npm - @pagopa/io-react-native-wallet - Versions diffs - 3.1.0 → 3.1.2 - Mend

@pagopa/io-react-native-wallet 3.1.0 → 3.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (160) hide show

package/src/credential/presentation/api/04-verify-certificate-chain.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import type { CertificateValidationResult } from "@pagopa/io-react-native-crypto";
+export interface VerifyAuthRequestCertificateChainApi {
+  /**
+   * Verify the X.509 certificate chain in the Request Object `x5c` header claim.
+   * @since 1.0.0
+   *
+   * @param requestObjectJwt The Request Object in JWT format
+   * @param params.caRootCert The CA root certificate used to validate the chain
+   * @returns The certificate validation result
+   * @throws {MissingX509CertsError} if the Request Object does not contain x5c
+   * @throws {X509ValidationError} if the certificate chain validation fails
+   */
+  verifyAuthRequestCertificateChain(
+    requestObjectJwt: string,
+    params: {
+      caRootCert: string;
+    }
+  ): Promise<CertificateValidationResult>;
+}

package/src/credential/presentation/api/{06-send-authorization-response.ts → 07-send-authorization-response.ts} RENAMED Viewed

@@ -5,7 +5,7 @@ import type {
   RequestObject,
 } from "./types";
 import type { RelyingPartyConfig } from "./RelyingPartyConfig";
-import type { EvaluateDcqlQueryApi } from "./05-evaluate-dcql-query";
+import type { EvaluateDcqlQueryApi } from "./06-evaluate-dcql-query";
 import type { Out } from "../../../../src/utils/misc";
 type FetchContext = { appFetch?: GlobalFetch["fetch"] };

package/src/credential/presentation/api/index.ts CHANGED Viewed

@@ -1,15 +1,17 @@
 import type { StartFlowApi } from "./01-start-flow";
 import type { EvaluateRelyingPartyTrustApi } from "./02-evaluate-rp-trust";
 import type { GetRequestObjectApi } from "./03-get-request-object";
-import type { VerifyRequestObjectApi } from "./04-verify-request-object";
-import type { EvaluateDcqlQueryApi } from "./05-evaluate-dcql-query";
-import type { SendAuthorizationResponseApi } from "./06-send-authorization-response";
+import type { VerifyAuthRequestCertificateChainApi } from "./04-verify-certificate-chain";
+import type { VerifyRequestObjectApi } from "./05-verify-request-object";
+import type { EvaluateDcqlQueryApi } from "./06-evaluate-dcql-query";
+import type { SendAuthorizationResponseApi } from "./07-send-authorization-response";
 import type { RelyingPartyConfig } from "./RelyingPartyConfig";
 export interface RemotePresentationApi
   extends StartFlowApi,
     EvaluateRelyingPartyTrustApi,
     GetRequestObjectApi,
+    VerifyAuthRequestCertificateChainApi,
     VerifyRequestObjectApi,
     EvaluateDcqlQueryApi,
     SendAuthorizationResponseApi {}

package/src/credential/presentation/v1.0.0/04-verify-certificate-chain.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { UnimplementedFeatureError } from "../../../utils/errors";
+import { type RemotePresentationApi } from "../api";
+export const verifyAuthRequestCertificateChain: RemotePresentationApi["verifyAuthRequestCertificateChain"] =
+  async () => {
+    throw new UnimplementedFeatureError(
+      "verifyAuthRequestCertificateChain",
+      "1.0.0"
+    );
+  };

package/src/credential/presentation/v1.0.0/{05-evaluate-dcql-query.ts → 06-evaluate-dcql-query.ts} RENAMED Viewed

@@ -2,7 +2,7 @@ import { DcqlQuery, DcqlError } from "dcql";
 import { isValiError } from "valibot";
 import { CredentialsNotFoundError } from "../common/errors";
 import type { Credential4Dcql, RemotePresentationApi } from "../api";
-import type { CredentialPurpose } from "../api/05-evaluate-dcql-query";
+import type { CredentialPurpose } from "../api/06-evaluate-dcql-query";
 import * as sdJwtUtils from "../common/utils/sd-jwt";
 import {
   extractFailedCredentialsDetails,

package/src/credential/presentation/v1.0.0/index.ts CHANGED Viewed

@@ -2,18 +2,20 @@ import type { RemotePresentationApi } from "../api";
 import { startFlowFromQR } from "./01-start-flow";
 import { evaluateRelyingPartyTrust } from "./02-evaluate-rp-trust";
 import { getRequestObject } from "./03-get-request-object";
-import { verifyRequestObject } from "./04-verify-request-object";
-import { evaluateDcqlQuery } from "./05-evaluate-dcql-query";
+import { verifyAuthRequestCertificateChain } from "./04-verify-certificate-chain";
+import { verifyRequestObject } from "./05-verify-request-object";
+import { evaluateDcqlQuery } from "./06-evaluate-dcql-query";
 import {
   prepareRemotePresentations,
   sendAuthorizationResponse,
   sendAuthorizationErrorResponse,
-} from "./06-send-authorization-response";
+} from "./07-send-authorization-response";
 export const RemotePresentation: RemotePresentationApi = {
   startFlowFromQR,
   evaluateRelyingPartyTrust,
   getRequestObject,
+  verifyAuthRequestCertificateChain,
   verifyRequestObject,
   evaluateDcqlQuery,
   prepareRemotePresentations,

package/src/credential/presentation/v1.3.3/04-verify-certificate-chain.ts ADDED Viewed

@@ -0,0 +1,49 @@
+import type { RemotePresentationApi } from "../api";
+import { decode } from "@pagopa/io-react-native-jwt";
+import {
+  verifyCertificateChain,
+  type X509CertificateOptions,
+} from "@pagopa/io-react-native-crypto";
+import {
+  MissingX509CertsError,
+  X509ValidationError,
+} from "../../../trust/common/errors";
+import { Logger, LogLevel } from "../../../utils/logging";
+export const verifyAuthRequestCertificateChain: RemotePresentationApi["verifyAuthRequestCertificateChain"] =
+  async (requestObjectJwt, { caRootCert }) => {
+    const x509Options: X509CertificateOptions = {
+      requireCrl: false,
+      connectTimeout: 10_000,
+      readTimeout: 10_000,
+    };
+    const requestObject = decode(requestObjectJwt);
+    const certChain = requestObject.protectedHeader.x5c;
+    if (!certChain) {
+      throw new MissingX509CertsError(
+        "No certificate chain (x5c) found in the Request Object"
+      );
+    }
+    const validationResult = await verifyCertificateChain(
+      certChain,
+      caRootCert,
+      x509Options
+    );
+    if (!validationResult.isValid) {
+      Logger.log(
+        LogLevel.ERROR,
+        `Certificate chain failure: ${validationResult.validationStatus} - ${validationResult.errorMessage}`
+      );
+      throw new X509ValidationError(
+        "X.509 certificate chain validation failed"
+      );
+    }
+    return validationResult;
+  };

package/src/credential/presentation/v1.3.3/{05-evaluate-dcql-query.ts → 06-evaluate-dcql-query.ts} RENAMED Viewed

@@ -1,7 +1,7 @@
 import { DcqlQuery, DcqlError } from "dcql";
 import { isValiError } from "valibot";
 import { CredentialsNotFoundError } from "../common/errors";
-import type { CredentialPurpose } from "../api/05-evaluate-dcql-query";
+import type { CredentialPurpose } from "../api/06-evaluate-dcql-query";
 import * as mdocUtils from "./utils.mdoc";
 import type { Credential4Dcql, RemotePresentationApi } from "../api";
 import * as sdJwtUtils from "../common/utils/sd-jwt";

package/src/credential/presentation/v1.3.3/index.ts CHANGED Viewed

@@ -2,18 +2,20 @@ import type { RemotePresentationApi } from "../api";
 import { startFlowFromQR } from "./01-start-flow";
 import { evaluateRelyingPartyTrust } from "./02-evaluate-rp-trust";
 import { getRequestObject } from "./03-get-request-object";
-import { verifyRequestObject } from "./04-verify-request-object";
-import { evaluateDcqlQuery } from "./05-evaluate-dcql-query";
+import { verifyAuthRequestCertificateChain } from "./04-verify-certificate-chain";
+import { verifyRequestObject } from "./05-verify-request-object";
+import { evaluateDcqlQuery } from "./06-evaluate-dcql-query";
 import {
   prepareRemotePresentations,
   sendAuthorizationResponse,
   sendAuthorizationErrorResponse,
-} from "./06-send-authorization-response";
+} from "./07-send-authorization-response";
 export const RemotePresentation: RemotePresentationApi = {
   startFlowFromQR,
   evaluateRelyingPartyTrust,
   getRequestObject,
+  verifyAuthRequestCertificateChain,
   verifyRequestObject,
   evaluateDcqlQuery,
   prepareRemotePresentations,

package/src/credentials-catalogue/api/DigitalCredentialsCatalogue.ts CHANGED Viewed

@@ -1,6 +1,20 @@
 import * as z from "zod";
 import { UnixTime } from "../../utils/zod";
+export const LocalizationInfo = z.object({
+  available_locales: z.array(z.string()),
+  base_uri: z.string(),
+  default_locale: z.string(),
+  version: z.string(),
+});
+export type LocalizationInfo = z.infer<typeof LocalizationInfo>;
+/**
+ * Merged translations for one or more locales, keyed by locale code.
+ * Each locale maps l10n_id keys to their translated string values.
+ */
+export type CatalogueTranslations = Record<string, Record<string, string>>;
 const AdministrativeExpirationUserInfo = z.object({
   title_l10n_id: z.string(),
   description_l10n_id: z.string(),
@@ -108,6 +122,8 @@ export const DigitalCredentialsCatalogue = z.object({
   credentials: z.array(DigitalCredential),
   iat: UnixTime,
   exp: UnixTime,
+  localization: LocalizationInfo.optional(),
+  as_localization: LocalizationInfo.optional(),
 });
 export type DigitalCredentialsCatalogue = z.infer<
   typeof DigitalCredentialsCatalogue

package/src/credentials-catalogue/api/index.ts CHANGED Viewed

@@ -1,7 +1,16 @@
-import { type DigitalCredentialsCatalogue } from "./DigitalCredentialsCatalogue";
+import {
+  type CatalogueTranslations,
+  type DigitalCredentialsCatalogue,
+  type LocalizationInfo,
+} from "./DigitalCredentialsCatalogue";
 type FetchContext = { appFetch?: GlobalFetch["fetch"] };
+type FetchTranslationsLocalizations = {
+  catalogue?: LocalizationInfo;
+  authenticSources?: LocalizationInfo;
+};
 export interface CredentialsCatalogueApi {
   /**
    * Fetch and parse the Digital Credential Catalogue from the Trust Anchor.
@@ -16,6 +25,31 @@ export interface CredentialsCatalogueApi {
     trustAnchorBaseUrl: string,
     ctx?: FetchContext
   ): Promise<DigitalCredentialsCatalogue>;
+  /**
+   * Fetch locale bundle files for the credential catalogue and authentic sources.
+   * For each requested locale, fetches translations from both registries (if the locale
+   * is listed in their respective `available_locales`) and merges the keys.
+   * Locales not present in a registry's `available_locales` are silently skipped for that source.
+   * On key conflicts, authentic-sources translations take precedence.
+   *
+   * Optional: not supported by all versions. Check for existence before calling.
+   *
+   * @since 1.3.3
+   * @param localizations Localization metadata from a previously fetched catalogue
+   * @param locales Array of locale codes to fetch (e.g. ["it", "en"])
+   * @param ctx.appFetch (optional) fetch API implementation. Default: built-in fetch
+   * @returns Record keyed by locale, each containing merged translation key→value pairs
+   */
+  fetchTranslations?(
+    localizations: FetchTranslationsLocalizations,
+    locales: string[],
+    ctx?: FetchContext
+  ): Promise<CatalogueTranslations>;
 }
-export { type DigitalCredentialsCatalogue };
+export {
+  type CatalogueTranslations,
+  type DigitalCredentialsCatalogue,
+  type LocalizationInfo,
+};

package/src/credentials-catalogue/v1.3.3/fetch-translations.ts ADDED Viewed

@@ -0,0 +1,32 @@
+import type { CredentialsCatalogueApi as Api } from "../api";
+import { fetchLocaleBundle } from "./utils";
+export const fetchTranslations: NonNullable<Api["fetchTranslations"]> = async (
+  { catalogue, authenticSources },
+  locales,
+  { appFetch = fetch } = {}
+) => {
+  const result: Record<string, Record<string, string>> = {};
+  await Promise.all(
+    locales.map(async (locale) => {
+      const [catalogueBundle, asBundle] = await Promise.all([
+        catalogue?.available_locales.includes(locale)
+          ? fetchLocaleBundle(catalogue.base_uri, locale, appFetch)
+          : Promise.resolve({}),
+        authenticSources?.available_locales.includes(locale)
+          ? fetchLocaleBundle(authenticSources.base_uri, locale, appFetch)
+          : Promise.resolve({}),
+      ]);
+      const merged = { ...catalogueBundle, ...asBundle };
+      // Only include the locale in the result if at least one source provided translations
+      if (Object.keys(merged).length > 0) {
+        result[locale] = merged;
+      }
+    })
+  );
+  return result;
+};

package/src/credentials-catalogue/v1.3.3/index.ts CHANGED Viewed

@@ -1,6 +1,8 @@
 import type { CredentialsCatalogueApi } from "../api";
 import { fetchAndParseCatalogue } from "./fetch-and-parse-catalogue";
+import { fetchTranslations } from "./fetch-translations";
 export const CredentialsCatalogue: CredentialsCatalogueApi = {
   fetchAndParseCatalogue,
+  fetchTranslations,
 };

package/src/credentials-catalogue/v1.3.3/mappers.ts CHANGED Viewed

@@ -65,6 +65,8 @@ export const mapToCredentialsCatalogue = createMapper<
     return {
       ...catalogueJwt.payload,
       taxonomy_uri: discoveryJwt.payload.endpoints.taxonomy,
+      localization: catalogueJwt.payload.localization,
+      as_localization: authSourceRegistry.localization,
       credentials: catalogueJwt.payload.credentials.map(
         ({ authentic_sources, credential_name_l10n_id, ...credential }) => ({
           name_l10n_id: credential_name_l10n_id,

package/src/credentials-catalogue/v1.3.3/types.ts CHANGED Viewed

@@ -106,8 +106,8 @@ export const DigitalCredential = z.object({
   legal_type: z.string(),
   restriction_policy: z
     .object({
-      allowed_wallet_ids: z.array(z.string()),
-      allowed_issuer_ids: z.array(z.string()),
+      allowed_wallet_ids: z.array(z.string()).optional(),
+      allowed_issuer_ids: z.array(z.string()).optional(),
       presentation_flows: z.object({
         remote: z.boolean(),
         proximity: z.boolean(),

package/src/credentials-catalogue/v1.3.3/utils.ts CHANGED Viewed

@@ -67,3 +67,36 @@ export const fetchRegistry = async <T>(
     `Unsupported content-type for ${url}: ${contentType}`
   );
 };
+/**
+ * Fetch a locale bundle file from the Registry Infrastructure.
+ * Bundle files are flat JSON objects mapping l10n_id keys to translated strings.
+ * @see https://italia.github.io/eid-wallet-it-docs/releases/1.3.3/en/registry.html
+ *
+ * @param baseUri The base URI from a registry's localization object
+ * @param locale The locale code (e.g. "it", "en")
+ * @param appFetch Custom fetch implementation
+ * @returns Flat key→value translation map
+ */
+export const fetchLocaleBundle = async (
+  baseUri: string,
+  locale: string,
+  appFetch: GlobalFetch["fetch"] = fetch
+): Promise<Record<string, string>> => {
+  const url = `${baseUri.replace(/\/$/, "")}/${locale}.json`;
+  const response = await appFetch(url, {
+    method: "GET",
+    headers: { Accept: "application/json" },
+  }).then(hasStatusOrThrow(200));
+  const contentType = response.headers.get("Content-Type");
+  if (!contentType?.includes("application/json")) {
+    throw new IoWalletError(
+      `Locale bundle at ${url} returned unexpected Content-Type: ${contentType}`
+    );
+  }
+  const responseJson = await response.json();
+  return z.record(z.string(), z.string()).parse(responseJson);
+};

package/lib/commonjs/credential/presentation/api/04-verify-request-object.js.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"names":[],"sourceRoot":"../../../../../src","sources":["credential/presentation/api/04-verify-request-object.ts"],"mappings":""}

package/lib/commonjs/credential/presentation/api/05-evaluate-dcql-query.js.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"names":[],"sourceRoot":"../../../../../src","sources":["credential/presentation/api/05-evaluate-dcql-query.ts"],"mappings":""}

package/lib/commonjs/credential/presentation/api/06-send-authorization-response.js.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"names":[],"sourceRoot":"../../../../../src","sources":["credential/presentation/api/06-send-authorization-response.ts"],"mappings":""}

package/lib/module/credential/presentation/api/04-verify-request-object.js DELETED Viewed

	@@ -1,2 +0,0 @@
1	- export {};
2	- //# sourceMappingURL=04-verify-request-object.js.map

package/lib/module/credential/presentation/api/04-verify-request-object.js.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"names":[],"sourceRoot":"../../../../../src","sources":["credential/presentation/api/04-verify-request-object.ts"],"mappings":""}

package/lib/module/credential/presentation/api/05-evaluate-dcql-query.js DELETED Viewed

	@@ -1,2 +0,0 @@
1	- export {};
2	- //# sourceMappingURL=05-evaluate-dcql-query.js.map

package/lib/module/credential/presentation/api/05-evaluate-dcql-query.js.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"names":[],"sourceRoot":"../../../../../src","sources":["credential/presentation/api/05-evaluate-dcql-query.ts"],"mappings":""}

package/lib/module/credential/presentation/api/06-send-authorization-response.js DELETED Viewed

	@@ -1,2 +0,0 @@
1	- export {};
2	- //# sourceMappingURL=06-send-authorization-response.js.map

package/lib/module/credential/presentation/api/06-send-authorization-response.js.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"names":[],"sourceRoot":"../../../../../src","sources":["credential/presentation/api/06-send-authorization-response.ts"],"mappings":""}

package/lib/typescript/credential/presentation/v1.0.0/04-verify-request-object.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"04-verify-request-object.d.ts","sourceRoot":"","sources":["../../../../../src/credential/presentation/v1.0.0/04-verify-request-object.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAsB,qBAAqB,EAAE,MAAM,QAAQ,CAAC;AAMxE,eAAO,MAAM,mBAAmB,EAAE,qBAAqB,CAAC,qBAAqB,CAsC1E,CAAC"}

package/lib/typescript/credential/presentation/v1.0.0/05-evaluate-dcql-query.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"05-evaluate-dcql-query.d.ts","sourceRoot":"","sources":["../../../../../src/credential/presentation/v1.0.0/05-evaluate-dcql-query.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAmB,qBAAqB,EAAE,MAAM,QAAQ,CAAC;AAWrE,eAAO,MAAM,iBAAiB,EAAE,qBAAqB,CAAC,mBAAmB,CAkFtE,CAAC"}

package/lib/typescript/credential/presentation/v1.3.3/04-verify-request-object.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"04-verify-request-object.d.ts","sourceRoot":"","sources":["../../../../../src/credential/presentation/v1.3.3/04-verify-request-object.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,QAAQ,CAAC;AAQpD,eAAO,MAAM,mBAAmB,EAAE,qBAAqB,CAAC,qBAAqB,CAwB1E,CAAC"}

package/lib/typescript/credential/presentation/v1.3.3/05-evaluate-dcql-query.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"05-evaluate-dcql-query.d.ts","sourceRoot":"","sources":["../../../../../src/credential/presentation/v1.3.3/05-evaluate-dcql-query.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAmB,qBAAqB,EAAE,MAAM,QAAQ,CAAC;AASrE,eAAO,MAAM,iBAAiB,EAAE,qBAAqB,CAAC,mBAAmB,CAwGtE,CAAC"}

/package/src/credential/presentation/api/{04-verify-request-object.ts → 05-verify-request-object.ts} RENAMED Viewed

File without changes

/package/src/credential/presentation/api/{05-evaluate-dcql-query.ts → 06-evaluate-dcql-query.ts} RENAMED Viewed

File without changes

/package/src/credential/presentation/v1.0.0/{04-verify-request-object.ts → 05-verify-request-object.ts} RENAMED Viewed

File without changes

/package/src/credential/presentation/v1.0.0/{06-send-authorization-response.ts → 07-send-authorization-response.ts} RENAMED Viewed

File without changes

/package/src/credential/presentation/v1.3.3/{04-verify-request-object.ts → 05-verify-request-object.ts} RENAMED Viewed

File without changes

/package/src/credential/presentation/v1.3.3/{06-send-authorization-response.ts → 07-send-authorization-response.ts} RENAMED Viewed

File without changes