npm - @pagopa/io-react-native-wallet - Versions diffs - 1.0.0 → 1.1.0 - Mend

@pagopa/io-react-native-wallet 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (289) hide show

package/lib/typescript/trust/index.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/trust/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,iCAAiC,EACjC,8BAA8B,EAC9B,mCAAmC,EACnC,+BAA+B,EAC/B,mBAAmB,EACnB,eAAe,EAChB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,kBAAkB,EAAmB,MAAM,SAAS,CAAC;AAG9D,YAAY,EACV,iCAAiC,EACjC,8BAA8B,EAC9B,mCAAmC,EACnC,+BAA+B,EAC/B,mBAAmB,EACnB,eAAe,GAChB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,wBAAsB,gBAAgB,CACpC,iBAAiB,EAAE,8BAA8B,EACjD,KAAK,EAAE,MAAM,EAAE,EACf,EACE,QAAgB,EAChB,WAAkB,GACnB,GAAE;IAAE,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;IAAC,WAAW,CAAC,EAAE,OAAO,CAAA;CAAO,GACjE,OAAO,CAAC,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC,CAWhD;AAED;;;;;;GAMG;AACH,wBAAsB,4BAA4B,CAChD,aAAa,EAAE,MAAM,EACrB,EACE,QAAgB,GACjB,GAAE;IACD,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CAC5B,GACL,OAAO,CAAC,MAAM,CAAC,CAQjB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,iBAAe,gCAAgC,CAC7C,aAAa,EAAE,MAAM,EACrB,MAAM,EAAE,OAAO,iCAAiC,EAChD,OAAO,CAAC,EAAE;IACR,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,GACA,OAAO,CAAC,iCAAiC,CAAC,CAAC;AAC9C,iBAAe,gCAAgC,CAC7C,aAAa,EAAE,MAAM,EACrB,MAAM,EAAE,OAAO,+BAA+B,EAC9C,OAAO,CAAC,EAAE;IACR,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,GACA,OAAO,CAAC,+BAA+B,CAAC,CAAC;AAC5C,iBAAe,gCAAgC,CAC7C,aAAa,EAAE,MAAM,EACrB,MAAM,EAAE,OAAO,8BAA8B,EAC7C,OAAO,CAAC,EAAE;IACR,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,GACA,OAAO,CAAC,8BAA8B,CAAC,CAAC;AAC3C,iBAAe,gCAAgC,CAC7C,aAAa,EAAE,MAAM,EACrB,MAAM,EAAE,OAAO,mCAAmC,EAClD,OAAO,CAAC,EAAE;IACR,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,GACA,OAAO,CAAC,mCAAmC,CAAC,CAAC;AAChD,iBAAe,gCAAgC,CAC7C,aAAa,EAAE,MAAM,EACrB,MAAM,EAAE,OAAO,mBAAmB,EAClC,OAAO,CAAC,EAAE;IACR,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,GACA,OAAO,CAAC,mBAAmB,CAAC,CAAC;AA0BhC,eAAO,MAAM,oCAAoC,kBAChC,WAAW,uCAAuC,CAAC,CAAC,CAAC,CAAC,YAC3D,WAAW,uCAAuC,CAAC,CAAC,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAM/D,CAAC;AAEJ,eAAO,MAAM,sCAAsC,kBAClC,WAAW,uCAAuC,CAAC,CAAC,CAAC,CAAC,YAC3D,WAAW,uCAAuC,CAAC,CAAC,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAM/D,CAAC;AAEJ,eAAO,MAAM,iCAAiC,kBAC7B,WAAW,uCAAuC,CAAC,CAAC,CAAC,CAAC,YAC3D,WAAW,uCAAuC,CAAC,CAAC,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAM/D,CAAC;AAEJ,eAAO,MAAM,kCAAkC,kBAC9B,WAAW,uCAAuC,CAAC,CAAC,CAAC,CAAC,YAC3D,WAAW,uCAAuC,CAAC,CAAC,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAM/D,CAAC;AAEJ,eAAO,MAAM,sBAAsB,kBAClB,WAAW,uCAAuC,CAAC,CAAC,CAAC,CAAC,YAC3D,WAAW,uCAAuC,CAAC,CAAC,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAEa,CAAC;AAEhF;;;;;;;;;GASG;AACH,wBAAsB,kBAAkB,CACtC,wBAAwB,EAAE,MAAM,EAChC,yBAAyB,EAAE,MAAM,EACjC,EACE,QAAgB,GACjB,GAAE;IACD,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CAC5B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAeP;AAED;;;;;;;;GAQG;AACH,wBAAsB,wBAAwB,CAC5C,wBAAwB,EAAE,MAAM,EAChC,yBAAyB,EAAE,MAAM,EACjC,EACE,QAAgB,GACjB,GAAE;IACD,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CAC5B,mBAWP"}

package/src/credential/issuance/02-evaluate-issuer-trust.ts DELETED Viewed

@@ -1,32 +0,0 @@
-import { getCredentialIssuerEntityConfiguration } from "../../trust";
-import { CredentialIssuerEntityConfiguration } from "../../trust/types";
-import type { StartFlow } from "./01-start-flow";
-import type { Out } from "../../utils/misc";
-export type EvaluateIssuerTrust = (
-  issuerUrl: Out<StartFlow>["issuerUrl"],
-  context?: {
-    appFetch?: GlobalFetch["fetch"];
-  }
-) => Promise<{
-  issuerConf: CredentialIssuerEntityConfiguration["payload"]["metadata"];
-}>;
-/**
- * WARNING: This function must be called after {@link startFlow}. The next function to be called is {@link startUserAuthorization}.
- * The Issuer trust evaluation phase.
- * Fetch the Issuer's configuration and verify trust.
- *
- * @param issuerUrl The base url of the Issuer returned by {@link startFlow}
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The Issuer's configuration
- */
-export const evaluateIssuerTrust: EvaluateIssuerTrust = async (
-  issuerUrl,
-  context = {}
-) => {
-  const issuerConf = await getCredentialIssuerEntityConfiguration(issuerUrl, {
-    appFetch: context.appFetch,
-  }).then((_) => _.payload.metadata);
-  return { issuerConf };
-};

package/src/credential/status/01-start-flow.ts DELETED Viewed

@@ -1,9 +0,0 @@
-/**
- * WARNING: This is the first function to be called in the status attestation flow. The next function to be called is {@link statusAttestation}.
- * The beginning of the status attestation flow.
- *
- * @returns The url of the credential issuer to be used in the next function.
- */
-export type StartFlow = () => {
-  issuerUrl: string;
-};

package/src/credential/status/02-status-attestation.ts DELETED Viewed

@@ -1,102 +0,0 @@
-import {
-  getCredentialHashWithouDiscloures,
-  hasStatusOrThrow,
-  type Out,
-} from "../../utils/misc";
-import type { EvaluateIssuerTrust, ObtainCredential } from "../issuance";
-import { type CryptoContext, SignJWT } from "@pagopa/io-react-native-jwt";
-import uuid from "react-native-uuid";
-import { StatusAttestationResponse } from "./types";
-import {
-  IssuerResponseError,
-  IssuerResponseErrorCodes,
-  ResponseErrorBuilder,
-  UnexpectedStatusCodeError,
-} from "../../utils/errors";
-export type StatusAttestation = (
-  issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
-  credential: Out<ObtainCredential>["credential"],
-  credentialCryptoContext: CryptoContext,
-  appFetch?: GlobalFetch["fetch"]
-) => Promise<{
-  statusAttestation: StatusAttestationResponse["status_attestation"];
-}>;
-/**
- * WARNING: This function must be called after {@link startFlow}.
- * Verify the status of the credential attestation.
- * @param issuerConf - The issuer's configuration
- * @param credential - The credential to be verified
- * @param credentialCryptoContext - The credential's crypto context
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @throws {IssuerResponseError} with a specific code for more context
- * @returns The credential status attestation
- */
-export const statusAttestation: StatusAttestation = async (
-  issuerConf,
-  credential,
-  credentialCryptoContext,
-  appFetch: GlobalFetch["fetch"] = fetch
-) => {
-  const jwk = await credentialCryptoContext.getPublicKey();
-  const credentialHash = await getCredentialHashWithouDiscloures(credential);
-  const statusAttUrl =
-    issuerConf.openid_credential_issuer.status_attestation_endpoint;
-  const credentialPop = await new SignJWT(credentialCryptoContext)
-    .setPayload({
-      aud: statusAttUrl,
-      jti: uuid.v4().toString(),
-      credential_hash: credentialHash,
-      credential_hash_alg: "S256",
-    })
-    .setProtectedHeader({
-      alg: "ES256",
-      typ: "status-attestation-request+jwt",
-      kid: jwk.kid,
-    })
-    .setIssuedAt()
-    .setExpirationTime("5m")
-    .sign();
-  const body = {
-    credential_pop: credentialPop,
-  };
-  const result = await appFetch(statusAttUrl, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-    },
-    body: JSON.stringify(body),
-  })
-    .then(hasStatusOrThrow(201))
-    .then((raw) => raw.json())
-    .then((json) => StatusAttestationResponse.parse(json))
-    .catch(handleStatusAttestationError);
-  return { statusAttestation: result.status_attestation };
-};
-/**
- * Handle the status attestation error by mapping it to a custom exception.
- * If the error is not an instance of {@link UnexpectedStatusCodeError}, it is thrown as is.
- * @param e - The error to be handled
- * @throws {IssuerResponseError} with a specific code for more context
- */
-const handleStatusAttestationError = (e: unknown) => {
-  if (!(e instanceof UnexpectedStatusCodeError)) {
-    throw e;
-  }
-  throw new ResponseErrorBuilder(IssuerResponseError)
-    .handle(404, {
-      code: IssuerResponseErrorCodes.CredentialInvalidStatus,
-      message: "Invalid status found for the given credential",
-    })
-    .handle("*", {
-      code: IssuerResponseErrorCodes.StatusAttestationRequestFailed,
-      message: `Unable to obtain the status attestation for the given credential`,
-    })
-    .buildFrom(e);
-};

package/src/credential/status/03-verify-and-parse-status-attestation.ts DELETED Viewed

@@ -1,60 +0,0 @@
-import type { Out } from "../../utils/misc";
-import { IoWalletError } from "../../utils/errors";
-import { verify, type CryptoContext } from "@pagopa/io-react-native-jwt";
-import type { EvaluateIssuerTrust, StatusAttestation } from "../status";
-import { ParsedStatusAttestation } from "./types";
-import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
-export type VerifyAndParseStatusAttestation = (
-  issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
-  statusAttestation: Out<StatusAttestation>,
-  context: {
-    credentialCryptoContext: CryptoContext;
-  }
-) => Promise<{ parsedStatusAttestation: ParsedStatusAttestation }>;
-/**
- * Given a status attestation, verifies that:
- * - It's in the supported format;
- * - The attestation is correctly signed;
- * - It's bound to the given key.
- * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
- * @param statusAttestation The encoded status attestation returned by {@link statusAttestation}
- * @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
- * @returns A parsed status attestation
- * @throws {IoWalletError} If the credential signature is not verified with the Issuer key set
- * @throws {IoWalletError} If the credential is not bound to the provided user key
- * @throws {IoWalletError} If the credential data fail to parse
- */
-export const verifyAndParseStatusAttestation: VerifyAndParseStatusAttestation =
-  async (issuerConf, rawStatusAttestation, context) => {
-    try {
-      const { statusAttestation } = rawStatusAttestation;
-      const { credentialCryptoContext } = context;
-      await verify(
-        statusAttestation,
-        issuerConf.openid_credential_issuer.jwks.keys
-      );
-      const decodedJwt = decodeJwt(statusAttestation);
-      const parsedStatusAttestation = ParsedStatusAttestation.parse({
-        header: decodedJwt.protectedHeader,
-        payload: decodedJwt.payload,
-      });
-      const holderBindingKey = await credentialCryptoContext.getPublicKey();
-      const { cnf } = parsedStatusAttestation.payload;
-      if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
-        throw new IoWalletError(
-          `Failed to verify holder binding for status attestation, expected kid: ${holderBindingKey.kid}, got: ${parsedStatusAttestation.payload.cnf.jwk.kid}`
-        );
-      }
-      return { parsedStatusAttestation };
-    } catch (e) {
-      throw new IoWalletError(
-        `Failed to verify status attestation: ${JSON.stringify(e)}`
-      );
-    }
-  };

package/src/credential/status/README.md DELETED Viewed

@@ -1,67 +0,0 @@
-# Credential Status Attestation
-This flow is used to obtain a credential status attestation from its credential issuer. Each step in the flow is imported from the related file which is named with a sequential number.
-The credential status attestation is a JWT which contains the credential status which indicates if the credential is valid or not.
-The status attestation is supposed to be stored securely along with the credential. It has a limited lifetime and should be refreshed periodically according to the `exp` field in the JWT payload.
-## Sequence Diagram
-```mermaid
-graph TD;
-    0[startFlow]
-    1[statusAttestation]
-    2[verifyAndParseStatusAttestation]
-    0 --> 1
-    1 --> 2
-```
-## Mapped results
-The following errors are mapped to a `IssuerResponseError` with specific codes.
-|HTTP Status|Error Code|Description|
-|-----------|----------|-----------|
-|`404 Not Found`|`ERR_CREDENTIAL_INVALID_STATUS`|This response is returned by the credential issuer when the status attestation is invalid. It might contain more details in the `reason` property.|
-## Example
-<details>
-  <summary>Credential status attestation flow</summary>
-```ts
-// Start the issuance flow
-const credentialIssuerUrl = "https://issuer.example.com";
-const startFlow: Credential.Status.StartFlow = () => ({
-  issuerUrl: credentialIssuerUrl, // Let's assum
-});
-const { issuerUrl } = startFlow();
-// Evaluate issuer trust
-const { issuerConf } = await Credential.Status.evaluateIssuerTrust(issuerUrl);
-// Get the credential attestation
-const res = await Credential.Status.statusAttestation(
-  issuerConf,
-  credential,
-  credentialCryptoContext
-);
-// Verify and parse the status attestation
-const { parsedStatusAttestation } =
-  await Credential.Status.verifyAndParseStatusAttestation(
-    issuerConf,
-    res.statusAttestation,
-    { credentialCryptoContext }
-  );
-return {
-  statusAttestation: res.statusAttestation,
-  parsedStatusAttestation,
-  credentialType,
-};
-```
-</details>

package/src/credential/status/index.ts DELETED Viewed

@@ -1,22 +0,0 @@
-import { type StartFlow } from "./01-start-flow";
-import {
-  statusAttestation,
-  type StatusAttestation,
-} from "./02-status-attestation";
-import { evaluateIssuerTrust, type EvaluateIssuerTrust } from "../issuance";
-import {
-  verifyAndParseStatusAttestation,
-  type VerifyAndParseStatusAttestation,
-} from "./03-verify-and-parse-status-attestation";
-export {
-  evaluateIssuerTrust,
-  statusAttestation,
-  verifyAndParseStatusAttestation,
-};
-export type {
-  StartFlow,
-  EvaluateIssuerTrust,
-  StatusAttestation,
-  VerifyAndParseStatusAttestation,
-};

package/src/credential/status/types.ts DELETED Viewed

@@ -1,43 +0,0 @@
-import { UnixTime } from "../../sd-jwt/types";
-import { JWK } from "../../utils/jwk";
-import * as z from "zod";
-/**
- * Shape from parsing a status attestation response in case of 201.
- */
-export const StatusAttestationResponse = z.object({
-  status_attestation: z.string(),
-});
-/**
- * Type from parsing a status attestation response in case of 201.
- * Inferred from {@link StatusAttestationResponse}.
- */
-export type StatusAttestationResponse = z.infer<
-  typeof StatusAttestationResponse
->;
-/**
- * Type for a parsed status attestation.
- */
-export type ParsedStatusAttestation = z.infer<typeof ParsedStatusAttestation>;
-/**
- * Shape for parsing a status attestation in a JWT.
- */
-export const ParsedStatusAttestation = z.object({
-  header: z.object({
-    typ: z.literal("status-attestation+jwt"),
-    alg: z.string(),
-    kid: z.string().optional(),
-  }),
-  payload: z.object({
-    credential_hash_alg: z.string(),
-    credential_hash: z.string(),
-    cnf: z.object({
-      jwk: JWK,
-    }),
-    exp: UnixTime,
-    iat: UnixTime,
-  }),
-});

package/src/credential/trustmark/README.md DELETED Viewed

@@ -1,62 +0,0 @@
-# Credential Trustmark
-A credential TrustMark is a signed JWT that verifies the authenticity of a credential issued by a trusted source. It serves as proof that a credential is valid and linked to a specific wallet instance.
-The TrustMark is often presented as a QR code, containing cryptographic data to ensure it hasn't been tampered with. It includes fields like issuer, issuance and expiration timestamps, and credential-specific details. TrustMarks have a short validity period and are used to enhance security and prevent misuse, such as QR code swapping.
-### getCredentialTrustmark
-A function that generates a signed JWT Trustmark to verify the authenticity of a digital credential. The Trustmark serves as a cryptographic proof linking a credential to a specific wallet instance, ensuring the credential's validity and preventing unauthorized modifications or misuse.
-#### Signature
-```typescript
-function getCredentialTrustmark({
-  walletInstanceAttestation: string,
-  wiaCryptoContext: CryptoContext,
-  credentialType: string,
-  docNumber?: string,
-  expirationTime?: number | string
-}): Promise<{
-  jwt: string,
-  expirationTime: number
-}>
-```
-#### Parameters
-| Parameter | Type | Required | Description |
-|-----------|------|----------|-------------|
-| walletInstanceAttestation | string | Yes | A base64-encoded string containing the Wallet Instance Attestation (WIA). This attestation proves the authenticity of the wallet instance. |
-| wiaCryptoContext | CryptoContext | Yes | The cryptographic context associated with the wallet instance. Must contain the same key pair used to generate the WIA. |
-| credentialType | string | Yes | Identifier for the type of credential (e.g., "MDL" for Mobile Driver's License). |
-| docNumber | string | No | The document number of the credential. If provided, it will be obfuscated in the Trustmark for privacy. |
-| expirationTime | number \| string | No | Specifies when the Trustmark expires. Can be either:<br>- A timestamp in seconds<br>- A time span string (e.g., "2m" for 2 minutes)<br>Default: "2m" |
-#### Return Value
-Returns a Promise that resolves to an object containing:
-| Property | Type | Description |
-|----------|------|-------------|
-| jwt | string | The signed trustmark JWT string |
-| expirationTime | number | The expiration timestamp of the JWT in seconds |
-## Example
-```typescript
-// Required inputs
-const walletInstanceAttestation = "base64AttestationString";
-const credentialType = "MDL"; // Credential type (e.g., Mobile Driver's License)
-const documentNumber = "AB123456"; // Optional document number
-const cryptoContext = createCryptoContextFor("wiaKeyTag"); // Sample crypto context
-// Generate the TrustMark JWT
-const { jwt, expirationTime } = await getCredentialTrustmark({
-  walletInstanceAttestation: "eyJ0eXAi...", // WIA JWT
-  wiaCryptoContext: cryptoContext,
-  credentialType: "IdentityCard",
-  docNumber: "AB123456",
-  expirationTime: "5m", // 5 minutes
-});
-console.log("Generated TrustMark JWT:", jwt);
-console.log("Expires at:", new Date(expirationTime * 1000));
-```

package/src/credential/trustmark/get-credential-trustmark.ts DELETED Viewed

@@ -1,120 +0,0 @@
-import {
-  SignJWT,
-  thumbprint,
-  type CryptoContext,
-  decode as decodeJwt,
-} from "@pagopa/io-react-native-jwt";
-import * as WalletInstanceAttestation from "../../wallet-instance-attestation";
-import { IoWalletError } from "../../utils/errors";
-import { obfuscateString } from "../../utils/string";
-export type GetCredentialTrustmarkJwt = (params: {
-  /**
-   * The Wallet Instance's attestation
-   */
-  walletInstanceAttestation: string;
-  /**
-   * The Wallet Instance's crypto context associated with the walletInstanceAttestation parameter
-   */
-  wiaCryptoContext: CryptoContext;
-  /**
-   * The type of credential for which the trustmark is generated
-   */
-  credentialType: string;
-  /**
-   * (Optional) Document number contained in the credential, if applicable
-   */
-  docNumber?: string;
-  /**
-   * (Optional) Expiration time for the trustmark, default is 2 minutes.
-   * If a number is provided, it is interpreted as a timestamp in seconds.
-   * If a string is provided, it is interpreted as a time span and added to the current timestamp.
-   */
-  expirationTime?: number | string;
-}) => Promise<{
-  /**
-   * The signed JWT
-   */
-  jwt: string;
-  /**
-   * The expiration time of the JWT in seconds
-   */
-  expirationTime: number;
-}>;
-/**
- * Generates a trustmark signed JWT, which is used to verify the authenticity of a credential.
- * The public key used to sign the trustmark must the same used for the Wallet Instance Attestation.
- *
- * @param walletInstanceAttestation the Wallet Instance's attestation
- * @param wiaCryptoContext The Wallet Instance's crypto context associated with the walletInstanceAttestation parameter
- * @param credentialType The type of credential for which the trustmark is generated
- * @param docNumber (Optional) Document number contained in the credential, if applicable
- * @param expirationTime (Optional) Expiration time for the trustmark, default is 2 minutes.
- *                        If a number is provided, it is interpreted as a timestamp in seconds.
- *                        If a string is provided, it is interpreted as a time span and added to the current timestamp.
- * @throws {IoWalletError} If the WIA is expired
- * @throws {IoWalletError} If the public key associated to the WIA is not the same for the CryptoContext
- * @throws {JWSSignatureVerificationFailed} If the WIA signature is not valid
- * @returns A promise containing the signed JWT and its expiration time in seconds
- */
-export const getCredentialTrustmark: GetCredentialTrustmarkJwt = async ({
-  walletInstanceAttestation,
-  wiaCryptoContext,
-  credentialType,
-  docNumber,
-  expirationTime = "2m",
-}) => {
-  /**
-   * Check that the public key used to sign the trustmark is the one used for the WIA
-   */
-  const holderBindingKey = await wiaCryptoContext.getPublicKey();
-  const decodedWia = WalletInstanceAttestation.decode(
-    walletInstanceAttestation
-  );
-  /**
-   * Check that the WIA is not expired
-   */
-  if (decodedWia.payload.exp * 1000 < Date.now()) {
-    throw new IoWalletError("Wallet Instance Attestation expired");
-  }
-  /**
-   * Verify holder binding by comparing thumbprints of the WIA and the CryptoContext key
-   */
-  const wiaThumbprint = await thumbprint(decodedWia.payload.cnf.jwk);
-  const cryptoContextThumbprint = await thumbprint(holderBindingKey);
-  if (wiaThumbprint !== cryptoContextThumbprint) {
-    throw new IoWalletError(
-      `Failed to verify holder binding for status attestation, expected thumbprint: ${cryptoContextThumbprint}, got: ${wiaThumbprint}`
-    );
-  }
-  /**
-   * Generate Trustmark signed JWT
-   */
-  const signedTrustmarkJwt = await new SignJWT(wiaCryptoContext)
-    .setProtectedHeader({
-      alg: "ES256",
-    })
-    .setPayload({
-      iss: walletInstanceAttestation,
-      /**
-       * If present, the document number is obfuscated before adding it to the payload
-       */
-      ...(docNumber ? { sub: obfuscateString(docNumber) } : {}),
-      subtyp: credentialType,
-    })
-    .setIssuedAt()
-    .setExpirationTime(expirationTime)
-    .sign();
-  const decodedTrustmark = decodeJwt(signedTrustmarkJwt);
-  return {
-    jwt: signedTrustmarkJwt,
-    expirationTime: decodedTrustmark.payload.exp ?? 0,
-  };
-};

package/src/credential/trustmark/index.ts DELETED Viewed

@@ -1,8 +0,0 @@
-import {
-  type GetCredentialTrustmarkJwt,
-  getCredentialTrustmark,
-} from "./get-credential-trustmark";
-export { getCredentialTrustmark };
-export type { GetCredentialTrustmarkJwt };

/package/lib/typescript/{trust → entity/trust}/chain.d.ts RENAMED Viewed

File without changes