@pagopa/io-react-native-wallet 1.2.2 → 1.2.4

package/lib/typescript/credential/presentation/03-get-request-object.d.ts

@@ -1,7 +1,7 @@
 import { type CryptoContext } from "@pagopa/io-react-native-jwt";
 import { type Out } from "../../utils/misc";
 import type { StartFlow } from "./01-start-flow";
-export type GetRequestObject = (requestUri: Out<StartFlow>["requestURI"], context: {
+export type GetRequestObject = (requestUri: Out<StartFlow>["requestUri"], context: {
     wiaCryptoContext: CryptoContext;
     appFetch?: GlobalFetch["fetch"];
     walletInstanceAttestation: string;

package/lib/typescript/credential/presentation/04-retrieve-rp-jwks.d.ts

@@ -11,15 +11,22 @@ export type FetchJwks<T extends Array<unknown> = []> = (...args: T) => Promise<{
     keys: JWK[];
 }>;
 /**
- * Retrieves the JSON Web Key Set (JWKS) from the specified client's well-known endpoint.
- * It is formed using `{issUrl.base}/.well-known/jar-issuer${issUrl.pah}` as explained in SD-JWT VC issuer metadata section
+ * Fetches the JSON Web Key Set (JWKS) based on the provided Request Object encoded as a JWT.
+ * The retrieval process follows these steps in order:
  *
- * @param requestObjectEncodedJwt - Request Object in JWT format.
- * @param options - Optional context containing a custom fetch implementation.
- * @param options.context - Optional context object.
- * @param options.context.appFetch - Optional custom fetch function to use instead of the global `fetch`.
- * @returns A promise resolving to an object containing an array of JWKs.
- * @throws Will throw an error if the JWKS retrieval fails.
+ * 1. **Direct JWK Retrieval**: If the JWT's protected header contains a `jwk` attribute, it uses this key directly.
+ * 2. **X.509 Certificate Retrieval**: If the protected header includes an `x5c` attribute, it extracts the JWKs from the provided X.509 certificate chain.
+ * 3. **Issuer's Well-Known Endpoint**: If neither `jwk` nor `x5c` are present, it constructs the JWKS URL using the issuer (`iss`) claim and fetches the keys from the issuer's well-known JWKS endpoint.
+ *
+ * The JWKS URL is constructed in the format `{issUrl.base}/.well-known/jar-issuer${issUrl.path}`,
+ * as detailed in the SD-JWT VC issuer metadata specification.
+ *
+ * @param requestObjectEncodedJwt - The Request Object encoded as a JWT.
+ * @param options - Optional parameters for fetching the JWKS.
+ * @param options.context - Optional context providing a custom fetch implementation.
+ * @param options.context.appFetch - A custom fetch function to replace the global `fetch` if provided.
+ * @returns A promise that resolves to an object containing an array of JSON Web Keys (JWKs).
+ * @throws {NoSuitableKeysFoundInEntityConfiguration} Throws an error if JWKS retrieval or key extraction fails.
  */
 export declare const fetchJwksFromRequestObject: FetchJwks<[
     string,
@@ -27,7 +34,7 @@ export declare const fetchJwksFromRequestObject: FetchJwks<[
         context?: {
             appFetch?: GlobalFetch["fetch"];
         };
-    }
+    }?
 ]>;
 /**
  * Retrieves the JSON Web Key Set (JWKS) from a Relying Party's entity configuration.

package/lib/typescript/credential/presentation/04-retrieve-rp-jwks.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"04-retrieve-rp-jwks.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/04-retrieve-rp-jwks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAQ,GAAG,EAAE,MAAM,iBAAiB,CAAC;AAE5C,OAAO,EAAE,+BAA+B,EAAE,MAAM,0BAA0B,CAAC;AAI3E;;;;;;GAMG;AACH,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC,KAAK,OAAO,CAAC;IAC7E,IAAI,EAAE,GAAG,EAAE,CAAC;CACb,CAAC,CAAC;AAEH;;;;;;;;;;GAUG;AACH,eAAO,MAAM,0BAA0B,EAAE,SAAS,CAChD;IAAC,MAAM;IAAE;QAAE,OAAO,CAAC,EAAE;YAAE,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAA;SAAE,CAAA;KAAE;CAAC,CAqC5D,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,mBAAmB,EAAE,SAAS,CACzC;IAAC,+BAA+B,CAAC,SAAS,CAAC,CAAC,UAAU,CAAC;CAAC,CAWzD,CAAC"}
+{"version":3,"file":"04-retrieve-rp-jwks.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/04-retrieve-rp-jwks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAQ,GAAG,EAAE,MAAM,iBAAiB,CAAC;AAE5C,OAAO,EAAE,+BAA+B,EAAE,MAAM,0BAA0B,CAAC;AAU3E;;;;;;GAMG;AACH,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC,KAAK,OAAO,CAAC;IAC7E,IAAI,EAAE,GAAG,EAAE,CAAC;CACb,CAAC,CAAC;AA+DH;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,0BAA0B,EAAE,SAAS,CAChD;IAAC,MAAM;IAAE;QAAE,OAAO,CAAC,EAAE;YAAE,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAA;SAAE,CAAA;KAAE,CAAC;CAAC,CAmD7D,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,mBAAmB,EAAE,SAAS,CACzC;IAAC,+BAA+B,CAAC,SAAS,CAAC,CAAC,UAAU,CAAC;CAAC,CAWzD,CAAC"}

package/lib/typescript/credential/presentation/05-verify-request-object.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"05-verify-request-object.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/05-verify-request-object.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAE5C,MAAM,MAAM,4BAA4B,GAAG,CACzC,uBAAuB,EAAE,MAAM,EAC/B,OAAO,CAAC,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAC7B,OAAO,CAAC;IAAE,aAAa,EAAE,aAAa,CAAA;CAAE,CAAC,CAAC;AAE/C,eAAO,MAAM,4BAA4B,EAAE,4BAsBxC,CAAC"}
+{"version":3,"file":"05-verify-request-object.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/05-verify-request-object.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAE5C,MAAM,MAAM,4BAA4B,GAAG,CACzC,uBAAuB,EAAE,MAAM,EAC/B,OAAO,CAAC,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAC7B,OAAO,CAAC;IAAE,aAAa,EAAE,aAAa,CAAA;CAAE,CAAC,CAAC;AAE/C,eAAO,MAAM,4BAA4B,EAAE,4BAuBxC,CAAC"}

package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts

@@ -3,6 +3,7 @@ import { SdJwt4VC, type DisclosureWithEncoded } from "../../sd-jwt/types";
 export type EvaluatedDisclosures = {
     requiredDisclosures: DisclosureWithEncoded[];
     optionalDisclosures: DisclosureWithEncoded[];
+    unrequestedDisclosures: DisclosureWithEncoded[];
 };
 export type EvaluateInputDescriptorSdJwt4VC = (inputDescriptor: InputDescriptor, payloadCredential: SdJwt4VC["payload"], disclosures: DisclosureWithEncoded[]) => EvaluatedDisclosures;
 /**
@@ -13,8 +14,8 @@ export type EvaluateInputDescriptorSdJwt4VC = (inputDescriptor: InputDescriptor,
  * - Validates whether required fields are present (unless marked optional)
  *   and match any specified JSONPath.
  * - If a field includes a JSON Schema filter, validates the claim value against that schema.
- * - Enforces `limit_disclosure` rules by returning only disclosures matching the specified fields
- *   if set to "required". Otherwise return the array of all disclosures.
+ * - Enforces `limit_disclosure` rules by returning only disclosures, required and optional, matching the specified fields
+ *   if set to "required". Otherwise also return the array unrequestedDisclosures with disclosures which can be passed for a particular use case.
  * - Throws an error if a required field is invalid or missing.
  *
  * @param inputDescriptor - Describes constraints (fields, filters, etc.) that must be satisfied.

package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"07-evaluate-input-descriptor.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/07-evaluate-input-descriptor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAC1C,OAAO,EAAE,QAAQ,EAAE,KAAK,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAO1E,MAAM,MAAM,oBAAoB,GAAG;IACjC,mBAAmB,EAAE,qBAAqB,EAAE,CAAC;IAC7C,mBAAmB,EAAE,qBAAqB,EAAE,CAAC;CAC9C,CAAC;AAEF,MAAM,MAAM,+BAA+B,GAAG,CAC5C,eAAe,EAAE,eAAe,EAChC,iBAAiB,EAAE,QAAQ,CAAC,SAAS,CAAC,EACtC,WAAW,EAAE,qBAAqB,EAAE,KACjC,oBAAoB,CAAC;AA4E1B;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,kCAAkC,EAAE,+BA4F9C,CAAC"}
+{"version":3,"file":"07-evaluate-input-descriptor.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/07-evaluate-input-descriptor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAC1C,OAAO,EAAE,QAAQ,EAAE,KAAK,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAO1E,MAAM,MAAM,oBAAoB,GAAG;IACjC,mBAAmB,EAAE,qBAAqB,EAAE,CAAC;IAC7C,mBAAmB,EAAE,qBAAqB,EAAE,CAAC;IAC7C,sBAAsB,EAAE,qBAAqB,EAAE,CAAC;CACjD,CAAC;AAEF,MAAM,MAAM,+BAA+B,GAAG,CAC5C,eAAe,EAAE,eAAe,EAChC,iBAAiB,EAAE,QAAQ,CAAC,SAAS,CAAC,EACtC,WAAW,EAAE,qBAAqB,EAAE,KACjC,oBAAoB,CAAC;AA4E1B;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,kCAAkC,EAAE,+BAyG9C,CAAC"}

package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts

@@ -81,7 +81,7 @@ export declare const buildDirectPostJwtBody: (jwkKeys: Out<FetchJwks>["keys"], r
  * to the Relying Party, completing the presentation flow.
  */
 export type SendAuthorizationResponse = (requestObject: Out<VerifyRequestObjectSignature>["requestObject"], presentationDefinition: PresentationDefinition, jwkKeys: Out<FetchJwks>["keys"], presentation: Presentation, // TODO: [SIW-353] support multiple presentations
-context: {
+context?: {
     appFetch?: GlobalFetch["fetch"];
 }) => Promise<AuthorizationResponse>;
 /**

package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"08-send-authorization-response.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/08-send-authorization-response.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,4BAA4B,CAAC;AAC/E,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,kDAAkD,CAAC;AAE5E,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAE9D,OAAO,EAAE,sBAAsB,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AACpE,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAC1E,eAAO,MAAM,qBAAqB;;;;;;;;;;;;EAUhC,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,2BAA2B,cAC3B,IAAI,SAAS,CAAC,CAAC,MAAM,CAAC,KAChC,GAaF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,eAAO,MAAM,cAAc,kBACV,IAAI,4BAA4B,CAAC,CAAC,eAAe,CAAC,0BACzC,sBAAsB;cAGpC,MAAM;6BACS,OAAO,MAAM,EAAE,OAAO,CAAC;EAuCjD,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,mBAAmB,kBACf,IAAI,4BAA4B,CAAC,CAAC,eAAe,CAAC,WACxD,MAAM,0BACS,OAAO,MAAM,EAAE,OAAO,CAAC,KAC9C,QAAQ,MAAM,CAQhB,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,sBAAsB,YACxB,IAAI,SAAS,CAAC,CAAC,MAAM,CAAC,iBAChB,IAAI,4BAA4B,CAAC,CAAC,eAAe,CAAC,WACxD,MAAM,0BACS,OAAO,MAAM,EAAE,OAAO,CAAC,KAC9C,QAAQ,MAAM,CAqBhB,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,yBAAyB,GAAG,CACtC,aAAa,EAAE,GAAG,CAAC,4BAA4B,CAAC,CAAC,eAAe,CAAC,EACjE,sBAAsB,EAAE,sBAAsB,EAC9C,OAAO,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,EAC/B,YAAY,EAAE,YAAY,EAAE,iDAAiD;AAC7E,OAAO,EAAE;IACP,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC,qBAAqB,CAAC,CAAC;AAEpC;;;;;;;;;;GAUG;AACH,eAAO,MAAM,yBAAyB,EAAE,yBAwCvC,CAAC"}
+{"version":3,"file":"08-send-authorization-response.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/08-send-authorization-response.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,4BAA4B,CAAC;AAC/E,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,kDAAkD,CAAC;AAE5E,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAE9D,OAAO,EAAE,sBAAsB,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AACpE,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAC1E,eAAO,MAAM,qBAAqB;;;;;;;;;;;;EAUhC,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,2BAA2B,cAC3B,IAAI,SAAS,CAAC,CAAC,MAAM,CAAC,KAChC,GAaF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,eAAO,MAAM,cAAc,kBACV,IAAI,4BAA4B,CAAC,CAAC,eAAe,CAAC,0BACzC,sBAAsB;cAGpC,MAAM;6BACS,OAAO,MAAM,EAAE,OAAO,CAAC;EAuCjD,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,mBAAmB,kBACf,IAAI,4BAA4B,CAAC,CAAC,eAAe,CAAC,WACxD,MAAM,0BACS,OAAO,MAAM,EAAE,OAAO,CAAC,KAC9C,QAAQ,MAAM,CAQhB,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,sBAAsB,YACxB,IAAI,SAAS,CAAC,CAAC,MAAM,CAAC,iBAChB,IAAI,4BAA4B,CAAC,CAAC,eAAe,CAAC,WACxD,MAAM,0BACS,OAAO,MAAM,EAAE,OAAO,CAAC,KAC9C,QAAQ,MAAM,CAqBhB,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,yBAAyB,GAAG,CACtC,aAAa,EAAE,GAAG,CAAC,4BAA4B,CAAC,CAAC,eAAe,CAAC,EACjE,sBAAsB,EAAE,sBAAsB,EAC9C,OAAO,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,EAC/B,YAAY,EAAE,YAAY,EAAE,iDAAiD;AAC7E,OAAO,CAAC,EAAE;IACR,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC,qBAAqB,CAAC,CAAC;AAEpC;;;;;;;;;;GAUG;AACH,eAAO,MAAM,yBAAyB,EAAE,yBAwCvC,CAAC"}

package/lib/typescript/credential/presentation/errors.d.ts

@@ -22,17 +22,6 @@ export declare class NoSuitableKeysFoundInEntityConfiguration extends IoWalletEr
      */
     constructor(scenario: string);
 }
-/**
- * When a QR code is not valid.
- *
- */
-export declare class InvalidQRCodeError extends IoWalletError {
-    code: string;
-    /**
-     * @param detail A description of why the QR code is considered invalid.
-     */
-    constructor(detail: string);
-}
 /**
  * When the entity is unverified because the Relying Party is not trusted.
  *

package/lib/typescript/credential/presentation/errors.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAkB,MAAM,oBAAoB,CAAC;AAEnE;;;GAGG;AACH,qBAAa,sBAAuB,SAAQ,aAAa;IACvD,IAAI,SAAwD;IAE5D,iDAAiD;IACjD,KAAK,EAAE,MAAM,CAAC;IAEd,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;gBAGb,OAAO,EAAE,MAAM,EACf,KAAK,GAAE,MAAsB,EAC7B,MAAM,GAAE,MAAsB;CAMjC;AAED;;;GAGG;AACH,qBAAa,wCAAyC,SAAQ,aAAa;IACzE,IAAI,SAAoC;IAExC;;OAEG;gBACS,QAAQ,EAAE,MAAM;CAI7B;AAED;;;GAGG;AACH,qBAAa,kBAAmB,SAAQ,aAAa;IACnD,IAAI,SAAyB;IAE7B;;OAEG;gBACS,MAAM,EAAE,MAAM;CAI3B;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,aAAa;IACtD,IAAI,SAA8B;IAElC;;OAEG;gBACS,MAAM,EAAE,MAAM;CAI3B;AAED;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,aAAa;IACjD,IAAI,SAAsB;IAE1B;;OAEG;gBACS,iBAAiB,EAAE,MAAM;CAItC"}
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAkB,MAAM,oBAAoB,CAAC;AAEnE;;;GAGG;AACH,qBAAa,sBAAuB,SAAQ,aAAa;IACvD,IAAI,SAAwD;IAE5D,iDAAiD;IACjD,KAAK,EAAE,MAAM,CAAC;IAEd,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;gBAGb,OAAO,EAAE,MAAM,EACf,KAAK,GAAE,MAAsB,EAC7B,MAAM,GAAE,MAAsB;CAMjC;AAED;;;GAGG;AACH,qBAAa,wCAAyC,SAAQ,aAAa;IACzE,IAAI,SAAoC;IAExC;;OAEG;gBACS,QAAQ,EAAE,MAAM;CAI7B;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,aAAa;IACtD,IAAI,SAA8B;IAElC;;OAEG;gBACS,MAAM,EAAE,MAAM;CAI3B;AAED;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,aAAa;IACjD,IAAI,SAAsB;IAE1B;;OAEG;gBACS,iBAAiB,EAAE,MAAM;CAItC"}

package/lib/typescript/credential/presentation/types.d.ts

@@ -331,7 +331,188 @@ export declare const RequestObject: z.ZodObject<{
     response_type: z.ZodLiteral<"vp_token">;
     response_mode: z.ZodEnum<["direct_post.jwt", "direct_post"]>;
     client_id: z.ZodString;
-    client_id_scheme: z.ZodString;
+    client_id_scheme: z.ZodOptional<z.ZodString>;
+    client_metadata: z.ZodOptional<z.ZodObject<{
+        jwks_uri: z.ZodOptional<z.ZodString>;
+        jwks: z.ZodOptional<z.ZodObject<{
+            keys: z.ZodArray<z.ZodObject<{
+                alg: z.ZodOptional<z.ZodString>;
+                crv: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                kid: z.ZodOptional<z.ZodString>;
+                kty: z.ZodUnion<[z.ZodLiteral<"RSA">, z.ZodLiteral<"EC">]>;
+                n: z.ZodOptional<z.ZodString>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                "x5t#S256": z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, "strip", z.ZodTypeAny, {
+                kty: "RSA" | "EC";
+                alg?: string | undefined;
+                crv?: string | undefined;
+                d?: string | undefined;
+                dp?: string | undefined;
+                dq?: string | undefined;
+                e?: string | undefined;
+                ext?: boolean | undefined;
+                k?: string | undefined;
+                key_ops?: string[] | undefined;
+                kid?: string | undefined;
+                n?: string | undefined;
+                p?: string | undefined;
+                q?: string | undefined;
+                qi?: string | undefined;
+                use?: string | undefined;
+                x?: string | undefined;
+                y?: string | undefined;
+                x5c?: string[] | undefined;
+                x5t?: string | undefined;
+                "x5t#S256"?: string | undefined;
+                x5u?: string | undefined;
+            }, {
+                kty: "RSA" | "EC";
+                alg?: string | undefined;
+                crv?: string | undefined;
+                d?: string | undefined;
+                dp?: string | undefined;
+                dq?: string | undefined;
+                e?: string | undefined;
+                ext?: boolean | undefined;
+                k?: string | undefined;
+                key_ops?: string[] | undefined;
+                kid?: string | undefined;
+                n?: string | undefined;
+                p?: string | undefined;
+                q?: string | undefined;
+                qi?: string | undefined;
+                use?: string | undefined;
+                x?: string | undefined;
+                y?: string | undefined;
+                x5c?: string[] | undefined;
+                x5t?: string | undefined;
+                "x5t#S256"?: string | undefined;
+                x5u?: string | undefined;
+            }>, "many">;
+        }, "strip", z.ZodTypeAny, {
+            keys: {
+                kty: "RSA" | "EC";
+                alg?: string | undefined;
+                crv?: string | undefined;
+                d?: string | undefined;
+                dp?: string | undefined;
+                dq?: string | undefined;
+                e?: string | undefined;
+                ext?: boolean | undefined;
+                k?: string | undefined;
+                key_ops?: string[] | undefined;
+                kid?: string | undefined;
+                n?: string | undefined;
+                p?: string | undefined;
+                q?: string | undefined;
+                qi?: string | undefined;
+                use?: string | undefined;
+                x?: string | undefined;
+                y?: string | undefined;
+                x5c?: string[] | undefined;
+                x5t?: string | undefined;
+                "x5t#S256"?: string | undefined;
+                x5u?: string | undefined;
+            }[];
+        }, {
+            keys: {
+                kty: "RSA" | "EC";
+                alg?: string | undefined;
+                crv?: string | undefined;
+                d?: string | undefined;
+                dp?: string | undefined;
+                dq?: string | undefined;
+                e?: string | undefined;
+                ext?: boolean | undefined;
+                k?: string | undefined;
+                key_ops?: string[] | undefined;
+                kid?: string | undefined;
+                n?: string | undefined;
+                p?: string | undefined;
+                q?: string | undefined;
+                qi?: string | undefined;
+                use?: string | undefined;
+                x?: string | undefined;
+                y?: string | undefined;
+                x5c?: string[] | undefined;
+                x5t?: string | undefined;
+                "x5t#S256"?: string | undefined;
+                x5u?: string | undefined;
+            }[];
+        }>>;
+    }, "strip", z.ZodTypeAny, {
+        jwks_uri?: string | undefined;
+        jwks?: {
+            keys: {
+                kty: "RSA" | "EC";
+                alg?: string | undefined;
+                crv?: string | undefined;
+                d?: string | undefined;
+                dp?: string | undefined;
+                dq?: string | undefined;
+                e?: string | undefined;
+                ext?: boolean | undefined;
+                k?: string | undefined;
+                key_ops?: string[] | undefined;
+                kid?: string | undefined;
+                n?: string | undefined;
+                p?: string | undefined;
+                q?: string | undefined;
+                qi?: string | undefined;
+                use?: string | undefined;
+                x?: string | undefined;
+                y?: string | undefined;
+                x5c?: string[] | undefined;
+                x5t?: string | undefined;
+                "x5t#S256"?: string | undefined;
+                x5u?: string | undefined;
+            }[];
+        } | undefined;
+    }, {
+        jwks_uri?: string | undefined;
+        jwks?: {
+            keys: {
+                kty: "RSA" | "EC";
+                alg?: string | undefined;
+                crv?: string | undefined;
+                d?: string | undefined;
+                dp?: string | undefined;
+                dq?: string | undefined;
+                e?: string | undefined;
+                ext?: boolean | undefined;
+                k?: string | undefined;
+                key_ops?: string[] | undefined;
+                kid?: string | undefined;
+                n?: string | undefined;
+                p?: string | undefined;
+                q?: string | undefined;
+                qi?: string | undefined;
+                use?: string | undefined;
+                x?: string | undefined;
+                y?: string | undefined;
+                x5c?: string[] | undefined;
+                x5t?: string | undefined;
+                "x5t#S256"?: string | undefined;
+                x5u?: string | undefined;
+            }[];
+        } | undefined;
+    }>>;
     scope: z.ZodOptional<z.ZodString>;
     presentation_definition: z.ZodOptional<z.ZodObject<{
         id: z.ZodString;
@@ -557,10 +738,39 @@ export declare const RequestObject: z.ZodObject<{
     response_mode: "direct_post.jwt" | "direct_post";
     client_id: string;
     response_uri: string;
-    client_id_scheme: string;
     iss?: string | undefined;
     iat?: number | undefined;
     exp?: number | undefined;
+    client_id_scheme?: string | undefined;
+    client_metadata?: {
+        jwks_uri?: string | undefined;
+        jwks?: {
+            keys: {
+                kty: "RSA" | "EC";
+                alg?: string | undefined;
+                crv?: string | undefined;
+                d?: string | undefined;
+                dp?: string | undefined;
+                dq?: string | undefined;
+                e?: string | undefined;
+                ext?: boolean | undefined;
+                k?: string | undefined;
+                key_ops?: string[] | undefined;
+                kid?: string | undefined;
+                n?: string | undefined;
+                p?: string | undefined;
+                q?: string | undefined;
+                qi?: string | undefined;
+                use?: string | undefined;
+                x?: string | undefined;
+                y?: string | undefined;
+                x5c?: string[] | undefined;
+                x5t?: string | undefined;
+                "x5t#S256"?: string | undefined;
+                x5u?: string | undefined;
+            }[];
+        } | undefined;
+    } | undefined;
     scope?: string | undefined;
     presentation_definition?: {
         id: string;
@@ -606,10 +816,39 @@ export declare const RequestObject: z.ZodObject<{
     response_mode: "direct_post.jwt" | "direct_post";
     client_id: string;
     response_uri: string;
-    client_id_scheme: string;
     iss?: string | undefined;
     iat?: number | undefined;
     exp?: number | undefined;
+    client_id_scheme?: string | undefined;
+    client_metadata?: {
+        jwks_uri?: string | undefined;
+        jwks?: {
+            keys: {
+                kty: "RSA" | "EC";
+                alg?: string | undefined;
+                crv?: string | undefined;
+                d?: string | undefined;
+                dp?: string | undefined;
+                dq?: string | undefined;
+                e?: string | undefined;
+                ext?: boolean | undefined;
+                k?: string | undefined;
+                key_ops?: string[] | undefined;
+                kid?: string | undefined;
+                n?: string | undefined;
+                p?: string | undefined;
+                q?: string | undefined;
+                qi?: string | undefined;
+                use?: string | undefined;
+                x?: string | undefined;
+                y?: string | undefined;
+                x5c?: string[] | undefined;
+                x5t?: string | undefined;
+                "x5t#S256"?: string | undefined;
+                x5u?: string | undefined;
+            }[];
+        } | undefined;
+    } | undefined;
     scope?: string | undefined;
     presentation_definition?: {
         id: string;

package/lib/typescript/credential/presentation/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAEjE,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACO,MAAM;IACzB,MAAM,EAAE;IACsC,aAAa;CACzE,CAAC;AAmBF,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAC9D,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAO1B,CAAC;AAqBH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAC5E,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAMjC,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAaxB,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAEjE,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAGzB;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACO,MAAM;IACzB,MAAM,EAAE;IACsC,aAAa;CACzE,CAAC;AAmBF,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAC9D,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAO1B,CAAC;AAqBH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAC5E,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAMjC,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAmBxB,CAAC"}

package/lib/typescript/utils/crypto.d.ts

@@ -1,4 +1,6 @@
 import { type CryptoContext } from "@pagopa/io-react-native-jwt";
+import { RSAKey, KJUR } from "jsrsasign";
+import { JWK } from "./jwk";
 /**
  * Create a CryptoContext bound to a key pair.
  * Key pair is supposed to exist already in the device's keychain.
@@ -16,4 +18,26 @@ export declare const createCryptoContextFor: (keytag: string) => CryptoContext;
  * @returns The returned value of the input procedure.
  */
 export declare const withEphemeralKey: <R>(fn: (ephemeralContext: CryptoContext) => Promise<R>) => Promise<R>;
+/**
+ * Converts a certificate string to PEM format.
+ *
+ * @param certificate - The certificate string.
+ * @returns The PEM-formatted certificate.
+ */
+export declare const convertCertToPem: (certificate: string) => string;
+/**
+ * Parses the public key from a PEM-formatted certificate.
+ *
+ * @param pemCert - The PEM-formatted certificate.
+ * @returns The public key object.
+ * @throws Will throw an error if the public key is unsupported.
+ */
+export declare const parsePublicKey: (pemCert: string) => RSAKey | KJUR.crypto.ECDSA | undefined;
+/**
+ * Retrieves the signing JWK from the public key.
+ *
+ * @param publicKey - The public key object.
+ * @returns The signing JWK.
+ */
+export declare const getSigningJwk: (publicKey: RSAKey | KJUR.crypto.ECDSA) => JWK;
 //# sourceMappingURL=crypto.d.ts.map

package/lib/typescript/utils/crypto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../../src/utils/crypto.ts"],"names":[],"mappings":"AAOA,OAAO,EAAc,KAAK,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAG7E;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB,WAAY,MAAM,KAAG,aA6BvD,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,gBAAgB,6BACJ,aAAa,8BAOrC,CAAC"}
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../../src/utils/crypto.ts"],"names":[],"mappings":"AAOA,OAAO,EAAc,KAAK,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAE7E,OAAO,EAAiB,MAAM,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACxD,OAAO,EAAE,GAAG,EAAE,MAAM,OAAO,CAAC;AAE5B;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB,WAAY,MAAM,KAAG,aA6BvD,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,gBAAgB,6BACJ,aAAa,8BAOrC,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,gBAAiB,MAAM,KAAG,MACmB,CAAC;AAE3E;;;;;;GAMG;AACH,eAAO,MAAM,cAAc,YAChB,MAAM,KACd,MAAM,GAAG,KAAK,MAAM,CAAC,KAAK,GAAG,SAU/B,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,aAAa,cAAe,MAAM,GAAG,KAAK,MAAM,CAAC,KAAK,KAAG,GAGpE,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/io-react-native-wallet",
-  "version": "1.2.2",
+  "version": "1.2.4",
   "description": "Provide data structures, helpers and API for IO Wallet",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",
@@ -108,10 +108,12 @@
     ]
   },
   "dependencies": {
+    "@types/jsrsasign": "^10.5.15",
     "ajv": "^8.17.1",
     "js-base64": "^3.7.7",
     "js-sha256": "^0.9.0",
     "jsonpath-plus": "^10.2.0",
+    "jsrsasign": "^11.1.0",
     "parse-url": "^9.2.0",
     "react-native-url-polyfill": "^2.0.0",
     "react-native-uuid": "^2.0.1",

package/src/credential/presentation/01-start-flow.ts

@@ -1,11 +1,9 @@
 import * as z from "zod";
-import { InvalidQRCodeError } from "./errors";
+import { ValidationFailed } from "../../utils/errors";
 
-const QRCodePayload = z.object({
-  protocol: z.string(),
-  resource: z.string(), // TODO: refine to known paths using literals
-  clientId: z.string(),
-  requestURI: z.string(),
+const PresentationParams = z.object({
+  clientId: z.string().nonempty(),
+  requestUri: z.string().url(),
 });
 
 /**
@@ -16,46 +14,32 @@ const QRCodePayload = z.object({
  * @returns The url for the Relying Party to connect with
  */
 export type StartFlow<T extends Array<unknown> = []> = (...args: T) => {
-  requestURI: string;
+  requestUri: string;
   clientId: string;
 };
 
 /**
- * Start a presentation flow by decoding an incoming QR-code
+ * Start a presentation flow by decoding the parameters needed to start the presentation flow.
  *
  * @param qrcode The encoded QR-code content
  * @returns The url for the Relying Party to connect with
  * @throws If the provided qr code fails to be decoded
  */
-export const startFlowFromQR: StartFlow<[string]> = (qrcode) => {
-  let decodedUrl: URL;
-  try {
-    // splitting qrcode to identify which is link format
-    const originalQrCode = qrcode.split("://");
-    const replacedQrcode = originalQrCode[1]?.startsWith("?")
-      ? qrcode.replace(`${originalQrCode[0]}://`, "https://wallet.example/")
-      : qrcode;
-
-    decodedUrl = new URL(replacedQrcode);
-  } catch (error) {
-    throw new InvalidQRCodeError(`Failed to decode QR code:  ${qrcode}`);
-  }
-
-  const protocol = decodedUrl.protocol;
-  const resource = decodedUrl.hostname;
-  const requestURI = decodedUrl.searchParams.get("request_uri");
-  const clientId = decodedUrl.searchParams.get("client_id");
-
-  const result = QRCodePayload.safeParse({
-    protocol,
-    resource,
-    requestURI,
+export const startFlowFromQR: StartFlow<[string, string]> = (
+  requestUri: string,
+  clientId: string
+) => {
+  const result = PresentationParams.safeParse({
+    requestUri,
     clientId,
   });
 
   if (result.success) {
     return result.data;
   } else {
-    throw new InvalidQRCodeError(`${result.error.message}, ${decodedUrl}`);
+    throw new ValidationFailed({
+      message: "Invalid parameters provided",
+      reason: result.error.message,
+    });
   }
 };

package/src/credential/presentation/03-get-request-object.ts

@@ -9,7 +9,7 @@ import { hasStatusOrThrow, type Out } from "../../utils/misc";
 import type { StartFlow } from "./01-start-flow";
 
 export type GetRequestObject = (
-  requestUri: Out<StartFlow>["requestURI"],
+  requestUri: Out<StartFlow>["requestUri"],
   context: {
     wiaCryptoContext: CryptoContext;
     appFetch?: GlobalFetch["fetch"];