@pagopa/io-react-native-wallet 2.4.1 → 2.5.0

package/lib/module/utils/parser.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["isPathEqual","pathA","pathB","length","every","v","i","isPrefixOf","prefix","fullPath"],"sourceRoot":"../../../src","sources":["utils/parser.ts"],"mappings":"AAAA;AACA;AACA;AACA,OAAO,MAAMA,WAAW,GAAGA,CACzBC,KAAiC,EACjCC,KAAiC,KAEjCD,KAAK,CAACE,MAAM,KAAKD,KAAK,CAACC,MAAM,IAAIF,KAAK,CAACG,KAAK,CAAC,CAACC,CAAC,EAAEC,CAAC,KAAKD,CAAC,KAAKH,KAAK,CAACI,CAAC,CAAC,CAAC;AACxE;AACA;AACA;AACA,OAAO,MAAMC,UAAU,GAAGA,CACxBC,MAAkC,EAClCC,QAAoC,KACxB;EACZ,IAAID,MAAM,CAACL,MAAM,IAAIM,QAAQ,CAACN,MAAM,EAAE,OAAO,KAAK;EAClD,OAAOK,MAAM,CAACJ,KAAK,CAAC,CAACC,CAAC,EAAEC,CAAC,KAAKD,CAAC,KAAKI,QAAQ,CAACH,CAAC,CAAC,CAAC;AAClD,CAAC"}

package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"07-verify-and-parse-credential.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/07-verify-and-parse-credential.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAKtE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAU/D,KAAK,UAAU,GAAG,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,CAAC;AAQzD,MAAM,MAAM,wBAAwB,GAAG,CACrC,UAAU,EAAE,UAAU,EACtB,UAAU,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,YAAY,CAAC,EAC/C,yBAAyB,EAAE,MAAM,EACjC,OAAO,EAAE;IACP,uBAAuB,EAAE,aAAa,CAAC;IACvC;;OAEG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC;;OAEG;IACH,0BAA0B,CAAC,EAAE,OAAO,CAAC;CACtC,EACD,YAAY,CAAC,EAAE,MAAM,KAClB,OAAO,CAAC;IACX,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,UAAU,EAAE,IAAI,CAAC;IACjB,QAAQ,EAAE,IAAI,GAAG,SAAS,CAAC;CAC5B,CAAC,CAAC;AAGH,KAAK,gBAAgB,GAAG;IACtB,oBAAoB;IACpB,CAAC,KAAK,EAAE,MAAM,GAAG;QACf,IAAI,EACA,yBAAyB,CAAC,MAAM,CAC9B,MAAM,EACN,MAAM,CACP,GACD,4BAA4B,CAAC,MAAM,GACnC,SAAS,CAAC;QACd,KAAK,EAAE,OAAO,CAAC;KAChB,CAAC;CACH,CAAC;AA+ZF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,wBAAwB,EAAE,wBAuCtC,CAAC"}
+{"version":3,"file":"07-verify-and-parse-credential.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/07-verify-and-parse-credential.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAItE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAW/D,KAAK,UAAU,GAAG,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,CAAC;AAQzD,MAAM,MAAM,wBAAwB,GAAG,CACrC,UAAU,EAAE,UAAU,EACtB,UAAU,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,YAAY,CAAC,EAC/C,yBAAyB,EAAE,MAAM,EACjC,OAAO,EAAE;IACP,uBAAuB,EAAE,aAAa,CAAC;IACvC;;OAEG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC;;OAEG;IACH,0BAA0B,CAAC,EAAE,OAAO,CAAC;CACtC,EACD,YAAY,CAAC,EAAE,MAAM,KAClB,OAAO,CAAC;IACX,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,UAAU,EAAE,IAAI,CAAC;IACjB,QAAQ,EAAE,IAAI,GAAG,SAAS,CAAC;CAC5B,CAAC,CAAC;AAGH,KAAK,gBAAgB,GAAG;IACtB,oBAAoB;IACpB,CAAC,KAAK,EAAE,MAAM,GAAG;QACf,IAAI,EACA,yBAAyB,CAAC,MAAM,CAC9B,MAAM,EACN,MAAM,CACP,GACD,4BAA4B,CAAC,MAAM,GACnC,SAAS,CAAC;QACd,KAAK,EAAE,OAAO,CAAC;KAChB,CAAC;CACH,CAAC;AA2cF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,wBAAwB,EAAE,wBAuCtC,CAAC"}

package/lib/typescript/credential/issuance/mrtd-pop/02-init-challenge.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"02-init-challenge.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/mrtd-pop/02-init-challenge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,qBAAqB,CAAC;AACjE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAIjE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAG1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAE3C,MAAM,MAAM,aAAa,GAAG,CAC1B,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,OAAO,EAAE,MAAM,EACf,iBAAiB,EAAE,MAAM,EACzB,kBAAkB,EAAE,MAAM,EAC1B,OAAO,EAAE;IACP,gBAAgB,EAAE,aAAa,CAAC;IAChC,yBAAyB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC,CAAC;AAE1C;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,aAAa,EAAE,aA+C3B,CAAC"}
+{"version":3,"file":"02-init-challenge.d.ts","sourceRoot":"","sources":["../../../../../src/credential/issuance/mrtd-pop/02-init-challenge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,qBAAqB,CAAC;AACjE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAKjE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAQ1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAE3C,MAAM,MAAM,aAAa,GAAG,CAC1B,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,OAAO,EAAE,MAAM,EACf,iBAAiB,EAAE,MAAM,EACzB,kBAAkB,EAAE,MAAM,EAC1B,OAAO,EAAE;IACP,gBAAgB,EAAE,aAAa,CAAC;IAChC,yBAAyB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC,CAAC;AAE1C;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,aAAa,EAAE,aAgD3B,CAAC"}

package/lib/typescript/sd-jwt/index.d.ts

@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { Disclosure, SdJwt4VC, type DisclosureWithEncoded } from "./types";
+import { Disclosure, type DisclosureWithEncoded, SdJwt4VC } from "./types";
 import type { JWK } from "../utils/jwk";
 import * as Errors from "./errors";
 import { type Presentation } from "../credential/presentation/types";

package/lib/typescript/sd-jwt/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/sd-jwt/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAKxB,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAE3E,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AACxC,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AAEnC,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,kCAAkC,CAAC;AAErE,cAAc,SAAS,CAAC;AAQxB;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WACV,MAAM;;iBAIA,qBAAqB,EAAE;CA0BrC,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,QAAQ,UACZ,MAAM,UACL,MAAM,EAAE;WACE,MAAM;WAAS;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE;EA4CnE,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WACV,MAAM,aACF,GAAG,GAAG,GAAG,EAAE;;iBAEqB,UAAU,EAAE;EAqBxD,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,cAAc,UAClB,MAAM,aACF,MAAM;cAGP,MAAM;EAyBjB,CAAC;AAEF,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/sd-jwt/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAQxB,OAAO,EAAE,UAAU,EAAE,KAAK,qBAAqB,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAE3E,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AACxC,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AAEnC,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,kCAAkC,CAAC;AAErE,cAAc,SAAS,CAAC;AAQxB;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WACV,MAAM;;iBAIA,qBAAqB,EAAE;CA0BrC,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,QAAQ,UACZ,MAAM,UACL,MAAM,EAAE;WACE,MAAM;WAAS;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE;EA2CnE,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WACV,MAAM,aACF,GAAG,GAAG,GAAG,EAAE;;iBAEqB,UAAU,EAAE;EAqBxD,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,cAAc,UAClB,MAAM,aACF,MAAM;cAGP,MAAM;EAyBjB,CAAC;AAEF,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC"}

package/lib/typescript/utils/error-codes.d.ts

@@ -16,6 +16,10 @@ export declare const IssuerResponseErrorCodes: {
      * Error code thrown when an error occurs while obtaining a status attestation for a credential.
      */
     readonly StatusAttestationRequestFailed: "ERR_STATUS_ATTESTATION_REQUEST_FAILED";
+    /**
+     * Error code thrown when an error occurs while initializing the MRTD challenge.
+     */
+    readonly MrtdChallengeInitRequestFailed: "ERR_MRTD_CHALLENGE_INIT_REQUEST_FAILED";
 };
 export declare const WalletProviderResponseErrorCodes: {
     readonly WalletProviderGenericError: "ERR_IO_WALLET_PROVIDER_GENERIC_ERROR";

package/lib/typescript/utils/error-codes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"error-codes.d.ts","sourceRoot":"","sources":["../../../src/utils/error-codes.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,wBAAwB;;IAEnC;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;CAEK,CAAC;AAEX,eAAO,MAAM,gCAAgC;;IAE3C;;OAEG;;IAEH;;OAEG;;IAGH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;CAEK,CAAC;AAEX,eAAO,MAAM,8BAA8B;;IAEzC;;OAEG;;CAEK,CAAC;AAEX,MAAM,MAAM,uBAAuB,GACjC,CAAC,OAAO,wBAAwB,CAAC,CAAC,MAAM,OAAO,wBAAwB,CAAC,CAAC;AAE3E,MAAM,MAAM,+BAA+B,GACzC,CAAC,OAAO,gCAAgC,CAAC,CAAC,MAAM,OAAO,gCAAgC,CAAC,CAAC;AAE3F,MAAM,MAAM,6BAA6B,GACvC,CAAC,OAAO,8BAA8B,CAAC,CAAC,MAAM,OAAO,8BAA8B,CAAC,CAAC"}
+{"version":3,"file":"error-codes.d.ts","sourceRoot":"","sources":["../../../src/utils/error-codes.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,wBAAwB;;IAEnC;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;CAEK,CAAC;AAEX,eAAO,MAAM,gCAAgC;;IAE3C;;OAEG;;IAEH;;OAEG;;IAGH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;CAEK,CAAC;AAEX,eAAO,MAAM,8BAA8B;;IAEzC;;OAEG;;CAEK,CAAC;AAEX,MAAM,MAAM,uBAAuB,GACjC,CAAC,OAAO,wBAAwB,CAAC,CAAC,MAAM,OAAO,wBAAwB,CAAC,CAAC;AAE3E,MAAM,MAAM,+BAA+B,GACzC,CAAC,OAAO,gCAAgC,CAAC,CAAC,MAAM,OAAO,gCAAgC,CAAC,CAAC;AAE3F,MAAM,MAAM,6BAA6B,GACvC,CAAC,OAAO,8BAA8B,CAAC,CAAC,MAAM,OAAO,8BAA8B,CAAC,CAAC"}

package/lib/typescript/utils/parser.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Helper to determine if two paths are equal (Supports string | number | null)
+ */
+export declare const isPathEqual: (pathA: (string | number | null)[], pathB: (string | number | null)[]) => boolean;
+/**
+ * Helper to check if prefix is the start of fullPath
+ */
+export declare const isPrefixOf: (prefix: (string | number | null)[], fullPath: (string | number | null)[]) => boolean;
+//# sourceMappingURL=parser.d.ts.map

package/lib/typescript/utils/parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../../../src/utils/parser.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,eAAO,MAAM,WAAW,UACf,CAAC,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC,EAAE,SAC1B,CAAC,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC,EAAE,KAChC,OACqE,CAAC;AACzE;;GAEG;AACH,eAAO,MAAM,UAAU,WACb,CAAC,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC,EAAE,YACxB,CAAC,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC,EAAE,KACnC,OAGF,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/io-react-native-wallet",
-  "version": "2.4.1",
+  "version": "2.5.0",
   "description": "Provide data structures, helpers and API for IO Wallet",
   "main": "lib/commonjs/index",
   "module": "lib/module/index",
@@ -74,7 +74,8 @@
     "react": "19.0.0",
     "react-native": "0.78.3",
     "react-native-builder-bob": "^0.20.0",
-    "release-it": "^15.0.0",
+    "react-native-quick-crypto": "^0.7.17",
+    "release-it": "^19.0.6",
     "typed-openapi": "^0.4.1",
     "typescript": "5.0.4"
   },
@@ -83,7 +84,8 @@
     "@pagopa/io-react-native-iso18013": "*",
     "@pagopa/io-react-native-jwt": "*",
     "react": "*",
-    "react-native": "*"
+    "react-native": "*",
+    "react-native-quick-crypto": "*"
   },
   "engines": {
     "node": ">= 16.0.0"
@@ -134,6 +136,9 @@
     ]
   },
   "dependencies": {
+    "@sd-jwt/core": "^0.18.0",
+    "@sd-jwt/crypto-nodejs": "^0.18.0",
+    "@sd-jwt/types": "^0.18.0",
     "dcql": "^0.2.21",
     "js-base64": "^3.7.7",
     "js-sha256": "^0.9.0",

package/src/credential/issuance/07-verify-and-parse-credential.ts

@@ -3,17 +3,17 @@ import { type Out } from "../../utils/misc";
 import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
 import { IoWalletError } from "../../utils/errors";
 import { SdJwt4VC, verify as verifySdJwt } from "../../sd-jwt";
-import { getValueFromDisclosures } from "../../sd-jwt/converters";
 import { isSameThumbprint, type JWK } from "../../utils/jwk";
 import type { ObtainCredential } from "./06-obtain-credential";
-import { verify as verifyMdoc } from "../../mdoc";
+import { getParsedCredentialClaimKey, verify as verifyMdoc } from "../../mdoc";
 import { MDOC_DEFAULT_NAMESPACE } from "../../mdoc/const";
-import { getParsedCredentialClaimKey } from "../../mdoc/utils";
 import { Logger, LogLevel } from "../../utils/logging";
 import { extractElementValueAsDate } from "../../mdoc/converter";
 import type { CBOR } from "@pagopa/io-react-native-iso18013";
 import type { PublicKey } from "@pagopa/io-react-native-crypto";
-import { createNestedProperty } from "../../utils/nestedProperty";
+import { type SDJwt, SDJwtInstance } from "@sd-jwt/core";
+import { digest } from "@sd-jwt/crypto-nodejs";
+import { isPathEqual, isPrefixOf } from "../../utils/parser";
 
 type IssuerConf = Out<EvaluateIssuerTrust>["issuerConf"];
 type CredentialConf =
@@ -60,112 +60,139 @@ type ParsedCredential = {
   };
 };
 
-// handy alias
-type DecodedSdJwtCredential = Out<typeof verifySdJwt> & {
-  sdJwt: SdJwt4VC;
-};
-
+/**
+ * Parse a Sd-Jwt credential according to the issuer configuration
+ * @param credentialConfig - the list of supported credentials, as defined in the issuer configuration with their claims metadata
+ * @param parsedCredentialRaw - the raw parsed credential
+ * @param ignoreMissingAttributes - skip error when attributes declared in the issuer configuration are not found within disclosures
+ * @param includeUndefinedAttributes - include attributes not explicitly declared in the issuer configuration
+ * @returns The parsed credential with attributes in plain value
+ */
 const parseCredentialSdJwt = (
-  // The credential configuration to use to parse the provided credential
   credentialConfig: CredentialConf,
-  { sdJwt, disclosures }: DecodedSdJwtCredential,
+  parsedCredentialRaw: Record<string, unknown>,
   ignoreMissingAttributes: boolean = false,
   includeUndefinedAttributes: boolean = false
 ): ParsedCredential => {
-  if (credentialConfig.format !== sdJwt.header.typ) {
-    const message = `Received credential is of an unknown type. Expected one of [${credentialConfig.format}], received '${sdJwt.header.typ}'`;
-    Logger.log(LogLevel.ERROR, message);
-    throw new IoWalletError(message);
-  }
+  const claimsMetadata = credentialConfig.claims || [];
 
-  if (!credentialConfig.claims) {
-    Logger.log(LogLevel.ERROR, "Missing claims in the credential subject");
-    throw new IoWalletError("Missing claims in the credential subject"); // TODO [SIW-1268]: should not be optional
-  }
-
-  const attrDefinitions = credentialConfig.claims;
-
-  // Validate that all attributes from the config exist in either disclosures OR payload
+  // Check that all mandatory attributes defined in the issuer configuration are present in the credential
   if (!ignoreMissingAttributes) {
-    const disclosedKeys = new Set(disclosures.map(([, name]) => name));
-    const payloadKeys = new Set(Object.keys(sdJwt.payload ?? {}));
-
-    const definedTopLevelKeys = new Set(
-      attrDefinitions.map((def) => def.path[0] as string)
+    const missingPaths: string[] = [];
+    const rootKeysToVerify = new Set(
+      claimsMetadata
+        .map((c) => c.path[0])
+        .filter((p): p is string => typeof p === "string")
     );
 
-    const missingKeys = [...definedTopLevelKeys].filter(
-      (key) => !disclosedKeys.has(key) && !payloadKeys.has(key)
-    );
+    for (const rootKey of rootKeysToVerify) {
+      if (!(rootKey in parsedCredentialRaw)) {
+        missingPaths.push(rootKey);
+      }
+    }
 
-    if (missingKeys.length > 0) {
+    if (missingPaths.length > 0) {
+      const missing = missingPaths.join(", ");
+      const received = Object.keys(parsedCredentialRaw).join(", ");
       throw new IoWalletError(
-        `Some attributes are missing in the credential. Missing: [${missingKeys.join(", ")}]`
+        `Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`
       );
     }
   }
 
-  const definedValues: ParsedCredential = {};
-
-  // Group all schema definitions by their top-level key
-  const groupedDefinitions = attrDefinitions.reduce(
-    (acc, def) => {
-      const key = def.path[0] as string;
-      const group = acc[key];
-      if (group) {
-        group.push(def);
-      } else {
-        acc[key] = [def];
-      }
-      return acc;
-    },
-    {} as Record<string, typeof attrDefinitions>
-  );
-
-  // Loop through each group
-  for (const topLevelKey in groupedDefinitions) {
-    const definitionsForThisKey = groupedDefinitions[topLevelKey];
+  /**
+   * Helper to find display metadata for any given path
+   */
+  const getDisplayNames = (
+    path: (string | number | null)[]
+  ): Record<string, string> | undefined => {
+    const match = claimsMetadata.find((c) => isPathEqual(c.path, path));
+    if (!match) return undefined;
+
+    const nameMap: Record<string, string> = {};
+    for (const entry of match.display) {
+      nameMap[entry.locale] = entry.name;
+    }
+    return nameMap;
+  };
 
-    if (!definitionsForThisKey) {
-      continue;
+  /**
+   * Recursive function to build the localized structure
+   */
+  const processLevel = (
+    currentData: unknown,
+    currentPath: (string | number | null)[]
+  ): unknown => {
+    // Handle Arrays
+    if (Array.isArray(currentData)) {
+      return currentData.map((item) =>
+        processLevel(item, [...currentPath, null])
+      );
     }
 
-    const disclosureForThisKey = disclosures.find(
-      ([, name]) => name === topLevelKey
-    );
+    // Handle Objects
+    if (typeof currentData !== "object" || currentData === null) {
+      return currentData;
+    }
 
-    if (!disclosureForThisKey) {
-      continue;
+    const dataObj = currentData as Record<string, unknown>;
+    const result: ParsedCredential = {};
+    const processedKeys = new Set<string | number>();
+
+    // Identify unique keys in config at this level
+    const configKeysAtThisLevel: (string | number)[] = [];
+    for (const claim of claimsMetadata) {
+      // Check if the claim path starts with the current path
+      if (isPrefixOf(currentPath, claim.path)) {
+        const nextPart = claim.path[currentPath.length];
+        if (
+          (typeof nextPart === "string" || typeof nextPart === "number") &&
+          !configKeysAtThisLevel.includes(nextPart)
+        ) {
+          configKeysAtThisLevel.push(nextPart);
+        }
+      }
     }
 
-    const disclosureValue = disclosureForThisKey[2];
+    // Process keys
+    for (const key of configKeysAtThisLevel) {
+      const stringKey = key.toString();
+      const dataValue = dataObj[stringKey];
+      if (dataValue === undefined) continue;
 
-    const tempObjectForGroup = definitionsForThisKey.reduce(
-      (acc, { path, display }) =>
-        createNestedProperty(acc, path, disclosureValue, display),
-      {}
-    );
+      const newPath = [...currentPath, key];
 
-    // Merge the fully constructed object into the final result
-    Object.assign(definedValues, tempObjectForGroup);
-  }
+      let localizedNames = getDisplayNames(newPath);
 
-  if (includeUndefinedAttributes) {
-    // attributes that are in the disclosure set
-    // but are not defined in the issuer configuration
-    const undefinedValues = Object.fromEntries(
-      disclosures
-        .filter((_) => !Object.keys(definedValues).includes(_[1]))
-        .map(([, key, value]) => [key, { value, name: key }])
-    );
+      // Fallback for arrays
+      if (!localizedNames && Array.isArray(dataValue)) {
+        localizedNames = getDisplayNames([...newPath, null]);
+      }
 
-    return {
-      ...definedValues,
-      ...undefinedValues,
-    };
-  }
+      result[stringKey] = {
+        name: localizedNames || stringKey,
+        value: processLevel(dataValue, newPath),
+      };
 
-  return definedValues;
+      processedKeys.add(key);
+    }
+
+    // Handle Undefined Attributes
+    if (includeUndefinedAttributes) {
+      for (const [key, value] of Object.entries(dataObj)) {
+        if (!processedKeys.has(key)) {
+          result[key] = {
+            name: key,
+            value: value,
+          };
+        }
+      }
+    }
+
+    return result;
+  };
+
+  return processLevel(parsedCredentialRaw, []) as ParsedCredential;
 };
 
 const parseCredentialMDoc = (
@@ -305,7 +332,8 @@ async function verifyCredentialSdJwt(
   rawCredential: string,
   issuerKeys: JWK[],
   holderBindingContext: CryptoContext
-): Promise<DecodedSdJwtCredential> {
+): Promise<SDJwt> {
+  // TODO: change verification using sd-jwt library with 1.3.x update
   const [decodedCredential, holderBindingKey] =
     // parallel for optimization
     await Promise.all([
@@ -320,8 +348,13 @@ async function verifyCredentialSdJwt(
     throw new IoWalletError(message);
   }
 
-  return decodedCredential;
+  const sdJwtInstance = new SDJwtInstance({
+    hasher: digest,
+  });
+
+  return await sdJwtInstance.decode(rawCredential);
 }
+
 /**
  * Given a credential, verify it's in the supported format
  * and the credential is correctly signed
@@ -396,26 +429,37 @@ const verifyAndParseCredentialSdJwt: VerifyAndParseCredential = async (
     throw new IoWalletError("Credential type not supported by the issuer");
   }
 
+  const parsedCredentialRaw = (await decoded.getClaims(digest)) as Record<
+    string,
+    unknown
+  >;
+
   const parsedCredential = parseCredentialSdJwt(
     credentialConfig,
-    decoded,
+    parsedCredentialRaw,
     ignoreMissingAttributes,
     includeUndefinedAttributes
   );
-  const maybeIssuedAt = getValueFromDisclosures(decoded.disclosures, "iat");
+
+  const issuedAt =
+    typeof parsedCredentialRaw.iat === "number"
+      ? new Date(parsedCredentialRaw.iat * 1000)
+      : undefined;
+
+  if (typeof parsedCredentialRaw.exp !== "number") {
+    throw new IoWalletError("Invalid or missing expiration claim (exp)");
+  }
+  const expiration = new Date(parsedCredentialRaw.exp * 1000);
 
   Logger.log(
     LogLevel.DEBUG,
-    `Parsed credential: ${JSON.stringify(parsedCredential)}\nIssued at: ${maybeIssuedAt}`
+    `Parsed credential: ${JSON.stringify(parsedCredential)}\nIssued at: ${issuedAt}`
   );
 
   return {
     parsedCredential,
-    expiration: new Date(decoded.sdJwt.payload.exp * 1000),
-    issuedAt:
-      typeof maybeIssuedAt === "number"
-        ? new Date(maybeIssuedAt * 1000)
-        : undefined,
+    expiration,
+    issuedAt,
   };
 };
 

package/src/credential/issuance/mrtd-pop/02-init-challenge.ts

@@ -2,9 +2,15 @@ import { hasStatusOrThrow, type Out } from "../../../utils/misc";
 import type { CryptoContext } from "@pagopa/io-react-native-jwt";
 import { v4 as uuidv4 } from "uuid";
 import { createPopToken } from "../../../utils/pop";
+import { Logger, LogLevel } from "../../../utils/logging";
 import * as WalletInstanceAttestation from "../../../wallet-instance-attestation";
 import type { EvaluateIssuerTrust } from "../../issuance";
-import { IssuerResponseError } from "../../../utils/errors";
+import {
+  IssuerResponseError,
+  IssuerResponseErrorCodes,
+  ResponseErrorBuilder,
+  UnexpectedStatusCodeError,
+} from "../../../utils/errors";
 import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
 import { MrtdPoPChallenge } from "./types";
 
@@ -72,11 +78,27 @@ export const initChallenge: InitChallenge = async (
     },
     body: JSON.stringify(requestBody),
   })
-    .then(hasStatusOrThrow(202, IssuerResponseError))
-    .then((res) => res.text());
+    .then(hasStatusOrThrow(202))
+    .then((res) => res.text())
+    .catch(handleInitChallengeError);
 
   const mrtdPoPChallengeDecoded = decodeJwt(mrtdPoPChallengeJwt);
   const { payload } = MrtdPoPChallenge.parse(mrtdPoPChallengeDecoded);
 
   return payload;
 };
+
+const handleInitChallengeError = (e: unknown) => {
+  Logger.log(LogLevel.ERROR, `Failed to get MRTD challenge: ${e}`);
+
+  if (!(e instanceof UnexpectedStatusCodeError)) {
+    throw e;
+  }
+
+  throw new ResponseErrorBuilder(IssuerResponseError)
+    .handle("*", {
+      code: IssuerResponseErrorCodes.MrtdChallengeInitRequestFailed,
+      message: "Unable to initialize MRTD challenge",
+    })
+    .buildFrom(e);
+};

package/src/sd-jwt/__test__/index.test.ts

@@ -1,7 +1,7 @@
 import { z } from "zod";
 import { decode, disclose } from "../index";
 
-import { encodeBase64, decodeBase64 } from "@pagopa/io-react-native-jwt";
+import { decodeBase64, encodeBase64 } from "@pagopa/io-react-native-jwt";
 import { SdJwt4VC } from "../types";
 import { pid } from "../__mocks__/sd-jwt";
 

package/src/sd-jwt/index.ts

@@ -1,9 +1,12 @@
 import { z } from "zod";
 
-import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
-import { verify as verifyJwt } from "@pagopa/io-react-native-jwt";
-import { SignJWT, sha256ToBase64 } from "@pagopa/io-react-native-jwt";
-import { Disclosure, SdJwt4VC, type DisclosureWithEncoded } from "./types";
+import {
+  decode as decodeJwt,
+  sha256ToBase64,
+  SignJWT,
+  verify as verifyJwt,
+} from "@pagopa/io-react-native-jwt";
+import { Disclosure, type DisclosureWithEncoded, SdJwt4VC } from "./types";
 import { verifyDisclosure } from "./verifier";
 import type { JWK } from "../utils/jwk";
 import * as Errors from "./errors";
@@ -123,7 +126,6 @@ export const disclose = async (
 
   // compose the final disclosed token
   const disclosedToken = [rawSdJwt, ...filteredDisclosures].join("~");
-
   return { token: disclosedToken, paths };
 };
 

package/src/utils/error-codes.ts

@@ -16,6 +16,10 @@ export const IssuerResponseErrorCodes = {
    * Error code thrown when an error occurs while obtaining a status attestation for a credential.
    */
   StatusAttestationRequestFailed: "ERR_STATUS_ATTESTATION_REQUEST_FAILED",
+  /**
+   * Error code thrown when an error occurs while initializing the MRTD challenge.
+   */
+  MrtdChallengeInitRequestFailed: "ERR_MRTD_CHALLENGE_INIT_REQUEST_FAILED",
 } as const;
 
 export const WalletProviderResponseErrorCodes = {

package/src/utils/parser.ts

@@ -0,0 +1,18 @@
+/**
+ * Helper to determine if two paths are equal (Supports string | number | null)
+ */
+export const isPathEqual = (
+  pathA: (string | number | null)[],
+  pathB: (string | number | null)[]
+): boolean =>
+  pathA.length === pathB.length && pathA.every((v, i) => v === pathB[i]);
+/**
+ * Helper to check if prefix is the start of fullPath
+ */
+export const isPrefixOf = (
+  prefix: (string | number | null)[],
+  fullPath: (string | number | null)[]
+): boolean => {
+  if (prefix.length >= fullPath.length) return false;
+  return prefix.every((v, i) => v === fullPath[i]);
+};