npm - @pagopa/io-react-native-wallet - Versions diffs - 2.5.1 → 3.0.0 - Mend

@pagopa/io-react-native-wallet 2.5.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1551) hide show

package/lib/module/credential/presentation/v1.3.3/04-verify-request-object.js ADDED Viewed

@@ -0,0 +1,26 @@
+import { parseAuthorizeRequest as sdkParseAuthorizeRequest } from "@pagopa/io-wallet-oid4vp";
+import { partialCallbacks } from "../../../utils/callbacks";
+import { mapToRequestObject } from "./mappers";
+import { mapSdkRequestObjectError } from "./sdkErrorMapper";
+import { InvalidRequestObjectError } from "../common/errors";
+export const verifyRequestObject = async (requestObjectEncodedJwt, _ref) => {
+  let {
+    clientId,
+    rpConf
+  } = _ref;
+  const parsedRequestObject = await sdkParseAuthorizeRequest({
+    requestObjectJwt: requestObjectEncodedJwt,
+    callbacks: {
+      verifyJwt: partialCallbacks.verifyJwt
+    }
+  }).catch(mapSdkRequestObjectError);
+  const payload = parsedRequestObject.payload;
+  const isClientIdMatch = clientId === payload.client_id && clientId === rpConf.subject;
+  if (!isClientIdMatch) {
+    throw new InvalidRequestObjectError("Client ID does not match Request Object or Entity Configuration");
+  }
+  return {
+    requestObject: mapToRequestObject(payload)
+  };
+};
+//# sourceMappingURL=04-verify-request-object.js.map

package/lib/module/credential/presentation/v1.3.3/04-verify-request-object.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["parseAuthorizeRequest","sdkParseAuthorizeRequest","partialCallbacks","mapToRequestObject","mapSdkRequestObjectError","InvalidRequestObjectError","verifyRequestObject","requestObjectEncodedJwt","_ref","clientId","rpConf","parsedRequestObject","requestObjectJwt","callbacks","verifyJwt","catch","payload","isClientIdMatch","client_id","subject","requestObject"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/04-verify-request-object.ts"],"mappings":"AACA,SAASA,qBAAqB,IAAIC,wBAAwB,QAAQ,0BAA0B;AAC5F,SAASC,gBAAgB,QAAQ,0BAA0B;AAC3D,SAASC,kBAAkB,QAAQ,WAAW;AAC9C,SAASC,wBAAwB,QAAQ,kBAAkB;AAC3D,SAASC,yBAAyB,QAAQ,kBAAkB;AAE5D,OAAO,MAAMC,mBAAiE,GAC5E,MAAAA,CAAOC,uBAAuB,EAAAC,IAAA,KAA2B;EAAA,IAAzB;IAAEC,QAAQ;IAAEC;EAAO,CAAC,GAAAF,IAAA;EAClD,MAAMG,mBAAmB,GAAG,MAAMV,wBAAwB,CAAC;IACzDW,gBAAgB,EAAEL,uBAAuB;IACzCM,SAAS,EAAE;MACTC,SAAS,EAAEZ,gBAAgB,CAACY;IAC9B;EACF,CAAC,CAAC,CAACC,KAAK,CAACX,wBAAwB,CAAC;EAElC,MAAMY,OAAO,GAAGL,mBAAmB,CAACK,OAAO;EAE3C,MAAMC,eAAe,GACnBR,QAAQ,KAAKO,OAAO,CAACE,SAAS,IAAIT,QAAQ,KAAKC,MAAM,CAACS,OAAO;EAE/D,IAAI,CAACF,eAAe,EAAE;IACpB,MAAM,IAAIZ,yBAAyB,CACjC,iEACF,CAAC;EACH;EAEA,OAAO;IACLe,aAAa,EAAEjB,kBAAkB,CAACa,OAAO;EAC3C,CAAC;AACH,CAAC"}

package/lib/module/credential/presentation/v1.3.3/05-evaluate-dcql-query.js ADDED Viewed

@@ -0,0 +1,97 @@
+import { DcqlQuery, DcqlError } from "dcql";
+import { isValiError } from "valibot";
+import { CredentialsNotFoundError } from "../common/errors";
+import * as mdocUtils from "./utils.mdoc";
+import * as sdJwtUtils from "../common/utils/sd-jwt";
+import { getClaimsFromDcqlMatch } from "./utils.mdoc";
+import { extractFailedCredentialsDetails, getDcqlQueryMatches, getPresentationFrameFromDcqlMatch } from "../common/utils/dcql";
+export const evaluateDcqlQuery = async function (query, credentialsSdJwt) {
+  let credentialsMdoc = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : [];
+  const credentials = (await Promise.all([sdJwtUtils.mapCredentialsToObj(credentialsSdJwt), mdocUtils.mapCredentialsToObj(credentialsMdoc)])).flat();
+  // Build a dictionary <id>:<credential> to map DCQL matches with the raw credential
+  const credentialsById = credentials.reduce((acc, c) => ({
+    ...acc,
+    ["vct" in c ? c.vct : c.doctype]: c.original_credential
+  }), {});
+  try {
+    // Validate the query
+    const parsedQuery = DcqlQuery.parse(query);
+    DcqlQuery.validate(parsedQuery);
+    const queryResult = DcqlQuery.query(parsedQuery, credentials);
+    if (!queryResult.can_be_satisfied) {
+      throw new CredentialsNotFoundError(extractFailedCredentialsDetails(queryResult));
+    }
+    return getDcqlQueryMatches(queryResult).map(_ref => {
+      var _queryResult$credenti, _match$valid_credenti;
+      let [id, match] = _ref;
+      const purposes = (_queryResult$credenti = queryResult.credential_sets) === null || _queryResult$credenti === void 0 || (_queryResult$credenti = _queryResult$credenti.filter(set => {
+        var _set$matching_options;
+        return (_set$matching_options = set.matching_options) === null || _set$matching_options === void 0 ? void 0 : _set$matching_options.flat().includes(id);
+      })) === null || _queryResult$credenti === void 0 ? void 0 : _queryResult$credenti.map(credentialSet => {
+        var _credentialSet$purpos;
+        return {
+          description: (_credentialSet$purpos = credentialSet.purpose) === null || _credentialSet$purpos === void 0 ? void 0 : _credentialSet$purpos.toString(),
+          required: Boolean(credentialSet.required)
+        };
+      });
+      const matchOutput = (_match$valid_credenti = match.valid_credentials[0]) === null || _match$valid_credenti === void 0 ? void 0 : _match$valid_credenti.meta.output;
+      if ((matchOutput === null || matchOutput === void 0 ? void 0 : matchOutput.credential_format) === "dc+sd-jwt") {
+        const {
+          vct
+        } = matchOutput;
+        const [keyTag, credential] = credentialsById[vct];
+        const requiredDisclosures = getClaimsFromDcqlMatch(match);
+        const presentationFrame = getPresentationFrameFromDcqlMatch(match, parsedQuery);
+        return {
+          id,
+          vct,
+          keyTag,
+          format: matchOutput.credential_format,
+          credential,
+          requiredDisclosures,
+          presentationFrame,
+          // When it is a match but no credential_sets are found, the credential is required by default
+          // See https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#section-6.4.2
+          purposes: purposes ?? [{
+            required: true
+          }]
+        };
+      }
+      if ((matchOutput === null || matchOutput === void 0 ? void 0 : matchOutput.credential_format) === "mso_mdoc") {
+        const {
+          doctype
+        } = matchOutput;
+        const [keyTag, credential] = credentialsById[doctype];
+        const requiredDisclosures = mdocUtils.getClaimsFromDcqlMatch(match);
+        const presentationFrame = mdocUtils.getPresentationFrameFromClaims(requiredDisclosures, doctype);
+        return {
+          id,
+          doctype,
+          keyTag,
+          format: matchOutput.credential_format,
+          credential,
+          requiredDisclosures,
+          presentationFrame,
+          purposes: purposes ?? [{
+            required: true
+          }]
+        };
+      }
+      throw new Error(`Unsupported credential format: ${matchOutput === null || matchOutput === void 0 ? void 0 : matchOutput.credential_format}`);
+    });
+  } catch (error) {
+    // Invalid DCQL query structure. Remap to `DcqlError` for consistency.
+    if (isValiError(error)) {
+      throw new DcqlError({
+        message: "Failed to parse the provided DCQL query",
+        code: "PARSE_ERROR",
+        cause: error.issues
+      });
+    }
+    // Let other errors propagate so they can be caught with `err instanceof DcqlError`
+    throw error;
+  }
+};
+//# sourceMappingURL=05-evaluate-dcql-query.js.map

package/lib/module/credential/presentation/v1.3.3/05-evaluate-dcql-query.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["DcqlQuery","DcqlError","isValiError","CredentialsNotFoundError","mdocUtils","sdJwtUtils","getClaimsFromDcqlMatch","extractFailedCredentialsDetails","getDcqlQueryMatches","getPresentationFrameFromDcqlMatch","evaluateDcqlQuery","query","credentialsSdJwt","credentialsMdoc","arguments","length","undefined","credentials","Promise","all","mapCredentialsToObj","flat","credentialsById","reduce","acc","c","vct","doctype","original_credential","parsedQuery","parse","validate","queryResult","can_be_satisfied","map","_ref","_queryResult$credenti","_match$valid_credenti","id","match","purposes","credential_sets","filter","set","_set$matching_options","matching_options","includes","credentialSet","_credentialSet$purpos","description","purpose","toString","required","Boolean","matchOutput","valid_credentials","meta","output","credential_format","keyTag","credential","requiredDisclosures","presentationFrame","format","getPresentationFrameFromClaims","Error","error","message","code","cause","issues"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/05-evaluate-dcql-query.ts"],"mappings":"AAAA,SAASA,SAAS,EAAEC,SAAS,QAAQ,MAAM;AAC3C,SAASC,WAAW,QAAQ,SAAS;AACrC,SAASC,wBAAwB,QAAQ,kBAAkB;AAE3D,OAAO,KAAKC,SAAS,MAAM,cAAc;AAEzC,OAAO,KAAKC,UAAU,MAAM,wBAAwB;AACpD,SAASC,sBAAsB,QAAQ,cAAc;AACrD,SACEC,+BAA+B,EAC/BC,mBAAmB,EACnBC,iCAAiC,QAC5B,sBAAsB;AAE7B,OAAO,MAAMC,iBAA6D,GACxE,eAAAA,CAAOC,KAAK,EAAEC,gBAAgB,EAA2B;EAAA,IAAzBC,eAAe,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,EAAE;EAClD,MAAMG,WAAW,GAAG,CAClB,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChBd,UAAU,CAACe,mBAAmB,CAACR,gBAAgB,CAAC,EAChDR,SAAS,CAACgB,mBAAmB,CAACP,eAAe,CAAC,CAC/C,CAAC,EACFQ,IAAI,CAAC,CAAC;;EAER;EACA,MAAMC,eAAe,GAAGL,WAAW,CAACM,MAAM,CACxC,CAACC,GAAG,EAAEC,CAAC,MAAM;IACX,GAAGD,GAAG;IACN,CAAC,KAAK,IAAIC,CAAC,GAAGA,CAAC,CAACC,GAAG,GAAGD,CAAC,CAACE,OAAO,GAAGF,CAAC,CAACG;EACtC,CAAC,CAAC,EACF,CAAC,CACH,CAAC;EAED,IAAI;IACF;IACA,MAAMC,WAAW,GAAG7B,SAAS,CAAC8B,KAAK,CAACnB,KAAK,CAAC;IAC1CX,SAAS,CAAC+B,QAAQ,CAACF,WAAW,CAAC;IAE/B,MAAMG,WAAW,GAAGhC,SAAS,CAACW,KAAK,CAACkB,WAAW,EAAEZ,WAAW,CAAC;IAE7D,IAAI,CAACe,WAAW,CAACC,gBAAgB,EAAE;MACjC,MAAM,IAAI9B,wBAAwB,CAChCI,+BAA+B,CAACyB,WAAW,CAC7C,CAAC;IACH;IAEA,OAAOxB,mBAAmB,CAACwB,WAAW,CAAC,CAACE,GAAG,CAACC,IAAA,IAAiB;MAAA,IAAAC,qBAAA,EAAAC,qBAAA;MAAA,IAAhB,CAACC,EAAE,EAAEC,KAAK,CAAC,GAAAJ,IAAA;MACtD,MAAMK,QAAQ,IAAAJ,qBAAA,GAAGJ,WAAW,CAACS,eAAe,cAAAL,qBAAA,gBAAAA,qBAAA,GAA3BA,qBAAA,CACbM,MAAM,CAAEC,GAAG;QAAA,IAAAC,qBAAA;QAAA,QAAAA,qBAAA,GAAKD,GAAG,CAACE,gBAAgB,cAAAD,qBAAA,uBAApBA,qBAAA,CAAsBvB,IAAI,CAAC,CAAC,CAACyB,QAAQ,CAACR,EAAE,CAAC;MAAA,EAAC,cAAAF,qBAAA,uBAD7CA,qBAAA,CAEbF,GAAG,CAAqBa,aAAa;QAAA,IAAAC,qBAAA;QAAA,OAAM;UAC3CC,WAAW,GAAAD,qBAAA,GAAED,aAAa,CAACG,OAAO,cAAAF,qBAAA,uBAArBA,qBAAA,CAAuBG,QAAQ,CAAC,CAAC;UAC9CC,QAAQ,EAAEC,OAAO,CAACN,aAAa,CAACK,QAAQ;QAC1C,CAAC;MAAA,CAAC,CAAC;MAEL,MAAME,WAAW,IAAAjB,qBAAA,GAAGE,KAAK,CAACgB,iBAAiB,CAAC,CAAC,CAAC,cAAAlB,qBAAA,uBAA1BA,qBAAA,CAA4BmB,IAAI,CAACC,MAAM;MAE3D,IAAI,CAAAH,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEI,iBAAiB,MAAK,WAAW,EAAE;QAClD,MAAM;UAAEhC;QAAI,CAAC,GAAG4B,WAAW;QAC3B,MAAM,CAACK,MAAM,EAAEC,UAAU,CAAC,GAAGtC,eAAe,CAACI,GAAG,CAAE;QAElD,MAAMmC,mBAAmB,GAAGvD,sBAAsB,CAACiC,KAAK,CAAC;QACzD,MAAMuB,iBAAiB,GAAGrD,iCAAiC,CACzD8B,KAAK,EACLV,WACF,CAAC;QAED,OAAO;UACLS,EAAE;UACFZ,GAAG;UACHiC,MAAM;UACNI,MAAM,EAAET,WAAW,CAACI,iBAAiB;UACrCE,UAAU;UACVC,mBAAmB;UACnBC,iBAAiB;UACjB;UACA;UACAtB,QAAQ,EAAEA,QAAQ,IAAI,CAAC;YAAEY,QAAQ,EAAE;UAAK,CAAC;QAC3C,CAAC;MACH;MAEA,IAAI,CAAAE,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEI,iBAAiB,MAAK,UAAU,EAAE;QACjD,MAAM;UAAE/B;QAAQ,CAAC,GAAG2B,WAAW;QAC/B,MAAM,CAACK,MAAM,EAAEC,UAAU,CAAC,GAAGtC,eAAe,CAACK,OAAO,CAAE;QAEtD,MAAMkC,mBAAmB,GAAGzD,SAAS,CAACE,sBAAsB,CAACiC,KAAK,CAAC;QACnE,MAAMuB,iBAAiB,GAAG1D,SAAS,CAAC4D,8BAA8B,CAChEH,mBAAmB,EACnBlC,OACF,CAAC;QAED,OAAO;UACLW,EAAE;UACFX,OAAO;UACPgC,MAAM;UACNI,MAAM,EAAET,WAAW,CAACI,iBAAiB;UACrCE,UAAU;UACVC,mBAAmB;UACnBC,iBAAiB;UACjBtB,QAAQ,EAAEA,QAAQ,IAAI,CAAC;YAAEY,QAAQ,EAAE;UAAK,CAAC;QAC3C,CAAC;MACH;MAEA,MAAM,IAAIa,KAAK,CACZ,kCAAiCX,WAAW,aAAXA,WAAW,uBAAXA,WAAW,CAAEI,iBAAkB,EACnE,CAAC;IACH,CAAC,CAAC;EACJ,CAAC,CAAC,OAAOQ,KAAK,EAAE;IACd;IACA,IAAIhE,WAAW,CAACgE,KAAK,CAAC,EAAE;MACtB,MAAM,IAAIjE,SAAS,CAAC;QAClBkE,OAAO,EAAE,yCAAyC;QAClDC,IAAI,EAAE,aAAa;QACnBC,KAAK,EAAEH,KAAK,CAACI;MACf,CAAC,CAAC;IACJ;;IAEA;IACA,MAAMJ,KAAK;EACb;AACF,CAAC"}

package/lib/module/credential/presentation/v1.3.3/06-send-authorization-response.js ADDED Viewed

@@ -0,0 +1,129 @@
+import { createAuthorizationResponse as sdkCreateAuthorizationResponse, fetchAuthorizationResponse as sdkFetchAuthorizationResponse } from "@pagopa/io-wallet-oid4vp";
+import { partialCallbacks } from "../../../utils/callbacks";
+import { mapSdkAuthorizationResponseError } from "./sdkErrorMapper";
+import { generateRandomAlphaNumericString, hasStatusOrThrow } from "../../../utils/misc";
+import { IoWalletError, RelyingPartyResponseError } from "../../../utils/errors";
+import { AuthorizationResponse } from "./types";
+import { buildDirectPostBody } from "../common/utils/http";
+import { prepareVpToken } from "../../../sd-jwt";
+import { createCryptoContextFor } from "../../../utils/crypto";
+import { prepareVpTokenMdoc } from "../../../mdoc";
+/**
+ * Prepares remote presentations for a set of credentials.
+ *
+ * For each credential, this function:
+ * - Validates the credential format (currently supports 'mso_mdoc' or 'dc+sd-jwt').
+ * - Generates a verifiable presentation token (vpToken) using the appropriate method.
+ * - For ISO 18013-7, generates a special nonce with minimum entropy of 16.
+ *
+ * @param credentials - An array of credential items containing format, credential data, requested claims, and key information.
+ * @param authRequestObject - The authentication request object containing nonce, clientId, and responseUri.
+ * @returns A promise that resolves to an object containing an array of presentations and the generated nonce.
+ * @throws {CredentialNotFoundError} When the credential format is unsupported.
+ */
+export const prepareRemotePresentations = async (credentials, authRequestObject) => {
+  // In case of ISO 18013-7 we need a nonce, it shall have a minimum entropy of 16
+  const generatedNonce = generateRandomAlphaNumericString(16);
+  const presentations = await Promise.all(credentials.map(async item => {
+    const {
+      format
+    } = item;
+    if (format === "dc+sd-jwt") {
+      const {
+        vp_token
+      } = await prepareVpToken(authRequestObject.nonce, authRequestObject.clientId, [item.credential, item.presentationFrame, createCryptoContextFor(item.keyTag)]);
+      return {
+        requestedClaims: item.requiredDisclosures.map(_ref => {
+          let {
+            name
+          } = _ref;
+          return name;
+        }),
+        credentialId: item.id,
+        vpToken: vp_token,
+        format
+      };
+    }
+    if (format === "mso_mdoc") {
+      const {
+        vp_token
+      } = await prepareVpTokenMdoc(authRequestObject.nonce, generatedNonce, authRequestObject.clientId, authRequestObject.responseUri, item.doctype, item.keyTag, [item.credential, item.presentationFrame, createCryptoContextFor(item.keyTag)]);
+      return {
+        requestedClaims: item.requiredDisclosures.map(_ref2 => {
+          let {
+            name
+          } = _ref2;
+          return name;
+        }),
+        credentialId: item.id,
+        vpToken: vp_token,
+        format: "mso_mdoc"
+      };
+    }
+    throw new IoWalletError(`${format} format is not supported.`);
+  }));
+  return {
+    presentations,
+    generatedNonce
+  };
+};
+export const sendAuthorizationResponse = async function (requestObject, remotePresentation, rpConf) {
+  let {
+    appFetch = fetch
+  } = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : {};
+  try {
+    const {
+      presentations
+    } = remotePresentation;
+    const rpJwks = {
+      jwks: rpConf.jwks,
+      encrypted_response_enc_values_supported: rpConf.encrypted_response_enc_values_supported
+    };
+    const vp_token = presentations.reduce((acc, p) => {
+      (acc[p.credentialId] ??= []).push(p.vpToken);
+      return acc;
+    }, {});
+    const {
+      jarm
+    } = await sdkCreateAuthorizationResponse({
+      requestObject,
+      rpJwks,
+      vp_token,
+      callbacks: {
+        encryptJwe: partialCallbacks.encryptJwe,
+        generateRandom: partialCallbacks.generateRandom
+      }
+    });
+    return await sdkFetchAuthorizationResponse({
+      authorizationResponseJarm: jarm.responseJwe,
+      presentationResponseUri: requestObject.response_uri,
+      callbacks: {
+        fetch: appFetch
+      }
+    });
+  } catch (err) {
+    throw mapSdkAuthorizationResponseError(err);
+  }
+};
+export const sendAuthorizationErrorResponse = async function (requestObject, _ref3) {
+  let {
+    error,
+    errorDescription
+  } = _ref3;
+  let {
+    appFetch = fetch
+  } = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
+  const requestBody = await buildDirectPostBody(requestObject, {
+    error,
+    error_description: errorDescription
+  });
+  return await appFetch(requestObject.response_uri, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded"
+    },
+    body: requestBody
+  }).then(hasStatusOrThrow(200, RelyingPartyResponseError)).then(res => res.json()).then(AuthorizationResponse.parse);
+};
+//# sourceMappingURL=06-send-authorization-response.js.map

package/lib/module/credential/presentation/v1.3.3/06-send-authorization-response.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["createAuthorizationResponse","sdkCreateAuthorizationResponse","fetchAuthorizationResponse","sdkFetchAuthorizationResponse","partialCallbacks","mapSdkAuthorizationResponseError","generateRandomAlphaNumericString","hasStatusOrThrow","IoWalletError","RelyingPartyResponseError","AuthorizationResponse","buildDirectPostBody","prepareVpToken","createCryptoContextFor","prepareVpTokenMdoc","prepareRemotePresentations","credentials","authRequestObject","generatedNonce","presentations","Promise","all","map","item","format","vp_token","nonce","clientId","credential","presentationFrame","keyTag","requestedClaims","requiredDisclosures","_ref","name","credentialId","id","vpToken","responseUri","doctype","_ref2","sendAuthorizationResponse","requestObject","remotePresentation","rpConf","appFetch","fetch","arguments","length","undefined","rpJwks","jwks","encrypted_response_enc_values_supported","reduce","acc","p","push","jarm","callbacks","encryptJwe","generateRandom","authorizationResponseJarm","responseJwe","presentationResponseUri","response_uri","err","sendAuthorizationErrorResponse","_ref3","error","errorDescription","requestBody","error_description","method","headers","body","then","res","json","parse"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/06-send-authorization-response.ts"],"mappings":"AAAA,SACEA,2BAA2B,IAAIC,8BAA8B,EAC7DC,0BAA0B,IAAIC,6BAA6B,QACtD,0BAA0B;AAEjC,SAASC,gBAAgB,QAAQ,0BAA0B;AAC3D,SAASC,gCAAgC,QAAQ,kBAAkB;AACnE,SACEC,gCAAgC,EAChCC,gBAAgB,QACX,qBAAqB;AAC5B,SACEC,aAAa,EACbC,yBAAyB,QACpB,uBAAuB;AAC9B,SAASC,qBAAqB,QAAQ,SAAS;AAC/C,SAASC,mBAAmB,QAAQ,sBAAsB;AAC1D,SAASC,cAAc,QAAQ,iBAAiB;AAChD,SAASC,sBAAsB,QAAQ,uBAAuB;AAC9D,SAASC,kBAAkB,QAAQ,eAAe;;AAElD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,0BAA+E,GAC1F,MAAAA,CAAOC,WAAW,EAAEC,iBAAiB,KAAK;EACxC;EACA,MAAMC,cAAc,GAAGZ,gCAAgC,CAAC,EAAE,CAAC;EAE3D,MAAMa,aAAa,GAAG,MAAMC,OAAO,CAACC,GAAG,CACrCL,WAAW,CAACM,GAAG,CAAC,MAAOC,IAAI,IAAK;IAC9B,MAAM;MAAEC;IAAO,CAAC,GAAGD,IAAI;IAEvB,IAAIC,MAAM,KAAK,WAAW,EAAE;MAC1B,MAAM;QAAEC;MAAS,CAAC,GAAG,MAAMb,cAAc,CACvCK,iBAAiB,CAACS,KAAK,EACvBT,iBAAiB,CAACU,QAAQ,EAC1B,CACEJ,IAAI,CAACK,UAAU,EACfL,IAAI,CAACM,iBAAiB,EACtBhB,sBAAsB,CAACU,IAAI,CAACO,MAAM,CAAC,CAEvC,CAAC;MAED,OAAO;QACLC,eAAe,EAAER,IAAI,CAACS,mBAAmB,CAACV,GAAG,CAACW,IAAA;UAAA,IAAC;YAAEC;UAAK,CAAC,GAAAD,IAAA;UAAA,OAAKC,IAAI;QAAA,EAAC;QACjEC,YAAY,EAAEZ,IAAI,CAACa,EAAE;QACrBC,OAAO,EAAEZ,QAAQ;QACjBD;MACF,CAAC;IACH;IAEA,IAAIA,MAAM,KAAK,UAAU,EAAE;MACzB,MAAM;QAAEC;MAAS,CAAC,GAAG,MAAMX,kBAAkB,CAC3CG,iBAAiB,CAACS,KAAK,EACvBR,cAAc,EACdD,iBAAiB,CAACU,QAAQ,EAC1BV,iBAAiB,CAACqB,WAAW,EAC7Bf,IAAI,CAACgB,OAAO,EACZhB,IAAI,CAACO,MAAM,EACX,CACEP,IAAI,CAACK,UAAU,EACfL,IAAI,CAACM,iBAAiB,EACtBhB,sBAAsB,CAACU,IAAI,CAACO,MAAM,CAAC,CAEvC,CAAC;MAED,OAAO;QACLC,eAAe,EAAER,IAAI,CAACS,mBAAmB,CAACV,GAAG,CAACkB,KAAA;UAAA,IAAC;YAAEN;UAAK,CAAC,GAAAM,KAAA;UAAA,OAAKN,IAAI;QAAA,EAAC;QACjEC,YAAY,EAAEZ,IAAI,CAACa,EAAE;QACrBC,OAAO,EAAEZ,QAAQ;QACjBD,MAAM,EAAE;MACV,CAAC;IACH;IAEA,MAAM,IAAIhB,aAAa,CAAE,GAAEgB,MAAO,2BAA0B,CAAC;EAC/D,CAAC,CACH,CAAC;EAED,OAAO;IACLL,aAAa;IACbD;EACF,CAAC;AACH,CAAC;AAEH,OAAO,MAAMuB,yBAA6E,GACxF,eAAAA,CACEC,aAAa,EACbC,kBAAkB,EAClBC,MAAM,EAEH;EAAA,IADH;IAAEC,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,IAAI;IACF,MAAM;MAAE5B;IAAc,CAAC,GAAGwB,kBAAkB;IAC5C,MAAMO,MAAM,GAAG;MACbC,IAAI,EAAEP,MAAM,CAACO,IAAI;MACjBC,uCAAuC,EACrCR,MAAM,CAACQ;IACX,CAAC;IAED,MAAM3B,QAAQ,GAAGN,aAAa,CAACkC,MAAM,CACnC,CAACC,GAAG,EAAEC,CAAC,KAAK;MACV,CAACD,GAAG,CAACC,CAAC,CAACpB,YAAY,CAAC,KAAK,EAAE,EAAEqB,IAAI,CAACD,CAAC,CAAClB,OAAO,CAAC;MAC5C,OAAOiB,GAAG;IACZ,CAAC,EACD,CAAC,CACH,CAAC;IAED,MAAM;MAAEG;IAAK,CAAC,GAAG,MAAMxD,8BAA8B,CAAC;MACpDyC,aAAa;MACbQ,MAAM;MACNzB,QAAQ;MACRiC,SAAS,EAAE;QACTC,UAAU,EAAEvD,gBAAgB,CAACuD,UAAU;QACvCC,cAAc,EAAExD,gBAAgB,CAACwD;MACnC;IACF,CAAC,CAAC;IAEF,OAAO,MAAMzD,6BAA6B,CAAC;MACzC0D,yBAAyB,EAAEJ,IAAI,CAACK,WAAW;MAC3CC,uBAAuB,EAAErB,aAAa,CAACsB,YAAY;MACnDN,SAAS,EAAE;QAAEZ,KAAK,EAAED;MAAS;IAC/B,CAAC,CAAC;EACJ,CAAC,CAAC,OAAOoB,GAAG,EAAE;IACZ,MAAM5D,gCAAgC,CAAC4D,GAAG,CAAC;EAC7C;AACF,CAAC;AAEH,OAAO,MAAMC,8BAAuF,GAClG,eAAAA,CACExB,aAAa,EAAAyB,KAAA,EAGV;EAAA,IAFH;IAAEC,KAAK;IAAEC;EAAiB,CAAC,GAAAF,KAAA;EAAA,IAC3B;IAAEtB,QAAQ,GAAGC;EAAM,CAAC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,CAAC,CAAC;EAEzB,MAAMuB,WAAW,GAAG,MAAM3D,mBAAmB,CAAC+B,aAAa,EAAE;IAC3D0B,KAAK;IACLG,iBAAiB,EAAEF;EACrB,CAAC,CAAC;EAEF,OAAO,MAAMxB,QAAQ,CAACH,aAAa,CAACsB,YAAY,EAAE;IAChDQ,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDC,IAAI,EAAEJ;EACR,CAAC,CAAC,CACCK,IAAI,CAACpE,gBAAgB,CAAC,GAAG,EAAEE,yBAAyB,CAAC,CAAC,CACtDkE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAACjE,qBAAqB,CAACoE,KAAK,CAAC;AACtC,CAAC"}

package/lib/module/credential/presentation/v1.3.3/index.js ADDED Viewed

@@ -0,0 +1,17 @@
+import { startFlowFromQR } from "./01-start-flow";
+import { evaluateRelyingPartyTrust } from "./02-evaluate-rp-trust";
+import { getRequestObject } from "./03-get-request-object";
+import { verifyRequestObject } from "./04-verify-request-object";
+import { evaluateDcqlQuery } from "./05-evaluate-dcql-query";
+import { prepareRemotePresentations, sendAuthorizationResponse, sendAuthorizationErrorResponse } from "./06-send-authorization-response";
+export const RemotePresentation = {
+  startFlowFromQR,
+  evaluateRelyingPartyTrust,
+  getRequestObject,
+  verifyRequestObject,
+  evaluateDcqlQuery,
+  prepareRemotePresentations,
+  sendAuthorizationResponse,
+  sendAuthorizationErrorResponse
+};
+//# sourceMappingURL=index.js.map

package/lib/module/credential/presentation/v1.3.3/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["startFlowFromQR","evaluateRelyingPartyTrust","getRequestObject","verifyRequestObject","evaluateDcqlQuery","prepareRemotePresentations","sendAuthorizationResponse","sendAuthorizationErrorResponse","RemotePresentation"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/index.ts"],"mappings":"AACA,SAASA,eAAe,QAAQ,iBAAiB;AACjD,SAASC,yBAAyB,QAAQ,wBAAwB;AAClE,SAASC,gBAAgB,QAAQ,yBAAyB;AAC1D,SAASC,mBAAmB,QAAQ,4BAA4B;AAChE,SAASC,iBAAiB,QAAQ,0BAA0B;AAC5D,SACEC,0BAA0B,EAC1BC,yBAAyB,EACzBC,8BAA8B,QACzB,kCAAkC;AAEzC,OAAO,MAAMC,kBAAyC,GAAG;EACvDR,eAAe;EACfC,yBAAyB;EACzBC,gBAAgB;EAChBC,mBAAmB;EACnBC,iBAAiB;EACjBC,0BAA0B;EAC1BC,yBAAyB;EACzBC;AACF,CAAC"}

package/lib/module/credential/presentation/v1.3.3/mappers.js ADDED Viewed

@@ -0,0 +1,24 @@
+import { createMapper } from "../../../utils/mappers";
+export const mapToRelyingPartyConfig = createMapper(x => {
+  const {
+    federation_entity,
+    openid_credential_verifier
+  } = x.payload.metadata;
+  return {
+    subject: x.payload.sub,
+    jwks: openid_credential_verifier.jwks,
+    federation_entity,
+    encrypted_response_enc_values_supported: openid_credential_verifier.encrypted_response_enc_values_supported
+  };
+});
+export const mapToRequestObject = createMapper(x => ({
+  iss: x.iss,
+  client_id: x.client_id,
+  dcql_query: x.dcql_query,
+  nonce: x.nonce,
+  response_uri: x.response_uri,
+  state: x.state,
+  response_mode: x.response_mode,
+  response_type: x.response_type
+}));
+//# sourceMappingURL=mappers.js.map

package/lib/module/credential/presentation/v1.3.3/mappers.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["createMapper","mapToRelyingPartyConfig","x","federation_entity","openid_credential_verifier","payload","metadata","subject","sub","jwks","encrypted_response_enc_values_supported","mapToRequestObject","iss","client_id","dcql_query","nonce","response_uri","state","response_mode","response_type"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/mappers.ts"],"mappings":"AACA,SAASA,YAAY,QAAQ,wBAAwB;AAKrD,OAAO,MAAMC,uBAAuB,GAAGD,YAAY,CAGhDE,CAAC,IAAK;EACP,MAAM;IAAEC,iBAAiB;IAAEC;EAA2B,CAAC,GAAGF,CAAC,CAACG,OAAO,CAACC,QAAQ;EAE5E,OAAO;IACLC,OAAO,EAAEL,CAAC,CAACG,OAAO,CAACG,GAAG;IACtBC,IAAI,EAAEL,0BAA0B,CAACK,IAAI;IACrCN,iBAAiB;IACjBO,uCAAuC,EACrCN,0BAA0B,CAACM;EAC/B,CAAC;AACH,CAAC,CAAC;AAEF,OAAO,MAAMC,kBAAkB,GAAGX,YAAY,CAG3CE,CAAC,KAAM;EACRU,GAAG,EAAEV,CAAC,CAACU,GAAG;EACVC,SAAS,EAAEX,CAAC,CAACW,SAAS;EACtBC,UAAU,EAAEZ,CAAC,CAACY,UAAU;EACxBC,KAAK,EAAEb,CAAC,CAACa,KAAK;EACdC,YAAY,EAAEd,CAAC,CAACc,YAAY;EAC5BC,KAAK,EAAEf,CAAC,CAACe,KAAK;EACdC,aAAa,EAAEhB,CAAC,CAACgB,aAAa;EAC9BC,aAAa,EAAEjB,CAAC,CAACiB;AACnB,CAAC,CAAC,CAAC"}

package/lib/module/credential/presentation/v1.3.3/sdkErrorMapper.js ADDED Viewed

@@ -0,0 +1,65 @@
+import { ValidationError as SdkValidationError } from "@openid4vc/utils";
+import { FetchAuthorizationResponseError as SdkFetchAuthorizationResponseError, CreateAuthorizationResponseError as SdkCreateAuthorizationResponseError } from "@pagopa/io-wallet-oid4vp";
+import { RelyingPartyResponseError, RelyingPartyResponseErrorCodes, ResponseErrorBuilder } from "../../../utils/errors";
+import { Oauth2JwtParseError as SdkOauth2JwtParseError } from "@pagopa/io-wallet-oauth2";
+import { InvalidRequestObjectError } from "../common/errors";
+import { UnexpectedStatusCodeError as SdkUnexpectedStatusCodeError } from "@pagopa/io-wallet-utils";
+/**
+ * Helper to create a generic RelyingPartyResponseError
+ */
+const toRelyingPartyResponseError = function (message, statusCode) {
+  let code = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : RelyingPartyResponseErrorCodes.RelyingPartyGenericError;
+  return new RelyingPartyResponseError({
+    code,
+    message,
+    reason: message,
+    statusCode
+  });
+};
+/**
+ * Mapping Sdk errors during Request Object retrieval (Fetch/QR)
+ */
+export const mapSdkFetchAuthRequestError = err => {
+  if (err instanceof SdkUnexpectedStatusCodeError) {
+    throw toRelyingPartyResponseError(err.message, err.statusCode);
+  }
+  throw err;
+};
+/**
+ * Mapping Sdk errors during JWT parsing and verification
+ */
+export const mapSdkRequestObjectError = err => {
+  if (err instanceof SdkValidationError) {
+    throw new InvalidRequestObjectError("The Request Object structure is invalid", err.message);
+  }
+  if (err instanceof SdkOauth2JwtParseError) {
+    throw new InvalidRequestObjectError("The Request Object is not a valid JWT");
+  }
+  const message = err instanceof Error ? err.message : String(err);
+  throw new InvalidRequestObjectError(message);
+};
+/**
+ * Mapping Sdk errors during Authorization Response submission (JARM / Post)
+ */
+export const mapSdkAuthorizationResponseError = err => {
+  if (err instanceof SdkUnexpectedStatusCodeError) {
+    throw new ResponseErrorBuilder(RelyingPartyResponseError).handle(400, {
+      code: RelyingPartyResponseErrorCodes.InvalidAuthorizationResponse,
+      message: "The Authorization Response contains invalid parameters or it is malformed"
+    }).handle(403, {
+      code: RelyingPartyResponseErrorCodes.InvalidAuthorizationResponse,
+      message: "The Authorization Response was forbidden"
+    }).handle("*", {
+      code: RelyingPartyResponseErrorCodes.RelyingPartyGenericError,
+      message: "Unable to successfully send the Authorization Response"
+    }).buildFrom(err);
+  }
+  if (err instanceof SdkCreateAuthorizationResponseError || err instanceof SdkFetchAuthorizationResponseError) {
+    throw toRelyingPartyResponseError(err.message, err.statusCode ?? 400);
+  }
+  throw err;
+};
+//# sourceMappingURL=sdkErrorMapper.js.map

package/lib/module/credential/presentation/v1.3.3/sdkErrorMapper.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["ValidationError","SdkValidationError","FetchAuthorizationResponseError","SdkFetchAuthorizationResponseError","CreateAuthorizationResponseError","SdkCreateAuthorizationResponseError","RelyingPartyResponseError","RelyingPartyResponseErrorCodes","ResponseErrorBuilder","Oauth2JwtParseError","SdkOauth2JwtParseError","InvalidRequestObjectError","UnexpectedStatusCodeError","SdkUnexpectedStatusCodeError","toRelyingPartyResponseError","message","statusCode","code","arguments","length","undefined","RelyingPartyGenericError","reason","mapSdkFetchAuthRequestError","err","mapSdkRequestObjectError","Error","String","mapSdkAuthorizationResponseError","handle","InvalidAuthorizationResponse","buildFrom"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/sdkErrorMapper.ts"],"mappings":"AAAA,SAASA,eAAe,IAAIC,kBAAkB,QAAQ,kBAAkB;AACxE,SACEC,+BAA+B,IAAIC,kCAAkC,EACrEC,gCAAgC,IAAIC,mCAAmC,QAClE,0BAA0B;AACjC,SACEC,yBAAyB,EACzBC,8BAA8B,EAC9BC,oBAAoB,QACf,uBAAuB;AAC9B,SAASC,mBAAmB,IAAIC,sBAAsB,QAAQ,0BAA0B;AACxF,SAASC,yBAAyB,QAAQ,kBAAkB;AAC5D,SAASC,yBAAyB,IAAIC,4BAA4B,QAAQ,yBAAyB;AAGnG;AACA;AACA;AACA,MAAMC,2BAA2B,GAAG,SAAAA,CAClCC,OAAe,EACfC,UAAkB;EAAA,IAClBC,IAAmC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGX,8BAA8B,CAACc,wBAAwB;EAAA,OAE7F,IAAIf,yBAAyB,CAAC;IAC5BW,IAAI;IACJF,OAAO;IACPO,MAAM,EAAEP,OAAO;IACfC;EACF,CAAC,CAAC;AAAA;;AAEJ;AACA;AACA;AACA,OAAO,MAAMO,2BAA2B,GAAIC,GAAY,IAAK;EAC3D,IAAIA,GAAG,YAAYX,4BAA4B,EAAE;IAC/C,MAAMC,2BAA2B,CAACU,GAAG,CAACT,OAAO,EAAES,GAAG,CAACR,UAAU,CAAC;EAChE;EAEA,MAAMQ,GAAG;AACX,CAAC;;AAED;AACA;AACA;AACA,OAAO,MAAMC,wBAAwB,GAAID,GAAY,IAAK;EACxD,IAAIA,GAAG,YAAYvB,kBAAkB,EAAE;IACrC,MAAM,IAAIU,yBAAyB,CACjC,yCAAyC,EACzCa,GAAG,CAACT,OACN,CAAC;EACH;EAEA,IAAIS,GAAG,YAAYd,sBAAsB,EAAE;IACzC,MAAM,IAAIC,yBAAyB,CACjC,uCACF,CAAC;EACH;EAEA,MAAMI,OAAO,GAAGS,GAAG,YAAYE,KAAK,GAAGF,GAAG,CAACT,OAAO,GAAGY,MAAM,CAACH,GAAG,CAAC;EAChE,MAAM,IAAIb,yBAAyB,CAACI,OAAO,CAAC;AAC9C,CAAC;;AAED;AACA;AACA;AACA,OAAO,MAAMa,gCAAgC,GAAIJ,GAAY,IAAK;EAChE,IAAIA,GAAG,YAAYX,4BAA4B,EAAE;IAC/C,MAAM,IAAIL,oBAAoB,CAACF,yBAAyB,CAAC,CACtDuB,MAAM,CAAC,GAAG,EAAE;MACXZ,IAAI,EAAEV,8BAA8B,CAACuB,4BAA4B;MACjEf,OAAO,EACL;IACJ,CAAC,CAAC,CACDc,MAAM,CAAC,GAAG,EAAE;MACXZ,IAAI,EAAEV,8BAA8B,CAACuB,4BAA4B;MACjEf,OAAO,EAAE;IACX,CAAC,CAAC,CACDc,MAAM,CAAC,GAAG,EAAE;MACXZ,IAAI,EAAEV,8BAA8B,CAACc,wBAAwB;MAC7DN,OAAO,EAAE;IACX,CAAC,CAAC,CACDgB,SAAS,CAACP,GAAG,CAAC;EACnB;EAEA,IACEA,GAAG,YAAYnB,mCAAmC,IAClDmB,GAAG,YAAYrB,kCAAkC,EACjD;IACA,MAAMW,2BAA2B,CAACU,GAAG,CAACT,OAAO,EAAES,GAAG,CAACR,UAAU,IAAI,GAAG,CAAC;EACvE;EAEA,MAAMQ,GAAG;AACX,CAAC"}

package/lib/module/credential/presentation/v1.3.3/types.js ADDED Viewed

@@ -0,0 +1,9 @@
+import * as z from "zod";
+import { zOpenid4vpAuthorizationRequestPayload as sdkRequestObjectPayload } from "@pagopa/io-wallet-oid4vp";
+export const RequestObjectPayload = sdkRequestObjectPayload;
+export const AuthorizationResponse = z.object({
+  status: z.string().optional(),
+  response_code: z.string().optional(),
+  redirect_uri: z.string().optional()
+});
+//# sourceMappingURL=types.js.map

package/lib/module/credential/presentation/v1.3.3/types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["z","zOpenid4vpAuthorizationRequestPayload","sdkRequestObjectPayload","RequestObjectPayload","AuthorizationResponse","object","status","string","optional","response_code","redirect_uri"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/types.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,SAASC,qCAAqC,IAAIC,uBAAuB,QAAQ,0BAA0B;AAG3G,OAAO,MAAMC,oBAAoB,GAAGD,uBAAuB;AAG3D,OAAO,MAAME,qBAAqB,GAAGJ,CAAC,CAACK,MAAM,CAAC;EAC5CC,MAAM,EAAEN,CAAC,CAACO,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EAC7BC,aAAa,EAAET,CAAC,CAACO,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;EACpCE,YAAY,EAAEV,CAAC,CAACO,MAAM,CAAC,CAAC,CAACC,QAAQ,CAAC;AACpC,CAAC,CAAC"}

package/lib/module/credential/presentation/v1.3.3/utils.mdoc.js ADDED Viewed

@@ -0,0 +1,79 @@
+import { CBOR } from "@pagopa/io-react-native-iso18013";
+import { b64utob64 } from "jsrsasign";
+import { getValidDcqlClaims } from "../common/utils/dcql";
+/**
+ * Convert a list of credential in mdoc format to a list of objects
+ * with namespaces for correct parsing by the `dcql` library.
+ * @param credentials The raw mdoc credentials
+ * @returns List of `dcql` compatible objects
+ */
+export const mapCredentialsToObj = async credentialsMdoc => {
+  return await Promise.all(credentialsMdoc.map(async credential => {
+    const issuerSigned = await CBOR.decodeIssuerSigned(b64utob64(credential[1]));
+    const namespaces = Object.entries(issuerSigned.nameSpaces).reduce((acc, _ref) => {
+      let [ns, nsClaims] = _ref;
+      const flattenNsClaims = Object.entries(nsClaims).reduce((ac, _ref2) => {
+        let [, el] = _ref2;
+        return {
+          ...ac,
+          [el.elementIdentifier]: el.elementValue
+        };
+      }, {});
+      return {
+        ...acc,
+        [ns]: flattenNsClaims
+      };
+    }, {});
+    return {
+      credential_format: "mso_mdoc",
+      doctype: issuerSigned.issuerAuth.payload.docType || "missing_doctype",
+      cryptographic_holder_binding: true,
+      namespaces,
+      original_credential: credential
+    };
+  }));
+};
+/**
+ * Extract a compact list of claims from the `dcql` result.
+ * @param match The DCQL query match
+ * @returns The list of claims in {@link EvaluatedDisclosure} format
+ */
+export const getClaimsFromDcqlMatch = match => getValidDcqlClaims(match).flatMap(_ref3 => {
+  let {
+    output
+  } = _ref3;
+  return Object.entries(output).flatMap(_ref4 => {
+    let [ns, nsClaims] = _ref4;
+    return Object.keys(nsClaims).map(claimName => ({
+      namespace: ns,
+      name: claimName,
+      value: nsClaims[claimName]
+    }));
+  });
+});
+/**
+ * Build a presentation frame from the requested claims for selective disclosure.
+ * @param requestedClaims Claims in {@link EvaluatedDisclosure} format
+ * @param docType mdoc doctype
+ * @returns A presentation frame for ISO18013
+ * @example { "org.iso.18013.5.1.mDL": { "org.iso.18013.5.1": { first_name: true } } }
+ */
+export const getPresentationFrameFromClaims = (requestedClaims, docType) => ({
+  [docType]: requestedClaims.reduce((acc, _ref5) => {
+    let {
+      name,
+      namespace
+    } = _ref5;
+    if (namespace) {
+      acc[namespace] ??= {};
+      const existingNamespace = acc[namespace];
+      existingNamespace[name] = true;
+    } else {
+      acc[name] = true;
+    }
+    return acc;
+  }, {})
+});
+//# sourceMappingURL=utils.mdoc.js.map

package/lib/module/credential/presentation/v1.3.3/utils.mdoc.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["CBOR","b64utob64","getValidDcqlClaims","mapCredentialsToObj","credentialsMdoc","Promise","all","map","credential","issuerSigned","decodeIssuerSigned","namespaces","Object","entries","nameSpaces","reduce","acc","_ref","ns","nsClaims","flattenNsClaims","ac","_ref2","el","elementIdentifier","elementValue","credential_format","doctype","issuerAuth","payload","docType","cryptographic_holder_binding","original_credential","getClaimsFromDcqlMatch","match","flatMap","_ref3","output","_ref4","keys","claimName","namespace","name","value","getPresentationFrameFromClaims","requestedClaims","_ref5","existingNamespace"],"sourceRoot":"../../../../../src","sources":["credential/presentation/v1.3.3/utils.mdoc.ts"],"mappings":"AAAA,SAASA,IAAI,QAAQ,kCAAkC;AACvD,SAASC,SAAS,QAAQ,WAAW;AAOrC,SAASC,kBAAkB,QAAQ,sBAAsB;AAMzD;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,mBAAmB,GAAG,MACjCC,eAAkC,IACM;EACxC,OAAO,MAAMC,OAAO,CAACC,GAAG,CACtBF,eAAe,CAACG,GAAG,CAAC,MAAOC,UAAU,IAAK;IACxC,MAAMC,YAAY,GAAG,MAAMT,IAAI,CAACU,kBAAkB,CAChDT,SAAS,CAACO,UAAU,CAAC,CAAC,CAAC,CACzB,CAAC;IAED,MAAMG,UAAU,GAAGC,MAAM,CAACC,OAAO,CAACJ,YAAY,CAACK,UAAU,CAAC,CAACC,MAAM,CAC/D,CAACC,GAAG,EAAAC,IAAA,KAAqB;MAAA,IAAnB,CAACC,EAAE,EAAEC,QAAQ,CAAC,GAAAF,IAAA;MAClB,MAAMG,eAAe,GAAGR,MAAM,CAACC,OAAO,CAACM,QAAQ,CAAC,CAACJ,MAAM,CACrD,CAACM,EAAE,EAAAC,KAAA;QAAA,IAAE,GAAGC,EAAE,CAAC,GAAAD,KAAA;QAAA,OAAM;UACf,GAAGD,EAAE;UACL,CAACE,EAAE,CAACC,iBAAiB,GAAGD,EAAE,CAACE;QAC7B,CAAC;MAAA,CAAC,EACF,CAAC,CACH,CAAC;MAED,OAAO;QACL,GAAGT,GAAG;QACN,CAACE,EAAE,GAAGE;MACR,CAAC;IACH,CAAC,EACD,CAAC,CACH,CAAC;IAED,OAAO;MACLM,iBAAiB,EAAE,UAAU;MAC7BC,OAAO,EAAElB,YAAY,CAACmB,UAAU,CAACC,OAAO,CAACC,OAAO,IAAI,iBAAiB;MACrEC,4BAA4B,EAAE,IAAI;MAClCpB,UAAU;MACVqB,mBAAmB,EAAExB;IACvB,CAAC;EACH,CAAC,CACH,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMyB,sBAAsB,GACjCC,KAAsC,IAEtChC,kBAAkB,CAACgC,KAAK,CAAC,CAACC,OAAO,CAACC,KAAA;EAAA,IAAC;IAAEC;EAAO,CAAC,GAAAD,KAAA;EAAA,OAC3CxB,MAAM,CAACC,OAAO,CAACwB,MAAM,CAAC,CAACF,OAAO,CAACG,KAAA;IAAA,IAAC,CAACpB,EAAE,EAAEC,QAAQ,CAAC,GAAAmB,KAAA;IAAA,OAC5C1B,MAAM,CAAC2B,IAAI,CAACpB,QAAQ,CAAC,CAACZ,GAAG,CAAEiC,SAAS,KAAM;MACxCC,SAAS,EAAEvB,EAAE;MACbwB,IAAI,EAAEF,SAAS;MACfG,KAAK,EAAExB,QAAQ,CAACqB,SAAS;IAC3B,CAAC,CAAC,CAAC;EAAA,CACL,CAAC;AAAA,CACH,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMI,8BAA8B,GAAGA,CAC5CC,eAAsC,EACtCf,OAAe,MACQ;EACvB,CAACA,OAAO,GAAGe,eAAe,CAAC9B,MAAM,CAAC,CAACC,GAAG,EAAA8B,KAAA,KAA0B;IAAA,IAAxB;MAAEJ,IAAI;MAAED;IAAU,CAAC,GAAAK,KAAA;IACzD,IAAIL,SAAS,EAAE;MACbzB,GAAG,CAACyB,SAAS,CAAC,KAAK,CAAC,CAAC;MACrB,MAAMM,iBAAiB,GAAG/B,GAAG,CAACyB,SAAS,CAA4B;MACnEM,iBAAiB,CAACL,IAAI,CAAC,GAAG,IAAI;IAChC,CAAC,MAAM;MACL1B,GAAG,CAAC0B,IAAI,CAAC,GAAG,IAAI;IAClB;IACA,OAAO1B,GAAG;EACZ,CAAC,EAAE,CAAC,CAAsB;AAC5B,CAAC,CAAC"}

package/lib/module/credential/status/README.md CHANGED Viewed

@@ -1,22 +1,40 @@
-# Credential Status Assertion
+# Credential Status
-This flow is used to obtain a credential status assertion from its credential issuer. Each step in the flow is imported from the related file which is named with a sequential number.
+This flow is used to obtain the credential status from its credential issuer. The following methods are currently supported:
+- Status Assertion (v1.0.0)
+- Token Status List (v1.3.3)
+Each step in the flow is imported from the related file which is named with a sequential number.
+#### Status assertion
 The credential status assertion is a JWT which contains the credential status which indicates if the credential is valid or not (see [OAuth Status Assertions](https://italia.github.io/eid-wallet-it-docs/versione-corrente/en/credential-revocation.html#oauth-status-assertions)).
 The status assertion is supposed to be stored securely along with the credential. It has a limited lifetime and should be refreshed periodically according to the `exp` field in the JWT payload.
+#### Status list
+The status list is a byte array embedded in a JWT/CWT, where a sequence of bits is used to represent the status of a digital credential. Each credential references the status list it is part of and the index to access its status. The following is an example for a SD-JWT credential:
+```json
+{
+  "status": {
+    "status_list": {
+      "idx": 1000,
+      "uri": "https://status-list.issuer.example"
+    }
+  }
+}
+```
 ## Sequence Diagram
 ```mermaid
 graph TD;
-    0[startFlow]
-    1[statusAssertion]
-    2[verifyAndParseStatusAssertion]
-    0 --> 1
-    1 --> 2
+  0[getStatusAssertion]
+  1[verifyAndParseStatusAssertion]
+  2[getStatusList]
+  3[verifyAndParseStatusList]
+  0 --> 1
+  2 --> 3
 ```
 ## Mapped results
 The following errors are mapped to a `IssuerResponseError` with specific codes.
@@ -27,23 +45,30 @@ The following errors are mapped to a `IssuerResponseError` with specific codes.
 ## Example
+The status assertion and list APIs are exposed under the namespaces `statusAssertion` and `statusList` respectively, and before using them it necessary to ensure they are supported:
+```ts
+if (CredentialStatus.statusAssertion.isSupported) {
+  // Safely invoke status assertion APIs...
+}
+if (CredentialStatus.statusList.isSupported) {
+  // Safely invoke status list APIs...
+}
+```
 <details>
   <summary>Credential status assertion flow</summary>
 ```ts
-// Start the issuance flow
-const credentialIssuerUrl = "https://issuer.example.com";
-const startFlow: Credential.Status.StartFlow = () => ({
-  issuerUrl: credentialIssuerUrl, // Let's assum
-});
+import { IoWallet } from "@pagopa/io-react-native-wallet";
-const { issuerUrl } = startFlow();
+const wallet = new IoWallet({ version: "1.0.0" });
+const credentialIssuerUrl = "https://issuer.example.com";
-// Evaluate issuer trust
-const { issuerConf } = await Credential.Status.evaluateIssuerTrust(issuerUrl);
+const { issuerConf } = await wallet.CredentialIssuance.evaluateIssuerTrust(credentialIssuerUrl);
 // Get the credential assertion
-const res = await Credential.Status.statusAssertion(
+const res = await wallet.CredentialStatus.statusAssertion.get(
   issuerConf,
   credential,
   format,
@@ -52,7 +77,7 @@ const res = await Credential.Status.statusAssertion(
 // Verify and parse the status assertion
 const { parsedStatusAssertion } =
-  await Credential.Status.verifyAndParseStatusAssertion(
+  await wallet.CredentialStatus.statusAssertion.verifyAndParse(
     issuerConf,
     res.statusAssertion,
     credential,
@@ -66,3 +91,36 @@ return {
 ```
 </details>
+<details>
+  <summary>Credential status list flow</summary>
+```ts
+import { IoWallet } from "@pagopa/io-react-native-wallet";
+const wallet = new IoWallet({ version: "1.3.3" });
+const credentialIssuerUrl = "https://issuer.example.com";
+const { issuerConf } = await wallet.CredentialIssuance.evaluateIssuerTrust(credentialIssuerUrl);
+// Get the status list
+const res = await wallet.CredentialStatus.statusList.get(
+  credential,
+  format,
+);
+// Verify and parse the status list response to get the credential status
+const { status } =
+  await wallet.CredentialStatus.statusList.verifyAndParse(
+    issuerConf,
+    res
+  );
+return {
+  statusList: res.statusList,
+  status,
+};
+```
+</details>