@pagopa/io-react-native-wallet 0.1.0

package/README.md

@@ -0,0 +1,91 @@
+# 🪪 @pagopa/io-react-native-wallet
+
+📲 Provide data structures, helpers, and API to Wallet Instance.
+
+Depends on [@pagopa/io-react-native-jwt](https://github.com/pagopa/io-react-native-jwt)
+
+## Installation
+
+```sh
+# First install JWT dependency if you don't have it
+npm install @pagopa/io-react-native-jwt
+
+npm install @pagopa/io-react-native-wallet
+```
+
+## Usage
+
+### PID
+
+#### Encode and Decode
+
+```ts
+import { PID } from "@pagopa/io-react-native-wallet";
+
+//Only for decode
+PID.SdJwt.decode("<token>");
+
+//Decode and verification
+PID.SdJwt.verify("<token>");
+
+```
+
+### Wallet Instance Attestation
+
+#### Issuing
+
+```ts
+import { WalletInstanceAttestation } from "@pagopa/io-react-native-wallet";
+
+const issuing = new WalletInstanceAttestation.Issuing(
+    yourWalletProviderUrl
+    );
+
+// Genrate keys
+const publicKey = await yourCustomPublicKey("TEE_KEY_TAG");
+
+const walletInstanceAttestationRequest =
+await issuing.getAttestationRequestToSign(
+    publicKey
+);
+
+//Sign with TEE
+const signature = await yourCustomSignatureFunction(
+    walletInstanceAttestationRequest,
+    "TEE_KEY_TAG"
+    );
+
+const walletInstanceAttestation =
+await issuing.getAttestation(
+    walletInstanceAttestationRequest,
+    signature
+);
+
+console.log(walletInstanceAttestation);
+
+```
+
+#### Encode and Decode
+
+```ts
+import { WalletInstanceAttestation } from "io-react-native-wallet";
+
+WalletInstanceAttestation.decode("<token>");
+```
+
+## Example
+
+You can use the [sample app](example) to test and understand how to use the library.
+
+```sh
+cd example
+
+yarn install
+
+# To use iOS
+yarn ios
+
+# To use Android
+yarn android
+
+```

package/lib/commonjs/index.js

@@ -0,0 +1,17 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.WalletInstanceAttestation = exports.PID = void 0;
+exports.multiply = multiply;
+var PID = _interopRequireWildcard(require("./pid"));
+exports.PID = PID;
+var WalletInstanceAttestation = _interopRequireWildcard(require("./wallet-instance-attestation"));
+exports.WalletInstanceAttestation = WalletInstanceAttestation;
+function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
+function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+function multiply(a, b) {
+  return Promise.resolve(a * b);
+}
+//# sourceMappingURL=index.js.map

package/lib/commonjs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["PID","_interopRequireWildcard","require","exports","WalletInstanceAttestation","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","multiply","a","b","Promise","resolve"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":";;;;;;;AAAA,IAAAA,GAAA,GAAAC,uBAAA,CAAAC,OAAA;AAA6BC,OAAA,CAAAH,GAAA,GAAAA,GAAA;AAC7B,IAAAI,yBAAA,GAAAH,uBAAA,CAAAC,OAAA;AAA2EC,OAAA,CAAAC,yBAAA,GAAAA,yBAAA;AAAA,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEpE,SAASW,QAAQA,CAACC,CAAS,EAAEC,CAAS,EAAmB;EAC9D,OAAOC,OAAO,CAACC,OAAO,CAACH,CAAC,GAAGC,CAAC,CAAC;AAC/B"}

package/lib/commonjs/pid/index.js

@@ -0,0 +1,11 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.SdJwt = void 0;
+var SdJwt = _interopRequireWildcard(require("./sd-jwt"));
+exports.SdJwt = SdJwt;
+function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
+function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+//# sourceMappingURL=index.js.map

package/lib/commonjs/pid/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["SdJwt","_interopRequireWildcard","require","exports","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../../src","sources":["pid/index.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAkCC,OAAA,CAAAH,KAAA,GAAAA,KAAA;AAAA,SAAAI,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}

package/lib/commonjs/pid/sd-jwt/converters.js

@@ -0,0 +1,29 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.pidFromToken = pidFromToken;
+var _converters = require("../../sd-jwt/converters");
+var _types = require("./types");
+function pidFromToken(sdJwt, disclosures) {
+  return _types.PID.parse({
+    issuer: sdJwt.payload.iss,
+    issuedAt: new Date(sdJwt.payload.iat * 1000),
+    expiration: new Date(sdJwt.payload.exp * 1000),
+    verification: {
+      trustFramework: sdJwt.payload.verified_claims.verification.trust_framework,
+      assuranceLevel: sdJwt.payload.verified_claims.verification.assurance_level,
+      evidence: (0, _converters.getValueFromDisclosures)(disclosures, "evidence")
+    },
+    claims: {
+      uniqueId: (0, _converters.getValueFromDisclosures)(disclosures, "unique_id"),
+      givenName: (0, _converters.getValueFromDisclosures)(disclosures, "given_name"),
+      familyName: (0, _converters.getValueFromDisclosures)(disclosures, "family_name"),
+      birthdate: (0, _converters.getValueFromDisclosures)(disclosures, "birthdate"),
+      placeOfBirth: (0, _converters.getValueFromDisclosures)(disclosures, "place_of_birth"),
+      taxIdCode: (0, _converters.getValueFromDisclosures)(disclosures, "tax_id_number")
+    }
+  });
+}
+//# sourceMappingURL=converters.js.map

package/lib/commonjs/pid/sd-jwt/converters.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_converters","require","_types","pidFromToken","sdJwt","disclosures","PID","parse","issuer","payload","iss","issuedAt","Date","iat","expiration","exp","verification","trustFramework","verified_claims","trust_framework","assuranceLevel","assurance_level","evidence","getValueFromDisclosures","claims","uniqueId","givenName","familyName","birthdate","placeOfBirth","taxIdCode"],"sourceRoot":"../../../../src","sources":["pid/sd-jwt/converters.ts"],"mappings":";;;;;;AAAA,IAAAA,WAAA,GAAAC,OAAA;AAEA,IAAAC,MAAA,GAAAD,OAAA;AAEO,SAASE,YAAYA,CAACC,KAAe,EAAEC,WAAyB,EAAO;EAC5E,OAAOC,UAAG,CAACC,KAAK,CAAC;IACfC,MAAM,EAAEJ,KAAK,CAACK,OAAO,CAACC,GAAG;IACzBC,QAAQ,EAAE,IAAIC,IAAI,CAACR,KAAK,CAACK,OAAO,CAACI,GAAG,GAAG,IAAI,CAAC;IAC5CC,UAAU,EAAE,IAAIF,IAAI,CAACR,KAAK,CAACK,OAAO,CAACM,GAAG,GAAG,IAAI,CAAC;IAC9CC,YAAY,EAAE;MACZC,cAAc,EACZb,KAAK,CAACK,OAAO,CAACS,eAAe,CAACF,YAAY,CAACG,eAAe;MAC5DC,cAAc,EACZhB,KAAK,CAACK,OAAO,CAACS,eAAe,CAACF,YAAY,CAACK,eAAe;MAC5DC,QAAQ,EAAE,IAAAC,mCAAuB,EAAClB,WAAW,EAAE,UAAU;IAC3D,CAAC;IACDmB,MAAM,EAAE;MACNC,QAAQ,EAAE,IAAAF,mCAAuB,EAAClB,WAAW,EAAE,WAAW,CAAC;MAC3DqB,SAAS,EAAE,IAAAH,mCAAuB,EAAClB,WAAW,EAAE,YAAY,CAAC;MAC7DsB,UAAU,EAAE,IAAAJ,mCAAuB,EAAClB,WAAW,EAAE,aAAa,CAAC;MAC/DuB,SAAS,EAAE,IAAAL,mCAAuB,EAAClB,WAAW,EAAE,WAAW,CAAC;MAC5DwB,YAAY,EAAE,IAAAN,mCAAuB,EAAClB,WAAW,EAAE,gBAAgB,CAAC;MACpEyB,SAAS,EAAE,IAAAP,mCAAuB,EAAClB,WAAW,EAAE,eAAe;IACjE;EACF,CAAC,CAAC;AACJ"}

package/lib/commonjs/pid/sd-jwt/index.js

@@ -0,0 +1,76 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+Object.defineProperty(exports, "PID", {
+  enumerable: true,
+  get: function () {
+    return _types2.PID;
+  }
+});
+exports.decode = decode;
+exports.verify = verify;
+var _sdJwt = require("../../sd-jwt");
+var _converters = require("./converters");
+var _types = require("../../sd-jwt/types");
+var _types2 = require("./types");
+/**
+ * Decode a given SD-JWT with Disclosures to get the parsed PID object they define.
+ * It ensures provided data is in a valid shape.
+ *
+ * It DOES NOT verify token signature nor check disclosures are correctly referenced by the SD-JWT.
+ * Use {@link verify} instead
+ *
+ * @function
+ * @param token The encoded token that represents a valid sd-jwt for verifiable credentials
+ *
+ * @returns The validated PID object along with the parsed SD-JWT token and the parsed disclosures
+ * @throws A decoding error if the token doesn't resolve in a valid SD-JWT
+ * @throws A validation error if the provided data doesn't result in a valid PID
+ *
+ */
+function decode(token) {
+  let {
+    sdJwt,
+    disclosures
+  } = (0, _sdJwt.decode)(token, _types.SdJwt4VC);
+  const pid = (0, _converters.pidFromToken)(sdJwt, disclosures);
+  return {
+    pid,
+    sdJwt,
+    disclosures
+  };
+}
+
+/**
+ * Verify a given SD-JWT with Disclosures to get the parsed PID object they define.
+ * Same as {@link decode} plus:
+ *   - token signature verification
+ *   - ensure disclosures are well-defined inside the SD-JWT
+ *
+ * @async @function
+ *
+ * @todo implement signature validation
+ * @todo check disclosures in sd-jwt
+ *
+ * @param token The encoded token that represents a valid sd-jwt for verifiable credentials
+ *
+ * @returns {VerifyResult} The validated PID object along with the parsed SD-JWT token and the parsed disclosures
+ * @throws A decoding error if the token doesn't resolve in a valid SD-JWT
+ * @throws A validation error if the provided data doesn't result in a valid PID
+ * @throws A validation error if the provided disclosures are not defined in the SD-JWT
+ * @throws Invalid signature error if the token signature is not valid
+ *
+ */
+async function verify(token) {
+  const decoded = decode(token);
+  const publicKey = decoded.sdJwt.payload.cnf.jwk;
+  await (0, _sdJwt.verify)(token, publicKey, _types.SdJwt4VC);
+  return decoded;
+}
+
+/**
+ * Result object for {@link verify}
+ */
+//# sourceMappingURL=index.js.map

package/lib/commonjs/pid/sd-jwt/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_sdJwt","require","_converters","_types","_types2","decode","token","sdJwt","disclosures","decodeJwt","SdJwt4VC","pid","pidFromToken","verify","decoded","publicKey","payload","cnf","jwk","verifyJwt"],"sourceRoot":"../../../../src","sources":["pid/sd-jwt/index.ts"],"mappings":";;;;;;;;;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAGA,IAAAC,WAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAkEA,IAAAG,OAAA,GAAAH,OAAA;AAhEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASI,MAAMA,CAACC,KAAa,EAAgB;EAClD,IAAI;IAAEC,KAAK;IAAEC;EAAY,CAAC,GAAG,IAAAC,aAAS,EAACH,KAAK,EAAEI,eAAQ,CAAC;EACvD,MAAMC,GAAG,GAAG,IAAAC,wBAAY,EAACL,KAAK,EAAEC,WAAW,CAAC;EAE5C,OAAO;IAAEG,GAAG;IAAEJ,KAAK;IAAEC;EAAY,CAAC;AACpC;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,eAAeK,MAAMA,CAACP,KAAa,EAAyB;EACjE,MAAMQ,OAAO,GAAGT,MAAM,CAACC,KAAK,CAAC;EAC7B,MAAMS,SAAS,GAAGD,OAAO,CAACP,KAAK,CAACS,OAAO,CAACC,GAAG,CAACC,GAAG;EAC/C,MAAM,IAAAC,aAAS,EAACb,KAAK,EAAES,SAAS,EAAEL,eAAQ,CAAC;EAE3C,OAAOI,OAAO;AAChB;;AAWA;AACA;AACA"}

package/lib/commonjs/pid/sd-jwt/types.js

@@ -0,0 +1,50 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.PID = void 0;
+var _zod = require("zod");
+const VerificationEvidence = _zod.z.object({
+  type: _zod.z.string(),
+  record: _zod.z.object({
+    type: _zod.z.string(),
+    source: _zod.z.object({
+      organization_name: _zod.z.string(),
+      organization_id: _zod.z.string(),
+      country_code: _zod.z.string()
+    })
+  })
+});
+const Verification = _zod.z.object({
+  trustFramework: _zod.z.literal("eidas"),
+  assuranceLevel: _zod.z.string(),
+  evidence: _zod.z.array(VerificationEvidence)
+});
+
+/**
+ * Data structure for the PID.
+ * It contains PID claims in plain text as well as verification data with the issuer's information
+ *
+ * @see https://italia.github.io/eidas-it-wallet-docs/en/pid-data-model.html
+ */
+
+const PID = _zod.z.object({
+  issuer: _zod.z.string(),
+  issuedAt: _zod.z.date(),
+  expiration: _zod.z.date(),
+  verification: Verification,
+  claims: _zod.z.object({
+    uniqueId: _zod.z.string(),
+    givenName: _zod.z.string(),
+    familyName: _zod.z.string(),
+    birthdate: _zod.z.string(),
+    placeOfBirth: _zod.z.object({
+      country: _zod.z.string(),
+      locality: _zod.z.string()
+    }),
+    taxIdCode: _zod.z.string()
+  })
+});
+exports.PID = PID;
+//# sourceMappingURL=types.js.map

package/lib/commonjs/pid/sd-jwt/types.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_zod","require","VerificationEvidence","z","object","type","string","record","source","organization_name","organization_id","country_code","Verification","trustFramework","literal","assuranceLevel","evidence","array","PID","issuer","issuedAt","date","expiration","verification","claims","uniqueId","givenName","familyName","birthdate","placeOfBirth","country","locality","taxIdCode","exports"],"sourceRoot":"../../../../src","sources":["pid/sd-jwt/types.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AAEA,MAAMC,oBAAoB,GAAGC,MAAC,CAACC,MAAM,CAAC;EACpCC,IAAI,EAAEF,MAAC,CAACG,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEJ,MAAC,CAACC,MAAM,CAAC;IACfC,IAAI,EAAEF,MAAC,CAACG,MAAM,CAAC,CAAC;IAChBE,MAAM,EAAEL,MAAC,CAACC,MAAM,CAAC;MACfK,iBAAiB,EAAEN,MAAC,CAACG,MAAM,CAAC,CAAC;MAC7BI,eAAe,EAAEP,MAAC,CAACG,MAAM,CAAC,CAAC;MAC3BK,YAAY,EAAER,MAAC,CAACG,MAAM,CAAC;IACzB,CAAC;EACH,CAAC;AACH,CAAC,CAAC;AAEF,MAAMM,YAAY,GAAGT,MAAC,CAACC,MAAM,CAAC;EAC5BS,cAAc,EAAEV,MAAC,CAACW,OAAO,CAAC,OAAO,CAAC;EAClCC,cAAc,EAAEZ,MAAC,CAACG,MAAM,CAAC,CAAC;EAC1BU,QAAQ,EAAEb,MAAC,CAACc,KAAK,CAACf,oBAAoB;AACxC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;;AAEO,MAAMgB,GAAG,GAAGf,MAAC,CAACC,MAAM,CAAC;EAC1Be,MAAM,EAAEhB,MAAC,CAACG,MAAM,CAAC,CAAC;EAClBc,QAAQ,EAAEjB,MAAC,CAACkB,IAAI,CAAC,CAAC;EAClBC,UAAU,EAAEnB,MAAC,CAACkB,IAAI,CAAC,CAAC;EACpBE,YAAY,EAAEX,YAAY;EAC1BY,MAAM,EAAErB,MAAC,CAACC,MAAM,CAAC;IACfqB,QAAQ,EAAEtB,MAAC,CAACG,MAAM,CAAC,CAAC;IACpBoB,SAAS,EAAEvB,MAAC,CAACG,MAAM,CAAC,CAAC;IACrBqB,UAAU,EAAExB,MAAC,CAACG,MAAM,CAAC,CAAC;IACtBsB,SAAS,EAAEzB,MAAC,CAACG,MAAM,CAAC,CAAC;IACrBuB,YAAY,EAAE1B,MAAC,CAACC,MAAM,CAAC;MACrB0B,OAAO,EAAE3B,MAAC,CAACG,MAAM,CAAC,CAAC;MACnByB,QAAQ,EAAE5B,MAAC,CAACG,MAAM,CAAC;IACrB,CAAC,CAAC;IACF0B,SAAS,EAAE7B,MAAC,CAACG,MAAM,CAAC;EACtB,CAAC;AACH,CAAC,CAAC;AAAC2B,OAAA,CAAAf,GAAA,GAAAA,GAAA"}

package/lib/commonjs/sd-jwt/__test__/converters.test.js

@@ -0,0 +1,25 @@
+"use strict";
+
+var _converters = require("../converters");
+const disclosures = [["6w1_soRXFgaHKfpYn3cvfQ", "given_name", "Mario"], ["fuNp97Hf3wV6y48y-QZhIg", "birthdate", "1980-10-01"], ["p-9LzyWHZBVDvhXDWkN2xA", "place_of_birth", {
+  country: "IT",
+  locality: "Rome"
+}]];
+describe("getValueFromDisclosures", () => {
+  it("should return correct value for given_name", () => {
+    const success = (0, _converters.getValueFromDisclosures)(disclosures, "given_name");
+    expect(success).toBe("Mario");
+  });
+  it("should return correct value for place_of_birth", () => {
+    const success = (0, _converters.getValueFromDisclosures)(disclosures, "place_of_birth");
+    expect(success).toEqual({
+      country: "IT",
+      locality: "Rome"
+    });
+  });
+  it("should fail", () => {
+    const success = (0, _converters.getValueFromDisclosures)(disclosures, "given_surname");
+    expect(success).toBeUndefined();
+  });
+});
+//# sourceMappingURL=converters.test.js.map

package/lib/commonjs/sd-jwt/__test__/converters.test.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_converters","require","disclosures","country","locality","describe","it","success","getValueFromDisclosures","expect","toBe","toEqual","toBeUndefined"],"sourceRoot":"../../../../src","sources":["sd-jwt/__test__/converters.test.ts"],"mappings":";;AAAA,IAAAA,WAAA,GAAAC,OAAA;AAGA,MAAMC,WAAyB,GAAG,CAChC,CAAC,wBAAwB,EAAE,YAAY,EAAE,OAAO,CAAC,EACjD,CAAC,wBAAwB,EAAE,WAAW,EAAE,YAAY,CAAC,EACrD,CACE,wBAAwB,EACxB,gBAAgB,EAChB;EAAEC,OAAO,EAAE,IAAI;EAAEC,QAAQ,EAAE;AAAO,CAAC,CACpC,CACF;AAEDC,QAAQ,CAAC,yBAAyB,EAAE,MAAM;EACxCC,EAAE,CAAC,4CAA4C,EAAE,MAAM;IACrD,MAAMC,OAAO,GAAG,IAAAC,mCAAuB,EAACN,WAAW,EAAE,YAAY,CAAC;IAClEO,MAAM,CAACF,OAAO,CAAC,CAACG,IAAI,CAAC,OAAO,CAAC;EAC/B,CAAC,CAAC;EACFJ,EAAE,CAAC,gDAAgD,EAAE,MAAM;IACzD,MAAMC,OAAO,GAAG,IAAAC,mCAAuB,EAACN,WAAW,EAAE,gBAAgB,CAAC;IACtEO,MAAM,CAACF,OAAO,CAAC,CAACI,OAAO,CAAC;MAAER,OAAO,EAAE,IAAI;MAAEC,QAAQ,EAAE;IAAO,CAAC,CAAC;EAC9D,CAAC,CAAC;EACFE,EAAE,CAAC,aAAa,EAAE,MAAM;IACtB,MAAMC,OAAO,GAAG,IAAAC,mCAAuB,EAACN,WAAW,EAAE,eAAe,CAAC;IACrEO,MAAM,CAACF,OAAO,CAAC,CAACK,aAAa,CAAC,CAAC;EACjC,CAAC,CAAC;AACJ,CAAC,CAAC"}

package/lib/commonjs/sd-jwt/__test__/types.test.js

@@ -0,0 +1,70 @@
+"use strict";
+
+var _types = require("../types");
+describe("SdJwt4VC", () => {
+  it("should accept a valid token", () => {
+    // example provided at https://italia.github.io/eidas-it-wallet-docs/en/pid-data-model.html
+    const token = {
+      header: {
+        typ: "vc+sd-jwt",
+        alg: "RS512",
+        kid: "dB67gL7ck3TFiIAf7N6_7SHvqk0MDYMEQcoGGlkUAAw",
+        trust_chain: ["NEhRdERpYnlHY3M5WldWTWZ2aUhm ...", "eyJhbGciOiJSUzI1NiIsImtpZCI6 ...", "IkJYdmZybG5oQU11SFIwN2FqVW1B ..."]
+      },
+      payload: {
+        iss: "https://pidprovider.example.org",
+        sub: "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs...",
+        jti: "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c",
+        iat: 1541493724,
+        exp: 1541493724,
+        status: "https://pidprovider.example.org/status",
+        cnf: {
+          jwk: {
+            kty: "RSA",
+            use: "sig",
+            n: "1Ta-sE …",
+            e: "AQAB",
+            kid: "YhNFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs"
+          }
+        },
+        type: "PersonIdentificationData",
+        verified_claims: {
+          verification: {
+            _sd: ["OGm7ryXgt5Xzlevp-Hu-UTk0a-TxAaPAobqv1pIWMfw"],
+            trust_framework: "eidas",
+            assurance_level: "high"
+          },
+          claims: {
+            _sd: ["8JjozBfovMNvQ3HflmPWy4O19Gpxs61FWHjZebU589E", "BoMGktW1rbikntw8Fzx_BeL4YbAndr6AHsdgpatFCig", "CFLGzentGNRFngnLVVQVcoAFi05r6RJUX-rdbLdEfew", "JU_sTaHCngS32X-0ajHrd1-HCLCkpT5YqgcfQme168w", "VQI-S1mT1Kxfq2o8J9io7xMMX2MIxaG9M9PeJVqrMcA", "zVdghcmClMVWlUgGsGpSkCPkEHZ4u9oWj1SlIBlCc1o"]
+          }
+        },
+        _sd_alg: "sha-256"
+      }
+    };
+    const {
+      success
+    } = _types.SdJwt4VC.safeParse(token);
+    expect(success).toBe(true);
+  });
+});
+describe("Disclosure", () => {
+  it("should accept a valid disclosure", () => {
+    // example provided at https://italia.github.io/eidas-it-wallet-docs/en/pid-data-model.html
+    const value = ["2GLC42sKQveCfGfryNRN9w", "evidence", [{
+      type: "electronic_record",
+      record: {
+        type: "eidas.it.cie",
+        source: {
+          organization_name: "Ministero dell'Interno",
+          organization_id: "m_it",
+          country_code: "IT"
+        }
+      }
+    }]];
+    const {
+      success
+    } = _types.Disclosure.safeParse(value);
+    expect(success).toBe(true);
+  });
+});
+//# sourceMappingURL=types.test.js.map

package/lib/commonjs/sd-jwt/__test__/types.test.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_types","require","describe","it","token","header","typ","alg","kid","trust_chain","payload","iss","sub","jti","iat","exp","status","cnf","jwk","kty","use","n","e","type","verified_claims","verification","_sd","trust_framework","assurance_level","claims","_sd_alg","success","SdJwt4VC","safeParse","expect","toBe","value","record","source","organization_name","organization_id","country_code","Disclosure"],"sourceRoot":"../../../../src","sources":["sd-jwt/__test__/types.test.ts"],"mappings":";;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAEAC,QAAQ,CAAC,UAAU,EAAE,MAAM;EACzBC,EAAE,CAAC,6BAA6B,EAAE,MAAM;IACtC;IACA,MAAMC,KAAK,GAAG;MACZC,MAAM,EAAE;QACNC,GAAG,EAAE,WAAW;QAChBC,GAAG,EAAE,OAAO;QACZC,GAAG,EAAE,6CAA6C;QAClDC,WAAW,EAAE,CACX,kCAAkC,EAClC,kCAAkC,EAClC,kCAAkC;MAEtC,CAAC;MACDC,OAAO,EAAE;QACPC,GAAG,EAAE,iCAAiC;QACtCC,GAAG,EAAE,sCAAsC;QAC3CC,GAAG,EAAE,+CAA+C;QACpDC,GAAG,EAAE,UAAU;QACfC,GAAG,EAAE,UAAU;QACfC,MAAM,EAAE,wCAAwC;QAChDC,GAAG,EAAE;UACHC,GAAG,EAAE;YACHC,GAAG,EAAE,KAAK;YACVC,GAAG,EAAE,KAAK;YACVC,CAAC,EAAE,UAAU;YACbC,CAAC,EAAE,MAAM;YACTd,GAAG,EAAE;UACP;QACF,CAAC;QACDe,IAAI,EAAE,0BAA0B;QAChCC,eAAe,EAAE;UACfC,YAAY,EAAE;YACZC,GAAG,EAAE,CAAC,6CAA6C,CAAC;YACpDC,eAAe,EAAE,OAAO;YACxBC,eAAe,EAAE;UACnB,CAAC;UACDC,MAAM,EAAE;YACNH,GAAG,EAAE,CACH,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C;UAEjD;QACF,CAAC;QACDI,OAAO,EAAE;MACX;IACF,CAAC;IAED,MAAM;MAAEC;IAAQ,CAAC,GAAGC,eAAQ,CAACC,SAAS,CAAC7B,KAAK,CAAC;IAE7C8B,MAAM,CAACH,OAAO,CAAC,CAACI,IAAI,CAAC,IAAI,CAAC;EAC5B,CAAC,CAAC;AACJ,CAAC,CAAC;AAEFjC,QAAQ,CAAC,YAAY,EAAE,MAAM;EAC3BC,EAAE,CAAC,kCAAkC,EAAE,MAAM;IAC3C;IACA,MAAMiC,KAAK,GAAG,CACZ,wBAAwB,EACxB,UAAU,EACV,CACE;MACEb,IAAI,EAAE,mBAAmB;MACzBc,MAAM,EAAE;QACNd,IAAI,EAAE,cAAc;QACpBe,MAAM,EAAE;UACNC,iBAAiB,EAAE,wBAAwB;UAC3CC,eAAe,EAAE,MAAM;UACvBC,YAAY,EAAE;QAChB;MACF;IACF,CAAC,CACF,CACF;IAED,MAAM;MAAEV;IAAQ,CAAC,GAAGW,iBAAU,CAACT,SAAS,CAACG,KAAK,CAAC;IAC/CF,MAAM,CAACH,OAAO,CAAC,CAACI,IAAI,CAAC,IAAI,CAAC;EAC5B,CAAC,CAAC;AACJ,CAAC,CAAC"}

package/lib/commonjs/sd-jwt/converters.js

@@ -0,0 +1,30 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.getValueFromDisclosures = getValueFromDisclosures;
+function getValueFromDisclosures(disclosures, claimName) {
+  var _disclosures$find;
+  const value = (_disclosures$find = disclosures.find(_ref => {
+    let [, name] = _ref;
+    return name === claimName;
+  })) === null || _disclosures$find === void 0 ? void 0 : _disclosures$find[2];
+  // value didn't found, we return nothing
+  if (!value) {
+    return undefined;
+  }
+  // value is not a string, it's probably fine
+  if (typeof value !== "string") {
+    return value;
+  }
+  // value is a string, we try to parse it
+  // maybe it's a serialized object
+  try {
+    return JSON.parse(value);
+  } catch (error) {
+    // It's definitely a string
+    return value;
+  }
+}
+//# sourceMappingURL=converters.js.map

package/lib/commonjs/sd-jwt/converters.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["getValueFromDisclosures","disclosures","claimName","_disclosures$find","value","find","_ref","name","undefined","JSON","parse","error"],"sourceRoot":"../../../src","sources":["sd-jwt/converters.ts"],"mappings":";;;;;;AAEO,SAASA,uBAAuBA,CACrCC,WAAyB,EACzBC,SAAiB,EACjB;EAAA,IAAAC,iBAAA;EACA,MAAMC,KAAK,IAAAD,iBAAA,GAAGF,WAAW,CAACI,IAAI,CAACC,IAAA;IAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,IAAA;IAAA,OAAKC,IAAI,KAAKL,SAAS;EAAA,EAAC,cAAAC,iBAAA,uBAAlDA,iBAAA,CAAqD,CAAC,CAAC;EACrE;EACA,IAAI,CAACC,KAAK,EAAE;IACV,OAAOI,SAAS;EAClB;EACA;EACA,IAAI,OAAOJ,KAAK,KAAK,QAAQ,EAAE;IAC7B,OAAOA,KAAK;EACd;EACA;EACA;EACA,IAAI;IACF,OAAOK,IAAI,CAACC,KAAK,CAACN,KAAK,CAAC;EAC1B,CAAC,CAAC,OAAOO,KAAK,EAAE;IACd;IACA,OAAOP,KAAK;EACd;AACF"}

package/lib/commonjs/sd-jwt/index.js

@@ -0,0 +1,77 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.verify = exports.decode = void 0;
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _types = require("./types");
+var _verifier = require("./verifier");
+/**
+ * Decode a given SD-JWT with Disclosures to get the parsed SD-JWT object they define.
+ * It ensures provided data is in a valid shape.
+ *
+ * It DOES NOT verify token signature nor check disclosures are correctly referenced by the SD-JWT.
+ * Use {@link verify} instead
+ *
+ * @function
+ * @param token The encoded token that represents a valid sd-jwt for verifiable credentials
+ * @param schema Schema to use to parse the SD-JWT
+ *
+ * @returns The parsed SD-JWT token and the parsed disclosures
+ *
+ */
+const decode = (token, schema) => {
+  // token are expected in the form "sd-jwt~disclosure0~disclosure1~...~disclosureN"
+  const [rawSdJwt = "", ...rawDisclosures] = token.split("~");
+
+  // get the sd-jwt as object
+  // validate it's a valid SD-JWT for Verifiable Credentials
+  const decodedJwt = (0, _ioReactNativeJwt.decode)(rawSdJwt);
+  const sdJwt = schema.parse({
+    header: decodedJwt.protectedHeader,
+    payload: decodedJwt.payload
+  });
+
+  // get disclosures as list of triples
+  // validate each triple
+  // throw a validation error if at least one fails to parse
+  const disclosures = rawDisclosures.map(_ioReactNativeJwt.decodeBase64).map(e => JSON.parse(e)).map(e => _types.Disclosure.parse(e));
+  return {
+    sdJwt,
+    disclosures
+  };
+};
+
+/**
+ * Verify a given SD-JWT with Disclosures
+ * Same as {@link decode} plus:
+ *   - token signature verification
+ *   - ensure disclosures are well-defined inside the SD-JWT
+ *
+ * @async @function
+ *
+ *
+ * @param token The encoded token that represents a valid sd-jwt for verifiable credentials
+ * @param publicKey The public key to validate the signature
+ * @param schema Schema to use to parse the SD-JWT
+ *
+ * @returns The parsed SD-JWT token and the parsed disclosures
+ *
+ */
+exports.decode = decode;
+const verify = async (token, publicKey, schema) => {
+  // get decoded data
+  const [rawSdJwt = ""] = token.split("~");
+  const decoded = decode(token, schema);
+
+  //Check signature
+  await (0, _ioReactNativeJwt.verify)(rawSdJwt, publicKey);
+
+  //Check disclosures in sd-jwt
+  const claims = [...decoded.sdJwt.payload.verified_claims.verification._sd, ...decoded.sdJwt.payload.verified_claims.claims._sd];
+  await Promise.all(decoded.disclosures.map(async disclosure => await (0, _verifier.verifyDisclosure)(disclosure, claims)));
+  return decoded;
+};
+exports.verify = verify;
+//# sourceMappingURL=index.js.map

package/lib/commonjs/sd-jwt/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_ioReactNativeJwt","require","_types","_verifier","decode","token","schema","rawSdJwt","rawDisclosures","split","decodedJwt","decodeJwt","sdJwt","parse","header","protectedHeader","payload","disclosures","map","decodeBase64","e","JSON","Disclosure","exports","verify","publicKey","decoded","verifyJwt","claims","verified_claims","verification","_sd","Promise","all","disclosure","verifyDisclosure"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":";;;;;;AAEA,IAAAA,iBAAA,GAAAC,OAAA;AAIA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,SAAA,GAAAF,OAAA;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,MAAM,GAAGA,CACpBC,KAAa,EACbC,MAAS,KAC4C;EACrD;EACA,MAAM,CAACC,QAAQ,GAAG,EAAE,EAAE,GAAGC,cAAc,CAAC,GAAGH,KAAK,CAACI,KAAK,CAAC,GAAG,CAAC;;EAE3D;EACA;EACA,MAAMC,UAAU,GAAG,IAAAC,wBAAS,EAACJ,QAAQ,CAAC;EACtC,MAAMK,KAAK,GAAGN,MAAM,CAACO,KAAK,CAAC;IACzBC,MAAM,EAAEJ,UAAU,CAACK,eAAe;IAClCC,OAAO,EAAEN,UAAU,CAACM;EACtB,CAAC,CAAC;;EAEF;EACA;EACA;EACA,MAAMC,WAAW,GAAGT,cAAc,CAC/BU,GAAG,CAACC,8BAAY,CAAC,CACjBD,GAAG,CAAEE,CAAC,IAAKC,IAAI,CAACR,KAAK,CAACO,CAAC,CAAC,CAAC,CACzBF,GAAG,CAAEE,CAAC,IAAKE,iBAAU,CAACT,KAAK,CAACO,CAAC,CAAC,CAAC;EAElC,OAAO;IAAER,KAAK;IAAEK;EAAY,CAAC;AAC/B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAfAM,OAAA,CAAAnB,MAAA,GAAAA,MAAA;AAgBO,MAAMoB,MAAM,GAAG,MAAAA,CACpBnB,KAAa,EACboB,SAAc,EACdnB,MAAS,KACqD;EAC9D;EACA,MAAM,CAACC,QAAQ,GAAG,EAAE,CAAC,GAAGF,KAAK,CAACI,KAAK,CAAC,GAAG,CAAC;EACxC,MAAMiB,OAAO,GAAGtB,MAAM,CAACC,KAAK,EAAEC,MAAM,CAAC;;EAErC;EACA,MAAM,IAAAqB,wBAAS,EAACpB,QAAQ,EAAEkB,SAAS,CAAC;;EAEpC;EACA,MAAMG,MAAM,GAAG,CACb,GAAGF,OAAO,CAACd,KAAK,CAACI,OAAO,CAACa,eAAe,CAACC,YAAY,CAACC,GAAG,EACzD,GAAGL,OAAO,CAACd,KAAK,CAACI,OAAO,CAACa,eAAe,CAACD,MAAM,CAACG,GAAG,CACpD;EAED,MAAMC,OAAO,CAACC,GAAG,CACfP,OAAO,CAACT,WAAW,CAACC,GAAG,CACrB,MAAOgB,UAAU,IAAK,MAAM,IAAAC,0BAAgB,EAACD,UAAU,EAAEN,MAAM,CACjE,CACF,CAAC;EAED,OAAOF,OAAO;AAChB,CAAC;AAACH,OAAA,CAAAC,MAAA,GAAAA,MAAA"}

package/lib/commonjs/sd-jwt/types.js

@@ -0,0 +1,53 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.UnixTime = exports.SdJwt4VC = exports.ObfuscatedDisclosures = exports.Disclosure = void 0;
+var _jwk = require("../utils/jwk");
+var _zod = require("zod");
+const UnixTime = _zod.z.number().min(0).max(2147483647000);
+exports.UnixTime = UnixTime;
+const ObfuscatedDisclosures = _zod.z.object({
+  _sd: _zod.z.array(_zod.z.string())
+});
+
+/**
+ * A triple of values in the form of {salt, claim name, claim value} that represent a parsed disclosure.
+ *
+ * @see https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt-04
+ * @see https://vcstuff.github.io/draft-terbu-sd-jwt-vc/draft-terbu-oauth-sd-jwt-vc.html
+ */
+exports.ObfuscatedDisclosures = ObfuscatedDisclosures;
+const Disclosure = _zod.z.tuple([/* salt */_zod.z.string(), /* claim name */_zod.z.string(), /* claim value */_zod.z.unknown()]);
+exports.Disclosure = Disclosure;
+const SdJwt4VC = _zod.z.object({
+  header: _zod.z.object({
+    typ: _zod.z.literal("vc+sd-jwt"),
+    alg: _zod.z.string(),
+    kid: _zod.z.string(),
+    trust_chain: _zod.z.array(_zod.z.string())
+  }),
+  payload: _zod.z.object({
+    iss: _zod.z.string(),
+    sub: _zod.z.string(),
+    jti: _zod.z.string(),
+    iat: UnixTime,
+    exp: UnixTime,
+    status: _zod.z.string(),
+    cnf: _zod.z.object({
+      jwk: _jwk.JWK
+    }),
+    type: _zod.z.literal("PersonIdentificationData"),
+    verified_claims: _zod.z.object({
+      verification: _zod.z.intersection(_zod.z.object({
+        trust_framework: _zod.z.literal("eidas"),
+        assurance_level: _zod.z.string()
+      }), ObfuscatedDisclosures),
+      claims: ObfuscatedDisclosures
+    }),
+    _sd_alg: _zod.z.literal("sha-256")
+  })
+});
+exports.SdJwt4VC = SdJwt4VC;
+//# sourceMappingURL=types.js.map

package/lib/commonjs/sd-jwt/types.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_jwk","require","_zod","UnixTime","z","number","min","max","exports","ObfuscatedDisclosures","object","_sd","array","string","Disclosure","tuple","unknown","SdJwt4VC","header","typ","literal","alg","kid","trust_chain","payload","iss","sub","jti","iat","exp","status","cnf","jwk","JWK","type","verified_claims","verification","intersection","trust_framework","assurance_level","claims","_sd_alg"],"sourceRoot":"../../../src","sources":["sd-jwt/types.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AAEO,MAAME,QAAQ,GAAGC,MAAC,CAACC,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAACC,GAAG,CAAC,aAAa,CAAC;AAACC,OAAA,CAAAL,QAAA,GAAAA,QAAA;AAItD,MAAMM,qBAAqB,GAAGL,MAAC,CAACM,MAAM,CAAC;EAAEC,GAAG,EAAEP,MAAC,CAACQ,KAAK,CAACR,MAAC,CAACS,MAAM,CAAC,CAAC;AAAE,CAAC,CAAC;;AAE3E;AACA;AACA;AACA;AACA;AACA;AALAL,OAAA,CAAAC,qBAAA,GAAAA,qBAAA;AAOO,MAAMK,UAAU,GAAGV,MAAC,CAACW,KAAK,CAAC,CAChC,UAAWX,MAAC,CAACS,MAAM,CAAC,CAAC,EACrB,gBAAiBT,MAAC,CAACS,MAAM,CAAC,CAAC,EAC3B,iBAAkBT,MAAC,CAACY,OAAO,CAAC,CAAC,CAC9B,CAAC;AAACR,OAAA,CAAAM,UAAA,GAAAA,UAAA;AAGI,MAAMG,QAAQ,GAAGb,MAAC,CAACM,MAAM,CAAC;EAC/BQ,MAAM,EAAEd,MAAC,CAACM,MAAM,CAAC;IACfS,GAAG,EAAEf,MAAC,CAACgB,OAAO,CAAC,WAAW,CAAC;IAC3BC,GAAG,EAAEjB,MAAC,CAACS,MAAM,CAAC,CAAC;IACfS,GAAG,EAAElB,MAAC,CAACS,MAAM,CAAC,CAAC;IACfU,WAAW,EAAEnB,MAAC,CAACQ,KAAK,CAACR,MAAC,CAACS,MAAM,CAAC,CAAC;EACjC,CAAC,CAAC;EACFW,OAAO,EAAEpB,MAAC,CAACM,MAAM,CAAC;IAChBe,GAAG,EAAErB,MAAC,CAACS,MAAM,CAAC,CAAC;IACfa,GAAG,EAAEtB,MAAC,CAACS,MAAM,CAAC,CAAC;IACfc,GAAG,EAAEvB,MAAC,CAACS,MAAM,CAAC,CAAC;IACfe,GAAG,EAAEzB,QAAQ;IACb0B,GAAG,EAAE1B,QAAQ;IACb2B,MAAM,EAAE1B,MAAC,CAACS,MAAM,CAAC,CAAC;IAClBkB,GAAG,EAAE3B,MAAC,CAACM,MAAM,CAAC;MACZsB,GAAG,EAAEC;IACP,CAAC,CAAC;IACFC,IAAI,EAAE9B,MAAC,CAACgB,OAAO,CAAC,0BAA0B,CAAC;IAC3Ce,eAAe,EAAE/B,MAAC,CAACM,MAAM,CAAC;MACxB0B,YAAY,EAAEhC,MAAC,CAACiC,YAAY,CAC1BjC,MAAC,CAACM,MAAM,CAAC;QACP4B,eAAe,EAAElC,MAAC,CAACgB,OAAO,CAAC,OAAO,CAAC;QACnCmB,eAAe,EAAEnC,MAAC,CAACS,MAAM,CAAC;MAC5B,CAAC,CAAC,EACFJ,qBACF,CAAC;MACD+B,MAAM,EAAE/B;IACV,CAAC,CAAC;IACFgC,OAAO,EAAErC,MAAC,CAACgB,OAAO,CAAC,SAAS;EAC9B,CAAC;AACH,CAAC,CAAC;AAACZ,OAAA,CAAAS,QAAA,GAAAA,QAAA"}

package/lib/commonjs/sd-jwt/verifier.js

@@ -0,0 +1,18 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.verifyDisclosure = void 0;
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _errors = require("../utils/errors");
+const verifyDisclosure = async (disclosure, claims) => {
+  let disclosureString = JSON.stringify(disclosure);
+  let encodedDisclosure = (0, _ioReactNativeJwt.encodeBase64)(disclosureString);
+  let hash = await (0, _ioReactNativeJwt.sha256ToBase64)(encodedDisclosure);
+  if (!claims.includes(hash)) {
+    throw new _errors.ValidationFailed("Validation of disclosure failed", `${disclosure}`, "Disclosure hash not found in claims");
+  }
+};
+exports.verifyDisclosure = verifyDisclosure;
+//# sourceMappingURL=verifier.js.map

package/lib/commonjs/sd-jwt/verifier.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_ioReactNativeJwt","require","_errors","verifyDisclosure","disclosure","claims","disclosureString","JSON","stringify","encodedDisclosure","encodeBase64","hash","sha256ToBase64","includes","ValidationFailed","exports"],"sourceRoot":"../../../src","sources":["sd-jwt/verifier.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAEA,IAAAC,OAAA,GAAAD,OAAA;AAGO,MAAME,gBAAgB,GAAG,MAAAA,CAC9BC,UAAsB,EACtBC,MAAoC,KACjC;EACH,IAAIC,gBAAgB,GAAGC,IAAI,CAACC,SAAS,CAACJ,UAAU,CAAC;EACjD,IAAIK,iBAAiB,GAAG,IAAAC,8BAAY,EAACJ,gBAAgB,CAAC;EACtD,IAAIK,IAAI,GAAG,MAAM,IAAAC,gCAAc,EAACH,iBAAiB,CAAC;EAClD,IAAI,CAACJ,MAAM,CAACQ,QAAQ,CAACF,IAAI,CAAC,EAAE;IAC1B,MAAM,IAAIG,wBAAgB,CACxB,iCAAiC,EAChC,GAAEV,UAAW,EAAC,EACf,qCACF,CAAC;EACH;AACF,CAAC;AAACW,OAAA,CAAAZ,gBAAA,GAAAA,gBAAA"}