npm - @pagopa/io-react-native-wallet - Versions diffs - 2.5.1 → 3.0.0 - Mend

@pagopa/io-react-native-wallet 2.5.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1551) hide show

package/lib/module/credential/issuance/07-verify-and-parse-credential.js DELETED Viewed

@@ -1,382 +0,0 @@
-import { IoWalletError } from "../../utils/errors";
-import { SdJwt4VC, verify as verifySdJwt } from "../../sd-jwt";
-import { isSameThumbprint } from "../../utils/jwk";
-import { getParsedCredentialClaimKey, verify as verifyMdoc } from "../../mdoc";
-import { MDOC_DEFAULT_NAMESPACE } from "../../mdoc/const";
-import { Logger, LogLevel } from "../../utils/logging";
-import { extractElementValueAsDate } from "../../mdoc/converter";
-import { SDJwtInstance } from "@sd-jwt/core";
-import { digest } from "@sd-jwt/crypto-nodejs";
-import { isPathEqual, isPrefixOf } from "../../utils/parser";
-// The credential as a collection of attributes in plain value
-/**
- * Parse a Sd-Jwt credential according to the issuer configuration
- * @param credentialConfig - the list of supported credentials, as defined in the issuer configuration with their claims metadata
- * @param parsedCredentialRaw - the raw parsed credential
- * @param ignoreMissingAttributes - skip error when attributes declared in the issuer configuration are not found within disclosures
- * @param includeUndefinedAttributes - include attributes not explicitly declared in the issuer configuration
- * @returns The parsed credential with attributes in plain value
- */
-const parseCredentialSdJwt = function (credentialConfig, parsedCredentialRaw) {
-  let ignoreMissingAttributes = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
-  let includeUndefinedAttributes = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : false;
-  const claimsMetadata = credentialConfig.claims || [];
-  // Check that all mandatory attributes defined in the issuer configuration are present in the credential
-  if (!ignoreMissingAttributes) {
-    const missingPaths = [];
-    const rootKeysToVerify = new Set(claimsMetadata.map(c => c.path[0]).filter(p => typeof p === "string"));
-    for (const rootKey of rootKeysToVerify) {
-      if (!(rootKey in parsedCredentialRaw)) {
-        missingPaths.push(rootKey);
-      }
-    }
-    if (missingPaths.length > 0) {
-      const missing = missingPaths.join(", ");
-      const received = Object.keys(parsedCredentialRaw).join(", ");
-      throw new IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
-    }
-  }
-  /**
-   * Helper to find display metadata for any given path
-   */
-  const getDisplayNames = path => {
-    const match = claimsMetadata.find(c => isPathEqual(c.path, path));
-    if (!match) return undefined;
-    const nameMap = {};
-    for (const entry of match.display) {
-      nameMap[entry.locale] = entry.name;
-    }
-    return nameMap;
-  };
-  /**
-   * Recursive function to build the localized structure
-   */
-  const processLevel = (currentData, currentPath) => {
-    // Handle Arrays
-    if (Array.isArray(currentData)) {
-      return currentData.map(item => processLevel(item, [...currentPath, null]));
-    }
-    // Handle Objects
-    if (typeof currentData !== "object" || currentData === null) {
-      return currentData;
-    }
-    const dataObj = currentData;
-    const result = {};
-    const processedKeys = new Set();
-    // Identify unique keys in config at this level
-    const configKeysAtThisLevel = [];
-    for (const claim of claimsMetadata) {
-      // Check if the claim path starts with the current path
-      if (isPrefixOf(currentPath, claim.path)) {
-        const nextPart = claim.path[currentPath.length];
-        if ((typeof nextPart === "string" || typeof nextPart === "number") && !configKeysAtThisLevel.includes(nextPart)) {
-          configKeysAtThisLevel.push(nextPart);
-        }
-      }
-    }
-    // Process keys
-    for (const key of configKeysAtThisLevel) {
-      const stringKey = key.toString();
-      const dataValue = dataObj[stringKey];
-      if (dataValue === undefined) continue;
-      const newPath = [...currentPath, key];
-      let localizedNames = getDisplayNames(newPath);
-      // Fallback for arrays
-      if (!localizedNames && Array.isArray(dataValue)) {
-        localizedNames = getDisplayNames([...newPath, null]);
-      }
-      result[stringKey] = {
-        name: localizedNames || stringKey,
-        value: processLevel(dataValue, newPath)
-      };
-      processedKeys.add(key);
-    }
-    // Handle Undefined Attributes
-    if (includeUndefinedAttributes) {
-      for (const [key, value] of Object.entries(dataObj)) {
-        if (!processedKeys.has(key)) {
-          result[key] = {
-            name: key,
-            value: value
-          };
-        }
-      }
-    }
-    return result;
-  };
-  return processLevel(parsedCredentialRaw, []);
-};
-const parseCredentialMDoc = function (credentialConfig, _ref) {
-  let {
-    issuerSigned
-  } = _ref;
-  let ignoreMissingAttributes = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
-  let includeUndefinedAttributes = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : false;
-  if (!credentialConfig) {
-    throw new IoWalletError("Credential type not supported by the issuer");
-  }
-  if (!credentialConfig.claims) {
-    throw new IoWalletError("Missing claims in the credential subject");
-  }
-  const attrDefinitions = credentialConfig.claims.map(_ref2 => {
-    let {
-      path: [namespace, attribute],
-      display
-    } = _ref2;
-    return [namespace, attribute, display];
-  });
-  if (!issuerSigned.nameSpaces) {
-    throw new IoWalletError("Missing claims in the credential");
-  }
-  const flatNamespaces = Object.entries(issuerSigned.nameSpaces).flatMap(_ref3 => {
-    let [namespace, values] = _ref3;
-    return values.map(v => [namespace, v.elementIdentifier, v.elementValue]);
-  });
-  // Check that all mandatory attributes defined in the issuer configuration are present in the disclosure set
-  // and filter the non present ones
-  const attrsNotInDisclosures = attrDefinitions.filter(_ref4 => {
-    let [attrDefNamespace, attrKey] = _ref4;
-    return !flatNamespaces.some(_ref5 => {
-      let [namespace, claim] = _ref5;
-      return attrDefNamespace === namespace && attrKey === claim;
-    });
-  });
-  if (attrsNotInDisclosures.length > 0) {
-    const missing = attrsNotInDisclosures.map(_ref6 => {
-      let [, attrKey] = _ref6;
-      return attrKey;
-    }).join(", ");
-    const received = flatNamespaces.map(_ref7 => {
-      let [, attrKey] = _ref7;
-      return attrKey;
-    }).join(", ");
-    if (!ignoreMissingAttributes) {
-      throw new IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
-    }
-  }
-  // Attributes defined in the issuer configuration and present in the disclosure set
-  const definedValues = attrDefinitions
-  // Retrieve the value from the corresponding disclosure
-  .map(_ref8 => {
-    var _flatNamespaces$find;
-    let [attrDefNamespace, attrKey, display] = _ref8;
-    return [attrDefNamespace, attrKey, {
-      display,
-      value: (_flatNamespaces$find = flatNamespaces.find(_ref9 => {
-        let [namespace, name] = _ref9;
-        return attrDefNamespace === namespace && name === attrKey;
-      })) === null || _flatNamespaces$find === void 0 ? void 0 : _flatNamespaces$find[2]
-    }];
-  })
-  //filter the not found elements
-  .filter(_ref10 => {
-    let [_, __, definition] = _ref10;
-    return definition.value !== undefined;
-  })
-  // Add a human-readable attribute name, with i18n, in the form { locale: name }
-  // Example: { "it-IT": "Nome", "en-EN": "Name", "es-ES": "Nombre" }
-  .reduce((acc, _ref11) => {
-    let [attrDefNamespace, attrKey, {
-      display,
-      value
-    }] = _ref11;
-    return {
-      ...acc,
-      [getParsedCredentialClaimKey(attrDefNamespace, attrKey)]: {
-        value,
-        name: display.reduce((names, _ref12) => {
-          let {
-            locale,
-            name
-          } = _ref12;
-          return {
-            ...names,
-            [locale]: name
-          };
-        }, {})
-      }
-    };
-  }, {});
-  if (includeUndefinedAttributes) {
-    const undefinedValues = Object.fromEntries(Object.values(flatNamespaces).filter(_ref13 => {
-      let [namespace, key] = _ref13;
-      return !definedValues[getParsedCredentialClaimKey(namespace, key)];
-    }).map(_ref14 => {
-      let [namespace, key, value] = _ref14;
-      return [getParsedCredentialClaimKey(namespace, key), {
-        value,
-        name: key
-      }];
-    }));
-    return {
-      ...definedValues,
-      ...undefinedValues
-    };
-  }
-  return definedValues;
-};
-/**
- * Given a credential, verify it's in the supported format
- * and the credential is correctly signed
- * and it's bound to the given key
- *
- * @param rawCredential The received credential
- * @param issuerKeys The set of public keys of the issuer,
- * which will be used to verify the signature
- * @param holderBindingContext The access to the holder's key
- *
- * @throws If the signature verification fails
- * @throws If the credential is not in the SdJwt4VC format
- * @throws If the holder binding is not properly configured
- *
- */
-async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingContext) {
-  // TODO: change verification using sd-jwt library with 1.3.x update
-  const [decodedCredential, holderBindingKey] =
-  // parallel for optimization
-  await Promise.all([verifySdJwt(rawCredential, issuerKeys, SdJwt4VC), holderBindingContext.getPublicKey()]);
-  const {
-    cnf
-  } = decodedCredential.sdJwt.payload;
-  if (!(await isSameThumbprint(cnf.jwk, holderBindingKey))) {
-    const message = `Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`;
-    Logger.log(LogLevel.ERROR, message);
-    throw new IoWalletError(message);
-  }
-  const sdJwtInstance = new SDJwtInstance({
-    hasher: digest
-  });
-  return await sdJwtInstance.decode(rawCredential);
-}
-/**
- * Given a credential, verify it's in the supported format
- * and the credential is correctly signed
- * and it's bound to the given key
- *
- * @param rawCredential The received credential
- * @param x509CertRoot The root certificate of the issuer,
- * which will be used to verify the signature
- * @param holderBindingContext The access to the holder's key
- *
- * @throws If the signature verification fails
- * @throws If the credential is not in the SdJwt4VC format
- * @throws If the holder binding is not properly configured
- *
- */
-async function verifyCredentialMDoc(rawCredential, x509CertRoot, holderBindingContext) {
-  const [decodedCredential, holderBindingKey] =
-  // parallel for optimization
-  await Promise.all([verifyMdoc(rawCredential, x509CertRoot), holderBindingContext.getPublicKey()]);
-  if (!decodedCredential) {
-    throw new IoWalletError("No MDOC credentials found!");
-  }
-  const key = decodedCredential.issuerSigned.issuerAuth.payload.deviceKeyInfo.deviceKey;
-  if (!(await isSameThumbprint(key, holderBindingKey))) {
-    throw new IoWalletError(`Failed to verify holder binding, holder binding key and mDoc deviceKey don't match`);
-  }
-  return decodedCredential;
-}
-const verifyAndParseCredentialSdJwt = async (issuerConf, credential, credentialConfigurationId, _ref15) => {
-  let {
-    credentialCryptoContext,
-    ignoreMissingAttributes,
-    includeUndefinedAttributes
-  } = _ref15;
-  const decoded = await verifyCredentialSdJwt(credential, issuerConf.openid_credential_issuer.jwks.keys, credentialCryptoContext);
-  Logger.log(LogLevel.DEBUG, `Decoded credential: ${JSON.stringify(decoded)}`);
-  const credentialConfig = issuerConf.openid_credential_issuer.credential_configurations_supported[credentialConfigurationId];
-  if (!credentialConfig) {
-    Logger.log(LogLevel.ERROR, `Credential type not supported by the issuer: ${credentialConfigurationId}`);
-    throw new IoWalletError("Credential type not supported by the issuer");
-  }
-  const parsedCredentialRaw = await decoded.getClaims(digest);
-  const parsedCredential = parseCredentialSdJwt(credentialConfig, parsedCredentialRaw, ignoreMissingAttributes, includeUndefinedAttributes);
-  const issuedAt = typeof parsedCredentialRaw.iat === "number" ? new Date(parsedCredentialRaw.iat * 1000) : undefined;
-  if (typeof parsedCredentialRaw.exp !== "number") {
-    throw new IoWalletError("Invalid or missing expiration claim (exp)");
-  }
-  const expiration = new Date(parsedCredentialRaw.exp * 1000);
-  Logger.log(LogLevel.DEBUG, `Parsed credential: ${JSON.stringify(parsedCredential)}\nIssued at: ${issuedAt}`);
-  return {
-    parsedCredential,
-    expiration,
-    issuedAt
-  };
-};
-const verifyAndParseCredentialMDoc = async (issuerConf, credential, credentialConfigurationId, _ref16, x509CertRoot) => {
-  var _parsedCredential$get, _parsedCredential$get2;
-  let {
-    credentialCryptoContext,
-    ignoreMissingAttributes
-  } = _ref16;
-  if (!x509CertRoot) {
-    throw new IoWalletError("Missing x509CertRoot");
-  }
-  const decoded = await verifyCredentialMDoc(credential, x509CertRoot, credentialCryptoContext);
-  const credentialConfig = issuerConf.openid_credential_issuer.credential_configurations_supported[credentialConfigurationId];
-  const parsedCredential = parseCredentialMDoc(credentialConfig, decoded, ignoreMissingAttributes, ignoreMissingAttributes);
-  const expirationDate = extractElementValueAsDate(parsedCredential === null || parsedCredential === void 0 || (_parsedCredential$get = parsedCredential[getParsedCredentialClaimKey(MDOC_DEFAULT_NAMESPACE, "expiry_date")]) === null || _parsedCredential$get === void 0 ? void 0 : _parsedCredential$get.value);
-  if (!expirationDate) {
-    throw new IoWalletError(`expirationDate must be present!!`);
-  }
-  expirationDate.setDate(expirationDate.getDate() + 1);
-  const maybeIssuedAt = extractElementValueAsDate(parsedCredential === null || parsedCredential === void 0 || (_parsedCredential$get2 = parsedCredential[getParsedCredentialClaimKey(MDOC_DEFAULT_NAMESPACE, "issue_date")]) === null || _parsedCredential$get2 === void 0 ? void 0 : _parsedCredential$get2.value);
-  maybeIssuedAt === null || maybeIssuedAt === void 0 ? void 0 : maybeIssuedAt.setDate(maybeIssuedAt.getDate() + 1);
-  return {
-    parsedCredential,
-    credential,
-    credentialConfigurationId,
-    expiration: expirationDate,
-    issuedAt: maybeIssuedAt ?? undefined
-  };
-};
-/**
- * Verify and parse an encoded credential.
- * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
- * @param credential The encoded credential returned by {@link obtainCredential}
- * @param credentialConfigurationId The credential configuration ID that defines the provided credential
- * @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
- * @param context.ignoreMissingAttributes Skip error when attributes declared in the issuer configuration are not found within disclosures
- * @param context.includeUndefinedAttributes Include attributes not explicitly declared in the issuer configuration
- * @returns A parsed credential with attributes in plain value, the expiration and issuance date of the credential
- * @throws {IoWalletError} If the credential signature is not verified with the Issuer key set
- * @throws {IoWalletError} If the credential is not bound to the provided user key
- * @throws {IoWalletError} If the credential data fail to parse
- */
-export const verifyAndParseCredential = async (issuerConf, credential, credentialConfigurationId, context, x509CertRoot) => {
-  var _issuerConf$openid_cr;
-  const format = (_issuerConf$openid_cr = issuerConf.openid_credential_issuer.credential_configurations_supported[credentialConfigurationId]) === null || _issuerConf$openid_cr === void 0 ? void 0 : _issuerConf$openid_cr.format;
-  switch (format) {
-    case "dc+sd-jwt":
-      {
-        Logger.log(LogLevel.DEBUG, "Parsing credential in dc+sd-jwt format");
-        return verifyAndParseCredentialSdJwt(issuerConf, credential, credentialConfigurationId, context);
-      }
-    case "mso_mdoc":
-      {
-        Logger.log(LogLevel.DEBUG, "Parsing credential in mso_mdoc format");
-        return verifyAndParseCredentialMDoc(issuerConf, credential, credentialConfigurationId, context, x509CertRoot);
-      }
-    default:
-      {
-        const message = `Unsupported credential format: ${format}`;
-        Logger.log(LogLevel.ERROR, message);
-        throw new IoWalletError(message);
-      }
-  }
-};
-//# sourceMappingURL=07-verify-and-parse-credential.js.map

package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","isSameThumbprint","getParsedCredentialClaimKey","verifyMdoc","MDOC_DEFAULT_NAMESPACE","Logger","LogLevel","extractElementValueAsDate","SDJwtInstance","digest","isPathEqual","isPrefixOf","parseCredentialSdJwt","credentialConfig","parsedCredentialRaw","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","claimsMetadata","claims","missingPaths","rootKeysToVerify","Set","map","c","path","filter","p","rootKey","push","missing","join","received","Object","keys","getDisplayNames","match","find","nameMap","entry","display","locale","name","processLevel","currentData","currentPath","Array","isArray","item","dataObj","result","processedKeys","configKeysAtThisLevel","claim","nextPart","includes","key","stringKey","toString","dataValue","newPath","localizedNames","value","add","entries","has","parseCredentialMDoc","_ref","issuerSigned","attrDefinitions","_ref2","namespace","attribute","nameSpaces","flatNamespaces","flatMap","_ref3","values","v","elementIdentifier","elementValue","attrsNotInDisclosures","_ref4","attrDefNamespace","attrKey","some","_ref5","_ref6","_ref7","definedValues","_ref8","_flatNamespaces$find","_ref9","_ref10","_","__","definition","reduce","acc","_ref11","names","_ref12","undefinedValues","fromEntries","_ref13","_ref14","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","sdJwt","payload","jwk","message","kid","log","ERROR","sdJwtInstance","hasher","decode","verifyCredentialMDoc","x509CertRoot","issuerAuth","deviceKeyInfo","deviceKey","verifyAndParseCredentialSdJwt","issuerConf","credential","credentialConfigurationId","_ref15","credentialCryptoContext","decoded","openid_credential_issuer","jwks","DEBUG","JSON","stringify","credential_configurations_supported","getClaims","parsedCredential","issuedAt","iat","Date","exp","expiration","verifyAndParseCredentialMDoc","_ref16","_parsedCredential$get","_parsedCredential$get2","expirationDate","setDate","getDate","maybeIssuedAt","verifyAndParseCredential","context","_issuerConf$openid_cr","format"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":"AAGA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,QAAQ,EAAEC,MAAM,IAAIC,WAAW,QAAQ,cAAc;AAC9D,SAASC,gBAAgB,QAAkB,iBAAiB;AAE5D,SAASC,2BAA2B,EAAEH,MAAM,IAAII,UAAU,QAAQ,YAAY;AAC9E,SAASC,sBAAsB,QAAQ,kBAAkB;AACzD,SAASC,MAAM,EAAEC,QAAQ,QAAQ,qBAAqB;AACtD,SAASC,yBAAyB,QAAQ,sBAAsB;AAGhE,SAAqBC,aAAa,QAAQ,cAAc;AACxD,SAASC,MAAM,QAAQ,uBAAuB;AAC9C,SAASC,WAAW,EAAEC,UAAU,QAAQ,oBAAoB;;AAgC5D;;AAeA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,oBAAoB,GAAG,SAAAA,CAC3BC,gBAAgC,EAChCC,mBAA4C,EAGvB;EAAA,IAFrBC,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,MAAMI,cAAc,GAAGP,gBAAgB,CAACQ,MAAM,IAAI,EAAE;;EAEpD;EACA,IAAI,CAACN,uBAAuB,EAAE;IAC5B,MAAMO,YAAsB,GAAG,EAAE;IACjC,MAAMC,gBAAgB,GAAG,IAAIC,GAAG,CAC9BJ,cAAc,CACXK,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAACC,IAAI,CAAC,CAAC,CAAC,CAAC,CACrBC,MAAM,CAAEC,CAAC,IAAkB,OAAOA,CAAC,KAAK,QAAQ,CACrD,CAAC;IAED,KAAK,MAAMC,OAAO,IAAIP,gBAAgB,EAAE;MACtC,IAAI,EAAEO,OAAO,IAAIhB,mBAAmB,CAAC,EAAE;QACrCQ,YAAY,CAACS,IAAI,CAACD,OAAO,CAAC;MAC5B;IACF;IAEA,IAAIR,YAAY,CAACL,MAAM,GAAG,CAAC,EAAE;MAC3B,MAAMe,OAAO,GAAGV,YAAY,CAACW,IAAI,CAAC,IAAI,CAAC;MACvC,MAAMC,QAAQ,GAAGC,MAAM,CAACC,IAAI,CAACtB,mBAAmB,CAAC,CAACmB,IAAI,CAAC,IAAI,CAAC;MAC5D,MAAM,IAAIpC,aAAa,CACpB,4DAA2DmC,OAAQ,iBAAgBE,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;AACF;AACA;EACE,MAAMG,eAAe,GACnBV,IAAgC,IACO;IACvC,MAAMW,KAAK,GAAGlB,cAAc,CAACmB,IAAI,CAAEb,CAAC,IAAKhB,WAAW,CAACgB,CAAC,CAACC,IAAI,EAAEA,IAAI,CAAC,CAAC;IACnE,IAAI,CAACW,KAAK,EAAE,OAAOpB,SAAS;IAE5B,MAAMsB,OAA+B,GAAG,CAAC,CAAC;IAC1C,KAAK,MAAMC,KAAK,IAAIH,KAAK,CAACI,OAAO,EAAE;MACjCF,OAAO,CAACC,KAAK,CAACE,MAAM,CAAC,GAAGF,KAAK,CAACG,IAAI;IACpC;IACA,OAAOJ,OAAO;EAChB,CAAC;;EAED;AACF;AACA;EACE,MAAMK,YAAY,GAAGA,CACnBC,WAAoB,EACpBC,WAAuC,KAC3B;IACZ;IACA,IAAIC,KAAK,CAACC,OAAO,CAACH,WAAW,CAAC,EAAE;MAC9B,OAAOA,WAAW,CAACrB,GAAG,CAAEyB,IAAI,IAC1BL,YAAY,CAACK,IAAI,EAAE,CAAC,GAAGH,WAAW,EAAE,IAAI,CAAC,CAC3C,CAAC;IACH;;IAEA;IACA,IAAI,OAAOD,WAAW,KAAK,QAAQ,IAAIA,WAAW,KAAK,IAAI,EAAE;MAC3D,OAAOA,WAAW;IACpB;IAEA,MAAMK,OAAO,GAAGL,WAAsC;IACtD,MAAMM,MAAwB,GAAG,CAAC,CAAC;IACnC,MAAMC,aAAa,GAAG,IAAI7B,GAAG,CAAkB,CAAC;;IAEhD;IACA,MAAM8B,qBAA0C,GAAG,EAAE;IACrD,KAAK,MAAMC,KAAK,IAAInC,cAAc,EAAE;MAClC;MACA,IAAIT,UAAU,CAACoC,WAAW,EAAEQ,KAAK,CAAC5B,IAAI,CAAC,EAAE;QACvC,MAAM6B,QAAQ,GAAGD,KAAK,CAAC5B,IAAI,CAACoB,WAAW,CAAC9B,MAAM,CAAC;QAC/C,IACE,CAAC,OAAOuC,QAAQ,KAAK,QAAQ,IAAI,OAAOA,QAAQ,KAAK,QAAQ,KAC7D,CAACF,qBAAqB,CAACG,QAAQ,CAACD,QAAQ,CAAC,EACzC;UACAF,qBAAqB,CAACvB,IAAI,CAACyB,QAAQ,CAAC;QACtC;MACF;IACF;;IAEA;IACA,KAAK,MAAME,GAAG,IAAIJ,qBAAqB,EAAE;MACvC,MAAMK,SAAS,GAAGD,GAAG,CAACE,QAAQ,CAAC,CAAC;MAChC,MAAMC,SAAS,GAAGV,OAAO,CAACQ,SAAS,CAAC;MACpC,IAAIE,SAAS,KAAK3C,SAAS,EAAE;MAE7B,MAAM4C,OAAO,GAAG,CAAC,GAAGf,WAAW,EAAEW,GAAG,CAAC;MAErC,IAAIK,cAAc,GAAG1B,eAAe,CAACyB,OAAO,CAAC;;MAE7C;MACA,IAAI,CAACC,cAAc,IAAIf,KAAK,CAACC,OAAO,CAACY,SAAS,CAAC,EAAE;QAC/CE,cAAc,GAAG1B,eAAe,CAAC,CAAC,GAAGyB,OAAO,EAAE,IAAI,CAAC,CAAC;MACtD;MAEAV,MAAM,CAACO,SAAS,CAAC,GAAG;QAClBf,IAAI,EAAEmB,cAAc,IAAIJ,SAAS;QACjCK,KAAK,EAAEnB,YAAY,CAACgB,SAAS,EAAEC,OAAO;MACxC,CAAC;MAEDT,aAAa,CAACY,GAAG,CAACP,GAAG,CAAC;IACxB;;IAEA;IACA,IAAIvC,0BAA0B,EAAE;MAC9B,KAAK,MAAM,CAACuC,GAAG,EAAEM,KAAK,CAAC,IAAI7B,MAAM,CAAC+B,OAAO,CAACf,OAAO,CAAC,EAAE;QAClD,IAAI,CAACE,aAAa,CAACc,GAAG,CAACT,GAAG,CAAC,EAAE;UAC3BN,MAAM,CAACM,GAAG,CAAC,GAAG;YACZd,IAAI,EAAEc,GAAG;YACTM,KAAK,EAAEA;UACT,CAAC;QACH;MACF;IACF;IAEA,OAAOZ,MAAM;EACf,CAAC;EAED,OAAOP,YAAY,CAAC/B,mBAAmB,EAAE,EAAE,CAAC;AAC9C,CAAC;AAED,MAAMsD,mBAAmB,GAAG,SAAAA,CAE1BvD,gBAAgC,EAAAwD,IAAA,EAKX;EAAA,IAHrB;IAAEC;EAAoC,CAAC,GAAAD,IAAA;EAAA,IACvCtD,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,IAAI,CAACH,gBAAgB,EAAE;IACrB,MAAM,IAAIhB,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,IAAI,CAACgB,gBAAgB,CAACQ,MAAM,EAAE;IAC5B,MAAM,IAAIxB,aAAa,CAAC,0CAA0C,CAAC;EACrE;EAEA,MAAM0E,eAAe,GAAG1D,gBAAgB,CAACQ,MAAM,CAACI,GAAG,CAEjD+C,KAAA;IAAA,IAAC;MAAE7C,IAAI,EAAE,CAAC8C,SAAS,EAAEC,SAAS,CAAC;MAAEhC;IAAQ,CAAC,GAAA8B,KAAA;IAAA,OAAK,CAC/CC,SAAS,EACTC,SAAS,EACThC,OAAO,CACR;EAAA,EAAC;EAEF,IAAI,CAAC4B,YAAY,CAACK,UAAU,EAAE;IAC5B,MAAM,IAAI9E,aAAa,CAAC,kCAAkC,CAAC;EAC7D;EAEA,MAAM+E,cAAc,GAAGzC,MAAM,CAAC+B,OAAO,CAACI,YAAY,CAACK,UAAU,CAAC,CAACE,OAAO,CACpEC,KAAA;IAAA,IAAC,CAACL,SAAS,EAAEM,MAAM,CAAC,GAAAD,KAAA;IAAA,OAClBC,MAAM,CAACtD,GAAG,CAA4BuD,CAAC,IAAK,CAC1CP,SAAS,EACTO,CAAC,CAACC,iBAAiB,EACnBD,CAAC,CAACE,YAAY,CACf,CAAC;EAAA,CACN,CAAC;;EAED;EACA;EACA,MAAMC,qBAAqB,GAAGZ,eAAe,CAAC3C,MAAM,CAClDwD,KAAA;IAAA,IAAC,CAACC,gBAAgB,EAAEC,OAAO,CAAC,GAAAF,KAAA;IAAA,OAC1B,CAACR,cAAc,CAACW,IAAI,CAClBC,KAAA;MAAA,IAAC,CAACf,SAAS,EAAElB,KAAK,CAAC,GAAAiC,KAAA;MAAA,OACjBH,gBAAgB,KAAKZ,SAAS,IAAIa,OAAO,KAAK/B,KAAK;IAAA,CACvD,CAAC;EAAA,CACL,CAAC;EAED,IAAI4B,qBAAqB,CAAClE,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMe,OAAO,GAAGmD,qBAAqB,CAClC1D,GAAG,CAACgE,KAAA;MAAA,IAAC,GAAGH,OAAO,CAAC,GAAAG,KAAA;MAAA,OAAKH,OAAO;IAAA,EAAC,CAC7BrD,IAAI,CAAC,IAAI,CAAC;IACb,MAAMC,QAAQ,GAAG0C,cAAc,CAACnD,GAAG,CAACiE,KAAA;MAAA,IAAC,GAAGJ,OAAO,CAAC,GAAAI,KAAA;MAAA,OAAKJ,OAAO;IAAA,EAAC,CAACrD,IAAI,CAAC,IAAI,CAAC;IAExE,IAAI,CAAClB,uBAAuB,EAAE;MAC5B,MAAM,IAAIlB,aAAa,CACpB,4DAA2DmC,OAAQ,iBAAgBE,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA,MAAMyD,aAAa,GAAGpB;EACpB;EAAA,CACC9C,GAAG,CACFmE,KAAA;IAAA,IAAAC,oBAAA;IAAA,IAAC,CAACR,gBAAgB,EAAEC,OAAO,EAAE5C,OAAO,CAAC,GAAAkD,KAAA;IAAA,OACnC,CACEP,gBAAgB,EAChBC,OAAO,EACP;MACE5C,OAAO;MACPsB,KAAK,GAAA6B,oBAAA,GAAEjB,cAAc,CAACrC,IAAI,CACxBuD,KAAA;QAAA,IAAC,CAACrB,SAAS,EAAE7B,IAAI,CAAC,GAAAkD,KAAA;QAAA,OAChBT,gBAAgB,KAAKZ,SAAS,IAAI7B,IAAI,KAAK0C,OAAO;MAAA,CACtD,CAAC,cAAAO,oBAAA,uBAHMA,oBAAA,CAGH,CAAC;IACP,CAAC,CACF;EAAA,CACL;EACA;EAAA,CACCjE,MAAM,CAACmE,MAAA;IAAA,IAAC,CAACC,CAAC,EAAEC,EAAE,EAAEC,UAAU,CAAC,GAAAH,MAAA;IAAA,OAAKG,UAAU,CAAClC,KAAK,KAAK9C,SAAS;EAAA;EAC/D;EACA;EAAA,CACCiF,MAAM,CACL,CAACC,GAAG,EAAAC,MAAA;IAAA,IAAE,CAAChB,gBAAgB,EAAEC,OAAO,EAAE;MAAE5C,OAAO;MAAEsB;IAAM,CAAC,CAAC,GAAAqC,MAAA;IAAA,OAAM;MACzD,GAAGD,GAAG;MACN,CAAClG,2BAA2B,CAACmF,gBAAgB,EAAEC,OAAO,CAAC,GAAG;QACxDtB,KAAK;QACLpB,IAAI,EAAEF,OAAO,CAACyD,MAAM,CAClB,CAACG,KAAK,EAAAC,MAAA;UAAA,IAAE;YAAE5D,MAAM;YAAEC;UAAK,CAAC,GAAA2D,MAAA;UAAA,OAAM;YAC5B,GAAGD,KAAK;YACR,CAAC3D,MAAM,GAAGC;UACZ,CAAC;QAAA,CAAC,EACF,CAAC,CACH;MACF;IACF,CAAC;EAAA,CAAC,EACF,CAAC,CACH,CAAC;EAEH,IAAIzB,0BAA0B,EAAE;IAC9B,MAAMqF,eAAiC,GAAGrE,MAAM,CAACsE,WAAW,CAC1DtE,MAAM,CAAC4C,MAAM,CAACH,cAAc,CAAC,CAC1BhD,MAAM,CACL8E,MAAA;MAAA,IAAC,CAACjC,SAAS,EAAEf,GAAG,CAAC,GAAAgD,MAAA;MAAA,OACf,CAACf,aAAa,CAACzF,2BAA2B,CAACuE,SAAS,EAAEf,GAAG,CAAC,CAAC;IAAA,CAC/D,CAAC,CACAjC,GAAG,CAACkF,MAAA;MAAA,IAAC,CAAClC,SAAS,EAAEf,GAAG,EAAEM,KAAK,CAAC,GAAA2C,MAAA;MAAA,OAAK,CAChCzG,2BAA2B,CAACuE,SAAS,EAAEf,GAAG,CAAC,EAC3C;QAAEM,KAAK;QAAEpB,IAAI,EAAEc;MAAI,CAAC,CACrB;IAAA,EACL,CAAC;IACD,OAAO;MACL,GAAGiC,aAAa;MAChB,GAAGa;IACL,CAAC;EACH;EAEA,OAAOb,aAAa;AACtB,CAAC;AACD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeiB,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACnB;EAChB;EACA,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChBnH,WAAW,CAAC6G,aAAa,EAAEC,UAAU,EAAEhH,QAAQ,CAAC,EAChDiH,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGL,iBAAiB,CAACM,KAAK,CAACC,OAAO;EAC/C,IAAI,EAAE,MAAMtH,gBAAgB,CAACoH,GAAG,CAACG,GAAG,EAAEP,gBAAuB,CAAC,CAAC,EAAE;IAC/D,MAAMQ,OAAO,GAAI,kDAAiDR,gBAAgB,CAACS,GAAI,UAASV,iBAAiB,CAACM,KAAK,CAACC,OAAO,CAACF,GAAG,CAACG,GAAG,CAACE,GAAI,EAAC;IAC7IrH,MAAM,CAACsH,GAAG,CAACrH,QAAQ,CAACsH,KAAK,EAAEH,OAAO,CAAC;IACnC,MAAM,IAAI5H,aAAa,CAAC4H,OAAO,CAAC;EAClC;EAEA,MAAMI,aAAa,GAAG,IAAIrH,aAAa,CAAC;IACtCsH,MAAM,EAAErH;EACV,CAAC,CAAC;EAEF,OAAO,MAAMoH,aAAa,CAACE,MAAM,CAAClB,aAAa,CAAC;AAClD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAemB,oBAAoBA,CACjCnB,aAAqB,EACrBoB,YAAoB,EACpBlB,oBAAmC,EACH;EAChC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChBhH,UAAU,CAAC0G,aAAa,EAAEoB,YAAY,CAAC,EACvClB,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,IAAI,CAACJ,iBAAiB,EAAE;IACtB,MAAM,IAAInH,aAAa,CAAC,4BAA4B,CAAC;EACvD;EAEA,MAAM6D,GAAG,GACPsD,iBAAiB,CAAC1C,YAAY,CAAC4D,UAAU,CAACX,OAAO,CAACY,aAAa,CAACC,SAAS;EAE3E,IAAI,EAAE,MAAMnI,gBAAgB,CAACyD,GAAG,EAAEuD,gBAA6B,CAAC,CAAC,EAAE;IACjE,MAAM,IAAIpH,aAAa,CACpB,oFACH,CAAC;EACH;EAEA,OAAOmH,iBAAiB;AAC1B;AAEA,MAAMqB,6BAAuD,GAAG,MAAAA,CAC9DC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EAAAC,MAAA,KAMtB;EAAA,IALH;IACEC,uBAAuB;IACvB3H,uBAAuB;IACvBI;EACF,CAAC,GAAAsH,MAAA;EAED,MAAME,OAAO,GAAG,MAAM/B,qBAAqB,CACzC2B,UAAU,EACVD,UAAU,CAACM,wBAAwB,CAACC,IAAI,CAACzG,IAAI,EAC7CsG,uBACF,CAAC;EAEDrI,MAAM,CAACsH,GAAG,CAACrH,QAAQ,CAACwI,KAAK,EAAG,uBAAsBC,IAAI,CAACC,SAAS,CAACL,OAAO,CAAE,EAAC,CAAC;EAE5E,MAAM9H,gBAAgB,GACpByH,UAAU,CAACM,wBAAwB,CAACK,mCAAmC,CACrET,yBAAyB,CAC1B;EAEH,IAAI,CAAC3H,gBAAgB,EAAE;IACrBR,MAAM,CAACsH,GAAG,CACRrH,QAAQ,CAACsH,KAAK,EACb,gDAA+CY,yBAA0B,EAC5E,CAAC;IACD,MAAM,IAAI3I,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,MAAMiB,mBAAmB,GAAI,MAAM6H,OAAO,CAACO,SAAS,CAACzI,MAAM,CAG1D;EAED,MAAM0I,gBAAgB,GAAGvI,oBAAoB,CAC3CC,gBAAgB,EAChBC,mBAAmB,EACnBC,uBAAuB,EACvBI,0BACF,CAAC;EAED,MAAMiI,QAAQ,GACZ,OAAOtI,mBAAmB,CAACuI,GAAG,KAAK,QAAQ,GACvC,IAAIC,IAAI,CAACxI,mBAAmB,CAACuI,GAAG,GAAG,IAAI,CAAC,GACxCnI,SAAS;EAEf,IAAI,OAAOJ,mBAAmB,CAACyI,GAAG,KAAK,QAAQ,EAAE;IAC/C,MAAM,IAAI1J,aAAa,CAAC,2CAA2C,CAAC;EACtE;EACA,MAAM2J,UAAU,GAAG,IAAIF,IAAI,CAACxI,mBAAmB,CAACyI,GAAG,GAAG,IAAI,CAAC;EAE3DlJ,MAAM,CAACsH,GAAG,CACRrH,QAAQ,CAACwI,KAAK,EACb,sBAAqBC,IAAI,CAACC,SAAS,CAACG,gBAAgB,CAAE,gBAAeC,QAAS,EACjF,CAAC;EAED,OAAO;IACLD,gBAAgB;IAChBK,UAAU;IACVJ;EACF,CAAC;AACH,CAAC;AAED,MAAMK,4BAAsD,GAAG,MAAAA,CAC7DnB,UAAU,EACVC,UAAU,EACVC,yBAAyB,EAAAkB,MAAA,EAEzBzB,YAAY,KACT;EAAA,IAAA0B,qBAAA,EAAAC,sBAAA;EAAA,IAFH;IAAElB,uBAAuB;IAAE3H;EAAwB,CAAC,GAAA2I,MAAA;EAGpD,IAAI,CAACzB,YAAY,EAAE;IACjB,MAAM,IAAIpI,aAAa,CAAC,sBAAsB,CAAC;EACjD;EAEA,MAAM8I,OAAO,GAAG,MAAMX,oBAAoB,CACxCO,UAAU,EACVN,YAAY,EACZS,uBACF,CAAC;EAED,MAAM7H,gBAAgB,GACpByH,UAAU,CAACM,wBAAwB,CAACK,mCAAmC,CACrET,yBAAyB,CACzB;EACJ,MAAMW,gBAAgB,GAAG/E,mBAAmB,CAC1CvD,gBAAgB,EAChB8H,OAAO,EACP5H,uBAAuB,EACvBA,uBACF,CAAC;EAED,MAAM8I,cAAc,GAAGtJ,yBAAyB,CAC9C4I,gBAAgB,aAAhBA,gBAAgB,gBAAAQ,qBAAA,GAAhBR,gBAAgB,CACdjJ,2BAA2B,CAACE,sBAAsB,EAAE,aAAa,CAAC,CACnE,cAAAuJ,qBAAA,uBAFDA,qBAAA,CAEG3F,KACL,CAAC;EACD,IAAI,CAAC6F,cAAc,EAAE;IACnB,MAAM,IAAIhK,aAAa,CAAE,kCAAiC,CAAC;EAC7D;EACAgK,cAAc,CAACC,OAAO,CAACD,cAAc,CAACE,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC;EAEpD,MAAMC,aAAa,GAAGzJ,yBAAyB,CAC7C4I,gBAAgB,aAAhBA,gBAAgB,gBAAAS,sBAAA,GAAhBT,gBAAgB,CACdjJ,2BAA2B,CAACE,sBAAsB,EAAE,YAAY,CAAC,CAClE,cAAAwJ,sBAAA,uBAFDA,sBAAA,CAEG5F,KACL,CAAC;EACDgG,aAAa,aAAbA,aAAa,uBAAbA,aAAa,CAAEF,OAAO,CAACE,aAAa,CAACD,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC;EAEnD,OAAO;IACLZ,gBAAgB;IAChBZ,UAAU;IACVC,yBAAyB;IACzBgB,UAAU,EAAEK,cAAc;IAC1BT,QAAQ,EAAEY,aAAa,IAAI9I;EAC7B,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM+I,wBAAkD,GAAG,MAAAA,CAChE3B,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzB0B,OAAO,EACPjC,YAAY,KACT;EAAA,IAAAkC,qBAAA;EACH,MAAMC,MAAM,IAAAD,qBAAA,GACV7B,UAAU,CAACM,wBAAwB,CAACK,mCAAmC,CACrET,yBAAyB,CAC1B,cAAA2B,qBAAA,uBAFDA,qBAAA,CAEGC,MAAM;EAEX,QAAQA,MAAM;IACZ,KAAK,WAAW;MAAE;QAChB/J,MAAM,CAACsH,GAAG,CAACrH,QAAQ,CAACwI,KAAK,EAAE,wCAAwC,CAAC;QACpE,OAAOT,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzB0B,OACF,CAAC;MACH;IACA,KAAK,UAAU;MAAE;QACf7J,MAAM,CAACsH,GAAG,CAACrH,QAAQ,CAACwI,KAAK,EAAE,uCAAuC,CAAC;QACnE,OAAOW,4BAA4B,CACjCnB,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzB0B,OAAO,EACPjC,YACF,CAAC;MACH;IAEA;MAAS;QACP,MAAMR,OAAO,GAAI,kCAAiC2C,MAAO,EAAC;QAC1D/J,MAAM,CAACsH,GAAG,CAACrH,QAAQ,CAACsH,KAAK,EAAEH,OAAO,CAAC;QACnC,MAAM,IAAI5H,aAAa,CAAC4H,OAAO,CAAC;MAClC;EACF;AACF,CAAC"}

package/lib/module/credential/issuance/errors.js DELETED Viewed

@@ -1,28 +0,0 @@
-import { IoWalletError, serializeAttrs } from "../../utils/errors";
-/**
- * An error subclass thrown when an error occurs during the authorization process.
- */
-export class AuthorizationError extends IoWalletError {
-  code = "ERR_IO_WALLET_AUTHORIZATION_ERROR";
-  constructor(message) {
-    super(message);
-  }
-}
-/**
- * An error subclass thrown when an error occurs during the authorization process with the IDP.
- * It contains the error and error description returned by the IDP.
- */
-export class AuthorizationIdpError extends IoWalletError {
-  code = "ERR_IO_WALLET_IDENTIFICATION_RESPONSE_PARSING_FAILED";
-  constructor(error, errorDescription) {
-    super(serializeAttrs({
-      error,
-      errorDescription
-    }));
-    this.error = error;
-    this.errorDescription = errorDescription;
-  }
-}
-//# sourceMappingURL=errors.js.map

package/lib/module/credential/issuance/errors.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["IoWalletError","serializeAttrs","AuthorizationError","code","constructor","message","AuthorizationIdpError","error","errorDescription"],"sourceRoot":"../../../../src","sources":["credential/issuance/errors.ts"],"mappings":"AAAA,SAASA,aAAa,EAAEC,cAAc,QAAQ,oBAAoB;;AAElE;AACA;AACA;AACA,OAAO,MAAMC,kBAAkB,SAASF,aAAa,CAAC;EACpDG,IAAI,GAAG,mCAAmC;EAE1CC,WAAWA,CAACC,OAAgB,EAAE;IAC5B,KAAK,CAACA,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMC,qBAAqB,SAASN,aAAa,CAAC;EACvDG,IAAI,GAAG,sDAAsD;EAK7DC,WAAWA,CAACG,KAAa,EAAEC,gBAAyB,EAAE;IACpD,KAAK,CAACP,cAAc,CAAC;MAAEM,KAAK;MAAEC;IAAiB,CAAC,CAAC,CAAC;IAClD,IAAI,CAACD,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACC,gBAAgB,GAAGA,gBAAgB;EAC1C;AACF"}

package/lib/module/credential/issuance/mrtd-pop/types.js DELETED Viewed

@@ -1,46 +0,0 @@
-import * as z from "zod";
-export const MrtdProofChallengeInfo = z.object({
-  protectedHeader: z.object({
-    typ: z.literal("mrtd-ias+jwt"),
-    alg: z.string(),
-    kid: z.string()
-  }),
-  payload: z.object({
-    iss: z.string(),
-    aud: z.string(),
-    iat: z.number(),
-    exp: z.number(),
-    status: z.literal("require_interaction"),
-    type: z.literal("mrtd+ias"),
-    mrtd_auth_session: z.string(),
-    state: z.string(),
-    mrtd_pop_jwt_nonce: z.string(),
-    htu: z.string(),
-    htm: z.literal("POST")
-  })
-});
-export const MrtdPoPChallenge = z.object({
-  protectedHeader: z.object({
-    typ: z.literal("mrtd-ias-pop+jwt"),
-    alg: z.string(),
-    kid: z.string()
-  }),
-  payload: z.object({
-    iss: z.string(),
-    aud: z.string(),
-    iat: z.number(),
-    exp: z.number(),
-    challenge: z.string(),
-    mrtd_pop_nonce: z.string(),
-    mrz: z.string().optional(),
-    htu: z.string(),
-    htm: z.literal("POST")
-  })
-});
-export const MrtdPopVerificationResult = z.object({
-  status: z.literal("require_interaction"),
-  type: z.literal("redirect_to_web"),
-  mrtd_val_pop_nonce: z.string(),
-  redirect_uri: z.string()
-});
-//# sourceMappingURL=types.js.map

package/lib/module/credential/issuance/mrtd-pop/types.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["z","MrtdProofChallengeInfo","object","protectedHeader","typ","literal","alg","string","kid","payload","iss","aud","iat","number","exp","status","type","mrtd_auth_session","state","mrtd_pop_jwt_nonce","htu","htm","MrtdPoPChallenge","challenge","mrtd_pop_nonce","mrz","optional","MrtdPopVerificationResult","mrtd_val_pop_nonce","redirect_uri"],"sourceRoot":"../../../../../src","sources":["credential/issuance/mrtd-pop/types.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AAGxB,OAAO,MAAMC,sBAAsB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAC7CC,eAAe,EAAEH,CAAC,CAACE,MAAM,CAAC;IACxBE,GAAG,EAAEJ,CAAC,CAACK,OAAO,CAAC,cAAc,CAAC;IAC9BC,GAAG,EAAEN,CAAC,CAACO,MAAM,CAAC,CAAC;IACfC,GAAG,EAAER,CAAC,CAACO,MAAM,CAAC;EAChB,CAAC,CAAC;EACFE,OAAO,EAAET,CAAC,CAACE,MAAM,CAAC;IAChBQ,GAAG,EAAEV,CAAC,CAACO,MAAM,CAAC,CAAC;IACfI,GAAG,EAAEX,CAAC,CAACO,MAAM,CAAC,CAAC;IACfK,GAAG,EAAEZ,CAAC,CAACa,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEd,CAAC,CAACa,MAAM,CAAC,CAAC;IACfE,MAAM,EAAEf,CAAC,CAACK,OAAO,CAAC,qBAAqB,CAAC;IACxCW,IAAI,EAAEhB,CAAC,CAACK,OAAO,CAAC,UAAU,CAAC;IAC3BY,iBAAiB,EAAEjB,CAAC,CAACO,MAAM,CAAC,CAAC;IAC7BW,KAAK,EAAElB,CAAC,CAACO,MAAM,CAAC,CAAC;IACjBY,kBAAkB,EAAEnB,CAAC,CAACO,MAAM,CAAC,CAAC;IAC9Ba,GAAG,EAAEpB,CAAC,CAACO,MAAM,CAAC,CAAC;IACfc,GAAG,EAAErB,CAAC,CAACK,OAAO,CAAC,MAAM;EACvB,CAAC;AACH,CAAC,CAAC;AAGF,OAAO,MAAMiB,gBAAgB,GAAGtB,CAAC,CAACE,MAAM,CAAC;EACvCC,eAAe,EAAEH,CAAC,CAACE,MAAM,CAAC;IACxBE,GAAG,EAAEJ,CAAC,CAACK,OAAO,CAAC,kBAAkB,CAAC;IAClCC,GAAG,EAAEN,CAAC,CAACO,MAAM,CAAC,CAAC;IACfC,GAAG,EAAER,CAAC,CAACO,MAAM,CAAC;EAChB,CAAC,CAAC;EACFE,OAAO,EAAET,CAAC,CAACE,MAAM,CAAC;IAChBQ,GAAG,EAAEV,CAAC,CAACO,MAAM,CAAC,CAAC;IACfI,GAAG,EAAEX,CAAC,CAACO,MAAM,CAAC,CAAC;IACfK,GAAG,EAAEZ,CAAC,CAACa,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEd,CAAC,CAACa,MAAM,CAAC,CAAC;IACfU,SAAS,EAAEvB,CAAC,CAACO,MAAM,CAAC,CAAC;IACrBiB,cAAc,EAAExB,CAAC,CAACO,MAAM,CAAC,CAAC;IAC1BkB,GAAG,EAAEzB,CAAC,CAACO,MAAM,CAAC,CAAC,CAACmB,QAAQ,CAAC,CAAC;IAC1BN,GAAG,EAAEpB,CAAC,CAACO,MAAM,CAAC,CAAC;IACfc,GAAG,EAAErB,CAAC,CAACK,OAAO,CAAC,MAAM;EACvB,CAAC;AACH,CAAC,CAAC;AAiBF,OAAO,MAAMsB,yBAAyB,GAAG3B,CAAC,CAACE,MAAM,CAAC;EAChDa,MAAM,EAAEf,CAAC,CAACK,OAAO,CAAC,qBAAqB,CAAC;EACxCW,IAAI,EAAEhB,CAAC,CAACK,OAAO,CAAC,iBAAiB,CAAC;EAClCuB,kBAAkB,EAAE5B,CAAC,CAACO,MAAM,CAAC,CAAC;EAC9BsB,YAAY,EAAE7B,CAAC,CAACO,MAAM,CAAC;AACzB,CAAC,CAAC"}

package/lib/module/credential/issuance/types.js DELETED Viewed

@@ -1,30 +0,0 @@
-import * as z from "zod";
-export const AuthorizationDetail = z.object({
-  type: z.literal("openid_credential"),
-  credential_configuration_id: z.string(),
-  credential_identifiers: z.array(z.string())
-});
-export const TokenResponse = z.object({
-  access_token: z.string(),
-  refresh_token: z.string().optional(),
-  authorization_details: z.array(AuthorizationDetail),
-  expires_in: z.number(),
-  token_type: z.string()
-});
-export const CredentialResponse = z.object({
-  credentials: z.array(z.object({
-    credential: z.string()
-  })),
-  notification_id: z.string().optional()
-});
-/**
- * Shape from parsing a response given by a request uri during the EAA credential issuance flow with response mode "form_post.jwt".
- */
-export const ResponseUriResultShape = z.object({
-  redirect_uri: z.string()
-});
-export const NonceResponse = z.object({
-  c_nonce: z.string()
-});
-//# sourceMappingURL=types.js.map

package/lib/module/credential/issuance/types.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["z","AuthorizationDetail","object","type","literal","credential_configuration_id","string","credential_identifiers","array","TokenResponse","access_token","refresh_token","optional","authorization_details","expires_in","number","token_type","CredentialResponse","credentials","credential","notification_id","ResponseUriResultShape","redirect_uri","NonceResponse","c_nonce"],"sourceRoot":"../../../../src","sources":["credential/issuance/types.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AAGxB,OAAO,MAAMC,mBAAmB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAC1CC,IAAI,EAAEH,CAAC,CAACI,OAAO,CAAC,mBAAmB,CAAC;EACpCC,2BAA2B,EAAEL,CAAC,CAACM,MAAM,CAAC,CAAC;EACvCC,sBAAsB,EAAEP,CAAC,CAACQ,KAAK,CAACR,CAAC,CAACM,MAAM,CAAC,CAAC;AAC5C,CAAC,CAAC;AAIF,OAAO,MAAMG,aAAa,GAAGT,CAAC,CAACE,MAAM,CAAC;EACpCQ,YAAY,EAAEV,CAAC,CAACM,MAAM,CAAC,CAAC;EACxBK,aAAa,EAAEX,CAAC,CAACM,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC,CAAC;EACpCC,qBAAqB,EAAEb,CAAC,CAACQ,KAAK,CAACP,mBAAmB,CAAC;EACnDa,UAAU,EAAEd,CAAC,CAACe,MAAM,CAAC,CAAC;EACtBC,UAAU,EAAEhB,CAAC,CAACM,MAAM,CAAC;AACvB,CAAC,CAAC;AAIF,OAAO,MAAMW,kBAAkB,GAAGjB,CAAC,CAACE,MAAM,CAAC;EACzCgB,WAAW,EAAElB,CAAC,CAACQ,KAAK,CAClBR,CAAC,CAACE,MAAM,CAAC;IACPiB,UAAU,EAAEnB,CAAC,CAACM,MAAM,CAAC;EACvB,CAAC,CACH,CAAC;EACDc,eAAe,EAAEpB,CAAC,CAACM,MAAM,CAAC,CAAC,CAACM,QAAQ,CAAC;AACvC,CAAC,CAAC;;AAEF;AACA;AACA;AACA,OAAO,MAAMS,sBAAsB,GAAGrB,CAAC,CAACE,MAAM,CAAC;EAC7CoB,YAAY,EAAEtB,CAAC,CAACM,MAAM,CAAC;AACzB,CAAC,CAAC;AAKF,OAAO,MAAMiB,aAAa,GAAGvB,CAAC,CAACE,MAAM,CAAC;EACpCsB,OAAO,EAAExB,CAAC,CAACM,MAAM,CAAC;AACpB,CAAC,CAAC"}

package/lib/module/credential/offer/01-start-flow.js DELETED Viewed

@@ -1,66 +0,0 @@
-import * as z from "zod";
-import { Logger, LogLevel } from "../../utils/logging";
-import { stringToJSONSchema } from "../../utils/zod";
-import { InvalidQRCodeError } from "./errors";
-import { CredentialOfferSchema } from "./types";
-const CREDENTIAL_OFFER_SCHEMES = ["openid-credential-offer://", "haip://"];
-const CREDENTIAL_OFFER_PARAM = "credential_offer";
-const CREDENTIAL_OFFER_URI_PARAM = "credential_offer_uri";
-const CredentialOfferParams = z.union([z.object({
-  credential_offer: stringToJSONSchema.pipe(CredentialOfferSchema),
-  credential_offer_uri: z.undefined()
-}), z.object({
-  credential_offer: z.undefined(),
-  credential_offer_uri: z.string().url()
-})]);
-/**
- * The beginning of the credential offer flow.
- * To be implemented according to the user touchpoint
- *
- * @param params Credential offer encoded url
- * @returns Object containing the credential offer by reference or by value
- */
-/**
- * Start a credential offer flow by validating and parse an encoded url
- * extracted from a QR code or a deep link.
- *
- * @param params The encoded url to be validated and parsed
- * @returns Object containing the credential offer by reference or by value
- * @throws If the provided encoded url is not valid
- */
-export const startFlowFromQR = encodedUrl => {
-  const hasValidScheme = CREDENTIAL_OFFER_SCHEMES.some(prefix => encodedUrl.startsWith(prefix));
-  if (!hasValidScheme) {
-    throw new InvalidQRCodeError("Url must have one of the supported schemes");
-  }
-  const url = new URL(encodedUrl);
-  const offerParam = url.searchParams.get(CREDENTIAL_OFFER_PARAM);
-  const offerUriParam = url.searchParams.get(CREDENTIAL_OFFER_URI_PARAM);
-  if (offerParam) {
-    const decoded = decodeURIComponent(offerParam);
-    const result = CredentialOfferParams.safeParse({
-      credential_offer: decoded
-    });
-    if (result.success) {
-      return result.data;
-    }
-    Logger.log(LogLevel.ERROR, `Invalid credential offer object found in QR Code: ${result.error.message}`);
-    throw new InvalidQRCodeError(result.error.message);
-  }
-  if (offerUriParam) {
-    const decoded = decodeURIComponent(offerUriParam);
-    const result = CredentialOfferParams.safeParse({
-      credential_offer_uri: decoded
-    });
-    if (result.success) {
-      return result.data;
-    }
-    Logger.log(LogLevel.ERROR, `Invalid credential offer URI found in QR Code: ${result.error.message}`);
-    throw new InvalidQRCodeError(result.error.message);
-  }
-  Logger.log(LogLevel.ERROR, `Invalid credential offer QR Code:`);
-  throw new InvalidQRCodeError("QR Code does not contain valid params");
-};
-//# sourceMappingURL=01-start-flow.js.map

package/lib/module/credential/offer/01-start-flow.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["z","Logger","LogLevel","stringToJSONSchema","InvalidQRCodeError","CredentialOfferSchema","CREDENTIAL_OFFER_SCHEMES","CREDENTIAL_OFFER_PARAM","CREDENTIAL_OFFER_URI_PARAM","CredentialOfferParams","union","object","credential_offer","pipe","credential_offer_uri","undefined","string","url","startFlowFromQR","encodedUrl","hasValidScheme","some","prefix","startsWith","URL","offerParam","searchParams","get","offerUriParam","decoded","decodeURIComponent","result","safeParse","success","data","log","ERROR","error","message"],"sourceRoot":"../../../../src","sources":["credential/offer/01-start-flow.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,MAAM,EAAEC,QAAQ,QAAQ,qBAAqB;AACtD,SAASC,kBAAkB,QAAQ,iBAAiB;AACpD,SAASC,kBAAkB,QAAQ,UAAU;AAC7C,SAASC,qBAAqB,QAAQ,SAAS;AAE/C,MAAMC,wBAAwB,GAAG,CAAC,4BAA4B,EAAE,SAAS,CAAC;AAC1E,MAAMC,sBAAsB,GAAG,kBAAkB;AACjD,MAAMC,0BAA0B,GAAG,sBAAsB;AAEzD,MAAMC,qBAAqB,GAAGT,CAAC,CAACU,KAAK,CAAC,CACpCV,CAAC,CAACW,MAAM,CAAC;EACPC,gBAAgB,EAAET,kBAAkB,CAACU,IAAI,CAACR,qBAAqB,CAAC;EAChES,oBAAoB,EAAEd,CAAC,CAACe,SAAS,CAAC;AACpC,CAAC,CAAC,EACFf,CAAC,CAACW,MAAM,CAAC;EACPC,gBAAgB,EAAEZ,CAAC,CAACe,SAAS,CAAC,CAAC;EAC/BD,oBAAoB,EAAEd,CAAC,CAACgB,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC;AACvC,CAAC,CAAC,CACH,CAAC;;AAGF;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAA0B,GAAIC,UAAU,IAAK;EACxD,MAAMC,cAAc,GAAGd,wBAAwB,CAACe,IAAI,CAAEC,MAAM,IAC1DH,UAAU,CAACI,UAAU,CAACD,MAAM,CAC9B,CAAC;EAED,IAAI,CAACF,cAAc,EAAE;IACnB,MAAM,IAAIhB,kBAAkB,CAAC,4CAA4C,CAAC;EAC5E;EAEA,MAAMa,GAAG,GAAG,IAAIO,GAAG,CAACL,UAAU,CAAC;EAC/B,MAAMM,UAAU,GAAGR,GAAG,CAACS,YAAY,CAACC,GAAG,CAACpB,sBAAsB,CAAC;EAC/D,MAAMqB,aAAa,GAAGX,GAAG,CAACS,YAAY,CAACC,GAAG,CAACnB,0BAA0B,CAAC;EAEtE,IAAIiB,UAAU,EAAE;IACd,MAAMI,OAAO,GAAGC,kBAAkB,CAACL,UAAU,CAAC;IAC9C,MAAMM,MAAM,GAAGtB,qBAAqB,CAACuB,SAAS,CAAC;MAC7CpB,gBAAgB,EAAEiB;IACpB,CAAC,CAAC;IAEF,IAAIE,MAAM,CAACE,OAAO,EAAE;MAClB,OAAOF,MAAM,CAACG,IAAI;IACpB;IAEAjC,MAAM,CAACkC,GAAG,CACRjC,QAAQ,CAACkC,KAAK,EACb,qDAAoDL,MAAM,CAACM,KAAK,CAACC,OAAQ,EAC5E,CAAC;IACD,MAAM,IAAIlC,kBAAkB,CAAC2B,MAAM,CAACM,KAAK,CAACC,OAAO,CAAC;EACpD;EAEA,IAAIV,aAAa,EAAE;IACjB,MAAMC,OAAO,GAAGC,kBAAkB,CAACF,aAAa,CAAC;IACjD,MAAMG,MAAM,GAAGtB,qBAAqB,CAACuB,SAAS,CAAC;MAC7ClB,oBAAoB,EAAEe;IACxB,CAAC,CAAC;IAEF,IAAIE,MAAM,CAACE,OAAO,EAAE;MAClB,OAAOF,MAAM,CAACG,IAAI;IACpB;IAEAjC,MAAM,CAACkC,GAAG,CACRjC,QAAQ,CAACkC,KAAK,EACb,kDAAiDL,MAAM,CAACM,KAAK,CAACC,OAAQ,EACzE,CAAC;IACD,MAAM,IAAIlC,kBAAkB,CAAC2B,MAAM,CAACM,KAAK,CAACC,OAAO,CAAC;EACpD;EAEArC,MAAM,CAACkC,GAAG,CAACjC,QAAQ,CAACkC,KAAK,EAAG,mCAAkC,CAAC;EAC/D,MAAM,IAAIhC,kBAAkB,CAAC,uCAAuC,CAAC;AACvE,CAAC"}

package/lib/module/credential/offer/02-fetch-credential-offer.js DELETED Viewed

@@ -1,38 +0,0 @@
-import { IssuerResponseError } from "../../utils/errors";
-import { Logger, LogLevel } from "../../utils/logging";
-import { hasStatusOrThrow } from "../../utils/misc";
-import { InvalidCredentialOfferError } from "./errors";
-import { CredentialOfferSchema } from "./types";
-/**
- * Fetches and validates a credential offer from a given URI.
- *
- * This function performs an HTTP GET request to the specified `credentialOfferUri`,
- * expecting a JSON response that matches the `CredentialOfferSchema`. If the response
- * is invalid or does not conform to the schema, an error is logged and an
- * `InvalidCredentialOfferError` is thrown.
- *
- * @param credentialOfferUri - The URI from which to fetch the credential offer.
- * @param context - Optional context object that may provide a custom `appFetch` implementation.
- * @returns The validated credential offer data.
- * @throws {IssuerResponseError} If the HTTP response status is not 200.
- * @throws {InvalidCredentialOfferError} If the response does not match the expected schema.
- */
-export const fetchCredentialOffer = async function (uri) {
-  let context = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  const {
-    appFetch = fetch
-  } = context;
-  const response = await appFetch(uri, {
-    method: "GET",
-    headers: {
-      Accept: "application/json"
-    }
-  }).then(hasStatusOrThrow(200, IssuerResponseError)).then(reqUri => reqUri.json());
-  const credentialOffer = CredentialOfferSchema.safeParse(response);
-  if (!credentialOffer.success) {
-    Logger.log(LogLevel.ERROR, `Invalid credential offer fetched from URI: ${uri} - ${credentialOffer.error.message}`);
-    throw new InvalidCredentialOfferError(`Invalid credential offer fetched from URI: ${uri} - ${credentialOffer.error.message}`);
-  }
-  return credentialOffer.data;
-};
-//# sourceMappingURL=02-fetch-credential-offer.js.map

package/lib/module/credential/offer/02-fetch-credential-offer.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["IssuerResponseError","Logger","LogLevel","hasStatusOrThrow","InvalidCredentialOfferError","CredentialOfferSchema","fetchCredentialOffer","uri","context","arguments","length","undefined","appFetch","fetch","response","method","headers","Accept","then","reqUri","json","credentialOffer","safeParse","success","log","ERROR","error","message","data"],"sourceRoot":"../../../../src","sources":["credential/offer/02-fetch-credential-offer.ts"],"mappings":"AAAA,SAASA,mBAAmB,QAAQ,oBAAoB;AACxD,SAASC,MAAM,EAAEC,QAAQ,QAAQ,qBAAqB;AACtD,SAASC,gBAAgB,QAAQ,kBAAkB;AACnD,SAASC,2BAA2B,QAAQ,UAAU;AAEtD,SAASC,qBAAqB,QAAQ,SAAS;AAS/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,oBAAwC,GAAG,eAAAA,CACtDC,GAAW,EAER;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAM;IAAEG,QAAQ,GAAGC;EAAM,CAAC,GAAGL,OAAO;EAEpC,MAAMM,QAAQ,GAAG,MAAMF,QAAQ,CAACL,GAAG,EAAE;IACnCQ,MAAM,EAAE,KAAK;IACbC,OAAO,EAAE;MAAEC,MAAM,EAAE;IAAmB;EACxC,CAAC,CAAC,CACCC,IAAI,CAACf,gBAAgB,CAAC,GAAG,EAAEH,mBAAmB,CAAC,CAAC,CAChDkB,IAAI,CAAEC,MAAM,IAAKA,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC;EAElC,MAAMC,eAAe,GAAGhB,qBAAqB,CAACiB,SAAS,CAACR,QAAQ,CAAC;EACjE,IAAI,CAACO,eAAe,CAACE,OAAO,EAAE;IAC5BtB,MAAM,CAACuB,GAAG,CACRtB,QAAQ,CAACuB,KAAK,EACb,8CAA6ClB,GAAI,MAAKc,eAAe,CAACK,KAAK,CAACC,OAAQ,EACvF,CAAC;IACD,MAAM,IAAIvB,2BAA2B,CAClC,8CAA6CG,GAAI,MAAKc,eAAe,CAACK,KAAK,CAACC,OAAQ,EACvF,CAAC;EACH;EAEA,OAAON,eAAe,CAACO,IAAI;AAC7B,CAAC"}