@pagopa/io-react-native-wallet 1.2.3 → 1.2.4

package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts

@@ -3,6 +3,7 @@ import { SdJwt4VC, type DisclosureWithEncoded } from "../../sd-jwt/types";
 export type EvaluatedDisclosures = {
     requiredDisclosures: DisclosureWithEncoded[];
     optionalDisclosures: DisclosureWithEncoded[];
+    unrequestedDisclosures: DisclosureWithEncoded[];
 };
 export type EvaluateInputDescriptorSdJwt4VC = (inputDescriptor: InputDescriptor, payloadCredential: SdJwt4VC["payload"], disclosures: DisclosureWithEncoded[]) => EvaluatedDisclosures;
 /**
@@ -13,8 +14,8 @@ export type EvaluateInputDescriptorSdJwt4VC = (inputDescriptor: InputDescriptor,
  * - Validates whether required fields are present (unless marked optional)
  *   and match any specified JSONPath.
  * - If a field includes a JSON Schema filter, validates the claim value against that schema.
- * - Enforces `limit_disclosure` rules by returning only disclosures matching the specified fields
- *   if set to "required". Otherwise return the array of all disclosures.
+ * - Enforces `limit_disclosure` rules by returning only disclosures, required and optional, matching the specified fields
+ *   if set to "required". Otherwise also return the array unrequestedDisclosures with disclosures which can be passed for a particular use case.
  * - Throws an error if a required field is invalid or missing.
  *
  * @param inputDescriptor - Describes constraints (fields, filters, etc.) that must be satisfied.

package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"07-evaluate-input-descriptor.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/07-evaluate-input-descriptor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAC1C,OAAO,EAAE,QAAQ,EAAE,KAAK,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAO1E,MAAM,MAAM,oBAAoB,GAAG;IACjC,mBAAmB,EAAE,qBAAqB,EAAE,CAAC;IAC7C,mBAAmB,EAAE,qBAAqB,EAAE,CAAC;CAC9C,CAAC;AAEF,MAAM,MAAM,+BAA+B,GAAG,CAC5C,eAAe,EAAE,eAAe,EAChC,iBAAiB,EAAE,QAAQ,CAAC,SAAS,CAAC,EACtC,WAAW,EAAE,qBAAqB,EAAE,KACjC,oBAAoB,CAAC;AA4E1B;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,kCAAkC,EAAE,+BA4F9C,CAAC"}
+{"version":3,"file":"07-evaluate-input-descriptor.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/07-evaluate-input-descriptor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAC1C,OAAO,EAAE,QAAQ,EAAE,KAAK,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAO1E,MAAM,MAAM,oBAAoB,GAAG;IACjC,mBAAmB,EAAE,qBAAqB,EAAE,CAAC;IAC7C,mBAAmB,EAAE,qBAAqB,EAAE,CAAC;IAC7C,sBAAsB,EAAE,qBAAqB,EAAE,CAAC;CACjD,CAAC;AAEF,MAAM,MAAM,+BAA+B,GAAG,CAC5C,eAAe,EAAE,eAAe,EAChC,iBAAiB,EAAE,QAAQ,CAAC,SAAS,CAAC,EACtC,WAAW,EAAE,qBAAqB,EAAE,KACjC,oBAAoB,CAAC;AA4E1B;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,kCAAkC,EAAE,+BAyG9C,CAAC"}

package/lib/typescript/credential/presentation/errors.d.ts

@@ -22,17 +22,6 @@ export declare class NoSuitableKeysFoundInEntityConfiguration extends IoWalletEr
      */
     constructor(scenario: string);
 }
-/**
- * When a QR code is not valid.
- *
- */
-export declare class InvalidQRCodeError extends IoWalletError {
-    code: string;
-    /**
-     * @param detail A description of why the QR code is considered invalid.
-     */
-    constructor(detail: string);
-}
 /**
  * When the entity is unverified because the Relying Party is not trusted.
  *

package/lib/typescript/credential/presentation/errors.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAkB,MAAM,oBAAoB,CAAC;AAEnE;;;GAGG;AACH,qBAAa,sBAAuB,SAAQ,aAAa;IACvD,IAAI,SAAwD;IAE5D,iDAAiD;IACjD,KAAK,EAAE,MAAM,CAAC;IAEd,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;gBAGb,OAAO,EAAE,MAAM,EACf,KAAK,GAAE,MAAsB,EAC7B,MAAM,GAAE,MAAsB;CAMjC;AAED;;;GAGG;AACH,qBAAa,wCAAyC,SAAQ,aAAa;IACzE,IAAI,SAAoC;IAExC;;OAEG;gBACS,QAAQ,EAAE,MAAM;CAI7B;AAED;;;GAGG;AACH,qBAAa,kBAAmB,SAAQ,aAAa;IACnD,IAAI,SAAyB;IAE7B;;OAEG;gBACS,MAAM,EAAE,MAAM;CAI3B;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,aAAa;IACtD,IAAI,SAA8B;IAElC;;OAEG;gBACS,MAAM,EAAE,MAAM;CAI3B;AAED;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,aAAa;IACjD,IAAI,SAAsB;IAE1B;;OAEG;gBACS,iBAAiB,EAAE,MAAM;CAItC"}
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAkB,MAAM,oBAAoB,CAAC;AAEnE;;;GAGG;AACH,qBAAa,sBAAuB,SAAQ,aAAa;IACvD,IAAI,SAAwD;IAE5D,iDAAiD;IACjD,KAAK,EAAE,MAAM,CAAC;IAEd,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;gBAGb,OAAO,EAAE,MAAM,EACf,KAAK,GAAE,MAAsB,EAC7B,MAAM,GAAE,MAAsB;CAMjC;AAED;;;GAGG;AACH,qBAAa,wCAAyC,SAAQ,aAAa;IACzE,IAAI,SAAoC;IAExC;;OAEG;gBACS,QAAQ,EAAE,MAAM;CAI7B;AAED;;;GAGG;AACH,qBAAa,qBAAsB,SAAQ,aAAa;IACtD,IAAI,SAA8B;IAElC;;OAEG;gBACS,MAAM,EAAE,MAAM;CAI3B;AAED;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,aAAa;IACjD,IAAI,SAAsB;IAE1B;;OAEG;gBACS,iBAAiB,EAAE,MAAM;CAItC"}

package/lib/typescript/credential/presentation/types.d.ts

@@ -331,7 +331,188 @@ export declare const RequestObject: z.ZodObject<{
     response_type: z.ZodLiteral<"vp_token">;
     response_mode: z.ZodEnum<["direct_post.jwt", "direct_post"]>;
     client_id: z.ZodString;
-    client_id_scheme: z.ZodString;
+    client_id_scheme: z.ZodOptional<z.ZodString>;
+    client_metadata: z.ZodOptional<z.ZodObject<{
+        jwks_uri: z.ZodOptional<z.ZodString>;
+        jwks: z.ZodOptional<z.ZodObject<{
+            keys: z.ZodArray<z.ZodObject<{
+                alg: z.ZodOptional<z.ZodString>;
+                crv: z.ZodOptional<z.ZodString>;
+                d: z.ZodOptional<z.ZodString>;
+                dp: z.ZodOptional<z.ZodString>;
+                dq: z.ZodOptional<z.ZodString>;
+                e: z.ZodOptional<z.ZodString>;
+                ext: z.ZodOptional<z.ZodBoolean>;
+                k: z.ZodOptional<z.ZodString>;
+                key_ops: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                kid: z.ZodOptional<z.ZodString>;
+                kty: z.ZodUnion<[z.ZodLiteral<"RSA">, z.ZodLiteral<"EC">]>;
+                n: z.ZodOptional<z.ZodString>;
+                p: z.ZodOptional<z.ZodString>;
+                q: z.ZodOptional<z.ZodString>;
+                qi: z.ZodOptional<z.ZodString>;
+                use: z.ZodOptional<z.ZodString>;
+                x: z.ZodOptional<z.ZodString>;
+                y: z.ZodOptional<z.ZodString>;
+                x5c: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+                x5t: z.ZodOptional<z.ZodString>;
+                "x5t#S256": z.ZodOptional<z.ZodString>;
+                x5u: z.ZodOptional<z.ZodString>;
+            }, "strip", z.ZodTypeAny, {
+                kty: "RSA" | "EC";
+                alg?: string | undefined;
+                crv?: string | undefined;
+                d?: string | undefined;
+                dp?: string | undefined;
+                dq?: string | undefined;
+                e?: string | undefined;
+                ext?: boolean | undefined;
+                k?: string | undefined;
+                key_ops?: string[] | undefined;
+                kid?: string | undefined;
+                n?: string | undefined;
+                p?: string | undefined;
+                q?: string | undefined;
+                qi?: string | undefined;
+                use?: string | undefined;
+                x?: string | undefined;
+                y?: string | undefined;
+                x5c?: string[] | undefined;
+                x5t?: string | undefined;
+                "x5t#S256"?: string | undefined;
+                x5u?: string | undefined;
+            }, {
+                kty: "RSA" | "EC";
+                alg?: string | undefined;
+                crv?: string | undefined;
+                d?: string | undefined;
+                dp?: string | undefined;
+                dq?: string | undefined;
+                e?: string | undefined;
+                ext?: boolean | undefined;
+                k?: string | undefined;
+                key_ops?: string[] | undefined;
+                kid?: string | undefined;
+                n?: string | undefined;
+                p?: string | undefined;
+                q?: string | undefined;
+                qi?: string | undefined;
+                use?: string | undefined;
+                x?: string | undefined;
+                y?: string | undefined;
+                x5c?: string[] | undefined;
+                x5t?: string | undefined;
+                "x5t#S256"?: string | undefined;
+                x5u?: string | undefined;
+            }>, "many">;
+        }, "strip", z.ZodTypeAny, {
+            keys: {
+                kty: "RSA" | "EC";
+                alg?: string | undefined;
+                crv?: string | undefined;
+                d?: string | undefined;
+                dp?: string | undefined;
+                dq?: string | undefined;
+                e?: string | undefined;
+                ext?: boolean | undefined;
+                k?: string | undefined;
+                key_ops?: string[] | undefined;
+                kid?: string | undefined;
+                n?: string | undefined;
+                p?: string | undefined;
+                q?: string | undefined;
+                qi?: string | undefined;
+                use?: string | undefined;
+                x?: string | undefined;
+                y?: string | undefined;
+                x5c?: string[] | undefined;
+                x5t?: string | undefined;
+                "x5t#S256"?: string | undefined;
+                x5u?: string | undefined;
+            }[];
+        }, {
+            keys: {
+                kty: "RSA" | "EC";
+                alg?: string | undefined;
+                crv?: string | undefined;
+                d?: string | undefined;
+                dp?: string | undefined;
+                dq?: string | undefined;
+                e?: string | undefined;
+                ext?: boolean | undefined;
+                k?: string | undefined;
+                key_ops?: string[] | undefined;
+                kid?: string | undefined;
+                n?: string | undefined;
+                p?: string | undefined;
+                q?: string | undefined;
+                qi?: string | undefined;
+                use?: string | undefined;
+                x?: string | undefined;
+                y?: string | undefined;
+                x5c?: string[] | undefined;
+                x5t?: string | undefined;
+                "x5t#S256"?: string | undefined;
+                x5u?: string | undefined;
+            }[];
+        }>>;
+    }, "strip", z.ZodTypeAny, {
+        jwks_uri?: string | undefined;
+        jwks?: {
+            keys: {
+                kty: "RSA" | "EC";
+                alg?: string | undefined;
+                crv?: string | undefined;
+                d?: string | undefined;
+                dp?: string | undefined;
+                dq?: string | undefined;
+                e?: string | undefined;
+                ext?: boolean | undefined;
+                k?: string | undefined;
+                key_ops?: string[] | undefined;
+                kid?: string | undefined;
+                n?: string | undefined;
+                p?: string | undefined;
+                q?: string | undefined;
+                qi?: string | undefined;
+                use?: string | undefined;
+                x?: string | undefined;
+                y?: string | undefined;
+                x5c?: string[] | undefined;
+                x5t?: string | undefined;
+                "x5t#S256"?: string | undefined;
+                x5u?: string | undefined;
+            }[];
+        } | undefined;
+    }, {
+        jwks_uri?: string | undefined;
+        jwks?: {
+            keys: {
+                kty: "RSA" | "EC";
+                alg?: string | undefined;
+                crv?: string | undefined;
+                d?: string | undefined;
+                dp?: string | undefined;
+                dq?: string | undefined;
+                e?: string | undefined;
+                ext?: boolean | undefined;
+                k?: string | undefined;
+                key_ops?: string[] | undefined;
+                kid?: string | undefined;
+                n?: string | undefined;
+                p?: string | undefined;
+                q?: string | undefined;
+                qi?: string | undefined;
+                use?: string | undefined;
+                x?: string | undefined;
+                y?: string | undefined;
+                x5c?: string[] | undefined;
+                x5t?: string | undefined;
+                "x5t#S256"?: string | undefined;
+                x5u?: string | undefined;
+            }[];
+        } | undefined;
+    }>>;
     scope: z.ZodOptional<z.ZodString>;
     presentation_definition: z.ZodOptional<z.ZodObject<{
         id: z.ZodString;
@@ -557,10 +738,39 @@ export declare const RequestObject: z.ZodObject<{
     response_mode: "direct_post.jwt" | "direct_post";
     client_id: string;
     response_uri: string;
-    client_id_scheme: string;
     iss?: string | undefined;
     iat?: number | undefined;
     exp?: number | undefined;
+    client_id_scheme?: string | undefined;
+    client_metadata?: {
+        jwks_uri?: string | undefined;
+        jwks?: {
+            keys: {
+                kty: "RSA" | "EC";
+                alg?: string | undefined;
+                crv?: string | undefined;
+                d?: string | undefined;
+                dp?: string | undefined;
+                dq?: string | undefined;
+                e?: string | undefined;
+                ext?: boolean | undefined;
+                k?: string | undefined;
+                key_ops?: string[] | undefined;
+                kid?: string | undefined;
+                n?: string | undefined;
+                p?: string | undefined;
+                q?: string | undefined;
+                qi?: string | undefined;
+                use?: string | undefined;
+                x?: string | undefined;
+                y?: string | undefined;
+                x5c?: string[] | undefined;
+                x5t?: string | undefined;
+                "x5t#S256"?: string | undefined;
+                x5u?: string | undefined;
+            }[];
+        } | undefined;
+    } | undefined;
     scope?: string | undefined;
     presentation_definition?: {
         id: string;
@@ -606,10 +816,39 @@ export declare const RequestObject: z.ZodObject<{
     response_mode: "direct_post.jwt" | "direct_post";
     client_id: string;
     response_uri: string;
-    client_id_scheme: string;
     iss?: string | undefined;
     iat?: number | undefined;
     exp?: number | undefined;
+    client_id_scheme?: string | undefined;
+    client_metadata?: {
+        jwks_uri?: string | undefined;
+        jwks?: {
+            keys: {
+                kty: "RSA" | "EC";
+                alg?: string | undefined;
+                crv?: string | undefined;
+                d?: string | undefined;
+                dp?: string | undefined;
+                dq?: string | undefined;
+                e?: string | undefined;
+                ext?: boolean | undefined;
+                k?: string | undefined;
+                key_ops?: string[] | undefined;
+                kid?: string | undefined;
+                n?: string | undefined;
+                p?: string | undefined;
+                q?: string | undefined;
+                qi?: string | undefined;
+                use?: string | undefined;
+                x?: string | undefined;
+                y?: string | undefined;
+                x5c?: string[] | undefined;
+                x5t?: string | undefined;
+                "x5t#S256"?: string | undefined;
+                x5u?: string | undefined;
+            }[];
+        } | undefined;
+    } | undefined;
     scope?: string | undefined;
     presentation_definition?: {
         id: string;

package/lib/typescript/credential/presentation/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAEjE,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACO,MAAM;IACzB,MAAM,EAAE;IACsC,aAAa;CACzE,CAAC;AAmBF,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAC9D,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAO1B,CAAC;AAqBH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAC5E,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAMjC,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAaxB,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/credential/presentation/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAEjE,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAGzB;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACO,MAAM;IACzB,MAAM,EAAE;IACsC,aAAa;CACzE,CAAC;AAmBF,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAC9D,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAO1B,CAAC;AAqBH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAC5E,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAMjC,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAC1D,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAmBxB,CAAC"}

package/lib/typescript/utils/crypto.d.ts

@@ -1,4 +1,6 @@
 import { type CryptoContext } from "@pagopa/io-react-native-jwt";
+import { RSAKey, KJUR } from "jsrsasign";
+import { JWK } from "./jwk";
 /**
  * Create a CryptoContext bound to a key pair.
  * Key pair is supposed to exist already in the device's keychain.
@@ -16,4 +18,26 @@ export declare const createCryptoContextFor: (keytag: string) => CryptoContext;
  * @returns The returned value of the input procedure.
  */
 export declare const withEphemeralKey: <R>(fn: (ephemeralContext: CryptoContext) => Promise<R>) => Promise<R>;
+/**
+ * Converts a certificate string to PEM format.
+ *
+ * @param certificate - The certificate string.
+ * @returns The PEM-formatted certificate.
+ */
+export declare const convertCertToPem: (certificate: string) => string;
+/**
+ * Parses the public key from a PEM-formatted certificate.
+ *
+ * @param pemCert - The PEM-formatted certificate.
+ * @returns The public key object.
+ * @throws Will throw an error if the public key is unsupported.
+ */
+export declare const parsePublicKey: (pemCert: string) => RSAKey | KJUR.crypto.ECDSA | undefined;
+/**
+ * Retrieves the signing JWK from the public key.
+ *
+ * @param publicKey - The public key object.
+ * @returns The signing JWK.
+ */
+export declare const getSigningJwk: (publicKey: RSAKey | KJUR.crypto.ECDSA) => JWK;
 //# sourceMappingURL=crypto.d.ts.map

package/lib/typescript/utils/crypto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../../src/utils/crypto.ts"],"names":[],"mappings":"AAOA,OAAO,EAAc,KAAK,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAG7E;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB,WAAY,MAAM,KAAG,aA6BvD,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,gBAAgB,6BACJ,aAAa,8BAOrC,CAAC"}
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../../src/utils/crypto.ts"],"names":[],"mappings":"AAOA,OAAO,EAAc,KAAK,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAE7E,OAAO,EAAiB,MAAM,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACxD,OAAO,EAAE,GAAG,EAAE,MAAM,OAAO,CAAC;AAE5B;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB,WAAY,MAAM,KAAG,aA6BvD,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,gBAAgB,6BACJ,aAAa,8BAOrC,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,gBAAiB,MAAM,KAAG,MACmB,CAAC;AAE3E;;;;;;GAMG;AACH,eAAO,MAAM,cAAc,YAChB,MAAM,KACd,MAAM,GAAG,KAAK,MAAM,CAAC,KAAK,GAAG,SAU/B,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,aAAa,cAAe,MAAM,GAAG,KAAK,MAAM,CAAC,KAAK,KAAG,GAGpE,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/io-react-native-wallet",
-  "version": "1.2.3",
+  "version": "1.2.4",
   "description": "Provide data structures, helpers and API for IO Wallet",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",
@@ -108,10 +108,12 @@
     ]
   },
   "dependencies": {
+    "@types/jsrsasign": "^10.5.15",
     "ajv": "^8.17.1",
     "js-base64": "^3.7.7",
     "js-sha256": "^0.9.0",
     "jsonpath-plus": "^10.2.0",
+    "jsrsasign": "^11.1.0",
     "parse-url": "^9.2.0",
     "react-native-url-polyfill": "^2.0.0",
     "react-native-uuid": "^2.0.1",

package/src/credential/presentation/01-start-flow.ts

@@ -1,11 +1,9 @@
 import * as z from "zod";
-import { InvalidQRCodeError } from "./errors";
+import { ValidationFailed } from "../../utils/errors";
 
-const QRCodePayload = z.object({
-  protocol: z.string(),
-  resource: z.string(), // TODO: refine to known paths using literals
-  clientId: z.string(),
-  requestURI: z.string(),
+const PresentationParams = z.object({
+  clientId: z.string().nonempty(),
+  requestUri: z.string().url(),
 });
 
 /**
@@ -16,46 +14,32 @@ const QRCodePayload = z.object({
  * @returns The url for the Relying Party to connect with
  */
 export type StartFlow<T extends Array<unknown> = []> = (...args: T) => {
-  requestURI: string;
+  requestUri: string;
   clientId: string;
 };
 
 /**
- * Start a presentation flow by decoding an incoming QR-code
+ * Start a presentation flow by decoding the parameters needed to start the presentation flow.
  *
  * @param qrcode The encoded QR-code content
  * @returns The url for the Relying Party to connect with
  * @throws If the provided qr code fails to be decoded
  */
-export const startFlowFromQR: StartFlow<[string]> = (qrcode) => {
-  let decodedUrl: URL;
-  try {
-    // splitting qrcode to identify which is link format
-    const originalQrCode = qrcode.split("://");
-    const replacedQrcode = originalQrCode[1]?.startsWith("?")
-      ? qrcode.replace(`${originalQrCode[0]}://`, "https://wallet.example/")
-      : qrcode;
-
-    decodedUrl = new URL(replacedQrcode);
-  } catch (error) {
-    throw new InvalidQRCodeError(`Failed to decode QR code:  ${qrcode}`);
-  }
-
-  const protocol = decodedUrl.protocol;
-  const resource = decodedUrl.hostname;
-  const requestURI = decodedUrl.searchParams.get("request_uri");
-  const clientId = decodedUrl.searchParams.get("client_id");
-
-  const result = QRCodePayload.safeParse({
-    protocol,
-    resource,
-    requestURI,
+export const startFlowFromQR: StartFlow<[string, string]> = (
+  requestUri: string,
+  clientId: string
+) => {
+  const result = PresentationParams.safeParse({
+    requestUri,
     clientId,
   });
 
   if (result.success) {
     return result.data;
   } else {
-    throw new InvalidQRCodeError(`${result.error.message}, ${decodedUrl}`);
+    throw new ValidationFailed({
+      message: "Invalid parameters provided",
+      reason: result.error.message,
+    });
   }
 };

package/src/credential/presentation/03-get-request-object.ts

@@ -9,7 +9,7 @@ import { hasStatusOrThrow, type Out } from "../../utils/misc";
 import type { StartFlow } from "./01-start-flow";
 
 export type GetRequestObject = (
-  requestUri: Out<StartFlow>["requestURI"],
+  requestUri: Out<StartFlow>["requestUri"],
   context: {
     wiaCryptoContext: CryptoContext;
     appFetch?: GlobalFetch["fetch"];

package/src/credential/presentation/04-retrieve-rp-jwks.ts

@@ -3,6 +3,12 @@ import { hasStatusOrThrow } from "../../utils/misc";
 import { RelyingPartyEntityConfiguration } from "../../entity/trust/types";
 import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
 import { NoSuitableKeysFoundInEntityConfiguration } from "./errors";
+import { RequestObject } from "./types";
+import {
+  convertCertToPem,
+  parsePublicKey,
+  getSigningJwk,
+} from "../../utils/crypto";
 
 /**
  * Defines the signature for a function that retrieves JSON Web Key Sets (JWKS) from a client.
@@ -16,54 +22,136 @@ export type FetchJwks<T extends Array<unknown> = []> = (...args: T) => Promise<{
 }>;
 
 /**
- * Retrieves the JSON Web Key Set (JWKS) from the specified client's well-known endpoint.
- * It is formed using `{issUrl.base}/.well-known/jar-issuer${issUrl.pah}` as explained in SD-JWT VC issuer metadata section
+ * Fetches and parses JWKS from a given URI.
  *
- * @param requestObjectEncodedJwt - Request Object in JWT format.
- * @param options - Optional context containing a custom fetch implementation.
- * @param options.context - Optional context object.
- * @param options.context.appFetch - Optional custom fetch function to use instead of the global `fetch`.
- * @returns A promise resolving to an object containing an array of JWKs.
- * @throws Will throw an error if the JWKS retrieval fails.
+ * @param jwksUri - The JWKS URI.
+ * @param fetchFn - The fetch function to use.
+ * @returns An array of JWKs.
+ */
+const fetchJwksFromUri = async (
+  jwksUri: string,
+  appFetch: GlobalFetch["fetch"]
+): Promise<JWK[]> => {
+  const jwks = await appFetch(jwksUri, {
+    method: "GET",
+  })
+    .then(hasStatusOrThrow(200))
+    .then((raw) => raw.json())
+    .then((json) => (json.jwks ? JWKS.parse(json.jwks) : JWKS.parse(json)));
+  return jwks.keys;
+};
+
+/**
+ * Retrieves JWKS when the client ID scheme includes x509 SAN DNS.
+ *
+ * @param decodedJwt - The decoded JWT.
+ * @param fetchFn - The fetch function to use.
+ * @returns An array of JWKs.
+ * @throws Will throw an error if no suitable keys are found.
+ */
+const getJwksFromX509Cert = async (certChain: string[]): Promise<JWK[]> => {
+  if (!Array.isArray(certChain) || certChain.length === 0 || !certChain[0]) {
+    throw new NoSuitableKeysFoundInEntityConfiguration(
+      "No RP encrypt key found!"
+    );
+  }
+
+  const pemCert = convertCertToPem(certChain[0]);
+  const publicKey = parsePublicKey(pemCert);
+  if (!publicKey) {
+    throw new NoSuitableKeysFoundInEntityConfiguration(
+      "Unsupported public key type."
+    );
+  }
+  const signingJwk = getSigningJwk(publicKey);
+
+  return [signingJwk];
+};
+
+/**
+ * Constructs the well-known JWKS URL based on the issuer claim.
+ *
+ * @param issuer - The issuer URL.
+ * @returns The well-known JWKS URL.
+ */
+const constructWellKnownJwksUrl = (issuer: string): string => {
+  const issuerUrl = new URL(issuer);
+  return new URL(
+    `/.well-known/jar-issuer${issuerUrl.pathname}`,
+    `${issuerUrl.protocol}//${issuerUrl.host}`
+  ).toString();
+};
+
+/**
+ * Fetches the JSON Web Key Set (JWKS) based on the provided Request Object encoded as a JWT.
+ * The retrieval process follows these steps in order:
+ *
+ * 1. **Direct JWK Retrieval**: If the JWT's protected header contains a `jwk` attribute, it uses this key directly.
+ * 2. **X.509 Certificate Retrieval**: If the protected header includes an `x5c` attribute, it extracts the JWKs from the provided X.509 certificate chain.
+ * 3. **Issuer's Well-Known Endpoint**: If neither `jwk` nor `x5c` are present, it constructs the JWKS URL using the issuer (`iss`) claim and fetches the keys from the issuer's well-known JWKS endpoint.
+ *
+ * The JWKS URL is constructed in the format `{issUrl.base}/.well-known/jar-issuer${issUrl.path}`,
+ * as detailed in the SD-JWT VC issuer metadata specification.
+ *
+ * @param requestObjectEncodedJwt - The Request Object encoded as a JWT.
+ * @param options - Optional parameters for fetching the JWKS.
+ * @param options.context - Optional context providing a custom fetch implementation.
+ * @param options.context.appFetch - A custom fetch function to replace the global `fetch` if provided.
+ * @returns A promise that resolves to an object containing an array of JSON Web Keys (JWKs).
+ * @throws {NoSuitableKeysFoundInEntityConfiguration} Throws an error if JWKS retrieval or key extraction fails.
  */
 export const fetchJwksFromRequestObject: FetchJwks<
   [string, { context?: { appFetch?: GlobalFetch["fetch"] } }?]
 > = async (requestObjectEncodedJwt, { context = {} } = {}) => {
   const { appFetch = fetch } = context;
   const requestObjectJwt = decodeJwt(requestObjectEncodedJwt);
+  const jwks: JWK[] = [];
 
   // 1. check if request object jwt contains the 'jwk' attribute
   if (requestObjectJwt.protectedHeader?.jwk) {
-    return {
-      keys: [JWK.parse(requestObjectJwt.protectedHeader.jwk)],
-    };
+    const keys = [JWK.parse(requestObjectJwt.protectedHeader.jwk)];
+    jwks.push(...keys);
+  }
+
+  // 2. check if request object jwt contains the 'x5c' attribute
+  if (requestObjectJwt.protectedHeader.x5c) {
+    const keys = await getJwksFromX509Cert(
+      requestObjectJwt.protectedHeader.x5c
+    );
+    jwks.push(...keys);
+  }
+
+  // 3. check if client_metadata contains the 'jwks' or 'jwks_uri' attribute
+  const requestObject = RequestObject.parse(requestObjectJwt.payload);
+  const { client_metadata } = requestObject;
+
+  if (client_metadata?.jwks_uri) {
+    const fetchedJwks = await fetchJwksFromUri(
+      new URL(client_metadata.jwks_uri).toString(),
+      appFetch
+    );
+    jwks.push(...fetchedJwks);
+  }
+
+  if (client_metadata?.jwks) {
+    jwks.push(...client_metadata.jwks.keys);
+  }
+
+  // 3. According to Potential profile, retrieve from RP endpoint using iss claim
+  const issuer = requestObjectJwt.payload?.iss;
+  if (jwks.length === 0 && typeof issuer === "string") {
+    const wellKnownJwksUrl = constructWellKnownJwksUrl(issuer);
+    const jwksKeys = await fetchJwksFromUri(wellKnownJwksUrl, appFetch);
+    jwks.push(...jwksKeys);
   }
 
-  // 2. According to Potential profile, retrieve from RP endpoint using iss claim
-  const issClaimValue = requestObjectJwt.payload?.iss as string;
-  if (issClaimValue) {
-    const issUrl = new URL(issClaimValue);
-    const wellKnownUrl = new URL(
-      `/.well-known/jar-issuer${issUrl.pathname}`,
-      `${issUrl.protocol}//${issUrl.host}`
-    ).toString();
-
-    // Fetches the JWKS from a specific endpoint of the entity's well-known configuration
-    const jwks = await appFetch(wellKnownUrl, {
-      method: "GET",
-    })
-      .then(hasStatusOrThrow(200))
-      .then((raw) => raw.json())
-      .then((json) => JWKS.parse(json.jwks));
-
-    return {
-      keys: jwks.keys,
-    };
+  if (jwks.length === 0) {
+    throw new NoSuitableKeysFoundInEntityConfiguration(
+      "Request Object signature verification"
+    );
   }
 
-  throw new NoSuitableKeysFoundInEntityConfiguration(
-    "Request Object signature verification"
-  );
+  return { keys: jwks };
 };
 
 /**