@pagopa/io-react-native-wallet 2.0.0-next.3 → 2.0.0-next.5

package/lib/commonjs/credential/status/03-verify-and-parse-status-attestation.js

@@ -1,55 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.verifyAndParseStatusAttestation = void 0;
-var _errors = require("../../utils/errors");
-var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
-var _types = require("./types");
-var _logging = require("../../utils/logging");
-/**
- * Given a status attestation, verifies that:
- * - It's in the supported format;
- * - The attestation is correctly signed;
- * - It's bound to the given key.
- * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
- * @param statusAttestation The encoded status attestation returned by {@link statusAttestation}
- * @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
- * @returns A parsed status attestation
- * @throws {IoWalletError} If the credential signature is not verified with the Issuer key set
- * @throws {IoWalletError} If the credential is not bound to the provided user key
- * @throws {IoWalletError} If the credential data fail to parse
- */
-const verifyAndParseStatusAttestation = async (issuerConf, rawStatusAttestation, context) => {
-  try {
-    const {
-      statusAttestation
-    } = rawStatusAttestation;
-    const {
-      credentialCryptoContext
-    } = context;
-    await (0, _ioReactNativeJwt.verify)(statusAttestation, issuerConf.openid_credential_issuer.jwks.keys);
-    const decodedJwt = (0, _ioReactNativeJwt.decode)(statusAttestation);
-    const parsedStatusAttestation = _types.ParsedStatusAttestation.parse({
-      header: decodedJwt.protectedHeader,
-      payload: decodedJwt.payload
-    });
-    _logging.Logger.log(_logging.LogLevel.DEBUG, `Parsed status attestation: ${JSON.stringify(parsedStatusAttestation)}`);
-    const holderBindingKey = await credentialCryptoContext.getPublicKey();
-    const {
-      cnf
-    } = parsedStatusAttestation.payload;
-    if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
-      _logging.Logger.log(_logging.LogLevel.ERROR, `Failed to verify holder binding for status attestation, expected kid: ${holderBindingKey.kid}, got: ${parsedStatusAttestation.payload.cnf.jwk.kid}`);
-      throw new _errors.IoWalletError(`Failed to verify holder binding for status attestation, expected kid: ${holderBindingKey.kid}, got: ${parsedStatusAttestation.payload.cnf.jwk.kid}`);
-    }
-    return {
-      parsedStatusAttestation
-    };
-  } catch (e) {
-    throw new _errors.IoWalletError(`Failed to verify status attestation: ${JSON.stringify(e)}`);
-  }
-};
-exports.verifyAndParseStatusAttestation = verifyAndParseStatusAttestation;
-//# sourceMappingURL=03-verify-and-parse-status-attestation.js.map

package/lib/commonjs/credential/status/03-verify-and-parse-status-attestation.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["_errors","require","_ioReactNativeJwt","_types","_logging","verifyAndParseStatusAttestation","issuerConf","rawStatusAttestation","context","statusAttestation","credentialCryptoContext","verify","openid_credential_issuer","jwks","keys","decodedJwt","decodeJwt","parsedStatusAttestation","ParsedStatusAttestation","parse","header","protectedHeader","payload","Logger","log","LogLevel","DEBUG","JSON","stringify","holderBindingKey","getPublicKey","cnf","jwk","kid","ERROR","IoWalletError","e","exports"],"sourceRoot":"../../../../src","sources":["credential/status/03-verify-and-parse-status-attestation.ts"],"mappings":";;;;;;AACA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,iBAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AAEA,IAAAG,QAAA,GAAAH,OAAA;AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMI,+BAAgE,GAC3E,MAAAA,CAAOC,UAAU,EAAEC,oBAAoB,EAAEC,OAAO,KAAK;EACnD,IAAI;IACF,MAAM;MAAEC;IAAkB,CAAC,GAAGF,oBAAoB;IAClD,MAAM;MAAEG;IAAwB,CAAC,GAAGF,OAAO;IAE3C,MAAM,IAAAG,wBAAM,EACVF,iBAAiB,EACjBH,UAAU,CAACM,wBAAwB,CAACC,IAAI,CAACC,IAC3C,CAAC;IAED,MAAMC,UAAU,GAAG,IAAAC,wBAAS,EAACP,iBAAiB,CAAC;IAC/C,MAAMQ,uBAAuB,GAAGC,8BAAuB,CAACC,KAAK,CAAC;MAC5DC,MAAM,EAAEL,UAAU,CAACM,eAAe;MAClCC,OAAO,EAAEP,UAAU,CAACO;IACtB,CAAC,CAAC;IAEFC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,8BAA6BC,IAAI,CAACC,SAAS,CAACX,uBAAuB,CAAE,EACxE,CAAC;IAED,MAAMY,gBAAgB,GAAG,MAAMnB,uBAAuB,CAACoB,YAAY,CAAC,CAAC;IACrE,MAAM;MAAEC;IAAI,CAAC,GAAGd,uBAAuB,CAACK,OAAO;IAC/C,IAAI,CAACS,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKJ,gBAAgB,CAACI,GAAG,EAAE;MACxDV,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACS,KAAK,EACb,yEAAwEL,gBAAgB,CAACI,GAAI,UAAShB,uBAAuB,CAACK,OAAO,CAACS,GAAG,CAACC,GAAG,CAACC,GAAI,EACrJ,CAAC;MACD,MAAM,IAAIE,qBAAa,CACpB,yEAAwEN,gBAAgB,CAACI,GAAI,UAAShB,uBAAuB,CAACK,OAAO,CAACS,GAAG,CAACC,GAAG,CAACC,GAAI,EACrJ,CAAC;IACH;IAEA,OAAO;MAAEhB;IAAwB,CAAC;EACpC,CAAC,CAAC,OAAOmB,CAAC,EAAE;IACV,MAAM,IAAID,qBAAa,CACpB,wCAAuCR,IAAI,CAACC,SAAS,CAACQ,CAAC,CAAE,EAC5D,CAAC;EACH;AACF,CAAC;AAACC,OAAA,CAAAhC,+BAAA,GAAAA,+BAAA"}

package/lib/module/credential/status/02-status-attestation.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["getCredentialHashWithouDiscloures","hasStatusOrThrow","SignJWT","v4","uuidv4","StatusAttestationResponse","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","LogLevel","Logger","statusAttestation","issuerConf","credential","credentialCryptoContext","appFetch","arguments","length","undefined","fetch","jwk","getPublicKey","credentialHash","statusAttUrl","openid_credential_issuer","status_attestation_endpoint","credentialPop","setPayload","aud","jti","toString","credential_hash","credential_hash_alg","setProtectedHeader","alg","typ","kid","setIssuedAt","setExpirationTime","sign","body","credential_pop","log","DEBUG","result","method","headers","JSON","stringify","then","raw","json","parse","catch","handleStatusAttestationError","status_attestation","e","handle","code","CredentialInvalidStatus","message","StatusAttestationRequestFailed","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/status/02-status-attestation.ts"],"mappings":"AAAA,SACEA,iCAAiC,EACjCC,gBAAgB,QAEX,kBAAkB;AAEzB,SAA6BC,OAAO,QAAQ,6BAA6B;AACzE,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,yBAAyB,QAAQ,SAAS;AACnD,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,EACpBC,yBAAyB,QACpB,oBAAoB;AAC3B,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAWtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,iBAAoC,GAAG,eAAAA,CAClDC,UAAU,EACVC,UAAU,EACVC,uBAAuB,EAEpB;EAAA,IADHC,QAA8B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAEtC,MAAMC,GAAG,GAAG,MAAMN,uBAAuB,CAACO,YAAY,CAAC,CAAC;EACxD,MAAMC,cAAc,GAAG,MAAMvB,iCAAiC,CAACc,UAAU,CAAC;EAC1E,MAAMU,YAAY,GAChBX,UAAU,CAACY,wBAAwB,CAACC,2BAA2B;EACjE,MAAMC,aAAa,GAAG,MAAM,IAAIzB,OAAO,CAACa,uBAAuB,CAAC,CAC7Da,UAAU,CAAC;IACVC,GAAG,EAAEL,YAAY;IACjBM,GAAG,EAAE1B,MAAM,CAAC,CAAC,CAAC2B,QAAQ,CAAC,CAAC;IACxBC,eAAe,EAAET,cAAc;IAC/BU,mBAAmB,EAAE;EACvB,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,gCAAgC;IACrCC,GAAG,EAAEhB,GAAG,CAACgB;EACX,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,IAAI,GAAG;IACXC,cAAc,EAAEf;EAClB,CAAC;EAEDhB,MAAM,CAACgC,GAAG,CAACjC,QAAQ,CAACkC,KAAK,EAAG,mBAAkBjB,aAAc,EAAC,CAAC;EAE9D,MAAMkB,MAAM,GAAG,MAAM7B,QAAQ,CAACQ,YAAY,EAAE;IAC1CsB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDN,IAAI,EAAEO,IAAI,CAACC,SAAS,CAACR,IAAI;EAC3B,CAAC,CAAC,CACCS,IAAI,CAACjD,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BiD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEE,IAAI,IAAK/C,yBAAyB,CAACgD,KAAK,CAACD,IAAI,CAAC,CAAC,CACrDE,KAAK,CAACC,4BAA4B,CAAC;EAEtC,OAAO;IAAE3C,iBAAiB,EAAEiC,MAAM,CAACW;EAAmB,CAAC;AACzD,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMD,4BAA4B,GAAIE,CAAU,IAAK;EACnD,IAAI,EAAEA,CAAC,YAAYhD,yBAAyB,CAAC,EAAE;IAC7C,MAAMgD,CAAC;EACT;EAEA,MAAM,IAAIjD,oBAAoB,CAACF,mBAAmB,CAAC,CAChDoD,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEpD,wBAAwB,CAACqD,uBAAuB;IACtDC,OAAO,EAAE;EACX,CAAC,CAAC,CACDH,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEpD,wBAAwB,CAACuD,8BAA8B;IAC7DD,OAAO,EAAG;EACZ,CAAC,CAAC,CACDE,SAAS,CAACN,CAAC,CAAC;AACjB,CAAC"}

package/lib/module/credential/status/03-verify-and-parse-status-attestation.js

@@ -1,49 +0,0 @@
-import { IoWalletError } from "../../utils/errors";
-import { verify } from "@pagopa/io-react-native-jwt";
-import { ParsedStatusAttestation } from "./types";
-import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
-import { LogLevel, Logger } from "../../utils/logging";
-/**
- * Given a status attestation, verifies that:
- * - It's in the supported format;
- * - The attestation is correctly signed;
- * - It's bound to the given key.
- * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
- * @param statusAttestation The encoded status attestation returned by {@link statusAttestation}
- * @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
- * @returns A parsed status attestation
- * @throws {IoWalletError} If the credential signature is not verified with the Issuer key set
- * @throws {IoWalletError} If the credential is not bound to the provided user key
- * @throws {IoWalletError} If the credential data fail to parse
- */
-export const verifyAndParseStatusAttestation = async (issuerConf, rawStatusAttestation, context) => {
-  try {
-    const {
-      statusAttestation
-    } = rawStatusAttestation;
-    const {
-      credentialCryptoContext
-    } = context;
-    await verify(statusAttestation, issuerConf.openid_credential_issuer.jwks.keys);
-    const decodedJwt = decodeJwt(statusAttestation);
-    const parsedStatusAttestation = ParsedStatusAttestation.parse({
-      header: decodedJwt.protectedHeader,
-      payload: decodedJwt.payload
-    });
-    Logger.log(LogLevel.DEBUG, `Parsed status attestation: ${JSON.stringify(parsedStatusAttestation)}`);
-    const holderBindingKey = await credentialCryptoContext.getPublicKey();
-    const {
-      cnf
-    } = parsedStatusAttestation.payload;
-    if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
-      Logger.log(LogLevel.ERROR, `Failed to verify holder binding for status attestation, expected kid: ${holderBindingKey.kid}, got: ${parsedStatusAttestation.payload.cnf.jwk.kid}`);
-      throw new IoWalletError(`Failed to verify holder binding for status attestation, expected kid: ${holderBindingKey.kid}, got: ${parsedStatusAttestation.payload.cnf.jwk.kid}`);
-    }
-    return {
-      parsedStatusAttestation
-    };
-  } catch (e) {
-    throw new IoWalletError(`Failed to verify status attestation: ${JSON.stringify(e)}`);
-  }
-};
-//# sourceMappingURL=03-verify-and-parse-status-attestation.js.map

package/lib/module/credential/status/03-verify-and-parse-status-attestation.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["IoWalletError","verify","ParsedStatusAttestation","decode","decodeJwt","LogLevel","Logger","verifyAndParseStatusAttestation","issuerConf","rawStatusAttestation","context","statusAttestation","credentialCryptoContext","openid_credential_issuer","jwks","keys","decodedJwt","parsedStatusAttestation","parse","header","protectedHeader","payload","log","DEBUG","JSON","stringify","holderBindingKey","getPublicKey","cnf","jwk","kid","ERROR","e"],"sourceRoot":"../../../../src","sources":["credential/status/03-verify-and-parse-status-attestation.ts"],"mappings":"AACA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,MAAM,QAA4B,6BAA6B;AAExE,SAASC,uBAAuB,QAAQ,SAAS;AACjD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AACjE,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAUtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,+BAAgE,GAC3E,MAAAA,CAAOC,UAAU,EAAEC,oBAAoB,EAAEC,OAAO,KAAK;EACnD,IAAI;IACF,MAAM;MAAEC;IAAkB,CAAC,GAAGF,oBAAoB;IAClD,MAAM;MAAEG;IAAwB,CAAC,GAAGF,OAAO;IAE3C,MAAMT,MAAM,CACVU,iBAAiB,EACjBH,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACC,IAC3C,CAAC;IAED,MAAMC,UAAU,GAAGZ,SAAS,CAACO,iBAAiB,CAAC;IAC/C,MAAMM,uBAAuB,GAAGf,uBAAuB,CAACgB,KAAK,CAAC;MAC5DC,MAAM,EAAEH,UAAU,CAACI,eAAe;MAClCC,OAAO,EAAEL,UAAU,CAACK;IACtB,CAAC,CAAC;IAEFf,MAAM,CAACgB,GAAG,CACRjB,QAAQ,CAACkB,KAAK,EACb,8BAA6BC,IAAI,CAACC,SAAS,CAACR,uBAAuB,CAAE,EACxE,CAAC;IAED,MAAMS,gBAAgB,GAAG,MAAMd,uBAAuB,CAACe,YAAY,CAAC,CAAC;IACrE,MAAM;MAAEC;IAAI,CAAC,GAAGX,uBAAuB,CAACI,OAAO;IAC/C,IAAI,CAACO,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKJ,gBAAgB,CAACI,GAAG,EAAE;MACxDxB,MAAM,CAACgB,GAAG,CACRjB,QAAQ,CAAC0B,KAAK,EACb,yEAAwEL,gBAAgB,CAACI,GAAI,UAASb,uBAAuB,CAACI,OAAO,CAACO,GAAG,CAACC,GAAG,CAACC,GAAI,EACrJ,CAAC;MACD,MAAM,IAAI9B,aAAa,CACpB,yEAAwE0B,gBAAgB,CAACI,GAAI,UAASb,uBAAuB,CAACI,OAAO,CAACO,GAAG,CAACC,GAAG,CAACC,GAAI,EACrJ,CAAC;IACH;IAEA,OAAO;MAAEb;IAAwB,CAAC;EACpC,CAAC,CAAC,OAAOe,CAAC,EAAE;IACV,MAAM,IAAIhC,aAAa,CACpB,wCAAuCwB,IAAI,CAACC,SAAS,CAACO,CAAC,CAAE,EAC5D,CAAC;EACH;AACF,CAAC"}

package/lib/typescript/credential/status/02-status-attestation.d.ts

@@ -1,19 +0,0 @@
-import { type Out } from "../../utils/misc";
-import type { EvaluateIssuerTrust, ObtainCredential } from "../issuance";
-import { type CryptoContext } from "@pagopa/io-react-native-jwt";
-import { StatusAttestationResponse } from "./types";
-export type StatusAttestation = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], credential: Out<ObtainCredential>["credential"], credentialCryptoContext: CryptoContext, appFetch?: GlobalFetch["fetch"]) => Promise<{
-    statusAttestation: StatusAttestationResponse["status_attestation"];
-}>;
-/**
- * WARNING: This function must be called after {@link startFlow}.
- * Verify the status of the credential attestation.
- * @param issuerConf - The issuer's configuration
- * @param credential - The credential to be verified
- * @param credentialCryptoContext - The credential's crypto context
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @throws {IssuerResponseError} with a specific code for more context
- * @returns The credential status attestation
- */
-export declare const statusAttestation: StatusAttestation;
-//# sourceMappingURL=02-status-attestation.d.ts.map

package/lib/typescript/credential/status/02-status-attestation.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"02-status-attestation.d.ts","sourceRoot":"","sources":["../../../../src/credential/status/02-status-attestation.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,GAAG,EACT,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AACzE,OAAO,EAAE,KAAK,aAAa,EAAW,MAAM,6BAA6B,CAAC;AAE1E,OAAO,EAAE,yBAAyB,EAAE,MAAM,SAAS,CAAC;AASpD,MAAM,MAAM,iBAAiB,GAAG,CAC9B,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,UAAU,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,YAAY,CAAC,EAC/C,uBAAuB,EAAE,aAAa,EACtC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC;IACX,iBAAiB,EAAE,yBAAyB,CAAC,oBAAoB,CAAC,CAAC;CACpE,CAAC,CAAC;AAEH;;;;;;;;;GASG;AACH,eAAO,MAAM,iBAAiB,EAAE,iBA6C/B,CAAC"}

package/lib/typescript/credential/status/03-verify-and-parse-status-attestation.d.ts

@@ -1,24 +0,0 @@
-import type { Out } from "../../utils/misc";
-import { type CryptoContext } from "@pagopa/io-react-native-jwt";
-import type { EvaluateIssuerTrust, StatusAttestation } from "../status";
-import { ParsedStatusAttestation } from "./types";
-export type VerifyAndParseStatusAttestation = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], statusAttestation: Out<StatusAttestation>, context: {
-    credentialCryptoContext: CryptoContext;
-}) => Promise<{
-    parsedStatusAttestation: ParsedStatusAttestation;
-}>;
-/**
- * Given a status attestation, verifies that:
- * - It's in the supported format;
- * - The attestation is correctly signed;
- * - It's bound to the given key.
- * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
- * @param statusAttestation The encoded status attestation returned by {@link statusAttestation}
- * @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
- * @returns A parsed status attestation
- * @throws {IoWalletError} If the credential signature is not verified with the Issuer key set
- * @throws {IoWalletError} If the credential is not bound to the provided user key
- * @throws {IoWalletError} If the credential data fail to parse
- */
-export declare const verifyAndParseStatusAttestation: VerifyAndParseStatusAttestation;
-//# sourceMappingURL=03-verify-and-parse-status-attestation.d.ts.map

package/lib/typescript/credential/status/03-verify-and-parse-status-attestation.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"03-verify-and-parse-status-attestation.d.ts","sourceRoot":"","sources":["../../../../src/credential/status/03-verify-and-parse-status-attestation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAU,KAAK,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACzE,OAAO,KAAK,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AACxE,OAAO,EAAE,uBAAuB,EAAE,MAAM,SAAS,CAAC;AAIlD,MAAM,MAAM,+BAA+B,GAAG,CAC5C,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,iBAAiB,EAAE,GAAG,CAAC,iBAAiB,CAAC,EACzC,OAAO,EAAE;IACP,uBAAuB,EAAE,aAAa,CAAC;CACxC,KACE,OAAO,CAAC;IAAE,uBAAuB,EAAE,uBAAuB,CAAA;CAAE,CAAC,CAAC;AAEnE;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,+BAA+B,EAAE,+BAwC3C,CAAC"}

package/src/credential/status/03-verify-and-parse-status-attestation.ts

@@ -1,70 +0,0 @@
-import type { Out } from "../../utils/misc";
-import { IoWalletError } from "../../utils/errors";
-import { verify, type CryptoContext } from "@pagopa/io-react-native-jwt";
-import type { EvaluateIssuerTrust, StatusAttestation } from "../status";
-import { ParsedStatusAttestation } from "./types";
-import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
-import { LogLevel, Logger } from "../../utils/logging";
-
-export type VerifyAndParseStatusAttestation = (
-  issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
-  statusAttestation: Out<StatusAttestation>,
-  context: {
-    credentialCryptoContext: CryptoContext;
-  }
-) => Promise<{ parsedStatusAttestation: ParsedStatusAttestation }>;
-
-/**
- * Given a status attestation, verifies that:
- * - It's in the supported format;
- * - The attestation is correctly signed;
- * - It's bound to the given key.
- * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
- * @param statusAttestation The encoded status attestation returned by {@link statusAttestation}
- * @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
- * @returns A parsed status attestation
- * @throws {IoWalletError} If the credential signature is not verified with the Issuer key set
- * @throws {IoWalletError} If the credential is not bound to the provided user key
- * @throws {IoWalletError} If the credential data fail to parse
- */
-export const verifyAndParseStatusAttestation: VerifyAndParseStatusAttestation =
-  async (issuerConf, rawStatusAttestation, context) => {
-    try {
-      const { statusAttestation } = rawStatusAttestation;
-      const { credentialCryptoContext } = context;
-
-      await verify(
-        statusAttestation,
-        issuerConf.openid_credential_issuer.jwks.keys
-      );
-
-      const decodedJwt = decodeJwt(statusAttestation);
-      const parsedStatusAttestation = ParsedStatusAttestation.parse({
-        header: decodedJwt.protectedHeader,
-        payload: decodedJwt.payload,
-      });
-
-      Logger.log(
-        LogLevel.DEBUG,
-        `Parsed status attestation: ${JSON.stringify(parsedStatusAttestation)}`
-      );
-
-      const holderBindingKey = await credentialCryptoContext.getPublicKey();
-      const { cnf } = parsedStatusAttestation.payload;
-      if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
-        Logger.log(
-          LogLevel.ERROR,
-          `Failed to verify holder binding for status attestation, expected kid: ${holderBindingKey.kid}, got: ${parsedStatusAttestation.payload.cnf.jwk.kid}`
-        );
-        throw new IoWalletError(
-          `Failed to verify holder binding for status attestation, expected kid: ${holderBindingKey.kid}, got: ${parsedStatusAttestation.payload.cnf.jwk.kid}`
-        );
-      }
-
-      return { parsedStatusAttestation };
-    } catch (e) {
-      throw new IoWalletError(
-        `Failed to verify status attestation: ${JSON.stringify(e)}`
-      );
-    }
-  };