npm - @pagopa/io-react-native-wallet - Versions diffs - 2.5.0 → 3.0.0 - Mend

@pagopa/io-react-native-wallet 2.5.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1562) hide show

package/lib/commonjs/credential/presentation/common/utils/dcql.js ADDED Viewed

@@ -0,0 +1,164 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.pathToPresentationFrame = exports.getValidDcqlClaims = exports.getPresentationFrameFromDcqlMatch = exports.getDcqlQueryMatches = exports.getClaimsFromDcqlMatch = exports.extractFailedCredentialsDetails = void 0;
+var _object = require("../../../../utils/object");
+var _errors = require("../../../../utils/errors");
+var _types = require("../../../../sd-jwt/types");
+/**
+ * Extract only successful matches from the DCQL query result.
+ */
+const getDcqlQueryMatches = result => Object.entries(result.credential_matches).filter(_ref => {
+  let [, match] = _ref;
+  return match.success === true;
+});
+/**
+ * Extract only failed matches from the DCQL query result.
+ */
+exports.getDcqlQueryMatches = getDcqlQueryMatches;
+const getDcqlQueryFailedMatches = result => Object.entries(result.credential_matches).filter(_ref2 => {
+  let [, match] = _ref2;
+  return match.success === false;
+});
+/**
+ * Extract details related to failed credentials
+ */
+const extractFailedCredentialsDetails = queryResult => {
+  return getDcqlQueryFailedMatches(queryResult).map(_ref3 => {
+    var _match$failed_credent;
+    let [id, match] = _ref3;
+    const credential = queryResult.credentials.find(c => c.id === id);
+    const issues = (_match$failed_credent = match.failed_credentials) === null || _match$failed_credent === void 0 ? void 0 : _match$failed_credent.flatMap(c => {
+      if ("issues" in c.meta) {
+        return Object.values(c.meta.issues).flat();
+      }
+      if (c.claims.failed_claim_sets) {
+        return c.claims.failed_claim_sets.flatMap(cs => Object.values(cs.issues).flat());
+      }
+      return [];
+    });
+    if ((credential === null || credential === void 0 ? void 0 : credential.format) === "mso_mdoc") {
+      var _credential$meta;
+      return {
+        id,
+        issues,
+        format: credential.format,
+        doctypeValue: (_credential$meta = credential.meta) === null || _credential$meta === void 0 ? void 0 : _credential$meta.doctype_value
+      };
+    }
+    if ((credential === null || credential === void 0 ? void 0 : credential.format) === "dc+sd-jwt" || (credential === null || credential === void 0 ? void 0 : credential.format) === _types.LEGACY_SD_JWT) {
+      return {
+        id,
+        issues,
+        format: credential.format,
+        vctValues: credential.meta && "vct_values" in credential.meta ? credential.meta.vct_values : []
+      };
+    }
+    throw new _errors.IoWalletError(`Unsupported format: ${credential === null || credential === void 0 ? void 0 : credential.format}`);
+  });
+};
+/**
+ * Extract a compact list of claims from the `dcql` result.
+ * @param match The DCQL query match
+ * @returns The list of claims in {@link EvaluatedDisclosure} format
+ */
+exports.extractFailedCredentialsDetails = extractFailedCredentialsDetails;
+const getClaimsFromDcqlMatch = match => getValidDcqlClaims(match).flatMap(c => Object.entries(c.output).map(_ref4 => {
+  let [name, value] = _ref4;
+  return {
+    name,
+    value
+  };
+}));
+/**
+ * Recursively convert a claim path to a {@link PresentationFrame} for `@sd-jwt/present`
+ * @param path The claim path array
+ * @param claim The decoded claim
+ * @returns A presentation frame compatible with `@sd-jwt/present`
+ */
+exports.getClaimsFromDcqlMatch = getClaimsFromDcqlMatch;
+const pathToPresentationFrame = (path, claim) => {
+  const [segment, ...rest] = path;
+  // Base case: no more path segments to process
+  if (segment === undefined) {
+    // @ts-expect-error unwind recursion
+    return true;
+  }
+  // null path segments (lists) must include all elements in the list
+  if (segment === null) {
+    const [maybeArrayClaim] = Object.values(claim);
+    if (Array.isArray(maybeArrayClaim)) {
+      return maybeArrayClaim.reduce((acc, c, i) => ({
+        ...acc,
+        [i]: pathToPresentationFrame(rest, c)
+      }), {});
+    }
+    // @ts-expect-error unwind recursion
+    return true;
+  }
+  return {
+    [segment]: pathToPresentationFrame(rest, claim)
+  };
+};
+/**
+ * Build a presentation frame from the `dcql` result to use for disclosing the requested claims.
+ * @param match The DCQL query match
+ * @param originalQuery The original DCQL query
+ * @returns A presentation frame compatible with `@sd-jwt/present`
+ */
+exports.pathToPresentationFrame = pathToPresentationFrame;
+const getPresentationFrameFromDcqlMatch = (match, originalQuery) => {
+  var _originalQuery$creden;
+  // The original DCQL query claims are needed to get their path
+  const queryClaims = ((_originalQuery$creden = originalQuery.credentials.find(_ref5 => {
+    let {
+      id
+    } = _ref5;
+    return id === match.credential_query_id;
+  })) === null || _originalQuery$creden === void 0 ? void 0 : _originalQuery$creden.claims) ?? [];
+  if (queryClaims.length === 0) return {};
+  const typedQueryClaims = queryClaims;
+  // Build a presentation frame from each claim's path
+  return getValidDcqlClaims(match).reduce((acc, c) => {
+    const pf = pathToPresentationFrame(typedQueryClaims[c.claim_index].path, c.output);
+    // Merge objects with the same key to not lose objects that are already in the accumulator
+    for (const [key, value] of Object.entries(pf)) {
+      acc[key] = (0, _object.isObject)(value) ? Object.assign(value, acc[key]) : value;
+    }
+    return acc;
+  }, {});
+};
+/**
+ * Extract valid claims from a successful `dcql` match. The extracted claims
+ * come directly from the library, without any processing.
+ * @param match The DCQL query match
+ * @returns A list of raw `dcql` claims
+ */
+exports.getPresentationFrameFromDcqlMatch = getPresentationFrameFromDcqlMatch;
+const getValidDcqlClaims = match => {
+  var _match$valid_credenti, _match$valid_credenti2;
+  const validClaims = (_match$valid_credenti = match.valid_credentials) === null || _match$valid_credenti === void 0 || (_match$valid_credenti = _match$valid_credenti[0]) === null || _match$valid_credenti === void 0 || (_match$valid_credenti = _match$valid_credenti.claims) === null || _match$valid_credenti === void 0 ? void 0 : _match$valid_credenti.valid_claims;
+  if (!validClaims) return [];
+  const [validClaimSet] = ((_match$valid_credenti2 = match.valid_credentials) === null || _match$valid_credenti2 === void 0 || (_match$valid_credenti2 = _match$valid_credenti2[0]) === null || _match$valid_credenti2 === void 0 || (_match$valid_credenti2 = _match$valid_credenti2.claims) === null || _match$valid_credenti2 === void 0 ? void 0 : _match$valid_credenti2.valid_claim_sets) ?? [];
+  // If there is a valid claim set, only claims from that set must be disclosed
+  // We select claims in the order they are defined in the set
+  if (validClaimSet) {
+    var _validClaimSet$valid_;
+    return ((_validClaimSet$valid_ = validClaimSet.valid_claim_indexes) === null || _validClaimSet$valid_ === void 0 ? void 0 : _validClaimSet$valid_.map(i => validClaims.find(c => c.claim_index === i))) ?? [];
+  }
+  return validClaims;
+};
+exports.getValidDcqlClaims = getValidDcqlClaims;
+//# sourceMappingURL=dcql.js.map

package/lib/commonjs/credential/presentation/common/utils/dcql.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_object","require","_errors","_types","getDcqlQueryMatches","result","Object","entries","credential_matches","filter","_ref","match","success","exports","getDcqlQueryFailedMatches","_ref2","extractFailedCredentialsDetails","queryResult","map","_ref3","_match$failed_credent","id","credential","credentials","find","c","issues","failed_credentials","flatMap","meta","values","flat","claims","failed_claim_sets","cs","format","_credential$meta","doctypeValue","doctype_value","LEGACY_SD_JWT","vctValues","vct_values","IoWalletError","getClaimsFromDcqlMatch","getValidDcqlClaims","output","_ref4","name","value","pathToPresentationFrame","path","claim","segment","rest","undefined","maybeArrayClaim","Array","isArray","reduce","acc","i","getPresentationFrameFromDcqlMatch","originalQuery","_originalQuery$creden","queryClaims","_ref5","credential_query_id","length","typedQueryClaims","pf","claim_index","key","isObject","assign","_match$valid_credenti","_match$valid_credenti2","validClaims","valid_credentials","valid_claims","validClaimSet","valid_claim_sets","_validClaimSet$valid_","valid_claim_indexes"],"sourceRoot":"../../../../../../src","sources":["credential/presentation/common/utils/dcql.ts"],"mappings":";;;;;;AACA,IAAAA,OAAA,GAAAC,OAAA;AAEA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAaA;AACA;AACA;AACO,MAAMG,mBAAmB,GAAIC,MAAuB,IACzDC,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,kBAAkB,CAAC,CAACC,MAAM,CAC9CC,IAAA;EAAA,IAAC,GAAGC,KAAK,CAAC,GAAAD,IAAA;EAAA,OAAKC,KAAK,CAACC,OAAO,KAAK,IAAI;AAAA,CACvC,CAAiC;;AAEnC;AACA;AACA;AAFAC,OAAA,CAAAT,mBAAA,GAAAA,mBAAA;AAGA,MAAMU,yBAAyB,GAAIT,MAAuB,IACxDC,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,kBAAkB,CAAC,CAACC,MAAM,CAC9CM,KAAA;EAAA,IAAC,GAAGJ,KAAK,CAAC,GAAAI,KAAA;EAAA,OAAKJ,KAAK,CAACC,OAAO,KAAK,KAAK;AAAA,CACxC,CAAiC;;AAEnC;AACA;AACA;AACO,MAAMI,+BAA+B,GAC1CC,WAA4B,IACP;EACrB,OAAOH,yBAAyB,CAACG,WAAW,CAAC,CAACC,GAAG,CAACC,KAAA,IAAiB;IAAA,IAAAC,qBAAA;IAAA,IAAhB,CAACC,EAAE,EAAEV,KAAK,CAAC,GAAAQ,KAAA;IAC5D,MAAMG,UAAU,GAAGL,WAAW,CAACM,WAAW,CAACC,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACJ,EAAE,KAAKA,EAAE,CAAC;IAEnE,MAAMK,MAAM,IAAAN,qBAAA,GAAGT,KAAK,CAACgB,kBAAkB,cAAAP,qBAAA,uBAAxBA,qBAAA,CAA0BQ,OAAO,CAAEH,CAAC,IAAK;MACtD,IAAI,QAAQ,IAAIA,CAAC,CAACI,IAAI,EAAE;QACtB,OAAOvB,MAAM,CAACwB,MAAM,CAACL,CAAC,CAACI,IAAI,CAACH,MAAM,CAAC,CAACK,IAAI,CAAC,CAAC;MAC5C;MACA,IAAIN,CAAC,CAACO,MAAM,CAACC,iBAAiB,EAAE;QAC9B,OAAOR,CAAC,CAACO,MAAM,CAACC,iBAAiB,CAACL,OAAO,CACtCM,EAAE,IAAK5B,MAAM,CAACwB,MAAM,CAACI,EAAE,CAACR,MAAM,CAAC,CAACK,IAAI,CAAC,CACxC,CAAC;MACH;MACA,OAAO,EAAE;IACX,CAAC,CAAC;IAEF,IAAI,CAAAT,UAAU,aAAVA,UAAU,uBAAVA,UAAU,CAAEa,MAAM,MAAK,UAAU,EAAE;MAAA,IAAAC,gBAAA;MACrC,OAAO;QACLf,EAAE;QACFK,MAAM;QACNS,MAAM,EAAEb,UAAU,CAACa,MAAM;QACzBE,YAAY,GAAAD,gBAAA,GAAEd,UAAU,CAACO,IAAI,cAAAO,gBAAA,uBAAfA,gBAAA,CAAiBE;MACjC,CAAC;IACH;IAEA,IACE,CAAAhB,UAAU,aAAVA,UAAU,uBAAVA,UAAU,CAAEa,MAAM,MAAK,WAAW,IAClC,CAAAb,UAAU,aAAVA,UAAU,uBAAVA,UAAU,CAAEa,MAAM,MAAKI,oBAAa,EACpC;MACA,OAAO;QACLlB,EAAE;QACFK,MAAM;QACNS,MAAM,EAAEb,UAAU,CAACa,MAAM;QACzBK,SAAS,EACPlB,UAAU,CAACO,IAAI,IAAI,YAAY,IAAIP,UAAU,CAACO,IAAI,GAC9CP,UAAU,CAACO,IAAI,CAACY,UAAU,GAC1B;MACR,CAAC;IACH;IACA,MAAM,IAAIC,qBAAa,CAAE,uBAAsBpB,UAAU,aAAVA,UAAU,uBAAVA,UAAU,CAAEa,MAAO,EAAC,CAAC;EACtE,CAAC,CAAC;AACJ,CAAC;;AAED;AACA;AACA;AACA;AACA;AAJAtB,OAAA,CAAAG,+BAAA,GAAAA,+BAAA;AAKO,MAAM2B,sBAAsB,GACjChC,KAAsC,IAEtCiC,kBAAkB,CAACjC,KAAK,CAAC,CAACiB,OAAO,CAAEH,CAAC,IAClCnB,MAAM,CAACC,OAAO,CAACkB,CAAC,CAACoB,MAAM,CAAC,CAAC3B,GAAG,CAAC4B,KAAA;EAAA,IAAC,CAACC,IAAI,EAAEC,KAAK,CAAC,GAAAF,KAAA;EAAA,OAAM;IAAEC,IAAI;IAAEC;EAAM,CAAC;AAAA,CAAC,CACnE,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AALAnC,OAAA,CAAA8B,sBAAA,GAAAA,sBAAA;AAMO,MAAMM,uBAAuB,GAAGA,CACrCC,IAAgC,EAChCC,KAA8B,KACR;EACtB,MAAM,CAACC,OAAO,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI;;EAE/B;EACA,IAAIE,OAAO,KAAKE,SAAS,EAAE;IACzB;IACA,OAAO,IAAI;EACb;;EAEA;EACA,IAAIF,OAAO,KAAK,IAAI,EAAE;IACpB,MAAM,CAACG,eAAe,CAAC,GAAGjD,MAAM,CAACwB,MAAM,CAACqB,KAAK,CAAC;IAC9C,IAAIK,KAAK,CAACC,OAAO,CAACF,eAAe,CAAC,EAAE;MAClC,OAAOA,eAAe,CAACG,MAAM,CAC3B,CAACC,GAAG,EAAElC,CAAC,EAAEmC,CAAC,MAAM;QAAE,GAAGD,GAAG;QAAE,CAACC,CAAC,GAAGX,uBAAuB,CAACI,IAAI,EAAE5B,CAAC;MAAE,CAAC,CAAC,EAClE,CAAC,CACH,CAAC;IACH;IACA;IACA,OAAO,IAAI;EACb;EAEA,OAAO;IACL,CAAC2B,OAAO,GAAGH,uBAAuB,CAACI,IAAI,EAAEF,KAAK;EAChD,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AALAtC,OAAA,CAAAoC,uBAAA,GAAAA,uBAAA;AAMO,MAAMY,iCAAiC,GAAGA,CAC/ClD,KAAsC,EACtCmD,aAAwB,KACF;EAAA,IAAAC,qBAAA;EACtB;EACA,MAAMC,WAAW,GACf,EAAAD,qBAAA,GAAAD,aAAa,CAACvC,WAAW,CAACC,IAAI,CAACyC,KAAA;IAAA,IAAC;MAAE5C;IAAG,CAAC,GAAA4C,KAAA;IAAA,OAAK5C,EAAE,KAAKV,KAAK,CAACuD,mBAAmB;EAAA,EAAC,cAAAH,qBAAA,uBAA5EA,qBAAA,CACI/B,MAAM,KAAI,EAAE;EAElB,IAAIgC,WAAW,CAACG,MAAM,KAAK,CAAC,EAAE,OAAO,CAAC,CAAC;EAEvC,MAAMC,gBAAgB,GAAGJ,WAA8C;;EAEvE;EACA,OAAOpB,kBAAkB,CAACjC,KAAK,CAAC,CAAC+C,MAAM,CAAC,CAACC,GAAG,EAAElC,CAAC,KAAK;IAClD,MAAM4C,EAAE,GAAGpB,uBAAuB,CAChCmB,gBAAgB,CAAC3C,CAAC,CAAC6C,WAAW,CAAC,CAAEpB,IAAI,EACrCzB,CAAC,CAACoB,MACJ,CAAC;IACD;IACA,KAAK,MAAM,CAAC0B,GAAG,EAAEvB,KAAK,CAAC,IAAI1C,MAAM,CAACC,OAAO,CAAC8D,EAAE,CAAC,EAAE;MAC7CV,GAAG,CAACY,GAAG,CAAC,GAAG,IAAAC,gBAAQ,EAACxB,KAAK,CAAC,GAAG1C,MAAM,CAACmE,MAAM,CAACzB,KAAK,EAAEW,GAAG,CAACY,GAAG,CAAC,CAAC,GAAGvB,KAAK;IACrE;IACA,OAAOW,GAAG;EACZ,CAAC,EAAE,CAAC,CAAsB,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AALA9C,OAAA,CAAAgD,iCAAA,GAAAA,iCAAA;AAMO,MAAMjB,kBAAkB,GAAIjC,KAAsC,IAAK;EAAA,IAAA+D,qBAAA,EAAAC,sBAAA;EAC5E,MAAMC,WAAW,IAAAF,qBAAA,GAAG/D,KAAK,CAACkE,iBAAiB,cAAAH,qBAAA,gBAAAA,qBAAA,GAAvBA,qBAAA,CAA0B,CAAC,CAAC,cAAAA,qBAAA,gBAAAA,qBAAA,GAA5BA,qBAAA,CAA8B1C,MAAM,cAAA0C,qBAAA,uBAApCA,qBAAA,CAAsCI,YAAY;EAEtE,IAAI,CAACF,WAAW,EAAE,OAAO,EAAE;EAE3B,MAAM,CAACG,aAAa,CAAC,GACnB,EAAAJ,sBAAA,GAAAhE,KAAK,CAACkE,iBAAiB,cAAAF,sBAAA,gBAAAA,sBAAA,GAAvBA,sBAAA,CAA0B,CAAC,CAAC,cAAAA,sBAAA,gBAAAA,sBAAA,GAA5BA,sBAAA,CAA8B3C,MAAM,cAAA2C,sBAAA,uBAApCA,sBAAA,CAAsCK,gBAAgB,KAAI,EAAE;;EAE9D;EACA;EACA,IAAID,aAAa,EAAE;IAAA,IAAAE,qBAAA;IACjB,OACE,EAAAA,qBAAA,GAAAF,aAAa,CAACG,mBAAmB,cAAAD,qBAAA,uBAAjCA,qBAAA,CAAmC/D,GAAG,CACnC0C,CAAC,IAAKgB,WAAW,CAACpD,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAAC6C,WAAW,KAAKV,CAAC,CACpD,CAAC,KAAI,EAAE;EAEX;EAEA,OAAOgB,WAAW;AACpB,CAAC;AAAC/D,OAAA,CAAA+B,kBAAA,GAAAA,kBAAA"}

package/lib/commonjs/credential/presentation/common/utils/http.js ADDED Viewed

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.buildDirectPostBody = void 0;
+/**
+ * Builds a URL-encoded form body for a direct POST response without encryption.
+ *
+ * @param requestObject - Contains state, nonce, and other relevant info.
+ * @param payload - Object that contains either the VP token to encrypt and the stringified mapping of the credential disclosures or the error code
+ * @returns A URL-encoded string suitable for an `application/x-www-form-urlencoded` POST body.
+ */
+const buildDirectPostBody = async (requestObject, payload) => {
+  const formUrlEncodedBody = new URLSearchParams({
+    state: requestObject.state,
+    ...Object.entries(payload).reduce((acc, _ref) => {
+      let [key, value] = _ref;
+      return {
+        ...acc,
+        [key]: Array.isArray(value) || typeof value === "object" ? JSON.stringify(value) : value
+      };
+    }, {})
+  });
+  return formUrlEncodedBody.toString();
+};
+exports.buildDirectPostBody = buildDirectPostBody;
+//# sourceMappingURL=http.js.map

package/lib/commonjs/credential/presentation/common/utils/http.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["buildDirectPostBody","requestObject","payload","formUrlEncodedBody","URLSearchParams","state","Object","entries","reduce","acc","_ref","key","value","Array","isArray","JSON","stringify","toString","exports"],"sourceRoot":"../../../../../../src","sources":["credential/presentation/common/utils/http.ts"],"mappings":";;;;;;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMA,mBAAmB,GAAG,MAAAA,CACjCC,aAA4B,EAC5BC,OAAuC,KACnB;EACpB,MAAMC,kBAAkB,GAAG,IAAIC,eAAe,CAAC;IAC7CC,KAAK,EAAEJ,aAAa,CAACI,KAAK;IAC1B,GAAGC,MAAM,CAACC,OAAO,CAACL,OAAO,CAAC,CAACM,MAAM,CAC/B,CAACC,GAAG,EAAAC,IAAA;MAAA,IAAE,CAACC,GAAG,EAAEC,KAAK,CAAC,GAAAF,IAAA;MAAA,OAAM;QACtB,GAAGD,GAAG;QACN,CAACE,GAAG,GACFE,KAAK,CAACC,OAAO,CAACF,KAAK,CAAC,IAAI,OAAOA,KAAK,KAAK,QAAQ,GAC7CG,IAAI,CAACC,SAAS,CAACJ,KAAK,CAAC,GACrBA;MACR,CAAC;IAAA,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC;EAEF,OAAOT,kBAAkB,CAACc,QAAQ,CAAC,CAAC;AACtC,CAAC;AAACC,OAAA,CAAAlB,mBAAA,GAAAA,mBAAA"}

package/lib/commonjs/credential/presentation/common/utils/sd-jwt.js ADDED Viewed

@@ -0,0 +1,56 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.mapCredentialsToObj = void 0;
+var _core = require("@sd-jwt/core");
+var _decode = require("@sd-jwt/decode");
+var _cryptoNodejs = require("@sd-jwt/crypto-nodejs");
+var _errors = require("../../../../utils/errors");
+var _types = require("../../../../sd-jwt/types");
+/**
+ * List of claims to remove from the SD-JWT before evaluating the DCQL query.
+ */
+const NON_DISCLOSABLE_CLAIMS = ["status", "cnf", "exp"];
+/**
+ * Extract claims from disclosures for use in `dcql` library.
+ */
+const getClaimsFromDecodedSdJwt = async decodedRawSdJwt => {
+  var _decodedRawSdJwt$jwt;
+  if (!((_decodedRawSdJwt$jwt = decodedRawSdJwt.jwt) !== null && _decodedRawSdJwt$jwt !== void 0 && _decodedRawSdJwt$jwt.payload)) {
+    throw new _errors.IoWalletError("Can't decode SD-JWT");
+  }
+  const claims = await (0, _decode.getClaims)(decodedRawSdJwt.jwt.payload, decodedRawSdJwt.disclosures ?? [], _cryptoNodejs.digest);
+  for (const claim of NON_DISCLOSABLE_CLAIMS) {
+    delete claims[claim];
+  }
+  return claims;
+};
+/**
+ * Convert a list of credential in SD-JWT format to a list of objects
+ * with claims for correct parsing by the `dcql` library.
+ * @param credentials The raw SD-JWT credentials
+ * @returns List of `dcql` compatible objects
+ */
+const mapCredentialsToObj = async credentials => {
+  const sdJwt = new _core.SDJwtInstance({
+    hasher: _cryptoNodejs.digest
+  });
+  return Promise.all(credentials.map(async credential => {
+    var _decodedRawSdJwt$jwt2, _decodedRawSdJwt$jwt3;
+    const decodedRawSdJwt = await sdJwt.decode(credential[1]);
+    const claims = await getClaimsFromDecodedSdJwt(decodedRawSdJwt);
+    return {
+      vct: (_decodedRawSdJwt$jwt2 = decodedRawSdJwt.jwt) === null || _decodedRawSdJwt$jwt2 === void 0 || (_decodedRawSdJwt$jwt2 = _decodedRawSdJwt$jwt2.payload) === null || _decodedRawSdJwt$jwt2 === void 0 ? void 0 : _decodedRawSdJwt$jwt2.vct,
+      credential_format: ((_decodedRawSdJwt$jwt3 = decodedRawSdJwt.jwt) === null || _decodedRawSdJwt$jwt3 === void 0 || (_decodedRawSdJwt$jwt3 = _decodedRawSdJwt$jwt3.header) === null || _decodedRawSdJwt$jwt3 === void 0 ? void 0 : _decodedRawSdJwt$jwt3.typ) === _types.LEGACY_SD_JWT ? _types.LEGACY_SD_JWT : "dc+sd-jwt",
+      cryptographic_holder_binding: true,
+      claims,
+      original_credential: credential
+    };
+  }));
+};
+exports.mapCredentialsToObj = mapCredentialsToObj;
+//# sourceMappingURL=sd-jwt.js.map

package/lib/commonjs/credential/presentation/common/utils/sd-jwt.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_core","require","_decode","_cryptoNodejs","_errors","_types","NON_DISCLOSABLE_CLAIMS","getClaimsFromDecodedSdJwt","decodedRawSdJwt","_decodedRawSdJwt$jwt","jwt","payload","IoWalletError","claims","getClaims","disclosures","digest","claim","mapCredentialsToObj","credentials","sdJwt","SDJwtInstance","hasher","Promise","all","map","credential","_decodedRawSdJwt$jwt2","_decodedRawSdJwt$jwt3","decode","vct","credential_format","header","typ","LEGACY_SD_JWT","cryptographic_holder_binding","original_credential","exports"],"sourceRoot":"../../../../../../src","sources":["credential/presentation/common/utils/sd-jwt.ts"],"mappings":";;;;;;AAAA,IAAAA,KAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,aAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,MAAA,GAAAJ,OAAA;AAOA;AACA;AACA;AACA,MAAMK,sBAAsB,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC;;AAEvD;AACA;AACA;AACA,MAAMC,yBAAyB,GAAG,MAAOC,eAAsB,IAAK;EAAA,IAAAC,oBAAA;EAClE,IAAI,GAAAA,oBAAA,GAACD,eAAe,CAACE,GAAG,cAAAD,oBAAA,eAAnBA,oBAAA,CAAqBE,OAAO,GAAE;IACjC,MAAM,IAAIC,qBAAa,CAAC,qBAAqB,CAAC;EAChD;EAEA,MAAMC,MAAM,GAAG,MAAM,IAAAC,iBAAS,EAC5BN,eAAe,CAACE,GAAG,CAACC,OAAO,EAC3BH,eAAe,CAACO,WAAW,IAAI,EAAE,EACjCC,oBACF,CAAC;EAED,KAAK,MAAMC,KAAK,IAAIX,sBAAsB,EAAE;IAC1C,OAAOO,MAAM,CAACI,KAAK,CAAC;EACtB;EAEA,OAAOJ,MAAM;AACf,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACO,MAAMK,mBAAmB,GAAG,MACjCC,WAA8B,IACa;EAC3C,MAAMC,KAAK,GAAG,IAAIC,mBAAa,CAAC;IAC9BC,MAAM,EAAEN;EACV,CAAC,CAAC;EAEF,OAAOO,OAAO,CAACC,GAAG,CAChBL,WAAW,CAACM,GAAG,CAAC,MAAOC,UAAU,IAAK;IAAA,IAAAC,qBAAA,EAAAC,qBAAA;IACpC,MAAMpB,eAAe,GAAG,MAAMY,KAAK,CAACS,MAAM,CAACH,UAAU,CAAC,CAAC,CAAC,CAAC;IACzD,MAAMb,MAAM,GAAG,MAAMN,yBAAyB,CAACC,eAAe,CAAC;IAC/D,OAAO;MACLsB,GAAG,GAAAH,qBAAA,GAAEnB,eAAe,CAACE,GAAG,cAAAiB,qBAAA,gBAAAA,qBAAA,GAAnBA,qBAAA,CAAqBhB,OAAO,cAAAgB,qBAAA,uBAA5BA,qBAAA,CAA8BG,GAAa;MAChDC,iBAAiB,EACf,EAAAH,qBAAA,GAAApB,eAAe,CAACE,GAAG,cAAAkB,qBAAA,gBAAAA,qBAAA,GAAnBA,qBAAA,CAAqBI,MAAM,cAAAJ,qBAAA,uBAA3BA,qBAAA,CAA6BK,GAAG,MAAKC,oBAAa,GAC9CA,oBAAa,GACb,WAAW;MACjBC,4BAA4B,EAAE,IAAI;MAClCtB,MAAM;MACNuB,mBAAmB,EAAEV;IACvB,CAAC;EACH,CAAC,CACH,CAAC;AACH,CAAC;AAACW,OAAA,CAAAnB,mBAAA,GAAAA,mBAAA"}

package/lib/commonjs/credential/presentation/common/utils.js ADDED Viewed

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.buildDirectPostBody = void 0;
+/**
+ * Builds a URL-encoded form body for a direct POST response without encryption.
+ *
+ * @param requestObject - Contains state, nonce, and other relevant info.
+ * @param payload - Object that contains either the VP token to encrypt and the stringified mapping of the credential disclosures or the error code
+ * @returns A URL-encoded string suitable for an `application/x-www-form-urlencoded` POST body.
+ */
+const buildDirectPostBody = async (requestObject, payload) => {
+  const formUrlEncodedBody = new URLSearchParams({
+    state: requestObject.state,
+    ...Object.entries(payload).reduce((acc, _ref) => {
+      let [key, value] = _ref;
+      return {
+        ...acc,
+        [key]: Array.isArray(value) || typeof value === "object" ? JSON.stringify(value) : value
+      };
+    }, {})
+  });
+  return formUrlEncodedBody.toString();
+};
+exports.buildDirectPostBody = buildDirectPostBody;
+//# sourceMappingURL=utils.js.map

package/lib/commonjs/credential/presentation/common/utils.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["buildDirectPostBody","requestObject","payload","formUrlEncodedBody","URLSearchParams","state","Object","entries","reduce","acc","_ref","key","value","Array","isArray","JSON","stringify","toString","exports"],"sourceRoot":"../../../../../src","sources":["credential/presentation/common/utils.ts"],"mappings":";;;;;;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMA,mBAAmB,GAAG,MAAAA,CACjCC,aAA4B,EAC5BC,OAAuC,KACnB;EACpB,MAAMC,kBAAkB,GAAG,IAAIC,eAAe,CAAC;IAC7CC,KAAK,EAAEJ,aAAa,CAACI,KAAK;IAC1B,GAAGC,MAAM,CAACC,OAAO,CAACL,OAAO,CAAC,CAACM,MAAM,CAC/B,CAACC,GAAG,EAAAC,IAAA;MAAA,IAAE,CAACC,GAAG,EAAEC,KAAK,CAAC,GAAAF,IAAA;MAAA,OAAM;QACtB,GAAGD,GAAG;QACN,CAACE,GAAG,GACFE,KAAK,CAACC,OAAO,CAACF,KAAK,CAAC,IAAI,OAAOA,KAAK,KAAK,QAAQ,GAC7CG,IAAI,CAACC,SAAS,CAACJ,KAAK,CAAC,GACrBA;MACR,CAAC;IAAA,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC;EAEF,OAAOT,kBAAkB,CAACc,QAAQ,CAAC,CAAC;AACtC,CAAC;AAACC,OAAA,CAAAlB,mBAAA,GAAAA,mBAAA"}

package/lib/commonjs/credential/presentation/index.js CHANGED Viewed

@@ -4,95 +4,22 @@ Object.defineProperty(exports, "__esModule", {
   value: true
 });
 exports.Errors = void 0;
-Object.defineProperty(exports, "evaluateDcqlQuery", {
+Object.defineProperty(exports, "V1_0_0", {
   enumerable: true,
   get: function () {
-    return _evaluateDcqlQuery.evaluateDcqlQuery;
+    return _v.RemotePresentation;
   }
 });
-Object.defineProperty(exports, "evaluateInputDescriptors", {
+Object.defineProperty(exports, "V1_3_3", {
   enumerable: true,
   get: function () {
-    return _evaluateInputDescriptor.evaluateInputDescriptors;
+    return _v2.RemotePresentation;
   }
 });
-Object.defineProperty(exports, "evaluateRelyingPartyTrust", {
-  enumerable: true,
-  get: function () {
-    return _evaluateRpTrust.evaluateRelyingPartyTrust;
-  }
-});
-Object.defineProperty(exports, "fetchPresentDefinition", {
-  enumerable: true,
-  get: function () {
-    return _fetchPresentationDefinition.fetchPresentDefinition;
-  }
-});
-Object.defineProperty(exports, "getJwksFromConfig", {
-  enumerable: true,
-  get: function () {
-    return _retrieveRpJwks.getJwksFromConfig;
-  }
-});
-Object.defineProperty(exports, "getRequestObject", {
-  enumerable: true,
-  get: function () {
-    return _getRequestObject.getRequestObject;
-  }
-});
-Object.defineProperty(exports, "prepareLegacyRemotePresentations", {
-  enumerable: true,
-  get: function () {
-    return _evaluateInputDescriptor.prepareLegacyRemotePresentations;
-  }
-});
-Object.defineProperty(exports, "prepareRemotePresentations", {
-  enumerable: true,
-  get: function () {
-    return _evaluateDcqlQuery.prepareRemotePresentations;
-  }
-});
-Object.defineProperty(exports, "sendAuthorizationErrorResponse", {
-  enumerable: true,
-  get: function () {
-    return _sendAuthorizationResponse.sendAuthorizationErrorResponse;
-  }
-});
-Object.defineProperty(exports, "sendAuthorizationResponse", {
-  enumerable: true,
-  get: function () {
-    return _sendAuthorizationResponse.sendAuthorizationResponse;
-  }
-});
-Object.defineProperty(exports, "sendLegacyAuthorizationResponse", {
-  enumerable: true,
-  get: function () {
-    return _sendAuthorizationResponse.sendLegacyAuthorizationResponse;
-  }
-});
-Object.defineProperty(exports, "startFlowFromQR", {
-  enumerable: true,
-  get: function () {
-    return _startFlow.startFlowFromQR;
-  }
-});
-Object.defineProperty(exports, "verifyRequestObject", {
-  enumerable: true,
-  get: function () {
-    return _verifyRequestObject.verifyRequestObject;
-  }
-});
-var _startFlow = require("./01-start-flow");
-var _evaluateRpTrust = require("./02-evaluate-rp-trust");
-var _getRequestObject = require("./03-get-request-object");
-var _retrieveRpJwks = require("./04-retrieve-rp-jwks");
-var _verifyRequestObject = require("./05-verify-request-object");
-var _fetchPresentationDefinition = require("./06-fetch-presentation-definition");
-var _evaluateInputDescriptor = require("./07-evaluate-input-descriptor");
-var _evaluateDcqlQuery = require("./07-evaluate-dcql-query");
-var _sendAuthorizationResponse = require("./08-send-authorization-response");
-var Errors = _interopRequireWildcard(require("./errors"));
+var Errors = _interopRequireWildcard(require("./common/errors"));
 exports.Errors = Errors;
+var _v = require("./v1.0.0");
+var _v2 = require("./v1.3.3");
 function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
 //# sourceMappingURL=index.js.map

package/lib/commonjs/credential/presentation/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["~~_startFlow~~","~~require~~","~~_evaluateRpTrust~~","~~_getRequestObject~~","~~_retrieveRpJwks~~","~~_verifyRequestObject~~","~~_fetchPresentationDefinition","_evaluateInputDescriptor","_evaluateDcqlQuery","_sendAuthorizationResponse","Errors","_interopRequireWildcard","exports","~~_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../../../src","sources":["credential/presentation/index.ts"],"mappings":"~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~AAAA,IAAAA,~~UAAA~~,GAAAC,~~OAAA;AACA~~,~~IAAAC~~,~~gBAAA,GAAAD,~~OAAA;~~AAIA~~,~~IAAAE,iBAAA,GAAAF,~~OAAA~~;AAIA~~,~~IAAAG~~,~~eAAA~~,~~GAAAH~~,~~OAAA~~;~~AACA~~,IAAAI,~~oBAAA~~,~~GAAAJ~~,OAAA;~~AAIA~~,~~IAAAK~~,~~4BAAA~~,~~GAAAL~~,OAAA;~~AAIA~~,~~IAAAM~~,~~wBAAA,GAAAN,OAAA;AAMA,IAAAO,kBAAA,GAAAP,OAAA;AAMA,IAAAQ,0BAAA,GAAAR,OAAA;AAQA,IAAAS,MAAA,GAAAC,uBAAA,CAAAV,OAAA;AAAmCW,OAAA,CAAAF,MAAA,GAAAA,MAAA;AAAA,SAAAG,~~yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,~~SAAAH~~,~~wBAAAO~~,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}
1	+ {"version":3,"names":["Errors","_interopRequireWildcard","require","exports","_v","_v2","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set"],"sourceRoot":"../../../../src","sources":["credential/presentation/index.ts"],"mappings":";;;;;;;;;;;;;;;;;;AAAA,IAAAA,MAAA,GAAAC,uBAAA,CAAAC,OAAA;AAA0CC,OAAA,CAAAH,MAAA,GAAAA,MAAA;AAG1C,IAAAI,EAAA,GAAAF,OAAA;AACA,IAAAG,GAAA,GAAAH,OAAA;AAAwD,SAAAI,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAN,wBAAAU,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA"}

package/lib/commonjs/credential/presentation/v1.0.0/01-start-flow.js ADDED Viewed

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.startFlowFromQR = void 0;
+var _errors = require("../common/errors");
+var _types = require("../api/types");
+const startFlowFromQR = params => {
+  const result = _types.PresentationParams.safeParse({
+    ...params,
+    request_uri_method: params.request_uri_method ?? "get"
+  });
+  if (!result.success) throw new _errors.InvalidQRCodeError(result.error.message);
+  if (!result.data.request_uri) {
+    throw new _errors.InvalidQRCodeError("Invalid QR code missing the required 'request_uri' parameter.");
+  }
+  return result.data;
+};
+exports.startFlowFromQR = startFlowFromQR;
+//# sourceMappingURL=01-start-flow.js.map

package/lib/commonjs/credential/presentation/v1.0.0/01-start-flow.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_errors","require","_types","startFlowFromQR","params","result","PresentationParams","safeParse","request_uri_method","success","InvalidQRCodeError","error","message","data","request_uri","exports"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/01-start-flow.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AAEA,IAAAC,MAAA,GAAAD,OAAA;AAEO,MAAME,eAAyD,GACpEC,MAAM,IACH;EACH,MAAMC,MAAM,GAAGC,yBAAkB,CAACC,SAAS,CAAC;IAC1C,GAAGH,MAAM;IACTI,kBAAkB,EAAEJ,MAAM,CAACI,kBAAkB,IAAI;EACnD,CAAC,CAAC;EAEF,IAAI,CAACH,MAAM,CAACI,OAAO,EAAE,MAAM,IAAIC,0BAAkB,CAACL,MAAM,CAACM,KAAK,CAACC,OAAO,CAAC;EAEvE,IAAI,CAACP,MAAM,CAACQ,IAAI,CAACC,WAAW,EAAE;IAC5B,MAAM,IAAIJ,0BAAkB,CAC1B,+DACF,CAAC;EACH;EAEA,OAAOL,MAAM,CAACQ,IAAI;AACpB,CAAC;AAACE,OAAA,CAAAZ,eAAA,GAAAA,eAAA"}

package/lib/commonjs/credential/presentation/v1.0.0/02-evaluate-rp-trust.js ADDED Viewed

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.evaluateRelyingPartyTrust = void 0;
+var _entities = require("../../../trust/v1.0.0/entities");
+var _mappers = require("./mappers");
+const evaluateRelyingPartyTrust = async function (rpUrl) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  const rpEntityConfiguration = await (0, _entities.getRelyingPartyEntityConfiguration)(rpUrl, {
+    appFetch
+  });
+  return {
+    rpConf: (0, _mappers.mapToRelyingPartyConfig)(rpEntityConfiguration)
+  };
+};
+exports.evaluateRelyingPartyTrust = evaluateRelyingPartyTrust;
+//# sourceMappingURL=02-evaluate-rp-trust.js.map

package/lib/commonjs/credential/presentation/v1.0.0/02-evaluate-rp-trust.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_entities","require","_mappers","evaluateRelyingPartyTrust","rpUrl","appFetch","fetch","arguments","length","undefined","rpEntityConfiguration","getRelyingPartyEntityConfiguration","rpConf","mapToRelyingPartyConfig","exports"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/02-evaluate-rp-trust.ts"],"mappings":";;;;;;AAAA,IAAAA,SAAA,GAAAC,OAAA;AAEA,IAAAC,QAAA,GAAAD,OAAA;AAEO,MAAME,yBAA6E,GACxF,eAAAA,CAAOC,KAAK,EAAgC;EAAA,IAA9B;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EACrC,MAAMG,qBAAqB,GAAG,MAAM,IAAAC,4CAAkC,EACpEP,KAAK,EACL;IAAEC;EAAS,CACb,CAAC;EACD,OAAO;IACLO,MAAM,EAAE,IAAAC,gCAAuB,EAACH,qBAAqB;EACvD,CAAC;AACH,CAAC;AAACI,OAAA,CAAAX,yBAAA,GAAAA,yBAAA"}

package/lib/commonjs/credential/presentation/v1.0.0/03-get-request-object.js ADDED Viewed

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.getRequestObject = void 0;
+var _errors = require("../../../utils/errors");
+var _misc = require("../../../utils/misc");
+var _types = require("../api/types");
+var _errors2 = require("../common/errors");
+const getRequestObject = async function (authorizationRequestUrl) {
+  let {
+    appFetch = fetch,
+    walletCapabilities
+  } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {};
+  const authorizationUrl = new URL(authorizationRequestUrl);
+  /*
+   * The QR code parameters are validated in step 1.
+   * For consistency with the 1.3 flow we accept the full authorization URL,
+   * but here we only extract the `request_uri` to retrieve the Request Object.
+   */
+  const requestUri = authorizationUrl.searchParams.get("request_uri") ?? undefined;
+  if (!requestUri) {
+    throw new _errors2.InvalidQRCodeError("The QR code is missing the required 'request_uri' parameter.");
+  }
+  if (walletCapabilities) {
+    // Validate external input
+    const {
+      wallet_metadata,
+      wallet_nonce
+    } = _types.RequestObjectWalletCapabilities.parse(walletCapabilities);
+    const formUrlEncodedBody = new URLSearchParams({
+      wallet_metadata: JSON.stringify(wallet_metadata),
+      ...(wallet_nonce && {
+        wallet_nonce
+      })
+    });
+    const requestObjectEncodedJwt = await appFetch(requestUri, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: formUrlEncodedBody.toString()
+    }).then((0, _misc.hasStatusOrThrow)(200, _errors.RelyingPartyResponseError)).then(res => res.text());
+    return {
+      requestObjectEncodedJwt
+    };
+  }
+  const requestObjectEncodedJwt = await appFetch(requestUri, {
+    method: "GET"
+  }).then((0, _misc.hasStatusOrThrow)(200, _errors.RelyingPartyResponseError)).then(res => res.text());
+  return {
+    requestObjectEncodedJwt
+  };
+};
+exports.getRequestObject = getRequestObject;
+//# sourceMappingURL=03-get-request-object.js.map

package/lib/commonjs/credential/presentation/v1.0.0/03-get-request-object.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_errors","require","_misc","_types","_errors2","getRequestObject","authorizationRequestUrl","appFetch","fetch","walletCapabilities","arguments","length","undefined","authorizationUrl","URL","requestUri","searchParams","get","InvalidQRCodeError","wallet_metadata","wallet_nonce","RequestObjectWalletCapabilities","parse","formUrlEncodedBody","URLSearchParams","JSON","stringify","requestObjectEncodedJwt","method","headers","body","toString","then","hasStatusOrThrow","RelyingPartyResponseError","res","text","exports"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/03-get-request-object.ts"],"mappings":";;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,KAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAEO,MAAMI,gBAA2D,GACtE,eAAAA,CACEC,uBAAuB,EAEpB;EAAA,IADH;IAAEC,QAAQ,GAAGC,KAAK;IAAEC;EAAmB,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAE7C,MAAMG,gBAAgB,GAAG,IAAIC,GAAG,CAACR,uBAAuB,CAAC;;EAEzD;AACJ;AACA;AACA;AACA;EACI,MAAMS,UAAU,GACdF,gBAAgB,CAACG,YAAY,CAACC,GAAG,CAAC,aAAa,CAAC,IAAIL,SAAS;EAC/D,IAAI,CAACG,UAAU,EAAE;IACf,MAAM,IAAIG,2BAAkB,CAC1B,8DACF,CAAC;EACH;EAEA,IAAIT,kBAAkB,EAAE;IACtB;IACA,MAAM;MAAEU,eAAe;MAAEC;IAAa,CAAC,GACrCC,sCAA+B,CAACC,KAAK,CAACb,kBAAkB,CAAC;IAE3D,MAAMc,kBAAkB,GAAG,IAAIC,eAAe,CAAC;MAC7CL,eAAe,EAAEM,IAAI,CAACC,SAAS,CAACP,eAAe,CAAC;MAChD,IAAIC,YAAY,IAAI;QAAEA;MAAa,CAAC;IACtC,CAAC,CAAC;IAEF,MAAMO,uBAAuB,GAAG,MAAMpB,QAAQ,CAACQ,UAAU,EAAE;MACzDa,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEP,kBAAkB,CAACQ,QAAQ,CAAC;IACpC,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,iCAAyB,CAAC,CAAC,CACtDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;IAE5B,OAAO;MACLT;IACF,CAAC;EACH;EAEA,MAAMA,uBAAuB,GAAG,MAAMpB,QAAQ,CAACQ,UAAU,EAAE;IACzDa,MAAM,EAAE;EACV,CAAC,CAAC,CACCI,IAAI,CAAC,IAAAC,sBAAgB,EAAC,GAAG,EAAEC,iCAAyB,CAAC,CAAC,CACtDF,IAAI,CAAEG,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC;EAE5B,OAAO;IACLT;EACF,CAAC;AACH,CAAC;AAACU,OAAA,CAAAhC,gBAAA,GAAAA,gBAAA"}

package/lib/commonjs/credential/presentation/v1.0.0/04-verify-request-object.js ADDED Viewed

@@ -0,0 +1,86 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.verifyRequestObject = void 0;
+var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
+var _errors = require("../common/errors");
+var _types = require("./types");
+var _mappers = require("./mappers");
+var _utils = require("./utils.jwks");
+const verifyRequestObject = async (requestObjectEncodedJwt, _ref) => {
+  let {
+    clientId,
+    rpConf,
+    state
+  } = _ref;
+  const requestObjectJwt = (0, _ioReactNativeJwt.decode)(requestObjectEncodedJwt);
+  const pubKey = getSigPublicKey(rpConf, requestObjectJwt.protectedHeader.kid);
+  try {
+    // Standard claims are verified within `verify`
+    await (0, _ioReactNativeJwt.verify)(requestObjectEncodedJwt, pubKey, {
+      issuer: clientId
+    });
+  } catch (_) {
+    throw new _errors.InvalidRequestObjectError("The Request Object signature verification failed");
+  }
+  const requestObject = validateRequestObjectShape(requestObjectJwt.payload);
+  const isClientIdMatch = clientId === requestObject.client_id && clientId === rpConf.subject;
+  if (!isClientIdMatch) {
+    throw new _errors.InvalidRequestObjectError("Client ID does not match Request Object or Entity Configuration");
+  }
+  const isStateMatch = state ? state === requestObject.state : true;
+  if (!isStateMatch) {
+    throw new _errors.InvalidRequestObjectError("The provided state does not match the Request Object's");
+  }
+  return {
+    requestObject: (0, _mappers.mapToRequestObject)(requestObject)
+  };
+};
+/**
+ * Validate the shape of the Request Object to ensure all required properties are present and are of the expected type.
+ *
+ * @param payload The Request Object to validate
+ * @returns A valid Request Object
+ * @throws {InvalidRequestObjectError} when the Request Object cannot be parsed
+ */
+exports.verifyRequestObject = verifyRequestObject;
+const validateRequestObjectShape = payload => {
+  const requestObjectParse = _types.RequestObjectPayload.safeParse(payload);
+  if (requestObjectParse.success) {
+    return requestObjectParse.data;
+  }
+  throw new _errors.InvalidRequestObjectError("The Request Object cannot be parsed successfully", formatFlattenedZodErrors(requestObjectParse.error.flatten()));
+};
+/**
+ * Get the public key to verify the Request Object's signature from the Relying Party's EC.
+ *
+ * @param rpConf The Relying Party's EC
+ * @param kid The identifier of the key to find
+ * @returns The corresponding public key to verify the signature
+ * @throws {InvalidRequestObjectError} when the key cannot be found
+ */
+const getSigPublicKey = (rpConf, kid) => {
+  try {
+    const {
+      keys
+    } = (0, _utils.getJwksFromRpConfig)(rpConf);
+    const pubKey = keys.find(k => k.kid === kid);
+    if (!pubKey) throw new Error();
+    return pubKey;
+  } catch (_) {
+    throw new _errors.InvalidRequestObjectError(`The public key for signature verification (${kid}) cannot be found in the Entity Configuration`);
+  }
+};
+/**
+ * Utility to format flattened Zod errors into a simplified string `key1: key1_error, key2: key2_error`
+ */
+const formatFlattenedZodErrors = errors => Object.entries(errors.fieldErrors).map(_ref2 => {
+  let [key, error] = _ref2;
+  return `${key}: ${error[0]}`;
+}).join(", ");
+//# sourceMappingURL=04-verify-request-object.js.map

package/lib/commonjs/credential/presentation/v1.0.0/04-verify-request-object.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_ioReactNativeJwt","require","_errors","_types","_mappers","_utils","verifyRequestObject","requestObjectEncodedJwt","_ref","clientId","rpConf","state","requestObjectJwt","decodeJwt","pubKey","getSigPublicKey","protectedHeader","kid","verify","issuer","_","InvalidRequestObjectError","requestObject","validateRequestObjectShape","payload","isClientIdMatch","client_id","subject","isStateMatch","mapToRequestObject","exports","requestObjectParse","RequestObjectPayload","safeParse","success","data","formatFlattenedZodErrors","error","flatten","keys","getJwksFromRpConfig","find","k","Error","errors","Object","entries","fieldErrors","map","_ref2","key","join"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.0.0/04-verify-request-object.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAGA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AACA,IAAAI,MAAA,GAAAJ,OAAA;AAEO,MAAMK,mBAAiE,GAC5E,MAAAA,CAAOC,uBAAuB,EAAAC,IAAA,KAAkC;EAAA,IAAhC;IAAEC,QAAQ;IAAEC,MAAM;IAAEC;EAAM,CAAC,GAAAH,IAAA;EACzD,MAAMI,gBAAgB,GAAG,IAAAC,wBAAS,EAACN,uBAAuB,CAAC;EAE3D,MAAMO,MAAM,GAAGC,eAAe,CAC5BL,MAAM,EACNE,gBAAgB,CAACI,eAAe,CAACC,GACnC,CAAC;EAED,IAAI;IACF;IACA,MAAM,IAAAC,wBAAM,EAACX,uBAAuB,EAAEO,MAAM,EAAE;MAAEK,MAAM,EAAEV;IAAS,CAAC,CAAC;EACrE,CAAC,CAAC,OAAOW,CAAC,EAAE;IACV,MAAM,IAAIC,iCAAyB,CACjC,kDACF,CAAC;EACH;EAEA,MAAMC,aAAa,GAAGC,0BAA0B,CAACX,gBAAgB,CAACY,OAAO,CAAC;EAE1E,MAAMC,eAAe,GACnBhB,QAAQ,KAAKa,aAAa,CAACI,SAAS,IAAIjB,QAAQ,KAAKC,MAAM,CAACiB,OAAO;EAErE,IAAI,CAACF,eAAe,EAAE;IACpB,MAAM,IAAIJ,iCAAyB,CACjC,iEACF,CAAC;EACH;EAEA,MAAMO,YAAY,GAAGjB,KAAK,GAAGA,KAAK,KAAKW,aAAa,CAACX,KAAK,GAAG,IAAI;EAEjE,IAAI,CAACiB,YAAY,EAAE;IACjB,MAAM,IAAIP,iCAAyB,CACjC,wDACF,CAAC;EACH;EAEA,OAAO;IAAEC,aAAa,EAAE,IAAAO,2BAAkB,EAACP,aAAa;EAAE,CAAC;AAC7D,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AANAQ,OAAA,CAAAxB,mBAAA,GAAAA,mBAAA;AAOA,MAAMiB,0BAA0B,GAAIC,OAAgB,IAA2B;EAC7E,MAAMO,kBAAkB,GAAGC,2BAAoB,CAACC,SAAS,CAACT,OAAO,CAAC;EAElE,IAAIO,kBAAkB,CAACG,OAAO,EAAE;IAC9B,OAAOH,kBAAkB,CAACI,IAAI;EAChC;EAEA,MAAM,IAAId,iCAAyB,CACjC,kDAAkD,EAClDe,wBAAwB,CAACL,kBAAkB,CAACM,KAAK,CAACC,OAAO,CAAC,CAAC,CAC7D,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMvB,eAAe,GAAGA,CACtBL,MAA0B,EAC1BO,GAAuB,KACpB;EACH,IAAI;IACF,MAAM;MAAEsB;IAAK,CAAC,GAAG,IAAAC,0BAAmB,EAAC9B,MAAM,CAAC;IAE5C,MAAMI,MAAM,GAAGyB,IAAI,CAACE,IAAI,CAAEC,CAAC,IAAKA,CAAC,CAACzB,GAAG,KAAKA,GAAG,CAAC;IAE9C,IAAI,CAACH,MAAM,EAAE,MAAM,IAAI6B,KAAK,CAAC,CAAC;IAE9B,OAAO7B,MAAM;EACf,CAAC,CAAC,OAAOM,CAAC,EAAE;IACV,MAAM,IAAIC,iCAAyB,CAChC,8CAA6CJ,GAAI,+CACpD,CAAC;EACH;AACF,CAAC;;AAED;AACA;AACA;AACA,MAAMmB,wBAAwB,GAC5BQ,MAAkD,IAElDC,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,WAAW,CAAC,CAC/BC,GAAG,CAACC,KAAA;EAAA,IAAC,CAACC,GAAG,EAAEb,KAAK,CAAC,GAAAY,KAAA;EAAA,OAAM,GAAEC,GAAI,KAAIb,KAAK,CAAC,CAAC,CAAE,EAAC;AAAA,EAAC,CAC5Cc,IAAI,CAAC,IAAI,CAAC"}