@pagopa/io-react-native-wallet 3.2.0 → 3.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/credential/issuance/common/02-start-user-authorization.js +4 -3
- package/lib/commonjs/credential/issuance/common/02-start-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/common/06-verify-and-parse-credential.sdjwt.js +37 -8
- package/lib/commonjs/credential/issuance/common/06-verify-and-parse-credential.sdjwt.js.map +1 -1
- package/lib/commonjs/credential/issuance/mrtd-pop/02-init-challenge.js +46 -38
- package/lib/commonjs/credential/issuance/mrtd-pop/02-init-challenge.js.map +1 -1
- package/lib/commonjs/credential/issuance/mrtd-pop/03-validate-challenge.js +58 -51
- package/lib/commonjs/credential/issuance/mrtd-pop/03-validate-challenge.js.map +1 -1
- package/lib/commonjs/credential/issuance/mrtd-pop/index.js +21 -5
- package/lib/commonjs/credential/issuance/mrtd-pop/index.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.0.0/02-start-user-authorization.js +3 -3
- package/lib/commonjs/credential/issuance/v1.0.0/02-start-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.0.0/index.js +1 -1
- package/lib/commonjs/credential/issuance/v1.0.0/index.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.0.0/mappers.js +1 -1
- package/lib/commonjs/credential/issuance/v1.0.0/mappers.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js +0 -2
- package/lib/commonjs/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/02-start-user-authorization.js +20 -16
- package/lib/commonjs/credential/issuance/v1.3.3/02-start-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/04-authorize-access.js +20 -19
- package/lib/commonjs/credential/issuance/v1.3.3/04-authorize-access.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/05-obtain-credential.js +4 -6
- package/lib/commonjs/credential/issuance/v1.3.3/05-obtain-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/06-verify-and-parse-credential.js +4 -1
- package/lib/commonjs/credential/issuance/v1.3.3/06-verify-and-parse-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/index.js +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/index.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/mappers.js +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/mappers.js.map +1 -1
- package/lib/commonjs/credential/presentation/{v1.3.3/utils.mdoc.js → common/utils/mdoc.js} +2 -2
- package/lib/commonjs/credential/presentation/common/utils/mdoc.js.map +1 -0
- package/lib/commonjs/credential/presentation/v1.3.3/06-evaluate-dcql-query.js +2 -2
- package/lib/commonjs/credential/presentation/v1.3.3/06-evaluate-dcql-query.js.map +1 -1
- package/lib/commonjs/credential/status/README.md +3 -2
- package/lib/commonjs/credential/status/v1.3.3/01-status-list.js +27 -5
- package/lib/commonjs/credential/status/v1.3.3/01-status-list.js.map +1 -1
- package/lib/commonjs/credential/status/v1.3.3/02-verify-and-parse-status-list.js +17 -6
- package/lib/commonjs/credential/status/v1.3.3/02-verify-and-parse-status-list.js.map +1 -1
- package/lib/commonjs/mdoc/index.js +3 -24
- package/lib/commonjs/mdoc/index.js.map +1 -1
- package/lib/commonjs/sd-jwt/__test__/types.test.js +2 -14
- package/lib/commonjs/sd-jwt/__test__/types.test.js.map +1 -1
- package/lib/commonjs/sd-jwt/__test__/utils.test.js +0 -12
- package/lib/commonjs/sd-jwt/__test__/utils.test.js.map +1 -1
- package/lib/commonjs/sd-jwt/types.js +1 -14
- package/lib/commonjs/sd-jwt/types.js.map +1 -1
- package/lib/commonjs/utils/callbacks.js +20 -1
- package/lib/commonjs/utils/callbacks.js.map +1 -1
- package/lib/commonjs/utils/x509.js +34 -0
- package/lib/commonjs/utils/x509.js.map +1 -0
- package/lib/commonjs/wallet-instance-attestation/api/types.js +0 -2
- package/lib/commonjs/wallet-instance-attestation/api/types.js.map +1 -1
- package/lib/commonjs/wallet-instance-attestation/v1.3.3/mappers.js +1 -14
- package/lib/commonjs/wallet-instance-attestation/v1.3.3/mappers.js.map +1 -1
- package/lib/commonjs/wallet-instance-attestation/v1.3.3/types.js +2 -7
- package/lib/commonjs/wallet-instance-attestation/v1.3.3/types.js.map +1 -1
- package/lib/commonjs/wallet-unit-attestation/api/types.js +0 -11
- package/lib/commonjs/wallet-unit-attestation/api/types.js.map +1 -1
- package/lib/module/credential/issuance/common/02-start-user-authorization.js +4 -3
- package/lib/module/credential/issuance/common/02-start-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/common/06-verify-and-parse-credential.sdjwt.js +39 -10
- package/lib/module/credential/issuance/common/06-verify-and-parse-credential.sdjwt.js.map +1 -1
- package/lib/module/credential/issuance/mrtd-pop/02-init-challenge.js +47 -34
- package/lib/module/credential/issuance/mrtd-pop/02-init-challenge.js.map +1 -1
- package/lib/module/credential/issuance/mrtd-pop/03-validate-challenge.js +58 -47
- package/lib/module/credential/issuance/mrtd-pop/03-validate-challenge.js.map +1 -1
- package/lib/module/credential/issuance/mrtd-pop/index.js +20 -5
- package/lib/module/credential/issuance/mrtd-pop/index.js.map +1 -1
- package/lib/module/credential/issuance/v1.0.0/02-start-user-authorization.js +1 -1
- package/lib/module/credential/issuance/v1.0.0/02-start-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/v1.0.0/index.js +2 -2
- package/lib/module/credential/issuance/v1.0.0/index.js.map +1 -1
- package/lib/module/credential/issuance/v1.0.0/mappers.js +1 -1
- package/lib/module/credential/issuance/v1.0.0/mappers.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js +0 -2
- package/lib/module/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/02-start-user-authorization.js +20 -16
- package/lib/module/credential/issuance/v1.3.3/02-start-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/04-authorize-access.js +22 -19
- package/lib/module/credential/issuance/v1.3.3/04-authorize-access.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/05-obtain-credential.js +5 -7
- package/lib/module/credential/issuance/v1.3.3/05-obtain-credential.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/06-verify-and-parse-credential.js +4 -1
- package/lib/module/credential/issuance/v1.3.3/06-verify-and-parse-credential.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/index.js +2 -2
- package/lib/module/credential/issuance/v1.3.3/index.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/mappers.js +1 -1
- package/lib/module/credential/issuance/v1.3.3/mappers.js.map +1 -1
- package/lib/module/credential/presentation/{v1.3.3/utils.mdoc.js → common/utils/mdoc.js} +2 -2
- package/lib/module/credential/presentation/common/utils/mdoc.js.map +1 -0
- package/lib/module/credential/presentation/v1.3.3/06-evaluate-dcql-query.js +2 -3
- package/lib/module/credential/presentation/v1.3.3/06-evaluate-dcql-query.js.map +1 -1
- package/lib/module/credential/status/README.md +3 -2
- package/lib/module/credential/status/v1.3.3/01-status-list.js +27 -5
- package/lib/module/credential/status/v1.3.3/01-status-list.js.map +1 -1
- package/lib/module/credential/status/v1.3.3/02-verify-and-parse-status-list.js +17 -6
- package/lib/module/credential/status/v1.3.3/02-verify-and-parse-status-list.js.map +1 -1
- package/lib/module/mdoc/index.js +3 -24
- package/lib/module/mdoc/index.js.map +1 -1
- package/lib/module/sd-jwt/__test__/types.test.js +2 -14
- package/lib/module/sd-jwt/__test__/types.test.js.map +1 -1
- package/lib/module/sd-jwt/__test__/utils.test.js +0 -12
- package/lib/module/sd-jwt/__test__/utils.test.js.map +1 -1
- package/lib/module/sd-jwt/types.js +1 -14
- package/lib/module/sd-jwt/types.js.map +1 -1
- package/lib/module/utils/callbacks.js +19 -1
- package/lib/module/utils/callbacks.js.map +1 -1
- package/lib/module/utils/x509.js +28 -0
- package/lib/module/utils/x509.js.map +1 -0
- package/lib/module/wallet-instance-attestation/api/types.js +0 -2
- package/lib/module/wallet-instance-attestation/api/types.js.map +1 -1
- package/lib/module/wallet-instance-attestation/v1.3.3/mappers.js +1 -14
- package/lib/module/wallet-instance-attestation/v1.3.3/mappers.js.map +1 -1
- package/lib/module/wallet-instance-attestation/v1.3.3/types.js +2 -7
- package/lib/module/wallet-instance-attestation/v1.3.3/types.js.map +1 -1
- package/lib/module/wallet-unit-attestation/api/types.js +0 -11
- package/lib/module/wallet-unit-attestation/api/types.js.map +1 -1
- package/lib/typescript/credential/issuance/api/06-verify-and-parse-credential.d.ts +4 -0
- package/lib/typescript/credential/issuance/api/06-verify-and-parse-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/common/02-start-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/common/06-verify-and-parse-credential.sdjwt.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/mrtd-pop/02-init-challenge.d.ts +12 -1
- package/lib/typescript/credential/issuance/mrtd-pop/02-init-challenge.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/mrtd-pop/03-validate-challenge.d.ts +12 -1
- package/lib/typescript/credential/issuance/mrtd-pop/03-validate-challenge.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/mrtd-pop/index.d.ts +2 -1
- package/lib/typescript/credential/issuance/mrtd-pop/index.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.0.0/mappers.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/01-evaluate-issuer-trust.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/02-start-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/04-authorize-access.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/05-obtain-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/06-verify-and-parse-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/mappers.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/{v1.3.3/utils.mdoc.d.ts → common/utils/mdoc.d.ts} +2 -2
- package/lib/typescript/credential/presentation/common/utils/mdoc.d.ts.map +1 -0
- package/lib/typescript/credential/presentation/v1.3.3/06-evaluate-dcql-query.d.ts.map +1 -1
- package/lib/typescript/credential/status/api/status-list.d.ts +8 -4
- package/lib/typescript/credential/status/api/status-list.d.ts.map +1 -1
- package/lib/typescript/credential/status/v1.3.3/01-status-list.d.ts.map +1 -1
- package/lib/typescript/credential/status/v1.3.3/02-verify-and-parse-status-list.d.ts.map +1 -1
- package/lib/typescript/mdoc/index.d.ts +1 -1
- package/lib/typescript/mdoc/index.d.ts.map +1 -1
- package/lib/typescript/mdoc/utils.d.ts +0 -24
- package/lib/typescript/mdoc/utils.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/types.d.ts +0 -12
- package/lib/typescript/sd-jwt/types.d.ts.map +1 -1
- package/lib/typescript/utils/callbacks.d.ts +7 -0
- package/lib/typescript/utils/callbacks.d.ts.map +1 -1
- package/lib/typescript/utils/x509.d.ts +10 -0
- package/lib/typescript/utils/x509.d.ts.map +1 -0
- package/lib/typescript/wallet-instance-attestation/api/types.d.ts +0 -2
- package/lib/typescript/wallet-instance-attestation/api/types.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/v1.0.0/mappers.d.ts +0 -2
- package/lib/typescript/wallet-instance-attestation/v1.0.0/mappers.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/v1.3.3/mappers.d.ts +2 -9
- package/lib/typescript/wallet-instance-attestation/v1.3.3/mappers.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/v1.3.3/types.d.ts +2 -7
- package/lib/typescript/wallet-instance-attestation/v1.3.3/types.d.ts.map +1 -1
- package/lib/typescript/wallet-unit-attestation/api/types.d.ts +0 -11
- package/lib/typescript/wallet-unit-attestation/api/types.d.ts.map +1 -1
- package/lib/typescript/wallet-unit-attestation/v1.3.3/mappers.d.ts +0 -22
- package/lib/typescript/wallet-unit-attestation/v1.3.3/mappers.d.ts.map +1 -1
- package/lib/typescript/wallet-unit-attestation/v1.3.3/types.d.ts +0 -11
- package/lib/typescript/wallet-unit-attestation/v1.3.3/types.d.ts.map +1 -1
- package/package.json +6 -6
- package/src/credential/issuance/api/06-verify-and-parse-credential.ts +4 -0
- package/src/credential/issuance/common/02-start-user-authorization.ts +6 -3
- package/src/credential/issuance/common/06-verify-and-parse-credential.sdjwt.ts +42 -9
- package/src/credential/issuance/mrtd-pop/02-init-challenge.ts +69 -45
- package/src/credential/issuance/mrtd-pop/03-validate-challenge.ts +84 -62
- package/src/credential/issuance/mrtd-pop/index.ts +13 -5
- package/src/credential/issuance/v1.0.0/02-start-user-authorization.ts +1 -1
- package/src/credential/issuance/v1.0.0/index.ts +2 -2
- package/src/credential/issuance/v1.0.0/mappers.ts +4 -1
- package/src/credential/issuance/v1.3.3/01-evaluate-issuer-trust.ts +0 -2
- package/src/credential/issuance/v1.3.3/02-start-user-authorization.ts +24 -20
- package/src/credential/issuance/v1.3.3/04-authorize-access.ts +28 -23
- package/src/credential/issuance/v1.3.3/05-obtain-credential.ts +8 -8
- package/src/credential/issuance/v1.3.3/06-verify-and-parse-credential.ts +2 -1
- package/src/credential/issuance/v1.3.3/index.ts +2 -2
- package/src/credential/issuance/v1.3.3/mappers.ts +4 -1
- package/src/credential/presentation/{v1.3.3/utils.mdoc.ts → common/utils/mdoc.ts} +2 -2
- package/src/credential/presentation/v1.3.3/06-evaluate-dcql-query.ts +3 -3
- package/src/credential/status/README.md +3 -2
- package/src/credential/status/api/status-list.ts +10 -7
- package/src/credential/status/v1.3.3/01-status-list.ts +21 -7
- package/src/credential/status/v1.3.3/02-verify-and-parse-status-list.ts +19 -5
- package/src/mdoc/index.ts +5 -41
- package/src/sd-jwt/__test__/types.test.ts +1 -13
- package/src/sd-jwt/__test__/utils.test.ts +0 -12
- package/src/sd-jwt/types.ts +0 -13
- package/src/utils/callbacks.ts +28 -1
- package/src/utils/x509.ts +43 -0
- package/src/wallet-instance-attestation/api/types.ts +0 -2
- package/src/wallet-instance-attestation/v1.3.3/mappers.ts +3 -11
- package/src/wallet-instance-attestation/v1.3.3/types.ts +2 -7
- package/src/wallet-unit-attestation/api/types.ts +0 -11
- package/lib/commonjs/credential/issuance/common/authorization.js +0 -56
- package/lib/commonjs/credential/issuance/common/authorization.js.map +0 -1
- package/lib/commonjs/credential/presentation/v1.3.3/utils.mdoc.js.map +0 -1
- package/lib/module/credential/issuance/common/authorization.js +0 -48
- package/lib/module/credential/issuance/common/authorization.js.map +0 -1
- package/lib/module/credential/presentation/v1.3.3/utils.mdoc.js.map +0 -1
- package/lib/typescript/credential/issuance/common/authorization.d.ts +0 -21
- package/lib/typescript/credential/issuance/common/authorization.d.ts.map +0 -1
- package/lib/typescript/credential/presentation/v1.3.3/utils.mdoc.d.ts.map +0 -1
- package/src/credential/issuance/common/authorization.ts +0 -89
|
@@ -4,6 +4,7 @@ Object.defineProperty(exports, "__esModule", {
|
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
6
|
exports.selectResponseMode = exports.selectCredentialDefinition = void 0;
|
|
7
|
+
var _errors = require("../../../utils/errors");
|
|
7
8
|
var _logging = require("../../../utils/logging");
|
|
8
9
|
/**
|
|
9
10
|
* Ensures that the credential type requested is supported by the issuer and contained in the
|
|
@@ -20,7 +21,7 @@ const selectCredentialDefinition = (issuerConf, credentialId) => {
|
|
|
20
21
|
}));
|
|
21
22
|
if (!result) {
|
|
22
23
|
_logging.Logger.log(_logging.LogLevel.ERROR, `Requested credential ${credentialId} is not supported by the issuer according to its configuration ${JSON.stringify(credential_configurations_supported)}`);
|
|
23
|
-
throw new
|
|
24
|
+
throw new _errors.IoWalletError(`No credential support the type '${credentialId}'`);
|
|
24
25
|
}
|
|
25
26
|
return result;
|
|
26
27
|
};
|
|
@@ -40,14 +41,14 @@ const selectResponseMode = (issuerConf, credentialIds) => {
|
|
|
40
41
|
}
|
|
41
42
|
if (responseModeSet.size !== 1) {
|
|
42
43
|
_logging.Logger.log(_logging.LogLevel.ERROR, `${credentialIds} have incompatible response_mode: ${[...responseModeSet.values()]}`);
|
|
43
|
-
throw new
|
|
44
|
+
throw new _errors.IoWalletError("Requested credentials have incompatible response_mode and cannot be requested with the same PAR request");
|
|
44
45
|
}
|
|
45
46
|
const [responseMode] = responseModeSet.values();
|
|
46
47
|
_logging.Logger.log(_logging.LogLevel.DEBUG, `Selected response mode ${responseMode} for credential IDs ${credentialIds}`);
|
|
47
48
|
const responseModeSupported = issuerConf.response_modes_supported;
|
|
48
49
|
if (responseModeSupported && !responseModeSupported.includes(responseMode)) {
|
|
49
50
|
_logging.Logger.log(_logging.LogLevel.ERROR, `Requested response mode ${responseMode} is not supported by the issuer according to its configuration ${JSON.stringify(responseModeSupported)}`);
|
|
50
|
-
throw new
|
|
51
|
+
throw new _errors.IoWalletError(`No response mode support for IDs '${credentialIds}'`);
|
|
51
52
|
}
|
|
52
53
|
return responseMode;
|
|
53
54
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["_errors","require","_logging","selectCredentialDefinition","issuerConf","credentialId","credential_configurations_supported","result","Object","keys","filter","e","includes","map","credential_configuration_id","type","Logger","log","LogLevel","ERROR","JSON","stringify","IoWalletError","exports","selectResponseMode","credentialIds","responseModeSet","Set","add","match","size","values","responseMode","DEBUG","responseModeSupported","response_modes_supported"],"sourceRoot":"../../../../../src","sources":["credential/issuance/common/02-start-user-authorization.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,QAAA,GAAAD,OAAA;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAME,0BAA0B,GAAGA,CACxCC,UAAwB,EACxBC,YAAoB,KACI;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACE,mCAAmC;EAEhD,MAAM,CAACC,MAAM,CAAC,GAAGC,MAAM,CAACC,IAAI,CAACH,mCAAmC,CAAC,CAC9DI,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACP,YAAY,CAAC,CAAC,CACvCQ,GAAG,CAAC,OAAO;IACVC,2BAA2B,EAAET,YAAY;IACzCU,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACR,MAAM,EAAE;IACXS,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,wBAAuBd,YAAa,kEAAiEe,IAAI,CAACC,SAAS,CAACf,mCAAmC,CAAE,EAC5J,CAAC;IACD,MAAM,IAAIgB,qBAAa,CAAE,mCAAkCjB,YAAa,GAAE,CAAC;EAC7E;EACA,OAAOE,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AANAgB,OAAA,CAAApB,0BAAA,GAAAA,0BAAA;AAOO,MAAMqB,kBAAkB,GAAGA,CAChCpB,UAAwB,EACxBqB,aAAuB,KACN;EACjB,MAAMC,eAAe,GAAG,IAAIC,GAAG,CAAe,CAAC;EAE/C,KAAK,MAAMtB,YAAY,IAAIoB,aAAa,EAAE;IACxCC,eAAe,CAACE,GAAG,CACjBvB,YAAY,CAACwB,KAAK,CAAC,2BAA2B,CAAC,GAC3C,OAAO,GACP,eACN,CAAC;EACH;EAEA,IAAIH,eAAe,CAACI,IAAI,KAAK,CAAC,EAAE;IAC9Bd,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,GAAEM,aAAc,qCAAoC,CAAC,GAAGC,eAAe,CAACK,MAAM,CAAC,CAAC,CAAE,EACrF,CAAC;IACD,MAAM,IAAIT,qBAAa,CACrB,yGACF,CAAC;EACH;EAEA,MAAM,CAACU,YAAY,CAAC,GAAGN,eAAe,CAACK,MAAM,CAAC,CAAC;EAE/Cf,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACe,KAAK,EACb,0BAAyBD,YAAa,uBAAsBP,aAAc,EAC7E,CAAC;EAED,MAAMS,qBAAqB,GAAG9B,UAAU,CAAC+B,wBAAwB;EACjE,IAAID,qBAAqB,IAAI,CAACA,qBAAqB,CAACtB,QAAQ,CAACoB,YAAa,CAAC,EAAE;IAC3EhB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,2BAA0Ba,YAAa,kEAAiEZ,IAAI,CAACC,SAAS,CAACa,qBAAqB,CAAE,EACjJ,CAAC;IACD,MAAM,IAAIZ,qBAAa,CACpB,qCAAoCG,aAAc,GACrD,CAAC;EACH;EAEA,OAAOO,YAAY;AACrB,CAAC;AAACT,OAAA,CAAAC,kBAAA,GAAAA,kBAAA"}
|
|
@@ -12,6 +12,8 @@ var _errors = require("../../../utils/errors");
|
|
|
12
12
|
var _logging = require("../../../utils/logging");
|
|
13
13
|
var _jwk = require("../../../utils/jwk");
|
|
14
14
|
var _credentials = require("../../../utils/credentials");
|
|
15
|
+
var _x = require("../../../utils/x509");
|
|
16
|
+
var _errors2 = require("../../../trust/common/errors");
|
|
15
17
|
/**
|
|
16
18
|
* Parse a Sd-Jwt credential according to the issuer configuration
|
|
17
19
|
* @param credentialConfig - the list of supported credentials, as defined in the issuer configuration with their claims metadata
|
|
@@ -118,6 +120,23 @@ const parseCredentialSdJwt = function (credentialConfig, parsedCredentialRaw) {
|
|
|
118
120
|
return processLevel(parsedCredentialRaw, []);
|
|
119
121
|
};
|
|
120
122
|
|
|
123
|
+
/**
|
|
124
|
+
* JWT verifier implementing the interface expected by the SD-JWT library.
|
|
125
|
+
* Verification is delegated to `io-react-native-jwt` to leverage its support for multiple algorithms.
|
|
126
|
+
* @returns Boolean indicating whether the verification succeeded or not
|
|
127
|
+
*/
|
|
128
|
+
const sdJwtInstanceVerifier = async (data, signature, options) => {
|
|
129
|
+
if (!(options !== null && options !== void 0 && options.issuerKeys)) {
|
|
130
|
+
return false;
|
|
131
|
+
}
|
|
132
|
+
try {
|
|
133
|
+
await (0, _ioReactNativeJwt.verify)(`${data}.${signature}`, options.issuerKeys);
|
|
134
|
+
return true;
|
|
135
|
+
} catch {
|
|
136
|
+
return false;
|
|
137
|
+
}
|
|
138
|
+
};
|
|
139
|
+
|
|
121
140
|
/**
|
|
122
141
|
* Given a credential, verify it's in the supported format
|
|
123
142
|
* and the credential is correctly signed
|
|
@@ -134,15 +153,13 @@ const parseCredentialSdJwt = function (credentialConfig, parsedCredentialRaw) {
|
|
|
134
153
|
*
|
|
135
154
|
*/
|
|
136
155
|
async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingContext) {
|
|
137
|
-
const {
|
|
138
|
-
protectedHeader
|
|
139
|
-
} = (0, _ioReactNativeJwt.decode)(rawCredential);
|
|
140
|
-
const verifierJwk = (0, _ioReactNativeJwt.getJwkFromHeader)(protectedHeader, issuerKeys);
|
|
141
156
|
const sdJwtInstance = new _core.SDJwtInstance({
|
|
142
157
|
hasher: _cryptoNodejs.digest,
|
|
143
|
-
verifier:
|
|
158
|
+
verifier: sdJwtInstanceVerifier
|
|
144
159
|
});
|
|
145
|
-
const [verifiedCredential, holderBindingKey] = await Promise.all([sdJwtInstance.verify(rawCredential
|
|
160
|
+
const [verifiedCredential, holderBindingKey] = await Promise.all([sdJwtInstance.verify(rawCredential, {
|
|
161
|
+
issuerKeys
|
|
162
|
+
}), holderBindingContext.getPublicKey()]);
|
|
146
163
|
const {
|
|
147
164
|
cnf
|
|
148
165
|
} = verifiedCredential.payload;
|
|
@@ -153,14 +170,26 @@ async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingCon
|
|
|
153
170
|
}
|
|
154
171
|
return await sdJwtInstance.decode((0, _credentials.fixLegacyCredentialSdJwt)(rawCredential));
|
|
155
172
|
}
|
|
156
|
-
const verifyAndParseCredentialSdJwt = async (issuerConf, credential, credentialConfigurationId, _ref) => {
|
|
173
|
+
const verifyAndParseCredentialSdJwt = async (issuerConf, credential, credentialConfigurationId, _ref, x509CertRoot) => {
|
|
157
174
|
let {
|
|
158
175
|
credentialCryptoContext,
|
|
159
176
|
ignoreMissingAttributes,
|
|
160
|
-
includeUndefinedAttributes
|
|
177
|
+
includeUndefinedAttributes,
|
|
178
|
+
validateCertificateChain
|
|
161
179
|
} = _ref;
|
|
162
180
|
const decoded = await verifyCredentialSdJwt(credential, issuerConf.keys, credentialCryptoContext);
|
|
163
181
|
_logging.Logger.log(_logging.LogLevel.DEBUG, `Decoded credential: ${JSON.stringify(decoded)}`);
|
|
182
|
+
if (validateCertificateChain) {
|
|
183
|
+
var _decoded$jwt;
|
|
184
|
+
if (!x509CertRoot) {
|
|
185
|
+
throw new _errors.IoWalletError("Missing x509CertRoot");
|
|
186
|
+
}
|
|
187
|
+
const x5c = (_decoded$jwt = decoded.jwt) === null || _decoded$jwt === void 0 || (_decoded$jwt = _decoded$jwt.header) === null || _decoded$jwt === void 0 ? void 0 : _decoded$jwt.x5c;
|
|
188
|
+
if (!x5c || !Array.isArray(x5c) || x5c.length === 0) {
|
|
189
|
+
throw new _errors2.MissingX509CertsError("Missing x509 certificates");
|
|
190
|
+
}
|
|
191
|
+
await (0, _x.verifyX509Chain)(x5c, x509CertRoot);
|
|
192
|
+
}
|
|
164
193
|
const credentialConfig = issuerConf.credential_configurations_supported[credentialConfigurationId];
|
|
165
194
|
if (!credentialConfig) {
|
|
166
195
|
_logging.Logger.log(_logging.LogLevel.ERROR, `Credential type not supported by the issuer: ${credentialConfigurationId}`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_core","_cryptoNodejs","_parser","_errors","_logging","_jwk","_credentials","parseCredentialSdJwt","credentialConfig","parsedCredentialRaw","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","claimsMetadata","claims","missingPaths","rootKeysToVerify","Set","map","c","path","filter","p","rootKey","push","missing","join","received","Object","keys","IoWalletError","getDisplayNames","match","find","isPathEqual","nameMap","entry","display","locale","name","processLevel","currentData","currentPath","Array","isArray","item","dataObj","result","processedKeys","configKeysAtThisLevel","claim","isPrefixOf","nextPart","includes","key","stringKey","toString","dataValue","newPath","localizedNames","value","add","entries","has","
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_core","_cryptoNodejs","_parser","_errors","_logging","_jwk","_credentials","_x","_errors2","parseCredentialSdJwt","credentialConfig","parsedCredentialRaw","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","claimsMetadata","claims","missingPaths","rootKeysToVerify","Set","map","c","path","filter","p","rootKey","push","missing","join","received","Object","keys","IoWalletError","getDisplayNames","match","find","isPathEqual","nameMap","entry","display","locale","name","processLevel","currentData","currentPath","Array","isArray","item","dataObj","result","processedKeys","configKeysAtThisLevel","claim","isPrefixOf","nextPart","includes","key","stringKey","toString","dataValue","newPath","localizedNames","value","add","entries","has","sdJwtInstanceVerifier","data","signature","options","issuerKeys","verifyJwt","verifyCredentialSdJwt","rawCredential","holderBindingContext","sdJwtInstance","SDJwtInstance","hasher","digest","verifier","verifiedCredential","holderBindingKey","Promise","all","verify","getPublicKey","cnf","payload","isSameThumbprint","jwk","message","kid","Logger","log","LogLevel","ERROR","decode","fixLegacyCredentialSdJwt","verifyAndParseCredentialSdJwt","issuerConf","credential","credentialConfigurationId","_ref","x509CertRoot","credentialCryptoContext","validateCertificateChain","decoded","DEBUG","JSON","stringify","_decoded$jwt","x5c","jwt","header","MissingX509CertsError","verifyX509Chain","credential_configurations_supported","getClaims","parsedCredential","issuedAt","iat","Date","exp","expiration","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/common/06-verify-and-parse-credential.sdjwt.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAIA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,aAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AACA,IAAAM,IAAA,GAAAN,OAAA;AAEA,IAAAO,YAAA,GAAAP,OAAA;AACA,IAAAQ,EAAA,GAAAR,OAAA;AACA,IAAAS,QAAA,GAAAT,OAAA;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMU,oBAAoB,GAAG,SAAAA,CAC3BC,gBAAgC,EAChCC,mBAA4C,EAGvB;EAAA,IAFrBC,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,MAAMI,cAAc,GAAGP,gBAAgB,CAACQ,MAAM,IAAI,EAAE;;EAEpD;EACA,IAAI,CAACN,uBAAuB,EAAE;IAC5B,MAAMO,YAAsB,GAAG,EAAE;IACjC,MAAMC,gBAAgB,GAAG,IAAIC,GAAG,CAC9BJ,cAAc,CACXK,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAACC,IAAI,CAAC,CAAC,CAAC,CAAC,CACrBC,MAAM,CAAEC,CAAC,IAAkB,OAAOA,CAAC,KAAK,QAAQ,CACrD,CAAC;IAED,KAAK,MAAMC,OAAO,IAAIP,gBAAgB,EAAE;MACtC,IAAI,EAAEO,OAAO,IAAIhB,mBAAmB,CAAC,EAAE;QACrCQ,YAAY,CAACS,IAAI,CAACD,OAAO,CAAC;MAC5B;IACF;IAEA,IAAIR,YAAY,CAACL,MAAM,GAAG,CAAC,EAAE;MAC3B,MAAMe,OAAO,GAAGV,YAAY,CAACW,IAAI,CAAC,IAAI,CAAC;MACvC,MAAMC,QAAQ,GAAGC,MAAM,CAACC,IAAI,CAACtB,mBAAmB,CAAC,CAACmB,IAAI,CAAC,IAAI,CAAC;MAC5D,MAAM,IAAII,qBAAa,CACpB,4DAA2DL,OAAQ,iBAAgBE,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;AACF;AACA;EACE,MAAMI,eAAe,GACnBX,IAAgC,IACO;IACvC,MAAMY,KAAK,GAAGnB,cAAc,CAACoB,IAAI,CAAEd,CAAC,IAAK,IAAAe,mBAAW,EAACf,CAAC,CAACC,IAAI,EAAEA,IAAI,CAAC,CAAC;IACnE,IAAI,CAACY,KAAK,EAAE,OAAOrB,SAAS;IAE5B,MAAMwB,OAA+B,GAAG,CAAC,CAAC;IAC1C,KAAK,MAAMC,KAAK,IAAIJ,KAAK,CAACK,OAAO,EAAE;MACjCF,OAAO,CAACC,KAAK,CAACE,MAAM,CAAC,GAAGF,KAAK,CAACG,IAAI;IACpC;IACA,OAAOJ,OAAO;EAChB,CAAC;;EAED;AACF;AACA;EACE,MAAMK,YAAY,GAAGA,CACnBC,WAAoB,EACpBC,WAAuC,KAC3B;IACZ;IACA,IAAIC,KAAK,CAACC,OAAO,CAACH,WAAW,CAAC,EAAE;MAC9B,OAAOA,WAAW,CAACvB,GAAG,CAAE2B,IAAI,IAC1BL,YAAY,CAACK,IAAI,EAAE,CAAC,GAAGH,WAAW,EAAE,IAAI,CAAC,CAC3C,CAAC;IACH;;IAEA;IACA,IAAI,OAAOD,WAAW,KAAK,QAAQ,IAAIA,WAAW,KAAK,IAAI,EAAE;MAC3D,OAAOA,WAAW;IACpB;IAEA,MAAMK,OAAO,GAAGL,WAAsC;IACtD,MAAMM,MAAwB,GAAG,CAAC,CAAC;IACnC,MAAMC,aAAa,GAAG,IAAI/B,GAAG,CAAkB,CAAC;;IAEhD;IACA,MAAMgC,qBAA0C,GAAG,EAAE;IACrD,KAAK,MAAMC,KAAK,IAAIrC,cAAc,EAAE;MAClC;MACA,IAAI,IAAAsC,kBAAU,EAACT,WAAW,EAAEQ,KAAK,CAAC9B,IAAI,CAAC,EAAE;QACvC,MAAMgC,QAAQ,GAAGF,KAAK,CAAC9B,IAAI,CAACsB,WAAW,CAAChC,MAAM,CAAC;QAC/C,IACE,CAAC,OAAO0C,QAAQ,KAAK,QAAQ,IAAI,OAAOA,QAAQ,KAAK,QAAQ,KAC7D,CAACH,qBAAqB,CAACI,QAAQ,CAACD,QAAQ,CAAC,EACzC;UACAH,qBAAqB,CAACzB,IAAI,CAAC4B,QAAQ,CAAC;QACtC;MACF;IACF;;IAEA;IACA,KAAK,MAAME,GAAG,IAAIL,qBAAqB,EAAE;MACvC,MAAMM,SAAS,GAAGD,GAAG,CAACE,QAAQ,CAAC,CAAC;MAChC,MAAMC,SAAS,GAAGX,OAAO,CAACS,SAAS,CAAC;MACpC,IAAIE,SAAS,KAAK9C,SAAS,EAAE;MAE7B,MAAM+C,OAAO,GAAG,CAAC,GAAGhB,WAAW,EAAEY,GAAG,CAAC;MAErC,IAAIK,cAAc,GAAG5B,eAAe,CAAC2B,OAAO,CAAC;;MAE7C;MACA,IAAI,CAACC,cAAc,IAAIhB,KAAK,CAACC,OAAO,CAACa,SAAS,CAAC,EAAE;QAC/CE,cAAc,GAAG5B,eAAe,CAAC,CAAC,GAAG2B,OAAO,EAAE,IAAI,CAAC,CAAC;MACtD;MAEAX,MAAM,CAACQ,SAAS,CAAC,GAAG;QAClBhB,IAAI,EAAEoB,cAAc,IAAIJ,SAAS;QACjCK,KAAK,EAAEpB,YAAY,CAACiB,SAAS,EAAEC,OAAO;MACxC,CAAC;MAEDV,aAAa,CAACa,GAAG,CAACP,GAAG,CAAC;IACxB;;IAEA;IACA,IAAI1C,0BAA0B,EAAE;MAC9B,KAAK,MAAM,CAAC0C,GAAG,EAAEM,KAAK,CAAC,IAAIhC,MAAM,CAACkC,OAAO,CAAChB,OAAO,CAAC,EAAE;QAClD,IAAI,CAACE,aAAa,CAACe,GAAG,CAACT,GAAG,CAAC,EAAE;UAC3BP,MAAM,CAACO,GAAG,CAAC,GAAG;YACZf,IAAI,EAAEe,GAAG;YACTM,KAAK,EAAEA;UACT,CAAC;QACH;MACF;IACF;IAEA,OAAOb,MAAM;EACf,CAAC;EAED,OAAOP,YAAY,CAACjC,mBAAmB,EAAE,EAAE,CAAC;AAC9C,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA,MAAMyD,qBAAsD,GAAG,MAAAA,CAC7DC,IAAI,EACJC,SAAS,EACTC,OAAO,KACJ;EACH,IAAI,EAACA,OAAO,aAAPA,OAAO,eAAPA,OAAO,CAAEC,UAAU,GAAE;IACxB,OAAO,KAAK;EACd;EACA,IAAI;IACF,MAAM,IAAAC,wBAAS,EAAE,GAAEJ,IAAK,IAAGC,SAAU,EAAC,EAAEC,OAAO,CAACC,UAAU,CAAC;IAC3D,OAAO,IAAI;EACb,CAAC,CAAC,MAAM;IACN,OAAO,KAAK;EACd;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeE,qBAAqBA,CAClCC,aAAqB,EACrBH,UAAiB,EACjBI,oBAAmC,EACnB;EAChB,MAAMC,aAAa,GAAG,IAAIC,mBAAa,CAAC;IACtCC,MAAM,EAAEC,oBAAM;IACdC,QAAQ,EAAEb;EACZ,CAAC,CAAC;EAEF,MAAM,CAACc,kBAAkB,EAAEC,gBAAgB,CAAC,GAAG,MAAMC,OAAO,CAACC,GAAG,CAAC,CAC/DR,aAAa,CAACS,MAAM,CAACX,aAAa,EAAE;IAAEH;EAAW,CAAC,CAAC,EACnDI,oBAAoB,CAACW,YAAY,CAAC,CAAC,CACpC,CAAC;EAEF,MAAM;IAAEC;EAAI,CAAC,GAAGN,kBAAkB,CAACO,OAAkC;EACrE,IAAI,EAAE,MAAM,IAAAC,qBAAgB,EAACF,GAAG,CAACG,GAAG,EAAER,gBAAuB,CAAC,CAAC,EAAE;IAC/D,MAAMS,OAAO,GAAI,kDAAiDT,gBAAgB,CAACU,GAAI,UAASL,GAAG,CAACG,GAAG,CAACE,GAAI,EAAC;IAC7GC,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAEL,OAAO,CAAC;IACnC,MAAM,IAAI1D,qBAAa,CAAC0D,OAAO,CAAC;EAClC;EAEA,OAAO,MAAMf,aAAa,CAACqB,MAAM,CAAC,IAAAC,qCAAwB,EAACxB,aAAa,CAAC,CAAC;AAC5E;AAEO,MAAMyB,6BAAsE,GACjF,MAAAA,CACEC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EAAAC,IAAA,EAOzBC,YAAY,KACT;EAAA,IAPH;IACEC,uBAAuB;IACvB9F,uBAAuB;IACvBI,0BAA0B;IAC1B2F;EACF,CAAC,GAAAH,IAAA;EAGD,MAAMI,OAAO,GAAG,MAAMlC,qBAAqB,CACzC4B,UAAU,EACVD,UAAU,CAACpE,IAAI,EACfyE,uBACF,CAAC;EAEDZ,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACa,KAAK,EACb,uBAAsBC,IAAI,CAACC,SAAS,CAACH,OAAO,CAAE,EACjD,CAAC;EAED,IAAID,wBAAwB,EAAE;IAAA,IAAAK,YAAA;IAC5B,IAAI,CAACP,YAAY,EAAE;MACjB,MAAM,IAAIvE,qBAAa,CAAC,sBAAsB,CAAC;IACjD;IACA,MAAM+E,GAAG,IAAAD,YAAA,GAAGJ,OAAO,CAACM,GAAG,cAAAF,YAAA,gBAAAA,YAAA,GAAXA,YAAA,CAAaG,MAAM,cAAAH,YAAA,uBAAnBA,YAAA,CAAqBC,GAA2B;IAC5D,IAAI,CAACA,GAAG,IAAI,CAAClE,KAAK,CAACC,OAAO,CAACiE,GAAG,CAAC,IAAIA,GAAG,CAACnG,MAAM,KAAK,CAAC,EAAE;MACnD,MAAM,IAAIsG,8BAAqB,CAAC,2BAA2B,CAAC;IAC9D;IACA,MAAM,IAAAC,kBAAe,EAACJ,GAAG,EAAER,YAAY,CAAC;EAC1C;EAEA,MAAM/F,gBAAgB,GACpB2F,UAAU,CAACiB,mCAAmC,CAACf,yBAAyB,CAAC;EAE3E,IAAI,CAAC7F,gBAAgB,EAAE;IACrBoF,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,gDAA+CM,yBAA0B,EAC5E,CAAC;IACD,MAAM,IAAIrE,qBAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,MAAMvB,mBAAmB,GAAI,MAAMiG,OAAO,CAACW,SAAS,CAACvC,oBAAM,CAG1D;EAED,MAAMwC,gBAAgB,GAAG/G,oBAAoB,CAC3CC,gBAAgB,EAChBC,mBAAmB,EACnBC,uBAAuB,EACvBI,0BACF,CAAC;EAED,MAAMyG,QAAQ,GACZ,OAAO9G,mBAAmB,CAAC+G,GAAG,KAAK,QAAQ,GACvC,IAAIC,IAAI,CAAChH,mBAAmB,CAAC+G,GAAG,GAAG,IAAI,CAAC,GACxC3G,SAAS;EAEf,IAAI,OAAOJ,mBAAmB,CAACiH,GAAG,KAAK,QAAQ,EAAE;IAC/C,MAAM,IAAI1F,qBAAa,CAAC,2CAA2C,CAAC;EACtE;EACA,MAAM2F,UAAU,GAAG,IAAIF,IAAI,CAAChH,mBAAmB,CAACiH,GAAG,GAAG,IAAI,CAAC;EAE3D9B,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACa,KAAK,EACb,sBAAqBC,IAAI,CAACC,SAAS,CAACS,gBAAgB,CAAE,gBAAeC,QAAS,EACjF,CAAC;EAED,OAAO;IACLD,gBAAgB;IAChBK,UAAU;IACVJ;EACF,CAAC;AACH,CAAC;AAACK,OAAA,CAAA1B,6BAAA,GAAAA,6BAAA"}
|
|
@@ -3,50 +3,58 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.
|
|
7
|
-
var _uuid = require("uuid");
|
|
6
|
+
exports.createInitChallenge = createInitChallenge;
|
|
8
7
|
var _ioWalletOauth = require("@pagopa/io-wallet-oauth2");
|
|
9
8
|
var _ioWalletUtils = require("@pagopa/io-wallet-utils");
|
|
10
|
-
var _pop = require("../../../utils/pop");
|
|
11
9
|
var _logging = require("../../../utils/logging");
|
|
12
|
-
var WalletInstanceAttestation = _interopRequireWildcard(require("../../../wallet-instance-attestation/v1.0.0/utils"));
|
|
13
10
|
var _errors = require("../../../utils/errors");
|
|
14
11
|
var _callbacks = require("../../../utils/callbacks");
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
12
|
+
/**
|
|
13
|
+
* Factory function to create `initChallenge` for MRTD PoP flow.
|
|
14
|
+
* The factory is needed to inject version specific SDK configuration.
|
|
15
|
+
* @param config Configuration object containing the IO Wallet SDK configuration
|
|
16
|
+
* @returns `initChallenge` function compliant with the public API
|
|
17
|
+
*/
|
|
18
|
+
function createInitChallenge(config) {
|
|
19
|
+
return async function initChallenge(issuerConf, initUrl, mrtd_auth_session, mrtd_pop_jwt_nonce, context) {
|
|
20
|
+
const {
|
|
21
|
+
appFetch = fetch,
|
|
22
|
+
walletInstanceAttestation,
|
|
23
|
+
wiaCryptoContext
|
|
24
|
+
} = context;
|
|
25
|
+
const clientAttestationDPoP = await (0, _ioWalletOauth.createClientAttestationPopJwt)({
|
|
26
|
+
config: config.sdkConfig,
|
|
27
|
+
callbacks: {
|
|
28
|
+
generateRandom: _callbacks.partialCallbacks.generateRandom,
|
|
29
|
+
signJwt: (0, _callbacks.createSignJwtFromCryptoContext)(wiaCryptoContext)
|
|
30
|
+
},
|
|
31
|
+
clientAttestation: walletInstanceAttestation,
|
|
32
|
+
authorizationServer: issuerConf.credential_issuer,
|
|
33
|
+
signer: {
|
|
34
|
+
method: "jwk",
|
|
35
|
+
alg: "ES256",
|
|
36
|
+
publicJwk: await wiaCryptoContext.getPublicKey()
|
|
37
|
+
}
|
|
38
|
+
});
|
|
39
|
+
const initResult = await (0, _ioWalletOauth.fetchMrtdPopInit)({
|
|
40
|
+
popInitEndpoint: initUrl,
|
|
41
|
+
mrtdAuthSession: mrtd_auth_session,
|
|
42
|
+
mrtdPopJwtNonce: mrtd_pop_jwt_nonce,
|
|
43
|
+
walletAttestation: walletInstanceAttestation,
|
|
44
|
+
clientAttestationDPoP,
|
|
45
|
+
callbacks: {
|
|
46
|
+
verifyJwt: (0, _callbacks.createVerifyJwtFromJwks)(issuerConf.keys),
|
|
47
|
+
fetch: appFetch
|
|
48
|
+
}
|
|
49
|
+
}).catch(handleInitChallengeError);
|
|
50
|
+
return {
|
|
51
|
+
challenge: initResult.challenge,
|
|
52
|
+
mrtd_pop_nonce: initResult.mrtdPopNonce,
|
|
53
|
+
pop_verify_endpoint: initResult.popVerifyEndpoint,
|
|
54
|
+
mrz: initResult.mrz
|
|
55
|
+
};
|
|
47
56
|
};
|
|
48
|
-
}
|
|
49
|
-
exports.initChallenge = initChallenge;
|
|
57
|
+
}
|
|
50
58
|
const handleInitChallengeError = e => {
|
|
51
59
|
_logging.Logger.log(_logging.LogLevel.ERROR, `Failed to get MRTD challenge: ${e}`);
|
|
52
60
|
if (!(e instanceof _ioWalletUtils.UnexpectedStatusCodeError)) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["_ioWalletOauth","require","_ioWalletUtils","_logging","_errors","_callbacks","createInitChallenge","config","initChallenge","issuerConf","initUrl","mrtd_auth_session","mrtd_pop_jwt_nonce","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","clientAttestationDPoP","createClientAttestationPopJwt","sdkConfig","callbacks","generateRandom","partialCallbacks","signJwt","createSignJwtFromCryptoContext","clientAttestation","authorizationServer","credential_issuer","signer","method","alg","publicJwk","getPublicKey","initResult","fetchMrtdPopInit","popInitEndpoint","mrtdAuthSession","mrtdPopJwtNonce","walletAttestation","verifyJwt","createVerifyJwtFromJwks","keys","catch","handleInitChallengeError","challenge","mrtd_pop_nonce","mrtdPopNonce","pop_verify_endpoint","popVerifyEndpoint","mrz","e","Logger","log","LogLevel","ERROR","SdkUnexpectedStatusCodeError","ResponseErrorBuilder","IssuerResponseError","handle","code","IssuerResponseErrorCodes","MrtdChallengeInitRequestFailed","message","buildFrom"],"sourceRoot":"../../../../../src","sources":["credential/issuance/mrtd-pop/02-init-challenge.ts"],"mappings":";;;;;;AAAA,IAAAA,cAAA,GAAAC,OAAA;AAIA,IAAAC,cAAA,GAAAD,OAAA;AAIA,IAAAE,QAAA,GAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AAMA,IAAAI,UAAA,GAAAJ,OAAA;AAUA;AACA;AACA;AACA;AACA;AACA;AACO,SAASK,mBAAmBA,CACjCC,MAAc,EACe;EAC7B,OAAO,eAAeC,aAAaA,CACjCC,UAAU,EACVC,OAAO,EACPC,iBAAiB,EACjBC,kBAAkB,EAClBC,OAAO,EACP;IACA,MAAM;MACJC,QAAQ,GAAGC,KAAK;MAChBC,yBAAyB;MACzBC;IACF,CAAC,GAAGJ,OAAO;IAEX,MAAMK,qBAAqB,GAAG,MAAM,IAAAC,4CAA6B,EAAC;MAChEZ,MAAM,EAAEA,MAAM,CAACa,SAAS;MACxBC,SAAS,EAAE;QACTC,cAAc,EAAEC,2BAAgB,CAACD,cAAc;QAC/CE,OAAO,EAAE,IAAAC,yCAA8B,EAACR,gBAAgB;MAC1D,CAAC;MACDS,iBAAiB,EAAEV,yBAAyB;MAC5CW,mBAAmB,EAAElB,UAAU,CAACmB,iBAAiB;MACjDC,MAAM,EAAE;QACNC,MAAM,EAAE,KAAK;QACbC,GAAG,EAAE,OAAO;QACZC,SAAS,EAAE,MAAMf,gBAAgB,CAACgB,YAAY,CAAC;MACjD;IACF,CAAC,CAAC;IAEF,MAAMC,UAAU,GAAG,MAAM,IAAAC,+BAAgB,EAAC;MACxCC,eAAe,EAAE1B,OAAO;MACxB2B,eAAe,EAAE1B,iBAAiB;MAClC2B,eAAe,EAAE1B,kBAAkB;MACnC2B,iBAAiB,EAAEvB,yBAAyB;MAC5CE,qBAAqB;MACrBG,SAAS,EAAE;QACTmB,SAAS,EAAE,IAAAC,kCAAuB,EAAChC,UAAU,CAACiC,IAAI,CAAC;QACnD3B,KAAK,EAAED;MACT;IACF,CAAC,CAAC,CAAC6B,KAAK,CAACC,wBAAwB,CAAC;IAElC,OAAO;MACLC,SAAS,EAAEX,UAAU,CAACW,SAAS;MAC/BC,cAAc,EAAEZ,UAAU,CAACa,YAAY;MACvCC,mBAAmB,EAAEd,UAAU,CAACe,iBAAiB;MACjDC,GAAG,EAAEhB,UAAU,CAACgB;IAClB,CAAC;EACH,CAAC;AACH;AAEA,MAAMN,wBAAwB,GAAIO,CAAU,IAAK;EAC/CC,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAG,iCAAgCJ,CAAE,EAAC,CAAC;EAEhE,IAAI,EAAEA,CAAC,YAAYK,wCAA4B,CAAC,EAAE;IAChD,MAAML,CAAC;EACT;EAEA,MAAM,IAAIM,4BAAoB,CAACC,2BAAmB,CAAC,CAChDC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,gCAAwB,CAACC,8BAA8B;IAC7DC,OAAO,EAAE;EACX,CAAC,CAAC,CACDC,SAAS,CAACb,CAAC,CAAC;AACjB,CAAC"}
|
|
@@ -3,62 +3,69 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.
|
|
6
|
+
exports.buildChallengeCallbackUrl = void 0;
|
|
7
|
+
exports.createValidateChallenge = createValidateChallenge;
|
|
7
8
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
8
9
|
var _ioWalletOauth = require("@pagopa/io-wallet-oauth2");
|
|
9
|
-
var _uuid = require("uuid");
|
|
10
|
-
var _pop = require("../../../utils/pop");
|
|
11
|
-
var WalletInstanceAttestation = _interopRequireWildcard(require("../../../wallet-instance-attestation/v1.0.0/utils"));
|
|
12
10
|
var _errors = require("../../../utils/errors");
|
|
13
11
|
var _callbacks = require("../../../utils/callbacks");
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
12
|
+
/**
|
|
13
|
+
* Factory function to create `validateChallenge` for MRTD PoP flow.
|
|
14
|
+
* The factory is needed to inject version specific SDK configuration.
|
|
15
|
+
* @param config Configuration object containing the IO Wallet SDK configuration
|
|
16
|
+
* @returns `validateChallenge` function compliant with the public API
|
|
17
|
+
*/
|
|
18
|
+
function createValidateChallenge(config) {
|
|
19
|
+
return async function validateChallenge(issuerConf, verifyUrl, mrtd_auth_session, mrtd_pop_nonce, mrtd, ias, context) {
|
|
20
|
+
const {
|
|
21
|
+
appFetch = fetch,
|
|
22
|
+
walletInstanceAttestation,
|
|
23
|
+
wiaCryptoContext
|
|
24
|
+
} = context;
|
|
25
|
+
const aud = issuerConf.credential_issuer;
|
|
26
|
+
const wiaPublicJwk = await wiaCryptoContext.getPublicKey();
|
|
27
|
+
const clientAttestationDPoP = await (0, _ioWalletOauth.createClientAttestationPopJwt)({
|
|
28
|
+
config: config.sdkConfig,
|
|
29
|
+
callbacks: {
|
|
30
|
+
generateRandom: _callbacks.partialCallbacks.generateRandom,
|
|
31
|
+
signJwt: (0, _callbacks.createSignJwtFromCryptoContext)(wiaCryptoContext)
|
|
32
|
+
},
|
|
33
|
+
clientAttestation: walletInstanceAttestation,
|
|
34
|
+
authorizationServer: aud,
|
|
35
|
+
signer: {
|
|
36
|
+
method: "jwk",
|
|
37
|
+
alg: "ES256",
|
|
38
|
+
publicJwk: wiaPublicJwk
|
|
39
|
+
}
|
|
40
|
+
});
|
|
41
|
+
const mrtdValidationJwt = await new _ioReactNativeJwt.SignJWT(wiaCryptoContext).setProtectedHeader({
|
|
42
|
+
typ: "mrtd-ias+jwt",
|
|
43
|
+
kid: wiaPublicJwk.kid
|
|
44
|
+
}).setPayload({
|
|
45
|
+
iss: wiaPublicJwk.kid,
|
|
46
|
+
aud,
|
|
47
|
+
document_type: "cie",
|
|
48
|
+
mrtd,
|
|
49
|
+
ias
|
|
50
|
+
}).setIssuedAt().setExpirationTime("5m").sign();
|
|
51
|
+
const verifyResult = await (0, _ioWalletOauth.fetchMrtdPopVerify)({
|
|
52
|
+
popVerifyEndpoint: verifyUrl,
|
|
53
|
+
mrtdAuthSession: mrtd_auth_session,
|
|
54
|
+
mrtdPopNonce: mrtd_pop_nonce,
|
|
55
|
+
clientAttestationDPoP,
|
|
56
|
+
mrtdValidationJwt,
|
|
57
|
+
walletAttestation: walletInstanceAttestation,
|
|
58
|
+
callbacks: {
|
|
59
|
+
fetch: appFetch,
|
|
60
|
+
..._callbacks.partialCallbacks
|
|
61
|
+
}
|
|
62
|
+
}).catch(_errors.sdkUnexpectedStatusCodeToIssuerError);
|
|
63
|
+
return {
|
|
64
|
+
redirect_uri: verifyResult.redirectUri,
|
|
65
|
+
mrtd_val_pop_nonce: verifyResult.mrtdValPopNonce
|
|
66
|
+
};
|
|
59
67
|
};
|
|
60
|
-
}
|
|
61
|
-
exports.validateChallenge = validateChallenge;
|
|
68
|
+
}
|
|
62
69
|
const buildChallengeCallbackUrl = async (redirectUri, valPopNonce, authSession) => {
|
|
63
70
|
const params = new URLSearchParams({
|
|
64
71
|
mrtd_val_pop_nonce: valPopNonce,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_ioWalletOauth","
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_ioWalletOauth","_errors","_callbacks","createValidateChallenge","config","validateChallenge","issuerConf","verifyUrl","mrtd_auth_session","mrtd_pop_nonce","mrtd","ias","context","appFetch","fetch","walletInstanceAttestation","wiaCryptoContext","aud","credential_issuer","wiaPublicJwk","getPublicKey","clientAttestationDPoP","createClientAttestationPopJwt","sdkConfig","callbacks","generateRandom","partialCallbacks","signJwt","createSignJwtFromCryptoContext","clientAttestation","authorizationServer","signer","method","alg","publicJwk","mrtdValidationJwt","SignJWT","setProtectedHeader","typ","kid","setPayload","iss","document_type","setIssuedAt","setExpirationTime","sign","verifyResult","fetchMrtdPopVerify","popVerifyEndpoint","mrtdAuthSession","mrtdPopNonce","walletAttestation","catch","sdkUnexpectedStatusCodeToIssuerError","redirect_uri","redirectUri","mrtd_val_pop_nonce","mrtdValPopNonce","buildChallengeCallbackUrl","valPopNonce","authSession","params","URLSearchParams","callbackUrl","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/mrtd-pop/03-validate-challenge.ts"],"mappings":";;;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,cAAA,GAAAD,OAAA;AAKA,IAAAE,OAAA,GAAAF,OAAA;AACA,IAAAG,UAAA,GAAAH,OAAA;AAUA;AACA;AACA;AACA;AACA;AACA;AACO,SAASI,uBAAuBA,CACrCC,MAAc,EACmB;EACjC,OAAO,eAAeC,iBAAiBA,CACrCC,UAAU,EACVC,SAAS,EACTC,iBAAiB,EACjBC,cAAc,EACdC,IAAI,EACJC,GAAG,EACHC,OAAO,EACP;IACA,MAAM;MACJC,QAAQ,GAAGC,KAAK;MAChBC,yBAAyB;MACzBC;IACF,CAAC,GAAGJ,OAAO;IAEX,MAAMK,GAAG,GAAGX,UAAU,CAACY,iBAAiB;IAExC,MAAMC,YAAY,GAAG,MAAMH,gBAAgB,CAACI,YAAY,CAAC,CAAC;IAE1D,MAAMC,qBAAqB,GAAG,MAAM,IAAAC,4CAA6B,EAAC;MAChElB,MAAM,EAAEA,MAAM,CAACmB,SAAS;MACxBC,SAAS,EAAE;QACTC,cAAc,EAAEC,2BAAgB,CAACD,cAAc;QAC/CE,OAAO,EAAE,IAAAC,yCAA8B,EAACZ,gBAAgB;MAC1D,CAAC;MACDa,iBAAiB,EAAEd,yBAAyB;MAC5Ce,mBAAmB,EAAEb,GAAG;MACxBc,MAAM,EAAE;QACNC,MAAM,EAAE,KAAK;QACbC,GAAG,EAAE,OAAO;QACZC,SAAS,EAAEf;MACb;IACF,CAAC,CAAC;IAEF,MAAMgB,iBAAiB,GAAG,MAAM,IAAIC,yBAAO,CAACpB,gBAAgB,CAAC,CAC1DqB,kBAAkB,CAAC;MAClBC,GAAG,EAAE,cAAc;MACnBC,GAAG,EAAEpB,YAAY,CAACoB;IACpB,CAAC,CAAC,CACDC,UAAU,CAAC;MACVC,GAAG,EAAEtB,YAAY,CAACoB,GAAG;MACrBtB,GAAG;MACHyB,aAAa,EAAE,KAAK;MACpBhC,IAAI;MACJC;IACF,CAAC,CAAC,CACDgC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;IAET,MAAMC,YAAY,GAAG,MAAM,IAAAC,iCAAkB,EAAC;MAC5CC,iBAAiB,EAAEzC,SAAS;MAC5B0C,eAAe,EAAEzC,iBAAiB;MAClC0C,YAAY,EAAEzC,cAAc;MAC5BY,qBAAqB;MACrBc,iBAAiB;MACjBgB,iBAAiB,EAAEpC,yBAAyB;MAC5CS,SAAS,EAAE;QACTV,KAAK,EAAED,QAAQ;QACf,GAAGa;MACL;IACF,CAAC,CAAC,CAAC0B,KAAK,CAACC,4CAAoC,CAAC;IAE9C,OAAO;MACLC,YAAY,EAAER,YAAY,CAACS,WAAW;MACtCC,kBAAkB,EAAEV,YAAY,CAACW;IACnC,CAAC;EACH,CAAC;AACH;AAEO,MAAMC,yBAAkE,GAC7E,MAAAA,CAAOH,WAAW,EAAEI,WAAW,EAAEC,WAAW,KAAK;EAC/C,MAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IACjCN,kBAAkB,EAAEG,WAAW;IAC/BnD,iBAAiB,EAAEoD;EACrB,CAAC,CAAC;EAEF,MAAMG,WAAW,GAAI,GAAER,WAAY,IAAGM,MAAO,EAAC;EAC9C,OAAO;IAAEE;EAAY,CAAC;AACxB,CAAC;AAACC,OAAA,CAAAN,yBAAA,GAAAA,yBAAA"}
|
|
@@ -3,15 +3,31 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.
|
|
6
|
+
exports.MRTDPoPv1_3 = exports.MRTDPoPv1_0 = void 0;
|
|
7
|
+
var _config = require("../../../utils/config");
|
|
7
8
|
var _verifyAndParseChallengeInfo = require("./01-verify-and-parse-challenge-info");
|
|
8
9
|
var _initChallenge = require("./02-init-challenge");
|
|
9
10
|
var _validateChallenge = require("./03-validate-challenge");
|
|
10
|
-
const
|
|
11
|
+
const MRTDPoPv1_0 = {
|
|
11
12
|
verifyAndParseChallengeInfo: _verifyAndParseChallengeInfo.verifyAndParseChallengeInfo,
|
|
12
|
-
initChallenge: _initChallenge.
|
|
13
|
-
|
|
13
|
+
initChallenge: (0, _initChallenge.createInitChallenge)({
|
|
14
|
+
sdkConfig: _config.sdkConfigV1_0
|
|
15
|
+
}),
|
|
16
|
+
validateChallenge: (0, _validateChallenge.createValidateChallenge)({
|
|
17
|
+
sdkConfig: _config.sdkConfigV1_0
|
|
18
|
+
}),
|
|
14
19
|
buildChallengeCallbackUrl: _validateChallenge.buildChallengeCallbackUrl
|
|
15
20
|
};
|
|
16
|
-
exports.
|
|
21
|
+
exports.MRTDPoPv1_0 = MRTDPoPv1_0;
|
|
22
|
+
const MRTDPoPv1_3 = {
|
|
23
|
+
verifyAndParseChallengeInfo: _verifyAndParseChallengeInfo.verifyAndParseChallengeInfo,
|
|
24
|
+
initChallenge: (0, _initChallenge.createInitChallenge)({
|
|
25
|
+
sdkConfig: _config.sdkConfigV1_3
|
|
26
|
+
}),
|
|
27
|
+
validateChallenge: (0, _validateChallenge.createValidateChallenge)({
|
|
28
|
+
sdkConfig: _config.sdkConfigV1_3
|
|
29
|
+
}),
|
|
30
|
+
buildChallengeCallbackUrl: _validateChallenge.buildChallengeCallbackUrl
|
|
31
|
+
};
|
|
32
|
+
exports.MRTDPoPv1_3 = MRTDPoPv1_3;
|
|
17
33
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["_config","require","_verifyAndParseChallengeInfo","_initChallenge","_validateChallenge","MRTDPoPv1_0","verifyAndParseChallengeInfo","initChallenge","createInitChallenge","sdkConfig","sdkConfigV1_0","validateChallenge","createValidateChallenge","buildChallengeCallbackUrl","exports","MRTDPoPv1_3","sdkConfigV1_3"],"sourceRoot":"../../../../../src","sources":["credential/issuance/mrtd-pop/index.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAEA,IAAAC,4BAAA,GAAAD,OAAA;AACA,IAAAE,cAAA,GAAAF,OAAA;AACA,IAAAG,kBAAA,GAAAH,OAAA;AAKO,MAAMI,WAAuB,GAAG;EACrCC,2BAA2B,EAA3BA,wDAA2B;EAC3BC,aAAa,EAAE,IAAAC,kCAAmB,EAAC;IAAEC,SAAS,EAAEC;EAAc,CAAC,CAAC;EAChEC,iBAAiB,EAAE,IAAAC,0CAAuB,EAAC;IAAEH,SAAS,EAAEC;EAAc,CAAC,CAAC;EACxEG,yBAAyB,EAAzBA;AACF,CAAC;AAACC,OAAA,CAAAT,WAAA,GAAAA,WAAA;AAEK,MAAMU,WAAuB,GAAG;EACrCT,2BAA2B,EAA3BA,wDAA2B;EAC3BC,aAAa,EAAE,IAAAC,kCAAmB,EAAC;IAAEC,SAAS,EAAEO;EAAc,CAAC,CAAC;EAChEL,iBAAiB,EAAE,IAAAC,0CAAuB,EAAC;IAAEH,SAAS,EAAEO;EAAc,CAAC,CAAC;EACxEH,yBAAyB,EAAzBA;AACF,CAAC;AAACC,OAAA,CAAAC,WAAA,GAAAA,WAAA"}
|
|
@@ -8,7 +8,7 @@ var _misc = require("../../../utils/misc");
|
|
|
8
8
|
var _par = require("../../../utils/par");
|
|
9
9
|
var _logging = require("../../../utils/logging");
|
|
10
10
|
var _errors = require("../../../utils/errors");
|
|
11
|
-
var
|
|
11
|
+
var _startUserAuthorization = require("../common/02-start-user-authorization");
|
|
12
12
|
const startUserAuthorization = async (issuerConf, credentialIds, proof, ctx) => {
|
|
13
13
|
const {
|
|
14
14
|
wiaCryptoContext,
|
|
@@ -24,12 +24,12 @@ const startUserAuthorization = async (issuerConf, credentialIds, proof, ctx) =>
|
|
|
24
24
|
const codeVerifier = (0, _misc.generateRandomAlphaNumericString)(64);
|
|
25
25
|
const parEndpoint = issuerConf.pushed_authorization_request_endpoint;
|
|
26
26
|
const aud = issuerConf.credential_issuer;
|
|
27
|
-
const responseMode = (0,
|
|
27
|
+
const responseMode = (0, _startUserAuthorization.selectResponseMode)(issuerConf, credentialIds);
|
|
28
28
|
const getPar = (0, _par.makeParRequest)({
|
|
29
29
|
wiaCryptoContext,
|
|
30
30
|
appFetch
|
|
31
31
|
});
|
|
32
|
-
const credentialDefinition = credentialIds.map(c => (0,
|
|
32
|
+
const credentialDefinition = credentialIds.map(c => (0, _startUserAuthorization.selectCredentialDefinition)(issuerConf, c));
|
|
33
33
|
if (proof.proofType === "mrtd-pop") {
|
|
34
34
|
/**
|
|
35
35
|
* When we requests a PID using eID Substantial Authentication with MRTD Verification, we must include
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_misc","require","_par","_logging","_errors","
|
|
1
|
+
{"version":3,"names":["_misc","require","_par","_logging","_errors","_startUserAuthorization","startUserAuthorization","issuerConf","credentialIds","proof","ctx","wiaCryptoContext","walletInstanceAttestation","redirectUri","appFetch","fetch","clientId","getPublicKey","then","_","kid","Logger","log","LogLevel","ERROR","IoWalletError","codeVerifier","generateRandomAlphaNumericString","parEndpoint","pushed_authorization_request_endpoint","aud","credential_issuer","responseMode","selectResponseMode","getPar","makeParRequest","credentialDefinition","map","c","selectCredentialDefinition","proofType","push","type","idphinting","idpHinting","challenge_method","challenge_redirect_uri","issuerRequestUri","authorizationDetails","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.0.0/02-start-user-authorization.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,QAAA,GAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AAEA,IAAAI,uBAAA,GAAAJ,OAAA;AAKO,MAAMK,sBAA6D,GACxE,MAAAA,CAAOC,UAAU,EAAEC,aAAa,EAAEC,KAAK,EAAEC,GAAG,KAAK;EAC/C,MAAM;IACJC,gBAAgB;IAChBC,yBAAyB;IACzBC,WAAW;IACXC,QAAQ,GAAGC;EACb,CAAC,GAAGL,GAAG;EAEP,MAAMM,QAAQ,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,GAAG,CAAC;EAEzE,IAAI,CAACJ,QAAQ,EAAE;IACbK,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,kCAAiCR,QAAS,0BAC7C,CAAC;IACD,MAAM,IAAIS,qBAAa,CAAC,qBAAqB,CAAC;EAChD;EACA,MAAMC,YAAY,GAAG,IAAAC,sCAAgC,EAAC,EAAE,CAAC;EACzD,MAAMC,WAAW,GAAGrB,UAAU,CAACsB,qCAAqC;EACpE,MAAMC,GAAG,GAAGvB,UAAU,CAACwB,iBAAiB;EACxC,MAAMC,YAAY,GAAG,IAAAC,0CAAkB,EAAC1B,UAAU,EAAEC,aAAa,CAAC;EAClE,MAAM0B,MAAM,GAAG,IAAAC,mBAAc,EAAC;IAAExB,gBAAgB;IAAEG;EAAS,CAAC,CAAC;EAE7D,MAAMsB,oBAAoB,GAAG5B,aAAa,CAAC6B,GAAG,CAAEC,CAAC,IAC/C,IAAAC,kDAA0B,EAAChC,UAAU,EAAE+B,CAAC,CAC1C,CAAC;EAED,IAAI7B,KAAK,CAAC+B,SAAS,KAAK,UAAU,EAAE;IAClC;AACN;AACA;AACA;AACA;AACA;IACMJ,oBAAoB,CAACK,IAAI,CAAC;MACxBC,IAAI,EAAE,sBAAsB;MAC5BC,UAAU,EAAElC,KAAK,CAACmC,UAAU;MAC5BC,gBAAgB,EAAE,UAAU;MAC5BC,sBAAsB,EAAEjC;IAC1B,CAAC,CAAC;EACJ;EAEA,MAAMkC,gBAAgB,GAAG,MAAMb,MAAM,CACnCN,WAAW,EACXhB,yBAAyB,EACzB;IACEkB,GAAG;IACHd,QAAQ;IACRU,YAAY;IACZb,WAAW;IACXmB,YAAY;IACZgB,oBAAoB,EAAEZ;EACxB,CACF,CAAC;EAED,OAAO;IAAEW,gBAAgB;IAAE/B,QAAQ;IAAEU,YAAY;IAAEU;EAAqB,CAAC;AAC3E,CAAC;AAACa,OAAA,CAAA3C,sBAAA,GAAAA,sBAAA"}
|
|
@@ -23,7 +23,7 @@ const Issuance = {
|
|
|
23
23
|
obtainCredential: _obtainCredential.obtainCredential,
|
|
24
24
|
obtainCredentialsBatch: _obtainCredential.obtainCredentialsBatch,
|
|
25
25
|
verifyAndParseCredential: _verifyAndParseCredential.verifyAndParseCredential,
|
|
26
|
-
MRTDPoP: _mrtdPop.
|
|
26
|
+
MRTDPoP: _mrtdPop.MRTDPoPv1_0
|
|
27
27
|
};
|
|
28
28
|
exports.Issuance = Issuance;
|
|
29
29
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_evaluateIssuerTrust","require","_startUserAuthorization","_completeUserAuthorization","_authorizeAccess","_obtainCredential","_verifyAndParseCredential","_mrtdPop","Issuance","evaluateIssuerTrust","startUserAuthorization","buildAuthorizationUrl","completeUserAuthorizationWithQueryMode","continueUserAuthorizationWithMRTDPoPChallenge","getRequestedCredentialToBePresented","completeUserAuthorizationWithFormPostJwtMode","authorizeAccess","obtainCredential","obtainCredentialsBatch","verifyAndParseCredential","MRTDPoP","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.0.0/index.ts"],"mappings":";;;;;;AACA,IAAAA,oBAAA,GAAAC,OAAA;AACA,IAAAC,uBAAA,GAAAD,OAAA;AACA,IAAAE,0BAAA,GAAAF,OAAA;AAOA,IAAAG,gBAAA,GAAAH,OAAA;AACA,IAAAI,iBAAA,GAAAJ,OAAA;AAIA,IAAAK,yBAAA,GAAAL,OAAA;AACA,IAAAM,QAAA,GAAAN,OAAA;AAEO,MAAMO,QAAqB,GAAG;EACnCC,mBAAmB,EAAnBA,wCAAmB;EACnBC,sBAAsB,EAAtBA,8CAAsB;EACtBC,qBAAqB,EAArBA,gDAAqB;EACrBC,sCAAsC,EAAtCA,iEAAsC;EACtCC,6CAA6C,EAA7CA,wEAA6C;EAC7CC,mCAAmC,EAAnCA,8DAAmC;EACnCC,4CAA4C,EAA5CA,uEAA4C;EAC5CC,eAAe,EAAfA,gCAAe;EACfC,gBAAgB,EAAhBA,kCAAgB;EAChBC,sBAAsB,EAAtBA,wCAAsB;EACtBC,wBAAwB,EAAxBA,kDAAwB;EACxBC,OAAO,
|
|
1
|
+
{"version":3,"names":["_evaluateIssuerTrust","require","_startUserAuthorization","_completeUserAuthorization","_authorizeAccess","_obtainCredential","_verifyAndParseCredential","_mrtdPop","Issuance","evaluateIssuerTrust","startUserAuthorization","buildAuthorizationUrl","completeUserAuthorizationWithQueryMode","continueUserAuthorizationWithMRTDPoPChallenge","getRequestedCredentialToBePresented","completeUserAuthorizationWithFormPostJwtMode","authorizeAccess","obtainCredential","obtainCredentialsBatch","verifyAndParseCredential","MRTDPoP","MRTDPoPv1_0","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.0.0/index.ts"],"mappings":";;;;;;AACA,IAAAA,oBAAA,GAAAC,OAAA;AACA,IAAAC,uBAAA,GAAAD,OAAA;AACA,IAAAE,0BAAA,GAAAF,OAAA;AAOA,IAAAG,gBAAA,GAAAH,OAAA;AACA,IAAAI,iBAAA,GAAAJ,OAAA;AAIA,IAAAK,yBAAA,GAAAL,OAAA;AACA,IAAAM,QAAA,GAAAN,OAAA;AAEO,MAAMO,QAAqB,GAAG;EACnCC,mBAAmB,EAAnBA,wCAAmB;EACnBC,sBAAsB,EAAtBA,8CAAsB;EACtBC,qBAAqB,EAArBA,gDAAqB;EACrBC,sCAAsC,EAAtCA,iEAAsC;EACtCC,6CAA6C,EAA7CA,wEAA6C;EAC7CC,mCAAmC,EAAnCA,8DAAmC;EACnCC,4CAA4C,EAA5CA,uEAA4C;EAC5CC,eAAe,EAAfA,gCAAe;EACfC,gBAAgB,EAAhBA,kCAAgB;EAChBC,sBAAsB,EAAtBA,wCAAsB;EACtBC,wBAAwB,EAAxBA,kDAAwB;EACxBC,OAAO,EAAEC;AACX,CAAC;AAACC,OAAA,CAAAd,QAAA,GAAAA,QAAA"}
|
|
@@ -16,7 +16,7 @@ const mapToIssuerConfig = (0, _mappers.createMapper)(x => {
|
|
|
16
16
|
credential_endpoint: openid_credential_issuer.credential_endpoint,
|
|
17
17
|
credential_issuer: openid_credential_issuer.credential_issuer,
|
|
18
18
|
credential_configurations_supported: openid_credential_issuer.credential_configurations_supported,
|
|
19
|
-
keys: openid_credential_issuer.jwks.keys,
|
|
19
|
+
keys: [...openid_credential_issuer.jwks.keys, ...oauth_authorization_server.jwks.keys],
|
|
20
20
|
pushed_authorization_request_endpoint: oauth_authorization_server.pushed_authorization_request_endpoint,
|
|
21
21
|
token_endpoint: oauth_authorization_server.token_endpoint,
|
|
22
22
|
status_assertion_endpoint: openid_credential_issuer.status_attestation_endpoint,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_mappers","require","mapToIssuerConfig","createMapper","x","oauth_authorization_server","openid_credential_issuer","federation_entity","payload","metadata","authorization_endpoint","credential_endpoint","credential_issuer","credential_configurations_supported","keys","jwks","pushed_authorization_request_endpoint","token_endpoint","status_assertion_endpoint","status_attestation_endpoint","nonce_endpoint","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.0.0/mappers.ts"],"mappings":";;;;;;AACA,IAAAA,QAAA,GAAAC,OAAA;AAGO,MAAMC,iBAAiB,GAAG,IAAAC,qBAAY,EAG1CC,CAAC,IAAK;EACP,MAAM;IACJC,0BAA0B;IAC1BC,wBAAwB;IACxBC;EACF,CAAC,GAAGH,CAAC,CAACI,OAAO,CAACC,QAAQ;EACtB,OAAO;IACLC,sBAAsB,EAAEL,0BAA0B,CAACK,sBAAsB;IACzEC,mBAAmB,EAAEL,wBAAwB,CAACK,mBAAmB;IACjEC,iBAAiB,EAAEN,wBAAwB,CAACM,iBAAiB;IAC7DC,mCAAmC,EACjCP,wBAAwB,CAACO,mCAAmC;IAC9DC,IAAI,
|
|
1
|
+
{"version":3,"names":["_mappers","require","mapToIssuerConfig","createMapper","x","oauth_authorization_server","openid_credential_issuer","federation_entity","payload","metadata","authorization_endpoint","credential_endpoint","credential_issuer","credential_configurations_supported","keys","jwks","pushed_authorization_request_endpoint","token_endpoint","status_assertion_endpoint","status_attestation_endpoint","nonce_endpoint","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.0.0/mappers.ts"],"mappings":";;;;;;AACA,IAAAA,QAAA,GAAAC,OAAA;AAGO,MAAMC,iBAAiB,GAAG,IAAAC,qBAAY,EAG1CC,CAAC,IAAK;EACP,MAAM;IACJC,0BAA0B;IAC1BC,wBAAwB;IACxBC;EACF,CAAC,GAAGH,CAAC,CAACI,OAAO,CAACC,QAAQ;EACtB,OAAO;IACLC,sBAAsB,EAAEL,0BAA0B,CAACK,sBAAsB;IACzEC,mBAAmB,EAAEL,wBAAwB,CAACK,mBAAmB;IACjEC,iBAAiB,EAAEN,wBAAwB,CAACM,iBAAiB;IAC7DC,mCAAmC,EACjCP,wBAAwB,CAACO,mCAAmC;IAC9DC,IAAI,EAAE,CACJ,GAAGR,wBAAwB,CAACS,IAAI,CAACD,IAAI,EACrC,GAAGT,0BAA0B,CAACU,IAAI,CAACD,IAAI,CACxC;IACDE,qCAAqC,EACnCX,0BAA0B,CAACW,qCAAqC;IAClEC,cAAc,EAAEZ,0BAA0B,CAACY,cAAc;IACzDC,yBAAyB,EACvBZ,wBAAwB,CAACa,2BAA2B;IACtDC,cAAc,EAAEd,wBAAwB,CAACc,cAAc;IACvDb;EACF,CAAC;AACH,CAAC,CAAC;AAACc,OAAA,CAAAnB,iBAAA,GAAAA,iBAAA"}
|
|
@@ -5,7 +5,6 @@ Object.defineProperty(exports, "__esModule", {
|
|
|
5
5
|
});
|
|
6
6
|
exports.evaluateIssuerTrust = void 0;
|
|
7
7
|
var _ioWalletOid4vci = require("@pagopa/io-wallet-oid4vci");
|
|
8
|
-
var _callbacks = require("../../../utils/callbacks");
|
|
9
8
|
var _config = require("../../../utils/config");
|
|
10
9
|
var _mappers = require("./mappers");
|
|
11
10
|
const evaluateIssuerTrust = async function (issuerUrl) {
|
|
@@ -14,7 +13,6 @@ const evaluateIssuerTrust = async function (issuerUrl) {
|
|
|
14
13
|
config: _config.sdkConfigV1_3,
|
|
15
14
|
credentialIssuerUrl: issuerUrl,
|
|
16
15
|
callbacks: {
|
|
17
|
-
..._callbacks.partialCallbacks,
|
|
18
16
|
fetch: context.appFetch
|
|
19
17
|
}
|
|
20
18
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioWalletOid4vci","require","
|
|
1
|
+
{"version":3,"names":["_ioWalletOid4vci","require","_config","_mappers","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerMetadata","fetchMetadata","config","sdkConfigV1_3","credentialIssuerUrl","callbacks","fetch","appFetch","issuerConf","mapToIssuerConfig","exports"],"sourceRoot":"../../../../../src","sources":["credential/issuance/v1.3.3/01-evaluate-issuer-trust.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAIA,IAAAC,OAAA,GAAAD,OAAA;AAEA,IAAAE,QAAA,GAAAF,OAAA;AAEO,MAAMG,mBAAuD,GAAG,eAAAA,CACrEC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,cAAc,GAAI,MAAM,IAAAC,8BAAa,EAAC;IAC1CC,MAAM,EAAEC,qBAAa;IACrBC,mBAAmB,EAAET,SAAS;IAC9BU,SAAS,EAAE;MACTC,KAAK,EAAEV,OAAO,CAACW;IACjB;EACF,CAAC,CAA0B;EAE3B,OAAO;IAAEC,UAAU,EAAE,IAAAC,0BAAiB,EAACT,cAAc;EAAE,CAAC;AAC1D,CAAC;AAACU,OAAA,CAAAhB,mBAAA,GAAAA,mBAAA"}
|