@pagopa/io-react-native-wallet 2.0.0-next.4 → 2.0.0-next.5

package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js

@@ -5,9 +5,9 @@ Object.defineProperty(exports, "__esModule", {
 });
 exports.verifyAndParseCredential = void 0;
 var _errors = require("../../utils/errors");
-var _types = require("../../sd-jwt/types");
 var _sdJwt = require("../../sd-jwt");
 var _converters = require("../../sd-jwt/converters");
+var _jwk = require("../../utils/jwk");
 var _logging = require("../../utils/logging");
 // The credential as a collection of attributes in plain value
 
@@ -121,11 +121,11 @@ const parseCredentialSdJwt = function (credentialConfig, _ref) {
 async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingContext) {
   const [decodedCredential, holderBindingKey] =
   // parallel for optimization
-  await Promise.all([(0, _sdJwt.verify)(rawCredential, issuerKeys, _types.SdJwt4VC), holderBindingContext.getPublicKey()]);
+  await Promise.all([(0, _sdJwt.verify)(rawCredential, issuerKeys, _sdJwt.SdJwt4VC), holderBindingContext.getPublicKey()]);
   const {
     cnf
   } = decodedCredential.sdJwt.payload;
-  if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
+  if (!(await (0, _jwk.isSameThumbprint)(cnf.jwk, holderBindingKey))) {
     const message = `Failed to verify holder binding, expected kid: ${holderBindingKey.kid}, got: ${decodedCredential.sdJwt.payload.cnf.jwk.kid}`;
     _logging.Logger.log(_logging.LogLevel.ERROR, message);
     throw new _errors.IoWalletError(message);

package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map

@@ -1 +1 @@
-{"version":3,"names":["_errors","require","_types","_sdJwt","_converters","_logging","parseCredentialSdJwt","credentialConfig","_ref","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","format","header","typ","message","Logger","log","LogLevel","ERROR","IoWalletError","claims","attrDefinitions","attrsNotInDisclosures","filter","definition","some","_ref2","name","path","missing","map","_","join","received","definedValues","Object","fromEntries","_ref3","_disclosures$find","value","find","_ref4","attrKey","display","reduce","names","_ref5","locale","undefinedValues","keys","includes","_ref6","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","verifySdJwt","SdJwt4VC","getPublicKey","cnf","payload","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","credentialConfigurationId","_ref7","credentialCryptoContext","decoded","openid_credential_issuer","jwks","DEBUG","JSON","stringify","credential_configurations_supported","parsedCredential","maybeIssuedAt","getValueFromDisclosures","expiration","Date","exp","issuedAt","verifyAndParseCredential","context","_issuerConf$openid_cr","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":";;;;;;AAGA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,WAAA,GAAAH,OAAA;AAGA,IAAAI,QAAA,GAAAJ,OAAA;AA2BA;;AAkBA;;AAKA,MAAMK,oBAAoB,GAAG,SAAAA,CAE3BC,gBAAgC,EAAAC,IAAA,EAIX;EAAA,IAHrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAF,IAAA;EAAA,IAC9CG,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,IAAIL,gBAAgB,CAACS,MAAM,KAAKP,KAAK,CAACQ,MAAM,CAACC,GAAG,EAAE;IAChD,MAAMC,OAAO,GAAI,gEAA+DZ,gBAAgB,CAACS,MAAO,gBAAeP,KAAK,CAACQ,MAAM,CAACC,GAAI,GAAE;IAC1IE,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAEJ,OAAO,CAAC;IACnC,MAAM,IAAIK,qBAAa,CAACL,OAAO,CAAC;EAClC;EAEA,IAAI,CAACZ,gBAAgB,CAACkB,MAAM,EAAE;IAC5BL,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAE,0CAA0C,CAAC;IACtE,MAAM,IAAIC,qBAAa,CAAC,0CAA0C,CAAC,CAAC,CAAC;EACvE;;EACA,MAAME,eAAe,GAAGnB,gBAAgB,CAACkB,MAAM;;EAE/C;EACA,MAAME,qBAAqB,GAAGD,eAAe,CAACE,MAAM,CACjDC,UAAU,IAAK,CAACnB,WAAW,CAACoB,IAAI,CAACC,KAAA;IAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;IAAA,OAAKC,IAAI,KAAKH,UAAU,CAACI,IAAI,CAAC,CAAC,CAAC;EAAA,EAAC,CAAC;EAC/E,CAAC;;EACD,IAAIN,qBAAqB,CAACd,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMqB,OAAO,GAAGP,qBAAqB,CAACQ,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAACH,IAAI,CAAC,CAAC,CAAC,CAAC,CAACI,IAAI,CAAC,IAAI,CAAC;IACtE,MAAMC,QAAQ,GAAG5B,WAAW,CAACyB,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE,IAAI,CAAC1B,uBAAuB,EAAE;MAC5B,MAAMQ,OAAO,GAAI,4DAA2De,OAAQ,iBAAgBI,QAAS,GAAE;MAC/GlB,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAEJ,OAAO,CAAC;MACnC,MAAM,IAAIK,qBAAa,CAACL,OAAO,CAAC;IAClC;EACF;;EAEA;EACA;EACA,MAAMoB,aAAa,GAAGC,MAAM,CAACC,WAAW,CACtCf;EACE;EAAA,CACCS,GAAG,CACFO,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC;MAAEV,IAAI;MAAE,GAAGJ;IAAW,CAAC,GAAAa,KAAA;IAAA,OACtB,CACET,IAAI,CAAC,CAAC,CAAC,EACP;MACE,GAAGJ,UAAU;MACbe,KAAK,GAAAD,iBAAA,GAAEjC,WAAW,CAACmC,IAAI,CACpBT,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKH,IAAI,CAAC,CAAC,CACnC,CAAC,cAAAU,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCR,GAAG,CACFW,KAAA;IAAA,IAAC,CAACC,OAAO,EAAE;MAAEC,OAAO;MAAE,GAAGnB;IAAW,CAAC,CAAC,GAAAiB,KAAA;IAAA,OACpC,CACEC,OAAO,EACP;MACE,GAAGlB,UAAU;MACbG,IAAI,EAAEgB,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEpB;QAAK,CAAC,GAAAmB,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGpB;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;EAED,IAAIjB,0BAA0B,EAAE;IAC9B;IACA;IACA,MAAMsC,eAAe,GAAGb,MAAM,CAACC,WAAW,CACxC/B,WAAW,CACRkB,MAAM,CAAEQ,CAAC,IAAK,CAACI,MAAM,CAACc,IAAI,CAACf,aAAa,CAAC,CAACgB,QAAQ,CAACnB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDD,GAAG,CAACqB,KAAA;MAAA,IAAC,GAAGC,GAAG,EAAEb,KAAK,CAAC,GAAAY,KAAA;MAAA,OAAK,CAACC,GAAG,EAAE;QAAEb,KAAK;QAAEZ,IAAI,EAAEyB;MAAI,CAAC,CAAC;IAAA,EACxD,CAAC;IACD,OAAO;MACL,GAAGlB,aAAa;MAChB,GAAGc;IACL,CAAC;EACH;EAEA,OAAOd,aAAa;AACtB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAemB,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB,IAAAC,aAAW,EAACP,aAAa,EAAEC,UAAU,EAAEO,eAAQ,CAAC,EAChDN,oBAAoB,CAACO,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGP,iBAAiB,CAACrD,KAAK,CAAC6D,OAAO;EAE/C,IAAI,CAACD,GAAG,CAACE,GAAG,CAACC,GAAG,IAAIH,GAAG,CAACE,GAAG,CAACC,GAAG,KAAKT,gBAAgB,CAACS,GAAG,EAAE;IACxD,MAAMrD,OAAO,GAAI,kDAAiD4C,gBAAgB,CAACS,GAAI,UAASV,iBAAiB,CAACrD,KAAK,CAAC6D,OAAO,CAACD,GAAG,CAACE,GAAG,CAACC,GAAI,EAAC;IAC7IpD,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAEJ,OAAO,CAAC;IACnC,MAAM,IAAIK,qBAAa,CAACL,OAAO,CAAC;EAClC;EAEA,OAAO2C,iBAAiB;AAC1B;AAEA,MAAMW,6BAAuD,GAAG,MAAAA,CAC9DC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EAAAC,KAAA,KAMtB;EAAA,IALH;IACEC,uBAAuB;IACvBnE,uBAAuB;IACvBI;EACF,CAAC,GAAA8D,KAAA;EAED,MAAME,OAAO,GAAG,MAAMrB,qBAAqB,CACzCiB,UAAU,EACVD,UAAU,CAACM,wBAAwB,CAACC,IAAI,CAAC3B,IAAI,EAC7CwB,uBACF,CAAC;EAED1D,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAAC4D,KAAK,EAAG,uBAAsBC,IAAI,CAACC,SAAS,CAACL,OAAO,CAAE,EAAC,CAAC;EAE5E,MAAMxE,gBAAgB,GACpBmE,UAAU,CAACM,wBAAwB,CAACK,mCAAmC,CACrET,yBAAyB,CAC1B;EAEH,IAAI,CAACrE,gBAAgB,EAAE;IACrBa,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,gDAA+CqD,yBAA0B,EAC5E,CAAC;IACD,MAAM,IAAIpD,qBAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,MAAM8D,gBAAgB,GAAGhF,oBAAoB,CAC3CC,gBAAgB,EAChBwE,OAAO,EACPpE,uBAAuB,EACvBI,0BACF,CAAC;EACD,MAAMwE,aAAa,GAAG,IAAAC,mCAAuB,EAACT,OAAO,CAACrE,WAAW,EAAE,KAAK,CAAC;EAEzEU,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAAC4D,KAAK,EACb,sBAAqBC,IAAI,CAACC,SAAS,CAACE,gBAAgB,CAAE,gBAAeC,aAAc,EACtF,CAAC;EAED,OAAO;IACLD,gBAAgB;IAChBG,UAAU,EAAE,IAAIC,IAAI,CAACX,OAAO,CAACtE,KAAK,CAAC6D,OAAO,CAACqB,GAAG,GAAG,IAAI,CAAC;IACtDC,QAAQ,EACN,OAAOL,aAAa,KAAK,QAAQ,GAC7B,IAAIG,IAAI,CAACH,aAAa,GAAG,IAAI,CAAC,GAC9BzE;EACR,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAM+E,wBAAkD,GAAG,MAAAA,CAChEnB,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzBkB,OAAO,KACJ;EAAA,IAAAC,qBAAA;EACH,MAAM/E,MAAM,IAAA+E,qBAAA,GACVrB,UAAU,CAACM,wBAAwB,CAACK,mCAAmC,CACrET,yBAAyB,CAC1B,cAAAmB,qBAAA,uBAFDA,qBAAA,CAEG/E,MAAM;EAEX,IAAIA,MAAM,KAAK,WAAW,EAAE;IAC1BI,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAAC4D,KAAK,EAAE,wCAAwC,CAAC;IACpE,OAAOT,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzBkB,OACF,CAAC;EACH;EAEA,MAAM3E,OAAO,GAAI,kCAAiCH,MAAO,EAAC;EAC1DI,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAEJ,OAAO,CAAC;EACnC,MAAM,IAAIK,qBAAa,CAACL,OAAO,CAAC;AAClC,CAAC;AAAC6E,OAAA,CAAAH,wBAAA,GAAAA,wBAAA"}
+{"version":3,"names":["_errors","require","_sdJwt","_converters","_jwk","_logging","parseCredentialSdJwt","credentialConfig","_ref","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","includeUndefinedAttributes","format","header","typ","message","Logger","log","LogLevel","ERROR","IoWalletError","claims","attrDefinitions","attrsNotInDisclosures","filter","definition","some","_ref2","name","path","missing","map","_","join","received","definedValues","Object","fromEntries","_ref3","_disclosures$find","value","find","_ref4","attrKey","display","reduce","names","_ref5","locale","undefinedValues","keys","includes","_ref6","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","verifySdJwt","SdJwt4VC","getPublicKey","cnf","payload","isSameThumbprint","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","credentialConfigurationId","_ref7","credentialCryptoContext","decoded","openid_credential_issuer","jwks","DEBUG","JSON","stringify","credential_configurations_supported","parsedCredential","maybeIssuedAt","getValueFromDisclosures","expiration","Date","exp","issuedAt","verifyAndParseCredential","context","_issuerConf$openid_cr","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":";;;;;;AAGA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,WAAA,GAAAF,OAAA;AACA,IAAAG,IAAA,GAAAH,OAAA;AAEA,IAAAI,QAAA,GAAAJ,OAAA;AA2BA;;AAkBA;;AAKA,MAAMK,oBAAoB,GAAG,SAAAA,CAE3BC,gBAAgC,EAAAC,IAAA,EAIX;EAAA,IAHrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAF,IAAA;EAAA,IAC9CG,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAAA,IACxCG,0BAAmC,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAE3C,IAAIL,gBAAgB,CAACS,MAAM,KAAKP,KAAK,CAACQ,MAAM,CAACC,GAAG,EAAE;IAChD,MAAMC,OAAO,GAAI,gEAA+DZ,gBAAgB,CAACS,MAAO,gBAAeP,KAAK,CAACQ,MAAM,CAACC,GAAI,GAAE;IAC1IE,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAEJ,OAAO,CAAC;IACnC,MAAM,IAAIK,qBAAa,CAACL,OAAO,CAAC;EAClC;EAEA,IAAI,CAACZ,gBAAgB,CAACkB,MAAM,EAAE;IAC5BL,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAE,0CAA0C,CAAC;IACtE,MAAM,IAAIC,qBAAa,CAAC,0CAA0C,CAAC,CAAC,CAAC;EACvE;;EACA,MAAME,eAAe,GAAGnB,gBAAgB,CAACkB,MAAM;;EAE/C;EACA,MAAME,qBAAqB,GAAGD,eAAe,CAACE,MAAM,CACjDC,UAAU,IAAK,CAACnB,WAAW,CAACoB,IAAI,CAACC,KAAA;IAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;IAAA,OAAKC,IAAI,KAAKH,UAAU,CAACI,IAAI,CAAC,CAAC,CAAC;EAAA,EAAC,CAAC;EAC/E,CAAC;;EACD,IAAIN,qBAAqB,CAACd,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMqB,OAAO,GAAGP,qBAAqB,CAACQ,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAACH,IAAI,CAAC,CAAC,CAAC,CAAC,CAACI,IAAI,CAAC,IAAI,CAAC;IACtE,MAAMC,QAAQ,GAAG5B,WAAW,CAACyB,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE,IAAI,CAAC1B,uBAAuB,EAAE;MAC5B,MAAMQ,OAAO,GAAI,4DAA2De,OAAQ,iBAAgBI,QAAS,GAAE;MAC/GlB,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAEJ,OAAO,CAAC;MACnC,MAAM,IAAIK,qBAAa,CAACL,OAAO,CAAC;IAClC;EACF;;EAEA;EACA;EACA,MAAMoB,aAAa,GAAGC,MAAM,CAACC,WAAW,CACtCf;EACE;EAAA,CACCS,GAAG,CACFO,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC;MAAEV,IAAI;MAAE,GAAGJ;IAAW,CAAC,GAAAa,KAAA;IAAA,OACtB,CACET,IAAI,CAAC,CAAC,CAAC,EACP;MACE,GAAGJ,UAAU;MACbe,KAAK,GAAAD,iBAAA,GAAEjC,WAAW,CAACmC,IAAI,CACpBT,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKH,IAAI,CAAC,CAAC,CACnC,CAAC,cAAAU,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCR,GAAG,CACFW,KAAA;IAAA,IAAC,CAACC,OAAO,EAAE;MAAEC,OAAO;MAAE,GAAGnB;IAAW,CAAC,CAAC,GAAAiB,KAAA;IAAA,OACpC,CACEC,OAAO,EACP;MACE,GAAGlB,UAAU;MACbG,IAAI,EAAEgB,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEpB;QAAK,CAAC,GAAAmB,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGpB;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;EAED,IAAIjB,0BAA0B,EAAE;IAC9B;IACA;IACA,MAAMsC,eAAe,GAAGb,MAAM,CAACC,WAAW,CACxC/B,WAAW,CACRkB,MAAM,CAAEQ,CAAC,IAAK,CAACI,MAAM,CAACc,IAAI,CAACf,aAAa,CAAC,CAACgB,QAAQ,CAACnB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDD,GAAG,CAACqB,KAAA;MAAA,IAAC,GAAGC,GAAG,EAAEb,KAAK,CAAC,GAAAY,KAAA;MAAA,OAAK,CAACC,GAAG,EAAE;QAAEb,KAAK;QAAEZ,IAAI,EAAEyB;MAAI,CAAC,CAAC;IAAA,EACxD,CAAC;IACD,OAAO;MACL,GAAGlB,aAAa;MAChB,GAAGc;IACL,CAAC;EACH;EAEA,OAAOd,aAAa;AACtB,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAemB,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB,IAAAC,aAAW,EAACP,aAAa,EAAEC,UAAU,EAAEO,eAAQ,CAAC,EAChDN,oBAAoB,CAACO,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGP,iBAAiB,CAACrD,KAAK,CAAC6D,OAAO;EAC/C,IAAI,EAAE,MAAM,IAAAC,qBAAgB,EAACF,GAAG,CAACG,GAAG,EAAET,gBAAuB,CAAC,CAAC,EAAE;IAC/D,MAAM5C,OAAO,GAAI,kDAAiD4C,gBAAgB,CAACU,GAAI,UAASX,iBAAiB,CAACrD,KAAK,CAAC6D,OAAO,CAACD,GAAG,CAACG,GAAG,CAACC,GAAI,EAAC;IAC7IrD,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAEJ,OAAO,CAAC;IACnC,MAAM,IAAIK,qBAAa,CAACL,OAAO,CAAC;EAClC;EAEA,OAAO2C,iBAAiB;AAC1B;AAEA,MAAMY,6BAAuD,GAAG,MAAAA,CAC9DC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EAAAC,KAAA,KAMtB;EAAA,IALH;IACEC,uBAAuB;IACvBpE,uBAAuB;IACvBI;EACF,CAAC,GAAA+D,KAAA;EAED,MAAME,OAAO,GAAG,MAAMtB,qBAAqB,CACzCkB,UAAU,EACVD,UAAU,CAACM,wBAAwB,CAACC,IAAI,CAAC5B,IAAI,EAC7CyB,uBACF,CAAC;EAED3D,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAAC6D,KAAK,EAAG,uBAAsBC,IAAI,CAACC,SAAS,CAACL,OAAO,CAAE,EAAC,CAAC;EAE5E,MAAMzE,gBAAgB,GACpBoE,UAAU,CAACM,wBAAwB,CAACK,mCAAmC,CACrET,yBAAyB,CAC1B;EAEH,IAAI,CAACtE,gBAAgB,EAAE;IACrBa,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,gDAA+CsD,yBAA0B,EAC5E,CAAC;IACD,MAAM,IAAIrD,qBAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,MAAM+D,gBAAgB,GAAGjF,oBAAoB,CAC3CC,gBAAgB,EAChByE,OAAO,EACPrE,uBAAuB,EACvBI,0BACF,CAAC;EACD,MAAMyE,aAAa,GAAG,IAAAC,mCAAuB,EAACT,OAAO,CAACtE,WAAW,EAAE,KAAK,CAAC;EAEzEU,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAAC6D,KAAK,EACb,sBAAqBC,IAAI,CAACC,SAAS,CAACE,gBAAgB,CAAE,gBAAeC,aAAc,EACtF,CAAC;EAED,OAAO;IACLD,gBAAgB;IAChBG,UAAU,EAAE,IAAIC,IAAI,CAACX,OAAO,CAACvE,KAAK,CAAC6D,OAAO,CAACsB,GAAG,GAAG,IAAI,CAAC;IACtDC,QAAQ,EACN,OAAOL,aAAa,KAAK,QAAQ,GAC7B,IAAIG,IAAI,CAACH,aAAa,GAAG,IAAI,CAAC,GAC9B1E;EACR,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMgF,wBAAkD,GAAG,MAAAA,CAChEnB,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzBkB,OAAO,KACJ;EAAA,IAAAC,qBAAA;EACH,MAAMhF,MAAM,IAAAgF,qBAAA,GACVrB,UAAU,CAACM,wBAAwB,CAACK,mCAAmC,CACrET,yBAAyB,CAC1B,cAAAmB,qBAAA,uBAFDA,qBAAA,CAEGhF,MAAM;EAEX,IAAIA,MAAM,KAAK,WAAW,EAAE;IAC1BI,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAAC6D,KAAK,EAAE,wCAAwC,CAAC;IACpE,OAAOT,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVC,yBAAyB,EACzBkB,OACF,CAAC;EACH;EAEA,MAAM5E,OAAO,GAAI,kCAAiCH,MAAO,EAAC;EAC1DI,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAEJ,OAAO,CAAC;EACnC,MAAM,IAAIK,qBAAa,CAACL,OAAO,CAAC;AAClC,CAAC;AAAC8E,OAAA,CAAAH,wBAAA,GAAAA,wBAAA"}

package/lib/commonjs/credential/status/{02-status-attestation.js → 02-status-assertion.js}

@@ -3,40 +3,48 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.statusAttestation = void 0;
+exports.statusAssertion = void 0;
 var _misc = require("../../utils/misc");
 var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
 var _uuid = require("uuid");
 var _types = require("./types");
 var _errors = require("../../utils/errors");
 var _logging = require("../../utils/logging");
+var _credentials = require("../../utils/credentials");
 /**
- * WARNING: This function must be called after {@link startFlow}.
- * Verify the status of the credential attestation.
+ * Get the status assertion of a digital credential.
  * @param issuerConf - The issuer's configuration
  * @param credential - The credential to be verified
- * @param credentialCryptoContext - The credential's crypto context
+ * @param format - The format of the credential, e.g. "sd-jwt"
+ * @param context.credentialCryptoContext - The credential's crypto context
+ * @param context.wiaCryptoContext - The Wallet Attestation's crypto context
  * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
  * @throws {IssuerResponseError} with a specific code for more context
- * @returns The credential status attestation
+ * @returns The credential status assertion
  */
-const statusAttestation = async function (issuerConf, credential, credentialCryptoContext) {
-  let appFetch = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : fetch;
-  const jwk = await credentialCryptoContext.getPublicKey();
+const statusAssertion = async (issuerConf, credential, format, ctx) => {
+  const {
+    credentialCryptoContext,
+    wiaCryptoContext,
+    appFetch = fetch
+  } = ctx;
+  const jwk = await (0, _credentials.extractJwkFromCredential)(credential, format);
+  const issuerJwk = await wiaCryptoContext.getPublicKey();
   const credentialHash = await (0, _misc.getCredentialHashWithouDiscloures)(credential);
   const statusAttUrl = issuerConf.openid_credential_issuer.status_attestation_endpoint;
   const credentialPop = await new _ioReactNativeJwt.SignJWT(credentialCryptoContext).setPayload({
+    iss: issuerJwk.kid,
     aud: statusAttUrl,
     jti: (0, _uuid.v4)().toString(),
     credential_hash: credentialHash,
-    credential_hash_alg: "S256"
+    credential_hash_alg: "sha-256"
   }).setProtectedHeader({
     alg: "ES256",
-    typ: "status-attestation-request+jwt",
+    typ: "status-assertion-request+jwt",
     kid: jwk.kid
   }).setIssuedAt().setExpirationTime("5m").sign();
   const body = {
-    credential_pop: credentialPop
+    status_assertion_requests: [credentialPop]
   };
   _logging.Logger.log(_logging.LogLevel.DEBUG, `Credential pop: ${credentialPop}`);
   const result = await appFetch(statusAttUrl, {
@@ -45,29 +53,27 @@ const statusAttestation = async function (issuerConf, credential, credentialCryp
       "Content-Type": "application/json"
     },
     body: JSON.stringify(body)
-  }).then((0, _misc.hasStatusOrThrow)(201)).then(raw => raw.json()).then(json => _types.StatusAttestationResponse.parse(json)).catch(handleStatusAttestationError);
+  }).then((0, _misc.hasStatusOrThrow)(200)).then(raw => raw.json()).then(json => _types.StatusAssertionResponse.parse(json)).catch(handleStatusAssertionError);
+  const [statusAttestationJwt] = result.status_assertion_responses;
   return {
-    statusAttestation: result.status_attestation
+    statusAssertion: statusAttestationJwt
   };
 };
 
 /**
- * Handle the status attestation error by mapping it to a custom exception.
+ * Handle the status assertion error by mapping it to a custom exception.
  * If the error is not an instance of {@link UnexpectedStatusCodeError}, it is thrown as is.
  * @param e - The error to be handled
  * @throws {IssuerResponseError} with a specific code for more context
  */
-exports.statusAttestation = statusAttestation;
-const handleStatusAttestationError = e => {
+exports.statusAssertion = statusAssertion;
+const handleStatusAssertionError = e => {
   if (!(e instanceof _errors.UnexpectedStatusCodeError)) {
     throw e;
   }
-  throw new _errors.ResponseErrorBuilder(_errors.IssuerResponseError).handle(404, {
-    code: _errors.IssuerResponseErrorCodes.CredentialInvalidStatus,
-    message: "Invalid status found for the given credential"
-  }).handle("*", {
+  throw new _errors.ResponseErrorBuilder(_errors.IssuerResponseError).handle("*", {
     code: _errors.IssuerResponseErrorCodes.StatusAttestationRequestFailed,
-    message: `Unable to obtain the status attestation for the given credential`
+    message: `Unable to obtain the status assertion for the given credential`
   }).buildFrom(e);
 };
-//# sourceMappingURL=02-status-attestation.js.map
+//# sourceMappingURL=02-status-assertion.js.map

package/lib/commonjs/credential/status/02-status-assertion.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_misc","require","_ioReactNativeJwt","_uuid","_types","_errors","_logging","_credentials","statusAssertion","issuerConf","credential","format","ctx","credentialCryptoContext","wiaCryptoContext","appFetch","fetch","jwk","extractJwkFromCredential","issuerJwk","getPublicKey","credentialHash","getCredentialHashWithouDiscloures","statusAttUrl","openid_credential_issuer","status_attestation_endpoint","credentialPop","SignJWT","setPayload","iss","kid","aud","jti","uuidv4","toString","credential_hash","credential_hash_alg","setProtectedHeader","alg","typ","setIssuedAt","setExpirationTime","sign","body","status_assertion_requests","Logger","log","LogLevel","DEBUG","result","method","headers","JSON","stringify","then","hasStatusOrThrow","raw","json","StatusAssertionResponse","parse","catch","handleStatusAssertionError","statusAttestationJwt","status_assertion_responses","exports","e","UnexpectedStatusCodeError","ResponseErrorBuilder","IssuerResponseError","handle","code","IssuerResponseErrorCodes","StatusAttestationRequestFailed","message","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/status/02-status-assertion.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AAMA,IAAAC,iBAAA,GAAAD,OAAA;AACA,IAAAE,KAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAMA,IAAAK,QAAA,GAAAL,OAAA;AACA,IAAAM,YAAA,GAAAN,OAAA;AAeA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMO,eAAgC,GAAG,MAAAA,CAC9CC,UAAU,EACVC,UAAU,EACVC,MAAM,EACNC,GAAG,KACA;EACH,MAAM;IAAEC,uBAAuB;IAAEC,gBAAgB;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAGJ,GAAG;EAE3E,MAAMK,GAAG,GAAG,MAAM,IAAAC,qCAAwB,EAACR,UAAU,EAAEC,MAAM,CAAC;EAC9D,MAAMQ,SAAS,GAAG,MAAML,gBAAgB,CAACM,YAAY,CAAC,CAAC;EACvD,MAAMC,cAAc,GAAG,MAAM,IAAAC,uCAAiC,EAACZ,UAAU,CAAC;EAC1E,MAAMa,YAAY,GAChBd,UAAU,CAACe,wBAAwB,CAACC,2BAA2B;EAEjE,MAAMC,aAAa,GAAG,MAAM,IAAIC,yBAAO,CAACd,uBAAuB,CAAC,CAC7De,UAAU,CAAC;IACVC,GAAG,EAAEV,SAAS,CAACW,GAAG;IAClBC,GAAG,EAAER,YAAY;IACjBS,GAAG,EAAE,IAAAC,QAAM,EAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;IACxBC,eAAe,EAAEd,cAAc;IAC/Be,mBAAmB,EAAE;EACvB,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,8BAA8B;IACnCT,GAAG,EAAEb,GAAG,CAACa;EACX,CAAC,CAAC,CACDU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,IAAI,GAAG;IACXC,yBAAyB,EAAE,CAAClB,aAAa;EAC3C,CAAC;EAEDmB,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACC,KAAK,EAAG,mBAAkBtB,aAAc,EAAC,CAAC;EAE9D,MAAMuB,MAAM,GAAG,MAAMlC,QAAQ,CAACQ,YAAY,EAAE;IAC1C2B,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDR,IAAI,EAAES,IAAI,CAACC,SAAS,CAACV,IAAI;EAC3B,CAAC,CAAC,CACCW,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,CAAC,CAAC,CAC3BD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAAEG,IAAI,IAAKC,8BAAuB,CAACC,KAAK,CAACF,IAAI,CAAC,CAAC,CACnDG,KAAK,CAACC,0BAA0B,CAAC;EAEpC,MAAM,CAACC,oBAAoB,CAAC,GAAGb,MAAM,CAACc,0BAA0B;EAEhE,OAAO;IAAEvD,eAAe,EAAEsD;EAAsB,CAAC;AACnD,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AALAE,OAAA,CAAAxD,eAAA,GAAAA,eAAA;AAMA,MAAMqD,0BAA0B,GAAII,CAAU,IAAK;EACjD,IAAI,EAAEA,CAAC,YAAYC,iCAAyB,CAAC,EAAE;IAC7C,MAAMD,CAAC;EACT;EAEA,MAAM,IAAIE,4BAAoB,CAACC,2BAAmB,CAAC,CAChDC,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAEC,gCAAwB,CAACC,8BAA8B;IAC7DC,OAAO,EAAG;EACZ,CAAC,CAAC,CACDC,SAAS,CAACT,CAAC,CAAC;AACjB,CAAC"}

package/lib/commonjs/credential/status/03-verify-and-parse-status-assertion.js

@@ -0,0 +1,85 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.verifyAndParseStatusAssertion = void 0;
+var _errors = require("../../utils/errors");
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _types = require("./types");
+var _logging = require("../../utils/logging");
+var _credentials = require("../../utils/credentials");
+var _jwk = require("../../utils/jwk");
+/**
+ * Given a status assertion, verifies that:
+ * - It's in the supported format;
+ * - The assertion is correctly signed;
+ * - It's bound to the given key.
+ * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
+ * @param statusAssertion The encoded status assertion returned by {@link statusAssertion}
+ * @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
+ * @returns A parsed status assertion
+ * @throws {IoWalletError} If the credential signature is not verified with the Issuer key set
+ * @throws {IssuerResponseError} If the status assertion contains an error or the credential status is invalid
+ */
+const verifyAndParseStatusAssertion = async (issuerConf, rawStatusAssertion, credential, format) => {
+  const {
+    statusAssertion
+  } = rawStatusAssertion;
+  await (0, _ioReactNativeJwt.verify)(statusAssertion, issuerConf.openid_credential_issuer.jwks.keys);
+  const decodedJwt = (0, _ioReactNativeJwt.decode)(statusAssertion);
+  const parsedStatusAssertion = _types.ParsedStatusAssertionResponse.parse({
+    header: decodedJwt.protectedHeader,
+    payload: decodedJwt.payload
+  });
+  _logging.Logger.log(_logging.LogLevel.DEBUG, `Parsed status assertion: ${JSON.stringify(parsedStatusAssertion)}`);
+
+  // Errors are transmitted in the JWT and use a 200 HTTP status code
+  if (isStatusAssertionError(parsedStatusAssertion)) {
+    throw new _errors.IssuerResponseError({
+      code: _errors.IssuerResponseErrorCodes.CredentialInvalidStatus,
+      message: "The status assertion contains an error",
+      statusCode: 200,
+      reason: buildErrorReason(parsedStatusAssertion)
+    });
+  }
+  const {
+    cnf,
+    credential_status_type
+  } = parsedStatusAssertion.payload;
+  const holderBindingKey = await (0, _credentials.extractJwkFromCredential)(credential, format);
+  if (!(await (0, _jwk.isSameThumbprint)(cnf.jwk, holderBindingKey))) {
+    const errorMessage = `Failed to verify holder binding for status assertion: the thumbprints of keys ${cnf.jwk.kid} and ${holderBindingKey.kid} do not match`;
+    _logging.Logger.log(_logging.LogLevel.ERROR, errorMessage);
+    throw new _errors.IoWalletError(errorMessage);
+  }
+  if (credential_status_type !== _types.StatusType.VALID) {
+    throw new _errors.IssuerResponseError({
+      code: _errors.IssuerResponseErrorCodes.CredentialInvalidStatus,
+      message: "Invalid status found for the given credential",
+      statusCode: 200,
+      reason: buildErrorReason(parsedStatusAssertion)
+    });
+  }
+  return {
+    parsedStatusAssertion
+  };
+};
+exports.verifyAndParseStatusAssertion = verifyAndParseStatusAssertion;
+const isStatusAssertionError = assertion => assertion.header.typ === "status-assertion-error+jwt";
+
+/**
+ * Build an object containing the details on the error to use as the IssuerResponseError's reason
+ * @param assertion The status assertion response, both success or failure
+ * @returns The error's reason object
+ */
+const buildErrorReason = _ref => {
+  let {
+    payload
+  } = _ref;
+  return "error" in payload ? payload : {
+    error: payload.credential_status_detail.state,
+    error_description: payload.credential_status_detail.description
+  };
+};
+//# sourceMappingURL=03-verify-and-parse-status-assertion.js.map

package/lib/commonjs/credential/status/03-verify-and-parse-status-assertion.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_errors","require","_ioReactNativeJwt","_types","_logging","_credentials","_jwk","verifyAndParseStatusAssertion","issuerConf","rawStatusAssertion","credential","format","statusAssertion","verify","openid_credential_issuer","jwks","keys","decodedJwt","decodeJwt","parsedStatusAssertion","ParsedStatusAssertionResponse","parse","header","protectedHeader","payload","Logger","log","LogLevel","DEBUG","JSON","stringify","isStatusAssertionError","IssuerResponseError","code","IssuerResponseErrorCodes","CredentialInvalidStatus","message","statusCode","reason","buildErrorReason","cnf","credential_status_type","holderBindingKey","extractJwkFromCredential","isSameThumbprint","jwk","errorMessage","kid","ERROR","IoWalletError","StatusType","VALID","exports","assertion","typ","_ref","error","credential_status_detail","state","error_description","description"],"sourceRoot":"../../../../src","sources":["credential/status/03-verify-and-parse-status-assertion.ts"],"mappings":";;;;;;AACA,IAAAA,OAAA,GAAAC,OAAA;AAKA,IAAAC,iBAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AAOA,IAAAG,QAAA,GAAAH,OAAA;AAEA,IAAAI,YAAA,GAAAJ,OAAA;AACA,IAAAK,IAAA,GAAAL,OAAA;AASA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMM,6BAA4D,GACvE,MAAAA,CAAOC,UAAU,EAAEC,kBAAkB,EAAEC,UAAU,EAAEC,MAAM,KAAK;EAC5D,MAAM;IAAEC;EAAgB,CAAC,GAAGH,kBAAkB;EAE9C,MAAM,IAAAI,wBAAM,EACVD,eAAe,EACfJ,UAAU,CAACM,wBAAwB,CAACC,IAAI,CAACC,IAC3C,CAAC;EAED,MAAMC,UAAU,GAAG,IAAAC,wBAAS,EAACN,eAAe,CAAC;EAC7C,MAAMO,qBAAqB,GAAGC,oCAA6B,CAACC,KAAK,CAAC;IAChEC,MAAM,EAAEL,UAAU,CAACM,eAAe;IAClCC,OAAO,EAAEP,UAAU,CAACO;EACtB,CAAC,CAAC;EAEFC,eAAM,CAACC,GAAG,CACRC,iBAAQ,CAACC,KAAK,EACb,4BAA2BC,IAAI,CAACC,SAAS,CAACX,qBAAqB,CAAE,EACpE,CAAC;;EAED;EACA,IAAIY,sBAAsB,CAACZ,qBAAqB,CAAC,EAAE;IACjD,MAAM,IAAIa,2BAAmB,CAAC;MAC5BC,IAAI,EAAEC,gCAAwB,CAACC,uBAAuB;MACtDC,OAAO,EAAE,wCAAwC;MACjDC,UAAU,EAAE,GAAG;MACfC,MAAM,EAAEC,gBAAgB,CAACpB,qBAAqB;IAChD,CAAC,CAAC;EACJ;EAEA,MAAM;IAAEqB,GAAG;IAAEC;EAAuB,CAAC,GAAGtB,qBAAqB,CAACK,OAAO;EACrE,MAAMkB,gBAAgB,GAAG,MAAM,IAAAC,qCAAwB,EAACjC,UAAU,EAAEC,MAAM,CAAC;EAE3E,IAAI,EAAE,MAAM,IAAAiC,qBAAgB,EAACJ,GAAG,CAACK,GAAG,EAAEH,gBAAgB,CAAC,CAAC,EAAE;IACxD,MAAMI,YAAY,GAAI,iFAAgFN,GAAG,CAACK,GAAG,CAACE,GAAI,QAAOL,gBAAgB,CAACK,GAAI,eAAc;IAC5JtB,eAAM,CAACC,GAAG,CAACC,iBAAQ,CAACqB,KAAK,EAAEF,YAAY,CAAC;IACxC,MAAM,IAAIG,qBAAa,CAACH,YAAY,CAAC;EACvC;EAEA,IAAIL,sBAAsB,KAAKS,iBAAU,CAACC,KAAK,EAAE;IAC/C,MAAM,IAAInB,2BAAmB,CAAC;MAC5BC,IAAI,EAAEC,gCAAwB,CAACC,uBAAuB;MACtDC,OAAO,EAAE,+CAA+C;MACxDC,UAAU,EAAE,GAAG;MACfC,MAAM,EAAEC,gBAAgB,CAACpB,qBAAqB;IAChD,CAAC,CAAC;EACJ;EAEA,OAAO;IAAEA;EAAsB,CAAC;AAClC,CAAC;AAACiC,OAAA,CAAA7C,6BAAA,GAAAA,6BAAA;AAEJ,MAAMwB,sBAAsB,GAC1BsB,SAAwC,IAExCA,SAAS,CAAC/B,MAAM,CAACgC,GAAG,KAAK,4BAA4B;;AAEvD;AACA;AACA;AACA;AACA;AACA,MAAMf,gBAAgB,GAAGgB,IAAA;EAAA,IAAC;IACxB/B;EAC6B,CAAC,GAAA+B,IAAA;EAAA,OAC9B,OAAO,IAAI/B,OAAO,GACdA,OAAO,GACP;IACEgC,KAAK,EAAEhC,OAAO,CAACiC,wBAAwB,CAAEC,KAAK;IAC9CC,iBAAiB,EAAEnC,OAAO,CAACiC,wBAAwB,CAAEG;EACvD,CAAC;AAAA"}

package/lib/commonjs/credential/status/README.md

@@ -1,16 +1,16 @@
-# Credential Status Attestation
+# Credential Status Assertion
 
-This flow is used to obtain a credential status attestation from its credential issuer. Each step in the flow is imported from the related file which is named with a sequential number.
-The credential status attestation is a JWT which contains the credential status which indicates if the credential is valid or not.
-The status attestation is supposed to be stored securely along with the credential. It has a limited lifetime and should be refreshed periodically according to the `exp` field in the JWT payload.
+This flow is used to obtain a credential status assertion from its credential issuer. Each step in the flow is imported from the related file which is named with a sequential number.
+The credential status assertion is a JWT which contains the credential status which indicates if the credential is valid or not (see [OAuth Status Assertions](https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/credential-revocation.html#oauth-status-assertions)).
+The status assertion is supposed to be stored securely along with the credential. It has a limited lifetime and should be refreshed periodically according to the `exp` field in the JWT payload.
 
 ## Sequence Diagram
 
 ```mermaid
 graph TD;
     0[startFlow]
-    1[statusAttestation]
-    2[verifyAndParseStatusAttestation]
+    1[statusAssertion]
+    2[verifyAndParseStatusAssertion]
 
     0 --> 1
     1 --> 2
@@ -21,14 +21,14 @@ graph TD;
 
 The following errors are mapped to a `IssuerResponseError` with specific codes.
 
-|HTTP Status|Error Code|Description|
-|-----------|----------|-----------|
-|`404 Not Found`|`ERR_CREDENTIAL_INVALID_STATUS`|This response is returned by the credential issuer when the status attestation is invalid. It might contain more details in the `reason` property.|
+|Error Code|Description|
+|----------|-----------|
+|`ERR_CREDENTIAL_INVALID_STATUS`|This error is thrown when the status assertion for a given credential is invalid. It might contain more details in the `reason` property.|
 
 ## Example
 
 <details>
-  <summary>Credential status attestation flow</summary>
+  <summary>Credential status assertion flow</summary>
 
 ```ts
 // Start the issuance flow
@@ -42,24 +42,26 @@ const { issuerUrl } = startFlow();
 // Evaluate issuer trust
 const { issuerConf } = await Credential.Status.evaluateIssuerTrust(issuerUrl);
 
-// Get the credential attestation
-const res = await Credential.Status.statusAttestation(
+// Get the credential assertion
+const res = await Credential.Status.statusAssertion(
   issuerConf,
   credential,
-  credentialCryptoContext
+  format,
+  { credentialCryptoContext, wiaCryptoContext }
 );
 
-// Verify and parse the status attestation
-const { parsedStatusAttestation } =
-  await Credential.Status.verifyAndParseStatusAttestation(
+// Verify and parse the status assertion
+const { parsedStatusAssertion } =
+  await Credential.Status.verifyAndParseStatusAssertion(
     issuerConf,
-    res.statusAttestation,
-    { credentialCryptoContext }
+    res.statusAssertion,
+    credential,
+    format
   );
 
 return {
-  statusAttestation: res.statusAttestation,
-  parsedStatusAttestation,
+  statusAssertion: res.statusAssertion,
+  parsedStatusAssertion,
 };
 ```
 

package/lib/commonjs/credential/status/index.js

@@ -9,19 +9,19 @@ Object.defineProperty(exports, "evaluateIssuerTrust", {
     return _issuance.evaluateIssuerTrust;
   }
 });
-Object.defineProperty(exports, "statusAttestation", {
+Object.defineProperty(exports, "statusAssertion", {
   enumerable: true,
   get: function () {
-    return _statusAttestation.statusAttestation;
+    return _statusAssertion.statusAssertion;
   }
 });
-Object.defineProperty(exports, "verifyAndParseStatusAttestation", {
+Object.defineProperty(exports, "verifyAndParseStatusAssertion", {
   enumerable: true,
   get: function () {
-    return _verifyAndParseStatusAttestation.verifyAndParseStatusAttestation;
+    return _verifyAndParseStatusAssertion.verifyAndParseStatusAssertion;
   }
 });
-var _statusAttestation = require("./02-status-attestation");
+var _statusAssertion = require("./02-status-assertion");
 var _issuance = require("../issuance");
-var _verifyAndParseStatusAttestation = require("./03-verify-and-parse-status-attestation");
+var _verifyAndParseStatusAssertion = require("./03-verify-and-parse-status-assertion");
 //# sourceMappingURL=index.js.map

package/lib/commonjs/credential/status/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["_statusAttestation","require","_issuance","_verifyAndParseStatusAttestation"],"sourceRoot":"../../../../src","sources":["credential/status/index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AACA,IAAAA,kBAAA,GAAAC,OAAA;AAIA,IAAAC,SAAA,GAAAD,OAAA;AACA,IAAAE,gCAAA,GAAAF,OAAA"}
+{"version":3,"names":["_statusAssertion","require","_issuance","_verifyAndParseStatusAssertion"],"sourceRoot":"../../../../src","sources":["credential/status/index.ts"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AACA,IAAAA,gBAAA,GAAAC,OAAA;AACA,IAAAC,SAAA,GAAAD,OAAA;AACA,IAAAE,8BAAA,GAAAF,OAAA"}

package/lib/commonjs/credential/status/types.js

@@ -3,38 +3,40 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.StatusAttestationResponse = exports.ParsedStatusAttestation = void 0;
+exports.StatusType = exports.StatusAssertionResponse = exports.ParsedStatusAssertionResponse = exports.ParsedStatusAssertionError = exports.ParsedStatusAssertion = void 0;
 var _types = require("../../sd-jwt/types");
 var _jwk = require("../../utils/jwk");
 var z = _interopRequireWildcard(require("zod"));
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
 /**
- * Shape from parsing a status attestation response in case of 201.
+ * Shape from parsing a status assertion response in case of 201.
  */
-const StatusAttestationResponse = z.object({
-  status_attestation: z.string()
+const StatusAssertionResponse = z.object({
+  status_assertion_responses: z.array(z.string())
 });
 
 /**
- * Type from parsing a status attestation response in case of 201.
- * Inferred from {@link StatusAttestationResponse}.
+ * Type from parsing a status assertion response in case of 201.
+ * Inferred from {@link StatusAssertionResponse}.
  */
-
-/**
- * Type for a parsed status attestation.
- */
-exports.StatusAttestationResponse = StatusAttestationResponse;
+exports.StatusAssertionResponse = StatusAssertionResponse;
 /**
- * Shape for parsing a status attestation in a JWT.
+ * Shape for parsing a successful status assertion in a JWT.
  */
-const ParsedStatusAttestation = z.object({
+const ParsedStatusAssertion = z.object({
   header: z.object({
-    typ: z.literal("status-attestation+jwt"),
+    typ: z.literal("status-assertion+jwt"),
     alg: z.string(),
     kid: z.string().optional()
   }),
   payload: z.object({
+    iss: z.string(),
+    credential_status_type: z.string(),
+    credential_status_detail: z.object({
+      state: z.string(),
+      description: z.string()
+    }).optional(),
     credential_hash_alg: z.string(),
     credential_hash: z.string(),
     cnf: z.object({
@@ -44,5 +46,36 @@ const ParsedStatusAttestation = z.object({
     iat: _types.UnixTime
   })
 });
-exports.ParsedStatusAttestation = ParsedStatusAttestation;
+exports.ParsedStatusAssertion = ParsedStatusAssertion;
+/**
+ * The JWT that contains the errors occurred for the status assertion request.
+ * @see https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/credential-revocation.html#http-status-assertion-response
+ */
+const ParsedStatusAssertionError = z.object({
+  header: z.object({
+    typ: z.literal("status-assertion-error+jwt"),
+    alg: z.string(),
+    kid: z.string().optional()
+  }),
+  payload: z.object({
+    credential_hash_alg: z.string(),
+    credential_hash: z.string(),
+    error: z.string(),
+    error_description: z.string()
+  })
+});
+
+/**
+ * The status assertion response that might include either a successful assertion or an error
+ */
+exports.ParsedStatusAssertionError = ParsedStatusAssertionError;
+const ParsedStatusAssertionResponse = z.union([ParsedStatusAssertion, ParsedStatusAssertionError]);
+exports.ParsedStatusAssertionResponse = ParsedStatusAssertionResponse;
+let StatusType = /*#__PURE__*/function (StatusType) {
+  StatusType["VALID"] = "0x00";
+  StatusType["INVALID"] = "0x01";
+  StatusType["SUSPENDED"] = "0x02";
+  return StatusType;
+}({});
+exports.StatusType = StatusType;
 //# sourceMappingURL=types.js.map

package/lib/commonjs/credential/status/types.js.map

@@ -1 +1 @@
-{"version":3,"names":["_types","require","_jwk","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","StatusAttestationResponse","object","status_attestation","string","exports","ParsedStatusAttestation","header","typ","literal","alg","kid","optional","payload","credential_hash_alg","credential_hash","cnf","jwk","JWK","exp","UnixTime","iat"],"sourceRoot":"../../../../src","sources":["credential/status/types.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,CAAA,GAAAC,uBAAA,CAAAH,OAAA;AAAyB,SAAAI,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEzB;AACA;AACA;AACO,MAAMW,yBAAyB,GAAGxB,CAAC,CAACyB,MAAM,CAAC;EAChDC,kBAAkB,EAAE1B,CAAC,CAAC2B,MAAM,CAAC;AAC/B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAKA;AACA;AACA;AAFAC,OAAA,CAAAJ,yBAAA,GAAAA,yBAAA;AAKA;AACA;AACA;AACO,MAAMK,uBAAuB,GAAG7B,CAAC,CAACyB,MAAM,CAAC;EAC9CK,MAAM,EAAE9B,CAAC,CAACyB,MAAM,CAAC;IACfM,GAAG,EAAE/B,CAAC,CAACgC,OAAO,CAAC,wBAAwB,CAAC;IACxCC,GAAG,EAAEjC,CAAC,CAAC2B,MAAM,CAAC,CAAC;IACfO,GAAG,EAAElC,CAAC,CAAC2B,MAAM,CAAC,CAAC,CAACQ,QAAQ,CAAC;EAC3B,CAAC,CAAC;EACFC,OAAO,EAAEpC,CAAC,CAACyB,MAAM,CAAC;IAChBY,mBAAmB,EAAErC,CAAC,CAAC2B,MAAM,CAAC,CAAC;IAC/BW,eAAe,EAAEtC,CAAC,CAAC2B,MAAM,CAAC,CAAC;IAC3BY,GAAG,EAAEvC,CAAC,CAACyB,MAAM,CAAC;MACZe,GAAG,EAAEC;IACP,CAAC,CAAC;IACFC,GAAG,EAAEC,eAAQ;IACbC,GAAG,EAAED;EACP,CAAC;AACH,CAAC,CAAC;AAACf,OAAA,CAAAC,uBAAA,GAAAA,uBAAA"}
+{"version":3,"names":["_types","require","_jwk","z","_interopRequireWildcard","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","StatusAssertionResponse","object","status_assertion_responses","array","string","exports","ParsedStatusAssertion","header","typ","literal","alg","kid","optional","payload","iss","credential_status_type","credential_status_detail","state","description","credential_hash_alg","credential_hash","cnf","jwk","JWK","exp","UnixTime","iat","ParsedStatusAssertionError","error","error_description","ParsedStatusAssertionResponse","union","StatusType"],"sourceRoot":"../../../../src","sources":["credential/status/types.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AACA,IAAAE,CAAA,GAAAC,uBAAA,CAAAH,OAAA;AAAyB,SAAAI,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAF,wBAAAM,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAEzB;AACA;AACA;AACO,MAAMW,uBAAuB,GAAGxB,CAAC,CAACyB,MAAM,CAAC;EAC9CC,0BAA0B,EAAE1B,CAAC,CAAC2B,KAAK,CAAC3B,CAAC,CAAC4B,MAAM,CAAC,CAAC;AAChD,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AAHAC,OAAA,CAAAL,uBAAA,GAAAA,uBAAA;AAQA;AACA;AACA;AACO,MAAMM,qBAAqB,GAAG9B,CAAC,CAACyB,MAAM,CAAC;EAC5CM,MAAM,EAAE/B,CAAC,CAACyB,MAAM,CAAC;IACfO,GAAG,EAAEhC,CAAC,CAACiC,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAElC,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEnC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACQ,QAAQ,CAAC;EAC3B,CAAC,CAAC;EACFC,OAAO,EAAErC,CAAC,CAACyB,MAAM,CAAC;IAChBa,GAAG,EAAEtC,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACfW,sBAAsB,EAAEvC,CAAC,CAAC4B,MAAM,CAAC,CAAC;IAClCY,wBAAwB,EAAExC,CAAC,CACxByB,MAAM,CAAC;MACNgB,KAAK,EAAEzC,CAAC,CAAC4B,MAAM,CAAC,CAAC;MACjBc,WAAW,EAAE1C,CAAC,CAAC4B,MAAM,CAAC;IACxB,CAAC,CAAC,CACDQ,QAAQ,CAAC,CAAC;IACbO,mBAAmB,EAAE3C,CAAC,CAAC4B,MAAM,CAAC,CAAC;IAC/BgB,eAAe,EAAE5C,CAAC,CAAC4B,MAAM,CAAC,CAAC;IAC3BiB,GAAG,EAAE7C,CAAC,CAACyB,MAAM,CAAC;MACZqB,GAAG,EAAEC;IACP,CAAC,CAAC;IACFC,GAAG,EAAEC,eAAQ;IACbC,GAAG,EAAED;EACP,CAAC;AACH,CAAC,CAAC;AAACpB,OAAA,CAAAC,qBAAA,GAAAA,qBAAA;AAMH;AACA;AACA;AACA;AACO,MAAMqB,0BAA0B,GAAGnD,CAAC,CAACyB,MAAM,CAAC;EACjDM,MAAM,EAAE/B,CAAC,CAACyB,MAAM,CAAC;IACfO,GAAG,EAAEhC,CAAC,CAACiC,OAAO,CAAC,4BAA4B,CAAC;IAC5CC,GAAG,EAAElC,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACfO,GAAG,EAAEnC,CAAC,CAAC4B,MAAM,CAAC,CAAC,CAACQ,QAAQ,CAAC;EAC3B,CAAC,CAAC;EACFC,OAAO,EAAErC,CAAC,CAACyB,MAAM,CAAC;IAChBkB,mBAAmB,EAAE3C,CAAC,CAAC4B,MAAM,CAAC,CAAC;IAC/BgB,eAAe,EAAE5C,CAAC,CAAC4B,MAAM,CAAC,CAAC;IAC3BwB,KAAK,EAAEpD,CAAC,CAAC4B,MAAM,CAAC,CAAC;IACjByB,iBAAiB,EAAErD,CAAC,CAAC4B,MAAM,CAAC;EAC9B,CAAC;AACH,CAAC,CAAC;;AAEF;AACA;AACA;AAFAC,OAAA,CAAAsB,0BAAA,GAAAA,0BAAA;AAMO,MAAMG,6BAA6B,GAAGtD,CAAC,CAACuD,KAAK,CAAC,CACnDzB,qBAAqB,EACrBqB,0BAA0B,CAC3B,CAAC;AAACtB,OAAA,CAAAyB,6BAAA,GAAAA,6BAAA;AAAA,IAESE,UAAU,0BAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAA,OAAVA,UAAU;AAAA;AAAA3B,OAAA,CAAA2B,UAAA,GAAAA,UAAA"}

package/lib/commonjs/utils/credentials.js

@@ -0,0 +1,33 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.extractJwkFromCredential = void 0;
+var _sdJwt = require("../sd-jwt");
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _errors = require("./errors");
+const SD_JWT = ["vc+sd-jwt", "dc+sd-jwt"];
+
+/**
+ * Extracts a JWK from a credential.
+ * @param credential - The credential string, which can be in SD-JWT or CBOR format.
+ * @param format - The format of the credential
+ * @return A Promise that resolves to a JWK object if the credential is in SD-JWT format and contains a JWK, or undefined otherwise.
+ */
+const extractJwkFromCredential = async (credential, format) => {
+  if (SD_JWT.includes(format)) {
+    // 1. SD-JWT case
+    const decoded = (0, _sdJwt.decode)(credential);
+    const jwk = decoded.sdJwt.payload.cnf.jwk;
+    if (jwk) {
+      return {
+        ...jwk,
+        kid: await (0, _ioReactNativeJwt.thumbprint)(jwk)
+      };
+    }
+  }
+  throw new _errors.IoWalletError(`Credential format ${format} not supported`);
+};
+exports.extractJwkFromCredential = extractJwkFromCredential;
+//# sourceMappingURL=credentials.js.map

package/lib/commonjs/utils/credentials.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_sdJwt","require","_ioReactNativeJwt","_errors","SD_JWT","extractJwkFromCredential","credential","format","includes","decoded","decode","jwk","sdJwt","payload","cnf","kid","thumbprint","IoWalletError","exports"],"sourceRoot":"../../../src","sources":["utils/credentials.ts"],"mappings":";;;;;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,iBAAA,GAAAD,OAAA;AAIA,IAAAE,OAAA,GAAAF,OAAA;AAEA,MAAMG,MAAM,GAAG,CAAC,WAAW,EAAE,WAAW,CAAC;;AAEzC;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,wBAAwB,GAAG,MAAAA,CACtCC,UAA+C,EAC/CC,MAAuC,KACtB;EACjB,IAAIH,MAAM,CAACI,QAAQ,CAACD,MAAM,CAAC,EAAE;IAC3B;IACA,MAAME,OAAO,GAAG,IAAAC,aAAM,EAACJ,UAAU,CAAC;IAClC,MAAMK,GAAG,GAAGF,OAAO,CAACG,KAAK,CAACC,OAAO,CAACC,GAAG,CAACH,GAAG;IACzC,IAAIA,GAAG,EAAE;MACP,OAAO;QAAE,GAAGA,GAAG;QAAEI,GAAG,EAAE,MAAM,IAAAC,4BAAU,EAACL,GAAG;MAAE,CAAC;IAC/C;EACF;EACA,MAAM,IAAIM,qBAAa,CAAE,qBAAoBV,MAAO,gBAAe,CAAC;AACtE,CAAC;AAACW,OAAA,CAAAb,wBAAA,GAAAA,wBAAA"}

package/lib/commonjs/utils/crypto.js

@@ -7,7 +7,6 @@ exports.withEphemeralKey = exports.createCryptoContextFor = void 0;
 var _ioReactNativeCrypto = require("@pagopa/io-react-native-crypto");
 var _uuid = require("uuid");
 var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
-var _jwk = require("./jwk");
 /**
  * Create a CryptoContext bound to a key pair.
  * Key pair is supposed to exist already in the device's keychain.
@@ -17,13 +16,8 @@ var _jwk = require("./jwk");
  */
 const createCryptoContextFor = keytag => {
   return {
-    /**
-     * Retrieve the public key of the pair.
-     * If the key pair doesn't exist yet, an error is raised
-     * @returns The public key.
-     */
     async getPublicKey() {
-      return (0, _ioReactNativeCrypto.getPublicKey)(keytag).then(_jwk.fixBase64EncodingOnKey).then(async jwk => ({
+      return (0, _ioReactNativeCrypto.getPublicKeyFixed)(keytag).then(async jwk => ({
         ...jwk,
         // Keys in the TEE are not stored with their KID, which is supposed to be assigned when they are included in JWK sets.
         // (that is, KID is not a propoerty of the key itself, but it's property used to identify a key in a set).

package/lib/commonjs/utils/crypto.js.map

@@ -1 +1 @@
-{"version":3,"names":["_ioReactNativeCrypto","require","_uuid","_ioReactNativeJwt","_jwk","createCryptoContextFor","keytag","getPublicKey","then","fixBase64EncodingOnKey","jwk","kid","thumbprint","getSignature","value","sign","exports","withEphemeralKey","fn","uuidv4","generate","ephemeralContext","finally","deleteKey"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":";;;;;;AAAA,IAAAA,oBAAA,GAAAC,OAAA;AAMA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,iBAAA,GAAAF,OAAA;AACA,IAAAG,IAAA,GAAAH,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMI,sBAAsB,GAAIC,MAAc,IAAoB;EACvE,OAAO;IACL;AACJ;AACA;AACA;AACA;IACI,MAAMC,YAAYA,CAAA,EAAG;MACnB,OAAO,IAAAA,iCAAY,EAACD,MAAM,CAAC,CACxBE,IAAI,CAACC,2BAAsB,CAAC,CAC5BD,IAAI,CAAC,MAAOE,GAAG,KAAM;QACpB,GAAGA,GAAG;QACN;QACA;QACA;QACA;QACAC,GAAG,EAAE,MAAM,IAAAC,4BAAU,EAACF,GAAG;MAC3B,CAAC,CAAC,CAAC;IACP,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;IACI,MAAMG,YAAYA,CAACC,KAAa,EAAE;MAChC,OAAO,IAAAC,yBAAI,EAACD,KAAK,EAAER,MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAU,OAAA,CAAAX,sBAAA,GAAAA,sBAAA;AAQO,MAAMY,gBAAgB,GAAG,MAC9BC,EAAmD,IACpC;EACf;EACA,MAAMZ,MAAM,GAAI,aAAY,IAAAa,QAAM,EAAC,CAAE,EAAC;EACtC,MAAM,IAAAC,6BAAQ,EAACd,MAAM,CAAC;EACtB,MAAMe,gBAAgB,GAAGhB,sBAAsB,CAACC,MAAM,CAAC;EACvD,OAAOY,EAAE,CAACG,gBAAgB,CAAC,CAACC,OAAO,CAAC,MAAM,IAAAC,8BAAS,EAACjB,MAAM,CAAC,CAAC;AAC9D,CAAC;AAACU,OAAA,CAAAC,gBAAA,GAAAA,gBAAA"}
+{"version":3,"names":["_ioReactNativeCrypto","require","_uuid","_ioReactNativeJwt","createCryptoContextFor","keytag","getPublicKey","getPublicKeyFixed","then","jwk","kid","thumbprint","getSignature","value","sign","exports","withEphemeralKey","fn","uuidv4","generate","ephemeralContext","finally","deleteKey"],"sourceRoot":"../../../src","sources":["utils/crypto.ts"],"mappings":";;;;;;AAAA,IAAAA,oBAAA,GAAAC,OAAA;AAMA,IAAAC,KAAA,GAAAD,OAAA;AACA,IAAAE,iBAAA,GAAAF,OAAA;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMG,sBAAsB,GAAIC,MAAc,IAAoB;EACvE,OAAO;IACL,MAAMC,YAAYA,CAAA,EAAG;MACnB,OAAO,IAAAC,sCAAiB,EAACF,MAAM,CAAC,CAACG,IAAI,CAAC,MAAOC,GAAG,KAAM;QACpD,GAAGA,GAAG;QACN;QACA;QACA;QACA;QACAC,GAAG,EAAE,MAAM,IAAAC,4BAAU,EAACF,GAAG;MAC3B,CAAC,CAAC,CAAC;IACL,CAAC;IACD;AACJ;AACA;AACA;AACA;AACA;IACI,MAAMG,YAAYA,CAACC,KAAa,EAAE;MAChC,OAAO,IAAAC,yBAAI,EAACD,KAAK,EAAER,MAAM,CAAC;IAC5B;EACF,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAU,OAAA,CAAAX,sBAAA,GAAAA,sBAAA;AAQO,MAAMY,gBAAgB,GAAG,MAC9BC,EAAmD,IACpC;EACf;EACA,MAAMZ,MAAM,GAAI,aAAY,IAAAa,QAAM,EAAC,CAAE,EAAC;EACtC,MAAM,IAAAC,6BAAQ,EAACd,MAAM,CAAC;EACtB,MAAMe,gBAAgB,GAAGhB,sBAAsB,CAACC,MAAM,CAAC;EACvD,OAAOY,EAAE,CAACG,gBAAgB,CAAC,CAACC,OAAO,CAAC,MAAM,IAAAC,8BAAS,EAACjB,MAAM,CAAC,CAAC;AAC9D,CAAC;AAACU,OAAA,CAAAC,gBAAA,GAAAA,gBAAA"}

package/lib/commonjs/utils/jwk.js

@@ -5,6 +5,7 @@ Object.defineProperty(exports, "__esModule", {
 });
 exports.JWKS = exports.JWK = void 0;
 exports.fixBase64EncodingOnKey = fixBase64EncodingOnKey;
+exports.isSameThumbprint = void 0;
 var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
 var _zod = require("zod");
 const JWK = _zod.z.object({
@@ -81,4 +82,15 @@ const JWKS = _zod.z.object({
   keys: _zod.z.array(JWK)
 });
 exports.JWKS = JWKS;
+/**
+ * Utility function that checks if two JWKs have the same thumbprint.
+ * @param jwkA The first JWK
+ * @param jwkB The second JWK
+ * @returns Whether the thumbprints match
+ */
+const isSameThumbprint = async (jwkA, jwkB) => {
+  const [thumbprintJwkA, thumbprintJwkB] = await Promise.all([(0, _ioReactNativeJwt.thumbprint)(jwkA), (0, _ioReactNativeJwt.thumbprint)(jwkB)]);
+  return thumbprintJwkA === thumbprintJwkB;
+};
+exports.isSameThumbprint = isSameThumbprint;
 //# sourceMappingURL=jwk.js.map

package/lib/commonjs/utils/jwk.js.map

@@ -1 +1 @@
-{"version":3,"names":["_ioReactNativeJwt","require","_zod","JWK","z","object","alg","string","optional","crv","d","dp","dq","e","ext","boolean","k","key_ops","array","kid","kty","union","literal","n","p","q","qi","use","x","y","x5c","x5t","x5u","exports","fixBase64EncodingOnKey","key","pk","removePadding","JWKS","keys"],"sourceRoot":"../../../src","sources":["utils/jwk.ts"],"mappings":";;;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AAGO,MAAME,GAAG,GAAGC,MAAC,CAACC,MAAM,CAAC;EAC1B;EACAC,GAAG,EAAEF,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1BC,GAAG,EAAEL,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1BE,CAAC,EAAEN,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBG,EAAE,EAAEP,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACzBI,EAAE,EAAER,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACzBK,CAAC,EAAET,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxB;EACAM,GAAG,EAAEV,MAAC,CAACW,OAAO,CAAC,CAAC,CAACP,QAAQ,CAAC,CAAC;EAC3BQ,CAAC,EAAEZ,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxB;EACAS,OAAO,EAAEb,MAAC,CAACc,KAAK,CAACd,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACvC;EACAW,GAAG,EAAEf,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1B;AACF;AACA;EACEY,GAAG,EAAEhB,MAAC,CAACiB,KAAK,CAAC,CAACjB,MAAC,CAACkB,OAAO,CAAC,KAAK,CAAC,EAAElB,MAAC,CAACkB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;EACjDC,CAAC,EAAEnB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBgB,CAAC,EAAEpB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBiB,CAAC,EAAErB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBkB,EAAE,EAAEtB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACzB;EACAmB,GAAG,EAAEvB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1BoB,CAAC,EAAExB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBqB,CAAC,EAAEzB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxB;EACAsB,GAAG,EAAE1B,MAAC,CAACc,KAAK,CAACd,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACnC;EACAuB,GAAG,EAAE3B,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1B;EACA,UAAU,EAAEJ,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACjC;EACAwB,GAAG,EAAE5B,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC;AAC3B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAyB,OAAA,CAAA9B,GAAA,GAAAA,GAAA;AAQO,SAAS+B,sBAAsBA,CAACC,GAAQ,EAAO;EACpD,MAAM;IAAEP,CAAC;IAAEC,CAAC;IAAEhB,CAAC;IAAEU,CAAC;IAAE,GAAGa;EAAG,CAAC,GAAGD,GAAG;EAEjC,OAAO;IACL,GAAGC,EAAE;IACL,IAAIR,CAAC,GAAG;MAAEA,CAAC,EAAE,IAAAS,+BAAa,EAACT,CAAC;IAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrC,IAAIC,CAAC,GAAG;MAAEA,CAAC,EAAE,IAAAQ,+BAAa,EAACR,CAAC;IAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrC,IAAIhB,CAAC,GAAG;MAAEA,CAAC,EAAE,IAAAwB,+BAAa,EAACxB,CAAC;IAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrC,IAAIU,CAAC,GAAG;MAAEA,CAAC,EAAE,IAAAc,+BAAa,EAACd,CAAC;IAAE,CAAC,GAAG,CAAC,CAAC;EACtC,CAAC;AACH;AAGO,MAAMe,IAAI,GAAGlC,MAAC,CAACC,MAAM,CAAC;EAC3BkC,IAAI,EAAEnC,MAAC,CAACc,KAAK,CAACf,GAAG;AACnB,CAAC,CAAC;AAAC8B,OAAA,CAAAK,IAAA,GAAAA,IAAA"}
+{"version":3,"names":["_ioReactNativeJwt","require","_zod","JWK","z","object","alg","string","optional","crv","d","dp","dq","e","ext","boolean","k","key_ops","array","kid","kty","union","literal","n","p","q","qi","use","x","y","x5c","x5t","x5u","exports","fixBase64EncodingOnKey","key","pk","removePadding","JWKS","keys","isSameThumbprint","jwkA","jwkB","thumbprintJwkA","thumbprintJwkB","Promise","all","thumbprint"],"sourceRoot":"../../../src","sources":["utils/jwk.ts"],"mappings":";;;;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AAGO,MAAME,GAAG,GAAGC,MAAC,CAACC,MAAM,CAAC;EAC1B;EACAC,GAAG,EAAEF,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1BC,GAAG,EAAEL,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1BE,CAAC,EAAEN,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBG,EAAE,EAAEP,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACzBI,EAAE,EAAER,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACzBK,CAAC,EAAET,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxB;EACAM,GAAG,EAAEV,MAAC,CAACW,OAAO,CAAC,CAAC,CAACP,QAAQ,CAAC,CAAC;EAC3BQ,CAAC,EAAEZ,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxB;EACAS,OAAO,EAAEb,MAAC,CAACc,KAAK,CAACd,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACvC;EACAW,GAAG,EAAEf,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1B;AACF;AACA;EACEY,GAAG,EAAEhB,MAAC,CAACiB,KAAK,CAAC,CAACjB,MAAC,CAACkB,OAAO,CAAC,KAAK,CAAC,EAAElB,MAAC,CAACkB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;EACjDC,CAAC,EAAEnB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBgB,CAAC,EAAEpB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBiB,CAAC,EAAErB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBkB,EAAE,EAAEtB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACzB;EACAmB,GAAG,EAAEvB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1BoB,CAAC,EAAExB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxBqB,CAAC,EAAEzB,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACxB;EACAsB,GAAG,EAAE1B,MAAC,CAACc,KAAK,CAACd,MAAC,CAACG,MAAM,CAAC,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACnC;EACAuB,GAAG,EAAE3B,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC1B;EACA,UAAU,EAAEJ,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACjC;EACAwB,GAAG,EAAE5B,MAAC,CAACG,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC;AAC3B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAyB,OAAA,CAAA9B,GAAA,GAAAA,GAAA;AAQO,SAAS+B,sBAAsBA,CAACC,GAAQ,EAAO;EACpD,MAAM;IAAEP,CAAC;IAAEC,CAAC;IAAEhB,CAAC;IAAEU,CAAC;IAAE,GAAGa;EAAG,CAAC,GAAGD,GAAG;EAEjC,OAAO;IACL,GAAGC,EAAE;IACL,IAAIR,CAAC,GAAG;MAAEA,CAAC,EAAE,IAAAS,+BAAa,EAACT,CAAC;IAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrC,IAAIC,CAAC,GAAG;MAAEA,CAAC,EAAE,IAAAQ,+BAAa,EAACR,CAAC;IAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrC,IAAIhB,CAAC,GAAG;MAAEA,CAAC,EAAE,IAAAwB,+BAAa,EAACxB,CAAC;IAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrC,IAAIU,CAAC,GAAG;MAAEA,CAAC,EAAE,IAAAc,+BAAa,EAACd,CAAC;IAAE,CAAC,GAAG,CAAC,CAAC;EACtC,CAAC;AACH;AAGO,MAAMe,IAAI,GAAGlC,MAAC,CAACC,MAAM,CAAC;EAC3BkC,IAAI,EAAEnC,MAAC,CAACc,KAAK,CAACf,GAAG;AACnB,CAAC,CAAC;AAAC8B,OAAA,CAAAK,IAAA,GAAAA,IAAA;AAIH;AACA;AACA;AACA;AACA;AACA;AACO,MAAME,gBAAgB,GAAG,MAAAA,CAAOC,IAAS,EAAEC,IAAS,KAAK;EAC9D,MAAM,CAACC,cAAc,EAAEC,cAAc,CAAC,GAAG,MAAMC,OAAO,CAACC,GAAG,CAAC,CACzD,IAAAC,4BAAU,EAACN,IAAI,CAAC,EAChB,IAAAM,4BAAU,EAACL,IAAI,CAAC,CACjB,CAAC;EACF,OAAOC,cAAc,KAAKC,cAAc;AAC1C,CAAC;AAACX,OAAA,CAAAO,gBAAA,GAAAA,gBAAA"}