npm - @pagopa/io-react-native-wallet - Versions diffs - 2.0.0-next.3 → 2.0.0-next.5 - Mend

@pagopa/io-react-native-wallet 2.0.0-next.3 → 2.0.0-next.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (131) hide show

package/src/credential/status/{02-status-attestation.ts → 02-status-assertion.ts} RENAMED Viewed

@@ -6,54 +6,65 @@ import {
 import type { EvaluateIssuerTrust, ObtainCredential } from "../issuance";
 import { type CryptoContext, SignJWT } from "@pagopa/io-react-native-jwt";
 import { v4 as uuidv4 } from "uuid";
-import { StatusAttestationResponse } from "./types";
+import { StatusAssertionResponse } from "./types";
 import {
   IssuerResponseError,
   IssuerResponseErrorCodes,
   ResponseErrorBuilder,
   UnexpectedStatusCodeError,
 } from "../../utils/errors";
-import { LogLevel, Logger } from "../../utils/logging";
+import { Logger, LogLevel } from "../../utils/logging";
+import { extractJwkFromCredential } from "../../utils/credentials";
-export type StatusAttestation = (
+export type StatusAssertion = (
   issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
   credential: Out<ObtainCredential>["credential"],
-  credentialCryptoContext: CryptoContext,
-  appFetch?: GlobalFetch["fetch"]
+  format: Out<ObtainCredential>["format"],
+  context: {
+    credentialCryptoContext: CryptoContext;
+    wiaCryptoContext: CryptoContext;
+    appFetch?: GlobalFetch["fetch"];
+  }
 ) => Promise<{
-  statusAttestation: StatusAttestationResponse["status_attestation"];
+  statusAssertion: string;
 }>;
 /**
- * WARNING: This function must be called after {@link startFlow}.
- * Verify the status of the credential attestation.
+ * Get the status assertion of a digital credential.
  * @param issuerConf - The issuer's configuration
  * @param credential - The credential to be verified
- * @param credentialCryptoContext - The credential's crypto context
+ * @param format - The format of the credential, e.g. "sd-jwt"
+ * @param context.credentialCryptoContext - The credential's crypto context
+ * @param context.wiaCryptoContext - The Wallet Attestation's crypto context
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
  * @throws {IssuerResponseError} with a specific code for more context
- * @returns The credential status attestation
+ * @returns The credential status assertion
  */
-export const statusAttestation: StatusAttestation = async (
+export const statusAssertion: StatusAssertion = async (
   issuerConf,
   credential,
-  credentialCryptoContext,
-  appFetch: GlobalFetch["fetch"] = fetch
+  format,
+  ctx
 ) => {
-  const jwk = await credentialCryptoContext.getPublicKey();
+  const { credentialCryptoContext, wiaCryptoContext, appFetch = fetch } = ctx;
+  const jwk = await extractJwkFromCredential(credential, format);
+  const issuerJwk = await wiaCryptoContext.getPublicKey();
   const credentialHash = await getCredentialHashWithouDiscloures(credential);
   const statusAttUrl =
     issuerConf.openid_credential_issuer.status_attestation_endpoint;
   const credentialPop = await new SignJWT(credentialCryptoContext)
     .setPayload({
+      iss: issuerJwk.kid,
       aud: statusAttUrl,
       jti: uuidv4().toString(),
       credential_hash: credentialHash,
-      credential_hash_alg: "S256",
+      credential_hash_alg: "sha-256",
     })
     .setProtectedHeader({
       alg: "ES256",
-      typ: "status-attestation-request+jwt",
+      typ: "status-assertion-request+jwt",
       kid: jwk.kid,
     })
     .setIssuedAt()
@@ -61,7 +72,7 @@ export const statusAttestation: StatusAttestation = async (
     .sign();
   const body = {
-    credential_pop: credentialPop,
+    status_assertion_requests: [credentialPop],
   };
   Logger.log(LogLevel.DEBUG, `Credential pop: ${credentialPop}`);
@@ -73,33 +84,31 @@ export const statusAttestation: StatusAttestation = async (
     },
     body: JSON.stringify(body),
   })
-    .then(hasStatusOrThrow(201))
+    .then(hasStatusOrThrow(200))
     .then((raw) => raw.json())
-    .then((json) => StatusAttestationResponse.parse(json))
-    .catch(handleStatusAttestationError);
+    .then((json) => StatusAssertionResponse.parse(json))
+    .catch(handleStatusAssertionError);
-  return { statusAttestation: result.status_attestation };
+  const [statusAttestationJwt] = result.status_assertion_responses;
+  return { statusAssertion: statusAttestationJwt! };
 };
 /**
- * Handle the status attestation error by mapping it to a custom exception.
+ * Handle the status assertion error by mapping it to a custom exception.
  * If the error is not an instance of {@link UnexpectedStatusCodeError}, it is thrown as is.
  * @param e - The error to be handled
  * @throws {IssuerResponseError} with a specific code for more context
  */
-const handleStatusAttestationError = (e: unknown) => {
+const handleStatusAssertionError = (e: unknown) => {
   if (!(e instanceof UnexpectedStatusCodeError)) {
     throw e;
   }
   throw new ResponseErrorBuilder(IssuerResponseError)
-    .handle(404, {
-      code: IssuerResponseErrorCodes.CredentialInvalidStatus,
-      message: "Invalid status found for the given credential",
-    })
     .handle("*", {
       code: IssuerResponseErrorCodes.StatusAttestationRequestFailed,
-      message: `Unable to obtain the status attestation for the given credential`,
+      message: `Unable to obtain the status assertion for the given credential`,
     })
     .buildFrom(e);
 };

package/src/credential/status/03-verify-and-parse-status-assertion.ts ADDED Viewed

@@ -0,0 +1,109 @@
+import type { Out } from "../../utils/misc";
+import {
+  IoWalletError,
+  IssuerResponseError,
+  IssuerResponseErrorCodes,
+} from "../../utils/errors";
+import { decode as decodeJwt, verify } from "@pagopa/io-react-native-jwt";
+import type { EvaluateIssuerTrust, StatusAssertion } from ".";
+import {
+  type InvalidStatusErrorReason,
+  ParsedStatusAssertion,
+  ParsedStatusAssertionError,
+  ParsedStatusAssertionResponse,
+  StatusType,
+} from "./types";
+import { Logger, LogLevel } from "../../utils/logging";
+import type { ObtainCredential } from "../issuance";
+import { extractJwkFromCredential } from "../../utils/credentials";
+import { isSameThumbprint } from "../../utils/jwk";
+export type VerifyAndParseStatusAssertion = (
+  issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
+  statusAssertion: Out<StatusAssertion>,
+  credential: Out<ObtainCredential>["credential"],
+  format: Out<ObtainCredential>["format"]
+) => Promise<{ parsedStatusAssertion: ParsedStatusAssertion }>;
+/**
+ * Given a status assertion, verifies that:
+ * - It's in the supported format;
+ * - The assertion is correctly signed;
+ * - It's bound to the given key.
+ * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
+ * @param statusAssertion The encoded status assertion returned by {@link statusAssertion}
+ * @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
+ * @returns A parsed status assertion
+ * @throws {IoWalletError} If the credential signature is not verified with the Issuer key set
+ * @throws {IssuerResponseError} If the status assertion contains an error or the credential status is invalid
+ */
+export const verifyAndParseStatusAssertion: VerifyAndParseStatusAssertion =
+  async (issuerConf, rawStatusAssertion, credential, format) => {
+    const { statusAssertion } = rawStatusAssertion;
+    await verify(
+      statusAssertion,
+      issuerConf.openid_credential_issuer.jwks.keys
+    );
+    const decodedJwt = decodeJwt(statusAssertion);
+    const parsedStatusAssertion = ParsedStatusAssertionResponse.parse({
+      header: decodedJwt.protectedHeader,
+      payload: decodedJwt.payload,
+    });
+    Logger.log(
+      LogLevel.DEBUG,
+      `Parsed status assertion: ${JSON.stringify(parsedStatusAssertion)}`
+    );
+    // Errors are transmitted in the JWT and use a 200 HTTP status code
+    if (isStatusAssertionError(parsedStatusAssertion)) {
+      throw new IssuerResponseError({
+        code: IssuerResponseErrorCodes.CredentialInvalidStatus,
+        message: "The status assertion contains an error",
+        statusCode: 200,
+        reason: buildErrorReason(parsedStatusAssertion),
+      });
+    }
+    const { cnf, credential_status_type } = parsedStatusAssertion.payload;
+    const holderBindingKey = await extractJwkFromCredential(credential, format);
+    if (!(await isSameThumbprint(cnf.jwk, holderBindingKey))) {
+      const errorMessage = `Failed to verify holder binding for status assertion: the thumbprints of keys ${cnf.jwk.kid} and ${holderBindingKey.kid} do not match`;
+      Logger.log(LogLevel.ERROR, errorMessage);
+      throw new IoWalletError(errorMessage);
+    }
+    if (credential_status_type !== StatusType.VALID) {
+      throw new IssuerResponseError({
+        code: IssuerResponseErrorCodes.CredentialInvalidStatus,
+        message: "Invalid status found for the given credential",
+        statusCode: 200,
+        reason: buildErrorReason(parsedStatusAssertion),
+      });
+    }
+    return { parsedStatusAssertion };
+  };
+const isStatusAssertionError = (
+  assertion: ParsedStatusAssertionResponse
+): assertion is ParsedStatusAssertionError =>
+  assertion.header.typ === "status-assertion-error+jwt";
+/**
+ * Build an object containing the details on the error to use as the IssuerResponseError's reason
+ * @param assertion The status assertion response, both success or failure
+ * @returns The error's reason object
+ */
+const buildErrorReason = ({
+  payload,
+}: ParsedStatusAssertionResponse): InvalidStatusErrorReason =>
+  "error" in payload
+    ? payload
+    : {
+        error: payload.credential_status_detail!.state,
+        error_description: payload.credential_status_detail!.description,
+      };

package/src/credential/status/README.md CHANGED Viewed

@@ -1,16 +1,16 @@
-# Credential Status Attestation
+# Credential Status Assertion
-This flow is used to obtain a credential status attestation from its credential issuer. Each step in the flow is imported from the related file which is named with a sequential number.
-The credential status attestation is a JWT which contains the credential status which indicates if the credential is valid or not.
-The status attestation is supposed to be stored securely along with the credential. It has a limited lifetime and should be refreshed periodically according to the `exp` field in the JWT payload.
+This flow is used to obtain a credential status assertion from its credential issuer. Each step in the flow is imported from the related file which is named with a sequential number.
+The credential status assertion is a JWT which contains the credential status which indicates if the credential is valid or not (see [OAuth Status Assertions](https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/credential-revocation.html#oauth-status-assertions)).
+The status assertion is supposed to be stored securely along with the credential. It has a limited lifetime and should be refreshed periodically according to the `exp` field in the JWT payload.
 ## Sequence Diagram
 ```mermaid
 graph TD;
     0[startFlow]
-    1[statusAttestation]
-    2[verifyAndParseStatusAttestation]
+    1[statusAssertion]
+    2[verifyAndParseStatusAssertion]
     0 --> 1
     1 --> 2
@@ -21,14 +21,14 @@ graph TD;
 The following errors are mapped to a `IssuerResponseError` with specific codes.
-|HTTP Status|Error Code|Description|
-|-----------|----------|-----------|
-|`404 Not Found`|`ERR_CREDENTIAL_INVALID_STATUS`|This response is returned by the credential issuer when the status attestation is invalid. It might contain more details in the `reason` property.|
+|Error Code|Description|
+|----------|-----------|
+|`ERR_CREDENTIAL_INVALID_STATUS`|This error is thrown when the status assertion for a given credential is invalid. It might contain more details in the `reason` property.|
 ## Example
 <details>
-  <summary>Credential status attestation flow</summary>
+  <summary>Credential status assertion flow</summary>
 ```ts
 // Start the issuance flow
@@ -42,24 +42,26 @@ const { issuerUrl } = startFlow();
 // Evaluate issuer trust
 const { issuerConf } = await Credential.Status.evaluateIssuerTrust(issuerUrl);
-// Get the credential attestation
-const res = await Credential.Status.statusAttestation(
+// Get the credential assertion
+const res = await Credential.Status.statusAssertion(
   issuerConf,
   credential,
-  credentialCryptoContext
+  format,
+  { credentialCryptoContext, wiaCryptoContext }
 );
-// Verify and parse the status attestation
-const { parsedStatusAttestation } =
-  await Credential.Status.verifyAndParseStatusAttestation(
+// Verify and parse the status assertion
+const { parsedStatusAssertion } =
+  await Credential.Status.verifyAndParseStatusAssertion(
     issuerConf,
-    res.statusAttestation,
-    { credentialCryptoContext }
+    res.statusAssertion,
+    credential,
+    format
   );
 return {
-  statusAttestation: res.statusAttestation,
-  parsedStatusAttestation,
+  statusAssertion: res.statusAssertion,
+  parsedStatusAssertion,
 };
 ```

package/src/credential/status/index.ts CHANGED Viewed

@@ -1,22 +1,15 @@
 import { type StartFlow } from "./01-start-flow";
-import {
-  statusAttestation,
-  type StatusAttestation,
-} from "./02-status-attestation";
+import { statusAssertion, type StatusAssertion } from "./02-status-assertion";
 import { evaluateIssuerTrust, type EvaluateIssuerTrust } from "../issuance";
 import {
-  verifyAndParseStatusAttestation,
-  type VerifyAndParseStatusAttestation,
-} from "./03-verify-and-parse-status-attestation";
+  verifyAndParseStatusAssertion,
+  type VerifyAndParseStatusAssertion,
+} from "./03-verify-and-parse-status-assertion";
-export {
-  evaluateIssuerTrust,
-  statusAttestation,
-  verifyAndParseStatusAttestation,
-};
+export { evaluateIssuerTrust, statusAssertion, verifyAndParseStatusAssertion };
 export type {
   StartFlow,
   EvaluateIssuerTrust,
-  StatusAttestation,
-  VerifyAndParseStatusAttestation,
+  StatusAssertion,
+  VerifyAndParseStatusAssertion,
 };

package/src/credential/status/types.ts CHANGED Viewed

@@ -3,35 +3,38 @@ import { JWK } from "../../utils/jwk";
 import * as z from "zod";
 /**
- * Shape from parsing a status attestation response in case of 201.
+ * Shape from parsing a status assertion response in case of 201.
  */
-export const StatusAttestationResponse = z.object({
-  status_attestation: z.string(),
+export const StatusAssertionResponse = z.object({
+  status_assertion_responses: z.array(z.string()),
 });
 /**
- * Type from parsing a status attestation response in case of 201.
- * Inferred from {@link StatusAttestationResponse}.
+ * Type from parsing a status assertion response in case of 201.
+ * Inferred from {@link StatusAssertionResponse}.
  */
-export type StatusAttestationResponse = z.infer<
-  typeof StatusAttestationResponse
->;
+export type StatusAssertionResponse = z.infer<typeof StatusAssertionResponse>;
-/**
- * Type for a parsed status attestation.
- */
-export type ParsedStatusAttestation = z.infer<typeof ParsedStatusAttestation>;
+export type ParsedStatusAssertion = z.infer<typeof ParsedStatusAssertion>;
 /**
- * Shape for parsing a status attestation in a JWT.
+ * Shape for parsing a successful status assertion in a JWT.
  */
-export const ParsedStatusAttestation = z.object({
+export const ParsedStatusAssertion = z.object({
   header: z.object({
-    typ: z.literal("status-attestation+jwt"),
+    typ: z.literal("status-assertion+jwt"),
     alg: z.string(),
     kid: z.string().optional(),
   }),
   payload: z.object({
+    iss: z.string(),
+    credential_status_type: z.string(),
+    credential_status_detail: z
+      .object({
+        state: z.string(),
+        description: z.string(),
+      })
+      .optional(),
     credential_hash_alg: z.string(),
     credential_hash: z.string(),
     cnf: z.object({
@@ -41,3 +44,47 @@ export const ParsedStatusAttestation = z.object({
     iat: UnixTime,
   }),
 });
+export type ParsedStatusAssertionError = z.infer<
+  typeof ParsedStatusAssertionError
+>;
+/**
+ * The JWT that contains the errors occurred for the status assertion request.
+ * @see https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/credential-revocation.html#http-status-assertion-response
+ */
+export const ParsedStatusAssertionError = z.object({
+  header: z.object({
+    typ: z.literal("status-assertion-error+jwt"),
+    alg: z.string(),
+    kid: z.string().optional(),
+  }),
+  payload: z.object({
+    credential_hash_alg: z.string(),
+    credential_hash: z.string(),
+    error: z.string(),
+    error_description: z.string(),
+  }),
+});
+/**
+ * The status assertion response that might include either a successful assertion or an error
+ */
+export type ParsedStatusAssertionResponse = z.infer<
+  typeof ParsedStatusAssertionResponse
+>;
+export const ParsedStatusAssertionResponse = z.union([
+  ParsedStatusAssertion,
+  ParsedStatusAssertionError,
+]);
+export enum StatusType {
+  VALID = "0x00",
+  INVALID = "0x01",
+  SUSPENDED = "0x02",
+}
+export type InvalidStatusErrorReason = {
+  error: string;
+  error_description: string;
+};

package/src/sd-jwt/index.ts CHANGED Viewed

@@ -110,7 +110,11 @@ export const disclose = async (
     })
   );
-  const filteredDisclosures = rawDisclosures.filter((d) => {
+  // The disclosures in the new SD-JWT aligned with version 1.0
+  // include a trailing "~" character.
+  // To avoid parsing errors, it is necessary to filter the array
+  // to remove any empty strings
+  const filteredDisclosures = rawDisclosures.filter(Boolean).filter((d) => {
     const {
       decoded: [, name],
     } = decodeDisclosure(d);

package/src/sd-jwt/types.ts CHANGED Viewed

@@ -33,12 +33,23 @@ export type DisclosureWithEncoded = {
   encoded: string;
 };
+const StatusAssertion = z.object({
+  credential_hash_alg: z.literal("sha-256"),
+});
+/**
+ * Type for a Verifiable Credential in SD-JWT format.
+ * It supports both the older and the new data model for backward compatibility.
+ */
 export type SdJwt4VC = z.infer<typeof SdJwt4VC>;
 export const SdJwt4VC = z.object({
   header: z.object({
-    typ: z.literal("dc+sd-jwt"),
+    typ: z.enum(["vc+sd-jwt", "dc+sd-jwt"]),
     alg: z.string(),
-    kid: z.string().optional(),
+    kid: z.string(),
+    trust_chain: z.array(z.string()).optional(),
+    x5c: z.array(z.string()).optional(),
+    vctm: z.array(z.string()).optional(),
   }),
   payload: z.intersection(
     z.object({
@@ -47,18 +58,21 @@ export const SdJwt4VC = z.object({
       iat: UnixTime.optional(),
       exp: UnixTime,
       _sd_alg: z.literal("sha-256"),
-      status: z.object({
-        status_assertion: z.object({
-          credential_hash_alg: z.literal("sha-256"),
-        }),
-      }),
+      status: z
+        .union([
+          // Credentials v1.0
+          z.object({ status_assertion: StatusAssertion }),
+          // Credentials v0.7.1
+          z.object({ status_attestation: StatusAssertion }),
+        ])
+        .optional(),
       cnf: z.object({
         jwk: JWK,
       }),
       vct: z.string(),
-      "vct#integrity": z.string(),
-      issuing_authority: z.string(),
-      issuing_country: z.string(),
+      "vct#integrity": z.string().optional(),
+      issuing_authority: z.string().optional(),
+      issuing_country: z.string().optional(),
     }),
     ObfuscatedDisclosures
   ),

package/src/utils/credentials.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import { decode } from "../sd-jwt";
+import { thumbprint } from "@pagopa/io-react-native-jwt";
+import type { Out } from "./misc";
+import type { ObtainCredential } from "../credential/issuance";
+import type { JWK } from "./jwk";
+import { IoWalletError } from "./errors";
+const SD_JWT = ["vc+sd-jwt", "dc+sd-jwt"];
+/**
+ * Extracts a JWK from a credential.
+ * @param credential - The credential string, which can be in SD-JWT or CBOR format.
+ * @param format - The format of the credential
+ * @return A Promise that resolves to a JWK object if the credential is in SD-JWT format and contains a JWK, or undefined otherwise.
+ */
+export const extractJwkFromCredential = async (
+  credential: Out<ObtainCredential>["credential"],
+  format: Out<ObtainCredential>["format"]
+): Promise<JWK> => {
+  if (SD_JWT.includes(format)) {
+    // 1. SD-JWT case
+    const decoded = decode(credential);
+    const jwk = decoded.sdJwt.payload.cnf.jwk;
+    if (jwk) {
+      return { ...jwk, kid: await thumbprint(jwk) };
+    }
+  }
+  throw new IoWalletError(`Credential format ${format} not supported`);
+};

package/src/utils/crypto.ts CHANGED Viewed

@@ -1,12 +1,11 @@
 import {
-  getPublicKey,
-  sign,
-  generate,
   deleteKey,
+  generate,
+  getPublicKeyFixed,
+  sign,
 } from "@pagopa/io-react-native-crypto";
 import { v4 as uuidv4 } from "uuid";
-import { thumbprint, type CryptoContext } from "@pagopa/io-react-native-jwt";
-import { fixBase64EncodingOnKey } from "./jwk";
+import { type CryptoContext, thumbprint } from "@pagopa/io-react-native-jwt";
 /**
  * Create a CryptoContext bound to a key pair.
@@ -17,22 +16,15 @@ import { fixBase64EncodingOnKey } from "./jwk";
  */
 export const createCryptoContextFor = (keytag: string): CryptoContext => {
   return {
-    /**
-     * Retrieve the public key of the pair.
-     * If the key pair doesn't exist yet, an error is raised
-     * @returns The public key.
-     */
     async getPublicKey() {
-      return getPublicKey(keytag)
-        .then(fixBase64EncodingOnKey)
-        .then(async (jwk) => ({
-          ...jwk,
-          // Keys in the TEE are not stored with their KID, which is supposed to be assigned when they are included in JWK sets.
-          // (that is, KID is not a propoerty of the key itself, but it's property used to identify a key in a set).
-          // We assume the convention we use the thumbprint of the public key as KID, thus for easy development we decided to evaluate KID here
-          // However the values is an arbitrary string that might be anything
-          kid: await thumbprint(jwk),
-        }));
+      return getPublicKeyFixed(keytag).then(async (jwk) => ({
+        ...jwk,
+        // Keys in the TEE are not stored with their KID, which is supposed to be assigned when they are included in JWK sets.
+        // (that is, KID is not a propoerty of the key itself, but it's property used to identify a key in a set).
+        // We assume the convention we use the thumbprint of the public key as KID, thus for easy development we decided to evaluate KID here
+        // However the values is an arbitrary string that might be anything
+        kid: await thumbprint(jwk),
+      }));
     },
     /**
      * Get a signature for a provided value.

package/src/utils/jwk.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { decode, removePadding } from "@pagopa/io-react-native-jwt";
+import { decode, removePadding, thumbprint } from "@pagopa/io-react-native-jwt";
 import { z } from "zod";
 export type JWK = z.infer<typeof JWK>;
@@ -65,3 +65,17 @@ export const JWKS = z.object({
 });
 export type JWTDecodeResult = ReturnType<typeof decode>;
+/**
+ * Utility function that checks if two JWKs have the same thumbprint.
+ * @param jwkA The first JWK
+ * @param jwkB The second JWK
+ * @returns Whether the thumbprints match
+ */
+export const isSameThumbprint = async (jwkA: JWK, jwkB: JWK) => {
+  const [thumbprintJwkA, thumbprintJwkB] = await Promise.all([
+    thumbprint(jwkA),
+    thumbprint(jwkB),
+  ]);
+  return thumbprintJwkA === thumbprintJwkB;
+};

package/src/wallet-instance-attestation/types.ts CHANGED Viewed

@@ -58,7 +58,7 @@ export const WalletInstanceAttestationJwt = z.object({
     Jwt.shape.header,
     z.object({
       typ: z.literal("oauth-client-attestation+jwt"),
-      trust_chain: z.array(z.string()).optional(), // TODO: [SIW-2264] Make mandatory
+      trust_chain: z.array(z.string()).optional(),
     })
   ),
   payload: z.intersection(

package/lib/commonjs/credential/status/02-status-attestation.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["_misc","require","_ioReactNativeJwt","_uuid","_types","_errors","_logging","statusAttestation","issuerConf","credential","credentialCryptoContext","appFetch","arguments","length","undefined","fetch","jwk","getPublicKey","credentialHash","getCredentialHashWithouDiscloures","statusAttUrl","openid_credential_issuer","status_attestation_endpoint","credentialPop","SignJWT","setPayload","aud","jti","uuidv4","toString","credential_hash","credential_hash_alg","setProtectedHeader","alg","typ","kid","setIssuedAt","setExpirationTime","sign","body","credential_pop","Logger","log","LogLevel","DEBUG","result","method","headers","JSON","stringify","then","hasStatusOrThrow","raw","json","StatusAttestationResponse","parse","catch","handleStatusAttestationError","status_attestation","exports","e","UnexpectedStatusCodeError","ResponseErrorBuilder","IssuerResponseError","handle","code","IssuerResponseErrorCodes","CredentialInvalidStatus","message","StatusAttestationRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/status/02-status-attestation.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAMA,IAAAC,iBAAA,GAAAD,OAAA;AACA,IAAAE,KAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAMA,IAAAK,QAAA,GAAAL,OAAA;AAWA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMM,iBAAoC,GAAG,eAAAA,CAClDC,UAAU,EACVC,UAAU,EACVC,uBAAuB,EAEpB;EAAA,IADHC,QAA8B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAEtC,MAAMC,GAAG,GAAG,MAAMN,uBAAuB,CAACO,YAAY,CAAC,CAAC;EACxD,MAAMC,cAAc,GAAG,MAAM,IAAAC,uCAAiC,EAACV,UAAU,CAAC;EAC1E,MAAMW,YAAY,GAChBZ,UAAU,CAACa,wBAAwB,CAACC,2BAA2B;EACjE,MAAMC,aAAa,GAAG,MAAM,IAAIC,yBAAO,CAACd,uBAAuB,CAAC,CAC7De,UAAU,CAAC;IACVC,GAAG,EAAEN,YAAY;IACjBO,GAAG,EAAE,IAAAC,QAAM,EAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;IACxBC,eAAe,EAAEZ,cAAc;IAC/Ba,mBAAmB,EAAE;EACvB,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,gCAAgC;IACrCC,GAAG,EAAEnB,GAAG,CAACmB;EACX,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,IAAI,GAAG;IACXC,cAAc,EAAEjB;EAClB,CAAC;EAEDkB,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAG,mBAAkBrB,aAAc,EAAC,CAAC;EAE9D,MAAMsB,MAAM,GAAG,MAAMlC,QAAQ,CAACS,YAAY,EAAE;IAC1C0B,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDR,IAAI,EAAES,IAAI,CAACC,SAAS,CAACV,IAAI;EAC3B,CAAC,CAAC,CACCW,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAAEG,IAAI,IAAKC,gCAAyB,CAACC,KAAK,CAACF,IAAI,CAAC,CAAC,CACrDG,KAAK,CAACC,4BAA4B,CAAC;EAEtC,OAAO;IAAElD,iBAAiB,EAAEsC,MAAM,CAACa;EAAmB,CAAC;AACzD,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AALAC,OAAA,CAAApD,iBAAA,GAAAA,iBAAA;AAMA,MAAMkD,4BAA4B,GAAIG,CAAU,IAAK;EACnD,IAAI,EAAEA,CAAC,YAAYC,iCAAyB,CAAC,EAAE;IAC7C,MAAMD,CAAC;EACT;EAEA,MAAM,IAAIE,4BAAoB,CAACC,2BAAmB,CAAC,CAChDC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,gCAAwB,CAACC,uBAAuB;IACtDC,OAAO,EAAE;EACX,CAAC,CAAC,CACDJ,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,gCAAwB,CAACG,8BAA8B;IAC7DD,OAAO,EAAG;EACZ,CAAC,CAAC,CACDE,SAAS,CAACV,CAAC,CAAC;AACjB,CAAC"}