npm - @pagopa/io-react-native-wallet - Versions diffs - 2.5.1 → 3.0.0 - Mend

@pagopa/io-react-native-wallet 2.5.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1551) hide show

package/src/credential/offer/01-start-flow.ts DELETED Viewed

@@ -1,89 +0,0 @@
-import * as z from "zod";
-import { Logger, LogLevel } from "../../utils/logging";
-import { stringToJSONSchema } from "../../utils/zod";
-import { InvalidQRCodeError } from "./errors";
-import { CredentialOfferSchema } from "./types";
-const CREDENTIAL_OFFER_SCHEMES = ["openid-credential-offer://", "haip://"];
-const CREDENTIAL_OFFER_PARAM = "credential_offer";
-const CREDENTIAL_OFFER_URI_PARAM = "credential_offer_uri";
-const CredentialOfferParams = z.union([
-  z.object({
-    credential_offer: stringToJSONSchema.pipe(CredentialOfferSchema),
-    credential_offer_uri: z.undefined(),
-  }),
-  z.object({
-    credential_offer: z.undefined(),
-    credential_offer_uri: z.string().url(),
-  }),
-]);
-type CredentialOfferParams = z.infer<typeof CredentialOfferParams>;
-/**
- * The beginning of the credential offer flow.
- * To be implemented according to the user touchpoint
- *
- * @param params Credential offer encoded url
- * @returns Object containing the credential offer by reference or by value
- */
-export type StartFlow = (encodedUrl: string) => CredentialOfferParams;
-/**
- * Start a credential offer flow by validating and parse an encoded url
- * extracted from a QR code or a deep link.
- *
- * @param params The encoded url to be validated and parsed
- * @returns Object containing the credential offer by reference or by value
- * @throws If the provided encoded url is not valid
- */
-export const startFlowFromQR: StartFlow = (encodedUrl) => {
-  const hasValidScheme = CREDENTIAL_OFFER_SCHEMES.some((prefix) =>
-    encodedUrl.startsWith(prefix)
-  );
-  if (!hasValidScheme) {
-    throw new InvalidQRCodeError("Url must have one of the supported schemes");
-  }
-  const url = new URL(encodedUrl);
-  const offerParam = url.searchParams.get(CREDENTIAL_OFFER_PARAM);
-  const offerUriParam = url.searchParams.get(CREDENTIAL_OFFER_URI_PARAM);
-  if (offerParam) {
-    const decoded = decodeURIComponent(offerParam);
-    const result = CredentialOfferParams.safeParse({
-      credential_offer: decoded,
-    });
-    if (result.success) {
-      return result.data;
-    }
-    Logger.log(
-      LogLevel.ERROR,
-      `Invalid credential offer object found in QR Code: ${result.error.message}`
-    );
-    throw new InvalidQRCodeError(result.error.message);
-  }
-  if (offerUriParam) {
-    const decoded = decodeURIComponent(offerUriParam);
-    const result = CredentialOfferParams.safeParse({
-      credential_offer_uri: decoded,
-    });
-    if (result.success) {
-      return result.data;
-    }
-    Logger.log(
-      LogLevel.ERROR,
-      `Invalid credential offer URI found in QR Code: ${result.error.message}`
-    );
-    throw new InvalidQRCodeError(result.error.message);
-  }
-  Logger.log(LogLevel.ERROR, `Invalid credential offer QR Code:`);
-  throw new InvalidQRCodeError("QR Code does not contain valid params");
-};

package/src/credential/offer/02-fetch-credential-offer.ts DELETED Viewed

@@ -1,54 +0,0 @@
-import { IssuerResponseError } from "../../utils/errors";
-import { Logger, LogLevel } from "../../utils/logging";
-import { hasStatusOrThrow } from "../../utils/misc";
-import { InvalidCredentialOfferError } from "./errors";
-import type { CredentialOffer } from "./types";
-import { CredentialOfferSchema } from "./types";
-export type GetCredentialOffer = (
-  credentialOfferUri: string,
-  context: {
-    appFetch?: GlobalFetch["fetch"];
-  }
-) => Promise<CredentialOffer>;
-/**
- * Fetches and validates a credential offer from a given URI.
- *
- * This function performs an HTTP GET request to the specified `credentialOfferUri`,
- * expecting a JSON response that matches the `CredentialOfferSchema`. If the response
- * is invalid or does not conform to the schema, an error is logged and an
- * `InvalidCredentialOfferError` is thrown.
- *
- * @param credentialOfferUri - The URI from which to fetch the credential offer.
- * @param context - Optional context object that may provide a custom `appFetch` implementation.
- * @returns The validated credential offer data.
- * @throws {IssuerResponseError} If the HTTP response status is not 200.
- * @throws {InvalidCredentialOfferError} If the response does not match the expected schema.
- */
-export const fetchCredentialOffer: GetCredentialOffer = async (
-  uri: string,
-  context = {}
-) => {
-  const { appFetch = fetch } = context;
-  const response = await appFetch(uri, {
-    method: "GET",
-    headers: { Accept: "application/json" },
-  })
-    .then(hasStatusOrThrow(200, IssuerResponseError))
-    .then((reqUri) => reqUri.json());
-  const credentialOffer = CredentialOfferSchema.safeParse(response);
-  if (!credentialOffer.success) {
-    Logger.log(
-      LogLevel.ERROR,
-      `Invalid credential offer fetched from URI: ${uri} - ${credentialOffer.error.message}`
-    );
-    throw new InvalidCredentialOfferError(
-      `Invalid credential offer fetched from URI: ${uri} - ${credentialOffer.error.message}`
-    );
-  }
-  return credentialOffer.data;
-};

package/src/credential/offer/errors.ts DELETED Viewed

@@ -1,17 +0,0 @@
-import { IoWalletError } from "../../utils/errors";
-export class InvalidCredentialOfferError extends IoWalletError {
-  code = "ERR_INVALID_CREDENTIAL_OFFER";
-  constructor(message?: string) {
-    super(message);
-  }
-}
-export class InvalidQRCodeError extends IoWalletError {
-  code = "ERR_INVALID_QR_CODE";
-  constructor(message?: string) {
-    super(message);
-  }
-}

package/src/credential/offer/types.ts DELETED Viewed

@@ -1,59 +0,0 @@
-import { z } from "zod";
-/**
- * OAuth 2.0 Authorization Code flow parameters.
- */
-export const AuthorizationCodeGrantSchema = z.object({
-  issuer_state: z.string().optional(),
-  authorization_server: z.string().url().optional(),
-});
-export type AuthorizationCodeGrant = z.infer<
-  typeof AuthorizationCodeGrantSchema
->;
-/**
- * Transaction Code requirements for Pre-Authorized Code flow.
- */
-export const TransactionCodeSchema = z.object({
-  input_mode: z.enum(["numeric", "text"]).optional(),
-  length: z.number().int().positive().optional(),
-  description: z.string().max(300).optional(),
-});
-export type TransactionCode = z.infer<typeof TransactionCodeSchema>;
-/**
- * Pre-Authorized Code flow parameters.
- */
-export const PreAuthorizedCodeGrantSchema = z.object({
-  "pre-authorized_code": z.string(),
-  tx_code: TransactionCodeSchema.optional(),
-  authorization_server: z.string().url().optional(),
-});
-export type PreAuthorizedCodeGrant = z.infer<
-  typeof PreAuthorizedCodeGrantSchema
->;
-/**
- * Supported grant types for Credential Offer.
- */
-export const GrantsSchema = z.object({
-  authorization_code: AuthorizationCodeGrantSchema.optional(),
-  "urn:ietf:params:oauth:grant-type:pre-authorized_code":
-    PreAuthorizedCodeGrantSchema.optional(),
-});
-export type Grants = z.infer<typeof GrantsSchema>;
-/**
- * Credential Offer object as defined in OpenID4VCI Section 4.1.1.
- */
-export const CredentialOfferSchema = z.object({
-  credential_issuer: z.string().url(),
-  credential_configuration_ids: z.array(z.string()).min(1),
-  grants: GrantsSchema.optional(),
-});
-export type CredentialOffer = z.infer<typeof CredentialOfferSchema>;

package/src/credential/presentation/01-start-flow.ts DELETED Viewed

@@ -1,42 +0,0 @@
-import * as z from "zod";
-import { InvalidQRCodeError } from "./errors";
-const PresentationParams = z.object({
-  client_id: z.string().nonempty(),
-  request_uri: z.string().url(),
-  request_uri_method: z.enum(["get", "post"]),
-  state: z.string().optional(),
-});
-export type PresentationParams = z.infer<typeof PresentationParams>;
-/**
- * The beginning of the presentation flow.
- * To be implemented according to the user touchpoint
- *
- * @param params Presentation parameters, depending on the starting touchpoint
- * @returns The url for the Relying Party to connect with
- */
-export type StartFlow = (params: {
-  [K in keyof PresentationParams]?: PresentationParams[K] | null;
-}) => PresentationParams;
-/**
- * Start a presentation flow by validating the required parameters.
- * Parameters are extracted from a url encoded in a QR code or in a deep link.
- *
- * @param params The parameters to be validated
- * @returns The url for the Relying Party to connect with
- * @throws If the provided parameters are not valid
- */
-export const startFlowFromQR: StartFlow = (params) => {
-  const result = PresentationParams.safeParse({
-    ...params,
-    request_uri_method: params.request_uri_method ?? "get",
-  });
-  if (result.success) {
-    return result.data;
-  }
-  throw new InvalidQRCodeError(result.error.message);
-};

package/src/credential/presentation/02-evaluate-rp-trust.ts DELETED Viewed

@@ -1,34 +0,0 @@
-import { RelyingPartyEntityConfiguration } from "../../trust/types";
-import type { StartFlow } from "../issuance/01-start-flow";
-import type { Out } from "../../utils/misc";
-import { getRelyingPartyEntityConfiguration } from "../../trust/build-chain";
-export type EvaluateRelyingPartyTrust = (
-  rpUrl: Out<StartFlow>["issuerUrl"],
-  context?: {
-    appFetch?: GlobalFetch["fetch"];
-  }
-) => Promise<{
-  rpConf: RelyingPartyEntityConfiguration["payload"]["metadata"];
-  subject: string;
-}>;
-/**
- * The Relying Party trust evaluation phase.
- * Fetch the  Relying Party's configuration and verify trust.
- *
- * @param rpUrl The base url of the Issuer
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The Relying Party's configuration
- */
-export const evaluateRelyingPartyTrust: EvaluateRelyingPartyTrust = async (
-  rpUrl,
-  { appFetch = fetch } = {}
-) => {
-  const {
-    payload: { metadata: rpConf, sub },
-  } = await getRelyingPartyEntityConfiguration(rpUrl, {
-    appFetch,
-  });
-  return { rpConf, subject: sub };
-};

package/src/credential/presentation/03-get-request-object.ts DELETED Viewed

@@ -1,61 +0,0 @@
-import { RelyingPartyResponseError } from "../../utils/errors";
-import { hasStatusOrThrow } from "../../utils/misc";
-import { RequestObjectWalletCapabilities } from "./types";
-export type GetRequestObject = (
-  requestUri: string,
-  context?: {
-    appFetch?: GlobalFetch["fetch"];
-    walletCapabilities?: RequestObjectWalletCapabilities;
-  }
-) => Promise<{ requestObjectEncodedJwt: string }>;
-/**
- * Obtain the Request Object for RP authentication. Both the GET and POST `request_uri_method` are supported.
- * @see https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/relying-party-solution.html
- *
- * @param requestUri The url for the Relying Party to connect with
- * @param rpConf The Relying Party's configuration * @param context.walletInstanceAttestation The Wallet Instance Attestation token
- * @param context.walletCapabilities (optional) An object containing the wallet technical capabilities that will be sent with a POST request
- * @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
- * @returns The Request Object that describes the presentation
- */
-export const getRequestObject: GetRequestObject = async (
-  requestUri,
-  { appFetch = fetch, walletCapabilities } = {}
-) => {
-  if (walletCapabilities) {
-    // Validate external input
-    const { wallet_metadata, wallet_nonce } =
-      RequestObjectWalletCapabilities.parse(walletCapabilities);
-    const formUrlEncodedBody = new URLSearchParams({
-      wallet_metadata: JSON.stringify(wallet_metadata),
-      ...(wallet_nonce && { wallet_nonce }),
-    });
-    const requestObjectEncodedJwt = await appFetch(requestUri, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded",
-      },
-      body: formUrlEncodedBody.toString(),
-    })
-      .then(hasStatusOrThrow(200, RelyingPartyResponseError))
-      .then((res) => res.text());
-    return {
-      requestObjectEncodedJwt,
-    };
-  }
-  const requestObjectEncodedJwt = await appFetch(requestUri, {
-    method: "GET",
-  })
-    .then(hasStatusOrThrow(200, RelyingPartyResponseError))
-    .then((res) => res.text());
-  return {
-    requestObjectEncodedJwt,
-  };
-};

package/src/credential/presentation/04-retrieve-rp-jwks.ts DELETED Viewed

@@ -1,34 +0,0 @@
-import { JWK } from "../../utils/jwk";
-import { RelyingPartyEntityConfiguration } from "../../trust/types";
-/**
- * Defines the signature for a function that retrieves JSON Web Key Sets (JWKS) from a client.
- *
- * @template T - The tuple type representing the function arguments.
- * @param args - The arguments passed to the function.
- * @returns A promise resolving to an object containing an array of JWKs.
- */
-export type FetchJwks<T extends Array<unknown> = []> = (...args: T) => {
-  keys: JWK[];
-};
-/**
- * Retrieves the JSON Web Key Set (JWKS) from a Relying Party's entity configuration.
- *
- * @param rpConfig - The configuration object of the Relying Party entity.
- * @returns An object containing an array of JWKs.
- * @throws Will throw an error if the configuration is invalid or if JWKS is not found.
- */
-export const getJwksFromConfig: FetchJwks<
-  [RelyingPartyEntityConfiguration["payload"]["metadata"]]
-> = (rpConfig) => {
-  const jwks = rpConfig.openid_credential_verifier.jwks;
-  if (!jwks || !Array.isArray(jwks.keys)) {
-    throw new Error("JWKS not found in Relying Party configuration.");
-  }
-  return {
-    keys: jwks.keys,
-  };
-};

package/src/credential/presentation/05-verify-request-object.ts DELETED Viewed

@@ -1,121 +0,0 @@
-import { decode as decodeJwt, verify } from "@pagopa/io-react-native-jwt";
-import { InvalidRequestObjectError } from "./errors";
-import { RequestObject } from "./types";
-import { getJwksFromConfig } from "./04-retrieve-rp-jwks";
-import type { RelyingPartyEntityConfiguration } from "../../trust/types";
-export type VerifyRequestObject = (
-  requestObjectEncodedJwt: string,
-  context: {
-    clientId: string;
-    rpConf: RelyingPartyEntityConfiguration["payload"]["metadata"];
-    rpSubject: string;
-    state?: string;
-  }
-) => Promise<{ requestObject: RequestObject }>;
-/**
- * Function to verify the Request Object's validity, from the signature to the required properties.
- * @param requestObjectEncodedJwt The Request Object in JWT format
- * @param context.clientId The client ID to verify
- * @param context.rpConf The Entity Configuration of the Relying Party
- * @param context.state Optional state
- * @returns The verified Request Object
- * @throws {InvalidRequestObjectError} if the Request Object cannot be validated
- */
-export const verifyRequestObject: VerifyRequestObject = async (
-  requestObjectEncodedJwt,
-  { clientId, rpConf, rpSubject, state }
-) => {
-  const requestObjectJwt = decodeJwt(requestObjectEncodedJwt);
-  const pubKey = getSigPublicKey(rpConf, requestObjectJwt.protectedHeader.kid);
-  try {
-    // Standard claims are verified within `verify`
-    await verify(requestObjectEncodedJwt, pubKey, { issuer: clientId });
-  } catch (_) {
-    throw new InvalidRequestObjectError(
-      "The Request Object signature verification failed"
-    );
-  }
-  const requestObject = validateRequestObjectShape(requestObjectJwt.payload);
-  const isClientIdMatch =
-    clientId === requestObject.client_id && clientId === rpSubject;
-  if (!isClientIdMatch) {
-    throw new InvalidRequestObjectError(
-      "Client ID does not match Request Object or Entity Configuration"
-    );
-  }
-  const isStateMatch =
-    state && requestObject.state ? state === requestObject.state : true;
-  if (!isStateMatch) {
-    throw new InvalidRequestObjectError(
-      "The provided state does not match the Request Object's"
-    );
-  }
-  return { requestObject };
-};
-/**
- * Validate the shape of the Request Object to ensure all required properties are present and are of the expected type.
- *
- * @param payload The Request Object to validate
- * @returns A valid Request Object
- * @throws {InvalidRequestObjectError} when the Request Object cannot be parsed
- */
-const validateRequestObjectShape = (payload: unknown): RequestObject => {
-  const requestObjectParse = RequestObject.safeParse(payload);
-  if (requestObjectParse.success) {
-    return requestObjectParse.data;
-  }
-  throw new InvalidRequestObjectError(
-    "The Request Object cannot be parsed successfully",
-    formatFlattenedZodErrors(requestObjectParse.error.flatten())
-  );
-};
-/**
- * Get the public key to verify the Request Object's signature from the Relying Party's EC.
- *
- * @param rpConf The Relying Party's EC
- * @param kid The identifier of the key to find
- * @returns The corresponding public key to verify the signature
- * @throws {InvalidRequestObjectError} when the key cannot be found
- */
-const getSigPublicKey = (
-  rpConf: RelyingPartyEntityConfiguration["payload"]["metadata"],
-  kid: string | undefined
-) => {
-  try {
-    const { keys } = getJwksFromConfig(rpConf);
-    const pubKey = keys.find((k) => k.kid === kid);
-    if (!pubKey) throw new Error();
-    return pubKey;
-  } catch (_) {
-    throw new InvalidRequestObjectError(
-      `The public key for signature verification (${kid}) cannot be found in the Entity Configuration`
-    );
-  }
-};
-/**
- * Utility to format flattened Zod errors into a simplified string `key1: key1_error, key2: key2_error`
- */
-const formatFlattenedZodErrors = (
-  errors: Zod.typeToFlattenedError<RequestObject>
-): string =>
-  Object.entries(errors.fieldErrors)
-    .map(([key, error]) => `${key}: ${error[0]}`)
-    .join(", ");

package/src/credential/presentation/06-fetch-presentation-definition.ts DELETED Viewed

@@ -1,48 +0,0 @@
-import { PresentationDefinition, RequestObject } from "./types";
-import { RelyingPartyEntityConfiguration } from "../../trust/types";
-export type FetchPresentationDefinition = (
-  requestObject: RequestObject,
-  rpConf?: RelyingPartyEntityConfiguration["payload"]["metadata"]
-) => Promise<{
-  presentationDefinition: PresentationDefinition;
-}>;
-/**
- * Retrieves a PresentationDefinition based on the given parameters.
- *
- * The method attempts the following strategies in order:
- * 1. Checks if `presentation_definition` is directly available in the request object.
- * 2. Uses a pre-configured `presentation_definition` from the relying party configuration if the `scope` is present in the request object.
- *
- * If none of the above conditions are met, the function throws an error indicating the definition could not be found. Note that `presentation_definition_uri` is not supported in 0.9.x.
- *
- * @param {RequestObject} requestObject - The request object containing the presentation definition or references to it.
- * @param {RelyingPartyEntityConfiguration["payload"]["metadata"]} [rpConf] - Optional relying party configuration.
- * @returns {Promise<{ presentationDefinition: PresentationDefinition }>} - Resolves with the presentation definition.
- * @throws {Error} - Throws if the presentation definition cannot be found or fetched.
- */
-export const fetchPresentDefinition: FetchPresentationDefinition = async (
-  requestObject,
-  rpConf
-) => {
-  // Check if `presentation_definition` is directly available in the request object
-  if (requestObject.presentation_definition) {
-    return {
-      presentationDefinition: requestObject.presentation_definition,
-    };
-  }
-  // Check if `scope` is present in the request object and a pre-configured presentation definition exists
-  if (
-    requestObject.scope &&
-    rpConf?.openid_credential_verifier?.presentation_definition
-  ) {
-    return {
-      presentationDefinition:
-        rpConf.openid_credential_verifier.presentation_definition,
-    };
-  }
-  throw new Error("Presentation definition not found");
-};