@pagopa/io-react-native-wallet 3.6.1 → 3.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/credential/presentation/v1.3.3/04-verify-certificate-chain.js +10 -3
- package/lib/commonjs/credential/presentation/v1.3.3/04-verify-certificate-chain.js.map +1 -1
- package/lib/commonjs/credential/status/v1.3.3/01-status-list.js +2 -1
- package/lib/commonjs/credential/status/v1.3.3/01-status-list.js.map +1 -1
- package/lib/commonjs/credential/status/v1.3.3/index.js +2 -1
- package/lib/commonjs/credential/status/v1.3.3/index.js.map +1 -1
- package/lib/commonjs/sd-jwt/types.js +1 -1
- package/lib/commonjs/sd-jwt/types.js.map +1 -1
- package/lib/module/credential/presentation/v1.3.3/04-verify-certificate-chain.js +10 -3
- package/lib/module/credential/presentation/v1.3.3/04-verify-certificate-chain.js.map +1 -1
- package/lib/module/credential/status/v1.3.3/01-status-list.js +1 -1
- package/lib/module/credential/status/v1.3.3/01-status-list.js.map +1 -1
- package/lib/module/credential/status/v1.3.3/index.js +3 -2
- package/lib/module/credential/status/v1.3.3/index.js.map +1 -1
- package/lib/module/sd-jwt/types.js +1 -1
- package/lib/module/sd-jwt/types.js.map +1 -1
- package/lib/typescript/credential/presentation/v1.3.3/04-verify-certificate-chain.d.ts.map +1 -1
- package/lib/typescript/credential/status/api/status-list.d.ts +13 -0
- package/lib/typescript/credential/status/api/status-list.d.ts.map +1 -1
- package/lib/typescript/credential/status/v1.3.3/01-status-list.d.ts +1 -0
- package/lib/typescript/credential/status/v1.3.3/01-status-list.d.ts.map +1 -1
- package/lib/typescript/credential/status/v1.3.3/index.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/index.d.ts +1 -1
- package/lib/typescript/sd-jwt/types.d.ts +1 -1
- package/package.json +1 -1
- package/src/credential/presentation/v1.3.3/04-verify-certificate-chain.ts +11 -3
- package/src/credential/status/api/status-list.ts +14 -0
- package/src/credential/status/v1.3.3/01-status-list.ts +4 -5
- package/src/credential/status/v1.3.3/index.ts +6 -1
- package/src/sd-jwt/types.ts +1 -1
|
@@ -18,14 +18,21 @@ const verifyAuthRequestCertificateChain = async (requestObjectJwt, _ref) => {
|
|
|
18
18
|
readTimeout: 10_000
|
|
19
19
|
};
|
|
20
20
|
const requestObject = (0, _ioReactNativeJwt.decode)(requestObjectJwt);
|
|
21
|
-
const
|
|
22
|
-
if (!
|
|
21
|
+
const x5c = requestObject.protectedHeader.x5c;
|
|
22
|
+
if (!x5c) {
|
|
23
23
|
throw new _errors.MissingX509CertsError("No certificate chain (x5c) found in the Request Object");
|
|
24
24
|
}
|
|
25
|
+
|
|
26
|
+
// The native validator expects the chain to include the leaf and any
|
|
27
|
+
// intermediates, excluding the trust anchor (supplied separately as
|
|
28
|
+
// `caRootCert`). Some RPs include the anchor as the last entry of x5c,
|
|
29
|
+
// which must be stripped or the native validator (notably on iOS) treats
|
|
30
|
+
// it as an extraneous/unexpected trailing certificate and fails.
|
|
31
|
+
const certChain = x5c.length > 1 && x5c.at(-1) === caRootCert ? x5c.slice(0, -1) : x5c;
|
|
25
32
|
const validationResult = await (0, _ioReactNativeCrypto.verifyCertificateChain)(certChain, caRootCert, x509Options);
|
|
26
33
|
if (!validationResult.isValid) {
|
|
27
34
|
_logging.Logger.log(_logging.LogLevel.ERROR, `Certificate chain failure: ${validationResult.validationStatus} - ${validationResult.errorMessage}`);
|
|
28
|
-
throw new _errors.X509ValidationError(
|
|
35
|
+
throw new _errors.X509ValidationError(`X.509 certificate chain validation failed. Status: ${validationResult.validationStatus}. Error: ${validationResult.errorMessage}`);
|
|
29
36
|
}
|
|
30
37
|
return validationResult;
|
|
31
38
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_ioReactNativeCrypto","_errors","_logging","verifyAuthRequestCertificateChain","requestObjectJwt","_ref","caRootCert","x509Options","requireCrl","connectTimeout","readTimeout","requestObject","decode","
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_ioReactNativeCrypto","_errors","_logging","verifyAuthRequestCertificateChain","requestObjectJwt","_ref","caRootCert","x509Options","requireCrl","connectTimeout","readTimeout","requestObject","decode","x5c","protectedHeader","MissingX509CertsError","certChain","length","at","slice","validationResult","verifyCertificateChain","isValid","Logger","log","LogLevel","ERROR","validationStatus","errorMessage","X509ValidationError","exports"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/04-verify-certificate-chain.ts"],"mappings":";;;;;;AACA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,oBAAA,GAAAD,OAAA;AAIA,IAAAE,OAAA,GAAAF,OAAA;AAIA,IAAAG,QAAA,GAAAH,OAAA;AAEO,MAAMI,iCAA6F,GACxG,MAAAA,CAAOC,gBAAgB,EAAAC,IAAA,KAAqB;EAAA,IAAnB;IAAEC;EAAW,CAAC,GAAAD,IAAA;EACrC,MAAME,WAAmC,GAAG;IAC1CC,UAAU,EAAE,KAAK;IACjBC,cAAc,EAAE,MAAM;IACtBC,WAAW,EAAE;EACf,CAAC;EAED,MAAMC,aAAa,GAAG,IAAAC,wBAAM,EAACR,gBAAgB,CAAC;EAE9C,MAAMS,GAAG,GAAGF,aAAa,CAACG,eAAe,CAACD,GAAG;EAE7C,IAAI,CAACA,GAAG,EAAE;IACR,MAAM,IAAIE,6BAAqB,CAC7B,wDACF,CAAC;EACH;;EAEA;EACA;EACA;EACA;EACA;EACA,MAAMC,SAAS,GACbH,GAAG,CAACI,MAAM,GAAG,CAAC,IAAIJ,GAAG,CAACK,EAAE,CAAC,CAAC,CAAC,CAAC,KAAKZ,UAAU,GAAGO,GAAG,CAACM,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAGN,GAAG;EAEtE,MAAMO,gBAAgB,GAAG,MAAM,IAAAC,2CAAsB,EACnDL,SAAS,EACTV,UAAU,EACVC,WACF,CAAC;EAED,IAAI,CAACa,gBAAgB,CAACE,OAAO,EAAE;IAC7BC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,8BAA6BN,gBAAgB,CAACO,gBAAiB,MAAKP,gBAAgB,CAACQ,YAAa,EACrG,CAAC;IAED,MAAM,IAAIC,2BAAmB,CAC1B,sDAAqDT,gBAAgB,CAACO,gBAAiB,YAAWP,gBAAgB,CAACQ,YAAa,EACnI,CAAC;EACH;EAEA,OAAOR,gBAAgB;AACzB,CAAC;AAACU,OAAA,CAAA3B,iCAAA,GAAAA,iCAAA"}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.getStatusListByUri = exports.getStatusList = void 0;
|
|
6
|
+
exports.getStatusListEntry = exports.getStatusListByUri = exports.getStatusList = void 0;
|
|
7
7
|
var _ioReactNativeIso = require("@pagopa/io-react-native-iso18013");
|
|
8
8
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
9
9
|
var _jwtStatusList = require("@sd-jwt/jwt-status-list");
|
|
@@ -25,6 +25,7 @@ const getStatusListEntry = async (credential, format) => {
|
|
|
25
25
|
}
|
|
26
26
|
return statusListEntry;
|
|
27
27
|
};
|
|
28
|
+
exports.getStatusListEntry = getStatusListEntry;
|
|
28
29
|
const fetchStatusList = function (uri, appFetch) {
|
|
29
30
|
let options = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
|
|
30
31
|
return appFetch(uri, {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeIso","require","_ioReactNativeJwt","_jwtStatusList","_errors","_misc","getStatusListEntry","credential","format","statusListEntry","_decoded$issuerAuth","decoded","CBOR","decode","issuerAuth","payload","status","status_list","getStatusListFromJWT","IoWalletError","fetchStatusList","uri","appFetch","options","arguments","length","undefined","headers","Accept","cacheDisabled","then","hasStatusOrThrow","response","text","getStatusListByUri","fetch","statusList","decodeJwt","exp","Math","floor","Date","now","
|
|
1
|
+
{"version":3,"names":["_ioReactNativeIso","require","_ioReactNativeJwt","_jwtStatusList","_errors","_misc","getStatusListEntry","credential","format","statusListEntry","_decoded$issuerAuth","decoded","CBOR","decode","issuerAuth","payload","status","status_list","getStatusListFromJWT","IoWalletError","exports","fetchStatusList","uri","appFetch","options","arguments","length","undefined","headers","Accept","cacheDisabled","then","hasStatusOrThrow","response","text","getStatusListByUri","fetch","statusList","decodeJwt","exp","Math","floor","Date","now","getStatusList","context","idx"],"sourceRoot":"../../../../../src","sources":["credential/status/v1.3.3/01-status-list.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,iBAAA,GAAAD,OAAA;AACA,IAAAE,cAAA,GAAAF,OAAA;AAIA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,KAAA,GAAAJ,OAAA;AAGO,MAAMK,kBAAuD,GAAG,MAAAA,CACrEC,UAAU,EACVC,MAAM,KACH;EACH,IAAIC,eAA4C;EAEhD,IAAID,MAAM,KAAK,UAAU,EAAE;IAAA,IAAAE,mBAAA;IACzB;IACA,MAAMC,OAAO,GAAG,MAAMC,sBAAI,CAACC,MAAM,CAACN,UAAU,CAAC;IAC7CE,eAAe,IAAAC,mBAAA,GAAGC,OAAO,CAACG,UAAU,cAAAJ,mBAAA,gBAAAA,mBAAA,GAAlBA,mBAAA,CAAoBK,OAAO,cAAAL,mBAAA,gBAAAA,mBAAA,GAA3BA,mBAAA,CAA6BM,MAAM,cAAAN,mBAAA,uBAAnCA,mBAAA,CAAqCO,WAAW;EACpE;EAEA,IAAIT,MAAM,KAAK,WAAW,EAAE;IAC1BC,eAAe,GAAG,IAAAS,mCAAoB,EAACX,UAAU,CAAC;EACpD;EAEA,IAAI,CAACE,eAAe,EAAE;IACpB,MAAM,IAAIU,qBAAa,CAAC,+CAA+C,CAAC;EAC1E;EAEA,OAAOV,eAAe;AACxB,CAAC;AAACW,OAAA,CAAAd,kBAAA,GAAAA,kBAAA;AAEF,MAAMe,eAAe,GAAG,SAAAA,CACtBC,GAAW,EACXC,QAA8B;EAAA,IAC9BC,OAAoC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAAA,OAEzCF,QAAQ,CAACD,GAAG,EAAE;IACZM,OAAO,EAAE;MACPC,MAAM,EAAE,4BAA4B;MACpC,IAAIL,OAAO,CAACM,aAAa,IAAI;QAAE,eAAe,EAAE;MAAW,CAAC;IAC9D;EACF,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,QAAQ,IAAKA,QAAQ,CAACC,IAAI,CAAC,CAAC,CAAC;AAAA;AAEjC,MAAMC,kBAA6C,GAAG,eAAAA,CAC3Db,GAAG,EAEA;EAAA,IADH;IAAEC,QAAQ,GAAGa;EAAM,CAAC,GAAAX,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB;EACA,IAAIY,UAAU,GAAG,MAAMhB,eAAe,CAACC,GAAG,EAAEC,QAAQ,CAAC;EACrD,MAAMZ,OAAO,GAAG,IAAA2B,wBAAS,EAACD,UAAU,CAAC;EAErC,MAAM;IAAEE;EAAI,CAAC,GAAG5B,OAAO,CAACI,OAAO;;EAE/B;EACA;EACA,IAAIwB,GAAG,IAAIA,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,EAAE;IAC9CN,UAAU,GAAG,MAAMhB,eAAe,CAACC,GAAG,EAAEC,QAAQ,EAAE;MAAEO,aAAa,EAAE;IAAK,CAAC,CAAC;EAC5E;EAEA,OAAOO,UAAU;AACnB,CAAC;AAACjB,OAAA,CAAAe,kBAAA,GAAAA,kBAAA;AAEK,MAAMS,aAAmC,GAAG,MAAAA,CACjDrC,UAAU,EACVC,MAAM,EACNqC,OAAO,KACJ;EACH,MAAM;IAAEvB,GAAG;IAAEwB;EAAI,CAAC,GAAG,MAAMxC,kBAAkB,CAACC,UAAU,EAAEC,MAAM,CAAC;EACjE,MAAM6B,UAAU,GAAG,MAAMF,kBAAkB,CAACb,GAAG,EAAEuB,OAAO,CAAC;EACzD,OAAO;IAAEvB,GAAG;IAAEwB,GAAG;IAAET,UAAU;IAAE7B,MAAM,EAAE;EAAM,CAAC;AAChD,CAAC;AAACY,OAAA,CAAAwB,aAAA,GAAAA,aAAA"}
|
|
@@ -16,7 +16,8 @@ const CredentialStatus = {
|
|
|
16
16
|
get: _statusList.getStatusList,
|
|
17
17
|
getByUri: _statusList.getStatusListByUri,
|
|
18
18
|
verifyAndParse: _verifyAndParseStatusList.verifyAndParseStatusList,
|
|
19
|
-
getStatus: _getStatus.getStatus
|
|
19
|
+
getStatus: _getStatus.getStatus,
|
|
20
|
+
getStatusListEntry: _statusList.getStatusListEntry
|
|
20
21
|
}
|
|
21
22
|
};
|
|
22
23
|
exports.CredentialStatus = CredentialStatus;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_statusList","require","_verifyAndParseStatusList","_getStatus","CredentialStatus","statusAssertion","isSupported","statusList","get","getStatusList","getByUri","getStatusListByUri","verifyAndParse","verifyAndParseStatusList","getStatus","exports"],"sourceRoot":"../../../../../src","sources":["credential/status/v1.3.3/index.ts"],"mappings":";;;;;;AACA,IAAAA,WAAA,GAAAC,OAAA;
|
|
1
|
+
{"version":3,"names":["_statusList","require","_verifyAndParseStatusList","_getStatus","CredentialStatus","statusAssertion","isSupported","statusList","get","getStatusList","getByUri","getStatusListByUri","verifyAndParse","verifyAndParseStatusList","getStatus","getStatusListEntry","exports"],"sourceRoot":"../../../../../src","sources":["credential/status/v1.3.3/index.ts"],"mappings":";;;;;;AACA,IAAAA,WAAA,GAAAC,OAAA;AAKA,IAAAC,yBAAA,GAAAD,OAAA;AACA,IAAAE,UAAA,GAAAF,OAAA;AAEO,MAAMG,gBAAqC,GAAG;EACnDC,eAAe,EAAE;IACfC,WAAW,EAAE;EACf,CAAC;EACDC,UAAU,EAAE;IACVD,WAAW,EAAE,IAAI;IACjBE,GAAG,EAAEC,yBAAa;IAClBC,QAAQ,EAAEC,8BAAkB;IAC5BC,cAAc,EAAEC,kDAAwB;IACxCC,SAAS,EAATA,oBAAS;IACTC,kBAAkB,EAAlBA;EACF;AACF,CAAC;AAACC,OAAA,CAAAZ,gBAAA,GAAAA,gBAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_zod","require","_zod2","_jwk","LEGACY_SD_JWT","exports","StatusAssertion","z","object","credential_hash_alg","literal","StatusList","idx","
|
|
1
|
+
{"version":3,"names":["_zod","require","_zod2","_jwk","LEGACY_SD_JWT","exports","StatusAssertion","z","object","credential_hash_alg","literal","StatusList","idx","number","uri","string","SdJwt4VCBase","header","typ","enum","alg","kid","trust_chain","array","optional","x5c","vctm","payload","_sd","_sd_alg","iss","sub","iat","UnixTime","exp","cnf","jwk","JWK","status","union","status_list","status_assertion","vct","Verification","trust_framework","assurance_level","TypeMetadata","name","description","data_source","authentic_source","organization_name","organization_code","contacts","homepage_uri","url","logo_uri"],"sourceRoot":"../../../src","sources":["sd-jwt/types.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,IAAA,GAAAF,OAAA;AAEA;AACA;AACA;AACA;;AAEO,MAAMG,aAAa,GAAG,WAAW;AAACC,OAAA,CAAAD,aAAA,GAAAA,aAAA;AAEzC,MAAME,eAAe,GAAGC,MAAC,CAACC,MAAM,CAAC;EAC/BC,mBAAmB,EAAEF,MAAC,CAACG,OAAO,CAAC,SAAS;AAC1C,CAAC,CAAC;AAEF,MAAMC,UAAU,GAAGJ,MAAC,CAACC,MAAM,CAAC;EAC1BI,GAAG,EAAEL,MAAC,CAACM,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEP,MAAC,CAACQ,MAAM,CAAC;AAChB,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAEO,MAAMC,YAAY,GAAGT,MAAC,CAACC,MAAM,CAAC;EACnCS,MAAM,EAAEV,MAAC,CAACC,MAAM,CAAC;IACfU,GAAG,EAAEX,MAAC,CAACY,IAAI,CAAC,CAAC,WAAW,EAAEf,aAAa,CAAC,CAAC;IACzCgB,GAAG,EAAEb,MAAC,CAACQ,MAAM,CAAC,CAAC;IACfM,GAAG,EAAEd,MAAC,CAACQ,MAAM,CAAC,CAAC;IACfO,WAAW,EAAEf,MAAC,CAACgB,KAAK,CAAChB,MAAC,CAACQ,MAAM,CAAC,CAAC,CAAC,CAACS,QAAQ,CAAC,CAAC;IAC3CC,GAAG,EAAElB,MAAC,CAACgB,KAAK,CAAChB,MAAC,CAACQ,MAAM,CAAC,CAAC,CAAC,CAACS,QAAQ,CAAC,CAAC;IACnCE,IAAI,EAAEnB,MAAC,CAACgB,KAAK,CAAChB,MAAC,CAACQ,MAAM,CAAC,CAAC,CAAC,CAACS,QAAQ,CAAC;EACrC,CAAC,CAAC;EACFG,OAAO,EAAEpB,MAAC,CAACC,MAAM,CAAC;IAChBoB,GAAG,EAAErB,MAAC,CAACgB,KAAK,CAAChB,MAAC,CAACQ,MAAM,CAAC,CAAC,CAAC;IACxBc,OAAO,EAAEtB,MAAC,CAACG,OAAO,CAAC,SAAS,CAAC;IAC7BoB,GAAG,EAAEvB,MAAC,CAACQ,MAAM,CAAC,CAAC;IACfgB,GAAG,EAAExB,MAAC,CAACQ,MAAM,CAAC,CAAC;IACfiB,GAAG,EAAEC,cAAQ,CAACT,QAAQ,CAAC,CAAC;IACxBU,GAAG,EAAED,cAAQ;IACbE,GAAG,EAAE5B,MAAC,CAACC,MAAM,CAAC;MACZ4B,GAAG,EAAEC;IACP,CAAC,CAAC;IACFC,MAAM,EAAE/B,MAAC,CAACgC,KAAK,CAAC,CACdhC,MAAC,CAACC,MAAM,CAAC;MACPgC,WAAW,EAAE7B;IACf,CAAC,CAAC,EACFJ,MAAC,CAACC,MAAM,CAAC;MACP;MACAiC,gBAAgB,EAAEnC;IACpB,CAAC,CAAC,CACH,CAAC;IACFoC,GAAG,EAAEnC,MAAC,CAACQ,MAAM,CAAC,CAAC;IACf,eAAe,EAAER,MAAC,CAACQ,MAAM,CAAC,CAAC,CAACS,QAAQ,CAAC;EACvC,CAAC;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AAHAnB,OAAA,CAAAW,YAAA,GAAAA,YAAA;AAKO,MAAM2B,YAAY,GAAGpC,MAAC,CAACC,MAAM,CAAC;EACnCoC,eAAe,EAAErC,MAAC,CAACQ,MAAM,CAAC,CAAC;EAC3B8B,eAAe,EAAEtC,MAAC,CAACQ,MAAM,CAAC;AAC5B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AAJAV,OAAA,CAAAsC,YAAA,GAAAA,YAAA;AAMO,MAAMG,YAAY,GAAGvC,MAAC,CAACC,MAAM,CAAC;EACnCuC,IAAI,EAAExC,MAAC,CAACQ,MAAM,CAAC,CAAC;EAChBiC,WAAW,EAAEzC,MAAC,CAACQ,MAAM,CAAC,CAAC;EACvBkC,WAAW,EAAE1C,MAAC,CAACC,MAAM,CAAC;IACpBoC,eAAe,EAAErC,MAAC,CAACQ,MAAM,CAAC,CAAC;IAC3BmC,gBAAgB,EAAE3C,MAAC,CAACC,MAAM,CAAC;MACzB2C,iBAAiB,EAAE5C,MAAC,CAACQ,MAAM,CAAC,CAAC;MAC7BqC,iBAAiB,EAAE7C,MAAC,CAACQ,MAAM,CAAC,CAAC;MAC7BsC,QAAQ,EAAE9C,MAAC,CAACgB,KAAK,CAAChB,MAAC,CAACQ,MAAM,CAAC,CAAC,CAAC;MAC7BuC,YAAY,EAAE/C,MAAC,CAACQ,MAAM,CAAC,CAAC,CAACwC,GAAG,CAAC,CAAC;MAC9BC,QAAQ,EAAEjD,MAAC,CAACQ,MAAM,CAAC,CAAC,CAACwC,GAAG,CAAC;IAC3B,CAAC;EACH,CAAC;AACH,CAAC,CAAC;AAAClD,OAAA,CAAAyC,YAAA,GAAAA,YAAA"}
|
|
@@ -12,14 +12,21 @@ export const verifyAuthRequestCertificateChain = async (requestObjectJwt, _ref)
|
|
|
12
12
|
readTimeout: 10_000
|
|
13
13
|
};
|
|
14
14
|
const requestObject = decode(requestObjectJwt);
|
|
15
|
-
const
|
|
16
|
-
if (!
|
|
15
|
+
const x5c = requestObject.protectedHeader.x5c;
|
|
16
|
+
if (!x5c) {
|
|
17
17
|
throw new MissingX509CertsError("No certificate chain (x5c) found in the Request Object");
|
|
18
18
|
}
|
|
19
|
+
|
|
20
|
+
// The native validator expects the chain to include the leaf and any
|
|
21
|
+
// intermediates, excluding the trust anchor (supplied separately as
|
|
22
|
+
// `caRootCert`). Some RPs include the anchor as the last entry of x5c,
|
|
23
|
+
// which must be stripped or the native validator (notably on iOS) treats
|
|
24
|
+
// it as an extraneous/unexpected trailing certificate and fails.
|
|
25
|
+
const certChain = x5c.length > 1 && x5c.at(-1) === caRootCert ? x5c.slice(0, -1) : x5c;
|
|
19
26
|
const validationResult = await verifyCertificateChain(certChain, caRootCert, x509Options);
|
|
20
27
|
if (!validationResult.isValid) {
|
|
21
28
|
Logger.log(LogLevel.ERROR, `Certificate chain failure: ${validationResult.validationStatus} - ${validationResult.errorMessage}`);
|
|
22
|
-
throw new X509ValidationError(
|
|
29
|
+
throw new X509ValidationError(`X.509 certificate chain validation failed. Status: ${validationResult.validationStatus}. Error: ${validationResult.errorMessage}`);
|
|
23
30
|
}
|
|
24
31
|
return validationResult;
|
|
25
32
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["decode","verifyCertificateChain","MissingX509CertsError","X509ValidationError","Logger","LogLevel","verifyAuthRequestCertificateChain","requestObjectJwt","_ref","caRootCert","x509Options","requireCrl","connectTimeout","readTimeout","requestObject","
|
|
1
|
+
{"version":3,"names":["decode","verifyCertificateChain","MissingX509CertsError","X509ValidationError","Logger","LogLevel","verifyAuthRequestCertificateChain","requestObjectJwt","_ref","caRootCert","x509Options","requireCrl","connectTimeout","readTimeout","requestObject","x5c","protectedHeader","certChain","length","at","slice","validationResult","isValid","log","ERROR","validationStatus","errorMessage"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/04-verify-certificate-chain.ts"],"mappings":"AACA,SAASA,MAAM,QAAQ,6BAA6B;AACpD,SACEC,sBAAsB,QAEjB,gCAAgC;AACvC,SACEC,qBAAqB,EACrBC,mBAAmB,QACd,8BAA8B;AACrC,SAASC,MAAM,EAAEC,QAAQ,QAAQ,wBAAwB;AAEzD,OAAO,MAAMC,iCAA6F,GACxG,MAAAA,CAAOC,gBAAgB,EAAAC,IAAA,KAAqB;EAAA,IAAnB;IAAEC;EAAW,CAAC,GAAAD,IAAA;EACrC,MAAME,WAAmC,GAAG;IAC1CC,UAAU,EAAE,KAAK;IACjBC,cAAc,EAAE,MAAM;IACtBC,WAAW,EAAE;EACf,CAAC;EAED,MAAMC,aAAa,GAAGd,MAAM,CAACO,gBAAgB,CAAC;EAE9C,MAAMQ,GAAG,GAAGD,aAAa,CAACE,eAAe,CAACD,GAAG;EAE7C,IAAI,CAACA,GAAG,EAAE;IACR,MAAM,IAAIb,qBAAqB,CAC7B,wDACF,CAAC;EACH;;EAEA;EACA;EACA;EACA;EACA;EACA,MAAMe,SAAS,GACbF,GAAG,CAACG,MAAM,GAAG,CAAC,IAAIH,GAAG,CAACI,EAAE,CAAC,CAAC,CAAC,CAAC,KAAKV,UAAU,GAAGM,GAAG,CAACK,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAGL,GAAG;EAEtE,MAAMM,gBAAgB,GAAG,MAAMpB,sBAAsB,CACnDgB,SAAS,EACTR,UAAU,EACVC,WACF,CAAC;EAED,IAAI,CAACW,gBAAgB,CAACC,OAAO,EAAE;IAC7BlB,MAAM,CAACmB,GAAG,CACRlB,QAAQ,CAACmB,KAAK,EACb,8BAA6BH,gBAAgB,CAACI,gBAAiB,MAAKJ,gBAAgB,CAACK,YAAa,EACrG,CAAC;IAED,MAAM,IAAIvB,mBAAmB,CAC1B,sDAAqDkB,gBAAgB,CAACI,gBAAiB,YAAWJ,gBAAgB,CAACK,YAAa,EACnI,CAAC;EACH;EAEA,OAAOL,gBAAgB;AACzB,CAAC"}
|
|
@@ -3,7 +3,7 @@ import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
|
|
|
3
3
|
import { getStatusListFromJWT } from "@sd-jwt/jwt-status-list";
|
|
4
4
|
import { IoWalletError } from "../../../utils/errors";
|
|
5
5
|
import { hasStatusOrThrow } from "../../../utils/misc";
|
|
6
|
-
const getStatusListEntry = async (credential, format) => {
|
|
6
|
+
export const getStatusListEntry = async (credential, format) => {
|
|
7
7
|
let statusListEntry;
|
|
8
8
|
if (format === "mso_mdoc") {
|
|
9
9
|
var _decoded$issuerAuth;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["CBOR","decode","decodeJwt","getStatusListFromJWT","IoWalletError","hasStatusOrThrow","getStatusListEntry","credential","format","statusListEntry","_decoded$issuerAuth","decoded","issuerAuth","payload","status","status_list","fetchStatusList","uri","appFetch","options","arguments","length","undefined","headers","Accept","cacheDisabled","then","response","text","getStatusListByUri","fetch","statusList","exp","Math","floor","Date","now","getStatusList","context","idx"],"sourceRoot":"../../../../../src","sources":["credential/status/v1.3.3/01-status-list.ts"],"mappings":"AAAA,SAASA,IAAI,QAAQ,kCAAkC;AACvD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SACEC,oBAAoB,QAEf,yBAAyB;AAChC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,gBAAgB,QAAQ,qBAAqB;
|
|
1
|
+
{"version":3,"names":["CBOR","decode","decodeJwt","getStatusListFromJWT","IoWalletError","hasStatusOrThrow","getStatusListEntry","credential","format","statusListEntry","_decoded$issuerAuth","decoded","issuerAuth","payload","status","status_list","fetchStatusList","uri","appFetch","options","arguments","length","undefined","headers","Accept","cacheDisabled","then","response","text","getStatusListByUri","fetch","statusList","exp","Math","floor","Date","now","getStatusList","context","idx"],"sourceRoot":"../../../../../src","sources":["credential/status/v1.3.3/01-status-list.ts"],"mappings":"AAAA,SAASA,IAAI,QAAQ,kCAAkC;AACvD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SACEC,oBAAoB,QAEf,yBAAyB;AAChC,SAASC,aAAa,QAAQ,uBAAuB;AACrD,SAASC,gBAAgB,QAAQ,qBAAqB;AAGtD,OAAO,MAAMC,kBAAuD,GAAG,MAAAA,CACrEC,UAAU,EACVC,MAAM,KACH;EACH,IAAIC,eAA4C;EAEhD,IAAID,MAAM,KAAK,UAAU,EAAE;IAAA,IAAAE,mBAAA;IACzB;IACA,MAAMC,OAAO,GAAG,MAAMX,IAAI,CAACC,MAAM,CAACM,UAAU,CAAC;IAC7CE,eAAe,IAAAC,mBAAA,GAAGC,OAAO,CAACC,UAAU,cAAAF,mBAAA,gBAAAA,mBAAA,GAAlBA,mBAAA,CAAoBG,OAAO,cAAAH,mBAAA,gBAAAA,mBAAA,GAA3BA,mBAAA,CAA6BI,MAAM,cAAAJ,mBAAA,uBAAnCA,mBAAA,CAAqCK,WAAW;EACpE;EAEA,IAAIP,MAAM,KAAK,WAAW,EAAE;IAC1BC,eAAe,GAAGN,oBAAoB,CAACI,UAAU,CAAC;EACpD;EAEA,IAAI,CAACE,eAAe,EAAE;IACpB,MAAM,IAAIL,aAAa,CAAC,+CAA+C,CAAC;EAC1E;EAEA,OAAOK,eAAe;AACxB,CAAC;AAED,MAAMO,eAAe,GAAG,SAAAA,CACtBC,GAAW,EACXC,QAA8B;EAAA,IAC9BC,OAAoC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAAA,OAEzCF,QAAQ,CAACD,GAAG,EAAE;IACZM,OAAO,EAAE;MACPC,MAAM,EAAE,4BAA4B;MACpC,IAAIL,OAAO,CAACM,aAAa,IAAI;QAAE,eAAe,EAAE;MAAW,CAAC;IAC9D;EACF,CAAC,CAAC,CACCC,IAAI,CAACrB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BqB,IAAI,CAAEC,QAAQ,IAAKA,QAAQ,CAACC,IAAI,CAAC,CAAC,CAAC;AAAA;AAExC,OAAO,MAAMC,kBAA6C,GAAG,eAAAA,CAC3DZ,GAAG,EAEA;EAAA,IADH;IAAEC,QAAQ,GAAGY;EAAM,CAAC,GAAAV,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB;EACA,IAAIW,UAAU,GAAG,MAAMf,eAAe,CAACC,GAAG,EAAEC,QAAQ,CAAC;EACrD,MAAMP,OAAO,GAAGT,SAAS,CAAC6B,UAAU,CAAC;EAErC,MAAM;IAAEC;EAAI,CAAC,GAAGrB,OAAO,CAACE,OAAO;;EAE/B;EACA;EACA,IAAImB,GAAG,IAAIA,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,EAAE;IAC9CL,UAAU,GAAG,MAAMf,eAAe,CAACC,GAAG,EAAEC,QAAQ,EAAE;MAAEO,aAAa,EAAE;IAAK,CAAC,CAAC;EAC5E;EAEA,OAAOM,UAAU;AACnB,CAAC;AAED,OAAO,MAAMM,aAAmC,GAAG,MAAAA,CACjD9B,UAAU,EACVC,MAAM,EACN8B,OAAO,KACJ;EACH,MAAM;IAAErB,GAAG;IAAEsB;EAAI,CAAC,GAAG,MAAMjC,kBAAkB,CAACC,UAAU,EAAEC,MAAM,CAAC;EACjE,MAAMuB,UAAU,GAAG,MAAMF,kBAAkB,CAACZ,GAAG,EAAEqB,OAAO,CAAC;EACzD,OAAO;IAAErB,GAAG;IAAEsB,GAAG;IAAER,UAAU;IAAEvB,MAAM,EAAE;EAAM,CAAC;AAChD,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { getStatusList, getStatusListByUri } from "./01-status-list";
|
|
1
|
+
import { getStatusList, getStatusListByUri, getStatusListEntry } from "./01-status-list";
|
|
2
2
|
import { verifyAndParseStatusList } from "./02-verify-and-parse-status-list";
|
|
3
3
|
import { getStatus } from "./03-get-status";
|
|
4
4
|
export const CredentialStatus = {
|
|
@@ -10,7 +10,8 @@ export const CredentialStatus = {
|
|
|
10
10
|
get: getStatusList,
|
|
11
11
|
getByUri: getStatusListByUri,
|
|
12
12
|
verifyAndParse: verifyAndParseStatusList,
|
|
13
|
-
getStatus
|
|
13
|
+
getStatus,
|
|
14
|
+
getStatusListEntry
|
|
14
15
|
}
|
|
15
16
|
};
|
|
16
17
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["getStatusList","getStatusListByUri","verifyAndParseStatusList","getStatus","CredentialStatus","statusAssertion","isSupported","statusList","get","getByUri","verifyAndParse"],"sourceRoot":"../../../../../src","sources":["credential/status/v1.3.3/index.ts"],"mappings":"AACA,
|
|
1
|
+
{"version":3,"names":["getStatusList","getStatusListByUri","getStatusListEntry","verifyAndParseStatusList","getStatus","CredentialStatus","statusAssertion","isSupported","statusList","get","getByUri","verifyAndParse"],"sourceRoot":"../../../../../src","sources":["credential/status/v1.3.3/index.ts"],"mappings":"AACA,SACEA,aAAa,EACbC,kBAAkB,EAClBC,kBAAkB,QACb,kBAAkB;AACzB,SAASC,wBAAwB,QAAQ,mCAAmC;AAC5E,SAASC,SAAS,QAAQ,iBAAiB;AAE3C,OAAO,MAAMC,gBAAqC,GAAG;EACnDC,eAAe,EAAE;IACfC,WAAW,EAAE;EACf,CAAC;EACDC,UAAU,EAAE;IACVD,WAAW,EAAE,IAAI;IACjBE,GAAG,EAAET,aAAa;IAClBU,QAAQ,EAAET,kBAAkB;IAC5BU,cAAc,EAAER,wBAAwB;IACxCC,SAAS;IACTF;EACF;AACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","UnixTime","JWK","LEGACY_SD_JWT","StatusAssertion","object","credential_hash_alg","literal","StatusList","idx","
|
|
1
|
+
{"version":3,"names":["z","UnixTime","JWK","LEGACY_SD_JWT","StatusAssertion","object","credential_hash_alg","literal","StatusList","idx","number","uri","string","SdJwt4VCBase","header","typ","enum","alg","kid","trust_chain","array","optional","x5c","vctm","payload","_sd","_sd_alg","iss","sub","iat","exp","cnf","jwk","status","union","status_list","status_assertion","vct","Verification","trust_framework","assurance_level","TypeMetadata","name","description","data_source","authentic_source","organization_name","organization_code","contacts","homepage_uri","url","logo_uri"],"sourceRoot":"../../../src","sources":["sd-jwt/types.ts"],"mappings":"AAAA,SAASA,CAAC,QAAQ,KAAK;AACvB,SAASC,QAAQ,QAAQ,cAAc;AACvC,SAASC,GAAG,QAAQ,cAAc;;AAElC;AACA;AACA;AACA;;AAEA,OAAO,MAAMC,aAAa,GAAG,WAAW;AAExC,MAAMC,eAAe,GAAGJ,CAAC,CAACK,MAAM,CAAC;EAC/BC,mBAAmB,EAAEN,CAAC,CAACO,OAAO,CAAC,SAAS;AAC1C,CAAC,CAAC;AAEF,MAAMC,UAAU,GAAGR,CAAC,CAACK,MAAM,CAAC;EAC1BI,GAAG,EAAET,CAAC,CAACU,MAAM,CAAC,CAAC;EACfC,GAAG,EAAEX,CAAC,CAACY,MAAM,CAAC;AAChB,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAEA,OAAO,MAAMC,YAAY,GAAGb,CAAC,CAACK,MAAM,CAAC;EACnCS,MAAM,EAAEd,CAAC,CAACK,MAAM,CAAC;IACfU,GAAG,EAAEf,CAAC,CAACgB,IAAI,CAAC,CAAC,WAAW,EAAEb,aAAa,CAAC,CAAC;IACzCc,GAAG,EAAEjB,CAAC,CAACY,MAAM,CAAC,CAAC;IACfM,GAAG,EAAElB,CAAC,CAACY,MAAM,CAAC,CAAC;IACfO,WAAW,EAAEnB,CAAC,CAACoB,KAAK,CAACpB,CAAC,CAACY,MAAM,CAAC,CAAC,CAAC,CAACS,QAAQ,CAAC,CAAC;IAC3CC,GAAG,EAAEtB,CAAC,CAACoB,KAAK,CAACpB,CAAC,CAACY,MAAM,CAAC,CAAC,CAAC,CAACS,QAAQ,CAAC,CAAC;IACnCE,IAAI,EAAEvB,CAAC,CAACoB,KAAK,CAACpB,CAAC,CAACY,MAAM,CAAC,CAAC,CAAC,CAACS,QAAQ,CAAC;EACrC,CAAC,CAAC;EACFG,OAAO,EAAExB,CAAC,CAACK,MAAM,CAAC;IAChBoB,GAAG,EAAEzB,CAAC,CAACoB,KAAK,CAACpB,CAAC,CAACY,MAAM,CAAC,CAAC,CAAC;IACxBc,OAAO,EAAE1B,CAAC,CAACO,OAAO,CAAC,SAAS,CAAC;IAC7BoB,GAAG,EAAE3B,CAAC,CAACY,MAAM,CAAC,CAAC;IACfgB,GAAG,EAAE5B,CAAC,CAACY,MAAM,CAAC,CAAC;IACfiB,GAAG,EAAE5B,QAAQ,CAACoB,QAAQ,CAAC,CAAC;IACxBS,GAAG,EAAE7B,QAAQ;IACb8B,GAAG,EAAE/B,CAAC,CAACK,MAAM,CAAC;MACZ2B,GAAG,EAAE9B;IACP,CAAC,CAAC;IACF+B,MAAM,EAAEjC,CAAC,CAACkC,KAAK,CAAC,CACdlC,CAAC,CAACK,MAAM,CAAC;MACP8B,WAAW,EAAE3B;IACf,CAAC,CAAC,EACFR,CAAC,CAACK,MAAM,CAAC;MACP;MACA+B,gBAAgB,EAAEhC;IACpB,CAAC,CAAC,CACH,CAAC;IACFiC,GAAG,EAAErC,CAAC,CAACY,MAAM,CAAC,CAAC;IACf,eAAe,EAAEZ,CAAC,CAACY,MAAM,CAAC,CAAC,CAACS,QAAQ,CAAC;EACvC,CAAC;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAEA,OAAO,MAAMiB,YAAY,GAAGtC,CAAC,CAACK,MAAM,CAAC;EACnCkC,eAAe,EAAEvC,CAAC,CAACY,MAAM,CAAC,CAAC;EAC3B4B,eAAe,EAAExC,CAAC,CAACY,MAAM,CAAC;AAC5B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;;AAEA,OAAO,MAAM6B,YAAY,GAAGzC,CAAC,CAACK,MAAM,CAAC;EACnCqC,IAAI,EAAE1C,CAAC,CAACY,MAAM,CAAC,CAAC;EAChB+B,WAAW,EAAE3C,CAAC,CAACY,MAAM,CAAC,CAAC;EACvBgC,WAAW,EAAE5C,CAAC,CAACK,MAAM,CAAC;IACpBkC,eAAe,EAAEvC,CAAC,CAACY,MAAM,CAAC,CAAC;IAC3BiC,gBAAgB,EAAE7C,CAAC,CAACK,MAAM,CAAC;MACzByC,iBAAiB,EAAE9C,CAAC,CAACY,MAAM,CAAC,CAAC;MAC7BmC,iBAAiB,EAAE/C,CAAC,CAACY,MAAM,CAAC,CAAC;MAC7BoC,QAAQ,EAAEhD,CAAC,CAACoB,KAAK,CAACpB,CAAC,CAACY,MAAM,CAAC,CAAC,CAAC;MAC7BqC,YAAY,EAAEjD,CAAC,CAACY,MAAM,CAAC,CAAC,CAACsC,GAAG,CAAC,CAAC;MAC9BC,QAAQ,EAAEnD,CAAC,CAACY,MAAM,CAAC,CAAC,CAACsC,GAAG,CAAC;IAC3B,CAAC;EACH,CAAC;AACH,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"04-verify-certificate-chain.d.ts","sourceRoot":"","sources":["../../../../../src/credential/presentation/v1.3.3/04-verify-certificate-chain.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,QAAQ,CAAC;AAYpD,eAAO,MAAM,iCAAiC,EAAE,qBAAqB,CAAC,mCAAmC,
|
|
1
|
+
{"version":3,"file":"04-verify-certificate-chain.d.ts","sourceRoot":"","sources":["../../../../../src/credential/presentation/v1.3.3/04-verify-certificate-chain.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,QAAQ,CAAC;AAYpD,eAAO,MAAM,iCAAiC,EAAE,qBAAqB,CAAC,mCAAmC,CA4CtG,CAAC"}
|
|
@@ -58,5 +58,18 @@ export interface StatusListApi {
|
|
|
58
58
|
rawStatus: string;
|
|
59
59
|
status: string;
|
|
60
60
|
};
|
|
61
|
+
/**
|
|
62
|
+
* Extracts the status list entry from a raw credential, i.e. the object containing `uri` and `ìdx`.
|
|
63
|
+
*
|
|
64
|
+
* This method **does not perform any HTTP request** to fetch the list. Use {@link get} or {@link getByUri} instead to fetch it.
|
|
65
|
+
* @since 1.3.3
|
|
66
|
+
* @param credential The raw credential
|
|
67
|
+
* @param format The credential format
|
|
68
|
+
* @returns The status list entry extracted from the credential
|
|
69
|
+
*/
|
|
70
|
+
getStatusListEntry(credential: string, format: CredentialFormat): Promise<{
|
|
71
|
+
idx: number;
|
|
72
|
+
uri: string;
|
|
73
|
+
}>;
|
|
61
74
|
}
|
|
62
75
|
//# sourceMappingURL=status-list.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"status-list.d.ts","sourceRoot":"","sources":["../../../../../src/credential/status/api/status-list.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACzE,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAE1C,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,IAAI,CAAC;IAElB;;;;;;;;;;;;;;;;;OAiBG;IACH,GAAG,CACD,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,gBAAgB,EACxB,OAAO,CAAC,EAAE;QACR,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;KACjC,GACA,OAAO,CAAC;QACT,UAAU,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,KAAK,CAAC;QACd,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;KACb,CAAC,CAAC;IAEH;;;;;;OAMG;IACH,QAAQ,CACN,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE;QACR,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;KACjC,GACA,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB;;;;;;OAMG;IACH,cAAc,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAErE;;;;;;OAMG;IACH,SAAS,CACP,UAAU,EAAE,UAAU,CAAC,aAAa,CAAC,EACrC,GAAG,EAAE,MAAM,GACV;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;
|
|
1
|
+
{"version":3,"file":"status-list.d.ts","sourceRoot":"","sources":["../../../../../src/credential/status/api/status-list.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACzE,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAE1C,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,IAAI,CAAC;IAElB;;;;;;;;;;;;;;;;;OAiBG;IACH,GAAG,CACD,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,gBAAgB,EACxB,OAAO,CAAC,EAAE;QACR,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;KACjC,GACA,OAAO,CAAC;QACT,UAAU,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,KAAK,CAAC;QACd,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;KACb,CAAC,CAAC;IAEH;;;;;;OAMG;IACH,QAAQ,CACN,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE;QACR,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;KACjC,GACA,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB;;;;;;OAMG;IACH,cAAc,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAErE;;;;;;OAMG;IACH,SAAS,CACP,UAAU,EAAE,UAAU,CAAC,aAAa,CAAC,EACrC,GAAG,EAAE,MAAM,GACV;QACD,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IAEF;;;;;;;;OAQG;IACH,kBAAkB,CAChB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,gBAAgB,GACvB,OAAO,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC1C"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import type { StatusListApi } from "../api/status-list";
|
|
2
|
+
export declare const getStatusListEntry: StatusListApi["getStatusListEntry"];
|
|
2
3
|
export declare const getStatusListByUri: StatusListApi["getByUri"];
|
|
3
4
|
export declare const getStatusList: StatusListApi["get"];
|
|
4
5
|
//# sourceMappingURL=01-status-list.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"01-status-list.d.ts","sourceRoot":"","sources":["../../../../../src/credential/status/v1.3.3/01-status-list.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"01-status-list.d.ts","sourceRoot":"","sources":["../../../../../src/credential/status/v1.3.3/01-status-list.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAExD,eAAO,MAAM,kBAAkB,EAAE,aAAa,CAAC,oBAAoB,CAqBlE,CAAC;AAgBF,eAAO,MAAM,kBAAkB,EAAE,aAAa,CAAC,UAAU,CAiBxD,CAAC;AAEF,eAAO,MAAM,aAAa,EAAE,aAAa,CAAC,KAAK,CAQ9C,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/credential/status/v1.3.3/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/credential/status/v1.3.3/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,QAAQ,CAAC;AASlD,eAAO,MAAM,gBAAgB,EAAE,mBAY9B,CAAC"}
|
|
@@ -60,7 +60,7 @@ export declare const SdJwt4VCBase: z.ZodObject<{
|
|
|
60
60
|
}, z.core.$strip>;
|
|
61
61
|
status: z.ZodUnion<readonly [z.ZodObject<{
|
|
62
62
|
status_list: z.ZodObject<{
|
|
63
|
-
idx: z.
|
|
63
|
+
idx: z.ZodNumber;
|
|
64
64
|
uri: z.ZodString;
|
|
65
65
|
}, z.core.$strip>;
|
|
66
66
|
}, z.core.$strip>, z.ZodObject<{
|
package/package.json
CHANGED
|
@@ -20,14 +20,22 @@ export const verifyAuthRequestCertificateChain: RemotePresentationApi["verifyAut
|
|
|
20
20
|
|
|
21
21
|
const requestObject = decode(requestObjectJwt);
|
|
22
22
|
|
|
23
|
-
const
|
|
23
|
+
const x5c = requestObject.protectedHeader.x5c;
|
|
24
24
|
|
|
25
|
-
if (!
|
|
25
|
+
if (!x5c) {
|
|
26
26
|
throw new MissingX509CertsError(
|
|
27
27
|
"No certificate chain (x5c) found in the Request Object"
|
|
28
28
|
);
|
|
29
29
|
}
|
|
30
30
|
|
|
31
|
+
// The native validator expects the chain to include the leaf and any
|
|
32
|
+
// intermediates, excluding the trust anchor (supplied separately as
|
|
33
|
+
// `caRootCert`). Some RPs include the anchor as the last entry of x5c,
|
|
34
|
+
// which must be stripped or the native validator (notably on iOS) treats
|
|
35
|
+
// it as an extraneous/unexpected trailing certificate and fails.
|
|
36
|
+
const certChain =
|
|
37
|
+
x5c.length > 1 && x5c.at(-1) === caRootCert ? x5c.slice(0, -1) : x5c;
|
|
38
|
+
|
|
31
39
|
const validationResult = await verifyCertificateChain(
|
|
32
40
|
certChain,
|
|
33
41
|
caRootCert,
|
|
@@ -41,7 +49,7 @@ export const verifyAuthRequestCertificateChain: RemotePresentationApi["verifyAut
|
|
|
41
49
|
);
|
|
42
50
|
|
|
43
51
|
throw new X509ValidationError(
|
|
44
|
-
|
|
52
|
+
`X.509 certificate chain validation failed. Status: ${validationResult.validationStatus}. Error: ${validationResult.errorMessage}`
|
|
45
53
|
);
|
|
46
54
|
}
|
|
47
55
|
|
|
@@ -73,4 +73,18 @@ export interface StatusListApi {
|
|
|
73
73
|
rawStatus: string;
|
|
74
74
|
status: string;
|
|
75
75
|
};
|
|
76
|
+
|
|
77
|
+
/**
|
|
78
|
+
* Extracts the status list entry from a raw credential, i.e. the object containing `uri` and `ìdx`.
|
|
79
|
+
*
|
|
80
|
+
* This method **does not perform any HTTP request** to fetch the list. Use {@link get} or {@link getByUri} instead to fetch it.
|
|
81
|
+
* @since 1.3.3
|
|
82
|
+
* @param credential The raw credential
|
|
83
|
+
* @param format The credential format
|
|
84
|
+
* @returns The status list entry extracted from the credential
|
|
85
|
+
*/
|
|
86
|
+
getStatusListEntry(
|
|
87
|
+
credential: string,
|
|
88
|
+
format: CredentialFormat
|
|
89
|
+
): Promise<{ idx: number; uri: string }>;
|
|
76
90
|
}
|
|
@@ -6,13 +6,12 @@ import {
|
|
|
6
6
|
} from "@sd-jwt/jwt-status-list";
|
|
7
7
|
import { IoWalletError } from "../../../utils/errors";
|
|
8
8
|
import { hasStatusOrThrow } from "../../../utils/misc";
|
|
9
|
-
import type { CredentialFormat } from "../../../credential/issuance/api";
|
|
10
9
|
import type { StatusListApi } from "../api/status-list";
|
|
11
10
|
|
|
12
|
-
const getStatusListEntry = async (
|
|
13
|
-
credential
|
|
14
|
-
format
|
|
15
|
-
)
|
|
11
|
+
export const getStatusListEntry: StatusListApi["getStatusListEntry"] = async (
|
|
12
|
+
credential,
|
|
13
|
+
format
|
|
14
|
+
) => {
|
|
16
15
|
let statusListEntry: StatusListEntry | undefined;
|
|
17
16
|
|
|
18
17
|
if (format === "mso_mdoc") {
|
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
import type { CredentialStatusApi } from "../api";
|
|
2
|
-
import {
|
|
2
|
+
import {
|
|
3
|
+
getStatusList,
|
|
4
|
+
getStatusListByUri,
|
|
5
|
+
getStatusListEntry,
|
|
6
|
+
} from "./01-status-list";
|
|
3
7
|
import { verifyAndParseStatusList } from "./02-verify-and-parse-status-list";
|
|
4
8
|
import { getStatus } from "./03-get-status";
|
|
5
9
|
|
|
@@ -13,5 +17,6 @@ export const CredentialStatus: CredentialStatusApi = {
|
|
|
13
17
|
getByUri: getStatusListByUri,
|
|
14
18
|
verifyAndParse: verifyAndParseStatusList,
|
|
15
19
|
getStatus,
|
|
20
|
+
getStatusListEntry,
|
|
16
21
|
},
|
|
17
22
|
};
|