npm - @pagopa/io-react-native-wallet - Versions diffs - 3.3.0 → 3.4.1 - Mend

@pagopa/io-react-native-wallet 3.3.0 → 3.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (170) hide show

package/src/credential/issuance/v1.3.3/mappers.ts CHANGED Viewed

@@ -41,6 +41,7 @@ export const mapToIssuerConfig = createMapper<
     const {
       oauth_authorization_server,
       openid_credential_issuer,
+      openid_credential_verifier,
       federation_entity,
     } = x.metadata;
@@ -67,10 +68,12 @@ export const mapToIssuerConfig = createMapper<
       pushed_authorization_request_endpoint:
         oauth_authorization_server.pushed_authorization_request_endpoint,
       token_endpoint: oauth_authorization_server.token_endpoint,
-      nonce_endpoint: openid_credential_issuer.nonce_endpoint!,
+      nonce_endpoint: openid_credential_issuer.nonce_endpoint ?? "",
       federation_entity: federation_entity ?? {},
       credential_issuance_batch_size:
         openid_credential_issuer.batch_credential_issuance?.batch_size,
+      encrypted_response_enc_values_supported:
+        openid_credential_verifier?.encrypted_response_enc_values_supported,
     };
   },
   { outputSchema: IssuerConfig } // Output validation for extra-safety
@@ -79,13 +82,9 @@ export const mapToIssuerConfig = createMapper<
 export const mapToRequestObject = createMapper<
   ParsedAuthorizeRequestResult,
   RequestObject
->(({ payload }) => ({
-  iss: payload.iss ?? "UNKNOWN_ISSUER",
-  client_id: payload.client_id,
-  dcql_query: payload.dcql_query,
-  nonce: payload.nonce,
-  response_uri: payload.response_uri,
-  state: payload.state,
-  response_mode: payload.response_mode,
-  response_type: payload.response_type,
+>(({ header, payload }) => ({
+  ...payload,
+  iss: payload.iss ?? "",
+  trust_chain: header.trust_chain,
+  x5c: header.x5c as string[] | undefined,
 }));

package/src/credential/presentation/api/05-verify-request-object.ts CHANGED Viewed

@@ -7,7 +7,7 @@ export interface VerifyRequestObjectApi {
    * @since 1.0.0
    *
    * @param requestObjectEncodedJwt The Request Object in JWT format
-   * @param params.clientId The client ID to verify
+   * @param params.clientId The client ID to verify (it may include a prefix)
    * @param params.rpConf Optional Relying Party configuration (OpenID Federation clients only)
    * @param params.state Optional state
    * @returns The verified Request Object

package/src/credential/presentation/api/types.ts CHANGED Viewed

@@ -72,13 +72,9 @@ export type RemotePresentationDetails = {
 type ClientMetadata = {
   jwks: jsonWebKeySet;
   encrypted_response_enc_values_supported: string[];
-  client_id: string;
-  client_name: string;
-  logo_uri: string;
-  application_type: "web";
-  request_uris: string[];
-  response_uris: string[];
   vp_formats_supported: Record<string, { "sd-jwt_alg_values"?: string[] }>;
+  client_name?: string;
+  logo_uri?: string;
 };
 /**
@@ -88,7 +84,7 @@ export type RequestObject = {
   iss: string;
   response_uri: string;
   nonce: string;
-  state: string;
+  state?: string;
   client_id: string;
   dcql_query: Record<string, unknown>;
   response_type: "vp_token";

package/src/credential/presentation/common/utils/http.ts CHANGED Viewed

@@ -9,11 +9,11 @@ import type { DirectAuthorizationBodyPayload } from "../../v1.0.0/types";
  * @returns A URL-encoded string suitable for an `application/x-www-form-urlencoded` POST body.
  */
 export const buildDirectPostBody = async (
-  requestObject: RequestObject,
+  { state }: RequestObject,
   payload: DirectAuthorizationBodyPayload
 ): Promise<string> => {
   const formUrlEncodedBody = new URLSearchParams({
-    state: requestObject.state,
+    ...(state && { state }),
     ...Object.entries(payload).reduce(
       (acc, [key, value]) => ({
         ...acc,

package/src/credential/presentation/v1.0.0/07-send-authorization-response.ts CHANGED Viewed

@@ -81,7 +81,7 @@ export const buildDirectPostJwtBody = async (
   // Build the x-www-form-urlencoded form body
   const formBody = new URLSearchParams({
     response: encryptedResponse,
-    state: requestObject.state,
+    ...(requestObject.state && { state: requestObject.state }),
   });
   return formBody.toString();
 };

package/src/credential/presentation/v1.3.3/05-verify-request-object.ts CHANGED Viewed

@@ -14,7 +14,7 @@ import { mapToRequestObject } from "./mappers";
 import type { RawRequestObject } from "./types";
 export const verifyRequestObject: RemotePresentationApi["verifyRequestObject"] =
-  async (requestObjectEncodedJwt, { clientId, rpConf }) => {
+  async (requestObjectEncodedJwt, { clientId: fullClientId, rpConf }) => {
     const parsedRequestObject = await sdkParseAuthorizeRequest({
       config: sdkConfigV1_3,
       requestObjectJwt: requestObjectEncodedJwt,
@@ -25,17 +25,22 @@ export const verifyRequestObject: RemotePresentationApi["verifyRequestObject"] =
     const rawRequestObject = parsedRequestObject as RawRequestObject;
-    const clientIdPrefix = extractClientIdPrefix(clientId);
+    const { prefix, clientId } = extractClientIdPrefix(fullClientId);
-    if (clientIdPrefix === ClientIdPrefix.X509_HASH) {
+    if (prefix === ClientIdPrefix.X509_HASH) {
       validateX509HashClient(rawRequestObject.header.x5c, clientId);
     }
     if (
-      clientIdPrefix === ClientIdPrefix.OPENID_FEDERATION ||
-      clientIdPrefix === ClientIdPrefix.NONE
+      prefix === ClientIdPrefix.OPENID_FEDERATION ||
+      prefix === ClientIdPrefix.NONE
     ) {
-      validateOpenIDFederationClient(rawRequestObject, clientId, rpConf);
+      validateOpenIDFederationClient(
+        rawRequestObject,
+        fullClientId,
+        clientId,
+        rpConf
+      );
     }
     return {
@@ -45,6 +50,7 @@ export const verifyRequestObject: RemotePresentationApi["verifyRequestObject"] =
 const validateOpenIDFederationClient = (
   requestObject: RawRequestObject,
+  fullClientId: string,
   clientId: string,
   rpConf: RelyingPartyConfig | undefined
 ) => {
@@ -55,8 +61,8 @@ const validateOpenIDFederationClient = (
   }
   const isClientIdMatch =
-    clientId === requestObject.payload.client_id &&
-    stripOpenIdFederationPrefix(clientId) === rpConf.subject;
+    fullClientId === requestObject.payload.client_id &&
+    clientId === rpConf.subject;
   if (!isClientIdMatch) {
     throw new InvalidRequestObjectError(
@@ -67,10 +73,8 @@ const validateOpenIDFederationClient = (
 const validateX509HashClient = (
   certificateChain: string[],
-  clientId: string
+  x509Hash: string
 ) => {
-  const [, x509Hash] = clientId.split(":");
   const calculatedHash = QuickCrypto.createHash("sha-256")
     .update(certificateChain[0]!, "base64")
     .digest("base64url");
@@ -81,6 +85,3 @@ const validateX509HashClient = (
     );
   }
 };
-const stripOpenIdFederationPrefix = (clientId: string) =>
-  clientId.replace("openid_federation:", "");

package/src/credential/presentation/v1.3.3/07-send-authorization-response.ts CHANGED Viewed

@@ -17,6 +17,7 @@ import { AuthorizationResponse } from "./types";
 import { buildDirectPostBody } from "../common/utils/http";
 import { prepareVpToken } from "../../../sd-jwt";
 import { createCryptoContextFor } from "../../../utils/crypto";
+import { sdkConfigV1_3 } from "../../../utils/config";
 import { prepareVpTokenMdoc } from "../../../mdoc";
 /**
@@ -126,6 +127,7 @@ export const sendAuthorizationResponse: RemotePresentationApi["sendAuthorization
       );
       const { jarm } = await sdkCreateAuthorizationResponse({
+        config: sdkConfigV1_3,
         requestObject,
         rpJwks,
         vp_token,

package/src/credential/presentation/v1.3.3/mappers.ts CHANGED Viewed

@@ -21,7 +21,7 @@ export const mapToRelyingPartyConfig = createMapper<
 export const mapToRequestObject = createMapper<RawRequestObject, RequestObject>(
   ({ payload, header }) => ({
-    iss: payload.iss,
+    iss: payload.iss ?? "",
     client_id: payload.client_id,
     dcql_query: payload.dcql_query,
     nonce: payload.nonce,

package/src/credentials-catalogue/api/DigitalCredentialsCatalogue.ts CHANGED Viewed

@@ -20,13 +20,15 @@ const AdministrativeExpirationUserInfo = z.object({
   description_l10n_id: z.string(),
 });
-const AllowedState = z
+export const AllowedState = z
   .object({
     title_l10n_id: z.string(),
     description_l10n_id: z.string(),
   })
   .catchall(z.string());
+export type AllowedState = z.infer<typeof AllowedState>;
 const CredentialPurpose = z.object({
   id: z.string(),
   description: z.string().optional(),
@@ -116,6 +118,7 @@ export const DigitalCredential = z.object({
   formats: z.array(CredentialFormat).optional(),
   // claims: z.array(Claim), // TODO: [SIW-3978] Should we keep claims?
 });
+export type DigitalCredential = z.infer<typeof DigitalCredential>;
 const TaxonomyPurpose = z.object({
   id: z.string(),

package/src/credentials-catalogue/api/index.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import {
   type CatalogueTranslations,
+  type DigitalCredential,
   type DigitalCredentialsCatalogue,
   type LocalizationInfo,
   type Taxonomy,
@@ -48,10 +49,24 @@ export interface CredentialsCatalogueApi {
     locales: string[],
     ctx?: FetchContext
   ): Promise<CatalogueTranslations>;
+  /**
+   * Given a statusBit (e.g. "0x00", "0x0B") and a DigitalCredential from the
+   * catalogue, returns the matching l10n IDs or undefined if not found.
+   * The comparison is case-insensitive to handle uppercase statusBit values
+   * returned by verifyAndParseStatusList against lowercase keys in the catalogue.
+   *
+   * @since 1.0.0
+   */
+  getStatusL10nIds(
+    statusBit: string,
+    credentialConfig: DigitalCredential
+  ): { titleL10nId: string; descriptionL10nId: string } | undefined;
 }
 export {
   type CatalogueTranslations,
+  type DigitalCredential,
   type DigitalCredentialsCatalogue,
   type LocalizationInfo,
   type Taxonomy,

package/src/credentials-catalogue/common/get-status-l10n-ids.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import { AllowedState } from "../api/DigitalCredentialsCatalogue";
+import { type CredentialsCatalogueApi } from "../api";
+/**
+ * Given a statusBit (e.g. "0x00", "0x0B") and a DigitalCredential from the
+ * catalogue, returns the matching l10n IDs or undefined if not found.
+ * The comparison is case-insensitive to handle uppercase statusBit values
+ * returned by verifyAndParseStatusList against lowercase keys in the catalogue.
+ */
+export const getStatusL10nIds: CredentialsCatalogueApi["getStatusL10nIds"] = (
+  statusBit,
+  credentialConfig
+) => {
+  const normalizedBit = statusBit.toLowerCase();
+  const match = credentialConfig.validity_info.allowed_states.find(
+    (s): s is AllowedState =>
+      typeof s === "object" &&
+      Object.keys(s).some((k) => k.toLowerCase() === normalizedBit)
+  );
+  if (!match) return undefined;
+  return {
+    titleL10nId: match.title_l10n_id,
+    descriptionL10nId: match.description_l10n_id,
+  };
+};

package/src/credentials-catalogue/v1.0.0/index.ts CHANGED Viewed

@@ -1,6 +1,8 @@
 import type { CredentialsCatalogueApi } from "../api";
 import { fetchAndParseCatalogue } from "./fetch-and-parse-catalogue";
+import { getStatusL10nIds } from "../common/get-status-l10n-ids";
 export const CredentialsCatalogue: CredentialsCatalogueApi = {
   fetchAndParseCatalogue,
+  getStatusL10nIds,
 };

package/src/credentials-catalogue/v1.3.3/index.ts CHANGED Viewed

@@ -1,8 +1,10 @@
 import type { CredentialsCatalogueApi } from "../api";
 import { fetchAndParseCatalogue } from "./fetch-and-parse-catalogue";
 import { fetchTranslations } from "./fetch-translations";
+import { getStatusL10nIds } from "../common/get-status-l10n-ids";
 export const CredentialsCatalogue: CredentialsCatalogueApi = {
   fetchAndParseCatalogue,
   fetchTranslations,
+  getStatusL10nIds,
 };

package/src/utils/config.ts CHANGED Viewed

@@ -16,3 +16,10 @@ export const sdkConfigV1_0 = new IoWalletSdkConfig({
 export const sdkConfigV1_3 = new IoWalletSdkConfig({
   itWalletSpecsVersion: ItWalletSpecsVersion.V1_3,
 });
+/**
+ * IO Wallet SDK configuration object for v1.4 specs.
+ */
+export const sdkConfigV1_4 = new IoWalletSdkConfig({
+  itWalletSpecsVersion: ItWalletSpecsVersion.V1_4,
+});

package/lib/commonjs/credential/presentation/common/utils.js DELETED Viewed

@@ -1,28 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.buildDirectPostBody = void 0;
-/**
- * Builds a URL-encoded form body for a direct POST response without encryption.
- *
- * @param requestObject - Contains state, nonce, and other relevant info.
- * @param payload - Object that contains either the VP token to encrypt and the stringified mapping of the credential disclosures or the error code
- * @returns A URL-encoded string suitable for an `application/x-www-form-urlencoded` POST body.
- */
-const buildDirectPostBody = async (requestObject, payload) => {
-  const formUrlEncodedBody = new URLSearchParams({
-    state: requestObject.state,
-    ...Object.entries(payload).reduce((acc, _ref) => {
-      let [key, value] = _ref;
-      return {
-        ...acc,
-        [key]: Array.isArray(value) || typeof value === "object" ? JSON.stringify(value) : value
-      };
-    }, {})
-  });
-  return formUrlEncodedBody.toString();
-};
-exports.buildDirectPostBody = buildDirectPostBody;
-//# sourceMappingURL=utils.js.map

package/lib/commonjs/credential/presentation/common/utils.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["buildDirectPostBody","requestObject","payload","formUrlEncodedBody","URLSearchParams","state","Object","entries","reduce","acc","_ref","key","value","Array","isArray","JSON","stringify","toString","exports"],"sourceRoot":"../../../../../src","sources":["credential/presentation/common/utils.ts"],"mappings":";;;;;;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMA,mBAAmB,GAAG,MAAAA,CACjCC,aAA4B,EAC5BC,OAAuC,KACnB;EACpB,MAAMC,kBAAkB,GAAG,IAAIC,eAAe,CAAC;IAC7CC,KAAK,EAAEJ,aAAa,CAACI,KAAK;IAC1B,GAAGC,MAAM,CAACC,OAAO,CAACL,OAAO,CAAC,CAACM,MAAM,CAC/B,CAACC,GAAG,EAAAC,IAAA;MAAA,IAAE,CAACC,GAAG,EAAEC,KAAK,CAAC,GAAAF,IAAA;MAAA,OAAM;QACtB,GAAGD,GAAG;QACN,CAACE,GAAG,GACFE,KAAK,CAACC,OAAO,CAACF,KAAK,CAAC,IAAI,OAAOA,KAAK,KAAK,QAAQ,GAC7CG,IAAI,CAACC,SAAS,CAACJ,KAAK,CAAC,GACrBA;MACR,CAAC;IAAA,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC;EAEF,OAAOT,kBAAkB,CAACc,QAAQ,CAAC,CAAC;AACtC,CAAC;AAACC,OAAA,CAAAlB,mBAAA,GAAAA,mBAAA"}

package/lib/module/credential/presentation/common/utils.js DELETED Viewed

@@ -1,21 +0,0 @@
-/**
- * Builds a URL-encoded form body for a direct POST response without encryption.
- *
- * @param requestObject - Contains state, nonce, and other relevant info.
- * @param payload - Object that contains either the VP token to encrypt and the stringified mapping of the credential disclosures or the error code
- * @returns A URL-encoded string suitable for an `application/x-www-form-urlencoded` POST body.
- */
-export const buildDirectPostBody = async (requestObject, payload) => {
-  const formUrlEncodedBody = new URLSearchParams({
-    state: requestObject.state,
-    ...Object.entries(payload).reduce((acc, _ref) => {
-      let [key, value] = _ref;
-      return {
-        ...acc,
-        [key]: Array.isArray(value) || typeof value === "object" ? JSON.stringify(value) : value
-      };
-    }, {})
-  });
-  return formUrlEncodedBody.toString();
-};
-//# sourceMappingURL=utils.js.map

package/lib/module/credential/presentation/common/utils.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["buildDirectPostBody","requestObject","payload","formUrlEncodedBody","URLSearchParams","state","Object","entries","reduce","acc","_ref","key","value","Array","isArray","JSON","stringify","toString"],"sourceRoot":"../../../../../src","sources":["credential/presentation/common/utils.ts"],"mappings":"AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMA,mBAAmB,GAAG,MAAAA,CACjCC,aAA4B,EAC5BC,OAAuC,KACnB;EACpB,MAAMC,kBAAkB,GAAG,IAAIC,eAAe,CAAC;IAC7CC,KAAK,EAAEJ,aAAa,CAACI,KAAK;IAC1B,GAAGC,MAAM,CAACC,OAAO,CAACL,OAAO,CAAC,CAACM,MAAM,CAC/B,CAACC,GAAG,EAAAC,IAAA;MAAA,IAAE,CAACC,GAAG,EAAEC,KAAK,CAAC,GAAAF,IAAA;MAAA,OAAM;QACtB,GAAGD,GAAG;QACN,CAACE,GAAG,GACFE,KAAK,CAACC,OAAO,CAACF,KAAK,CAAC,IAAI,OAAOA,KAAK,KAAK,QAAQ,GAC7CG,IAAI,CAACC,SAAS,CAACJ,KAAK,CAAC,GACrBA;MACR,CAAC;IAAA,CAAC,EACF,CAAC,CACH;EACF,CAAC,CAAC;EAEF,OAAOT,kBAAkB,CAACc,QAAQ,CAAC,CAAC;AACtC,CAAC"}

package/lib/typescript/credential/presentation/common/utils.d.ts DELETED Viewed

@@ -1,11 +0,0 @@
-import type { RequestObject } from "../api";
-import type { DirectAuthorizationBodyPayload } from "../v1.0.0/types";
-/**
- * Builds a URL-encoded form body for a direct POST response without encryption.
- *
- * @param requestObject - Contains state, nonce, and other relevant info.
- * @param payload - Object that contains either the VP token to encrypt and the stringified mapping of the credential disclosures or the error code
- * @returns A URL-encoded string suitable for an `application/x-www-form-urlencoded` POST body.
- */
-export declare const buildDirectPostBody: (requestObject: RequestObject, payload: DirectAuthorizationBodyPayload) => Promise<string>;
-//# sourceMappingURL=utils.d.ts.map

package/lib/typescript/credential/presentation/common/utils.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../../../src/credential/presentation/common/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AAC5C,OAAO,KAAK,EAAE,8BAA8B,EAAE,MAAM,iBAAiB,CAAC;AAEtE;;;;;;GAMG;AACH,eAAO,MAAM,mBAAmB,GAC9B,eAAe,aAAa,EAC5B,SAAS,8BAA8B,KACtC,OAAO,CAAC,MAAM,CAgBhB,CAAC"}

package/src/credential/presentation/common/utils.ts DELETED Viewed

@@ -1,30 +0,0 @@
-import type { RequestObject } from "../api";
-import type { DirectAuthorizationBodyPayload } from "../v1.0.0/types";
-/**
- * Builds a URL-encoded form body for a direct POST response without encryption.
- *
- * @param requestObject - Contains state, nonce, and other relevant info.
- * @param payload - Object that contains either the VP token to encrypt and the stringified mapping of the credential disclosures or the error code
- * @returns A URL-encoded string suitable for an `application/x-www-form-urlencoded` POST body.
- */
-export const buildDirectPostBody = async (
-  requestObject: RequestObject,
-  payload: DirectAuthorizationBodyPayload
-): Promise<string> => {
-  const formUrlEncodedBody = new URLSearchParams({
-    state: requestObject.state,
-    ...Object.entries(payload).reduce(
-      (acc, [key, value]) => ({
-        ...acc,
-        [key]:
-          Array.isArray(value) || typeof value === "object"
-            ? JSON.stringify(value)
-            : value,
-      }),
-      {} as Record<string, string>
-    ),
-  });
-  return formUrlEncodedBody.toString();
-};