@pagopa/io-react-native-wallet 3.0.0 → 3.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/credential/issuance/common/06-verify-and-parse-credential.sdjwt.js +2 -1
- package/lib/commonjs/credential/issuance/common/06-verify-and-parse-credential.sdjwt.js.map +1 -1
- package/lib/commonjs/credential/presentation/common/utils/sd-jwt.js +2 -1
- package/lib/commonjs/credential/presentation/common/utils/sd-jwt.js.map +1 -1
- package/lib/commonjs/sd-jwt/index.js +3 -2
- package/lib/commonjs/sd-jwt/index.js.map +1 -1
- package/lib/commonjs/sd-jwt/utils.js +2 -1
- package/lib/commonjs/sd-jwt/utils.js.map +1 -1
- package/lib/commonjs/utils/credentials.js +17 -2
- package/lib/commonjs/utils/credentials.js.map +1 -1
- package/lib/module/credential/issuance/common/06-verify-and-parse-credential.sdjwt.js +2 -1
- package/lib/module/credential/issuance/common/06-verify-and-parse-credential.sdjwt.js.map +1 -1
- package/lib/module/credential/presentation/common/utils/sd-jwt.js +2 -1
- package/lib/module/credential/presentation/common/utils/sd-jwt.js.map +1 -1
- package/lib/module/sd-jwt/index.js +3 -2
- package/lib/module/sd-jwt/index.js.map +1 -1
- package/lib/module/sd-jwt/utils.js +2 -1
- package/lib/module/sd-jwt/utils.js.map +1 -1
- package/lib/module/utils/credentials.js +15 -1
- package/lib/module/utils/credentials.js.map +1 -1
- package/lib/typescript/credential/issuance/common/06-verify-and-parse-credential.sdjwt.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/common/utils/sd-jwt.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/index.d.ts +1 -1
- package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/utils.d.ts.map +1 -1
- package/lib/typescript/utils/credentials.d.ts +5 -0
- package/lib/typescript/utils/credentials.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/credential/issuance/common/06-verify-and-parse-credential.sdjwt.ts +2 -1
- package/src/credential/presentation/common/utils/sd-jwt.ts +4 -1
- package/src/sd-jwt/index.ts +8 -3
- package/src/sd-jwt/utils.ts +5 -1
- package/src/utils/credentials.ts +17 -1
|
@@ -11,6 +11,7 @@ var _parser = require("../../../utils/parser");
|
|
|
11
11
|
var _errors = require("../../../utils/errors");
|
|
12
12
|
var _logging = require("../../../utils/logging");
|
|
13
13
|
var _jwk = require("../../../utils/jwk");
|
|
14
|
+
var _credentials = require("../../../utils/credentials");
|
|
14
15
|
/**
|
|
15
16
|
* Parse a Sd-Jwt credential according to the issuer configuration
|
|
16
17
|
* @param credentialConfig - the list of supported credentials, as defined in the issuer configuration with their claims metadata
|
|
@@ -150,7 +151,7 @@ async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingCon
|
|
|
150
151
|
_logging.Logger.log(_logging.LogLevel.ERROR, message);
|
|
151
152
|
throw new _errors.IoWalletError(message);
|
|
152
153
|
}
|
|
153
|
-
return await sdJwtInstance.decode(rawCredential);
|
|
154
|
+
return await sdJwtInstance.decode((0, _credentials.fixLegacyCredentialSdJwt)(rawCredential));
|
|
154
155
|
}
|
|
155
156
|
const verifyAndParseCredentialSdJwt = async (issuerConf, credential, credentialConfigurationId, _ref) => {
|
|
156
157
|
let {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_core","_cryptoNodejs","_parser","_errors","_logging","_jwk","parseCredentialSdJwt","credentialConfig","parsedCredentialRaw","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","claimsMetadata","claims","missingPaths","rootKeysToVerify","Set","map","c","path","filter","p","rootKey","push","missing","join","received","Object","keys","IoWalletError","getDisplayNames","match","find","isPathEqual","nameMap","entry","display","locale","name","processLevel","currentData","currentPath","Array","isArray","item","dataObj","result","processedKeys","configKeysAtThisLevel","claim","isPrefixOf","nextPart","includes","key","stringKey","toString","dataValue","newPath","localizedNames","value","add","entries","has","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","protectedHeader","decode","verifierJwk","getJwkFromHeader","sdJwtInstance","SDJwtInstance","hasher","digest","verifier","ES256","getVerifier","verifiedCredential","holderBindingKey","Promise","all","verify","getPublicKey","cnf","payload","isSameThumbprint","jwk","message","kid","Logger","log","LogLevel","ERROR","verifyAndParseCredentialSdJwt","issuerConf","credential","credentialConfigurationId","_ref","credentialCryptoContext","decoded","DEBUG","JSON","stringify","credential_configurations_supported","getClaims","parsedCredential","issuedAt","iat","Date","exp","expiration","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/common/06-verify-and-parse-credential.sdjwt.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAKA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,aAAA,GAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AACA,IAAAM,IAAA,GAAAN,OAAA;
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_core","_cryptoNodejs","_parser","_errors","_logging","_jwk","_credentials","parseCredentialSdJwt","credentialConfig","parsedCredentialRaw","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","claimsMetadata","claims","missingPaths","rootKeysToVerify","Set","map","c","path","filter","p","rootKey","push","missing","join","received","Object","keys","IoWalletError","getDisplayNames","match","find","isPathEqual","nameMap","entry","display","locale","name","processLevel","currentData","currentPath","Array","isArray","item","dataObj","result","processedKeys","configKeysAtThisLevel","claim","isPrefixOf","nextPart","includes","key","stringKey","toString","dataValue","newPath","localizedNames","value","add","entries","has","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","protectedHeader","decode","verifierJwk","getJwkFromHeader","sdJwtInstance","SDJwtInstance","hasher","digest","verifier","ES256","getVerifier","verifiedCredential","holderBindingKey","Promise","all","verify","getPublicKey","cnf","payload","isSameThumbprint","jwk","message","kid","Logger","log","LogLevel","ERROR","fixLegacyCredentialSdJwt","verifyAndParseCredentialSdJwt","issuerConf","credential","credentialConfigurationId","_ref","credentialCryptoContext","decoded","DEBUG","JSON","stringify","credential_configurations_supported","getClaims","parsedCredential","issuedAt","iat","Date","exp","expiration","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/common/06-verify-and-parse-credential.sdjwt.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAKA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,aAAA,GAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AACA,IAAAM,IAAA,GAAAN,OAAA;AAEA,IAAAO,YAAA,GAAAP,OAAA;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMQ,oBAAoB,GAAG,SAAAA,CAC3BC,gBAAgC,EAChCC,mBAA4C,EAGvB;EAAA,IAFrBC,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,MAAMI,cAAc,GAAGP,gBAAgB,CAACQ,MAAM,IAAI,EAAE;;EAEpD;EACA,IAAI,CAACN,uBAAuB,EAAE;IAC5B,MAAMO,YAAsB,GAAG,EAAE;IACjC,MAAMC,gBAAgB,GAAG,IAAIC,GAAG,CAC9BJ,cAAc,CACXK,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAACC,IAAI,CAAC,CAAC,CAAC,CAAC,CACrBC,MAAM,CAAEC,CAAC,IAAkB,OAAOA,CAAC,KAAK,QAAQ,CACrD,CAAC;IAED,KAAK,MAAMC,OAAO,IAAIP,gBAAgB,EAAE;MACtC,IAAI,EAAEO,OAAO,IAAIhB,mBAAmB,CAAC,EAAE;QACrCQ,YAAY,CAACS,IAAI,CAACD,OAAO,CAAC;MAC5B;IACF;IAEA,IAAIR,YAAY,CAACL,MAAM,GAAG,CAAC,EAAE;MAC3B,MAAMe,OAAO,GAAGV,YAAY,CAACW,IAAI,CAAC,IAAI,CAAC;MACvC,MAAMC,QAAQ,GAAGC,MAAM,CAACC,IAAI,CAACtB,mBAAmB,CAAC,CAACmB,IAAI,CAAC,IAAI,CAAC;MAC5D,MAAM,IAAII,qBAAa,CACpB,4DAA2DL,OAAQ,iBAAgBE,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;AACF;AACA;EACE,MAAMI,eAAe,GACnBX,IAAgC,IACO;IACvC,MAAMY,KAAK,GAAGnB,cAAc,CAACoB,IAAI,CAAEd,CAAC,IAAK,IAAAe,mBAAW,EAACf,CAAC,CAACC,IAAI,EAAEA,IAAI,CAAC,CAAC;IACnE,IAAI,CAACY,KAAK,EAAE,OAAOrB,SAAS;IAE5B,MAAMwB,OAA+B,GAAG,CAAC,CAAC;IAC1C,KAAK,MAAMC,KAAK,IAAIJ,KAAK,CAACK,OAAO,EAAE;MACjCF,OAAO,CAACC,KAAK,CAACE,MAAM,CAAC,GAAGF,KAAK,CAACG,IAAI;IACpC;IACA,OAAOJ,OAAO;EAChB,CAAC;;EAED;AACF;AACA;EACE,MAAMK,YAAY,GAAGA,CACnBC,WAAoB,EACpBC,WAAuC,KAC3B;IACZ;IACA,IAAIC,KAAK,CAACC,OAAO,CAACH,WAAW,CAAC,EAAE;MAC9B,OAAOA,WAAW,CAACvB,GAAG,CAAE2B,IAAI,IAC1BL,YAAY,CAACK,IAAI,EAAE,CAAC,GAAGH,WAAW,EAAE,IAAI,CAAC,CAC3C,CAAC;IACH;;IAEA;IACA,IAAI,OAAOD,WAAW,KAAK,QAAQ,IAAIA,WAAW,KAAK,IAAI,EAAE;MAC3D,OAAOA,WAAW;IACpB;IAEA,MAAMK,OAAO,GAAGL,WAAsC;IACtD,MAAMM,MAAwB,GAAG,CAAC,CAAC;IACnC,MAAMC,aAAa,GAAG,IAAI/B,GAAG,CAAkB,CAAC;;IAEhD;IACA,MAAMgC,qBAA0C,GAAG,EAAE;IACrD,KAAK,MAAMC,KAAK,IAAIrC,cAAc,EAAE;MAClC;MACA,IAAI,IAAAsC,kBAAU,EAACT,WAAW,EAAEQ,KAAK,CAAC9B,IAAI,CAAC,EAAE;QACvC,MAAMgC,QAAQ,GAAGF,KAAK,CAAC9B,IAAI,CAACsB,WAAW,CAAChC,MAAM,CAAC;QAC/C,IACE,CAAC,OAAO0C,QAAQ,KAAK,QAAQ,IAAI,OAAOA,QAAQ,KAAK,QAAQ,KAC7D,CAACH,qBAAqB,CAACI,QAAQ,CAACD,QAAQ,CAAC,EACzC;UACAH,qBAAqB,CAACzB,IAAI,CAAC4B,QAAQ,CAAC;QACtC;MACF;IACF;;IAEA;IACA,KAAK,MAAME,GAAG,IAAIL,qBAAqB,EAAE;MACvC,MAAMM,SAAS,GAAGD,GAAG,CAACE,QAAQ,CAAC,CAAC;MAChC,MAAMC,SAAS,GAAGX,OAAO,CAACS,SAAS,CAAC;MACpC,IAAIE,SAAS,KAAK9C,SAAS,EAAE;MAE7B,MAAM+C,OAAO,GAAG,CAAC,GAAGhB,WAAW,EAAEY,GAAG,CAAC;MAErC,IAAIK,cAAc,GAAG5B,eAAe,CAAC2B,OAAO,CAAC;;MAE7C;MACA,IAAI,CAACC,cAAc,IAAIhB,KAAK,CAACC,OAAO,CAACa,SAAS,CAAC,EAAE;QAC/CE,cAAc,GAAG5B,eAAe,CAAC,CAAC,GAAG2B,OAAO,EAAE,IAAI,CAAC,CAAC;MACtD;MAEAX,MAAM,CAACQ,SAAS,CAAC,GAAG;QAClBhB,IAAI,EAAEoB,cAAc,IAAIJ,SAAS;QACjCK,KAAK,EAAEpB,YAAY,CAACiB,SAAS,EAAEC,OAAO;MACxC,CAAC;MAEDV,aAAa,CAACa,GAAG,CAACP,GAAG,CAAC;IACxB;;IAEA;IACA,IAAI1C,0BAA0B,EAAE;MAC9B,KAAK,MAAM,CAAC0C,GAAG,EAAEM,KAAK,CAAC,IAAIhC,MAAM,CAACkC,OAAO,CAAChB,OAAO,CAAC,EAAE;QAClD,IAAI,CAACE,aAAa,CAACe,GAAG,CAACT,GAAG,CAAC,EAAE;UAC3BP,MAAM,CAACO,GAAG,CAAC,GAAG;YACZf,IAAI,EAAEe,GAAG;YACTM,KAAK,EAAEA;UACT,CAAC;QACH;MACF;IACF;IAEA,OAAOb,MAAM;EACf,CAAC;EAED,OAAOP,YAAY,CAACjC,mBAAmB,EAAE,EAAE,CAAC;AAC9C,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeyD,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACnB;EAChB,MAAM;IAAEC;EAAgB,CAAC,GAAG,IAAAC,wBAAM,EAACJ,aAAa,CAAC;EACjD,MAAMK,WAAW,GAAG,IAAAC,kCAAgB,EAACH,eAAe,EAAEF,UAAU,CAAC;EAEjE,MAAMM,aAAa,GAAG,IAAIC,mBAAa,CAAC;IACtCC,MAAM,EAAEC,oBAAM;IACdC,QAAQ,EAAE,MAAMC,mBAAK,CAACC,WAAW,CAACR,WAAW;EAC/C,CAAC,CAAC;EAEF,MAAM,CAACS,kBAAkB,EAAEC,gBAAgB,CAAC,GAAG,MAAMC,OAAO,CAACC,GAAG,CAAC,CAC/DV,aAAa,CAACW,MAAM,CAAClB,aAAa,CAAC,EACnCE,oBAAoB,CAACiB,YAAY,CAAC,CAAC,CACpC,CAAC;EAEF,MAAM;IAAEC;EAAI,CAAC,GAAGN,kBAAkB,CAACO,OAAkC;EACrE,IAAI,EAAE,MAAM,IAAAC,qBAAgB,EAACF,GAAG,CAACG,GAAG,EAAER,gBAAuB,CAAC,CAAC,EAAE;IAC/D,MAAMS,OAAO,GAAI,kDAAiDT,gBAAgB,CAACU,GAAI,UAASL,GAAG,CAACG,GAAG,CAACE,GAAI,EAAC;IAC7GC,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAEL,OAAO,CAAC;IACnC,MAAM,IAAI3D,qBAAa,CAAC2D,OAAO,CAAC;EAClC;EAEA,OAAO,MAAMjB,aAAa,CAACH,MAAM,CAAC,IAAA0B,qCAAwB,EAAC9B,aAAa,CAAC,CAAC;AAC5E;AAEO,MAAM+B,6BAAsE,GACjF,MAAAA,CACEC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EAAAC,IAAA,KAMtB;EAAA,IALH;IACEC,uBAAuB;IACvB7F,uBAAuB;IACvBI;EACF,CAAC,GAAAwF,IAAA;EAED,MAAME,OAAO,GAAG,MAAMtC,qBAAqB,CACzCkC,UAAU,EACVD,UAAU,CAACpE,IAAI,EACfwE,uBACF,CAAC;EAEDV,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACU,KAAK,EACb,uBAAsBC,IAAI,CAACC,SAAS,CAACH,OAAO,CAAE,EACjD,CAAC;EAED,MAAMhG,gBAAgB,GACpB2F,UAAU,CAACS,mCAAmC,CAACP,yBAAyB,CAAC;EAE3E,IAAI,CAAC7F,gBAAgB,EAAE;IACrBqF,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,gDAA+CK,yBAA0B,EAC5E,CAAC;IACD,MAAM,IAAIrE,qBAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,MAAMvB,mBAAmB,GAAI,MAAM+F,OAAO,CAACK,SAAS,CAAChC,oBAAM,CAG1D;EAED,MAAMiC,gBAAgB,GAAGvG,oBAAoB,CAC3CC,gBAAgB,EAChBC,mBAAmB,EACnBC,uBAAuB,EACvBI,0BACF,CAAC;EAED,MAAMiG,QAAQ,GACZ,OAAOtG,mBAAmB,CAACuG,GAAG,KAAK,QAAQ,GACvC,IAAIC,IAAI,CAACxG,mBAAmB,CAACuG,GAAG,GAAG,IAAI,CAAC,GACxCnG,SAAS;EAEf,IAAI,OAAOJ,mBAAmB,CAACyG,GAAG,KAAK,QAAQ,EAAE;IAC/C,MAAM,IAAIlF,qBAAa,CAAC,2CAA2C,CAAC;EACtE;EACA,MAAMmF,UAAU,GAAG,IAAIF,IAAI,CAACxG,mBAAmB,CAACyG,GAAG,GAAG,IAAI,CAAC;EAE3DrB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACU,KAAK,EACb,sBAAqBC,IAAI,CAACC,SAAS,CAACG,gBAAgB,CAAE,gBAAeC,QAAS,EACjF,CAAC;EAED,OAAO;IACLD,gBAAgB;IAChBK,UAAU;IACVJ;EACF,CAAC;AACH,CAAC;AAACK,OAAA,CAAAlB,6BAAA,GAAAA,6BAAA"}
|
|
@@ -9,6 +9,7 @@ var _decode = require("@sd-jwt/decode");
|
|
|
9
9
|
var _cryptoNodejs = require("@sd-jwt/crypto-nodejs");
|
|
10
10
|
var _errors = require("../../../../utils/errors");
|
|
11
11
|
var _types = require("../../../../sd-jwt/types");
|
|
12
|
+
var _credentials = require("../../../../utils/credentials");
|
|
12
13
|
/**
|
|
13
14
|
* List of claims to remove from the SD-JWT before evaluating the DCQL query.
|
|
14
15
|
*/
|
|
@@ -41,7 +42,7 @@ const mapCredentialsToObj = async credentials => {
|
|
|
41
42
|
});
|
|
42
43
|
return Promise.all(credentials.map(async credential => {
|
|
43
44
|
var _decodedRawSdJwt$jwt2, _decodedRawSdJwt$jwt3;
|
|
44
|
-
const decodedRawSdJwt = await sdJwt.decode(credential[1]);
|
|
45
|
+
const decodedRawSdJwt = await sdJwt.decode((0, _credentials.fixLegacyCredentialSdJwt)(credential[1]));
|
|
45
46
|
const claims = await getClaimsFromDecodedSdJwt(decodedRawSdJwt);
|
|
46
47
|
return {
|
|
47
48
|
vct: (_decodedRawSdJwt$jwt2 = decodedRawSdJwt.jwt) === null || _decodedRawSdJwt$jwt2 === void 0 || (_decodedRawSdJwt$jwt2 = _decodedRawSdJwt$jwt2.payload) === null || _decodedRawSdJwt$jwt2 === void 0 ? void 0 : _decodedRawSdJwt$jwt2.vct,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_core","require","_decode","_cryptoNodejs","_errors","_types","NON_DISCLOSABLE_CLAIMS","getClaimsFromDecodedSdJwt","decodedRawSdJwt","_decodedRawSdJwt$jwt","jwt","payload","IoWalletError","claims","getClaims","disclosures","digest","claim","mapCredentialsToObj","credentials","sdJwt","SDJwtInstance","hasher","Promise","all","map","credential","_decodedRawSdJwt$jwt2","_decodedRawSdJwt$jwt3","decode","vct","credential_format","header","typ","LEGACY_SD_JWT","cryptographic_holder_binding","original_credential","exports"],"sourceRoot":"../../../../../../src","sources":["credential/presentation/common/utils/sd-jwt.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,aAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,MAAA,GAAAJ,OAAA;AAOA;AACA;AACA;AACA,
|
|
1
|
+
{"version":3,"names":["_core","require","_decode","_cryptoNodejs","_errors","_types","_credentials","NON_DISCLOSABLE_CLAIMS","getClaimsFromDecodedSdJwt","decodedRawSdJwt","_decodedRawSdJwt$jwt","jwt","payload","IoWalletError","claims","getClaims","disclosures","digest","claim","mapCredentialsToObj","credentials","sdJwt","SDJwtInstance","hasher","Promise","all","map","credential","_decodedRawSdJwt$jwt2","_decodedRawSdJwt$jwt3","decode","fixLegacyCredentialSdJwt","vct","credential_format","header","typ","LEGACY_SD_JWT","cryptographic_holder_binding","original_credential","exports"],"sourceRoot":"../../../../../../src","sources":["credential/presentation/common/utils/sd-jwt.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,aAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,MAAA,GAAAJ,OAAA;AACA,IAAAK,YAAA,GAAAL,OAAA;AAOA;AACA;AACA;AACA,MAAMM,sBAAsB,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC;;AAEvD;AACA;AACA;AACA,MAAMC,yBAAyB,GAAG,MAAOC,eAAsB,IAAK;EAAA,IAAAC,oBAAA;EAClE,IAAI,GAAAA,oBAAA,GAACD,eAAe,CAACE,GAAG,cAAAD,oBAAA,eAAnBA,oBAAA,CAAqBE,OAAO,GAAE;IACjC,MAAM,IAAIC,qBAAa,CAAC,qBAAqB,CAAC;EAChD;EAEA,MAAMC,MAAM,GAAG,MAAM,IAAAC,iBAAS,EAC5BN,eAAe,CAACE,GAAG,CAACC,OAAO,EAC3BH,eAAe,CAACO,WAAW,IAAI,EAAE,EACjCC,oBACF,CAAC;EAED,KAAK,MAAMC,KAAK,IAAIX,sBAAsB,EAAE;IAC1C,OAAOO,MAAM,CAACI,KAAK,CAAC;EACtB;EAEA,OAAOJ,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACO,MAAMK,mBAAmB,GAAG,MACjCC,WAA8B,IACa;EAC3C,MAAMC,KAAK,GAAG,IAAIC,mBAAa,CAAC;IAC9BC,MAAM,EAAEN;EACV,CAAC,CAAC;EAEF,OAAOO,OAAO,CAACC,GAAG,CAChBL,WAAW,CAACM,GAAG,CAAC,MAAOC,UAAU,IAAK;IAAA,IAAAC,qBAAA,EAAAC,qBAAA;IACpC,MAAMpB,eAAe,GAAG,MAAMY,KAAK,CAACS,MAAM,CACxC,IAAAC,qCAAwB,EAACJ,UAAU,CAAC,CAAC,CAAC,CACxC,CAAC;IACD,MAAMb,MAAM,GAAG,MAAMN,yBAAyB,CAACC,eAAe,CAAC;IAC/D,OAAO;MACLuB,GAAG,GAAAJ,qBAAA,GAAEnB,eAAe,CAACE,GAAG,cAAAiB,qBAAA,gBAAAA,qBAAA,GAAnBA,qBAAA,CAAqBhB,OAAO,cAAAgB,qBAAA,uBAA5BA,qBAAA,CAA8BI,GAAa;MAChDC,iBAAiB,EACf,EAAAJ,qBAAA,GAAApB,eAAe,CAACE,GAAG,cAAAkB,qBAAA,gBAAAA,qBAAA,GAAnBA,qBAAA,CAAqBK,MAAM,cAAAL,qBAAA,uBAA3BA,qBAAA,CAA6BM,GAAG,MAAKC,oBAAa,GAC9CA,oBAAa,GACb,WAAW;MACjBC,4BAA4B,EAAE,IAAI;MAClCvB,MAAM;MACNwB,mBAAmB,EAAEX;IACvB,CAAC;EACH,CAAC,CACH,CAAC;AACH,CAAC;AAACY,OAAA,CAAApB,mBAAA,GAAAA,mBAAA"}
|
|
@@ -12,6 +12,7 @@ var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
|
12
12
|
var _decode = require("@sd-jwt/decode");
|
|
13
13
|
var _present = require("@sd-jwt/present");
|
|
14
14
|
var _cryptoNodejs = require("@sd-jwt/crypto-nodejs");
|
|
15
|
+
var _credentials = require("../utils/credentials");
|
|
15
16
|
var _types = require("./types");
|
|
16
17
|
var _utils = require("./utils");
|
|
17
18
|
Object.keys(_utils).forEach(function (key) {
|
|
@@ -35,7 +36,7 @@ Object.keys(_utils).forEach(function (key) {
|
|
|
35
36
|
* @returns The parsed SD-JWT token and the parsed disclosures
|
|
36
37
|
*/
|
|
37
38
|
const decode = token => {
|
|
38
|
-
const decoded = (0, _decode.decodeSdJwtSync)(token, _cryptoNodejs.digest);
|
|
39
|
+
const decoded = (0, _decode.decodeSdJwtSync)((0, _credentials.fixLegacyCredentialSdJwt)(token), _cryptoNodejs.digest);
|
|
39
40
|
const sdJwt = _types.SdJwt4VCBase.parse({
|
|
40
41
|
header: decoded.jwt.header,
|
|
41
42
|
payload: decoded.jwt.payload
|
|
@@ -69,7 +70,7 @@ exports.decode = decode;
|
|
|
69
70
|
const prepareVpToken = async (nonce, client_id, _ref) => {
|
|
70
71
|
let [verifiableCredential, presentationFrame, cryptoContext] = _ref;
|
|
71
72
|
// Produce a VP token with only requested claims from the verifiable credential
|
|
72
|
-
const vp = await (0, _present.present)(verifiableCredential, presentationFrame, _cryptoNodejs.digest);
|
|
73
|
+
const vp = await (0, _present.present)((0, _credentials.fixLegacyCredentialSdJwt)(verifiableCredential), presentationFrame, _cryptoNodejs.digest);
|
|
73
74
|
|
|
74
75
|
// <Issuer-signed JWT>~<Disclosure 1>~<Disclosure N>~
|
|
75
76
|
const sd_hash = await (0, _ioReactNativeJwt.sha256ToBase64)(vp);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_decode","_present","_cryptoNodejs","_types","_utils","Object","keys","forEach","key","prototype","hasOwnProperty","call","_exportNames","exports","defineProperty","enumerable","get","decode","token","decoded","decodeSdJwtSync","digest","sdJwt","SdJwt4VCBase","parse","header","jwt","payload","disclosures","map","disclosure","encoded","_digest","salt","value","prepareVpToken","nonce","client_id","_ref","verifiableCredential","presentationFrame","cryptoContext","vp","present","sd_hash","sha256ToBase64","kbJwt","SignJWT","setProtectedHeader","typ","alg","setPayload","setAudience","setIssuedAt","sign","vp_token","join"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":";;;;;;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,QAAA,GAAAF,OAAA;AACA,IAAAG,aAAA,GAAAH,OAAA;
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_decode","_present","_cryptoNodejs","_credentials","_types","_utils","Object","keys","forEach","key","prototype","hasOwnProperty","call","_exportNames","exports","defineProperty","enumerable","get","decode","token","decoded","decodeSdJwtSync","fixLegacyCredentialSdJwt","digest","sdJwt","SdJwt4VCBase","parse","header","jwt","payload","disclosures","map","disclosure","encoded","_digest","salt","value","prepareVpToken","nonce","client_id","_ref","verifiableCredential","presentationFrame","cryptoContext","vp","present","sd_hash","sha256ToBase64","kbJwt","SignJWT","setProtectedHeader","typ","alg","setPayload","setAudience","setIssuedAt","sign","vp_token","join"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":";;;;;;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,QAAA,GAAAF,OAAA;AACA,IAAAG,aAAA,GAAAH,OAAA;AACA,IAAAI,YAAA,GAAAJ,OAAA;AAEA,IAAAK,MAAA,GAAAL,OAAA;AAEA,IAAAM,MAAA,GAAAN,OAAA;AAAAO,MAAA,CAAAC,IAAA,CAAAF,MAAA,EAAAG,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAC,YAAA,EAAAJ,GAAA;EAAA,IAAAA,GAAA,IAAAK,OAAA,IAAAA,OAAA,CAAAL,GAAA,MAAAJ,MAAA,CAAAI,GAAA;EAAAH,MAAA,CAAAS,cAAA,CAAAD,OAAA,EAAAL,GAAA;IAAAO,UAAA;IAAAC,GAAA,WAAAA,CAAA;MAAA,OAAAZ,MAAA,CAAAI,GAAA;IAAA;EAAA;AAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMS,MAAM,GAAIC,KAAa,IAAK;EACvC,MAAMC,OAAO,GAAG,IAAAC,uBAAe,EAAC,IAAAC,qCAAwB,EAACH,KAAK,CAAC,EAAEI,oBAAM,CAAC;EAExE,MAAMC,KAAK,GAAGC,mBAAY,CAACC,KAAK,CAAC;IAC/BC,MAAM,EAAEP,OAAO,CAACQ,GAAG,CAACD,MAAM;IAC1BE,OAAO,EAAET,OAAO,CAACQ,GAAG,CAACC;EACvB,CAAC,CAAC;EACF,MAAMC,WAAW,GAAGV,OAAO,CAACU,WAAW,CAACC,GAAG,CAAEC,UAAU,KAAM;IAC3DC,OAAO,EAAED,UAAU,CAACE,OAAO;IAC3Bd,OAAO,EAAE,CAACY,UAAU,CAACG,IAAI,EAAEH,UAAU,CAACvB,GAAG,EAAEuB,UAAU,CAACI,KAAK;EAC7D,CAAC,CAAC,CAAC;EACH,OAAO;IAAEZ,KAAK;IAAEM;EAAY,CAAC;AAC/B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAdAhB,OAAA,CAAAI,MAAA,GAAAA,MAAA;AAeO,MAAMmB,cAAc,GAAG,MAAAA,CAC5BC,KAAa,EACbC,SAAiB,EAAAC,IAAA,KAIb;EAAA,IAHJ,CAACC,oBAAoB,EAAEC,iBAAiB,EAAEC,aAAa,CAAe,GAAAH,IAAA;EAItE;EACA,MAAMI,EAAE,GAAG,MAAM,IAAAC,gBAAO,EACtB,IAAAvB,qCAAwB,EAACmB,oBAAoB,CAAC,EAC9CC,iBAAiB,EACjBnB,oBACF,CAAC;;EAED;EACA,MAAMuB,OAAO,GAAG,MAAM,IAAAC,gCAAc,EAACH,EAAE,CAAC;EAExC,MAAMI,KAAK,GAAG,MAAM,IAAIC,yBAAO,CAACN,aAAa,CAAC,CAC3CO,kBAAkB,CAAC;IAClBC,GAAG,EAAE,QAAQ;IACbC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVP,OAAO;IACPR,KAAK,EAAEA;EACT,CAAC,CAAC,CACDgB,WAAW,CAACf,SAAS,CAAC,CACtBgB,WAAW,CAAC,CAAC,CACbC,IAAI,CAAC,CAAC;EACT;EACA,MAAMC,QAAQ,GAAG,CAACb,EAAE,EAAEI,KAAK,CAAC,CAACU,IAAI,CAAC,EAAE,CAAC;EAErC,OAAO;IAAED;EAAS,CAAC;AACrB,CAAC;AAAC3C,OAAA,CAAAuB,cAAA,GAAAA,cAAA"}
|
|
@@ -10,6 +10,7 @@ var _cryptoNodejs = require("@sd-jwt/crypto-nodejs");
|
|
|
10
10
|
var _misc = require("../utils/misc");
|
|
11
11
|
var _types = require("./types");
|
|
12
12
|
var _errors = require("../utils/errors");
|
|
13
|
+
var _credentials = require("../utils/credentials");
|
|
13
14
|
/**
|
|
14
15
|
* Retrieve the Type Metadata for a credential and verify its integrity.
|
|
15
16
|
* @param vct The VCT as a valid HTTPS url
|
|
@@ -54,7 +55,7 @@ const fetchTypeMetadata = async function (vct, vctIntegrity) {
|
|
|
54
55
|
*/
|
|
55
56
|
exports.fetchTypeMetadata = fetchTypeMetadata;
|
|
56
57
|
const getVerification = credentialSdJwt => {
|
|
57
|
-
const decoded = (0, _decode.decodeSdJwtSync)(credentialSdJwt, _cryptoNodejs.digest);
|
|
58
|
+
const decoded = (0, _decode.decodeSdJwtSync)((0, _credentials.fixLegacyCredentialSdJwt)(credentialSdJwt), _cryptoNodejs.digest);
|
|
58
59
|
const claims = (0, _decode.getClaimsSync)(decoded.jwt.payload, decoded.disclosures, _cryptoNodejs.digest);
|
|
59
60
|
return claims.verification ? _types.Verification.parse(claims.verification) : undefined;
|
|
60
61
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_decode","_cryptoNodejs","_misc","_types","_errors","fetchTypeMetadata","vct","vctIntegrity","context","arguments","length","undefined","appFetch","fetch","origin","pathname","URL","metadata","headers","then","hasStatusOrThrow","IssuerResponseError","res","json","TypeMetadata","parse","alg","hash","split","IoWalletError","metadataHash","sha256ToBase64","JSON","stringify","ValidationFailed","message","reason","exports","getVerification","credentialSdJwt","decoded","decodeSdJwtSync","digest","claims","getClaimsSync","jwt","payload","disclosures","verification","Verification"],"sourceRoot":"../../../src","sources":["sd-jwt/utils.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,aAAA,GAAAF,OAAA;AACA,IAAAG,KAAA,GAAAH,OAAA;AACA,IAAAI,MAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_decode","_cryptoNodejs","_misc","_types","_errors","_credentials","fetchTypeMetadata","vct","vctIntegrity","context","arguments","length","undefined","appFetch","fetch","origin","pathname","URL","metadata","headers","then","hasStatusOrThrow","IssuerResponseError","res","json","TypeMetadata","parse","alg","hash","split","IoWalletError","metadataHash","sha256ToBase64","JSON","stringify","ValidationFailed","message","reason","exports","getVerification","credentialSdJwt","decoded","decodeSdJwtSync","fixLegacyCredentialSdJwt","digest","claims","getClaimsSync","jwt","payload","disclosures","verification","Verification"],"sourceRoot":"../../../src","sources":["sd-jwt/utils.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,aAAA,GAAAF,OAAA;AACA,IAAAG,KAAA,GAAAH,OAAA;AACA,IAAAI,MAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AAKA,IAAAM,YAAA,GAAAN,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMO,iBAAiB,GAAG,eAAAA,CAC/BC,GAAW,EACXC,YAAoB,EAIM;EAAA,IAH1BC,OAEC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAM;IAAEG,QAAQ,GAAGC;EAAM,CAAC,GAAGL,OAAO;EACpC,MAAM;IAAEM,MAAM;IAAEC;EAAS,CAAC,GAAG,IAAIC,GAAG,CAACV,GAAG,CAAC;EAEzC,MAAMW,QAAQ,GAAG,MAAML,QAAQ,CAAE,GAAEE,MAAO,mBAAkBC,QAAS,EAAC,EAAE;IACtEG,OAAO,EAAE;MACP,cAAc,EAAE;IAClB;EACF,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,2BAAmB,CAAC,CAAC,CAChDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBJ,IAAI,CAACK,mBAAY,CAACC,KAAK,CAAC;EAE3B,MAAM,CAACC,GAAG,EAAEC,IAAI,CAAC,GAAGpB,YAAY,CAACqB,KAAK,CAAC,QAAQ,CAAC;EAEhD,IAAIF,GAAG,KAAK,QAAQ,EAAE;IACpB,MAAM,IAAIG,qBAAa,CAAE,GAAEH,GAAI,6BAA4B,CAAC;EAC9D;;EAEA;EACA,MAAMI,YAAY,GAAG,MAAM,IAAAC,gCAAc,EAACC,IAAI,CAACC,SAAS,CAAChB,QAAQ,CAAC,CAAC;EAEnE,IAAIa,YAAY,KAAKH,IAAI,EAAE;IACzB,MAAM,IAAIO,wBAAgB,CAAC;MACzBC,OAAO,EAAE,gCAAgC;MACzCC,MAAM,EAAE;IACV,CAAC,CAAC;EACJ;EAEA,OAAOnB,QAAQ;AACjB,CAAC;;AAED;AACA;AACA;AACA;AACA;AAJAoB,OAAA,CAAAhC,iBAAA,GAAAA,iBAAA;AAKO,MAAMiC,eAAe,GAC1BC,eAAuB,IACM;EAC7B,MAAMC,OAAO,GAAG,IAAAC,uBAAe,EAC7B,IAAAC,qCAAwB,EAACH,eAAe,CAAC,EACzCI,oBACF,CAAC;EAED,MAAMC,MAAM,GAAG,IAAAC,qBAAa,EAC1BL,OAAO,CAACM,GAAG,CAACC,OAAO,EACnBP,OAAO,CAACQ,WAAW,EACnBL,oBACF,CAAC;EAED,OAAOC,MAAM,CAACK,YAAY,GACtBC,mBAAY,CAACzB,KAAK,CAACmB,MAAM,CAACK,YAAY,CAAC,GACvCtC,SAAS;AACf,CAAC;AAAC0B,OAAA,CAAAC,eAAA,GAAAA,eAAA"}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.extractJwkFromCredential = void 0;
|
|
6
|
+
exports.fixLegacyCredentialSdJwt = exports.extractJwkFromCredential = void 0;
|
|
7
7
|
var _decode = require("@sd-jwt/decode");
|
|
8
8
|
var _cryptoNodejs = require("@sd-jwt/crypto-nodejs");
|
|
9
9
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
@@ -20,7 +20,7 @@ const SD_JWT = ["dc+sd-jwt", _types.LEGACY_SD_JWT];
|
|
|
20
20
|
const extractJwkFromCredential = async (credential, format) => {
|
|
21
21
|
if (SD_JWT.includes(format)) {
|
|
22
22
|
// 1. SD-JWT case
|
|
23
|
-
const decoded = (0, _decode.decodeSdJwtSync)(credential, _cryptoNodejs.digest);
|
|
23
|
+
const decoded = (0, _decode.decodeSdJwtSync)(fixLegacyCredentialSdJwt(credential), _cryptoNodejs.digest);
|
|
24
24
|
const {
|
|
25
25
|
cnf
|
|
26
26
|
} = decoded.jwt.payload;
|
|
@@ -33,5 +33,20 @@ const extractJwkFromCredential = async (credential, format) => {
|
|
|
33
33
|
}
|
|
34
34
|
throw new _errors.IoWalletError(`Credential format ${format} not supported`);
|
|
35
35
|
};
|
|
36
|
+
|
|
37
|
+
/**
|
|
38
|
+
* Legacy credentials do not end with `~`. This function adds `~` when needed
|
|
39
|
+
* to avoid decoding errors in the @sd-jwt libraries.
|
|
40
|
+
*/
|
|
36
41
|
exports.extractJwkFromCredential = extractJwkFromCredential;
|
|
42
|
+
const fixLegacyCredentialSdJwt = token => {
|
|
43
|
+
if (!token.endsWith("~")) {
|
|
44
|
+
var _token$split$at;
|
|
45
|
+
const hasKeyBindingJwt = ((_token$split$at = token.split("~").at(-1)) === null || _token$split$at === void 0 ? void 0 : _token$split$at.split(".").length) === 3;
|
|
46
|
+
// Either we have a key binding JWT or it is a legacy 0.7.1 credential
|
|
47
|
+
return hasKeyBindingJwt ? token : `${token}~`;
|
|
48
|
+
}
|
|
49
|
+
return token;
|
|
50
|
+
};
|
|
51
|
+
exports.fixLegacyCredentialSdJwt = fixLegacyCredentialSdJwt;
|
|
37
52
|
//# sourceMappingURL=credentials.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_decode","require","_cryptoNodejs","_ioReactNativeJwt","_errors","_types","SD_JWT","LEGACY_SD_JWT","extractJwkFromCredential","credential","format","includes","decoded","decodeSdJwtSync","digest","cnf","jwt","payload","jwk","kid","thumbprint","IoWalletError","exports"],"sourceRoot":"../../../src","sources":["utils/credentials.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,aAAA,GAAAD,OAAA;AACA,IAAAE,iBAAA,GAAAF,OAAA;AAGA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,MAAA,GAAAJ,OAAA;AAMA,MAAMK,MAAM,GAAG,CAAC,WAAW,EAAEC,oBAAa,CAAC;;AAE3C;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,wBAAwB,GAAG,MAAAA,CACtCC,UAAkB,EAClBC,MAAqD,KACpC;EACjB,IAAIJ,MAAM,CAACK,QAAQ,CAACD,MAAM,CAAC,EAAE;IAC3B;IACA,MAAME,OAAO,GAAG,IAAAC,uBAAe,
|
|
1
|
+
{"version":3,"names":["_decode","require","_cryptoNodejs","_ioReactNativeJwt","_errors","_types","SD_JWT","LEGACY_SD_JWT","extractJwkFromCredential","credential","format","includes","decoded","decodeSdJwtSync","fixLegacyCredentialSdJwt","digest","cnf","jwt","payload","jwk","kid","thumbprint","IoWalletError","exports","token","endsWith","_token$split$at","hasKeyBindingJwt","split","at","length"],"sourceRoot":"../../../src","sources":["utils/credentials.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,aAAA,GAAAD,OAAA;AACA,IAAAE,iBAAA,GAAAF,OAAA;AAGA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,MAAA,GAAAJ,OAAA;AAMA,MAAMK,MAAM,GAAG,CAAC,WAAW,EAAEC,oBAAa,CAAC;;AAE3C;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,wBAAwB,GAAG,MAAAA,CACtCC,UAAkB,EAClBC,MAAqD,KACpC;EACjB,IAAIJ,MAAM,CAACK,QAAQ,CAACD,MAAM,CAAC,EAAE;IAC3B;IACA,MAAME,OAAO,GAAG,IAAAC,uBAAe,EAC7BC,wBAAwB,CAACL,UAAU,CAAC,EACpCM,oBACF,CAAC;IACD,MAAM;MAAEC;IAAI,CAAC,GAAGJ,OAAO,CAACK,GAAG,CAACC,OAAkC;IAC9D,IAAIF,GAAG,CAACG,GAAG,EAAE;MACX,OAAO;QAAE,GAAGH,GAAG,CAACG,GAAG;QAAEC,GAAG,EAAE,MAAM,IAAAC,4BAAU,EAACL,GAAG,CAACG,GAAG;MAAE,CAAC;IACvD;EACF;EACA,MAAM,IAAIG,qBAAa,CAAE,qBAAoBZ,MAAO,gBAAe,CAAC;AACtE,CAAC;;AAED;AACA;AACA;AACA;AAHAa,OAAA,CAAAf,wBAAA,GAAAA,wBAAA;AAIO,MAAMM,wBAAwB,GAAIU,KAAa,IAAK;EACzD,IAAI,CAACA,KAAK,CAACC,QAAQ,CAAC,GAAG,CAAC,EAAE;IAAA,IAAAC,eAAA;IACxB,MAAMC,gBAAgB,GAAG,EAAAD,eAAA,GAAAF,KAAK,CAACI,KAAK,CAAC,GAAG,CAAC,CAACC,EAAE,CAAC,CAAC,CAAC,CAAC,cAAAH,eAAA,uBAAvBA,eAAA,CAAyBE,KAAK,CAAC,GAAG,CAAC,CAACE,MAAM,MAAK,CAAC;IACzE;IACA,OAAOH,gBAAgB,GAAGH,KAAK,GAAI,GAAEA,KAAM,GAAE;EAC/C;EACA,OAAOA,KAAK;AACd,CAAC;AAACD,OAAA,CAAAT,wBAAA,GAAAA,wBAAA"}
|
|
@@ -5,6 +5,7 @@ import { isPathEqual, isPrefixOf } from "../../../utils/parser";
|
|
|
5
5
|
import { IoWalletError } from "../../../utils/errors";
|
|
6
6
|
import { LogLevel, Logger } from "../../../utils/logging";
|
|
7
7
|
import { isSameThumbprint } from "../../../utils/jwk";
|
|
8
|
+
import { fixLegacyCredentialSdJwt } from "../../../utils/credentials";
|
|
8
9
|
/**
|
|
9
10
|
* Parse a Sd-Jwt credential according to the issuer configuration
|
|
10
11
|
* @param credentialConfig - the list of supported credentials, as defined in the issuer configuration with their claims metadata
|
|
@@ -144,7 +145,7 @@ async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingCon
|
|
|
144
145
|
Logger.log(LogLevel.ERROR, message);
|
|
145
146
|
throw new IoWalletError(message);
|
|
146
147
|
}
|
|
147
|
-
return await sdJwtInstance.decode(rawCredential);
|
|
148
|
+
return await sdJwtInstance.decode(fixLegacyCredentialSdJwt(rawCredential));
|
|
148
149
|
}
|
|
149
150
|
export const verifyAndParseCredentialSdJwt = async (issuerConf, credential, credentialConfigurationId, _ref) => {
|
|
150
151
|
let {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["getJwkFromHeader","decode","SDJwtInstance","digest","ES256","isPathEqual","isPrefixOf","IoWalletError","LogLevel","Logger","isSameThumbprint","parseCredentialSdJwt","credentialConfig","parsedCredentialRaw","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","claimsMetadata","claims","missingPaths","rootKeysToVerify","Set","map","c","path","filter","p","rootKey","push","missing","join","received","Object","keys","getDisplayNames","match","find","nameMap","entry","display","locale","name","processLevel","currentData","currentPath","Array","isArray","item","dataObj","result","processedKeys","configKeysAtThisLevel","claim","nextPart","includes","key","stringKey","toString","dataValue","newPath","localizedNames","value","add","entries","has","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","protectedHeader","verifierJwk","sdJwtInstance","hasher","verifier","getVerifier","verifiedCredential","holderBindingKey","Promise","all","verify","getPublicKey","cnf","payload","jwk","message","kid","log","ERROR","verifyAndParseCredentialSdJwt","issuerConf","credential","credentialConfigurationId","_ref","credentialCryptoContext","decoded","DEBUG","JSON","stringify","credential_configurations_supported","getClaims","parsedCredential","issuedAt","iat","Date","exp","expiration"],"sourceRoot":"../../../../../src","sources":["credential/issuance/common/06-verify-and-parse-credential.sdjwt.ts"],"mappings":"AAAA,SACEA,gBAAgB,EAEhBC,MAAM,QACD,6BAA6B;AACpC,SAAqBC,aAAa,QAAQ,cAAc;AACxD,SAASC,MAAM,EAAEC,KAAK,QAAQ,uBAAuB;AACrD,SAASC,WAAW,EAAEC,UAAU,QAAQ,uBAAuB;AAC/D,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AACzD,SAASC,gBAAgB,QAAkB,oBAAoB;
|
|
1
|
+
{"version":3,"names":["getJwkFromHeader","decode","SDJwtInstance","digest","ES256","isPathEqual","isPrefixOf","IoWalletError","LogLevel","Logger","isSameThumbprint","fixLegacyCredentialSdJwt","parseCredentialSdJwt","credentialConfig","parsedCredentialRaw","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","claimsMetadata","claims","missingPaths","rootKeysToVerify","Set","map","c","path","filter","p","rootKey","push","missing","join","received","Object","keys","getDisplayNames","match","find","nameMap","entry","display","locale","name","processLevel","currentData","currentPath","Array","isArray","item","dataObj","result","processedKeys","configKeysAtThisLevel","claim","nextPart","includes","key","stringKey","toString","dataValue","newPath","localizedNames","value","add","entries","has","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","protectedHeader","verifierJwk","sdJwtInstance","hasher","verifier","getVerifier","verifiedCredential","holderBindingKey","Promise","all","verify","getPublicKey","cnf","payload","jwk","message","kid","log","ERROR","verifyAndParseCredentialSdJwt","issuerConf","credential","credentialConfigurationId","_ref","credentialCryptoContext","decoded","DEBUG","JSON","stringify","credential_configurations_supported","getClaims","parsedCredential","issuedAt","iat","Date","exp","expiration"],"sourceRoot":"../../../../../src","sources":["credential/issuance/common/06-verify-and-parse-credential.sdjwt.ts"],"mappings":"AAAA,SACEA,gBAAgB,EAEhBC,MAAM,QACD,6BAA6B;AACpC,SAAqBC,aAAa,QAAQ,cAAc;AACxD,SAASC,MAAM,EAAEC,KAAK,QAAQ,uBAAuB;AACrD,SAASC,WAAW,EAAEC,UAAU,QAAQ,uBAAuB;AAC/D,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AACzD,SAASC,gBAAgB,QAAkB,oBAAoB;AAE/D,SAASC,wBAAwB,QAAQ,4BAA4B;AAMrE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,oBAAoB,GAAG,SAAAA,CAC3BC,gBAAgC,EAChCC,mBAA4C,EAGvB;EAAA,IAFrBC,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,MAAMI,cAAc,GAAGP,gBAAgB,CAACQ,MAAM,IAAI,EAAE;;EAEpD;EACA,IAAI,CAACN,uBAAuB,EAAE;IAC5B,MAAMO,YAAsB,GAAG,EAAE;IACjC,MAAMC,gBAAgB,GAAG,IAAIC,GAAG,CAC9BJ,cAAc,CACXK,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAACC,IAAI,CAAC,CAAC,CAAC,CAAC,CACrBC,MAAM,CAAEC,CAAC,IAAkB,OAAOA,CAAC,KAAK,QAAQ,CACrD,CAAC;IAED,KAAK,MAAMC,OAAO,IAAIP,gBAAgB,EAAE;MACtC,IAAI,EAAEO,OAAO,IAAIhB,mBAAmB,CAAC,EAAE;QACrCQ,YAAY,CAACS,IAAI,CAACD,OAAO,CAAC;MAC5B;IACF;IAEA,IAAIR,YAAY,CAACL,MAAM,GAAG,CAAC,EAAE;MAC3B,MAAMe,OAAO,GAAGV,YAAY,CAACW,IAAI,CAAC,IAAI,CAAC;MACvC,MAAMC,QAAQ,GAAGC,MAAM,CAACC,IAAI,CAACtB,mBAAmB,CAAC,CAACmB,IAAI,CAAC,IAAI,CAAC;MAC5D,MAAM,IAAI1B,aAAa,CACpB,4DAA2DyB,OAAQ,iBAAgBE,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;AACF;AACA;EACE,MAAMG,eAAe,GACnBV,IAAgC,IACO;IACvC,MAAMW,KAAK,GAAGlB,cAAc,CAACmB,IAAI,CAAEb,CAAC,IAAKrB,WAAW,CAACqB,CAAC,CAACC,IAAI,EAAEA,IAAI,CAAC,CAAC;IACnE,IAAI,CAACW,KAAK,EAAE,OAAOpB,SAAS;IAE5B,MAAMsB,OAA+B,GAAG,CAAC,CAAC;IAC1C,KAAK,MAAMC,KAAK,IAAIH,KAAK,CAACI,OAAO,EAAE;MACjCF,OAAO,CAACC,KAAK,CAACE,MAAM,CAAC,GAAGF,KAAK,CAACG,IAAI;IACpC;IACA,OAAOJ,OAAO;EAChB,CAAC;;EAED;AACF;AACA;EACE,MAAMK,YAAY,GAAGA,CACnBC,WAAoB,EACpBC,WAAuC,KAC3B;IACZ;IACA,IAAIC,KAAK,CAACC,OAAO,CAACH,WAAW,CAAC,EAAE;MAC9B,OAAOA,WAAW,CAACrB,GAAG,CAAEyB,IAAI,IAC1BL,YAAY,CAACK,IAAI,EAAE,CAAC,GAAGH,WAAW,EAAE,IAAI,CAAC,CAC3C,CAAC;IACH;;IAEA;IACA,IAAI,OAAOD,WAAW,KAAK,QAAQ,IAAIA,WAAW,KAAK,IAAI,EAAE;MAC3D,OAAOA,WAAW;IACpB;IAEA,MAAMK,OAAO,GAAGL,WAAsC;IACtD,MAAMM,MAAwB,GAAG,CAAC,CAAC;IACnC,MAAMC,aAAa,GAAG,IAAI7B,GAAG,CAAkB,CAAC;;IAEhD;IACA,MAAM8B,qBAA0C,GAAG,EAAE;IACrD,KAAK,MAAMC,KAAK,IAAInC,cAAc,EAAE;MAClC;MACA,IAAId,UAAU,CAACyC,WAAW,EAAEQ,KAAK,CAAC5B,IAAI,CAAC,EAAE;QACvC,MAAM6B,QAAQ,GAAGD,KAAK,CAAC5B,IAAI,CAACoB,WAAW,CAAC9B,MAAM,CAAC;QAC/C,IACE,CAAC,OAAOuC,QAAQ,KAAK,QAAQ,IAAI,OAAOA,QAAQ,KAAK,QAAQ,KAC7D,CAACF,qBAAqB,CAACG,QAAQ,CAACD,QAAQ,CAAC,EACzC;UACAF,qBAAqB,CAACvB,IAAI,CAACyB,QAAQ,CAAC;QACtC;MACF;IACF;;IAEA;IACA,KAAK,MAAME,GAAG,IAAIJ,qBAAqB,EAAE;MACvC,MAAMK,SAAS,GAAGD,GAAG,CAACE,QAAQ,CAAC,CAAC;MAChC,MAAMC,SAAS,GAAGV,OAAO,CAACQ,SAAS,CAAC;MACpC,IAAIE,SAAS,KAAK3C,SAAS,EAAE;MAE7B,MAAM4C,OAAO,GAAG,CAAC,GAAGf,WAAW,EAAEW,GAAG,CAAC;MAErC,IAAIK,cAAc,GAAG1B,eAAe,CAACyB,OAAO,CAAC;;MAE7C;MACA,IAAI,CAACC,cAAc,IAAIf,KAAK,CAACC,OAAO,CAACY,SAAS,CAAC,EAAE;QAC/CE,cAAc,GAAG1B,eAAe,CAAC,CAAC,GAAGyB,OAAO,EAAE,IAAI,CAAC,CAAC;MACtD;MAEAV,MAAM,CAACO,SAAS,CAAC,GAAG;QAClBf,IAAI,EAAEmB,cAAc,IAAIJ,SAAS;QACjCK,KAAK,EAAEnB,YAAY,CAACgB,SAAS,EAAEC,OAAO;MACxC,CAAC;MAEDT,aAAa,CAACY,GAAG,CAACP,GAAG,CAAC;IACxB;;IAEA;IACA,IAAIvC,0BAA0B,EAAE;MAC9B,KAAK,MAAM,CAACuC,GAAG,EAAEM,KAAK,CAAC,IAAI7B,MAAM,CAAC+B,OAAO,CAACf,OAAO,CAAC,EAAE;QAClD,IAAI,CAACE,aAAa,CAACc,GAAG,CAACT,GAAG,CAAC,EAAE;UAC3BN,MAAM,CAACM,GAAG,CAAC,GAAG;YACZd,IAAI,EAAEc,GAAG;YACTM,KAAK,EAAEA;UACT,CAAC;QACH;MACF;IACF;IAEA,OAAOZ,MAAM;EACf,CAAC;EAED,OAAOP,YAAY,CAAC/B,mBAAmB,EAAE,EAAE,CAAC;AAC9C,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAesD,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACnB;EAChB,MAAM;IAAEC;EAAgB,CAAC,GAAGvE,MAAM,CAACoE,aAAa,CAAC;EACjD,MAAMI,WAAW,GAAGzE,gBAAgB,CAACwE,eAAe,EAAEF,UAAU,CAAC;EAEjE,MAAMI,aAAa,GAAG,IAAIxE,aAAa,CAAC;IACtCyE,MAAM,EAAExE,MAAM;IACdyE,QAAQ,EAAE,MAAMxE,KAAK,CAACyE,WAAW,CAACJ,WAAW;EAC/C,CAAC,CAAC;EAEF,MAAM,CAACK,kBAAkB,EAAEC,gBAAgB,CAAC,GAAG,MAAMC,OAAO,CAACC,GAAG,CAAC,CAC/DP,aAAa,CAACQ,MAAM,CAACb,aAAa,CAAC,EACnCE,oBAAoB,CAACY,YAAY,CAAC,CAAC,CACpC,CAAC;EAEF,MAAM;IAAEC;EAAI,CAAC,GAAGN,kBAAkB,CAACO,OAAkC;EACrE,IAAI,EAAE,MAAM3E,gBAAgB,CAAC0E,GAAG,CAACE,GAAG,EAAEP,gBAAuB,CAAC,CAAC,EAAE;IAC/D,MAAMQ,OAAO,GAAI,kDAAiDR,gBAAgB,CAACS,GAAI,UAASJ,GAAG,CAACE,GAAG,CAACE,GAAI,EAAC;IAC7G/E,MAAM,CAACgF,GAAG,CAACjF,QAAQ,CAACkF,KAAK,EAAEH,OAAO,CAAC;IACnC,MAAM,IAAIhF,aAAa,CAACgF,OAAO,CAAC;EAClC;EAEA,OAAO,MAAMb,aAAa,CAACzE,MAAM,CAACU,wBAAwB,CAAC0D,aAAa,CAAC,CAAC;AAC5E;AAEA,OAAO,MAAMsB,6BAAsE,GACjF,MAAAA,CACEC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EAAAC,IAAA,KAMtB;EAAA,IALH;IACEC,uBAAuB;IACvBjF,uBAAuB;IACvBI;EACF,CAAC,GAAA4E,IAAA;EAED,MAAME,OAAO,GAAG,MAAM7B,qBAAqB,CACzCyB,UAAU,EACVD,UAAU,CAACxD,IAAI,EACf4D,uBACF,CAAC;EAEDvF,MAAM,CAACgF,GAAG,CACRjF,QAAQ,CAAC0F,KAAK,EACb,uBAAsBC,IAAI,CAACC,SAAS,CAACH,OAAO,CAAE,EACjD,CAAC;EAED,MAAMpF,gBAAgB,GACpB+E,UAAU,CAACS,mCAAmC,CAACP,yBAAyB,CAAC;EAE3E,IAAI,CAACjF,gBAAgB,EAAE;IACrBJ,MAAM,CAACgF,GAAG,CACRjF,QAAQ,CAACkF,KAAK,EACb,gDAA+CI,yBAA0B,EAC5E,CAAC;IACD,MAAM,IAAIvF,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,MAAMO,mBAAmB,GAAI,MAAMmF,OAAO,CAACK,SAAS,CAACnG,MAAM,CAG1D;EAED,MAAMoG,gBAAgB,GAAG3F,oBAAoB,CAC3CC,gBAAgB,EAChBC,mBAAmB,EACnBC,uBAAuB,EACvBI,0BACF,CAAC;EAED,MAAMqF,QAAQ,GACZ,OAAO1F,mBAAmB,CAAC2F,GAAG,KAAK,QAAQ,GACvC,IAAIC,IAAI,CAAC5F,mBAAmB,CAAC2F,GAAG,GAAG,IAAI,CAAC,GACxCvF,SAAS;EAEf,IAAI,OAAOJ,mBAAmB,CAAC6F,GAAG,KAAK,QAAQ,EAAE;IAC/C,MAAM,IAAIpG,aAAa,CAAC,2CAA2C,CAAC;EACtE;EACA,MAAMqG,UAAU,GAAG,IAAIF,IAAI,CAAC5F,mBAAmB,CAAC6F,GAAG,GAAG,IAAI,CAAC;EAE3DlG,MAAM,CAACgF,GAAG,CACRjF,QAAQ,CAAC0F,KAAK,EACb,sBAAqBC,IAAI,CAACC,SAAS,CAACG,gBAAgB,CAAE,gBAAeC,QAAS,EACjF,CAAC;EAED,OAAO;IACLD,gBAAgB;IAChBK,UAAU;IACVJ;EACF,CAAC;AACH,CAAC"}
|
|
@@ -3,6 +3,7 @@ import { getClaims } from "@sd-jwt/decode";
|
|
|
3
3
|
import { digest } from "@sd-jwt/crypto-nodejs";
|
|
4
4
|
import { IoWalletError } from "../../../../utils/errors";
|
|
5
5
|
import { LEGACY_SD_JWT } from "../../../../sd-jwt/types";
|
|
6
|
+
import { fixLegacyCredentialSdJwt } from "../../../../utils/credentials";
|
|
6
7
|
/**
|
|
7
8
|
* List of claims to remove from the SD-JWT before evaluating the DCQL query.
|
|
8
9
|
*/
|
|
@@ -35,7 +36,7 @@ export const mapCredentialsToObj = async credentials => {
|
|
|
35
36
|
});
|
|
36
37
|
return Promise.all(credentials.map(async credential => {
|
|
37
38
|
var _decodedRawSdJwt$jwt2, _decodedRawSdJwt$jwt3;
|
|
38
|
-
const decodedRawSdJwt = await sdJwt.decode(credential[1]);
|
|
39
|
+
const decodedRawSdJwt = await sdJwt.decode(fixLegacyCredentialSdJwt(credential[1]));
|
|
39
40
|
const claims = await getClaimsFromDecodedSdJwt(decodedRawSdJwt);
|
|
40
41
|
return {
|
|
41
42
|
vct: (_decodedRawSdJwt$jwt2 = decodedRawSdJwt.jwt) === null || _decodedRawSdJwt$jwt2 === void 0 || (_decodedRawSdJwt$jwt2 = _decodedRawSdJwt$jwt2.payload) === null || _decodedRawSdJwt$jwt2 === void 0 ? void 0 : _decodedRawSdJwt$jwt2.vct,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["SDJwtInstance","getClaims","digest","IoWalletError","LEGACY_SD_JWT","NON_DISCLOSABLE_CLAIMS","getClaimsFromDecodedSdJwt","decodedRawSdJwt","_decodedRawSdJwt$jwt","jwt","payload","claims","disclosures","claim","mapCredentialsToObj","credentials","sdJwt","hasher","Promise","all","map","credential","_decodedRawSdJwt$jwt2","_decodedRawSdJwt$jwt3","decode","vct","credential_format","header","typ","cryptographic_holder_binding","original_credential"],"sourceRoot":"../../../../../../src","sources":["credential/presentation/common/utils/sd-jwt.ts"],"mappings":"AAAA,SAASA,aAAa,QAAoB,cAAc;AACxD,SAASC,SAAS,QAAQ,gBAAgB;AAC1C,SAASC,MAAM,QAAQ,uBAAuB;AAE9C,SAASC,aAAa,QAAQ,0BAA0B;AACxD,SAASC,aAAa,QAAQ,0BAA0B;
|
|
1
|
+
{"version":3,"names":["SDJwtInstance","getClaims","digest","IoWalletError","LEGACY_SD_JWT","fixLegacyCredentialSdJwt","NON_DISCLOSABLE_CLAIMS","getClaimsFromDecodedSdJwt","decodedRawSdJwt","_decodedRawSdJwt$jwt","jwt","payload","claims","disclosures","claim","mapCredentialsToObj","credentials","sdJwt","hasher","Promise","all","map","credential","_decodedRawSdJwt$jwt2","_decodedRawSdJwt$jwt3","decode","vct","credential_format","header","typ","cryptographic_holder_binding","original_credential"],"sourceRoot":"../../../../../../src","sources":["credential/presentation/common/utils/sd-jwt.ts"],"mappings":"AAAA,SAASA,aAAa,QAAoB,cAAc;AACxD,SAASC,SAAS,QAAQ,gBAAgB;AAC1C,SAASC,MAAM,QAAQ,uBAAuB;AAE9C,SAASC,aAAa,QAAQ,0BAA0B;AACxD,SAASC,aAAa,QAAQ,0BAA0B;AACxD,SAASC,wBAAwB,QAAQ,+BAA+B;AAOxE;AACA;AACA;AACA,MAAMC,sBAAsB,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC;;AAEvD;AACA;AACA;AACA,MAAMC,yBAAyB,GAAG,MAAOC,eAAsB,IAAK;EAAA,IAAAC,oBAAA;EAClE,IAAI,GAAAA,oBAAA,GAACD,eAAe,CAACE,GAAG,cAAAD,oBAAA,eAAnBA,oBAAA,CAAqBE,OAAO,GAAE;IACjC,MAAM,IAAIR,aAAa,CAAC,qBAAqB,CAAC;EAChD;EAEA,MAAMS,MAAM,GAAG,MAAMX,SAAS,CAC5BO,eAAe,CAACE,GAAG,CAACC,OAAO,EAC3BH,eAAe,CAACK,WAAW,IAAI,EAAE,EACjCX,MACF,CAAC;EAED,KAAK,MAAMY,KAAK,IAAIR,sBAAsB,EAAE;IAC1C,OAAOM,MAAM,CAACE,KAAK,CAAC;EACtB;EAEA,OAAOF,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMG,mBAAmB,GAAG,MACjCC,WAA8B,IACa;EAC3C,MAAMC,KAAK,GAAG,IAAIjB,aAAa,CAAC;IAC9BkB,MAAM,EAAEhB;EACV,CAAC,CAAC;EAEF,OAAOiB,OAAO,CAACC,GAAG,CAChBJ,WAAW,CAACK,GAAG,CAAC,MAAOC,UAAU,IAAK;IAAA,IAAAC,qBAAA,EAAAC,qBAAA;IACpC,MAAMhB,eAAe,GAAG,MAAMS,KAAK,CAACQ,MAAM,CACxCpB,wBAAwB,CAACiB,UAAU,CAAC,CAAC,CAAC,CACxC,CAAC;IACD,MAAMV,MAAM,GAAG,MAAML,yBAAyB,CAACC,eAAe,CAAC;IAC/D,OAAO;MACLkB,GAAG,GAAAH,qBAAA,GAAEf,eAAe,CAACE,GAAG,cAAAa,qBAAA,gBAAAA,qBAAA,GAAnBA,qBAAA,CAAqBZ,OAAO,cAAAY,qBAAA,uBAA5BA,qBAAA,CAA8BG,GAAa;MAChDC,iBAAiB,EACf,EAAAH,qBAAA,GAAAhB,eAAe,CAACE,GAAG,cAAAc,qBAAA,gBAAAA,qBAAA,GAAnBA,qBAAA,CAAqBI,MAAM,cAAAJ,qBAAA,uBAA3BA,qBAAA,CAA6BK,GAAG,MAAKzB,aAAa,GAC9CA,aAAa,GACb,WAAW;MACjB0B,4BAA4B,EAAE,IAAI;MAClClB,MAAM;MACNmB,mBAAmB,EAAET;IACvB,CAAC;EACH,CAAC,CACH,CAAC;AACH,CAAC"}
|
|
@@ -2,6 +2,7 @@ import { sha256ToBase64, SignJWT } from "@pagopa/io-react-native-jwt";
|
|
|
2
2
|
import { decodeSdJwtSync } from "@sd-jwt/decode";
|
|
3
3
|
import { present } from "@sd-jwt/present";
|
|
4
4
|
import { digest } from "@sd-jwt/crypto-nodejs";
|
|
5
|
+
import { fixLegacyCredentialSdJwt } from "../utils/credentials";
|
|
5
6
|
import { SdJwt4VCBase } from "./types";
|
|
6
7
|
export * from "./utils";
|
|
7
8
|
|
|
@@ -15,7 +16,7 @@ export * from "./utils";
|
|
|
15
16
|
* @returns The parsed SD-JWT token and the parsed disclosures
|
|
16
17
|
*/
|
|
17
18
|
export const decode = token => {
|
|
18
|
-
const decoded = decodeSdJwtSync(token, digest);
|
|
19
|
+
const decoded = decodeSdJwtSync(fixLegacyCredentialSdJwt(token), digest);
|
|
19
20
|
const sdJwt = SdJwt4VCBase.parse({
|
|
20
21
|
header: decoded.jwt.header,
|
|
21
22
|
payload: decoded.jwt.payload
|
|
@@ -48,7 +49,7 @@ export const decode = token => {
|
|
|
48
49
|
export const prepareVpToken = async (nonce, client_id, _ref) => {
|
|
49
50
|
let [verifiableCredential, presentationFrame, cryptoContext] = _ref;
|
|
50
51
|
// Produce a VP token with only requested claims from the verifiable credential
|
|
51
|
-
const vp = await present(verifiableCredential, presentationFrame, digest);
|
|
52
|
+
const vp = await present(fixLegacyCredentialSdJwt(verifiableCredential), presentationFrame, digest);
|
|
52
53
|
|
|
53
54
|
// <Issuer-signed JWT>~<Disclosure 1>~<Disclosure N>~
|
|
54
55
|
const sd_hash = await sha256ToBase64(vp);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["sha256ToBase64","SignJWT","decodeSdJwtSync","present","digest","SdJwt4VCBase","decode","token","decoded","sdJwt","parse","header","jwt","payload","disclosures","map","disclosure","encoded","_digest","salt","key","value","prepareVpToken","nonce","client_id","_ref","verifiableCredential","presentationFrame","cryptoContext","vp","sd_hash","kbJwt","setProtectedHeader","typ","alg","setPayload","setAudience","setIssuedAt","sign","vp_token","join"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":"AAAA,SAASA,cAAc,EAAEC,OAAO,QAAQ,6BAA6B;AACrE,SAASC,eAAe,QAAQ,gBAAgB;AAChD,SAASC,OAAO,QAAQ,iBAAiB;AACzC,SAASC,MAAM,QAAQ,uBAAuB;
|
|
1
|
+
{"version":3,"names":["sha256ToBase64","SignJWT","decodeSdJwtSync","present","digest","fixLegacyCredentialSdJwt","SdJwt4VCBase","decode","token","decoded","sdJwt","parse","header","jwt","payload","disclosures","map","disclosure","encoded","_digest","salt","key","value","prepareVpToken","nonce","client_id","_ref","verifiableCredential","presentationFrame","cryptoContext","vp","sd_hash","kbJwt","setProtectedHeader","typ","alg","setPayload","setAudience","setIssuedAt","sign","vp_token","join"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":"AAAA,SAASA,cAAc,EAAEC,OAAO,QAAQ,6BAA6B;AACrE,SAASC,eAAe,QAAQ,gBAAgB;AAChD,SAASC,OAAO,QAAQ,iBAAiB;AACzC,SAASC,MAAM,QAAQ,uBAAuB;AAC9C,SAASC,wBAAwB,QAAQ,sBAAsB;AAE/D,SAASC,YAAY,QAAQ,SAAS;AAEtC,cAAc,SAAS;;AAEvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,MAAM,GAAIC,KAAa,IAAK;EACvC,MAAMC,OAAO,GAAGP,eAAe,CAACG,wBAAwB,CAACG,KAAK,CAAC,EAAEJ,MAAM,CAAC;EAExE,MAAMM,KAAK,GAAGJ,YAAY,CAACK,KAAK,CAAC;IAC/BC,MAAM,EAAEH,OAAO,CAACI,GAAG,CAACD,MAAM;IAC1BE,OAAO,EAAEL,OAAO,CAACI,GAAG,CAACC;EACvB,CAAC,CAAC;EACF,MAAMC,WAAW,GAAGN,OAAO,CAACM,WAAW,CAACC,GAAG,CAAEC,UAAU,KAAM;IAC3DC,OAAO,EAAED,UAAU,CAACE,OAAO;IAC3BV,OAAO,EAAE,CAACQ,UAAU,CAACG,IAAI,EAAEH,UAAU,CAACI,GAAG,EAAEJ,UAAU,CAACK,KAAK;EAC7D,CAAC,CAAC,CAAC;EACH,OAAO;IAAEZ,KAAK;IAAEK;EAAY,CAAC;AAC/B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,cAAc,GAAG,MAAAA,CAC5BC,KAAa,EACbC,SAAiB,EAAAC,IAAA,KAIb;EAAA,IAHJ,CAACC,oBAAoB,EAAEC,iBAAiB,EAAEC,aAAa,CAAe,GAAAH,IAAA;EAItE;EACA,MAAMI,EAAE,GAAG,MAAM3B,OAAO,CACtBE,wBAAwB,CAACsB,oBAAoB,CAAC,EAC9CC,iBAAiB,EACjBxB,MACF,CAAC;;EAED;EACA,MAAM2B,OAAO,GAAG,MAAM/B,cAAc,CAAC8B,EAAE,CAAC;EAExC,MAAME,KAAK,GAAG,MAAM,IAAI/B,OAAO,CAAC4B,aAAa,CAAC,CAC3CI,kBAAkB,CAAC;IAClBC,GAAG,EAAE,QAAQ;IACbC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVL,OAAO;IACPP,KAAK,EAAEA;EACT,CAAC,CAAC,CACDa,WAAW,CAACZ,SAAS,CAAC,CACtBa,WAAW,CAAC,CAAC,CACbC,IAAI,CAAC,CAAC;EACT;EACA,MAAMC,QAAQ,GAAG,CAACV,EAAE,EAAEE,KAAK,CAAC,CAACS,IAAI,CAAC,EAAE,CAAC;EAErC,OAAO;IAAED;EAAS,CAAC;AACrB,CAAC"}
|
|
@@ -4,6 +4,7 @@ import { digest } from "@sd-jwt/crypto-nodejs";
|
|
|
4
4
|
import { hasStatusOrThrow } from "../utils/misc";
|
|
5
5
|
import { TypeMetadata, Verification } from "./types";
|
|
6
6
|
import { IoWalletError, IssuerResponseError, ValidationFailed } from "../utils/errors";
|
|
7
|
+
import { fixLegacyCredentialSdJwt } from "../utils/credentials";
|
|
7
8
|
|
|
8
9
|
/**
|
|
9
10
|
* Retrieve the Type Metadata for a credential and verify its integrity.
|
|
@@ -48,7 +49,7 @@ export const fetchTypeMetadata = async function (vct, vctIntegrity) {
|
|
|
48
49
|
* @returns The verification claim or undefined if it wasn't found
|
|
49
50
|
*/
|
|
50
51
|
export const getVerification = credentialSdJwt => {
|
|
51
|
-
const decoded = decodeSdJwtSync(credentialSdJwt, digest);
|
|
52
|
+
const decoded = decodeSdJwtSync(fixLegacyCredentialSdJwt(credentialSdJwt), digest);
|
|
52
53
|
const claims = getClaimsSync(decoded.jwt.payload, decoded.disclosures, digest);
|
|
53
54
|
return claims.verification ? Verification.parse(claims.verification) : undefined;
|
|
54
55
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["sha256ToBase64","decodeSdJwtSync","getClaimsSync","digest","hasStatusOrThrow","TypeMetadata","Verification","IoWalletError","IssuerResponseError","ValidationFailed","fetchTypeMetadata","vct","vctIntegrity","context","arguments","length","undefined","appFetch","fetch","origin","pathname","URL","metadata","headers","then","res","json","parse","alg","hash","split","metadataHash","JSON","stringify","message","reason","getVerification","credentialSdJwt","decoded","claims","jwt","payload","disclosures","verification"],"sourceRoot":"../../../src","sources":["sd-jwt/utils.ts"],"mappings":"AAAA,SAASA,cAAc,QAAQ,6BAA6B;AAC5D,SAASC,eAAe,EAAEC,aAAa,QAAQ,gBAAgB;AAC/D,SAASC,MAAM,QAAQ,uBAAuB;AAC9C,SAASC,gBAAgB,QAAQ,eAAe;AAChD,SAASC,YAAY,EAAEC,YAAY,QAAQ,SAAS;AACpD,SACEC,aAAa,EACbC,mBAAmB,EACnBC,gBAAgB,QACX,iBAAiB;;
|
|
1
|
+
{"version":3,"names":["sha256ToBase64","decodeSdJwtSync","getClaimsSync","digest","hasStatusOrThrow","TypeMetadata","Verification","IoWalletError","IssuerResponseError","ValidationFailed","fixLegacyCredentialSdJwt","fetchTypeMetadata","vct","vctIntegrity","context","arguments","length","undefined","appFetch","fetch","origin","pathname","URL","metadata","headers","then","res","json","parse","alg","hash","split","metadataHash","JSON","stringify","message","reason","getVerification","credentialSdJwt","decoded","claims","jwt","payload","disclosures","verification"],"sourceRoot":"../../../src","sources":["sd-jwt/utils.ts"],"mappings":"AAAA,SAASA,cAAc,QAAQ,6BAA6B;AAC5D,SAASC,eAAe,EAAEC,aAAa,QAAQ,gBAAgB;AAC/D,SAASC,MAAM,QAAQ,uBAAuB;AAC9C,SAASC,gBAAgB,QAAQ,eAAe;AAChD,SAASC,YAAY,EAAEC,YAAY,QAAQ,SAAS;AACpD,SACEC,aAAa,EACbC,mBAAmB,EACnBC,gBAAgB,QACX,iBAAiB;AACxB,SAASC,wBAAwB,QAAQ,sBAAsB;;AAE/D;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,iBAAiB,GAAG,eAAAA,CAC/BC,GAAW,EACXC,YAAoB,EAIM;EAAA,IAH1BC,OAEC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEN,MAAM;IAAEG,QAAQ,GAAGC;EAAM,CAAC,GAAGL,OAAO;EACpC,MAAM;IAAEM,MAAM;IAAEC;EAAS,CAAC,GAAG,IAAIC,GAAG,CAACV,GAAG,CAAC;EAEzC,MAAMW,QAAQ,GAAG,MAAML,QAAQ,CAAE,GAAEE,MAAO,mBAAkBC,QAAS,EAAC,EAAE;IACtEG,OAAO,EAAE;MACP,cAAc,EAAE;IAClB;EACF,CAAC,CAAC,CACCC,IAAI,CAACrB,gBAAgB,CAAC,GAAG,EAAEI,mBAAmB,CAAC,CAAC,CAChDiB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAACpB,YAAY,CAACuB,KAAK,CAAC;EAE3B,MAAM,CAACC,GAAG,EAAEC,IAAI,CAAC,GAAGjB,YAAY,CAACkB,KAAK,CAAC,QAAQ,CAAC;EAEhD,IAAIF,GAAG,KAAK,QAAQ,EAAE;IACpB,MAAM,IAAItB,aAAa,CAAE,GAAEsB,GAAI,6BAA4B,CAAC;EAC9D;;EAEA;EACA,MAAMG,YAAY,GAAG,MAAMhC,cAAc,CAACiC,IAAI,CAACC,SAAS,CAACX,QAAQ,CAAC,CAAC;EAEnE,IAAIS,YAAY,KAAKF,IAAI,EAAE;IACzB,MAAM,IAAIrB,gBAAgB,CAAC;MACzB0B,OAAO,EAAE,gCAAgC;MACzCC,MAAM,EAAE;IACV,CAAC,CAAC;EACJ;EAEA,OAAOb,QAAQ;AACjB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMc,eAAe,GAC1BC,eAAuB,IACM;EAC7B,MAAMC,OAAO,GAAGtC,eAAe,CAC7BS,wBAAwB,CAAC4B,eAAe,CAAC,EACzCnC,MACF,CAAC;EAED,MAAMqC,MAAM,GAAGtC,aAAa,CAC1BqC,OAAO,CAACE,GAAG,CAACC,OAAO,EACnBH,OAAO,CAACI,WAAW,EACnBxC,MACF,CAAC;EAED,OAAOqC,MAAM,CAACI,YAAY,GACtBtC,YAAY,CAACsB,KAAK,CAACY,MAAM,CAACI,YAAY,CAAC,GACvC3B,SAAS;AACf,CAAC"}
|
|
@@ -14,7 +14,7 @@ const SD_JWT = ["dc+sd-jwt", LEGACY_SD_JWT];
|
|
|
14
14
|
export const extractJwkFromCredential = async (credential, format) => {
|
|
15
15
|
if (SD_JWT.includes(format)) {
|
|
16
16
|
// 1. SD-JWT case
|
|
17
|
-
const decoded = decodeSdJwtSync(credential, digest);
|
|
17
|
+
const decoded = decodeSdJwtSync(fixLegacyCredentialSdJwt(credential), digest);
|
|
18
18
|
const {
|
|
19
19
|
cnf
|
|
20
20
|
} = decoded.jwt.payload;
|
|
@@ -27,4 +27,18 @@ export const extractJwkFromCredential = async (credential, format) => {
|
|
|
27
27
|
}
|
|
28
28
|
throw new IoWalletError(`Credential format ${format} not supported`);
|
|
29
29
|
};
|
|
30
|
+
|
|
31
|
+
/**
|
|
32
|
+
* Legacy credentials do not end with `~`. This function adds `~` when needed
|
|
33
|
+
* to avoid decoding errors in the @sd-jwt libraries.
|
|
34
|
+
*/
|
|
35
|
+
export const fixLegacyCredentialSdJwt = token => {
|
|
36
|
+
if (!token.endsWith("~")) {
|
|
37
|
+
var _token$split$at;
|
|
38
|
+
const hasKeyBindingJwt = ((_token$split$at = token.split("~").at(-1)) === null || _token$split$at === void 0 ? void 0 : _token$split$at.split(".").length) === 3;
|
|
39
|
+
// Either we have a key binding JWT or it is a legacy 0.7.1 credential
|
|
40
|
+
return hasKeyBindingJwt ? token : `${token}~`;
|
|
41
|
+
}
|
|
42
|
+
return token;
|
|
43
|
+
};
|
|
30
44
|
//# sourceMappingURL=credentials.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["decodeSdJwtSync","digest","thumbprint","IoWalletError","LEGACY_SD_JWT","SD_JWT","extractJwkFromCredential","credential","format","includes","decoded","cnf","jwt","payload","jwk","kid"],"sourceRoot":"../../../src","sources":["utils/credentials.ts"],"mappings":"AAAA,SAASA,eAAe,QAAQ,gBAAgB;AAChD,SAASC,MAAM,QAAQ,uBAAuB;AAC9C,SAASC,UAAU,QAAQ,6BAA6B;AAGxD,SAASC,aAAa,QAAQ,UAAU;AACxC,SACEC,aAAa,QAGR,iBAAiB;AAExB,MAAMC,MAAM,GAAG,CAAC,WAAW,EAAED,aAAa,CAAC;;AAE3C;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,wBAAwB,GAAG,MAAAA,CACtCC,UAAkB,EAClBC,MAAqD,KACpC;EACjB,IAAIH,MAAM,CAACI,QAAQ,CAACD,MAAM,CAAC,EAAE;IAC3B;IACA,MAAME,OAAO,GAAGV,eAAe,
|
|
1
|
+
{"version":3,"names":["decodeSdJwtSync","digest","thumbprint","IoWalletError","LEGACY_SD_JWT","SD_JWT","extractJwkFromCredential","credential","format","includes","decoded","fixLegacyCredentialSdJwt","cnf","jwt","payload","jwk","kid","token","endsWith","_token$split$at","hasKeyBindingJwt","split","at","length"],"sourceRoot":"../../../src","sources":["utils/credentials.ts"],"mappings":"AAAA,SAASA,eAAe,QAAQ,gBAAgB;AAChD,SAASC,MAAM,QAAQ,uBAAuB;AAC9C,SAASC,UAAU,QAAQ,6BAA6B;AAGxD,SAASC,aAAa,QAAQ,UAAU;AACxC,SACEC,aAAa,QAGR,iBAAiB;AAExB,MAAMC,MAAM,GAAG,CAAC,WAAW,EAAED,aAAa,CAAC;;AAE3C;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,wBAAwB,GAAG,MAAAA,CACtCC,UAAkB,EAClBC,MAAqD,KACpC;EACjB,IAAIH,MAAM,CAACI,QAAQ,CAACD,MAAM,CAAC,EAAE;IAC3B;IACA,MAAME,OAAO,GAAGV,eAAe,CAC7BW,wBAAwB,CAACJ,UAAU,CAAC,EACpCN,MACF,CAAC;IACD,MAAM;MAAEW;IAAI,CAAC,GAAGF,OAAO,CAACG,GAAG,CAACC,OAAkC;IAC9D,IAAIF,GAAG,CAACG,GAAG,EAAE;MACX,OAAO;QAAE,GAAGH,GAAG,CAACG,GAAG;QAAEC,GAAG,EAAE,MAAMd,UAAU,CAACU,GAAG,CAACG,GAAG;MAAE,CAAC;IACvD;EACF;EACA,MAAM,IAAIZ,aAAa,CAAE,qBAAoBK,MAAO,gBAAe,CAAC;AACtE,CAAC;;AAED;AACA;AACA;AACA;AACA,OAAO,MAAMG,wBAAwB,GAAIM,KAAa,IAAK;EACzD,IAAI,CAACA,KAAK,CAACC,QAAQ,CAAC,GAAG,CAAC,EAAE;IAAA,IAAAC,eAAA;IACxB,MAAMC,gBAAgB,GAAG,EAAAD,eAAA,GAAAF,KAAK,CAACI,KAAK,CAAC,GAAG,CAAC,CAACC,EAAE,CAAC,CAAC,CAAC,CAAC,cAAAH,eAAA,uBAAvBA,eAAA,CAAyBE,KAAK,CAAC,GAAG,CAAC,CAACE,MAAM,MAAK,CAAC;IACzE;IACA,OAAOH,gBAAgB,GAAGH,KAAK,GAAI,GAAEA,KAAM,GAAE;EAC/C;EACA,OAAOA,KAAK;AACd,CAAC"}
|
package/lib/typescript/credential/issuance/common/06-verify-and-parse-credential.sdjwt.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"06-verify-and-parse-credential.sdjwt.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/common/06-verify-and-parse-credential.sdjwt.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"06-verify-and-parse-credential.sdjwt.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/common/06-verify-and-parse-credential.sdjwt.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,WAAW,EAAkC,MAAM,QAAQ,CAAC;AAuL1E,eAAO,MAAM,6BAA6B,EAAE,WAAW,CAAC,0BAA0B,CAiE/E,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sd-jwt.d.ts","sourceRoot":"","sources":["../../../../../../src/credential/presentation/common/utils/sd-jwt.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"sd-jwt.d.ts","sourceRoot":"","sources":["../../../../../../src/credential/presentation/common/utils/sd-jwt.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,MAAM,CAAC;AAIlD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAEjD,KAAK,2BAA2B,GAAG,qBAAqB,GAAG;IACzD,mBAAmB,EAAE,eAAe,CAAC;CACtC,CAAC;AA4BF;;;;;GAKG;AACH,eAAO,MAAM,mBAAmB,gBACjB,eAAe,EAAE,KAC7B,QAAQ,2BAA2B,EAAE,CAuBvC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/sd-jwt/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/sd-jwt/index.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAG/D,cAAc,SAAS,CAAC;AAExB;;;;;;;;GAQG;AACH,eAAO,MAAM,MAAM,UAAW,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAYnC,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,cAAc,UAClB,MAAM,aACF,MAAM;cAGP,MAAM;EA4BjB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/sd-jwt/utils.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/sd-jwt/utils.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAQrD;;;;;;GAMG;AACH,eAAO,MAAM,iBAAiB,QACvB,MAAM,gBACG,MAAM,YACX;IACP,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACA,QAAQ,YAAY,CA8BtB,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,eAAe,oBACT,MAAM,KACtB,YAAY,GAAG,SAejB,CAAC"}
|
|
@@ -8,4 +8,9 @@ import { type SupportedSdJwtLegacyFormat } from "../sd-jwt/types";
|
|
|
8
8
|
* @return A Promise that resolves to a JWK object if the credential is in SD-JWT format and contains a JWK, or undefined otherwise.
|
|
9
9
|
*/
|
|
10
10
|
export declare const extractJwkFromCredential: (credential: string, format: CredentialFormat | SupportedSdJwtLegacyFormat) => Promise<JWK>;
|
|
11
|
+
/**
|
|
12
|
+
* Legacy credentials do not end with `~`. This function adds `~` when needed
|
|
13
|
+
* to avoid decoding errors in the @sd-jwt libraries.
|
|
14
|
+
*/
|
|
15
|
+
export declare const fixLegacyCredentialSdJwt: (token: string) => string;
|
|
11
16
|
//# sourceMappingURL=credentials.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../../../src/utils/credentials.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC/D,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,OAAO,CAAC;AAEjC,OAAO,EAGL,KAAK,0BAA0B,EAChC,MAAM,iBAAiB,CAAC;AAIzB;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,eACvB,MAAM,UACV,gBAAgB,GAAG,0BAA0B,KACpD,QAAQ,GAAG,
|
|
1
|
+
{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../../../src/utils/credentials.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC/D,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,OAAO,CAAC;AAEjC,OAAO,EAGL,KAAK,0BAA0B,EAChC,MAAM,iBAAiB,CAAC;AAIzB;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,eACvB,MAAM,UACV,gBAAgB,GAAG,0BAA0B,KACpD,QAAQ,GAAG,CAab,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,wBAAwB,UAAW,MAAM,WAOrD,CAAC"}
|
package/package.json
CHANGED
|
@@ -10,6 +10,7 @@ import { IoWalletError } from "../../../utils/errors";
|
|
|
10
10
|
import { LogLevel, Logger } from "../../../utils/logging";
|
|
11
11
|
import { isSameThumbprint, type JWK } from "../../../utils/jwk";
|
|
12
12
|
import type { SdJwt4VCBase } from "../../../sd-jwt/types";
|
|
13
|
+
import { fixLegacyCredentialSdJwt } from "../../../utils/credentials";
|
|
13
14
|
import type { IssuanceApi, IssuerConfig, ParsedCredential } from "../api";
|
|
14
15
|
|
|
15
16
|
type CredentialConf =
|
|
@@ -190,7 +191,7 @@ async function verifyCredentialSdJwt(
|
|
|
190
191
|
throw new IoWalletError(message);
|
|
191
192
|
}
|
|
192
193
|
|
|
193
|
-
return await sdJwtInstance.decode(rawCredential);
|
|
194
|
+
return await sdJwtInstance.decode(fixLegacyCredentialSdJwt(rawCredential));
|
|
194
195
|
}
|
|
195
196
|
|
|
196
197
|
export const verifyAndParseCredentialSdJwt: IssuanceApi["verifyAndParseCredential"] =
|
|
@@ -4,6 +4,7 @@ import { digest } from "@sd-jwt/crypto-nodejs";
|
|
|
4
4
|
import type { DcqlSdJwtVcCredential } from "dcql";
|
|
5
5
|
import { IoWalletError } from "../../../../utils/errors";
|
|
6
6
|
import { LEGACY_SD_JWT } from "../../../../sd-jwt/types";
|
|
7
|
+
import { fixLegacyCredentialSdJwt } from "../../../../utils/credentials";
|
|
7
8
|
import type { Credential4Dcql } from "../../api";
|
|
8
9
|
|
|
9
10
|
type CustomDcqlSdJwtVcCredential = DcqlSdJwtVcCredential & {
|
|
@@ -51,7 +52,9 @@ export const mapCredentialsToObj = async (
|
|
|
51
52
|
|
|
52
53
|
return Promise.all(
|
|
53
54
|
credentials.map(async (credential) => {
|
|
54
|
-
const decodedRawSdJwt = await sdJwt.decode(
|
|
55
|
+
const decodedRawSdJwt = await sdJwt.decode(
|
|
56
|
+
fixLegacyCredentialSdJwt(credential[1])
|
|
57
|
+
);
|
|
55
58
|
const claims = await getClaimsFromDecodedSdJwt(decodedRawSdJwt);
|
|
56
59
|
return {
|
|
57
60
|
vct: decodedRawSdJwt.jwt?.payload?.vct as string,
|
package/src/sd-jwt/index.ts
CHANGED
|
@@ -2,7 +2,8 @@ import { sha256ToBase64, SignJWT } from "@pagopa/io-react-native-jwt";
|
|
|
2
2
|
import { decodeSdJwtSync } from "@sd-jwt/decode";
|
|
3
3
|
import { present } from "@sd-jwt/present";
|
|
4
4
|
import { digest } from "@sd-jwt/crypto-nodejs";
|
|
5
|
-
import
|
|
5
|
+
import { fixLegacyCredentialSdJwt } from "../utils/credentials";
|
|
6
|
+
import type { Presentation } from "../credential/presentation";
|
|
6
7
|
import { SdJwt4VCBase } from "./types";
|
|
7
8
|
|
|
8
9
|
export * from "./utils";
|
|
@@ -17,7 +18,7 @@ export * from "./utils";
|
|
|
17
18
|
* @returns The parsed SD-JWT token and the parsed disclosures
|
|
18
19
|
*/
|
|
19
20
|
export const decode = (token: string) => {
|
|
20
|
-
const decoded = decodeSdJwtSync(token, digest);
|
|
21
|
+
const decoded = decodeSdJwtSync(fixLegacyCredentialSdJwt(token), digest);
|
|
21
22
|
|
|
22
23
|
const sdJwt = SdJwt4VCBase.parse({
|
|
23
24
|
header: decoded.jwt.header,
|
|
@@ -53,7 +54,11 @@ export const prepareVpToken = async (
|
|
|
53
54
|
vp_token: string;
|
|
54
55
|
}> => {
|
|
55
56
|
// Produce a VP token with only requested claims from the verifiable credential
|
|
56
|
-
const vp = await present(
|
|
57
|
+
const vp = await present(
|
|
58
|
+
fixLegacyCredentialSdJwt(verifiableCredential),
|
|
59
|
+
presentationFrame,
|
|
60
|
+
digest
|
|
61
|
+
);
|
|
57
62
|
|
|
58
63
|
// <Issuer-signed JWT>~<Disclosure 1>~<Disclosure N>~
|
|
59
64
|
const sd_hash = await sha256ToBase64(vp);
|
package/src/sd-jwt/utils.ts
CHANGED
|
@@ -8,6 +8,7 @@ import {
|
|
|
8
8
|
IssuerResponseError,
|
|
9
9
|
ValidationFailed,
|
|
10
10
|
} from "../utils/errors";
|
|
11
|
+
import { fixLegacyCredentialSdJwt } from "../utils/credentials";
|
|
11
12
|
|
|
12
13
|
/**
|
|
13
14
|
* Retrieve the Type Metadata for a credential and verify its integrity.
|
|
@@ -62,7 +63,10 @@ export const fetchTypeMetadata = async (
|
|
|
62
63
|
export const getVerification = (
|
|
63
64
|
credentialSdJwt: string
|
|
64
65
|
): Verification | undefined => {
|
|
65
|
-
const decoded = decodeSdJwtSync(
|
|
66
|
+
const decoded = decodeSdJwtSync(
|
|
67
|
+
fixLegacyCredentialSdJwt(credentialSdJwt),
|
|
68
|
+
digest
|
|
69
|
+
);
|
|
66
70
|
|
|
67
71
|
const claims = getClaimsSync<Record<string, unknown>>(
|
|
68
72
|
decoded.jwt.payload,
|
package/src/utils/credentials.ts
CHANGED
|
@@ -24,7 +24,10 @@ export const extractJwkFromCredential = async (
|
|
|
24
24
|
): Promise<JWK> => {
|
|
25
25
|
if (SD_JWT.includes(format)) {
|
|
26
26
|
// 1. SD-JWT case
|
|
27
|
-
const decoded = decodeSdJwtSync(
|
|
27
|
+
const decoded = decodeSdJwtSync(
|
|
28
|
+
fixLegacyCredentialSdJwt(credential),
|
|
29
|
+
digest
|
|
30
|
+
);
|
|
28
31
|
const { cnf } = decoded.jwt.payload as SdJwt4VCBase["payload"];
|
|
29
32
|
if (cnf.jwk) {
|
|
30
33
|
return { ...cnf.jwk, kid: await thumbprint(cnf.jwk) };
|
|
@@ -32,3 +35,16 @@ export const extractJwkFromCredential = async (
|
|
|
32
35
|
}
|
|
33
36
|
throw new IoWalletError(`Credential format ${format} not supported`);
|
|
34
37
|
};
|
|
38
|
+
|
|
39
|
+
/**
|
|
40
|
+
* Legacy credentials do not end with `~`. This function adds `~` when needed
|
|
41
|
+
* to avoid decoding errors in the @sd-jwt libraries.
|
|
42
|
+
*/
|
|
43
|
+
export const fixLegacyCredentialSdJwt = (token: string) => {
|
|
44
|
+
if (!token.endsWith("~")) {
|
|
45
|
+
const hasKeyBindingJwt = token.split("~").at(-1)?.split(".").length === 3;
|
|
46
|
+
// Either we have a key binding JWT or it is a legacy 0.7.1 credential
|
|
47
|
+
return hasKeyBindingJwt ? token : `${token}~`;
|
|
48
|
+
}
|
|
49
|
+
return token;
|
|
50
|
+
};
|