npm - @pagopa/io-react-native-wallet - Versions diffs - 1.7.1 → 2.0.0-next.0 - Mend

@pagopa/io-react-native-wallet 1.7.1 → 2.0.0-next.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (438) hide show

package/lib/commonjs/credential/status/02-status-attestation.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_misc","require","_ioReactNativeJwt","_uuid","_types","_errors","_logging","statusAttestation","issuerConf","credential","credentialCryptoContext","appFetch","arguments","length","undefined","fetch","jwk","getPublicKey","credentialHash","getCredentialHashWithouDiscloures","statusAttUrl","openid_credential_issuer","status_attestation_endpoint","credentialPop","SignJWT","setPayload","aud","jti","uuidv4","toString","credential_hash","credential_hash_alg","setProtectedHeader","alg","typ","kid","setIssuedAt","setExpirationTime","sign","body","credential_pop","Logger","log","LogLevel","DEBUG","result","method","headers","JSON","stringify","then","hasStatusOrThrow","raw","json","StatusAttestationResponse","parse","catch","handleStatusAttestationError","status_attestation","exports","e","UnexpectedStatusCodeError","ResponseErrorBuilder","IssuerResponseError","handle","code","IssuerResponseErrorCodes","CredentialInvalidStatus","message","StatusAttestationRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/status/02-status-attestation.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAMA,IAAAC,iBAAA,GAAAD,OAAA;AACA,IAAAE,KAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAMA,IAAAK,QAAA,GAAAL,OAAA;AAWA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMM,iBAAoC,GAAG,eAAAA,CAClDC,UAAU,EACVC,UAAU,EACVC,uBAAuB,EAEpB;EAAA,IADHC,QAA8B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAEtC,MAAMC,GAAG,GAAG,MAAMN,uBAAuB,CAACO,YAAY,CAAC,CAAC;EACxD,MAAMC,cAAc,GAAG,MAAM,IAAAC,uCAAiC,EAACV,UAAU,CAAC;EAC1E,MAAMW,YAAY,GAChBZ,UAAU,CAACa,wBAAwB,CAACC,2BAA2B;EACjE,MAAMC,aAAa,GAAG,MAAM,IAAIC,yBAAO,CAACd,uBAAuB,CAAC,CAC7De,UAAU,CAAC;IACVC,GAAG,EAAEN,YAAY;IACjBO,GAAG,EAAE,IAAAC,QAAM,EAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;IACxBC,eAAe,EAAEZ,cAAc;IAC/Ba,mBAAmB,EAAE;EACvB,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,gCAAgC;IACrCC,GAAG,EAAEnB,GAAG,CAACmB;EACX,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,IAAI,GAAG;IACXC,cAAc,EAAEjB;EAClB,CAAC;EAEDkB,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAG,mBAAkBrB,aAAc,EAAC,CAAC;EAE9D,MAAMsB,MAAM,GAAG,MAAMlC,QAAQ,CAACS,YAAY,EAAE;IAC1C0B,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDR,IAAI,EAAES,IAAI,CAACC,SAAS,CAACV,IAAI;EAC3B,CAAC,CAAC,CACCW,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAAEG,IAAI,IAAKC,gCAAyB,CAACC,KAAK,CAACF,IAAI,CAAC,CAAC,CACrDG,KAAK,CAACC,4BAA4B,CAAC;EAEtC,OAAO;IAAElD,iBAAiB,EAAEsC,MAAM,CAACa;EAAmB,CAAC;AACzD,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AALAC,OAAA,CAAApD,iBAAA,GAAAA,iBAAA;AAMA,MAAMkD,4BAA4B,GAAIG,CAAU,IAAK;EACnD,IAAI,EAAEA,CAAC,YAAYC,iCAAyB,CAAC,EAAE;IAC7C,MAAMD,CAAC;EACT;EAEA,MAAM,IAAIE,4BAAoB,CAACC,2BAAmB,CAAC,CAChDC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,gCAAwB,CAACC,uBAAuB;IACtDC,OAAO,EAAE;EACX,CAAC,CAAC,CACDJ,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,gCAAwB,CAACG,8BAA8B;IAC7DD,OAAO,EAAG;EACZ,CAAC,CAAC,CACDE,SAAS,CAACV,CAAC,CAAC;AACjB,CAAC"}

package/lib/commonjs/credential/status/03-verify-and-parse-status-attestation.js ADDED Viewed

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.verifyAndParseStatusAttestation = void 0;
+var _errors = require("../../utils/errors");
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _types = require("./types");
+var _logging = require("../../utils/logging");
+/**
+ * Given a status attestation, verifies that:
+ * - It's in the supported format;
+ * - The attestation is correctly signed;
+ * - It's bound to the given key.
+ * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
+ * @param statusAttestation The encoded status attestation returned by {@link statusAttestation}
+ * @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
+ * @returns A parsed status attestation
+ * @throws {IoWalletError} If the credential signature is not verified with the Issuer key set
+ * @throws {IoWalletError} If the credential is not bound to the provided user key
+ * @throws {IoWalletError} If the credential data fail to parse
+ */
+const verifyAndParseStatusAttestation = async (issuerConf, rawStatusAttestation, context) => {
+  try {
+    const {
+      statusAttestation
+    } = rawStatusAttestation;
+    const {
+      credentialCryptoContext
+    } = context;
+    await (0, _ioReactNativeJwt.verify)(statusAttestation, issuerConf.openid_credential_issuer.jwks.keys);
+    const decodedJwt = (0, _ioReactNativeJwt.decode)(statusAttestation);
+    const parsedStatusAttestation = _types.ParsedStatusAttestation.parse({
+      header: decodedJwt.protectedHeader,
+      payload: decodedJwt.payload
+    });
+    _logging.Logger.log(_logging.LogLevel.DEBUG, `Parsed status attestation: ${JSON.stringify(parsedStatusAttestation)}`);
+    const holderBindingKey = await credentialCryptoContext.getPublicKey();
+    const {
+      cnf
+    } = parsedStatusAttestation.payload;
+    if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
+      _logging.Logger.log(_logging.LogLevel.ERROR, `Failed to verify holder binding for status attestation, expected kid: ${holderBindingKey.kid}, got: ${parsedStatusAttestation.payload.cnf.jwk.kid}`);
+      throw new _errors.IoWalletError(`Failed to verify holder binding for status attestation, expected kid: ${holderBindingKey.kid}, got: ${parsedStatusAttestation.payload.cnf.jwk.kid}`);
+    }
+    return {
+      parsedStatusAttestation
+    };
+  } catch (e) {
+    throw new _errors.IoWalletError(`Failed to verify status attestation: ${JSON.stringify(e)}`);
+  }
+};
+exports.verifyAndParseStatusAttestation = verifyAndParseStatusAttestation;
+//# sourceMappingURL=03-verify-and-parse-status-attestation.js.map

package/lib/commonjs/credential/status/03-verify-and-parse-status-attestation.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_errors","require","_ioReactNativeJwt","_types","_logging","verifyAndParseStatusAttestation","issuerConf","rawStatusAttestation","context","statusAttestation","credentialCryptoContext","verify","openid_credential_issuer","jwks","keys","decodedJwt","decodeJwt","parsedStatusAttestation","ParsedStatusAttestation","parse","header","protectedHeader","payload","Logger","log","LogLevel","DEBUG","JSON","stringify","holderBindingKey","getPublicKey","cnf","jwk","kid","ERROR","IoWalletError","e","exports"],"sourceRoot":"../../../../src","sources":["credential/status/03-verify-and-parse-status-attestation.ts"],"mappings":";;;;;;AACA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,iBAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AAEA,IAAAG,QAAA,GAAAH,OAAA;AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMI,+BAAgE,GAC3E,MAAAA,CAAOC,UAAU,EAAEC,oBAAoB,EAAEC,OAAO,KAAK;EACnD,IAAI;IACF,MAAM;MAAEC;IAAkB,CAAC,GAAGF,oBAAoB;IAClD,MAAM;MAAEG;IAAwB,CAAC,GAAGF,OAAO;IAE3C,MAAM,IAAAG,wBAAM,EACVF,iBAAiB,EACjBH,UAAU,CAACM,wBAAwB,CAACC,IAAI,CAACC,IAC3C,CAAC;IAED,MAAMC,UAAU,GAAG,IAAAC,wBAAS,EAACP,iBAAiB,CAAC;IAC/C,MAAMQ,uBAAuB,GAAGC,8BAAuB,CAACC,KAAK,CAAC;MAC5DC,MAAM,EAAEL,UAAU,CAACM,eAAe;MAClCC,OAAO,EAAEP,UAAU,CAACO;IACtB,CAAC,CAAC;IAEFC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,8BAA6BC,IAAI,CAACC,SAAS,CAACX,uBAAuB,CAAE,EACxE,CAAC;IAED,MAAMY,gBAAgB,GAAG,MAAMnB,uBAAuB,CAACoB,YAAY,CAAC,CAAC;IACrE,MAAM;MAAEC;IAAI,CAAC,GAAGd,uBAAuB,CAACK,OAAO;IAC/C,IAAI,CAACS,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKJ,gBAAgB,CAACI,GAAG,EAAE;MACxDV,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACS,KAAK,EACb,yEAAwEL,gBAAgB,CAACI,GAAI,UAAShB,uBAAuB,CAACK,OAAO,CAACS,GAAG,CAACC,GAAG,CAACC,GAAI,EACrJ,CAAC;MACD,MAAM,IAAIE,qBAAa,CACpB,yEAAwEN,gBAAgB,CAACI,GAAI,UAAShB,uBAAuB,CAACK,OAAO,CAACS,GAAG,CAACC,GAAG,CAACC,GAAI,EACrJ,CAAC;IACH;IAEA,OAAO;MAAEhB;IAAwB,CAAC;EACpC,CAAC,CAAC,OAAOmB,CAAC,EAAE;IACV,MAAM,IAAID,qBAAa,CACpB,wCAAuCR,IAAI,CAACC,SAAS,CAACQ,CAAC,CAAE,EAC5D,CAAC;EACH;AACF,CAAC;AAACC,OAAA,CAAAhC,+BAAA,GAAAA,+BAAA"}

package/lib/commonjs/credential/status/README.md ADDED Viewed

@@ -0,0 +1,67 @@
+# Credential Status Attestation
+This flow is used to obtain a credential status attestation from its credential issuer. Each step in the flow is imported from the related file which is named with a sequential number.
+The credential status attestation is a JWT which contains the credential status which indicates if the credential is valid or not.
+The status attestation is supposed to be stored securely along with the credential. It has a limited lifetime and should be refreshed periodically according to the `exp` field in the JWT payload.
+## Sequence Diagram
+```mermaid
+graph TD;
+    0[startFlow]
+    1[statusAttestation]
+    2[verifyAndParseStatusAttestation]
+    0 --> 1
+    1 --> 2
+```
+## Mapped results
+The following errors are mapped to a `IssuerResponseError` with specific codes.
+|HTTP Status|Error Code|Description|
+|-----------|----------|-----------|
+|`404 Not Found`|`ERR_CREDENTIAL_INVALID_STATUS`|This response is returned by the credential issuer when the status attestation is invalid. It might contain more details in the `reason` property.|
+## Example
+<details>
+  <summary>Credential status attestation flow</summary>
+```ts
+// Start the issuance flow
+const credentialIssuerUrl = "https://issuer.example.com";
+const startFlow: Credential.Status.StartFlow = () => ({
+  issuerUrl: credentialIssuerUrl, // Let's assum
+});
+const { issuerUrl } = startFlow();
+// Evaluate issuer trust
+const { issuerConf } = await Credential.Status.evaluateIssuerTrust(issuerUrl);
+// Get the credential attestation
+const res = await Credential.Status.statusAttestation(
+  issuerConf,
+  credential,
+  credentialCryptoContext
+);
+// Verify and parse the status attestation
+const { parsedStatusAttestation } =
+  await Credential.Status.verifyAndParseStatusAttestation(
+    issuerConf,
+    res.statusAttestation,
+    { credentialCryptoContext }
+  );
+return {
+  statusAttestation: res.statusAttestation,
+  parsedStatusAttestation,
+  credentialType,
+};
+```
+</details>

package/lib/commonjs/credential/status/index.js ADDED Viewed

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+Object.defineProperty(exports, "evaluateIssuerTrust", {
+  enumerable: true,
+  get: function () {
+    return _issuance.evaluateIssuerTrust;
+  }
+});
+Object.defineProperty(exports, "statusAttestation", {
+  enumerable: true,
+  get: function () {
+    return _statusAttestation.statusAttestation;
+  }
+});
+Object.defineProperty(exports, "verifyAndParseStatusAttestation", {
+  enumerable: true,
+  get: function () {
+    return _verifyAndParseStatusAttestation.verifyAndParseStatusAttestation;
+  }
+});
+var _statusAttestation = require("./02-status-attestation");
+var _issuance = require("../issuance");
+var _verifyAndParseStatusAttestation = require("./03-verify-and-parse-status-attestation");
+//# sourceMappingURL=index.js.map

package/lib/commonjs/credential/status/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"names":["_statusAttestation","require","_issuance","_verifyAndParseStatusAttestation"],"sourceRoot":"../../../../src","sources":["credential/status/index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AACA,IAAAA,kBAAA,GAAAC,OAAA;AAIA,IAAAC,SAAA,GAAAD,OAAA;AACA,IAAAE,gCAAA,GAAAF,OAAA"}

package/lib/commonjs/credential/status/types.js ADDED Viewed

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.StatusAttestationResponse = exports.ParsedStatusAttestation = void 0;
+var _types = require("../../sd-jwt/types");
+var _jwk = require("../../utils/jwk");
+var z = _interopRequireWildcard(require("zod"));
+function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
+function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+/**
+ * Shape from parsing a status attestation response in case of 201.
+ */
+const StatusAttestationResponse = z.object({
+  status_attestation: z.string()
+});
+/**
+ * Type from parsing a status attestation response in case of 201.
+ * Inferred from {@link StatusAttestationResponse}.
+ */
+/**
+ * Type for a parsed status attestation.
+ */
+exports.StatusAttestationResponse = StatusAttestationResponse;
+/**
+ * Shape for parsing a status attestation in a JWT.
+ */
+const ParsedStatusAttestation = z.object({
+  header: z.object({
+    typ: z.literal("status-attestation+jwt"),
+    alg: z.string(),
+    kid: z.string().optional()
+  }),
+  payload: z.object({
+    credential_hash_alg: z.string(),
+    credential_hash: z.string(),
+    cnf: z.object({
+      jwk: _jwk.JWK
+    }),
+    exp: _types.UnixTime,
+    iat: _types.UnixTime
+  })
+});
+exports.ParsedStatusAttestation = ParsedStatusAttestation;
+//# sourceMappingURL=types.js.map

package/lib/commonjs/credential/status/types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_types","require","_jwk","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","StatusAttestationResponse","object","status_attestation","string","exports","ParsedStatusAttestation","header","typ","literal","alg","kid","optional","payload","credential_hash_alg","credential_hash","cnf","jwk","JWK","exp","UnixTime","iat"],"sourceRoot":"../../../../src","sources":["credential/status/types.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,CAAA,GAAAC,uBAAA,CAAAH,OAAA;AAAyB,SAAAI,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEzB;AACA;AACA;AACO,MAAMW,yBAAyB,GAAGxB,CAAC,CAACyB,MAAM,CAAC;EAChDC,kBAAkB,EAAE1B,CAAC,CAAC2B,MAAM,CAAC;AAC/B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAKA;AACA;AACA;AAFAC,OAAA,CAAAJ,yBAAA,GAAAA,yBAAA;AAKA;AACA;AACA;AACO,MAAMK,uBAAuB,GAAG7B,CAAC,CAACyB,MAAM,CAAC;EAC9CK,MAAM,EAAE9B,CAAC,CAACyB,MAAM,CAAC;IACfM,GAAG,EAAE/B,CAAC,CAACgC,OAAO,CAAC,wBAAwB,CAAC;IACxCC,GAAG,EAAEjC,CAAC,CAAC2B,MAAM,CAAC,CAAC;IACfO,GAAG,EAAElC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACQ,QAAQ,CAAC;EAC3B,CAAC,CAAC;EACFC,OAAO,EAAEpC,CAAC,CAACyB,MAAM,CAAC;IAChBY,mBAAmB,EAAErC,CAAC,CAAC2B,MAAM,CAAC,CAAC;IAC/BW,eAAe,EAAEtC,CAAC,CAAC2B,MAAM,CAAC,CAAC;IAC3BY,GAAG,EAAEvC,CAAC,CAACyB,MAAM,CAAC;MACZe,GAAG,EAAEC;IACP,CAAC,CAAC;IACFC,GAAG,EAAEC,eAAQ;IACbC,GAAG,EAAED;EACP,CAAC;AACH,CAAC,CAAC;AAACf,OAAA,CAAAC,uBAAA,GAAAA,uBAAA"}

package/lib/commonjs/credential/trustmark/README.md ADDED Viewed

@@ -0,0 +1,62 @@
+# Credential Trustmark
+A credential TrustMark is a signed JWT that verifies the authenticity of a credential issued by a trusted source. It serves as proof that a credential is valid and linked to a specific wallet instance.
+The TrustMark is often presented as a QR code, containing cryptographic data to ensure it hasn't been tampered with. It includes fields like issuer, issuance and expiration timestamps, and credential-specific details. TrustMarks have a short validity period and are used to enhance security and prevent misuse, such as QR code swapping.
+### getCredentialTrustmark
+A function that generates a signed JWT Trustmark to verify the authenticity of a digital credential. The Trustmark serves as a cryptographic proof linking a credential to a specific wallet instance, ensuring the credential's validity and preventing unauthorized modifications or misuse.
+#### Signature
+```typescript
+function getCredentialTrustmark({
+  walletInstanceAttestation: string,
+  wiaCryptoContext: CryptoContext,
+  credentialType: string,
+  docNumber?: string,
+  expirationTime?: number | string
+}): Promise<{
+  jwt: string,
+  expirationTime: number
+}>
+```
+#### Parameters
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| walletInstanceAttestation | string | Yes | A base64-encoded string containing the Wallet Instance Attestation (WIA). This attestation proves the authenticity of the wallet instance. |
+| wiaCryptoContext | CryptoContext | Yes | The cryptographic context associated with the wallet instance. Must contain the same key pair used to generate the WIA. |
+| credentialType | string | Yes | Identifier for the type of credential (e.g., "MDL" for Mobile Driver's License). |
+| docNumber | string | No | The document number of the credential. If provided, it will be obfuscated in the Trustmark for privacy. |
+| expirationTime | number \| string | No | Specifies when the Trustmark expires. Can be either:<br>- A timestamp in seconds<br>- A time span string (e.g., "2m" for 2 minutes)<br>Default: "2m" |
+#### Return Value
+Returns a Promise that resolves to an object containing:
+| Property | Type | Description |
+|----------|------|-------------|
+| jwt | string | The signed trustmark JWT string |
+| expirationTime | number | The expiration timestamp of the JWT in seconds |
+## Example
+```typescript
+// Required inputs
+const walletInstanceAttestation = "base64AttestationString";
+const credentialType = "MDL"; // Credential type (e.g., Mobile Driver's License)
+const documentNumber = "AB123456"; // Optional document number
+const cryptoContext = createCryptoContextFor("wiaKeyTag"); // Sample crypto context
+// Generate the TrustMark JWT
+const { jwt, expirationTime } = await getCredentialTrustmark({
+  walletInstanceAttestation: "eyJ0eXAi...", // WIA JWT
+  wiaCryptoContext: cryptoContext,
+  credentialType: "IdentityCard",
+  docNumber: "AB123456",
+  expirationTime: "5m", // 5 minutes
+});
+console.log("Generated TrustMark JWT:", jwt);
+console.log("Expires at:", new Date(expirationTime * 1000));
+```

package/lib/commonjs/credential/trustmark/get-credential-trustmark.js ADDED Viewed

@@ -0,0 +1,86 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.getCredentialTrustmark = void 0;
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var WalletInstanceAttestation = _interopRequireWildcard(require("../../wallet-instance-attestation"));
+var _errors = require("../../utils/errors");
+var _string = require("../../utils/string");
+var _logging = require("../../utils/logging");
+function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
+function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
+/**
+ * Generates a trustmark signed JWT, which is used to verify the authenticity of a credential.
+ * The public key used to sign the trustmark must the same used for the Wallet Instance Attestation.
+ *
+ * @param walletInstanceAttestation the Wallet Instance's attestation
+ * @param wiaCryptoContext The Wallet Instance's crypto context associated with the walletInstanceAttestation parameter
+ * @param credentialType The type of credential for which the trustmark is generated
+ * @param docNumber (Optional) Document number contained in the credential, if applicable
+ * @param expirationTime (Optional) Expiration time for the trustmark, default is 2 minutes.
+ *                        If a number is provided, it is interpreted as a timestamp in seconds.
+ *                        If a string is provided, it is interpreted as a time span and added to the current timestamp.
+ * @throws {IoWalletError} If the WIA is expired
+ * @throws {IoWalletError} If the public key associated to the WIA is not the same for the CryptoContext
+ * @throws {JWSSignatureVerificationFailed} If the WIA signature is not valid
+ * @returns A promise containing the signed JWT and its expiration time in seconds
+ */
+const getCredentialTrustmark = async _ref => {
+  let {
+    walletInstanceAttestation,
+    wiaCryptoContext,
+    credentialType,
+    docNumber,
+    expirationTime = "2m"
+  } = _ref;
+  /**
+   * Check that the public key used to sign the trustmark is the one used for the WIA
+   */
+  const holderBindingKey = await wiaCryptoContext.getPublicKey();
+  const decodedWia = WalletInstanceAttestation.decode(walletInstanceAttestation);
+  _logging.Logger.log(_logging.LogLevel.DEBUG, `Decoded wia ${JSON.stringify(decodedWia.payload)} with holder binding key ${JSON.stringify(holderBindingKey)}`);
+  /**
+   * Check that the WIA is not expired
+   */
+  if (decodedWia.payload.exp * 1000 < Date.now()) {
+    _logging.Logger.log(_logging.LogLevel.ERROR, `Wallet Instance Attestation expired with exp: ${decodedWia.payload.exp}`);
+    throw new _errors.IoWalletError("Wallet Instance Attestation expired");
+  }
+  /**
+   * Verify holder binding by comparing thumbprints of the WIA and the CryptoContext key
+   */
+  const wiaThumbprint = await (0, _ioReactNativeJwt.thumbprint)(decodedWia.payload.cnf.jwk);
+  const cryptoContextThumbprint = await (0, _ioReactNativeJwt.thumbprint)(holderBindingKey);
+  if (wiaThumbprint !== cryptoContextThumbprint) {
+    _logging.Logger.log(_logging.LogLevel.ERROR, `Failed to verify holder binding for status attestation, expected thumbprint: ${cryptoContextThumbprint}, got: ${wiaThumbprint}`);
+    throw new _errors.IoWalletError(`Failed to verify holder binding for status attestation, expected thumbprint: ${cryptoContextThumbprint}, got: ${wiaThumbprint}`);
+  }
+  _logging.Logger.log(_logging.LogLevel.DEBUG, `Wia thumbprint: ${wiaThumbprint} CryptoContext thumbprint: ${cryptoContextThumbprint}`);
+  /**
+   * Generate Trustmark signed JWT
+   */
+  const signedTrustmarkJwt = await new _ioReactNativeJwt.SignJWT(wiaCryptoContext).setProtectedHeader({
+    alg: "ES256"
+  }).setPayload({
+    iss: walletInstanceAttestation,
+    /**
+     * If present, the document number is obfuscated before adding it to the payload
+     */
+    ...(docNumber ? {
+      sub: (0, _string.obfuscateString)(docNumber)
+    } : {}),
+    subtyp: credentialType
+  }).setIssuedAt().setExpirationTime(expirationTime).sign();
+  const decodedTrustmark = (0, _ioReactNativeJwt.decode)(signedTrustmarkJwt);
+  return {
+    jwt: signedTrustmarkJwt,
+    expirationTime: decodedTrustmark.payload.exp ?? 0
+  };
+};
+exports.getCredentialTrustmark = getCredentialTrustmark;
+//# sourceMappingURL=get-credential-trustmark.js.map

package/lib/commonjs/credential/trustmark/get-credential-trustmark.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_ioReactNativeJwt","require","WalletInstanceAttestation","_interopRequireWildcard","_errors","_string","_logging","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","getCredentialTrustmark","_ref","walletInstanceAttestation","wiaCryptoContext","credentialType","docNumber","expirationTime","holderBindingKey","getPublicKey","decodedWia","decode","Logger","log","LogLevel","DEBUG","JSON","stringify","payload","exp","Date","now","ERROR","IoWalletError","wiaThumbprint","thumbprint","cnf","jwk","cryptoContextThumbprint","signedTrustmarkJwt","SignJWT","setProtectedHeader","alg","setPayload","iss","sub","obfuscateString","subtyp","setIssuedAt","setExpirationTime","sign","decodedTrustmark","decodeJwt","jwt","exports"],"sourceRoot":"../../../../src","sources":["credential/trustmark/get-credential-trustmark.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAMA,IAAAC,yBAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AAAuD,SAAAM,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAL,wBAAAS,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAoCvD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMW,sBAAiD,GAAG,MAAAC,IAAA,IAM3D;EAAA,IANkE;IACtEC,yBAAyB;IACzBC,gBAAgB;IAChBC,cAAc;IACdC,SAAS;IACTC,cAAc,GAAG;EACnB,CAAC,GAAAL,IAAA;EACC;AACF;AACA;EACE,MAAMM,gBAAgB,GAAG,MAAMJ,gBAAgB,CAACK,YAAY,CAAC,CAAC;EAC9D,MAAMC,UAAU,GAAGpC,yBAAyB,CAACqC,MAAM,CACjDR,yBACF,CAAC;EAEDS,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,eAAcC,IAAI,CAACC,SAAS,CAACP,UAAU,CAACQ,OAAO,CAAE,4BAA2BF,IAAI,CAACC,SAAS,CAACT,gBAAgB,CAAE,EAChH,CAAC;;EAED;AACF;AACA;EACE,IAAIE,UAAU,CAACQ,OAAO,CAACC,GAAG,GAAG,IAAI,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC,EAAE;IAC9CT,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACQ,KAAK,EACb,iDAAgDZ,UAAU,CAACQ,OAAO,CAACC,GAAI,EAC1E,CAAC;IACD,MAAM,IAAII,qBAAa,CAAC,qCAAqC,CAAC;EAChE;;EAEA;AACF;AACA;EACE,MAAMC,aAAa,GAAG,MAAM,IAAAC,4BAAU,EAACf,UAAU,CAACQ,OAAO,CAACQ,GAAG,CAACC,GAAG,CAAC;EAClE,MAAMC,uBAAuB,GAAG,MAAM,IAAAH,4BAAU,EAACjB,gBAAgB,CAAC;EAElE,IAAIgB,aAAa,KAAKI,uBAAuB,EAAE;IAC7ChB,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACQ,KAAK,EACb,gFAA+EM,uBAAwB,UAASJ,aAAc,EACjI,CAAC;IACD,MAAM,IAAID,qBAAa,CACpB,gFAA+EK,uBAAwB,UAASJ,aAAc,EACjI,CAAC;EACH;EAEAZ,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,mBAAkBS,aAAc,8BAA6BI,uBAAwB,EACxF,CAAC;;EAED;AACF;AACA;EACE,MAAMC,kBAAkB,GAAG,MAAM,IAAIC,yBAAO,CAAC1B,gBAAgB,CAAC,CAC3D2B,kBAAkB,CAAC;IAClBC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,GAAG,EAAE/B,yBAAyB;IAC9B;AACN;AACA;IACM,IAAIG,SAAS,GAAG;MAAE6B,GAAG,EAAE,IAAAC,uBAAe,EAAC9B,SAAS;IAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzD+B,MAAM,EAAEhC;EACV,CAAC,CAAC,CACDiC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAChC,cAAc,CAAC,CACjCiC,IAAI,CAAC,CAAC;EAET,MAAMC,gBAAgB,GAAG,IAAAC,wBAAS,EAACb,kBAAkB,CAAC;EAEtD,OAAO;IACLc,GAAG,EAAEd,kBAAkB;IACvBtB,cAAc,EAAEkC,gBAAgB,CAACvB,OAAO,CAACC,GAAG,IAAI;EAClD,CAAC;AACH,CAAC;AAACyB,OAAA,CAAA3C,sBAAA,GAAAA,sBAAA"}

package/lib/commonjs/credential/trustmark/index.js ADDED Viewed

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+Object.defineProperty(exports, "getCredentialTrustmark", {
+  enumerable: true,
+  get: function () {
+    return _getCredentialTrustmark.getCredentialTrustmark;
+  }
+});
+var _getCredentialTrustmark = require("./get-credential-trustmark");
+//# sourceMappingURL=index.js.map

package/lib/commonjs/credential/trustmark/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"names":["_getCredentialTrustmark","require"],"sourceRoot":"../../../../src","sources":["credential/trustmark/index.ts"],"mappings":";;;;;;;;;;;AAAA,IAAAA,uBAAA,GAAAC,OAAA"}

package/lib/commonjs/index.js CHANGED Viewed

@@ -15,7 +15,7 @@ Object.defineProperty(exports, "AuthorizationDetails", {
     return _par.AuthorizationDetails;
   }
 });
-exports.WalletInstanceAttestation = exports.WalletInstance = exports.SdJwt = exports.PID = exports.Errors = exports.Credential = void 0;
+exports.WalletInstanceAttestation = exports.WalletInstance = exports.Trust = exports.SdJwt = exports.PID = exports.Logging = exports.Errors = exports.Credential = void 0;
 Object.defineProperty(exports, "createCryptoContextFor", {
   enumerable: true,
   get: function () {
@@ -40,8 +40,12 @@ var Errors = _interopRequireWildcard(require("./utils/errors"));
 exports.Errors = Errors;
 var WalletInstanceAttestation = _interopRequireWildcard(require("./wallet-instance-attestation"));
 exports.WalletInstanceAttestation = WalletInstanceAttestation;
+var Trust = _interopRequireWildcard(require("./trust"));
+exports.Trust = Trust;
 var WalletInstance = _interopRequireWildcard(require("./wallet-instance"));
 exports.WalletInstance = WalletInstance;
+var Logging = _interopRequireWildcard(require("./utils/logging"));
+exports.Logging = Logging;
 var _par = require("./utils/par");
 var _crypto = require("./utils/crypto");
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }

package/lib/commonjs/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["_jwk","require","Credential","_interopRequireWildcard","exports","PID","SdJwt","Errors","WalletInstanceAttestation","WalletInstance","_par","_crypto","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,IAAAA,IAAA,GAAAC,OAAA;AAGAA,OAAA;AAEA,IAAAC,UAAA,GAAAC,uBAAA,CAAAF,OAAA;AAA2CG,OAAA,CAAAF,UAAA,GAAAA,UAAA;AAC3C,IAAAG,GAAA,GAAAF,uBAAA,CAAAF,OAAA;AAA6BG,OAAA,CAAAC,GAAA,GAAAA,GAAA;AAC7B,IAAAC,KAAA,GAAAH,uBAAA,CAAAF,OAAA;AAAkCG,OAAA,CAAAE,KAAA,GAAAA,KAAA;AAClC,IAAAC,MAAA,GAAAJ,uBAAA,CAAAF,OAAA;AAAyCG,OAAA,CAAAG,MAAA,GAAAA,MAAA;AACzC,IAAAC,yBAAA,GAAAL,uBAAA,CAAAF,OAAA;AAA2EG,OAAA,CAAAI,yBAAA,GAAAA,yBAAA;AAC3E,IAAAC,~~cAAA~~,GAAAN,uBAAA,CAAAF,OAAA;~~AAAoDG~~,OAAA,CAAAK,cAAA,GAAAA,cAAA;AACpD,IAAAC,IAAA,~~GAAAT~~,OAAA;AACA,~~IAAAU~~,OAAA,~~GAAAV~~,OAAA;AAAwD,~~SAAAW~~,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,~~SAAAV~~,~~wBAAAc~~,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}
1	+ {"version":3,"names":["_jwk","require","Credential","_interopRequireWildcard","exports","PID","SdJwt","Errors","WalletInstanceAttestation","Trust","WalletInstance","Logging","_par","_crypto","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,IAAAA,IAAA,GAAAC,OAAA;AAGAA,OAAA;AAEA,IAAAC,UAAA,GAAAC,uBAAA,CAAAF,OAAA;AAA2CG,OAAA,CAAAF,UAAA,GAAAA,UAAA;AAC3C,IAAAG,GAAA,GAAAF,uBAAA,CAAAF,OAAA;AAA6BG,OAAA,CAAAC,GAAA,GAAAA,GAAA;AAC7B,IAAAC,KAAA,GAAAH,uBAAA,CAAAF,OAAA;AAAkCG,OAAA,CAAAE,KAAA,GAAAA,KAAA;AAClC,IAAAC,MAAA,GAAAJ,uBAAA,CAAAF,OAAA;AAAyCG,OAAA,CAAAG,MAAA,GAAAA,MAAA;AACzC,IAAAC,yBAAA,GAAAL,uBAAA,CAAAF,OAAA;AAA2EG,OAAA,CAAAI,yBAAA,GAAAA,yBAAA;AAC3E,IAAAC,KAAA,GAAAN,uBAAA,CAAAF,OAAA;AAAiCG,OAAA,CAAAK,KAAA,GAAAA,KAAA;AACjC,IAAAC,cAAA,GAAAP,uBAAA,CAAAF,OAAA;AAAoDG,OAAA,CAAAM,cAAA,GAAAA,cAAA;AACpD,IAAAC,OAAA,GAAAR,uBAAA,CAAAF,OAAA;AAA2CG,OAAA,CAAAO,OAAA,GAAAA,OAAA;AAC3C,IAAAC,IAAA,GAAAX,OAAA;AACA,IAAAY,OAAA,GAAAZ,OAAA;AAAwD,SAAAa,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAZ,wBAAAgB,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}

package/lib/commonjs/pid/sd-jwt/types.js CHANGED Viewed

@@ -5,7 +5,23 @@ Object.defineProperty(exports, "__esModule", {
 });
 exports.PID = void 0;
 var _zod = require("zod");
-var _types = require("../../sd-jwt/types");
+const VerificationEvidence = _zod.z.object({
+  type: _zod.z.string(),
+  record: _zod.z.object({
+    type: _zod.z.string(),
+    source: _zod.z.object({
+      organization_name: _zod.z.string(),
+      organization_id: _zod.z.string(),
+      country_code: _zod.z.string()
+    })
+  })
+});
+const Verification = _zod.z.object({
+  trustFramework: _zod.z.literal("eidas"),
+  assuranceLevel: _zod.z.string(),
+  evidence: _zod.z.array(VerificationEvidence)
+});
 /**
  * Data structure for the PID.
  * It contains PID claims in plain text as well as verification data with the issuer's information
@@ -17,7 +33,7 @@ const PID = _zod.z.object({
   issuer: _zod.z.string(),
   issuedAt: _zod.z.date(),
   expiration: _zod.z.date(),
-  verification: _types.Verification.optional(),
+  verification: Verification.optional(),
   claims: _zod.z.object({
     uniqueId: _zod.z.string(),
     givenName: _zod.z.string(),

package/lib/commonjs/pid/sd-jwt/types.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["_zod","require","~~_types~~","~~PID","~~z","object","~~issuer~~","string","issuedAt","date","expiration","verification","~~Verification","~~optional","claims","uniqueId","givenName","familyName","birthDate","placeOfBirth","country","locality","taxIdCode","exports"],"sourceRoot":"../../../../src","sources":["pid/sd-jwt/types.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;~~AACA~~,~~IAAAC~~,~~MAAA~~,~~GAAAD~~,~~OAAA~~;~~AAEA~~;AACA;AACA;AACA;AACA;AACA;;AAEO,~~MAAME~~,GAAG,~~GAAGC~~,MAAC,CAACC,MAAM,CAAC;~~EAC1BC~~,MAAM,~~EAAEF~~,MAAC,CAACG,MAAM,CAAC,CAAC;~~EAClBC~~,QAAQ,~~EAAEJ~~,MAAC,~~CAACK~~,IAAI,CAAC,CAAC;EAClBC,UAAU,~~EAAEN~~,MAAC,~~CAACK~~,IAAI,CAAC,CAAC;EACpBE,YAAY,~~EAAEC~~,~~mBAAY~~,~~CAACC~~,QAAQ,CAAC,CAAC;EACrCC,MAAM,~~EAAEV~~,MAAC,CAACC,MAAM,CAAC;~~IACfU~~,QAAQ,~~EAAEX~~,MAAC,CAACG,MAAM,CAAC,CAAC;~~IACpBS~~,SAAS,~~EAAEZ~~,MAAC,CAACG,MAAM,CAAC,CAAC;~~IACrBU~~,UAAU,~~EAAEb~~,MAAC,CAACG,MAAM,CAAC,CAAC;~~IACtBW~~,SAAS,~~EAAEd~~,MAAC,CAACG,MAAM,CAAC,CAAC;~~IACrBY~~,YAAY,~~EAAEf~~,MAAC,CACZC,MAAM,CAAC;~~MACNe~~,OAAO,~~EAAEhB~~,MAAC,CAACG,MAAM,CAAC,CAAC;~~MACnBc~~,QAAQ,~~EAAEjB~~,MAAC,CAACG,MAAM,CAAC;IACrB,CAAC,CAAC,~~CACDM~~,QAAQ,CAAC,CAAC;IACbS,SAAS,~~EAAElB~~,MAAC,CAACG,MAAM,CAAC;EACtB,CAAC;AACH,CAAC,CAAC;~~AAACgB~~,OAAA,~~CAAApB~~,GAAA,GAAAA,GAAA"}
1	+ {"version":3,"names":["_zod","require","VerificationEvidence","z","object","type","string","record","source","organization_name","organization_id","country_code","Verification","trustFramework","literal","assuranceLevel","evidence","array","PID","issuer","issuedAt","date","expiration","verification","optional","claims","uniqueId","givenName","familyName","birthDate","placeOfBirth","country","locality","taxIdCode","exports"],"sourceRoot":"../../../../src","sources":["pid/sd-jwt/types.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AAEA,MAAMC,oBAAoB,GAAGC,MAAC,CAACC,MAAM,CAAC;EACpCC,IAAI,EAAEF,MAAC,CAACG,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEJ,MAAC,CAACC,MAAM,CAAC;IACfC,IAAI,EAAEF,MAAC,CAACG,MAAM,CAAC,CAAC;IAChBE,MAAM,EAAEL,MAAC,CAACC,MAAM,CAAC;MACfK,iBAAiB,EAAEN,MAAC,CAACG,MAAM,CAAC,CAAC;MAC7BI,eAAe,EAAEP,MAAC,CAACG,MAAM,CAAC,CAAC;MAC3BK,YAAY,EAAER,MAAC,CAACG,MAAM,CAAC;IACzB,CAAC;EACH,CAAC;AACH,CAAC,CAAC;AAEF,MAAMM,YAAY,GAAGT,MAAC,CAACC,MAAM,CAAC;EAC5BS,cAAc,EAAEV,MAAC,CAACW,OAAO,CAAC,OAAO,CAAC;EAClCC,cAAc,EAAEZ,MAAC,CAACG,MAAM,CAAC,CAAC;EAC1BU,QAAQ,EAAEb,MAAC,CAACc,KAAK,CAACf,oBAAoB;AACxC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;;AAEO,MAAMgB,GAAG,GAAGf,MAAC,CAACC,MAAM,CAAC;EAC1Be,MAAM,EAAEhB,MAAC,CAACG,MAAM,CAAC,CAAC;EAClBc,QAAQ,EAAEjB,MAAC,CAACkB,IAAI,CAAC,CAAC;EAClBC,UAAU,EAAEnB,MAAC,CAACkB,IAAI,CAAC,CAAC;EACpBE,YAAY,EAAEX,YAAY,CAACY,QAAQ,CAAC,CAAC;EACrCC,MAAM,EAAEtB,MAAC,CAACC,MAAM,CAAC;IACfsB,QAAQ,EAAEvB,MAAC,CAACG,MAAM,CAAC,CAAC;IACpBqB,SAAS,EAAExB,MAAC,CAACG,MAAM,CAAC,CAAC;IACrBsB,UAAU,EAAEzB,MAAC,CAACG,MAAM,CAAC,CAAC;IACtBuB,SAAS,EAAE1B,MAAC,CAACG,MAAM,CAAC,CAAC;IACrBwB,YAAY,EAAE3B,MAAC,CACZC,MAAM,CAAC;MACN2B,OAAO,EAAE5B,MAAC,CAACG,MAAM,CAAC,CAAC;MACnB0B,QAAQ,EAAE7B,MAAC,CAACG,MAAM,CAAC;IACrB,CAAC,CAAC,CACDkB,QAAQ,CAAC,CAAC;IACbS,SAAS,EAAE9B,MAAC,CAACG,MAAM,CAAC;EACtB,CAAC;AACH,CAAC,CAAC;AAAC4B,OAAA,CAAAhB,GAAA,GAAAA,GAAA"}

package/lib/commonjs/sd-jwt/__test__/index.test.js CHANGED Viewed

@@ -12,47 +12,35 @@ var _types = require("../types");
 //  - payload is taken from the italian specification, but _sd are compiled with:
 //    - "address" is used as verification._sd
 //    - all others disclosures are in claims._sd
-const token = "eyJraWQiOiJvTHZHOHFGeGJZQ2RZRXBGNVdEeEJVYzM1THI1YTgwZ2FtbjZPeU5pSFRjIiwidHlwIjoidmMrc2Qtand0IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJaTGJkSm53Qm1xQks2aVJqZmVmdXNqcjBZMUk1SE11MUllcXJ5TWJGejRnIiwidmN0IjoidXJuOmV1LmV1cm9wYS5lYy5ldWRpOnBpZDoxIiwiZXhwaXJ5X2RhdGUiOiIyMDI2LTA1LTIwIiwiaXNzIjoiaHR0cHM6Ly9hcGkucG90ZW50aWFsLXdhbGxldC1pdC1waWQtcHJvdmlkZXIuaXQiLCJfc2QiOlsiNDNlbk9MQ0xSdnhseDkyTG5QaUxOMTFMR3lIVjJtT1NycmRMa1RfTm1SQSIsIkdkc1hiX0s5ZHh5WWxCd3lCclloSVdVQnlSbFdxRk9IRlVWZ1J3RWZTdjQiLCJJaGgzUFRXbWM0Zk1MQ1FZQVFsN2l5ajRYY3RwbEZOS0VaUDVtQU9BWmo4IiwiTUx0RktpVUdzUDhrMUMxN3hYblZmWFh3emhpUHN0ekx4a2dLWk10YXZ1QSIsIlkxOU9vNFNfVjZEdjZRcGVPcFJSLWxOMmlGeHJ0RzF2WkVVejFKVy1CN2MiLCJ1LWlYMXduZUtja3NDeld6elRkOUZvUTlRUGNoNlhxS2hBZkMyRFZySk9zIiwid1FURHpYcFZpNmlVa01yUW9sNFdpWkpwZkhsS2FoZi1LLWxYZjE4Rll1YyIsInhqZzVNbEpXcDVqVGltdlhzaXZRUmhMVnFlOGNTemFkTVo2MEhrazUzanMiXSwidmN0I2ludGVncml0eSI6IjI0MjMwMmQ5N2QzOGRhMjcxNGEyNTdmMmEyNTNiZjJmYTMwYWFlNWMxMDlmZTk1ODFiZmNkYTNiMWQ3OTdjOTciLCJpc3N1aW5nX2NvdW50cnkiOiJJVCIsIl9zZF9hbGciOiJzaGEtMjU2IiwiaXNzdWluZ19hdXRob3JpdHkiOiJJc3RpdHV0byBQb2xpZ3JhZmljbyBlIFplY2NhIGRlbGxvIFN0YXRvIiwiY25mIjp7Imp3ayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2Iiwia2lkIjoiTTBQYnZkWXNqVmdybWtXTTFfYVpZMk5zYmRMX3ZtckgyODd5TzQzTHF1WSIsIngiOiJfOHBuSVg2LXR6WEpBa0NSNmlhdnNDUVB0aW5ZYkZJeHI3NEYtNnJUejJVIiwieSI6IlJMeE53dHIxZzhIcmI1TlNoajFHYk1XZ0hvUS1DNzBCT3o0LVN5ZERoRmcifX0sImV4cCI6MTc3OTI4MzEyNSwiaWF0IjoxNzQ3NzQ3MTI1LCJ2ZXJpZmljYXRpb24iOnsiZXZpZGVuY2UiOnsibWV0aG9kIjoiY2llIn0sInRydXN0X2ZyYW1ld29yayI6ImVpZGFzIiwiYXNzdXJhbmNlX2xldmVsIjoiaGlnaCJ9LCJzdGF0dXMiOnsic3RhdHVzX2Fzc2VydGlvbiI6eyJjcmVkZW50aWFsX2hhc2hfYWxnIjoic2hhLTI1NiJ9fX0.guNNpF6KeKSowT6WCYvslgaPQbTRhwgqxTdJMPwsBOEkh6A9X2FvU8RMJoalhwXLHLo72bE4-HCvXO803I98JQ~WyItR0wxV1NiMnRWdTVTMDM4OXRFZW9nIiwiZ2l2ZW5fbmFtZSIsIk1BUklBIl0~WyJqSHYzdEFQNTNyRGxSbXVsdlo0Z2hBIiwiZmFtaWx5X25hbWUiLCJTUEVDSU1FTiJd~WyJiX3FtcnVBWTJkOEN5bk4yc0FPVm5nIiwidW5pcXVlX2lkIiwiaWRBTlBSIl0~WyJGajhqZ055bUVXYk9OdFpHeGV0SFh3IiwiYmlydGhfZGF0ZSIsIjE5OTUtMDEtMTgiXQ~WyI5aUs2UF9jY2UyY29QR1Q4b3d2TWxBIiwiYmlydGhfcGxhY2UiLCJST01BIl0~WyJucGVfcHJyUWxHT0hMU19pbS1pNmNnIiwibmF0aW9uYWxpdHkiLCJJVCJd~WyJrazlUVW9DQm9OZFd0VElpUWJValNBIiwidGF4X2lkX2NvZGUiLCJUSU5JVC1TUENNUkE5NUE1OEg1MDFUIl0~WyJjclNLNDlpaWpiZTdSbFFLSXlvcmlRIiwiaWF0IiwxNzQ3NzQ3MTI1XQ";
-const unsigned = "eyJraWQiOiJvTHZHOHFGeGJZQ2RZRXBGNVdEeEJVYzM1THI1YTgwZ2FtbjZPeU5pSFRjIiwidHlwIjoidmMrc2Qtand0IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJaTGJkSm53Qm1xQks2aVJqZmVmdXNqcjBZMUk1SE11MUllcXJ5TWJGejRnIiwidmN0IjoidXJuOmV1LmV1cm9wYS5lYy5ldWRpOnBpZDoxIiwiZXhwaXJ5X2RhdGUiOiIyMDI2LTA1LTIwIiwiaXNzIjoiaHR0cHM6Ly9hcGkucG90ZW50aWFsLXdhbGxldC1pdC1waWQtcHJvdmlkZXIuaXQiLCJfc2QiOlsiNDNlbk9MQ0xSdnhseDkyTG5QaUxOMTFMR3lIVjJtT1NycmRMa1RfTm1SQSIsIkdkc1hiX0s5ZHh5WWxCd3lCclloSVdVQnlSbFdxRk9IRlVWZ1J3RWZTdjQiLCJJaGgzUFRXbWM0Zk1MQ1FZQVFsN2l5ajRYY3RwbEZOS0VaUDVtQU9BWmo4IiwiTUx0RktpVUdzUDhrMUMxN3hYblZmWFh3emhpUHN0ekx4a2dLWk10YXZ1QSIsIlkxOU9vNFNfVjZEdjZRcGVPcFJSLWxOMmlGeHJ0RzF2WkVVejFKVy1CN2MiLCJ1LWlYMXduZUtja3NDeld6elRkOUZvUTlRUGNoNlhxS2hBZkMyRFZySk9zIiwid1FURHpYcFZpNmlVa01yUW9sNFdpWkpwZkhsS2FoZi1LLWxYZjE4Rll1YyIsInhqZzVNbEpXcDVqVGltdlhzaXZRUmhMVnFlOGNTemFkTVo2MEhrazUzanMiXSwidmN0I2ludGVncml0eSI6IjI0MjMwMmQ5N2QzOGRhMjcxNGEyNTdmMmEyNTNiZjJmYTMwYWFlNWMxMDlmZTk1ODFiZmNkYTNiMWQ3OTdjOTciLCJpc3N1aW5nX2NvdW50cnkiOiJJVCIsIl9zZF9hbGciOiJzaGEtMjU2IiwiaXNzdWluZ19hdXRob3JpdHkiOiJJc3RpdHV0byBQb2xpZ3JhZmljbyBlIFplY2NhIGRlbGxvIFN0YXRvIiwiY25mIjp7Imp3ayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2Iiwia2lkIjoiTTBQYnZkWXNqVmdybWtXTTFfYVpZMk5zYmRMX3ZtckgyODd5TzQzTHF1WSIsIngiOiJfOHBuSVg2LXR6WEpBa0NSNmlhdnNDUVB0aW5ZYkZJeHI3NEYtNnJUejJVIiwieSI6IlJMeE53dHIxZzhIcmI1TlNoajFHYk1XZ0hvUS1DNzBCT3o0LVN5ZERoRmcifX0sImV4cCI6MTc3OTI4MzEyNSwiaWF0IjoxNzQ3NzQ3MTI1LCJ2ZXJpZmljYXRpb24iOnsiZXZpZGVuY2UiOnsibWV0aG9kIjoiY2llIn0sInRydXN0X2ZyYW1ld29yayI6ImVpZGFzIiwiYXNzdXJhbmNlX2xldmVsIjoiaGlnaCJ9LCJzdGF0dXMiOnsic3RhdHVzX2Fzc2VydGlvbiI6eyJjcmVkZW50aWFsX2hhc2hfYWxnIjoic2hhLTI1NiJ9fX0";
-const signature = "guNNpF6KeKSowT6WCYvslgaPQbTRhwgqxTdJMPwsBOEkh6A9X2FvU8RMJoalhwXLHLo72bE4-HCvXO803I98JQ";
+const token = "eyJraWQiOiItRl82VWdhOG4zVmVnalkyVTdZVUhLMXpMb2FELU5QVGM2M1JNSVNuTGF3IiwidHlwIjoidmMrc2Qtand0IiwiYWxnIjoiRVMyNTYifQ.eyJfc2QiOlsiMHExRDVKbWF2NnBRYUVoX0pfRmN2X3VOTk1RSWdDeWhRT3hxbFk0bDNxVSIsIktDSi1BVk52ODhkLXhqNnNVSUFPSnhGbmJVaDNySFhES2tJSDFsRnFiUnMiLCJNOWxvOVl4RE5JWHJBcTJxV2VpQ0E0MHpwSl96WWZGZFJfNEFFQUxjUnRVIiwiY3pnalVrMG5xUkNzd1NoQ2hDamRTNkExLXY0N2RfcVRDU0ZJdklIaE1vSSIsIm5HblFyN2NsbTN0ZlRwOHlqTF91SHJEU090elIyUFZiOFM3R2VMZEFxQlEiLCJ4TklWd2xwU3NhWjhDSlNmMGd6NXhfNzVWUldXYzZWMW1scGVqZENycVVzIl0sInN1YiI6IjIxNmY4OTQ2LTllY2ItNDgxOS05MzA5LWMwNzZmMzRhN2UxMSIsIl9zZF9hbGciOiJzaGEtMjU2IiwidmN0IjoiUGVyc29uSWRlbnRpZmljYXRpb25EYXRhIiwiaXNzIjoiaHR0cHM6Ly9wcmUuZWlkLndhbGxldC5pcHpzLml0IiwiY25mIjp7Imp3ayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2Iiwia2lkIjoiUnYzVy1FaUtwdkJUeWs1eVp4dnJldi03TURCNlNselVDQm9fQ1FqamRkVSIsIngiOiIwV294N1F0eVBxQnlnMzVNSF9YeUNjbmQ1TGUtSm0wQVhIbFVnREJBMDNZIiwieSI6ImVFaFZ2ZzFKUHFOZDNEVFNhNG1HREdCbHdZNk5QLUVaYkxiTkZYU1h3SWcifX0sImV4cCI6MTc1MTU0NjU3Niwic3RhdHVzIjp7InN0YXR1c19hdHRlc3RhdGlvbiI6eyJjcmVkZW50aWFsX2hhc2hfYWxnIjoic2hhLTI1NiJ9fX0.qXHA2oqr8trX4fGxpxpUft2GX380TM3pzfo1MYAsDjUC8HsODA-4rdRWAvDe2zYP57x4tJU7eiABkd1Kmln9yQ~WyJrSkRFUDhFYU5URU1CRE9aelp6VDR3IiwidW5pcXVlX2lkIiwiVElOSVQtTFZMREFBODVUNTBHNzAyQiJd~WyJ6SUF5VUZ2UGZJcEUxekJxeEk1aGFRIiwiYmlydGhfZGF0ZSIsIjE5ODUtMTItMTAiXQ~WyJHcjNSM3MyOTBPa1FVbS1ORlR1OTZBIiwidGF4X2lkX2NvZGUiLCJUSU5JVC1MVkxEQUE4NVQ1MEc3MDJCIl0~WyJHeE9SYWxNQWVsZlowZWRGSmpqWVV3IiwiZ2l2ZW5fbmFtZSIsIkFkYSJd~WyJfdlY1UklrbDBJT0VYS290czlrdDF3IiwiZmFtaWx5X25hbWUiLCJMb3ZlbGFjZSJd~WyJDajV0Y2NSNzJKd3J6ZTJUVzRhLXdnIiwiaWF0IiwxNzIwMDEwNTc1XQ";
+const unsigned = "eyJraWQiOiItRl82VWdhOG4zVmVnalkyVTdZVUhLMXpMb2FELU5QVGM2M1JNSVNuTGF3IiwidHlwIjoidmMrc2Qtand0IiwiYWxnIjoiRVMyNTYifQ.eyJfc2QiOlsiMHExRDVKbWF2NnBRYUVoX0pfRmN2X3VOTk1RSWdDeWhRT3hxbFk0bDNxVSIsIktDSi1BVk52ODhkLXhqNnNVSUFPSnhGbmJVaDNySFhES2tJSDFsRnFiUnMiLCJNOWxvOVl4RE5JWHJBcTJxV2VpQ0E0MHpwSl96WWZGZFJfNEFFQUxjUnRVIiwiY3pnalVrMG5xUkNzd1NoQ2hDamRTNkExLXY0N2RfcVRDU0ZJdklIaE1vSSIsIm5HblFyN2NsbTN0ZlRwOHlqTF91SHJEU090elIyUFZiOFM3R2VMZEFxQlEiLCJ4TklWd2xwU3NhWjhDSlNmMGd6NXhfNzVWUldXYzZWMW1scGVqZENycVVzIl0sInN1YiI6IjIxNmY4OTQ2LTllY2ItNDgxOS05MzA5LWMwNzZmMzRhN2UxMSIsIl9zZF9hbGciOiJzaGEtMjU2IiwidmN0IjoiUGVyc29uSWRlbnRpZmljYXRpb25EYXRhIiwiaXNzIjoiaHR0cHM6Ly9wcmUuZWlkLndhbGxldC5pcHpzLml0IiwiY25mIjp7Imp3ayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2Iiwia2lkIjoiUnYzVy1FaUtwdkJUeWs1eVp4dnJldi03TURCNlNselVDQm9fQ1FqamRkVSIsIngiOiIwV294N1F0eVBxQnlnMzVNSF9YeUNjbmQ1TGUtSm0wQVhIbFVnREJBMDNZIiwieSI6ImVFaFZ2ZzFKUHFOZDNEVFNhNG1HREdCbHdZNk5QLUVaYkxiTkZYU1h3SWcifX0sImV4cCI6MTc1MTU0NjU3Niwic3RhdHVzIjp7InN0YXR1c19hdHRlc3RhdGlvbiI6eyJjcmVkZW50aWFsX2hhc2hfYWxnIjoic2hhLTI1NiJ9fX0";
+const signature = "qXHA2oqr8trX4fGxpxpUft2GX380TM3pzfo1MYAsDjUC8HsODA-4rdRWAvDe2zYP57x4tJU7eiABkd1Kmln9yQ";
 const signed = `${unsigned}.${signature}`;
-const tokenizedDisclosures = ["WyItR0wxV1NiMnRWdTVTMDM4OXRFZW9nIiwiZ2l2ZW5fbmFtZSIsIk1BUklBIl0", "WyJqSHYzdEFQNTNyRGxSbXVsdlo0Z2hBIiwiZmFtaWx5X25hbWUiLCJTUEVDSU1FTiJd", "WyJiX3FtcnVBWTJkOEN5bk4yc0FPVm5nIiwidW5pcXVlX2lkIiwiaWRBTlBSIl0", "WyJGajhqZ055bUVXYk9OdFpHeGV0SFh3IiwiYmlydGhfZGF0ZSIsIjE5OTUtMDEtMTgiXQ", "WyI5aUs2UF9jY2UyY29QR1Q4b3d2TWxBIiwiYmlydGhfcGxhY2UiLCJST01BIl0", "WyJucGVfcHJyUWxHT0hMU19pbS1pNmNnIiwibmF0aW9uYWxpdHkiLCJJVCJd", "WyJrazlUVW9DQm9OZFd0VElpUWJValNBIiwidGF4X2lkX2NvZGUiLCJUSU5JVC1TUENNUkE5NUE1OEg1MDFUIl0", "WyJjclNLNDlpaWpiZTdSbFFLSXlvcmlRIiwiaWF0IiwxNzQ3NzQ3MTI1XQ"];
+const tokenizedDisclosures = ["WyJrSkRFUDhFYU5URU1CRE9aelp6VDR3IiwidW5pcXVlX2lkIiwiVElOSVQtTFZMREFBODVUNTBHNzAyQiJd", "WyJ6SUF5VUZ2UGZJcEUxekJxeEk1aGFRIiwiYmlydGhfZGF0ZSIsIjE5ODUtMTItMTAiXQ", "WyJHcjNSM3MyOTBPa1FVbS1ORlR1OTZBIiwidGF4X2lkX2NvZGUiLCJUSU5JVC1MVkxEQUE4NVQ1MEc3MDJCIl0", "WyJHeE9SYWxNQWVsZlowZWRGSmpqWVV3IiwiZ2l2ZW5fbmFtZSIsIkFkYSJd", "WyJfdlY1UklrbDBJT0VYS290czlrdDF3IiwiZmFtaWx5X25hbWUiLCJMb3ZlbGFjZSJd", "WyJDajV0Y2NSNzJKd3J6ZTJUVzRhLXdnIiwiaWF0IiwxNzIwMDEwNTc1XQ"];
 const sdJwt = {
   header: {
-    kid: "oLvG8qFxbYCdYEpF5WDxBUc35Lr5a80gamn6OyNiHTc",
+    kid: "-F_6Uga8n3VegjY2U7YUHK1zLoaD-NPTc63RMISnLaw",
     typ: "vc+sd-jwt",
     alg: "ES256"
   },
   payload: {
-    sub: "ZLbdJnwBmqBK6iRjfefusjr0Y1I5HMu1IeqryMbFz4g",
-    vct: "urn:eu.europa.ec.eudi:pid:1",
-    expiry_date: "2026-05-20",
-    iss: "https://api.potential-wallet-it-pid-provider.it",
-    _sd: ["43enOLCLRvxlx92LnPiLN11LGyHV2mOSrrdLkT_NmRA", "GdsXb_K9dxyYlBwyBrYhIWUByRlWqFOHFUVgRwEfSv4", "Ihh3PTWmc4fMLCQYAQl7iyj4XctplFNKEZP5mAOAZj8", "MLtFKiUGsP8k1C17xXnVfXXwzhiPstzLxkgKZMtavuA", "Y19Oo4S_V6Dv6QpeOpRR-lN2iFxrtG1vZEUz1JW-B7c", "u-iX1wneKcksCzWzzTd9FoQ9QPch6XqKhAfC2DVrJOs", "wQTDzXpVi6iUkMrQol4WiZJpfHlKahf-K-lXf18FYuc", "xjg5MlJWp5jTimvXsivQRhLVqe8cSzadMZ60Hkk53js"],
-    "vct#integrity": "242302d97d38da2714a257f2a253bf2fa30aae5c109fe9581bfcda3b1d797c97",
-    issuing_country: "IT",
+    _sd: ["0q1D5Jmav6pQaEh_J_Fcv_uNNMQIgCyhQOxqlY4l3qU", "KCJ-AVNv88d-xj6sUIAOJxFnbUh3rHXDKkIH1lFqbRs", "M9lo9YxDNIXrAq2qWeiCA40zpJ_zYfFdR_4AEALcRtU", "czgjUk0nqRCswShChCjdS6A1-v47d_qTCSFIvIHhMoI", "nGnQr7clm3tfTp8yjL_uHrDSOtzR2PVb8S7GeLdAqBQ", "xNIVwlpSsaZ8CJSf0gz5x_75VRWWc6V1mlpejdCrqUs"],
+    sub: "216f8946-9ecb-4819-9309-c076f34a7e11",
     _sd_alg: "sha-256",
-    issuing_authority: "Istituto Poligrafico e Zecca dello Stato",
+    vct: "PersonIdentificationData",
+    iss: "https://pre.eid.wallet.ipzs.it",
     cnf: {
       jwk: {
         kty: "EC",
         crv: "P-256",
-        kid: "M0PbvdYsjVgrmkWM1_aZY2NsbdL_vmrH287yO43LquY",
-        x: "_8pnIX6-tzXJAkCR6iavsCQPtinYbFIxr74F-6rTz2U",
-        y: "RLxNwtr1g8Hrb5NShj1GbMWgHoQ-C70BOz4-SydDhFg"
+        kid: "Rv3W-EiKpvBTyk5yZxvrev-7MDB6SlzUCBo_CQjjddU",
+        x: "0Wox7QtyPqByg35MH_XyCcnd5Le-Jm0AXHlUgDBA03Y",
+        y: "eEhVvg1JPqNd3DTSa4mGDGBlwY6NP-EZbLbNFXSXwIg"
       }
     },
-    exp: 1779283125,
-    iat: 1747747125,
-    verification: {
-      evidence: {
-        method: "cie"
-      },
-      trust_framework: "eidas",
-      assurance_level: "high"
-    },
+    exp: 1751546576,
     status: {
-      status_assertion: {
+      status_attestation: {
         credential_hash_alg: "sha-256"
       }
     }
@@ -60,7 +48,7 @@ const sdJwt = {
 };
 // In the very same order than tokenizedDisclosures
-const disclosures = [["-GL1WSb2tVu5S0389tEeog", "given_name", "MARIA"], ["jHv3tAP53rDlRmulvZ4ghA", "family_name", "SPECIMEN"], ["b_qmruAY2d8CynN2sAOVng", "unique_id", "idANPR"], ["Fj8jgNymEWbONtZGxetHXw", "birth_date", "1995-01-18"], ["9iK6P_cce2coPGT8owvMlA", "birth_place", "ROMA"], ["npe_prrQlGOHLS_im-i6cg", "nationality", "IT"], ["kk9TUoCBoNdWtTIiQbUjSA", "tax_id_code", "TINIT-SPCMRA95A58H501T"], ["crSK49iijbe7RlQKIyoriQ", "iat", 1747747125]];
+const disclosures = [["kJDEP8EaNTEMBDOZzZzT4w", "unique_id", "TINIT-LVLDAA85T50G702B"], ["zIAyUFvPfIpE1zBqxI5haQ", "birth_date", "1985-12-10"], ["Gr3R3s290OkQUm-NFTu96A", "tax_id_code", "TINIT-LVLDAA85T50G702B"], ["GxORalMAelfZ0edFJjjYUw", "given_name", "Ada"], ["_vV5RIkl0IOEXKots9kt1w", "family_name", "Lovelace"], ["Cj5tccR72Jwrze2TW4a-wg", "iat", 1720010575]];
 it("Ensures example data correctness", () => {
   expect(JSON.parse((0, _ioReactNativeJwt.decodeBase64)((0, _ioReactNativeJwt.encodeBase64)(JSON.stringify(sdJwt.header))))).toEqual(sdJwt.header);
   expect([signed, ...tokenizedDisclosures].join("~")).toBe(token);
@@ -110,12 +98,12 @@ describe("decode", () => {
 });
 describe("disclose", () => {
   it("should encode a valid sdjwt (one claim)", async () => {
-    const result = await (0, _index.disclose)(token, ["unique_id"]);
+    const result = await (0, _index.disclose)(token, ["given_name"]);
     const expected = {
-      token: `${signed}~WyJiX3FtcnVBWTJkOEN5bk4yc0FPVm5nIiwidW5pcXVlX2lkIiwiaWRBTlBSIl0`,
+      token: `${signed}~WyJHeE9SYWxNQWVsZlowZWRGSmpqWVV3IiwiZ2l2ZW5fbmFtZSIsIkFkYSJd`,
       paths: [{
-        claim: "unique_id",
-        path: "verified_claims.claims._sd[7]"
+        claim: "given_name",
+        path: "verified_claims.claims._sd[3]"
       }]
     };
     expect(result).toEqual(expected);
@@ -131,13 +119,13 @@ describe("disclose", () => {
   it("should encode a valid sdjwt (multiple claims)", async () => {
     const result = await (0, _index.disclose)(token, ["iat", "family_name"]);
     const expected = {
-      token: `${signed}~WyJqSHYzdEFQNTNyRGxSbXVsdlo0Z2hBIiwiZmFtaWx5X25hbWUiLCJTUEVDSU1FTiJd~WyJjclNLNDlpaWpiZTdSbFFLSXlvcmlRIiwiaWF0IiwxNzQ3NzQ3MTI1XQ`,
+      token: `${signed}~WyJfdlY1UklrbDBJT0VYS290czlrdDF3IiwiZmFtaWx5X25hbWUiLCJMb3ZlbGFjZSJd~WyJDajV0Y2NSNzJKd3J6ZTJUVzRhLXdnIiwiaWF0IiwxNzIwMDEwNTc1XQ`,
       paths: [{
         claim: "iat",
-        path: "verified_claims.claims._sd[0]"
+        path: "verified_claims.claims._sd[4]"
       }, {
         claim: "family_name",
-        path: "verified_claims.claims._sd[5]"
+        path: "verified_claims.claims._sd[0]"
       }]
     };
     expect(result).toEqual(expected);