npm - @pagopa/io-react-native-wallet - Versions diffs - 2.5.1 → 3.0.0 - Mend

@pagopa/io-react-native-wallet 2.5.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1551) hide show

package/lib/module/credential/issuance/v1.0.0/types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["z","AuthorizationDetail","TokenResponse","CredentialResponse","object","credentials","array","credential","string","notification_id","optional","ResponseUriResultShape","redirect_uri","NonceResponse","c_nonce"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.0.0/types.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,mBAAmB,EAAEC,aAAa,QAAQ,cAAc;;AAEjE;AACA,SAASD,mBAAmB,EAAEC,aAAa;AAI3C,OAAO,MAAMC,kBAAkB,GAAGH,CAAC,CAACI,MAAM,CAAC;EACzCC,WAAW,EAAEL,CAAC,CAACM,KAAK,CAClBN,CAAC,CAACI,MAAM,CAAC;IACPG,UAAU,EAAEP,CAAC,CAACQ,MAAM,CAAC;EACvB,CAAC,CACH,CAAC;EACDC,eAAe,EAAET,CAAC,CAACQ,MAAM,CAAC,CAAC,CAACE,QAAQ,CAAC;AACvC,CAAC,CAAC;;AAEF;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,GAAGX,CAAC,CAACI,MAAM,CAAC;EAC7CQ,YAAY,EAAEZ,CAAC,CAACQ,MAAM,CAAC;AACzB,CAAC,CAAC;AAGF,OAAO,MAAMK,aAAa,GAAGb,CAAC,CAACI,MAAM,CAAC;EACpCU,OAAO,EAAEd,CAAC,CAACQ,MAAM,CAAC;AACpB,CAAC,CAAC"}

package/lib/module/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js ADDED Viewed

@@ -0,0 +1,17 @@
+import { fetchMetadata } from "@pagopa/io-wallet-oid4vci";
+import { partialCallbacks } from "../../../utils/callbacks";
+import { mapToIssuerConfig } from "./mappers";
+export const evaluateIssuerTrust = async function (issuerUrl) {
+  let context = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  const issuerMetadata = await fetchMetadata({
+    credentialIssuerUrl: issuerUrl,
+    callbacks: {
+      ...partialCallbacks,
+      fetch: context.appFetch
+    }
+  });
+  return {
+    issuerConf: mapToIssuerConfig(issuerMetadata)
+  };
+};
+//# sourceMappingURL=01-evaluate-issuer-trust.js.map

package/lib/module/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["fetchMetadata","partialCallbacks","mapToIssuerConfig","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerMetadata","credentialIssuerUrl","callbacks","fetch","appFetch","issuerConf"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/01-evaluate-issuer-trust.ts"],"mappings":"AAAA,SAASA,aAAa,QAAQ,2BAA2B;AACzD,SAASC,gBAAgB,QAAQ,0BAA0B;AAE3D,SAASC,iBAAiB,QAAQ,WAAW;AAE7C,OAAO,MAAMC,mBAAuD,GAAG,eAAAA,CACrEC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,cAAc,GAAG,MAAMT,aAAa,CAAC;IACzCU,mBAAmB,EAAEN,SAAS;IAC9BO,SAAS,EAAE;MACT,GAAGV,gBAAgB;MACnBW,KAAK,EAAEP,OAAO,CAACQ;IACjB;EACF,CAAC,CAAC;EAEF,OAAO;IAAEC,UAAU,EAAEZ,iBAAiB,CAACO,cAAc;EAAE,CAAC;AAC1D,CAAC"}

package/lib/module/credential/issuance/v1.3.3/02-start-user-authorization.js ADDED Viewed

@@ -0,0 +1,85 @@
+import { createPushedAuthorizationRequest, fetchPushedAuthorizationResponse, createClientAttestationPopJwt } from "@pagopa/io-wallet-oauth2";
+import { LogLevel, Logger } from "../../../utils/logging";
+import { SignJWT } from "@pagopa/io-react-native-jwt";
+import { partialCallbacks } from "../../../utils/callbacks";
+import { IoWalletError } from "../../../utils/errors";
+import { selectCredentialDefinition, selectResponseMode } from "../common/authorization";
+export const startUserAuthorization = async (issuerConf, credentialIds, proof, ctx) => {
+  const {
+    wiaCryptoContext,
+    walletInstanceAttestation,
+    redirectUri,
+    appFetch = fetch
+  } = ctx;
+  const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
+  if (!clientId) {
+    Logger.log(LogLevel.ERROR, `Public key associated with kid ${clientId} not found in the device`);
+    throw new IoWalletError("No public key found");
+  }
+  const responseMode = selectResponseMode(issuerConf, credentialIds);
+  const credentialDefinition = credentialIds.map(c => selectCredentialDefinition(issuerConf, c));
+  if (proof.proofType === "mrtd-pop") {
+    /**
+     * When we requests a PID using eID Substantial Authentication with MRTD Verification, we must include
+     * an additional Authorization Details Object in the authorization_details
+     *
+     * See https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/credential-issuance-endpoint.html#pushed-authorization-request-endpoint
+     */
+    credentialDefinition.push({
+      type: "it_l2+document_proof",
+      idphinting: proof.idpHinting,
+      challenge_method: "mrtd+ias",
+      challenge_redirect_uri: redirectUri
+    });
+  }
+  const signerJwk = await wiaCryptoContext.getPublicKey();
+  const signJwt = async (_, payload) => ({
+    jwt: await new SignJWT(wiaCryptoContext).setPayload(payload).sign(),
+    signerJwk
+  });
+  const parRequest = await createPushedAuthorizationRequest({
+    callbacks: {
+      ...partialCallbacks,
+      signJwt
+    },
+    authorizationServerMetadata: {
+      require_signed_request_object: true
+    },
+    clientId,
+    audience: issuerConf.credential_issuer,
+    authorization_details: credentialDefinition,
+    codeChallengeMethodsSupported: ["S256"],
+    responseMode,
+    redirectUri
+  });
+  const clientAttestationPoP = await createClientAttestationPopJwt({
+    callbacks: {
+      signJwt
+    },
+    clientAttestation: walletInstanceAttestation,
+    authorizationServer: issuerConf.authorization_endpoint,
+    signer: {
+      method: "jwk",
+      alg: "ES256",
+      publicJwk: signerJwk
+    }
+  });
+  const {
+    request_uri
+  } = await fetchPushedAuthorizationResponse({
+    callbacks: {
+      fetch: appFetch
+    },
+    pushedAuthorizationRequestEndpoint: issuerConf.pushed_authorization_request_endpoint,
+    pushedAuthorizationRequest: parRequest,
+    clientAttestationDPoP: clientAttestationPoP,
+    walletAttestation: walletInstanceAttestation
+  });
+  return {
+    issuerRequestUri: request_uri,
+    clientId,
+    codeVerifier: parRequest.pkceCodeVerifier,
+    credentialDefinition
+  };
+};
+//# sourceMappingURL=02-start-user-authorization.js.map

package/lib/module/credential/issuance/v1.3.3/02-start-user-authorization.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["createPushedAuthorizationRequest","fetchPushedAuthorizationResponse","createClientAttestationPopJwt","LogLevel","Logger","SignJWT","partialCallbacks","IoWalletError","selectCredentialDefinition","selectResponseMode","startUserAuthorization","issuerConf","credentialIds","proof","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","log","ERROR","responseMode","credentialDefinition","map","c","proofType","push","type","idphinting","idpHinting","challenge_method","challenge_redirect_uri","signerJwk","signJwt","payload","jwt","setPayload","sign","parRequest","callbacks","authorizationServerMetadata","require_signed_request_object","audience","credential_issuer","authorization_details","codeChallengeMethodsSupported","clientAttestationPoP","clientAttestation","authorizationServer","authorization_endpoint","signer","method","alg","publicJwk","request_uri","pushedAuthorizationRequestEndpoint","pushed_authorization_request_endpoint","pushedAuthorizationRequest","clientAttestationDPoP","walletAttestation","issuerRequestUri","codeVerifier","pkceCodeVerifier"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/02-start-user-authorization.ts"],"mappings":"AAAA,SACEA,gCAAgC,EAChCC,gCAAgC,EAChCC,6BAA6B,QACxB,0BAA0B;AAEjC,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AAEzD,SAASC,OAAO,QAAQ,6BAA6B;AACrD,SAASC,gBAAgB,QAAQ,0BAA0B;AAC3D,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SACEC,0BAA0B,EAC1BC,kBAAkB,QACb,yBAAyB;AAEhC,OAAO,MAAMC,sBAA6D,GACxE,MAAAA,CAAOC,UAAU,EAAEC,aAAa,EAAEC,KAAK,EAAEC,GAAG,KAAK;EAC/C,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EAEzE,IAAI,CAACJ,QAAQ,EAAE;IACbhB,MAAM,CAACqB,GAAG,CACRtB,QAAQ,CAACuB,KAAK,EACb,kCAAiCN,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAIb,aAAa,CAAC,qBAAqB,CAAC;EAChD;EAEA,MAAMoB,YAAY,GAAGlB,kBAAkB,CAACE,UAAU,EAAEC,aAAa,CAAC;EAElE,MAAMgB,oBAAoB,GAAGhB,aAAa,CAACiB,GAAG,CAAEC,CAAC,IAC/CtB,0BAA0B,CAACG,UAAU,EAAEmB,CAAC,CAC1C,CAAC;EAED,IAAIjB,KAAK,CAACkB,SAAS,KAAK,UAAU,EAAE;IAClC;AACN;AACA;AACA;AACA;AACA;IACMH,oBAAoB,CAACI,IAAI,CAAC;MACxBC,IAAI,EAAE,sBAAsB;MAC5BC,UAAU,EAAErB,KAAK,CAACsB,UAAU;MAC5BC,gBAAgB,EAAE,UAAU;MAC5BC,sBAAsB,EAAEpB;IAC1B,CAAC,CAAC;EACJ;EAEA,MAAMqB,SAAS,GAAG,MAAMvB,gBAAgB,CAACM,YAAY,CAAC,CAAC;EACvD,MAAMkB,OAAmC,GAAG,MAAAA,CAAOhB,CAAC,EAAEiB,OAAO,MAAM;IACjEC,GAAG,EAAE,MAAM,IAAIpC,OAAO,CAACU,gBAAgB,CAAC,CAAC2B,UAAU,CAACF,OAAO,CAAC,CAACG,IAAI,CAAC,CAAC;IACnEL;EACF,CAAC,CAAC;EAEF,MAAMM,UAAU,GAAG,MAAM5C,gCAAgC,CAAC;IACxD6C,SAAS,EAAE;MACT,GAAGvC,gBAAgB;MACnBiC;IACF,CAAC;IACDO,2BAA2B,EAAE;MAC3BC,6BAA6B,EAAE;IACjC,CAAC;IACD3B,QAAQ;IACR4B,QAAQ,EAAErC,UAAU,CAACsC,iBAAiB;IACtCC,qBAAqB,EAAEtB,oBAAoB;IAC3CuB,6BAA6B,EAAE,CAAC,MAAM,CAAC;IACvCxB,YAAY;IACZV;EACF,CAAC,CAAC;EAEF,MAAMmC,oBAAoB,GAAG,MAAMlD,6BAA6B,CAAC;IAC/D2C,SAAS,EAAE;MACTN;IACF,CAAC;IACDc,iBAAiB,EAAErC,yBAAyB;IAC5CsC,mBAAmB,EAAE3C,UAAU,CAAC4C,sBAAsB;IACtDC,MAAM,EAAE;MACNC,MAAM,EAAE,KAAK;MACbC,GAAG,EAAE,OAAO;MACZC,SAAS,EAAErB;IACb;EACF,CAAC,CAAC;EAEF,MAAM;IAAEsB;EAAY,CAAC,GAAG,MAAM3D,gCAAgC,CAAC;IAC7D4C,SAAS,EAAE;MACT1B,KAAK,EAAED;IACT,CAAC;IACD2C,kCAAkC,EAChClD,UAAU,CAACmD,qCAAqC;IAClDC,0BAA0B,EAAEnB,UAAU;IACtCoB,qBAAqB,EAAEZ,oBAAoB;IAC3Ca,iBAAiB,EAAEjD;EACrB,CAAC,CAAC;EAEF,OAAO;IACLkD,gBAAgB,EAAEN,WAAW;IAC7BxC,QAAQ;IACR+C,YAAY,EAAEvB,UAAU,CAACwB,gBAAgB;IACzCxC;EACF,CAAC;AACH,CAAC"}

package/lib/module/credential/issuance/v1.3.3/03-complete-user-authorization.js ADDED Viewed

@@ -0,0 +1,174 @@
+import { AuthorizationErrorShape, AuthorizationResultShape } from "../../../utils/auth";
+import parseUrl from "parse-url";
+import { fetchAuthorizationRequest, parseAuthorizeRequest } from "@pagopa/io-wallet-oid4vp";
+import { sendAuthorizationResponseAndExtractCode } from "@pagopa/io-wallet-oid4vci";
+import { parseMrtdChallenge } from "@pagopa/io-wallet-oauth2";
+import { SignJWT } from "@pagopa/io-react-native-jwt";
+import { AuthorizationError, AuthorizationIdpError } from "../common/errors";
+import { LogLevel, Logger } from "../../../utils/logging";
+import { RemotePresentation as RemotePresentationFlow } from "../../presentation/v1.3.3";
+import { partialCallbacks } from "../../../utils/callbacks";
+import { IoWalletError, sdkUnexpectedStatusCodeToIssuerError } from "../../../utils/errors";
+import { mapToRequestObject } from "./mappers";
+export const continueUserAuthorizationWithMRTDPoPChallenge = async authRedirectUrl => {
+  Logger.log(LogLevel.DEBUG, `The requested credential is a PersonIdentificationData and requires MRTD PoP, starting MRTD PoP validation from auth redirect`);
+  try {
+    const parsedChallenge = parseMrtdChallenge({
+      redirectUrl: authRedirectUrl
+    });
+    return {
+      challenge_info: parsedChallenge.challengeJwt
+    };
+  } catch (err) {
+    const errorMessage = err instanceof Error ? err.message : "MRTD challenge parsing failed";
+    Logger.log(LogLevel.ERROR, `Error while parsing the authorization response: ${errorMessage}`);
+    throw new AuthorizationError(errorMessage);
+  }
+};
+export const buildAuthorizationUrl = async (issuerRequestUri, clientId, issuerConf, idpHint) => {
+  const authzRequestEndpoint = issuerConf.authorization_endpoint;
+  const params = new URLSearchParams({
+    client_id: clientId,
+    request_uri: issuerRequestUri
+  });
+  if (idpHint) {
+    params.append("idphint", idpHint);
+  }
+  const authUrl = `${authzRequestEndpoint}?${params}`;
+  return {
+    authUrl
+  };
+};
+export const completeUserAuthorizationWithQueryMode = async authRedirectUrl => {
+  Logger.log(LogLevel.DEBUG, `The requested credential is a PersonIdentificationData, completing the user authorization with query mode`);
+  const query = parseUrl(authRedirectUrl).query;
+  return parseAuthorizationResponse(query);
+};
+export const getRequestedCredentialToBePresented = async function (issuerRequestUri, clientId, issuerConf) {
+  let appFetch = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : fetch;
+  Logger.log(LogLevel.DEBUG, `The requeste credential is not a PersonIdentificationData, requesting the credential to be presented`);
+  const authzRequestEndpoint = issuerConf.authorization_endpoint;
+  const params = new URLSearchParams({
+    client_id: clientId,
+    request_uri: issuerRequestUri
+  });
+  Logger.log(LogLevel.DEBUG, `Requesting the request object to ${authzRequestEndpoint}?${params.toString()}`);
+  const authRequest = await fetchAuthorizationRequest({
+    authorizeRequestUrl: `${authzRequestEndpoint}?${params.toString()}`,
+    callbacks: {
+      fetch: appFetch
+    }
+  }).catch(sdkUnexpectedStatusCodeToIssuerError);
+  const parsedAuthRequest = await parseAuthorizeRequest({
+    requestObjectJwt: authRequest.requestObjectJwt,
+    callbacks: partialCallbacks
+  });
+  return mapToRequestObject(parsedAuthRequest);
+};
+export const completeUserAuthorizationWithFormPostJwtMode = async (requestObject, issuerConfig, pid, _ref) => {
+  let {
+    wiaCryptoContext,
+    pidKeyTag,
+    appFetch = fetch
+  } = _ref;
+  Logger.log(LogLevel.DEBUG, `The requeste credential is not a PersonIdentificationData, completing the user authorization with form_post.jwt mode`);
+  const dcqlQueryResult = await RemotePresentationFlow.evaluateDcqlQuery(requestObject.dcql_query, [[pidKeyTag, pid]]);
+  const authRequestObject = {
+    nonce: requestObject.nonce,
+    clientId: requestObject.client_id,
+    responseUri: requestObject.response_uri
+  };
+  const remotePresentation = await RemotePresentationFlow.prepareRemotePresentations(dcqlQueryResult, authRequestObject);
+  const authzResponsePayload = await createAuthzResponsePayload({
+    state: requestObject.state,
+    remotePresentation,
+    wiaCryptoContext
+  });
+  Logger.log(LogLevel.DEBUG, `Authz response payload: ${authzResponsePayload}`);
+  const issuerSigKey = issuerConfig.keys.find(key => key.use === "sig");
+  if (!issuerSigKey) {
+    const errorMessage = "No signature key found in Issuer Metadata JWKS";
+    Logger.log(LogLevel.ERROR, errorMessage);
+    throw new IoWalletError(errorMessage);
+  }
+  return sendAuthorizationResponseAndExtractCode({
+    authorizationResponseJarm: authzResponsePayload,
+    callbacks: {
+      ...partialCallbacks,
+      fetch: appFetch
+    },
+    iss: requestObject.iss,
+    state: requestObject.state,
+    presentationResponseUri: requestObject.response_uri,
+    signer: {
+      alg: "ES256",
+      method: "jwk",
+      publicJwk: issuerSigKey
+    }
+  });
+};
+/**
+ * Parse the authorization response and return the result which contains code, state and iss.
+ * @throws {AuthorizationError} if an error occurs during the parsing process
+ * @throws {AuthorizationIdpError} if an error occurs during the parsing process and the error is related to the IDP
+ * @param authRes the authorization response to be parsed
+ * @returns the authorization result which contains code, state and iss
+ */
+export const parseAuthorizationResponse = authRes => {
+  const authResParsed = AuthorizationResultShape.safeParse(authRes);
+  if (!authResParsed.success) {
+    const authErr = AuthorizationErrorShape.safeParse(authRes);
+    if (!authErr.success) {
+      Logger.log(LogLevel.ERROR, `Error while parsing the authorization response: ${authResParsed.error.message}`);
+      throw new AuthorizationError(authResParsed.error.message); // an error occured while parsing the result and the error
+    }
+    Logger.log(LogLevel.ERROR, `Error while authorizating with the idp: ${JSON.stringify(authErr)}`);
+    throw new AuthorizationIdpError(authErr.data.error, authErr.data.error_description);
+  }
+  return authResParsed.data;
+};
+/**
+ * Creates the authorization response payload to be sent.
+ * This payload includes the state and the VP tokens for the presented credentials.
+ * The payload is encoded in Base64.
+ * @param state - The state parameter from the request object (optional).
+ * @param remotePresentation The presentations to send, each with their VP token
+ * @returns The Base64 encoded authorization response payload.
+ */
+const createAuthzResponsePayload = async _ref2 => {
+  let {
+    state,
+    remotePresentation,
+    wiaCryptoContext
+  } = _ref2;
+  const {
+    kid
+  } = await wiaCryptoContext.getPublicKey();
+  return new SignJWT(wiaCryptoContext).setProtectedHeader({
+    typ: "jwt",
+    kid
+  }).setPayload({
+    /**
+     * TODO [SIW-2264]: `state` coming from `requestObject` is marked as `optional`
+     * At the moment, it is not entirely clear whether this value can indeed be omitted
+     * and, if so, what the consequences of its absence might be.
+     */
+    ...(state ? {
+      state
+    } : {}),
+    vp_token: remotePresentation.presentations.reduce((vp_token, _ref3) => {
+      let {
+        credentialId,
+        vpToken
+      } = _ref3;
+      return {
+        ...vp_token,
+        [credentialId]: [vpToken]
+      };
+    }, {})
+  }).setIssuedAt().setExpirationTime("1h").sign();
+};
+//# sourceMappingURL=03-complete-user-authorization.js.map

package/lib/module/credential/issuance/v1.3.3/03-complete-user-authorization.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["AuthorizationErrorShape","AuthorizationResultShape","parseUrl","fetchAuthorizationRequest","parseAuthorizeRequest","sendAuthorizationResponseAndExtractCode","parseMrtdChallenge","SignJWT","AuthorizationError","AuthorizationIdpError","LogLevel","Logger","RemotePresentation","RemotePresentationFlow","partialCallbacks","IoWalletError","sdkUnexpectedStatusCodeToIssuerError","mapToRequestObject","continueUserAuthorizationWithMRTDPoPChallenge","authRedirectUrl","log","DEBUG","parsedChallenge","redirectUrl","challenge_info","challengeJwt","err","errorMessage","Error","message","ERROR","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","completeUserAuthorizationWithQueryMode","query","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","toString","authRequest","authorizeRequestUrl","callbacks","catch","parsedAuthRequest","requestObjectJwt","completeUserAuthorizationWithFormPostJwtMode","requestObject","issuerConfig","pid","_ref","wiaCryptoContext","pidKeyTag","dcqlQueryResult","evaluateDcqlQuery","dcql_query","authRequestObject","nonce","responseUri","response_uri","remotePresentation","prepareRemotePresentations","authzResponsePayload","createAuthzResponsePayload","state","issuerSigKey","keys","find","key","use","authorizationResponseJarm","iss","presentationResponseUri","signer","alg","method","publicJwk","authRes","authResParsed","safeParse","success","authErr","error","JSON","stringify","data","error_description","_ref2","kid","getPublicKey","setProtectedHeader","typ","setPayload","vp_token","presentations","reduce","_ref3","credentialId","vpToken","setIssuedAt","setExpirationTime","sign"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/03-complete-user-authorization.ts"],"mappings":"AAAA,SACEA,uBAAuB,EACvBC,wBAAwB,QAEnB,qBAAqB;AAC5B,OAAOC,QAAQ,MAAM,WAAW;AAEhC,SACEC,yBAAyB,EACzBC,qBAAqB,QAChB,0BAA0B;AACjC,SAASC,uCAAuC,QAAQ,2BAA2B;AACnF,SAASC,kBAAkB,QAAQ,0BAA0B;AAC7D,SAASC,OAAO,QAA4B,6BAA6B;AACzE,SAASC,kBAAkB,EAAEC,qBAAqB,QAAQ,kBAAkB;AAC5E,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AACzD,SAASC,kBAAkB,IAAIC,sBAAsB,QAAQ,2BAA2B;AACxF,SAASC,gBAAgB,QAAQ,0BAA0B;AAC3D,SACEC,aAAa,EACbC,oCAAoC,QAC/B,uBAAuB;AAE9B,SAASC,kBAAkB,QAAQ,WAAW;AAG9C,OAAO,MAAMC,6CAA2G,GACtH,MAAOC,eAAe,IAAK;EACzBR,MAAM,CAACS,GAAG,CACRV,QAAQ,CAACW,KAAK,EACb,+HACH,CAAC;EACD,IAAI;IACF,MAAMC,eAAe,GAAGhB,kBAAkB,CAAC;MACzCiB,WAAW,EAAEJ;IACf,CAAC,CAAC;IACF,OAAO;MAAEK,cAAc,EAAEF,eAAe,CAACG;IAAa,CAAC;EACzD,CAAC,CAAC,OAAOC,GAAG,EAAE;IACZ,MAAMC,YAAY,GAChBD,GAAG,YAAYE,KAAK,GAAGF,GAAG,CAACG,OAAO,GAAG,+BAA+B;IACtElB,MAAM,CAACS,GAAG,CACRV,QAAQ,CAACoB,KAAK,EACb,mDAAkDH,YAAa,EAClE,CAAC;IACD,MAAM,IAAInB,kBAAkB,CAACmB,YAAY,CAAC;EAC5C;AACF,CAAC;AAEH,OAAO,MAAMI,qBAA2D,GACtE,MAAAA,CAAOC,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAEC,OAAO,KAAK;EACzD,MAAMC,oBAAoB,GAAGF,UAAU,CAACG,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEP,QAAQ;IACnBQ,WAAW,EAAET;EACf,CAAC,CAAC;EAEF,IAAIG,OAAO,EAAE;IACXG,MAAM,CAACI,MAAM,CAAC,SAAS,EAAEP,OAAO,CAAC;EACnC;EAEA,MAAMQ,OAAO,GAAI,GAAEP,oBAAqB,IAAGE,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;AAEH,OAAO,MAAMC,sCAA6F,GACxG,MAAOzB,eAAe,IAAK;EACzBR,MAAM,CAACS,GAAG,CACRV,QAAQ,CAACW,KAAK,EACb,2GACH,CAAC;EACD,MAAMwB,KAAK,GAAG3C,QAAQ,CAACiB,eAAe,CAAC,CAAC0B,KAAK;EAE7C,OAAOC,0BAA0B,CAACD,KAAK,CAAC;AAC1C,CAAC;AAEH,OAAO,MAAME,mCAAuF,GAClG,eAAAA,CAAOf,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBc,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7DzC,MAAM,CAACS,GAAG,CACRV,QAAQ,CAACW,KAAK,EACb,sGACH,CAAC;EAED,MAAMe,oBAAoB,GAAGF,UAAU,CAACG,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEP,QAAQ;IACnBQ,WAAW,EAAET;EACf,CAAC,CAAC;EAEFrB,MAAM,CAACS,GAAG,CACRV,QAAQ,CAACW,KAAK,EACb,oCAAmCe,oBAAqB,IAAGE,MAAM,CAACe,QAAQ,CAAC,CAAE,EAChF,CAAC;EAED,MAAMC,WAAW,GAAG,MAAMnD,yBAAyB,CAAC;IAClDoD,mBAAmB,EAAG,GAAEnB,oBAAqB,IAAGE,MAAM,CAACe,QAAQ,CAAC,CAAE,EAAC;IACnEG,SAAS,EAAE;MACTJ,KAAK,EAAEJ;IACT;EACF,CAAC,CAAC,CAACS,KAAK,CAACzC,oCAAoC,CAAC;EAE9C,MAAM0C,iBAAiB,GAAG,MAAMtD,qBAAqB,CAAC;IACpDuD,gBAAgB,EAAEL,WAAW,CAACK,gBAAgB;IAC9CH,SAAS,EAAE1C;EACb,CAAC,CAAC;EAEF,OAAOG,kBAAkB,CAACyC,iBAAiB,CAAC;AAC9C,CAAC;AAEH,OAAO,MAAME,4CAAyG,GACpH,MAAAA,CACEC,aAAa,EACbC,YAAY,EACZC,GAAG,EAAAC,IAAA,KAEA;EAAA,IADH;IAAEC,gBAAgB;IAAEC,SAAS;IAAElB,QAAQ,GAAGI;EAAM,CAAC,GAAAY,IAAA;EAEjDrD,MAAM,CAACS,GAAG,CACRV,QAAQ,CAACW,KAAK,EACb,sHACH,CAAC;EAED,MAAM8C,eAAe,GAAG,MAAMtD,sBAAsB,CAACuD,iBAAiB,CACpEP,aAAa,CAACQ,UAAU,EACxB,CAAC,CAACH,SAAS,EAAEH,GAAG,CAAC,CACnB,CAAC;EAED,MAAMO,iBAAiB,GAAG;IACxBC,KAAK,EAAEV,aAAa,CAACU,KAAK;IAC1BtC,QAAQ,EAAE4B,aAAa,CAACrB,SAAS;IACjCgC,WAAW,EAAEX,aAAa,CAACY;EAC7B,CAAC;EAED,MAAMC,kBAAkB,GACtB,MAAM7D,sBAAsB,CAAC8D,0BAA0B,CACrDR,eAAe,EACfG,iBACF,CAAC;EAEH,MAAMM,oBAAoB,GAAG,MAAMC,0BAA0B,CAAC;IAC5DC,KAAK,EAAEjB,aAAa,CAACiB,KAAK;IAC1BJ,kBAAkB;IAClBT;EACF,CAAC,CAAC;EAEFtD,MAAM,CAACS,GAAG,CACRV,QAAQ,CAACW,KAAK,EACb,2BAA0BuD,oBAAqB,EAClD,CAAC;EAED,MAAMG,YAAY,GAAGjB,YAAY,CAACkB,IAAI,CAACC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,CAAC;EACvE,IAAI,CAACJ,YAAY,EAAE;IACjB,MAAMpD,YAAY,GAAG,gDAAgD;IACrEhB,MAAM,CAACS,GAAG,CAACV,QAAQ,CAACoB,KAAK,EAAEH,YAAY,CAAC;IACxC,MAAM,IAAIZ,aAAa,CAACY,YAAY,CAAC;EACvC;EAEA,OAAOtB,uCAAuC,CAAC;IAC7C+E,yBAAyB,EAAER,oBAAoB;IAC/CpB,SAAS,EAAE;MACT,GAAG1C,gBAAgB;MACnBsC,KAAK,EAAEJ;IACT,CAAC;IACDqC,GAAG,EAAExB,aAAa,CAACwB,GAAG;IACtBP,KAAK,EAAEjB,aAAa,CAACiB,KAAM;IAC3BQ,uBAAuB,EAAEzB,aAAa,CAACY,YAAY;IACnDc,MAAM,EAAE;MACNC,GAAG,EAAE,OAAO;MACZC,MAAM,EAAE,KAAK;MACbC,SAAS,EAAEX;IACb;EACF,CAAC,CAAC;AACJ,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMjC,0BAA0B,GACrC6C,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAG3F,wBAAwB,CAAC4F,SAAS,CAACF,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAACE,OAAO,EAAE;IAC1B,MAAMC,OAAO,GAAG/F,uBAAuB,CAAC6F,SAAS,CAACF,OAAO,CAAC;IAC1D,IAAI,CAACI,OAAO,CAACD,OAAO,EAAE;MACpBnF,MAAM,CAACS,GAAG,CACRV,QAAQ,CAACoB,KAAK,EACb,mDAAkD8D,aAAa,CAACI,KAAK,CAACnE,OAAQ,EACjF,CAAC;MACD,MAAM,IAAIrB,kBAAkB,CAACoF,aAAa,CAACI,KAAK,CAACnE,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACAlB,MAAM,CAACS,GAAG,CACRV,QAAQ,CAACoB,KAAK,EACb,2CAA0CmE,IAAI,CAACC,SAAS,CAACH,OAAO,CAAE,EACrE,CAAC;IACD,MAAM,IAAItF,qBAAqB,CAC7BsF,OAAO,CAACI,IAAI,CAACH,KAAK,EAClBD,OAAO,CAACI,IAAI,CAACC,iBACf,CAAC;EACH;EACA,OAAOR,aAAa,CAACO,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMtB,0BAA0B,GAAG,MAAAwB,KAAA,IAQZ;EAAA,IARmB;IACxCvB,KAAK;IACLJ,kBAAkB;IAClBT;EAKF,CAAC,GAAAoC,KAAA;EACC,MAAM;IAAEC;EAAI,CAAC,GAAG,MAAMrC,gBAAgB,CAACsC,YAAY,CAAC,CAAC;EAErD,OAAO,IAAIhG,OAAO,CAAC0D,gBAAgB,CAAC,CACjCuC,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVH;EACF,CAAC,CAAC,CACDI,UAAU,CAAC;IACV;AACN;AACA;AACA;AACA;IACM,IAAI5B,KAAK,GAAG;MAAEA;IAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3B6B,QAAQ,EAAEjC,kBAAkB,CAACkC,aAAa,CAACC,MAAM,CAC/C,CAACF,QAAQ,EAAAG,KAAA;MAAA,IAAE;QAAEC,YAAY;QAAEC;MAAQ,CAAC,GAAAF,KAAA;MAAA,OAAM;QACxC,GAAGH,QAAQ;QACX,CAACI,YAAY,GAAG,CAACC,OAAO;MAC1B,CAAC;IAAA,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC"}

package/lib/module/credential/issuance/v1.3.3/04-authorize-access.js ADDED Viewed

@@ -0,0 +1,66 @@
+import { SignJWT } from "@pagopa/io-react-native-jwt";
+import { createTokenDPoP, fetchTokenResponse } from "@pagopa/io-wallet-oauth2";
+import { v4 as uuidv4 } from "uuid";
+import { createPopToken } from "../../../utils/pop";
+import * as WalletInstanceAttestation from "../../../wallet-instance-attestation/v1.0.0/utils";
+import { partialCallbacks } from "../../../utils/callbacks";
+import { IoWalletError } from "../../../utils/errors";
+export const authorizeAccess = async (issuerConf, code, redirectUri, codeVerifier, context) => {
+  const {
+    appFetch = fetch,
+    walletInstanceAttestation,
+    wiaCryptoContext,
+    dPopCryptoContext
+  } = context;
+  const dPopSignerJwk = await dPopCryptoContext.getPublicKey();
+  const tokenDPoP = await createTokenDPoP({
+    callbacks: {
+      ...partialCallbacks,
+      signJwt: async (_, payload) => ({
+        jwt: await new SignJWT(wiaCryptoContext).setPayload(payload).sign(),
+        signerJwk: dPopSignerJwk
+      })
+    },
+    signer: {
+      alg: "ES256",
+      method: "jwk",
+      publicJwk: dPopSignerJwk
+    },
+    tokenRequest: {
+      method: "POST",
+      url: issuerConf.token_endpoint
+    }
+  });
+  const iss = WalletInstanceAttestation.decode(walletInstanceAttestation).payload.cnf.jwk.kid;
+  const signedWiaPoP = await createPopToken({
+    jti: uuidv4(),
+    aud: issuerConf.credential_issuer,
+    iss
+  }, wiaCryptoContext);
+  const tokenResponse = await fetchTokenResponse({
+    accessTokenEndpoint: issuerConf.token_endpoint,
+    callbacks: {
+      ...partialCallbacks,
+      fetch: appFetch
+    },
+    walletAttestation: walletInstanceAttestation,
+    dPoP: tokenDPoP.jwt,
+    clientAttestationDPoP: signedWiaPoP,
+    accessTokenRequest: {
+      code,
+      grant_type: "authorization_code",
+      code_verifier: codeVerifier,
+      redirect_uri: redirectUri
+    }
+  });
+  // `authorization_details` might be undefined if the PAR used `scope`.
+  // We currently do not support `scope` only.
+  if (!tokenResponse.authorization_details) {
+    throw new IoWalletError("Access token without authorization_details is not supported");
+  }
+  return {
+    accessToken: tokenResponse
+  };
+};
+//# sourceMappingURL=04-authorize-access.js.map

package/lib/module/credential/issuance/v1.3.3/04-authorize-access.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["SignJWT","createTokenDPoP","fetchTokenResponse","v4","uuidv4","createPopToken","WalletInstanceAttestation","partialCallbacks","IoWalletError","authorizeAccess","issuerConf","code","redirectUri","codeVerifier","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","dPopCryptoContext","dPopSignerJwk","getPublicKey","tokenDPoP","callbacks","signJwt","_","payload","jwt","setPayload","sign","signerJwk","signer","alg","method","publicJwk","tokenRequest","url","token_endpoint","iss","decode","cnf","jwk","kid","signedWiaPoP","jti","aud","credential_issuer","tokenResponse","accessTokenEndpoint","walletAttestation","dPoP","clientAttestationDPoP","accessTokenRequest","grant_type","code_verifier","redirect_uri","authorization_details","accessToken"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/04-authorize-access.ts"],"mappings":"AAAA,SAASA,OAAO,QAAQ,6BAA6B;AACrD,SAASC,eAAe,EAAEC,kBAAkB,QAAQ,0BAA0B;AAC9E,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,cAAc,QAAQ,oBAAoB;AACnD,OAAO,KAAKC,yBAAyB,MAAM,mDAAmD;AAC9F,SAASC,gBAAgB,QAAQ,0BAA0B;AAC3D,SAASC,aAAa,QAAQ,uBAAuB;AAGrD,OAAO,MAAMC,eAA+C,GAAG,MAAAA,CAC7DC,UAAU,EACVC,IAAI,EACJC,WAAW,EACXC,YAAY,EACZC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC,gBAAgB;IAChBC;EACF,CAAC,GAAGL,OAAO;EAEX,MAAMM,aAAa,GAAG,MAAMD,iBAAiB,CAACE,YAAY,CAAC,CAAC;EAC5D,MAAMC,SAAS,GAAG,MAAMrB,eAAe,CAAC;IACtCsB,SAAS,EAAE;MACT,GAAGhB,gBAAgB;MACnBiB,OAAO,EAAE,MAAAA,CAAOC,CAAC,EAAEC,OAAO,MAAM;QAC9BC,GAAG,EAAE,MAAM,IAAI3B,OAAO,CAACkB,gBAAgB,CAAC,CAACU,UAAU,CAACF,OAAO,CAAC,CAACG,IAAI,CAAC,CAAC;QACnEC,SAAS,EAAEV;MACb,CAAC;IACH,CAAC;IACDW,MAAM,EAAE;MACNC,GAAG,EAAE,OAAO;MACZC,MAAM,EAAE,KAAK;MACbC,SAAS,EAAEd;IACb,CAAC;IACDe,YAAY,EAAE;MACZF,MAAM,EAAE,MAAM;MACdG,GAAG,EAAE1B,UAAU,CAAC2B;IAClB;EACF,CAAC,CAAC;EAEF,MAAMC,GAAG,GAAGhC,yBAAyB,CAACiC,MAAM,CAACtB,yBAAyB,CAAC,CACpES,OAAO,CAACc,GAAG,CAACC,GAAG,CAACC,GAAG;EAEtB,MAAMC,YAAY,GAAG,MAAMtC,cAAc,CACvC;IACEuC,GAAG,EAAExC,MAAM,CAAC,CAAC;IACbyC,GAAG,EAAEnC,UAAU,CAACoC,iBAAiB;IACjCR;EACF,CAAC,EACDpB,gBACF,CAAC;EAED,MAAM6B,aAAa,GAAG,MAAM7C,kBAAkB,CAAC;IAC7C8C,mBAAmB,EAAEtC,UAAU,CAAC2B,cAAc;IAC9Cd,SAAS,EAAE;MACT,GAAGhB,gBAAgB;MACnBS,KAAK,EAAED;IACT,CAAC;IACDkC,iBAAiB,EAAEhC,yBAAyB;IAC5CiC,IAAI,EAAE5B,SAAS,CAACK,GAAG;IACnBwB,qBAAqB,EAAER,YAAY;IACnCS,kBAAkB,EAAE;MAClBzC,IAAI;MACJ0C,UAAU,EAAE,oBAAoB;MAChCC,aAAa,EAAEzC,YAAY;MAC3B0C,YAAY,EAAE3C;IAChB;EACF,CAAC,CAAC;;EAEF;EACA;EACA,IAAI,CAACmC,aAAa,CAACS,qBAAqB,EAAE;IACxC,MAAM,IAAIhD,aAAa,CACrB,6DACF,CAAC;EACH;EAEA,OAAO;IACLiD,WAAW,EAAEV;EACf,CAAC;AACH,CAAC"}

package/lib/module/credential/issuance/v1.3.3/05-obtain-credential.js ADDED Viewed

@@ -0,0 +1,135 @@
+import { SignJWT } from "@pagopa/io-react-native-jwt";
+import { createTokenDPoP } from "@pagopa/io-wallet-oauth2";
+import { fetchCredentialResponse, createCredentialRequest } from "@pagopa/io-wallet-oid4vci";
+import { UnexpectedStatusCodeError as SdkUnexpectedStatusCodeError } from "@pagopa/io-wallet-utils";
+import { hasStatusOrThrow } from "../../../utils/misc";
+import { IssuerResponseError, IssuerResponseErrorCodes, ResponseErrorBuilder, ValidationFailed } from "../../../utils/errors";
+import { LogLevel, Logger } from "../../../utils/logging";
+import { sdkConfigV1_3 } from "../../../utils/config";
+import { partialCallbacks } from "../../../utils/callbacks";
+import { NonceResponse } from "./types";
+export const createNonceProof = async (nonce, issuer, audience, ctx) => {
+  const jwk = await ctx.getPublicKey();
+  return new SignJWT(ctx).setPayload({
+    nonce
+  }).setProtectedHeader({
+    typ: "openid4vci-proof+jwt",
+    jwk
+  }).setAudience(audience).setIssuer(issuer).setIssuedAt().setExpirationTime("5min").sign();
+};
+export const obtainCredential = async (issuerConf, accessToken, clientId, credentialDefinition, context) => {
+  const {
+    credentialCryptoContext,
+    appFetch = fetch,
+    dPopCryptoContext
+  } = context;
+  const {
+    credential_configuration_id,
+    credential_identifier
+  } = credentialDefinition;
+  // Fetch the nonce from the Credential Issuer
+  const {
+    c_nonce
+  } = await appFetch(issuerConf.nonce_endpoint, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    }
+  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(body => NonceResponse.parse(body));
+  // Validation of accessTokenResponse.authorization_details if contain credentialDefinition
+  const containsCredentialDefinition = accessToken.authorization_details.some(c => c.credential_configuration_id === credential_configuration_id && (credential_identifier ? c.credential_identifiers.includes(credential_identifier) : true));
+  if (!containsCredentialDefinition) {
+    Logger.log(LogLevel.ERROR, `Credential definition not found in the access token response ${accessToken.authorization_details}`);
+    throw new ValidationFailed({
+      message: "The access token response does not contain the requested credential"
+    });
+  }
+  const signerJwk = await credentialCryptoContext.getPublicKey();
+  const credentialRequest = await createCredentialRequest({
+    config: sdkConfigV1_3,
+    callbacks: {
+      signJwt: async (_, payload) => ({
+        jwt: await new SignJWT(credentialCryptoContext).setPayload(payload).sign(),
+        signerJwk
+      })
+    },
+    clientId,
+    credential_identifier: credentialDefinition.credential_identifier,
+    issuerIdentifier: issuerConf.credential_issuer,
+    nonce: c_nonce,
+    keyAttestation: "",
+    // TODO
+    signer: {
+      alg: "ES256",
+      method: "jwk",
+      publicJwk: signerJwk
+    }
+  });
+  const dPopSignerJwk = await dPopCryptoContext.getPublicKey();
+  const credentialDPoP = await createTokenDPoP({
+    callbacks: {
+      ...partialCallbacks,
+      signJwt: async (_, payload) => ({
+        jwt: await new SignJWT(dPopCryptoContext).setPayload(payload).sign(),
+        signerJwk
+      })
+    },
+    signer: {
+      method: "jwk",
+      alg: "ES256",
+      publicJwk: dPopSignerJwk
+    },
+    tokenRequest: {
+      method: "POST",
+      url: issuerConf.credential_endpoint
+    },
+    accessToken: accessToken.access_token
+  });
+  // TODO: handle issuance errors
+  const credentialRes = await fetchCredentialResponse({
+    callbacks: {
+      fetch: appFetch
+    },
+    credentialEndpoint: issuerConf.credential_endpoint,
+    credentialRequest: credentialRequest,
+    accessToken: accessToken.access_token,
+    dPoP: credentialDPoP.jwt
+  }).catch(handleObtainCredentialError);
+  Logger.log(LogLevel.DEBUG, `Credential Response: ${JSON.stringify(credentialRes)}`);
+  // Extract the format corresponding to the credential_configuration_id used
+  const issuerCredentialConfig = issuerConf.credential_configurations_supported[credential_configuration_id];
+  // TODO: [SIW-2264] Handle multiple credentials
+  return {
+    credential: credentialRes.credentials.at(0).credential,
+    format: issuerCredentialConfig.format
+  };
+};
+/**
+ * Handle the credential error by mapping it to a custom exception.
+ * If the error is not an instance of {@link SdkUnexpectedStatusCodeError}, it is thrown as is.
+ * @param e - The error to be handled
+ * @throws {IssuerResponseError} with a specific code for more context
+ */
+const handleObtainCredentialError = e => {
+  Logger.log(LogLevel.ERROR, `Error occurred while obtaining credential: ${e}`);
+  if (!(e instanceof SdkUnexpectedStatusCodeError)) {
+    throw e;
+  }
+  throw new ResponseErrorBuilder(IssuerResponseError).handle(403, {
+    code: IssuerResponseErrorCodes.CredentialInvalidStatus,
+    message: "Invalid status found for the given credential"
+  }).handle(404, {
+    code: IssuerResponseErrorCodes.CredentialInvalidStatus,
+    message: "Invalid status found for the given credential"
+  }).handle("*", {
+    code: IssuerResponseErrorCodes.CredentialRequestFailed,
+    message: "Unable to obtain the requested credential"
+  }).buildFrom(e);
+};
+//# sourceMappingURL=05-obtain-credential.js.map

package/lib/module/credential/issuance/v1.3.3/05-obtain-credential.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["SignJWT","createTokenDPoP","fetchCredentialResponse","createCredentialRequest","UnexpectedStatusCodeError","SdkUnexpectedStatusCodeError","hasStatusOrThrow","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","ValidationFailed","LogLevel","Logger","sdkConfigV1_3","partialCallbacks","NonceResponse","createNonceProof","nonce","issuer","audience","ctx","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","obtainCredential","issuerConf","accessToken","clientId","credentialDefinition","context","credentialCryptoContext","appFetch","fetch","dPopCryptoContext","credential_configuration_id","credential_identifier","c_nonce","nonce_endpoint","method","headers","then","res","json","body","parse","containsCredentialDefinition","authorization_details","some","c","credential_identifiers","includes","log","ERROR","message","signerJwk","credentialRequest","config","callbacks","signJwt","_","payload","jwt","issuerIdentifier","credential_issuer","keyAttestation","signer","alg","publicJwk","dPopSignerJwk","credentialDPoP","tokenRequest","url","credential_endpoint","access_token","credentialRes","credentialEndpoint","dPoP","catch","handleObtainCredentialError","DEBUG","JSON","stringify","issuerCredentialConfig","credential_configurations_supported","credential","credentials","at","format","e","handle","code","CredentialInvalidStatus","CredentialRequestFailed","buildFrom"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/05-obtain-credential.ts"],"mappings":"AAAA,SAA6BA,OAAO,QAAQ,6BAA6B;AACzE,SAASC,eAAe,QAAQ,0BAA0B;AAC1D,SACEC,uBAAuB,EACvBC,uBAAuB,QAElB,2BAA2B;AAClC,SAASC,yBAAyB,IAAIC,4BAA4B,QAAQ,yBAAyB;AACnG,SAASC,gBAAgB,QAAQ,qBAAqB;AACtD,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,EACpBC,gBAAgB,QACX,uBAAuB;AAC9B,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AACzD,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,gBAAgB,QAAQ,0BAA0B;AAE3D,SAASC,aAAa,QAAQ,SAAS;AAEvC,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,MAAMC,GAAG,GAAG,MAAMD,GAAG,CAACE,YAAY,CAAC,CAAC;EACpC,OAAO,IAAItB,OAAO,CAACoB,GAAG,CAAC,CACpBG,UAAU,CAAC;IACVN;EACF,CAAC,CAAC,CACDO,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3BJ;EACF,CAAC,CAAC,CACDK,WAAW,CAACP,QAAQ,CAAC,CACrBQ,SAAS,CAACT,MAAM,CAAC,CACjBU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;AAED,OAAO,MAAMC,gBAAiD,GAAG,MAAAA,CAC/DC,UAAU,EACVC,WAAW,EACXC,QAAQ,EACRC,oBAAoB,EACpBC,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,QAAQ,GAAGC,KAAK;IAChBC;EACF,CAAC,GAAGJ,OAAO;EACX,MAAM;IAAEK,2BAA2B;IAAEC;EAAsB,CAAC,GAC1DP,oBAAoB;;EAEtB;EACA,MAAM;IAAEQ;EAAQ,CAAC,GAAG,MAAML,QAAQ,CAACN,UAAU,CAACY,cAAc,EAAE;IAC5DC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MAAE,cAAc,EAAE;IAAmB;EAChD,CAAC,CAAC,CACCC,IAAI,CAACzC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3ByC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,IAAI,IAAKnC,aAAa,CAACoC,KAAK,CAACD,IAAI,CAAC,CAAC;;EAE5C;EACA,MAAME,4BAA4B,GAAGnB,WAAW,CAACoB,qBAAqB,CAACC,IAAI,CACxEC,CAAC,IACAA,CAAC,CAACd,2BAA2B,KAAKA,2BAA2B,KAC5DC,qBAAqB,GAClBa,CAAC,CAACC,sBAAsB,CAACC,QAAQ,CAACf,qBAAqB,CAAC,GACxD,IAAI,CACZ,CAAC;EAED,IAAI,CAACU,4BAA4B,EAAE;IACjCxC,MAAM,CAAC8C,GAAG,CACR/C,QAAQ,CAACgD,KAAK,EACb,gEAA+D1B,WAAW,CAACoB,qBAAsB,EACpG,CAAC;IACD,MAAM,IAAI3C,gBAAgB,CAAC;MACzBkD,OAAO,EACL;IACJ,CAAC,CAAC;EACJ;EAEA,MAAMC,SAAS,GAAG,MAAMxB,uBAAuB,CAACf,YAAY,CAAC,CAAC;EAE9D,MAAMwC,iBAAiB,GAAG,MAAM3D,uBAAuB,CAAC;IACtD4D,MAAM,EAAElD,aAAuD;IAC/DmD,SAAS,EAAE;MACTC,OAAO,EAAE,MAAAA,CAAOC,CAAC,EAAEC,OAAO,MAAM;QAC9BC,GAAG,EAAE,MAAM,IAAIpE,OAAO,CAACqC,uBAAuB,CAAC,CAC5Cd,UAAU,CAAC4C,OAAO,CAAC,CACnBrC,IAAI,CAAC,CAAC;QACT+B;MACF,CAAC;IACH,CAAC;IACD3B,QAAQ;IACRQ,qBAAqB,EAAEP,oBAAoB,CAACO,qBAAsB;IAClE2B,gBAAgB,EAAErC,UAAU,CAACsC,iBAAiB;IAC9CrD,KAAK,EAAE0B,OAAO;IACd4B,cAAc,EAAE,EAAE;IAAE;IACpBC,MAAM,EAAE;MACNC,GAAG,EAAE,OAAO;MACZ5B,MAAM,EAAE,KAAK;MACb6B,SAAS,EAAEb;IACb;EACF,CAAC,CAAC;EAEF,MAAMc,aAAa,GAAG,MAAMnC,iBAAiB,CAAClB,YAAY,CAAC,CAAC;EAE5D,MAAMsD,cAAc,GAAG,MAAM3E,eAAe,CAAC;IAC3C+D,SAAS,EAAE;MACT,GAAGlD,gBAAgB;MACnBmD,OAAO,EAAE,MAAAA,CAAOC,CAAC,EAAEC,OAAO,MAAM;QAC9BC,GAAG,EAAE,MAAM,IAAIpE,OAAO,CAACwC,iBAAiB,CAAC,CAACjB,UAAU,CAAC4C,OAAO,CAAC,CAACrC,IAAI,CAAC,CAAC;QACpE+B;MACF,CAAC;IACH,CAAC;IACDW,MAAM,EAAE;MACN3B,MAAM,EAAE,KAAK;MACb4B,GAAG,EAAE,OAAO;MACZC,SAAS,EAAEC;IACb,CAAC;IACDE,YAAY,EAAE;MACZhC,MAAM,EAAE,MAAM;MACdiC,GAAG,EAAE9C,UAAU,CAAC+C;IAClB,CAAC;IACD9C,WAAW,EAAEA,WAAW,CAAC+C;EAC3B,CAAC,CAAC;;EAEF;EACA,MAAMC,aAAa,GAAG,MAAM/E,uBAAuB,CAAC;IAClD8D,SAAS,EAAE;MACTzB,KAAK,EAAED;IACT,CAAC;IACD4C,kBAAkB,EAAElD,UAAU,CAAC+C,mBAAmB;IAClDjB,iBAAiB,EAAEA,iBAAiB;IACpC7B,WAAW,EAAEA,WAAW,CAAC+C,YAAY;IACrCG,IAAI,EAAEP,cAAc,CAACR;EACvB,CAAC,CAAC,CAACgB,KAAK,CAACC,2BAA2B,CAAC;EAErCzE,MAAM,CAAC8C,GAAG,CACR/C,QAAQ,CAAC2E,KAAK,EACb,wBAAuBC,IAAI,CAACC,SAAS,CAACP,aAAa,CAAE,EACxD,CAAC;;EAED;EACA,MAAMQ,sBAAsB,GAC1BzD,UAAU,CAAC0D,mCAAmC,CAACjD,2BAA2B,CAAC;;EAE7E;EACA,OAAO;IACLkD,UAAU,EAAEV,aAAa,CAACW,WAAW,CAAEC,EAAE,CAAC,CAAC,CAAC,CAAEF,UAAU;IACxDG,MAAM,EAAEL,sBAAsB,CAAEK;EAClC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMT,2BAA2B,GAAIU,CAAU,IAAK;EAClDnF,MAAM,CAAC8C,GAAG,CAAC/C,QAAQ,CAACgD,KAAK,EAAG,8CAA6CoC,CAAE,EAAC,CAAC;EAE7E,IAAI,EAAEA,CAAC,YAAY1F,4BAA4B,CAAC,EAAE;IAChD,MAAM0F,CAAC;EACT;EAEA,MAAM,IAAItF,oBAAoB,CAACF,mBAAmB,CAAC,CAChDyF,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEzF,wBAAwB,CAAC0F,uBAAuB;IACtDtC,OAAO,EAAE;EACX,CAAC,CAAC,CACDoC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEzF,wBAAwB,CAAC0F,uBAAuB;IACtDtC,OAAO,EAAE;EACX,CAAC,CAAC,CACDoC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEzF,wBAAwB,CAAC2F,uBAAuB;IACtDvC,OAAO,EAAE;EACX,CAAC,CAAC,CACDwC,SAAS,CAACL,CAAC,CAAC;AACjB,CAAC"}

package/lib/module/credential/issuance/v1.3.3/06-verify-and-parse-credential.js ADDED Viewed

@@ -0,0 +1,27 @@
+import { IoWalletError } from "../../../utils/errors";
+import { Logger, LogLevel } from "../../../utils/logging";
+import { verifyAndParseCredentialMDoc } from "../common/06-verify-and-parse-credential.mdoc";
+import { verifyAndParseCredentialSdJwt } from "../common/06-verify-and-parse-credential.sdjwt";
+export const verifyAndParseCredential = async (issuerConf, credential, credentialConfigurationId, context, x509CertRoot) => {
+  var _issuerConf$credentia;
+  const format = (_issuerConf$credentia = issuerConf.credential_configurations_supported[credentialConfigurationId]) === null || _issuerConf$credentia === void 0 ? void 0 : _issuerConf$credentia.format;
+  switch (format) {
+    case "dc+sd-jwt":
+      {
+        Logger.log(LogLevel.DEBUG, "Parsing credential in dc+sd-jwt format");
+        return verifyAndParseCredentialSdJwt(issuerConf, credential, credentialConfigurationId, context);
+      }
+    case "mso_mdoc":
+      {
+        Logger.log(LogLevel.DEBUG, "Parsing credential in mso_mdoc format");
+        return verifyAndParseCredentialMDoc(issuerConf, credential, credentialConfigurationId, context, x509CertRoot);
+      }
+    default:
+      {
+        const message = `Unsupported credential format: ${format}`;
+        Logger.log(LogLevel.ERROR, message);
+        throw new IoWalletError(message);
+      }
+  }
+};
+//# sourceMappingURL=06-verify-and-parse-credential.js.map

package/lib/module/credential/issuance/v1.3.3/06-verify-and-parse-credential.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["IoWalletError","Logger","LogLevel","verifyAndParseCredentialMDoc","verifyAndParseCredentialSdJwt","verifyAndParseCredential","issuerConf","credential","credentialConfigurationId","context","x509CertRoot","_issuerConf$credentia","format","credential_configurations_supported","log","DEBUG","message","ERROR"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/06-verify-and-parse-credential.ts"],"mappings":"AAAA,SAASA,aAAa,QAAQ,uBAAuB;AACrD,SAASC,MAAM,EAAEC,QAAQ,QAAQ,wBAAwB;AAEzD,SAASC,4BAA4B,QAAQ,+CAA+C;AAC5F,SAASC,6BAA6B,QAAQ,gDAAgD;AAE9F,OAAO,MAAMC,wBAAiE,GAC5E,MAAAA,CACEC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzBC,OAAO,EACPC,YAAY,KACT;EAAA,IAAAC,qBAAA;EACH,MAAMC,MAAM,IAAAD,qBAAA,GACVL,UAAU,CAACO,mCAAmC,CAACL,yBAAyB,CAAC,cAAAG,qBAAA,uBAAzEA,qBAAA,CACIC,MAAM;EAEZ,QAAQA,MAAM;IACZ,KAAK,WAAW;MAAE;QAChBX,MAAM,CAACa,GAAG,CAACZ,QAAQ,CAACa,KAAK,EAAE,wCAAwC,CAAC;QACpE,OAAOX,6BAA6B,CAClCE,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzBC,OACF,CAAC;MACH;IACA,KAAK,UAAU;MAAE;QACfR,MAAM,CAACa,GAAG,CAACZ,QAAQ,CAACa,KAAK,EAAE,uCAAuC,CAAC;QACnE,OAAOZ,4BAA4B,CACjCG,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzBC,OAAO,EACPC,YACF,CAAC;MACH;IAEA;MAAS;QACP,MAAMM,OAAO,GAAI,kCAAiCJ,MAAO,EAAC;QAC1DX,MAAM,CAACa,GAAG,CAACZ,QAAQ,CAACe,KAAK,EAAED,OAAO,CAAC;QACnC,MAAM,IAAIhB,aAAa,CAACgB,OAAO,CAAC;MAClC;EACF;AACF,CAAC"}

package/lib/module/credential/issuance/v1.3.3/index.js ADDED Viewed

@@ -0,0 +1,21 @@
+import { evaluateIssuerTrust } from "./01-evaluate-issuer-trust";
+import { startUserAuthorization } from "./02-start-user-authorization";
+import { continueUserAuthorizationWithMRTDPoPChallenge, completeUserAuthorizationWithQueryMode, completeUserAuthorizationWithFormPostJwtMode, buildAuthorizationUrl, getRequestedCredentialToBePresented } from "./03-complete-user-authorization";
+import { authorizeAccess } from "./04-authorize-access";
+import { obtainCredential } from "./05-obtain-credential";
+import { verifyAndParseCredential } from "./06-verify-and-parse-credential";
+import { MRTDPoP } from "../mrtd-pop";
+export const Issuance = {
+  evaluateIssuerTrust,
+  startUserAuthorization,
+  buildAuthorizationUrl,
+  completeUserAuthorizationWithQueryMode,
+  continueUserAuthorizationWithMRTDPoPChallenge,
+  getRequestedCredentialToBePresented,
+  completeUserAuthorizationWithFormPostJwtMode,
+  authorizeAccess,
+  obtainCredential,
+  verifyAndParseCredential,
+  MRTDPoP
+};
+//# sourceMappingURL=index.js.map

package/lib/module/credential/issuance/v1.3.3/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["evaluateIssuerTrust","startUserAuthorization","continueUserAuthorizationWithMRTDPoPChallenge","completeUserAuthorizationWithQueryMode","completeUserAuthorizationWithFormPostJwtMode","buildAuthorizationUrl","getRequestedCredentialToBePresented","authorizeAccess","obtainCredential","verifyAndParseCredential","MRTDPoP","Issuance"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/index.ts"],"mappings":"AACA,SAASA,mBAAmB,QAAQ,4BAA4B;AAChE,SAASC,sBAAsB,QAAQ,+BAA+B;AACtE,SACEC,6CAA6C,EAC7CC,sCAAsC,EACtCC,4CAA4C,EAC5CC,qBAAqB,EACrBC,mCAAmC,QAC9B,kCAAkC;AACzC,SAASC,eAAe,QAAQ,uBAAuB;AACvD,SAASC,gBAAgB,QAAQ,wBAAwB;AACzD,SAASC,wBAAwB,QAAQ,kCAAkC;AAC3E,SAASC,OAAO,QAAQ,aAAa;AAErC,OAAO,MAAMC,QAAqB,GAAG;EACnCX,mBAAmB;EACnBC,sBAAsB;EACtBI,qBAAqB;EACrBF,sCAAsC;EACtCD,6CAA6C;EAC7CI,mCAAmC;EACnCF,4CAA4C;EAC5CG,eAAe;EACfC,gBAAgB;EAChBC,wBAAwB;EACxBC;AACF,CAAC"}