npm - @pagopa/io-react-native-wallet - Versions diffs - 1.7.0 → 1.8.0 - Mend

@pagopa/io-react-native-wallet 1.7.0 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (146) hide show

package/src/entity/trust/types.ts CHANGED Viewed

@@ -49,12 +49,12 @@ const CredentialIssuerDisplayMetadata = z.object({
 });
 type ClaimsMetadata = z.infer<typeof ClaimsMetadata>;
-const ClaimsMetadata = z.record(
-  z.object({
-    value_type: z.string(),
-    display: z.array(z.object({ name: z.string(), locale: z.string() })),
-  })
-);
+const ClaimsMetadata = z.object({
+  path: z.array(z.string()),
+  display: z.array(CredentialDisplayMetadata),
+  mandatory: z.boolean().optional(),
+  value_type: z.string().optional(),
+});
 type IssuanceErrorSupported = z.infer<typeof IssuanceErrorSupported>;
 const IssuanceErrorSupported = z.object({
@@ -70,12 +70,17 @@ const IssuanceErrorSupported = z.object({
 // Metadata for a credentia which is supported by a Issuer
 type SupportedCredentialMetadata = z.infer<typeof SupportedCredentialMetadata>;
 const SupportedCredentialMetadata = z.object({
-  format: z.union([z.literal("vc+sd-jwt"), z.literal("mso_mdoc")]),
+  format: z.union([
+    z.literal("vc+sd-jwt"),
+    z.literal("dc+sd-jwt"),
+    z.literal("mso_mdoc"),
+  ]),
+  vct: z.string().optional(),
   scope: z.string(),
   display: z.array(CredentialDisplayMetadata),
-  claims: ClaimsMetadata.optional(), // TODO [SIW-1268]: should not be optional
+  claims: z.array(ClaimsMetadata),
   cryptographic_binding_methods_supported: z.array(z.string()),
-  credential_signing_alg_values_supported: z.array(z.string()),
+  credential_signing_alg_values_supported: z.array(z.string()).optional(),
   authentic_source: z.string().optional(),
   issuance_errors_supported: z.record(IssuanceErrorSupported).optional(),
 });
@@ -165,40 +170,37 @@ export const CredentialIssuerEntityConfiguration = BaseEntityConfiguration.and(
           credential_issuer: z.string(),
           credential_endpoint: z.string(),
           revocation_endpoint: z.string(),
+          nonce_endpoint: z.string(),
           status_attestation_endpoint: z.string(),
           display: z.array(CredentialIssuerDisplayMetadata),
           credential_configurations_supported: z.record(
             SupportedCredentialMetadata
           ),
           jwks: z.object({ keys: z.array(JWK) }),
+          trust_frameworks_supported: z.array(z.string()),
+          evidence_supported: z.array(z.string()),
         }),
         oauth_authorization_server: z.object({
           authorization_endpoint: z.string(),
           pushed_authorization_request_endpoint: z.string(),
-          dpop_signing_alg_values_supported: z.array(z.string()).optional(), // TODO [SIW-1268]: should not be optional
           token_endpoint: z.string(),
-          introspection_endpoint: z.string().optional(), // TODO [SIW-1268]: should not be optional
           client_registration_types_supported: z.array(z.string()),
           code_challenge_methods_supported: z.array(z.string()),
-          authorization_details_types_supported: z.array(z.string()).optional(), // TODO [SIW-1268]: should not be optional,
           acr_values_supported: z.array(z.string()),
           grant_types_supported: z.array(z.string()),
           issuer: z.string(),
           jwks: z.object({ keys: z.array(JWK) }),
           scopes_supported: z.array(z.string()),
-          request_parameter_supported: z.boolean().optional(), // TODO [SIW-1268]: should not be optional
-          request_uri_parameter_supported: z.boolean().optional(), // TODO [SIW-1268]: should not be optional
-          response_types_supported: z.array(z.string()).optional(), // TODO [SIW-1268]: should not be optional
           response_modes_supported: z.array(z.string()),
-          subject_types_supported: z.array(z.string()).optional(), // TODO [SIW-1268]: should not be optional
           token_endpoint_auth_methods_supported: z.array(z.string()),
           token_endpoint_auth_signing_alg_values_supported: z.array(z.string()),
           request_object_signing_alg_values_supported: z.array(z.string()),
         }),
-        /** Credential Issuers act as Relying Party
-            when they require the presentation of other credentials.
-            This does not apply for PID issuance, which requires CIE authz. */
-        wallet_relying_party: RelyingPartyMetadata.optional(),
+        /**
+         * Credential Issuers act as Relying Party when they require the presentation of other credentials.
+         * This does not apply for PID issuance, which requires CIE authz.
+         */
+        openid_credential_verifier: RelyingPartyMetadata.optional(),
       }),
     }),
   })

package/src/index.ts CHANGED Viewed

@@ -13,6 +13,7 @@ import * as WalletInstance from "./wallet-instance";
 import { AuthorizationDetail, AuthorizationDetails } from "./utils/par";
 import { createCryptoContextFor } from "./utils/crypto";
 import type { IntegrityContext } from "./utils/integrity";
+import { getCredentialIssuerEntityConfiguration } from "./entity/trust";
 export {
   SdJwt,
@@ -25,6 +26,7 @@ export {
   AuthorizationDetail,
   AuthorizationDetails,
   fixBase64EncodingOnKey,
+  getCredentialIssuerEntityConfiguration,
 };
 export type { IntegrityContext, AuthorizationContext };

package/src/mdoc/index.ts CHANGED Viewed

@@ -14,13 +14,13 @@ export const verify = async (
   token: string,
   _: JWK | JWK[]
 ): Promise<{ issuerSigned: CBOR.IssuerSigned }> => {
-  // get decoded data
-  const issuerSigned = await CBOR.decodeIssuerSigned(token);
+  // ensure that token is base64
+  const issuerSigned = await CBOR.decodeIssuerSigned(b64utob64(token));
   if (!issuerSigned) {
     throw new Error("Invalid mDoc");
   }
-  const cert = issuerSigned.issuerAuth.unprotectedHeader[0]?.keyId;
+  const cert = issuerSigned.issuerAuth.unprotectedHeader[0]?.x5chain?.[0];
   if (!cert) throw new Error("Certificate not present in credential");
   const pemcert = convertCertToPem(b64utob64(cert));
@@ -55,7 +55,7 @@ export const prepareVpTokenMdoc = async (
   /* verifiableCredential is a IssuerSigned structure */
   const documents = [
     {
-      issuerSignedContent: verifiableCredential,
+      issuerSignedContent: b64utob64(verifiableCredential),
       alias: keyTag,
       docType,
     },

package/src/sd-jwt/index.ts CHANGED Viewed

@@ -41,7 +41,7 @@ export const decode = <S extends z.ZodType<SdJwt4VC>>(
   if (token.slice(-1) === "~") {
     token = token.slice(0, -1);
   }
-  const [rawSdJwt = "", ...rawDisclosures] = token.split("~");
+  const [rawSdJwt = "", ...rawDisclosures] = token.split("~").filter(Boolean);
   // get the sd-jwt as object
   // validate it's a valid SD-JWT for Verifiable Credentials
@@ -80,7 +80,7 @@ export const disclose = async (
   token: string,
   claims: string[]
 ): Promise<{ token: string; paths: { claim: string; path: string }[] }> => {
-  const [rawSdJwt, ...rawDisclosures] = token.split("~");
+  const [rawSdJwt, ...rawDisclosures] = token.split("~").filter(Boolean);
   const { sdJwt, disclosures } = decode(token, SdJwt4VC);
   // for each claim, return the path on which they are located in the SD-JWT token

package/src/sd-jwt/types.ts CHANGED Viewed

@@ -49,7 +49,7 @@ export const SdJwt4VC = z.object({
     typ: CredentialFormat,
     alg: z.string(),
     kid: z.string().optional(),
-    x5c: z.string().optional(),
+    x5c: z.array(z.string()).optional(),
     vctm: z.array(z.string()).optional(),
   }),
   payload: z.intersection(

package/src/utils/credential/issuance/07-verify-and-parse-credentials-utils.ts CHANGED Viewed

@@ -127,10 +127,11 @@ export function buildMockSDJWTTestScenario(
 ): Parameters<typeof parseCredentialSdJwt> {
   return [
     {
-      "eu.europa.ec.eudi.pid.1": {
+      dc_sd_jwt_PersonIdentificationData: {
         cryptographic_suites_supported: [],
         cryptographic_binding_methods_supported: [],
         format: "vc+sd-jwt",
+        vct: "urn:eu.europa.ec.eudi:pid:1",
         display: [],
         claims,
       },
@@ -147,7 +148,7 @@ export function buildMockSDJWTTestScenario(
               credential_hash_alg: "sha-256",
             },
           },
-          vct: "eu.europa.ec.eudi.pid.1",
+          vct: "urn:eu.europa.ec.eudi:pid:1",
           iss: "unused",
           sub: "unused",
           expiry_date: "unused",

package/src/utils/pop.ts CHANGED Viewed

@@ -18,7 +18,7 @@ export const createPopToken = async (
   return new SignJWT(crypto)
     .setPayload(payload)
     .setProtectedHeader({
-      typ: "jwt-client-attestation-pop",
+      typ: "oauth-client-attestation-pop+jwt",
       kid,
     })
     .setIssuedAt()

package/src/wallet-instance-attestation/issuing.ts CHANGED Viewed

@@ -7,11 +7,12 @@ import { fixBase64EncodingOnKey, JWK } from "../utils/jwk";
 import { getWalletProviderClient } from "../client";
 import type { IntegrityContext } from "..";
 import {
+  IoWalletError,
   ResponseErrorBuilder,
   WalletProviderResponseError,
   WalletProviderResponseErrorCodes,
 } from "../utils/errors";
-import { TokenResponse } from "./types";
+import { WalletAttestationResponse } from "./types";
 /**
  * Getter for an attestation request. The attestation request is a JWT that will be sent to the Wallet Provider to request a Wallet Instance Attestation.
@@ -47,8 +48,8 @@ export async function getAttestationRequest(
   return new SignJWT(wiaCryptoContext)
     .setPayload({
       iss: keyThumbprint,
-      sub: walletProviderBaseUrl,
-      challenge,
+      aud: walletProviderBaseUrl,
+      nonce: challenge,
       hardware_signature: signature,
       integrity_assertion: authenticatorData,
       hardware_key_tag: hardwareKeyTag,
@@ -58,7 +59,7 @@ export async function getAttestationRequest(
     })
     .setProtectedHeader({
       kid: publicKey.kid,
-      typ: "war+jwt",
+      typ: "wp-war+jwt",
     })
     .setIssuedAt()
     .setExpirationTime("1h")
@@ -103,16 +104,21 @@ export const getAttestation = async ({
   // 3. Request WIA
   const tokenResponse = await api
-    .post("/token", {
+    .post("/wallet-attestations", {
       body: {
-        grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
         assertion: signedAttestationRequest,
       },
     })
-    .then((result) => TokenResponse.parse(result))
+    .then(WalletAttestationResponse.parse)
     .catch(handleAttestationCreationError);
-  return tokenResponse.wallet_attestation;
+  const wallet_attestation = tokenResponse.wallet_attestations;
+  if (wallet_attestation && wallet_attestation[0]) {
+    // Return first because eudiw be return only jwt
+    return wallet_attestation[0].wallet_attestation;
+  }
+  throw new IoWalletError("Wallet Attestation response is empty!");
 };
 const handleAttestationCreationError = (e: unknown) => {

package/src/wallet-instance-attestation/types.ts CHANGED Viewed

@@ -33,7 +33,7 @@ export const WalletInstanceAttestationRequestJwt = z.object({
   header: z.intersection(
     Jwt.shape.header,
     z.object({
-      typ: z.literal("war+jwt"),
+      typ: z.literal("wp-war+jwt"),
     })
   ),
   payload: z.intersection(
@@ -53,35 +53,29 @@ export const WalletInstanceAttestationJwt = z.object({
   header: z.intersection(
     Jwt.shape.header,
     z.object({
-      typ: z.literal("wallet-attestation+jwt"),
+      typ: z.literal("oauth-client-attestation+jwt"),
+      trust_chain: z.array(z.string()).optional(), // TODO: [SIW-2264] Make mandatory
     })
   ),
   payload: z.intersection(
     Jwt.shape.payload,
     z.object({
       sub: z.string(),
-      aal: z.string(),
-      authorization_endpoint: z.string(),
-      response_types_supported: z.array(z.string()),
-      vp_formats_supported: z.object({
-        "vc+sd-jwt": z
-          .object({
-            "sd-jwt_alg_values": z.array(z.string()),
-          })
-          .optional(),
-        "vp+sd-jwt": z
-          .object({
-            "sd-jwt_alg_values": z.array(z.string()),
-          })
-          .optional(),
-      }),
-      request_object_signing_alg_values_supported: z.array(z.string()),
-      presentation_definition_uri_supported: z.boolean(),
+      aal: z.string().optional(),
+      wallet_link: z.string().optional(),
+      wallet_name: z.string().optional(),
     })
   ),
 });
-export type TokenResponse = z.infer<typeof TokenResponse>;
-export const TokenResponse = z.object({
-  wallet_attestation: z.string(),
+export type WalletAttestationResponse = z.infer<
+  typeof WalletAttestationResponse
+>;
+export const WalletAttestationResponse = z.object({
+  wallet_attestations: z.array(
+    z.object({
+      wallet_attestation: z.string(),
+      format: z.enum(["jwt", "dc+sd-jwt", "mso_mdoc"]),
+    })
+  ),
 });