuthorizationWithQueryMode(
     issuerRequestUri
   );
@@ -331,10 +322,9 @@ const { code } =
 await regenerateCryptoKey(DPOP_KEYTAG);
 const dPopCryptoContext = createCryptoContextFor(DPOP_KEYTAG);
-const { accessToken } = await Credential.Issuance.authorizeAccess(
+const { accessToken } = await wallet.CredentialIssuance.authorizeAccess(
   issuerConf,
   code,
-  clientId,
   redirectUri,
   codeVerifier,
   {
@@ -358,7 +348,7 @@ const { credential_configuration_id, credential_identifiers } =
     );
 // Obtain che eID credential
-const { credential, format } = await Credential.Issuance.obtainCredential(
+const { credential, format } = await wallet.CredentialIssuance.obtainCredential(
   issuerConf,
   accessToken,
   clientId,
@@ -374,7 +364,7 @@ const { credential, format } = await Credential.Issuance.obtainCredential(
 );
 // Parse and verify the eID credential
-const { parsedCredential, issuedAt, expiration } = await Credential.Issuance.verifyAndParseCredential(
+const { parsedCredential, issuedAt, expiration } = await wallet.CredentialIssuance.verifyAndParseCredential(
   issuerConf,
   credential,
   credential_configuration_id,
@@ -400,6 +390,10 @@ The result of this flow is a raw credential and a parsed credential which must b
   <summary>eID issuance flow with MRTD PoP validation</summary>
 ```ts
+import { IoWallet } from "@pagopa/io-react-native-wallet";
+const wallet = new IoWallet({ version: "1.0.0" });
 /**
  *
  * Previous steps are the sames as the "eID issuance flow" example
@@ -409,7 +403,7 @@ The result of this flow is a raw credential and a parsed credential which must b
 // Start user authorization indicating "mrtd-pop" as the proof type with the idpHint of the
 // chosen identification method
 const { issuerRequestUri, clientId, codeVerifier, credentialDefinition } =
-  await Credential.Issuance.startUserAuthorization(
+  await wallet.CredentialIssuance.startUserAuthorization(
     issuerConf,
     [credentialId],
     { proofType: "mrtd-pop", idpHinting: idpHint },
@@ -422,7 +416,7 @@ const { issuerRequestUri, clientId, codeVerifier, credentialDefinition } =
   );
 // Obtain the Authorization URL
-const { authUrl } = await Credential.Issuance.buildAuthorizationUrl(
+const { authUrl } = await wallet.CredentialIssuance.buildAuthorizationUrl(
   issuerRequestUri,
   clientId,
   issuerConf,
@@ -431,7 +425,7 @@ const { authUrl } = await Credential.Issuance.buildAuthorizationUrl(
 // Extract challenge info from the Authorization URL
 const { challenge_info } =
-  await Credential.Issuance.continueUserAuthorizationWithMRTDPoPChallenge(
+  await wallet.CredentialIssuance.continueUserAuthorizationWithMRTDPoPChallenge(
     authUrl
   );
@@ -440,7 +434,7 @@ const {
   htu: initUrl,
   mrtd_auth_session,
   mrtd_pop_jwt_nonce,
-} = await Credential.Issuance.MRTDPoP.verifyAndParseChallengeInfo(
+} = await wallet.CredentialIssuance.MRTDPoP.verifyAndParseChallengeInfo(
   issuerConf,
   challenge_info,
   { wiaCryptoContext }
@@ -451,7 +445,7 @@ const {
   htu: validationUrl,
   challenge,
   mrtd_pop_nonce,
-} = await Credential.Issuance.MRTDPoP.initChallenge(
+} = await wallet.CredentialIssuance.MRTDPoP.initChallenge(
   issuerConf,
   initUrl,
   mrtd_auth_session,
@@ -468,7 +462,7 @@ const { nis, mrtds } = /* NFC interactions functions */
 // Validate challenge
 const { mrtd_val_pop_nonce, redirect_uri } =
-  await Credential.Issuance.MRTDPoP.validateChallenge(
+  await wallet.CredentialIssuance.MRTDPoP.validateChallenge(
     issuerConf,
     validationUrl,
     mrtd_auth_session,
@@ -483,7 +477,7 @@ const { mrtd_val_pop_nonce, redirect_uri } =
   );
 // Build the callback url
-const { callbackUrl } = await Credential.Issuance.buildChallengeCallbackUrl(
+const { callbackUrl } = await wallet.CredentialIssuance.buildChallengeCallbackUrl(
   redirect_uri,
   mrtd_val_pop_nonce,
   mrtd_auth_session
@@ -494,7 +488,7 @@ const authRedirectUrl = /* From a browser or webview redirect */
 // Complete the authorization process with query mode using the returned callback url
 const { code } =
-  await Credential.Issuance.completeUserAuthorizationWithQueryMode(
+  await wallet.CredentialIssuance.completeUserAuthorizationWithQueryMode(
     authRedirectUrl
   );
@@ -503,7 +497,6 @@ const { code } =
  * The next steps are the same as the "eID issuance flow" example
  *
  */
-};
 ```
 The result of this flow is a raw credential and a parsed credential which must be stored securely in the wallet along with its crypto key.

package/lib/module/credential/issuance/api/01-evaluate-issuer-trust.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=01-evaluate-issuer-trust.js.map

package/lib/module/credential/issuance/api/01-evaluate-issuer-trust.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"names":[],"sourceRoot":"../../../../../src","sources":["credential/issuance/api/01-evaluate-issuer-trust.ts"],"mappings":""}

package/lib/module/credential/issuance/api/02-start-user-authorization.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=02-start-user-authorization.js.map

package/lib/module/credential/issuance/api/02-start-user-authorization.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"names":[],"sourceRoot":"../../../../../src","sources":["credential/issuance/api/02-start-user-authorization.ts"],"mappings":""}

package/lib/module/credential/issuance/api/03-complete-user-authorization.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=03-complete-user-authorization.js.map

package/lib/module/credential/issuance/api/03-complete-user-authorization.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"names":[],"sourceRoot":"../../../../../src","sources":["credential/issuance/api/03-complete-user-authorization.ts"],"mappings":""}

package/lib/module/credential/issuance/api/04-authorize-access.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=04-authorize-access.js.map

package/lib/module/credential/issuance/api/04-authorize-access.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"names":[],"sourceRoot":"../../../../../src","sources":["credential/issuance/api/04-authorize-access.ts"],"mappings":""}

package/lib/module/credential/issuance/api/05-obtain-credential.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=05-obtain-credential.js.map

package/lib/module/credential/issuance/api/05-obtain-credential.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"names":[],"sourceRoot":"../../../../../src","sources":["credential/issuance/api/05-obtain-credential.ts"],"mappings":""}

package/lib/module/credential/issuance/api/06-verify-and-parse-credential.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=06-verify-and-parse-credential.js.map

package/lib/module/credential/issuance/api/06-verify-and-parse-credential.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"names":[],"sourceRoot":"../../../../../src","sources":["credential/issuance/api/06-verify-and-parse-credential.ts"],"mappings":""}

package/lib/module/credential/issuance/api/IssuerConfig.js ADDED Viewed

@@ -0,0 +1,60 @@
+import { z } from "zod";
+import { JWK } from "../../../utils/jwk";
+import { FederationEntityMetadata } from "../../../trust/common/types";
+const DisplayConfig = z.object({
+  name: z.string(),
+  locale: z.string()
+});
+const ClaimConfig = z.object({
+  path: z.array(z.union([z.string(), z.number(), z.null()])),
+  display: z.array(DisplayConfig)
+});
+const IssuanceErrorSupported = z.object({
+  display: z.array(z.object({
+    title: z.string(),
+    description: z.string(),
+    locale: z.string()
+  }))
+});
+const CredentialConfig = z.intersection(z.discriminatedUnion("format", [z.object({
+  format: z.literal("dc+sd-jwt"),
+  vct: z.string()
+}), z.object({
+  format: z.literal("mso_mdoc"),
+  doctype: z.string()
+})]), z.object({
+  scope: z.string(),
+  display: z.array(DisplayConfig),
+  claims: z.array(ClaimConfig),
+  /**
+   * @deprecated Use the Credentials Catalogue to get the Auth Source
+   */
+  authentic_source: z.string().optional(),
+  /**
+   * @deprecated Kept for backward compatibility with v0.7.1
+   */
+  issuance_errors_supported: z.record(IssuanceErrorSupported).optional()
+}));
+/**
+ * Common Issuer configuration, decoupled from specific IT-Wallet versions.
+ */
+export const IssuerConfig = z.object({
+  credential_issuer: z.string(),
+  pushed_authorization_request_endpoint: z.string(),
+  authorization_endpoint: z.string(),
+  token_endpoint: z.string(),
+  nonce_endpoint: z.string(),
+  status_assertion_endpoint: z.string().optional(),
+  credential_endpoint: z.string(),
+  keys: z.array(JWK),
+  credential_configurations_supported: z.record(CredentialConfig),
+  federation_entity: FederationEntityMetadata,
+  credential_issuance_batch_size: z.number().optional(),
+  /**
+   * @deprecated
+   */
+  response_modes_supported: z.array(z.string()).optional()
+});
+//# sourceMappingURL=IssuerConfig.js.map

package/lib/module/credential/issuance/api/IssuerConfig.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["z","JWK","FederationEntityMetadata","DisplayConfig","object","name","string","locale","ClaimConfig","path","array","union","number","null","display","IssuanceErrorSupported","title","description","CredentialConfig","intersection","discriminatedUnion","format","literal","vct","doctype","scope","claims","authentic_source","optional","issuance_errors_supported","record","IssuerConfig","credential_issuer","pushed_authorization_request_endpoint","authorization_endpoint","token_endpoint","nonce_endpoint","status_assertion_endpoint","credential_endpoint","keys","credential_configurations_supported","federation_entity","credential_issuance_batch_size","response_modes_supported"],"sourceRoot":"../../../../../src","sources":["credential/issuance/api/IssuerConfig.ts"],"mappings":"AAAA,SAASA,CAAC,QAAQ,KAAK;AACvB,SAASC,GAAG,QAAQ,oBAAoB;AACxC,SAASC,wBAAwB,QAAQ,6BAA6B;AAEtE,MAAMC,aAAa,GAAGH,CAAC,CAACI,MAAM,CAAC;EAC7BC,IAAI,EAAEL,CAAC,CAACM,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEP,CAAC,CAACM,MAAM,CAAC;AACnB,CAAC,CAAC;AAEF,MAAME,WAAW,GAAGR,CAAC,CAACI,MAAM,CAAC;EAC3BK,IAAI,EAAET,CAAC,CAACU,KAAK,CAACV,CAAC,CAACW,KAAK,CAAC,CAACX,CAAC,CAACM,MAAM,CAAC,CAAC,EAAEN,CAAC,CAACY,MAAM,CAAC,CAAC,EAAEZ,CAAC,CAACa,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;EAC1DC,OAAO,EAAEd,CAAC,CAACU,KAAK,CAACP,aAAa;AAChC,CAAC,CAAC;AAEF,MAAMY,sBAAsB,GAAGf,CAAC,CAACI,MAAM,CAAC;EACtCU,OAAO,EAAEd,CAAC,CAACU,KAAK,CACdV,CAAC,CAACI,MAAM,CAAC;IACPY,KAAK,EAAEhB,CAAC,CAACM,MAAM,CAAC,CAAC;IACjBW,WAAW,EAAEjB,CAAC,CAACM,MAAM,CAAC,CAAC;IACvBC,MAAM,EAAEP,CAAC,CAACM,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;AAEF,MAAMY,gBAAgB,GAAGlB,CAAC,CAACmB,YAAY,CACrCnB,CAAC,CAACoB,kBAAkB,CAAC,QAAQ,EAAE,CAC7BpB,CAAC,CAACI,MAAM,CAAC;EAAEiB,MAAM,EAAErB,CAAC,CAACsB,OAAO,CAAC,WAAW,CAAC;EAAEC,GAAG,EAAEvB,CAAC,CAACM,MAAM,CAAC;AAAE,CAAC,CAAC,EAC7DN,CAAC,CAACI,MAAM,CAAC;EAAEiB,MAAM,EAAErB,CAAC,CAACsB,OAAO,CAAC,UAAU,CAAC;EAAEE,OAAO,EAAExB,CAAC,CAACM,MAAM,CAAC;AAAE,CAAC,CAAC,CACjE,CAAC,EACFN,CAAC,CAACI,MAAM,CAAC;EACPqB,KAAK,EAAEzB,CAAC,CAACM,MAAM,CAAC,CAAC;EACjBQ,OAAO,EAAEd,CAAC,CAACU,KAAK,CAACP,aAAa,CAAC;EAC/BuB,MAAM,EAAE1B,CAAC,CAACU,KAAK,CAACF,WAAW,CAAC;EAC5B;AACJ;AACA;EACImB,gBAAgB,EAAE3B,CAAC,CAACM,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EACvC;AACJ;AACA;EACIC,yBAAyB,EAAE7B,CAAC,CAAC8B,MAAM,CAACf,sBAAsB,CAAC,CAACa,QAAQ,CAAC;AACvE,CAAC,CACH,CAAC;;AAED;AACA;AACA;;AAEA,OAAO,MAAMG,YAAY,GAAG/B,CAAC,CAACI,MAAM,CAAC;EACnC4B,iBAAiB,EAAEhC,CAAC,CAACM,MAAM,CAAC,CAAC;EAC7B2B,qCAAqC,EAAEjC,CAAC,CAACM,MAAM,CAAC,CAAC;EACjD4B,sBAAsB,EAAElC,CAAC,CAACM,MAAM,CAAC,CAAC;EAClC6B,cAAc,EAAEnC,CAAC,CAACM,MAAM,CAAC,CAAC;EAC1B8B,cAAc,EAAEpC,CAAC,CAACM,MAAM,CAAC,CAAC;EAC1B+B,yBAAyB,EAAErC,CAAC,CAACM,MAAM,CAAC,CAAC,CAACsB,QAAQ,CAAC,CAAC;EAChDU,mBAAmB,EAAEtC,CAAC,CAACM,MAAM,CAAC,CAAC;EAC/BiC,IAAI,EAAEvC,CAAC,CAACU,KAAK,CAACT,GAAG,CAAC;EAClBuC,mCAAmC,EAAExC,CAAC,CAAC8B,MAAM,CAACZ,gBAAgB,CAAC;EAC/DuB,iBAAiB,EAAEvC,wBAAwB;EAC3CwC,8BAA8B,EAAE1C,CAAC,CAACY,MAAM,CAAC,CAAC,CAACgB,QAAQ,CAAC,CAAC;EACrD;AACF;AACA;EACEe,wBAAwB,EAAE3C,CAAC,CAACU,KAAK,CAACV,CAAC,CAACM,MAAM,CAAC,CAAC,CAAC,CAACsB,QAAQ,CAAC;AACzD,CAAC,CAAC"}

package/lib/module/credential/issuance/api/index.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=index.js.map

package/lib/module/credential/issuance/api/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"names":[],"sourceRoot":"../../../../../src","sources":["credential/issuance/api/index.ts"],"mappings":""}

package/lib/module/credential/issuance/api/mrtd-pop/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+export * from "./types";
+export {};
+//# sourceMappingURL=index.js.map

package/lib/module/credential/issuance/api/mrtd-pop/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"names":[],"sourceRoot":"../../../../../../src","sources":["credential/issuance/api/mrtd-pop/index.ts"],"mappings":"AAuGA,cAAc,SAAS;AAAC"}

package/lib/module/credential/issuance/api/mrtd-pop/types.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+
2	+ //# sourceMappingURL=types.js.map

package/lib/module/credential/issuance/api/mrtd-pop/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"names":[],"sourceRoot":"../../../../../../src","sources":["credential/issuance/api/mrtd-pop/types.ts"],"mappings":""}

package/lib/module/credential/issuance/api/types.js ADDED Viewed

@@ -0,0 +1,17 @@
+import * as z from "zod";
+// The credential as a collection of attributes in plain value
+export const AuthorizationDetail = z.object({
+  type: z.literal("openid_credential"),
+  credential_configuration_id: z.string(),
+  credential_identifiers: z.array(z.string())
+});
+export const TokenResponse = z.object({
+  access_token: z.string(),
+  refresh_token: z.string().optional(),
+  authorization_details: z.array(AuthorizationDetail),
+  expires_in: z.number().optional(),
+  token_type: z.string()
+});
+//# sourceMappingURL=types.js.map

package/lib/module/credential/issuance/api/types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["z","AuthorizationDetail","object","type","literal","credential_configuration_id","string","credential_identifiers","array","TokenResponse","access_token","refresh_token","optional","authorization_details","expires_in","number","token_type"],"sourceRoot":"../../../../../src","sources":["credential/issuance/api/types.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;;AAIxB;;AAgBA,OAAO,MAAMC,mBAAmB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAC1CC,IAAI,EAAEH,CAAC,CAACI,OAAO,CAAC,mBAAmB,CAAC;EACpCC,2BAA2B,EAAEL,CAAC,CAACM,MAAM,CAAC,CAAC;EACvCC,sBAAsB,EAAEP,CAAC,CAACQ,KAAK,CAACR,CAAC,CAACM,MAAM,CAAC,CAAC;AAC5C,CAAC,CAAC;AAGF,OAAO,MAAMG,aAAa,GAAGT,CAAC,CAACE,MAAM,CAAC;EACpCQ,YAAY,EAAEV,CAAC,CAACM,MAAM,CAAC,CAAC;EACxBK,aAAa,EAAEX,CAAC,CAACM,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC,CAAC;EACpCC,qBAAqB,EAAEb,CAAC,CAACQ,KAAK,CAACP,mBAAmB,CAAC;EACnDa,UAAU,EAAEd,CAAC,CAACe,MAAM,CAAC,CAAC,CAACH,QAAQ,CAAC,CAAC;EACjCI,UAAU,EAAEhB,CAAC,CAACM,MAAM,CAAC;AACvB,CAAC,CAAC"}

package/lib/module/credential/issuance/common/02-start-user-authorization.js ADDED Viewed

@@ -0,0 +1,47 @@
+import { LogLevel, Logger } from "../../../utils/logging";
+/**
+ * Ensures that the credential type requested is supported by the issuer and contained in the
+ * issuer configuration.
+ * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
+ * @param credentialId The credential configuration ID to be requested;
+ * @returns The credential definition to be used in the request which includes the format and the type and its type
+ */
+export const selectCredentialDefinition = (issuerConf, credentialId) => {
+  const credential_configurations_supported = issuerConf.credential_configurations_supported;
+  const [result] = Object.keys(credential_configurations_supported).filter(e => e.includes(credentialId)).map(() => ({
+    credential_configuration_id: credentialId,
+    type: "openid_credential"
+  }));
+  if (!result) {
+    Logger.log(LogLevel.ERROR, `Requested credential ${credentialId} is not supported by the issuer according to its configuration ${JSON.stringify(credential_configurations_supported)}`);
+    throw new Error(`No credential support the type '${credentialId}'`);
+  }
+  return result;
+};
+/**
+ * Ensures that the response mode requested is supported by the issuer and contained in the issuer configuration.
+ * When multiple credentials are provided, all of them must support the same response_mode.
+ * @param issuerConf The issuer configuration
+ * @param credentialIds The credential configuration IDs to be requested
+ * @returns The response mode to be used in the request, "query" for PersonIdentificationData and "form_post.jwt" for all other types.
+ */
+export const selectResponseMode = (issuerConf, credentialIds) => {
+  const responseModeSet = new Set();
+  for (const credentialId of credentialIds) {
+    responseModeSet.add(credentialId.match(/PersonIdentificationData/i) ? "query" : "form_post.jwt");
+  }
+  if (responseModeSet.size !== 1) {
+    Logger.log(LogLevel.ERROR, `${credentialIds} have incompatible response_mode: ${[...responseModeSet.values()]}`);
+    throw new Error("Requested credentials have incompatible response_mode and cannot be requested with the same PAR request");
+  }
+  const [responseMode] = responseModeSet.values();
+  Logger.log(LogLevel.DEBUG, `Selected response mode ${responseMode} for credential IDs ${credentialIds}`);
+  const responseModeSupported = issuerConf.response_modes_supported;
+  if (responseModeSupported && !responseModeSupported.includes(responseMode)) {
+    Logger.log(LogLevel.ERROR, `Requested response mode ${responseMode} is not supported by the issuer according to its configuration ${JSON.stringify(responseModeSupported)}`);
+    throw new Error(`No response mode support for IDs '${credentialIds}'`);
+  }
+  return responseMode;
+};
+//# sourceMappingURL=02-start-user-authorization.js.map

package/lib/module/credential/issuance/common/02-start-user-authorization.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["LogLevel","Logger","selectCredentialDefinition","issuerConf","credentialId","credential_configurations_supported","result","Object","keys","filter","e","includes","map","credential_configuration_id","type","log","ERROR","JSON","stringify","Error","selectResponseMode","credentialIds","responseModeSet","Set","add","match","size","values","responseMode","DEBUG","responseModeSupported","response_modes_supported"],"sourceRoot":"../../../../../src","sources":["credential/issuance/common/02-start-user-authorization.ts"],"mappings":"AAAA,SAASA,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AAMzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,0BAA0B,GAAGA,CACxCC,UAAwB,EACxBC,YAAoB,KACI;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACE,mCAAmC;EAEhD,MAAM,CAACC,MAAM,CAAC,GAAGC,MAAM,CAACC,IAAI,CAACH,mCAAmC,CAAC,CAC9DI,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACP,YAAY,CAAC,CAAC,CACvCQ,GAAG,CAAC,OAAO;IACVC,2BAA2B,EAAET,YAAY;IACzCU,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACR,MAAM,EAAE;IACXL,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,wBAAuBZ,YAAa,kEAAiEa,IAAI,CAACC,SAAS,CAACb,mCAAmC,CAAE,EAC5J,CAAC;IACD,MAAM,IAAIc,KAAK,CAAE,mCAAkCf,YAAa,GAAE,CAAC;EACrE;EACA,OAAOE,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMc,kBAAkB,GAAGA,CAChCjB,UAAwB,EACxBkB,aAAuB,KACN;EACjB,MAAMC,eAAe,GAAG,IAAIC,GAAG,CAAe,CAAC;EAE/C,KAAK,MAAMnB,YAAY,IAAIiB,aAAa,EAAE;IACxCC,eAAe,CAACE,GAAG,CACjBpB,YAAY,CAACqB,KAAK,CAAC,2BAA2B,CAAC,GAC3C,OAAO,GACP,eACN,CAAC;EACH;EAEA,IAAIH,eAAe,CAACI,IAAI,KAAK,CAAC,EAAE;IAC9BzB,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,GAAEK,aAAc,qCAAoC,CAAC,GAAGC,eAAe,CAACK,MAAM,CAAC,CAAC,CAAE,EACrF,CAAC;IACD,MAAM,IAAIR,KAAK,CACb,yGACF,CAAC;EACH;EAEA,MAAM,CAACS,YAAY,CAAC,GAAGN,eAAe,CAACK,MAAM,CAAC,CAAC;EAE/C1B,MAAM,CAACc,GAAG,CACRf,QAAQ,CAAC6B,KAAK,EACb,0BAAyBD,YAAa,uBAAsBP,aAAc,EAC7E,CAAC;EAED,MAAMS,qBAAqB,GAAG3B,UAAU,CAAC4B,wBAAwB;EACjE,IAAID,qBAAqB,IAAI,CAACA,qBAAqB,CAACnB,QAAQ,CAACiB,YAAa,CAAC,EAAE;IAC3E3B,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,2BAA0BY,YAAa,kEAAiEX,IAAI,CAACC,SAAS,CAACY,qBAAqB,CAAE,EACjJ,CAAC;IACD,MAAM,IAAIX,KAAK,CAAE,qCAAoCE,aAAc,GAAE,CAAC;EACxE;EAEA,OAAOO,YAAY;AACrB,CAAC"}

package/lib/module/credential/issuance/common/06-verify-and-parse-credential.mdoc.js ADDED Viewed

@@ -0,0 +1,171 @@
+import { extractElementValueAsDate } from "../../../mdoc/converter";
+import { getParsedCredentialClaimKey, verify as verifyMdoc } from "../../../mdoc";
+import { MDOC_DEFAULT_NAMESPACE } from "../../../mdoc/const";
+import { IoWalletError } from "../../../utils/errors";
+import { isSameThumbprint } from "../../../utils/jwk";
+/**
+ * Given a credential, verify it's in the supported format
+ * and the credential is correctly signed
+ * and it's bound to the given key
+ *
+ * @param rawCredential The received credential
+ * @param x509CertRoot The root certificate of the issuer, which will be used to verify the signature
+ * @param holderBindingContext The access to the holder's key
+ *
+ * @throws If the signature verification fails
+ * @throws If the credential is not in the SdJwt4VC format
+ * @throws If the holder binding is not properly configured
+ *
+ */
+async function verifyCredentialMDoc(rawCredential, x509CertRoot, holderBindingContext) {
+  const [decodedCredential, holderBindingKey] =
+  // parallel for optimization
+  await Promise.all([verifyMdoc(rawCredential, x509CertRoot), holderBindingContext.getPublicKey()]);
+  if (!decodedCredential) {
+    throw new IoWalletError("No MDOC credentials found!");
+  }
+  const key = decodedCredential.issuerSigned.issuerAuth.payload.deviceKeyInfo.deviceKey;
+  if (!(await isSameThumbprint(key, holderBindingKey))) {
+    throw new IoWalletError(`Failed to verify holder binding, holder binding key and mDoc deviceKey don't match`);
+  }
+  return decodedCredential;
+}
+const parseCredentialMDoc = function (credentialConfig, _ref) {
+  let {
+    issuerSigned
+  } = _ref;
+  let ignoreMissingAttributes = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
+  let includeUndefinedAttributes = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : false;
+  if (!credentialConfig) {
+    throw new IoWalletError("Credential type not supported by the issuer");
+  }
+  if (!credentialConfig.claims) {
+    throw new IoWalletError("Missing claims in the credential subject");
+  }
+  const attrDefinitions = credentialConfig.claims.map(_ref2 => {
+    let {
+      path: [namespace, attribute],
+      display
+    } = _ref2;
+    return [namespace, attribute, display];
+  });
+  if (!issuerSigned.nameSpaces) {
+    throw new IoWalletError("Missing claims in the credential");
+  }
+  const flatNamespaces = Object.entries(issuerSigned.nameSpaces).flatMap(_ref3 => {
+    let [namespace, values] = _ref3;
+    return values.map(v => [namespace, v.elementIdentifier, v.elementValue]);
+  });
+  // Check that all mandatory attributes defined in the issuer configuration are present in the disclosure set
+  // and filter the non present ones
+  const attrsNotInDisclosures = attrDefinitions.filter(_ref4 => {
+    let [attrDefNamespace, attrKey] = _ref4;
+    return !flatNamespaces.some(_ref5 => {
+      let [namespace, claim] = _ref5;
+      return attrDefNamespace === namespace && attrKey === claim;
+    });
+  });
+  if (attrsNotInDisclosures.length > 0) {
+    const missing = attrsNotInDisclosures.map(_ref6 => {
+      let [, attrKey] = _ref6;
+      return attrKey;
+    }).join(", ");
+    const received = flatNamespaces.map(_ref7 => {
+      let [, attrKey] = _ref7;
+      return attrKey;
+    }).join(", ");
+    if (!ignoreMissingAttributes) {
+      throw new IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
+    }
+  }
+  // Attributes defined in the issuer configuration and present in the disclosure set
+  const definedValues = attrDefinitions
+  // Retrieve the value from the corresponding disclosure
+  .map(_ref8 => {
+    var _flatNamespaces$find;
+    let [attrDefNamespace, attrKey, display] = _ref8;
+    return [attrDefNamespace, attrKey, {
+      display,
+      value: (_flatNamespaces$find = flatNamespaces.find(_ref9 => {
+        let [namespace, name] = _ref9;
+        return attrDefNamespace === namespace && name === attrKey;
+      })) === null || _flatNamespaces$find === void 0 ? void 0 : _flatNamespaces$find[2]
+    }];
+  })
+  //filter the not found elements
+  .filter(_ref10 => {
+    let [_, __, definition] = _ref10;
+    return definition.value !== undefined;
+  })
+  // Add a human-readable attribute name, with i18n, in the form { locale: name }
+  // Example: { "it-IT": "Nome", "en-EN": "Name", "es-ES": "Nombre" }
+  .reduce((acc, _ref11) => {
+    let [attrDefNamespace, attrKey, {
+      display,
+      value
+    }] = _ref11;
+    return {
+      ...acc,
+      [getParsedCredentialClaimKey(attrDefNamespace, attrKey)]: {
+        value,
+        name: display.reduce((names, _ref12) => {
+          let {
+            locale,
+            name
+          } = _ref12;
+          return {
+            ...names,
+            [locale]: name
+          };
+        }, {})
+      }
+    };
+  }, {});
+  if (includeUndefinedAttributes) {
+    const undefinedValues = Object.fromEntries(Object.values(flatNamespaces).filter(_ref13 => {
+      let [namespace, key] = _ref13;
+      return !definedValues[getParsedCredentialClaimKey(namespace, key)];
+    }).map(_ref14 => {
+      let [namespace, key, value] = _ref14;
+      return [getParsedCredentialClaimKey(namespace, key), {
+        value,
+        name: key
+      }];
+    }));
+    return {
+      ...definedValues,
+      ...undefinedValues
+    };
+  }
+  return definedValues;
+};
+export const verifyAndParseCredentialMDoc = async (issuerConf, credential, credentialConfigurationId, _ref15, x509CertRoot) => {
+  var _parsedCredential$get, _parsedCredential$get2;
+  let {
+    credentialCryptoContext,
+    ignoreMissingAttributes
+  } = _ref15;
+  if (!x509CertRoot) {
+    throw new IoWalletError("Missing x509CertRoot");
+  }
+  const decoded = await verifyCredentialMDoc(credential, x509CertRoot, credentialCryptoContext);
+  const credentialConfig = issuerConf.credential_configurations_supported[credentialConfigurationId];
+  const parsedCredential = parseCredentialMDoc(credentialConfig, decoded, ignoreMissingAttributes, ignoreMissingAttributes);
+  const expirationDate = extractElementValueAsDate(parsedCredential === null || parsedCredential === void 0 || (_parsedCredential$get = parsedCredential[getParsedCredentialClaimKey(MDOC_DEFAULT_NAMESPACE, "expiry_date")]) === null || _parsedCredential$get === void 0 ? void 0 : _parsedCredential$get.value);
+  if (!expirationDate) {
+    throw new IoWalletError(`expirationDate must be present!!`);
+  }
+  expirationDate.setDate(expirationDate.getDate() + 1);
+  const maybeIssuedAt = extractElementValueAsDate(parsedCredential === null || parsedCredential === void 0 || (_parsedCredential$get2 = parsedCredential[getParsedCredentialClaimKey(MDOC_DEFAULT_NAMESPACE, "issue_date")]) === null || _parsedCredential$get2 === void 0 ? void 0 : _parsedCredential$get2.value);
+  maybeIssuedAt === null || maybeIssuedAt === void 0 ? void 0 : maybeIssuedAt.setDate(maybeIssuedAt.getDate() + 1);
+  return {
+    parsedCredential,
+    credential,
+    credentialConfigurationId,
+    expiration: expirationDate,
+    issuedAt: maybeIssuedAt ?? undefined
+  };
+};
+//# sourceMappingURL=06-verify-and-parse-credential.mdoc.js.map