@pagopa/io-react-native-wallet 1.4.0 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (85) hide show
  1. package/lib/commonjs/credential/issuance/06-obtain-credential.js +1 -5
  2. package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
  3. package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js +33 -21
  4. package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
  5. package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js +318 -24
  6. package/lib/commonjs/credential/presentation/07-evaluate-input-descriptor.js.map +1 -1
  7. package/lib/commonjs/credential/presentation/08-send-authorization-response.js +47 -83
  8. package/lib/commonjs/credential/presentation/08-send-authorization-response.js.map +1 -1
  9. package/lib/commonjs/credential/presentation/errors.js +18 -1
  10. package/lib/commonjs/credential/presentation/errors.js.map +1 -1
  11. package/lib/commonjs/credential/presentation/index.js +8 -2
  12. package/lib/commonjs/credential/presentation/index.js.map +1 -1
  13. package/lib/commonjs/credential/presentation/types.js +6 -2
  14. package/lib/commonjs/credential/presentation/types.js.map +1 -1
  15. package/lib/commonjs/entity/trust/chain.js.map +1 -1
  16. package/lib/commonjs/mdoc/index.js +45 -13
  17. package/lib/commonjs/mdoc/index.js.map +1 -1
  18. package/lib/commonjs/sd-jwt/index.js +41 -1
  19. package/lib/commonjs/sd-jwt/index.js.map +1 -1
  20. package/lib/commonjs/utils/crypto.js +70 -4
  21. package/lib/commonjs/utils/crypto.js.map +1 -1
  22. package/lib/commonjs/utils/string.js +6 -7
  23. package/lib/commonjs/utils/string.js.map +1 -1
  24. package/lib/module/credential/issuance/06-obtain-credential.js +1 -5
  25. package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
  26. package/lib/module/credential/issuance/07-verify-and-parse-credential.js +33 -21
  27. package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
  28. package/lib/module/credential/presentation/07-evaluate-input-descriptor.js +311 -23
  29. package/lib/module/credential/presentation/07-evaluate-input-descriptor.js.map +1 -1
  30. package/lib/module/credential/presentation/08-send-authorization-response.js +46 -81
  31. package/lib/module/credential/presentation/08-send-authorization-response.js.map +1 -1
  32. package/lib/module/credential/presentation/errors.js +16 -0
  33. package/lib/module/credential/presentation/errors.js.map +1 -1
  34. package/lib/module/credential/presentation/index.js +2 -2
  35. package/lib/module/credential/presentation/index.js.map +1 -1
  36. package/lib/module/credential/presentation/types.js +6 -2
  37. package/lib/module/credential/presentation/types.js.map +1 -1
  38. package/lib/module/entity/trust/chain.js.map +1 -1
  39. package/lib/module/mdoc/index.js +43 -12
  40. package/lib/module/mdoc/index.js.map +1 -1
  41. package/lib/module/sd-jwt/index.js +40 -1
  42. package/lib/module/sd-jwt/index.js.map +1 -1
  43. package/lib/module/utils/crypto.js +67 -2
  44. package/lib/module/utils/crypto.js.map +1 -1
  45. package/lib/module/utils/string.js +4 -6
  46. package/lib/module/utils/string.js.map +1 -1
  47. package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -1
  48. package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts +1 -1
  49. package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts.map +1 -1
  50. package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts +106 -9
  51. package/lib/typescript/credential/presentation/07-evaluate-input-descriptor.d.ts.map +1 -1
  52. package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts +4 -33
  53. package/lib/typescript/credential/presentation/08-send-authorization-response.d.ts.map +1 -1
  54. package/lib/typescript/credential/presentation/errors.d.ts +11 -0
  55. package/lib/typescript/credential/presentation/errors.d.ts.map +1 -1
  56. package/lib/typescript/credential/presentation/index.d.ts +3 -3
  57. package/lib/typescript/credential/presentation/index.d.ts.map +1 -1
  58. package/lib/typescript/credential/presentation/types.d.ts +18 -6
  59. package/lib/typescript/credential/presentation/types.d.ts.map +1 -1
  60. package/lib/typescript/entity/trust/chain.d.ts.map +1 -1
  61. package/lib/typescript/mdoc/index.d.ts +6 -2
  62. package/lib/typescript/mdoc/index.d.ts.map +1 -1
  63. package/lib/typescript/sd-jwt/index.d.ts +19 -0
  64. package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
  65. package/lib/typescript/utils/crypto.d.ts +8 -0
  66. package/lib/typescript/utils/crypto.d.ts.map +1 -1
  67. package/lib/typescript/utils/errors.d.ts.map +1 -1
  68. package/lib/typescript/utils/misc.d.ts.map +1 -1
  69. package/lib/typescript/utils/string.d.ts +3 -3
  70. package/lib/typescript/utils/string.d.ts.map +1 -1
  71. package/package.json +16 -14
  72. package/src/credential/issuance/06-obtain-credential.ts +1 -7
  73. package/src/credential/issuance/07-verify-and-parse-credential.ts +37 -16
  74. package/src/credential/presentation/07-evaluate-input-descriptor.ts +459 -49
  75. package/src/credential/presentation/08-send-authorization-response.ts +57 -101
  76. package/src/credential/presentation/errors.ts +16 -0
  77. package/src/credential/presentation/index.ts +8 -4
  78. package/src/credential/presentation/types.ts +16 -3
  79. package/src/entity/trust/chain.ts +14 -10
  80. package/src/mdoc/index.ts +72 -15
  81. package/src/sd-jwt/index.ts +49 -1
  82. package/src/utils/crypto.ts +61 -2
  83. package/src/utils/errors.ts +2 -2
  84. package/src/utils/misc.ts +2 -2
  85. package/src/utils/string.ts +4 -6
package/src/credential/issuance/07-verify-and-parse-credential.ts CHANGED
@@ -19,6 +19,7 @@ export type VerifyAndParseCredential = (
19
19
  issuerConf: Out<GetIssuerConfig>["issuerConf"],
20
20
  credential: Out<ObtainCredential>["credential"],
21
21
  format: Out<ObtainCredential>["format"],
22
+ credentialType: string,
22
23
  context: {
23
24
  credentialCryptoContext: CryptoContext;
24
25
  /**
@@ -60,7 +61,7 @@ type DecodedSdJwtCredential = Out<typeof verifySdJwt> & {
60
61
  };
61
62
 
62
63
  type DecodedMDocCredential = Out<typeof verifyMdoc> & {
63
- mDoc: CBOR.MDOC;
64
+ issuerSigned: CBOR.IssuerSigned;
64
65
  };
65
66
 
66
67
  const parseCredentialSdJwt = (
@@ -157,10 +158,11 @@ const parseCredentialSdJwt = (
157
158
  const parseCredentialMDoc = (
158
159
  // the list of supported credentials, as defined in the issuer configuration
159
160
  credentials_supported: Out<GetIssuerConfig>["issuerConf"]["credential_configurations_supported"],
160
- { mDoc }: DecodedMDocCredential,
161
+ credential_type: string,
162
+ { issuerSigned }: DecodedMDocCredential,
161
163
  includeUndefinedAttributes: boolean = false
162
164
  ): ParsedCredential => {
163
- const credentialSubject = credentials_supported[mDoc.docType];
165
+ const credentialSubject = credentials_supported[credential_type];
164
166
 
165
167
  if (!credentialSubject) {
166
168
  throw new IoWalletError("Credential type not supported by the issuer");
@@ -184,24 +186,24 @@ const parseCredentialMDoc = (
184
186
  [namespace, claimNameKey, definition] as [
185
187
  string,
186
188
  string,
187
- CredentialClaim
189
+ CredentialClaim,
188
190
  ]
189
191
  )
190
192
  );
191
193
 
192
- if (!mDoc.issuerSigned.nameSpaces) {
194
+ if (!issuerSigned.nameSpaces) {
193
195
  throw new IoWalletError("Missing claims in the credential");
194
196
  }
195
197
 
196
198
  const flatNamespaces: [string, string, string][] = Object.entries(
197
- mDoc.issuerSigned.nameSpaces
199
+ issuerSigned.nameSpaces
198
200
  ).flatMap(([namespace, values]) =>
199
201
  values.map(
200
202
  (v) =>
201
203
  [namespace, v.elementIdentifier, v.elementValue] as [
202
204
  string,
203
205
  string,
204
- string
206
+ string,
205
207
  ]
206
208
  )
207
209
  );
@@ -314,24 +316,36 @@ async function verifyCredentialMDoc(
314
316
  issuerKeys: JWK[],
315
317
  holderBindingContext: CryptoContext
316
318
  ): Promise<DecodedMDocCredential> {
317
- const [decodedCredential] =
319
+ /**
320
+ * For the moment, being that issues in the crypto key generation
321
+ * have been found on Android, the check for the deviceKey inside
322
+ * of the mDoc is skipped, so we are not interested in the holderBindingKey
323
+ */
324
+ const [decodedCredential, _] =
318
325
  // parallel for optimization
319
326
  await Promise.all([
320
327
  verifyMdoc(rawCredential, issuerKeys),
321
328
  holderBindingContext.getPublicKey(),
322
329
  ]);
323
330
 
324
- // TODO Implement the holder binding verification for MDOC
325
-
326
- // Get only the first decoded credential
327
-
328
331
  if (!decodedCredential) {
329
332
  throw new IoWalletError("No MDOC credentials found!");
330
333
  }
331
334
 
332
- return {
333
- mDoc: decodedCredential.mDoc,
334
- };
335
+ /**
336
+ * For the moment, being that issues in the crypto key generation
337
+ * have been found on Android, the check for the deviceKey inside
338
+ * of the mDoc is skipped.
339
+ */
340
+ //const key = decodedCredential.mDoc.issuerSigned.issuerAuth.payload.deviceKeyInfo.deviceKey;
341
+ //
342
+ //if (!compareKeysByThumbprint(key, holderBindingKey as PublicKey)) {
343
+ // throw new IoWalletError(
344
+ // `Failed to verify holder binding, holder binding key and mDoc deviceKey don't match`
345
+ // );
346
+ //}
347
+
348
+ return decodedCredential;
335
349
  }
336
350
 
337
351
  // utility type that specialize VerifyAndParseCredential for given format
@@ -339,13 +353,15 @@ type WithFormat<Format extends Parameters<VerifyAndParseCredential>[2]> = (
339
353
  _0: Parameters<VerifyAndParseCredential>[0],
340
354
  _1: Parameters<VerifyAndParseCredential>[1],
341
355
  _2: Format,
342
- _3: Parameters<VerifyAndParseCredential>[3]
356
+ _3: Parameters<VerifyAndParseCredential>[3],
357
+ _4: Parameters<VerifyAndParseCredential>[4]
343
358
  ) => ReturnType<VerifyAndParseCredential>;
344
359
 
345
360
  const verifyAndParseCredentialSdJwt: WithFormat<"vc+sd-jwt"> = async (
346
361
  issuerConf,
347
362
  credential,
348
363
  _,
364
+ __,
349
365
  {
350
366
  credentialCryptoContext,
351
367
  ignoreMissingAttributes,
@@ -381,6 +397,7 @@ const verifyAndParseCredentialMDoc: WithFormat<"mso_mdoc"> = async (
381
397
  issuerConf,
382
398
  credential,
383
399
  _,
400
+ credentialType,
384
401
  { credentialCryptoContext, ignoreMissingAttributes }
385
402
  ) => {
386
403
  const decoded = await verifyCredentialMDoc(
@@ -391,6 +408,7 @@ const verifyAndParseCredentialMDoc: WithFormat<"mso_mdoc"> = async (
391
408
 
392
409
  const parsedCredential = parseCredentialMDoc(
393
410
  issuerConf.credential_configurations_supported,
411
+ credentialType,
394
412
  decoded,
395
413
  ignoreMissingAttributes
396
414
  );
@@ -432,6 +450,7 @@ export const verifyAndParseCredential: VerifyAndParseCredential = async (
432
450
  issuerConf,
433
451
  credential,
434
452
  format,
453
+ credentialType,
435
454
  context
436
455
  ) => {
437
456
  if (format === "vc+sd-jwt") {
@@ -439,6 +458,7 @@ export const verifyAndParseCredential: VerifyAndParseCredential = async (
439
458
  issuerConf,
440
459
  credential,
441
460
  format,
461
+ credentialType,
442
462
  context
443
463
  );
444
464
  }
@@ -447,6 +467,7 @@ export const verifyAndParseCredential: VerifyAndParseCredential = async (
447
467
  issuerConf,
448
468
  credential,
449
469
  format,
470
+ credentialType,
450
471
  context
451
472
  );
452
473
  }