npm - @pagopa/io-react-native-wallet - Versions diffs - 2.0.0-next.3 → 2.0.0-next.4 - Mend

@pagopa/io-react-native-wallet 2.0.0-next.3 → 2.0.0-next.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

package/src/credential/presentation/07-evaluate-dcql-query.ts CHANGED Viewed

@@ -2,9 +2,9 @@ import { DcqlQuery, DcqlError, DcqlQueryResult } from "dcql";
 import { isValiError } from "valibot";
 import { decode, prepareVpToken } from "../../sd-jwt";
 import type { Disclosure } from "../../sd-jwt/types";
-import { createCryptoContextFor } from "../../utils/crypto";
 import type { RemotePresentation } from "./types";
 import { CredentialsNotFoundError, type NotFoundDetail } from "./errors";
+import type { CryptoContext } from "@pagopa/io-react-native-jwt";
 /**
  * The purpose for the credential request by the RP.
@@ -15,13 +15,13 @@ type CredentialPurpose = {
 };
 export type EvaluateDcqlQuery = (
-  credentialsSdJwt: [string /* keyTag */, string /* credential */][],
+  credentialsSdJwt: [CryptoContext, string /* credential */][],
   query: DcqlQuery.Input
 ) => {
   id: string;
   vct: string;
   credential: string;
-  keyTag: string;
+  cryptoContext: CryptoContext;
   requiredDisclosures: Disclosure[];
   purposes: CredentialPurpose[];
 }[];
@@ -30,7 +30,7 @@ export type PrepareRemotePresentations = (
   credentials: {
     id: string;
     credential: string;
-    keyTag: string;
+    cryptoContext: CryptoContext;
     requestedClaims: string[];
   }[],
   nonce: string,
@@ -55,11 +55,6 @@ const mapCredentialToObject = (jwt: string) => {
   const { sdJwt, disclosures } = decode(jwt);
   const credentialFormat = sdJwt.header.typ;
-  // TODO [SIW-2082]: support MDOC credentials
-  if (credentialFormat !== "dc+sd-jwt") {
-    throw new Error(`Unsupported credential format: ${credentialFormat}`);
-  }
   return {
     vct: sdJwt.payload.vct,
     credential_format: credentialFormat,
@@ -100,7 +95,10 @@ const extractMissingCredentials = (
 ): NotFoundDetail[] => {
   return getDcqlQueryFailedMatches(queryResult).map(([id]) => {
     const credential = originalQuery.credentials.find((c) => c.id === id);
-    if (credential?.format !== "dc+sd-jwt") {
+    if (
+      credential?.format !== "dc+sd-jwt" &&
+      credential?.format !== "vc+sd-jwt"
+    ) {
       throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
     }
     return { id, vctValues: credential.meta?.vct_values };
@@ -114,7 +112,6 @@ export const evaluateDcqlQuery: EvaluateDcqlQuery = (
   const credentials = credentialsSdJwt.map(([, credential]) =>
     mapCredentialToObject(credential)
   );
   try {
     // Validate the query
     const parsedQuery = DcqlQuery.parse(query);
@@ -131,11 +128,14 @@ export const evaluateDcqlQuery: EvaluateDcqlQuery = (
     // Build an object vct:credentialJwt to map matched credentials to their JWT
     const credentialsSdJwtByVct = credentials.reduce(
       (acc, c, i) => ({ ...acc, [c.vct]: credentialsSdJwt[i]! }),
-      {} as Record<string, [string /* keyTag */, string /* credential */]>
+      {} as Record<string, [CryptoContext, string /* credential */]>
     );
     return getDcqlQueryMatches(queryResult).map(([id, match]) => {
-      if (match.output.credential_format !== "dc+sd-jwt") {
+      if (
+        match.output.credential_format !== "dc+sd-jwt" &&
+        match.output.credential_format !== "vc+sd-jwt"
+      ) {
         throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
       }
       const { vct, claims } = match.output;
@@ -147,12 +147,12 @@ export const evaluateDcqlQuery: EvaluateDcqlQuery = (
           required: Boolean(credentialSet.required),
         }));
-      const [keyTag, credential] = credentialsSdJwtByVct[vct]!;
+      const [cryptoContext, credential] = credentialsSdJwtByVct[vct]!;
       const requiredDisclosures = Object.values(claims) as Disclosure[];
       return {
         id,
         vct,
-        keyTag,
+        cryptoContext,
         credential,
         requiredDisclosures,
         // When it is a match but no credential_sets are found, the credential is required by default
@@ -185,14 +185,13 @@ export const prepareRemotePresentations: PrepareRemotePresentations = async (
       const { vp_token } = await prepareVpToken(nonce, clientId, [
         item.credential,
         item.requestedClaims,
-        createCryptoContextFor(item.keyTag),
+        item.cryptoContext,
       ]);
       return {
         credentialId: item.id,
         requestedClaims: item.requestedClaims,
         vpToken: vp_token,
-        format: "dc+sd-jwt",
       };
     })
   );

package/src/credential/presentation/07-evaluate-input-descriptor.ts CHANGED Viewed

@@ -1,10 +1,10 @@
 import { InputDescriptor, type LegacyRemotePresentation } from "./types";
 import { SdJwt4VC, type DisclosureWithEncoded } from "../../sd-jwt/types";
 import { decode, prepareVpToken } from "../../sd-jwt";
-import { createCryptoContextFor } from "../../utils/crypto";
 import { JSONPath } from "jsonpath-plus";
 import { CredentialsNotFoundError, MissingDataError } from "./errors";
 import Ajv from "ajv";
+import type { CryptoContext } from "@pagopa/io-react-native-jwt";
 const ajv = new Ajv({ allErrors: true });
 const INDEX_CLAIM_NAME = 1;
@@ -23,13 +23,16 @@ export type EvaluateInputDescriptorSdJwt4VC = (
 export type EvaluateInputDescriptors = (
   descriptors: InputDescriptor[],
-  credentialsSdJwt: [string /* keyTag */, string /* credential */][]
+  credentialsSdJwt: [
+    CryptoContext /* cryptoContext */,
+    string /* credential */,
+  ][]
 ) => Promise<
   {
     evaluatedDisclosure: EvaluatedDisclosures;
     inputDescriptor: InputDescriptor;
     credential: string;
-    keyTag: string;
+    cryptoContext: CryptoContext;
   }[]
 >;
@@ -41,7 +44,7 @@ export type PrepareLegacyRemotePresentations = (
     requestedClaims: string[];
     inputDescriptor: InputDescriptor;
     credential: string;
-    keyTag: string;
+    cryptoContext: CryptoContext;
   }[],
   nonce: string,
   client_id: string
@@ -247,7 +250,7 @@ export const evaluateInputDescriptorForSdJwt4VC: EvaluateInputDescriptorSdJwt4VC
   };
 type DecodedCredentialSdJwt = {
-  keyTag: string;
+  cryptoContext: CryptoContext;
   credential: string;
   sdJwt: SdJwt4VC;
   disclosures: DisclosureWithEncoded[];
@@ -264,11 +267,11 @@ export const findCredentialSdJwt = (
   decodedSdJwtCredentials: DecodedCredentialSdJwt[]
 ): {
   matchedEvaluation: EvaluatedDisclosures;
-  matchedKeyTag: string;
   matchedCredential: string;
+  cryptoContext: CryptoContext;
 } => {
   for (const {
-    keyTag,
+    cryptoContext,
     credential,
     sdJwt,
     disclosures,
@@ -282,7 +285,7 @@ export const findCredentialSdJwt = (
       return {
         matchedEvaluation: evaluatedDisclosure,
-        matchedKeyTag: keyTag,
+        cryptoContext,
         matchedCredential: credential,
       };
     } catch {
@@ -319,9 +322,9 @@ export const evaluateInputDescriptors: EvaluateInputDescriptors = async (
 ) => {
   // We need decode SD-JWT credentials for evaluation
   const decodedSdJwtCredentials =
-    credentialsSdJwt?.map(([keyTag, credential]) => {
+    credentialsSdJwt?.map(([cryptoContext, credential]) => {
       const { sdJwt, disclosures } = decode(credential);
-      return { keyTag, credential, sdJwt, disclosures };
+      return { cryptoContext, credential, sdJwt, disclosures };
     }) || [];
   return Promise.all(
@@ -336,14 +339,14 @@ export const evaluateInputDescriptors: EvaluateInputDescriptors = async (
           ]);
         }
-        const { matchedEvaluation, matchedKeyTag, matchedCredential } =
+        const { matchedEvaluation, cryptoContext, matchedCredential } =
           findCredentialSdJwt(descriptor, decodedSdJwtCredentials);
         return {
           evaluatedDisclosure: matchedEvaluation,
           inputDescriptor: descriptor,
           credential: matchedCredential,
-          keyTag: matchedKeyTag,
+          cryptoContext,
         };
       }
@@ -383,7 +386,7 @@ export const prepareLegacyRemotePresentations: PrepareLegacyRemotePresentations
           const { vp_token } = await prepareVpToken(nonce, client_id, [
             item.credential,
             item.requestedClaims,
-            createCryptoContextFor(item.keyTag),
+            item.cryptoContext,
           ]);
           return {

package/src/credential/presentation/types.ts CHANGED Viewed

@@ -30,7 +30,6 @@ export type LegacyRemotePresentation = {
 export type RemotePresentation = {
   requestedClaims: string[];
   credentialId: string;
-  format: string;
   vpToken: string;
 };
@@ -97,7 +96,7 @@ export const RequestObject = z.object({
   state: z.string().optional(),
   nonce: z.string(),
   response_uri: z.string(),
-  response_uri_method: z.string().optional(),
+  request_uri_method: z.string().optional(),
   response_type: z.literal("vp_token"),
   response_mode: z.literal("direct_post.jwt"),
   client_id: z.string(),

package/src/sd-jwt/index.ts CHANGED Viewed

@@ -110,7 +110,11 @@ export const disclose = async (
     })
   );
-  const filteredDisclosures = rawDisclosures.filter((d) => {
+  // The disclosures in the new SD-JWT aligned with version 1.0
+  // include a trailing "~" character.
+  // To avoid parsing errors, it is necessary to filter the array
+  // to remove any empty strings
+  const filteredDisclosures = rawDisclosures.filter(Boolean).filter((d) => {
     const {
       decoded: [, name],
     } = decodeDisclosure(d);

package/src/sd-jwt/types.ts CHANGED Viewed

@@ -33,12 +33,23 @@ export type DisclosureWithEncoded = {
   encoded: string;
 };
+const StatusAssertion = z.object({
+  credential_hash_alg: z.literal("sha-256"),
+});
+/**
+ * Type for a Verifiable Credential in SD-JWT format.
+ * It supports both the older and the new data model for backward compatibility.
+ */
 export type SdJwt4VC = z.infer<typeof SdJwt4VC>;
 export const SdJwt4VC = z.object({
   header: z.object({
-    typ: z.literal("dc+sd-jwt"),
+    typ: z.enum(["vc+sd-jwt", "dc+sd-jwt"]),
     alg: z.string(),
-    kid: z.string().optional(),
+    kid: z.string(),
+    trust_chain: z.array(z.string()).optional(),
+    x5c: z.array(z.string()).optional(),
+    vctm: z.array(z.string()).optional(),
   }),
   payload: z.intersection(
     z.object({
@@ -47,18 +58,21 @@ export const SdJwt4VC = z.object({
       iat: UnixTime.optional(),
       exp: UnixTime,
       _sd_alg: z.literal("sha-256"),
-      status: z.object({
-        status_assertion: z.object({
-          credential_hash_alg: z.literal("sha-256"),
-        }),
-      }),
+      status: z
+        .union([
+          // Credentials v1.0
+          z.object({ status_assertion: StatusAssertion }),
+          // Credentials v0.7.1
+          z.object({ status_attestation: StatusAssertion }),
+        ])
+        .optional(),
       cnf: z.object({
         jwk: JWK,
       }),
       vct: z.string(),
-      "vct#integrity": z.string(),
-      issuing_authority: z.string(),
-      issuing_country: z.string(),
+      "vct#integrity": z.string().optional(),
+      issuing_authority: z.string().optional(),
+      issuing_country: z.string().optional(),
     }),
     ObfuscatedDisclosures
   ),

package/src/wallet-instance-attestation/types.ts CHANGED Viewed

@@ -58,7 +58,7 @@ export const WalletInstanceAttestationJwt = z.object({
     Jwt.shape.header,
     z.object({
       typ: z.literal("oauth-client-attestation+jwt"),
-      trust_chain: z.array(z.string()).optional(), // TODO: [SIW-2264] Make mandatory
+      trust_chain: z.array(z.string()).optional(),
     })
   ),
   payload: z.intersection(