@pagopa/io-react-native-wallet 2.5.1 → 3.0.0

package/lib/module/credential/issuance/04-complete-user-authorization.js

@@ -1,247 +0,0 @@
-import { AuthorizationChallengeResultShape, AuthorizationErrorShape, AuthorizationResultShape } from "../../utils/auth";
-import { hasStatusOrThrow } from "../../utils/misc";
-import parseUrl from "parse-url";
-import { IssuerResponseError, ValidationFailed } from "../../utils/errors";
-import { decode, SignJWT } from "@pagopa/io-react-native-jwt";
-import { RequestObject } from "../presentation/types";
-import { ResponseUriResultShape } from "./types";
-import { getJwtFromFormPost } from "../../utils/decoder";
-import { AuthorizationError, AuthorizationIdpError } from "./errors";
-import { LogLevel, Logger } from "../../utils/logging";
-import { Presentation } from "..";
-
-/**
- * The interface of the phase to complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
- */
-
-/**
- * WARNING: this function must be called after obtaining the authorization redirect URL from the webviews (SPID and CIE L3) or browser for CIEID, and the PID
- * issuance requires a MRTD PoP challenge.
- * @param authRedirectUrl The URL to which the end user should be redirected to start the MRTD PoP validation flow
- * @returns the authorization response which contains the challenge
- */
-export const continueUserAuthorizationWithMRTDPoPChallenge = async authRedirectUrl => {
-  Logger.log(LogLevel.DEBUG, `The requested credential is a PersonIdentificationData and requires MRTD PoP, starting MRTD PoP validation from auth redirect`);
-  const query = parseUrl(authRedirectUrl).query;
-  const authResParsed = AuthorizationChallengeResultShape.safeParse(query);
-  if (!authResParsed.success) {
-    const authErr = AuthorizationErrorShape.safeParse(query);
-    if (!authErr.success) {
-      Logger.log(LogLevel.ERROR, `Error while parsing the authorization response: ${authResParsed.error.message}`);
-      throw new AuthorizationError(authResParsed.error.message); // an error occured while parsing the result and the error
-    }
-
-    Logger.log(LogLevel.ERROR, `Error while authorizating with the idp: ${JSON.stringify(authErr)}`);
-    throw new AuthorizationIdpError(authErr.data.error, authErr.data.error_description);
-  }
-  return authResParsed.data;
-};
-
-/**
- * WARNING: This function must be called after {@link startUserAuthorization}. The generated authUrl must be used to open a browser or webview capable of catching the redirectSchema to perform a get request to the authorization endpoint.
- * Builds the authorization URL to which the end user should be redirected to continue the authentication flow.
- * @param issuerRequestUri the URI of the issuer where the request is sent
- * @param clientId Identifies the current client across all the requests of the issuing flow returned by {@link startUserAuthorization}
- * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
- * @param idpHint Unique identifier of the IDP selected by the user (optional)
- * @returns An object containing the authorization URL
- */
-export const buildAuthorizationUrl = async (issuerRequestUri, clientId, issuerConf, idpHint) => {
-  const authzRequestEndpoint = issuerConf.oauth_authorization_server.authorization_endpoint;
-  const params = new URLSearchParams({
-    client_id: clientId,
-    request_uri: issuerRequestUri
-  });
-  if (idpHint) {
-    params.append("idphint", idpHint);
-  }
-  const authUrl = `${authzRequestEndpoint}?${params}`;
-  return {
-    authUrl
-  };
-};
-
-/**
- * WARNING: This function must be called after obtaining the authorization redirect URL from the webviews (SPID and CIE L3) or browser for CIEID.
- * Complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
- * This function parses the authorization redirect URL to extract the authorization response.
- * @param authRedirectUrl The URL to which the end user should be redirected to start the authentication flow
- * @returns the authorization response which contains code, state and iss
- */
-export const completeUserAuthorizationWithQueryMode = async authRedirectUrl => {
-  Logger.log(LogLevel.DEBUG, `The requested credential is a PersonIdentificationData, completing the user authorization with query mode`);
-  const query = parseUrl(authRedirectUrl).query;
-  return parseAuthorizationResponse(query);
-};
-
-/**
- * WARNING: This function must be called after {@link startUserAuthorization}. The next function to be called is {@link completeUserAuthorizationWithFormPostJwtMode}.
- * The interface of the phase to complete User authorization via presentation of existing credentials when the response mode is "form_post.jwt".
- * It is used as a first step to complete the user authorization by obtaining the requested credential to be presented from the authorization server.
- * The information is obtained by performing a GET request to the authorization endpoint with request_uri and client_id parameters.
- * @param issuerRequestUri the URI of the issuer where the request is sent
- * @param clientId Identifies the current client across all the requests of the issuing flow returned by {@link startUserAuthorization}
- * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
- * @param appFetch (optional) fetch api implementation. Default: built-in fetch
- * @throws {ValidationFailed} if an error while validating the response
- * @returns the request object which contains the credential to be presented in order to obtain the requested credential
- */
-export const getRequestedCredentialToBePresented = async function (issuerRequestUri, clientId, issuerConf) {
-  let appFetch = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : fetch;
-  Logger.log(LogLevel.DEBUG, `The requeste credential is not a PersonIdentificationData, requesting the credential to be presented`);
-  const authzRequestEndpoint = issuerConf.oauth_authorization_server.authorization_endpoint;
-  const params = new URLSearchParams({
-    client_id: clientId,
-    request_uri: issuerRequestUri
-  });
-  Logger.log(LogLevel.DEBUG, `Requesting the request object to ${authzRequestEndpoint}?${params.toString()}`);
-  const requestObject = await appFetch(`${authzRequestEndpoint}?${params.toString()}`, {
-    method: "GET"
-  }).then(hasStatusOrThrow(200, IssuerResponseError)).then(res => res.text()).then(jws => decode(jws)).then(reqObj => RequestObject.safeParse(reqObj.payload));
-  if (!requestObject.success) {
-    Logger.log(LogLevel.ERROR, `Error while validating the response object: ${requestObject.error.message}`);
-    throw new ValidationFailed({
-      message: "Request Object validation failed",
-      reason: requestObject.error.message
-    });
-  }
-  return requestObject.data;
-};
-
-/**
- * WARNING: This function must be called after {@link getRequestedCredentialToBePresented}. The next function to be called is {@link authorizeAccess}.
- * The interface of the phase to complete User authorization via presentation of existing credentials when the response mode is "form_post.jwt".
- * The information is obtained by performing a POST request to the endpoint received in the response_uri field of the requestObject, where the Authorization Response payload is posted.
- * Following this,the redirect_uri from the response is used to obtain the final authorization response.
- * @param requestObject - The request object containing the necessary parameters for authorization.
- * @param pid The `PID` that must be presented for the issuance of credentials.
- * @param appFetch (optional) fetch api implementation. Default: built-in fetch
- * @throws {ValidationFailed} if an error while validating the response
- * @returns the authorization response which contains code, state and iss
- */
-export const completeUserAuthorizationWithFormPostJwtMode = async (requestObject, pid, _ref) => {
-  let {
-    wiaCryptoContext,
-    pidCryptoContext,
-    appFetch = fetch
-  } = _ref;
-  Logger.log(LogLevel.DEBUG, `The requeste credential is not a PersonIdentificationData, completing the user authorization with form_post.jwt mode`);
-  if (!requestObject.dcql_query) {
-    throw new Error("Invalid request object");
-  }
-  const dcqlQueryResult = Presentation.evaluateDcqlQuery([[pidCryptoContext, pid]], requestObject.dcql_query);
-  const credentialsToPresent = dcqlQueryResult.map(_ref2 => {
-    let {
-      requiredDisclosures,
-      ...rest
-    } = _ref2;
-    return {
-      ...rest,
-      requestedClaims: requiredDisclosures.map(_ref3 => {
-        let [, claimName] = _ref3;
-        return claimName;
-      })
-    };
-  });
-  const remotePresentations = await Presentation.prepareRemotePresentations(credentialsToPresent, requestObject.nonce, requestObject.client_id);
-  const authzResponsePayload = await createAuthzResponsePayload({
-    state: requestObject.state,
-    remotePresentations,
-    wiaCryptoContext
-  });
-  Logger.log(LogLevel.DEBUG, `Authz response payload: ${authzResponsePayload}`);
-
-  // Note: according to the spec, the response should be encrypted with the public key of the RP however this is not implemented yet
-  // https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-signed-and-encrypted-response
-  // const rsaPublicJwk = chooseRSAPublicKeyToEncrypt(rpConf);
-  // const encrypted = await new EncryptJwe(authzResponsePayload, {
-  //   alg: "RSA-OAEP-256",
-  //   enc: "A256CBC-HS512",
-  //   kid: rsaPublicJwk.kid,
-  // }).encrypt(rsaPublicJwk);
-
-  const body = new URLSearchParams({
-    response: authzResponsePayload
-  }).toString();
-  const resUriRes = await appFetch(requestObject.response_uri, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded"
-    },
-    body
-  }).then(hasStatusOrThrow(200, IssuerResponseError)).then(reqUri => reqUri.json());
-  const responseUri = ResponseUriResultShape.safeParse(resUriRes);
-  if (!responseUri.success) {
-    Logger.log(LogLevel.ERROR, `Error while validating the response uri: ${responseUri.error.message}`);
-    throw new ValidationFailed({
-      message: "Response Uri validation failed",
-      reason: responseUri.error.message
-    });
-  }
-  return await appFetch(responseUri.data.redirect_uri).then(hasStatusOrThrow(200, IssuerResponseError)).then(res => res.text()).then(getJwtFromFormPost).then(cbRes => parseAuthorizationResponse(cbRes.decodedJwt.payload));
-};
-
-/**
- * Parse the authorization response and return the result which contains code, state and iss.
- * @throws {AuthorizationError} if an error occurs during the parsing process
- * @throws {AuthorizationIdpError} if an error occurs during the parsing process and the error is related to the IDP
- * @param authRes the authorization response to be parsed
- * @returns the authorization result which contains code, state and iss
- */
-export const parseAuthorizationResponse = authRes => {
-  const authResParsed = AuthorizationResultShape.safeParse(authRes);
-  if (!authResParsed.success) {
-    const authErr = AuthorizationErrorShape.safeParse(authRes);
-    if (!authErr.success) {
-      Logger.log(LogLevel.ERROR, `Error while parsing the authorization response: ${authResParsed.error.message}`);
-      throw new AuthorizationError(authResParsed.error.message); // an error occured while parsing the result and the error
-    }
-
-    Logger.log(LogLevel.ERROR, `Error while authorizating with the idp: ${JSON.stringify(authErr)}`);
-    throw new AuthorizationIdpError(authErr.data.error, authErr.data.error_description);
-  }
-  return authResParsed.data;
-};
-
-/**
- * Creates the authorization response payload to be sent.
- * This payload includes the state and the VP tokens for the presented credentials.
- * The payload is encoded in Base64.
- * @param state - The state parameter from the request object (optional).
- * @param remotePresentations - An array of remote presentations containing credential IDs and their corresponding VP tokens.
- * @returns The Base64 encoded authorization response payload.
- */
-const createAuthzResponsePayload = async _ref4 => {
-  let {
-    state,
-    remotePresentations,
-    wiaCryptoContext
-  } = _ref4;
-  const {
-    kid
-  } = await wiaCryptoContext.getPublicKey();
-  return new SignJWT(wiaCryptoContext).setProtectedHeader({
-    typ: "jwt",
-    kid
-  }).setPayload({
-    /**
-     * TODO [SIW-2264]: `state` coming from `requestObject` is marked as `optional`
-     * At the moment, it is not entirely clear whether this value can indeed be omitted
-     * and, if so, what the consequences of its absence might be.
-     */
-    ...(state ? {
-      state
-    } : {}),
-    vp_token: remotePresentations.reduce((vp_token, _ref5) => {
-      let {
-        credentialId,
-        vpToken
-      } = _ref5;
-      return {
-        ...vp_token,
-        [credentialId]: vpToken
-      };
-    }, {})
-  }).setIssuedAt().setExpirationTime("1h").sign();
-};
-//# sourceMappingURL=04-complete-user-authorization.js.map

package/lib/module/credential/issuance/04-complete-user-authorization.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["AuthorizationChallengeResultShape","AuthorizationErrorShape","AuthorizationResultShape","hasStatusOrThrow","parseUrl","IssuerResponseError","ValidationFailed","decode","SignJWT","RequestObject","ResponseUriResultShape","getJwtFromFormPost","AuthorizationError","AuthorizationIdpError","LogLevel","Logger","Presentation","continueUserAuthorizationWithMRTDPoPChallenge","authRedirectUrl","log","DEBUG","query","authResParsed","safeParse","success","authErr","ERROR","error","message","JSON","stringify","data","error_description","buildAuthorizationUrl","issuerRequestUri","clientId","issuerConf","idpHint","authzRequestEndpoint","oauth_authorization_server","authorization_endpoint","params","URLSearchParams","client_id","request_uri","append","authUrl","completeUserAuthorizationWithQueryMode","parseAuthorizationResponse","getRequestedCredentialToBePresented","appFetch","arguments","length","undefined","fetch","toString","requestObject","method","then","res","text","jws","reqObj","payload","reason","completeUserAuthorizationWithFormPostJwtMode","pid","_ref","wiaCryptoContext","pidCryptoContext","dcql_query","Error","dcqlQueryResult","evaluateDcqlQuery","credentialsToPresent","map","_ref2","requiredDisclosures","rest","requestedClaims","_ref3","claimName","remotePresentations","prepareRemotePresentations","nonce","authzResponsePayload","createAuthzResponsePayload","state","body","response","resUriRes","response_uri","headers","reqUri","json","responseUri","redirect_uri","cbRes","decodedJwt","authRes","_ref4","kid","getPublicKey","setProtectedHeader","typ","setPayload","vp_token","reduce","_ref5","credentialId","vpToken","setIssuedAt","setExpirationTime","sign"],"sourceRoot":"../../../../src","sources":["credential/issuance/04-complete-user-authorization.ts"],"mappings":"AAAA,SACEA,iCAAiC,EACjCC,uBAAuB,EACvBC,wBAAwB,QAGnB,kBAAkB;AACzB,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,OAAOC,QAAQ,MAAM,WAAW;AAChC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAE1E,SACEC,MAAM,EACNC,OAAO,QAEF,6BAA6B;AACpC,SAAkCC,aAAa,QAAQ,uBAAuB;AAC9E,SAASC,sBAAsB,QAAQ,SAAS;AAChD,SAASC,kBAAkB,QAAQ,qBAAqB;AACxD,SAASC,kBAAkB,EAAEC,qBAAqB,QAAQ,UAAU;AACpE,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AACtD,SAASC,YAAY,QAAQ,IAAI;;AAGjC;AACA;AACA;;AAmCA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,6CAA4F,GACvG,MAAOC,eAAe,IAAK;EACzBH,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACM,KAAK,EACb,+HACH,CAAC;EACD,MAAMC,KAAK,GAAGjB,QAAQ,CAACc,eAAe,CAAC,CAACG,KAAK;EAE7C,MAAMC,aAAa,GAAGtB,iCAAiC,CAACuB,SAAS,CAACF,KAAK,CAAC;EACxE,IAAI,CAACC,aAAa,CAACE,OAAO,EAAE;IAC1B,MAAMC,OAAO,GAAGxB,uBAAuB,CAACsB,SAAS,CAACF,KAAK,CAAC;IACxD,IAAI,CAACI,OAAO,CAACD,OAAO,EAAE;MACpBT,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACY,KAAK,EACb,mDAAkDJ,aAAa,CAACK,KAAK,CAACC,OAAQ,EACjF,CAAC;MACD,MAAM,IAAIhB,kBAAkB,CAACU,aAAa,CAACK,KAAK,CAACC,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACAb,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACY,KAAK,EACb,2CAA0CG,IAAI,CAACC,SAAS,CAACL,OAAO,CAAE,EACrE,CAAC;IACD,MAAM,IAAIZ,qBAAqB,CAC7BY,OAAO,CAACM,IAAI,CAACJ,KAAK,EAClBF,OAAO,CAACM,IAAI,CAACC,iBACf,CAAC;EACH;EACA,OAAOV,aAAa,CAACS,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,qBAA4C,GAAG,MAAAA,CAC1DC,gBAAgB,EAChBC,QAAQ,EACRC,UAAU,EACVC,OAAO,KACJ;EACH,MAAMC,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAE9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEF,IAAIG,OAAO,EAAE;IACXI,MAAM,CAACI,MAAM,CAAC,SAAS,EAAER,OAAO,CAAC;EACnC;EAEA,MAAMS,OAAO,GAAI,GAAER,oBAAqB,IAAGG,MAAO,EAAC;EAEnD,OAAO;IAAEK;EAAQ,CAAC;AACpB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sCAA8E,GACzF,MAAO7B,eAAe,IAAK;EACzBH,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACM,KAAK,EACb,2GACH,CAAC;EACD,MAAMC,KAAK,GAAGjB,QAAQ,CAACc,eAAe,CAAC,CAACG,KAAK;EAE7C,OAAO2B,0BAA0B,CAAC3B,KAAK,CAAC;AAC1C,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM4B,mCAAwE,GACnF,eAAAA,CAAOf,gBAAgB,EAAEC,QAAQ,EAAEC,UAAU,EAAuB;EAAA,IAArBc,QAAQ,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAC7DvC,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACM,KAAK,EACb,sGACH,CAAC;EACD,MAAMkB,oBAAoB,GACxBF,UAAU,CAACG,0BAA0B,CAACC,sBAAsB;EAC9D,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCC,SAAS,EAAER,QAAQ;IACnBS,WAAW,EAAEV;EACf,CAAC,CAAC;EAEFnB,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACM,KAAK,EACb,oCAAmCkB,oBAAqB,IAAGG,MAAM,CAACc,QAAQ,CAAC,CAAE,EAChF,CAAC;EAED,MAAMC,aAAa,GAAG,MAAMN,QAAQ,CACjC,GAAEZ,oBAAqB,IAAGG,MAAM,CAACc,QAAQ,CAAC,CAAE,EAAC,EAC9C;IAAEE,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAACvD,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDqD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,GAAG,IAAKtD,MAAM,CAACsD,GAAG,CAAC,CAAC,CAC1BH,IAAI,CAAEI,MAAM,IAAKrD,aAAa,CAACc,SAAS,CAACuC,MAAM,CAACC,OAAO,CAAC,CAAC;EAE5D,IAAI,CAACP,aAAa,CAAChC,OAAO,EAAE;IAC1BT,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACY,KAAK,EACb,+CAA8C8B,aAAa,CAAC7B,KAAK,CAACC,OAAQ,EAC7E,CAAC;IACD,MAAM,IAAItB,gBAAgB,CAAC;MACzBsB,OAAO,EAAE,kCAAkC;MAC3CoC,MAAM,EAAER,aAAa,CAAC7B,KAAK,CAACC;IAC9B,CAAC,CAAC;EACJ;EACA,OAAO4B,aAAa,CAACzB,IAAI;AAC3B,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMkC,4CAA0F,GACrG,MAAAA,CACET,aAAa,EACbU,GAAG,EAAAC,IAAA,KAEA;EAAA,IADH;IAAEC,gBAAgB;IAAEC,gBAAgB;IAAEnB,QAAQ,GAAGI;EAAM,CAAC,GAAAa,IAAA;EAExDpD,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACM,KAAK,EACb,sHACH,CAAC;EAED,IAAI,CAACoC,aAAa,CAACc,UAAU,EAAE;IAC7B,MAAM,IAAIC,KAAK,CAAC,wBAAwB,CAAC;EAC3C;EAEA,MAAMC,eAAe,GAAGxD,YAAY,CAACyD,iBAAiB,CACpD,CAAC,CAACJ,gBAAgB,EAAEH,GAAG,CAAC,CAAC,EACzBV,aAAa,CAACc,UAChB,CAAC;EAED,MAAMI,oBAAoB,GAAGF,eAAe,CAACG,GAAG,CAC9CC,KAAA;IAAA,IAAC;MAAEC,mBAAmB;MAAE,GAAGC;IAAK,CAAC,GAAAF,KAAA;IAAA,OAAM;MACrC,GAAGE,IAAI;MACPC,eAAe,EAAEF,mBAAmB,CAACF,GAAG,CAACK,KAAA;QAAA,IAAC,GAAGC,SAAS,CAAC,GAAAD,KAAA;QAAA,OAAKC,SAAS;MAAA;IACvE,CAAC;EAAA,CACH,CAAC;EAED,MAAMC,mBAAmB,GAAG,MAAMlE,YAAY,CAACmE,0BAA0B,CACvET,oBAAoB,EACpBlB,aAAa,CAAC4B,KAAK,EACnB5B,aAAa,CAACb,SAChB,CAAC;EAED,MAAM0C,oBAAoB,GAAG,MAAMC,0BAA0B,CAAC;IAC5DC,KAAK,EAAE/B,aAAa,CAAC+B,KAAK;IAC1BL,mBAAmB;IACnBd;EACF,CAAC,CAAC;EAEFrD,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACM,KAAK,EACb,2BAA0BiE,oBAAqB,EAClD,CAAC;;EAED;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;EAEA,MAAMG,IAAI,GAAG,IAAI9C,eAAe,CAAC;IAC/B+C,QAAQ,EAAEJ;EACZ,CAAC,CAAC,CAAC9B,QAAQ,CAAC,CAAC;EAEb,MAAMmC,SAAS,GAAG,MAAMxC,QAAQ,CAACM,aAAa,CAACmC,YAAY,EAAE;IAC3DlC,MAAM,EAAE,MAAM;IACdmC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDJ;EACF,CAAC,CAAC,CACC9B,IAAI,CAACvD,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDqD,IAAI,CAAEmC,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMC,WAAW,GAAGrF,sBAAsB,CAACa,SAAS,CAACmE,SAAS,CAAC;EAC/D,IAAI,CAACK,WAAW,CAACvE,OAAO,EAAE;IACxBT,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACY,KAAK,EACb,4CAA2CqE,WAAW,CAACpE,KAAK,CAACC,OAAQ,EACxE,CAAC;IACD,MAAM,IAAItB,gBAAgB,CAAC;MACzBsB,OAAO,EAAE,gCAAgC;MACzCoC,MAAM,EAAE+B,WAAW,CAACpE,KAAK,CAACC;IAC5B,CAAC,CAAC;EACJ;EAEA,OAAO,MAAMsB,QAAQ,CAAC6C,WAAW,CAAChE,IAAI,CAACiE,YAAY,CAAC,CACjDtC,IAAI,CAACvD,gBAAgB,CAAC,GAAG,EAAEE,mBAAmB,CAAC,CAAC,CAChDqD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAC/C,kBAAkB,CAAC,CACxB+C,IAAI,CAAEuC,KAAK,IAAKjD,0BAA0B,CAACiD,KAAK,CAACC,UAAU,CAACnC,OAAO,CAAC,CAAC;AAC1E,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMf,0BAA0B,GACrCmD,OAAgB,IACQ;EACxB,MAAM7E,aAAa,GAAGpB,wBAAwB,CAACqB,SAAS,CAAC4E,OAAO,CAAC;EACjE,IAAI,CAAC7E,aAAa,CAACE,OAAO,EAAE;IAC1B,MAAMC,OAAO,GAAGxB,uBAAuB,CAACsB,SAAS,CAAC4E,OAAO,CAAC;IAC1D,IAAI,CAAC1E,OAAO,CAACD,OAAO,EAAE;MACpBT,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACY,KAAK,EACb,mDAAkDJ,aAAa,CAACK,KAAK,CAACC,OAAQ,EACjF,CAAC;MACD,MAAM,IAAIhB,kBAAkB,CAACU,aAAa,CAACK,KAAK,CAACC,OAAO,CAAC,CAAC,CAAC;IAC7D;;IACAb,MAAM,CAACI,GAAG,CACRL,QAAQ,CAACY,KAAK,EACb,2CAA0CG,IAAI,CAACC,SAAS,CAACL,OAAO,CAAE,EACrE,CAAC;IACD,MAAM,IAAIZ,qBAAqB,CAC7BY,OAAO,CAACM,IAAI,CAACJ,KAAK,EAClBF,OAAO,CAACM,IAAI,CAACC,iBACf,CAAC;EACH;EACA,OAAOV,aAAa,CAACS,IAAI;AAC3B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMuD,0BAA0B,GAAG,MAAAc,KAAA,IAQZ;EAAA,IARmB;IACxCb,KAAK;IACLL,mBAAmB;IACnBd;EAKF,CAAC,GAAAgC,KAAA;EACC,MAAM;IAAEC;EAAI,CAAC,GAAG,MAAMjC,gBAAgB,CAACkC,YAAY,CAAC,CAAC;EAErD,OAAO,IAAI9F,OAAO,CAAC4D,gBAAgB,CAAC,CACjCmC,kBAAkB,CAAC;IAClBC,GAAG,EAAE,KAAK;IACVH;EACF,CAAC,CAAC,CACDI,UAAU,CAAC;IACV;AACN;AACA;AACA;AACA;IACM,IAAIlB,KAAK,GAAG;MAAEA;IAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3BmB,QAAQ,EAAExB,mBAAmB,CAACyB,MAAM,CAClC,CAACD,QAAQ,EAAAE,KAAA;MAAA,IAAE;QAAEC,YAAY;QAAEC;MAAQ,CAAC,GAAAF,KAAA;MAAA,OAAM;QACxC,GAAGF,QAAQ;QACX,CAACG,YAAY,GAAGC;MAClB,CAAC;IAAA,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC"}

package/lib/module/credential/issuance/05-authorize-access.js

@@ -1,78 +0,0 @@
-import { hasStatusOrThrow } from "../../utils/misc";
-import { createDPopToken } from "../../utils/dpop";
-import { v4 as uuidv4 } from "uuid";
-import { createPopToken } from "../../utils/pop";
-import * as WalletInstanceAttestation from "../../wallet-instance-attestation";
-import { TokenResponse } from "./types";
-import { IssuerResponseError, ValidationFailed } from "../../utils/errors";
-import { LogLevel, Logger } from "../../utils/logging";
-/**
- * Creates and sends the DPoP Proof JWT to be presented with the authorization code to the /token endpoint of the authorization server
- * for requesting the issuance of an access token bound to the public key of the Wallet Instance contained within the DPoP.
- * This enables the Wallet Instance to request a digital credential.
- * The DPoP Proof JWT is generated according to the section 4.3 of the DPoP RFC 9449 specification.
- * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
- * @param code The authorization code returned by {@link completeUserAuthorizationWithQueryMode} or {@link completeUserAuthorizationWithFormPost}
- * @param redirectUri The redirect URI which is the custom URL scheme that the Wallet Instance is registered to handle
- * @param clientId The client id returned by {@link startUserAuthorization}
- * @param codeVerifier The code verifier returned by {@link startUserAuthorization}
- * @param context.walletInstanceAttestation The Wallet Instance's attestation
- * @param context.wiaCryptoContext The Wallet Instance's crypto context
- * @param context.dPopCryptoContext The DPoP crypto context
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @throws {ValidationFailed} if an error occurs while parsing the token response
- * @throws {IssuerResponseError} with a specific code for more context
- * @return The token response containing the access token along with the token request signed with DPoP which has to be used in the {@link obtainCredential} step.
- */
-export const authorizeAccess = async (issuerConf, code, _, redirectUri, codeVerifier, context) => {
-  const {
-    appFetch = fetch,
-    walletInstanceAttestation,
-    wiaCryptoContext,
-    dPopCryptoContext
-  } = context;
-  const aud = issuerConf.openid_credential_issuer.credential_issuer;
-  const iss = WalletInstanceAttestation.decode(walletInstanceAttestation).payload.cnf.jwk.kid;
-  const tokenUrl = issuerConf.oauth_authorization_server.token_endpoint;
-  const tokenRequestSignedDPop = await createDPopToken({
-    htm: "POST",
-    htu: tokenUrl,
-    jti: `${uuidv4()}`
-  }, dPopCryptoContext);
-  Logger.log(LogLevel.DEBUG, `Token request DPoP: ${tokenRequestSignedDPop}`);
-  const signedWiaPoP = await createPopToken({
-    jti: `${uuidv4()}`,
-    aud,
-    iss
-  }, wiaCryptoContext);
-  Logger.log(LogLevel.DEBUG, `WIA DPoP token: ${signedWiaPoP}`);
-  const requestBody = {
-    grant_type: "authorization_code",
-    code,
-    code_verifier: codeVerifier,
-    redirect_uri: redirectUri
-  };
-  const authorizationRequestFormBody = new URLSearchParams(requestBody);
-  Logger.log(LogLevel.DEBUG, `Auth form request body: ${authorizationRequestFormBody}`);
-  const tokenRes = await appFetch(tokenUrl, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/x-www-form-urlencoded",
-      DPoP: tokenRequestSignedDPop,
-      "OAuth-Client-Attestation": walletInstanceAttestation,
-      "OAuth-Client-Attestation-PoP": signedWiaPoP
-    },
-    body: authorizationRequestFormBody.toString()
-  }).then(hasStatusOrThrow(200, IssuerResponseError)).then(res => res.json()).then(body => TokenResponse.safeParse(body));
-  if (!tokenRes.success) {
-    Logger.log(LogLevel.ERROR, `Token Response validation failed: ${tokenRes.error.message}`);
-    throw new ValidationFailed({
-      message: "Token Response validation failed",
-      reason: tokenRes.error.message
-    });
-  }
-  return {
-    accessToken: tokenRes.data
-  };
-};
-//# sourceMappingURL=05-authorize-access.js.map

package/lib/module/credential/issuance/05-authorize-access.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["hasStatusOrThrow","createDPopToken","v4","uuidv4","createPopToken","WalletInstanceAttestation","TokenResponse","IssuerResponseError","ValidationFailed","LogLevel","Logger","authorizeAccess","issuerConf","code","_","redirectUri","codeVerifier","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","dPopCryptoContext","aud","openid_credential_issuer","credential_issuer","iss","decode","payload","cnf","jwk","kid","tokenUrl","oauth_authorization_server","token_endpoint","tokenRequestSignedDPop","htm","htu","jti","log","DEBUG","signedWiaPoP","requestBody","grant_type","code_verifier","redirect_uri","authorizationRequestFormBody","URLSearchParams","tokenRes","method","headers","DPoP","body","toString","then","res","json","safeParse","success","ERROR","error","message","reason","accessToken","data"],"sourceRoot":"../../../../src","sources":["credential/issuance/05-authorize-access.ts"],"mappings":"AAAA,SAASA,gBAAgB,QAAkB,kBAAkB;AAG7D,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,cAAc,QAAQ,iBAAiB;AAChD,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAE9E,SAASC,aAAa,QAAQ,SAAS;AACvC,SAASC,mBAAmB,EAAEC,gBAAgB,QAAQ,oBAAoB;AAE1E,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAgBtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAgC,GAAG,MAAAA,CAC9CC,UAAU,EACVC,IAAI,EACJC,CAAC,EACDC,WAAW,EACXC,YAAY,EACZC,OAAO,KACJ;EACH,MAAM;IACJC,QAAQ,GAAGC,KAAK;IAChBC,yBAAyB;IACzBC,gBAAgB;IAChBC;EACF,CAAC,GAAGL,OAAO;EACX,MAAMM,GAAG,GAAGX,UAAU,CAACY,wBAAwB,CAACC,iBAAiB;EACjE,MAAMC,GAAG,GAAGrB,yBAAyB,CAACsB,MAAM,CAACP,yBAAyB,CAAC,CACpEQ,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;EAEtB,MAAMC,QAAQ,GAAGpB,UAAU,CAACqB,0BAA0B,CAACC,cAAc;EAErE,MAAMC,sBAAsB,GAAG,MAAMlC,eAAe,CAClD;IACEmC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEL,QAAQ;IACbM,GAAG,EAAG,GAAEnC,MAAM,CAAC,CAAE;EACnB,CAAC,EACDmB,iBACF,CAAC;EAEDZ,MAAM,CAAC6B,GAAG,CAAC9B,QAAQ,CAAC+B,KAAK,EAAG,uBAAsBL,sBAAuB,EAAC,CAAC;EAE3E,MAAMM,YAAY,GAAG,MAAMrC,cAAc,CACvC;IACEkC,GAAG,EAAG,GAAEnC,MAAM,CAAC,CAAE,EAAC;IAClBoB,GAAG;IACHG;EACF,CAAC,EACDL,gBACF,CAAC;EAEDX,MAAM,CAAC6B,GAAG,CAAC9B,QAAQ,CAAC+B,KAAK,EAAG,mBAAkBC,YAAa,EAAC,CAAC;EAE7D,MAAMC,WAAW,GAAG;IAClBC,UAAU,EAAE,oBAAoB;IAChC9B,IAAI;IACJ+B,aAAa,EAAE5B,YAAY;IAC3B6B,YAAY,EAAE9B;EAChB,CAAC;EAED,MAAM+B,4BAA4B,GAAG,IAAIC,eAAe,CAACL,WAAW,CAAC;EAErEhC,MAAM,CAAC6B,GAAG,CACR9B,QAAQ,CAAC+B,KAAK,EACb,2BAA0BM,4BAA6B,EAC1D,CAAC;EAED,MAAME,QAAQ,GAAG,MAAM9B,QAAQ,CAACc,QAAQ,EAAE;IACxCiB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAEhB,sBAAsB;MAC5B,0BAA0B,EAAEf,yBAAyB;MACrD,8BAA8B,EAAEqB;IAClC,CAAC;IACDW,IAAI,EAAEN,4BAA4B,CAACO,QAAQ,CAAC;EAC9C,CAAC,CAAC,CACCC,IAAI,CAACtD,gBAAgB,CAAC,GAAG,EAAEO,mBAAmB,CAAC,CAAC,CAChD+C,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEF,IAAI,IAAK9C,aAAa,CAACmD,SAAS,CAACL,IAAI,CAAC,CAAC;EAEhD,IAAI,CAACJ,QAAQ,CAACU,OAAO,EAAE;IACrBhD,MAAM,CAAC6B,GAAG,CACR9B,QAAQ,CAACkD,KAAK,EACb,qCAAoCX,QAAQ,CAACY,KAAK,CAACC,OAAQ,EAC9D,CAAC;IAED,MAAM,IAAIrD,gBAAgB,CAAC;MACzBqD,OAAO,EAAE,kCAAkC;MAC3CC,MAAM,EAAEd,QAAQ,CAACY,KAAK,CAACC;IACzB,CAAC,CAAC;EACJ;EAEA,OAAO;IAAEE,WAAW,EAAEf,QAAQ,CAACgB;EAAK,CAAC;AACvC,CAAC"}

package/lib/module/credential/issuance/06-obtain-credential.js

@@ -1,160 +0,0 @@
-import { sha256ToBase64, SignJWT } from "@pagopa/io-react-native-jwt";
-import { hasStatusOrThrow } from "../../utils/misc";
-import { IssuerResponseError, IssuerResponseErrorCodes, ResponseErrorBuilder, UnexpectedStatusCodeError, ValidationFailed } from "../../utils/errors";
-import { CredentialResponse, NonceResponse } from "./types";
-import { createDPopToken } from "../../utils/dpop";
-import { v4 as uuidv4 } from "uuid";
-import { LogLevel, Logger } from "../../utils/logging";
-export const createNonceProof = async (nonce, issuer, audience, ctx) => {
-  const jwk = await ctx.getPublicKey();
-  return new SignJWT(ctx).setPayload({
-    nonce
-  }).setProtectedHeader({
-    typ: "openid4vci-proof+jwt",
-    jwk
-  }).setAudience(audience).setIssuer(issuer).setIssuedAt().setExpirationTime("5min").sign();
-};
-
-/**
- * Obtains the credential from the issuer.
- * The key pair of the credentialCryptoContext is used for Openid4vci proof JWT to be presented with the Access Token and the DPoP Proof JWT at the Credential Endpoint
- * of the Credential Issuer to request the issuance of a credential linked to the public key contained in the JWT proof.
- * The Openid4vci proof JWT incapsulates the nonce extracted from the token response from the {@link authorizeAccess} step.
- * The credential request is sent to the Credential Endpoint of the Credential Issuer via HTTP POST with the type of the credential, its format, the access token and the JWT proof.
- * @param issuerConf The issuer configuration returned by {@link evaluateIssuerTrust}
- * @param accessToken The access token response returned by {@link authorizeAccess}
- * @param clientId The client id returned by {@link startUserAuthorization}
- * @param credentialDefinition The credential definition of the credential to be obtained returned by {@link authorizeAccess}
- * @param context.credentialCryptoContext The crypto context used to obtain the credential
- * @param context.dPopCryptoContext The DPoP crypto context
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @param operationType Specify the type of credential issuance (used for reissuing)
- * @returns The credential response containing the credential
- */
-export const obtainCredential = async (issuerConf, accessToken, clientId, credentialDefinition, context, operationType) => {
-  const {
-    credentialCryptoContext,
-    appFetch = fetch,
-    dPopCryptoContext
-  } = context;
-  const {
-    credential_configuration_id,
-    credential_identifier
-  } = credentialDefinition;
-  const credentialUrl = issuerConf.openid_credential_issuer.credential_endpoint;
-  const issuerUrl = issuerConf.oauth_authorization_server.issuer;
-  const nonceUrl = issuerConf.openid_credential_issuer.nonce_endpoint;
-
-  // Fetch the nonce from the Credential Issuer
-  const {
-    c_nonce
-  } = await appFetch(nonceUrl, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json"
-    }
-  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(body => NonceResponse.parse(body));
-
-  /**
-   * JWT proof token to bind the request nonce to the key that will bind the holder User with the Credential
-   * This is presented along with the access token to the Credential Endpoint as proof of possession of the private key used to sign the Access Token.
-   * @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-proof-types
-   */
-  const signedNonceProof = await createNonceProof(c_nonce, clientId, issuerUrl, credentialCryptoContext);
-  Logger.log(LogLevel.DEBUG, `Signed nonce proof: ${signedNonceProof}`);
-
-  // Validation of accessTokenResponse.authorization_details if contain credentialDefinition
-  const containsCredentialDefinition = accessToken.authorization_details.some(c => c.credential_configuration_id === credential_configuration_id && (credential_identifier ? c.credential_identifiers.includes(credential_identifier) : true));
-  if (!containsCredentialDefinition) {
-    Logger.log(LogLevel.ERROR, `Credential definition not found in the access token response ${accessToken.authorization_details}`);
-    throw new ValidationFailed({
-      message: "The access token response does not contain the requested credential"
-    });
-  }
-
-  /**
-   * The credential request body.
-   * We accept both `credential_identifier` (recommended) and `credential_configuration_id`
-   * when the Authorization Server does not support `credential_identifier`.
-   * @see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-15.html#section-3.3.4
-   */
-  const credentialRequestFormBody = credential_identifier ? {
-    credential_identifier: credential_identifier,
-    proof: {
-      jwt: signedNonceProof,
-      proof_type: "jwt"
-    }
-  } : {
-    credential_configuration_id: credential_configuration_id,
-    proof: {
-      jwt: signedNonceProof,
-      proof_type: "jwt"
-    }
-  };
-  Logger.log(LogLevel.DEBUG, `Credential request body: ${JSON.stringify(credentialRequestFormBody)}`);
-  const tokenRequestSignedDPop = await createDPopToken({
-    htm: "POST",
-    htu: credentialUrl,
-    jti: `${uuidv4()}`,
-    ath: await sha256ToBase64(accessToken.access_token)
-  }, dPopCryptoContext);
-  Logger.log(LogLevel.DEBUG, `Token request DPoP: ${tokenRequestSignedDPop}`);
-  const credentialRes = await appFetch(credentialUrl, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      DPoP: tokenRequestSignedDPop,
-      Authorization: `${accessToken.token_type} ${accessToken.access_token}`,
-      ...(operationType === "reissuing" && {
-        operationType
-      })
-    },
-    body: JSON.stringify(credentialRequestFormBody)
-  }).then(hasStatusOrThrow(200)).then(res => res.json()).then(body => CredentialResponse.safeParse(body)).catch(handleObtainCredentialError);
-  if (!credentialRes.success) {
-    Logger.log(LogLevel.ERROR, `Credential Response validation failed: ${credentialRes.error.message}`);
-    throw new ValidationFailed({
-      message: "Credential Response validation failed",
-      reason: credentialRes.error.message
-    });
-  }
-  Logger.log(LogLevel.DEBUG, `Credential Response: ${JSON.stringify(credentialRes.data)}`);
-
-  // Extract the format corresponding to the credential_configuration_id used
-  const issuerCredentialConfig = issuerConf.openid_credential_issuer.credential_configurations_supported[credential_configuration_id];
-
-  // TODO: [SIW-2264] Handle multiple credentials
-  return {
-    credential: credentialRes.data.credentials.at(0).credential,
-    format: issuerCredentialConfig.format
-  };
-};
-
-/**
- * Handle the credential error by mapping it to a custom exception.
- * If the error is not an instance of {@link UnexpectedStatusCodeError}, it is thrown as is.
- * @param e - The error to be handled
- * @throws {IssuerResponseError} with a specific code for more context
- */
-const handleObtainCredentialError = e => {
-  Logger.log(LogLevel.ERROR, `Error occurred while obtaining credential: ${e}`);
-  if (!(e instanceof UnexpectedStatusCodeError)) {
-    throw e;
-  }
-  throw new ResponseErrorBuilder(IssuerResponseError).handle(201, {
-    // Although it is technically not an error, we handle it as such to avoid
-    // changing the return type of `obtainCredential` and introduce a breaking change.
-    code: IssuerResponseErrorCodes.CredentialIssuingNotSynchronous,
-    message: "This credential cannot be issued synchronously. It will be available at a later time."
-  }).handle(403, {
-    code: IssuerResponseErrorCodes.CredentialInvalidStatus,
-    message: "Invalid status found for the given credential"
-  }).handle(404, {
-    code: IssuerResponseErrorCodes.CredentialInvalidStatus,
-    message: "Invalid status found for the given credential"
-  }).handle("*", {
-    code: IssuerResponseErrorCodes.CredentialRequestFailed,
-    message: "Unable to obtain the requested credential"
-  }).buildFrom(e);
-};
-//# sourceMappingURL=06-obtain-credential.js.map

package/lib/module/credential/issuance/06-obtain-credential.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["sha256ToBase64","SignJWT","hasStatusOrThrow","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","ValidationFailed","CredentialResponse","NonceResponse","createDPopToken","v4","uuidv4","LogLevel","Logger","createNonceProof","nonce","issuer","audience","ctx","jwk","getPublicKey","setPayload","setProtectedHeader","typ","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","obtainCredential","issuerConf","accessToken","clientId","credentialDefinition","context","operationType","credentialCryptoContext","appFetch","fetch","dPopCryptoContext","credential_configuration_id","credential_identifier","credentialUrl","openid_credential_issuer","credential_endpoint","issuerUrl","oauth_authorization_server","nonceUrl","nonce_endpoint","c_nonce","method","headers","then","res","json","body","parse","signedNonceProof","log","DEBUG","containsCredentialDefinition","authorization_details","some","c","credential_identifiers","includes","ERROR","message","credentialRequestFormBody","proof","jwt","proof_type","JSON","stringify","tokenRequestSignedDPop","htm","htu","jti","ath","access_token","credentialRes","DPoP","Authorization","token_type","safeParse","catch","handleObtainCredentialError","success","error","reason","data","issuerCredentialConfig","credential_configurations_supported","credential","credentials","at","format","e","handle","code","CredentialIssuingNotSynchronous","CredentialInvalidStatus","CredentialRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":"AAAA,SAEEA,cAAc,EACdC,OAAO,QACF,6BAA6B;AAGpC,SAASC,gBAAgB,QAAkB,kBAAkB;AAE7D,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,EACpBC,yBAAyB,EACzBC,gBAAgB,QACX,oBAAoB;AAC3B,SAASC,kBAAkB,EAAEC,aAAa,QAAQ,SAAS;AAC3D,SAASC,eAAe,QAAQ,kBAAkB;AAClD,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAsBtD,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,MAAMC,GAAG,GAAG,MAAMD,GAAG,CAACE,YAAY,CAAC,CAAC;EACpC,OAAO,IAAIpB,OAAO,CAACkB,GAAG,CAAC,CACpBG,UAAU,CAAC;IACVN;EACF,CAAC,CAAC,CACDO,kBAAkB,CAAC;IAClBC,GAAG,EAAE,sBAAsB;IAC3BJ;EACF,CAAC,CAAC,CACDK,WAAW,CAACP,QAAQ,CAAC,CACrBQ,SAAS,CAACT,MAAM,CAAC,CACjBU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;AACX,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,WAAW,EACXC,QAAQ,EACRC,oBAAoB,EACpBC,OAAO,EACPC,aAAa,KACV;EACH,MAAM;IACJC,uBAAuB;IACvBC,QAAQ,GAAGC,KAAK;IAChBC;EACF,CAAC,GAAGL,OAAO;EACX,MAAM;IAAEM,2BAA2B;IAAEC;EAAsB,CAAC,GAC1DR,oBAAoB;EAEtB,MAAMS,aAAa,GAAGZ,UAAU,CAACa,wBAAwB,CAACC,mBAAmB;EAC7E,MAAMC,SAAS,GAAGf,UAAU,CAACgB,0BAA0B,CAAC9B,MAAM;EAC9D,MAAM+B,QAAQ,GAAGjB,UAAU,CAACa,wBAAwB,CAACK,cAAc;;EAEnE;EACA,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAMZ,QAAQ,CAACU,QAAQ,EAAE;IAC3CG,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MAAE,cAAc,EAAE;IAAmB;EAChD,CAAC,CAAC,CACCC,IAAI,CAACnD,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BmD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,IAAI,IAAK/C,aAAa,CAACgD,KAAK,CAACD,IAAI,CAAC,CAAC;;EAE5C;AACF;AACA;AACA;AACA;EACE,MAAME,gBAAgB,GAAG,MAAM3C,gBAAgB,CAC7CmC,OAAO,EACPjB,QAAQ,EACRa,SAAS,EACTT,uBACF,CAAC;EAEDvB,MAAM,CAAC6C,GAAG,CAAC9C,QAAQ,CAAC+C,KAAK,EAAG,uBAAsBF,gBAAiB,EAAC,CAAC;;EAErE;EACA,MAAMG,4BAA4B,GAAG7B,WAAW,CAAC8B,qBAAqB,CAACC,IAAI,CACxEC,CAAC,IACAA,CAAC,CAACvB,2BAA2B,KAAKA,2BAA2B,KAC5DC,qBAAqB,GAClBsB,CAAC,CAACC,sBAAsB,CAACC,QAAQ,CAACxB,qBAAqB,CAAC,GACxD,IAAI,CACZ,CAAC;EAED,IAAI,CAACmB,4BAA4B,EAAE;IACjC/C,MAAM,CAAC6C,GAAG,CACR9C,QAAQ,CAACsD,KAAK,EACb,gEAA+DnC,WAAW,CAAC8B,qBAAsB,EACpG,CAAC;IACD,MAAM,IAAIvD,gBAAgB,CAAC;MACzB6D,OAAO,EACL;IACJ,CAAC,CAAC;EACJ;;EAEA;AACF;AACA;AACA;AACA;AACA;EACE,MAAMC,yBAAyB,GAAG3B,qBAAqB,GACnD;IACEA,qBAAqB,EAAEA,qBAAqB;IAC5C4B,KAAK,EAAE;MAAEC,GAAG,EAAEb,gBAAgB;MAAEc,UAAU,EAAE;IAAM;EACpD,CAAC,GACD;IACE/B,2BAA2B,EAAEA,2BAA2B;IACxD6B,KAAK,EAAE;MAAEC,GAAG,EAAEb,gBAAgB;MAAEc,UAAU,EAAE;IAAM;EACpD,CAAC;EAEL1D,MAAM,CAAC6C,GAAG,CACR9C,QAAQ,CAAC+C,KAAK,EACb,4BAA2Ba,IAAI,CAACC,SAAS,CAACL,yBAAyB,CAAE,EACxE,CAAC;EAED,MAAMM,sBAAsB,GAAG,MAAMjE,eAAe,CAClD;IACEkE,GAAG,EAAE,MAAM;IACXC,GAAG,EAAElC,aAAa;IAClBmC,GAAG,EAAG,GAAElE,MAAM,CAAC,CAAE,EAAC;IAClBmE,GAAG,EAAE,MAAM/E,cAAc,CAACgC,WAAW,CAACgD,YAAY;EACpD,CAAC,EACDxC,iBACF,CAAC;EAED1B,MAAM,CAAC6C,GAAG,CAAC9C,QAAQ,CAAC+C,KAAK,EAAG,uBAAsBe,sBAAuB,EAAC,CAAC;EAE3E,MAAMM,aAAa,GAAG,MAAM3C,QAAQ,CAACK,aAAa,EAAE;IAClDQ,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,kBAAkB;MAClC8B,IAAI,EAAEP,sBAAsB;MAC5BQ,aAAa,EAAG,GAAEnD,WAAW,CAACoD,UAAW,IAAGpD,WAAW,CAACgD,YAAa,EAAC;MACtE,IAAI5C,aAAa,KAAK,WAAW,IAAI;QAAEA;MAAc,CAAC;IACxD,CAAC;IACDoB,IAAI,EAAEiB,IAAI,CAACC,SAAS,CAACL,yBAAyB;EAChD,CAAC,CAAC,CACChB,IAAI,CAACnD,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BmD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,IAAI,IAAKhD,kBAAkB,CAAC6E,SAAS,CAAC7B,IAAI,CAAC,CAAC,CAClD8B,KAAK,CAACC,2BAA2B,CAAC;EAErC,IAAI,CAACN,aAAa,CAACO,OAAO,EAAE;IAC1B1E,MAAM,CAAC6C,GAAG,CACR9C,QAAQ,CAACsD,KAAK,EACb,0CAAyCc,aAAa,CAACQ,KAAK,CAACrB,OAAQ,EACxE,CAAC;IACD,MAAM,IAAI7D,gBAAgB,CAAC;MACzB6D,OAAO,EAAE,uCAAuC;MAChDsB,MAAM,EAAET,aAAa,CAACQ,KAAK,CAACrB;IAC9B,CAAC,CAAC;EACJ;EAEAtD,MAAM,CAAC6C,GAAG,CACR9C,QAAQ,CAAC+C,KAAK,EACb,wBAAuBa,IAAI,CAACC,SAAS,CAACO,aAAa,CAACU,IAAI,CAAE,EAC7D,CAAC;;EAED;EACA,MAAMC,sBAAsB,GAC1B7D,UAAU,CAACa,wBAAwB,CAACiD,mCAAmC,CACrEpD,2BAA2B,CAC5B;;EAEH;EACA,OAAO;IACLqD,UAAU,EAAEb,aAAa,CAACU,IAAI,CAACI,WAAW,CAACC,EAAE,CAAC,CAAC,CAAC,CAAEF,UAAU;IAC5DG,MAAM,EAAEL,sBAAsB,CAAEK;EAClC,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMV,2BAA2B,GAAIW,CAAU,IAAK;EAClDpF,MAAM,CAAC6C,GAAG,CAAC9C,QAAQ,CAACsD,KAAK,EAAG,8CAA6C+B,CAAE,EAAC,CAAC;EAE7E,IAAI,EAAEA,CAAC,YAAY5F,yBAAyB,CAAC,EAAE;IAC7C,MAAM4F,CAAC;EACT;EAEA,MAAM,IAAI7F,oBAAoB,CAACF,mBAAmB,CAAC,CAChDgG,MAAM,CAAC,GAAG,EAAE;IACX;IACA;IACAC,IAAI,EAAEhG,wBAAwB,CAACiG,+BAA+B;IAC9DjC,OAAO,EACL;EACJ,CAAC,CAAC,CACD+B,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEhG,wBAAwB,CAACkG,uBAAuB;IACtDlC,OAAO,EAAE;EACX,CAAC,CAAC,CACD+B,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEhG,wBAAwB,CAACkG,uBAAuB;IACtDlC,OAAO,EAAE;EACX,CAAC,CAAC,CACD+B,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEhG,wBAAwB,CAACmG,uBAAuB;IACtDnC,OAAO,EAAE;EACX,CAAC,CAAC,CACDoC,SAAS,CAACN,CAAC,CAAC;AACjB,CAAC"}