npm - @pagopa/io-react-native-wallet - Versions diffs - 2.5.0 → 3.0.0 - Mend

@pagopa/io-react-native-wallet 2.5.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1562) hide show

package/lib/module/credential/presentation/errors.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["IoWalletError","serializeAttrs","DcqlError","AuthRequestDecodeError","code","constructor","message","claim","arguments","length","undefined","reason","NoSuitableKeysFoundInEntityConfiguration","scenario","InvalidQRCodeError","InvalidRequestObjectError","MissingDataError","missingAttributes","CredentialsNotFoundError","details"],"sourceRoot":"../../../../src","sources":["credential/presentation/errors.ts"],"mappings":"AAAA,SAASA,aAAa,EAAEC,cAAc,QAAQ,oBAAoB;AAClE,SAASC,SAAS,QAAQ,MAAM;;AAEhC;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,SAASH,aAAa,CAAC;EACxDI,IAAI,GAAG,oDAAoD;;EAE3D;;EAGA;;EAGAC,WAAWA,CACTC,OAAe,EAGf;IAAA,IAFAC,KAAa,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAC7BG,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAE9B,KAAK,CAACP,cAAc,CAAC;MAAEK,OAAO;MAAEC,KAAK;MAAEI;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACJ,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMC,wCAAwC,SAASZ,aAAa,CAAC;EAC1EI,IAAI,GAAG,gCAAgC;;EAEvC;AACF;AACA;EACEC,WAAWA,CAACQ,QAAgB,EAAE;IAC5B,MAAMP,OAAO,GAAI,0DAAyDO,QAAS,IAAG;IACtF,KAAK,CAACP,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,kBAAkB,SAASd,aAAa,CAAC;EACpDI,IAAI,GAAG,qBAAqB;;EAE5B;;EAGAC,WAAWA,CAACM,MAAc,EAAE;IAC1B,KAAK,CAAC,iBAAiB,CAAC;IACxB,IAAI,CAACA,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA,OAAO,MAAMI,yBAAyB,SAASf,aAAa,CAAC;EAC3DI,IAAI,GAAG,4BAA4B;;EAEnC;;EAGAC,WAAWA,CAACC,OAAe,EAA0B;IAAA,IAAxBK,MAAM,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IACjD,KAAK,CAACF,OAAO,CAAC;IACd,IAAI,CAACK,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMK,gBAAgB,SAAShB,aAAa,CAAC;EAClDI,IAAI,GAAG,kBAAkB;;EAEzB;AACF;AACA;EACEC,WAAWA,CAACY,iBAAyB,EAAE;IACrC,MAAMX,OAAO,GAAI,kCAAiCW,iBAAkB,GAAE;IACtE,KAAK,CAACX,OAAO,CAAC;EAChB;AACF;AAQA;AACA;AACA;AACA;AACA,OAAO,MAAMY,wBAAwB,SAASlB,aAAa,CAAC;EAC1DI,IAAI,GAAG,2BAA2B;EAGlC;AACF;AACA;EACEC,WAAWA,CAACc,OAAyB,EAAE;IACrC,KAAK,CAAC,uDAAuD,CAAC;IAC9D,IAAI,CAACA,OAAO,GAAGA,OAAO;EACxB;AACF"}

package/lib/module/credential/presentation/types.js DELETED Viewed

@@ -1,146 +0,0 @@
-import { UnixTime } from "../../sd-jwt/types";
-import * as z from "zod";
-/**
- * A pair that associate a tokenized Verified Credential with the claims presented or requested to present.
- */
-/**
- * A object that associate the information needed to multiple remote presentation
- * Used with `presentation_definition`
- * @deprecated Use `RemotePresentation`
- */
-/**
- * A object that associate the information needed to multiple remote presentation
- * Used with DCQL queries
- */
-const Fields = z.object({
-  path: z.array(z.string().min(1)),
-  // Array of JSONPath string expressions
-  id: z.string().optional(),
-  // Unique string ID
-  purpose: z.string().optional(),
-  // Purpose of the field
-  name: z.string().optional(),
-  // Human-friendly name
-  filter: z.any().optional(),
-  // JSON Schema descriptor for filtering
-  optional: z.boolean().optional(),
-  // Boolean indicating if the field is optional
-  intent_to_retain: z.boolean().optional() // Boolean indicating that the Verifier intends to retain the Claim's data being requested
-});
-// Define the Constraints Object Schema
-const Constraints = z.object({
-  fields: z.array(Fields).optional(),
-  // Array of Field Objects
-  limit_disclosure: z.enum(["required", "preferred"]).optional() // Limit disclosure property
-});
-// Define the Input Descriptor Object Schema
-export const InputDescriptor = z.object({
-  id: z.string().min(1),
-  // Mandatory unique string ID
-  name: z.string().optional(),
-  // Human-friendly name
-  purpose: z.string().optional(),
-  // Purpose of the schema
-  format: z.record(z.string(), z.any()).optional(),
-  // Object with Claim Format Designations
-  constraints: Constraints,
-  // Constraints Object (mandatory)
-  group: z.string().optional() // Match one of the grouping strings listed in the "from" values of a Submission Requirement Rule
-});
-const SubmissionRequirement = z.object({
-  name: z.string().optional(),
-  purpose: z.string().optional(),
-  rule: z.string(),
-  // "all": all group's rules must be present, or "pick": at least group's "count" rules must be present
-  from: z.string().optional(),
-  // MUST contain either a "from" or "from_nested" property
-  from_nested: z.array(z.object({
-    name: z.string().optional(),
-    purpose: z.string().optional(),
-    rule: z.string(),
-    from: z.string()
-  })).optional(),
-  count: z.number().optional()
-  //"count", "min", and "max" may be present with a "pick" rule
-});
-export const PresentationDefinition = z.object({
-  id: z.string(),
-  name: z.string().optional(),
-  purpose: z.string().optional(),
-  input_descriptors: z.array(InputDescriptor),
-  submission_requirements: z.array(SubmissionRequirement).optional()
-});
-export const RequestObject = z.object({
-  iss: z.string(),
-  iat: UnixTime,
-  exp: UnixTime,
-  state: z.string().optional(),
-  nonce: z.string(),
-  response_uri: z.string(),
-  request_uri_method: z.string().optional(),
-  response_type: z.literal("vp_token"),
-  response_mode: z.literal("direct_post.jwt"),
-  client_id: z.string(),
-  dcql_query: z.record(z.string(), z.any()).optional(),
-  // Validation happens within the `dcql` library, no need to duplicate it here
-  scope: z.string().optional(),
-  presentation_definition: PresentationDefinition.optional()
-});
-export const WalletMetadata = z.object({
-  presentation_definition_uri_supported: z.boolean().optional(),
-  client_id_schemes_supported: z.array(z.string()).optional(),
-  request_object_signing_alg_values_supported: z.array(z.string()).optional(),
-  vp_formats_supported: z.record(z.string(),
-  // TODO [SIW-2110]: use explicit credential format?
-  z.object({
-    "sd-jwt_alg_values": z.array(z.string()).optional() // alg_values_supported?
-  }))
-  // TODO [SIW-2110]: include other metadata?
-});
-/**
- * Wallet capabilities that must be submitted to get the Request Object
- * via POST request when the `request_uri_method` is `post`.
- */
-export const RequestObjectWalletCapabilities = z.object({
-  wallet_metadata: WalletMetadata,
-  wallet_nonce: z.string().optional()
-});
-/**
- * This type models the possible error responses the OpenID4VP protocol allows for a presentation of a credential.
- * When the Wallet encounters one of these errors, it will notify the Relying Party through the `response_uri` endpoint.
- * See https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/pid-eaa-presentation.html#authorization-response-errors for more information.
- */
-export const ErrorResponse = z.enum(["invalid_request_object", "invalid_request_uri", "vp_formats_not_supported", "invalid_request", "access_denied", "invalid_client"]);
-/**
- * @deprecated Use `DirectAuthorizationBodyPayload`
- */
-const LegacyDirectAuthorizationBodyPayload = z.object({
-  vp_token: z.union([z.string(), z.array(z.string())]).optional(),
-  presentation_submission: z.record(z.string(), z.unknown())
-});
-/**
- * Authorization Response payload sent to the Relying Party.
- */
-export const DirectAuthorizationBodyPayload = z.union([z.object({
-  vp_token: z.record(z.string(), z.string())
-}), z.object({
-  error: ErrorResponse,
-  error_description: z.string()
-}), LegacyDirectAuthorizationBodyPayload]);
-//# sourceMappingURL=types.js.map

package/lib/module/credential/presentation/types.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["UnixTime","z","Fields","object","path","array","string","min","id","optional","purpose","name","filter","any","boolean","intent_to_retain","Constraints","fields","limit_disclosure","enum","InputDescriptor","format","record","constraints","group","SubmissionRequirement","rule","from","from_nested","count","number","PresentationDefinition","input_descriptors","submission_requirements","RequestObject","iss","iat","exp","state","nonce","response_uri","request_uri_method","response_type","literal","response_mode","client_id","dcql_query","scope","presentation_definition","WalletMetadata","presentation_definition_uri_supported","client_id_schemes_supported","request_object_signing_alg_values_supported","vp_formats_supported","RequestObjectWalletCapabilities","wallet_metadata","wallet_nonce","ErrorResponse","LegacyDirectAuthorizationBodyPayload","vp_token","union","presentation_submission","unknown","DirectAuthorizationBodyPayload","error","error_description"],"sourceRoot":"../../../../src","sources":["credential/presentation/types.ts"],"mappings":"AACA,SAASA,QAAQ,QAAQ,oBAAoB;AAC7C,OAAO,KAAKC,CAAC,MAAM,KAAK;;AAExB;AACA;AACA;;AAOA;AACA;AACA;AACA;AACA;;AAQA;AACA;AACA;AACA;;AAOA,MAAMC,MAAM,GAAGD,CAAC,CAACE,MAAM,CAAC;EACtBC,IAAI,EAAEH,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAAC;EAAE;EAClCC,EAAE,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCE,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BG,MAAM,EAAEX,CAAC,CAACY,GAAG,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAC5BA,QAAQ,EAAER,CAAC,CAACa,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAAE;EAClCM,gBAAgB,EAAEd,CAAC,CAACa,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC,CAAE;AAC5C,CAAC,CAAC;;AAEF;AACA,MAAMO,WAAW,GAAGf,CAAC,CAACE,MAAM,CAAC;EAC3Bc,MAAM,EAAEhB,CAAC,CAACI,KAAK,CAACH,MAAM,CAAC,CAACO,QAAQ,CAAC,CAAC;EAAE;EACpCS,gBAAgB,EAAEjB,CAAC,CAACkB,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAACV,QAAQ,CAAC,CAAC,CAAE;AAClE,CAAC,CAAC;;AAEF;;AAEA,OAAO,MAAMW,eAAe,GAAGnB,CAAC,CAACE,MAAM,CAAC;EACtCK,EAAE,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC;EAAE;EACvBI,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAChCY,MAAM,EAAEpB,CAAC,CAACqB,MAAM,CAACrB,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAACY,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EAClDc,WAAW,EAAEP,WAAW;EAAE;EAC1BQ,KAAK,EAAEvB,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;AAChC,CAAC,CAAC;;AAEF,MAAMgB,qBAAqB,GAAGxB,CAAC,CAACE,MAAM,CAAC;EACrCQ,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BiB,IAAI,EAAEzB,CAAC,CAACK,MAAM,CAAC,CAAC;EAAE;EAClBqB,IAAI,EAAE1B,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAAE;EAC7BmB,WAAW,EAAE3B,CAAC,CACXI,KAAK,CACJJ,CAAC,CAACE,MAAM,CAAC;IACPQ,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;IAC9BiB,IAAI,EAAEzB,CAAC,CAACK,MAAM,CAAC,CAAC;IAChBqB,IAAI,EAAE1B,CAAC,CAACK,MAAM,CAAC;EACjB,CAAC,CACH,CAAC,CACAG,QAAQ,CAAC,CAAC;EACboB,KAAK,EAAE5B,CAAC,CAAC6B,MAAM,CAAC,CAAC,CAACrB,QAAQ,CAAC;EAC3B;AACF,CAAC,CAAC;;AAGF,OAAO,MAAMsB,sBAAsB,GAAG9B,CAAC,CAACE,MAAM,CAAC;EAC7CK,EAAE,EAAEP,CAAC,CAACK,MAAM,CAAC,CAAC;EACdK,IAAI,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3BC,OAAO,EAAET,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC9BuB,iBAAiB,EAAE/B,CAAC,CAACI,KAAK,CAACe,eAAe,CAAC;EAC3Ca,uBAAuB,EAAEhC,CAAC,CAACI,KAAK,CAACoB,qBAAqB,CAAC,CAAChB,QAAQ,CAAC;AACnE,CAAC,CAAC;AAGF,OAAO,MAAMyB,aAAa,GAAGjC,CAAC,CAACE,MAAM,CAAC;EACpCgC,GAAG,EAAElC,CAAC,CAACK,MAAM,CAAC,CAAC;EACf8B,GAAG,EAAEpC,QAAQ;EACbqC,GAAG,EAAErC,QAAQ;EACbsC,KAAK,EAAErC,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC5B8B,KAAK,EAAEtC,CAAC,CAACK,MAAM,CAAC,CAAC;EACjBkC,YAAY,EAAEvC,CAAC,CAACK,MAAM,CAAC,CAAC;EACxBmC,kBAAkB,EAAExC,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EACzCiC,aAAa,EAAEzC,CAAC,CAAC0C,OAAO,CAAC,UAAU,CAAC;EACpCC,aAAa,EAAE3C,CAAC,CAAC0C,OAAO,CAAC,iBAAiB,CAAC;EAC3CE,SAAS,EAAE5C,CAAC,CAACK,MAAM,CAAC,CAAC;EACrBwC,UAAU,EAAE7C,CAAC,CAACqB,MAAM,CAACrB,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAACY,GAAG,CAAC,CAAC,CAAC,CAACJ,QAAQ,CAAC,CAAC;EAAE;EACtDsC,KAAK,EAAE9C,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC5BuC,uBAAuB,EAAEjB,sBAAsB,CAACtB,QAAQ,CAAC;AAC3D,CAAC,CAAC;AAGF,OAAO,MAAMwC,cAAc,GAAGhD,CAAC,CAACE,MAAM,CAAC;EACrC+C,qCAAqC,EAAEjD,CAAC,CAACa,OAAO,CAAC,CAAC,CAACL,QAAQ,CAAC,CAAC;EAC7D0C,2BAA2B,EAAElD,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3D2C,2CAA2C,EAAEnD,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC3E4C,oBAAoB,EAAEpD,CAAC,CAACqB,MAAM,CAC5BrB,CAAC,CAACK,MAAM,CAAC,CAAC;EAAE;EACZL,CAAC,CAACE,MAAM,CAAC;IACP,mBAAmB,EAAEF,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC,CAAE;EACvD,CAAC,CACH;EACA;AACF,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAIA,OAAO,MAAM6C,+BAA+B,GAAGrD,CAAC,CAACE,MAAM,CAAC;EACtDoD,eAAe,EAAEN,cAAc;EAC/BO,YAAY,EAAEvD,CAAC,CAACK,MAAM,CAAC,CAAC,CAACG,QAAQ,CAAC;AACpC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;;AAEA,OAAO,MAAMgD,aAAa,GAAGxD,CAAC,CAACkB,IAAI,CAAC,CAClC,wBAAwB,EACxB,qBAAqB,EACrB,0BAA0B,EAC1B,iBAAiB,EACjB,eAAe,EACf,gBAAgB,CACjB,CAAC;;AAEF;AACA;AACA;AACA,MAAMuC,oCAAoC,GAAGzD,CAAC,CAACE,MAAM,CAAC;EACpDwD,QAAQ,EAAE1D,CAAC,CAAC2D,KAAK,CAAC,CAAC3D,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAACG,QAAQ,CAAC,CAAC;EAC/DoD,uBAAuB,EAAE5D,CAAC,CAACqB,MAAM,CAACrB,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAAC6D,OAAO,CAAC,CAAC;AAC3D,CAAC,CAAC;;AAEF;AACA;AACA;;AAIA,OAAO,MAAMC,8BAA8B,GAAG9D,CAAC,CAAC2D,KAAK,CAAC,CACpD3D,CAAC,CAACE,MAAM,CAAC;EACPwD,QAAQ,EAAE1D,CAAC,CAACqB,MAAM,CAACrB,CAAC,CAACK,MAAM,CAAC,CAAC,EAAEL,CAAC,CAACK,MAAM,CAAC,CAAC;AAC3C,CAAC,CAAC,EACFL,CAAC,CAACE,MAAM,CAAC;EAAE6D,KAAK,EAAEP,aAAa;EAAEQ,iBAAiB,EAAEhE,CAAC,CAACK,MAAM,CAAC;AAAE,CAAC,CAAC,EACjEoD,oCAAoC,CACrC,CAAC"}

package/lib/module/credential/status/01-start-flow.js DELETED Viewed

	@@ -1,2 +0,0 @@
1	-
2	- //# sourceMappingURL=01-start-flow.js.map

package/lib/module/credential/status/01-start-flow.js.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"names":[],"sourceRoot":"../../../../src","sources":["credential/status/01-start-flow.ts"],"mappings":""}

package/lib/module/credential/status/02-status-assertion.js DELETED Viewed

@@ -1,72 +0,0 @@
-import { getCredentialHashWithouDiscloures, hasStatusOrThrow } from "../../utils/misc";
-import { SignJWT } from "@pagopa/io-react-native-jwt";
-import { v4 as uuidv4 } from "uuid";
-import { StatusAssertionResponse } from "./types";
-import { IssuerResponseError, IssuerResponseErrorCodes, ResponseErrorBuilder, UnexpectedStatusCodeError } from "../../utils/errors";
-import { Logger, LogLevel } from "../../utils/logging";
-import { extractJwkFromCredential } from "../../utils/credentials";
-/**
- * Get the status assertion of a digital credential.
- * @param issuerConf - The issuer's configuration
- * @param credential - The credential to be verified
- * @param format - The format of the credential, e.g. "sd-jwt"
- * @param context.credentialCryptoContext - The credential's crypto context
- * @param context.wiaCryptoContext - The Wallet Attestation's crypto context
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @throws {IssuerResponseError} with a specific code for more context
- * @returns The credential status assertion
- */
-export const statusAssertion = async (issuerConf, credential, format, ctx) => {
-  const {
-    credentialCryptoContext,
-    wiaCryptoContext,
-    appFetch = fetch
-  } = ctx;
-  const jwk = await extractJwkFromCredential(credential, format);
-  const issuerJwk = await wiaCryptoContext.getPublicKey();
-  const credentialHash = await getCredentialHashWithouDiscloures(credential);
-  const statusAttUrl = issuerConf.openid_credential_issuer.status_attestation_endpoint;
-  const credentialPop = await new SignJWT(credentialCryptoContext).setPayload({
-    iss: issuerJwk.kid,
-    aud: statusAttUrl,
-    jti: uuidv4().toString(),
-    credential_hash: credentialHash,
-    credential_hash_alg: "sha-256"
-  }).setProtectedHeader({
-    alg: "ES256",
-    typ: "status-assertion-request+jwt",
-    kid: jwk.kid
-  }).setIssuedAt().setExpirationTime("5m").sign();
-  const body = {
-    status_assertion_requests: [credentialPop]
-  };
-  Logger.log(LogLevel.DEBUG, `Credential pop: ${credentialPop}`);
-  const result = await appFetch(statusAttUrl, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json"
-    },
-    body: JSON.stringify(body)
-  }).then(hasStatusOrThrow(200)).then(raw => raw.json()).then(json => StatusAssertionResponse.parse(json)).catch(handleStatusAssertionError);
-  const [statusAttestationJwt] = result.status_assertion_responses;
-  return {
-    statusAssertion: statusAttestationJwt
-  };
-};
-/**
- * Handle the status assertion error by mapping it to a custom exception.
- * If the error is not an instance of {@link UnexpectedStatusCodeError}, it is thrown as is.
- * @param e - The error to be handled
- * @throws {IssuerResponseError} with a specific code for more context
- */
-const handleStatusAssertionError = e => {
-  if (!(e instanceof UnexpectedStatusCodeError)) {
-    throw e;
-  }
-  throw new ResponseErrorBuilder(IssuerResponseError).handle("*", {
-    code: IssuerResponseErrorCodes.StatusAttestationRequestFailed,
-    message: `Unable to obtain the status assertion for the given credential`
-  }).buildFrom(e);
-};
-//# sourceMappingURL=02-status-assertion.js.map

package/lib/module/credential/status/02-status-assertion.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["getCredentialHashWithouDiscloures","hasStatusOrThrow","SignJWT","v4","uuidv4","StatusAssertionResponse","IssuerResponseError","IssuerResponseErrorCodes","ResponseErrorBuilder","UnexpectedStatusCodeError","Logger","LogLevel","extractJwkFromCredential","statusAssertion","issuerConf","credential","format","ctx","credentialCryptoContext","wiaCryptoContext","appFetch","fetch","jwk","issuerJwk","getPublicKey","credentialHash","statusAttUrl","openid_credential_issuer","status_attestation_endpoint","credentialPop","setPayload","iss","kid","aud","jti","toString","credential_hash","credential_hash_alg","setProtectedHeader","alg","typ","setIssuedAt","setExpirationTime","sign","body","status_assertion_requests","log","DEBUG","result","method","headers","JSON","stringify","then","raw","json","parse","catch","handleStatusAssertionError","statusAttestationJwt","status_assertion_responses","e","handle","code","StatusAttestationRequestFailed","message","buildFrom"],"sourceRoot":"../../../../src","sources":["credential/status/02-status-assertion.ts"],"mappings":"AAAA,SACEA,iCAAiC,EACjCC,gBAAgB,QAEX,kBAAkB;AAEzB,SAA6BC,OAAO,QAAQ,6BAA6B;AACzE,SAASC,EAAE,IAAIC,MAAM,QAAQ,MAAM;AACnC,SAASC,uBAAuB,QAAQ,SAAS;AACjD,SACEC,mBAAmB,EACnBC,wBAAwB,EACxBC,oBAAoB,EACpBC,yBAAyB,QACpB,oBAAoB;AAC3B,SAASC,MAAM,EAAEC,QAAQ,QAAQ,qBAAqB;AACtD,SAASC,wBAAwB,QAAQ,yBAAyB;AAgBlE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,eAAgC,GAAG,MAAAA,CAC9CC,UAAU,EACVC,UAAU,EACVC,MAAM,EACNC,GAAG,KACA;EACH,MAAM;IAAEC,uBAAuB;IAAEC,gBAAgB;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAGJ,GAAG;EAE3E,MAAMK,GAAG,GAAG,MAAMV,wBAAwB,CAACG,UAAU,EAAEC,MAAM,CAAC;EAC9D,MAAMO,SAAS,GAAG,MAAMJ,gBAAgB,CAACK,YAAY,CAAC,CAAC;EACvD,MAAMC,cAAc,GAAG,MAAMzB,iCAAiC,CAACe,UAAU,CAAC;EAC1E,MAAMW,YAAY,GAChBZ,UAAU,CAACa,wBAAwB,CAACC,2BAA2B;EAEjE,MAAMC,aAAa,GAAG,MAAM,IAAI3B,OAAO,CAACgB,uBAAuB,CAAC,CAC7DY,UAAU,CAAC;IACVC,GAAG,EAAER,SAAS,CAACS,GAAG;IAClBC,GAAG,EAAEP,YAAY;IACjBQ,GAAG,EAAE9B,MAAM,CAAC,CAAC,CAAC+B,QAAQ,CAAC,CAAC;IACxBC,eAAe,EAAEX,cAAc;IAC/BY,mBAAmB,EAAE;EACvB,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,8BAA8B;IACnCR,GAAG,EAAEV,GAAG,CAACU;EACX,CAAC,CAAC,CACDS,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,IAAI,GAAG;IACXC,yBAAyB,EAAE,CAAChB,aAAa;EAC3C,CAAC;EAEDnB,MAAM,CAACoC,GAAG,CAACnC,QAAQ,CAACoC,KAAK,EAAG,mBAAkBlB,aAAc,EAAC,CAAC;EAE9D,MAAMmB,MAAM,GAAG,MAAM5B,QAAQ,CAACM,YAAY,EAAE;IAC1CuB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDN,IAAI,EAAEO,IAAI,CAACC,SAAS,CAACR,IAAI;EAC3B,CAAC,CAAC,CACCS,IAAI,CAACpD,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BoD,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEE,IAAI,IAAKlD,uBAAuB,CAACmD,KAAK,CAACD,IAAI,CAAC,CAAC,CACnDE,KAAK,CAACC,0BAA0B,CAAC;EAEpC,MAAM,CAACC,oBAAoB,CAAC,GAAGX,MAAM,CAACY,0BAA0B;EAEhE,OAAO;IAAE/C,eAAe,EAAE8C;EAAsB,CAAC;AACnD,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA,MAAMD,0BAA0B,GAAIG,CAAU,IAAK;EACjD,IAAI,EAAEA,CAAC,YAAYpD,yBAAyB,CAAC,EAAE;IAC7C,MAAMoD,CAAC;EACT;EAEA,MAAM,IAAIrD,oBAAoB,CAACF,mBAAmB,CAAC,CAChDwD,MAAM,CAAC,GAAG,EAAE;IACXC,IAAI,EAAExD,wBAAwB,CAACyD,8BAA8B;IAC7DC,OAAO,EAAG;EACZ,CAAC,CAAC,CACDC,SAAS,CAACL,CAAC,CAAC;AACjB,CAAC"}

package/lib/module/credential/status/03-verify-and-parse-status-assertion.js DELETED Viewed

@@ -1,78 +0,0 @@
-import { IoWalletError, IssuerResponseError, IssuerResponseErrorCodes } from "../../utils/errors";
-import { decode as decodeJwt, verify } from "@pagopa/io-react-native-jwt";
-import { ParsedStatusAssertionResponse, StatusType } from "./types";
-import { Logger, LogLevel } from "../../utils/logging";
-import { extractJwkFromCredential } from "../../utils/credentials";
-import { isSameThumbprint } from "../../utils/jwk";
-/**
- * Given a status assertion, verifies that:
- * - It's in the supported format;
- * - The assertion is correctly signed;
- * - It's bound to the given key.
- * @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
- * @param statusAssertion The encoded status assertion returned by {@link statusAssertion}
- * @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
- * @returns A parsed status assertion
- * @throws {IoWalletError} If the credential signature is not verified with the Issuer key set
- * @throws {IssuerResponseError} If the status assertion contains an error or the credential status is invalid
- */
-export const verifyAndParseStatusAssertion = async (issuerConf, rawStatusAssertion, credential, format) => {
-  const {
-    statusAssertion
-  } = rawStatusAssertion;
-  await verify(statusAssertion, issuerConf.openid_credential_issuer.jwks.keys);
-  const decodedJwt = decodeJwt(statusAssertion);
-  const parsedStatusAssertion = ParsedStatusAssertionResponse.parse({
-    header: decodedJwt.protectedHeader,
-    payload: decodedJwt.payload
-  });
-  Logger.log(LogLevel.DEBUG, `Parsed status assertion: ${JSON.stringify(parsedStatusAssertion)}`);
-  // Errors are transmitted in the JWT and use a 200 HTTP status code
-  if (isStatusAssertionError(parsedStatusAssertion)) {
-    throw new IssuerResponseError({
-      code: IssuerResponseErrorCodes.CredentialInvalidStatus,
-      message: "The status assertion contains an error",
-      statusCode: 200,
-      reason: buildErrorReason(parsedStatusAssertion)
-    });
-  }
-  const {
-    cnf,
-    credential_status_type
-  } = parsedStatusAssertion.payload;
-  const holderBindingKey = await extractJwkFromCredential(credential, format);
-  if (!(await isSameThumbprint(cnf.jwk, holderBindingKey))) {
-    const errorMessage = `Failed to verify holder binding for status assertion: the thumbprints of keys ${cnf.jwk.kid} and ${holderBindingKey.kid} do not match`;
-    Logger.log(LogLevel.ERROR, errorMessage);
-    throw new IoWalletError(errorMessage);
-  }
-  if (credential_status_type !== StatusType.VALID) {
-    throw new IssuerResponseError({
-      code: IssuerResponseErrorCodes.CredentialInvalidStatus,
-      message: "Invalid status found for the given credential",
-      statusCode: 200,
-      reason: buildErrorReason(parsedStatusAssertion)
-    });
-  }
-  return {
-    parsedStatusAssertion
-  };
-};
-const isStatusAssertionError = assertion => assertion.header.typ === "status-assertion-error+jwt";
-/**
- * Build an object containing the details on the error to use as the IssuerResponseError's reason
- * @param assertion The status assertion response, both success or failure
- * @returns The error's reason object
- */
-const buildErrorReason = _ref => {
-  let {
-    payload
-  } = _ref;
-  return "error" in payload ? payload : {
-    error: payload.credential_status_detail.state,
-    error_description: payload.credential_status_detail.description
-  };
-};
-//# sourceMappingURL=03-verify-and-parse-status-assertion.js.map

package/lib/module/credential/status/03-verify-and-parse-status-assertion.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["IoWalletError","IssuerResponseError","IssuerResponseErrorCodes","decode","decodeJwt","verify","ParsedStatusAssertionResponse","StatusType","Logger","LogLevel","extractJwkFromCredential","isSameThumbprint","verifyAndParseStatusAssertion","issuerConf","rawStatusAssertion","credential","format","statusAssertion","openid_credential_issuer","jwks","keys","decodedJwt","parsedStatusAssertion","parse","header","protectedHeader","payload","log","DEBUG","JSON","stringify","isStatusAssertionError","code","CredentialInvalidStatus","message","statusCode","reason","buildErrorReason","cnf","credential_status_type","holderBindingKey","jwk","errorMessage","kid","ERROR","VALID","assertion","typ","_ref","error","credential_status_detail","state","error_description","description"],"sourceRoot":"../../../../src","sources":["credential/status/03-verify-and-parse-status-assertion.ts"],"mappings":"AACA,SACEA,aAAa,EACbC,mBAAmB,EACnBC,wBAAwB,QACnB,oBAAoB;AAC3B,SAASC,MAAM,IAAIC,SAAS,EAAEC,MAAM,QAAQ,6BAA6B;AAEzE,SAIEC,6BAA6B,EAC7BC,UAAU,QACL,SAAS;AAChB,SAASC,MAAM,EAAEC,QAAQ,QAAQ,qBAAqB;AAEtD,SAASC,wBAAwB,QAAQ,yBAAyB;AAClE,SAASC,gBAAgB,QAAQ,iBAAiB;AAUlD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,6BAA4D,GACvE,MAAAA,CAAOC,UAAU,EAAEC,kBAAkB,EAAEC,UAAU,EAAEC,MAAM,KAAK;EAC5D,MAAM;IAAEC;EAAgB,CAAC,GAAGH,kBAAkB;EAE9C,MAAMT,MAAM,CACVY,eAAe,EACfJ,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACC,IAC3C,CAAC;EAED,MAAMC,UAAU,GAAGjB,SAAS,CAACa,eAAe,CAAC;EAC7C,MAAMK,qBAAqB,GAAGhB,6BAA6B,CAACiB,KAAK,CAAC;IAChEC,MAAM,EAAEH,UAAU,CAACI,eAAe;IAClCC,OAAO,EAAEL,UAAU,CAACK;EACtB,CAAC,CAAC;EAEFlB,MAAM,CAACmB,GAAG,CACRlB,QAAQ,CAACmB,KAAK,EACb,4BAA2BC,IAAI,CAACC,SAAS,CAACR,qBAAqB,CAAE,EACpE,CAAC;;EAED;EACA,IAAIS,sBAAsB,CAACT,qBAAqB,CAAC,EAAE;IACjD,MAAM,IAAIrB,mBAAmB,CAAC;MAC5B+B,IAAI,EAAE9B,wBAAwB,CAAC+B,uBAAuB;MACtDC,OAAO,EAAE,wCAAwC;MACjDC,UAAU,EAAE,GAAG;MACfC,MAAM,EAAEC,gBAAgB,CAACf,qBAAqB;IAChD,CAAC,CAAC;EACJ;EAEA,MAAM;IAAEgB,GAAG;IAAEC;EAAuB,CAAC,GAAGjB,qBAAqB,CAACI,OAAO;EACrE,MAAMc,gBAAgB,GAAG,MAAM9B,wBAAwB,CAACK,UAAU,EAAEC,MAAM,CAAC;EAE3E,IAAI,EAAE,MAAML,gBAAgB,CAAC2B,GAAG,CAACG,GAAG,EAAED,gBAAgB,CAAC,CAAC,EAAE;IACxD,MAAME,YAAY,GAAI,iFAAgFJ,GAAG,CAACG,GAAG,CAACE,GAAI,QAAOH,gBAAgB,CAACG,GAAI,eAAc;IAC5JnC,MAAM,CAACmB,GAAG,CAAClB,QAAQ,CAACmC,KAAK,EAAEF,YAAY,CAAC;IACxC,MAAM,IAAI1C,aAAa,CAAC0C,YAAY,CAAC;EACvC;EAEA,IAAIH,sBAAsB,KAAKhC,UAAU,CAACsC,KAAK,EAAE;IAC/C,MAAM,IAAI5C,mBAAmB,CAAC;MAC5B+B,IAAI,EAAE9B,wBAAwB,CAAC+B,uBAAuB;MACtDC,OAAO,EAAE,+CAA+C;MACxDC,UAAU,EAAE,GAAG;MACfC,MAAM,EAAEC,gBAAgB,CAACf,qBAAqB;IAChD,CAAC,CAAC;EACJ;EAEA,OAAO;IAAEA;EAAsB,CAAC;AAClC,CAAC;AAEH,MAAMS,sBAAsB,GAC1Be,SAAwC,IAExCA,SAAS,CAACtB,MAAM,CAACuB,GAAG,KAAK,4BAA4B;;AAEvD;AACA;AACA;AACA;AACA;AACA,MAAMV,gBAAgB,GAAGW,IAAA;EAAA,IAAC;IACxBtB;EAC6B,CAAC,GAAAsB,IAAA;EAAA,OAC9B,OAAO,IAAItB,OAAO,GACdA,OAAO,GACP;IACEuB,KAAK,EAAEvB,OAAO,CAACwB,wBAAwB,CAAEC,KAAK;IAC9CC,iBAAiB,EAAE1B,OAAO,CAACwB,wBAAwB,CAAEG;EACvD,CAAC;AAAA"}

package/lib/module/credential/status/types.js DELETED Viewed

@@ -1,71 +0,0 @@
-import { UnixTime } from "../../sd-jwt/types";
-import { JWK } from "../../utils/jwk";
-import * as z from "zod";
-/**
- * Shape from parsing a status assertion response in case of 201.
- */
-export const StatusAssertionResponse = z.object({
-  status_assertion_responses: z.array(z.string())
-});
-/**
- * Type from parsing a status assertion response in case of 201.
- * Inferred from {@link StatusAssertionResponse}.
- */
-/**
- * Shape for parsing a successful status assertion in a JWT.
- */
-export const ParsedStatusAssertion = z.object({
-  header: z.object({
-    typ: z.literal("status-assertion+jwt"),
-    alg: z.string(),
-    kid: z.string().optional()
-  }),
-  payload: z.object({
-    iss: z.string(),
-    credential_status_type: z.string(),
-    credential_status_detail: z.object({
-      state: z.string(),
-      description: z.string()
-    }).optional(),
-    credential_hash_alg: z.string(),
-    credential_hash: z.string(),
-    cnf: z.object({
-      jwk: JWK
-    }),
-    exp: UnixTime,
-    iat: UnixTime
-  })
-});
-/**
- * The JWT that contains the errors occurred for the status assertion request.
- * @see https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/credential-revocation.html#http-status-assertion-response
- */
-export const ParsedStatusAssertionError = z.object({
-  header: z.object({
-    typ: z.literal("status-assertion-error+jwt"),
-    alg: z.string(),
-    kid: z.string().optional()
-  }),
-  payload: z.object({
-    credential_hash_alg: z.string(),
-    credential_hash: z.string(),
-    error: z.string(),
-    error_description: z.string()
-  })
-});
-/**
- * The status assertion response that might include either a successful assertion or an error
- */
-export const ParsedStatusAssertionResponse = z.union([ParsedStatusAssertion, ParsedStatusAssertionError]);
-export let StatusType = /*#__PURE__*/function (StatusType) {
-  StatusType["VALID"] = "0x00";
-  StatusType["INVALID"] = "0x01";
-  StatusType["SUSPENDED"] = "0x02";
-  return StatusType;
-}({});
-//# sourceMappingURL=types.js.map

package/lib/module/credential/status/types.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["UnixTime","JWK","z","StatusAssertionResponse","object","status_assertion_responses","array","string","ParsedStatusAssertion","header","typ","literal","alg","kid","optional","payload","iss","credential_status_type","credential_status_detail","state","description","credential_hash_alg","credential_hash","cnf","jwk","exp","iat","ParsedStatusAssertionError","error","error_description","ParsedStatusAssertionResponse","union","StatusType"],"sourceRoot":"../../../../src","sources":["credential/status/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,GAAG,QAAQ,iBAAiB;AACrC,OAAO,KAAKC,CAAC,MAAM,KAAK;;AAExB;AACA;AACA;AACA,OAAO,MAAMC,uBAAuB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAC9CC,0BAA0B,EAAEH,CAAC,CAACI,KAAK,CAACJ,CAAC,CAACK,MAAM,CAAC,CAAC;AAChD,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA,OAAO,MAAMC,qBAAqB,GAAGN,CAAC,CAACE,MAAM,CAAC;EAC5CK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,sBAAsB,CAAC;IACtCC,GAAG,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC;IACfM,GAAG,EAAEX,CAAC,CAACK,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC;EAC3B,CAAC,CAAC;EACFC,OAAO,EAAEb,CAAC,CAACE,MAAM,CAAC;IAChBY,GAAG,EAAEd,CAAC,CAACK,MAAM,CAAC,CAAC;IACfU,sBAAsB,EAAEf,CAAC,CAACK,MAAM,CAAC,CAAC;IAClCW,wBAAwB,EAAEhB,CAAC,CACxBE,MAAM,CAAC;MACNe,KAAK,EAAEjB,CAAC,CAACK,MAAM,CAAC,CAAC;MACjBa,WAAW,EAAElB,CAAC,CAACK,MAAM,CAAC;IACxB,CAAC,CAAC,CACDO,QAAQ,CAAC,CAAC;IACbO,mBAAmB,EAAEnB,CAAC,CAACK,MAAM,CAAC,CAAC;IAC/Be,eAAe,EAAEpB,CAAC,CAACK,MAAM,CAAC,CAAC;IAC3BgB,GAAG,EAAErB,CAAC,CAACE,MAAM,CAAC;MACZoB,GAAG,EAAEvB;IACP,CAAC,CAAC;IACFwB,GAAG,EAAEzB,QAAQ;IACb0B,GAAG,EAAE1B;EACP,CAAC;AACH,CAAC,CAAC;AAMF;AACA;AACA;AACA;AACA,OAAO,MAAM2B,0BAA0B,GAAGzB,CAAC,CAACE,MAAM,CAAC;EACjDK,MAAM,EAAEP,CAAC,CAACE,MAAM,CAAC;IACfM,GAAG,EAAER,CAAC,CAACS,OAAO,CAAC,4BAA4B,CAAC;IAC5CC,GAAG,EAAEV,CAAC,CAACK,MAAM,CAAC,CAAC;IACfM,GAAG,EAAEX,CAAC,CAACK,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC;EAC3B,CAAC,CAAC;EACFC,OAAO,EAAEb,CAAC,CAACE,MAAM,CAAC;IAChBiB,mBAAmB,EAAEnB,CAAC,CAACK,MAAM,CAAC,CAAC;IAC/Be,eAAe,EAAEpB,CAAC,CAACK,MAAM,CAAC,CAAC;IAC3BqB,KAAK,EAAE1B,CAAC,CAACK,MAAM,CAAC,CAAC;IACjBsB,iBAAiB,EAAE3B,CAAC,CAACK,MAAM,CAAC;EAC9B,CAAC;AACH,CAAC,CAAC;;AAEF;AACA;AACA;;AAIA,OAAO,MAAMuB,6BAA6B,GAAG5B,CAAC,CAAC6B,KAAK,CAAC,CACnDvB,qBAAqB,EACrBmB,0BAA0B,CAC3B,CAAC;AAEF,WAAYK,UAAU,0BAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAVA,UAAU;EAAA,OAAVA,UAAU;AAAA"}

package/lib/module/credential/trustmark/get-credential-trustmark.js DELETED Viewed

@@ -1,77 +0,0 @@
-import { SignJWT, thumbprint, decode as decodeJwt } from "@pagopa/io-react-native-jwt";
-import * as WalletInstanceAttestation from "../../wallet-instance-attestation";
-import { IoWalletError } from "../../utils/errors";
-import { obfuscateString } from "../../utils/string";
-import { LogLevel, Logger } from "../../utils/logging";
-/**
- * Generates a trustmark signed JWT, which is used to verify the authenticity of a credential.
- * The public key used to sign the trustmark must the same used for the Wallet Instance Attestation.
- *
- * @param walletInstanceAttestation the Wallet Instance's attestation
- * @param wiaCryptoContext The Wallet Instance's crypto context associated with the walletInstanceAttestation parameter
- * @param credentialType The type of credential for which the trustmark is generated
- * @param docNumber (Optional) Document number contained in the credential, if applicable
- * @param expirationTime (Optional) Expiration time for the trustmark, default is 2 minutes.
- *                        If a number is provided, it is interpreted as a timestamp in seconds.
- *                        If a string is provided, it is interpreted as a time span and added to the current timestamp.
- * @throws {IoWalletError} If the WIA is expired
- * @throws {IoWalletError} If the public key associated to the WIA is not the same for the CryptoContext
- * @throws {JWSSignatureVerificationFailed} If the WIA signature is not valid
- * @returns A promise containing the signed JWT and its expiration time in seconds
- */
-export const getCredentialTrustmark = async _ref => {
-  let {
-    walletInstanceAttestation,
-    wiaCryptoContext,
-    credentialType,
-    docNumber,
-    expirationTime = "2m"
-  } = _ref;
-  /**
-   * Check that the public key used to sign the trustmark is the one used for the WIA
-   */
-  const holderBindingKey = await wiaCryptoContext.getPublicKey();
-  const decodedWia = WalletInstanceAttestation.decode(walletInstanceAttestation);
-  Logger.log(LogLevel.DEBUG, `Decoded wia ${JSON.stringify(decodedWia.payload)} with holder binding key ${JSON.stringify(holderBindingKey)}`);
-  /**
-   * Check that the WIA is not expired
-   */
-  if (decodedWia.payload.exp * 1000 < Date.now()) {
-    Logger.log(LogLevel.ERROR, `Wallet Instance Attestation expired with exp: ${decodedWia.payload.exp}`);
-    throw new IoWalletError("Wallet Instance Attestation expired");
-  }
-  /**
-   * Verify holder binding by comparing thumbprints of the WIA and the CryptoContext key
-   */
-  const wiaThumbprint = await thumbprint(decodedWia.payload.cnf.jwk);
-  const cryptoContextThumbprint = await thumbprint(holderBindingKey);
-  if (wiaThumbprint !== cryptoContextThumbprint) {
-    Logger.log(LogLevel.ERROR, `Failed to verify holder binding for status attestation, expected thumbprint: ${cryptoContextThumbprint}, got: ${wiaThumbprint}`);
-    throw new IoWalletError(`Failed to verify holder binding for status attestation, expected thumbprint: ${cryptoContextThumbprint}, got: ${wiaThumbprint}`);
-  }
-  Logger.log(LogLevel.DEBUG, `Wia thumbprint: ${wiaThumbprint} CryptoContext thumbprint: ${cryptoContextThumbprint}`);
-  /**
-   * Generate Trustmark signed JWT
-   */
-  const signedTrustmarkJwt = await new SignJWT(wiaCryptoContext).setProtectedHeader({
-    alg: "ES256"
-  }).setPayload({
-    iss: walletInstanceAttestation,
-    /**
-     * If present, the document number is obfuscated before adding it to the payload
-     */
-    ...(docNumber ? {
-      sub: obfuscateString(docNumber)
-    } : {}),
-    subtyp: credentialType
-  }).setIssuedAt().setExpirationTime(expirationTime).sign();
-  const decodedTrustmark = decodeJwt(signedTrustmarkJwt);
-  return {
-    jwt: signedTrustmarkJwt,
-    expirationTime: decodedTrustmark.payload.exp ?? 0
-  };
-};
-//# sourceMappingURL=get-credential-trustmark.js.map

package/lib/module/credential/trustmark/get-credential-trustmark.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["SignJWT","thumbprint","decode","decodeJwt","WalletInstanceAttestation","IoWalletError","obfuscateString","LogLevel","Logger","getCredentialTrustmark","_ref","walletInstanceAttestation","wiaCryptoContext","credentialType","docNumber","expirationTime","holderBindingKey","getPublicKey","decodedWia","log","DEBUG","JSON","stringify","payload","exp","Date","now","ERROR","wiaThumbprint","cnf","jwk","cryptoContextThumbprint","signedTrustmarkJwt","setProtectedHeader","alg","setPayload","iss","sub","subtyp","setIssuedAt","setExpirationTime","sign","decodedTrustmark","jwt"],"sourceRoot":"../../../../src","sources":["credential/trustmark/get-credential-trustmark.ts"],"mappings":"AAAA,SACEA,OAAO,EACPC,UAAU,EAEVC,MAAM,IAAIC,SAAS,QACd,6BAA6B;AACpC,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAC9E,SAASC,aAAa,QAAQ,oBAAoB;AAClD,SAASC,eAAe,QAAQ,oBAAoB;AACpD,SAASC,QAAQ,EAAEC,MAAM,QAAQ,qBAAqB;AAoCtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAiD,GAAG,MAAAC,IAAA,IAM3D;EAAA,IANkE;IACtEC,yBAAyB;IACzBC,gBAAgB;IAChBC,cAAc;IACdC,SAAS;IACTC,cAAc,GAAG;EACnB,CAAC,GAAAL,IAAA;EACC;AACF;AACA;EACE,MAAMM,gBAAgB,GAAG,MAAMJ,gBAAgB,CAACK,YAAY,CAAC,CAAC;EAC9D,MAAMC,UAAU,GAAGd,yBAAyB,CAACF,MAAM,CACjDS,yBACF,CAAC;EAEDH,MAAM,CAACW,GAAG,CACRZ,QAAQ,CAACa,KAAK,EACb,eAAcC,IAAI,CAACC,SAAS,CAACJ,UAAU,CAACK,OAAO,CAAE,4BAA2BF,IAAI,CAACC,SAAS,CAACN,gBAAgB,CAAE,EAChH,CAAC;;EAED;AACF;AACA;EACE,IAAIE,UAAU,CAACK,OAAO,CAACC,GAAG,GAAG,IAAI,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC,EAAE;IAC9ClB,MAAM,CAACW,GAAG,CACRZ,QAAQ,CAACoB,KAAK,EACb,iDAAgDT,UAAU,CAACK,OAAO,CAACC,GAAI,EAC1E,CAAC;IACD,MAAM,IAAInB,aAAa,CAAC,qCAAqC,CAAC;EAChE;;EAEA;AACF;AACA;EACE,MAAMuB,aAAa,GAAG,MAAM3B,UAAU,CAACiB,UAAU,CAACK,OAAO,CAACM,GAAG,CAACC,GAAG,CAAC;EAClE,MAAMC,uBAAuB,GAAG,MAAM9B,UAAU,CAACe,gBAAgB,CAAC;EAElE,IAAIY,aAAa,KAAKG,uBAAuB,EAAE;IAC7CvB,MAAM,CAACW,GAAG,CACRZ,QAAQ,CAACoB,KAAK,EACb,gFAA+EI,uBAAwB,UAASH,aAAc,EACjI,CAAC;IACD,MAAM,IAAIvB,aAAa,CACpB,gFAA+E0B,uBAAwB,UAASH,aAAc,EACjI,CAAC;EACH;EAEApB,MAAM,CAACW,GAAG,CACRZ,QAAQ,CAACa,KAAK,EACb,mBAAkBQ,aAAc,8BAA6BG,uBAAwB,EACxF,CAAC;;EAED;AACF;AACA;EACE,MAAMC,kBAAkB,GAAG,MAAM,IAAIhC,OAAO,CAACY,gBAAgB,CAAC,CAC3DqB,kBAAkB,CAAC;IAClBC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,GAAG,EAAEzB,yBAAyB;IAC9B;AACN;AACA;IACM,IAAIG,SAAS,GAAG;MAAEuB,GAAG,EAAE/B,eAAe,CAACQ,SAAS;IAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzDwB,MAAM,EAAEzB;EACV,CAAC,CAAC,CACD0B,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAACzB,cAAc,CAAC,CACjC0B,IAAI,CAAC,CAAC;EAET,MAAMC,gBAAgB,GAAGvC,SAAS,CAAC6B,kBAAkB,CAAC;EAEtD,OAAO;IACLW,GAAG,EAAEX,kBAAkB;IACvBjB,cAAc,EAAE2B,gBAAgB,CAACnB,OAAO,CAACC,GAAG,IAAI;EAClD,CAAC;AACH,CAAC"}

package/lib/module/credentials-catalogue/fetch-and-parse-catalogue.js DELETED Viewed

@@ -1,35 +0,0 @@
-import { decode as decodeJwt, verify } from "@pagopa/io-react-native-jwt";
-import { hasStatusOrThrow } from "../utils/misc";
-import { IoWalletError } from "../utils/errors";
-import { DigitalCredentialsCatalogue } from "./types";
-import { getTrustAnchorEntityConfiguration } from "../trust/build-chain";
-/**
- * Fetch and parse the Digital Credential Catalogue from the Trust Anchor.
- * The catalogue's JWT signature is verified against the Trust Anchor's JWKs.
- *
- * @param trustAnchorUrl Base URL of the Trust Anchor
- * @param context.appFetch (optional) fetch API implementation. Default: built-in fetch
- * @returns The Digital Credential Catalogue payload
- */
-export const fetchAndParseCatalogue = async function (trustAnchorBaseUrl) {
-  let {
-    appFetch = fetch
-  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
-  const trustAnchorConfig = await getTrustAnchorEntityConfiguration(trustAnchorBaseUrl);
-  const responseText = await appFetch(`${trustAnchorConfig.payload.sub}/.well-known/credential-catalogue`, {
-    method: "GET"
-  }).then(hasStatusOrThrow(200)).then(res => res.text());
-  const responseJwt = decodeJwt(responseText);
-  const catalogueKid = responseJwt.protectedHeader.kid;
-  const trustAnchorJwk = trustAnchorConfig.payload.jwks.keys.find(jwk => jwk.kid === catalogueKid);
-  if (!trustAnchorJwk) {
-    throw new IoWalletError(`Could not find JWK with kid ${catalogueKid} in Trust Anchor's Entity Configuration`);
-  }
-  await verify(responseText, trustAnchorJwk);
-  const parsedDigitalCredentialsCatalogue = DigitalCredentialsCatalogue.parse({
-    header: responseJwt.protectedHeader,
-    payload: responseJwt.payload
-  });
-  return parsedDigitalCredentialsCatalogue.payload;
-};
-//# sourceMappingURL=fetch-and-parse-catalogue.js.map

package/lib/module/credentials-catalogue/fetch-and-parse-catalogue.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["decode","decodeJwt","verify","hasStatusOrThrow","IoWalletError","DigitalCredentialsCatalogue","getTrustAnchorEntityConfiguration","fetchAndParseCatalogue","trustAnchorBaseUrl","appFetch","fetch","arguments","length","undefined","trustAnchorConfig","responseText","payload","sub","method","then","res","text","responseJwt","catalogueKid","protectedHeader","kid","trustAnchorJwk","jwks","keys","find","jwk","parsedDigitalCredentialsCatalogue","parse","header"],"sourceRoot":"../../../src","sources":["credentials-catalogue/fetch-and-parse-catalogue.ts"],"mappings":"AAAA,SAASA,MAAM,IAAIC,SAAS,EAAEC,MAAM,QAAQ,6BAA6B;AACzE,SAASC,gBAAgB,QAAQ,eAAe;AAChD,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,2BAA2B,QAAQ,SAAS;AACrD,SAASC,iCAAiC,QAAQ,sBAAsB;AAMxE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,GAAG,eAAAA,CACpCC,kBAA0B,EAE0B;EAAA,IADpD;IAAEC,QAAQ,GAAGC;EAA2B,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAE9C,MAAMG,iBAAiB,GACrB,MAAMR,iCAAiC,CAACE,kBAAkB,CAAC;EAE7D,MAAMO,YAAY,GAAG,MAAMN,QAAQ,CAChC,GAAEK,iBAAiB,CAACE,OAAO,CAACC,GAAI,mCAAkC,EACnE;IAAEC,MAAM,EAAE;EAAM,CAClB,CAAC,CACEC,IAAI,CAAChB,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAC3BgB,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;EAE5B,MAAMC,WAAW,GAAGrB,SAAS,CAACc,YAAY,CAAC;EAC3C,MAAMQ,YAAY,GAAGD,WAAW,CAACE,eAAe,CAACC,GAAG;EAEpD,MAAMC,cAAc,GAAGZ,iBAAiB,CAACE,OAAO,CAACW,IAAI,CAACC,IAAI,CAACC,IAAI,CAC5DC,GAAG,IAAKA,GAAG,CAACL,GAAG,KAAKF,YACvB,CAAC;EAED,IAAI,CAACG,cAAc,EAAE;IACnB,MAAM,IAAItB,aAAa,CACpB,+BAA8BmB,YAAa,yCAC9C,CAAC;EACH;EAEA,MAAMrB,MAAM,CAACa,YAAY,EAAEW,cAAc,CAAC;EAE1C,MAAMK,iCAAiC,GAAG1B,2BAA2B,CAAC2B,KAAK,CAAC;IAC1EC,MAAM,EAAEX,WAAW,CAACE,eAAe;IACnCR,OAAO,EAAEM,WAAW,CAACN;EACvB,CAAC,CAAC;EAEF,OAAOe,iCAAiC,CAACf,OAAO;AAClD,CAAC"}

package/lib/module/credentials-catalogue/types.js DELETED Viewed

@@ -1,89 +0,0 @@
-import * as z from "zod";
-import { UnixTime } from "../sd-jwt/types";
-const CredentialPurpose = z.object({
-  id: z.string(),
-  description: z.string(),
-  category: z.string(),
-  subcategory: z.string(),
-  claims_required: z.array(z.string()),
-  claim_recommended: z.array(z.string())
-});
-const CredentialIssuer = z.object({
-  id: z.string(),
-  organization_name: z.string(),
-  organization_code: z.string(),
-  organization_country: z.string(),
-  contacts: z.array(z.string()).optional(),
-  homepage_uri: z.string().optional(),
-  logo_uri: z.string().optional(),
-  policy_uri: z.string().optional(),
-  tos_uri: z.string().optional()
-});
-const AuthenticSource = z.object({
-  id: z.string(),
-  organization_name: z.string(),
-  organization_code: z.string(),
-  organization_country: z.string(),
-  source_type: z.enum(["public", "private"]),
-  contacts: z.array(z.string()).optional(),
-  homepage_uri: z.string().optional(),
-  logo_uri: z.string().optional(),
-  user_information: z.string().optional()
-});
-const CredentialFormat = z.object({
-  configuration_id: z.string(),
-  format: z.enum(["dc+sd-jwt", "mso_mdoc"]),
-  vct: z.string().url().optional(),
-  docType: z.string().optional(),
-  schema_uri: z.string().url().optional(),
-  "schema_uri#integrity": z.string().optional()
-});
-const Claim = z.object({
-  name: z.string(),
-  taxonomy_ref: z.string(),
-  display_name: z.string()
-});
-export const DigitalCredential = z.object({
-  version: z.string(),
-  credential_type: z.string(),
-  legal_type: z.string(),
-  name: z.string(),
-  description: z.string(),
-  validity_info: z.object({
-    max_validity_days: z.number(),
-    status_methods: z.array(z.string()),
-    allowed_states: z.array(z.string())
-  }),
-  authentication: z.object({
-    user_auth_required: z.boolean(),
-    min_loa: z.string(),
-    supported_eid_schemes: z.array(z.string())
-  }),
-  purposes: z.array(CredentialPurpose),
-  issuers: z.array(CredentialIssuer),
-  authentic_sources: z.array(AuthenticSource),
-  formats: z.array(CredentialFormat),
-  claims: z.array(Claim)
-});
-/**
- * The Digital Credentials Catalogue published by the Trust Anchor
- *
- * @version 1.1.0
- * @see https://italia.github.io/eid-wallet-it-docs/releases/1.1.0/en/registry-catalogue.html
- */
-export const DigitalCredentialsCatalogue = z.object({
-  header: z.object({
-    typ: z.string(),
-    alg: z.string(),
-    kid: z.string()
-  }),
-  payload: z.object({
-    catalog_version: z.string(),
-    taxonomy_uri: z.string().url(),
-    credentials: z.array(DigitalCredential),
-    iat: UnixTime,
-    exp: UnixTime
-  })
-});
-//# sourceMappingURL=types.js.map