@pagopa/io-react-native-wallet 2.1.0 → 2.2.0

package/src/trust/build-chain.ts

@@ -1,4 +1,3 @@
-import type { JWK } from "../utils/jwk";
 import {
   BuildTrustChainError,
   FederationListParseError,
@@ -266,39 +265,27 @@ export async function getFederationList(
  * Build a not-verified trust chain for a given Relying Party (RP) entity.
  *
  * @param relyingPartyEntityBaseUrl The base URL of the RP entity
- * @param trustAnchorKey The public key of the Trust Anchor (TA) entity
+ * @param trustAnchorConfig The entity configuration of the known trust anchor.
  * @param appFetch An optional instance of the http client to be used.
  * @returns A list of signed tokens that represent the trust chain, in the order of the chain (from the RP to the Trust Anchor)
  * @throws {FederationError} When an element of the chain fails to parse or other build steps fail.
  */
 export async function buildTrustChain(
   relyingPartyEntityBaseUrl: string,
-  trustAnchorKey: JWK,
+  trustAnchorConfig: TrustAnchorEntityConfiguration,
   appFetch: GlobalFetch["fetch"] = fetch
 ): Promise<string[]> {
-  // 1: Recursively gather the trust chain from the RP up to the Trust Anchor
-  const trustChain = await gatherTrustChain(
-    relyingPartyEntityBaseUrl,
-    appFetch
-  );
+  // 1: Verify if the RP is authorized by the Trust Anchor's federation list
+  // Extract the Trust Anchor's signing key and federation_list_endpoint
+  // (we assume the TA has only one key, as per spec)
+  const trustAnchorKey = trustAnchorConfig.payload.jwks.keys[0];
 
-  // 2: Trust Anchor signature verification
-  const trustAnchorJwt = trustChain[trustChain.length - 1];
-  if (!trustAnchorJwt) {
+  if (!trustAnchorKey) {
     throw new BuildTrustChainError(
-      "Cannot verify trust anchor: missing entity configuration in gathered chain.",
-      { relyingPartyUrl: relyingPartyEntityBaseUrl }
+      "Cannot verify trust anchor: missing signing key in entity configuration."
     );
   }
 
-  if (!trustAnchorKey.kid) {
-    throw new TrustAnchorKidMissingError();
-  }
-
-  await verify(trustAnchorJwt, trustAnchorKey.kid, [trustAnchorKey]);
-
-  // 3: Check the federation list
-  const trustAnchorConfig = EntityConfiguration.parse(decode(trustAnchorJwt));
   const federationListEndpoint =
     trustAnchorConfig.payload.metadata.federation_entity
       .federation_list_endpoint;
@@ -316,6 +303,26 @@ export async function buildTrustChain(
     }
   }
 
+  // 1: Recursively gather the trust chain from the RP up to the Trust Anchor
+  const trustChain = await gatherTrustChain(
+    relyingPartyEntityBaseUrl,
+    appFetch
+  );
+  // 2: Trust Anchor signature verification
+  const chainTrustAnchorJwt = trustChain[trustChain.length - 1];
+  if (!chainTrustAnchorJwt) {
+    throw new BuildTrustChainError(
+      "Cannot verify trust anchor: missing entity configuration in gathered chain.",
+      { relyingPartyUrl: relyingPartyEntityBaseUrl }
+    );
+  }
+
+  if (!trustAnchorKey.kid) {
+    throw new TrustAnchorKidMissingError();
+  }
+
+  await verify(chainTrustAnchorJwt, trustAnchorKey.kid, [trustAnchorKey]);
+
   return trustChain;
 }
 
@@ -339,7 +346,6 @@ async function gatherTrustChain(
     appFetch,
   });
   const entityEC = EntityConfiguration.parse(decode(entityECJwt));
-
   if (isLeaf) {
     // Only push EC for the leaf
     chain.push(entityECJwt);
@@ -354,7 +360,6 @@ async function gatherTrustChain(
     }
     return chain;
   }
-
   const parentEntityBaseUrl = authorityHints[0]!;
 
   // Fetch parent EC
@@ -362,7 +367,6 @@ async function gatherTrustChain(
     appFetch,
   });
   const parentEC = EntityConfiguration.parse(decode(parentECJwt));
-
   // Fetch ES
   const federationFetchEndpoint =
     parentEC.payload.metadata.federation_entity.federation_fetch_endpoint;
@@ -372,7 +376,6 @@ async function gatherTrustChain(
       { entityBaseUrl, missingInEntityUrl: parentEntityBaseUrl }
     );
   }
-
   const entityStatementJwt = await getSignedEntityStatement(
     federationFetchEndpoint,
     entityBaseUrl,

package/src/utils/nestedProperty.ts

@@ -25,7 +25,7 @@ const buildName = (display: DisplayData): LocalizedNames =>
     {}
   );
 
-// Handles the case where the path key is `null`
+// Handles the case where the path key is `null` (indicating an array)
 const handleNullKeyCase = (
   currentObject: NodeOrStructure,
   rest: Path,
@@ -39,7 +39,15 @@ const handleNullKeyCase = (
   const existingValue = Array.isArray(node.value) ? node.value : [];
 
   const mappedArray = sourceValue.map((item, idx) =>
-    createNestedProperty(existingValue[idx] || {}, rest, item, displayData)
+    // When mapping over an array, recursively call with `skipMissingLeaves` set to `true`.
+    // This tells the function to skip optional keys inside these array objects.
+    createNestedProperty(
+      existingValue[idx] || {},
+      rest,
+      item,
+      displayData,
+      true
+    )
   );
 
   return {
@@ -55,7 +63,8 @@ const handleStringKeyCase = (
   key: string,
   rest: Path,
   sourceValue: unknown,
-  displayData: DisplayData
+  displayData: DisplayData,
+  skipMissingLeaves: boolean
 ): NodeOrStructure => {
   let nextSourceValue = sourceValue;
   const isLeaf = rest.length === 0;
@@ -73,7 +82,13 @@ const handleStringKeyCase = (
 
     // Skip processing when the key is not found within the claim object
     if (!(key in sourceValue)) {
-      // Leaf node: create a node with an empty value and display name
+      // If the flag is set (we're inside an array), skip the missing key completely.
+      if (skipMissingLeaves) {
+        return currentObject;
+      }
+
+      // If the flag is NOT set, create the empty placeholder
+      // so that its children can be attached later.
       if (isLeaf) {
         return {
           ...currentObject,
@@ -101,7 +116,13 @@ const handleStringKeyCase = (
 
   return {
     ...currentObject,
-    [key]: createNestedProperty(nextObject, rest, nextSourceValue, displayData),
+    [key]: createNestedProperty(
+      nextObject,
+      rest,
+      nextSourceValue,
+      displayData,
+      skipMissingLeaves
+    ),
   };
 };
 
@@ -132,13 +153,15 @@ const handleNumberKeyCase = (
  * @param path - The path segments to follow.
  * @param sourceValue - The raw value to place at the end of the path.
  * @param displayData - The data for generating localized names.
+ * @param skipMissingLeaves - If true, skips optional keys when mapping over arrays.
  * @returns The new object or array structure.
  */
 export const createNestedProperty = (
   currentObject: NodeOrStructure,
   path: Path,
-  sourceValue: unknown, // Use `unknown` for type-safe input
-  displayData: DisplayData
+  sourceValue: unknown,
+  displayData: DisplayData,
+  skipMissingLeaves: boolean = false
 ): NodeOrStructure => {
   const [key, ...rest] = path;
 
@@ -152,7 +175,8 @@ export const createNestedProperty = (
         key as string,
         rest,
         sourceValue,
-        displayData
+        displayData,
+        skipMissingLeaves
       );
 
     case typeof key === "number":
@@ -178,11 +202,12 @@ const handleRestKey = (
   displayData: DisplayData
 ): NodeOrStructure => {
   const currentNode = currentObject[key] ?? {};
-  // Take the first key in the remaining path
   const restKey = rest[0] as string;
   const nextSourceValue = sourceValue[restKey];
+  if (typeof nextSourceValue === "undefined") {
+    return currentObject;
+  }
 
-  // Merge the current node with the updated nested property for the remaining path.
   return {
     ...currentObject,
     [key]: {