@pagopa/io-react-native-wallet 3.2.0 → 3.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/credential/issuance/common/02-start-user-authorization.js +4 -3
- package/lib/commonjs/credential/issuance/common/02-start-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/common/06-verify-and-parse-credential.sdjwt.js +37 -8
- package/lib/commonjs/credential/issuance/common/06-verify-and-parse-credential.sdjwt.js.map +1 -1
- package/lib/commonjs/credential/issuance/mrtd-pop/02-init-challenge.js +46 -38
- package/lib/commonjs/credential/issuance/mrtd-pop/02-init-challenge.js.map +1 -1
- package/lib/commonjs/credential/issuance/mrtd-pop/03-validate-challenge.js +58 -51
- package/lib/commonjs/credential/issuance/mrtd-pop/03-validate-challenge.js.map +1 -1
- package/lib/commonjs/credential/issuance/mrtd-pop/index.js +21 -5
- package/lib/commonjs/credential/issuance/mrtd-pop/index.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.0.0/02-start-user-authorization.js +3 -3
- package/lib/commonjs/credential/issuance/v1.0.0/02-start-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.0.0/index.js +1 -1
- package/lib/commonjs/credential/issuance/v1.0.0/index.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.0.0/mappers.js +1 -1
- package/lib/commonjs/credential/issuance/v1.0.0/mappers.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js +0 -2
- package/lib/commonjs/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/02-start-user-authorization.js +20 -16
- package/lib/commonjs/credential/issuance/v1.3.3/02-start-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/04-authorize-access.js +20 -19
- package/lib/commonjs/credential/issuance/v1.3.3/04-authorize-access.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/05-obtain-credential.js +4 -6
- package/lib/commonjs/credential/issuance/v1.3.3/05-obtain-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/06-verify-and-parse-credential.js +4 -1
- package/lib/commonjs/credential/issuance/v1.3.3/06-verify-and-parse-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/index.js +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/index.js.map +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/mappers.js +1 -1
- package/lib/commonjs/credential/issuance/v1.3.3/mappers.js.map +1 -1
- package/lib/commonjs/credential/presentation/{v1.3.3/utils.mdoc.js → common/utils/mdoc.js} +2 -2
- package/lib/commonjs/credential/presentation/common/utils/mdoc.js.map +1 -0
- package/lib/commonjs/credential/presentation/v1.3.3/06-evaluate-dcql-query.js +2 -2
- package/lib/commonjs/credential/presentation/v1.3.3/06-evaluate-dcql-query.js.map +1 -1
- package/lib/commonjs/credential/status/README.md +3 -2
- package/lib/commonjs/credential/status/v1.3.3/01-status-list.js +27 -5
- package/lib/commonjs/credential/status/v1.3.3/01-status-list.js.map +1 -1
- package/lib/commonjs/credential/status/v1.3.3/02-verify-and-parse-status-list.js +17 -6
- package/lib/commonjs/credential/status/v1.3.3/02-verify-and-parse-status-list.js.map +1 -1
- package/lib/commonjs/mdoc/index.js +3 -24
- package/lib/commonjs/mdoc/index.js.map +1 -1
- package/lib/commonjs/sd-jwt/__test__/types.test.js +2 -14
- package/lib/commonjs/sd-jwt/__test__/types.test.js.map +1 -1
- package/lib/commonjs/sd-jwt/__test__/utils.test.js +0 -12
- package/lib/commonjs/sd-jwt/__test__/utils.test.js.map +1 -1
- package/lib/commonjs/sd-jwt/types.js +1 -14
- package/lib/commonjs/sd-jwt/types.js.map +1 -1
- package/lib/commonjs/utils/callbacks.js +20 -1
- package/lib/commonjs/utils/callbacks.js.map +1 -1
- package/lib/commonjs/utils/x509.js +34 -0
- package/lib/commonjs/utils/x509.js.map +1 -0
- package/lib/commonjs/wallet-instance-attestation/api/types.js +0 -2
- package/lib/commonjs/wallet-instance-attestation/api/types.js.map +1 -1
- package/lib/commonjs/wallet-instance-attestation/v1.3.3/mappers.js +1 -14
- package/lib/commonjs/wallet-instance-attestation/v1.3.3/mappers.js.map +1 -1
- package/lib/commonjs/wallet-instance-attestation/v1.3.3/types.js +2 -7
- package/lib/commonjs/wallet-instance-attestation/v1.3.3/types.js.map +1 -1
- package/lib/commonjs/wallet-unit-attestation/api/types.js +0 -11
- package/lib/commonjs/wallet-unit-attestation/api/types.js.map +1 -1
- package/lib/module/credential/issuance/common/02-start-user-authorization.js +4 -3
- package/lib/module/credential/issuance/common/02-start-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/common/06-verify-and-parse-credential.sdjwt.js +39 -10
- package/lib/module/credential/issuance/common/06-verify-and-parse-credential.sdjwt.js.map +1 -1
- package/lib/module/credential/issuance/mrtd-pop/02-init-challenge.js +47 -34
- package/lib/module/credential/issuance/mrtd-pop/02-init-challenge.js.map +1 -1
- package/lib/module/credential/issuance/mrtd-pop/03-validate-challenge.js +58 -47
- package/lib/module/credential/issuance/mrtd-pop/03-validate-challenge.js.map +1 -1
- package/lib/module/credential/issuance/mrtd-pop/index.js +20 -5
- package/lib/module/credential/issuance/mrtd-pop/index.js.map +1 -1
- package/lib/module/credential/issuance/v1.0.0/02-start-user-authorization.js +1 -1
- package/lib/module/credential/issuance/v1.0.0/02-start-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/v1.0.0/index.js +2 -2
- package/lib/module/credential/issuance/v1.0.0/index.js.map +1 -1
- package/lib/module/credential/issuance/v1.0.0/mappers.js +1 -1
- package/lib/module/credential/issuance/v1.0.0/mappers.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js +0 -2
- package/lib/module/credential/issuance/v1.3.3/01-evaluate-issuer-trust.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/02-start-user-authorization.js +20 -16
- package/lib/module/credential/issuance/v1.3.3/02-start-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/04-authorize-access.js +22 -19
- package/lib/module/credential/issuance/v1.3.3/04-authorize-access.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/05-obtain-credential.js +5 -7
- package/lib/module/credential/issuance/v1.3.3/05-obtain-credential.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/06-verify-and-parse-credential.js +4 -1
- package/lib/module/credential/issuance/v1.3.3/06-verify-and-parse-credential.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/index.js +2 -2
- package/lib/module/credential/issuance/v1.3.3/index.js.map +1 -1
- package/lib/module/credential/issuance/v1.3.3/mappers.js +1 -1
- package/lib/module/credential/issuance/v1.3.3/mappers.js.map +1 -1
- package/lib/module/credential/presentation/{v1.3.3/utils.mdoc.js → common/utils/mdoc.js} +2 -2
- package/lib/module/credential/presentation/common/utils/mdoc.js.map +1 -0
- package/lib/module/credential/presentation/v1.3.3/06-evaluate-dcql-query.js +2 -3
- package/lib/module/credential/presentation/v1.3.3/06-evaluate-dcql-query.js.map +1 -1
- package/lib/module/credential/status/README.md +3 -2
- package/lib/module/credential/status/v1.3.3/01-status-list.js +27 -5
- package/lib/module/credential/status/v1.3.3/01-status-list.js.map +1 -1
- package/lib/module/credential/status/v1.3.3/02-verify-and-parse-status-list.js +17 -6
- package/lib/module/credential/status/v1.3.3/02-verify-and-parse-status-list.js.map +1 -1
- package/lib/module/mdoc/index.js +3 -24
- package/lib/module/mdoc/index.js.map +1 -1
- package/lib/module/sd-jwt/__test__/types.test.js +2 -14
- package/lib/module/sd-jwt/__test__/types.test.js.map +1 -1
- package/lib/module/sd-jwt/__test__/utils.test.js +0 -12
- package/lib/module/sd-jwt/__test__/utils.test.js.map +1 -1
- package/lib/module/sd-jwt/types.js +1 -14
- package/lib/module/sd-jwt/types.js.map +1 -1
- package/lib/module/utils/callbacks.js +19 -1
- package/lib/module/utils/callbacks.js.map +1 -1
- package/lib/module/utils/x509.js +28 -0
- package/lib/module/utils/x509.js.map +1 -0
- package/lib/module/wallet-instance-attestation/api/types.js +0 -2
- package/lib/module/wallet-instance-attestation/api/types.js.map +1 -1
- package/lib/module/wallet-instance-attestation/v1.3.3/mappers.js +1 -14
- package/lib/module/wallet-instance-attestation/v1.3.3/mappers.js.map +1 -1
- package/lib/module/wallet-instance-attestation/v1.3.3/types.js +2 -7
- package/lib/module/wallet-instance-attestation/v1.3.3/types.js.map +1 -1
- package/lib/module/wallet-unit-attestation/api/types.js +0 -11
- package/lib/module/wallet-unit-attestation/api/types.js.map +1 -1
- package/lib/typescript/credential/issuance/api/06-verify-and-parse-credential.d.ts +4 -0
- package/lib/typescript/credential/issuance/api/06-verify-and-parse-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/common/02-start-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/common/06-verify-and-parse-credential.sdjwt.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/mrtd-pop/02-init-challenge.d.ts +12 -1
- package/lib/typescript/credential/issuance/mrtd-pop/02-init-challenge.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/mrtd-pop/03-validate-challenge.d.ts +12 -1
- package/lib/typescript/credential/issuance/mrtd-pop/03-validate-challenge.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/mrtd-pop/index.d.ts +2 -1
- package/lib/typescript/credential/issuance/mrtd-pop/index.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.0.0/mappers.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/01-evaluate-issuer-trust.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/02-start-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/04-authorize-access.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/05-obtain-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/06-verify-and-parse-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/v1.3.3/mappers.d.ts.map +1 -1
- package/lib/typescript/credential/presentation/{v1.3.3/utils.mdoc.d.ts → common/utils/mdoc.d.ts} +2 -2
- package/lib/typescript/credential/presentation/common/utils/mdoc.d.ts.map +1 -0
- package/lib/typescript/credential/presentation/v1.3.3/06-evaluate-dcql-query.d.ts.map +1 -1
- package/lib/typescript/credential/status/api/status-list.d.ts +8 -4
- package/lib/typescript/credential/status/api/status-list.d.ts.map +1 -1
- package/lib/typescript/credential/status/v1.3.3/01-status-list.d.ts.map +1 -1
- package/lib/typescript/credential/status/v1.3.3/02-verify-and-parse-status-list.d.ts.map +1 -1
- package/lib/typescript/mdoc/index.d.ts +1 -1
- package/lib/typescript/mdoc/index.d.ts.map +1 -1
- package/lib/typescript/mdoc/utils.d.ts +0 -24
- package/lib/typescript/mdoc/utils.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/types.d.ts +0 -12
- package/lib/typescript/sd-jwt/types.d.ts.map +1 -1
- package/lib/typescript/utils/callbacks.d.ts +7 -0
- package/lib/typescript/utils/callbacks.d.ts.map +1 -1
- package/lib/typescript/utils/x509.d.ts +10 -0
- package/lib/typescript/utils/x509.d.ts.map +1 -0
- package/lib/typescript/wallet-instance-attestation/api/types.d.ts +0 -2
- package/lib/typescript/wallet-instance-attestation/api/types.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/v1.0.0/mappers.d.ts +0 -2
- package/lib/typescript/wallet-instance-attestation/v1.0.0/mappers.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/v1.3.3/mappers.d.ts +2 -9
- package/lib/typescript/wallet-instance-attestation/v1.3.3/mappers.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/v1.3.3/types.d.ts +2 -7
- package/lib/typescript/wallet-instance-attestation/v1.3.3/types.d.ts.map +1 -1
- package/lib/typescript/wallet-unit-attestation/api/types.d.ts +0 -11
- package/lib/typescript/wallet-unit-attestation/api/types.d.ts.map +1 -1
- package/lib/typescript/wallet-unit-attestation/v1.3.3/mappers.d.ts +0 -22
- package/lib/typescript/wallet-unit-attestation/v1.3.3/mappers.d.ts.map +1 -1
- package/lib/typescript/wallet-unit-attestation/v1.3.3/types.d.ts +0 -11
- package/lib/typescript/wallet-unit-attestation/v1.3.3/types.d.ts.map +1 -1
- package/package.json +6 -6
- package/src/credential/issuance/api/06-verify-and-parse-credential.ts +4 -0
- package/src/credential/issuance/common/02-start-user-authorization.ts +6 -3
- package/src/credential/issuance/common/06-verify-and-parse-credential.sdjwt.ts +42 -9
- package/src/credential/issuance/mrtd-pop/02-init-challenge.ts +69 -45
- package/src/credential/issuance/mrtd-pop/03-validate-challenge.ts +84 -62
- package/src/credential/issuance/mrtd-pop/index.ts +13 -5
- package/src/credential/issuance/v1.0.0/02-start-user-authorization.ts +1 -1
- package/src/credential/issuance/v1.0.0/index.ts +2 -2
- package/src/credential/issuance/v1.0.0/mappers.ts +4 -1
- package/src/credential/issuance/v1.3.3/01-evaluate-issuer-trust.ts +0 -2
- package/src/credential/issuance/v1.3.3/02-start-user-authorization.ts +24 -20
- package/src/credential/issuance/v1.3.3/04-authorize-access.ts +28 -23
- package/src/credential/issuance/v1.3.3/05-obtain-credential.ts +8 -8
- package/src/credential/issuance/v1.3.3/06-verify-and-parse-credential.ts +2 -1
- package/src/credential/issuance/v1.3.3/index.ts +2 -2
- package/src/credential/issuance/v1.3.3/mappers.ts +4 -1
- package/src/credential/presentation/{v1.3.3/utils.mdoc.ts → common/utils/mdoc.ts} +2 -2
- package/src/credential/presentation/v1.3.3/06-evaluate-dcql-query.ts +3 -3
- package/src/credential/status/README.md +3 -2
- package/src/credential/status/api/status-list.ts +10 -7
- package/src/credential/status/v1.3.3/01-status-list.ts +21 -7
- package/src/credential/status/v1.3.3/02-verify-and-parse-status-list.ts +19 -5
- package/src/mdoc/index.ts +5 -41
- package/src/sd-jwt/__test__/types.test.ts +1 -13
- package/src/sd-jwt/__test__/utils.test.ts +0 -12
- package/src/sd-jwt/types.ts +0 -13
- package/src/utils/callbacks.ts +28 -1
- package/src/utils/x509.ts +43 -0
- package/src/wallet-instance-attestation/api/types.ts +0 -2
- package/src/wallet-instance-attestation/v1.3.3/mappers.ts +3 -11
- package/src/wallet-instance-attestation/v1.3.3/types.ts +2 -7
- package/src/wallet-unit-attestation/api/types.ts +0 -11
- package/lib/commonjs/credential/issuance/common/authorization.js +0 -56
- package/lib/commonjs/credential/issuance/common/authorization.js.map +0 -1
- package/lib/commonjs/credential/presentation/v1.3.3/utils.mdoc.js.map +0 -1
- package/lib/module/credential/issuance/common/authorization.js +0 -48
- package/lib/module/credential/issuance/common/authorization.js.map +0 -1
- package/lib/module/credential/presentation/v1.3.3/utils.mdoc.js.map +0 -1
- package/lib/typescript/credential/issuance/common/authorization.d.ts +0 -21
- package/lib/typescript/credential/issuance/common/authorization.d.ts.map +0 -1
- package/lib/typescript/credential/presentation/v1.3.3/utils.mdoc.d.ts.map +0 -1
- package/src/credential/issuance/common/authorization.ts +0 -89
|
@@ -10,11 +10,11 @@ var _exportNames = {
|
|
|
10
10
|
exports.verify = exports.prepareVpTokenMdoc = void 0;
|
|
11
11
|
var _ioReactNativeIso = require("@pagopa/io-react-native-iso18013");
|
|
12
12
|
var _jsrsasign = require("jsrsasign");
|
|
13
|
-
var _ioReactNativeCrypto = require("@pagopa/io-react-native-crypto");
|
|
14
13
|
var _errors = require("../trust/common/errors");
|
|
15
14
|
var _errors2 = require("../utils/errors");
|
|
16
15
|
var _crypto = require("../utils/crypto");
|
|
17
16
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
17
|
+
var _x = require("../utils/x509");
|
|
18
18
|
var _utils = require("./utils");
|
|
19
19
|
Object.keys(_utils).forEach(function (key) {
|
|
20
20
|
if (key === "default" || key === "__esModule") return;
|
|
@@ -39,7 +39,7 @@ const verify = async (token, x509CertRoot) => {
|
|
|
39
39
|
}
|
|
40
40
|
const x5chain = issuerSigned.issuerAuth.unprotectedHeader.x5chain.map(_jsrsasign.b64utob64);
|
|
41
41
|
// Verify the x5chain
|
|
42
|
-
await
|
|
42
|
+
await (0, _x.verifyX509Chain)(x5chain, x509CertRoot);
|
|
43
43
|
const coseSign1 = issuerSigned.issuerAuth.rawValue;
|
|
44
44
|
if (!coseSign1) {
|
|
45
45
|
throw new _errors2.IoWalletError("Missing coseSign1");
|
|
@@ -51,28 +51,6 @@ const verify = async (token, x509CertRoot) => {
|
|
|
51
51
|
};
|
|
52
52
|
};
|
|
53
53
|
|
|
54
|
-
/**
|
|
55
|
-
* This function checks whether the x509 certificate chain is valid against a specified Certificate Authority (CA)
|
|
56
|
-
*
|
|
57
|
-
* @param x5chain The mdoc's x509 certificate chain
|
|
58
|
-
* @param x509CertRoot The Trust Anchor CA
|
|
59
|
-
* @param options Options for certificate validation
|
|
60
|
-
*/
|
|
61
|
-
exports.verify = verify;
|
|
62
|
-
const verifyX5chain = async function (x5chain, x509CertRoot) {
|
|
63
|
-
let options = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {
|
|
64
|
-
connectTimeout: 10000,
|
|
65
|
-
readTimeout: 10000,
|
|
66
|
-
requireCrl: true
|
|
67
|
-
};
|
|
68
|
-
const x509ValidationResult = await (0, _ioReactNativeCrypto.verifyCertificateChain)(x5chain, x509CertRoot, options);
|
|
69
|
-
if (!x509ValidationResult.isValid) {
|
|
70
|
-
throw new _errors.X509ValidationError(`X.509 certificate chain validation failed. Status: ${x509ValidationResult.validationStatus}. Error: ${x509ValidationResult.errorMessage}`, {
|
|
71
|
-
x509ValidationStatus: x509ValidationResult.validationStatus,
|
|
72
|
-
x509ErrorMessage: x509ValidationResult.errorMessage
|
|
73
|
-
});
|
|
74
|
-
}
|
|
75
|
-
};
|
|
76
54
|
/**
|
|
77
55
|
* This function verifies that the signature is valid for the given certificate.
|
|
78
56
|
* If not, it throws an error
|
|
@@ -80,6 +58,7 @@ const verifyX5chain = async function (x5chain, x509CertRoot) {
|
|
|
80
58
|
* @param coseSign1 The COSE-Sign1 object encoded in base64 or base64url
|
|
81
59
|
* @param cert The `x5chain`'s leaf certificate
|
|
82
60
|
*/
|
|
61
|
+
exports.verify = verify;
|
|
83
62
|
const verifyMdocSignature = async (coseSign1, cert) => {
|
|
84
63
|
const pemcert = (0, _crypto.convertBase64DerToPem)(cert);
|
|
85
64
|
const jwk = (0, _crypto.getSigninJwkFromCert)(pemcert);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeIso","require","_jsrsasign","
|
|
1
|
+
{"version":3,"names":["_ioReactNativeIso","require","_jsrsasign","_errors","_errors2","_crypto","_ioReactNativeJwt","_x","_utils","Object","keys","forEach","key","prototype","hasOwnProperty","call","_exportNames","exports","defineProperty","enumerable","get","verify","token","x509CertRoot","_issuerSigned$issuerA","issuerSigned","CBOR","decodeIssuerSigned","IoWalletError","issuerAuth","unprotectedHeader","x5chain","Array","isArray","length","MissingX509CertsError","map","b64utob64","verifyX509Chain","coseSign1","rawValue","verifyMdocSignature","cert","pemcert","convertBase64DerToPem","jwk","getSigninJwkFromCert","x","y","signatureCorrect","COSE","Error","prepareVpTokenMdoc","requestNonce","generatedNonce","clientId","responseUri","docType","keyTag","_ref","verifiableCredential","presentationFrame","documents","issuerSignedContent","alias","vp_token","ISO18013_7","generateOID4VPDeviceResponse","removePadding"],"sourceRoot":"../../../src","sources":["mdoc/index.ts"],"mappings":";;;;;;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,OAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAEA,IAAAK,iBAAA,GAAAL,OAAA;AACA,IAAAM,EAAA,GAAAN,OAAA;AACA,IAAAO,MAAA,GAAAP,OAAA;AAAAQ,MAAA,CAAAC,IAAA,CAAAF,MAAA,EAAAG,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAC,YAAA,EAAAJ,GAAA;EAAA,IAAAA,GAAA,IAAAK,OAAA,IAAAA,OAAA,CAAAL,GAAA,MAAAJ,MAAA,CAAAI,GAAA;EAAAH,MAAA,CAAAS,cAAA,CAAAD,OAAA,EAAAL,GAAA;IAAAO,UAAA;IAAAC,GAAA,WAAAA,CAAA;MAAA,OAAAZ,MAAA,CAAAI,GAAA;IAAA;EAAA;AAAA;AAEO,MAAMS,MAAM,GAAG,MAAAA,CACpBC,KAAa,EACbC,YAAoB,KAC6B;EAAA,IAAAC,qBAAA;EACjD;EACA,MAAMC,YAAY,GAAG,MAAMC,sBAAI,CAACC,kBAAkB,CAACL,KAAK,CAAC;EAEzD,IAAI,CAACG,YAAY,EAAE;IACjB,MAAM,IAAIG,sBAAa,CAAC,cAAc,CAAC;EACzC;EAEA,IACE,GAAAJ,qBAAA,GAACC,YAAY,CAACI,UAAU,CAACC,iBAAiB,cAAAN,qBAAA,eAAzCA,qBAAA,CAA2CO,OAAO,MAClD,CAACC,KAAK,CAACC,OAAO,CAACR,YAAY,CAACI,UAAU,CAACC,iBAAiB,CAACC,OAAO,CAAC,IAChEN,YAAY,CAACI,UAAU,CAACC,iBAAiB,CAACC,OAAO,CAACG,MAAM,KAAK,CAAC,CAAC,EACjE;IACA,MAAM,IAAIC,6BAAqB,CAAC,2BAA2B,CAAC;EAC9D;EACA,MAAMJ,OAAO,GACXN,YAAY,CAACI,UAAU,CAACC,iBAAiB,CAACC,OAAO,CAACK,GAAG,CAACC,oBAAS,CAAC;EAClE;EACA,MAAM,IAAAC,kBAAe,EAACP,OAAO,EAAER,YAAY,CAAC;EAE5C,MAAMgB,SAAS,GAAGd,YAAY,CAACI,UAAU,CAACW,QAAQ;EAElD,IAAI,CAACD,SAAS,EAAE;IACd,MAAM,IAAIX,sBAAa,CAAC,mBAAmB,CAAC;EAC9C;EACA;EACA,MAAMa,mBAAmB,CAACF,SAAS,EAAER,OAAO,CAAC,CAAC,CAAE,CAAC;EAEjD,OAAO;IAAEN;EAAa,CAAC;AACzB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AANAR,OAAA,CAAAI,MAAA,GAAAA,MAAA;AAOA,MAAMoB,mBAAmB,GAAG,MAAAA,CAAOF,SAAiB,EAAEG,IAAY,KAAK;EACrE,MAAMC,OAAO,GAAG,IAAAC,6BAAqB,EAACF,IAAI,CAAC;EAC3C,MAAMG,GAAG,GAAG,IAAAC,4BAAoB,EAACH,OAAO,CAAC;EAEzCE,GAAG,CAACE,CAAC,GAAG,IAAAV,oBAAS,EAACQ,GAAG,CAACE,CAAE,CAAC;EACzBF,GAAG,CAACG,CAAC,GAAG,IAAAX,oBAAS,EAACQ,GAAG,CAACG,CAAE,CAAC;EAEzB,MAAMC,gBAAgB,GAAG,MAAMC,sBAAI,CAAC7B,MAAM,CAACkB,SAAS,EAAEM,GAAgB,CAAC;EAEvE,IAAI,CAACI,gBAAgB,EAAE,MAAM,IAAIE,KAAK,CAAC,wBAAwB,CAAC;AAClE,CAAC;AAEM,MAAMC,kBAAkB,GAAG,MAAAA,CAChCC,YAAoB,EACpBC,cAAsB,EACtBC,QAAgB,EAChBC,WAAmB,EACnBC,OAAe,EACfC,MAAc,EAAAC,IAAA,KAIV;EAAA,IAHJ,CAACC,oBAAoB,EAAEC,iBAAiB,CAAe,GAAAF,IAAA;EAIvD;EACA,MAAMG,SAAS,GAAG,CAChB;IACEC,mBAAmB,EAAE,IAAA1B,oBAAS,EAACuB,oBAAoB,CAAC;IACpDI,KAAK,EAAEN,MAAM;IACbD;EACF,CAAC,CACF;;EAED;EACA;EACA,MAAMQ,QAAQ,GAAG,MAAMC,4BAAU,CAACC,4BAA4B,CAC5DZ,QAAQ,EACRC,WAAW,EACXH,YAAY,EACZC,cAAc,EACdQ,SAAS,EACTD,iBACF,CAAC;EAED,OAAO;IACLI,QAAQ,EAAE,IAAAG,+BAAa,EAACH,QAAQ;EAClC,CAAC;AACH,CAAC;AAAChD,OAAA,CAAAmC,kBAAA,GAAAA,kBAAA"}
|
|
@@ -23,20 +23,8 @@ describe("Verification.time", () => {
|
|
|
23
23
|
});
|
|
24
24
|
it("rejects invalid type", () => {
|
|
25
25
|
const value = {
|
|
26
|
-
trust_framework: "eidas",
|
|
27
|
-
assurance_level: "high"
|
|
28
|
-
evidence: [{
|
|
29
|
-
type: "vouch",
|
|
30
|
-
time: null,
|
|
31
|
-
attestation: {
|
|
32
|
-
type: "digital_attestation",
|
|
33
|
-
reference_number: "abc",
|
|
34
|
-
date_of_issuance: "2025-09-02",
|
|
35
|
-
voucher: {
|
|
36
|
-
organization: "IPZS"
|
|
37
|
-
}
|
|
38
|
-
}
|
|
39
|
-
}]
|
|
26
|
+
trust_framework: ["eidas"],
|
|
27
|
+
assurance_level: "high"
|
|
40
28
|
};
|
|
41
29
|
expect(_types.Verification.safeParse(value).success).toBe(false);
|
|
42
30
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_types","require","describe","test","each","_label","time","value","trust_framework","assurance_level","evidence","type","attestation","reference_number","date_of_issuance","voucher","organization","expect","Verification","safeParse","success","toBe","it"],"sourceRoot":"../../../../src","sources":["sd-jwt/__test__/types.test.ts"],"mappings":";;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAEAC,QAAQ,CAAC,mBAAmB,EAAE,MAAM;EAClCC,IAAI,CAACC,IAAI,CAAC,CACR,CAAC,YAAY,EAAE,sBAAsB,CAAC,EACtC,CAAC,cAAc,EAAE,UAAU,CAAC,EAC5B,CAAC,mBAAmB,EAAE,aAAa,CAAC,CACrC,CAAC,CAAC,YAAY,EAAE,CAACC,MAAM,EAAEC,IAAI,KAAK;IACjC,MAAMC,KAAK,GAAG;MACZC,eAAe,EAAE,OAAO;MACxBC,eAAe,EAAE,MAAM;MACvBC,QAAQ,EAAE,CACR;QACEC,IAAI,EAAE,OAAO;QACbL,IAAI;QACJM,WAAW,EAAE;UACXD,IAAI,EAAE,qBAAqB;UAC3BE,gBAAgB,EAAE,KAAK;UACvBC,gBAAgB,EAAE,YAAY;UAC9BC,OAAO,EAAE;YAAEC,YAAY,EAAE;UAAO;QAClC;MACF,CAAC;IAEL,CAAC;IAEDC,MAAM,CAACC,mBAAY,CAACC,SAAS,CAACZ,KAAK,CAAC,CAACa,OAAO,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;EAC1D,CAAC,CAAC;EAEFC,EAAE,CAAC,sBAAsB,EAAE,MAAM;IAC/B,MAAMf,KAAK,GAAG;MACZC,eAAe,EAAE,
|
|
1
|
+
{"version":3,"names":["_types","require","describe","test","each","_label","time","value","trust_framework","assurance_level","evidence","type","attestation","reference_number","date_of_issuance","voucher","organization","expect","Verification","safeParse","success","toBe","it"],"sourceRoot":"../../../../src","sources":["sd-jwt/__test__/types.test.ts"],"mappings":";;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAEAC,QAAQ,CAAC,mBAAmB,EAAE,MAAM;EAClCC,IAAI,CAACC,IAAI,CAAC,CACR,CAAC,YAAY,EAAE,sBAAsB,CAAC,EACtC,CAAC,cAAc,EAAE,UAAU,CAAC,EAC5B,CAAC,mBAAmB,EAAE,aAAa,CAAC,CACrC,CAAC,CAAC,YAAY,EAAE,CAACC,MAAM,EAAEC,IAAI,KAAK;IACjC,MAAMC,KAAK,GAAG;MACZC,eAAe,EAAE,OAAO;MACxBC,eAAe,EAAE,MAAM;MACvBC,QAAQ,EAAE,CACR;QACEC,IAAI,EAAE,OAAO;QACbL,IAAI;QACJM,WAAW,EAAE;UACXD,IAAI,EAAE,qBAAqB;UAC3BE,gBAAgB,EAAE,KAAK;UACvBC,gBAAgB,EAAE,YAAY;UAC9BC,OAAO,EAAE;YAAEC,YAAY,EAAE;UAAO;QAClC;MACF,CAAC;IAEL,CAAC;IAEDC,MAAM,CAACC,mBAAY,CAACC,SAAS,CAACZ,KAAK,CAAC,CAACa,OAAO,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;EAC1D,CAAC,CAAC;EAEFC,EAAE,CAAC,sBAAsB,EAAE,MAAM;IAC/B,MAAMf,KAAK,GAAG;MACZC,eAAe,EAAE,CAAC,OAAO,CAAC;MAC1BC,eAAe,EAAE;IACnB,CAAC;IAEDQ,MAAM,CAACC,mBAAY,CAACC,SAAS,CAACZ,KAAK,CAAC,CAACa,OAAO,CAAC,CAACC,IAAI,CAAC,KAAK,CAAC;EAC3D,CAAC,CAAC;AACJ,CAAC,CAAC"}
|
|
@@ -5,18 +5,6 @@ var _ = require("..");
|
|
|
5
5
|
describe("SD-JWT getVerification", () => {
|
|
6
6
|
it("extracts the verification claims correctly", () => {
|
|
7
7
|
expect((0, _.getVerification)(_sdJwt.pid)).toEqual({
|
|
8
|
-
evidence: [{
|
|
9
|
-
attestation: {
|
|
10
|
-
date_of_issuance: "2025-06-23",
|
|
11
|
-
voucher: {
|
|
12
|
-
organization: "Ministero dell'Interno"
|
|
13
|
-
},
|
|
14
|
-
type: "digital_attestation",
|
|
15
|
-
reference_number: "123456789"
|
|
16
|
-
},
|
|
17
|
-
time: "2025-06-23T13:14:25Z",
|
|
18
|
-
type: "vouch"
|
|
19
|
-
}],
|
|
20
8
|
trust_framework: "it_cie",
|
|
21
9
|
assurance_level: "high"
|
|
22
10
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_sdJwt","require","_","describe","it","expect","getVerification","pid","toEqual","
|
|
1
|
+
{"version":3,"names":["_sdJwt","require","_","describe","it","expect","getVerification","pid","toEqual","trust_framework","assurance_level","legacyPid","toBeUndefined"],"sourceRoot":"../../../../src","sources":["sd-jwt/__test__/utils.test.ts"],"mappings":";;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,CAAA,GAAAD,OAAA;AAEAE,QAAQ,CAAC,wBAAwB,EAAE,MAAM;EACvCC,EAAE,CAAC,4CAA4C,EAAE,MAAM;IACrDC,MAAM,CAAC,IAAAC,iBAAe,EAACC,UAAG,CAAC,CAAC,CAACC,OAAO,CAAC;MACnCC,eAAe,EAAE,QAAQ;MACzBC,eAAe,EAAE;IACnB,CAAC,CAAC;EACJ,CAAC,CAAC;EAEFN,EAAE,CAAC,4DAA4D,EAAE,MAAM;IACrEC,MAAM,CAAC,IAAAC,iBAAe,EAACK,gBAAS,CAAC,CAAC,CAACC,aAAa,CAAC,CAAC;EACpD,CAAC,CAAC;AACJ,CAAC,CAAC"}
|
|
@@ -64,20 +64,7 @@ const SdJwt4VCBase = _zod.z.object({
|
|
|
64
64
|
exports.SdJwt4VCBase = SdJwt4VCBase;
|
|
65
65
|
const Verification = _zod.z.object({
|
|
66
66
|
trust_framework: _zod.z.string(),
|
|
67
|
-
assurance_level: _zod.z.string()
|
|
68
|
-
evidence: _zod.z.array(_zod.z.object({
|
|
69
|
-
type: _zod.z.literal("vouch"),
|
|
70
|
-
// Support both string and UNIX timestamp for backward compatibility
|
|
71
|
-
time: _zod.z.union([_zod.z.string(), _zod.z.number()]),
|
|
72
|
-
attestation: _zod.z.object({
|
|
73
|
-
type: _zod.z.literal("digital_attestation"),
|
|
74
|
-
reference_number: _zod.z.string(),
|
|
75
|
-
date_of_issuance: _zod.z.string(),
|
|
76
|
-
voucher: _zod.z.object({
|
|
77
|
-
organization: _zod.z.string()
|
|
78
|
-
})
|
|
79
|
-
})
|
|
80
|
-
}))
|
|
67
|
+
assurance_level: _zod.z.string()
|
|
81
68
|
});
|
|
82
69
|
|
|
83
70
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_zod","require","_zod2","_jwk","LEGACY_SD_JWT","exports","StatusAssertion","z","object","credential_hash_alg","literal","StatusList","idx","string","uri","SdJwt4VCBase","header","typ","enum","alg","kid","trust_chain","array","optional","x5c","vctm","payload","_sd","_sd_alg","iss","sub","iat","UnixTime","exp","cnf","jwk","JWK","status","union","status_list","status_assertion","vct","Verification","trust_framework","assurance_level","
|
|
1
|
+
{"version":3,"names":["_zod","require","_zod2","_jwk","LEGACY_SD_JWT","exports","StatusAssertion","z","object","credential_hash_alg","literal","StatusList","idx","string","uri","SdJwt4VCBase","header","typ","enum","alg","kid","trust_chain","array","optional","x5c","vctm","payload","_sd","_sd_alg","iss","sub","iat","UnixTime","exp","cnf","jwk","JWK","status","union","status_list","status_assertion","vct","Verification","trust_framework","assurance_level","TypeMetadata","name","description","data_source","authentic_source","organization_name","organization_code","contacts","homepage_uri","url","logo_uri"],"sourceRoot":"../../../src","sources":["sd-jwt/types.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,IAAA,GAAAF,OAAA;AAEA;AACA;AACA;AACA;;AAEO,MAAMG,aAAa,GAAG,WAAW;AAACC,OAAA,CAAAD,aAAA,GAAAA,aAAA;AAEzC,MAAME,eAAe,GAAGC,MAAC,CAACC,MAAM,CAAC;EAC/BC,mBAAmB,EAAEF,MAAC,CAACG,OAAO,CAAC,SAAS;AAC1C,CAAC,CAAC;AAEF,MAAMC,UAAU,GAAGJ,MAAC,CAACC,MAAM,CAAC;EAC1BI,GAAG,EAAEL,MAAC,CAACM,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEP,MAAC,CAACM,MAAM,CAAC;AAChB,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAEO,MAAME,YAAY,GAAGR,MAAC,CAACC,MAAM,CAAC;EACnCQ,MAAM,EAAET,MAAC,CAACC,MAAM,CAAC;IACfS,GAAG,EAAEV,MAAC,CAACW,IAAI,CAAC,CAAC,WAAW,EAAEd,aAAa,CAAC,CAAC;IACzCe,GAAG,EAAEZ,MAAC,CAACM,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEb,MAAC,CAACM,MAAM,CAAC,CAAC;IACfQ,WAAW,EAAEd,MAAC,CAACe,KAAK,CAACf,MAAC,CAACM,MAAM,CAAC,CAAC,CAAC,CAACU,QAAQ,CAAC,CAAC;IAC3CC,GAAG,EAAEjB,MAAC,CAACe,KAAK,CAACf,MAAC,CAACM,MAAM,CAAC,CAAC,CAAC,CAACU,QAAQ,CAAC,CAAC;IACnCE,IAAI,EAAElB,MAAC,CAACe,KAAK,CAACf,MAAC,CAACM,MAAM,CAAC,CAAC,CAAC,CAACU,QAAQ,CAAC;EACrC,CAAC,CAAC;EACFG,OAAO,EAAEnB,MAAC,CAACC,MAAM,CAAC;IAChBmB,GAAG,EAAEpB,MAAC,CAACe,KAAK,CAACf,MAAC,CAACM,MAAM,CAAC,CAAC,CAAC;IACxBe,OAAO,EAAErB,MAAC,CAACG,OAAO,CAAC,SAAS,CAAC;IAC7BmB,GAAG,EAAEtB,MAAC,CAACM,MAAM,CAAC,CAAC;IACfiB,GAAG,EAAEvB,MAAC,CAACM,MAAM,CAAC,CAAC;IACfkB,GAAG,EAAEC,cAAQ,CAACT,QAAQ,CAAC,CAAC;IACxBU,GAAG,EAAED,cAAQ;IACbE,GAAG,EAAE3B,MAAC,CAACC,MAAM,CAAC;MACZ2B,GAAG,EAAEC;IACP,CAAC,CAAC;IACFC,MAAM,EAAE9B,MAAC,CAAC+B,KAAK,CAAC,CACd/B,MAAC,CAACC,MAAM,CAAC;MACP+B,WAAW,EAAE5B;IACf,CAAC,CAAC,EACFJ,MAAC,CAACC,MAAM,CAAC;MACP;MACAgC,gBAAgB,EAAElC;IACpB,CAAC,CAAC,CACH,CAAC;IACFmC,GAAG,EAAElC,MAAC,CAACM,MAAM,CAAC,CAAC;IACf,eAAe,EAAEN,MAAC,CAACM,MAAM,CAAC,CAAC,CAACU,QAAQ,CAAC;EACvC,CAAC;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AAHAlB,OAAA,CAAAU,YAAA,GAAAA,YAAA;AAKO,MAAM2B,YAAY,GAAGnC,MAAC,CAACC,MAAM,CAAC;EACnCmC,eAAe,EAAEpC,MAAC,CAACM,MAAM,CAAC,CAAC;EAC3B+B,eAAe,EAAErC,MAAC,CAACM,MAAM,CAAC;AAC5B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AAJAR,OAAA,CAAAqC,YAAA,GAAAA,YAAA;AAMO,MAAMG,YAAY,GAAGtC,MAAC,CAACC,MAAM,CAAC;EACnCsC,IAAI,EAAEvC,MAAC,CAACM,MAAM,CAAC,CAAC;EAChBkC,WAAW,EAAExC,MAAC,CAACM,MAAM,CAAC,CAAC;EACvBmC,WAAW,EAAEzC,MAAC,CAACC,MAAM,CAAC;IACpBmC,eAAe,EAAEpC,MAAC,CAACM,MAAM,CAAC,CAAC;IAC3BoC,gBAAgB,EAAE1C,MAAC,CAACC,MAAM,CAAC;MACzB0C,iBAAiB,EAAE3C,MAAC,CAACM,MAAM,CAAC,CAAC;MAC7BsC,iBAAiB,EAAE5C,MAAC,CAACM,MAAM,CAAC,CAAC;MAC7BuC,QAAQ,EAAE7C,MAAC,CAACe,KAAK,CAACf,MAAC,CAACM,MAAM,CAAC,CAAC,CAAC;MAC7BwC,YAAY,EAAE9C,MAAC,CAACM,MAAM,CAAC,CAAC,CAACyC,GAAG,CAAC,CAAC;MAC9BC,QAAQ,EAAEhD,MAAC,CAACM,MAAM,CAAC,CAAC,CAACyC,GAAG,CAAC;IAC3B,CAAC;EACH,CAAC;AACH,CAAC,CAAC;AAACjD,OAAA,CAAAwC,YAAA,GAAAA,YAAA"}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.partialCallbacks = exports.createVerifyJwtFromJwks = void 0;
|
|
6
|
+
exports.partialCallbacks = exports.createVerifyJwtFromJwks = exports.createSignJwtFromCryptoContext = void 0;
|
|
7
7
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
8
8
|
var _cryptoNodejs = require("@sd-jwt/crypto-nodejs");
|
|
9
9
|
var _jsrsasign = require("jsrsasign");
|
|
@@ -118,5 +118,24 @@ const createVerifyJwtFromJwks = jwks => {
|
|
|
118
118
|
}
|
|
119
119
|
};
|
|
120
120
|
};
|
|
121
|
+
|
|
122
|
+
/**
|
|
123
|
+
* Create a signJwt implementation that signs a JWT using the provided CryptoContext.
|
|
124
|
+
* @param cryptoContext The CryptoContext to use for signing the JWT
|
|
125
|
+
* @returns Function that implements `signJwt` callback
|
|
126
|
+
*/
|
|
121
127
|
exports.createVerifyJwtFromJwks = createVerifyJwtFromJwks;
|
|
128
|
+
const createSignJwtFromCryptoContext = cryptoContext => {
|
|
129
|
+
return async function signJwt(jwtSigner, _ref2) {
|
|
130
|
+
let {
|
|
131
|
+
header,
|
|
132
|
+
payload
|
|
133
|
+
} = _ref2;
|
|
134
|
+
return {
|
|
135
|
+
jwt: await new _ioReactNativeJwt.SignJWT(cryptoContext).setProtectedHeader(header).setPayload(payload).sign(),
|
|
136
|
+
signerJwk: jwtSigner.method === "jwk" ? jwtSigner.publicJwk : await cryptoContext.getPublicKey()
|
|
137
|
+
};
|
|
138
|
+
};
|
|
139
|
+
};
|
|
140
|
+
exports.createSignJwtFromCryptoContext = createSignJwtFromCryptoContext;
|
|
122
141
|
//# sourceMappingURL=callbacks.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_cryptoNodejs","_jsrsasign","_errors","_misc","_crypto","getJwkFromSigner","signer","method","getJwkFromCertificateChain","x5c","assert","trustChain","length","getJwkFromTrustChain","kid","publicJwk","IoWalletError","partialCallbacks","generateRandom","generateRandomBytes","hash","digest","encryptJwe","_ref","data","alg","enc","jwe","EncryptJwe","encrypt","encryptionJwk","verifyJwt","jwtSigner","jwt","signerJwk","verify","compact","verified","decryptJwe","getX509CertificateMetadata","certificate","x509","X509","readCertPEM","sanExt","getExtSubjectAltName","sanDnsNames","sanUriNames","item","array","push","dns","uri","exports","createVerifyJwtFromJwks","jwks","_","getJwkFromHeader","header"],"sourceRoot":"../../../src","sources":["utils/callbacks.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_cryptoNodejs","_jsrsasign","_errors","_misc","_crypto","getJwkFromSigner","signer","method","getJwkFromCertificateChain","x5c","assert","trustChain","length","getJwkFromTrustChain","kid","publicJwk","IoWalletError","partialCallbacks","generateRandom","generateRandomBytes","hash","digest","encryptJwe","_ref","data","alg","enc","jwe","EncryptJwe","encrypt","encryptionJwk","verifyJwt","jwtSigner","jwt","signerJwk","verify","compact","verified","decryptJwe","getX509CertificateMetadata","certificate","x509","X509","readCertPEM","sanExt","getExtSubjectAltName","sanDnsNames","sanUriNames","item","array","push","dns","uri","exports","createVerifyJwtFromJwks","jwks","_","getJwkFromHeader","header","createSignJwtFromCryptoContext","cryptoContext","signJwt","_ref2","payload","SignJWT","setProtectedHeader","setPayload","sign","getPublicKey"],"sourceRoot":"../../../src","sources":["utils/callbacks.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAQA,IAAAC,aAAA,GAAAD,OAAA;AACA,IAAAE,UAAA,GAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,KAAA,GAAAJ,OAAA;AAEA,IAAAK,OAAA,GAAAL,OAAA;AAOA;;AAMA;AACA;AACA;AACA;AACA;AACA,MAAMM,gBAAgB,GAAG,MAAOC,MAAiB,IAAmB;EAClE,QAAQA,MAAM,CAACC,MAAM;IACnB,KAAK,KAAK;MACR,OAAO,IAAAC,kCAA0B,EAACF,MAAM,CAACG,GAAG,CAAC;IAC/C,KAAK,YAAY;MAAE;QACjB,IAAAC,YAAM,EACJJ,MAAM,CAACK,UAAU,IAAIL,MAAM,CAACK,UAAU,CAACC,MAAM,GAAG,CAAC,EACjD,+CACF,CAAC;QACD,OAAO,IAAAC,4BAAoB,EAACP,MAAM,CAACK,UAAU,EAAEL,MAAM,CAACQ,GAAG,CAAC;MAC5D;IACA,KAAK,KAAK;MACR,OAAOR,MAAM,CAACS,SAAS;IACzB;MACE,MAAM,IAAIC,qBAAa,CAAE,8BAA6BV,MAAM,CAACC,MAAO,EAAC,CAAC;EAC1E;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACO,MAAMU,gBAAwC,GAAG;EACtDC,cAAc,EAAEC,yBAAmB;EACnCC,IAAI,EAAEC,oBAAqB;EAC3BC,UAAU,EAAE,MAAAA,CAAAC,IAAA,EAAqCC,IAAI;IAAA,IAAlC;MAAET,SAAS;MAAEU,GAAG;MAAEC,GAAG;MAAEZ;IAAI,CAAC,GAAAS,IAAA;IAAA,OAAY;MACzD;MACAI,GAAG,EAAE,MAAM,IAAIC,4BAAU,CAACJ,IAAI,EAAE;QAAEC,GAAG;QAAEC,GAAG;QAAEZ;MAAI,CAAC,CAAC,CAACe,OAAO,CAACd,SAAS,CAAC;MACrEe,aAAa,EAAEf;IACjB,CAAC;EAAA,CAAC;EACFgB,SAAS,EAAE,MAAAA,CAAOC,SAAS,EAAEC,GAAG,KAAK;IACnC,IAAI;MACF,MAAMC,SAAS,GAAG,MAAM7B,gBAAgB,CAAC2B,SAAS,CAAC;MACnD,MAAM,IAAAG,wBAAM,EAACF,GAAG,CAACG,OAAO,EAAEF,SAAS,CAAC;MACpC,OAAO;QAAEG,QAAQ,EAAE,IAAI;QAAEH;MAAU,CAAC;IACtC,CAAC,CAAC,MAAM;MACN,OAAO;QAAEG,QAAQ,EAAE;MAAM,CAAC;IAC5B;EACF,CAAC;EACDC,UAAU,EAAEA,CAAA,KAAM;IAChB,MAAM,IAAItB,qBAAa,CAAC,+BAA+B,CAAC;EAC1D,CAAC;EACDuB,0BAA0B,EAAGC,WAAW,IAAK;IAC3C,MAAMC,IAAI,GAAG,IAAIC,eAAI,CAAC,CAAC;IACvBD,IAAI,CAACE,WAAW,CAACH,WAAW,CAAC;IAC7B,MAAMI,MAAM,GAAGH,IAAI,CAACI,oBAAoB,CAACL,WAAW,CAAC;IAErD,MAAMM,WAAqB,GAAG,EAAE;IAChC,MAAMC,WAAqB,GAAG,EAAE;IAEhC,KAAK,MAAMC,IAAI,IAAIJ,MAAM,CAACK,KAAK,EAAE;MAC/B,IAAI,CAACD,IAAI,EAAE;MACX,IAAI,KAAK,IAAIA,IAAI,EAAEF,WAAW,CAACI,IAAI,CAACF,IAAI,CAACG,GAAG,CAAC;MAC7C,IAAI,KAAK,IAAIH,IAAI,EAAED,WAAW,CAACG,IAAI,CAACF,IAAI,CAACI,GAAG,CAAC;IAC/C;IAEA,OAAO;MAAEN,WAAW;MAAEC;IAAY,CAAC;EACrC;AACF,CAAC;AAACM,OAAA,CAAApC,gBAAA,GAAAA,gBAAA;AAIF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMqC,uBAAuB,GAClCC,IAAW,IACsB;EACjC,OAAO,eAAexB,SAASA,CAACyB,CAAC,EAAEvB,GAAG,EAAE;IACtC,IAAI;MACF,MAAMC,SAAS,GAAG,IAAAuB,kCAAgB,EAACxB,GAAG,CAACyB,MAAM,EAAeH,IAAI,CAAC;MACjE,MAAM,IAAApB,wBAAM,EAACF,GAAG,CAACG,OAAO,EAAEF,SAAS,CAAC;MACpC,OAAO;QAAEG,QAAQ,EAAE,IAAI;QAAEH;MAAU,CAAC;IACtC,CAAC,CAAC,MAAM;MACN,OAAO;QAAEG,QAAQ,EAAE;MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AAJAgB,OAAA,CAAAC,uBAAA,GAAAA,uBAAA;AAKO,MAAMK,8BAA8B,GACzCC,aAA4B,IACG;EAC/B,OAAO,eAAeC,OAAOA,CAAC7B,SAAS,EAAA8B,KAAA,EAAuB;IAAA,IAArB;MAAEJ,MAAM;MAAEK;IAAQ,CAAC,GAAAD,KAAA;IAC1D,OAAO;MACL7B,GAAG,EAAE,MAAM,IAAI+B,yBAAO,CAACJ,aAAa,CAAC,CAClCK,kBAAkB,CAACP,MAAM,CAAC,CAC1BQ,UAAU,CAACH,OAAO,CAAC,CACnBI,IAAI,CAAC,CAAC;MACTjC,SAAS,EACPF,SAAS,CAACzB,MAAM,KAAK,KAAK,GACtByB,SAAS,CAACjB,SAAS,GACnB,MAAM6C,aAAa,CAACQ,YAAY,CAAC;IACzC,CAAC;EACH,CAAC;AACH,CAAC;AAACf,OAAA,CAAAM,8BAAA,GAAAA,8BAAA"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
|
4
|
+
value: true
|
|
5
|
+
});
|
|
6
|
+
exports.verifyX509Chain = void 0;
|
|
7
|
+
var _ioReactNativeCrypto = require("@pagopa/io-react-native-crypto");
|
|
8
|
+
var _errors = require("../trust/common/errors");
|
|
9
|
+
/**
|
|
10
|
+
* This function checks whether the x509 certificate chain is valid against a specified Certificate Authority (CA)
|
|
11
|
+
*
|
|
12
|
+
* @param x5chain The mdoc's x509 certificate chain
|
|
13
|
+
* @param x509CertRoot The Trust Anchor CA
|
|
14
|
+
* @param options Options for certificate validation
|
|
15
|
+
*/
|
|
16
|
+
const verifyX509Chain = async function (x5chain, x509CertRoot) {
|
|
17
|
+
let options = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {
|
|
18
|
+
connectTimeout: 10000,
|
|
19
|
+
readTimeout: 10000,
|
|
20
|
+
requireCrl: true
|
|
21
|
+
};
|
|
22
|
+
// Strip the trust anchor from the chain if the issuer included it,
|
|
23
|
+
// since verifyCertificateChain expects it passed separately.
|
|
24
|
+
const certChain = x5chain.length > 1 && x5chain.at(-1) === x509CertRoot ? x5chain.slice(0, -1) : x5chain;
|
|
25
|
+
const x509ValidationResult = await (0, _ioReactNativeCrypto.verifyCertificateChain)(certChain, x509CertRoot, options);
|
|
26
|
+
if (!x509ValidationResult.isValid) {
|
|
27
|
+
throw new _errors.X509ValidationError(`X.509 certificate chain validation failed. Status: ${x509ValidationResult.validationStatus}. Error: ${x509ValidationResult.errorMessage}`, {
|
|
28
|
+
x509ValidationStatus: x509ValidationResult.validationStatus,
|
|
29
|
+
x509ErrorMessage: x509ValidationResult.errorMessage
|
|
30
|
+
});
|
|
31
|
+
}
|
|
32
|
+
};
|
|
33
|
+
exports.verifyX509Chain = verifyX509Chain;
|
|
34
|
+
//# sourceMappingURL=x509.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["_ioReactNativeCrypto","require","_errors","verifyX509Chain","x5chain","x509CertRoot","options","arguments","length","undefined","connectTimeout","readTimeout","requireCrl","certChain","at","slice","x509ValidationResult","verifyCertificateChain","isValid","X509ValidationError","validationStatus","errorMessage","x509ValidationStatus","x509ErrorMessage","exports"],"sourceRoot":"../../../src","sources":["utils/x509.ts"],"mappings":";;;;;;AAAA,IAAAA,oBAAA,GAAAC,OAAA;AAKA,IAAAC,OAAA,GAAAD,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAME,eAAe,GAAG,eAAAA,CAC7BC,OAAiB,EACjBC,YAAoB,EAMjB;EAAA,IALHC,OAA+B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG;IAChCG,cAAc,EAAE,KAAK;IACrBC,WAAW,EAAE,KAAK;IAClBC,UAAU,EAAE;EACd,CAAC;EAED;EACA;EACA,MAAMC,SAAS,GACbT,OAAO,CAACI,MAAM,GAAG,CAAC,IAAIJ,OAAO,CAACU,EAAE,CAAC,CAAC,CAAC,CAAC,KAAKT,YAAY,GACjDD,OAAO,CAACW,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GACpBX,OAAO;EAEb,MAAMY,oBAAiD,GACrD,MAAM,IAAAC,2CAAsB,EAACJ,SAAS,EAAER,YAAY,EAAEC,OAAO,CAAC;EAEhE,IAAI,CAACU,oBAAoB,CAACE,OAAO,EAAE;IACjC,MAAM,IAAIC,2BAAmB,CAC1B,sDAAqDH,oBAAoB,CAACI,gBAAiB,YAAWJ,oBAAoB,CAACK,YAAa,EAAC,EAC1I;MACEC,oBAAoB,EAAEN,oBAAoB,CAACI,gBAAgB;MAC3DG,gBAAgB,EAAEP,oBAAoB,CAACK;IACzC,CACF,CAAC;EACH;AACF,CAAC;AAACG,OAAA,CAAArB,eAAA,GAAAA,eAAA"}
|
|
@@ -22,8 +22,6 @@ const DecodedWalletInstanceAttestation = z.object({
|
|
|
22
22
|
jwk: _jwk.JWK
|
|
23
23
|
}),
|
|
24
24
|
sub: z.string(),
|
|
25
|
-
wallet_provider_name: z.string().optional(),
|
|
26
|
-
wallet_solution_id: z.string().optional(),
|
|
27
25
|
/** @deprecated */
|
|
28
26
|
wallet_link: z.string().optional(),
|
|
29
27
|
/** @deprecated */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","_interopRequireWildcard","require","_zod2","_jwk","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","DecodedWalletInstanceAttestation","object","iss","string","iat","UnixTime","exp","cnf","jwk","JWK","sub","
|
|
1
|
+
{"version":3,"names":["z","_interopRequireWildcard","require","_zod2","_jwk","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","DecodedWalletInstanceAttestation","object","iss","string","iat","UnixTime","exp","cnf","jwk","JWK","sub","wallet_link","optional","wallet_name","aal","exports"],"sourceRoot":"../../../../src","sources":["wallet-instance-attestation/api/types.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,IAAA,GAAAF,OAAA;AAAsC,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEtC;AACA;AACA;AACA;;AAIO,MAAMW,gCAAgC,GAAG3B,CAAC,CAAC4B,MAAM,CAAC;EACvDC,GAAG,EAAE7B,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEC,cAAQ;EACbC,GAAG,EAAED,cAAQ;EACbE,GAAG,EAAElC,CAAC,CAAC4B,MAAM,CAAC;IAAEO,GAAG,EAAEC;EAAI,CAAC,CAAC;EAC3BC,GAAG,EAAErC,CAAC,CAAC8B,MAAM,CAAC,CAAC;EACf;EACAQ,WAAW,EAAEtC,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACS,QAAQ,CAAC,CAAC;EAClC;EACAC,WAAW,EAAExC,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACS,QAAQ,CAAC,CAAC;EAClC;EACAE,GAAG,EAAEzC,CAAC,CAAC8B,MAAM,CAAC,CAAC,CAACS,QAAQ,CAAC;AAC3B,CAAC,CAAC;AAACG,OAAA,CAAAf,gCAAA,GAAAA,gCAAA"}
|
|
@@ -6,20 +6,7 @@ Object.defineProperty(exports, "__esModule", {
|
|
|
6
6
|
exports.mapToDecodedWalletInstanceAttestation = void 0;
|
|
7
7
|
var _mappers = require("../../utils/mappers");
|
|
8
8
|
var _types = require("../api/types");
|
|
9
|
-
const mapToDecodedWalletInstanceAttestation = (0, _mappers.createMapper)(
|
|
10
|
-
let {
|
|
11
|
-
payload
|
|
12
|
-
} = _ref;
|
|
13
|
-
const {
|
|
14
|
-
eudi_wallet_info,
|
|
15
|
-
...rest
|
|
16
|
-
} = payload;
|
|
17
|
-
return {
|
|
18
|
-
...rest,
|
|
19
|
-
wallet_provider_name: eudi_wallet_info.general_info.wallet_provider_name,
|
|
20
|
-
wallet_solution_id: eudi_wallet_info.general_info.wallet_solution_id
|
|
21
|
-
};
|
|
22
|
-
}, {
|
|
9
|
+
const mapToDecodedWalletInstanceAttestation = (0, _mappers.createMapper)(x => x.payload, {
|
|
23
10
|
outputSchema: _types.DecodedWalletInstanceAttestation
|
|
24
11
|
});
|
|
25
12
|
exports.mapToDecodedWalletInstanceAttestation = mapToDecodedWalletInstanceAttestation;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_mappers","require","_types","mapToDecodedWalletInstanceAttestation","createMapper","
|
|
1
|
+
{"version":3,"names":["_mappers","require","_types","mapToDecodedWalletInstanceAttestation","createMapper","x","payload","outputSchema","DecodedWalletInstanceAttestation","exports"],"sourceRoot":"../../../../src","sources":["wallet-instance-attestation/v1.3.3/mappers.ts"],"mappings":";;;;;;AAAA,IAAAA,QAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AAGO,MAAME,qCAAqC,GAAG,IAAAC,qBAAY,EAG9DC,CAAC,IAAKA,CAAC,CAACC,OAAO,EAAE;EAClBC,YAAY,EAAEC;AAChB,CAAC,CAAC;AAACC,OAAA,CAAAN,qCAAA,GAAAA,qCAAA"}
|
|
@@ -14,13 +14,8 @@ const WalletInstanceAttestationJwt = z.object({
|
|
|
14
14
|
})),
|
|
15
15
|
payload: z.intersection(_types.Jwt.shape.payload, z.object({
|
|
16
16
|
sub: z.string(),
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
wallet_provider_name: z.string(),
|
|
20
|
-
wallet_solution_id: z.string(),
|
|
21
|
-
wallet_solution_version: z.string()
|
|
22
|
-
})
|
|
23
|
-
})
|
|
17
|
+
wallet_link: z.string().optional(),
|
|
18
|
+
wallet_name: z.string().optional()
|
|
24
19
|
}))
|
|
25
20
|
});
|
|
26
21
|
exports.WalletInstanceAttestationJwt = WalletInstanceAttestationJwt;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","_interopRequireWildcard","require","_types","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","WalletInstanceAttestationJwt","object","header","intersection","Jwt","shape","typ","literal","payload","sub","string","
|
|
1
|
+
{"version":3,"names":["z","_interopRequireWildcard","require","_types","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","WalletInstanceAttestationJwt","object","header","intersection","Jwt","shape","typ","literal","payload","sub","string","wallet_link","optional","wallet_name","exports","WalletInstanceAttestationResponse","wallet_instance_attestation"],"sourceRoot":"../../../../src","sources":["wallet-instance-attestation/v1.3.3/types.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AAAsC,SAAAE,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAK/B,MAAMW,4BAA4B,GAAG1B,CAAC,CAAC2B,MAAM,CAAC;EACnDC,MAAM,EAAE5B,CAAC,CAAC6B,YAAY,CACpBC,UAAG,CAACC,KAAK,CAACH,MAAM,EAChB5B,CAAC,CAAC2B,MAAM,CAAC;IACPK,GAAG,EAAEhC,CAAC,CAACiC,OAAO,CAAC,8BAA8B;EAC/C,CAAC,CACH,CAAC;EACDC,OAAO,EAAElC,CAAC,CAAC6B,YAAY,CACrBC,UAAG,CAACC,KAAK,CAACG,OAAO,EACjBlC,CAAC,CAAC2B,MAAM,CAAC;IACPQ,GAAG,EAAEnC,CAAC,CAACoC,MAAM,CAAC,CAAC;IACfC,WAAW,EAAErC,CAAC,CAACoC,MAAM,CAAC,CAAC,CAACE,QAAQ,CAAC,CAAC;IAClCC,WAAW,EAAEvC,CAAC,CAACoC,MAAM,CAAC,CAAC,CAACE,QAAQ,CAAC;EACnC,CAAC,CACH;AACF,CAAC,CAAC;AAACE,OAAA,CAAAd,4BAAA,GAAAA,4BAAA;AAKI,MAAMe,iCAAiC,GAAGzC,CAAC,CAAC2B,MAAM,CAAC;EACxDe,2BAA2B,EAAE1C,CAAC,CAACoC,MAAM,CAAC;AACxC,CAAC,CAAC;AAACI,OAAA,CAAAC,iCAAA,GAAAA,iCAAA"}
|
|
@@ -26,17 +26,6 @@ const DecodedWalletUnitAttestation = z.object({
|
|
|
26
26
|
user_authentication: z.array(z.string()),
|
|
27
27
|
key_storage: z.array(z.string()),
|
|
28
28
|
status: Status,
|
|
29
|
-
eudi_wallet_info: z.object({
|
|
30
|
-
general_info: z.object({
|
|
31
|
-
wallet_provider_name: z.string(),
|
|
32
|
-
wallet_solution_id: z.string(),
|
|
33
|
-
wallet_solution_version: z.string()
|
|
34
|
-
}),
|
|
35
|
-
key_storage_info: z.object({
|
|
36
|
-
keys_exportable: z.boolean(),
|
|
37
|
-
storage_type: z.string()
|
|
38
|
-
})
|
|
39
|
-
}),
|
|
40
29
|
iss: z.string(),
|
|
41
30
|
iat: _zod2.UnixTime,
|
|
42
31
|
exp: _zod2.UnixTime
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","_interopRequireWildcard","require","_zod2","_jwk","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","Status","object","status_list","idx","number","uri","string","DecodedWalletUnitAttestation","attested_keys","array","JWK","user_authentication","key_storage","status","
|
|
1
|
+
{"version":3,"names":["z","_interopRequireWildcard","require","_zod2","_jwk","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","Status","object","status_list","idx","number","uri","string","DecodedWalletUnitAttestation","attested_keys","array","JWK","user_authentication","key_storage","status","iss","iat","UnixTime","exp","exports"],"sourceRoot":"../../../../src","sources":["wallet-unit-attestation/api/types.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,IAAA,GAAAF,OAAA;AAAsC,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEtC,MAAMW,MAAM,GAAG3B,CAAC,CAAC4B,MAAM,CAAC;EACtBC,WAAW,EAAE7B,CAAC,CAAC4B,MAAM,CAAC;IACpBE,GAAG,EAAE9B,CAAC,CAAC+B,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEhC,CAAC,CAACiC,MAAM,CAAC;EAChB,CAAC;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAIO,MAAMC,4BAA4B,GAAGlC,CAAC,CAAC4B,MAAM,CAAC;EACnDO,aAAa,EAAEnC,CAAC,CAACoC,KAAK,CAACC,QAAG,CAAC;EAC3BC,mBAAmB,EAAEtC,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACiC,MAAM,CAAC,CAAC,CAAC;EACxCM,WAAW,EAAEvC,CAAC,CAACoC,KAAK,CAACpC,CAAC,CAACiC,MAAM,CAAC,CAAC,CAAC;EAChCO,MAAM,EAAEb,MAAM;EACdc,GAAG,EAAEzC,CAAC,CAACiC,MAAM,CAAC,CAAC;EACfS,GAAG,EAAEC,cAAQ;EACbC,GAAG,EAAED;AACP,CAAC,CAAC;AAACE,OAAA,CAAAX,4BAAA,GAAAA,4BAAA"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { IoWalletError } from "../../../utils/errors";
|
|
1
2
|
import { LogLevel, Logger } from "../../../utils/logging";
|
|
2
3
|
/**
|
|
3
4
|
* Ensures that the credential type requested is supported by the issuer and contained in the
|
|
@@ -14,7 +15,7 @@ export const selectCredentialDefinition = (issuerConf, credentialId) => {
|
|
|
14
15
|
}));
|
|
15
16
|
if (!result) {
|
|
16
17
|
Logger.log(LogLevel.ERROR, `Requested credential ${credentialId} is not supported by the issuer according to its configuration ${JSON.stringify(credential_configurations_supported)}`);
|
|
17
|
-
throw new
|
|
18
|
+
throw new IoWalletError(`No credential support the type '${credentialId}'`);
|
|
18
19
|
}
|
|
19
20
|
return result;
|
|
20
21
|
};
|
|
@@ -33,14 +34,14 @@ export const selectResponseMode = (issuerConf, credentialIds) => {
|
|
|
33
34
|
}
|
|
34
35
|
if (responseModeSet.size !== 1) {
|
|
35
36
|
Logger.log(LogLevel.ERROR, `${credentialIds} have incompatible response_mode: ${[...responseModeSet.values()]}`);
|
|
36
|
-
throw new
|
|
37
|
+
throw new IoWalletError("Requested credentials have incompatible response_mode and cannot be requested with the same PAR request");
|
|
37
38
|
}
|
|
38
39
|
const [responseMode] = responseModeSet.values();
|
|
39
40
|
Logger.log(LogLevel.DEBUG, `Selected response mode ${responseMode} for credential IDs ${credentialIds}`);
|
|
40
41
|
const responseModeSupported = issuerConf.response_modes_supported;
|
|
41
42
|
if (responseModeSupported && !responseModeSupported.includes(responseMode)) {
|
|
42
43
|
Logger.log(LogLevel.ERROR, `Requested response mode ${responseMode} is not supported by the issuer according to its configuration ${JSON.stringify(responseModeSupported)}`);
|
|
43
|
-
throw new
|
|
44
|
+
throw new IoWalletError(`No response mode support for IDs '${credentialIds}'`);
|
|
44
45
|
}
|
|
45
46
|
return responseMode;
|
|
46
47
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["LogLevel","Logger","selectCredentialDefinition","issuerConf","credentialId","credential_configurations_supported","result","Object","keys","filter","e","includes","map","credential_configuration_id","type","log","ERROR","JSON","stringify","
|
|
1
|
+
{"version":3,"names":["IoWalletError","LogLevel","Logger","selectCredentialDefinition","issuerConf","credentialId","credential_configurations_supported","result","Object","keys","filter","e","includes","map","credential_configuration_id","type","log","ERROR","JSON","stringify","selectResponseMode","credentialIds","responseModeSet","Set","add","match","size","values","responseMode","DEBUG","responseModeSupported","response_modes_supported"],"sourceRoot":"../../../../../src","sources":["credential/issuance/common/02-start-user-authorization.ts"],"mappings":"AAAA,SAASA,aAAa,QAAQ,uBAAuB;AACrD,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AAMzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,0BAA0B,GAAGA,CACxCC,UAAwB,EACxBC,YAAoB,KACI;EACxB,MAAMC,mCAAmC,GACvCF,UAAU,CAACE,mCAAmC;EAEhD,MAAM,CAACC,MAAM,CAAC,GAAGC,MAAM,CAACC,IAAI,CAACH,mCAAmC,CAAC,CAC9DI,MAAM,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAACP,YAAY,CAAC,CAAC,CACvCQ,GAAG,CAAC,OAAO;IACVC,2BAA2B,EAAET,YAAY;IACzCU,IAAI,EAAE;EACR,CAAC,CAAC,CAAC;EAEL,IAAI,CAACR,MAAM,EAAE;IACXL,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,wBAAuBZ,YAAa,kEAAiEa,IAAI,CAACC,SAAS,CAACb,mCAAmC,CAAE,EAC5J,CAAC;IACD,MAAM,IAAIN,aAAa,CAAE,mCAAkCK,YAAa,GAAE,CAAC;EAC7E;EACA,OAAOE,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMa,kBAAkB,GAAGA,CAChChB,UAAwB,EACxBiB,aAAuB,KACN;EACjB,MAAMC,eAAe,GAAG,IAAIC,GAAG,CAAe,CAAC;EAE/C,KAAK,MAAMlB,YAAY,IAAIgB,aAAa,EAAE;IACxCC,eAAe,CAACE,GAAG,CACjBnB,YAAY,CAACoB,KAAK,CAAC,2BAA2B,CAAC,GAC3C,OAAO,GACP,eACN,CAAC;EACH;EAEA,IAAIH,eAAe,CAACI,IAAI,KAAK,CAAC,EAAE;IAC9BxB,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,GAAEI,aAAc,qCAAoC,CAAC,GAAGC,eAAe,CAACK,MAAM,CAAC,CAAC,CAAE,EACrF,CAAC;IACD,MAAM,IAAI3B,aAAa,CACrB,yGACF,CAAC;EACH;EAEA,MAAM,CAAC4B,YAAY,CAAC,GAAGN,eAAe,CAACK,MAAM,CAAC,CAAC;EAE/CzB,MAAM,CAACc,GAAG,CACRf,QAAQ,CAAC4B,KAAK,EACb,0BAAyBD,YAAa,uBAAsBP,aAAc,EAC7E,CAAC;EAED,MAAMS,qBAAqB,GAAG1B,UAAU,CAAC2B,wBAAwB;EACjE,IAAID,qBAAqB,IAAI,CAACA,qBAAqB,CAAClB,QAAQ,CAACgB,YAAa,CAAC,EAAE;IAC3E1B,MAAM,CAACc,GAAG,CACRf,QAAQ,CAACgB,KAAK,EACb,2BAA0BW,YAAa,kEAAiEV,IAAI,CAACC,SAAS,CAACW,qBAAqB,CAAE,EACjJ,CAAC;IACD,MAAM,IAAI9B,aAAa,CACpB,qCAAoCqB,aAAc,GACrD,CAAC;EACH;EAEA,OAAOO,YAAY;AACrB,CAAC"}
|
|
@@ -1,11 +1,13 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { verify as verifyJwt } from "@pagopa/io-react-native-jwt";
|
|
2
2
|
import { SDJwtInstance } from "@sd-jwt/core";
|
|
3
|
-
import { digest
|
|
3
|
+
import { digest } from "@sd-jwt/crypto-nodejs";
|
|
4
4
|
import { isPathEqual, isPrefixOf } from "../../../utils/parser";
|
|
5
5
|
import { IoWalletError } from "../../../utils/errors";
|
|
6
6
|
import { LogLevel, Logger } from "../../../utils/logging";
|
|
7
7
|
import { isSameThumbprint } from "../../../utils/jwk";
|
|
8
8
|
import { fixLegacyCredentialSdJwt } from "../../../utils/credentials";
|
|
9
|
+
import { verifyX509Chain } from "../../../utils/x509";
|
|
10
|
+
import { MissingX509CertsError } from "../../../trust/common/errors";
|
|
9
11
|
/**
|
|
10
12
|
* Parse a Sd-Jwt credential according to the issuer configuration
|
|
11
13
|
* @param credentialConfig - the list of supported credentials, as defined in the issuer configuration with their claims metadata
|
|
@@ -112,6 +114,23 @@ const parseCredentialSdJwt = function (credentialConfig, parsedCredentialRaw) {
|
|
|
112
114
|
return processLevel(parsedCredentialRaw, []);
|
|
113
115
|
};
|
|
114
116
|
|
|
117
|
+
/**
|
|
118
|
+
* JWT verifier implementing the interface expected by the SD-JWT library.
|
|
119
|
+
* Verification is delegated to `io-react-native-jwt` to leverage its support for multiple algorithms.
|
|
120
|
+
* @returns Boolean indicating whether the verification succeeded or not
|
|
121
|
+
*/
|
|
122
|
+
const sdJwtInstanceVerifier = async (data, signature, options) => {
|
|
123
|
+
if (!(options !== null && options !== void 0 && options.issuerKeys)) {
|
|
124
|
+
return false;
|
|
125
|
+
}
|
|
126
|
+
try {
|
|
127
|
+
await verifyJwt(`${data}.${signature}`, options.issuerKeys);
|
|
128
|
+
return true;
|
|
129
|
+
} catch {
|
|
130
|
+
return false;
|
|
131
|
+
}
|
|
132
|
+
};
|
|
133
|
+
|
|
115
134
|
/**
|
|
116
135
|
* Given a credential, verify it's in the supported format
|
|
117
136
|
* and the credential is correctly signed
|
|
@@ -128,15 +147,13 @@ const parseCredentialSdJwt = function (credentialConfig, parsedCredentialRaw) {
|
|
|
128
147
|
*
|
|
129
148
|
*/
|
|
130
149
|
async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingContext) {
|
|
131
|
-
const {
|
|
132
|
-
protectedHeader
|
|
133
|
-
} = decode(rawCredential);
|
|
134
|
-
const verifierJwk = getJwkFromHeader(protectedHeader, issuerKeys);
|
|
135
150
|
const sdJwtInstance = new SDJwtInstance({
|
|
136
151
|
hasher: digest,
|
|
137
|
-
verifier:
|
|
152
|
+
verifier: sdJwtInstanceVerifier
|
|
138
153
|
});
|
|
139
|
-
const [verifiedCredential, holderBindingKey] = await Promise.all([sdJwtInstance.verify(rawCredential
|
|
154
|
+
const [verifiedCredential, holderBindingKey] = await Promise.all([sdJwtInstance.verify(rawCredential, {
|
|
155
|
+
issuerKeys
|
|
156
|
+
}), holderBindingContext.getPublicKey()]);
|
|
140
157
|
const {
|
|
141
158
|
cnf
|
|
142
159
|
} = verifiedCredential.payload;
|
|
@@ -147,14 +164,26 @@ async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingCon
|
|
|
147
164
|
}
|
|
148
165
|
return await sdJwtInstance.decode(fixLegacyCredentialSdJwt(rawCredential));
|
|
149
166
|
}
|
|
150
|
-
export const verifyAndParseCredentialSdJwt = async (issuerConf, credential, credentialConfigurationId, _ref) => {
|
|
167
|
+
export const verifyAndParseCredentialSdJwt = async (issuerConf, credential, credentialConfigurationId, _ref, x509CertRoot) => {
|
|
151
168
|
let {
|
|
152
169
|
credentialCryptoContext,
|
|
153
170
|
ignoreMissingAttributes,
|
|
154
|
-
includeUndefinedAttributes
|
|
171
|
+
includeUndefinedAttributes,
|
|
172
|
+
validateCertificateChain
|
|
155
173
|
} = _ref;
|
|
156
174
|
const decoded = await verifyCredentialSdJwt(credential, issuerConf.keys, credentialCryptoContext);
|
|
157
175
|
Logger.log(LogLevel.DEBUG, `Decoded credential: ${JSON.stringify(decoded)}`);
|
|
176
|
+
if (validateCertificateChain) {
|
|
177
|
+
var _decoded$jwt;
|
|
178
|
+
if (!x509CertRoot) {
|
|
179
|
+
throw new IoWalletError("Missing x509CertRoot");
|
|
180
|
+
}
|
|
181
|
+
const x5c = (_decoded$jwt = decoded.jwt) === null || _decoded$jwt === void 0 || (_decoded$jwt = _decoded$jwt.header) === null || _decoded$jwt === void 0 ? void 0 : _decoded$jwt.x5c;
|
|
182
|
+
if (!x5c || !Array.isArray(x5c) || x5c.length === 0) {
|
|
183
|
+
throw new MissingX509CertsError("Missing x509 certificates");
|
|
184
|
+
}
|
|
185
|
+
await verifyX509Chain(x5c, x509CertRoot);
|
|
186
|
+
}
|
|
158
187
|
const credentialConfig = issuerConf.credential_configurations_supported[credentialConfigurationId];
|
|
159
188
|
if (!credentialConfig) {
|
|
160
189
|
Logger.log(LogLevel.ERROR, `Credential type not supported by the issuer: ${credentialConfigurationId}`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["
|
|
1
|
+
{"version":3,"names":["verify","verifyJwt","SDJwtInstance","digest","isPathEqual","isPrefixOf","IoWalletError","LogLevel","Logger","isSameThumbprint","fixLegacyCredentialSdJwt","verifyX509Chain","MissingX509CertsError","parseCredentialSdJwt","credentialConfig","parsedCredentialRaw","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","claimsMetadata","claims","missingPaths","rootKeysToVerify","Set","map","c","path","filter","p","rootKey","push","missing","join","received","Object","keys","getDisplayNames","match","find","nameMap","entry","display","locale","name","processLevel","currentData","currentPath","Array","isArray","item","dataObj","result","processedKeys","configKeysAtThisLevel","claim","nextPart","includes","key","stringKey","toString","dataValue","newPath","localizedNames","value","add","entries","has","sdJwtInstanceVerifier","data","signature","options","issuerKeys","verifyCredentialSdJwt","rawCredential","holderBindingContext","sdJwtInstance","hasher","verifier","verifiedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","payload","jwk","message","kid","log","ERROR","decode","verifyAndParseCredentialSdJwt","issuerConf","credential","credentialConfigurationId","_ref","x509CertRoot","credentialCryptoContext","validateCertificateChain","decoded","DEBUG","JSON","stringify","_decoded$jwt","x5c","jwt","header","credential_configurations_supported","getClaims","parsedCredential","issuedAt","iat","Date","exp","expiration"],"sourceRoot":"../../../../../src","sources":["credential/issuance/common/06-verify-and-parse-credential.sdjwt.ts"],"mappings":"AAAA,SAEEA,MAAM,IAAIC,SAAS,QACd,6BAA6B;AACpC,SAAqBC,aAAa,QAAQ,cAAc;AACxD,SAASC,MAAM,QAAQ,uBAAuB;AAE9C,SAASC,WAAW,EAAEC,UAAU,QAAQ,uBAAuB;AAC/D,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,QAAQ,EAAEC,MAAM,QAAQ,wBAAwB;AACzD,SAASC,gBAAgB,QAAkB,oBAAoB;AAE/D,SAASC,wBAAwB,QAAQ,4BAA4B;AACrE,SAASC,eAAe,QAAQ,qBAAqB;AACrD,SAASC,qBAAqB,QAAQ,8BAA8B;AAMpE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,oBAAoB,GAAG,SAAAA,CAC3BC,gBAAgC,EAChCC,mBAA4C,EAGvB;EAAA,IAFrBC,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,MAAMI,cAAc,GAAGP,gBAAgB,CAACQ,MAAM,IAAI,EAAE;;EAEpD;EACA,IAAI,CAACN,uBAAuB,EAAE;IAC5B,MAAMO,YAAsB,GAAG,EAAE;IACjC,MAAMC,gBAAgB,GAAG,IAAIC,GAAG,CAC9BJ,cAAc,CACXK,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAACC,IAAI,CAAC,CAAC,CAAC,CAAC,CACrBC,MAAM,CAAEC,CAAC,IAAkB,OAAOA,CAAC,KAAK,QAAQ,CACrD,CAAC;IAED,KAAK,MAAMC,OAAO,IAAIP,gBAAgB,EAAE;MACtC,IAAI,EAAEO,OAAO,IAAIhB,mBAAmB,CAAC,EAAE;QACrCQ,YAAY,CAACS,IAAI,CAACD,OAAO,CAAC;MAC5B;IACF;IAEA,IAAIR,YAAY,CAACL,MAAM,GAAG,CAAC,EAAE;MAC3B,MAAMe,OAAO,GAAGV,YAAY,CAACW,IAAI,CAAC,IAAI,CAAC;MACvC,MAAMC,QAAQ,GAAGC,MAAM,CAACC,IAAI,CAACtB,mBAAmB,CAAC,CAACmB,IAAI,CAAC,IAAI,CAAC;MAC5D,MAAM,IAAI5B,aAAa,CACpB,4DAA2D2B,OAAQ,iBAAgBE,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;AACF;AACA;EACE,MAAMG,eAAe,GACnBV,IAAgC,IACO;IACvC,MAAMW,KAAK,GAAGlB,cAAc,CAACmB,IAAI,CAAEb,CAAC,IAAKvB,WAAW,CAACuB,CAAC,CAACC,IAAI,EAAEA,IAAI,CAAC,CAAC;IACnE,IAAI,CAACW,KAAK,EAAE,OAAOpB,SAAS;IAE5B,MAAMsB,OAA+B,GAAG,CAAC,CAAC;IAC1C,KAAK,MAAMC,KAAK,IAAIH,KAAK,CAACI,OAAO,EAAE;MACjCF,OAAO,CAACC,KAAK,CAACE,MAAM,CAAC,GAAGF,KAAK,CAACG,IAAI;IACpC;IACA,OAAOJ,OAAO;EAChB,CAAC;;EAED;AACF;AACA;EACE,MAAMK,YAAY,GAAGA,CACnBC,WAAoB,EACpBC,WAAuC,KAC3B;IACZ;IACA,IAAIC,KAAK,CAACC,OAAO,CAACH,WAAW,CAAC,EAAE;MAC9B,OAAOA,WAAW,CAACrB,GAAG,CAAEyB,IAAI,IAC1BL,YAAY,CAACK,IAAI,EAAE,CAAC,GAAGH,WAAW,EAAE,IAAI,CAAC,CAC3C,CAAC;IACH;;IAEA;IACA,IAAI,OAAOD,WAAW,KAAK,QAAQ,IAAIA,WAAW,KAAK,IAAI,EAAE;MAC3D,OAAOA,WAAW;IACpB;IAEA,MAAMK,OAAO,GAAGL,WAAsC;IACtD,MAAMM,MAAwB,GAAG,CAAC,CAAC;IACnC,MAAMC,aAAa,GAAG,IAAI7B,GAAG,CAAkB,CAAC;;IAEhD;IACA,MAAM8B,qBAA0C,GAAG,EAAE;IACrD,KAAK,MAAMC,KAAK,IAAInC,cAAc,EAAE;MAClC;MACA,IAAIhB,UAAU,CAAC2C,WAAW,EAAEQ,KAAK,CAAC5B,IAAI,CAAC,EAAE;QACvC,MAAM6B,QAAQ,GAAGD,KAAK,CAAC5B,IAAI,CAACoB,WAAW,CAAC9B,MAAM,CAAC;QAC/C,IACE,CAAC,OAAOuC,QAAQ,KAAK,QAAQ,IAAI,OAAOA,QAAQ,KAAK,QAAQ,KAC7D,CAACF,qBAAqB,CAACG,QAAQ,CAACD,QAAQ,CAAC,EACzC;UACAF,qBAAqB,CAACvB,IAAI,CAACyB,QAAQ,CAAC;QACtC;MACF;IACF;;IAEA;IACA,KAAK,MAAME,GAAG,IAAIJ,qBAAqB,EAAE;MACvC,MAAMK,SAAS,GAAGD,GAAG,CAACE,QAAQ,CAAC,CAAC;MAChC,MAAMC,SAAS,GAAGV,OAAO,CAACQ,SAAS,CAAC;MACpC,IAAIE,SAAS,KAAK3C,SAAS,EAAE;MAE7B,MAAM4C,OAAO,GAAG,CAAC,GAAGf,WAAW,EAAEW,GAAG,CAAC;MAErC,IAAIK,cAAc,GAAG1B,eAAe,CAACyB,OAAO,CAAC;;MAE7C;MACA,IAAI,CAACC,cAAc,IAAIf,KAAK,CAACC,OAAO,CAACY,SAAS,CAAC,EAAE;QAC/CE,cAAc,GAAG1B,eAAe,CAAC,CAAC,GAAGyB,OAAO,EAAE,IAAI,CAAC,CAAC;MACtD;MAEAV,MAAM,CAACO,SAAS,CAAC,GAAG;QAClBf,IAAI,EAAEmB,cAAc,IAAIJ,SAAS;QACjCK,KAAK,EAAEnB,YAAY,CAACgB,SAAS,EAAEC,OAAO;MACxC,CAAC;MAEDT,aAAa,CAACY,GAAG,CAACP,GAAG,CAAC;IACxB;;IAEA;IACA,IAAIvC,0BAA0B,EAAE;MAC9B,KAAK,MAAM,CAACuC,GAAG,EAAEM,KAAK,CAAC,IAAI7B,MAAM,CAAC+B,OAAO,CAACf,OAAO,CAAC,EAAE;QAClD,IAAI,CAACE,aAAa,CAACc,GAAG,CAACT,GAAG,CAAC,EAAE;UAC3BN,MAAM,CAACM,GAAG,CAAC,GAAG;YACZd,IAAI,EAAEc,GAAG;YACTM,KAAK,EAAEA;UACT,CAAC;QACH;MACF;IACF;IAEA,OAAOZ,MAAM;EACf,CAAC;EAED,OAAOP,YAAY,CAAC/B,mBAAmB,EAAE,EAAE,CAAC;AAC9C,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA,MAAMsD,qBAAsD,GAAG,MAAAA,CAC7DC,IAAI,EACJC,SAAS,EACTC,OAAO,KACJ;EACH,IAAI,EAACA,OAAO,aAAPA,OAAO,eAAPA,OAAO,CAAEC,UAAU,GAAE;IACxB,OAAO,KAAK;EACd;EACA,IAAI;IACF,MAAMxE,SAAS,CAAE,GAAEqE,IAAK,IAAGC,SAAU,EAAC,EAAEC,OAAO,CAACC,UAAU,CAAC;IAC3D,OAAO,IAAI;EACb,CAAC,CAAC,MAAM;IACN,OAAO,KAAK;EACd;AACF,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeC,qBAAqBA,CAClCC,aAAqB,EACrBF,UAAiB,EACjBG,oBAAmC,EACnB;EAChB,MAAMC,aAAa,GAAG,IAAI3E,aAAa,CAAC;IACtC4E,MAAM,EAAE3E,MAAM;IACd4E,QAAQ,EAAEV;EACZ,CAAC,CAAC;EAEF,MAAM,CAACW,kBAAkB,EAAEC,gBAAgB,CAAC,GAAG,MAAMC,OAAO,CAACC,GAAG,CAAC,CAC/DN,aAAa,CAAC7E,MAAM,CAAC2E,aAAa,EAAE;IAAEF;EAAW,CAAC,CAAC,EACnDG,oBAAoB,CAACQ,YAAY,CAAC,CAAC,CACpC,CAAC;EAEF,MAAM;IAAEC;EAAI,CAAC,GAAGL,kBAAkB,CAACM,OAAkC;EACrE,IAAI,EAAE,MAAM7E,gBAAgB,CAAC4E,GAAG,CAACE,GAAG,EAAEN,gBAAuB,CAAC,CAAC,EAAE;IAC/D,MAAMO,OAAO,GAAI,kDAAiDP,gBAAgB,CAACQ,GAAI,UAASJ,GAAG,CAACE,GAAG,CAACE,GAAI,EAAC;IAC7GjF,MAAM,CAACkF,GAAG,CAACnF,QAAQ,CAACoF,KAAK,EAAEH,OAAO,CAAC;IACnC,MAAM,IAAIlF,aAAa,CAACkF,OAAO,CAAC;EAClC;EAEA,OAAO,MAAMX,aAAa,CAACe,MAAM,CAAClF,wBAAwB,CAACiE,aAAa,CAAC,CAAC;AAC5E;AAEA,OAAO,MAAMkB,6BAAsE,GACjF,MAAAA,CACEC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EAAAC,IAAA,EAOzBC,YAAY,KACT;EAAA,IAPH;IACEC,uBAAuB;IACvBnF,uBAAuB;IACvBI,0BAA0B;IAC1BgF;EACF,CAAC,GAAAH,IAAA;EAGD,MAAMI,OAAO,GAAG,MAAM3B,qBAAqB,CACzCqB,UAAU,EACVD,UAAU,CAACzD,IAAI,EACf8D,uBACF,CAAC;EAED3F,MAAM,CAACkF,GAAG,CACRnF,QAAQ,CAAC+F,KAAK,EACb,uBAAsBC,IAAI,CAACC,SAAS,CAACH,OAAO,CAAE,EACjD,CAAC;EAED,IAAID,wBAAwB,EAAE;IAAA,IAAAK,YAAA;IAC5B,IAAI,CAACP,YAAY,EAAE;MACjB,MAAM,IAAI5F,aAAa,CAAC,sBAAsB,CAAC;IACjD;IACA,MAAMoG,GAAG,IAAAD,YAAA,GAAGJ,OAAO,CAACM,GAAG,cAAAF,YAAA,gBAAAA,YAAA,GAAXA,YAAA,CAAaG,MAAM,cAAAH,YAAA,uBAAnBA,YAAA,CAAqBC,GAA2B;IAC5D,IAAI,CAACA,GAAG,IAAI,CAACzD,KAAK,CAACC,OAAO,CAACwD,GAAG,CAAC,IAAIA,GAAG,CAACxF,MAAM,KAAK,CAAC,EAAE;MACnD,MAAM,IAAIN,qBAAqB,CAAC,2BAA2B,CAAC;IAC9D;IACA,MAAMD,eAAe,CAAC+F,GAAG,EAAER,YAAY,CAAC;EAC1C;EAEA,MAAMpF,gBAAgB,GACpBgF,UAAU,CAACe,mCAAmC,CAACb,yBAAyB,CAAC;EAE3E,IAAI,CAAClF,gBAAgB,EAAE;IACrBN,MAAM,CAACkF,GAAG,CACRnF,QAAQ,CAACoF,KAAK,EACb,gDAA+CK,yBAA0B,EAC5E,CAAC;IACD,MAAM,IAAI1F,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,MAAMS,mBAAmB,GAAI,MAAMsF,OAAO,CAACS,SAAS,CAAC3G,MAAM,CAG1D;EAED,MAAM4G,gBAAgB,GAAGlG,oBAAoB,CAC3CC,gBAAgB,EAChBC,mBAAmB,EACnBC,uBAAuB,EACvBI,0BACF,CAAC;EAED,MAAM4F,QAAQ,GACZ,OAAOjG,mBAAmB,CAACkG,GAAG,KAAK,QAAQ,GACvC,IAAIC,IAAI,CAACnG,mBAAmB,CAACkG,GAAG,GAAG,IAAI,CAAC,GACxC9F,SAAS;EAEf,IAAI,OAAOJ,mBAAmB,CAACoG,GAAG,KAAK,QAAQ,EAAE;IAC/C,MAAM,IAAI7G,aAAa,CAAC,2CAA2C,CAAC;EACtE;EACA,MAAM8G,UAAU,GAAG,IAAIF,IAAI,CAACnG,mBAAmB,CAACoG,GAAG,GAAG,IAAI,CAAC;EAE3D3G,MAAM,CAACkF,GAAG,CACRnF,QAAQ,CAAC+F,KAAK,EACb,sBAAqBC,IAAI,CAACC,SAAS,CAACO,gBAAgB,CAAE,gBAAeC,QAAS,EACjF,CAAC;EAED,OAAO;IACLD,gBAAgB;IAChBK,UAAU;IACVJ;EACF,CAAC;AACH,CAAC"}
|