@pagopa/io-react-native-wallet 3.1.2 → 3.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/credential/issuance/README.md +44 -17
- package/lib/commonjs/credential/issuance/common/02-start-user-authorization.js +4 -3
- package/lib/commonjs/credential/issuance/common/02-start-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/common/06-verify-and-parse-credential.sdjwt.js +37 -8
- package/lib/commonjs/credential/issuance/common/06-verify-and-parse-credential.sdjwt.js.map +1 -1
- package/lib/commonjs/credential/issuance/mrtd-pop/02-init-challenge.js +46 -38
- package/lib/commonjs/credential/issuance/mrtd-pop/02-init-challenge.js.map +1 -1
- package/lib/commonjs/credential/issuance/mrtd-pop/03-validate-challenge.js +58 -51
- package/lib/commonjs/credential/issuance/mrtd-pop/03-validate-challenge.js.map +1 -1
- package/lib/commonjs/credential/issuance/mrtd-pop/index.js +21 -5
- package/lib/commonjs/credential/issuance/mrtd-pop/index.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.0.0/02-start-user-authorization.js +3 -3
- package/lib/commonjs/credential/issuance/v1.0.0/02-start-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.0.0/03-complete-user-authorization.js +5 -2
- package/lib/commonjs/credential/issuance/v1.0.0/03-complete-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.0.0/05-obtain-credential.js +5 -1
- package/lib/commonjs/credential/issuance/v1.0.0/05-obtain-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.0.0/index.js +2 -1
- package/lib/commonjs/credential/issuance/v1.0.0/index.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.0.0/mappers.js +1 -1
- package/lib/commonjs/credential/issuance/v1.0.0/mappers.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js +0 -2
- package/lib/commonjs/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/02-start-user-authorization.js +20 -16
- package/lib/commonjs/credential/issuance/v1.3.3/02-start-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/03-complete-user-authorization.js +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/03-complete-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/04-authorize-access.js +20 -19
- package/lib/commonjs/credential/issuance/v1.3.3/04-authorize-access.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/05-obtain-credential.js +150 -57
- package/lib/commonjs/credential/issuance/v1.3.3/05-obtain-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/06-verify-and-parse-credential.js +4 -1
- package/lib/commonjs/credential/issuance/v1.3.3/06-verify-and-parse-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/index.js +2 -1
- package/lib/commonjs/credential/issuance/v1.3.3/index.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/mappers.js +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/mappers.js.map +1 -1
- package/lib/commonjs/credential/presentation/api/types.js.map +1 -1
- package/lib/commonjs/credential/presentation/{v1.3.3/utils.mdoc.js → common/utils/mdoc.js} +2 -2
- package/lib/commonjs/credential/presentation/common/utils/mdoc.js.map +1 -0
- package/lib/commonjs/credential/presentation/v1.0.0/05-verify-request-object.js +18 -12
- package/lib/commonjs/credential/presentation/v1.0.0/05-verify-request-object.js.map +1 -1
- package/lib/commonjs/credential/presentation/v1.0.0/07-send-authorization-response.js +3 -0
- package/lib/commonjs/credential/presentation/v1.0.0/07-send-authorization-response.js.map +1 -1
- package/lib/commonjs/credential/presentation/v1.0.0/index.js +0 -2
- package/lib/commonjs/credential/presentation/v1.0.0/index.js.map +1 -1
- package/lib/commonjs/credential/presentation/v1.0.0/mappers.js +23 -13
- package/lib/commonjs/credential/presentation/v1.0.0/mappers.js.map +1 -1
- package/lib/commonjs/credential/presentation/v1.0.0/types.js +25 -17
- package/lib/commonjs/credential/presentation/v1.0.0/types.js.map +1 -1
- package/lib/commonjs/credential/presentation/v1.3.3/05-verify-request-object.js +29 -6
- package/lib/commonjs/credential/presentation/v1.3.3/05-verify-request-object.js.map +1 -1
- package/lib/commonjs/credential/presentation/v1.3.3/06-evaluate-dcql-query.js +2 -2
- package/lib/commonjs/credential/presentation/v1.3.3/06-evaluate-dcql-query.js.map +1 -1
- package/lib/commonjs/credential/presentation/v1.3.3/07-send-authorization-response.js +9 -6
- package/lib/commonjs/credential/presentation/v1.3.3/07-send-authorization-response.js.map +1 -1
- package/lib/commonjs/credential/presentation/v1.3.3/mappers.js +25 -13
- package/lib/commonjs/credential/presentation/v1.3.3/mappers.js.map +1 -1
- package/lib/commonjs/credential/presentation/v1.3.3/types.js +6 -3
- package/lib/commonjs/credential/presentation/v1.3.3/types.js.map +1 -1
- package/lib/commonjs/credential/status/README.md +3 -2
- package/lib/commonjs/credential/status/v1.3.3/01-status-list.js +27 -5
- package/lib/commonjs/credential/status/v1.3.3/01-status-list.js.map +1 -1
- package/lib/commonjs/credential/status/v1.3.3/02-verify-and-parse-status-list.js +17 -6
- package/lib/commonjs/credential/status/v1.3.3/02-verify-and-parse-status-list.js.map +1 -1
- package/lib/commonjs/credentials-catalogue/api/DigitalCredentialsCatalogue.js +26 -1
- package/lib/commonjs/credentials-catalogue/api/DigitalCredentialsCatalogue.js.map +1 -1
- package/lib/commonjs/credentials-catalogue/v1.3.3/fetch-and-parse-catalogue.js +4 -0
- package/lib/commonjs/credentials-catalogue/v1.3.3/fetch-and-parse-catalogue.js.map +1 -1
- package/lib/commonjs/credentials-catalogue/v1.3.3/fetch-translations.js +5 -3
- package/lib/commonjs/credentials-catalogue/v1.3.3/fetch-translations.js.map +1 -1
- package/lib/commonjs/credentials-catalogue/v1.3.3/mappers.js +9 -1
- package/lib/commonjs/credentials-catalogue/v1.3.3/mappers.js.map +1 -1
- package/lib/commonjs/credentials-catalogue/v1.3.3/types.js +49 -1
- package/lib/commonjs/credentials-catalogue/v1.3.3/types.js.map +1 -1
- package/lib/commonjs/mdoc/index.js +3 -24
- package/lib/commonjs/mdoc/index.js.map +1 -1
- package/lib/commonjs/sd-jwt/__test__/types.test.js +2 -14
- package/lib/commonjs/sd-jwt/__test__/types.test.js.map +1 -1
- package/lib/commonjs/sd-jwt/__test__/utils.test.js +0 -12
- package/lib/commonjs/sd-jwt/__test__/utils.test.js.map +1 -1
- package/lib/commonjs/sd-jwt/types.js +1 -14
- package/lib/commonjs/sd-jwt/types.js.map +1 -1
- package/lib/commonjs/utils/callbacks.js +45 -7
- package/lib/commonjs/utils/callbacks.js.map +1 -1
- package/lib/commonjs/utils/crypto.js +58 -5
- package/lib/commonjs/utils/crypto.js.map +1 -1
- package/lib/commonjs/utils/x509.js +34 -0
- package/lib/commonjs/utils/x509.js.map +1 -0
- package/lib/commonjs/wallet-instance-attestation/api/types.js +0 -2
- package/lib/commonjs/wallet-instance-attestation/api/types.js.map +1 -1
- package/lib/commonjs/wallet-instance-attestation/v1.3.3/mappers.js +1 -14
- package/lib/commonjs/wallet-instance-attestation/v1.3.3/mappers.js.map +1 -1
- package/lib/commonjs/wallet-instance-attestation/v1.3.3/types.js +2 -7
- package/lib/commonjs/wallet-instance-attestation/v1.3.3/types.js.map +1 -1
- package/lib/commonjs/wallet-unit-attestation/api/types.js +0 -11
- package/lib/commonjs/wallet-unit-attestation/api/types.js.map +1 -1
- package/lib/module/credential/issuance/README.md +44 -17
- package/lib/module/credential/issuance/common/02-start-user-authorization.js +4 -3
- package/lib/module/credential/issuance/common/02-start-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/common/06-verify-and-parse-credential.sdjwt.js +39 -10
- package/lib/module/credential/issuance/common/06-verify-and-parse-credential.sdjwt.js.map +1 -1
- package/lib/module/credential/issuance/mrtd-pop/02-init-challenge.js +47 -34
- package/lib/module/credential/issuance/mrtd-pop/02-init-challenge.js.map +1 -1
- package/lib/module/credential/issuance/mrtd-pop/03-validate-challenge.js +58 -47
- package/lib/module/credential/issuance/mrtd-pop/03-validate-challenge.js.map +1 -1
- package/lib/module/credential/issuance/mrtd-pop/index.js +20 -5
- package/lib/module/credential/issuance/mrtd-pop/index.js.map +1 -1
- package/lib/module/credential/issuance/v1.0.0/02-start-user-authorization.js +1 -1
- package/lib/module/credential/issuance/v1.0.0/02-start-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/v1.0.0/03-complete-user-authorization.js +6 -3
- package/lib/module/credential/issuance/v1.0.0/03-complete-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/v1.0.0/05-obtain-credential.js +4 -1
- package/lib/module/credential/issuance/v1.0.0/05-obtain-credential.js.map +1 -1
- package/lib/module/credential/issuance/v1.0.0/index.js +4 -3
- package/lib/module/credential/issuance/v1.0.0/index.js.map +1 -1
- package/lib/module/credential/issuance/v1.0.0/mappers.js +1 -1
- package/lib/module/credential/issuance/v1.0.0/mappers.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js +0 -2
- package/lib/module/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/02-start-user-authorization.js +20 -16
- package/lib/module/credential/issuance/v1.3.3/02-start-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/03-complete-user-authorization.js +1 -1
- package/lib/module/credential/issuance/v1.3.3/03-complete-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/04-authorize-access.js +22 -19
- package/lib/module/credential/issuance/v1.3.3/04-authorize-access.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/05-obtain-credential.js +147 -55
- package/lib/module/credential/issuance/v1.3.3/05-obtain-credential.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/06-verify-and-parse-credential.js +4 -1
- package/lib/module/credential/issuance/v1.3.3/06-verify-and-parse-credential.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/index.js +4 -3
- package/lib/module/credential/issuance/v1.3.3/index.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/mappers.js +1 -1
- package/lib/module/credential/issuance/v1.3.3/mappers.js.map +1 -1
- package/lib/module/credential/presentation/api/types.js.map +1 -1
- package/lib/module/credential/presentation/{v1.3.3/utils.mdoc.js → common/utils/mdoc.js} +2 -2
- package/lib/module/credential/presentation/common/utils/mdoc.js.map +1 -0
- package/lib/module/credential/presentation/v1.0.0/05-verify-request-object.js +13 -7
- package/lib/module/credential/presentation/v1.0.0/05-verify-request-object.js.map +1 -1
- package/lib/module/credential/presentation/v1.0.0/07-send-authorization-response.js +4 -1
- package/lib/module/credential/presentation/v1.0.0/07-send-authorization-response.js.map +1 -1
- package/lib/module/credential/presentation/v1.0.0/index.js +0 -2
- package/lib/module/credential/presentation/v1.0.0/index.js.map +1 -1
- package/lib/module/credential/presentation/v1.0.0/mappers.js +23 -13
- package/lib/module/credential/presentation/v1.0.0/mappers.js.map +1 -1
- package/lib/module/credential/presentation/v1.0.0/types.js +23 -15
- package/lib/module/credential/presentation/v1.0.0/types.js.map +1 -1
- package/lib/module/credential/presentation/v1.3.3/05-verify-request-object.js +28 -6
- package/lib/module/credential/presentation/v1.3.3/05-verify-request-object.js.map +1 -1
- package/lib/module/credential/presentation/v1.3.3/06-evaluate-dcql-query.js +2 -3
- package/lib/module/credential/presentation/v1.3.3/06-evaluate-dcql-query.js.map +1 -1
- package/lib/module/credential/presentation/v1.3.3/07-send-authorization-response.js +9 -6
- package/lib/module/credential/presentation/v1.3.3/07-send-authorization-response.js.map +1 -1
- package/lib/module/credential/presentation/v1.3.3/mappers.js +25 -13
- package/lib/module/credential/presentation/v1.3.3/mappers.js.map +1 -1
- package/lib/module/credential/presentation/v1.3.3/types.js +5 -2
- package/lib/module/credential/presentation/v1.3.3/types.js.map +1 -1
- package/lib/module/credential/status/README.md +3 -2
- package/lib/module/credential/status/v1.3.3/01-status-list.js +27 -5
- package/lib/module/credential/status/v1.3.3/01-status-list.js.map +1 -1
- package/lib/module/credential/status/v1.3.3/02-verify-and-parse-status-list.js +17 -6
- package/lib/module/credential/status/v1.3.3/02-verify-and-parse-status-list.js.map +1 -1
- package/lib/module/credentials-catalogue/api/DigitalCredentialsCatalogue.js +24 -0
- package/lib/module/credentials-catalogue/api/DigitalCredentialsCatalogue.js.map +1 -1
- package/lib/module/credentials-catalogue/v1.3.3/fetch-and-parse-catalogue.js +5 -1
- package/lib/module/credentials-catalogue/v1.3.3/fetch-and-parse-catalogue.js.map +1 -1
- package/lib/module/credentials-catalogue/v1.3.3/fetch-translations.js +5 -3
- package/lib/module/credentials-catalogue/v1.3.3/fetch-translations.js.map +1 -1
- package/lib/module/credentials-catalogue/v1.3.3/mappers.js +9 -1
- package/lib/module/credentials-catalogue/v1.3.3/mappers.js.map +1 -1
- package/lib/module/credentials-catalogue/v1.3.3/types.js +47 -0
- package/lib/module/credentials-catalogue/v1.3.3/types.js.map +1 -1
- package/lib/module/mdoc/index.js +3 -24
- package/lib/module/mdoc/index.js.map +1 -1
- package/lib/module/sd-jwt/__test__/types.test.js +2 -14
- package/lib/module/sd-jwt/__test__/types.test.js.map +1 -1
- package/lib/module/sd-jwt/__test__/utils.test.js +0 -12
- package/lib/module/sd-jwt/__test__/utils.test.js.map +1 -1
- package/lib/module/sd-jwt/types.js +1 -14
- package/lib/module/sd-jwt/types.js.map +1 -1
- package/lib/module/utils/callbacks.js +45 -8
- package/lib/module/utils/callbacks.js.map +1 -1
- package/lib/module/utils/crypto.js +57 -6
- package/lib/module/utils/crypto.js.map +1 -1
- package/lib/module/utils/x509.js +28 -0
- package/lib/module/utils/x509.js.map +1 -0
- package/lib/module/wallet-instance-attestation/api/types.js +0 -2
- package/lib/module/wallet-instance-attestation/api/types.js.map +1 -1
- package/lib/module/wallet-instance-attestation/v1.3.3/mappers.js +1 -14
- package/lib/module/wallet-instance-attestation/v1.3.3/mappers.js.map +1 -1
- package/lib/module/wallet-instance-attestation/v1.3.3/types.js +2 -7
- package/lib/module/wallet-instance-attestation/v1.3.3/types.js.map +1 -1
- package/lib/module/wallet-unit-attestation/api/types.js +0 -11
- package/lib/module/wallet-unit-attestation/api/types.js.map +1 -1
- package/lib/typescript/credential/issuance/api/05-obtain-credential.d.ts +20 -0
- package/lib/typescript/credential/issuance/api/05-obtain-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/api/06-verify-and-parse-credential.d.ts +4 -0
- package/lib/typescript/credential/issuance/api/06-verify-and-parse-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/common/02-start-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/common/06-verify-and-parse-credential.sdjwt.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/mrtd-pop/02-init-challenge.d.ts +12 -1
- package/lib/typescript/credential/issuance/mrtd-pop/02-init-challenge.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/mrtd-pop/03-validate-challenge.d.ts +12 -1
- package/lib/typescript/credential/issuance/mrtd-pop/03-validate-challenge.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/mrtd-pop/index.d.ts +2 -1
- package/lib/typescript/credential/issuance/mrtd-pop/index.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.0.0/03-complete-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.0.0/05-obtain-credential.d.ts +1 -0
- package/lib/typescript/credential/issuance/v1.0.0/05-obtain-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.0.0/index.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.0.0/mappers.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/01-evaluate-issuer-trust.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/02-start-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/04-authorize-access.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/05-obtain-credential.d.ts +23 -2
- package/lib/typescript/credential/issuance/v1.3.3/05-obtain-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/06-verify-and-parse-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/index.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/mappers.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/api/04-verify-certificate-chain.d.ts +9 -2
- package/lib/typescript/credential/presentation/api/04-verify-certificate-chain.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/api/05-verify-request-object.d.ts +2 -2
- package/lib/typescript/credential/presentation/api/05-verify-request-object.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/api/07-send-authorization-response.d.ts +2 -2
- package/lib/typescript/credential/presentation/api/07-send-authorization-response.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/api/types.d.ts +18 -0
- package/lib/typescript/credential/presentation/api/types.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/{v1.3.3/utils.mdoc.d.ts → common/utils/mdoc.d.ts} +2 -2
- package/lib/typescript/credential/presentation/common/utils/mdoc.d.ts.map +1 -0
- package/lib/typescript/credential/presentation/v1.0.0/05-verify-request-object.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/v1.0.0/07-send-authorization-response.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/v1.0.0/index.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/v1.0.0/mappers.d.ts +21 -13
- package/lib/typescript/credential/presentation/v1.0.0/mappers.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/v1.0.0/types.d.ts +23 -15
- package/lib/typescript/credential/presentation/v1.0.0/types.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/v1.3.3/05-verify-request-object.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/v1.3.3/06-evaluate-dcql-query.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/v1.3.3/07-send-authorization-response.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/v1.3.3/mappers.d.ts +89 -79
- package/lib/typescript/credential/presentation/v1.3.3/mappers.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/v1.3.3/types.d.ts +87 -79
- package/lib/typescript/credential/presentation/v1.3.3/types.d.ts.map +1 -1
- package/lib/typescript/credential/status/api/status-list.d.ts +8 -4
- package/lib/typescript/credential/status/api/status-list.d.ts.map +1 -1
- package/lib/typescript/credential/status/v1.3.3/01-status-list.d.ts.map +1 -1
- package/lib/typescript/credential/status/v1.3.3/02-verify-and-parse-status-list.d.ts.map +1 -1
- package/lib/typescript/credentials-catalogue/api/DigitalCredentialsCatalogue.d.ts +73 -0
- package/lib/typescript/credentials-catalogue/api/DigitalCredentialsCatalogue.d.ts.map +1 -1
- package/lib/typescript/credentials-catalogue/api/index.d.ts +6 -5
- package/lib/typescript/credentials-catalogue/api/index.d.ts.map +1 -1
- package/lib/typescript/credentials-catalogue/v1.0.0/mappers.d.ts +25 -0
- package/lib/typescript/credentials-catalogue/v1.0.0/mappers.d.ts.map +1 -1
- package/lib/typescript/credentials-catalogue/v1.3.3/fetch-and-parse-catalogue.d.ts.map +1 -1
- package/lib/typescript/credentials-catalogue/v1.3.3/fetch-translations.d.ts.map +1 -1
- package/lib/typescript/credentials-catalogue/v1.3.3/mappers.d.ts +51 -0
- package/lib/typescript/credentials-catalogue/v1.3.3/mappers.d.ts.map +1 -1
- package/lib/typescript/credentials-catalogue/v1.3.3/types.d.ts +33 -0
- package/lib/typescript/credentials-catalogue/v1.3.3/types.d.ts.map +1 -1
- package/lib/typescript/mdoc/index.d.ts +1 -1
- package/lib/typescript/mdoc/index.d.ts.map +1 -1
- package/lib/typescript/mdoc/utils.d.ts +0 -24
- package/lib/typescript/mdoc/utils.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/types.d.ts +0 -12
- package/lib/typescript/sd-jwt/types.d.ts.map +1 -1
- package/lib/typescript/utils/callbacks.d.ts +7 -0
- package/lib/typescript/utils/callbacks.d.ts.map +1 -1
- package/lib/typescript/utils/crypto.d.ts +32 -15
- package/lib/typescript/utils/crypto.d.ts.map +1 -1
- package/lib/typescript/utils/x509.d.ts +10 -0
- package/lib/typescript/utils/x509.d.ts.map +1 -0
- package/lib/typescript/wallet-instance-attestation/api/types.d.ts +0 -2
- package/lib/typescript/wallet-instance-attestation/api/types.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/v1.0.0/mappers.d.ts +0 -2
- package/lib/typescript/wallet-instance-attestation/v1.0.0/mappers.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/v1.3.3/mappers.d.ts +2 -9
- package/lib/typescript/wallet-instance-attestation/v1.3.3/mappers.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/v1.3.3/types.d.ts +2 -7
- package/lib/typescript/wallet-instance-attestation/v1.3.3/types.d.ts.map +1 -1
- package/lib/typescript/wallet-unit-attestation/api/types.d.ts +0 -11
- package/lib/typescript/wallet-unit-attestation/api/types.d.ts.map +1 -1
- package/lib/typescript/wallet-unit-attestation/v1.3.3/mappers.d.ts +0 -22
- package/lib/typescript/wallet-unit-attestation/v1.3.3/mappers.d.ts.map +1 -1
- package/lib/typescript/wallet-unit-attestation/v1.3.3/types.d.ts +0 -11
- package/lib/typescript/wallet-unit-attestation/v1.3.3/types.d.ts.map +1 -1
- package/package.json +6 -6
- package/src/credential/issuance/README.md +44 -17
- package/src/credential/issuance/api/05-obtain-credential.ts +24 -0
- package/src/credential/issuance/api/06-verify-and-parse-credential.ts +4 -0
- package/src/credential/issuance/common/02-start-user-authorization.ts +6 -3
- package/src/credential/issuance/common/06-verify-and-parse-credential.sdjwt.ts +42 -9
- package/src/credential/issuance/mrtd-pop/02-init-challenge.ts +69 -45
- package/src/credential/issuance/mrtd-pop/03-validate-challenge.ts +84 -62
- package/src/credential/issuance/mrtd-pop/index.ts +13 -5
- package/src/credential/issuance/v1.0.0/02-start-user-authorization.ts +1 -1
- package/src/credential/issuance/v1.0.0/03-complete-user-authorization.ts +8 -3
- package/src/credential/issuance/v1.0.0/05-obtain-credential.ts +6 -0
- package/src/credential/issuance/v1.0.0/index.ts +7 -3
- package/src/credential/issuance/v1.0.0/mappers.ts +4 -1
- package/src/credential/issuance/v1.3.3/01-evaluate-issuer-trust.ts +0 -2
- package/src/credential/issuance/v1.3.3/02-start-user-authorization.ts +24 -20
- package/src/credential/issuance/v1.3.3/03-complete-user-authorization.ts +1 -1
- package/src/credential/issuance/v1.3.3/04-authorize-access.ts +28 -23
- package/src/credential/issuance/v1.3.3/05-obtain-credential.ts +182 -87
- package/src/credential/issuance/v1.3.3/06-verify-and-parse-credential.ts +2 -1
- package/src/credential/issuance/v1.3.3/index.ts +7 -3
- package/src/credential/issuance/v1.3.3/mappers.ts +4 -1
- package/src/credential/presentation/api/04-verify-certificate-chain.ts +9 -2
- package/src/credential/presentation/api/05-verify-request-object.ts +2 -2
- package/src/credential/presentation/api/07-send-authorization-response.ts +2 -2
- package/src/credential/presentation/api/types.ts +16 -0
- package/src/credential/presentation/{v1.3.3/utils.mdoc.ts → common/utils/mdoc.ts} +2 -2
- package/src/credential/presentation/v1.0.0/05-verify-request-object.ts +21 -10
- package/src/credential/presentation/v1.0.0/07-send-authorization-response.ts +7 -0
- package/src/credential/presentation/v1.0.0/index.ts +0 -2
- package/src/credential/presentation/v1.0.0/mappers.ts +17 -17
- package/src/credential/presentation/v1.0.0/types.ts +23 -15
- package/src/credential/presentation/v1.3.3/05-verify-request-object.ts +63 -10
- package/src/credential/presentation/v1.3.3/06-evaluate-dcql-query.ts +3 -3
- package/src/credential/presentation/v1.3.3/07-send-authorization-response.ts +13 -4
- package/src/credential/presentation/v1.3.3/mappers.ts +19 -17
- package/src/credential/presentation/v1.3.3/types.ts +9 -3
- package/src/credential/status/README.md +3 -2
- package/src/credential/status/api/status-list.ts +10 -7
- package/src/credential/status/v1.3.3/01-status-list.ts +21 -7
- package/src/credential/status/v1.3.3/02-verify-and-parse-status-list.ts +19 -5
- package/src/credentials-catalogue/api/DigitalCredentialsCatalogue.ts +32 -0
- package/src/credentials-catalogue/api/index.ts +6 -3
- package/src/credentials-catalogue/v1.3.3/fetch-and-parse-catalogue.ts +6 -0
- package/src/credentials-catalogue/v1.3.3/fetch-translations.ts +6 -3
- package/src/credentials-catalogue/v1.3.3/mappers.ts +17 -1
- package/src/credentials-catalogue/v1.3.3/types.ts +51 -0
- package/src/mdoc/index.ts +5 -41
- package/src/sd-jwt/__test__/types.test.ts +1 -13
- package/src/sd-jwt/__test__/utils.test.ts +0 -12
- package/src/sd-jwt/types.ts +0 -13
- package/src/utils/callbacks.ts +57 -9
- package/src/utils/crypto.ts +86 -15
- package/src/utils/x509.ts +43 -0
- package/src/wallet-instance-attestation/api/types.ts +0 -2
- package/src/wallet-instance-attestation/v1.3.3/mappers.ts +3 -11
- package/src/wallet-instance-attestation/v1.3.3/types.ts +2 -7
- package/src/wallet-unit-attestation/api/types.ts +0 -11
- package/lib/commonjs/credential/issuance/common/authorization.js +0 -56
- package/lib/commonjs/credential/issuance/common/authorization.js.map +0 -1
- package/lib/commonjs/credential/presentation/v1.0.0/04-verify-certificate-chain.js +0 -12
- package/lib/commonjs/credential/presentation/v1.0.0/04-verify-certificate-chain.js.map +0 -1
- package/lib/commonjs/credential/presentation/v1.3.3/utils.mdoc.js.map +0 -1
- package/lib/module/credential/issuance/common/authorization.js +0 -48
- package/lib/module/credential/issuance/common/authorization.js.map +0 -1
- package/lib/module/credential/presentation/v1.0.0/04-verify-certificate-chain.js +0 -5
- package/lib/module/credential/presentation/v1.0.0/04-verify-certificate-chain.js.map +0 -1
- package/lib/module/credential/presentation/v1.3.3/utils.mdoc.js.map +0 -1
- package/lib/typescript/credential/issuance/common/authorization.d.ts +0 -21
- package/lib/typescript/credential/issuance/common/authorization.d.ts.map +0 -1
- package/lib/typescript/credential/presentation/v1.0.0/04-verify-certificate-chain.d.ts +0 -3
- package/lib/typescript/credential/presentation/v1.0.0/04-verify-certificate-chain.d.ts.map +0 -1
- package/lib/typescript/credential/presentation/v1.3.3/utils.mdoc.d.ts.map +0 -1
- package/src/credential/issuance/common/authorization.ts +0 -89
- package/src/credential/presentation/v1.0.0/04-verify-certificate-chain.ts +0 -10
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_cryptoNodejs","_jsrsasign","_errors","_misc","partialCallbacks","generateRandom","generateRandomBytes","hash","digest","encryptJwe","_ref","data","
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_cryptoNodejs","_jsrsasign","_errors","_misc","_crypto","getJwkFromSigner","signer","method","getJwkFromCertificateChain","x5c","assert","trustChain","length","getJwkFromTrustChain","kid","publicJwk","IoWalletError","partialCallbacks","generateRandom","generateRandomBytes","hash","digest","encryptJwe","_ref","data","alg","enc","jwe","EncryptJwe","encrypt","encryptionJwk","verifyJwt","jwtSigner","jwt","signerJwk","verify","compact","verified","decryptJwe","getX509CertificateMetadata","certificate","x509","X509","readCertPEM","sanExt","getExtSubjectAltName","sanDnsNames","sanUriNames","item","array","push","dns","uri","exports","createVerifyJwtFromJwks","jwks","_","getJwkFromHeader","header","createSignJwtFromCryptoContext","cryptoContext","signJwt","_ref2","payload","SignJWT","setProtectedHeader","setPayload","sign","getPublicKey"],"sourceRoot":"../../../src","sources":["utils/callbacks.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAQA,IAAAC,aAAA,GAAAD,OAAA;AACA,IAAAE,UAAA,GAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,KAAA,GAAAJ,OAAA;AAEA,IAAAK,OAAA,GAAAL,OAAA;AAOA;;AAMA;AACA;AACA;AACA;AACA;AACA,MAAMM,gBAAgB,GAAG,MAAOC,MAAiB,IAAmB;EAClE,QAAQA,MAAM,CAACC,MAAM;IACnB,KAAK,KAAK;MACR,OAAO,IAAAC,kCAA0B,EAACF,MAAM,CAACG,GAAG,CAAC;IAC/C,KAAK,YAAY;MAAE;QACjB,IAAAC,YAAM,EACJJ,MAAM,CAACK,UAAU,IAAIL,MAAM,CAACK,UAAU,CAACC,MAAM,GAAG,CAAC,EACjD,+CACF,CAAC;QACD,OAAO,IAAAC,4BAAoB,EAACP,MAAM,CAACK,UAAU,EAAEL,MAAM,CAACQ,GAAG,CAAC;MAC5D;IACA,KAAK,KAAK;MACR,OAAOR,MAAM,CAACS,SAAS;IACzB;MACE,MAAM,IAAIC,qBAAa,CAAE,8BAA6BV,MAAM,CAACC,MAAO,EAAC,CAAC;EAC1E;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACO,MAAMU,gBAAwC,GAAG;EACtDC,cAAc,EAAEC,yBAAmB;EACnCC,IAAI,EAAEC,oBAAqB;EAC3BC,UAAU,EAAE,MAAAA,CAAAC,IAAA,EAAqCC,IAAI;IAAA,IAAlC;MAAET,SAAS;MAAEU,GAAG;MAAEC,GAAG;MAAEZ;IAAI,CAAC,GAAAS,IAAA;IAAA,OAAY;MACzD;MACAI,GAAG,EAAE,MAAM,IAAIC,4BAAU,CAACJ,IAAI,EAAE;QAAEC,GAAG;QAAEC,GAAG;QAAEZ;MAAI,CAAC,CAAC,CAACe,OAAO,CAACd,SAAS,CAAC;MACrEe,aAAa,EAAEf;IACjB,CAAC;EAAA,CAAC;EACFgB,SAAS,EAAE,MAAAA,CAAOC,SAAS,EAAEC,GAAG,KAAK;IACnC,IAAI;MACF,MAAMC,SAAS,GAAG,MAAM7B,gBAAgB,CAAC2B,SAAS,CAAC;MACnD,MAAM,IAAAG,wBAAM,EAACF,GAAG,CAACG,OAAO,EAAEF,SAAS,CAAC;MACpC,OAAO;QAAEG,QAAQ,EAAE,IAAI;QAAEH;MAAU,CAAC;IACtC,CAAC,CAAC,MAAM;MACN,OAAO;QAAEG,QAAQ,EAAE;MAAM,CAAC;IAC5B;EACF,CAAC;EACDC,UAAU,EAAEA,CAAA,KAAM;IAChB,MAAM,IAAItB,qBAAa,CAAC,+BAA+B,CAAC;EAC1D,CAAC;EACDuB,0BAA0B,EAAGC,WAAW,IAAK;IAC3C,MAAMC,IAAI,GAAG,IAAIC,eAAI,CAAC,CAAC;IACvBD,IAAI,CAACE,WAAW,CAACH,WAAW,CAAC;IAC7B,MAAMI,MAAM,GAAGH,IAAI,CAACI,oBAAoB,CAACL,WAAW,CAAC;IAErD,MAAMM,WAAqB,GAAG,EAAE;IAChC,MAAMC,WAAqB,GAAG,EAAE;IAEhC,KAAK,MAAMC,IAAI,IAAIJ,MAAM,CAACK,KAAK,EAAE;MAC/B,IAAI,CAACD,IAAI,EAAE;MACX,IAAI,KAAK,IAAIA,IAAI,EAAEF,WAAW,CAACI,IAAI,CAACF,IAAI,CAACG,GAAG,CAAC;MAC7C,IAAI,KAAK,IAAIH,IAAI,EAAED,WAAW,CAACG,IAAI,CAACF,IAAI,CAACI,GAAG,CAAC;IAC/C;IAEA,OAAO;MAAEN,WAAW;MAAEC;IAAY,CAAC;EACrC;AACF,CAAC;AAACM,OAAA,CAAApC,gBAAA,GAAAA,gBAAA;AAIF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMqC,uBAAuB,GAClCC,IAAW,IACsB;EACjC,OAAO,eAAexB,SAASA,CAACyB,CAAC,EAAEvB,GAAG,EAAE;IACtC,IAAI;MACF,MAAMC,SAAS,GAAG,IAAAuB,kCAAgB,EAACxB,GAAG,CAACyB,MAAM,EAAeH,IAAI,CAAC;MACjE,MAAM,IAAApB,wBAAM,EAACF,GAAG,CAACG,OAAO,EAAEF,SAAS,CAAC;MACpC,OAAO;QAAEG,QAAQ,EAAE,IAAI;QAAEH;MAAU,CAAC;IACtC,CAAC,CAAC,MAAM;MACN,OAAO;QAAEG,QAAQ,EAAE;MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AAJAgB,OAAA,CAAAC,uBAAA,GAAAA,uBAAA;AAKO,MAAMK,8BAA8B,GACzCC,aAA4B,IACG;EAC/B,OAAO,eAAeC,OAAOA,CAAC7B,SAAS,EAAA8B,KAAA,EAAuB;IAAA,IAArB;MAAEJ,MAAM;MAAEK;IAAQ,CAAC,GAAAD,KAAA;IAC1D,OAAO;MACL7B,GAAG,EAAE,MAAM,IAAI+B,yBAAO,CAACJ,aAAa,CAAC,CAClCK,kBAAkB,CAACP,MAAM,CAAC,CAC1BQ,UAAU,CAACH,OAAO,CAAC,CACnBI,IAAI,CAAC,CAAC;MACTjC,SAAS,EACPF,SAAS,CAACzB,MAAM,KAAK,KAAK,GACtByB,SAAS,CAACjB,SAAS,GACnB,MAAM6C,aAAa,CAACQ,YAAY,CAAC;IACzC,CAAC;EACH,CAAC;AACH,CAAC;AAACf,OAAA,CAAAM,8BAAA,GAAAA,8BAAA"}
|
|
@@ -3,13 +3,21 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.withEphemeralKey = exports.getSigninJwkFromCert = exports.createCryptoContextFor = exports.convertBase64DerToPem = void 0;
|
|
6
|
+
exports.withEphemeralKey = exports.getSigninJwkFromCert = exports.getJwkFromTrustChain = exports.getJwkFromCertificateChain = exports.createCryptoContextFor = exports.convertBase64DerToPem = void 0;
|
|
7
7
|
var _ioReactNativeCrypto = require("@pagopa/io-react-native-crypto");
|
|
8
8
|
var _uuid = require("uuid");
|
|
9
9
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
10
10
|
var _jwk = require("./jwk");
|
|
11
11
|
var _jsrsasign = require("jsrsasign");
|
|
12
12
|
var _errors = require("./errors");
|
|
13
|
+
/**
|
|
14
|
+
* Extension of the {@link CryptoContext} that adds key generation with optional key attestation.
|
|
15
|
+
*
|
|
16
|
+
* This context requires the consumer to provide an additional method for **key generation**;
|
|
17
|
+
* on Android this method should also generate a key attestation as a certificate chain
|
|
18
|
+
* to ensure the key pair is hardware-backed.
|
|
19
|
+
*/
|
|
20
|
+
|
|
13
21
|
/**
|
|
14
22
|
* Create a CryptoContext bound to a key pair.
|
|
15
23
|
* Key pair is supposed to exist already in the device's keychain.
|
|
@@ -88,11 +96,56 @@ const getSigninJwkFromCert = pemCert => {
|
|
|
88
96
|
};
|
|
89
97
|
|
|
90
98
|
/**
|
|
91
|
-
*
|
|
99
|
+
* Retrieves the signing JWK from a x509 certificate chain.
|
|
92
100
|
*
|
|
93
|
-
*
|
|
94
|
-
*
|
|
95
|
-
*
|
|
101
|
+
* @param certChain - The x509 certificate chain.
|
|
102
|
+
* @returns The signing JWK.
|
|
103
|
+
* @throws Will throw an error if no suitable keys are found.
|
|
96
104
|
*/
|
|
97
105
|
exports.getSigninJwkFromCert = getSigninJwkFromCert;
|
|
106
|
+
const getJwkFromCertificateChain = async certChain => {
|
|
107
|
+
const [leafCert] = certChain;
|
|
108
|
+
if (!leafCert) {
|
|
109
|
+
throw new _errors.IoWalletError("The provided certificate chain is invalid or malformed");
|
|
110
|
+
}
|
|
111
|
+
const pemCert = convertBase64DerToPem(leafCert);
|
|
112
|
+
return getSigninJwkFromCert(pemCert);
|
|
113
|
+
};
|
|
114
|
+
|
|
115
|
+
/**
|
|
116
|
+
* Retrieves the signing JWK from a trust chain of entity configuration JWTs, matching the provided signer KID.
|
|
117
|
+
*
|
|
118
|
+
* @param trustChain - The trust chain of entity configuration JWTs.
|
|
119
|
+
* @param signerKid - The KID of the signer to look for in the trust chain.
|
|
120
|
+
* @returns The signing JWK.
|
|
121
|
+
* @throws Will throw an error if no suitable keys are found.
|
|
122
|
+
*/
|
|
123
|
+
exports.getJwkFromCertificateChain = getJwkFromCertificateChain;
|
|
124
|
+
const getJwkFromTrustChain = (trustChain, signerKid) => {
|
|
125
|
+
const [entityConfigurationJwt] = trustChain;
|
|
126
|
+
if (!entityConfigurationJwt) {
|
|
127
|
+
throw new _errors.IoWalletError("The provided trust chain is invalid or malformed");
|
|
128
|
+
}
|
|
129
|
+
const keys = [];
|
|
130
|
+
const decodedEntityConfigJwt = (0, _ioReactNativeJwt.decode)(entityConfigurationJwt);
|
|
131
|
+
const baseEntityConfig = decodedEntityConfigJwt.payload;
|
|
132
|
+
|
|
133
|
+
// Get top-level JWKS
|
|
134
|
+
if (baseEntityConfig.jwks) {
|
|
135
|
+
keys.push(..._jwk.JWKS.parse(baseEntityConfig.jwks).keys);
|
|
136
|
+
}
|
|
137
|
+
|
|
138
|
+
// Check metadata entries for additional JWKS like openid_credential_verifier
|
|
139
|
+
if (baseEntityConfig.metadata) {
|
|
140
|
+
for (const metadata of Object.values(baseEntityConfig.metadata)) {
|
|
141
|
+
if (metadata.jwks) {
|
|
142
|
+
keys.push(..._jwk.JWKS.parse(metadata.jwks).keys);
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
const federationJwk = keys.find(key => key.kid === signerKid);
|
|
147
|
+
if (!federationJwk) throw new _errors.IoWalletError("No suitable key was found in the provided trust chain");
|
|
148
|
+
return federationJwk;
|
|
149
|
+
};
|
|
150
|
+
exports.getJwkFromTrustChain = getJwkFromTrustChain;
|
|
98
151
|
//# sourceMappingURL=crypto.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeCrypto","require","_uuid","_ioReactNativeJwt","_jwk","_jsrsasign","_errors","createCryptoContextFor","keytag","getPublicKey","getPublicKeyFixed","then","jwk","kid","thumbprint","getSignature","value","sign","exports","withEphemeralKey","fn","uuidv4","generate","ephemeralContext","finally","deleteKey","convertBase64DerToPem","certificate","getSigninJwkFromCert","pemCert","x509","X509","readCertPEM","publicKey","RSAKey","KJUR","crypto","ECDSA","JWK","parse","KEYUTIL","getJWKFromKey","use","IoWalletError"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":";;;;;;AAAA,IAAAA,oBAAA,GAAAC,OAAA;AAMA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,iBAAA,GAAAF,OAAA;
|
|
1
|
+
{"version":3,"names":["_ioReactNativeCrypto","require","_uuid","_ioReactNativeJwt","_jwk","_jsrsasign","_errors","createCryptoContextFor","keytag","getPublicKey","getPublicKeyFixed","then","jwk","kid","thumbprint","getSignature","value","sign","exports","withEphemeralKey","fn","uuidv4","generate","ephemeralContext","finally","deleteKey","convertBase64DerToPem","certificate","getSigninJwkFromCert","pemCert","x509","X509","readCertPEM","publicKey","RSAKey","KJUR","crypto","ECDSA","JWK","parse","KEYUTIL","getJWKFromKey","use","IoWalletError","getJwkFromCertificateChain","certChain","leafCert","getJwkFromTrustChain","trustChain","signerKid","entityConfigurationJwt","keys","decodedEntityConfigJwt","decode","baseEntityConfig","payload","jwks","push","JWKS","metadata","Object","values","federationJwk","find","key"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":";;;;;;AAAA,IAAAA,oBAAA,GAAAC,OAAA;AAMA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,iBAAA,GAAAF,OAAA;AAMA,IAAAG,IAAA,GAAAH,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAYA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMM,sBAAsB,GAAIC,MAAc,IAAoB;EACvE,OAAO;IACL,MAAMC,YAAYA,CAAA,EAAG;MACnB,OAAO,IAAAC,sCAAiB,EAACF,MAAM,CAAC,CAACG,IAAI,CAAC,MAAOC,GAAG,KAAM;QACpD,GAAGA,GAAG;QACN;QACA;QACA;QACA;QACAC,GAAG,EAAE,MAAM,IAAAC,4BAAU,EAACF,GAAG;MAC3B,CAAC,CAAC,CAAC;IACL,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;IACI,MAAMG,YAAYA,CAACC,KAAa,EAAE;MAChC,OAAO,IAAAC,yBAAI,EAACD,KAAK,EAAER,MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAU,OAAA,CAAAX,sBAAA,GAAAA,sBAAA;AAQO,MAAMY,gBAAgB,GAAG,MAC9BC,EAAmD,IACpC;EACf;EACA,MAAMZ,MAAM,GAAI,aAAY,IAAAa,QAAM,EAAC,CAAE,EAAC;EACtC,MAAM,IAAAC,6BAAQ,EAACd,MAAM,CAAC;EACtB,MAAMe,gBAAgB,GAAGhB,sBAAsB,CAACC,MAAM,CAAC;EACvD,OAAOY,EAAE,CAACG,gBAAgB,CAAC,CAACC,OAAO,CAAC,MAAM,IAAAC,8BAAS,EAACjB,MAAM,CAAC,CAAC;AAC9D,CAAC;AACD;AACA;AACA;AACA;AACA;AACA;AALAU,OAAA,CAAAC,gBAAA,GAAAA,gBAAA;AAMO,MAAMO,qBAAqB,GAAIC,WAAmB,IACtD,gCAA+BA,WAAY,6BAA4B;;AAE1E;AACA;AACA;AACA;AACA;AACA;AACA;AANAT,OAAA,CAAAQ,qBAAA,GAAAA,qBAAA;AAOO,MAAME,oBAAoB,GAAIC,OAAe,IAAU;EAC5D,MAAMC,IAAI,GAAG,IAAIC,eAAI,CAAC,CAAC;EACvBD,IAAI,CAACE,WAAW,CAACH,OAAO,CAAC;EACzB,MAAMI,SAAS,GAAGH,IAAI,CAACrB,YAAY,CAAC,CAAC;EAErC,IAAIwB,SAAS,YAAYC,iBAAM,IAAID,SAAS,YAAYE,eAAI,CAACC,MAAM,CAACC,KAAK,EAAE;IACzE,OAAO;MACL,GAAGC,QAAG,CAACC,KAAK,CAACC,kBAAO,CAACC,aAAa,CAACR,SAAS,CAAC,CAAC;MAC9CS,GAAG,EAAE;IACP,CAAC;EACH;EAEA,MAAM,IAAIC,qBAAa,CACrB,2DACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AANAzB,OAAA,CAAAU,oBAAA,GAAAA,oBAAA;AAOO,MAAMgB,0BAA0B,GAAG,MACxCC,SAAmB,IACF;EACjB,MAAM,CAACC,QAAQ,CAAC,GAAGD,SAAS;EAC5B,IAAI,CAACC,QAAQ,EAAE;IACb,MAAM,IAAIH,qBAAa,CACrB,wDACF,CAAC;EACH;EACA,MAAMd,OAAO,GAAGH,qBAAqB,CAACoB,QAAQ,CAAC;EAC/C,OAAOlB,oBAAoB,CAACC,OAAO,CAAC;AACtC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAX,OAAA,CAAA0B,0BAAA,GAAAA,0BAAA;AAQO,MAAMG,oBAAoB,GAAGA,CAClCC,UAAoB,EACpBC,SAAiB,KACT;EACR,MAAM,CAACC,sBAAsB,CAAC,GAAGF,UAAU;EAC3C,IAAI,CAACE,sBAAsB,EAAE;IAC3B,MAAM,IAAIP,qBAAa,CAAC,kDAAkD,CAAC;EAC7E;EAEA,MAAMQ,IAAW,GAAG,EAAE;EACtB,MAAMC,sBAAsB,GAAG,IAAAC,wBAAM,EAACH,sBAAsB,CAAC;EAC7D,MAAMI,gBAAgB,GACpBF,sBAAsB,CAACG,OAA6C;;EAEtE;EACA,IAAID,gBAAgB,CAACE,IAAI,EAAE;IACzBL,IAAI,CAACM,IAAI,CAAC,GAAGC,SAAI,CAACnB,KAAK,CAACe,gBAAgB,CAACE,IAAI,CAAC,CAACL,IAAI,CAAC;EACtD;;EAEA;EACA,IAAIG,gBAAgB,CAACK,QAAQ,EAAE;IAC7B,KAAK,MAAMA,QAAQ,IAAIC,MAAM,CAACC,MAAM,CAClCP,gBAAgB,CAACK,QACnB,CAAC,EAAE;MACD,IAAIA,QAAQ,CAACH,IAAI,EAAE;QACjBL,IAAI,CAACM,IAAI,CAAC,GAAGC,SAAI,CAACnB,KAAK,CAACoB,QAAQ,CAACH,IAAI,CAAC,CAACL,IAAI,CAAC;MAC9C;IACF;EACF;EAEA,MAAMW,aAAa,GAAGX,IAAI,CAACY,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACnD,GAAG,KAAKoC,SAAS,CAAC;EAC/D,IAAI,CAACa,aAAa,EAChB,MAAM,IAAInB,qBAAa,CACrB,uDACF,CAAC;EACH,OAAOmB,aAAa;AACtB,CAAC;AAAC5C,OAAA,CAAA6B,oBAAA,GAAAA,oBAAA"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
|
4
|
+
value: true
|
|
5
|
+
});
|
|
6
|
+
exports.verifyX509Chain = void 0;
|
|
7
|
+
var _ioReactNativeCrypto = require("@pagopa/io-react-native-crypto");
|
|
8
|
+
var _errors = require("../trust/common/errors");
|
|
9
|
+
/**
|
|
10
|
+
* This function checks whether the x509 certificate chain is valid against a specified Certificate Authority (CA)
|
|
11
|
+
*
|
|
12
|
+
* @param x5chain The mdoc's x509 certificate chain
|
|
13
|
+
* @param x509CertRoot The Trust Anchor CA
|
|
14
|
+
* @param options Options for certificate validation
|
|
15
|
+
*/
|
|
16
|
+
const verifyX509Chain = async function (x5chain, x509CertRoot) {
|
|
17
|
+
let options = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {
|
|
18
|
+
connectTimeout: 10000,
|
|
19
|
+
readTimeout: 10000,
|
|
20
|
+
requireCrl: true
|
|
21
|
+
};
|
|
22
|
+
// Strip the trust anchor from the chain if the issuer included it,
|
|
23
|
+
// since verifyCertificateChain expects it passed separately.
|
|
24
|
+
const certChain = x5chain.length > 1 && x5chain.at(-1) === x509CertRoot ? x5chain.slice(0, -1) : x5chain;
|
|
25
|
+
const x509ValidationResult = await (0, _ioReactNativeCrypto.verifyCertificateChain)(certChain, x509CertRoot, options);
|
|
26
|
+
if (!x509ValidationResult.isValid) {
|
|
27
|
+
throw new _errors.X509ValidationError(`X.509 certificate chain validation failed. Status: ${x509ValidationResult.validationStatus}. Error: ${x509ValidationResult.errorMessage}`, {
|
|
28
|
+
x509ValidationStatus: x509ValidationResult.validationStatus,
|
|
29
|
+
x509ErrorMessage: x509ValidationResult.errorMessage
|
|
30
|
+
});
|
|
31
|
+
}
|
|
32
|
+
};
|
|
33
|
+
exports.verifyX509Chain = verifyX509Chain;
|
|
34
|
+
//# sourceMappingURL=x509.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["_ioReactNativeCrypto","require","_errors","verifyX509Chain","x5chain","x509CertRoot","options","arguments","length","undefined","connectTimeout","readTimeout","requireCrl","certChain","at","slice","x509ValidationResult","verifyCertificateChain","isValid","X509ValidationError","validationStatus","errorMessage","x509ValidationStatus","x509ErrorMessage","exports"],"sourceRoot":"../../../src","sources":["utils/x509.ts"],"mappings":";;;;;;AAAA,IAAAA,oBAAA,GAAAC,OAAA;AAKA,IAAAC,OAAA,GAAAD,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAME,eAAe,GAAG,eAAAA,CAC7BC,OAAiB,EACjBC,YAAoB,EAMjB;EAAA,IALHC,OAA+B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG;IAChCG,cAAc,EAAE,KAAK;IACrBC,WAAW,EAAE,KAAK;IAClBC,UAAU,EAAE;EACd,CAAC;EAED;EACA;EACA,MAAMC,SAAS,GACbT,OAAO,CAACI,MAAM,GAAG,CAAC,IAAIJ,OAAO,CAACU,EAAE,CAAC,CAAC,CAAC,CAAC,KAAKT,YAAY,GACjDD,OAAO,CAACW,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GACpBX,OAAO;EAEb,MAAMY,oBAAiD,GACrD,MAAM,IAAAC,2CAAsB,EAACJ,SAAS,EAAER,YAAY,EAAEC,OAAO,CAAC;EAEhE,IAAI,CAACU,oBAAoB,CAACE,OAAO,EAAE;IACjC,MAAM,IAAIC,2BAAmB,CAC1B,sDAAqDH,oBAAoB,CAACI,gBAAiB,YAAWJ,oBAAoB,CAACK,YAAa,EAAC,EAC1I;MACEC,oBAAoB,EAAEN,oBAAoB,CAACI,gBAAgB;MAC3DG,gBAAgB,EAAEP,oBAAoB,CAACK;IACzC,CACF,CAAC;EACH;AACF,CAAC;AAACG,OAAA,CAAArB,eAAA,GAAAA,eAAA"}
|
|
@@ -22,8 +22,6 @@ const DecodedWalletInstanceAttestation = z.object({
|
|
|
22
22
|
jwk: _jwk.JWK
|
|
23
23
|
}),
|
|
24
24
|
sub: z.string(),
|
|
25
|
-
wallet_provider_name: z.string().optional(),
|
|
26
|
-
wallet_solution_id: z.string().optional(),
|
|
27
25
|
/** @deprecated */
|
|
28
26
|
wallet_link: z.string().optional(),
|
|
29
27
|
/** @deprecated */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","_interopRequireWildcard","require","_zod2","_jwk","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","DecodedWalletInstanceAttestation","object","iss","string","iat","UnixTime","exp","cnf","jwk","JWK","sub","
|
|
1
|
+
{"version":3,"names":["z","_interopRequireWildcard","require","_zod2","_jwk","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","DecodedWalletInstanceAttestation","object","iss","string","iat","UnixTime","exp","cnf","jwk","JWK","sub","wallet_link","optional","wallet_name","aal","exports"],"sourceRoot":"../../../../src","sources":["wallet-instance-attestation/api/types.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,IAAA,GAAAF,OAAA;AAAsC,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEtC;AACA;AACA;AACA;;AAIO,MAAMW,gCAAgC,GAAG3B,CAAC,CAAC4B,MAAM,CAAC;EACvDC,GAAG,EAAE7B,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEC,cAAQ;EACbC,GAAG,EAAED,cAAQ;EACbE,GAAG,EAAElC,CAAC,CAAC4B,MAAM,CAAC;IAAEO,GAAG,EAAEC;EAAI,CAAC,CAAC;EAC3BC,GAAG,EAAErC,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACf;EACAQ,WAAW,EAAEtC,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACS,QAAQ,CAAC,CAAC;EAClC;EACAC,WAAW,EAAExC,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACS,QAAQ,CAAC,CAAC;EAClC;EACAE,GAAG,EAAEzC,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACS,QAAQ,CAAC;AAC3B,CAAC,CAAC;AAACG,OAAA,CAAAf,gCAAA,GAAAA,gCAAA"}
|
|
@@ -6,20 +6,7 @@ Object.defineProperty(exports, "__esModule", {
|
|
|
6
6
|
exports.mapToDecodedWalletInstanceAttestation = void 0;
|
|
7
7
|
var _mappers = require("../../utils/mappers");
|
|
8
8
|
var _types = require("../api/types");
|
|
9
|
-
const mapToDecodedWalletInstanceAttestation = (0, _mappers.createMapper)(
|
|
10
|
-
let {
|
|
11
|
-
payload
|
|
12
|
-
} = _ref;
|
|
13
|
-
const {
|
|
14
|
-
eudi_wallet_info,
|
|
15
|
-
...rest
|
|
16
|
-
} = payload;
|
|
17
|
-
return {
|
|
18
|
-
...rest,
|
|
19
|
-
wallet_provider_name: eudi_wallet_info.general_info.wallet_provider_name,
|
|
20
|
-
wallet_solution_id: eudi_wallet_info.general_info.wallet_solution_id
|
|
21
|
-
};
|
|
22
|
-
}, {
|
|
9
|
+
const mapToDecodedWalletInstanceAttestation = (0, _mappers.createMapper)(x => x.payload, {
|
|
23
10
|
outputSchema: _types.DecodedWalletInstanceAttestation
|
|
24
11
|
});
|
|
25
12
|
exports.mapToDecodedWalletInstanceAttestation = mapToDecodedWalletInstanceAttestation;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_mappers","require","_types","mapToDecodedWalletInstanceAttestation","createMapper","
|
|
1
|
+
{"version":3,"names":["_mappers","require","_types","mapToDecodedWalletInstanceAttestation","createMapper","x","payload","outputSchema","DecodedWalletInstanceAttestation","exports"],"sourceRoot":"../../../../src","sources":["wallet-instance-attestation/v1.3.3/mappers.ts"],"mappings":";;;;;;AAAA,IAAAA,QAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AAGO,MAAME,qCAAqC,GAAG,IAAAC,qBAAY,EAG9DC,CAAC,IAAKA,CAAC,CAACC,OAAO,EAAE;EAClBC,YAAY,EAAEC;AAChB,CAAC,CAAC;AAACC,OAAA,CAAAN,qCAAA,GAAAA,qCAAA"}
|
|
@@ -14,13 +14,8 @@ const WalletInstanceAttestationJwt = z.object({
|
|
|
14
14
|
})),
|
|
15
15
|
payload: z.intersection(_types.Jwt.shape.payload, z.object({
|
|
16
16
|
sub: z.string(),
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
wallet_provider_name: z.string(),
|
|
20
|
-
wallet_solution_id: z.string(),
|
|
21
|
-
wallet_solution_version: z.string()
|
|
22
|
-
})
|
|
23
|
-
})
|
|
17
|
+
wallet_link: z.string().optional(),
|
|
18
|
+
wallet_name: z.string().optional()
|
|
24
19
|
}))
|
|
25
20
|
});
|
|
26
21
|
exports.WalletInstanceAttestationJwt = WalletInstanceAttestationJwt;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","_interopRequireWildcard","require","_types","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","WalletInstanceAttestationJwt","object","header","intersection","Jwt","shape","typ","literal","payload","sub","string","
|
|
1
|
+
{"version":3,"names":["z","_interopRequireWildcard","require","_types","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","WalletInstanceAttestationJwt","object","header","intersection","Jwt","shape","typ","literal","payload","sub","string","wallet_link","optional","wallet_name","exports","WalletInstanceAttestationResponse","wallet_instance_attestation"],"sourceRoot":"../../../../src","sources":["wallet-instance-attestation/v1.3.3/types.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AAAsC,SAAAE,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAK/B,MAAMW,4BAA4B,GAAG1B,CAAC,CAAC2B,MAAM,CAAC;EACnDC,MAAM,EAAE5B,CAAC,CAAC6B,YAAY,CACpBC,UAAG,CAACC,KAAK,CAACH,MAAM,EAChB5B,CAAC,CAAC2B,MAAM,CAAC;IACPK,GAAG,EAAEhC,CAAC,CAACiC,OAAO,CAAC,8BAA8B;EAC/C,CAAC,CACH,CAAC;EACDC,OAAO,EAAElC,CAAC,CAAC6B,YAAY,CACrBC,UAAG,CAACC,KAAK,CAACG,OAAO,EACjBlC,CAAC,CAAC2B,MAAM,CAAC;IACPQ,GAAG,EAAEnC,CAAC,CAACoC,MAAM,CAAC,CAAC;IACfC,WAAW,EAAErC,CAAC,CAACoC,MAAM,CAAC,CAAC,CAACE,QAAQ,CAAC,CAAC;IAClCC,WAAW,EAAEvC,CAAC,CAACoC,MAAM,CAAC,CAAC,CAACE,QAAQ,CAAC;EACnC,CAAC,CACH;AACF,CAAC,CAAC;AAACE,OAAA,CAAAd,4BAAA,GAAAA,4BAAA;AAKI,MAAMe,iCAAiC,GAAGzC,CAAC,CAAC2B,MAAM,CAAC;EACxDe,2BAA2B,EAAE1C,CAAC,CAACoC,MAAM,CAAC;AACxC,CAAC,CAAC;AAACI,OAAA,CAAAC,iCAAA,GAAAA,iCAAA"}
|
|
@@ -26,17 +26,6 @@ const DecodedWalletUnitAttestation = z.object({
|
|
|
26
26
|
user_authentication: z.array(z.string()),
|
|
27
27
|
key_storage: z.array(z.string()),
|
|
28
28
|
status: Status,
|
|
29
|
-
eudi_wallet_info: z.object({
|
|
30
|
-
general_info: z.object({
|
|
31
|
-
wallet_provider_name: z.string(),
|
|
32
|
-
wallet_solution_id: z.string(),
|
|
33
|
-
wallet_solution_version: z.string()
|
|
34
|
-
}),
|
|
35
|
-
key_storage_info: z.object({
|
|
36
|
-
keys_exportable: z.boolean(),
|
|
37
|
-
storage_type: z.string()
|
|
38
|
-
})
|
|
39
|
-
}),
|
|
40
29
|
iss: z.string(),
|
|
41
30
|
iat: _zod2.UnixTime,
|
|
42
31
|
exp: _zod2.UnixTime
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","_interopRequireWildcard","require","_zod2","_jwk","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","Status","object","status_list","idx","number","uri","string","DecodedWalletUnitAttestation","attested_keys","array","JWK","user_authentication","key_storage","status","
|
|
1
|
+
{"version":3,"names":["z","_interopRequireWildcard","require","_zod2","_jwk","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","Status","object","status_list","idx","number","uri","string","DecodedWalletUnitAttestation","attested_keys","array","JWK","user_authentication","key_storage","status","iss","iat","UnixTime","exp","exports"],"sourceRoot":"../../../../src","sources":["wallet-unit-attestation/api/types.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,IAAA,GAAAF,OAAA;AAAsC,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEtC,MAAMW,MAAM,GAAG3B,CAAC,CAAC4B,MAAM,CAAC;EACtBC,WAAW,EAAE7B,CAAC,CAAC4B,MAAM,CAAC;IACpBE,GAAG,EAAE9B,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEhC,CAAC,CAACiC,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAIO,MAAMC,4BAA4B,GAAGlC,CAAC,CAAC4B,MAAM,CAAC;EACnDO,aAAa,EAAEnC,CAAC,CAACoC,KAAK,CAACC,QAAG,CAAC;EAC3BC,mBAAmB,EAAEtC,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACiC,MAAM,CAAC,CAAC,CAAC;EACxCM,WAAW,EAAEvC,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACiC,MAAM,CAAC,CAAC,CAAC;EAChCO,MAAM,EAAEb,MAAM;EACdc,GAAG,EAAEzC,CAAC,CAACiC,MAAM,CAAC,CAAC;EACfS,GAAG,EAAEC,cAAQ;EACbC,GAAG,EAAED;AACP,CAAC,CAAC;AAACE,OAAA,CAAAX,4BAAA,GAAAA,4BAAA"}
|
|
@@ -8,6 +8,8 @@ Credentials instead require a simpler authorization flow and they require other
|
|
|
8
8
|
|
|
9
9
|
The supported credentials are defined in the entity configuration of the issuer which is evaluted and parsed in the `evaluateIssuerTrust` step. Available credentials are identified with a unique `credential_configuration_id`, that must be used when requesting authorization. The Authorization Server returns an array of **credential identifiers** that map to the `credential_configuration_id` provided: to obtain the credential, one of the credential identifiers (or all of them) must be requested to the credential endpoint.
|
|
10
10
|
|
|
11
|
+
In the newest versions of IT-Wallet specifications it is mandatory that the cryptographic keys bound to each credential are stored in a WSCD and attested in a **Wallet Unit Attestation**, that must be sent to the Issuer when requesting a credential.
|
|
12
|
+
|
|
11
13
|
## Sequence Diagram
|
|
12
14
|
|
|
13
15
|
```mermaid
|
|
@@ -20,8 +22,9 @@ graph TD;
|
|
|
20
22
|
C4.1[completeUserAuthorizationWithFormPostJwtMode]
|
|
21
23
|
E4[completeUserAuthorizationWithQueryMode]
|
|
22
24
|
5[authorizeAccess]
|
|
23
|
-
6[
|
|
24
|
-
7[
|
|
25
|
+
6[WalletUnitAttestation.getAttestation]
|
|
26
|
+
7[obtainCredential]
|
|
27
|
+
8[verifyAndParseCredential]
|
|
25
28
|
credSel{Is credential an eID?}
|
|
26
29
|
proofSel{Requires MRTD PoP?}
|
|
27
30
|
M1[continueUserAuthorizationWithMRTDPoPChallenge]
|
|
@@ -44,6 +47,7 @@ graph TD;
|
|
|
44
47
|
E4 --> 5
|
|
45
48
|
5 --> 6
|
|
46
49
|
6 --> 7
|
|
50
|
+
7 --> 8
|
|
47
51
|
|
|
48
52
|
M1 --> M2
|
|
49
53
|
M2 --> M3
|
|
@@ -92,6 +96,10 @@ When the credential is different than an eID, the flow requires the user to pres
|
|
|
92
96
|
|
|
93
97
|
The expected result from the authentication process is in `form_post.jwt` format as defined in [JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)](https://openid.net/specs/oauth-v2-jarm.html#name-response-mode-form_postjwt).
|
|
94
98
|
|
|
99
|
+
## Batch issuance
|
|
100
|
+
|
|
101
|
+
To obtain a batch of credentials the Issuance module exposes a dedicated method—`obtainCredentialsBatch`—that returns a list of credentials of the same type with different cryptographic data. For this reason the caller must generate multiple keys and attest them in a single Wallet Unit Attestation.
|
|
102
|
+
|
|
95
103
|
## Examples
|
|
96
104
|
|
|
97
105
|
<details>
|
|
@@ -119,12 +127,28 @@ const { WALLET_PROVIDER_BASE_URL, WALLET_EAA_PROVIDER_BASE_URL, REDIRECT_URI } =
|
|
|
119
127
|
* WARNING: The integrity context must be the same used when creating the Wallet Instance with the same keytag.
|
|
120
128
|
*/
|
|
121
129
|
const walletInstanceAttestation =
|
|
122
|
-
await WalletInstanceAttestation.getAttestation(
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
130
|
+
await wallet.WalletInstanceAttestation.getAttestation(
|
|
131
|
+
{
|
|
132
|
+
walletProviderBaseUrl: WALLET_PROVIDER_BASE_URL,
|
|
133
|
+
walletSolutionId: "exampleId",
|
|
134
|
+
walletSolutionVersion: "1.2.3",
|
|
135
|
+
},
|
|
136
|
+
{
|
|
137
|
+
wiaCryptoContext,
|
|
138
|
+
integrityContext,
|
|
139
|
+
appFetch,
|
|
140
|
+
}
|
|
141
|
+
);
|
|
142
|
+
|
|
143
|
+
const credentialKeyTag = uuidv4().toString();
|
|
144
|
+
let walletUnitAttestation: string | undefined;
|
|
145
|
+
|
|
146
|
+
// Obtains a Wallet Unit Attestation if supported
|
|
147
|
+
if (wallet.WalletUnitAttestation.isSupported) {
|
|
148
|
+
walletUnitAttestation = await wallet.WalletUnitAttestation.getAttestation(); // See the Wallet Unit Attestation README for more details
|
|
149
|
+
} else {
|
|
150
|
+
await generate(credentialKeyTag); // Let's assume this function generates a new hardware-backed key pair
|
|
151
|
+
}
|
|
128
152
|
|
|
129
153
|
const pid = {
|
|
130
154
|
credential: "example",
|
|
@@ -133,9 +157,6 @@ const pid = {
|
|
|
133
157
|
credentialType: "PersonIdentificationData";
|
|
134
158
|
};
|
|
135
159
|
|
|
136
|
-
// Create credential crypto context
|
|
137
|
-
const credentialKeyTag = uuidv4().toString();
|
|
138
|
-
await generate(credentialKeyTag); // Let's assume this function generates a new hardware-backed key pair
|
|
139
160
|
const credentialCryptoContext = createCryptoContextFor(credentialKeyTag);
|
|
140
161
|
|
|
141
162
|
// Evaluate issuer trust
|
|
@@ -271,12 +292,18 @@ const { WALLET_PROVIDER_BASE_URL, WALLET_EID_PROVIDER_BASE_URL, REDIRECT_URI } =
|
|
|
271
292
|
* WARNING: The integrity context must be the same used when creating the Wallet Instance with the same keytag.
|
|
272
293
|
*/
|
|
273
294
|
const walletInstanceAttestation =
|
|
274
|
-
await WalletInstanceAttestation.getAttestation(
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
295
|
+
await wallet.WalletInstanceAttestation.getAttestation(
|
|
296
|
+
{
|
|
297
|
+
walletProviderBaseUrl: WALLET_PROVIDER_BASE_URL,
|
|
298
|
+
walletSolutionId: "exampleId",
|
|
299
|
+
walletSolutionVersion: "1.2.3",
|
|
300
|
+
},
|
|
301
|
+
{
|
|
302
|
+
wiaCryptoContext,
|
|
303
|
+
integrityContext,
|
|
304
|
+
appFetch,
|
|
305
|
+
}
|
|
306
|
+
);
|
|
280
307
|
|
|
281
308
|
const idpHit = "https://example.com"; // Let's assume this is the IDP hint
|
|
282
309
|
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { IoWalletError } from "../../../utils/errors";
|
|
1
2
|
import { LogLevel, Logger } from "../../../utils/logging";
|
|
2
3
|
/**
|
|
3
4
|
* Ensures that the credential type requested is supported by the issuer and contained in the
|
|
@@ -14,7 +15,7 @@ export const selectCredentialDefinition = (issuerConf, credentialId) => {
|
|
|
14
15
|
}));
|
|
15
16
|
if (!result) {
|
|
16
17
|
Logger.log(LogLevel.ERROR, `Requested credential ${credentialId} is not supported by the issuer according to its configuration ${JSON.stringify(credential_configurations_supported)}`);
|
|
17
|
-
throw new
|
|
18
|
+
throw new IoWalletError(`No credential support the type '${credentialId}'`);
|
|
18
19
|
}
|
|
19
20
|
return result;
|
|
20
21
|
};
|
|
@@ -33,14 +34,14 @@ export const selectResponseMode = (issuerConf, credentialIds) => {
|
|
|
33
34
|
}
|
|
34
35
|
if (responseModeSet.size !== 1) {
|
|
35
36
|
Logger.log(LogLevel.ERROR, `${credentialIds} have incompatible response_mode: ${[...responseModeSet.values()]}`);
|
|
36
|
-
throw new
|
|
37
|
+
throw new IoWalletError("Requested credentials have incompatible response_mode and cannot be requested with the same PAR request");
|
|
37
38
|
}
|
|
38
39
|
const [responseMode] = responseModeSet.values();
|
|
39
40
|
Logger.log(LogLevel.DEBUG, `Selected response mode ${responseMode} for credential IDs ${credentialIds}`);
|
|
40
41
|
const responseModeSupported = issuerConf.response_modes_supported;
|
|
41
42
|
if (responseModeSupported && !responseModeSupported.includes(responseMode)) {
|
|
42
43
|
Logger.log(LogLevel.ERROR, `Requested response mode ${responseMode} is not supported by the issuer according to its configuration ${JSON.stringify(responseModeSupported)}`);
|
|
43
|
-
throw new
|
|
44
|
+
throw new IoWalletError(`No response mode support for IDs '${credentialIds}'`);
|
|
44
45
|
}
|
|
45
46
|
return responseMode;
|
|
46
47
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["LogLevel","Logger","selectCredentialDefinition","issuerConf","credentialId","credential_configurations_supported","result","Object","keys","filter","e","includes","map","credential_configuration_id","type","log","ERROR","JSON","stringify","
|
|
1
|
+
{"version":3,"names":["IoWalletError","LogLevel","Logger","selectCredentialDefinition","issuerConf","credentialId","credential_configurations_supported","result","Object","keys","filter","e","includes","map","credential_configuration_id","type","log","ERROR","JSON","stringify","selectResponseMode","credentialIds","responseModeSet","Set","add","match","size","values","responseMode","DEBUG","responseModeSupported","response_modes_supported"],"sourceRoot":"../../../../../src","sources":["credential/issuance/common/02-start-user-authorization.ts"],"mappings":"AAAA,SAASA,aAAa,QAAQ,uBAAuB;AACrD,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AAMzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,0BAA0B,GAAGA,CACxCC,UAAwB,EACxBC,YAAoB,KACI;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACE,mCAAmC;EAEhD,MAAM,CAACC,MAAM,CAAC,GAAGC,MAAM,CAACC,IAAI,CAACH,mCAAmC,CAAC,CAC9DI,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACP,YAAY,CAAC,CAAC,CACvCQ,GAAG,CAAC,OAAO;IACVC,2BAA2B,EAAET,YAAY;IACzCU,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACR,MAAM,EAAE;IACXL,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,wBAAuBZ,YAAa,kEAAiEa,IAAI,CAACC,SAAS,CAACb,mCAAmC,CAAE,EAC5J,CAAC;IACD,MAAM,IAAIN,aAAa,CAAE,mCAAkCK,YAAa,GAAE,CAAC;EAC7E;EACA,OAAOE,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMa,kBAAkB,GAAGA,CAChChB,UAAwB,EACxBiB,aAAuB,KACN;EACjB,MAAMC,eAAe,GAAG,IAAIC,GAAG,CAAe,CAAC;EAE/C,KAAK,MAAMlB,YAAY,IAAIgB,aAAa,EAAE;IACxCC,eAAe,CAACE,GAAG,CACjBnB,YAAY,CAACoB,KAAK,CAAC,2BAA2B,CAAC,GAC3C,OAAO,GACP,eACN,CAAC;EACH;EAEA,IAAIH,eAAe,CAACI,IAAI,KAAK,CAAC,EAAE;IAC9BxB,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,GAAEI,aAAc,qCAAoC,CAAC,GAAGC,eAAe,CAACK,MAAM,CAAC,CAAC,CAAE,EACrF,CAAC;IACD,MAAM,IAAI3B,aAAa,CACrB,yGACF,CAAC;EACH;EAEA,MAAM,CAAC4B,YAAY,CAAC,GAAGN,eAAe,CAACK,MAAM,CAAC,CAAC;EAE/CzB,MAAM,CAACc,GAAG,CACRf,QAAQ,CAAC4B,KAAK,EACb,0BAAyBD,YAAa,uBAAsBP,aAAc,EAC7E,CAAC;EAED,MAAMS,qBAAqB,GAAG1B,UAAU,CAAC2B,wBAAwB;EACjE,IAAID,qBAAqB,IAAI,CAACA,qBAAqB,CAAClB,QAAQ,CAACgB,YAAa,CAAC,EAAE;IAC3E1B,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,2BAA0BW,YAAa,kEAAiEV,IAAI,CAACC,SAAS,CAACW,qBAAqB,CAAE,EACjJ,CAAC;IACD,MAAM,IAAI9B,aAAa,CACpB,qCAAoCqB,aAAc,GACrD,CAAC;EACH;EAEA,OAAOO,YAAY;AACrB,CAAC"}
|
|
@@ -1,11 +1,13 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { verify as verifyJwt } from "@pagopa/io-react-native-jwt";
|
|
2
2
|
import { SDJwtInstance } from "@sd-jwt/core";
|
|
3
|
-
import { digest
|
|
3
|
+
import { digest } from "@sd-jwt/crypto-nodejs";
|
|
4
4
|
import { isPathEqual, isPrefixOf } from "../../../utils/parser";
|
|
5
5
|
import { IoWalletError } from "../../../utils/errors";
|
|
6
6
|
import { LogLevel, Logger } from "../../../utils/logging";
|
|
7
7
|
import { isSameThumbprint } from "../../../utils/jwk";
|
|
8
8
|
import { fixLegacyCredentialSdJwt } from "../../../utils/credentials";
|
|
9
|
+
import { verifyX509Chain } from "../../../utils/x509";
|
|
10
|
+
import { MissingX509CertsError } from "../../../trust/common/errors";
|
|
9
11
|
/**
|
|
10
12
|
* Parse a Sd-Jwt credential according to the issuer configuration
|
|
11
13
|
* @param credentialConfig - the list of supported credentials, as defined in the issuer configuration with their claims metadata
|
|
@@ -112,6 +114,23 @@ const parseCredentialSdJwt = function (credentialConfig, parsedCredentialRaw) {
|
|
|
112
114
|
return processLevel(parsedCredentialRaw, []);
|
|
113
115
|
};
|
|
114
116
|
|
|
117
|
+
/**
|
|
118
|
+
* JWT verifier implementing the interface expected by the SD-JWT library.
|
|
119
|
+
* Verification is delegated to `io-react-native-jwt` to leverage its support for multiple algorithms.
|
|
120
|
+
* @returns Boolean indicating whether the verification succeeded or not
|
|
121
|
+
*/
|
|
122
|
+
const sdJwtInstanceVerifier = async (data, signature, options) => {
|
|
123
|
+
if (!(options !== null && options !== void 0 && options.issuerKeys)) {
|
|
124
|
+
return false;
|
|
125
|
+
}
|
|
126
|
+
try {
|
|
127
|
+
await verifyJwt(`${data}.${signature}`, options.issuerKeys);
|
|
128
|
+
return true;
|
|
129
|
+
} catch {
|
|
130
|
+
return false;
|
|
131
|
+
}
|
|
132
|
+
};
|
|
133
|
+
|
|
115
134
|
/**
|
|
116
135
|
* Given a credential, verify it's in the supported format
|
|
117
136
|
* and the credential is correctly signed
|
|
@@ -128,15 +147,13 @@ const parseCredentialSdJwt = function (credentialConfig, parsedCredentialRaw) {
|
|
|
128
147
|
*
|
|
129
148
|
*/
|
|
130
149
|
async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingContext) {
|
|
131
|
-
const {
|
|
132
|
-
protectedHeader
|
|
133
|
-
} = decode(rawCredential);
|
|
134
|
-
const verifierJwk = getJwkFromHeader(protectedHeader, issuerKeys);
|
|
135
150
|
const sdJwtInstance = new SDJwtInstance({
|
|
136
151
|
hasher: digest,
|
|
137
|
-
verifier:
|
|
152
|
+
verifier: sdJwtInstanceVerifier
|
|
138
153
|
});
|
|
139
|
-
const [verifiedCredential, holderBindingKey] = await Promise.all([sdJwtInstance.verify(rawCredential
|
|
154
|
+
const [verifiedCredential, holderBindingKey] = await Promise.all([sdJwtInstance.verify(rawCredential, {
|
|
155
|
+
issuerKeys
|
|
156
|
+
}), holderBindingContext.getPublicKey()]);
|
|
140
157
|
const {
|
|
141
158
|
cnf
|
|
142
159
|
} = verifiedCredential.payload;
|
|
@@ -147,14 +164,26 @@ async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingCon
|
|
|
147
164
|
}
|
|
148
165
|
return await sdJwtInstance.decode(fixLegacyCredentialSdJwt(rawCredential));
|
|
149
166
|
}
|
|
150
|
-
export const verifyAndParseCredentialSdJwt = async (issuerConf, credential, credentialConfigurationId, _ref) => {
|
|
167
|
+
export const verifyAndParseCredentialSdJwt = async (issuerConf, credential, credentialConfigurationId, _ref, x509CertRoot) => {
|
|
151
168
|
let {
|
|
152
169
|
credentialCryptoContext,
|
|
153
170
|
ignoreMissingAttributes,
|
|
154
|
-
includeUndefinedAttributes
|
|
171
|
+
includeUndefinedAttributes,
|
|
172
|
+
validateCertificateChain
|
|
155
173
|
} = _ref;
|
|
156
174
|
const decoded = await verifyCredentialSdJwt(credential, issuerConf.keys, credentialCryptoContext);
|
|
157
175
|
Logger.log(LogLevel.DEBUG, `Decoded credential: ${JSON.stringify(decoded)}`);
|
|
176
|
+
if (validateCertificateChain) {
|
|
177
|
+
var _decoded$jwt;
|
|
178
|
+
if (!x509CertRoot) {
|
|
179
|
+
throw new IoWalletError("Missing x509CertRoot");
|
|
180
|
+
}
|
|
181
|
+
const x5c = (_decoded$jwt = decoded.jwt) === null || _decoded$jwt === void 0 || (_decoded$jwt = _decoded$jwt.header) === null || _decoded$jwt === void 0 ? void 0 : _decoded$jwt.x5c;
|
|
182
|
+
if (!x5c || !Array.isArray(x5c) || x5c.length === 0) {
|
|
183
|
+
throw new MissingX509CertsError("Missing x509 certificates");
|
|
184
|
+
}
|
|
185
|
+
await verifyX509Chain(x5c, x509CertRoot);
|
|
186
|
+
}
|
|
158
187
|
const credentialConfig = issuerConf.credential_configurations_supported[credentialConfigurationId];
|
|
159
188
|
if (!credentialConfig) {
|
|
160
189
|
Logger.log(LogLevel.ERROR, `Credential type not supported by the issuer: ${credentialConfigurationId}`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["verify","verifyJwt","SDJwtInstance","digest","isPathEqual","isPrefixOf","IoWalletError","LogLevel","Logger","isSameThumbprint","fixLegacyCredentialSdJwt","verifyX509Chain","MissingX509CertsError","parseCredentialSdJwt","credentialConfig","parsedCredentialRaw","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","claimsMetadata","claims","missingPaths","rootKeysToVerify","Set","map","c","path","filter","p","rootKey","push","missing","join","received","Object","keys","getDisplayNames","match","find","nameMap","entry","display","locale","name","processLevel","currentData","currentPath","Array","isArray","item","dataObj","result","processedKeys","configKeysAtThisLevel","claim","nextPart","includes","key","stringKey","toString","dataValue","newPath","localizedNames","value","add","entries","has","sdJwtInstanceVerifier","data","signature","options","issuerKeys","verifyCredentialSdJwt","rawCredential","holderBindingContext","sdJwtInstance","hasher","verifier","verifiedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","payload","jwk","message","kid","log","ERROR","decode","verifyAndParseCredentialSdJwt","issuerConf","credential","credentialConfigurationId","_ref","x509CertRoot","credentialCryptoContext","validateCertificateChain","decoded","DEBUG","JSON","stringify","_decoded$jwt","x5c","jwt","header","credential_configurations_supported","getClaims","parsedCredential","issuedAt","iat","Date","exp","expiration"],"sourceRoot":"../../../../../src","sources":["credential/issuance/common/06-verify-and-parse-credential.sdjwt.ts"],"mappings":"AAAA,SAEEA,MAAM,IAAIC,SAAS,QACd,6BAA6B;AACpC,SAAqBC,aAAa,QAAQ,cAAc;AACxD,SAASC,MAAM,QAAQ,uBAAuB;AAE9C,SAASC,WAAW,EAAEC,UAAU,QAAQ,uBAAuB;AAC/D,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AACzD,SAASC,gBAAgB,QAAkB,oBAAoB;AAE/D,SAASC,wBAAwB,QAAQ,4BAA4B;AACrE,SAASC,eAAe,QAAQ,qBAAqB;AACrD,SAASC,qBAAqB,QAAQ,8BAA8B;AAMpE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,oBAAoB,GAAG,SAAAA,CAC3BC,gBAAgC,EAChCC,mBAA4C,EAGvB;EAAA,IAFrBC,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,MAAMI,cAAc,GAAGP,gBAAgB,CAACQ,MAAM,IAAI,EAAE;;EAEpD;EACA,IAAI,CAACN,uBAAuB,EAAE;IAC5B,MAAMO,YAAsB,GAAG,EAAE;IACjC,MAAMC,gBAAgB,GAAG,IAAIC,GAAG,CAC9BJ,cAAc,CACXK,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAACC,IAAI,CAAC,CAAC,CAAC,CAAC,CACrBC,MAAM,CAAEC,CAAC,IAAkB,OAAOA,CAAC,KAAK,QAAQ,CACrD,CAAC;IAED,KAAK,MAAMC,OAAO,IAAIP,gBAAgB,EAAE;MACtC,IAAI,EAAEO,OAAO,IAAIhB,mBAAmB,CAAC,EAAE;QACrCQ,YAAY,CAACS,IAAI,CAACD,OAAO,CAAC;MAC5B;IACF;IAEA,IAAIR,YAAY,CAACL,MAAM,GAAG,CAAC,EAAE;MAC3B,MAAMe,OAAO,GAAGV,YAAY,CAACW,IAAI,CAAC,IAAI,CAAC;MACvC,MAAMC,QAAQ,GAAGC,MAAM,CAACC,IAAI,CAACtB,mBAAmB,CAAC,CAACmB,IAAI,CAAC,IAAI,CAAC;MAC5D,MAAM,IAAI5B,aAAa,CACpB,4DAA2D2B,OAAQ,iBAAgBE,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;AACF;AACA;EACE,MAAMG,eAAe,GACnBV,IAAgC,IACO;IACvC,MAAMW,KAAK,GAAGlB,cAAc,CAACmB,IAAI,CAAEb,CAAC,IAAKvB,WAAW,CAACuB,CAAC,CAACC,IAAI,EAAEA,IAAI,CAAC,CAAC;IACnE,IAAI,CAACW,KAAK,EAAE,OAAOpB,SAAS;IAE5B,MAAMsB,OAA+B,GAAG,CAAC,CAAC;IAC1C,KAAK,MAAMC,KAAK,IAAIH,KAAK,CAACI,OAAO,EAAE;MACjCF,OAAO,CAACC,KAAK,CAACE,MAAM,CAAC,GAAGF,KAAK,CAACG,IAAI;IACpC;IACA,OAAOJ,OAAO;EAChB,CAAC;;EAED;AACF;AACA;EACE,MAAMK,YAAY,GAAGA,CACnBC,WAAoB,EACpBC,WAAuC,KAC3B;IACZ;IACA,IAAIC,KAAK,CAACC,OAAO,CAACH,WAAW,CAAC,EAAE;MAC9B,OAAOA,WAAW,CAACrB,GAAG,CAAEyB,IAAI,IAC1BL,YAAY,CAACK,IAAI,EAAE,CAAC,GAAGH,WAAW,EAAE,IAAI,CAAC,CAC3C,CAAC;IACH;;IAEA;IACA,IAAI,OAAOD,WAAW,KAAK,QAAQ,IAAIA,WAAW,KAAK,IAAI,EAAE;MAC3D,OAAOA,WAAW;IACpB;IAEA,MAAMK,OAAO,GAAGL,WAAsC;IACtD,MAAMM,MAAwB,GAAG,CAAC,CAAC;IACnC,MAAMC,aAAa,GAAG,IAAI7B,GAAG,CAAkB,CAAC;;IAEhD;IACA,MAAM8B,qBAA0C,GAAG,EAAE;IACrD,KAAK,MAAMC,KAAK,IAAInC,cAAc,EAAE;MAClC;MACA,IAAIhB,UAAU,CAAC2C,WAAW,EAAEQ,KAAK,CAAC5B,IAAI,CAAC,EAAE;QACvC,MAAM6B,QAAQ,GAAGD,KAAK,CAAC5B,IAAI,CAACoB,WAAW,CAAC9B,MAAM,CAAC;QAC/C,IACE,CAAC,OAAOuC,QAAQ,KAAK,QAAQ,IAAI,OAAOA,QAAQ,KAAK,QAAQ,KAC7D,CAACF,qBAAqB,CAACG,QAAQ,CAACD,QAAQ,CAAC,EACzC;UACAF,qBAAqB,CAACvB,IAAI,CAACyB,QAAQ,CAAC;QACtC;MACF;IACF;;IAEA;IACA,KAAK,MAAME,GAAG,IAAIJ,qBAAqB,EAAE;MACvC,MAAMK,SAAS,GAAGD,GAAG,CAACE,QAAQ,CAAC,CAAC;MAChC,MAAMC,SAAS,GAAGV,OAAO,CAACQ,SAAS,CAAC;MACpC,IAAIE,SAAS,KAAK3C,SAAS,EAAE;MAE7B,MAAM4C,OAAO,GAAG,CAAC,GAAGf,WAAW,EAAEW,GAAG,CAAC;MAErC,IAAIK,cAAc,GAAG1B,eAAe,CAACyB,OAAO,CAAC;;MAE7C;MACA,IAAI,CAACC,cAAc,IAAIf,KAAK,CAACC,OAAO,CAACY,SAAS,CAAC,EAAE;QAC/CE,cAAc,GAAG1B,eAAe,CAAC,CAAC,GAAGyB,OAAO,EAAE,IAAI,CAAC,CAAC;MACtD;MAEAV,MAAM,CAACO,SAAS,CAAC,GAAG;QAClBf,IAAI,EAAEmB,cAAc,IAAIJ,SAAS;QACjCK,KAAK,EAAEnB,YAAY,CAACgB,SAAS,EAAEC,OAAO;MACxC,CAAC;MAEDT,aAAa,CAACY,GAAG,CAACP,GAAG,CAAC;IACxB;;IAEA;IACA,IAAIvC,0BAA0B,EAAE;MAC9B,KAAK,MAAM,CAACuC,GAAG,EAAEM,KAAK,CAAC,IAAI7B,MAAM,CAAC+B,OAAO,CAACf,OAAO,CAAC,EAAE;QAClD,IAAI,CAACE,aAAa,CAACc,GAAG,CAACT,GAAG,CAAC,EAAE;UAC3BN,MAAM,CAACM,GAAG,CAAC,GAAG;YACZd,IAAI,EAAEc,GAAG;YACTM,KAAK,EAAEA;UACT,CAAC;QACH;MACF;IACF;IAEA,OAAOZ,MAAM;EACf,CAAC;EAED,OAAOP,YAAY,CAAC/B,mBAAmB,EAAE,EAAE,CAAC;AAC9C,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA,MAAMsD,qBAAsD,GAAG,MAAAA,CAC7DC,IAAI,EACJC,SAAS,EACTC,OAAO,KACJ;EACH,IAAI,EAACA,OAAO,aAAPA,OAAO,eAAPA,OAAO,CAAEC,UAAU,GAAE;IACxB,OAAO,KAAK;EACd;EACA,IAAI;IACF,MAAMxE,SAAS,CAAE,GAAEqE,IAAK,IAAGC,SAAU,EAAC,EAAEC,OAAO,CAACC,UAAU,CAAC;IAC3D,OAAO,IAAI;EACb,CAAC,CAAC,MAAM;IACN,OAAO,KAAK;EACd;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeC,qBAAqBA,CAClCC,aAAqB,EACrBF,UAAiB,EACjBG,oBAAmC,EACnB;EAChB,MAAMC,aAAa,GAAG,IAAI3E,aAAa,CAAC;IACtC4E,MAAM,EAAE3E,MAAM;IACd4E,QAAQ,EAAEV;EACZ,CAAC,CAAC;EAEF,MAAM,CAACW,kBAAkB,EAAEC,gBAAgB,CAAC,GAAG,MAAMC,OAAO,CAACC,GAAG,CAAC,CAC/DN,aAAa,CAAC7E,MAAM,CAAC2E,aAAa,EAAE;IAAEF;EAAW,CAAC,CAAC,EACnDG,oBAAoB,CAACQ,YAAY,CAAC,CAAC,CACpC,CAAC;EAEF,MAAM;IAAEC;EAAI,CAAC,GAAGL,kBAAkB,CAACM,OAAkC;EACrE,IAAI,EAAE,MAAM7E,gBAAgB,CAAC4E,GAAG,CAACE,GAAG,EAAEN,gBAAuB,CAAC,CAAC,EAAE;IAC/D,MAAMO,OAAO,GAAI,kDAAiDP,gBAAgB,CAACQ,GAAI,UAASJ,GAAG,CAACE,GAAG,CAACE,GAAI,EAAC;IAC7GjF,MAAM,CAACkF,GAAG,CAACnF,QAAQ,CAACoF,KAAK,EAAEH,OAAO,CAAC;IACnC,MAAM,IAAIlF,aAAa,CAACkF,OAAO,CAAC;EAClC;EAEA,OAAO,MAAMX,aAAa,CAACe,MAAM,CAAClF,wBAAwB,CAACiE,aAAa,CAAC,CAAC;AAC5E;AAEA,OAAO,MAAMkB,6BAAsE,GACjF,MAAAA,CACEC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EAAAC,IAAA,EAOzBC,YAAY,KACT;EAAA,IAPH;IACEC,uBAAuB;IACvBnF,uBAAuB;IACvBI,0BAA0B;IAC1BgF;EACF,CAAC,GAAAH,IAAA;EAGD,MAAMI,OAAO,GAAG,MAAM3B,qBAAqB,CACzCqB,UAAU,EACVD,UAAU,CAACzD,IAAI,EACf8D,uBACF,CAAC;EAED3F,MAAM,CAACkF,GAAG,CACRnF,QAAQ,CAAC+F,KAAK,EACb,uBAAsBC,IAAI,CAACC,SAAS,CAACH,OAAO,CAAE,EACjD,CAAC;EAED,IAAID,wBAAwB,EAAE;IAAA,IAAAK,YAAA;IAC5B,IAAI,CAACP,YAAY,EAAE;MACjB,MAAM,IAAI5F,aAAa,CAAC,sBAAsB,CAAC;IACjD;IACA,MAAMoG,GAAG,IAAAD,YAAA,GAAGJ,OAAO,CAACM,GAAG,cAAAF,YAAA,gBAAAA,YAAA,GAAXA,YAAA,CAAaG,MAAM,cAAAH,YAAA,uBAAnBA,YAAA,CAAqBC,GAA2B;IAC5D,IAAI,CAACA,GAAG,IAAI,CAACzD,KAAK,CAACC,OAAO,CAACwD,GAAG,CAAC,IAAIA,GAAG,CAACxF,MAAM,KAAK,CAAC,EAAE;MACnD,MAAM,IAAIN,qBAAqB,CAAC,2BAA2B,CAAC;IAC9D;IACA,MAAMD,eAAe,CAAC+F,GAAG,EAAER,YAAY,CAAC;EAC1C;EAEA,MAAMpF,gBAAgB,GACpBgF,UAAU,CAACe,mCAAmC,CAACb,yBAAyB,CAAC;EAE3E,IAAI,CAAClF,gBAAgB,EAAE;IACrBN,MAAM,CAACkF,GAAG,CACRnF,QAAQ,CAACoF,KAAK,EACb,gDAA+CK,yBAA0B,EAC5E,CAAC;IACD,MAAM,IAAI1F,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,MAAMS,mBAAmB,GAAI,MAAMsF,OAAO,CAACS,SAAS,CAAC3G,MAAM,CAG1D;EAED,MAAM4G,gBAAgB,GAAGlG,oBAAoB,CAC3CC,gBAAgB,EAChBC,mBAAmB,EACnBC,uBAAuB,EACvBI,0BACF,CAAC;EAED,MAAM4F,QAAQ,GACZ,OAAOjG,mBAAmB,CAACkG,GAAG,KAAK,QAAQ,GACvC,IAAIC,IAAI,CAACnG,mBAAmB,CAACkG,GAAG,GAAG,IAAI,CAAC,GACxC9F,SAAS;EAEf,IAAI,OAAOJ,mBAAmB,CAACoG,GAAG,KAAK,QAAQ,EAAE;IAC/C,MAAM,IAAI7G,aAAa,CAAC,2CAA2C,CAAC;EACtE;EACA,MAAM8G,UAAU,GAAG,IAAIF,IAAI,CAACnG,mBAAmB,CAACoG,GAAG,GAAG,IAAI,CAAC;EAE3D3G,MAAM,CAACkF,GAAG,CACRnF,QAAQ,CAAC+F,KAAK,EACb,sBAAqBC,IAAI,CAACC,SAAS,CAACO,gBAAgB,CAAE,gBAAeC,QAAS,EACjF,CAAC;EAED,OAAO;IACLD,gBAAgB;IAChBK,UAAU;IACVJ;EACF,CAAC;AACH,CAAC"}
|