@pagopa/io-react-native-wallet 0.1.0

package/lib/module/sd-jwt/__test__/types.test.js

@@ -0,0 +1,68 @@
+import { Disclosure, SdJwt4VC } from "../types";
+describe("SdJwt4VC", () => {
+  it("should accept a valid token", () => {
+    // example provided at https://italia.github.io/eidas-it-wallet-docs/en/pid-data-model.html
+    const token = {
+      header: {
+        typ: "vc+sd-jwt",
+        alg: "RS512",
+        kid: "dB67gL7ck3TFiIAf7N6_7SHvqk0MDYMEQcoGGlkUAAw",
+        trust_chain: ["NEhRdERpYnlHY3M5WldWTWZ2aUhm ...", "eyJhbGciOiJSUzI1NiIsImtpZCI6 ...", "IkJYdmZybG5oQU11SFIwN2FqVW1B ..."]
+      },
+      payload: {
+        iss: "https://pidprovider.example.org",
+        sub: "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs...",
+        jti: "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c",
+        iat: 1541493724,
+        exp: 1541493724,
+        status: "https://pidprovider.example.org/status",
+        cnf: {
+          jwk: {
+            kty: "RSA",
+            use: "sig",
+            n: "1Ta-sE …",
+            e: "AQAB",
+            kid: "YhNFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs"
+          }
+        },
+        type: "PersonIdentificationData",
+        verified_claims: {
+          verification: {
+            _sd: ["OGm7ryXgt5Xzlevp-Hu-UTk0a-TxAaPAobqv1pIWMfw"],
+            trust_framework: "eidas",
+            assurance_level: "high"
+          },
+          claims: {
+            _sd: ["8JjozBfovMNvQ3HflmPWy4O19Gpxs61FWHjZebU589E", "BoMGktW1rbikntw8Fzx_BeL4YbAndr6AHsdgpatFCig", "CFLGzentGNRFngnLVVQVcoAFi05r6RJUX-rdbLdEfew", "JU_sTaHCngS32X-0ajHrd1-HCLCkpT5YqgcfQme168w", "VQI-S1mT1Kxfq2o8J9io7xMMX2MIxaG9M9PeJVqrMcA", "zVdghcmClMVWlUgGsGpSkCPkEHZ4u9oWj1SlIBlCc1o"]
+          }
+        },
+        _sd_alg: "sha-256"
+      }
+    };
+    const {
+      success
+    } = SdJwt4VC.safeParse(token);
+    expect(success).toBe(true);
+  });
+});
+describe("Disclosure", () => {
+  it("should accept a valid disclosure", () => {
+    // example provided at https://italia.github.io/eidas-it-wallet-docs/en/pid-data-model.html
+    const value = ["2GLC42sKQveCfGfryNRN9w", "evidence", [{
+      type: "electronic_record",
+      record: {
+        type: "eidas.it.cie",
+        source: {
+          organization_name: "Ministero dell'Interno",
+          organization_id: "m_it",
+          country_code: "IT"
+        }
+      }
+    }]];
+    const {
+      success
+    } = Disclosure.safeParse(value);
+    expect(success).toBe(true);
+  });
+});
+//# sourceMappingURL=types.test.js.map

package/lib/module/sd-jwt/__test__/types.test.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["Disclosure","SdJwt4VC","describe","it","token","header","typ","alg","kid","trust_chain","payload","iss","sub","jti","iat","exp","status","cnf","jwk","kty","use","n","e","type","verified_claims","verification","_sd","trust_framework","assurance_level","claims","_sd_alg","success","safeParse","expect","toBe","value","record","source","organization_name","organization_id","country_code"],"sourceRoot":"../../../../src","sources":["sd-jwt/__test__/types.test.ts"],"mappings":"AAAA,SAASA,UAAU,EAAEC,QAAQ,QAAQ,UAAU;AAE/CC,QAAQ,CAAC,UAAU,EAAE,MAAM;EACzBC,EAAE,CAAC,6BAA6B,EAAE,MAAM;IACtC;IACA,MAAMC,KAAK,GAAG;MACZC,MAAM,EAAE;QACNC,GAAG,EAAE,WAAW;QAChBC,GAAG,EAAE,OAAO;QACZC,GAAG,EAAE,6CAA6C;QAClDC,WAAW,EAAE,CACX,kCAAkC,EAClC,kCAAkC,EAClC,kCAAkC;MAEtC,CAAC;MACDC,OAAO,EAAE;QACPC,GAAG,EAAE,iCAAiC;QACtCC,GAAG,EAAE,sCAAsC;QAC3CC,GAAG,EAAE,+CAA+C;QACpDC,GAAG,EAAE,UAAU;QACfC,GAAG,EAAE,UAAU;QACfC,MAAM,EAAE,wCAAwC;QAChDC,GAAG,EAAE;UACHC,GAAG,EAAE;YACHC,GAAG,EAAE,KAAK;YACVC,GAAG,EAAE,KAAK;YACVC,CAAC,EAAE,UAAU;YACbC,CAAC,EAAE,MAAM;YACTd,GAAG,EAAE;UACP;QACF,CAAC;QACDe,IAAI,EAAE,0BAA0B;QAChCC,eAAe,EAAE;UACfC,YAAY,EAAE;YACZC,GAAG,EAAE,CAAC,6CAA6C,CAAC;YACpDC,eAAe,EAAE,OAAO;YACxBC,eAAe,EAAE;UACnB,CAAC;UACDC,MAAM,EAAE;YACNH,GAAG,EAAE,CACH,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C;UAEjD;QACF,CAAC;QACDI,OAAO,EAAE;MACX;IACF,CAAC;IAED,MAAM;MAAEC;IAAQ,CAAC,GAAG9B,QAAQ,CAAC+B,SAAS,CAAC5B,KAAK,CAAC;IAE7C6B,MAAM,CAACF,OAAO,CAAC,CAACG,IAAI,CAAC,IAAI,CAAC;EAC5B,CAAC,CAAC;AACJ,CAAC,CAAC;AAEFhC,QAAQ,CAAC,YAAY,EAAE,MAAM;EAC3BC,EAAE,CAAC,kCAAkC,EAAE,MAAM;IAC3C;IACA,MAAMgC,KAAK,GAAG,CACZ,wBAAwB,EACxB,UAAU,EACV,CACE;MACEZ,IAAI,EAAE,mBAAmB;MACzBa,MAAM,EAAE;QACNb,IAAI,EAAE,cAAc;QACpBc,MAAM,EAAE;UACNC,iBAAiB,EAAE,wBAAwB;UAC3CC,eAAe,EAAE,MAAM;UACvBC,YAAY,EAAE;QAChB;MACF;IACF,CAAC,CACF,CACF;IAED,MAAM;MAAET;IAAQ,CAAC,GAAG/B,UAAU,CAACgC,SAAS,CAACG,KAAK,CAAC;IAC/CF,MAAM,CAACF,OAAO,CAAC,CAACG,IAAI,CAAC,IAAI,CAAC;EAC5B,CAAC,CAAC;AACJ,CAAC,CAAC"}

package/lib/module/sd-jwt/converters.js

@@ -0,0 +1,24 @@
+export function getValueFromDisclosures(disclosures, claimName) {
+  var _disclosures$find;
+  const value = (_disclosures$find = disclosures.find(_ref => {
+    let [, name] = _ref;
+    return name === claimName;
+  })) === null || _disclosures$find === void 0 ? void 0 : _disclosures$find[2];
+  // value didn't found, we return nothing
+  if (!value) {
+    return undefined;
+  }
+  // value is not a string, it's probably fine
+  if (typeof value !== "string") {
+    return value;
+  }
+  // value is a string, we try to parse it
+  // maybe it's a serialized object
+  try {
+    return JSON.parse(value);
+  } catch (error) {
+    // It's definitely a string
+    return value;
+  }
+}
+//# sourceMappingURL=converters.js.map

package/lib/module/sd-jwt/converters.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["getValueFromDisclosures","disclosures","claimName","_disclosures$find","value","find","_ref","name","undefined","JSON","parse","error"],"sourceRoot":"../../../src","sources":["sd-jwt/converters.ts"],"mappings":"AAEA,OAAO,SAASA,uBAAuBA,CACrCC,WAAyB,EACzBC,SAAiB,EACjB;EAAA,IAAAC,iBAAA;EACA,MAAMC,KAAK,IAAAD,iBAAA,GAAGF,WAAW,CAACI,IAAI,CAACC,IAAA;IAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,IAAA;IAAA,OAAKC,IAAI,KAAKL,SAAS;EAAA,EAAC,cAAAC,iBAAA,uBAAlDA,iBAAA,CAAqD,CAAC,CAAC;EACrE;EACA,IAAI,CAACC,KAAK,EAAE;IACV,OAAOI,SAAS;EAClB;EACA;EACA,IAAI,OAAOJ,KAAK,KAAK,QAAQ,EAAE;IAC7B,OAAOA,KAAK;EACd;EACA;EACA;EACA,IAAI;IACF,OAAOK,IAAI,CAACC,KAAK,CAACN,KAAK,CAAC;EAC1B,CAAC,CAAC,OAAOO,KAAK,EAAE;IACd;IACA,OAAOP,KAAK;EACd;AACF"}

package/lib/module/sd-jwt/index.js

@@ -0,0 +1,71 @@
+import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
+import { verify as verifyJwt } from "@pagopa/io-react-native-jwt";
+import { decodeBase64 } from "@pagopa/io-react-native-jwt";
+import { Disclosure } from "./types";
+import { verifyDisclosure } from "./verifier";
+/**
+ * Decode a given SD-JWT with Disclosures to get the parsed SD-JWT object they define.
+ * It ensures provided data is in a valid shape.
+ *
+ * It DOES NOT verify token signature nor check disclosures are correctly referenced by the SD-JWT.
+ * Use {@link verify} instead
+ *
+ * @function
+ * @param token The encoded token that represents a valid sd-jwt for verifiable credentials
+ * @param schema Schema to use to parse the SD-JWT
+ *
+ * @returns The parsed SD-JWT token and the parsed disclosures
+ *
+ */
+export const decode = (token, schema) => {
+  // token are expected in the form "sd-jwt~disclosure0~disclosure1~...~disclosureN"
+  const [rawSdJwt = "", ...rawDisclosures] = token.split("~");
+
+  // get the sd-jwt as object
+  // validate it's a valid SD-JWT for Verifiable Credentials
+  const decodedJwt = decodeJwt(rawSdJwt);
+  const sdJwt = schema.parse({
+    header: decodedJwt.protectedHeader,
+    payload: decodedJwt.payload
+  });
+
+  // get disclosures as list of triples
+  // validate each triple
+  // throw a validation error if at least one fails to parse
+  const disclosures = rawDisclosures.map(decodeBase64).map(e => JSON.parse(e)).map(e => Disclosure.parse(e));
+  return {
+    sdJwt,
+    disclosures
+  };
+};
+
+/**
+ * Verify a given SD-JWT with Disclosures
+ * Same as {@link decode} plus:
+ *   - token signature verification
+ *   - ensure disclosures are well-defined inside the SD-JWT
+ *
+ * @async @function
+ *
+ *
+ * @param token The encoded token that represents a valid sd-jwt for verifiable credentials
+ * @param publicKey The public key to validate the signature
+ * @param schema Schema to use to parse the SD-JWT
+ *
+ * @returns The parsed SD-JWT token and the parsed disclosures
+ *
+ */
+export const verify = async (token, publicKey, schema) => {
+  // get decoded data
+  const [rawSdJwt = ""] = token.split("~");
+  const decoded = decode(token, schema);
+
+  //Check signature
+  await verifyJwt(rawSdJwt, publicKey);
+
+  //Check disclosures in sd-jwt
+  const claims = [...decoded.sdJwt.payload.verified_claims.verification._sd, ...decoded.sdJwt.payload.verified_claims.claims._sd];
+  await Promise.all(decoded.disclosures.map(async disclosure => await verifyDisclosure(disclosure, claims)));
+  return decoded;
+};
+//# sourceMappingURL=index.js.map

package/lib/module/sd-jwt/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["decode","decodeJwt","verify","verifyJwt","decodeBase64","Disclosure","verifyDisclosure","token","schema","rawSdJwt","rawDisclosures","split","decodedJwt","sdJwt","parse","header","protectedHeader","payload","disclosures","map","e","JSON","publicKey","decoded","claims","verified_claims","verification","_sd","Promise","all","disclosure"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":"AAEA,SAASA,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AAEjE,SAASC,YAAY,QAAQ,6BAA6B;AAC1D,SAASC,UAAU,QAAQ,SAAS;AACpC,SAASC,gBAAgB,QAAQ,YAAY;AAG7C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMN,MAAM,GAAGA,CACpBO,KAAa,EACbC,MAAS,KAC4C;EACrD;EACA,MAAM,CAACC,QAAQ,GAAG,EAAE,EAAE,GAAGC,cAAc,CAAC,GAAGH,KAAK,CAACI,KAAK,CAAC,GAAG,CAAC;;EAE3D;EACA;EACA,MAAMC,UAAU,GAAGX,SAAS,CAACQ,QAAQ,CAAC;EACtC,MAAMI,KAAK,GAAGL,MAAM,CAACM,KAAK,CAAC;IACzBC,MAAM,EAAEH,UAAU,CAACI,eAAe;IAClCC,OAAO,EAAEL,UAAU,CAACK;EACtB,CAAC,CAAC;;EAEF;EACA;EACA;EACA,MAAMC,WAAW,GAAGR,cAAc,CAC/BS,GAAG,CAACf,YAAY,CAAC,CACjBe,GAAG,CAAEC,CAAC,IAAKC,IAAI,CAACP,KAAK,CAACM,CAAC,CAAC,CAAC,CACzBD,GAAG,CAAEC,CAAC,IAAKf,UAAU,CAACS,KAAK,CAACM,CAAC,CAAC,CAAC;EAElC,OAAO;IAAEP,KAAK;IAAEK;EAAY,CAAC;AAC/B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMhB,MAAM,GAAG,MAAAA,CACpBK,KAAa,EACbe,SAAc,EACdd,MAAS,KACqD;EAC9D;EACA,MAAM,CAACC,QAAQ,GAAG,EAAE,CAAC,GAAGF,KAAK,CAACI,KAAK,CAAC,GAAG,CAAC;EACxC,MAAMY,OAAO,GAAGvB,MAAM,CAACO,KAAK,EAAEC,MAAM,CAAC;;EAErC;EACA,MAAML,SAAS,CAACM,QAAQ,EAAEa,SAAS,CAAC;;EAEpC;EACA,MAAME,MAAM,GAAG,CACb,GAAGD,OAAO,CAACV,KAAK,CAACI,OAAO,CAACQ,eAAe,CAACC,YAAY,CAACC,GAAG,EACzD,GAAGJ,OAAO,CAACV,KAAK,CAACI,OAAO,CAACQ,eAAe,CAACD,MAAM,CAACG,GAAG,CACpD;EAED,MAAMC,OAAO,CAACC,GAAG,CACfN,OAAO,CAACL,WAAW,CAACC,GAAG,CACrB,MAAOW,UAAU,IAAK,MAAMxB,gBAAgB,CAACwB,UAAU,EAAEN,MAAM,CACjE,CACF,CAAC;EAED,OAAOD,OAAO;AAChB,CAAC"}

package/lib/module/sd-jwt/types.js

@@ -0,0 +1,44 @@
+import { JWK } from "../utils/jwk";
+import { z } from "zod";
+export const UnixTime = z.number().min(0).max(2147483647000);
+export const ObfuscatedDisclosures = z.object({
+  _sd: z.array(z.string())
+});
+
+/**
+ * A triple of values in the form of {salt, claim name, claim value} that represent a parsed disclosure.
+ *
+ * @see https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt-04
+ * @see https://vcstuff.github.io/draft-terbu-sd-jwt-vc/draft-terbu-oauth-sd-jwt-vc.html
+ */
+
+export const Disclosure = z.tuple([/* salt */z.string(), /* claim name */z.string(), /* claim value */z.unknown()]);
+export const SdJwt4VC = z.object({
+  header: z.object({
+    typ: z.literal("vc+sd-jwt"),
+    alg: z.string(),
+    kid: z.string(),
+    trust_chain: z.array(z.string())
+  }),
+  payload: z.object({
+    iss: z.string(),
+    sub: z.string(),
+    jti: z.string(),
+    iat: UnixTime,
+    exp: UnixTime,
+    status: z.string(),
+    cnf: z.object({
+      jwk: JWK
+    }),
+    type: z.literal("PersonIdentificationData"),
+    verified_claims: z.object({
+      verification: z.intersection(z.object({
+        trust_framework: z.literal("eidas"),
+        assurance_level: z.string()
+      }), ObfuscatedDisclosures),
+      claims: ObfuscatedDisclosures
+    }),
+    _sd_alg: z.literal("sha-256")
+  })
+});
+//# sourceMappingURL=types.js.map

package/lib/module/sd-jwt/types.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["JWK","z","UnixTime","number","min","max","ObfuscatedDisclosures","object","_sd","array","string","Disclosure","tuple","unknown","SdJwt4VC","header","typ","literal","alg","kid","trust_chain","payload","iss","sub","jti","iat","exp","status","cnf","jwk","type","verified_claims","verification","intersection","trust_framework","assurance_level","claims","_sd_alg"],"sourceRoot":"../../../src","sources":["sd-jwt/types.ts"],"mappings":"AAAA,SAASA,GAAG,QAAQ,cAAc;AAClC,SAASC,CAAC,QAAQ,KAAK;AAEvB,OAAO,MAAMC,QAAQ,GAAGD,CAAC,CAACE,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAACC,GAAG,CAAC,aAAa,CAAC;AAI5D,OAAO,MAAMC,qBAAqB,GAAGL,CAAC,CAACM,MAAM,CAAC;EAAEC,GAAG,EAAEP,CAAC,CAACQ,KAAK,CAACR,CAAC,CAACS,MAAM,CAAC,CAAC;AAAE,CAAC,CAAC;;AAE3E;AACA;AACA;AACA;AACA;AACA;;AAEA,OAAO,MAAMC,UAAU,GAAGV,CAAC,CAACW,KAAK,CAAC,CAChC,UAAWX,CAAC,CAACS,MAAM,CAAC,CAAC,EACrB,gBAAiBT,CAAC,CAACS,MAAM,CAAC,CAAC,EAC3B,iBAAkBT,CAAC,CAACY,OAAO,CAAC,CAAC,CAC9B,CAAC;AAGF,OAAO,MAAMC,QAAQ,GAAGb,CAAC,CAACM,MAAM,CAAC;EAC/BQ,MAAM,EAAEd,CAAC,CAACM,MAAM,CAAC;IACfS,GAAG,EAAEf,CAAC,CAACgB,OAAO,CAAC,WAAW,CAAC;IAC3BC,GAAG,EAAEjB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfS,GAAG,EAAElB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfU,WAAW,EAAEnB,CAAC,CAACQ,KAAK,CAACR,CAAC,CAACS,MAAM,CAAC,CAAC;EACjC,CAAC,CAAC;EACFW,OAAO,EAAEpB,CAAC,CAACM,MAAM,CAAC;IAChBe,GAAG,EAAErB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfa,GAAG,EAAEtB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfc,GAAG,EAAEvB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfe,GAAG,EAAEvB,QAAQ;IACbwB,GAAG,EAAExB,QAAQ;IACbyB,MAAM,EAAE1B,CAAC,CAACS,MAAM,CAAC,CAAC;IAClBkB,GAAG,EAAE3B,CAAC,CAACM,MAAM,CAAC;MACZsB,GAAG,EAAE7B;IACP,CAAC,CAAC;IACF8B,IAAI,EAAE7B,CAAC,CAACgB,OAAO,CAAC,0BAA0B,CAAC;IAC3Cc,eAAe,EAAE9B,CAAC,CAACM,MAAM,CAAC;MACxByB,YAAY,EAAE/B,CAAC,CAACgC,YAAY,CAC1BhC,CAAC,CAACM,MAAM,CAAC;QACP2B,eAAe,EAAEjC,CAAC,CAACgB,OAAO,CAAC,OAAO,CAAC;QACnCkB,eAAe,EAAElC,CAAC,CAACS,MAAM,CAAC;MAC5B,CAAC,CAAC,EACFJ,qBACF,CAAC;MACD8B,MAAM,EAAE9B;IACV,CAAC,CAAC;IACF+B,OAAO,EAAEpC,CAAC,CAACgB,OAAO,CAAC,SAAS;EAC9B,CAAC;AACH,CAAC,CAAC"}

package/lib/module/sd-jwt/verifier.js

@@ -0,0 +1,11 @@
+import { encodeBase64, sha256ToBase64 } from "@pagopa/io-react-native-jwt";
+import { ValidationFailed } from "../utils/errors";
+export const verifyDisclosure = async (disclosure, claims) => {
+  let disclosureString = JSON.stringify(disclosure);
+  let encodedDisclosure = encodeBase64(disclosureString);
+  let hash = await sha256ToBase64(encodedDisclosure);
+  if (!claims.includes(hash)) {
+    throw new ValidationFailed("Validation of disclosure failed", `${disclosure}`, "Disclosure hash not found in claims");
+  }
+};
+//# sourceMappingURL=verifier.js.map

package/lib/module/sd-jwt/verifier.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["encodeBase64","sha256ToBase64","ValidationFailed","verifyDisclosure","disclosure","claims","disclosureString","JSON","stringify","encodedDisclosure","hash","includes"],"sourceRoot":"../../../src","sources":["sd-jwt/verifier.ts"],"mappings":"AAAA,SAASA,YAAY,EAAEC,cAAc,QAAQ,6BAA6B;AAE1E,SAASC,gBAAgB,QAAQ,iBAAiB;AAGlD,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,UAAsB,EACtBC,MAAoC,KACjC;EACH,IAAIC,gBAAgB,GAAGC,IAAI,CAACC,SAAS,CAACJ,UAAU,CAAC;EACjD,IAAIK,iBAAiB,GAAGT,YAAY,CAACM,gBAAgB,CAAC;EACtD,IAAII,IAAI,GAAG,MAAMT,cAAc,CAACQ,iBAAiB,CAAC;EAClD,IAAI,CAACJ,MAAM,CAACM,QAAQ,CAACD,IAAI,CAAC,EAAE;IAC1B,MAAM,IAAIR,gBAAgB,CACxB,iCAAiC,EAChC,GAAEE,UAAW,EAAC,EACf,qCACF,CAAC;EACH;AACF,CAAC"}

package/lib/module/utils/errors.js

@@ -0,0 +1,73 @@
+/**
+ * A generic Error that all other io-wallet specific Error subclasses extend.
+ *
+ * @example Checking thrown error is a io-wallet one
+ *
+ * ```js
+ * if (err instanceof errors.IoWalletError) {
+ *   // ...
+ * }
+ * ```
+ */
+export class IoWalletError extends Error {
+  /** A unique error code for the particular error subclass. */
+  static get code() {
+    return "ERR_IO_WALLET_GENERIC";
+  }
+
+  /** A unique error code for the particular error subclass. */
+  code = "ERR_IO_WALLET_GENERIC";
+  constructor(message) {
+    var _Error$captureStackTr;
+    super(message);
+    this.name = this.constructor.name;
+    // @ts-ignore
+    (_Error$captureStackTr = Error.captureStackTrace) === null || _Error$captureStackTr === void 0 ? void 0 : _Error$captureStackTr.call(Error, this, this.constructor);
+  }
+}
+/**
+ * An error subclass thrown when validation fail
+ *
+ */
+export class ValidationFailed extends IoWalletError {
+  static get code() {
+    return "ERR_IO_WALLET_VALIDATION_FAILED";
+  }
+  code = "ERR_IO_WALLET_VALIDATION_FAILED";
+
+  /** The Claim for which the validation failed. */
+
+  /** Reason code for the validation failure. */
+
+  constructor(message) {
+    let claim = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : "unspecified";
+    let reason = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : "unspecified";
+    super(message);
+    this.claim = claim;
+    this.reason = reason;
+  }
+}
+
+/**
+ * An error subclass thrown when validation fail
+ *
+ */
+export class WalletInstanceAttestationIssuingError extends IoWalletError {
+  static get code() {
+    return "ERR_IO_WALLET_INSTANCE_ATTESTATION_ISSUING_FAILED";
+  }
+  code = "ERR_IO_WALLET_INSTANCE_ATTESTATION_ISSUING_FAILED";
+
+  /** The Claim for which the validation failed. */
+
+  /** Reason code for the validation failure. */
+
+  constructor(message) {
+    let claim = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : "unspecified";
+    let reason = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : "unspecified";
+    super(message);
+    this.claim = claim;
+    this.reason = reason;
+  }
+}
+//# sourceMappingURL=errors.js.map

package/lib/module/utils/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["IoWalletError","Error","code","constructor","message","_Error$captureStackTr","name","captureStackTrace","call","ValidationFailed","claim","arguments","length","undefined","reason","WalletInstanceAttestationIssuingError"],"sourceRoot":"../../../src","sources":["utils/errors.ts"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMA,aAAa,SAASC,KAAK,CAAC;EACvC;EACA,WAAWC,IAAIA,CAAA,EAAW;IACxB,OAAO,uBAAuB;EAChC;;EAEA;EACAA,IAAI,GAAW,uBAAuB;EAEtCC,WAAWA,CAACC,OAAgB,EAAE;IAAA,IAAAC,qBAAA;IAC5B,KAAK,CAACD,OAAO,CAAC;IACd,IAAI,CAACE,IAAI,GAAG,IAAI,CAACH,WAAW,CAACG,IAAI;IACjC;IACA,CAAAD,qBAAA,GAAAJ,KAAK,CAACM,iBAAiB,cAAAF,qBAAA,uBAAvBA,qBAAA,CAAAG,IAAA,CAAAP,KAAK,EAAqB,IAAI,EAAE,IAAI,CAACE,WAAW,CAAC;EACnD;AACF;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMM,gBAAgB,SAAST,aAAa,CAAC;EAClD,WAAWE,IAAIA,CAAA,EAAsC;IACnD,OAAO,iCAAiC;EAC1C;EAEAA,IAAI,GAAG,iCAAiC;;EAExC;;EAGA;;EAGAC,WAAWA,CAACC,OAAe,EAAiD;IAAA,IAA/CM,KAAK,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAAEG,MAAM,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IACxE,KAAK,CAACP,OAAO,CAAC;IACd,IAAI,CAACM,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMC,qCAAqC,SAASf,aAAa,CAAC;EACvE,WAAWE,IAAIA,CAAA,EAAwD;IACrE,OAAO,mDAAmD;EAC5D;EAEAA,IAAI,GAAG,mDAAmD;;EAE1D;;EAGA;;EAGAC,WAAWA,CAACC,OAAe,EAAiD;IAAA,IAA/CM,KAAK,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAAEG,MAAM,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IACxE,KAAK,CAACP,OAAO,CAAC;IACd,IAAI,CAACM,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF"}

package/lib/module/utils/jwk.js

@@ -0,0 +1,38 @@
+import { z } from "zod";
+export const JWK = z.object({
+  /** JWK "alg" (Algorithm) Parameter. */
+  alg: z.string().optional(),
+  crv: z.string().optional(),
+  d: z.string().optional(),
+  dp: z.string().optional(),
+  dq: z.string().optional(),
+  e: z.string().optional(),
+  /** JWK "ext" (Extractable) Parameter. */
+  ext: z.boolean().optional(),
+  k: z.string().optional(),
+  /** JWK "key_ops" (Key Operations) Parameter. */
+  key_ops: z.array(z.string()).optional(),
+  /** JWK "kid" (Key ID) Parameter. */
+  kid: z.string().optional(),
+  /** JWK "kty" (Key Type) Parameter.
+   * This attribute is required to discriminate the
+   * type of EC/RSA algorithm */
+  kty: z.union([z.literal("RSA"), z.literal("EC")]),
+  n: z.string().optional(),
+  p: z.string().optional(),
+  q: z.string().optional(),
+  qi: z.string().optional(),
+  /** JWK "use" (Public Key Use) Parameter. */
+  use: z.string().optional(),
+  x: z.string().optional(),
+  y: z.string().optional(),
+  /** JWK "x5c" (X.509 Certificate Chain) Parameter. */
+  x5c: z.array(z.string()).optional(),
+  /** JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter. */
+  x5t: z.string().optional(),
+  /** "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter. */
+  "x5t#S256": z.string().optional(),
+  /** JWK "x5u" (X.509 URL) Parameter. */
+  x5u: z.string().optional()
+});
+//# sourceMappingURL=jwk.js.map

package/lib/module/utils/jwk.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["z","JWK","object","alg","string","optional","crv","d","dp","dq","e","ext","boolean","k","key_ops","array","kid","kty","union","literal","n","p","q","qi","use","x","y","x5c","x5t","x5u"],"sourceRoot":"../../../src","sources":["utils/jwk.ts"],"mappings":"AAAA,SAASA,CAAC,QAAQ,KAAK;AAGvB,OAAO,MAAMC,GAAG,GAAGD,CAAC,CAACE,MAAM,CAAC;EAC1B;EACAC,GAAG,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1BC,GAAG,EAAEN,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1BE,CAAC,EAAEP,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBG,EAAE,EAAER,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACzBI,EAAE,EAAET,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACzBK,CAAC,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxB;EACAM,GAAG,EAAEX,CAAC,CAACY,OAAO,CAAC,CAAC,CAACP,QAAQ,CAAC,CAAC;EAC3BQ,CAAC,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxB;EACAS,OAAO,EAAEd,CAAC,CAACe,KAAK,CAACf,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACvC;EACAW,GAAG,EAAEhB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1B;AACF;AACA;EACEY,GAAG,EAAEjB,CAAC,CAACkB,KAAK,CAAC,CAAClB,CAAC,CAACmB,OAAO,CAAC,KAAK,CAAC,EAAEnB,CAAC,CAACmB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;EACjDC,CAAC,EAAEpB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBgB,CAAC,EAAErB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBiB,CAAC,EAAEtB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBkB,EAAE,EAAEvB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACzB;EACAmB,GAAG,EAAExB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1BoB,CAAC,EAAEzB,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBqB,CAAC,EAAE1B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxB;EACAsB,GAAG,EAAE3B,CAAC,CAACe,KAAK,CAACf,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACnC;EACAuB,GAAG,EAAE5B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1B;EACA,UAAU,EAAEL,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACjC;EACAwB,GAAG,EAAE7B,CAAC,CAACI,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC;AAC3B,CAAC,CAAC"}

package/lib/module/wallet-instance-attestation/index.js

@@ -0,0 +1,52 @@
+import { WalletInstanceAttestationJwt } from "./types";
+import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
+import { verify as verifyJwt } from "@pagopa/io-react-native-jwt";
+import { Issuing } from "./issuing";
+export { Issuing };
+/**
+ * Decode a given JWT to get the parsed Wallet Instance Attestation object they define.
+ * It ensures provided data is in a valid shape.
+ *
+ * It DOES NOT verify token signature nor check disclosures are correctly referenced by the JWT.
+ * Use {@link verify} instead
+ *
+ * @function
+ * @param token The encoded token that represents a valid jwt for Wallet Instance Attestation
+ *
+ * @returns The validated Wallet Instance Attestation object
+ * @throws A decoding error if the token doesn't resolve in a valid JWT
+ * @throws A validation error if the provided data doesn't result in a valid Wallet Instance Attestation
+ *
+ */
+export function decode(token) {
+  // decode JWT parts
+  const decodedJwt = decodeJwt(token);
+  // parse JWT to ensure it has the shape of a WalletInstanceAttestationJwt
+  return WalletInstanceAttestationJwt.parse({
+    header: decodedJwt.protectedHeader,
+    payload: decodedJwt.payload
+  });
+}
+
+/**
+ * Verify a given JWT to get the parsed Wallet Instance Attestation object they define.
+ * Same as {@link decode} plus token signature verification
+ *
+ * @async @function
+ *
+ *
+ * @param token The encoded token that represents a valid jwt
+ *
+ * @returns {WalletInstanceAttestationJwt} The validated Wallet Instance Attestation object
+ * @throws A decoding error if the token doesn't resolve in a valid JWT
+ * @throws A validation error if the provided data doesn't result in a valid Wallet Instance Attestation
+ * @throws Invalid signature error if the token signature is not valid
+ *
+ */
+export async function verify(token) {
+  const decoded = decode(token);
+  const pubKey = decoded.payload.cnf.jwk;
+  await verifyJwt(token, pubKey);
+  return decoded;
+}
+//# sourceMappingURL=index.js.map

package/lib/module/wallet-instance-attestation/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["WalletInstanceAttestationJwt","decode","decodeJwt","verify","verifyJwt","Issuing","token","decodedJwt","parse","header","protectedHeader","payload","decoded","pubKey","cnf","jwk"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/index.ts"],"mappings":"AAAA,SAASA,4BAA4B,QAAQ,SAAS;AACtD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AAEjE,SAASC,OAAO,QAAQ,WAAW;AACnC,SAASA,OAAO;AAChB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASJ,MAAMA,CAACK,KAAa,EAAgC;EAClE;EACA,MAAMC,UAAU,GAAGL,SAAS,CAACI,KAAK,CAAC;EACnC;EACA,OAAON,4BAA4B,CAACQ,KAAK,CAAC;IACxCC,MAAM,EAAEF,UAAU,CAACG,eAAe;IAClCC,OAAO,EAAEJ,UAAU,CAACI;EACtB,CAAC,CAAC;AACJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeR,MAAMA,CAC1BG,KAAa,EAC0B;EACvC,MAAMM,OAAO,GAAGX,MAAM,CAACK,KAAK,CAAC;EAC7B,MAAMO,MAAM,GAAGD,OAAO,CAACD,OAAO,CAACG,GAAG,CAACC,GAAG;EAEtC,MAAMX,SAAS,CAACE,KAAK,EAAEO,MAAM,CAAC;EAE9B,OAAOD,OAAO;AAChB"}

package/lib/module/wallet-instance-attestation/issuing.js

@@ -0,0 +1,90 @@
+import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
+import { verify as verifyJwt } from "@pagopa/io-react-native-jwt";
+import { SignJWT, thumbprint } from "@pagopa/io-react-native-jwt";
+import { JWK } from "../utils/jwk";
+import { WalletInstanceAttestationRequestJwt } from "./types";
+import uuid from "react-native-uuid";
+import { WalletInstanceAttestationIssuingError } from "../utils/errors";
+export class Issuing {
+  constructor(walletProviderBaseUrl) {
+    this.walletProviderBaseUrl = walletProviderBaseUrl;
+  }
+
+  /**
+   * Get the Wallet Instance Attestation Request to sign
+   *
+   * @async @function
+   *
+   * @param jwk Public key of the wallet instance
+   *
+   * @returns {string} Wallet Instance Attestation Request to sign
+   *
+   */
+  async getAttestationRequestToSign(jwk) {
+    const parsedJwk = JWK.parse(jwk);
+    const keyThumbprint = await thumbprint(parsedJwk);
+    const publicKey = {
+      ...parsedJwk,
+      kid: keyThumbprint
+    };
+    const walletInstanceAttestationRequest = new SignJWT({
+      iss: keyThumbprint,
+      sub: this.walletProviderBaseUrl,
+      jti: `${uuid.v4()}`,
+      type: "WalletInstanceAttestationRequest",
+      cnf: {
+        jwk: publicKey
+      }
+    }).setProtectedHeader({
+      alg: "ES256",
+      kid: publicKey.kid,
+      typ: "var+jwt"
+    }).setIssuedAt().setExpirationTime("1h").toSign();
+    return walletInstanceAttestationRequest;
+  }
+
+  /**
+   * Get the Wallet Instance Attestation given a
+   * Wallet Instance Attestation Request and signature
+   *
+   * @async @function
+   *
+   * @param attestationRequest Wallet Instance Attestaion Request
+   * obtained with {@link getAttestationRequestToSign}
+   * @param signature Signature of the Wallet Instance Attestaion Request
+   * @param appFetch Optional object with fetch function to use
+   *
+   * @returns {string} Wallet Instance Attestation
+   *
+   */
+  async getAttestation(attestationRequest, signature) {
+    let appFetch = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {
+      fetch
+    };
+    const signedAttestationRequest = await SignJWT.appendSignature(attestationRequest, signature);
+    const decodedRequest = decodeJwt(signedAttestationRequest);
+    const parsedRequest = WalletInstanceAttestationRequestJwt.parse({
+      payload: decodedRequest.payload,
+      header: decodedRequest.protectedHeader
+    });
+    const publicKey = parsedRequest.payload.cnf.jwk;
+    await verifyJwt(signedAttestationRequest, publicKey);
+    const tokenUrl = new URL("token", this.walletProviderBaseUrl).href;
+    const requestBody = {
+      grant_type: "urn:ietf:params:oauth:client-assertion-type:jwt-key-attestation",
+      assertion: signedAttestationRequest
+    };
+    const response = await appFetch.fetch(tokenUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(requestBody)
+    });
+    if (response.status === 201) {
+      return await response.text();
+    }
+    throw new WalletInstanceAttestationIssuingError("Unable to obtain wallet instance attestation from wallet provider", `Response code: ${response.status}`);
+  }
+}
+//# sourceMappingURL=issuing.js.map

package/lib/module/wallet-instance-attestation/issuing.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["decode","decodeJwt","verify","verifyJwt","SignJWT","thumbprint","JWK","WalletInstanceAttestationRequestJwt","uuid","WalletInstanceAttestationIssuingError","Issuing","constructor","walletProviderBaseUrl","getAttestationRequestToSign","jwk","parsedJwk","parse","keyThumbprint","publicKey","kid","walletInstanceAttestationRequest","iss","sub","jti","v4","type","cnf","setProtectedHeader","alg","typ","setIssuedAt","setExpirationTime","toSign","getAttestation","attestationRequest","signature","appFetch","arguments","length","undefined","fetch","signedAttestationRequest","appendSignature","decodedRequest","parsedRequest","payload","header","protectedHeader","tokenUrl","URL","href","requestBody","grant_type","assertion","response","method","headers","body","JSON","stringify","status","text"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/issuing.ts"],"mappings":"AAAA,SAASA,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,OAAO,EAAEC,UAAU,QAAQ,6BAA6B;AACjE,SAASC,GAAG,QAAQ,cAAc;AAClC,SAASC,mCAAmC,QAAQ,SAAS;AAC7D,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,qCAAqC,QAAQ,iBAAiB;AAEvE,OAAO,MAAMC,OAAO,CAAC;EAGnBC,WAAWA,CAACC,qBAA6B,EAAE;IACzC,IAAI,CAACA,qBAAqB,GAAGA,qBAAqB;EACpD;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMC,2BAA2BA,CAACC,GAAQ,EAAmB;IAC3D,MAAMC,SAAS,GAAGT,GAAG,CAACU,KAAK,CAACF,GAAG,CAAC;IAChC,MAAMG,aAAa,GAAG,MAAMZ,UAAU,CAACU,SAAS,CAAC;IACjD,MAAMG,SAAS,GAAG;MAAE,GAAGH,SAAS;MAAEI,GAAG,EAAEF;IAAc,CAAC;IAEtD,MAAMG,gCAAgC,GAAG,IAAIhB,OAAO,CAAC;MACnDiB,GAAG,EAAEJ,aAAa;MAClBK,GAAG,EAAE,IAAI,CAACV,qBAAqB;MAC/BW,GAAG,EAAG,GAAEf,IAAI,CAACgB,EAAE,CAAC,CAAE,EAAC;MACnBC,IAAI,EAAE,kCAAkC;MACxCC,GAAG,EAAE;QACHZ,GAAG,EAAEI;MACP;IACF,CAAC,CAAC,CACCS,kBAAkB,CAAC;MAClBC,GAAG,EAAE,OAAO;MACZT,GAAG,EAAED,SAAS,CAACC,GAAG;MAClBU,GAAG,EAAE;IACP,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,MAAM,CAAC,CAAC;IAEX,OAAOZ,gCAAgC;EACzC;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMa,cAAcA,CAClBC,kBAA0B,EAC1BC,SAAiB,EAEA;IAAA,IADjBC,QAAqB,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG;MAAEG;IAAM,CAAC;IAEjC,MAAMC,wBAAwB,GAAG,MAAMrC,OAAO,CAACsC,eAAe,CAC5DR,kBAAkB,EAClBC,SACF,CAAC;IACD,MAAMQ,cAAc,GAAG1C,SAAS,CAACwC,wBAAwB,CAAC;IAC1D,MAAMG,aAAa,GAAGrC,mCAAmC,CAACS,KAAK,CAAC;MAC9D6B,OAAO,EAAEF,cAAc,CAACE,OAAO;MAC/BC,MAAM,EAAEH,cAAc,CAACI;IACzB,CAAC,CAAC;IACF,MAAM7B,SAAS,GAAG0B,aAAa,CAACC,OAAO,CAACnB,GAAG,CAACZ,GAAG;IAE/C,MAAMX,SAAS,CAACsC,wBAAwB,EAAEvB,SAAS,CAAC;IAEpD,MAAM8B,QAAQ,GAAG,IAAIC,GAAG,CAAC,OAAO,EAAE,IAAI,CAACrC,qBAAqB,CAAC,CAACsC,IAAI;IAClE,MAAMC,WAAW,GAAG;MAClBC,UAAU,EACR,iEAAiE;MACnEC,SAAS,EAAEZ;IACb,CAAC;IACD,MAAMa,QAAQ,GAAG,MAAMlB,QAAQ,CAACI,KAAK,CAACQ,QAAQ,EAAE;MAC9CO,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEC,IAAI,CAACC,SAAS,CAACR,WAAW;IAClC,CAAC,CAAC;IAEF,IAAIG,QAAQ,CAACM,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAIpD,qCAAqC,CAC7C,mEAAmE,EAClE,kBAAiB6C,QAAQ,CAACM,MAAO,EACpC,CAAC;EACH;AACF"}

package/lib/module/wallet-instance-attestation/types.js

@@ -0,0 +1,55 @@
+import { JWK } from "../utils/jwk";
+import * as z from "zod";
+const UnixTime = z.number().min(0).max(2147483647000);
+const Jwt = z.object({
+  header: z.object({
+    alg: z.string(),
+    kid: z.string(),
+    typ: z.string(),
+    x5c: z.array(z.string()).optional(),
+    trust_chain: z.array(z.string()).optional()
+  }),
+  payload: z.object({
+    iss: z.string(),
+    sub: z.string(),
+    iat: UnixTime,
+    exp: UnixTime,
+    cnf: z.object({
+      jwk: JWK
+    })
+  })
+});
+export const WalletInstanceAttestationRequestJwt = z.object({
+  header: z.intersection(Jwt.shape.header, z.object({
+    typ: z.literal("var+jwt")
+  })),
+  payload: z.intersection(Jwt.shape.payload, z.object({
+    jti: z.string(),
+    type: z.literal("WalletInstanceAttestationRequest")
+  }))
+});
+export const WalletInstanceAttestationJwt = z.object({
+  header: z.intersection(Jwt.shape.header, z.object({
+    typ: z.literal("va+jwt")
+  })),
+  payload: z.intersection(Jwt.shape.payload, z.object({
+    type: z.literal("WalletInstanceAttestation"),
+    policy_uri: z.string().url(),
+    tos_uri: z.string().url(),
+    logo_uri: z.string().url(),
+    asc: z.string(),
+    authorization_endpoint: z.string().url(),
+    response_types_supported: z.array(z.string()),
+    vp_formats_supported: z.object({
+      jwt_vp_json: z.object({
+        alg_values_supported: z.array(z.string())
+      }),
+      jwt_vc_json: z.object({
+        alg_values_supported: z.array(z.string())
+      })
+    }),
+    request_object_signing_alg_values_supported: z.array(z.string()),
+    presentation_definition_uri_supported: z.boolean()
+  }))
+});
+//# sourceMappingURL=types.js.map

package/lib/module/wallet-instance-attestation/types.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["JWK","z","UnixTime","number","min","max","Jwt","object","header","alg","string","kid","typ","x5c","array","optional","trust_chain","payload","iss","sub","iat","exp","cnf","jwk","WalletInstanceAttestationRequestJwt","intersection","shape","literal","jti","type","WalletInstanceAttestationJwt","policy_uri","url","tos_uri","logo_uri","asc","authorization_endpoint","response_types_supported","vp_formats_supported","jwt_vp_json","alg_values_supported","jwt_vc_json","request_object_signing_alg_values_supported","presentation_definition_uri_supported","boolean"],"sourceRoot":"../../../src","sources":["wallet-instance-attestation/types.ts"],"mappings":"AAAA,SAASA,GAAG,QAAQ,cAAc;AAClC,OAAO,KAAKC,CAAC,MAAM,KAAK;AAExB,MAAMC,QAAQ,GAAGD,CAAC,CAACE,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAACC,GAAG,CAAC,aAAa,CAAC;AAGrD,MAAMC,GAAG,GAAGL,CAAC,CAACM,MAAM,CAAC;EACnBC,MAAM,EAAEP,CAAC,CAACM,MAAM,CAAC;IACfE,GAAG,EAAER,CAAC,CAACS,MAAM,CAAC,CAAC;IACfC,GAAG,EAAEV,CAAC,CAACS,MAAM,CAAC,CAAC;IACfE,GAAG,EAAEX,CAAC,CAACS,MAAM,CAAC,CAAC;IACfG,GAAG,EAAEZ,CAAC,CAACa,KAAK,CAACb,CAAC,CAACS,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC,CAAC;IACnCC,WAAW,EAAEf,CAAC,CAACa,KAAK,CAACb,CAAC,CAACS,MAAM,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC;EAC5C,CAAC,CAAC;EACFE,OAAO,EAAEhB,CAAC,CAACM,MAAM,CAAC;IAChBW,GAAG,EAAEjB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfS,GAAG,EAAElB,CAAC,CAACS,MAAM,CAAC,CAAC;IACfU,GAAG,EAAElB,QAAQ;IACbmB,GAAG,EAAEnB,QAAQ;IACboB,GAAG,EAAErB,CAAC,CAACM,MAAM,CAAC;MACZgB,GAAG,EAAEvB;IACP,CAAC;EACH,CAAC;AACH,CAAC,CAAC;AAKF,OAAO,MAAMwB,mCAAmC,GAAGvB,CAAC,CAACM,MAAM,CAAC;EAC1DC,MAAM,EAAEP,CAAC,CAACwB,YAAY,CACpBnB,GAAG,CAACoB,KAAK,CAAClB,MAAM,EAChBP,CAAC,CAACM,MAAM,CAAC;IACPK,GAAG,EAAEX,CAAC,CAAC0B,OAAO,CAAC,SAAS;EAC1B,CAAC,CACH,CAAC;EACDV,OAAO,EAAEhB,CAAC,CAACwB,YAAY,CACrBnB,GAAG,CAACoB,KAAK,CAACT,OAAO,EACjBhB,CAAC,CAACM,MAAM,CAAC;IACPqB,GAAG,EAAE3B,CAAC,CAACS,MAAM,CAAC,CAAC;IACfmB,IAAI,EAAE5B,CAAC,CAAC0B,OAAO,CAAC,kCAAkC;EACpD,CAAC,CACH;AACF,CAAC,CAAC;AAKF,OAAO,MAAMG,4BAA4B,GAAG7B,CAAC,CAACM,MAAM,CAAC;EACnDC,MAAM,EAAEP,CAAC,CAACwB,YAAY,CACpBnB,GAAG,CAACoB,KAAK,CAAClB,MAAM,EAChBP,CAAC,CAACM,MAAM,CAAC;IACPK,GAAG,EAAEX,CAAC,CAAC0B,OAAO,CAAC,QAAQ;EACzB,CAAC,CACH,CAAC;EACDV,OAAO,EAAEhB,CAAC,CAACwB,YAAY,CACrBnB,GAAG,CAACoB,KAAK,CAACT,OAAO,EACjBhB,CAAC,CAACM,MAAM,CAAC;IACPsB,IAAI,EAAE5B,CAAC,CAAC0B,OAAO,CAAC,2BAA2B,CAAC;IAC5CI,UAAU,EAAE9B,CAAC,CAACS,MAAM,CAAC,CAAC,CAACsB,GAAG,CAAC,CAAC;IAC5BC,OAAO,EAAEhC,CAAC,CAACS,MAAM,CAAC,CAAC,CAACsB,GAAG,CAAC,CAAC;IACzBE,QAAQ,EAAEjC,CAAC,CAACS,MAAM,CAAC,CAAC,CAACsB,GAAG,CAAC,CAAC;IAC1BG,GAAG,EAAElC,CAAC,CAACS,MAAM,CAAC,CAAC;IACf0B,sBAAsB,EAAEnC,CAAC,CAACS,MAAM,CAAC,CAAC,CAACsB,GAAG,CAAC,CAAC;IACxCK,wBAAwB,EAAEpC,CAAC,CAACa,KAAK,CAACb,CAAC,CAACS,MAAM,CAAC,CAAC,CAAC;IAC7C4B,oBAAoB,EAAErC,CAAC,CAACM,MAAM,CAAC;MAC7BgC,WAAW,EAAEtC,CAAC,CAACM,MAAM,CAAC;QACpBiC,oBAAoB,EAAEvC,CAAC,CAACa,KAAK,CAACb,CAAC,CAACS,MAAM,CAAC,CAAC;MAC1C,CAAC,CAAC;MACF+B,WAAW,EAAExC,CAAC,CAACM,MAAM,CAAC;QACpBiC,oBAAoB,EAAEvC,CAAC,CAACa,KAAK,CAACb,CAAC,CAACS,MAAM,CAAC,CAAC;MAC1C,CAAC;IACH,CAAC,CAAC;IACFgC,2CAA2C,EAAEzC,CAAC,CAACa,KAAK,CAACb,CAAC,CAACS,MAAM,CAAC,CAAC,CAAC;IAChEiC,qCAAqC,EAAE1C,CAAC,CAAC2C,OAAO,CAAC;EACnD,CAAC,CACH;AACF,CAAC,CAAC"}

package/lib/typescript/index.d.ts

@@ -0,0 +1,5 @@
+import * as PID from "./pid";
+import * as WalletInstanceAttestation from "./wallet-instance-attestation";
+export declare function multiply(a: number, b: number): Promise<number>;
+export { PID, WalletInstanceAttestation };
+//# sourceMappingURL=index.d.ts.map

package/lib/typescript/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,OAAO,CAAC;AAC7B,OAAO,KAAK,yBAAyB,MAAM,+BAA+B,CAAC;AAE3E,wBAAgB,QAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAE9D;AAED,OAAO,EAAE,GAAG,EAAE,yBAAyB,EAAE,CAAC"}

package/lib/typescript/pid/index.d.ts

@@ -0,0 +1,3 @@
+import * as SdJwt from "./sd-jwt";
+export { SdJwt };
+//# sourceMappingURL=index.d.ts.map

package/lib/typescript/pid/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/pid/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,UAAU,CAAC;AAClC,OAAO,EAAE,KAAK,EAAE,CAAC"}

package/lib/typescript/pid/sd-jwt/converters.d.ts

@@ -0,0 +1,4 @@
+import type { Disclosure, SdJwt4VC } from "../../sd-jwt/types";
+import { PID } from "./types";
+export declare function pidFromToken(sdJwt: SdJwt4VC, disclosures: Disclosure[]): PID;
+//# sourceMappingURL=converters.d.ts.map

package/lib/typescript/pid/sd-jwt/converters.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"converters.d.ts","sourceRoot":"","sources":["../../../../src/pid/sd-jwt/converters.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC/D,OAAO,EAAE,GAAG,EAAE,MAAM,SAAS,CAAC;AAE9B,wBAAgB,YAAY,CAAC,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,GAAG,GAAG,CAqB5E"}