@pagopa/io-react-native-wallet 1.0.0 → 1.1.0

package/src/sd-jwt/__test__/types.test.ts

@@ -5,35 +5,45 @@ describe("SdJwt4VC", () => {
     // example provided at https://italia.github.io/eidas-it-wallet-docs/en/pid-data-model.html
     const token = {
       header: {
+        kid: "eNN-g5i6CnLKcltQBp6abbioGMbzM6muW3vuxw6uh88",
         typ: "vc+sd-jwt",
-        alg: "RS512",
-        kid: "dB67gL7ck3TFiIAf7N6_7SHvqk0MDYMEQcoGGlkUAAw",
+        alg: "RS256",
       },
       payload: {
+        sub: "sj1OpYiiLTVYANnBGNwSK2krMwqpWaz2iHmN1t0_Esg",
         _sd: [
-          "0q1D5Jmav6pQaEh_J_Fcv_uNNMQIgCyhQOxqlY4l3qU",
-          "KCJ-AVNv88d-xj6sUIAOJxFnbUh3rHXDKkIH1lFqbRs",
-          "M9lo9YxDNIXrAq2qWeiCA40zpJ_zYfFdR_4AEALcRtU",
-          "czgjUk0nqRCswShChCjdS6A1-v47d_qTCSFIvIHhMoI",
-          "nGnQr7clm3tfTp8yjL_uHrDSOtzR2PVb8S7GeLdAqBQ",
-          "xNIVwlpSsaZ8CJSf0gz5x_75VRWWc6V1mlpejdCrqUs",
+          "1UmtISsdd7udbFaFy-ViZ8dZFherbOGD2N3HlX4PIC8",
+          "Fmjs4qzc5vkeOAY5G20_ZPvU-1q-oXaV7Ax516CCMFk",
+          "Q3bagNzMeQh6EgwPBSHimbgQplmY_6v9SW4go2XAkgA",
+          "QVwkn71B4pWfCOzzlQl9HnxFSVdEHuW35zdTQQdFQGc",
+          "VVdR41A2KOOVzxYagZCGbVang7sSkegCeiuWf3DOtjs",
+          "vO2dvncmzlv37MQkmWudSDIHDE9YHd0EFB8xBTDVjz0",
         ],
-        sub: "216f8946-9ecb-4819-9309-c076f34a7e11",
+        "vct#integrity":
+          "242302d97d38da2714a257f2a253bf2fa30aae5c109fe9581bfcda3b1d797c97",
         _sd_alg: "sha-256",
-        vct: "PersonIdentificationData",
-        iss: "https://pidprovider.example.com",
+        vct: "urn:eu.europa.ec.eudi:pid:1",
+        iss: "https://api.potential-wallet-it-pid-provider.it",
         cnf: {
           jwk: {
             kty: "EC",
             crv: "P-256",
-            kid: "zEv_qGSL5r0_F67j2dwEgUJmBgbMNSEJ5K_iH1PYc7A",
-            x: "0Pj7v_afNp9ETJx11JbYgkI7yQpd0rtiYuo5feuAN2o",
-            y: "XB62Um02vHqedkOzSfJ5hdtjPz-zmV9jmWh4sKgdD9o",
+            kid: "LegnFQ8lvhA6qyPutYv48nWWpSnO5tHigavywyds5S0",
+            x: "czZrN9lcNuc0q69X40n27c5jKpii0A-aYX_Pbo9pqBQ",
+            y: "YGKGaCJNWfTiKiz3JmAG9ky7h4twPuUfzYOgy1bzLv8",
           },
         },
-        exp: 1751107255,
+        exp: 1768490196,
+        iat: 1736954196,
+        verification: {
+          evidence: {
+            method: "cie",
+          },
+          trust_framework: "eidas",
+          assurance_level: "high",
+        },
         status: {
-          status_attestation: {
+          status_assertion: {
             credential_hash_alg: "sha-256",
           },
         },

package/src/sd-jwt/types.ts

@@ -1,3 +1,4 @@
+import { CredentialFormat } from "../entity/openid-connect/issuer/types";
 import { JWK } from "../utils/jwk";
 import { z } from "zod";
 
@@ -33,12 +34,23 @@ export type DisclosureWithEncoded = {
   encoded: string;
 };
 
+export type Verification = z.infer<typeof Verification>;
+export const Verification = z.object({
+  trust_framework: z.literal("eidas"),
+  assurance_level: z.string(),
+  evidence: z.object({
+    method: z.string(),
+  }),
+});
+
 export type SdJwt4VC = z.infer<typeof SdJwt4VC>;
 export const SdJwt4VC = z.object({
   header: z.object({
-    typ: z.literal("vc+sd-jwt"),
+    typ: CredentialFormat,
     alg: z.string(),
     kid: z.string().optional(),
+    x5c: z.string().optional(),
+    vctm: z.array(z.string()).optional(),
   }),
   payload: z.intersection(
     z.object({
@@ -48,7 +60,7 @@ export const SdJwt4VC = z.object({
       exp: UnixTime,
       _sd_alg: z.literal("sha-256"),
       status: z.object({
-        status_attestation: z.object({
+        status_assertion: z.object({
           credential_hash_alg: z.literal("sha-256"),
         }),
       }),
@@ -56,6 +68,8 @@ export const SdJwt4VC = z.object({
         jwk: JWK,
       }),
       vct: z.string(),
+      "vct#integrity": z.string().optional(),
+      verification: Verification.optional(),
     }),
     ObfuscatedDisclosures
   ),

package/src/utils/error-codes.ts

@@ -1,21 +1,9 @@
 export const IssuerResponseErrorCodes = {
   IssuerGenericError: "ERR_ISSUER_GENERIC_ERROR",
-  /**
-   * Error code thrown when a credential cannot be issued immediately because it follows the async flow.
-   */
-  CredentialIssuingNotSynchronous: "ERR_CREDENTIAL_ISSUING_NOT_SYNCHRONOUS",
   /**
    * Error code thrown when an error occurs while requesting a credential.
    */
   CredentialRequestFailed: "ERR_CREDENTIAL_REQUEST_FAILED",
-  /**
-   * Error code thrown when a credential status is invalid, either during issuance or when requesting a status attestation.
-   */
-  CredentialInvalidStatus: "ERR_CREDENTIAL_INVALID_STATUS",
-  /**
-   * Error code thrown when an error occurs while obtaining a status attestation for a credential.
-   */
-  StatusAttestationRequestFailed: "ERR_STATUS_ATTESTATION_REQUEST_FAILED",
 } as const;
 
 export const WalletProviderResponseErrorCodes = {

package/src/utils/errors.ts

@@ -1,5 +1,4 @@
 import type { ProblemDetail } from "../client/generated/wallet-provider";
-import type { CredentialIssuerEntityConfiguration } from "../trust";
 import {
   IssuerResponseErrorCodes,
   WalletProviderResponseErrorCodes,
@@ -149,91 +148,6 @@ export class WalletProviderResponseError extends UnexpectedStatusCodeError {
   }
 }
 
-type LocalizedIssuanceError = {
-  [locale: string]: {
-    title: string;
-    description: string;
-  };
-};
-
-/**
- * Function to extract the error message from the Entity Configuration's supported error codes.
- * @param errorCode The error code to map to a meaningful message
- * @param issuerConf The entity configuration for credentials
- * @param credentialType The type of credential the error belongs to
- * @returns A localized error {@link LocalizedIssuanceError} or undefined
- * @throws {IoWalletError} When no credential config is found
- */
-export function extractErrorMessageFromIssuerConf(
-  errorCode: string,
-  {
-    issuerConf,
-    credentialType,
-  }: {
-    issuerConf: CredentialIssuerEntityConfiguration["payload"]["metadata"];
-    credentialType: string;
-  }
-): LocalizedIssuanceError | undefined {
-  const credentialConfiguration =
-    issuerConf.openid_credential_issuer.credential_configurations_supported[
-      credentialType
-    ];
-
-  if (!credentialConfiguration) {
-    throw new IoWalletError(
-      `No configuration found for ${credentialType} in the provided EC`
-    );
-  }
-
-  const { issuance_errors_supported } = credentialConfiguration;
-
-  if (!issuance_errors_supported?.[errorCode]) {
-    return undefined;
-  }
-
-  const localesList = issuance_errors_supported[errorCode]!.display;
-
-  return localesList.reduce(
-    (acc, { locale, ...rest }) => ({ ...acc, [locale]: rest }),
-    {} as LocalizedIssuanceError
-  );
-}
-
-/**
- * Type guard for issuer errors.
- * @param error The error to check
- * @param code Optional code to narrow down the issuer error
- */
-export const isIssuerResponseError = (
-  error: unknown,
-  code?: IssuerResponseErrorCode
-): error is IssuerResponseError =>
-  error instanceof IssuerResponseError && error.code === (code ?? error.code);
-
-/**
- * Type guard for wallet provider errors.
- * @param error The error to check
- * @param code Optional code to narrow down the wallet provider error
- */
-export const isWalletProviderResponseError = (
-  error: unknown,
-  code?: WalletProviderResponseErrorCode
-): error is WalletProviderResponseError =>
-  error instanceof WalletProviderResponseError &&
-  error.code === (code ?? error.code);
-
-type ErrorCodeMap<T> = T extends typeof IssuerResponseError
-  ? IssuerResponseErrorCode
-  : T extends typeof WalletProviderResponseError
-  ? WalletProviderResponseErrorCode
-  : never;
-
-type ErrorCase<T> = {
-  code: ErrorCodeMap<T>;
-  message: string;
-  reason?: GenericErrorReason;
-};
-
 /**
  * Builder class used to create specialized errors from type {@link UnexpectedStatusCodeError} that handles multiple status codes.
  *
@@ -271,3 +185,15 @@ export class ResponseErrorBuilder<T extends typeof UnexpectedStatusCodeError> {
     return originalError;
   }
 }
+
+type ErrorCodeMap<T> = T extends typeof IssuerResponseError
+  ? IssuerResponseErrorCode
+  : T extends typeof WalletProviderResponseError
+  ? WalletProviderResponseErrorCode
+  : never;
+
+type ErrorCase<T> = {
+  code: ErrorCodeMap<T>;
+  message: string;
+  reason?: GenericErrorReason;
+};

package/src/utils/jwk.ts

@@ -58,3 +58,8 @@ export function fixBase64EncodingOnKey(key: JWK): JWK {
     ...(n ? { n: removePadding(n) } : {}),
   };
 }
+
+export type JWKS = z.infer<typeof JWKS>;
+export const JWKS = z.object({
+  keys: z.array(JWK),
+});

package/src/utils/par.ts

@@ -13,7 +13,6 @@ import { IssuerResponseError } from "./errors";
 export type AuthorizationDetail = z.infer<typeof AuthorizationDetail>;
 export const AuthorizationDetail = z.object({
   credential_configuration_id: z.string(),
-  format: z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]),
   type: z.literal("openid_credential"),
 });
 
@@ -38,8 +37,7 @@ export const makeParRequest =
     responseMode: string,
     parEndpoint: string,
     walletInstanceAttestation: string,
-    authorizationDetails: AuthorizationDetails,
-    assertionType: string
+    authorizationDetails: AuthorizationDetails
   ): Promise<string> => {
     const wiaPublicKey = await wiaCryptoContext.getPublicKey();
 
@@ -85,8 +83,6 @@ export const makeParRequest =
         code_challenge_method: codeChallengeMethod,
         authorization_details: authorizationDetails,
         redirect_uri: redirectUri,
-        client_assertion_type: assertionType,
-        client_assertion: walletInstanceAttestation + "~" + signedWiaPoP,
       })
       .setIssuedAt() //iat is set to now
       .setExpirationTime("5min")
@@ -94,19 +90,16 @@ export const makeParRequest =
 
     /** The request body for the Pushed Authorization Request */
     var formBody = new URLSearchParams({
-      response_type: "code",
       client_id: clientId,
-      code_challenge: codeChallenge,
-      code_challenge_method: "S256",
       request: signedJwtForPar,
-      client_assertion_type: assertionType,
-      client_assertion: walletInstanceAttestation + "~" + signedWiaPoP,
     });
 
     return await appFetch(parEndpoint, {
       method: "POST",
       headers: {
         "Content-Type": "application/x-www-form-urlencoded",
+        "OAuth-Client-Attestation": walletInstanceAttestation,
+        "OAuth-Client-Attestation-PoP": signedWiaPoP,
       },
       body: formBody.toString(),
     })

package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js

@@ -1,27 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.evaluateIssuerTrust = void 0;
-var _trust = require("../../trust");
-/**
- * WARNING: This function must be called after {@link startFlow}. The next function to be called is {@link startUserAuthorization}.
- * The Issuer trust evaluation phase.
- * Fetch the Issuer's configuration and verify trust.
- *
- * @param issuerUrl The base url of the Issuer returned by {@link startFlow}
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The Issuer's configuration
- */
-const evaluateIssuerTrust = async function (issuerUrl) {
-  let context = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  const issuerConf = await (0, _trust.getCredentialIssuerEntityConfiguration)(issuerUrl, {
-    appFetch: context.appFetch
-  }).then(_ => _.payload.metadata);
-  return {
-    issuerConf
-  };
-};
-exports.evaluateIssuerTrust = evaluateIssuerTrust;
-//# sourceMappingURL=02-evaluate-issuer-trust.js.map

package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["_trust","require","evaluateIssuerTrust","issuerUrl","context","arguments","length","undefined","issuerConf","getCredentialIssuerEntityConfiguration","appFetch","then","_","payload","metadata","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/02-evaluate-issuer-trust.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAcA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,mBAAwC,GAAG,eAAAA,CACtDC,SAAS,EAEN;EAAA,IADHC,OAAO,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEZ,MAAMG,UAAU,GAAG,MAAM,IAAAC,6CAAsC,EAACN,SAAS,EAAE;IACzEO,QAAQ,EAAEN,OAAO,CAACM;EACpB,CAAC,CAAC,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACC,OAAO,CAACC,QAAQ,CAAC;EAClC,OAAO;IAAEN;EAAW,CAAC;AACvB,CAAC;AAACO,OAAA,CAAAb,mBAAA,GAAAA,mBAAA"}

package/lib/commonjs/credential/presentation/03-get-request-object.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["_reactNativeUuid","_interopRequireDefault","require","_ioReactNativeJwt","_dpop","_errors","_misc","_types","obj","__esModule","default","getRequestObject","requestUri","rpConf","_ref","wiaCryptoContext","appFetch","fetch","walletInstanceAttestation","signedWalletInstanceDPoP","createDPopToken","jti","uuid","v4","htm","htu","ath","sha256ToBase64","responseEncodedJwt","method","headers","Authorization","DPoP","then","hasStatusOrThrow","res","json","responseJson","response","responseJwt","decodeJwt","pubKey","wallet_relying_party","jwks","keys","find","_ref2","kid","protectedHeader","NoSuitableKeysFoundInEntityConfiguration","verify","requestObject","RequestObject","parse","payload","exports"],"sourceRoot":"../../../../src","sources":["credential/presentation/03-get-request-object.ts"],"mappings":";;;;;;AAAA,IAAAA,gBAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,iBAAA,GAAAD,OAAA;AAOA,IAAAE,KAAA,GAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AAEA,IAAAI,KAAA,GAAAJ,OAAA;AAEA,IAAAK,MAAA,GAAAL,OAAA;AAAwC,SAAAD,uBAAAO,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAYxC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,gBAAkC,GAAG,MAAAA,CAChDC,UAAU,EACVC,MAAM,EAAAC,IAAA,KAEH;EAAA,IADH;IAAEC,gBAAgB;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAA0B,CAAC,GAAAJ,IAAA;EAEjE,MAAMK,wBAAwB,GAAG,MAAM,IAAAC,qBAAe,EACpD;IACEC,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE,EAAC;IACnBC,GAAG,EAAE,KAAK;IACVC,GAAG,EAAEb,UAAU;IACfc,GAAG,EAAE,MAAM,IAAAC,gCAAc,EAACT,yBAAyB;EACrD,CAAC,EACDH,gBACF,CAAC;EAED,MAAMa,kBAAkB,GAAG,MAAMZ,QAAQ,CAACJ,UAAU,EAAE;IACpDiB,MAAM,EAAE,KAAK;IACbC,OAAO,EAAE;MACPC,aAAa,EAAG,QAAOb,yBAA0B,EAAC;MAClDc,IAAI,EAAEb;IACR;EACF,CAAC,CAAC,CACCc,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAAEI,YAAY,IAAKA,YAAY,CAACC,QAAQ,CAAC;EAEhD,MAAMC,WAAW,GAAG,IAAAC,wBAAS,EAACZ,kBAAkB,CAAC;;EAEjD;EACA;EACA;IACE,MAAMa,MAAM,GAAG5B,MAAM,CAAC6B,oBAAoB,CAACC,IAAI,CAACC,IAAI,CAACC,IAAI,CACvDC,KAAA;MAAA,IAAC;QAAEC;MAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,GAAG,KAAKR,WAAW,CAACS,eAAe,CAACD,GAAG;IAAA,CACtD,CAAC;IACD,IAAI,CAACN,MAAM,EAAE;MACX,MAAM,IAAIQ,gDAAwC,CAChD,uCACF,CAAC;IACH;IACA,MAAM,IAAAC,wBAAM,EAACtB,kBAAkB,EAAEa,MAAM,CAAC;EAC1C;;EAEA;EACA,MAAMU,aAAa,GAAGC,oBAAa,CAACC,KAAK,CAACd,WAAW,CAACe,OAAO,CAAC;EAE9D,OAAO;IACLH;EACF,CAAC;AACH,CAAC;AAACI,OAAA,CAAA5C,gBAAA,GAAAA,gBAAA"}

package/lib/commonjs/credential/status/01-start-flow.js

@@ -1,2 +0,0 @@
-"use strict";
-//# sourceMappingURL=01-start-flow.js.map

package/lib/commonjs/credential/status/01-start-flow.js.map

@@ -1 +0,0 @@
-{"version":3,"names":[],"sourceRoot":"../../../../src","sources":["credential/status/01-start-flow.ts"],"mappings":""}

package/lib/commonjs/credential/status/02-status-attestation.js

@@ -1,72 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.statusAttestation = void 0;
-var _misc = require("../../utils/misc");
-var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
-var _reactNativeUuid = _interopRequireDefault(require("react-native-uuid"));
-var _types = require("./types");
-var _errors = require("../../utils/errors");
-function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
-/**
- * WARNING: This function must be called after {@link startFlow}.
- * Verify the status of the credential attestation.
- * @param issuerConf - The issuer's configuration
- * @param credential - The credential to be verified
- * @param credentialCryptoContext - The credential's crypto context
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @throws {IssuerResponseError} with a specific code for more context
- * @returns The credential status attestation
- */
-const statusAttestation = async function (issuerConf, credential, credentialCryptoContext) {
-  let appFetch = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : fetch;
-  const jwk = await credentialCryptoContext.getPublicKey();
-  const credentialHash = await (0, _misc.getCredentialHashWithouDiscloures)(credential);
-  const statusAttUrl = issuerConf.openid_credential_issuer.status_attestation_endpoint;
-  const credentialPop = await new _ioReactNativeJwt.SignJWT(credentialCryptoContext).setPayload({
-    aud: statusAttUrl,
-    jti: _reactNativeUuid.default.v4().toString(),
-    credential_hash: credentialHash,
-    credential_hash_alg: "S256"
-  }).setProtectedHeader({
-    alg: "ES256",
-    typ: "status-attestation-request+jwt",
-    kid: jwk.kid
-  }).setIssuedAt().setExpirationTime("5m").sign();
-  const body = {
-    credential_pop: credentialPop
-  };
-  const result = await appFetch(statusAttUrl, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json"
-    },
-    body: JSON.stringify(body)
-  }).then((0, _misc.hasStatusOrThrow)(201)).then(raw => raw.json()).then(json => _types.StatusAttestationResponse.parse(json)).catch(handleStatusAttestationError);
-  return {
-    statusAttestation: result.status_attestation
-  };
-};
-
-/**
- * Handle the status attestation error by mapping it to a custom exception.
- * If the error is not an instance of {@link UnexpectedStatusCodeError}, it is thrown as is.
- * @param e - The error to be handled
- * @throws {IssuerResponseError} with a specific code for more context
- */
-exports.statusAttestation = statusAttestation;
-const handleStatusAttestationError = e => {
-  if (!(e instanceof _errors.UnexpectedStatusCodeError)) {
-    throw e;
-  }
-  throw new _errors.ResponseErrorBuilder(_errors.IssuerResponseError).handle(404, {
-    code: _errors.IssuerResponseErrorCodes.CredentialInvalidStatus,
-    message: "Invalid status found for the given credential"
-  }).handle("*", {
-    code: _errors.IssuerResponseErrorCodes.StatusAttestationRequestFailed,
-    message: `Unable to obtain the status attestation for the given credential`
-  }).buildFrom(e);
-};
-//# sourceMappingURL=02-status-attestation.js.map

package/lib/commonjs/credential/status/02-status-attestation.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["_misc","require","_ioReactNativeJwt","_reactNativeUuid","_interopRequireDefault","_types","_errors","obj","__esModule","default","statusAttestation","issuerConf","credential","credentialCryptoContext","appFetch","arguments","length","undefined","fetch","jwk","getPublicKey","credentialHash","getCredentialHashWithouDiscloures","statusAttUrl","openid_credential_issuer","status_attestation_endpoint","credentialPop","SignJWT","setPayload","aud","jti","uuid","v4","toString","credential_hash","credential_hash_alg","setProtectedHeader","alg","typ","kid","setIssuedAt","setExpirationTime","sign","body","credential_pop","result","method","headers","JSON","stringify","then","hasStatusOrThrow","raw","json","StatusAttestationResponse","parse","catch","handleStatusAttestationError","status_attestation","exports","e","UnexpectedStatusCodeError","ResponseErrorBuilder","IssuerResponseError","handle","code","IssuerResponseErrorCodes","CredentialInvalidStatus","message","StatusAttestationRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/status/02-status-attestation.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAMA,IAAAC,iBAAA,GAAAD,OAAA;AACA,IAAAE,gBAAA,GAAAC,sBAAA,CAAAH,OAAA;AACA,IAAAI,MAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AAK4B,SAAAG,uBAAAG,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAW5B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,iBAAoC,GAAG,eAAAA,CAClDC,UAAU,EACVC,UAAU,EACVC,uBAAuB,EAEpB;EAAA,IADHC,QAA8B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAEtC,MAAMC,GAAG,GAAG,MAAMN,uBAAuB,CAACO,YAAY,CAAC,CAAC;EACxD,MAAMC,cAAc,GAAG,MAAM,IAAAC,uCAAiC,EAACV,UAAU,CAAC;EAC1E,MAAMW,YAAY,GAChBZ,UAAU,CAACa,wBAAwB,CAACC,2BAA2B;EACjE,MAAMC,aAAa,GAAG,MAAM,IAAIC,yBAAO,CAACd,uBAAuB,CAAC,CAC7De,UAAU,CAAC;IACVC,GAAG,EAAEN,YAAY;IACjBO,GAAG,EAAEC,wBAAI,CAACC,EAAE,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;IACzBC,eAAe,EAAEb,cAAc;IAC/Bc,mBAAmB,EAAE;EACvB,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,gCAAgC;IACrCC,GAAG,EAAEpB,GAAG,CAACoB;EACX,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,IAAI,GAAG;IACXC,cAAc,EAAElB;EAClB,CAAC;EAED,MAAMmB,MAAM,GAAG,MAAM/B,QAAQ,CAACS,YAAY,EAAE;IAC1CuB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDJ,IAAI,EAAEK,IAAI,CAACC,SAAS,CAACN,IAAI;EAC3B,CAAC,CAAC,CACCO,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAAEG,IAAI,IAAKC,gCAAyB,CAACC,KAAK,CAACF,IAAI,CAAC,CAAC,CACrDG,KAAK,CAACC,4BAA4B,CAAC;EAEtC,OAAO;IAAE/C,iBAAiB,EAAEmC,MAAM,CAACa;EAAmB,CAAC;AACzD,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AALAC,OAAA,CAAAjD,iBAAA,GAAAA,iBAAA;AAMA,MAAM+C,4BAA4B,GAAIG,CAAU,IAAK;EACnD,IAAI,EAAEA,CAAC,YAAYC,iCAAyB,CAAC,EAAE;IAC7C,MAAMD,CAAC;EACT;EAEA,MAAM,IAAIE,4BAAoB,CAACC,2BAAmB,CAAC,CAChDC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,gCAAwB,CAACC,uBAAuB;IACtDC,OAAO,EAAE;EACX,CAAC,CAAC,CACDJ,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,gCAAwB,CAACG,8BAA8B;IAC7DD,OAAO,EAAG;EACZ,CAAC,CAAC,CACDE,SAAS,CAACV,CAAC,CAAC;AACjB,CAAC"}

package/lib/commonjs/credential/status/03-verify-and-parse-status-attestation.js

@@ -1,52 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.verifyAndParseStatusAttestation = void 0;
-var _errors = require("../../utils/errors");
-var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
-var _types = require("./types");
-/**
- * Given a status attestation, verifies that:
- * - It's in the supported format;
- * - The attestation is correctly signed;
- * - It's bound to the given key.
- * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
- * @param statusAttestation The encoded status attestation returned by {@link statusAttestation}
- * @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
- * @returns A parsed status attestation
- * @throws {IoWalletError} If the credential signature is not verified with the Issuer key set
- * @throws {IoWalletError} If the credential is not bound to the provided user key
- * @throws {IoWalletError} If the credential data fail to parse
- */
-const verifyAndParseStatusAttestation = async (issuerConf, rawStatusAttestation, context) => {
-  try {
-    const {
-      statusAttestation
-    } = rawStatusAttestation;
-    const {
-      credentialCryptoContext
-    } = context;
-    await (0, _ioReactNativeJwt.verify)(statusAttestation, issuerConf.openid_credential_issuer.jwks.keys);
-    const decodedJwt = (0, _ioReactNativeJwt.decode)(statusAttestation);
-    const parsedStatusAttestation = _types.ParsedStatusAttestation.parse({
-      header: decodedJwt.protectedHeader,
-      payload: decodedJwt.payload
-    });
-    const holderBindingKey = await credentialCryptoContext.getPublicKey();
-    const {
-      cnf
-    } = parsedStatusAttestation.payload;
-    if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
-      throw new _errors.IoWalletError(`Failed to verify holder binding for status attestation, expected kid: ${holderBindingKey.kid}, got: ${parsedStatusAttestation.payload.cnf.jwk.kid}`);
-    }
-    return {
-      parsedStatusAttestation
-    };
-  } catch (e) {
-    throw new _errors.IoWalletError(`Failed to verify status attestation: ${JSON.stringify(e)}`);
-  }
-};
-exports.verifyAndParseStatusAttestation = verifyAndParseStatusAttestation;
-//# sourceMappingURL=03-verify-and-parse-status-attestation.js.map

package/lib/commonjs/credential/status/03-verify-and-parse-status-attestation.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["_errors","require","_ioReactNativeJwt","_types","verifyAndParseStatusAttestation","issuerConf","rawStatusAttestation","context","statusAttestation","credentialCryptoContext","verify","openid_credential_issuer","jwks","keys","decodedJwt","decodeJwt","parsedStatusAttestation","ParsedStatusAttestation","parse","header","protectedHeader","payload","holderBindingKey","getPublicKey","cnf","jwk","kid","IoWalletError","e","JSON","stringify","exports"],"sourceRoot":"../../../../src","sources":["credential/status/03-verify-and-parse-status-attestation.ts"],"mappings":";;;;;;AACA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,iBAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AAWA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,+BAAgE,GAC3E,MAAAA,CAAOC,UAAU,EAAEC,oBAAoB,EAAEC,OAAO,KAAK;EACnD,IAAI;IACF,MAAM;MAAEC;IAAkB,CAAC,GAAGF,oBAAoB;IAClD,MAAM;MAAEG;IAAwB,CAAC,GAAGF,OAAO;IAE3C,MAAM,IAAAG,wBAAM,EACVF,iBAAiB,EACjBH,UAAU,CAACM,wBAAwB,CAACC,IAAI,CAACC,IAC3C,CAAC;IAED,MAAMC,UAAU,GAAG,IAAAC,wBAAS,EAACP,iBAAiB,CAAC;IAC/C,MAAMQ,uBAAuB,GAAGC,8BAAuB,CAACC,KAAK,CAAC;MAC5DC,MAAM,EAAEL,UAAU,CAACM,eAAe;MAClCC,OAAO,EAAEP,UAAU,CAACO;IACtB,CAAC,CAAC;IAEF,MAAMC,gBAAgB,GAAG,MAAMb,uBAAuB,CAACc,YAAY,CAAC,CAAC;IACrE,MAAM;MAAEC;IAAI,CAAC,GAAGR,uBAAuB,CAACK,OAAO;IAC/C,IAAI,CAACG,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKJ,gBAAgB,CAACI,GAAG,EAAE;MACxD,MAAM,IAAIC,qBAAa,CACpB,yEAAwEL,gBAAgB,CAACI,GAAI,UAASV,uBAAuB,CAACK,OAAO,CAACG,GAAG,CAACC,GAAG,CAACC,GAAI,EACrJ,CAAC;IACH;IAEA,OAAO;MAAEV;IAAwB,CAAC;EACpC,CAAC,CAAC,OAAOY,CAAC,EAAE;IACV,MAAM,IAAID,qBAAa,CACpB,wCAAuCE,IAAI,CAACC,SAAS,CAACF,CAAC,CAAE,EAC5D,CAAC;EACH;AACF,CAAC;AAACG,OAAA,CAAA3B,+BAAA,GAAAA,+BAAA"}

package/lib/commonjs/credential/status/README.md

@@ -1,67 +0,0 @@
-# Credential Status Attestation
-
-This flow is used to obtain a credential status attestation from its credential issuer. Each step in the flow is imported from the related file which is named with a sequential number.
-The credential status attestation is a JWT which contains the credential status which indicates if the credential is valid or not.
-The status attestation is supposed to be stored securely along with the credential. It has a limited lifetime and should be refreshed periodically according to the `exp` field in the JWT payload.
-
-## Sequence Diagram
-
-```mermaid
-graph TD;
-    0[startFlow]
-    1[statusAttestation]
-    2[verifyAndParseStatusAttestation]
-
-    0 --> 1
-    1 --> 2
-```
-
-
-## Mapped results
-
-The following errors are mapped to a `IssuerResponseError` with specific codes.
-
-|HTTP Status|Error Code|Description|
-|-----------|----------|-----------|
-|`404 Not Found`|`ERR_CREDENTIAL_INVALID_STATUS`|This response is returned by the credential issuer when the status attestation is invalid. It might contain more details in the `reason` property.|
-
-## Example
-
-<details>
-  <summary>Credential status attestation flow</summary>
-
-```ts
-// Start the issuance flow
-const credentialIssuerUrl = "https://issuer.example.com";
-const startFlow: Credential.Status.StartFlow = () => ({
-  issuerUrl: credentialIssuerUrl, // Let's assum
-});
-
-const { issuerUrl } = startFlow();
-
-// Evaluate issuer trust
-const { issuerConf } = await Credential.Status.evaluateIssuerTrust(issuerUrl);
-
-// Get the credential attestation
-const res = await Credential.Status.statusAttestation(
-  issuerConf,
-  credential,
-  credentialCryptoContext
-);
-
-// Verify and parse the status attestation
-const { parsedStatusAttestation } =
-  await Credential.Status.verifyAndParseStatusAttestation(
-    issuerConf,
-    res.statusAttestation,
-    { credentialCryptoContext }
-  );
-
-return {
-  statusAttestation: res.statusAttestation,
-  parsedStatusAttestation,
-  credentialType,
-};
-```
-
-</details>

package/lib/commonjs/credential/status/index.js

@@ -1,27 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-Object.defineProperty(exports, "evaluateIssuerTrust", {
-  enumerable: true,
-  get: function () {
-    return _issuance.evaluateIssuerTrust;
-  }
-});
-Object.defineProperty(exports, "statusAttestation", {
-  enumerable: true,
-  get: function () {
-    return _statusAttestation.statusAttestation;
-  }
-});
-Object.defineProperty(exports, "verifyAndParseStatusAttestation", {
-  enumerable: true,
-  get: function () {
-    return _verifyAndParseStatusAttestation.verifyAndParseStatusAttestation;
-  }
-});
-var _statusAttestation = require("./02-status-attestation");
-var _issuance = require("../issuance");
-var _verifyAndParseStatusAttestation = require("./03-verify-and-parse-status-attestation");
-//# sourceMappingURL=index.js.map

package/lib/commonjs/credential/status/index.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["_statusAttestation","require","_issuance","_verifyAndParseStatusAttestation"],"sourceRoot":"../../../../src","sources":["credential/status/index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AACA,IAAAA,kBAAA,GAAAC,OAAA;AAIA,IAAAC,SAAA,GAAAD,OAAA;AACA,IAAAE,gCAAA,GAAAF,OAAA"}

package/lib/commonjs/credential/status/types.js

@@ -1,48 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.StatusAttestationResponse = exports.ParsedStatusAttestation = void 0;
-var _types = require("../../sd-jwt/types");
-var _jwk = require("../../utils/jwk");
-var z = _interopRequireWildcard(require("zod"));
-function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
-function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
-/**
- * Shape from parsing a status attestation response in case of 201.
- */
-const StatusAttestationResponse = z.object({
-  status_attestation: z.string()
-});
-
-/**
- * Type from parsing a status attestation response in case of 201.
- * Inferred from {@link StatusAttestationResponse}.
- */
-
-/**
- * Type for a parsed status attestation.
- */
-exports.StatusAttestationResponse = StatusAttestationResponse;
-/**
- * Shape for parsing a status attestation in a JWT.
- */
-const ParsedStatusAttestation = z.object({
-  header: z.object({
-    typ: z.literal("status-attestation+jwt"),
-    alg: z.string(),
-    kid: z.string().optional()
-  }),
-  payload: z.object({
-    credential_hash_alg: z.string(),
-    credential_hash: z.string(),
-    cnf: z.object({
-      jwk: _jwk.JWK
-    }),
-    exp: _types.UnixTime,
-    iat: _types.UnixTime
-  })
-});
-exports.ParsedStatusAttestation = ParsedStatusAttestation;
-//# sourceMappingURL=types.js.map

package/lib/commonjs/credential/status/types.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["_types","require","_jwk","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","StatusAttestationResponse","object","status_attestation","string","exports","ParsedStatusAttestation","header","typ","literal","alg","kid","optional","payload","credential_hash_alg","credential_hash","cnf","jwk","JWK","exp","UnixTime","iat"],"sourceRoot":"../../../../src","sources":["credential/status/types.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,CAAA,GAAAC,uBAAA,CAAAH,OAAA;AAAyB,SAAAI,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEzB;AACA;AACA;AACO,MAAMW,yBAAyB,GAAGxB,CAAC,CAACyB,MAAM,CAAC;EAChDC,kBAAkB,EAAE1B,CAAC,CAAC2B,MAAM,CAAC;AAC/B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAKA;AACA;AACA;AAFAC,OAAA,CAAAJ,yBAAA,GAAAA,yBAAA;AAKA;AACA;AACA;AACO,MAAMK,uBAAuB,GAAG7B,CAAC,CAACyB,MAAM,CAAC;EAC9CK,MAAM,EAAE9B,CAAC,CAACyB,MAAM,CAAC;IACfM,GAAG,EAAE/B,CAAC,CAACgC,OAAO,CAAC,wBAAwB,CAAC;IACxCC,GAAG,EAAEjC,CAAC,CAAC2B,MAAM,CAAC,CAAC;IACfO,GAAG,EAAElC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACQ,QAAQ,CAAC;EAC3B,CAAC,CAAC;EACFC,OAAO,EAAEpC,CAAC,CAACyB,MAAM,CAAC;IAChBY,mBAAmB,EAAErC,CAAC,CAAC2B,MAAM,CAAC,CAAC;IAC/BW,eAAe,EAAEtC,CAAC,CAAC2B,MAAM,CAAC,CAAC;IAC3BY,GAAG,EAAEvC,CAAC,CAACyB,MAAM,CAAC;MACZe,GAAG,EAAEC;IACP,CAAC,CAAC;IACFC,GAAG,EAAEC,eAAQ;IACbC,GAAG,EAAED;EACP,CAAC;AACH,CAAC,CAAC;AAACf,OAAA,CAAAC,uBAAA,GAAAA,uBAAA"}