@pagopa/io-react-native-wallet 2.0.0-next.6 → 2.0.0-next.8

package/src/credential/issuance/07-verify-and-parse-credential.ts

@@ -6,12 +6,22 @@ import { SdJwt4VC, verify as verifySdJwt } from "../../sd-jwt";
 import { getValueFromDisclosures } from "../../sd-jwt/converters";
 import { isSameThumbprint, type JWK } from "../../utils/jwk";
 import type { ObtainCredential } from "./06-obtain-credential";
-import { Logger, LogLevel } from "../../utils/logging";
+import { verify as verifyMdoc } from "../../mdoc";
+import { MDOC_DEFAULT_NAMESPACE } from "../../mdoc/const";
+import { getParsedCredentialClaimKey } from "../../mdoc/utils";
+import { LogLevel, Logger } from "../../utils/logging";
+import { extractElementValueAsDate } from "../../mdoc/converter";
+import type { CBOR } from "@pagopa/io-react-native-iso18013";
+import type { PublicKey } from "@pagopa/io-react-native-crypto";
 
 type IssuerConf = Out<EvaluateIssuerTrust>["issuerConf"];
 type CredentialConf =
   IssuerConf["openid_credential_issuer"]["credential_configurations_supported"][string];
 
+type DecodedMDocCredential = Out<typeof verifyMdoc> & {
+  issuerSigned: CBOR.IssuerSigned;
+};
+
 export type VerifyAndParseCredential = (
   issuerConf: IssuerConf,
   credential: Out<ObtainCredential>["credential"],
@@ -26,7 +36,8 @@ export type VerifyAndParseCredential = (
      * Include attributes that are not explicitly mapped in the issuer configuration.
      */
     includeUndefinedAttributes?: boolean;
-  }
+  },
+  x509CertRoot?: string
 ) => Promise<{
   parsedCredential: ParsedCredential;
   expiration: Date;
@@ -34,11 +45,9 @@ export type VerifyAndParseCredential = (
 }>;
 
 // The credential as a collection of attributes in plain value
-type ParsedCredential = Record<
+type ParsedCredential = {
   /** Attribute key */
-  string,
-  {
-    /** Human-readable name of the attribute */
+  [claim: string]: {
     name:
       | /* if i18n is provided */ Record<
           string /* locale */,
@@ -46,10 +55,9 @@ type ParsedCredential = Record<
         >
       | /* if no i18n is provided */ string
       | undefined; // Add undefined as a possible value for the name property
-    /** The actual value of the attribute */
     value: unknown;
-  }
->;
+  };
+};
 
 // handy alias
 type DecodedSdJwtCredential = Out<typeof verifySdJwt> & {
@@ -139,7 +147,124 @@ const parseCredentialSdJwt = (
 
   return definedValues;
 };
+const parseCredentialMDoc = (
+  // the list of supported credentials, as defined in the issuer configuration
+  credentialConfig: CredentialConf,
+  // credential_type: string,
+  { issuerSigned }: DecodedMDocCredential,
+  ignoreMissingAttributes: boolean = false,
+  includeUndefinedAttributes: boolean = false
+): ParsedCredential => {
+  if (!credentialConfig) {
+    throw new IoWalletError("Credential type not supported by the issuer");
+  }
+
+  if (!credentialConfig.claims) {
+    throw new IoWalletError("Missing claims in the credential subject");
+  }
+
+  const attrDefinitions = credentialConfig.claims.map<
+    [string, string, { name: string; locale: string }[]]
+  >(({ path: [namespace, attribute], display }) => [
+    namespace as string,
+    attribute as string,
+    display,
+  ]);
+
+  if (!issuerSigned.nameSpaces) {
+    throw new IoWalletError("Missing claims in the credential");
+  }
+
+  const flatNamespaces = Object.entries(issuerSigned.nameSpaces).flatMap(
+    ([namespace, values]) =>
+      values.map<[string, string, string]>((v) => [
+        namespace,
+        v.elementIdentifier,
+        v.elementValue,
+      ])
+  );
+
+  // Check that all mandatory attributes defined in the issuer configuration are present in the disclosure set
+  // and filter the non present ones
+  const attrsNotInDisclosures = attrDefinitions.filter(
+    ([attrDefNamespace, attrKey]) =>
+      !flatNamespaces.some(
+        ([namespace, claim]) =>
+          attrDefNamespace === namespace && attrKey === claim
+      )
+  );
+
+  if (attrsNotInDisclosures.length > 0) {
+    const missing = attrsNotInDisclosures
+      .map(([, attrKey]) => attrKey)
+      .join(", ");
+    const received = flatNamespaces.map(([, attrKey]) => attrKey).join(", ");
 
+    if (!ignoreMissingAttributes) {
+      throw new IoWalletError(
+        `Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`
+      );
+    }
+  }
+
+  // Attributes defined in the issuer configuration and present in the disclosure set
+  const definedValues = attrDefinitions
+    // Retrieve the value from the corresponding disclosure
+    .map(
+      ([attrDefNamespace, attrKey, display]) =>
+        [
+          attrDefNamespace,
+          attrKey,
+          {
+            display,
+            value: flatNamespaces.find(
+              ([namespace, name]) =>
+                attrDefNamespace === namespace && name === attrKey
+            )?.[2],
+          },
+        ] as const
+    )
+    //filter the not found elements
+    .filter(([_, __, definition]) => definition.value !== undefined)
+    // Add a human-readable attribute name, with i18n, in the form { locale: name }
+    // Example: { "it-IT": "Nome", "en-EN": "Name", "es-ES": "Nombre" }
+    .reduce<ParsedCredential>(
+      (acc, [attrDefNamespace, attrKey, { display, value }]) => ({
+        ...acc,
+        [getParsedCredentialClaimKey(attrDefNamespace, attrKey)]: {
+          value,
+          name: display.reduce(
+            (names, { locale, name }) => ({
+              ...names,
+              [locale]: name,
+            }),
+            {}
+          ),
+        },
+      }),
+      {}
+    );
+
+  if (includeUndefinedAttributes) {
+    const undefinedValues: ParsedCredential = Object.fromEntries(
+      Object.values(flatNamespaces)
+        .filter(
+          ([namespace, key]) =>
+            !definedValues[getParsedCredentialClaimKey(namespace, key)]
+        )
+        .map(([namespace, key, value]) => [
+          getParsedCredentialClaimKey(namespace, key),
+          { value, name: key },
+        ])
+    );
+    return {
+      ...definedValues,
+      ...undefinedValues,
+    };
+  }
+
+  return definedValues;
+};
 /**
  * Given a credential, verify it's in the supported format
  * and the credential is correctly signed
@@ -176,6 +301,48 @@ async function verifyCredentialSdJwt(
 
   return decodedCredential;
 }
+/**
+ * Given a credential, verify it's in the supported format
+ * and the credential is correctly signed
+ * and it's bound to the given key
+ *
+ * @param rawCredential The received credential
+ * @param issuerKeys The set of public keys of the issuer,
+ * which will be used to verify the signature
+ * @param holderBindingContext The access to the holder's key
+ *
+ * @throws If the signature verification fails
+ * @throws If the credential is not in the SdJwt4VC format
+ * @throws If the holder binding is not properly configured
+ *
+ */
+async function verifyCredentialMDoc(
+  rawCredential: string,
+  x509CertRoot: string,
+  holderBindingContext: CryptoContext
+): Promise<DecodedMDocCredential> {
+  const [decodedCredential, holderBindingKey] =
+    // parallel for optimization
+    await Promise.all([
+      verifyMdoc(rawCredential, x509CertRoot),
+      holderBindingContext.getPublicKey(),
+    ]);
+
+  if (!decodedCredential) {
+    throw new IoWalletError("No MDOC credentials found!");
+  }
+
+  const key =
+    decodedCredential.issuerSigned.issuerAuth.payload.deviceKeyInfo.deviceKey;
+
+  if (!(await isSameThumbprint(key, holderBindingKey as PublicKey))) {
+    throw new IoWalletError(
+      `Failed to verify holder binding, holder binding key and mDoc deviceKey don't match`
+    );
+  }
+
+  return decodedCredential;
+}
 
 const verifyAndParseCredentialSdJwt: VerifyAndParseCredential = async (
   issuerConf,
@@ -231,6 +398,60 @@ const verifyAndParseCredentialSdJwt: VerifyAndParseCredential = async (
   };
 };
 
+const verifyAndParseCredentialMDoc: VerifyAndParseCredential = async (
+  issuerConf,
+  credential,
+  credentialConfigurationId,
+  { credentialCryptoContext, ignoreMissingAttributes },
+  x509CertRoot
+) => {
+  if (!x509CertRoot) {
+    throw new IoWalletError("Missing x509CertRoot");
+  }
+
+  const decoded = await verifyCredentialMDoc(
+    credential,
+    x509CertRoot,
+    credentialCryptoContext
+  );
+
+  const credentialConfig =
+    issuerConf.openid_credential_issuer.credential_configurations_supported[
+      credentialConfigurationId
+    ]!;
+  const parsedCredential = parseCredentialMDoc(
+    credentialConfig,
+    decoded,
+    ignoreMissingAttributes,
+    ignoreMissingAttributes
+  );
+
+  const expirationDate = extractElementValueAsDate(
+    parsedCredential?.[
+      getParsedCredentialClaimKey(MDOC_DEFAULT_NAMESPACE, "expiry_date")
+    ]?.value as string
+  );
+  if (!expirationDate) {
+    throw new IoWalletError(`expirationDate must be present!!`);
+  }
+  expirationDate.setDate(expirationDate.getDate() + 1);
+
+  const maybeIssuedAt = extractElementValueAsDate(
+    parsedCredential?.[
+      getParsedCredentialClaimKey(MDOC_DEFAULT_NAMESPACE, "issue_date")
+    ]?.value as string
+  );
+  maybeIssuedAt?.setDate(maybeIssuedAt.getDate() + 1);
+
+  return {
+    parsedCredential,
+    credential,
+    credentialConfigurationId,
+    expiration: expirationDate,
+    issuedAt: maybeIssuedAt ?? undefined,
+  };
+};
+
 /**
  * Verify and parse an encoded credential.
  * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
@@ -248,24 +469,39 @@ export const verifyAndParseCredential: VerifyAndParseCredential = async (
   issuerConf,
   credential,
   credentialConfigurationId,
-  context
+  context,
+  x509CertRoot
 ) => {
   const format =
     issuerConf.openid_credential_issuer.credential_configurations_supported[
       credentialConfigurationId
     ]?.format;
 
-  if (format === "dc+sd-jwt") {
-    Logger.log(LogLevel.DEBUG, "Parsing credential in dc+sd-jwt format");
-    return verifyAndParseCredentialSdJwt(
-      issuerConf,
-      credential,
-      credentialConfigurationId,
-      context
-    );
-  }
+  switch (format) {
+    case "dc+sd-jwt": {
+      Logger.log(LogLevel.DEBUG, "Parsing credential in dc+sd-jwt format");
+      return verifyAndParseCredentialSdJwt(
+        issuerConf,
+        credential,
+        credentialConfigurationId,
+        context
+      );
+    }
+    case "mso_mdoc": {
+      Logger.log(LogLevel.DEBUG, "Parsing credential in mso_mdoc format");
+      return verifyAndParseCredentialMDoc(
+        issuerConf,
+        credential,
+        credentialConfigurationId,
+        context,
+        x509CertRoot
+      );
+    }
 
-  const message = `Unsupported credential format: ${format}`;
-  Logger.log(LogLevel.ERROR, message);
-  throw new IoWalletError(message);
+    default: {
+      const message = `Unsupported credential format: ${format}`;
+      Logger.log(LogLevel.ERROR, message);
+      throw new IoWalletError(message);
+    }
+  }
 };

package/src/credential/issuance/README.md

@@ -171,7 +171,7 @@ const { credential_configuration_id, credential_identifiers } =
     accessToken.authorization_details[0]!;
 
  // Obtain the credential
-const { credential } = await Credential.Issuance.obtainCredential(
+const { credential, format } = await Credential.Issuance.obtainCredential(
   issuerConf,
   accessToken,
   clientId,
@@ -186,6 +186,10 @@ const { credential } = await Credential.Issuance.obtainCredential(
   }
 );
 
+// The certificate below is required to perform the `x5chain` validation of credentials in `mdoc` format.
+// In a real-world scenario, it must be obtained from the appropriate endpoint exposed by the Trust Anchor
+const mockX509CertRoot = format === "mso_mdoc" ? "base64encodedX509CertRoot" : undefined
+
 /*
  * Parse and verify the credential. The ignoreMissingAttributes flag must be set to false or omitted in production.
  * WARNING: includeUndefinedAttributes should not be set to true in production in order to get only claims explicitly declared by the issuer.
@@ -199,7 +203,8 @@ const { parsedCredential } =
       credentialCryptoContext, 
       ignoreMissingAttributes: true,
       includeUndefinedAttributes: false 
-    }
+    },
+    mockX509CertRoot
   );
 
 const credentialType =

package/src/mdoc/const.ts

@@ -0,0 +1 @@
+export const MDOC_DEFAULT_NAMESPACE = "org.iso.18013.5.1";

package/src/mdoc/converter.ts

@@ -0,0 +1,26 @@
+/**
+ * Extracts the date value of a given elementIdentifier from an MDOC object.
+ * Searches through the issuerSigned namespaces and attempts to parse the value as a Date.
+ * The expected date format is "YYYY-MM-DD".
+ * Returns the Date object if found, otherwise returns null.
+ */
+export function extractElementValueAsDate(elementValue: string): Date | null {
+  if (typeof elementValue === "string") {
+    const dateParts = elementValue.split("-");
+    if (dateParts.length === 3) {
+      const [year, month, day] = dateParts.map(Number);
+      if (
+        day !== undefined &&
+        month !== undefined &&
+        year !== undefined &&
+        !isNaN(day) &&
+        !isNaN(month) &&
+        !isNaN(year)
+      ) {
+        return new Date(year, month - 1, day); // Month is zero-based in JS Date
+      }
+    }
+  }
+
+  return null; // Return null if no matching element is found or it's not a valid date
+}

package/src/mdoc/index.ts

@@ -0,0 +1,93 @@
+import { CBOR, COSE } from "@pagopa/io-react-native-iso18013";
+import { b64utob64 } from "jsrsasign";
+import {
+  verifyCertificateChain,
+  type CertificateValidationResult,
+  type PublicKey,
+  type X509CertificateOptions,
+} from "@pagopa/io-react-native-crypto";
+import { MissingX509CertsError, X509ValidationError } from "../trust/errors";
+import { IoWalletError } from "../utils/errors";
+import { convertBase64DerToPem, getSigninJwkFromCert } from "../utils/crypto";
+
+export const verify = async (
+  token: string,
+  x509CertRoot: string
+): Promise<{ issuerSigned: CBOR.IssuerSigned }> => {
+  // get decoded data
+  const issuerSigned = await CBOR.decodeIssuerSigned(token);
+
+  if (!issuerSigned) {
+    throw new IoWalletError("Invalid mDoc");
+  }
+
+  if (
+    !issuerSigned.issuerAuth.unprotectedHeader?.x5chain &&
+    (!Array.isArray(issuerSigned.issuerAuth.unprotectedHeader.x5chain) ||
+      issuerSigned.issuerAuth.unprotectedHeader.x5chain.length === 0)
+  ) {
+    throw new MissingX509CertsError("Missing x509 certificates");
+  }
+  const x5chain =
+    issuerSigned.issuerAuth.unprotectedHeader.x5chain.map(b64utob64);
+  // Verify the x5chain
+  await verifyX5chain(x5chain, x509CertRoot);
+
+  const coseSign1 = issuerSigned.issuerAuth.rawValue;
+
+  if (!coseSign1) {
+    throw new IoWalletError("Missing coseSign1");
+  }
+  // Once the x5chain is verified, the signatures verification can be performed
+  await verifyMdocSignature(coseSign1, x5chain[0]!);
+
+  return { issuerSigned };
+};
+
+/**
+ * This function checks whether the x509 certificate chain is valid against a specified Certificate Authority (CA)
+ *
+ * @param x5chain The mdoc's x509 certificate chain
+ * @param x509CertRoot The Trust Anchor CA
+ * @param options Options for certificate validation
+ */
+const verifyX5chain = async (
+  x5chain: string[],
+  x509CertRoot: string,
+  options: X509CertificateOptions = {
+    connectTimeout: 10000,
+    readTimeout: 10000,
+    requireCrl: true,
+  }
+) => {
+  const x509ValidationResult: CertificateValidationResult =
+    await verifyCertificateChain(x5chain, x509CertRoot, options);
+
+  if (!x509ValidationResult.isValid) {
+    throw new X509ValidationError(
+      `X.509 certificate chain validation failed. Status: ${x509ValidationResult.validationStatus}. Error: ${x509ValidationResult.errorMessage}`,
+      {
+        x509ValidationStatus: x509ValidationResult.validationStatus,
+        x509ErrorMessage: x509ValidationResult.errorMessage,
+      }
+    );
+  }
+};
+/**
+ * This function verifies that the signature is valid for the given certificate.
+ * If not, it throws an error
+ *
+ * @param coseSign1 The COSE-Sign1 object encoded in base64 or base64url
+ * @param cert The `x5chain`'s leaf certificate
+ */
+const verifyMdocSignature = async (coseSign1: string, cert: string) => {
+  const pemcert = convertBase64DerToPem(cert);
+  const jwk = getSigninJwkFromCert(pemcert);
+
+  jwk.x = b64utob64(jwk.x!);
+  jwk.y = b64utob64(jwk.y!);
+
+  const signatureCorrect = await COSE.verify(coseSign1, jwk as PublicKey);
+
+  if (!signatureCorrect) throw new Error("Invalid mDoc signature");
+};

package/src/mdoc/utils.ts

@@ -0,0 +1,7 @@
+/**
+ * @param namespace The mdoc credential `namespace`
+ * @param key The claim attribute key
+ * @returns A string consisting of the concatenation of the namespace and the claim key, separated by a colon
+ */
+export const getParsedCredentialClaimKey = (namespace: string, key: string) =>
+  `${namespace}:${key}`;

package/src/trust/types.ts

@@ -71,6 +71,10 @@ const SupportedCredentialMetadata = z.intersection(
   })
 );
 
+export type SupportedCredentialFormat = z.infer<
+  typeof SupportedCredentialMetadata
+>["format"];
+
 export type EntityStatement = z.infer<typeof EntityStatement>;
 export const EntityStatement = z.object({
   header: z.object({

package/src/utils/crypto.ts

@@ -5,7 +5,10 @@ import {
   sign,
 } from "@pagopa/io-react-native-crypto";
 import { v4 as uuidv4 } from "uuid";
-import { type CryptoContext, thumbprint } from "@pagopa/io-react-native-jwt";
+import { thumbprint, type CryptoContext } from "@pagopa/io-react-native-jwt";
+import { JWK } from "./jwk";
+import { KEYUTIL, KJUR, RSAKey, X509 } from "jsrsasign";
+import { IoWalletError } from "./errors";
 
 /**
  * Create a CryptoContext bound to a key pair.
@@ -55,3 +58,35 @@ export const withEphemeralKey = async <R>(
   const ephemeralContext = createCryptoContextFor(keytag);
   return fn(ephemeralContext).finally(() => deleteKey(keytag));
 };
+/**
+ * Converts a base64-encoded DER certificate to PEM format.
+ *
+ * @param certificate - The base64-encoded DER certificate.
+ * @returns The PEM-formatted certificate.
+ */
+export const convertBase64DerToPem = (certificate: string): string =>
+  `-----BEGIN CERTIFICATE-----\n${certificate}\n-----END CERTIFICATE-----`;
+
+/**
+ * Retrieves the signing JWK from a PEM-formatted certificate.
+ *
+ * @param pemCert - The PEM-formatted certificate.
+ * @returns The signing JWK.
+ * @throws Will throw an error if the public key is unsupported.
+ */
+export const getSigninJwkFromCert = (pemCert: string): JWK => {
+  const x509 = new X509();
+  x509.readCertPEM(pemCert);
+  const publicKey = x509.getPublicKey();
+
+  if (publicKey instanceof RSAKey || publicKey instanceof KJUR.crypto.ECDSA) {
+    return {
+      ...JWK.parse(KEYUTIL.getJWKFromKey(publicKey)),
+      use: "sig",
+    };
+  }
+
+  throw new IoWalletError(
+    "Unable to find the signing key inside the PEM certificate"
+  );
+};

package/lib/commonjs/credential/issuance/const.js

@@ -1,14 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.SupportedCredentialFormat = exports.ASSERTION_TYPE = void 0;
-var z = _interopRequireWildcard(require("zod"));
-function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
-function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
-const ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
-exports.ASSERTION_TYPE = ASSERTION_TYPE;
-const SupportedCredentialFormat = z.union([z.literal("dc+sd-jwt"), z.literal("vc+mdoc-cbor")]);
-exports.SupportedCredentialFormat = SupportedCredentialFormat;
-//# sourceMappingURL=const.js.map

package/lib/commonjs/credential/issuance/const.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["z","_interopRequireWildcard","require","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","ASSERTION_TYPE","exports","SupportedCredentialFormat","union","literal"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAyB,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAClB,MAAMW,cAAc,GACzB,oEAAoE;AAACC,OAAA,CAAAD,cAAA,GAAAA,cAAA;AAKhE,MAAME,yBAAyB,GAAG3B,CAAC,CAAC4B,KAAK,CAAC,CAC/C5B,CAAC,CAAC6B,OAAO,CAAC,WAAW,CAAC,EACtB7B,CAAC,CAAC6B,OAAO,CAAC,cAAc,CAAC,CAC1B,CAAC;AAACH,OAAA,CAAAC,yBAAA,GAAAA,yBAAA"}

package/lib/module/credential/issuance/const.js

@@ -1,4 +0,0 @@
-import * as z from "zod";
-export const ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
-export const SupportedCredentialFormat = z.union([z.literal("dc+sd-jwt"), z.literal("vc+mdoc-cbor")]);
-//# sourceMappingURL=const.js.map

package/lib/module/credential/issuance/const.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["z","ASSERTION_TYPE","SupportedCredentialFormat","union","literal"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,OAAO,MAAMC,cAAc,GACzB,oEAAoE;AAKtE,OAAO,MAAMC,yBAAyB,GAAGF,CAAC,CAACG,KAAK,CAAC,CAC/CH,CAAC,CAACI,OAAO,CAAC,WAAW,CAAC,EACtBJ,CAAC,CAACI,OAAO,CAAC,cAAc,CAAC,CAC1B,CAAC"}

package/lib/typescript/credential/issuance/const.d.ts

@@ -1,5 +0,0 @@
-import * as z from "zod";
-export declare const ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
-export type SupportedCredentialFormat = z.infer<typeof SupportedCredentialFormat>;
-export declare const SupportedCredentialFormat: z.ZodUnion<[z.ZodLiteral<"dc+sd-jwt">, z.ZodLiteral<"vc+mdoc-cbor">]>;
-//# sourceMappingURL=const.d.ts.map

package/lib/typescript/credential/issuance/const.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"const.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/const.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AACzB,eAAO,MAAM,cAAc,uEAC2C,CAAC;AAEvE,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAC7C,OAAO,yBAAyB,CACjC,CAAC;AACF,eAAO,MAAM,yBAAyB,uEAGpC,CAAC"}

package/src/credential/issuance/const.ts

@@ -1,11 +0,0 @@
-import * as z from "zod";
-export const ASSERTION_TYPE =
-  "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
-
-export type SupportedCredentialFormat = z.infer<
-  typeof SupportedCredentialFormat
->;
-export const SupportedCredentialFormat = z.union([
-  z.literal("dc+sd-jwt"),
-  z.literal("vc+mdoc-cbor"),
-]);