npm - @pagopa/io-react-native-wallet - Versions diffs - 1.7.1 → 2.0.0-next.0 - Mend

@pagopa/io-react-native-wallet 1.7.1 → 2.0.0-next.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (438) hide show

package/lib/module/credential/presentation/errors.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import { IoWalletError, serializeAttrs } from "../../utils/errors";
+export { DcqlError } from "dcql";
 /**
  * An error subclass thrown when auth request decode fail
@@ -41,18 +42,32 @@ export class NoSuitableKeysFoundInEntityConfiguration extends IoWalletError {
 }
 /**
- * When the entity is unverified because the Relying Party is not trusted.
+ * When a QR code is not valid.
  *
  */
-export class UnverifiedEntityError extends IoWalletError {
-  code = "ERR_UNVERIFIED_RP_ENTITY";
+export class InvalidQRCodeError extends IoWalletError {
+  code = "ERR_INVALID_QR_CODE";
+  /** Detailed reason for the QR code validation failure. */
-  /**
-   * @param reason A description of why the entity cannot be verified.
-   */
   constructor(reason) {
-    const message = `Unverified entity: ${reason}.`;
+    super("Invalid QR code");
+    this.reason = reason;
+  }
+}
+/**
+ * When the Request Object sent by the Relying Party is not valid
+ */
+export class InvalidRequestObjectError extends IoWalletError {
+  code = "ERR_INVALID_REQUEST_OBJECT";
+  /** Detailed reason for the Request Object validation failure. */
+  constructor(message) {
+    let reason = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : "unspecified";
     super(message);
+    this.reason = reason;
   }
 }
@@ -71,20 +86,18 @@ export class MissingDataError extends IoWalletError {
     super(message);
   }
 }
 /**
- * When a credential is not found in the wallet.
- *
+ * Error thrown when one or more credentials cannot be found in the wallet
+ * and the presentation request cannot be satisfied.
  */
-export class CredentialNotFoundError extends IoWalletError {
-  code = "ERR_CREDENTIAL_NOT_FOUND";
+export class CredentialsNotFoundError extends IoWalletError {
+  code = "ERR_CREDENTIALS_NOT_FOUND";
   /**
-   * @param credentialId The ID of the credential that was not found.
+   * @param details The details of the credentials that could not be found.
    */
-  constructor(credentialId) {
-    const message = `Credential not found: ${credentialId}.`;
-    super(message);
+  constructor(details) {
+    super("One or more credentials cannot be found in the wallet");
+    this.details = details;
   }
 }
 //# sourceMappingURL=errors.js.map

package/lib/module/credential/presentation/errors.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["IoWalletError","serializeAttrs","AuthRequestDecodeError","code","constructor","message","claim","arguments","length","undefined","reason","NoSuitableKeysFoundInEntityConfiguration","scenario","~~UnverifiedEntityError~~","MissingDataError","missingAttributes","~~CredentialNotFoundError~~","~~credentialId~~"],"sourceRoot":"../../../../src","sources":["credential/presentation/errors.ts"],"mappings":"AAAA,SAASA,aAAa,EAAEC,cAAc,QAAQ,oBAAoB;;~~AAElE~~;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,~~SAASF~~,aAAa,CAAC;~~EACxDG~~,IAAI,GAAG,oDAAoD;;EAE3D;;EAGA;;EAGAC,WAAWA,CACTC,OAAe,EAGf;IAAA,IAFAC,KAAa,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAC7BG,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAE9B,KAAK,~~CAACN~~,cAAc,CAAC;~~MAAEI~~,OAAO;MAAEC,KAAK;MAAEI;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACJ,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMC,wCAAwC,~~SAASX~~,aAAa,CAAC;~~EAC1EG~~,IAAI,GAAG,gCAAgC;;EAEvC;AACF;AACA;EACEC,WAAWA,CAACQ,QAAgB,EAAE;IAC5B,MAAMP,OAAO,GAAI,0DAAyDO,QAAS,IAAG;IACtF,KAAK,CAACP,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,~~qBAAqB~~,~~SAASb~~,aAAa,CAAC;~~EACvDG~~,IAAI,GAAG,~~0BAA0B~~;;~~EAEjC;AACF;AACA;EACEC~~,WAAWA,CAACM,MAAc,EAAE;IAC1B,~~MAAML~~,OAAO,~~GAAI~~,~~sBAAqBK~~,~~MAAO~~,~~GAAE~~;~~IAC/C~~,KAAK,~~CAACL~~,OAAO,CAAC;~~EAChB~~;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,~~MAAMS~~,gBAAgB,~~SAASd~~,aAAa,CAAC;~~EAClDG~~,IAAI,GAAG,kBAAkB;;EAEzB;AACF;AACA;EACEC,WAAWA,~~CAACW~~,iBAAyB,EAAE;IACrC,~~MAAMV~~,OAAO,GAAI,~~kCAAiCU~~,iBAAkB,GAAE;IACtE,KAAK,~~CAACV~~,OAAO,CAAC;EAChB;AACF~~;;AAEA~~;AACA;AACA;AACA;AACA,OAAO,~~MAAMW~~,~~uBAAuB~~,~~SAAShB~~,aAAa,CAAC;~~EACzDG~~,IAAI,GAAG,~~0BAA0B;;EAEjC~~;AACF;AACA;EACEC,WAAWA,~~CAACa~~,~~YAAoB~~,EAAE;~~IAChC~~,~~MAAMZ~~,~~OAAO~~,~~GAAI~~,~~yBAAwBY~~,~~YAAa~~,~~GAAE;IACxD~~,~~KAAK~~,~~CAACZ~~,OAAO~~,CAAC~~;~~EAChB~~;AACF"}
1	+ {"version":3,"names":["IoWalletError","serializeAttrs","DcqlError","AuthRequestDecodeError","code","constructor","message","claim","arguments","length","undefined","reason","NoSuitableKeysFoundInEntityConfiguration","scenario","InvalidQRCodeError","InvalidRequestObjectError","MissingDataError","missingAttributes","CredentialsNotFoundError","details"],"sourceRoot":"../../../../src","sources":["credential/presentation/errors.ts"],"mappings":"AAAA,SAASA,aAAa,EAAEC,cAAc,QAAQ,oBAAoB;AAClE,SAASC,SAAS,QAAQ,MAAM;;AAEhC;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,SAASH,aAAa,CAAC;EACxDI,IAAI,GAAG,oDAAoD;;EAE3D;;EAGA;;EAGAC,WAAWA,CACTC,OAAe,EAGf;IAAA,IAFAC,KAAa,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAC7BG,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAE9B,KAAK,CAACP,cAAc,CAAC;MAAEK,OAAO;MAAEC,KAAK;MAAEI;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACJ,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMC,wCAAwC,SAASZ,aAAa,CAAC;EAC1EI,IAAI,GAAG,gCAAgC;;EAEvC;AACF;AACA;EACEC,WAAWA,CAACQ,QAAgB,EAAE;IAC5B,MAAMP,OAAO,GAAI,0DAAyDO,QAAS,IAAG;IACtF,KAAK,CAACP,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,kBAAkB,SAASd,aAAa,CAAC;EACpDI,IAAI,GAAG,qBAAqB;;EAE5B;;EAGAC,WAAWA,CAACM,MAAc,EAAE;IAC1B,KAAK,CAAC,iBAAiB,CAAC;IACxB,IAAI,CAACA,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA,OAAO,MAAMI,yBAAyB,SAASf,aAAa,CAAC;EAC3DI,IAAI,GAAG,4BAA4B;;EAEnC;;EAGAC,WAAWA,CAACC,OAAe,EAA0B;IAAA,IAAxBK,MAAM,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IACjD,KAAK,CAACF,OAAO,CAAC;IACd,IAAI,CAACK,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMK,gBAAgB,SAAShB,aAAa,CAAC;EAClDI,IAAI,GAAG,kBAAkB;;EAEzB;AACF;AACA;EACEC,WAAWA,CAACY,iBAAyB,EAAE;IACrC,MAAMX,OAAO,GAAI,kCAAiCW,iBAAkB,GAAE;IACtE,KAAK,CAACX,OAAO,CAAC;EAChB;AACF;AAQA;AACA;AACA;AACA;AACA,OAAO,MAAMY,wBAAwB,SAASlB,aAAa,CAAC;EAC1DI,IAAI,GAAG,2BAA2B;EAGlC;AACF;AACA;EACEC,WAAWA,CAACc,OAAyB,EAAE;IACrC,KAAK,CAAC,uDAAuD,CAAC;IAC9D,IAAI,CAACA,OAAO,GAAGA,OAAO;EACxB;AACF"}

package/lib/module/credential/presentation/index.js CHANGED Viewed

@@ -1,12 +1,12 @@
 import { startFlowFromQR } from "./01-start-flow";
 import { evaluateRelyingPartyTrust } from "./02-evaluate-rp-trust";
 import { getRequestObject } from "./03-get-request-object";
-import { fetchJwksFromRequestObject, fetchJwksFromConfig } from "./04-retrieve-rp-jwks";
-import { verifyRequestObjectSignature } from "./05-verify-request-object";
+import { getJwksFromConfig } from "./04-retrieve-rp-jwks";
+import { verifyRequestObject } from "./05-verify-request-object";
 import { fetchPresentDefinition } from "./06-fetch-presentation-definition";
-import { evaluateInputDescriptors } from "./07-evaluate-input-descriptor";
-import { evaluateDcqlQuery } from "./07-evaluate-dcql-query";
-import { prepareRemotePresentations, sendAuthorizationResponse, sendAuthorizationErrorResponse, sendAuthorizationResponseDcql } from "./08-send-authorization-response";
+import { evaluateInputDescriptors, prepareLegacyRemotePresentations } from "./07-evaluate-input-descriptor";
+import { evaluateDcqlQuery, prepareRemotePresentations } from "./07-evaluate-dcql-query";
+import { sendAuthorizationResponse, sendLegacyAuthorizationResponse, sendAuthorizationErrorResponse } from "./08-send-authorization-response";
 import * as Errors from "./errors";
-export { startFlowFromQR, evaluateRelyingPartyTrust, getRequestObject, fetchJwksFromRequestObject, fetchJwksFromConfig, verifyRequestObjectSignature, fetchPresentDefinition, evaluateInputDescriptors, evaluateDcqlQuery, sendAuthorizationResponse, sendAuthorizationErrorResponse, sendAuthorizationResponseDcql, prepareRemotePresentations, Errors };
+export { startFlowFromQR, evaluateRelyingPartyTrust, getRequestObject, getJwksFromConfig, verifyRequestObject, fetchPresentDefinition, evaluateInputDescriptors, evaluateDcqlQuery, prepareLegacyRemotePresentations, prepareRemotePresentations, sendAuthorizationResponse, sendLegacyAuthorizationResponse, sendAuthorizationErrorResponse, Errors };
 //# sourceMappingURL=index.js.map

package/lib/module/credential/presentation/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["startFlowFromQR","evaluateRelyingPartyTrust","getRequestObject","~~fetchJwksFromRequestObject~~","~~fetchJwksFromConfig~~","~~verifyRequestObjectSignature~~","~~fetchPresentDefinition~~","~~evaluateInputDescriptors~~","evaluateDcqlQuery","prepareRemotePresentations","sendAuthorizationResponse","~~sendAuthorizationErrorResponse~~","~~sendAuthorizationResponseDcql~~","Errors"],"sourceRoot":"../../../../src","sources":["credential/presentation/index.ts"],"mappings":"AAAA,SAASA,eAAe,QAAwB,iBAAiB;AACjE,SACEC,yBAAyB,QAEpB,wBAAwB;AAC/B,SACEC,gBAAgB,QAEX,yBAAyB;AAChC,~~SACEC~~,~~0BAA0B~~,~~EAC1BC~~,~~mBAAmB,QAEd,~~uBAAuB;~~AAC9B~~,SACEC,~~4BAA4B~~,~~QAEvB~~,4BAA4B;AACnC,SACEC,sBAAsB,QAEjB,oCAAoC;AAC3C,SACEC,wBAAwB,~~QAEnB~~,gCAAgC;AACvC,SACEC,iBAAiB,~~QAEZ~~,0BAA0B;AACjC,SACEC,~~0BAA0B,EAC1BC,~~yBAAyB,EAEzBC,8BAA8B,~~EAE9BC~~,~~6BAA6B,QAExB,~~kCAAkC;AACzC,OAAO,KAAKC,MAAM,MAAM,UAAU;~~AAGlC~~,SACEb,eAAe,EACfC,yBAAyB,EACzBC,gBAAgB,EAChBC,~~0BAA0B~~,~~EAC1BC~~,mBAAmB,EACnBC,~~4BAA4B,EAC5BC,~~sBAAsB,EACtBC,wBAAwB,~~EACxBC~~,iBAAiB,~~EACjBE~~,yBAAyB,EACzBC,8BAA8B,EAC9BC,~~6BAA6B,EAC7BH,0BAA0B,EAC1BI,~~MAAM"}
1	+ {"version":3,"names":["startFlowFromQR","evaluateRelyingPartyTrust","getRequestObject","getJwksFromConfig","verifyRequestObject","fetchPresentDefinition","evaluateInputDescriptors","prepareLegacyRemotePresentations","evaluateDcqlQuery","prepareRemotePresentations","sendAuthorizationResponse","sendLegacyAuthorizationResponse","sendAuthorizationErrorResponse","Errors"],"sourceRoot":"../../../../src","sources":["credential/presentation/index.ts"],"mappings":"AAAA,SAASA,eAAe,QAAwB,iBAAiB;AACjE,SACEC,yBAAyB,QAEpB,wBAAwB;AAC/B,SACEC,gBAAgB,QAEX,yBAAyB;AAChC,SAASC,iBAAiB,QAAwB,uBAAuB;AACzE,SACEC,mBAAmB,QAEd,4BAA4B;AACnC,SACEC,sBAAsB,QAEjB,oCAAoC;AAC3C,SACEC,wBAAwB,EACxBC,gCAAgC,QAG3B,gCAAgC;AACvC,SACEC,iBAAiB,EACjBC,0BAA0B,QAGrB,0BAA0B;AACjC,SACEC,yBAAyB,EAEzBC,+BAA+B,EAE/BC,8BAA8B,QAEzB,kCAAkC;AACzC,OAAO,KAAKC,MAAM,MAAM,UAAU;AAElC,SACEb,eAAe,EACfC,yBAAyB,EACzBC,gBAAgB,EAChBC,iBAAiB,EACjBC,mBAAmB,EACnBC,sBAAsB,EACtBC,wBAAwB,EACxBE,iBAAiB,EACjBD,gCAAgC,EAChCE,0BAA0B,EAC1BC,yBAAyB,EACzBC,+BAA+B,EAC/BC,8BAA8B,EAC9BC,MAAM"}

package/lib/module/credential/presentation/types.js CHANGED Viewed

@@ -1,6 +1,5 @@
 import { UnixTime } from "../../sd-jwt/types";
 import * as z from "zod";
-import { JWKS } from "../../utils/jwk";
 /**
  * A pair that associate a tokenized Verified Credential with the claims presented or requested to present.
@@ -8,6 +7,13 @@ import { JWKS } from "../../utils/jwk";
 /**
  * A object that associate the information needed to multiple remote presentation
+ * Used with `presentation_definition`
+ * @deprecated Use `RemotePresentation`
+ */
+/**
+ * A object that associate the information needed to multiple remote presentation
+ * Used with DCQL queries
  */
 const Fields = z.object({
@@ -74,51 +80,67 @@ export const PresentationDefinition = z.object({
   submission_requirements: z.array(SubmissionRequirement).optional()
 });
 export const RequestObject = z.object({
-  iss: z.string().optional(),
-  //optional by RFC 7519, mandatory for Potential
-  iat: UnixTime.optional(),
-  exp: UnixTime.optional(),
+  iss: z.string(),
+  iat: UnixTime,
+  exp: UnixTime,
   state: z.string().optional(),
   nonce: z.string(),
   response_uri: z.string(),
+  response_uri_method: z.string().optional(),
   response_type: z.literal("vp_token"),
-  response_mode: z.enum(["direct_post.jwt", "direct_post"]),
+  response_mode: z.literal("direct_post.jwt"),
   client_id: z.string(),
-  client_id_scheme: z.string().optional(),
-  // previous z.literal("entity_id"),
-  client_metadata: z.object({
-    authorization_encrypted_response_alg: z.string().optional(),
-    authorization_encrypted_response_enc: z.string().optional(),
-    jwks_uri: z.string().optional(),
-    jwks: JWKS.optional()
-  }).optional(),
-  // previous z.literal("entity_id"),
   dcql_query: z.record(z.string(), z.any()).optional(),
   // Validation happens within the `dcql` library, no need to duplicate it here
   scope: z.string().optional(),
   presentation_definition: PresentationDefinition.optional()
 });
+export const WalletMetadata = z.object({
+  presentation_definition_uri_supported: z.boolean().optional(),
+  client_id_schemes_supported: z.array(z.string()).optional(),
+  request_object_signing_alg_values_supported: z.array(z.string()).optional(),
+  vp_formats_supported: z.record(z.string(),
+  // TODO [SIW-2110]: use explicit credential format?
+  z.object({
+    "sd-jwt_alg_values": z.array(z.string()).optional() // alg_values_supported?
+  }))
+  // TODO [SIW-2110]: include other metadata?
+});
+/**
+ * Wallet capabilities that must be submitted to get the Request Object
+ * via POST request when the `request_uri_method` is `post`.
+ */
+export const RequestObjectWalletCapabilities = z.object({
+  wallet_metadata: WalletMetadata,
+  wallet_nonce: z.string().optional()
+});
 /**
  * This type models the possible error responses the OpenID4VP protocol allows for a presentation of a credential.
- * See https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html#name-error-response for more information.
+ * When the Wallet encounters one of these errors, it will notify the Relying Party through the `response_uri` endpoint.
+ * See https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/pid-eaa-presentation.html#authorization-response-errors for more information.
  */
-export const ErrorResponse = z.enum(["invalid_scope", "invalid_request", "invalid_client", "access_denied"]);
+export const ErrorResponse = z.enum(["invalid_request_object", "invalid_request_uri", "vp_formats_not_supported", "invalid_request", "access_denied", "invalid_client"]);
+/**
+ * @deprecated Use `DirectAuthorizationBodyPayload`
+ */
+const LegacyDirectAuthorizationBodyPayload = z.object({
+  vp_token: z.union([z.string(), z.array(z.string())]).optional(),
+  presentation_submission: z.record(z.string(), z.unknown())
+});
 /**
- * Type that defines the possible payload formats accepted by {@link buildDirectPostJwtBody} and {@link buildDirectPostBody}
+ * Authorization Response payload sent to the Relying Party.
  */
 export const DirectAuthorizationBodyPayload = z.union([z.object({
-  vp_token: z.union([z.string(),
-  // Presentation Definition with one credential
-  z.array(z.string()),
-  // Presentation Definition with more credential
-  z.record(z.string(), z.string()) // DCQL query
-  ]).optional(),
-  presentation_submission: z.record(z.string(), z.unknown()).optional()
+  vp_token: z.record(z.string(), z.string())
 }), z.object({
-  error: ErrorResponse
-})]);
+  error: ErrorResponse,
+  error_description: z.string()
+}), LegacyDirectAuthorizationBodyPayload]);
 //# sourceMappingURL=types.js.map

package/lib/module/credential/presentation/types.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["UnixTime","z","~~JWKS","~~Fields","object","path","array","string","min","id","optional","purpose","name","filter","any","boolean","intent_to_retain","Constraints","fields","limit_disclosure","enum","InputDescriptor","format","record","constraints","group","SubmissionRequirement","rule","from","from_nested","count","number","PresentationDefinition","input_descriptors","submission_requirements","RequestObject","iss","iat","exp","state","nonce","response_uri","response_type","literal","response_mode","client_id","~~client_id_scheme~~","~~client_metadata~~","~~authorization_encrypted_response_alg~~","~~authorization_encrypted_response_enc~~","~~jwks_uri~~","~~jwks~~","~~dcql_query~~","~~scope~~","~~presentation_definition~~","~~ErrorResponse~~","~~DirectAuthorizationBodyPayload~~","~~union~~","vp_token","presentation_submission","unknown","error"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":"AACA,SAASA,QAAQ,QAAQ,oBAAoB;AAC7C,OAAO,KAAKC,CAAC,MAAM,KAAK~~;AACxB,SAASC,IAAI,QAAQ,iBAAiB~~;;~~AAiBtC~~;AACA;AACA;;AAOA;AACA;AACA;;~~AAyBA~~,MAAMC,MAAM,~~GAAGF~~,CAAC,~~CAACG~~,MAAM,CAAC;EACtBC,IAAI,~~EAAEJ~~,CAAC,~~CAACK~~,KAAK,~~CAACL~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAAC;EAAE;EAClCC,EAAE,~~EAAER~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC3BC,OAAO,~~EAAEV~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCE,IAAI,~~EAAEX~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BG,MAAM,~~EAAEZ~~,CAAC,~~CAACa~~,GAAG,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAC5BA,QAAQ,~~EAAET~~,CAAC,~~CAACc~~,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAAE;EAClCM,gBAAgB,~~EAAEf~~,CAAC,~~CAACc~~,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC,CAAE;AAC5C,CAAC,CAAC;;AAEF;AACA,MAAMO,WAAW,~~GAAGhB~~,CAAC,~~CAACG~~,MAAM,CAAC;EAC3Bc,MAAM,~~EAAEjB~~,CAAC,~~CAACK~~,KAAK,CAACH,MAAM,CAAC,CAACO,QAAQ,CAAC,CAAC;EAAE;EACpCS,gBAAgB,~~EAAElB~~,CAAC,~~CAACmB~~,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAACV,QAAQ,CAAC,CAAC,CAAE;AAClE,CAAC,CAAC;;AAEF;;AAEA,OAAO,MAAMW,eAAe,~~GAAGpB~~,CAAC,~~CAACG~~,MAAM,CAAC;EACtCK,EAAE,~~EAAER~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC;EAAE;EACvBI,IAAI,~~EAAEX~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BC,OAAO,~~EAAEV~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCY,MAAM,~~EAAErB~~,CAAC,~~CAACsB~~,MAAM,~~CAACtB~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,~~EAAEN~~,CAAC,~~CAACa~~,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAClDc,WAAW,EAAEP,WAAW;EAAE;EAC1BQ,KAAK,~~EAAExB~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;AAChC,CAAC,CAAC;;AAEF,MAAMgB,qBAAqB,~~GAAGzB~~,CAAC,~~CAACG~~,MAAM,CAAC;EACrCQ,IAAI,~~EAAEX~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,~~EAAEV~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BiB,IAAI,~~EAAE1B~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC;EAAE;EAClBqB,IAAI,~~EAAE3B~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BmB,WAAW,~~EAAE5B~~,CAAC,~~CACXK~~,KAAK,~~CACJL~~,CAAC,~~CAACG~~,MAAM,CAAC;IACPQ,IAAI,~~EAAEX~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3BC,OAAO,~~EAAEV~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC9BiB,IAAI,~~EAAE1B~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC;IAChBqB,IAAI,~~EAAE3B~~,CAAC,~~CAACM~~,MAAM,CAAC;EACjB,CAAC,CACH,CAAC,CACAG,QAAQ,CAAC,CAAC;EACboB,KAAK,~~EAAE7B~~,CAAC,~~CAAC8B~~,MAAM,CAAC,CAAC,CAACrB,QAAQ,CAAC;EAC3B;AACF,CAAC,CAAC;;AAGF,OAAO,MAAMsB,sBAAsB,~~GAAG/B~~,CAAC,~~CAACG~~,MAAM,CAAC;EAC7CK,EAAE,~~EAAER~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC;EACdK,IAAI,~~EAAEX~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,~~EAAEV~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BuB,iBAAiB,~~EAAEhC~~,CAAC,~~CAACK~~,KAAK,CAACe,eAAe,CAAC;EAC3Ca,uBAAuB,~~EAAEjC~~,CAAC,~~CAACK~~,KAAK,CAACoB,qBAAqB,CAAC,CAAChB,QAAQ,CAAC;AACnE,CAAC,CAAC;AAGF,OAAO,MAAMyB,aAAa,~~GAAGlC~~,CAAC,~~CAACG~~,MAAM,CAAC;EACpCgC,GAAG,~~EAAEnC~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,~~CAACG~~,QAAQ~~,CAAC,CAAC~~;~~EAAE;EAC5B2B~~,GAAG,EAAErC,QAAQ,~~CAACU~~,~~QAAQ~~,CAAC,~~CAAC;EACxB4B~~,~~GAAG~~,~~EAAEtC~~,~~QAAQ~~,~~CAACU~~,QAAQ,CAAC,CAAC;~~EACxB6B~~,KAAK,EAAEtC,CAAC,~~CAACM~~,MAAM,CAAC,CAAC~~,CAACG,QAAQ,CAAC,CAAC~~;~~EAC5B8B~~,~~KAAK~~,EAAEvC,CAAC,~~CAACM~~,MAAM,CAAC,CAAC;~~EACjBkC~~,~~YAAY~~,EAAExC,CAAC,~~CAACM~~,MAAM,CAAC,CAAC;~~EACxBmC~~,aAAa,EAAEzC,CAAC,CAAC0C,OAAO,CAAC,UAAU,CAAC;EACpCC,aAAa,EAAE3C,CAAC,~~CAACmB~~,~~IAAI~~,CAAC,~~CAAC,~~iBAAiB,~~EAAE,aAAa,~~CAAC~~,CAAC~~;~~EACzDyB~~,SAAS,EAAE5C,CAAC,~~CAACM~~,MAAM,CAAC,CAAC;~~EACrBuC~~,~~gBAAgB~~,EAAE7C,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,~~CAACG~~,QAAQ,CAAC,CAAC;EAAE;~~EACzCqC~~,~~eAAe~~,EAAE9C,CAAC,~~CACfG~~,MAAM,CAAC~~;IACN4C~~,~~oCAAoC,EAAE/C,~~CAAC,~~CAACM~~,~~MAAM~~,CAAC,CAAC,~~CAACG~~,QAAQ,CAAC,CAAC;~~IAC3DuC~~,~~oCAAoC~~,~~EAAEhD~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,~~CAACG~~,QAAQ,CAAC,CAAC;~~IAC3DwC~~,~~QAAQ~~,~~EAAEjD~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;~~IAC/ByC~~,~~IAAI~~,~~EAAEjD~~,~~IAAI~~,~~CAACQ~~,~~QAAQ~~,CAAC~~;EACtB~~,CAAC,CAAC,~~CACDA~~,QAAQ,CAAC,CAAC;~~EAAE;EACf0C~~,~~UAAU~~,~~EAAEnD~~,CAAC,~~CAACsB~~,MAAM,~~CAACtB~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,~~EAAEN~~,CAAC,~~CAACa~~,~~GAAG~~,CAAC,CAAC,CAAC,~~CAACJ~~,QAAQ,CAAC,CAAC;~~EAAE~~;~~EACtD2C~~,~~KAAK~~,~~EAAEpD~~,CAAC,~~CAACM~~,MAAM,CAAC,~~CAAC~~,~~CAACG~~,~~QAAQ~~,~~CAAC~~,CAAC~~;EAC5B4C~~,~~uBAAuB~~,~~EAAEtB~~,~~sBAAsB~~,~~CAACtB~~,QAAQ,CAAC;~~AAC3D~~,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAEA,OAAO,~~MAAM6C~~,aAAa,~~GAAGtD~~,CAAC,~~CAACmB~~,IAAI,CAAC,CAClC,~~eAAe~~,~~EACf~~,iBAAiB,EACjB,~~gBAAgB~~,~~EAChB~~,~~eAAe~~,~~CAChB~~,CAAC;;AAEF;AACA;AACA~~;;AAIA~~,~~OAAO~~,~~MAAMoC~~,~~8BAA8B~~,~~GAAGvD,~~CAAC,~~CAACwD~~,~~KAAK,CAAC,CACpDxD,CAAC,CAACG,~~MAAM,CAAC;~~EACPsD~~,QAAQ,~~EAAEzD~~,CAAC,~~CACRwD~~,KAAK,CAAC,~~CACLxD~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC~~;EAAE;EACZN~~,CAAC,~~CAACK~~,KAAK,~~CAACL~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,CAAC;~~EAAE;EACrBN~~,CAAC,~~CAACsB~~,MAAM,~~CAACtB~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,~~EAAEN~~,CAAC,~~CAACM~~,~~MAAM~~,CAAC,CAAC,CAAC,~~CAAE~~;~~EAAA~~,~~CACnC~~,CAAC,~~CACDG~~,~~QAAQ~~,CAAC,CAAC;~~EACbiD~~,~~uBAAuB~~,EAAE1D,CAAC,~~CAACsB~~,MAAM,~~CAACtB~~,CAAC,~~CAACM~~,MAAM,CAAC,CAAC,~~EAAEN~~,CAAC,~~CAAC2D~~,~~OAAO~~,CAAC,CAAC~~,CAAC,CAAClD,QAAQ,CAAC~~;~~AACtE~~,CAAC,CAAC,~~EACFT~~,CAAC,~~CAACG~~,MAAM,CAAC;~~EAAEyD~~,KAAK,~~EAAEN~~;~~AAAc~~,CAAC,CAAC,~~CACnC~~,CAAC"}
1	+ {"version":3,"names":["UnixTime","z","Fields","object","path","array","string","min","id","optional","purpose","name","filter","any","boolean","intent_to_retain","Constraints","fields","limit_disclosure","enum","InputDescriptor","format","record","constraints","group","SubmissionRequirement","rule","from","from_nested","count","number","PresentationDefinition","input_descriptors","submission_requirements","RequestObject","iss","iat","exp","state","nonce","response_uri","response_uri_method","response_type","literal","response_mode","client_id","dcql_query","scope","presentation_definition","WalletMetadata","presentation_definition_uri_supported","client_id_schemes_supported","request_object_signing_alg_values_supported","vp_formats_supported","RequestObjectWalletCapabilities","wallet_metadata","wallet_nonce","ErrorResponse","LegacyDirectAuthorizationBodyPayload","vp_token","union","presentation_submission","unknown","DirectAuthorizationBodyPayload","error","error_description"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":"AACA,SAASA,QAAQ,QAAQ,oBAAoB;AAC7C,OAAO,KAAKC,CAAC,MAAM,KAAK;;AAExB;AACA;AACA;;AAOA;AACA;AACA;AACA;AACA;;AAQA;AACA;AACA;AACA;;AAQA,MAAMC,MAAM,GAAGD,CAAC,CAACE,MAAM,CAAC;EACtBC,IAAI,EAAEH,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAAC;EAAE;EAClCC,EAAE,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCE,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BG,MAAM,EAAEX,CAAC,CAACY,GAAG,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAC5BA,QAAQ,EAAER,CAAC,CAACa,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAAE;EAClCM,gBAAgB,EAAEd,CAAC,CAACa,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC,CAAE;AAC5C,CAAC,CAAC;;AAEF;AACA,MAAMO,WAAW,GAAGf,CAAC,CAACE,MAAM,CAAC;EAC3Bc,MAAM,EAAEhB,CAAC,CAACI,KAAK,CAACH,MAAM,CAAC,CAACO,QAAQ,CAAC,CAAC;EAAE;EACpCS,gBAAgB,EAAEjB,CAAC,CAACkB,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAACV,QAAQ,CAAC,CAAC,CAAE;AAClE,CAAC,CAAC;;AAEF;;AAEA,OAAO,MAAMW,eAAe,GAAGnB,CAAC,CAACE,MAAM,CAAC;EACtCK,EAAE,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC;EAAE;EACvBI,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCY,MAAM,EAAEpB,CAAC,CAACqB,MAAM,CAACrB,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAACY,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAClDc,WAAW,EAAEP,WAAW;EAAE;EAC1BQ,KAAK,EAAEvB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;AAChC,CAAC,CAAC;;AAEF,MAAMgB,qBAAqB,GAAGxB,CAAC,CAACE,MAAM,CAAC;EACrCQ,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BiB,IAAI,EAAEzB,CAAC,CAACK,MAAM,CAAC,CAAC;EAAE;EAClBqB,IAAI,EAAE1B,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BmB,WAAW,EAAE3B,CAAC,CACXI,KAAK,CACJJ,CAAC,CAACE,MAAM,CAAC;IACPQ,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC9BiB,IAAI,EAAEzB,CAAC,CAACK,MAAM,CAAC,CAAC;IAChBqB,IAAI,EAAE1B,CAAC,CAACK,MAAM,CAAC;EACjB,CAAC,CACH,CAAC,CACAG,QAAQ,CAAC,CAAC;EACboB,KAAK,EAAE5B,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACrB,QAAQ,CAAC;EAC3B;AACF,CAAC,CAAC;;AAGF,OAAO,MAAMsB,sBAAsB,GAAG9B,CAAC,CAACE,MAAM,CAAC;EAC7CK,EAAE,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC;EACdK,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BuB,iBAAiB,EAAE/B,CAAC,CAACI,KAAK,CAACe,eAAe,CAAC;EAC3Ca,uBAAuB,EAAEhC,CAAC,CAACI,KAAK,CAACoB,qBAAqB,CAAC,CAAChB,QAAQ,CAAC;AACnE,CAAC,CAAC;AAGF,OAAO,MAAMyB,aAAa,GAAGjC,CAAC,CAACE,MAAM,CAAC;EACpCgC,GAAG,EAAElC,CAAC,CAACK,MAAM,CAAC,CAAC;EACf8B,GAAG,EAAEpC,QAAQ;EACbqC,GAAG,EAAErC,QAAQ;EACbsC,KAAK,EAAErC,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC5B8B,KAAK,EAAEtC,CAAC,CAACK,MAAM,CAAC,CAAC;EACjBkC,YAAY,EAAEvC,CAAC,CAACK,MAAM,CAAC,CAAC;EACxBmC,mBAAmB,EAAExC,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC1CiC,aAAa,EAAEzC,CAAC,CAAC0C,OAAO,CAAC,UAAU,CAAC;EACpCC,aAAa,EAAE3C,CAAC,CAAC0C,OAAO,CAAC,iBAAiB,CAAC;EAC3CE,SAAS,EAAE5C,CAAC,CAACK,MAAM,CAAC,CAAC;EACrBwC,UAAU,EAAE7C,CAAC,CAACqB,MAAM,CAACrB,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAACY,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EACtDsC,KAAK,EAAE9C,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC5BuC,uBAAuB,EAAEjB,sBAAsB,CAACtB,QAAQ,CAAC;AAC3D,CAAC,CAAC;AAGF,OAAO,MAAMwC,cAAc,GAAGhD,CAAC,CAACE,MAAM,CAAC;EACrC+C,qCAAqC,EAAEjD,CAAC,CAACa,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAC7D0C,2BAA2B,EAAElD,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3D2C,2CAA2C,EAAEnD,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3E4C,oBAAoB,EAAEpD,CAAC,CAACqB,MAAM,CAC5BrB,CAAC,CAACK,MAAM,CAAC,CAAC;EAAE;EACZL,CAAC,CAACE,MAAM,CAAC;IACP,mBAAmB,EAAEF,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;EACvD,CAAC,CACH;EACA;AACF,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAIA,OAAO,MAAM6C,+BAA+B,GAAGrD,CAAC,CAACE,MAAM,CAAC;EACtDoD,eAAe,EAAEN,cAAc;EAC/BO,YAAY,EAAEvD,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC;AACpC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;;AAEA,OAAO,MAAMgD,aAAa,GAAGxD,CAAC,CAACkB,IAAI,CAAC,CAClC,wBAAwB,EACxB,qBAAqB,EACrB,0BAA0B,EAC1B,iBAAiB,EACjB,eAAe,EACf,gBAAgB,CACjB,CAAC;;AAEF;AACA;AACA;AACA,MAAMuC,oCAAoC,GAAGzD,CAAC,CAACE,MAAM,CAAC;EACpDwD,QAAQ,EAAE1D,CAAC,CAAC2D,KAAK,CAAC,CAAC3D,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC/DoD,uBAAuB,EAAE5D,CAAC,CAACqB,MAAM,CAACrB,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAAC6D,OAAO,CAAC,CAAC;AAC3D,CAAC,CAAC;;AAEF;AACA;AACA;;AAIA,OAAO,MAAMC,8BAA8B,GAAG9D,CAAC,CAAC2D,KAAK,CAAC,CACpD3D,CAAC,CAACE,MAAM,CAAC;EACPwD,QAAQ,EAAE1D,CAAC,CAACqB,MAAM,CAACrB,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAACK,MAAM,CAAC,CAAC;AAC3C,CAAC,CAAC,EACFL,CAAC,CAACE,MAAM,CAAC;EAAE6D,KAAK,EAAEP,aAAa;EAAEQ,iBAAiB,EAAEhE,CAAC,CAACK,MAAM,CAAC;AAAE,CAAC,CAAC,EACjEoD,oCAAoC,CACrC,CAAC"}

package/lib/module/credential/status/01-start-flow.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+
2	+ //# sourceMappingURL=01-start-flow.js.map

package/lib/module/credential/status/01-start-flow.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"names":[],"sourceRoot":"../../../../src","sources":["credential/status/01-start-flow.ts"],"mappings":""}

package/lib/module/credential/status/02-status-attestation.js ADDED Viewed

@@ -0,0 +1,66 @@
+import { getCredentialHashWithouDiscloures, hasStatusOrThrow } from "../../utils/misc";
+import { SignJWT } from "@pagopa/io-react-native-jwt";
+import { v4 as uuidv4 } from "uuid";
+import { StatusAttestationResponse } from "./types";
+import { IssuerResponseError, IssuerResponseErrorCodes, ResponseErrorBuilder, UnexpectedStatusCodeError } from "../../utils/errors";
+import { LogLevel, Logger } from "../../utils/logging";
+/**
+ * WARNING: This function must be called after {@link startFlow}.
+ * Verify the status of the credential attestation.
+ * @param issuerConf - The issuer's configuration
+ * @param credential - The credential to be verified
+ * @param credentialCryptoContext - The credential's crypto context
+ * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
+ * @throws {IssuerResponseError} with a specific code for more context
+ * @returns The credential status attestation
+ */
+export const statusAttestation = async function (issuerConf, credential, credentialCryptoContext) {
+  let appFetch = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : fetch;
+  const jwk = await credentialCryptoContext.getPublicKey();
+  const credentialHash = await getCredentialHashWithouDiscloures(credential);
+  const statusAttUrl = issuerConf.openid_credential_issuer.status_attestation_endpoint;
+  const credentialPop = await new SignJWT(credentialCryptoContext).setPayload({
+    aud: statusAttUrl,
+    jti: uuidv4().toString(),
+    credential_hash: credentialHash,
+    credential_hash_alg: "S256"
+  }).setProtectedHeader({
+    alg: "ES256",
+    typ: "status-attestation-request+jwt",
+    kid: jwk.kid
+  }).setIssuedAt().setExpirationTime("5m").sign();
+  const body = {
+    credential_pop: credentialPop
+  };
+  Logger.log(LogLevel.DEBUG, `Credential pop: ${credentialPop}`);
+  const result = await appFetch(statusAttUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify(body)
+  }).then(hasStatusOrThrow(201)).then(raw => raw.json()).then(json => StatusAttestationResponse.parse(json)).catch(handleStatusAttestationError);
+  return {
+    statusAttestation: result.status_attestation
+  };
+};
+/**
+ * Handle the status attestation error by mapping it to a custom exception.
+ * If the error is not an instance of {@link UnexpectedStatusCodeError}, it is thrown as is.
+ * @param e - The error to be handled
+ * @throws {IssuerResponseError} with a specific code for more context
+ */
+const handleStatusAttestationError = e => {
+  if (!(e instanceof UnexpectedStatusCodeError)) {
+    throw e;
+  }
+  throw new ResponseErrorBuilder(IssuerResponseError).handle(404, {
+    code: IssuerResponseErrorCodes.CredentialInvalidStatus,
+    message: "Invalid status found for the given credential"
+  }).handle("*", {
+    code: IssuerResponseErrorCodes.StatusAttestationRequestFailed,
+    message: `Unable to obtain the status attestation for the given credential`
+  }).buildFrom(e);
+};
+//# sourceMappingURL=02-status-attestation.js.map

package/lib/module/credential/status/02-status-attestation.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["getCredentialHashWithouDiscloures","hasStatusOrThrow","SignJWT","v4","uuidv4","StatusAttestationResponse","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","LogLevel","Logger","statusAttestation","issuerConf","credential","credentialCryptoContext","appFetch","arguments","length","undefined","fetch","jwk","getPublicKey","credentialHash","statusAttUrl","openid_credential_issuer","status_attestation_endpoint","credentialPop","setPayload","aud","jti","toString","credential_hash","credential_hash_alg","setProtectedHeader","alg","typ","kid","setIssuedAt","setExpirationTime","sign","body","credential_pop","log","DEBUG","result","method","headers","JSON","stringify","then","raw","json","parse","catch","handleStatusAttestationError","status_attestation","e","handle","code","CredentialInvalidStatus","message","StatusAttestationRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/status/02-status-attestation.ts"],"mappings":"AAAA,SACEA,iCAAiC,EACjCC,gBAAgB,QAEX,kBAAkB;AAEzB,SAA6BC,OAAO,QAAQ,6BAA6B;AACzE,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,yBAAyB,QAAQ,SAAS;AACnD,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,EACpBC,yBAAyB,QACpB,oBAAoB;AAC3B,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAWtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,iBAAoC,GAAG,eAAAA,CAClDC,UAAU,EACVC,UAAU,EACVC,uBAAuB,EAEpB;EAAA,IADHC,QAA8B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAEtC,MAAMC,GAAG,GAAG,MAAMN,uBAAuB,CAACO,YAAY,CAAC,CAAC;EACxD,MAAMC,cAAc,GAAG,MAAMvB,iCAAiC,CAACc,UAAU,CAAC;EAC1E,MAAMU,YAAY,GAChBX,UAAU,CAACY,wBAAwB,CAACC,2BAA2B;EACjE,MAAMC,aAAa,GAAG,MAAM,IAAIzB,OAAO,CAACa,uBAAuB,CAAC,CAC7Da,UAAU,CAAC;IACVC,GAAG,EAAEL,YAAY;IACjBM,GAAG,EAAE1B,MAAM,CAAC,CAAC,CAAC2B,QAAQ,CAAC,CAAC;IACxBC,eAAe,EAAET,cAAc;IAC/BU,mBAAmB,EAAE;EACvB,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,gCAAgC;IACrCC,GAAG,EAAEhB,GAAG,CAACgB;EACX,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,IAAI,GAAG;IACXC,cAAc,EAAEf;EAClB,CAAC;EAEDhB,MAAM,CAACgC,GAAG,CAACjC,QAAQ,CAACkC,KAAK,EAAG,mBAAkBjB,aAAc,EAAC,CAAC;EAE9D,MAAMkB,MAAM,GAAG,MAAM7B,QAAQ,CAACQ,YAAY,EAAE;IAC1CsB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDN,IAAI,EAAEO,IAAI,CAACC,SAAS,CAACR,IAAI;EAC3B,CAAC,CAAC,CACCS,IAAI,CAACjD,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BiD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEE,IAAI,IAAK/C,yBAAyB,CAACgD,KAAK,CAACD,IAAI,CAAC,CAAC,CACrDE,KAAK,CAACC,4BAA4B,CAAC;EAEtC,OAAO;IAAE3C,iBAAiB,EAAEiC,MAAM,CAACW;EAAmB,CAAC;AACzD,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMD,4BAA4B,GAAIE,CAAU,IAAK;EACnD,IAAI,EAAEA,CAAC,YAAYhD,yBAAyB,CAAC,EAAE;IAC7C,MAAMgD,CAAC;EACT;EAEA,MAAM,IAAIjD,oBAAoB,CAACF,mBAAmB,CAAC,CAChDoD,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEpD,wBAAwB,CAACqD,uBAAuB;IACtDC,OAAO,EAAE;EACX,CAAC,CAAC,CACDH,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEpD,wBAAwB,CAACuD,8BAA8B;IAC7DD,OAAO,EAAG;EACZ,CAAC,CAAC,CACDE,SAAS,CAACN,CAAC,CAAC;AACjB,CAAC"}

package/lib/module/credential/status/03-verify-and-parse-status-attestation.js ADDED Viewed

@@ -0,0 +1,49 @@
+import { IoWalletError } from "../../utils/errors";
+import { verify } from "@pagopa/io-react-native-jwt";
+import { ParsedStatusAttestation } from "./types";
+import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
+import { LogLevel, Logger } from "../../utils/logging";
+/**
+ * Given a status attestation, verifies that:
+ * - It's in the supported format;
+ * - The attestation is correctly signed;
+ * - It's bound to the given key.
+ * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
+ * @param statusAttestation The encoded status attestation returned by {@link statusAttestation}
+ * @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
+ * @returns A parsed status attestation
+ * @throws {IoWalletError} If the credential signature is not verified with the Issuer key set
+ * @throws {IoWalletError} If the credential is not bound to the provided user key
+ * @throws {IoWalletError} If the credential data fail to parse
+ */
+export const verifyAndParseStatusAttestation = async (issuerConf, rawStatusAttestation, context) => {
+  try {
+    const {
+      statusAttestation
+    } = rawStatusAttestation;
+    const {
+      credentialCryptoContext
+    } = context;
+    await verify(statusAttestation, issuerConf.openid_credential_issuer.jwks.keys);
+    const decodedJwt = decodeJwt(statusAttestation);
+    const parsedStatusAttestation = ParsedStatusAttestation.parse({
+      header: decodedJwt.protectedHeader,
+      payload: decodedJwt.payload
+    });
+    Logger.log(LogLevel.DEBUG, `Parsed status attestation: ${JSON.stringify(parsedStatusAttestation)}`);
+    const holderBindingKey = await credentialCryptoContext.getPublicKey();
+    const {
+      cnf
+    } = parsedStatusAttestation.payload;
+    if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
+      Logger.log(LogLevel.ERROR, `Failed to verify holder binding for status attestation, expected kid: ${holderBindingKey.kid}, got: ${parsedStatusAttestation.payload.cnf.jwk.kid}`);
+      throw new IoWalletError(`Failed to verify holder binding for status attestation, expected kid: ${holderBindingKey.kid}, got: ${parsedStatusAttestation.payload.cnf.jwk.kid}`);
+    }
+    return {
+      parsedStatusAttestation
+    };
+  } catch (e) {
+    throw new IoWalletError(`Failed to verify status attestation: ${JSON.stringify(e)}`);
+  }
+};
+//# sourceMappingURL=03-verify-and-parse-status-attestation.js.map

package/lib/module/credential/status/03-verify-and-parse-status-attestation.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["IoWalletError","verify","ParsedStatusAttestation","decode","decodeJwt","LogLevel","Logger","verifyAndParseStatusAttestation","issuerConf","rawStatusAttestation","context","statusAttestation","credentialCryptoContext","openid_credential_issuer","jwks","keys","decodedJwt","parsedStatusAttestation","parse","header","protectedHeader","payload","log","DEBUG","JSON","stringify","holderBindingKey","getPublicKey","cnf","jwk","kid","ERROR","e"],"sourceRoot":"../../../../src","sources":["credential/status/03-verify-and-parse-status-attestation.ts"],"mappings":"AACA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,MAAM,QAA4B,6BAA6B;AAExE,SAASC,uBAAuB,QAAQ,SAAS;AACjD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAUtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,+BAAgE,GAC3E,MAAAA,CAAOC,UAAU,EAAEC,oBAAoB,EAAEC,OAAO,KAAK;EACnD,IAAI;IACF,MAAM;MAAEC;IAAkB,CAAC,GAAGF,oBAAoB;IAClD,MAAM;MAAEG;IAAwB,CAAC,GAAGF,OAAO;IAE3C,MAAMT,MAAM,CACVU,iBAAiB,EACjBH,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACC,IAC3C,CAAC;IAED,MAAMC,UAAU,GAAGZ,SAAS,CAACO,iBAAiB,CAAC;IAC/C,MAAMM,uBAAuB,GAAGf,uBAAuB,CAACgB,KAAK,CAAC;MAC5DC,MAAM,EAAEH,UAAU,CAACI,eAAe;MAClCC,OAAO,EAAEL,UAAU,CAACK;IACtB,CAAC,CAAC;IAEFf,MAAM,CAACgB,GAAG,CACRjB,QAAQ,CAACkB,KAAK,EACb,8BAA6BC,IAAI,CAACC,SAAS,CAACR,uBAAuB,CAAE,EACxE,CAAC;IAED,MAAMS,gBAAgB,GAAG,MAAMd,uBAAuB,CAACe,YAAY,CAAC,CAAC;IACrE,MAAM;MAAEC;IAAI,CAAC,GAAGX,uBAAuB,CAACI,OAAO;IAC/C,IAAI,CAACO,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKJ,gBAAgB,CAACI,GAAG,EAAE;MACxDxB,MAAM,CAACgB,GAAG,CACRjB,QAAQ,CAAC0B,KAAK,EACb,yEAAwEL,gBAAgB,CAACI,GAAI,UAASb,uBAAuB,CAACI,OAAO,CAACO,GAAG,CAACC,GAAG,CAACC,GAAI,EACrJ,CAAC;MACD,MAAM,IAAI9B,aAAa,CACpB,yEAAwE0B,gBAAgB,CAACI,GAAI,UAASb,uBAAuB,CAACI,OAAO,CAACO,GAAG,CAACC,GAAG,CAACC,GAAI,EACrJ,CAAC;IACH;IAEA,OAAO;MAAEb;IAAwB,CAAC;EACpC,CAAC,CAAC,OAAOe,CAAC,EAAE;IACV,MAAM,IAAIhC,aAAa,CACpB,wCAAuCwB,IAAI,CAACC,SAAS,CAACO,CAAC,CAAE,EAC5D,CAAC;EACH;AACF,CAAC"}

package/lib/module/credential/status/README.md ADDED Viewed

@@ -0,0 +1,67 @@
+# Credential Status Attestation
+This flow is used to obtain a credential status attestation from its credential issuer. Each step in the flow is imported from the related file which is named with a sequential number.
+The credential status attestation is a JWT which contains the credential status which indicates if the credential is valid or not.
+The status attestation is supposed to be stored securely along with the credential. It has a limited lifetime and should be refreshed periodically according to the `exp` field in the JWT payload.
+## Sequence Diagram
+```mermaid
+graph TD;
+    0[startFlow]
+    1[statusAttestation]
+    2[verifyAndParseStatusAttestation]
+    0 --> 1
+    1 --> 2
+```
+## Mapped results
+The following errors are mapped to a `IssuerResponseError` with specific codes.
+|HTTP Status|Error Code|Description|
+|-----------|----------|-----------|
+|`404 Not Found`|`ERR_CREDENTIAL_INVALID_STATUS`|This response is returned by the credential issuer when the status attestation is invalid. It might contain more details in the `reason` property.|
+## Example
+<details>
+  <summary>Credential status attestation flow</summary>
+```ts
+// Start the issuance flow
+const credentialIssuerUrl = "https://issuer.example.com";
+const startFlow: Credential.Status.StartFlow = () => ({
+  issuerUrl: credentialIssuerUrl, // Let's assum
+});
+const { issuerUrl } = startFlow();
+// Evaluate issuer trust
+const { issuerConf } = await Credential.Status.evaluateIssuerTrust(issuerUrl);
+// Get the credential attestation
+const res = await Credential.Status.statusAttestation(
+  issuerConf,
+  credential,
+  credentialCryptoContext
+);
+// Verify and parse the status attestation
+const { parsedStatusAttestation } =
+  await Credential.Status.verifyAndParseStatusAttestation(
+    issuerConf,
+    res.statusAttestation,
+    { credentialCryptoContext }
+  );
+return {
+  statusAttestation: res.statusAttestation,
+  parsedStatusAttestation,
+  credentialType,
+};
+```
+</details>

package/lib/module/credential/status/index.js ADDED Viewed

@@ -0,0 +1,5 @@
+import { statusAttestation } from "./02-status-attestation";
+import { evaluateIssuerTrust } from "../issuance";
+import { verifyAndParseStatusAttestation } from "./03-verify-and-parse-status-attestation";
+export { evaluateIssuerTrust, statusAttestation, verifyAndParseStatusAttestation };
+//# sourceMappingURL=index.js.map

package/lib/module/credential/status/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"names":["statusAttestation","evaluateIssuerTrust","verifyAndParseStatusAttestation"],"sourceRoot":"../../../../src","sources":["credential/status/index.ts"],"mappings":"AACA,SACEA,iBAAiB,QAEZ,yBAAyB;AAChC,SAASC,mBAAmB,QAAkC,aAAa;AAC3E,SACEC,+BAA+B,QAE1B,0CAA0C;AAEjD,SACED,mBAAmB,EACnBD,iBAAiB,EACjBE,+BAA+B"}

package/lib/module/credential/status/types.js ADDED Viewed

@@ -0,0 +1,40 @@
+import { UnixTime } from "../../sd-jwt/types";
+import { JWK } from "../../utils/jwk";
+import * as z from "zod";
+/**
+ * Shape from parsing a status attestation response in case of 201.
+ */
+export const StatusAttestationResponse = z.object({
+  status_attestation: z.string()
+});
+/**
+ * Type from parsing a status attestation response in case of 201.
+ * Inferred from {@link StatusAttestationResponse}.
+ */
+/**
+ * Type for a parsed status attestation.
+ */
+/**
+ * Shape for parsing a status attestation in a JWT.
+ */
+export const ParsedStatusAttestation = z.object({
+  header: z.object({
+    typ: z.literal("status-attestation+jwt"),
+    alg: z.string(),
+    kid: z.string().optional()
+  }),
+  payload: z.object({
+    credential_hash_alg: z.string(),
+    credential_hash: z.string(),
+    cnf: z.object({
+      jwk: JWK
+    }),
+    exp: UnixTime,
+    iat: UnixTime
+  })
+});
+//# sourceMappingURL=types.js.map

package/lib/module/credential/status/types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["UnixTime","JWK","z","StatusAttestationResponse","object","status_attestation","string","ParsedStatusAttestation","header","typ","literal","alg","kid","optional","payload","credential_hash_alg","credential_hash","cnf","jwk","exp","iat"],"sourceRoot":"../../../../src","sources":["credential/status/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,GAAG,QAAQ,iBAAiB;AACrC,OAAO,KAAKC,CAAC,MAAM,KAAK;;AAExB;AACA;AACA;AACA,OAAO,MAAMC,yBAAyB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAChDC,kBAAkB,EAAEH,CAAC,CAACI,MAAM,CAAC;AAC/B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAKA;AACA;AACA;;AAGA;AACA;AACA;AACA,OAAO,MAAMC,uBAAuB,GAAGL,CAAC,CAACE,MAAM,CAAC;EAC9CI,MAAM,EAAEN,CAAC,CAACE,MAAM,CAAC;IACfK,GAAG,EAAEP,CAAC,CAACQ,OAAO,CAAC,wBAAwB,CAAC;IACxCC,GAAG,EAAET,CAAC,CAACI,MAAM,CAAC,CAAC;IACfM,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC;EAC3B,CAAC,CAAC;EACFC,OAAO,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAChBW,mBAAmB,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IAC/BU,eAAe,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IAC3BW,GAAG,EAAEf,CAAC,CAACE,MAAM,CAAC;MACZc,GAAG,EAAEjB;IACP,CAAC,CAAC;IACFkB,GAAG,EAAEnB,QAAQ;IACboB,GAAG,EAAEpB;EACP,CAAC;AACH,CAAC,CAAC"}

package/lib/module/credential/trustmark/README.md ADDED Viewed

@@ -0,0 +1,62 @@
+# Credential Trustmark
+A credential TrustMark is a signed JWT that verifies the authenticity of a credential issued by a trusted source. It serves as proof that a credential is valid and linked to a specific wallet instance.
+The TrustMark is often presented as a QR code, containing cryptographic data to ensure it hasn't been tampered with. It includes fields like issuer, issuance and expiration timestamps, and credential-specific details. TrustMarks have a short validity period and are used to enhance security and prevent misuse, such as QR code swapping.
+### getCredentialTrustmark
+A function that generates a signed JWT Trustmark to verify the authenticity of a digital credential. The Trustmark serves as a cryptographic proof linking a credential to a specific wallet instance, ensuring the credential's validity and preventing unauthorized modifications or misuse.
+#### Signature
+```typescript
+function getCredentialTrustmark({
+  walletInstanceAttestation: string,
+  wiaCryptoContext: CryptoContext,
+  credentialType: string,
+  docNumber?: string,
+  expirationTime?: number | string
+}): Promise<{
+  jwt: string,
+  expirationTime: number
+}>
+```
+#### Parameters
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| walletInstanceAttestation | string | Yes | A base64-encoded string containing the Wallet Instance Attestation (WIA). This attestation proves the authenticity of the wallet instance. |
+| wiaCryptoContext | CryptoContext | Yes | The cryptographic context associated with the wallet instance. Must contain the same key pair used to generate the WIA. |
+| credentialType | string | Yes | Identifier for the type of credential (e.g., "MDL" for Mobile Driver's License). |
+| docNumber | string | No | The document number of the credential. If provided, it will be obfuscated in the Trustmark for privacy. |
+| expirationTime | number \| string | No | Specifies when the Trustmark expires. Can be either:<br>- A timestamp in seconds<br>- A time span string (e.g., "2m" for 2 minutes)<br>Default: "2m" |
+#### Return Value
+Returns a Promise that resolves to an object containing:
+| Property | Type | Description |
+|----------|------|-------------|
+| jwt | string | The signed trustmark JWT string |
+| expirationTime | number | The expiration timestamp of the JWT in seconds |
+## Example
+```typescript
+// Required inputs
+const walletInstanceAttestation = "base64AttestationString";
+const credentialType = "MDL"; // Credential type (e.g., Mobile Driver's License)
+const documentNumber = "AB123456"; // Optional document number
+const cryptoContext = createCryptoContextFor("wiaKeyTag"); // Sample crypto context
+// Generate the TrustMark JWT
+const { jwt, expirationTime } = await getCredentialTrustmark({
+  walletInstanceAttestation: "eyJ0eXAi...", // WIA JWT
+  wiaCryptoContext: cryptoContext,
+  credentialType: "IdentityCard",
+  docNumber: "AB123456",
+  expirationTime: "5m", // 5 minutes
+});
+console.log("Generated TrustMark JWT:", jwt);
+console.log("Expires at:", new Date(expirationTime * 1000));
+```