npm - @pagopa/io-react-native-wallet - Versions diffs - 3.2.0 → 3.4.0 - Mend

@pagopa/io-react-native-wallet 3.2.0 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (328) hide show

package/src/credential/issuance/v1.3.3/mappers.ts CHANGED Viewed

@@ -41,6 +41,7 @@ export const mapToIssuerConfig = createMapper<
     const {
       oauth_authorization_server,
       openid_credential_issuer,
+      openid_credential_verifier,
       federation_entity,
     } = x.metadata;
@@ -60,14 +61,19 @@ export const mapToIssuerConfig = createMapper<
       credential_configurations_supported: mapCredentialConfigurationsSupported(
         openid_credential_issuer
       ),
-      keys: openid_credential_issuer.jwks.keys as JWK[],
+      keys: [
+        ...openid_credential_issuer.jwks.keys,
+        ...oauth_authorization_server.jwks.keys,
+      ] as JWK[],
       pushed_authorization_request_endpoint:
         oauth_authorization_server.pushed_authorization_request_endpoint,
       token_endpoint: oauth_authorization_server.token_endpoint,
-      nonce_endpoint: openid_credential_issuer.nonce_endpoint!,
+      nonce_endpoint: openid_credential_issuer.nonce_endpoint ?? "",
       federation_entity: federation_entity ?? {},
       credential_issuance_batch_size:
         openid_credential_issuer.batch_credential_issuance?.batch_size,
+      encrypted_response_enc_values_supported:
+        openid_credential_verifier?.encrypted_response_enc_values_supported,
     };
   },
   { outputSchema: IssuerConfig } // Output validation for extra-safety
@@ -76,13 +82,9 @@ export const mapToIssuerConfig = createMapper<
 export const mapToRequestObject = createMapper<
   ParsedAuthorizeRequestResult,
   RequestObject
->(({ payload }) => ({
-  iss: payload.iss ?? "UNKNOWN_ISSUER",
-  client_id: payload.client_id,
-  dcql_query: payload.dcql_query,
-  nonce: payload.nonce,
-  response_uri: payload.response_uri,
-  state: payload.state,
-  response_mode: payload.response_mode,
-  response_type: payload.response_type,
+>(({ header, payload }) => ({
+  ...payload,
+  iss: payload.iss ?? "",
+  trust_chain: header.trust_chain,
+  x5c: header.x5c as string[] | undefined,
 }));

package/src/credential/presentation/api/05-verify-request-object.ts CHANGED Viewed

@@ -7,7 +7,7 @@ export interface VerifyRequestObjectApi {
    * @since 1.0.0
    *
    * @param requestObjectEncodedJwt The Request Object in JWT format
-   * @param params.clientId The client ID to verify
+   * @param params.clientId The client ID to verify (it may include a prefix)
    * @param params.rpConf Optional Relying Party configuration (OpenID Federation clients only)
    * @param params.state Optional state
    * @returns The verified Request Object

package/src/credential/presentation/api/types.ts CHANGED Viewed

@@ -72,13 +72,9 @@ export type RemotePresentationDetails = {
 type ClientMetadata = {
   jwks: jsonWebKeySet;
   encrypted_response_enc_values_supported: string[];
-  client_id: string;
-  client_name: string;
-  logo_uri: string;
-  application_type: "web";
-  request_uris: string[];
-  response_uris: string[];
   vp_formats_supported: Record<string, { "sd-jwt_alg_values"?: string[] }>;
+  client_name?: string;
+  logo_uri?: string;
 };
 /**
@@ -88,7 +84,7 @@ export type RequestObject = {
   iss: string;
   response_uri: string;
   nonce: string;
-  state: string;
+  state?: string;
   client_id: string;
   dcql_query: Record<string, unknown>;
   response_type: "vp_token";

package/src/credential/presentation/common/utils/http.ts CHANGED Viewed

@@ -9,11 +9,11 @@ import type { DirectAuthorizationBodyPayload } from "../../v1.0.0/types";
  * @returns A URL-encoded string suitable for an `application/x-www-form-urlencoded` POST body.
  */
 export const buildDirectPostBody = async (
-  requestObject: RequestObject,
+  { state }: RequestObject,
   payload: DirectAuthorizationBodyPayload
 ): Promise<string> => {
   const formUrlEncodedBody = new URLSearchParams({
-    state: requestObject.state,
+    ...(state && { state }),
     ...Object.entries(payload).reduce(
       (acc, [key, value]) => ({
         ...acc,

package/src/credential/presentation/{v1.3.3/utils.mdoc.ts → common/utils/mdoc.ts} RENAMED Viewed

@@ -5,8 +5,8 @@ import type {
   Credential4Dcql,
   EvaluatedDisclosure,
   PresentationFrame,
-} from "../api";
-import { getValidDcqlClaims } from "../common/utils/dcql";
+} from "../../api";
+import { getValidDcqlClaims } from "./dcql";
 type CustomDcqlMdocCredential = DcqlMdocCredential & {
   original_credential: Credential4Dcql;

package/src/credential/presentation/v1.0.0/07-send-authorization-response.ts CHANGED Viewed

@@ -81,7 +81,7 @@ export const buildDirectPostJwtBody = async (
   // Build the x-www-form-urlencoded form body
   const formBody = new URLSearchParams({
     response: encryptedResponse,
-    state: requestObject.state,
+    ...(requestObject.state && { state: requestObject.state }),
   });
   return formBody.toString();
 };

package/src/credential/presentation/v1.3.3/05-verify-request-object.ts CHANGED Viewed

@@ -14,7 +14,7 @@ import { mapToRequestObject } from "./mappers";
 import type { RawRequestObject } from "./types";
 export const verifyRequestObject: RemotePresentationApi["verifyRequestObject"] =
-  async (requestObjectEncodedJwt, { clientId, rpConf }) => {
+  async (requestObjectEncodedJwt, { clientId: fullClientId, rpConf }) => {
     const parsedRequestObject = await sdkParseAuthorizeRequest({
       config: sdkConfigV1_3,
       requestObjectJwt: requestObjectEncodedJwt,
@@ -25,17 +25,22 @@ export const verifyRequestObject: RemotePresentationApi["verifyRequestObject"] =
     const rawRequestObject = parsedRequestObject as RawRequestObject;
-    const clientIdPrefix = extractClientIdPrefix(clientId);
+    const { prefix, clientId } = extractClientIdPrefix(fullClientId);
-    if (clientIdPrefix === ClientIdPrefix.X509_HASH) {
+    if (prefix === ClientIdPrefix.X509_HASH) {
       validateX509HashClient(rawRequestObject.header.x5c, clientId);
     }
     if (
-      clientIdPrefix === ClientIdPrefix.OPENID_FEDERATION ||
-      clientIdPrefix === ClientIdPrefix.NONE
+      prefix === ClientIdPrefix.OPENID_FEDERATION ||
+      prefix === ClientIdPrefix.NONE
     ) {
-      validateOpenIDFederationClient(rawRequestObject, clientId, rpConf);
+      validateOpenIDFederationClient(
+        rawRequestObject,
+        fullClientId,
+        clientId,
+        rpConf
+      );
     }
     return {
@@ -45,6 +50,7 @@ export const verifyRequestObject: RemotePresentationApi["verifyRequestObject"] =
 const validateOpenIDFederationClient = (
   requestObject: RawRequestObject,
+  fullClientId: string,
   clientId: string,
   rpConf: RelyingPartyConfig | undefined
 ) => {
@@ -55,8 +61,8 @@ const validateOpenIDFederationClient = (
   }
   const isClientIdMatch =
-    clientId === requestObject.payload.client_id &&
-    stripOpenIdFederationPrefix(clientId) === rpConf.subject;
+    fullClientId === requestObject.payload.client_id &&
+    clientId === rpConf.subject;
   if (!isClientIdMatch) {
     throw new InvalidRequestObjectError(
@@ -67,10 +73,8 @@ const validateOpenIDFederationClient = (
 const validateX509HashClient = (
   certificateChain: string[],
-  clientId: string
+  x509Hash: string
 ) => {
-  const [, x509Hash] = clientId.split(":");
   const calculatedHash = QuickCrypto.createHash("sha-256")
     .update(certificateChain[0]!, "base64")
     .digest("base64url");
@@ -81,6 +85,3 @@ const validateX509HashClient = (
     );
   }
 };
-const stripOpenIdFederationPrefix = (clientId: string) =>
-  clientId.replace("openid_federation:", "");

package/src/credential/presentation/v1.3.3/06-evaluate-dcql-query.ts CHANGED Viewed

@@ -2,13 +2,13 @@ import { DcqlQuery, DcqlError } from "dcql";
 import { isValiError } from "valibot";
 import { CredentialsNotFoundError } from "../common/errors";
 import type { CredentialPurpose } from "../api/06-evaluate-dcql-query";
-import * as mdocUtils from "./utils.mdoc";
-import type { Credential4Dcql, RemotePresentationApi } from "../api";
 import * as sdJwtUtils from "../common/utils/sd-jwt";
-import { getClaimsFromDcqlMatch } from "./utils.mdoc";
+import * as mdocUtils from "../common/utils/mdoc";
+import type { Credential4Dcql, RemotePresentationApi } from "../api";
 import {
   extractFailedCredentialsDetails,
   getDcqlQueryMatches,
+  getClaimsFromDcqlMatch,
   getPresentationFrameFromDcqlMatch,
 } from "../common/utils/dcql";

package/src/credential/presentation/v1.3.3/07-send-authorization-response.ts CHANGED Viewed

@@ -17,6 +17,7 @@ import { AuthorizationResponse } from "./types";
 import { buildDirectPostBody } from "../common/utils/http";
 import { prepareVpToken } from "../../../sd-jwt";
 import { createCryptoContextFor } from "../../../utils/crypto";
+import { sdkConfigV1_3 } from "../../../utils/config";
 import { prepareVpTokenMdoc } from "../../../mdoc";
 /**
@@ -126,6 +127,7 @@ export const sendAuthorizationResponse: RemotePresentationApi["sendAuthorization
       );
       const { jarm } = await sdkCreateAuthorizationResponse({
+        config: sdkConfigV1_3,
         requestObject,
         rpJwks,
         vp_token,

package/src/credential/presentation/v1.3.3/mappers.ts CHANGED Viewed

@@ -21,7 +21,7 @@ export const mapToRelyingPartyConfig = createMapper<
 export const mapToRequestObject = createMapper<RawRequestObject, RequestObject>(
   ({ payload, header }) => ({
-    iss: payload.iss,
+    iss: payload.iss ?? "",
     client_id: payload.client_id,
     dcql_query: payload.dcql_query,
     nonce: payload.nonce,

package/src/credential/status/README.md CHANGED Viewed

@@ -111,15 +111,16 @@ const res = await wallet.CredentialStatus.statusList.get(
 );
 // Verify and parse the status list response to get the credential status
-const { status } =
+const { status, statusBit } =
   await wallet.CredentialStatus.statusList.verifyAndParse(
-    issuerConf,
+    issuerConf.keys,
     res
   );
 return {
   statusList: res.statusList,
   status,
+  statusBit,
 };
 ```

package/src/credential/status/api/status-list.ts CHANGED Viewed

@@ -1,8 +1,6 @@
 import type { Out } from "../../../utils/misc";
-import type {
-  CredentialFormat,
-  IssuerConfig,
-} from "../../../credential/issuance/api";
+import type { CredentialFormat } from "../../../credential/issuance/api";
+import type { JWK } from "../../../utils/jwk";
 export interface StatusListApi {
   isSupported: true;
@@ -22,6 +20,7 @@ export interface StatusListApi {
    * @since 1.3.3
    * @param credential The credential to get the status list for
    * @param format The credential format
+   * @param context.appFetch Optional fetch function to use for the network request
    * @returns The raw status list, the index of the credential and other metadata
    */
   get(
@@ -40,11 +39,15 @@ export interface StatusListApi {
   /**
    * Verifies the signature of a status list and extract the status at the specified index.
    * @since 1.3.3
-   * @param issuerConf The Credential Issuer common configuration
+   * @param keys The JSON Web Key Set to verify the status list signature
    * @param statusListParams The raw status list, the index to read and other metadata
+   * @return The status of the credential and the raw status bit in hexadecimal format (e.g. "0x01")
    */
   verifyAndParse(
-    issuerConf: IssuerConfig,
+    keys: JWK[],
     statusListParams: Out<StatusListApi["get"]>
-  ): Promise<{ status: number }>;
+  ): Promise<{
+    statusBit: string;
+    status: string;
+  }>;
 }

package/src/credential/status/v1.3.3/01-status-list.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { CBOR } from "@pagopa/io-react-native-iso18013";
+import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
 import {
   getStatusListFromJWT,
   type StatusListEntry,
@@ -38,13 +39,26 @@ export const getStatusList: StatusListApi["get"] = async (
 ) => {
   const { uri, idx } = await getStatusListEntry(credential, format);
-  const statusList = await appFetch(uri, {
-    headers: {
-      Accept: "application/statuslist+jwt",
-    },
-  })
-    .then(hasStatusOrThrow(200))
-    .then((response) => response.text());
+  const fetchStatusList = (options: { cacheDisabled?: boolean } = {}) =>
+    appFetch(uri, {
+      headers: {
+        Accept: "application/statuslist+jwt",
+        ...(options.cacheDisabled && { "Cache-Control": "no-cache" }),
+      },
+    })
+      .then(hasStatusOrThrow(200))
+      .then((response) => response.text());
+  // When the HTTP response includes cache headers, fetch will return a cached response and the JWT might be expired
+  let statusList = await fetchStatusList();
+  const decoded = decodeJwt(statusList);
+  const { exp } = decoded.payload;
+  // If the status list JWT is expired, try to fetch it again bypassing the HTTP cache.
+  // If it is still expired after the refetch, `verifyAndParseStatusList` will throw.
+  if (exp && exp < Math.floor(Date.now() / 1000)) {
+    statusList = await fetchStatusList({ cacheDisabled: true });
+  }
   return { statusList, uri, idx, format: "jwt" };
 };

package/src/credential/status/v1.3.3/02-verify-and-parse-status-list.ts CHANGED Viewed

@@ -2,18 +2,32 @@ import { verify } from "@pagopa/io-react-native-jwt";
 import { getListFromStatusListJWT } from "@sd-jwt/jwt-status-list";
 import type { StatusListApi } from "../api/status-list";
+/**
+ * Mapping of status bits to their corresponding meaning as defined in the specification.
+ * @see https://italia.github.io/eid-wallet-it-docs/releases/1.3.3/en/credential-revocation.html#token-status-lists
+ */
+const CredentialStatusMap = {
+  0x00: "VALID",
+  0x01: "INVALID",
+  0x02: "SUSPENDED",
+  0x03: "UPDATE",
+  0x0b: "ATTRIBUTE_UPDATE",
+} as const;
+type CredentialStatusBit = keyof typeof CredentialStatusMap;
 export const verifyAndParseStatusList: StatusListApi["verifyAndParse"] = async (
-  issuerConf,
+  keys,
   { statusList: rawStatusList, idx }
 ) => {
-  await verify(rawStatusList, issuerConf.keys);
+  await verify(rawStatusList, keys);
   const statusList = getListFromStatusListJWT(rawStatusList);
+  const statusBit = statusList.getStatus(idx) as CredentialStatusBit;
+  const status = CredentialStatusMap[statusBit];
-  const status = statusList.getStatus(idx);
-  // TODO: [SIW-3992] Improve the return object with additional data, throw CredentialInvalidStatus when invalid
   return {
     status,
+    statusBit: `0x${statusBit.toString(16).padStart(2, "0").toUpperCase()}`,
   };
 };

package/src/credentials-catalogue/api/DigitalCredentialsCatalogue.ts CHANGED Viewed

@@ -20,13 +20,15 @@ const AdministrativeExpirationUserInfo = z.object({
   description_l10n_id: z.string(),
 });
-const AllowedState = z
+export const AllowedState = z
   .object({
     title_l10n_id: z.string(),
     description_l10n_id: z.string(),
   })
   .catchall(z.string());
+export type AllowedState = z.infer<typeof AllowedState>;
 const CredentialPurpose = z.object({
   id: z.string(),
   description: z.string().optional(),
@@ -116,6 +118,7 @@ export const DigitalCredential = z.object({
   formats: z.array(CredentialFormat).optional(),
   // claims: z.array(Claim), // TODO: [SIW-3978] Should we keep claims?
 });
+export type DigitalCredential = z.infer<typeof DigitalCredential>;
 const TaxonomyPurpose = z.object({
   id: z.string(),

package/src/credentials-catalogue/api/index.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import {
   type CatalogueTranslations,
+  type DigitalCredential,
   type DigitalCredentialsCatalogue,
   type LocalizationInfo,
   type Taxonomy,
@@ -48,10 +49,24 @@ export interface CredentialsCatalogueApi {
     locales: string[],
     ctx?: FetchContext
   ): Promise<CatalogueTranslations>;
+  /**
+   * Given a statusBit (e.g. "0x00", "0x0B") and a DigitalCredential from the
+   * catalogue, returns the matching l10n IDs or undefined if not found.
+   * The comparison is case-insensitive to handle uppercase statusBit values
+   * returned by verifyAndParseStatusList against lowercase keys in the catalogue.
+   *
+   * @since 1.0.0
+   */
+  getStatusL10nIds(
+    statusBit: string,
+    credentialConfig: DigitalCredential
+  ): { titleL10nId: string; descriptionL10nId: string } | undefined;
 }
 export {
   type CatalogueTranslations,
+  type DigitalCredential,
   type DigitalCredentialsCatalogue,
   type LocalizationInfo,
   type Taxonomy,

package/src/credentials-catalogue/common/get-status-l10n-ids.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import { AllowedState } from "../api/DigitalCredentialsCatalogue";
+import { type CredentialsCatalogueApi } from "../api";
+/**
+ * Given a statusBit (e.g. "0x00", "0x0B") and a DigitalCredential from the
+ * catalogue, returns the matching l10n IDs or undefined if not found.
+ * The comparison is case-insensitive to handle uppercase statusBit values
+ * returned by verifyAndParseStatusList against lowercase keys in the catalogue.
+ */
+export const getStatusL10nIds: CredentialsCatalogueApi["getStatusL10nIds"] = (
+  statusBit,
+  credentialConfig
+) => {
+  const normalizedBit = statusBit.toLowerCase();
+  const match = credentialConfig.validity_info.allowed_states.find(
+    (s): s is AllowedState =>
+      typeof s === "object" &&
+      Object.keys(s).some((k) => k.toLowerCase() === normalizedBit)
+  );
+  if (!match) return undefined;
+  return {
+    titleL10nId: match.title_l10n_id,
+    descriptionL10nId: match.description_l10n_id,
+  };
+};

package/src/credentials-catalogue/v1.0.0/index.ts CHANGED Viewed

@@ -1,6 +1,8 @@
 import type { CredentialsCatalogueApi } from "../api";
 import { fetchAndParseCatalogue } from "./fetch-and-parse-catalogue";
+import { getStatusL10nIds } from "../common/get-status-l10n-ids";
 export const CredentialsCatalogue: CredentialsCatalogueApi = {
   fetchAndParseCatalogue,
+  getStatusL10nIds,
 };

package/src/credentials-catalogue/v1.3.3/index.ts CHANGED Viewed

@@ -1,8 +1,10 @@
 import type { CredentialsCatalogueApi } from "../api";
 import { fetchAndParseCatalogue } from "./fetch-and-parse-catalogue";
 import { fetchTranslations } from "./fetch-translations";
+import { getStatusL10nIds } from "../common/get-status-l10n-ids";
 export const CredentialsCatalogue: CredentialsCatalogueApi = {
   fetchAndParseCatalogue,
   fetchTranslations,
+  getStatusL10nIds,
 };

package/src/mdoc/index.ts CHANGED Viewed

@@ -1,19 +1,12 @@
 import { CBOR, COSE, ISO18013_7 } from "@pagopa/io-react-native-iso18013";
 import { b64utob64 } from "jsrsasign";
-import {
-  verifyCertificateChain,
-  type CertificateValidationResult,
-  type PublicKey,
-  type X509CertificateOptions,
-} from "@pagopa/io-react-native-crypto";
-import {
-  MissingX509CertsError,
-  X509ValidationError,
-} from "../trust/common/errors";
+import { type PublicKey } from "@pagopa/io-react-native-crypto";
+import { MissingX509CertsError } from "../trust/common/errors";
 import { IoWalletError } from "../utils/errors";
 import { convertBase64DerToPem, getSigninJwkFromCert } from "../utils/crypto";
-import type { Presentation } from "src/credential/presentation";
+import type { Presentation } from "../credential/presentation";
 import { removePadding } from "@pagopa/io-react-native-jwt";
+import { verifyX509Chain } from "../utils/x509";
 export * from "./utils";
 export const verify = async (
@@ -37,7 +30,7 @@ export const verify = async (
   const x5chain =
     issuerSigned.issuerAuth.unprotectedHeader.x5chain.map(b64utob64);
   // Verify the x5chain
-  await verifyX5chain(x5chain, x509CertRoot);
+  await verifyX509Chain(x5chain, x509CertRoot);
   const coseSign1 = issuerSigned.issuerAuth.rawValue;
@@ -50,35 +43,6 @@ export const verify = async (
   return { issuerSigned };
 };
-/**
- * This function checks whether the x509 certificate chain is valid against a specified Certificate Authority (CA)
- *
- * @param x5chain The mdoc's x509 certificate chain
- * @param x509CertRoot The Trust Anchor CA
- * @param options Options for certificate validation
- */
-const verifyX5chain = async (
-  x5chain: string[],
-  x509CertRoot: string,
-  options: X509CertificateOptions = {
-    connectTimeout: 10000,
-    readTimeout: 10000,
-    requireCrl: true,
-  }
-) => {
-  const x509ValidationResult: CertificateValidationResult =
-    await verifyCertificateChain(x5chain, x509CertRoot, options);
-  if (!x509ValidationResult.isValid) {
-    throw new X509ValidationError(
-      `X.509 certificate chain validation failed. Status: ${x509ValidationResult.validationStatus}. Error: ${x509ValidationResult.errorMessage}`,
-      {
-        x509ValidationStatus: x509ValidationResult.validationStatus,
-        x509ErrorMessage: x509ValidationResult.errorMessage,
-      }
-    );
-  }
-};
 /**
  * This function verifies that the signature is valid for the given certificate.
  * If not, it throws an error

package/src/sd-jwt/__test__/types.test.ts CHANGED Viewed

@@ -28,20 +28,8 @@ describe("Verification.time", () => {
   it("rejects invalid type", () => {
     const value = {
-      trust_framework: "eidas",
+      trust_framework: ["eidas"],
       assurance_level: "high",
-      evidence: [
-        {
-          type: "vouch",
-          time: null,
-          attestation: {
-            type: "digital_attestation",
-            reference_number: "abc",
-            date_of_issuance: "2025-09-02",
-            voucher: { organization: "IPZS" },
-          },
-        },
-      ],
     };
     expect(Verification.safeParse(value).success).toBe(false);

package/src/sd-jwt/__test__/utils.test.ts CHANGED Viewed

@@ -4,18 +4,6 @@ import { getVerification } from "..";
 describe("SD-JWT getVerification", () => {
   it("extracts the verification claims correctly", () => {
     expect(getVerification(pid)).toEqual({
-      evidence: [
-        {
-          attestation: {
-            date_of_issuance: "2025-06-23",
-            voucher: { organization: "Ministero dell'Interno" },
-            type: "digital_attestation",
-            reference_number: "123456789",
-          },
-          time: "2025-06-23T13:14:25Z",
-          type: "vouch",
-        },
-      ],
       trust_framework: "it_cie",
       assurance_level: "high",
     });

package/src/sd-jwt/types.ts CHANGED Viewed

@@ -64,19 +64,6 @@ export type Verification = z.infer<typeof Verification>;
 export const Verification = z.object({
   trust_framework: z.string(),
   assurance_level: z.string(),
-  evidence: z.array(
-    z.object({
-      type: z.literal("vouch"),
-      // Support both string and UNIX timestamp for backward compatibility
-      time: z.union([z.string(), z.number()]),
-      attestation: z.object({
-        type: z.literal("digital_attestation"),
-        reference_number: z.string(),
-        date_of_issuance: z.string(),
-        voucher: z.object({ organization: z.string() }),
-      }),
-    })
-  ),
 });
 /**

package/src/utils/callbacks.ts CHANGED Viewed

@@ -1,4 +1,9 @@
-import { EncryptJwe, getJwkFromHeader } from "@pagopa/io-react-native-jwt";
+import {
+  EncryptJwe,
+  getJwkFromHeader,
+  SignJWT,
+  type CryptoContext,
+} from "@pagopa/io-react-native-jwt";
 import { verify } from "@pagopa/io-react-native-jwt";
 import { type CallbackContext, type JwtSigner } from "@pagopa/io-wallet-oauth2";
 import { digest } from "@sd-jwt/crypto-nodejs";
@@ -109,3 +114,25 @@ export const createVerifyJwtFromJwks = (
     }
   };
 };
+/**
+ * Create a signJwt implementation that signs a JWT using the provided CryptoContext.
+ * @param cryptoContext The CryptoContext to use for signing the JWT
+ * @returns Function that implements `signJwt` callback
+ */
+export const createSignJwtFromCryptoContext = (
+  cryptoContext: CryptoContext
+): CallbackContext["signJwt"] => {
+  return async function signJwt(jwtSigner, { header, payload }) {
+    return {
+      jwt: await new SignJWT(cryptoContext)
+        .setProtectedHeader(header)
+        .setPayload(payload)
+        .sign(),
+      signerJwk:
+        jwtSigner.method === "jwk"
+          ? jwtSigner.publicJwk
+          : await cryptoContext.getPublicKey(),
+    };
+  };
+};

package/src/utils/config.ts CHANGED Viewed

@@ -16,3 +16,10 @@ export const sdkConfigV1_0 = new IoWalletSdkConfig({
 export const sdkConfigV1_3 = new IoWalletSdkConfig({
   itWalletSpecsVersion: ItWalletSpecsVersion.V1_3,
 });
+/**
+ * IO Wallet SDK configuration object for v1.4 specs.
+ */
+export const sdkConfigV1_4 = new IoWalletSdkConfig({
+  itWalletSpecsVersion: ItWalletSpecsVersion.V1_4,
+});