npm - @pagopa/io-react-native-wallet - Versions diffs - 2.5.1 → 3.0.0 - Mend

@pagopa/io-react-native-wallet 2.5.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1551) hide show

package/lib/commonjs/trust/errors.js DELETED Viewed

@@ -1,134 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.X509ValidationError = exports.TrustChainTokenMissingError = exports.TrustChainRenewalError = exports.TrustChainEmptyError = exports.TrustAnchorKidMissingError = exports.RelyingPartyNotAuthorizedError = exports.MissingX509CertsError = exports.MissingFederationFetchEndpointError = exports.FederationListParseError = exports.FederationError = exports.BuildTrustChainError = void 0;
-var _errors = require("../utils/errors");
-// Ensure this path is correct
-/**
- * Base class for all federation-specific errors.
- */
-class FederationError extends _errors.IoWalletError {
-  constructor(message, details) {
-    super(details ? (0, _errors.serializeAttrs)({
-      message,
-      ...details
-    }) : message);
-    this.name = this.constructor.name;
-    this.details = details;
-  }
-}
-/**
- * Error thrown when a trust chain is unexpectedly empty.
- */
-exports.FederationError = FederationError;
-class TrustChainEmptyError extends FederationError {
-  code = "ERR_FED_TRUST_CHAIN_EMPTY";
-  constructor() {
-    let message = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : "Trust chain cannot be empty.";
-    super(message, undefined);
-  }
-}
-/**
- * Error thrown when a token is unexpectedly missing from a trust chain during processing.
- */
-exports.TrustChainEmptyError = TrustChainEmptyError;
-class TrustChainTokenMissingError extends FederationError {
-  code = "ERR_FED_TRUST_CHAIN_TOKEN_MISSING";
-  constructor(message, details) {
-    super(message, details);
-  }
-}
-/**
- * Error thrown when renewing a trust chain fails.
- * This class itself might be used or could be considered a more general renewal error.
- */
-exports.TrustChainTokenMissingError = TrustChainTokenMissingError;
-class TrustChainRenewalError extends FederationError {
-  code = "ERR_FED_TRUST_CHAIN_RENEWAL_FAILED";
-  constructor(message, details) {
-    super(message, details);
-  }
-}
-exports.TrustChainRenewalError = TrustChainRenewalError;
-class FederationListParseError extends FederationError {
-  code = "ERR_FED_FEDERATION_LIST_PARSE_FAILED";
-  constructor(message, details) {
-    super(message, details);
-  }
-}
-/**
- * General error thrown during the trust chain building process.
- */
-exports.FederationListParseError = FederationListParseError;
-class BuildTrustChainError extends FederationError {
-  code = "ERR_FED_BUILD_TRUST_CHAIN_FAILED";
-  constructor(message, details) {
-    super(message, details);
-  }
-}
-/**
- * Error thrown when the Trust Anchor's key is missing a 'kid'.
- */
-exports.BuildTrustChainError = BuildTrustChainError;
-class TrustAnchorKidMissingError extends FederationError {
-  code = "ERR_FED_TRUST_ANCHOR_KID_MISSING";
-  constructor() {
-    let message = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : "Missing 'kid' in provided Trust Anchor key.";
-    super(message, undefined);
-  }
-}
-/**
- * Error thrown if the Relying Party is not found in the Trust Anchor's federation list.
- */
-exports.TrustAnchorKidMissingError = TrustAnchorKidMissingError;
-class RelyingPartyNotAuthorizedError extends FederationError {
-  code = "ERR_FED_RELYING_PARTY_NOT_AUTHORIZED";
-  constructor(message, details) {
-    super(message, details);
-  }
-}
-/**
- * Error thrown when a 'federation_fetch_endpoint' is missing in an entity's configuration.
- */
-exports.RelyingPartyNotAuthorizedError = RelyingPartyNotAuthorizedError;
-class MissingFederationFetchEndpointError extends FederationError {
-  code = "ERR_FED_MISSING_FEDERATION_FETCH_ENDPOINT";
-  constructor(message, details) {
-    super(message, details);
-  }
-}
-/**
- * Error thrown when the X.509 certificate chain is missing in an entity's configuration.
- */
-exports.MissingFederationFetchEndpointError = MissingFederationFetchEndpointError;
-class MissingX509CertsError extends FederationError {
-  code = "ERR_FED_MISSING_X509_CERTS";
-  constructor(message) {
-    super(message, undefined);
-  }
-}
-/**
- * Error thrown when an X.509 certificate validation fails.
- * This is used to indicate issues with the certificate chain or signature verification.
- */
-exports.MissingX509CertsError = MissingX509CertsError;
-class X509ValidationError extends FederationError {
-  code = "ERR_FED_X509_VALIDATION_FAILED";
-  constructor(message, details) {
-    super(message, details);
-  }
-}
-exports.X509ValidationError = X509ValidationError;
-//# sourceMappingURL=errors.js.map

package/lib/commonjs/trust/errors.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["_errors","require","FederationError","IoWalletError","constructor","message","details","serializeAttrs","name","exports","TrustChainEmptyError","code","arguments","length","undefined","TrustChainTokenMissingError","TrustChainRenewalError","FederationListParseError","BuildTrustChainError","TrustAnchorKidMissingError","RelyingPartyNotAuthorizedError","MissingFederationFetchEndpointError","MissingX509CertsError","X509ValidationError"],"sourceRoot":"../../../src","sources":["trust/errors.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AACmF;;AAEnF;AACA;AACA;AACO,MAAMC,eAAe,SAASC,qBAAa,CAAC;EAEjDC,WAAWA,CAACC,OAAe,EAAEC,OAAiC,EAAE;IAC9D,KAAK,CAACA,OAAO,GAAG,IAAAC,sBAAc,EAAC;MAAEF,OAAO;MAAE,GAAGC;IAAQ,CAAC,CAAC,GAAGD,OAAO,CAAC;IAClE,IAAI,CAACG,IAAI,GAAG,IAAI,CAACJ,WAAW,CAACI,IAAI;IACjC,IAAI,CAACF,OAAO,GAAGA,OAAO;EACxB;AACF;;AAEA;AACA;AACA;AAFAG,OAAA,CAAAP,eAAA,GAAAA,eAAA;AAGO,MAAMQ,oBAAoB,SAASR,eAAe,CAAC;EACxDS,IAAI,GAAG,2BAA2B;EAClCP,WAAWA,CAAA,EAA2C;IAAA,IAA1CC,OAAO,GAAAO,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,8BAA8B;IAClD,KAAK,CAACP,OAAO,EAAES,SAAS,CAAC;EAC3B;AACF;;AAEA;AACA;AACA;AAFAL,OAAA,CAAAC,oBAAA,GAAAA,oBAAA;AAGO,MAAMK,2BAA2B,SAASb,eAAe,CAAC;EAC/DS,IAAI,GAAG,mCAAmC;EAC1CP,WAAWA,CAACC,OAAe,EAAEC,OAA4B,EAAE;IACzD,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AACA;AAHAG,OAAA,CAAAM,2BAAA,GAAAA,2BAAA;AAIO,MAAMC,sBAAsB,SAASd,eAAe,CAAC;EAC1DS,IAAI,GAAG,oCAAoC;EAC3CP,WAAWA,CACTC,OAAe,EACfC,OAA8D,EAC9D;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;AAACG,OAAA,CAAAO,sBAAA,GAAAA,sBAAA;AAEM,MAAMC,wBAAwB,SAASf,eAAe,CAAC;EAC5DS,IAAI,GAAG,sCAAsC;EAC7CP,WAAWA,CAACC,OAAe,EAAEC,OAA6C,EAAE;IAC1E,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AAFAG,OAAA,CAAAQ,wBAAA,GAAAA,wBAAA;AAGO,MAAMC,oBAAoB,SAAShB,eAAe,CAAC;EACxDS,IAAI,GAAG,kCAAkC;EACzCP,WAAWA,CACTC,OAAe,EACfC,OAIC,EACD;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AAFAG,OAAA,CAAAS,oBAAA,GAAAA,oBAAA;AAGO,MAAMC,0BAA0B,SAASjB,eAAe,CAAC;EAC9DS,IAAI,GAAG,kCAAkC;EACzCP,WAAWA,CAAA,EAA0D;IAAA,IAAzDC,OAAO,GAAAO,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,6CAA6C;IACjE,KAAK,CAACP,OAAO,EAAES,SAAS,CAAC;EAC3B;AACF;;AAEA;AACA;AACA;AAFAL,OAAA,CAAAU,0BAAA,GAAAA,0BAAA;AAGO,MAAMC,8BAA8B,SAASlB,eAAe,CAAC;EAClES,IAAI,GAAG,sCAAsC;EAC7CP,WAAWA,CACTC,OAAe,EACfC,OAAqE,EACrE;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AAFAG,OAAA,CAAAW,8BAAA,GAAAA,8BAAA;AAGO,MAAMC,mCAAmC,SAASnB,eAAe,CAAC;EACvES,IAAI,GAAG,2CAA2C;EAClDP,WAAWA,CACTC,OAAe,EACfC,OAA8D,EAC9D;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;;AAEA;AACA;AACA;AAFAG,OAAA,CAAAY,mCAAA,GAAAA,mCAAA;AAGO,MAAMC,qBAAqB,SAASpB,eAAe,CAAC;EACzDS,IAAI,GAAG,4BAA4B;EACnCP,WAAWA,CAACC,OAAe,EAAE;IAC3B,KAAK,CAACA,OAAO,EAAES,SAAS,CAAC;EAC3B;AACF;;AAEA;AACA;AACA;AACA;AAHAL,OAAA,CAAAa,qBAAA,GAAAA,qBAAA;AAIO,MAAMC,mBAAmB,SAASrB,eAAe,CAAC;EACvDS,IAAI,GAAG,gCAAgC;EACvCP,WAAWA,CACTC,OAAe,EACfC,OAMC,EACD;IACA,KAAK,CAACD,OAAO,EAAEC,OAAO,CAAC;EACzB;AACF;AAACG,OAAA,CAAAc,mBAAA,GAAAA,mBAAA"}

package/lib/commonjs/trust/types.js DELETED Viewed

@@ -1,234 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.WalletProviderEntityConfiguration = exports.TrustMark = exports.TrustAnchorEntityConfiguration = exports.RelyingPartyEntityConfiguration = exports.FederationListResponse = exports.EntityStatement = exports.EntityConfigurationHeader = exports.EntityConfiguration = exports.CredentialIssuerEntityConfiguration = void 0;
-var _types = require("../sd-jwt/types");
-var _jwk = require("../utils/jwk");
-var z = _interopRequireWildcard(require("zod"));
-var _types2 = require("../credential/presentation/types");
-function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
-function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
-const TrustMark = z.object({
-  id: z.string(),
-  trust_mark: z.string()
-});
-exports.TrustMark = TrustMark;
-const RelyingPartyMetadata = z.object({
-  application_type: z.string().optional(),
-  client_id: z.string().optional(),
-  client_name: z.string().optional(),
-  jwks: z.object({
-    keys: z.array(_jwk.JWK)
-  }),
-  contacts: z.array(z.string()).optional(),
-  presentation_definition: _types2.PresentationDefinition.optional(),
-  request_uris: z.array(z.string()).optional(),
-  authorization_signed_response_alg: z.string().optional(),
-  authorization_encrypted_response_alg: z.string().optional(),
-  authorization_encrypted_response_enc: z.string().optional()
-});
-// Display metadata for a credential, used by the issuer to
-// instruct the Wallet Solution on how to render the credential correctly
-const CredentialDisplayMetadata = z.object({
-  name: z.string(),
-  locale: z.string()
-});
-// Metadata for displaying issuer information
-const CredentialIssuerDisplayMetadata = z.object({
-  name: z.string(),
-  locale: z.string()
-});
-const ClaimsMetadata = z.object({
-  path: z.array(z.union([z.string(), z.number(), z.null()])),
-  // https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-15.html#name-claims-path-pointer
-  display: z.array(CredentialDisplayMetadata)
-});
-const IssuanceErrorSupported = z.object({
-  display: z.array(z.object({
-    title: z.string(),
-    description: z.string(),
-    locale: z.string()
-  }))
-});
-// Metadata for a credential which is supported by an Issuer
-const SupportedCredentialMetadata = z.intersection(z.discriminatedUnion("format", [z.object({
-  format: z.literal("dc+sd-jwt"),
-  vct: z.string()
-}), z.object({
-  format: z.literal("mso_mdoc"),
-  doctype: z.string()
-})]), z.object({
-  scope: z.string(),
-  display: z.array(CredentialDisplayMetadata),
-  claims: z.array(ClaimsMetadata),
-  cryptographic_binding_methods_supported: z.array(z.string()),
-  credential_signing_alg_values_supported: z.array(z.string()),
-  authentic_source: z.string().optional(),
-  issuance_errors_supported: z.record(IssuanceErrorSupported).optional()
-}));
-/**
- * Supported formats for credentials issued by the Issuer API 1.0,
- * compliant with IT-Wallet technical specifications 1.0.
- */
-const EntityStatement = z.object({
-  header: z.object({
-    typ: z.literal("entity-statement+jwt"),
-    alg: z.string(),
-    kid: z.string()
-  }),
-  payload: z.object({
-    iss: z.string(),
-    sub: z.string(),
-    jwks: z.object({
-      keys: z.array(_jwk.JWK)
-    }),
-    trust_marks: z.array(TrustMark).optional(),
-    iat: z.number(),
-    exp: z.number()
-  })
-});
-exports.EntityStatement = EntityStatement;
-const EntityConfigurationHeader = z.object({
-  typ: z.literal("entity-statement+jwt"),
-  alg: z.string(),
-  kid: z.string()
-});
-/**
- * @see https://openid.net/specs/openid-federation-1_0-41.html
- */
-exports.EntityConfigurationHeader = EntityConfigurationHeader;
-const FederationEntityMetadata = z.object({
-  federation_fetch_endpoint: z.string().optional(),
-  federation_list_endpoint: z.string().optional(),
-  federation_resolve_endpoint: z.string().optional(),
-  federation_trust_mark_status_endpoint: z.string().optional(),
-  federation_trust_mark_list_endpoint: z.string().optional(),
-  federation_trust_mark_endpoint: z.string().optional(),
-  federation_historical_keys_endpoint: z.string().optional(),
-  endpoint_auth_signing_alg_values_supported: z.string().optional(),
-  organization_name: z.string().optional(),
-  homepage_uri: z.string().optional(),
-  policy_uri: z.string().optional(),
-  logo_uri: z.string().optional(),
-  contacts: z.array(z.string()).optional()
-}).passthrough();
-// Structure common to every Entity Configuration document
-const BaseEntityConfiguration = z.object({
-  header: EntityConfigurationHeader,
-  payload: z.object({
-    iss: z.string(),
-    sub: z.string(),
-    iat: _types.UnixTime,
-    exp: _types.UnixTime,
-    authority_hints: z.array(z.string()).optional(),
-    metadata: z.object({
-      federation_entity: FederationEntityMetadata
-    }).passthrough(),
-    jwks: z.object({
-      keys: z.array(_jwk.JWK)
-    })
-  }).passthrough()
-});
-// Entity configuration for a Trust Anchor (it has no specific metadata section)
-const TrustAnchorEntityConfiguration = BaseEntityConfiguration;
-// Entity configuration for a Credential Issuer
-exports.TrustAnchorEntityConfiguration = TrustAnchorEntityConfiguration;
-const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(z.object({
-  payload: z.object({
-    jwks: z.object({
-      keys: z.array(_jwk.JWK)
-    }),
-    metadata: z.object({
-      openid_credential_issuer: z.object({
-        credential_issuer: z.string(),
-        credential_endpoint: z.string(),
-        revocation_endpoint: z.string().optional(),
-        nonce_endpoint: z.string(),
-        status_attestation_endpoint: z.string(),
-        display: z.array(CredentialIssuerDisplayMetadata),
-        credential_configurations_supported: z.record(SupportedCredentialMetadata),
-        jwks: z.object({
-          keys: z.array(_jwk.JWK)
-        }),
-        trust_frameworks_supported: z.array(z.string()),
-        evidence_supported: z.array(z.string())
-      }),
-      oauth_authorization_server: z.object({
-        authorization_endpoint: z.string(),
-        pushed_authorization_request_endpoint: z.string(),
-        token_endpoint: z.string(),
-        client_registration_types_supported: z.array(z.string()),
-        code_challenge_methods_supported: z.array(z.string()),
-        acr_values_supported: z.array(z.string()),
-        grant_types_supported: z.array(z.string()),
-        issuer: z.string(),
-        jwks: z.object({
-          keys: z.array(_jwk.JWK)
-        }),
-        scopes_supported: z.array(z.string()),
-        response_modes_supported: z.array(z.string()),
-        token_endpoint_auth_methods_supported: z.array(z.string()),
-        token_endpoint_auth_signing_alg_values_supported: z.array(z.string()),
-        request_object_signing_alg_values_supported: z.array(z.string())
-      }),
-      /**
-       * Credential Issuers act as Relying Party when they require the presentation of other credentials.
-       * This does not apply for PID issuance, which requires CIE authz.
-       */
-      openid_credential_verifier: RelyingPartyMetadata.optional()
-    })
-  })
-}));
-// Entity configuration for a Relying Party
-exports.CredentialIssuerEntityConfiguration = CredentialIssuerEntityConfiguration;
-const RelyingPartyEntityConfiguration = BaseEntityConfiguration.and(z.object({
-  payload: z.object({
-    metadata: z.object({
-      openid_credential_verifier: RelyingPartyMetadata
-    })
-  })
-}));
-// Entity configuration for a Wallet Provider
-exports.RelyingPartyEntityConfiguration = RelyingPartyEntityConfiguration;
-const WalletProviderEntityConfiguration = BaseEntityConfiguration.and(z.object({
-  payload: z.object({
-    metadata: z.object({
-      wallet_provider: z.object({
-        token_endpoint: z.string(),
-        aal_values_supported: z.array(z.string()).optional(),
-        grant_types_supported: z.array(z.string()),
-        token_endpoint_auth_methods_supported: z.array(z.string()),
-        token_endpoint_auth_signing_alg_values_supported: z.array(z.string()),
-        jwks: z.object({
-          keys: z.array(_jwk.JWK)
-        })
-      }).passthrough()
-    })
-  })
-}));
-// Maps any entity configuration by the union of every possible shapes
-exports.WalletProviderEntityConfiguration = WalletProviderEntityConfiguration;
-const EntityConfiguration = z.union([WalletProviderEntityConfiguration, CredentialIssuerEntityConfiguration, TrustAnchorEntityConfiguration, RelyingPartyEntityConfiguration], {
-  description: "Any kind of Entity Configuration allowed in the ecosystem"
-});
-exports.EntityConfiguration = EntityConfiguration;
-const FederationListResponse = z.array(z.string());
-exports.FederationListResponse = FederationListResponse;
-//# sourceMappingURL=types.js.map

package/lib/commonjs/trust/types.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["_types","require","_jwk","z","_interopRequireWildcard","_types2","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","TrustMark","object","id","string","trust_mark","exports","RelyingPartyMetadata","application_type","optional","client_id","client_name","jwks","keys","array","JWK","contacts","presentation_definition","PresentationDefinition","request_uris","authorization_signed_response_alg","authorization_encrypted_response_alg","authorization_encrypted_response_enc","CredentialDisplayMetadata","name","locale","CredentialIssuerDisplayMetadata","ClaimsMetadata","path","union","number","null","display","IssuanceErrorSupported","title","description","SupportedCredentialMetadata","intersection","discriminatedUnion","format","literal","vct","doctype","scope","claims","cryptographic_binding_methods_supported","credential_signing_alg_values_supported","authentic_source","issuance_errors_supported","record","EntityStatement","header","typ","alg","kid","payload","iss","sub","trust_marks","iat","exp","EntityConfigurationHeader","FederationEntityMetadata","federation_fetch_endpoint","federation_list_endpoint","federation_resolve_endpoint","federation_trust_mark_status_endpoint","federation_trust_mark_list_endpoint","federation_trust_mark_endpoint","federation_historical_keys_endpoint","endpoint_auth_signing_alg_values_supported","organization_name","homepage_uri","policy_uri","logo_uri","passthrough","BaseEntityConfiguration","UnixTime","authority_hints","metadata","federation_entity","TrustAnchorEntityConfiguration","CredentialIssuerEntityConfiguration","and","openid_credential_issuer","credential_issuer","credential_endpoint","revocation_endpoint","nonce_endpoint","status_attestation_endpoint","credential_configurations_supported","trust_frameworks_supported","evidence_supported","oauth_authorization_server","authorization_endpoint","pushed_authorization_request_endpoint","token_endpoint","client_registration_types_supported","code_challenge_methods_supported","acr_values_supported","grant_types_supported","issuer","scopes_supported","response_modes_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","request_object_signing_alg_values_supported","openid_credential_verifier","RelyingPartyEntityConfiguration","WalletProviderEntityConfiguration","wallet_provider","aal_values_supported","EntityConfiguration","FederationListResponse"],"sourceRoot":"../../../src","sources":["trust/types.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,CAAA,GAAAC,uBAAA,CAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAA0E,SAAAK,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEnE,MAAMW,SAAS,GAAGzB,CAAC,CAAC0B,MAAM,CAAC;EAAEC,EAAE,EAAE3B,CAAC,CAAC4B,MAAM,CAAC,CAAC;EAAEC,UAAU,EAAE7B,CAAC,CAAC4B,MAAM,CAAC;AAAE,CAAC,CAAC;AAACE,OAAA,CAAAL,SAAA,GAAAA,SAAA;AAG9E,MAAMM,oBAAoB,GAAG/B,CAAC,CAAC0B,MAAM,CAAC;EACpCM,gBAAgB,EAAEhC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACvCC,SAAS,EAAElC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAChCE,WAAW,EAAEnC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAClCG,IAAI,EAAEpC,CAAC,CAAC0B,MAAM,CAAC;IAAEW,IAAI,EAAErC,CAAC,CAACsC,KAAK,CAACC,QAAG;EAAE,CAAC,CAAC;EACtCC,QAAQ,EAAExC,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACxCQ,uBAAuB,EAAEC,8BAAsB,CAACT,QAAQ,CAAC,CAAC;EAC1DU,YAAY,EAAE3C,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAC5CW,iCAAiC,EAAE5C,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACxDY,oCAAoC,EAAE7C,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAC3Da,oCAAoC,EAAE9C,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC;AAC5D,CAAC,CAAC;;AAEF;AACA;AAEA,MAAMc,yBAAyB,GAAG/C,CAAC,CAAC0B,MAAM,CAAC;EACzCsB,IAAI,EAAEhD,CAAC,CAAC4B,MAAM,CAAC,CAAC;EAChBqB,MAAM,EAAEjD,CAAC,CAAC4B,MAAM,CAAC;AACnB,CAAC,CAAC;;AAEF;;AAIA,MAAMsB,+BAA+B,GAAGlD,CAAC,CAAC0B,MAAM,CAAC;EAC/CsB,IAAI,EAAEhD,CAAC,CAAC4B,MAAM,CAAC,CAAC;EAChBqB,MAAM,EAAEjD,CAAC,CAAC4B,MAAM,CAAC;AACnB,CAAC,CAAC;AAGF,MAAMuB,cAAc,GAAGnD,CAAC,CAAC0B,MAAM,CAAC;EAC9B0B,IAAI,EAAEpD,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAACqD,KAAK,CAAC,CAACrD,CAAC,CAAC4B,MAAM,CAAC,CAAC,EAAE5B,CAAC,CAACsD,MAAM,CAAC,CAAC,EAAEtD,CAAC,CAACuD,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;EAAE;EAC5DC,OAAO,EAAExD,CAAC,CAACsC,KAAK,CAACS,yBAAyB;AAC5C,CAAC,CAAC;AAGF,MAAMU,sBAAsB,GAAGzD,CAAC,CAAC0B,MAAM,CAAC;EACtC8B,OAAO,EAAExD,CAAC,CAACsC,KAAK,CACdtC,CAAC,CAAC0B,MAAM,CAAC;IACPgC,KAAK,EAAE1D,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACjB+B,WAAW,EAAE3D,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACvBqB,MAAM,EAAEjD,CAAC,CAAC4B,MAAM,CAAC;EACnB,CAAC,CACH;AACF,CAAC,CAAC;;AAEF;;AAEA,MAAMgC,2BAA2B,GAAG5D,CAAC,CAAC6D,YAAY,CAChD7D,CAAC,CAAC8D,kBAAkB,CAAC,QAAQ,EAAE,CAC7B9D,CAAC,CAAC0B,MAAM,CAAC;EAAEqC,MAAM,EAAE/D,CAAC,CAACgE,OAAO,CAAC,WAAW,CAAC;EAAEC,GAAG,EAAEjE,CAAC,CAAC4B,MAAM,CAAC;AAAE,CAAC,CAAC,EAC7D5B,CAAC,CAAC0B,MAAM,CAAC;EAAEqC,MAAM,EAAE/D,CAAC,CAACgE,OAAO,CAAC,UAAU,CAAC;EAAEE,OAAO,EAAElE,CAAC,CAAC4B,MAAM,CAAC;AAAE,CAAC,CAAC,CACjE,CAAC,EACF5B,CAAC,CAAC0B,MAAM,CAAC;EACPyC,KAAK,EAAEnE,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACjB4B,OAAO,EAAExD,CAAC,CAACsC,KAAK,CAACS,yBAAyB,CAAC;EAC3CqB,MAAM,EAAEpE,CAAC,CAACsC,KAAK,CAACa,cAAc,CAAC;EAC/BkB,uCAAuC,EAAErE,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;EAC5D0C,uCAAuC,EAAEtE,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;EAC5D2C,gBAAgB,EAAEvE,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACvCuC,yBAAyB,EAAExE,CAAC,CAACyE,MAAM,CAAChB,sBAAsB,CAAC,CAACxB,QAAQ,CAAC;AACvE,CAAC,CACH,CAAC;;AAED;AACA;AACA;AACA;;AAMO,MAAMyC,eAAe,GAAG1E,CAAC,CAAC0B,MAAM,CAAC;EACtCiD,MAAM,EAAE3E,CAAC,CAAC0B,MAAM,CAAC;IACfkD,GAAG,EAAE5E,CAAC,CAACgE,OAAO,CAAC,sBAAsB,CAAC;IACtCa,GAAG,EAAE7E,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACfkD,GAAG,EAAE9E,CAAC,CAAC4B,MAAM,CAAC;EAChB,CAAC,CAAC;EACFmD,OAAO,EAAE/E,CAAC,CAAC0B,MAAM,CAAC;IAChBsD,GAAG,EAAEhF,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACfqD,GAAG,EAAEjF,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACfQ,IAAI,EAAEpC,CAAC,CAAC0B,MAAM,CAAC;MAAEW,IAAI,EAAErC,CAAC,CAACsC,KAAK,CAACC,QAAG;IAAE,CAAC,CAAC;IACtC2C,WAAW,EAAElF,CAAC,CAACsC,KAAK,CAACb,SAAS,CAAC,CAACQ,QAAQ,CAAC,CAAC;IAC1CkD,GAAG,EAAEnF,CAAC,CAACsD,MAAM,CAAC,CAAC;IACf8B,GAAG,EAAEpF,CAAC,CAACsD,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;AAACxB,OAAA,CAAA4C,eAAA,GAAAA,eAAA;AAKI,MAAMW,yBAAyB,GAAGrF,CAAC,CAAC0B,MAAM,CAAC;EAChDkD,GAAG,EAAE5E,CAAC,CAACgE,OAAO,CAAC,sBAAsB,CAAC;EACtCa,GAAG,EAAE7E,CAAC,CAAC4B,MAAM,CAAC,CAAC;EACfkD,GAAG,EAAE9E,CAAC,CAAC4B,MAAM,CAAC;AAChB,CAAC,CAAC;;AAEF;AACA;AACA;AAFAE,OAAA,CAAAuD,yBAAA,GAAAA,yBAAA;AAGA,MAAMC,wBAAwB,GAAGtF,CAAC,CAC/B0B,MAAM,CAAC;EACN6D,yBAAyB,EAAEvF,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAChDuD,wBAAwB,EAAExF,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAC/CwD,2BAA2B,EAAEzF,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAClDyD,qCAAqC,EAAE1F,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAC5D0D,mCAAmC,EAAE3F,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAC1D2D,8BAA8B,EAAE5F,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACrD4D,mCAAmC,EAAE7F,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAC1D6D,0CAA0C,EAAE9F,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACjE8D,iBAAiB,EAAE/F,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACxC+D,YAAY,EAAEhG,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACnCgE,UAAU,EAAEjG,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EACjCiE,QAAQ,EAAElG,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;EAC/BO,QAAQ,EAAExC,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC;AACzC,CAAC,CAAC,CACDkE,WAAW,CAAC,CAAC;;AAEhB;AACA,MAAMC,uBAAuB,GAAGpG,CAAC,CAAC0B,MAAM,CAAC;EACvCiD,MAAM,EAAEU,yBAAyB;EACjCN,OAAO,EAAE/E,CAAC,CACP0B,MAAM,CAAC;IACNsD,GAAG,EAAEhF,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACfqD,GAAG,EAAEjF,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACfuD,GAAG,EAAEkB,eAAQ;IACbjB,GAAG,EAAEiB,eAAQ;IACbC,eAAe,EAAEtG,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;IAC/CsE,QAAQ,EAAEvG,CAAC,CACR0B,MAAM,CAAC;MACN8E,iBAAiB,EAAElB;IACrB,CAAC,CAAC,CACDa,WAAW,CAAC,CAAC;IAChB/D,IAAI,EAAEpC,CAAC,CAAC0B,MAAM,CAAC;MACbW,IAAI,EAAErC,CAAC,CAACsC,KAAK,CAACC,QAAG;IACnB,CAAC;EACH,CAAC,CAAC,CACD4D,WAAW,CAAC;AACjB,CAAC,CAAC;;AAEF;;AAIO,MAAMM,8BAA8B,GAAGL,uBAAuB;;AAErE;AAAAtE,OAAA,CAAA2E,8BAAA,GAAAA,8BAAA;AAIO,MAAMC,mCAAmC,GAAGN,uBAAuB,CAACO,GAAG,CAC5E3G,CAAC,CAAC0B,MAAM,CAAC;EACPqD,OAAO,EAAE/E,CAAC,CAAC0B,MAAM,CAAC;IAChBU,IAAI,EAAEpC,CAAC,CAAC0B,MAAM,CAAC;MAAEW,IAAI,EAAErC,CAAC,CAACsC,KAAK,CAACC,QAAG;IAAE,CAAC,CAAC;IACtCgE,QAAQ,EAAEvG,CAAC,CAAC0B,MAAM,CAAC;MACjBkF,wBAAwB,EAAE5G,CAAC,CAAC0B,MAAM,CAAC;QACjCmF,iBAAiB,EAAE7G,CAAC,CAAC4B,MAAM,CAAC,CAAC;QAC7BkF,mBAAmB,EAAE9G,CAAC,CAAC4B,MAAM,CAAC,CAAC;QAC/BmF,mBAAmB,EAAE/G,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;QAC1C+E,cAAc,EAAEhH,CAAC,CAAC4B,MAAM,CAAC,CAAC;QAC1BqF,2BAA2B,EAAEjH,CAAC,CAAC4B,MAAM,CAAC,CAAC;QACvC4B,OAAO,EAAExD,CAAC,CAACsC,KAAK,CAACY,+BAA+B,CAAC;QACjDgE,mCAAmC,EAAElH,CAAC,CAACyE,MAAM,CAC3Cb,2BACF,CAAC;QACDxB,IAAI,EAAEpC,CAAC,CAAC0B,MAAM,CAAC;UAAEW,IAAI,EAAErC,CAAC,CAACsC,KAAK,CAACC,QAAG;QAAE,CAAC,CAAC;QACtC4E,0BAA0B,EAAEnH,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QAC/CwF,kBAAkB,EAAEpH,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC;MACxC,CAAC,CAAC;MACFyF,0BAA0B,EAAErH,CAAC,CAAC0B,MAAM,CAAC;QACnC4F,sBAAsB,EAAEtH,CAAC,CAAC4B,MAAM,CAAC,CAAC;QAClC2F,qCAAqC,EAAEvH,CAAC,CAAC4B,MAAM,CAAC,CAAC;QACjD4F,cAAc,EAAExH,CAAC,CAAC4B,MAAM,CAAC,CAAC;QAC1B6F,mCAAmC,EAAEzH,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QACxD8F,gCAAgC,EAAE1H,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QACrD+F,oBAAoB,EAAE3H,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QACzCgG,qBAAqB,EAAE5H,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QAC1CiG,MAAM,EAAE7H,CAAC,CAAC4B,MAAM,CAAC,CAAC;QAClBQ,IAAI,EAAEpC,CAAC,CAAC0B,MAAM,CAAC;UAAEW,IAAI,EAAErC,CAAC,CAACsC,KAAK,CAACC,QAAG;QAAE,CAAC,CAAC;QACtCuF,gBAAgB,EAAE9H,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QACrCmG,wBAAwB,EAAE/H,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QAC7CoG,qCAAqC,EAAEhI,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QAC1DqG,gDAAgD,EAAEjI,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QACrEsG,2CAA2C,EAAElI,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC;MACjE,CAAC,CAAC;MACF;AACR;AACA;AACA;MACQuG,0BAA0B,EAAEpG,oBAAoB,CAACE,QAAQ,CAAC;IAC5D,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;AAAAH,OAAA,CAAA4E,mCAAA,GAAAA,mCAAA;AAIO,MAAM0B,+BAA+B,GAAGhC,uBAAuB,CAACO,GAAG,CACxE3G,CAAC,CAAC0B,MAAM,CAAC;EACPqD,OAAO,EAAE/E,CAAC,CAAC0B,MAAM,CAAC;IAChB6E,QAAQ,EAAEvG,CAAC,CAAC0B,MAAM,CAAC;MACjByG,0BAA0B,EAAEpG;IAC9B,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;AAAAD,OAAA,CAAAsG,+BAAA,GAAAA,+BAAA;AAIO,MAAMC,iCAAiC,GAAGjC,uBAAuB,CAACO,GAAG,CAC1E3G,CAAC,CAAC0B,MAAM,CAAC;EACPqD,OAAO,EAAE/E,CAAC,CAAC0B,MAAM,CAAC;IAChB6E,QAAQ,EAAEvG,CAAC,CAAC0B,MAAM,CAAC;MACjB4G,eAAe,EAAEtI,CAAC,CACf0B,MAAM,CAAC;QACN8F,cAAc,EAAExH,CAAC,CAAC4B,MAAM,CAAC,CAAC;QAC1B2G,oBAAoB,EAAEvI,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;QACpD2F,qBAAqB,EAAE5H,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QAC1CoG,qCAAqC,EAAEhI,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;QAC1DqG,gDAAgD,EAAEjI,CAAC,CAACsC,KAAK,CACvDtC,CAAC,CAAC4B,MAAM,CAAC,CACX,CAAC;QACDQ,IAAI,EAAEpC,CAAC,CAAC0B,MAAM,CAAC;UAAEW,IAAI,EAAErC,CAAC,CAACsC,KAAK,CAACC,QAAG;QAAE,CAAC;MACvC,CAAC,CAAC,CACD4D,WAAW,CAAC;IACjB,CAAC;EACH,CAAC;AACH,CAAC,CACH,CAAC;;AAED;AAAArE,OAAA,CAAAuG,iCAAA,GAAAA,iCAAA;AAEO,MAAMG,mBAAmB,GAAGxI,CAAC,CAACqD,KAAK,CACxC,CACEgF,iCAAiC,EACjC3B,mCAAmC,EACnCD,8BAA8B,EAC9B2B,+BAA+B,CAChC,EACD;EACEzE,WAAW,EAAE;AACf,CACF,CAAC;AAAC7B,OAAA,CAAA0G,mBAAA,GAAAA,mBAAA;AAEK,MAAMC,sBAAsB,GAAGzI,CAAC,CAACsC,KAAK,CAACtC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAAC;AAACE,OAAA,CAAA2G,sBAAA,GAAAA,sBAAA"}

package/lib/commonjs/trust/utils.js DELETED Viewed

@@ -1,70 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.decode = void 0;
-exports.getTrustAnchorX509Certificate = getTrustAnchorX509Certificate;
-exports.verify = void 0;
-var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
-var _errors = require("./errors");
-// Verify a token signature
-// The kid is extracted from the token header
-const verify = async (token, kid, jwks) => {
-  const jwk = jwks.find(k => k.kid === kid);
-  if (!jwk) {
-    throw new Error(`Invalid kid: ${kid}, token: ${token}`);
-  }
-  const {
-    protectedHeader: header,
-    payload
-  } = await (0, _ioReactNativeJwt.verify)(token, jwk);
-  return {
-    header,
-    payload
-  };
-};
-/**
- * Return type for this function is necessary to avoid an issue during the bob build process.
- * It seems like typescript can't correctly infer the return type of the function.
- */
-exports.verify = verify;
-const decode = token => {
-  const {
-    protectedHeader: header,
-    payload
-  } = (0, _ioReactNativeJwt.decode)(token);
-  return {
-    header,
-    payload
-  };
-};
-/**
- * Extracts the X.509 Trust Anchor certificate (Base64 encoded) from the
- * Trust Anchor's Entity Configuration.
- *
- * @param trustAnchorEntity The entity configuration of the known trust anchor.
- * @returns The Base64 encoded X.509 certificate string.
- * @throws {FederationError} If the certificate cannot be derived.
- */
-exports.decode = decode;
-function getTrustAnchorX509Certificate(trustAnchorEntity) {
-  const taHeaderKid = trustAnchorEntity.header.kid;
-  const taSigningJwk = trustAnchorEntity.payload.jwks.keys.find(key => key.kid === taHeaderKid);
-  if (!taSigningJwk) {
-    throw new _errors.FederationError(`Cannot derive X.509 Trust Anchor certificate: JWK with kid '${taHeaderKid}' not found in Trust Anchor's JWKS.`, {
-      trustAnchorKid: taHeaderKid,
-      reason: "JWK not found for header kid"
-    });
-  }
-  if (taSigningJwk.x5c && taSigningJwk.x5c.length > 0 && taSigningJwk.x5c[0]) {
-    return taSigningJwk.x5c[0];
-  }
-  throw new _errors.FederationError(`Cannot derive X.509 Trust Anchor certificate: JWK with kid '${taHeaderKid}' does not contain a valid 'x5c' certificate array.`, {
-    trustAnchorKid: taHeaderKid,
-    reason: "Missing or empty x5c in JWK"
-  });
-}
-//# sourceMappingURL=utils.js.map

package/lib/commonjs/trust/utils.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["_ioReactNativeJwt","require","_errors","verify","token","kid","jwks","jwk","find","k","Error","protectedHeader","header","payload","verifyJwt","exports","decode","decodeJwt","getTrustAnchorX509Certificate","trustAnchorEntity","taHeaderKid","taSigningJwk","keys","key","FederationError","trustAnchorKid","reason","x5c","length"],"sourceRoot":"../../../src","sources":["trust/utils.ts"],"mappings":";;;;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAMA,IAAAC,OAAA,GAAAD,OAAA;AAQA;AACA;AACO,MAAME,MAAM,GAAG,MAAAA,CACpBC,KAAa,EACbC,GAAW,EACXC,IAAW,KACc;EACzB,MAAMC,GAAG,GAAGD,IAAI,CAACE,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,GAAG,KAAKA,GAAG,CAAC;EAC3C,IAAI,CAACE,GAAG,EAAE;IACR,MAAM,IAAIG,KAAK,CAAE,gBAAeL,GAAI,YAAWD,KAAM,EAAC,CAAC;EACzD;EACA,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAM,IAAAC,wBAAS,EAACV,KAAK,EAAEG,GAAG,CAAC;EACxE,OAAO;IAAEK,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;;AAED;AACA;AACA;AACA;AAHAE,OAAA,CAAAZ,MAAA,GAAAA,MAAA;AAIO,MAAMa,MAAM,GAAIZ,KAAa,IAAkB;EACpD,MAAM;IAAEO,eAAe,EAAEC,MAAM;IAAEC;EAAQ,CAAC,GAAG,IAAAI,wBAAS,EAACb,KAAK,CAAC;EAC7D,OAAO;IAAEQ,MAAM;IAAEC;EAAQ,CAAC;AAC5B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAE,OAAA,CAAAC,MAAA,GAAAA,MAAA;AAQO,SAASE,6BAA6BA,CAC3CC,iBAAiD,EACzC;EACR,MAAMC,WAAW,GAAGD,iBAAiB,CAACP,MAAM,CAACP,GAAG;EAChD,MAAMgB,YAAY,GAAGF,iBAAiB,CAACN,OAAO,CAACP,IAAI,CAACgB,IAAI,CAACd,IAAI,CAC1De,GAAG,IAAKA,GAAG,CAAClB,GAAG,KAAKe,WACvB,CAAC;EAED,IAAI,CAACC,YAAY,EAAE;IACjB,MAAM,IAAIG,uBAAe,CACtB,+DAA8DJ,WAAY,qCAAoC,EAC/G;MAAEK,cAAc,EAAEL,WAAW;MAAEM,MAAM,EAAE;IAA+B,CACxE,CAAC;EACH;EAEA,IAAIL,YAAY,CAACM,GAAG,IAAIN,YAAY,CAACM,GAAG,CAACC,MAAM,GAAG,CAAC,IAAIP,YAAY,CAACM,GAAG,CAAC,CAAC,CAAC,EAAE;IAC1E,OAAON,YAAY,CAACM,GAAG,CAAC,CAAC,CAAC;EAC5B;EAEA,MAAM,IAAIH,uBAAe,CACtB,+DAA8DJ,WAAY,qDAAoD,EAC/H;IAAEK,cAAc,EAAEL,WAAW;IAAEM,MAAM,EAAE;EAA8B,CACvE,CAAC;AACH"}

package/lib/commonjs/trust/verify-chain.js DELETED Viewed

@@ -1,188 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.renewTrustChain = renewTrustChain;
-exports.validateTrustChain = validateTrustChain;
-exports.verifyTrustChain = verifyTrustChain;
-var _types = require("./types");
-var z = _interopRequireWildcard(require("zod"));
-var _utils = require("./utils");
-var _errors = require("./errors");
-var _ioReactNativeCrypto = require("@pagopa/io-react-native-crypto");
-var _buildChain = require("./build-chain");
-function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
-function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
-// The first element of the chain is supposed to be the Entity Configuration for the document issuer
-const FirstElementShape = _types.EntityConfiguration;
-// Each element but the first is supposed to be an Entity Statement
-const MiddleElementShape = _types.EntityStatement;
-// The last element of the chain can either be an Entity Statement
-//  or the Entity Configuration for the known Trust Anchor
-const LastElementShape = z.union([_types.EntityStatement, _types.TrustAnchorEntityConfiguration]);
-/**
- * Validates a provided trust chain against a known trust anchor, including X.509 certificate checks.
- *
- * @param trustAnchorEntity The entity configuration of the known trust anchor (for JWT validation).
- * @param chain The chain of statements to be validated.
- * @param x509Options Options for X.509 certificate validation.
- * @returns The list of parsed tokens representing the chain.
- * @throws {FederationError} If the chain is not valid (JWT or X.509). Specific errors like TrustChainEmptyError, X509ValidationError may be thrown.
- */
-async function validateTrustChain(trustAnchorEntity, chain, x509Options) {
-  // If the chain is empty, fail
-  if (chain.length === 0) {
-    throw new _errors.TrustChainEmptyError("Cannot verify empty trust chain.");
-  }
-  // Select the expected token shape
-  const selectTokenShape = elementIndex => elementIndex === 0 ? FirstElementShape : elementIndex === chain.length - 1 ? LastElementShape : MiddleElementShape;
-  // Select the kid from the current index
-  const selectKid = currentIndex => {
-    const token = chain[currentIndex];
-    if (!token) {
-      throw new _errors.TrustChainTokenMissingError(`Token missing at index ${currentIndex} in trust chain.`, {
-        index: currentIndex
-      });
-    }
-    const shape = selectTokenShape(currentIndex);
-    return shape.parse((0, _utils.decode)(token)).header.kid;
-  };
-  // Select keys from the next token
-  // If the current token is the last, keys from trust anchor will be used
-  const selectKeys = currentIndex => {
-    if (currentIndex === chain.length - 1) {
-      return trustAnchorEntity.payload.jwks.keys;
-    }
-    const nextIndex = currentIndex + 1;
-    const nextToken = chain[nextIndex];
-    if (!nextToken) {
-      throw new _errors.TrustChainTokenMissingError(`Next token missing at index ${nextIndex} (needed for keys for token at ${currentIndex}).`, {
-        index: nextIndex
-      });
-    }
-    const shape = selectTokenShape(nextIndex);
-    return shape.parse((0, _utils.decode)(nextToken)).payload.jwks.keys;
-  };
-  const x509TrustAnchorCertBase64 = (0, _utils.getTrustAnchorX509Certificate)(trustAnchorEntity);
-  // Iterate the chain and validate each element's signature against the public keys of its next
-  // If there is no next, hence it's the end of the chain, and it must be verified by the Trust Anchor
-  const validationPromises = chain.map(async (tokenString, i) => {
-    const kidFromTokenHeader = selectKid(i);
-    const signerJwks = selectKeys(i);
-    // Step 1: Verify JWT signature
-    const parsedToken = await (0, _utils.verify)(tokenString, kidFromTokenHeader, signerJwks);
-    // Step 2: X.509 Certificate Chain Validation
-    const jwkUsedForVerification = signerJwks.find(k => k.kid === kidFromTokenHeader);
-    if (!jwkUsedForVerification) {
-      throw new _errors.FederationError(`JWK with kid '${kidFromTokenHeader}' was not found in signer's JWKS for token at index ${i}, though JWT verification passed.`, {
-        tokenIndex: i,
-        kid: kidFromTokenHeader
-      });
-    }
-    if (!jwkUsedForVerification.x5c || jwkUsedForVerification.x5c.length === 0) {
-      throw new _errors.MissingX509CertsError(`JWK with kid '${kidFromTokenHeader}' does not contain an X.509 certificate chain (x5c) for token at index ${i}.`);
-    }
-    // If the chain has more than one certificate AND
-    // the last certificate in the x5c chain is the same as the trust anchor,
-    // remove the anchor from the chain being passed, as it's supplied separately.
-    const certChainBase64 = jwkUsedForVerification.x5c.length > 1 && jwkUsedForVerification.x5c.at(-1) === x509TrustAnchorCertBase64 ? jwkUsedForVerification.x5c.slice(0, -1) : jwkUsedForVerification.x5c;
-    const x509ValidationResult = await (0, _ioReactNativeCrypto.verifyCertificateChain)(certChainBase64, x509TrustAnchorCertBase64, x509Options);
-    if (!x509ValidationResult.isValid) {
-      throw new _errors.X509ValidationError(`X.509 certificate chain validation failed for token at index ${i} (kid: ${kidFromTokenHeader}). Status: ${x509ValidationResult.validationStatus}. Error: ${x509ValidationResult.errorMessage}`, {
-        tokenIndex: i,
-        kid: kidFromTokenHeader,
-        x509ValidationStatus: x509ValidationResult.validationStatus,
-        x509ErrorMessage: x509ValidationResult.errorMessage
-      });
-    }
-    return parsedToken;
-  });
-  return Promise.all(validationPromises);
-}
-/**
- * Given a trust chain, obtain a new trust chain by fetching each element's fresh version
- *
- * @param chain The original chain
- * @param appFetch (optional) fetch api implementation
- * @returns A list of signed token that represent the trust chain, in the same order of the provided chain
- * @throws {FederationError} If the chain is not valid
- */
-async function renewTrustChain(chain) {
-  let appFetch = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : fetch;
-  return Promise.all(chain.map(async (token, index) => {
-    const decoded = (0, _utils.decode)(token);
-    const entityStatementResult = _types.EntityStatement.safeParse(decoded);
-    const entityConfigurationResult = _types.EntityConfiguration.safeParse(decoded);
-    if (entityConfigurationResult.success) {
-      return (0, _buildChain.getSignedEntityConfiguration)(entityConfigurationResult.data.payload.iss, {
-        appFetch
-      });
-    }
-    if (entityStatementResult.success) {
-      const entityStatement = entityStatementResult.data;
-      const parentBaseUrl = entityStatement.payload.iss;
-      const parentECJwt = await (0, _buildChain.getSignedEntityConfiguration)(parentBaseUrl, {
-        appFetch
-      });
-      const parentEC = _types.EntityConfiguration.parse((0, _utils.decode)(parentECJwt));
-      const federationFetchEndpoint = parentEC.payload.metadata.federation_entity.federation_fetch_endpoint;
-      if (!federationFetchEndpoint) {
-        throw new _errors.MissingFederationFetchEndpointError(`Parent EC at ${parentBaseUrl} is missing federation_fetch_endpoint, cannot renew ES for ${entityStatement.payload.sub}.`, {
-          entityBaseUrl: entityStatement.payload.sub,
-          missingInEntityUrl: parentBaseUrl
-        });
-      }
-      return (0, _buildChain.getSignedEntityStatement)(federationFetchEndpoint, entityStatement.payload.sub, {
-        appFetch
-      });
-    }
-    throw new _errors.TrustChainRenewalError(`Failed to renew trust chain. Reason: element #${index} failed to parse.`, {
-      originalChain: chain
-    });
-  }));
-}
-/**
- * Verify a given trust chain is actually valid.
- * It can handle fast chain renewal, which means we try to fetch a fresh version of each statement.
- *
- * @param trustAnchorEntity The entity configuration of the known trust anchor
- * @param chain The chain of statements to be validated
- * @param x509Options Options for the verification process
- * @param appFetch (optional) fetch api implementation
- * @param renewOnFail Whether to attempt to renew the trust chain if the initial validation fails
- * @returns The result of the chain validation
- * @throws {FederationError} If the chain is not valid
- */
-async function verifyTrustChain(trustAnchorEntity, chain) {
-  let x509Options = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {
-    connectTimeout: 10000,
-    readTimeout: 10000,
-    requireCrl: true
-  };
-  let {
-    appFetch = fetch,
-    renewOnFail = true
-  } = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {};
-  try {
-    return validateTrustChain(trustAnchorEntity, chain, x509Options);
-  } catch (error) {
-    if (renewOnFail) {
-      const renewedChain = await renewTrustChain(chain, appFetch);
-      return validateTrustChain(trustAnchorEntity, renewedChain, x509Options);
-    } else {
-      throw error;
-    }
-  }
-}
-//# sourceMappingURL=verify-chain.js.map