@pagopa/io-react-native-wallet 2.0.0-next.8 → 2.0.0

package/src/credential/issuance/07-verify-and-parse-credential.ts

@@ -1,5 +1,5 @@
 import type { CryptoContext } from "@pagopa/io-react-native-jwt";
-import type { Out } from "../../utils/misc";
+import { isObject, type Out } from "../../utils/misc";
 import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
 import { IoWalletError } from "../../utils/errors";
 import { SdJwt4VC, verify as verifySdJwt } from "../../sd-jwt";
@@ -64,6 +64,118 @@ type DecodedSdJwtCredential = Out<typeof verifySdJwt> & {
   sdJwt: SdJwt4VC;
 };
 
+// The data used to create localized names
+type DisplayData = { locale: string; name: string }[];
+
+// The resulting object of localized names { en: "Name", it: "Nome" }
+type LocalizedNames = Record<string, string>;
+
+// The core structure being built: a node containing the actual value and its localized names
+type PropertyNode<T> = {
+  value: T;
+  name: LocalizedNames;
+};
+
+// A path can consist of object keys, array indices, or null for mapping
+type Path = (string | number | null)[];
+
+// A union of all possible shapes. It can be a custom PropertyNode or a standard object/array structure
+type NodeOrStructure = Partial<PropertyNode<any>> | Record<string, any> | any[];
+
+// Helper to build localized names from the display data.
+const buildName = (display: DisplayData): LocalizedNames =>
+  display.reduce(
+    (names, { locale, name }) => ({ ...names, [locale]: name }),
+    {}
+  );
+
+/**
+ * Recursively constructs a nested object with descriptive properties from a path.
+ *
+ * @param currentObject - The object or array being built upon.
+ * @param path - The path segments to follow.
+ * @param sourceValue - The raw value to place at the end of the path.
+ * @param displayData - The data for generating localized names.
+ * @returns The new object or array structure.
+ */
+const createNestedProperty = (
+  currentObject: NodeOrStructure,
+  path: Path,
+  sourceValue: unknown, // Use `unknown` for type-safe input
+  displayData: DisplayData
+): NodeOrStructure => {
+  const [key, ...rest] = path;
+
+  // Case 1: Map over an array (key is null)
+  if (key === null) {
+    if (!Array.isArray(sourceValue)) return currentObject;
+
+    // We assert the type here because we know this branch handles PropertyNodes
+    const node = currentObject as Partial<PropertyNode<unknown[]>>;
+    const existingValue = Array.isArray(node.value) ? node.value : [];
+
+    const mappedArray = sourceValue.map((item, idx) =>
+      createNestedProperty(existingValue[idx] || {}, rest, item, displayData)
+    );
+
+    return {
+      ...node,
+      value: mappedArray,
+      name: node.name ?? buildName(displayData),
+    };
+  }
+
+  // Case 2: Handle an object key (key is a string)
+  if (typeof key === "string") {
+    let nextSourceValue = sourceValue;
+
+    if (isObject(sourceValue)) {
+      // Skip processing when the key is not found within the claim object
+      if (!(key in sourceValue)) return currentObject;
+
+      nextSourceValue = sourceValue[key];
+    }
+
+    // base case
+    if (rest.length === 0) {
+      return {
+        ...currentObject,
+        [key]: { value: nextSourceValue, name: buildName(displayData) },
+      };
+    }
+
+    // recursive step
+    const nextObject =
+      (currentObject as Record<string, NodeOrStructure>)[key] || {};
+
+    return {
+      ...currentObject,
+      [key]: createNestedProperty(
+        nextObject,
+        rest,
+        nextSourceValue,
+        displayData
+      ),
+    };
+  }
+
+  // Case 3: Handle a specific array index (key is a number)
+  if (typeof key === "number") {
+    const newArray = Array.isArray(currentObject) ? [...currentObject] : [];
+    const nextValue = Array.isArray(sourceValue) ? sourceValue[key] : undefined;
+
+    newArray[key] = createNestedProperty(
+      newArray[key] || {},
+      rest,
+      nextValue,
+      displayData
+    );
+    return newArray;
+  }
+
+  return currentObject;
+};
+
 const parseCredentialSdJwt = (
   // The credential configuration to use to parse the provided credential
   credentialConfig: CredentialConf,
@@ -72,7 +184,7 @@ const parseCredentialSdJwt = (
   includeUndefinedAttributes: boolean = false
 ): ParsedCredential => {
   if (credentialConfig.format !== sdJwt.header.typ) {
-    const message = `Received credential is of an unknwown type. Expected one of [${credentialConfig.format}], received '${sdJwt.header.typ}'`;
+    const message = `Received credential is of an unknown type. Expected one of [${credentialConfig.format}], received '${sdJwt.header.typ}'`;
     Logger.log(LogLevel.ERROR, message);
     throw new IoWalletError(message);
   }
@@ -81,55 +193,40 @@ const parseCredentialSdJwt = (
     Logger.log(LogLevel.ERROR, "Missing claims in the credential subject");
     throw new IoWalletError("Missing claims in the credential subject"); // TODO [SIW-1268]: should not be optional
   }
+
   const attrDefinitions = credentialConfig.claims;
 
-  // the key of the attribute defintion must match the disclosure's name
+  // Validate that all attributes from the config exist in the disclosures
   const attrsNotInDisclosures = attrDefinitions.filter(
-    (definition) => !disclosures.some(([, name]) => name === definition.path[0]) // Ignore nested paths for now, see https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-15.html#name-claims-path-pointer
+    (definition) => !disclosures.some(([, name]) => name === definition.path[0])
   );
-  if (attrsNotInDisclosures.length > 0) {
+
+  if (attrsNotInDisclosures.length > 0 && !ignoreMissingAttributes) {
     const missing = attrsNotInDisclosures.map((_) => _.path[0]).join(", ");
-    const received = disclosures.map((_) => _[1 /* name */]).join(", ");
-    if (!ignoreMissingAttributes) {
-      const message = `Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`;
-      Logger.log(LogLevel.ERROR, message);
-      throw new IoWalletError(message);
-    }
+    const received = disclosures.map((_) => _[1]).join(", ");
+    const message = `Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`;
+    Logger.log(LogLevel.ERROR, message);
+    throw new IoWalletError(message);
   }
 
-  // attributes that are defined in the issuer configuration
-  // and are present in the disclosure set
-  const definedValues = Object.fromEntries(
-    attrDefinitions
-      // retrieve the value from the disclosure set
-      .map(
-        ({ path, ...definition }) =>
-          [
-            path[0],
-            {
-              ...definition,
-              value: disclosures.find(
-                (_) => _[1 /* name */] === path[0]
-              )?.[2 /* value */],
-            },
-          ] as const
-      )
-      // add a human readable attribute name, with i18n, in the form { locale: name }
-      // example: { "it-IT": "Nome", "en-EN": "Name", "es-ES": "Nombre" }
-      .map(
-        ([attrKey, { display, ...definition }]) =>
-          [
-            attrKey,
-            {
-              ...definition,
-              name: display.reduce(
-                (names, { locale, name }) => ({ ...names, [locale]: name }),
-                {} as Record<string, string>
-              ),
-            },
-          ] as const
-      )
-  );
+  const definedValues: ParsedCredential = {};
+
+  for (const { path, display } of attrDefinitions) {
+    const attrKey = path[0];
+    const disclosureValue = disclosures.find(
+      ([, name]) => name === attrKey
+    )?.[2];
+
+    if (disclosureValue !== undefined) {
+      const enriched = createNestedProperty(
+        definedValues,
+        path,
+        disclosureValue,
+        display
+      );
+      Object.assign(definedValues, enriched);
+    }
+  }
 
   if (includeUndefinedAttributes) {
     // attributes that are in the disclosure set
@@ -139,6 +236,7 @@ const parseCredentialSdJwt = (
         .filter((_) => !Object.keys(definedValues).includes(_[1]))
         .map(([, key, value]) => [key, { value, name: key }])
     );
+
     return {
       ...definedValues,
       ...undefinedValues,

package/src/credential/presentation/07-evaluate-dcql-query.ts

@@ -1,10 +1,10 @@
 import { DcqlQuery, DcqlError, DcqlQueryResult } from "dcql";
 import { isValiError } from "valibot";
+import type { CryptoContext } from "@pagopa/io-react-native-jwt";
 import { decode, prepareVpToken } from "../../sd-jwt";
-import type { Disclosure } from "../../sd-jwt/types";
+import { LEGACY_SD_JWT, type Disclosure } from "../../sd-jwt/types";
 import type { RemotePresentation } from "./types";
 import { CredentialsNotFoundError, type NotFoundDetail } from "./errors";
-import type { CryptoContext } from "@pagopa/io-react-native-jwt";
 
 /**
  * The purpose for the credential request by the RP.
@@ -97,7 +97,7 @@ const extractMissingCredentials = (
     const credential = originalQuery.credentials.find((c) => c.id === id);
     if (
       credential?.format !== "dc+sd-jwt" &&
-      credential?.format !== "vc+sd-jwt"
+      credential?.format !== LEGACY_SD_JWT
     ) {
       throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
     }
@@ -134,7 +134,7 @@ export const evaluateDcqlQuery: EvaluateDcqlQuery = (
     return getDcqlQueryMatches(queryResult).map(([id, match]) => {
       if (
         match.output.credential_format !== "dc+sd-jwt" &&
-        match.output.credential_format !== "vc+sd-jwt"
+        match.output.credential_format !== LEGACY_SD_JWT
       ) {
         throw new Error("Unsupported format"); // TODO [SIW-2082]: support MDOC credentials
       }

package/src/credential/status/02-status-assertion.ts

@@ -15,11 +15,12 @@ import {
 } from "../../utils/errors";
 import { Logger, LogLevel } from "../../utils/logging";
 import { extractJwkFromCredential } from "../../utils/credentials";
+import type { SupportedSdJwtLegacyFormat } from "../../sd-jwt/types";
 
 export type StatusAssertion = (
   issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
   credential: Out<ObtainCredential>["credential"],
-  format: Out<ObtainCredential>["format"],
+  format: Out<ObtainCredential>["format"] | SupportedSdJwtLegacyFormat,
   context: {
     credentialCryptoContext: CryptoContext;
     wiaCryptoContext: CryptoContext;

package/src/credential/status/03-verify-and-parse-status-assertion.ts

@@ -17,12 +17,13 @@ import { Logger, LogLevel } from "../../utils/logging";
 import type { ObtainCredential } from "../issuance";
 import { extractJwkFromCredential } from "../../utils/credentials";
 import { isSameThumbprint } from "../../utils/jwk";
+import type { SupportedSdJwtLegacyFormat } from "../../sd-jwt/types";
 
 export type VerifyAndParseStatusAssertion = (
   issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
   statusAssertion: Out<StatusAssertion>,
   credential: Out<ObtainCredential>["credential"],
-  format: Out<ObtainCredential>["format"]
+  format: Out<ObtainCredential>["format"] | SupportedSdJwtLegacyFormat
 ) => Promise<{ parsedStatusAssertion: ParsedStatusAssertion }>;
 
 /**

package/src/sd-jwt/types.ts

@@ -20,6 +20,13 @@ export const Disclosure = z.tuple([
   /* claim value */ z.unknown(),
 ]);
 
+/**
+ * For backward compatibility reasons it is still necessary to support the legacy SD-JWT
+ * in a few flows (for instance status assertion and presentation of the old eID).
+ */
+export type SupportedSdJwtLegacyFormat = typeof LEGACY_SD_JWT;
+export const LEGACY_SD_JWT = "vc+sd-jwt";
+
 /**
  * Encoding depends on the serialization algorithm used when generating the disclosure tokens.
  * The SD-JWT reference itself take no decision about how to handle whitespaces in serialized objects.
@@ -44,7 +51,7 @@ const StatusAssertion = z.object({
 export type SdJwt4VC = z.infer<typeof SdJwt4VC>;
 export const SdJwt4VC = z.object({
   header: z.object({
-    typ: z.enum(["vc+sd-jwt", "dc+sd-jwt"]),
+    typ: z.enum(["dc+sd-jwt", LEGACY_SD_JWT]),
     alg: z.string(),
     kid: z.string(),
     trust_chain: z.array(z.string()).optional(),
@@ -62,7 +69,7 @@ export const SdJwt4VC = z.object({
         .union([
           // Credentials v1.0
           z.object({ status_assertion: StatusAssertion }),
-          // Credentials v0.7.1
+          // Legacy credentials v0.7.1
           z.object({ status_attestation: StatusAssertion }),
         ])
         .optional(),

package/src/trust/types.ts

@@ -71,6 +71,10 @@ const SupportedCredentialMetadata = z.intersection(
   })
 );
 
+/**
+ * Supported formats for credentials issued by the Issuer API 1.0,
+ * compliant with IT-Wallet technical specifications 1.0.
+ */
 export type SupportedCredentialFormat = z.infer<
   typeof SupportedCredentialMetadata
 >["format"];

package/src/utils/credentials.ts

@@ -4,8 +4,12 @@ import type { Out } from "./misc";
 import type { ObtainCredential } from "../credential/issuance";
 import type { JWK } from "./jwk";
 import { IoWalletError } from "./errors";
+import {
+  LEGACY_SD_JWT,
+  type SupportedSdJwtLegacyFormat,
+} from "../sd-jwt/types";
 
-const SD_JWT = ["vc+sd-jwt", "dc+sd-jwt"];
+const SD_JWT = ["dc+sd-jwt", LEGACY_SD_JWT];
 
 /**
  * Extracts a JWK from a credential.
@@ -15,7 +19,7 @@ const SD_JWT = ["vc+sd-jwt", "dc+sd-jwt"];
  */
 export const extractJwkFromCredential = async (
   credential: Out<ObtainCredential>["credential"],
-  format: Out<ObtainCredential>["format"]
+  format: Out<ObtainCredential>["format"] | SupportedSdJwtLegacyFormat
 ): Promise<JWK> => {
   if (SD_JWT.includes(format)) {
     // 1. SD-JWT case

package/src/utils/misc.ts

@@ -78,3 +78,6 @@ export const safeJsonParse = <T>(text: string, withDefault?: T): T | null => {
     return withDefault ?? null;
   }
 };
+
+export const isObject = (value: unknown): value is Record<string, unknown> =>
+  typeof value === "object" && value !== null && !Array.isArray(value);