@pagopa/io-react-native-wallet 2.5.1 → 3.0.0

package/lib/commonjs/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js

@@ -0,0 +1,24 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.evaluateIssuerTrust = void 0;
+var _ioWalletOid4vci = require("@pagopa/io-wallet-oid4vci");
+var _callbacks = require("../../../utils/callbacks");
+var _mappers = require("./mappers");
+const evaluateIssuerTrust = async function (issuerUrl) {
+  let context = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  const issuerMetadata = await (0, _ioWalletOid4vci.fetchMetadata)({
+    credentialIssuerUrl: issuerUrl,
+    callbacks: {
+      ..._callbacks.partialCallbacks,
+      fetch: context.appFetch
+    }
+  });
+  return {
+    issuerConf: (0, _mappers.mapToIssuerConfig)(issuerMetadata)
+  };
+};
+exports.evaluateIssuerTrust = evaluateIssuerTrust;
+//# sourceMappingURL=01-evaluate-issuer-trust.js.map

package/lib/commonjs/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_ioWalletOid4vci","require","_callbacks","_mappers","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerMetadata","fetchMetadata","credentialIssuerUrl","callbacks","partialCallbacks","fetch","appFetch","issuerConf","mapToIssuerConfig","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/01-evaluate-issuer-trust.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,QAAA,GAAAF,OAAA;AAEO,MAAMG,mBAAuD,GAAG,eAAAA,CACrEC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,cAAc,GAAG,MAAM,IAAAC,8BAAa,EAAC;IACzCC,mBAAmB,EAAEP,SAAS;IAC9BQ,SAAS,EAAE;MACT,GAAGC,2BAAgB;MACnBC,KAAK,EAAET,OAAO,CAACU;IACjB;EACF,CAAC,CAAC;EAEF,OAAO;IAAEC,UAAU,EAAE,IAAAC,0BAAiB,EAACR,cAAc;EAAE,CAAC;AAC1D,CAAC;AAACS,OAAA,CAAAf,mBAAA,GAAAA,mBAAA"}

package/lib/commonjs/credential/issuance/v1.3.3/02-start-user-authorization.js

@@ -0,0 +1,92 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.startUserAuthorization = void 0;
+var _ioWalletOauth = require("@pagopa/io-wallet-oauth2");
+var _logging = require("../../../utils/logging");
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _callbacks = require("../../../utils/callbacks");
+var _errors = require("../../../utils/errors");
+var _authorization = require("../common/authorization");
+const startUserAuthorization = async (issuerConf, credentialIds, proof, ctx) => {
+  const {
+    wiaCryptoContext,
+    walletInstanceAttestation,
+    redirectUri,
+    appFetch = fetch
+  } = ctx;
+  const clientId = await wiaCryptoContext.getPublicKey().then(_ => _.kid);
+  if (!clientId) {
+    _logging.Logger.log(_logging.LogLevel.ERROR, `Public key associated with kid ${clientId} not found in the device`);
+    throw new _errors.IoWalletError("No public key found");
+  }
+  const responseMode = (0, _authorization.selectResponseMode)(issuerConf, credentialIds);
+  const credentialDefinition = credentialIds.map(c => (0, _authorization.selectCredentialDefinition)(issuerConf, c));
+  if (proof.proofType === "mrtd-pop") {
+    /**
+     * When we requests a PID using eID Substantial Authentication with MRTD Verification, we must include
+     * an additional Authorization Details Object in the authorization_details
+     *
+     * See https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/credential-issuance-endpoint.html#pushed-authorization-request-endpoint
+     */
+    credentialDefinition.push({
+      type: "it_l2+document_proof",
+      idphinting: proof.idpHinting,
+      challenge_method: "mrtd+ias",
+      challenge_redirect_uri: redirectUri
+    });
+  }
+  const signerJwk = await wiaCryptoContext.getPublicKey();
+  const signJwt = async (_, payload) => ({
+    jwt: await new _ioReactNativeJwt.SignJWT(wiaCryptoContext).setPayload(payload).sign(),
+    signerJwk
+  });
+  const parRequest = await (0, _ioWalletOauth.createPushedAuthorizationRequest)({
+    callbacks: {
+      ..._callbacks.partialCallbacks,
+      signJwt
+    },
+    authorizationServerMetadata: {
+      require_signed_request_object: true
+    },
+    clientId,
+    audience: issuerConf.credential_issuer,
+    authorization_details: credentialDefinition,
+    codeChallengeMethodsSupported: ["S256"],
+    responseMode,
+    redirectUri
+  });
+  const clientAttestationPoP = await (0, _ioWalletOauth.createClientAttestationPopJwt)({
+    callbacks: {
+      signJwt
+    },
+    clientAttestation: walletInstanceAttestation,
+    authorizationServer: issuerConf.authorization_endpoint,
+    signer: {
+      method: "jwk",
+      alg: "ES256",
+      publicJwk: signerJwk
+    }
+  });
+  const {
+    request_uri
+  } = await (0, _ioWalletOauth.fetchPushedAuthorizationResponse)({
+    callbacks: {
+      fetch: appFetch
+    },
+    pushedAuthorizationRequestEndpoint: issuerConf.pushed_authorization_request_endpoint,
+    pushedAuthorizationRequest: parRequest,
+    clientAttestationDPoP: clientAttestationPoP,
+    walletAttestation: walletInstanceAttestation
+  });
+  return {
+    issuerRequestUri: request_uri,
+    clientId,
+    codeVerifier: parRequest.pkceCodeVerifier,
+    credentialDefinition
+  };
+};
+exports.startUserAuthorization = startUserAuthorization;
+//# sourceMappingURL=02-start-user-authorization.js.map

package/lib/commonjs/credential/issuance/v1.3.3/02-start-user-authorization.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_ioWalletOauth","require","_logging","_ioReactNativeJwt","_callbacks","_errors","_authorization","startUserAuthorization","issuerConf","credentialIds","proof","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","Logger","log","LogLevel","ERROR","IoWalletError","responseMode","selectResponseMode","credentialDefinition","map","c","selectCredentialDefinition","proofType","push","type","idphinting","idpHinting","challenge_method","challenge_redirect_uri","signerJwk","signJwt","payload","jwt","SignJWT","setPayload","sign","parRequest","createPushedAuthorizationRequest","callbacks","partialCallbacks","authorizationServerMetadata","require_signed_request_object","audience","credential_issuer","authorization_details","codeChallengeMethodsSupported","clientAttestationPoP","createClientAttestationPopJwt","clientAttestation","authorizationServer","authorization_endpoint","signer","method","alg","publicJwk","request_uri","fetchPushedAuthorizationResponse","pushedAuthorizationRequestEndpoint","pushed_authorization_request_endpoint","pushedAuthorizationRequest","clientAttestationDPoP","walletAttestation","issuerRequestUri","codeVerifier","pkceCodeVerifier","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/02-start-user-authorization.ts"],"mappings":";;;;;;AAAA,IAAAA,cAAA,GAAAC,OAAA;AAMA,IAAAC,QAAA,GAAAD,OAAA;AAEA,IAAAE,iBAAA,GAAAF,OAAA;AACA,IAAAG,UAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,cAAA,GAAAL,OAAA;AAKO,MAAMM,sBAA6D,GACxE,MAAAA,CAAOC,UAAU,EAAEC,aAAa,EAAEC,KAAK,EAAEC,GAAG,KAAK;EAC/C,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EAEzE,IAAI,CAACJ,QAAQ,EAAE;IACbK,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,kCAAiCR,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAIS,qBAAa,CAAC,qBAAqB,CAAC;EAChD;EAEA,MAAMC,YAAY,GAAG,IAAAC,iCAAkB,EAACpB,UAAU,EAAEC,aAAa,CAAC;EAElE,MAAMoB,oBAAoB,GAAGpB,aAAa,CAACqB,GAAG,CAAEC,CAAC,IAC/C,IAAAC,yCAA0B,EAACxB,UAAU,EAAEuB,CAAC,CAC1C,CAAC;EAED,IAAIrB,KAAK,CAACuB,SAAS,KAAK,UAAU,EAAE;IAClC;AACN;AACA;AACA;AACA;AACA;IACMJ,oBAAoB,CAACK,IAAI,CAAC;MACxBC,IAAI,EAAE,sBAAsB;MAC5BC,UAAU,EAAE1B,KAAK,CAAC2B,UAAU;MAC5BC,gBAAgB,EAAE,UAAU;MAC5BC,sBAAsB,EAAEzB;IAC1B,CAAC,CAAC;EACJ;EAEA,MAAM0B,SAAS,GAAG,MAAM5B,gBAAgB,CAACM,YAAY,CAAC,CAAC;EACvD,MAAMuB,OAAmC,GAAG,MAAAA,CAAOrB,CAAC,EAAEsB,OAAO,MAAM;IACjEC,GAAG,EAAE,MAAM,IAAIC,yBAAO,CAAChC,gBAAgB,CAAC,CAACiC,UAAU,CAACH,OAAO,CAAC,CAACI,IAAI,CAAC,CAAC;IACnEN;EACF,CAAC,CAAC;EAEF,MAAMO,UAAU,GAAG,MAAM,IAAAC,+CAAgC,EAAC;IACxDC,SAAS,EAAE;MACT,GAAGC,2BAAgB;MACnBT;IACF,CAAC;IACDU,2BAA2B,EAAE;MAC3BC,6BAA6B,EAAE;IACjC,CAAC;IACDnC,QAAQ;IACRoC,QAAQ,EAAE7C,UAAU,CAAC8C,iBAAiB;IACtCC,qBAAqB,EAAE1B,oBAAoB;IAC3C2B,6BAA6B,EAAE,CAAC,MAAM,CAAC;IACvC7B,YAAY;IACZb;EACF,CAAC,CAAC;EAEF,MAAM2C,oBAAoB,GAAG,MAAM,IAAAC,4CAA6B,EAAC;IAC/DT,SAAS,EAAE;MACTR;IACF,CAAC;IACDkB,iBAAiB,EAAE9C,yBAAyB;IAC5C+C,mBAAmB,EAAEpD,UAAU,CAACqD,sBAAsB;IACtDC,MAAM,EAAE;MACNC,MAAM,EAAE,KAAK;MACbC,GAAG,EAAE,OAAO;MACZC,SAAS,EAAEzB;IACb;EACF,CAAC,CAAC;EAEF,MAAM;IAAE0B;EAAY,CAAC,GAAG,MAAM,IAAAC,+CAAgC,EAAC;IAC7DlB,SAAS,EAAE;MACTjC,KAAK,EAAED;IACT,CAAC;IACDqD,kCAAkC,EAChC5D,UAAU,CAAC6D,qCAAqC;IAClDC,0BAA0B,EAAEvB,UAAU;IACtCwB,qBAAqB,EAAEd,oBAAoB;IAC3Ce,iBAAiB,EAAE3D;EACrB,CAAC,CAAC;EAEF,OAAO;IACL4D,gBAAgB,EAAEP,WAAW;IAC7BjD,QAAQ;IACRyD,YAAY,EAAE3B,UAAU,CAAC4B,gBAAgB;IACzC9C;EACF,CAAC;AACH,CAAC;AAAC+C,OAAA,CAAArE,sBAAA,GAAAA,sBAAA"}

package/lib/commonjs/credential/issuance/v1.3.3/03-complete-user-authorization.js

@@ -0,0 +1,187 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.parseAuthorizationResponse = exports.getRequestedCredentialToBePresented = exports.continueUserAuthorizationWithMRTDPoPChallenge = exports.completeUserAuthorizationWithQueryMode = exports.completeUserAuthorizationWithFormPostJwtMode = exports.buildAuthorizationUrl = void 0;
+var _auth = require("../../../utils/auth");
+var _parseUrl = _interopRequireDefault(require("parse-url"));
+var _ioWalletOid4vp = require("@pagopa/io-wallet-oid4vp");
+var _ioWalletOid4vci = require("@pagopa/io-wallet-oid4vci");
+var _ioWalletOauth = require("@pagopa/io-wallet-oauth2");
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _errors = require("../common/errors");
+var _logging = require("../../../utils/logging");
+var _v = require("../../presentation/v1.3.3");
+var _callbacks = require("../../../utils/callbacks");
+var _errors2 = require("../../../utils/errors");
+var _mappers = require("./mappers");
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+const continueUserAuthorizationWithMRTDPoPChallenge = async authRedirectUrl => {
+  _logging.Logger.log(_logging.LogLevel.DEBUG, `The requested credential is a PersonIdentificationData and requires MRTD PoP, starting MRTD PoP validation from auth redirect`);
+  try {
+    const parsedChallenge = (0, _ioWalletOauth.parseMrtdChallenge)({
+      redirectUrl: authRedirectUrl
+    });
+    return {
+      challenge_info: parsedChallenge.challengeJwt
+    };
+  } catch (err) {
+    const errorMessage = err instanceof Error ? err.message : "MRTD challenge parsing failed";
+    _logging.Logger.log(_logging.LogLevel.ERROR, `Error while parsing the authorization response: ${errorMessage}`);
+    throw new _errors.AuthorizationError(errorMessage);
+  }
+};
+exports.continueUserAuthorizationWithMRTDPoPChallenge = continueUserAuthorizationWithMRTDPoPChallenge;
+const buildAuthorizationUrl = async (issuerRequestUri, clientId, issuerConf, idpHint) => {
+  const authzRequestEndpoint = issuerConf.authorization_endpoint;
+  const params = new URLSearchParams({
+    client_id: clientId,
+    request_uri: issuerRequestUri
+  });
+  if (idpHint) {
+    params.append("idphint", idpHint);
+  }
+  const authUrl = `${authzRequestEndpoint}?${params}`;
+  return {
+    authUrl
+  };
+};
+exports.buildAuthorizationUrl = buildAuthorizationUrl;
+const completeUserAuthorizationWithQueryMode = async authRedirectUrl => {
+  _logging.Logger.log(_logging.LogLevel.DEBUG, `The requested credential is a PersonIdentificationData, completing the user authorization with query mode`);
+  const query = (0, _parseUrl.default)(authRedirectUrl).query;
+  return parseAuthorizationResponse(query);
+};
+exports.completeUserAuthorizationWithQueryMode = completeUserAuthorizationWithQueryMode;
+const getRequestedCredentialToBePresented = async function (issuerRequestUri, clientId, issuerConf) {
+  let appFetch = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : fetch;
+  _logging.Logger.log(_logging.LogLevel.DEBUG, `The requeste credential is not a PersonIdentificationData, requesting the credential to be presented`);
+  const authzRequestEndpoint = issuerConf.authorization_endpoint;
+  const params = new URLSearchParams({
+    client_id: clientId,
+    request_uri: issuerRequestUri
+  });
+  _logging.Logger.log(_logging.LogLevel.DEBUG, `Requesting the request object to ${authzRequestEndpoint}?${params.toString()}`);
+  const authRequest = await (0, _ioWalletOid4vp.fetchAuthorizationRequest)({
+    authorizeRequestUrl: `${authzRequestEndpoint}?${params.toString()}`,
+    callbacks: {
+      fetch: appFetch
+    }
+  }).catch(_errors2.sdkUnexpectedStatusCodeToIssuerError);
+  const parsedAuthRequest = await (0, _ioWalletOid4vp.parseAuthorizeRequest)({
+    requestObjectJwt: authRequest.requestObjectJwt,
+    callbacks: _callbacks.partialCallbacks
+  });
+  return (0, _mappers.mapToRequestObject)(parsedAuthRequest);
+};
+exports.getRequestedCredentialToBePresented = getRequestedCredentialToBePresented;
+const completeUserAuthorizationWithFormPostJwtMode = async (requestObject, issuerConfig, pid, _ref) => {
+  let {
+    wiaCryptoContext,
+    pidKeyTag,
+    appFetch = fetch
+  } = _ref;
+  _logging.Logger.log(_logging.LogLevel.DEBUG, `The requeste credential is not a PersonIdentificationData, completing the user authorization with form_post.jwt mode`);
+  const dcqlQueryResult = await _v.RemotePresentation.evaluateDcqlQuery(requestObject.dcql_query, [[pidKeyTag, pid]]);
+  const authRequestObject = {
+    nonce: requestObject.nonce,
+    clientId: requestObject.client_id,
+    responseUri: requestObject.response_uri
+  };
+  const remotePresentation = await _v.RemotePresentation.prepareRemotePresentations(dcqlQueryResult, authRequestObject);
+  const authzResponsePayload = await createAuthzResponsePayload({
+    state: requestObject.state,
+    remotePresentation,
+    wiaCryptoContext
+  });
+  _logging.Logger.log(_logging.LogLevel.DEBUG, `Authz response payload: ${authzResponsePayload}`);
+  const issuerSigKey = issuerConfig.keys.find(key => key.use === "sig");
+  if (!issuerSigKey) {
+    const errorMessage = "No signature key found in Issuer Metadata JWKS";
+    _logging.Logger.log(_logging.LogLevel.ERROR, errorMessage);
+    throw new _errors2.IoWalletError(errorMessage);
+  }
+  return (0, _ioWalletOid4vci.sendAuthorizationResponseAndExtractCode)({
+    authorizationResponseJarm: authzResponsePayload,
+    callbacks: {
+      ..._callbacks.partialCallbacks,
+      fetch: appFetch
+    },
+    iss: requestObject.iss,
+    state: requestObject.state,
+    presentationResponseUri: requestObject.response_uri,
+    signer: {
+      alg: "ES256",
+      method: "jwk",
+      publicJwk: issuerSigKey
+    }
+  });
+};
+
+/**
+ * Parse the authorization response and return the result which contains code, state and iss.
+ * @throws {AuthorizationError} if an error occurs during the parsing process
+ * @throws {AuthorizationIdpError} if an error occurs during the parsing process and the error is related to the IDP
+ * @param authRes the authorization response to be parsed
+ * @returns the authorization result which contains code, state and iss
+ */
+exports.completeUserAuthorizationWithFormPostJwtMode = completeUserAuthorizationWithFormPostJwtMode;
+const parseAuthorizationResponse = authRes => {
+  const authResParsed = _auth.AuthorizationResultShape.safeParse(authRes);
+  if (!authResParsed.success) {
+    const authErr = _auth.AuthorizationErrorShape.safeParse(authRes);
+    if (!authErr.success) {
+      _logging.Logger.log(_logging.LogLevel.ERROR, `Error while parsing the authorization response: ${authResParsed.error.message}`);
+      throw new _errors.AuthorizationError(authResParsed.error.message); // an error occured while parsing the result and the error
+    }
+
+    _logging.Logger.log(_logging.LogLevel.ERROR, `Error while authorizating with the idp: ${JSON.stringify(authErr)}`);
+    throw new _errors.AuthorizationIdpError(authErr.data.error, authErr.data.error_description);
+  }
+  return authResParsed.data;
+};
+
+/**
+ * Creates the authorization response payload to be sent.
+ * This payload includes the state and the VP tokens for the presented credentials.
+ * The payload is encoded in Base64.
+ * @param state - The state parameter from the request object (optional).
+ * @param remotePresentation The presentations to send, each with their VP token
+ * @returns The Base64 encoded authorization response payload.
+ */
+exports.parseAuthorizationResponse = parseAuthorizationResponse;
+const createAuthzResponsePayload = async _ref2 => {
+  let {
+    state,
+    remotePresentation,
+    wiaCryptoContext
+  } = _ref2;
+  const {
+    kid
+  } = await wiaCryptoContext.getPublicKey();
+  return new _ioReactNativeJwt.SignJWT(wiaCryptoContext).setProtectedHeader({
+    typ: "jwt",
+    kid
+  }).setPayload({
+    /**
+     * TODO [SIW-2264]: `state` coming from `requestObject` is marked as `optional`
+     * At the moment, it is not entirely clear whether this value can indeed be omitted
+     * and, if so, what the consequences of its absence might be.
+     */
+    ...(state ? {
+      state
+    } : {}),
+    vp_token: remotePresentation.presentations.reduce((vp_token, _ref3) => {
+      let {
+        credentialId,
+        vpToken
+      } = _ref3;
+      return {
+        ...vp_token,
+        [credentialId]: [vpToken]
+      };
+    }, {})
+  }).setIssuedAt().setExpirationTime("1h").sign();
+};
+//# sourceMappingURL=03-complete-user-authorization.js.map

package/lib/commonjs/credential/issuance/v1.3.3/03-complete-user-authorization.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_auth","require","_parseUrl","_interopRequireDefault","_ioWalletOid4vp","_ioWalletOid4vci","_ioWalletOauth","_ioReactNativeJwt","_errors","_logging","_v","_callbacks","_errors2","_mappers","obj","__esModule","default","continueUserAuthorizationWithMRTDPoPChallenge","authRedirectUrl","Logger","log","LogLevel","DEBUG","parsedChallenge","parseMrtdChallenge","redirectUrl","challenge_info","challengeJwt","err","errorMessage","Error","message","ERROR","AuthorizationError","exports","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","completeUserAuthorizationWithQueryMode","query","parseUrl","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","toString","authRequest","fetchAuthorizationRequest","authorizeRequestUrl","callbacks","catch","sdkUnexpectedStatusCodeToIssuerError","parsedAuthRequest","parseAuthorizeRequest","requestObjectJwt","partialCallbacks","mapToRequestObject","completeUserAuthorizationWithFormPostJwtMode","requestObject","issuerConfig","pid","_ref","wiaCryptoContext","pidKeyTag","dcqlQueryResult","RemotePresentationFlow","evaluateDcqlQuery","dcql_query","authRequestObject","nonce","responseUri","response_uri","remotePresentation","prepareRemotePresentations","authzResponsePayload","createAuthzResponsePayload","state","issuerSigKey","keys","find","key","use","IoWalletError","sendAuthorizationResponseAndExtractCode","authorizationResponseJarm","iss","presentationResponseUri","signer","alg","method","publicJwk","authRes","authResParsed","AuthorizationResultShape","safeParse","success","authErr","AuthorizationErrorShape","error","JSON","stringify","AuthorizationIdpError","data","error_description","_ref2","kid","getPublicKey","SignJWT","setProtectedHeader","typ","setPayload","vp_token","presentations","reduce","_ref3","credentialId","vpToken","setIssuedAt","setExpirationTime","sign"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/03-complete-user-authorization.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAKA,IAAAC,SAAA,GAAAC,sBAAA,CAAAF,OAAA;AAEA,IAAAG,eAAA,GAAAH,OAAA;AAIA,IAAAI,gBAAA,GAAAJ,OAAA;AACA,IAAAK,cAAA,GAAAL,OAAA;AACA,IAAAM,iBAAA,GAAAN,OAAA;AACA,IAAAO,OAAA,GAAAP,OAAA;AACA,IAAAQ,QAAA,GAAAR,OAAA;AACA,IAAAS,EAAA,GAAAT,OAAA;AACA,IAAAU,UAAA,GAAAV,OAAA;AACA,IAAAW,QAAA,GAAAX,OAAA;AAKA,IAAAY,QAAA,GAAAZ,OAAA;AAA+C,SAAAE,uBAAAW,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAGxC,MAAMG,6CAA2G,GACtH,MAAOC,eAAe,IAAK;EACzBC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,+HACH,CAAC;EACD,IAAI;IACF,MAAMC,eAAe,GAAG,IAAAC,iCAAkB,EAAC;MACzCC,WAAW,EAAEP;IACf,CAAC,CAAC;IACF,OAAO;MAAEQ,cAAc,EAAEH,eAAe,CAACI;IAAa,CAAC;EACzD,CAAC,CAAC,OAAOC,GAAG,EAAE;IACZ,MAAMC,YAAY,GAChBD,GAAG,YAAYE,KAAK,GAAGF,GAAG,CAACG,OAAO,GAAG,+BAA+B;IACtEZ,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACW,KAAK,EACb,mDAAkDH,YAAa,EAClE,CAAC;IACD,MAAM,IAAII,0BAAkB,CAACJ,YAAY,CAAC;EAC5C;AACF,CAAC;AAACK,OAAA,CAAAjB,6CAAA,GAAAA,6CAAA;AAEG,MAAMkB,qBAA2D,GACtE,MAAAA,CAAOC,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAEC,OAAO,KAAK;EACzD,MAAMC,oBAAoB,GAAGF,UAAU,CAACG,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEP,QAAQ;IACnBQ,WAAW,EAAET;EACf,CAAC,CAAC;EAEF,IAAIG,OAAO,EAAE;IACXG,MAAM,CAACI,MAAM,CAAC,SAAS,EAAEP,OAAO,CAAC;EACnC;EAEA,MAAMQ,OAAO,GAAI,GAAEP,oBAAqB,IAAGE,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;AAACb,OAAA,CAAAC,qBAAA,GAAAA,qBAAA;AAEG,MAAMa,sCAA6F,GACxG,MAAO9B,eAAe,IAAK;EACzBC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,2GACH,CAAC;EACD,MAAM2B,KAAK,GAAG,IAAAC,iBAAQ,EAAChC,eAAe,CAAC,CAAC+B,KAAK;EAE7C,OAAOE,0BAA0B,CAACF,KAAK,CAAC;AAC1C,CAAC;AAACf,OAAA,CAAAc,sCAAA,GAAAA,sCAAA;AAEG,MAAMI,mCAAuF,GAClG,eAAAA,CAAOhB,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBe,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7DtC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,sGACH,CAAC;EAED,MAAMkB,oBAAoB,GAAGF,UAAU,CAACG,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAEP,QAAQ;IACnBQ,WAAW,EAAET;EACf,CAAC,CAAC;EAEFjB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,oCAAmCkB,oBAAqB,IAAGE,MAAM,CAACgB,QAAQ,CAAC,CAAE,EAChF,CAAC;EAED,MAAMC,WAAW,GAAG,MAAM,IAAAC,yCAAyB,EAAC;IAClDC,mBAAmB,EAAG,GAAErB,oBAAqB,IAAGE,MAAM,CAACgB,QAAQ,CAAC,CAAE,EAAC;IACnEI,SAAS,EAAE;MACTL,KAAK,EAAEJ;IACT;EACF,CAAC,CAAC,CAACU,KAAK,CAACC,6CAAoC,CAAC;EAE9C,MAAMC,iBAAiB,GAAG,MAAM,IAAAC,qCAAqB,EAAC;IACpDC,gBAAgB,EAAER,WAAW,CAACQ,gBAAgB;IAC9CL,SAAS,EAAEM;EACb,CAAC,CAAC;EAEF,OAAO,IAAAC,2BAAkB,EAACJ,iBAAiB,CAAC;AAC9C,CAAC;AAAC/B,OAAA,CAAAkB,mCAAA,GAAAA,mCAAA;AAEG,MAAMkB,4CAAyG,GACpH,MAAAA,CACEC,aAAa,EACbC,YAAY,EACZC,GAAG,EAAAC,IAAA,KAEA;EAAA,IADH;IAAEC,gBAAgB;IAAEC,SAAS;IAAEvB,QAAQ,GAAGI;EAAM,CAAC,GAAAiB,IAAA;EAEjDvD,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,sHACH,CAAC;EAED,MAAMuD,eAAe,GAAG,MAAMC,qBAAsB,CAACC,iBAAiB,CACpER,aAAa,CAACS,UAAU,EACxB,CAAC,CAACJ,SAAS,EAAEH,GAAG,CAAC,CACnB,CAAC;EAED,MAAMQ,iBAAiB,GAAG;IACxBC,KAAK,EAAEX,aAAa,CAACW,KAAK;IAC1B7C,QAAQ,EAAEkC,aAAa,CAAC3B,SAAS;IACjCuC,WAAW,EAAEZ,aAAa,CAACa;EAC7B,CAAC;EAED,MAAMC,kBAAkB,GACtB,MAAMP,qBAAsB,CAACQ,0BAA0B,CACrDT,eAAe,EACfI,iBACF,CAAC;EAEH,MAAMM,oBAAoB,GAAG,MAAMC,0BAA0B,CAAC;IAC5DC,KAAK,EAAElB,aAAa,CAACkB,KAAK;IAC1BJ,kBAAkB;IAClBV;EACF,CAAC,CAAC;EAEFxD,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,2BAA0BiE,oBAAqB,EAClD,CAAC;EAED,MAAMG,YAAY,GAAGlB,YAAY,CAACmB,IAAI,CAACC,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,GAAG,KAAK,KAAK,CAAC;EACvE,IAAI,CAACJ,YAAY,EAAE;IACjB,MAAM7D,YAAY,GAAG,gDAAgD;IACrEV,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACW,KAAK,EAAEH,YAAY,CAAC;IACxC,MAAM,IAAIkE,sBAAa,CAAClE,YAAY,CAAC;EACvC;EAEA,OAAO,IAAAmE,wDAAuC,EAAC;IAC7CC,yBAAyB,EAAEV,oBAAoB;IAC/CzB,SAAS,EAAE;MACT,GAAGM,2BAAgB;MACnBX,KAAK,EAAEJ;IACT,CAAC;IACD6C,GAAG,EAAE3B,aAAa,CAAC2B,GAAG;IACtBT,KAAK,EAAElB,aAAa,CAACkB,KAAM;IAC3BU,uBAAuB,EAAE5B,aAAa,CAACa,YAAY;IACnDgB,MAAM,EAAE;MACNC,GAAG,EAAE,OAAO;MACZC,MAAM,EAAE,KAAK;MACbC,SAAS,EAAEb;IACb;EACF,CAAC,CAAC;AACJ,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AANAxD,OAAA,CAAAoC,4CAAA,GAAAA,4CAAA;AAOO,MAAMnB,0BAA0B,GACrCqD,OAAgB,IACQ;EACxB,MAAMC,aAAa,GAAGC,8BAAwB,CAACC,SAAS,CAACH,OAAO,CAAC;EACjE,IAAI,CAACC,aAAa,CAACG,OAAO,EAAE;IAC1B,MAAMC,OAAO,GAAGC,6BAAuB,CAACH,SAAS,CAACH,OAAO,CAAC;IAC1D,IAAI,CAACK,OAAO,CAACD,OAAO,EAAE;MACpBzF,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACW,KAAK,EACb,mDAAkDyE,aAAa,CAACM,KAAK,CAAChF,OAAQ,EACjF,CAAC;MACD,MAAM,IAAIE,0BAAkB,CAACwE,aAAa,CAACM,KAAK,CAAChF,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACAZ,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACW,KAAK,EACb,2CAA0CgF,IAAI,CAACC,SAAS,CAACJ,OAAO,CAAE,EACrE,CAAC;IACD,MAAM,IAAIK,6BAAqB,CAC7BL,OAAO,CAACM,IAAI,CAACJ,KAAK,EAClBF,OAAO,CAACM,IAAI,CAACC,iBACf,CAAC;EACH;EACA,OAAOX,aAAa,CAACU,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAjF,OAAA,CAAAiB,0BAAA,GAAAA,0BAAA;AAQA,MAAMqC,0BAA0B,GAAG,MAAA6B,KAAA,IAQZ;EAAA,IARmB;IACxC5B,KAAK;IACLJ,kBAAkB;IAClBV;EAKF,CAAC,GAAA0C,KAAA;EACC,MAAM;IAAEC;EAAI,CAAC,GAAG,MAAM3C,gBAAgB,CAAC4C,YAAY,CAAC,CAAC;EAErD,OAAO,IAAIC,yBAAO,CAAC7C,gBAAgB,CAAC,CACjC8C,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVJ;EACF,CAAC,CAAC,CACDK,UAAU,CAAC;IACV;AACN;AACA;AACA;AACA;IACM,IAAIlC,KAAK,GAAG;MAAEA;IAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3BmC,QAAQ,EAAEvC,kBAAkB,CAACwC,aAAa,CAACC,MAAM,CAC/C,CAACF,QAAQ,EAAAG,KAAA;MAAA,IAAE;QAAEC,YAAY;QAAEC;MAAQ,CAAC,GAAAF,KAAA;MAAA,OAAM;QACxC,GAAGH,QAAQ;QACX,CAACI,YAAY,GAAG,CAACC,OAAO;MAC1B,CAAC;IAAA,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC"}

package/lib/commonjs/credential/issuance/v1.3.3/04-authorize-access.js

@@ -0,0 +1,75 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.authorizeAccess = void 0;
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _ioWalletOauth = require("@pagopa/io-wallet-oauth2");
+var _uuid = require("uuid");
+var _pop = require("../../../utils/pop");
+var WalletInstanceAttestation = _interopRequireWildcard(require("../../../wallet-instance-attestation/v1.0.0/utils"));
+var _callbacks = require("../../../utils/callbacks");
+var _errors = require("../../../utils/errors");
+function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
+function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+const authorizeAccess = async (issuerConf, code, redirectUri, codeVerifier, context) => {
+  const {
+    appFetch = fetch,
+    walletInstanceAttestation,
+    wiaCryptoContext,
+    dPopCryptoContext
+  } = context;
+  const dPopSignerJwk = await dPopCryptoContext.getPublicKey();
+  const tokenDPoP = await (0, _ioWalletOauth.createTokenDPoP)({
+    callbacks: {
+      ..._callbacks.partialCallbacks,
+      signJwt: async (_, payload) => ({
+        jwt: await new _ioReactNativeJwt.SignJWT(wiaCryptoContext).setPayload(payload).sign(),
+        signerJwk: dPopSignerJwk
+      })
+    },
+    signer: {
+      alg: "ES256",
+      method: "jwk",
+      publicJwk: dPopSignerJwk
+    },
+    tokenRequest: {
+      method: "POST",
+      url: issuerConf.token_endpoint
+    }
+  });
+  const iss = WalletInstanceAttestation.decode(walletInstanceAttestation).payload.cnf.jwk.kid;
+  const signedWiaPoP = await (0, _pop.createPopToken)({
+    jti: (0, _uuid.v4)(),
+    aud: issuerConf.credential_issuer,
+    iss
+  }, wiaCryptoContext);
+  const tokenResponse = await (0, _ioWalletOauth.fetchTokenResponse)({
+    accessTokenEndpoint: issuerConf.token_endpoint,
+    callbacks: {
+      ..._callbacks.partialCallbacks,
+      fetch: appFetch
+    },
+    walletAttestation: walletInstanceAttestation,
+    dPoP: tokenDPoP.jwt,
+    clientAttestationDPoP: signedWiaPoP,
+    accessTokenRequest: {
+      code,
+      grant_type: "authorization_code",
+      code_verifier: codeVerifier,
+      redirect_uri: redirectUri
+    }
+  });
+
+  // `authorization_details` might be undefined if the PAR used `scope`.
+  // We currently do not support `scope` only.
+  if (!tokenResponse.authorization_details) {
+    throw new _errors.IoWalletError("Access token without authorization_details is not supported");
+  }
+  return {
+    accessToken: tokenResponse
+  };
+};
+exports.authorizeAccess = authorizeAccess;
+//# sourceMappingURL=04-authorize-access.js.map

package/lib/commonjs/credential/issuance/v1.3.3/04-authorize-access.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_ioReactNativeJwt","require","_ioWalletOauth","_uuid","_pop","WalletInstanceAttestation","_interopRequireWildcard","_callbacks","_errors","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","authorizeAccess","issuerConf","code","redirectUri","codeVerifier","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","dPopCryptoContext","dPopSignerJwk","getPublicKey","tokenDPoP","createTokenDPoP","callbacks","partialCallbacks","signJwt","_","payload","jwt","SignJWT","setPayload","sign","signerJwk","signer","alg","method","publicJwk","tokenRequest","url","token_endpoint","iss","decode","cnf","jwk","kid","signedWiaPoP","createPopToken","jti","uuidv4","aud","credential_issuer","tokenResponse","fetchTokenResponse","accessTokenEndpoint","walletAttestation","dPoP","clientAttestationDPoP","accessTokenRequest","grant_type","code_verifier","redirect_uri","authorization_details","IoWalletError","accessToken","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/04-authorize-access.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,cAAA,GAAAD,OAAA;AACA,IAAAE,KAAA,GAAAF,OAAA;AACA,IAAAG,IAAA,GAAAH,OAAA;AACA,IAAAI,yBAAA,GAAAC,uBAAA,CAAAL,OAAA;AACA,IAAAM,UAAA,GAAAN,OAAA;AACA,IAAAO,OAAA,GAAAP,OAAA;AAAsD,SAAAQ,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAG/C,MAAMW,eAA+C,GAAG,MAAAA,CAC7DC,UAAU,EACVC,IAAI,EACJC,WAAW,EACXC,YAAY,EACZC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC,gBAAgB;IAChBC;EACF,CAAC,GAAGL,OAAO;EAEX,MAAMM,aAAa,GAAG,MAAMD,iBAAiB,CAACE,YAAY,CAAC,CAAC;EAC5D,MAAMC,SAAS,GAAG,MAAM,IAAAC,8BAAe,EAAC;IACtCC,SAAS,EAAE;MACT,GAAGC,2BAAgB;MACnBC,OAAO,EAAE,MAAAA,CAAOC,CAAC,EAAEC,OAAO,MAAM;QAC9BC,GAAG,EAAE,MAAM,IAAIC,yBAAO,CAACZ,gBAAgB,CAAC,CAACa,UAAU,CAACH,OAAO,CAAC,CAACI,IAAI,CAAC,CAAC;QACnEC,SAAS,EAAEb;MACb,CAAC;IACH,CAAC;IACDc,MAAM,EAAE;MACNC,GAAG,EAAE,OAAO;MACZC,MAAM,EAAE,KAAK;MACbC,SAAS,EAAEjB;IACb,CAAC;IACDkB,YAAY,EAAE;MACZF,MAAM,EAAE,MAAM;MACdG,GAAG,EAAE7B,UAAU,CAAC8B;IAClB;EACF,CAAC,CAAC;EAEF,MAAMC,GAAG,GAAG1D,yBAAyB,CAAC2D,MAAM,CAACzB,yBAAyB,CAAC,CACpEW,OAAO,CAACe,GAAG,CAACC,GAAG,CAACC,GAAG;EAEtB,MAAMC,YAAY,GAAG,MAAM,IAAAC,mBAAc,EACvC;IACEC,GAAG,EAAE,IAAAC,QAAM,EAAC,CAAC;IACbC,GAAG,EAAExC,UAAU,CAACyC,iBAAiB;IACjCV;EACF,CAAC,EACDvB,gBACF,CAAC;EAED,MAAMkC,aAAa,GAAG,MAAM,IAAAC,iCAAkB,EAAC;IAC7CC,mBAAmB,EAAE5C,UAAU,CAAC8B,cAAc;IAC9ChB,SAAS,EAAE;MACT,GAAGC,2BAAgB;MACnBT,KAAK,EAAED;IACT,CAAC;IACDwC,iBAAiB,EAAEtC,yBAAyB;IAC5CuC,IAAI,EAAElC,SAAS,CAACO,GAAG;IACnB4B,qBAAqB,EAAEX,YAAY;IACnCY,kBAAkB,EAAE;MAClB/C,IAAI;MACJgD,UAAU,EAAE,oBAAoB;MAChCC,aAAa,EAAE/C,YAAY;MAC3BgD,YAAY,EAAEjD;IAChB;EACF,CAAC,CAAC;;EAEF;EACA;EACA,IAAI,CAACwC,aAAa,CAACU,qBAAqB,EAAE;IACxC,MAAM,IAAIC,qBAAa,CACrB,6DACF,CAAC;EACH;EAEA,OAAO;IACLC,WAAW,EAAEZ;EACf,CAAC;AACH,CAAC;AAACa,OAAA,CAAAxD,eAAA,GAAAA,eAAA"}

package/lib/commonjs/credential/issuance/v1.3.3/05-obtain-credential.js

@@ -0,0 +1,143 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.obtainCredential = exports.createNonceProof = void 0;
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _ioWalletOauth = require("@pagopa/io-wallet-oauth2");
+var _ioWalletOid4vci = require("@pagopa/io-wallet-oid4vci");
+var _ioWalletUtils = require("@pagopa/io-wallet-utils");
+var _misc = require("../../../utils/misc");
+var _errors = require("../../../utils/errors");
+var _logging = require("../../../utils/logging");
+var _config = require("../../../utils/config");
+var _callbacks = require("../../../utils/callbacks");
+var _types = require("./types");
+const createNonceProof = async (nonce, issuer, audience, ctx) => {
+  const jwk = await ctx.getPublicKey();
+  return new _ioReactNativeJwt.SignJWT(ctx).setPayload({
+    nonce
+  }).setProtectedHeader({
+    typ: "openid4vci-proof+jwt",
+    jwk
+  }).setAudience(audience).setIssuer(issuer).setIssuedAt().setExpirationTime("5min").sign();
+};
+exports.createNonceProof = createNonceProof;
+const obtainCredential = async (issuerConf, accessToken, clientId, credentialDefinition, context) => {
+  const {
+    credentialCryptoContext,
+    appFetch = fetch,
+    dPopCryptoContext
+  } = context;
+  const {
+    credential_configuration_id,
+    credential_identifier
+  } = credentialDefinition;
+
+  // Fetch the nonce from the Credential Issuer
+  const {
+    c_nonce
+  } = await appFetch(issuerConf.nonce_endpoint, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    }
+  }).then((0, _misc.hasStatusOrThrow)(200)).then(res => res.json()).then(body => _types.NonceResponse.parse(body));
+
+  // Validation of accessTokenResponse.authorization_details if contain credentialDefinition
+  const containsCredentialDefinition = accessToken.authorization_details.some(c => c.credential_configuration_id === credential_configuration_id && (credential_identifier ? c.credential_identifiers.includes(credential_identifier) : true));
+  if (!containsCredentialDefinition) {
+    _logging.Logger.log(_logging.LogLevel.ERROR, `Credential definition not found in the access token response ${accessToken.authorization_details}`);
+    throw new _errors.ValidationFailed({
+      message: "The access token response does not contain the requested credential"
+    });
+  }
+  const signerJwk = await credentialCryptoContext.getPublicKey();
+  const credentialRequest = await (0, _ioWalletOid4vci.createCredentialRequest)({
+    config: _config.sdkConfigV1_3,
+    callbacks: {
+      signJwt: async (_, payload) => ({
+        jwt: await new _ioReactNativeJwt.SignJWT(credentialCryptoContext).setPayload(payload).sign(),
+        signerJwk
+      })
+    },
+    clientId,
+    credential_identifier: credentialDefinition.credential_identifier,
+    issuerIdentifier: issuerConf.credential_issuer,
+    nonce: c_nonce,
+    keyAttestation: "",
+    // TODO
+    signer: {
+      alg: "ES256",
+      method: "jwk",
+      publicJwk: signerJwk
+    }
+  });
+  const dPopSignerJwk = await dPopCryptoContext.getPublicKey();
+  const credentialDPoP = await (0, _ioWalletOauth.createTokenDPoP)({
+    callbacks: {
+      ..._callbacks.partialCallbacks,
+      signJwt: async (_, payload) => ({
+        jwt: await new _ioReactNativeJwt.SignJWT(dPopCryptoContext).setPayload(payload).sign(),
+        signerJwk
+      })
+    },
+    signer: {
+      method: "jwk",
+      alg: "ES256",
+      publicJwk: dPopSignerJwk
+    },
+    tokenRequest: {
+      method: "POST",
+      url: issuerConf.credential_endpoint
+    },
+    accessToken: accessToken.access_token
+  });
+
+  // TODO: handle issuance errors
+  const credentialRes = await (0, _ioWalletOid4vci.fetchCredentialResponse)({
+    callbacks: {
+      fetch: appFetch
+    },
+    credentialEndpoint: issuerConf.credential_endpoint,
+    credentialRequest: credentialRequest,
+    accessToken: accessToken.access_token,
+    dPoP: credentialDPoP.jwt
+  }).catch(handleObtainCredentialError);
+  _logging.Logger.log(_logging.LogLevel.DEBUG, `Credential Response: ${JSON.stringify(credentialRes)}`);
+
+  // Extract the format corresponding to the credential_configuration_id used
+  const issuerCredentialConfig = issuerConf.credential_configurations_supported[credential_configuration_id];
+
+  // TODO: [SIW-2264] Handle multiple credentials
+  return {
+    credential: credentialRes.credentials.at(0).credential,
+    format: issuerCredentialConfig.format
+  };
+};
+
+/**
+ * Handle the credential error by mapping it to a custom exception.
+ * If the error is not an instance of {@link SdkUnexpectedStatusCodeError}, it is thrown as is.
+ * @param e - The error to be handled
+ * @throws {IssuerResponseError} with a specific code for more context
+ */
+exports.obtainCredential = obtainCredential;
+const handleObtainCredentialError = e => {
+  _logging.Logger.log(_logging.LogLevel.ERROR, `Error occurred while obtaining credential: ${e}`);
+  if (!(e instanceof _ioWalletUtils.UnexpectedStatusCodeError)) {
+    throw e;
+  }
+  throw new _errors.ResponseErrorBuilder(_errors.IssuerResponseError).handle(403, {
+    code: _errors.IssuerResponseErrorCodes.CredentialInvalidStatus,
+    message: "Invalid status found for the given credential"
+  }).handle(404, {
+    code: _errors.IssuerResponseErrorCodes.CredentialInvalidStatus,
+    message: "Invalid status found for the given credential"
+  }).handle("*", {
+    code: _errors.IssuerResponseErrorCodes.CredentialRequestFailed,
+    message: "Unable to obtain the requested credential"
+  }).buildFrom(e);
+};
+//# sourceMappingURL=05-obtain-credential.js.map

package/lib/commonjs/credential/issuance/v1.3.3/05-obtain-credential.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_ioReactNativeJwt","require","_ioWalletOauth","_ioWalletOid4vci","_ioWalletUtils","_misc","_errors","_logging","_config","_callbacks","_types","createNonceProof","nonce","issuer","audience","ctx","jwk","getPublicKey","SignJWT","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","exports","obtainCredential","issuerConf","accessToken","clientId","credentialDefinition","context","credentialCryptoContext","appFetch","fetch","dPopCryptoContext","credential_configuration_id","credential_identifier","c_nonce","nonce_endpoint","method","headers","then","hasStatusOrThrow","res","json","body","NonceResponse","parse","containsCredentialDefinition","authorization_details","some","c","credential_identifiers","includes","Logger","log","LogLevel","ERROR","ValidationFailed","message","signerJwk","credentialRequest","createCredentialRequest","config","sdkConfigV1_3","callbacks","signJwt","_","payload","jwt","issuerIdentifier","credential_issuer","keyAttestation","signer","alg","publicJwk","dPopSignerJwk","credentialDPoP","createTokenDPoP","partialCallbacks","tokenRequest","url","credential_endpoint","access_token","credentialRes","fetchCredentialResponse","credentialEndpoint","dPoP","catch","handleObtainCredentialError","DEBUG","JSON","stringify","issuerCredentialConfig","credential_configurations_supported","credential","credentials","at","format","e","SdkUnexpectedStatusCodeError","ResponseErrorBuilder","IssuerResponseError","handle","code","IssuerResponseErrorCodes","CredentialInvalidStatus","CredentialRequestFailed","buildFrom"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/05-obtain-credential.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,cAAA,GAAAD,OAAA;AACA,IAAAE,gBAAA,GAAAF,OAAA;AAKA,IAAAG,cAAA,GAAAH,OAAA;AACA,IAAAI,KAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AAMA,IAAAM,QAAA,GAAAN,OAAA;AACA,IAAAO,OAAA,GAAAP,OAAA;AACA,IAAAQ,UAAA,GAAAR,OAAA;AAEA,IAAAS,MAAA,GAAAT,OAAA;AAEO,MAAMU,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,MAAMC,GAAG,GAAG,MAAMD,GAAG,CAACE,YAAY,CAAC,CAAC;EACpC,OAAO,IAAIC,yBAAO,CAACH,GAAG,CAAC,CACpBI,UAAU,CAAC;IACVP;EACF,CAAC,CAAC,CACDQ,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3BL;EACF,CAAC,CAAC,CACDM,WAAW,CAACR,QAAQ,CAAC,CACrBS,SAAS,CAACV,MAAM,CAAC,CACjBW,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;AAACC,OAAA,CAAAhB,gBAAA,GAAAA,gBAAA;AAEK,MAAMiB,gBAAiD,GAAG,MAAAA,CAC/DC,UAAU,EACVC,WAAW,EACXC,QAAQ,EACRC,oBAAoB,EACpBC,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,QAAQ,GAAGC,KAAK;IAChBC;EACF,CAAC,GAAGJ,OAAO;EACX,MAAM;IAAEK,2BAA2B;IAAEC;EAAsB,CAAC,GAC1DP,oBAAoB;;EAEtB;EACA,MAAM;IAAEQ;EAAQ,CAAC,GAAG,MAAML,QAAQ,CAACN,UAAU,CAACY,cAAc,EAAE;IAC5DC,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MAAE,cAAc,EAAE;IAAmB;EAChD,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAAEI,IAAI,IAAKC,oBAAa,CAACC,KAAK,CAACF,IAAI,CAAC,CAAC;;EAE5C;EACA,MAAMG,4BAA4B,GAAGrB,WAAW,CAACsB,qBAAqB,CAACC,IAAI,CACxEC,CAAC,IACAA,CAAC,CAAChB,2BAA2B,KAAKA,2BAA2B,KAC5DC,qBAAqB,GAClBe,CAAC,CAACC,sBAAsB,CAACC,QAAQ,CAACjB,qBAAqB,CAAC,GACxD,IAAI,CACZ,CAAC;EAED,IAAI,CAACY,4BAA4B,EAAE;IACjCM,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,gEAA+D9B,WAAW,CAACsB,qBAAsB,EACpG,CAAC;IACD,MAAM,IAAIS,wBAAgB,CAAC;MACzBC,OAAO,EACL;IACJ,CAAC,CAAC;EACJ;EAEA,MAAMC,SAAS,GAAG,MAAM7B,uBAAuB,CAACjB,YAAY,CAAC,CAAC;EAE9D,MAAM+C,iBAAiB,GAAG,MAAM,IAAAC,wCAAuB,EAAC;IACtDC,MAAM,EAAEC,qBAAuD;IAC/DC,SAAS,EAAE;MACTC,OAAO,EAAE,MAAAA,CAAOC,CAAC,EAAEC,OAAO,MAAM;QAC9BC,GAAG,EAAE,MAAM,IAAItD,yBAAO,CAACgB,uBAAuB,CAAC,CAC5Cf,UAAU,CAACoD,OAAO,CAAC,CACnB7C,IAAI,CAAC,CAAC;QACTqC;MACF,CAAC;IACH,CAAC;IACDhC,QAAQ;IACRQ,qBAAqB,EAAEP,oBAAoB,CAACO,qBAAsB;IAClEkC,gBAAgB,EAAE5C,UAAU,CAAC6C,iBAAiB;IAC9C9D,KAAK,EAAE4B,OAAO;IACdmC,cAAc,EAAE,EAAE;IAAE;IACpBC,MAAM,EAAE;MACNC,GAAG,EAAE,OAAO;MACZnC,MAAM,EAAE,KAAK;MACboC,SAAS,EAAEf;IACb;EACF,CAAC,CAAC;EAEF,MAAMgB,aAAa,GAAG,MAAM1C,iBAAiB,CAACpB,YAAY,CAAC,CAAC;EAE5D,MAAM+D,cAAc,GAAG,MAAM,IAAAC,8BAAe,EAAC;IAC3Cb,SAAS,EAAE;MACT,GAAGc,2BAAgB;MACnBb,OAAO,EAAE,MAAAA,CAAOC,CAAC,EAAEC,OAAO,MAAM;QAC9BC,GAAG,EAAE,MAAM,IAAItD,yBAAO,CAACmB,iBAAiB,CAAC,CAAClB,UAAU,CAACoD,OAAO,CAAC,CAAC7C,IAAI,CAAC,CAAC;QACpEqC;MACF,CAAC;IACH,CAAC;IACDa,MAAM,EAAE;MACNlC,MAAM,EAAE,KAAK;MACbmC,GAAG,EAAE,OAAO;MACZC,SAAS,EAAEC;IACb,CAAC;IACDI,YAAY,EAAE;MACZzC,MAAM,EAAE,MAAM;MACd0C,GAAG,EAAEvD,UAAU,CAACwD;IAClB,CAAC;IACDvD,WAAW,EAAEA,WAAW,CAACwD;EAC3B,CAAC,CAAC;;EAEF;EACA,MAAMC,aAAa,GAAG,MAAM,IAAAC,wCAAuB,EAAC;IAClDpB,SAAS,EAAE;MACThC,KAAK,EAAED;IACT,CAAC;IACDsD,kBAAkB,EAAE5D,UAAU,CAACwD,mBAAmB;IAClDrB,iBAAiB,EAAEA,iBAAiB;IACpClC,WAAW,EAAEA,WAAW,CAACwD,YAAY;IACrCI,IAAI,EAAEV,cAAc,CAACR;EACvB,CAAC,CAAC,CAACmB,KAAK,CAACC,2BAA2B,CAAC;EAErCnC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACkC,KAAK,EACb,wBAAuBC,IAAI,CAACC,SAAS,CAACR,aAAa,CAAE,EACxD,CAAC;;EAED;EACA,MAAMS,sBAAsB,GAC1BnE,UAAU,CAACoE,mCAAmC,CAAC3D,2BAA2B,CAAC;;EAE7E;EACA,OAAO;IACL4D,UAAU,EAAEX,aAAa,CAACY,WAAW,CAAEC,EAAE,CAAC,CAAC,CAAC,CAAEF,UAAU;IACxDG,MAAM,EAAEL,sBAAsB,CAAEK;EAClC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AALA1E,OAAA,CAAAC,gBAAA,GAAAA,gBAAA;AAMA,MAAMgE,2BAA2B,GAAIU,CAAU,IAAK;EAClD7C,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAG,8CAA6C0C,CAAE,EAAC,CAAC;EAE7E,IAAI,EAAEA,CAAC,YAAYC,wCAA4B,CAAC,EAAE;IAChD,MAAMD,CAAC;EACT;EAEA,MAAM,IAAIE,4BAAoB,CAACC,2BAAmB,CAAC,CAChDC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,gCAAwB,CAACC,uBAAuB;IACtD/C,OAAO,EAAE;EACX,CAAC,CAAC,CACD4C,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,gCAAwB,CAACC,uBAAuB;IACtD/C,OAAO,EAAE;EACX,CAAC,CAAC,CACD4C,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,gCAAwB,CAACE,uBAAuB;IACtDhD,OAAO,EAAE;EACX,CAAC,CAAC,CACDiD,SAAS,CAACT,CAAC,CAAC;AACjB,CAAC"}

package/lib/commonjs/credential/issuance/v1.3.3/06-verify-and-parse-credential.js

@@ -0,0 +1,34 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.verifyAndParseCredential = void 0;
+var _errors = require("../../../utils/errors");
+var _logging = require("../../../utils/logging");
+var _verifyAndParseCredential = require("../common/06-verify-and-parse-credential.mdoc");
+var _verifyAndParseCredential2 = require("../common/06-verify-and-parse-credential.sdjwt");
+const verifyAndParseCredential = async (issuerConf, credential, credentialConfigurationId, context, x509CertRoot) => {
+  var _issuerConf$credentia;
+  const format = (_issuerConf$credentia = issuerConf.credential_configurations_supported[credentialConfigurationId]) === null || _issuerConf$credentia === void 0 ? void 0 : _issuerConf$credentia.format;
+  switch (format) {
+    case "dc+sd-jwt":
+      {
+        _logging.Logger.log(_logging.LogLevel.DEBUG, "Parsing credential in dc+sd-jwt format");
+        return (0, _verifyAndParseCredential2.verifyAndParseCredentialSdJwt)(issuerConf, credential, credentialConfigurationId, context);
+      }
+    case "mso_mdoc":
+      {
+        _logging.Logger.log(_logging.LogLevel.DEBUG, "Parsing credential in mso_mdoc format");
+        return (0, _verifyAndParseCredential.verifyAndParseCredentialMDoc)(issuerConf, credential, credentialConfigurationId, context, x509CertRoot);
+      }
+    default:
+      {
+        const message = `Unsupported credential format: ${format}`;
+        _logging.Logger.log(_logging.LogLevel.ERROR, message);
+        throw new _errors.IoWalletError(message);
+      }
+  }
+};
+exports.verifyAndParseCredential = verifyAndParseCredential;
+//# sourceMappingURL=06-verify-and-parse-credential.js.map

package/lib/commonjs/credential/issuance/v1.3.3/06-verify-and-parse-credential.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_errors","require","_logging","_verifyAndParseCredential","_verifyAndParseCredential2","verifyAndParseCredential","issuerConf","credential","credentialConfigurationId","context","x509CertRoot","_issuerConf$credentia","format","credential_configurations_supported","Logger","log","LogLevel","DEBUG","verifyAndParseCredentialSdJwt","verifyAndParseCredentialMDoc","message","ERROR","IoWalletError","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/06-verify-and-parse-credential.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,QAAA,GAAAD,OAAA;AAEA,IAAAE,yBAAA,GAAAF,OAAA;AACA,IAAAG,0BAAA,GAAAH,OAAA;AAEO,MAAMI,wBAAiE,GAC5E,MAAAA,CACEC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzBC,OAAO,EACPC,YAAY,KACT;EAAA,IAAAC,qBAAA;EACH,MAAMC,MAAM,IAAAD,qBAAA,GACVL,UAAU,CAACO,mCAAmC,CAACL,yBAAyB,CAAC,cAAAG,qBAAA,uBAAzEA,qBAAA,CACIC,MAAM;EAEZ,QAAQA,MAAM;IACZ,KAAK,WAAW;MAAE;QAChBE,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAE,wCAAwC,CAAC;QACpE,OAAO,IAAAC,wDAA6B,EAClCZ,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzBC,OACF,CAAC;MACH;IACA,KAAK,UAAU;MAAE;QACfK,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAE,uCAAuC,CAAC;QACnE,OAAO,IAAAE,sDAA4B,EACjCb,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzBC,OAAO,EACPC,YACF,CAAC;MACH;IAEA;MAAS;QACP,MAAMU,OAAO,GAAI,kCAAiCR,MAAO,EAAC;QAC1DE,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACK,KAAK,EAAED,OAAO,CAAC;QACnC,MAAM,IAAIE,qBAAa,CAACF,OAAO,CAAC;MAClC;EACF;AACF,CAAC;AAACG,OAAA,CAAAlB,wBAAA,GAAAA,wBAAA"}