@pagopa/io-react-native-wallet 2.1.1 → 2.2.0

package/lib/typescript/mdoc/utils.d.ts

@@ -1,7 +1,57 @@
+import type { VerifyAndParseCredential } from "../credential/issuance";
+import type { Out } from "../utils/misc";
 /**
  * @param namespace The mdoc credential `namespace`
  * @param key The claim attribute key
  * @returns A string consisting of the concatenation of the namespace and the claim key, separated by a colon
  */
 export declare const getParsedCredentialClaimKey: (namespace: string, key: string) => string;
+/**
+ * Extract and validate the `verification` claim from an mdoc parsed credential.
+ *
+ * This method is **synchronous**, so it requires a credential that was already parsed.
+ *
+ * @param parsedCredential The parsed mdoc credential
+ * @returns The verification claim or undefined if it wasn't found
+ */
+export declare const getVerificationFromParsedCredential: (parsedCredential: Out<VerifyAndParseCredential>["parsedCredential"]) => {
+    trust_framework: string;
+    assurance_level: string;
+    evidence: {
+        type: "vouch";
+        time: string | number;
+        attestation: {
+            type: "digital_attestation";
+            reference_number: string;
+            date_of_issuance: string;
+            voucher: {
+                organization: string;
+            };
+        };
+    }[];
+} | undefined;
+/**
+ * Extract and validate the `verification` claim from an MDOC credential.
+ *
+ * This method is **asynchronous**. See {@link getVerificationFromParsedCredential} for the synchronous version.
+ *
+ * @param token The raw MDOC credential
+ * @returns The verification claim or undefined if it wasn't found
+ */
+export declare const getVerification: (token: string) => Promise<{
+    trust_framework: string;
+    assurance_level: string;
+    evidence: {
+        type: "vouch";
+        time: string | number;
+        attestation: {
+            type: "digital_attestation";
+            reference_number: string;
+            date_of_issuance: string;
+            voucher: {
+                organization: string;
+            };
+        };
+    }[];
+} | undefined>;
 //# sourceMappingURL=utils.d.ts.map

package/lib/typescript/mdoc/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/mdoc/utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,eAAO,MAAM,2BAA2B,cAAe,MAAM,OAAO,MAAM,WACnD,CAAC"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/mdoc/utils.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AACvE,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,eAAe,CAAC;AAGzC;;;;GAIG;AACH,eAAO,MAAM,2BAA2B,cAAe,MAAM,OAAO,MAAM,WACnD,CAAC;AAExB;;;;;;;GAOG;AACH,eAAO,MAAM,mCAAmC,qBAC5B,IAAI,wBAAwB,CAAC,CAAC,kBAAkB,CAAC;;;;;;;;;;;;;;;aAQpE,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,eAAe,UAAiB,MAAM;;;;;;;;;;;;;;;cAQlD,CAAC"}

package/lib/typescript/utils/nestedProperty.d.ts

@@ -16,8 +16,9 @@ type NodeOrStructure = Partial<PropertyNode<any>> | Record<string, any> | any[];
  * @param path - The path segments to follow.
  * @param sourceValue - The raw value to place at the end of the path.
  * @param displayData - The data for generating localized names.
+ * @param skipMissingLeaves - If true, skips optional keys when mapping over arrays.
  * @returns The new object or array structure.
  */
-export declare const createNestedProperty: (currentObject: NodeOrStructure, path: Path, sourceValue: unknown, displayData: DisplayData) => NodeOrStructure;
+export declare const createNestedProperty: (currentObject: NodeOrStructure, path: Path, sourceValue: unknown, displayData: DisplayData, skipMissingLeaves?: boolean) => NodeOrStructure;
 export {};
 //# sourceMappingURL=nestedProperty.d.ts.map

package/lib/typescript/utils/nestedProperty.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"nestedProperty.d.ts","sourceRoot":"","sources":["../../../src/utils/nestedProperty.ts"],"names":[],"mappings":"AAGA,KAAK,WAAW,GAAG;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,EAAE,CAAC;AAGtD,KAAK,cAAc,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAG7C,KAAK,YAAY,CAAC,CAAC,IAAI;IACrB,KAAK,EAAE,CAAC,CAAC;IACT,IAAI,EAAE,cAAc,CAAC;CACtB,CAAC;AAGF,KAAK,IAAI,GAAG,CAAC,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC;AAGvC,KAAK,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,CAAC;AA6GhF;;;;;;;;GAQG;AACH,eAAO,MAAM,oBAAoB,kBAChB,eAAe,2BAEjB,OAAO,+BAEnB,eA4BF,CAAC"}
+{"version":3,"file":"nestedProperty.d.ts","sourceRoot":"","sources":["../../../src/utils/nestedProperty.ts"],"names":[],"mappings":"AAGA,KAAK,WAAW,GAAG;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,EAAE,CAAC;AAGtD,KAAK,cAAc,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAG7C,KAAK,YAAY,CAAC,CAAC,IAAI;IACrB,KAAK,EAAE,CAAC,CAAC;IACT,IAAI,EAAE,cAAc,CAAC;CACtB,CAAC;AAGF,KAAK,IAAI,GAAG,CAAC,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC;AAGvC,KAAK,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,EAAE,CAAC;AAkIhF;;;;;;;;;GASG;AACH,eAAO,MAAM,oBAAoB,kBAChB,eAAe,2BAEjB,OAAO,gDAED,OAAO,KACzB,eA6BF,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/io-react-native-wallet",
-  "version": "2.1.1",
+  "version": "2.2.0",
   "description": "Provide data structures, helpers and API for IO Wallet",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",

package/src/credential/issuance/07-verify-and-parse-credential.ts

@@ -9,7 +9,7 @@ import type { ObtainCredential } from "./06-obtain-credential";
 import { verify as verifyMdoc } from "../../mdoc";
 import { MDOC_DEFAULT_NAMESPACE } from "../../mdoc/const";
 import { getParsedCredentialClaimKey } from "../../mdoc/utils";
-import { LogLevel, Logger } from "../../utils/logging";
+import { Logger, LogLevel } from "../../utils/logging";
 import { extractElementValueAsDate } from "../../mdoc/converter";
 import type { CBOR } from "@pagopa/io-react-native-iso18013";
 import type { PublicKey } from "@pagopa/io-react-native-crypto";
@@ -85,36 +85,69 @@ const parseCredentialSdJwt = (
 
   const attrDefinitions = credentialConfig.claims;
 
-  // Validate that all attributes from the config exist in the disclosures
-  const attrsNotInDisclosures = attrDefinitions.filter(
-    (definition) => !disclosures.some(([, name]) => name === definition.path[0])
-  );
+  // Validate that all attributes from the config exist in either disclosures OR payload
+  if (!ignoreMissingAttributes) {
+    const disclosedKeys = new Set(disclosures.map(([, name]) => name));
+    const payloadKeys = new Set(Object.keys(sdJwt.payload ?? {}));
 
-  if (attrsNotInDisclosures.length > 0 && !ignoreMissingAttributes) {
-    const missing = attrsNotInDisclosures.map((_) => _.path[0]).join(", ");
-    const received = disclosures.map((_) => _[1]).join(", ");
-    const message = `Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`;
-    Logger.log(LogLevel.ERROR, message);
-    throw new IoWalletError(message);
+    const definedTopLevelKeys = new Set(
+      attrDefinitions.map((def) => def.path[0] as string)
+    );
+
+    const missingKeys = [...definedTopLevelKeys].filter(
+      (key) => !disclosedKeys.has(key) && !payloadKeys.has(key)
+    );
+
+    if (missingKeys.length > 0) {
+      throw new IoWalletError(
+        `Some attributes are missing in the credential. Missing: [${missingKeys.join(", ")}]`
+      );
+    }
   }
 
   const definedValues: ParsedCredential = {};
 
-  for (const { path, display } of attrDefinitions) {
-    const attrKey = path[0];
-    const disclosureValue = disclosures.find(
-      ([, name]) => name === attrKey
-    )?.[2];
-
-    if (disclosureValue !== undefined) {
-      const enriched = createNestedProperty(
-        definedValues,
-        path,
-        disclosureValue,
-        display
-      );
-      Object.assign(definedValues, enriched);
+  // Group all schema definitions by their top-level key
+  const groupedDefinitions = attrDefinitions.reduce(
+    (acc, def) => {
+      const key = def.path[0] as string;
+      const group = acc[key];
+      if (group) {
+        group.push(def);
+      } else {
+        acc[key] = [def];
+      }
+      return acc;
+    },
+    {} as Record<string, typeof attrDefinitions>
+  );
+
+  // Loop through each group
+  for (const topLevelKey in groupedDefinitions) {
+    const definitionsForThisKey = groupedDefinitions[topLevelKey];
+
+    if (!definitionsForThisKey) {
+      continue;
     }
+
+    const disclosureForThisKey = disclosures.find(
+      ([, name]) => name === topLevelKey
+    );
+
+    if (!disclosureForThisKey) {
+      continue;
+    }
+
+    const disclosureValue = disclosureForThisKey[2];
+
+    const tempObjectForGroup = definitionsForThisKey.reduce(
+      (acc, { path, display }) =>
+        createNestedProperty(acc, path, disclosureValue, display),
+      {}
+    );
+
+    // Merge the fully constructed object into the final result
+    Object.assign(definedValues, tempObjectForGroup);
   }
 
   if (includeUndefinedAttributes) {
@@ -134,6 +167,7 @@ const parseCredentialSdJwt = (
 
   return definedValues;
 };
+
 const parseCredentialMDoc = (
   // the list of supported credentials, as defined in the issuer configuration
   credentialConfig: CredentialConf,
@@ -294,7 +328,7 @@ async function verifyCredentialSdJwt(
  * and it's bound to the given key
  *
  * @param rawCredential The received credential
- * @param issuerKeys The set of public keys of the issuer,
+ * @param x509CertRoot The root certificate of the issuer,
  * which will be used to verify the signature
  * @param holderBindingContext The access to the holder's key
  *

package/src/index.ts

@@ -7,6 +7,7 @@ import "react-native-url-polyfill/auto";
 import * as Credential from "./credential";
 import * as PID from "./pid";
 import * as SdJwt from "./sd-jwt";
+import * as Mdoc from "./mdoc";
 import * as Errors from "./utils/errors";
 import * as WalletInstanceAttestation from "./wallet-instance-attestation";
 import * as Trust from "./trust";
@@ -18,6 +19,7 @@ import type { IntegrityContext } from "./utils/integrity";
 
 export {
   SdJwt,
+  Mdoc,
   PID,
   Credential,
   WalletInstanceAttestation,

package/src/mdoc/index.ts

@@ -9,6 +9,7 @@ import {
 import { MissingX509CertsError, X509ValidationError } from "../trust/errors";
 import { IoWalletError } from "../utils/errors";
 import { convertBase64DerToPem, getSigninJwkFromCert } from "../utils/crypto";
+export * from "./utils";
 
 export const verify = async (
   token: string,

package/src/mdoc/utils.ts

@@ -1,3 +1,9 @@
+import { CBOR } from "@pagopa/io-react-native-iso18013";
+import { Verification } from "../sd-jwt/types";
+import type { VerifyAndParseCredential } from "../credential/issuance";
+import type { Out } from "../utils/misc";
+import { MDOC_DEFAULT_NAMESPACE } from "./const";
+
 /**
  * @param namespace The mdoc credential `namespace`
  * @param key The claim attribute key
@@ -5,3 +11,40 @@
  */
 export const getParsedCredentialClaimKey = (namespace: string, key: string) =>
   `${namespace}:${key}`;
+
+/**
+ * Extract and validate the `verification` claim from an mdoc parsed credential.
+ *
+ * This method is **synchronous**, so it requires a credential that was already parsed.
+ *
+ * @param parsedCredential The parsed mdoc credential
+ * @returns The verification claim or undefined if it wasn't found
+ */
+export const getVerificationFromParsedCredential = (
+  parsedCredential: Out<VerifyAndParseCredential>["parsedCredential"]
+) => {
+  const verificationKey = getParsedCredentialClaimKey(
+    `${MDOC_DEFAULT_NAMESPACE}.IT`,
+    "verification"
+  );
+  const verification = parsedCredential[verificationKey]?.value;
+  return verification ? Verification.parse(verification) : undefined;
+};
+
+/**
+ * Extract and validate the `verification` claim from an MDOC credential.
+ *
+ * This method is **asynchronous**. See {@link getVerificationFromParsedCredential} for the synchronous version.
+ *
+ * @param token The raw MDOC credential
+ * @returns The verification claim or undefined if it wasn't found
+ */
+export const getVerification = async (token: string) => {
+  const issuerSigned = await CBOR.decodeIssuerSigned(token);
+  const namespace = issuerSigned.nameSpaces[`${MDOC_DEFAULT_NAMESPACE}.IT`];
+  const verification = namespace?.find(
+    (x) => x.elementIdentifier === "verification"
+  )?.elementValue;
+
+  return verification ? Verification.parse(verification) : undefined;
+};

package/src/utils/nestedProperty.ts

@@ -25,7 +25,7 @@ const buildName = (display: DisplayData): LocalizedNames =>
     {}
   );
 
-// Handles the case where the path key is `null`
+// Handles the case where the path key is `null` (indicating an array)
 const handleNullKeyCase = (
   currentObject: NodeOrStructure,
   rest: Path,
@@ -39,7 +39,15 @@ const handleNullKeyCase = (
   const existingValue = Array.isArray(node.value) ? node.value : [];
 
   const mappedArray = sourceValue.map((item, idx) =>
-    createNestedProperty(existingValue[idx] || {}, rest, item, displayData)
+    // When mapping over an array, recursively call with `skipMissingLeaves` set to `true`.
+    // This tells the function to skip optional keys inside these array objects.
+    createNestedProperty(
+      existingValue[idx] || {},
+      rest,
+      item,
+      displayData,
+      true
+    )
   );
 
   return {
@@ -55,7 +63,8 @@ const handleStringKeyCase = (
   key: string,
   rest: Path,
   sourceValue: unknown,
-  displayData: DisplayData
+  displayData: DisplayData,
+  skipMissingLeaves: boolean
 ): NodeOrStructure => {
   let nextSourceValue = sourceValue;
   const isLeaf = rest.length === 0;
@@ -73,7 +82,13 @@ const handleStringKeyCase = (
 
     // Skip processing when the key is not found within the claim object
     if (!(key in sourceValue)) {
-      // Leaf node: create a node with an empty value and display name
+      // If the flag is set (we're inside an array), skip the missing key completely.
+      if (skipMissingLeaves) {
+        return currentObject;
+      }
+
+      // If the flag is NOT set, create the empty placeholder
+      // so that its children can be attached later.
       if (isLeaf) {
         return {
           ...currentObject,
@@ -101,7 +116,13 @@ const handleStringKeyCase = (
 
   return {
     ...currentObject,
-    [key]: createNestedProperty(nextObject, rest, nextSourceValue, displayData),
+    [key]: createNestedProperty(
+      nextObject,
+      rest,
+      nextSourceValue,
+      displayData,
+      skipMissingLeaves
+    ),
   };
 };
 
@@ -132,13 +153,15 @@ const handleNumberKeyCase = (
  * @param path - The path segments to follow.
  * @param sourceValue - The raw value to place at the end of the path.
  * @param displayData - The data for generating localized names.
+ * @param skipMissingLeaves - If true, skips optional keys when mapping over arrays.
  * @returns The new object or array structure.
  */
 export const createNestedProperty = (
   currentObject: NodeOrStructure,
   path: Path,
-  sourceValue: unknown, // Use `unknown` for type-safe input
-  displayData: DisplayData
+  sourceValue: unknown,
+  displayData: DisplayData,
+  skipMissingLeaves: boolean = false
 ): NodeOrStructure => {
   const [key, ...rest] = path;
 
@@ -152,7 +175,8 @@ export const createNestedProperty = (
         key as string,
         rest,
         sourceValue,
-        displayData
+        displayData,
+        skipMissingLeaves
       );
 
     case typeof key === "number":
@@ -178,11 +202,12 @@ const handleRestKey = (
   displayData: DisplayData
 ): NodeOrStructure => {
   const currentNode = currentObject[key] ?? {};
-  // Take the first key in the remaining path
   const restKey = rest[0] as string;
   const nextSourceValue = sourceValue[restKey];
+  if (typeof nextSourceValue === "undefined") {
+    return currentObject;
+  }
 
-  // Merge the current node with the updated nested property for the remaining path.
   return {
     ...currentObject,
     [key]: {