From 1f1057f8da2ae5f87bec06e2f7f877f6c227ce10 Mon Sep 17 00:00:00 2001
From: Manuel Rafeli <manuel.rafeli@pagopa.it>
Date: Sun, 2 Feb 2025 16:09:28 +0100
Subject: [PATCH 1/6] feat: Add support to ECDH-ES encrypt (#39)

---
 example/ios/Podfile.lock           | 12 ++++++------
 ios/IoReactNativeJwt.swift         | 16 ++++++++++++----
 pagopa-io-react-native-jwt.podspec |  2 +-
 3 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/example/ios/Podfile.lock b/example/ios/Podfile.lock
index f9ac0fc..eb45d79 100644
--- a/example/ios/Podfile.lock
+++ b/example/ios/Podfile.lock
@@ -7,7 +7,7 @@ PODS:
   - hermes-engine (0.76.1):
     - hermes-engine/Pre-built (= 0.76.1)
   - hermes-engine/Pre-built (0.76.1)
-  - JOSESwift (2.4.0)
+  - JOSESwift (3.0.0)
   - pagopa-io-react-native-crypto (0.2.3):
     - RCT-Folly
     - RCTRequired
@@ -15,11 +15,11 @@ PODS:
     - React-Codegen
     - React-Core
     - ReactCommon/turbomodule/core
-  - pagopa-io-react-native-jwt (1.2.0):
+  - pagopa-io-react-native-jwt (1.5.0):
     - DoubleConversion
     - glog
     - hermes-engine
-    - JOSESwift (~> 2.3)
+    - JOSESwift (~> 3.0)
     - RCT-Folly (= 2024.01.01.00)
     - RCTRequired
     - RCTTypeSafety
@@ -1758,9 +1758,9 @@ SPEC CHECKSUMS:
   fmt: 10c6e61f4be25dc963c36bd73fc7b1705fe975be
   glog: 08b301085f15bcbb6ff8632a8ebaf239aae04e6a
   hermes-engine: 46f1ffbf0297f4298862068dd4c274d4ac17a1fd
-  JOSESwift: 7ff178bb9173ff42c6e990929a9f2fa702a34f69
+  JOSESwift: 7784b1b844194d0f534eb6ac4fba5af683bccc79
   pagopa-io-react-native-crypto: 4f58db16d6100eb26155948bd7517e5e5f6053f4
-  pagopa-io-react-native-jwt: f7d3312ef152b8c045be6ddc0b2afe2e5b1e8fd8
+  pagopa-io-react-native-jwt: 2ff95200df33349d36346609885408cfb3454a00
   RCT-Folly: bf5c0376ffe4dd2cf438dcf86db385df9fdce648
   RCTDeprecation: fde92935b3caa6cb65cbff9fbb7d3a9867ffb259
   RCTRequired: 75c6cee42d21c1530a6f204ba32ff57335d19007
@@ -1819,7 +1819,7 @@ SPEC CHECKSUMS:
   ReactCodegen: 865bafc5c17ec2181620ced1a32c39c38ab2951d
   ReactCommon: 422e364463f33e336fc4db196aeb50fd801d90d6
   SocketRocket: d4aabe649be1e368d1318fdf28a022d714d65748
-  Yoga: 157bed1c62656587df4639d4dc29714898f8fb10
+  Yoga: db69236006b8b1c6d55ab453390c882306cbf219
 
 PODFILE CHECKSUM: a2c9d49bbf8a792d10e8a2f8dfebd03cf31e351c
 
diff --git a/ios/IoReactNativeJwt.swift b/ios/IoReactNativeJwt.swift
index 3c1395c..40f7ba5 100644
--- a/ios/IoReactNativeJwt.swift
+++ b/ios/IoReactNativeJwt.swift
@@ -1,5 +1,6 @@
 import JOSESwift
 import CommonCrypto
+import Foundation
 
 
 @objc(IoReactNativeJwt)
@@ -23,6 +24,8 @@ class IoReactNativeJwt: NSObject {
                 return KeyManagementAlgorithm.RSAOAEP
             case "RSA-OAEP-256":
                 return KeyManagementAlgorithm.RSAOAEP256
+            case "ECDH-ES":
+                return KeyManagementAlgorithm.ECDH_ES
         default:
             throw HeaderError.invalidAlg("alg value not supported")
         }
@@ -52,11 +55,11 @@ class IoReactNativeJwt: NSObject {
                 if isECKey(jwk:jwk) {
                     let ecJwk = try ECPublicKey(data: publicKeyJson)
                     let publicKey = try ecJwk.converted(to: SecKey.self)
-                    verifier = Verifier(verifyingAlgorithm: jws.header.algorithm!, key: publicKey)!
+                  verifier = Verifier(signatureAlgorithm: jws.header.algorithm!, key: publicKey)!
                 } else {
                     let rsaJwk = try RSAPublicKey(data: publicKeyJson)
                     let publicKey = try rsaJwk.converted(to: SecKey.self)
-                    verifier = Verifier(verifyingAlgorithm: jws.header.algorithm!, key: publicKey)!
+                  verifier = Verifier(signatureAlgorithm: jws.header.algorithm!, key: publicKey)!
                 }
                 _ = try jws.validate(using: verifier!)
                 resolve(true)
@@ -193,12 +196,17 @@ class IoReactNativeJwt: NSObject {
                 let payload = Payload(message)
 
                 if isECKey(jwk:jwk) {
-                    reject("Error", "EC not supported", nil);
+                    // --- ECDH-ES / EC Key ---
+                    let ecPublicKey = try ECPublicKey(data: publicKeyJson)
+                    let encrypter = Encrypter(keyManagementAlgorithm: try getKeyManagmentAlg(header: header), contentEncryptionAlgorithm: try getContentEncryptionAlgorithm(header: header), encryptionKey: ecPublicKey)!
+                    
+                    let jwe = try JWE(header: jweHeader, payload: payload, encrypter: encrypter)
+
+                    resolve(jwe.compactSerializedString)
                 } else {
                     let rsaJwk = try RSAPublicKey(data: publicKeyJson)
                     let publicKey = try rsaJwk.converted(to: SecKey.self)
                     let encrypter = Encrypter(keyManagementAlgorithm: try getKeyManagmentAlg(header: header), contentEncryptionAlgorithm: try getContentEncryptionAlgorithm(header: header), encryptionKey: publicKey)!
-
                     let jwe = try JWE(header: jweHeader, payload: payload, encrypter: encrypter)
 
                     resolve(jwe.compactSerializedString)
diff --git a/pagopa-io-react-native-jwt.podspec b/pagopa-io-react-native-jwt.podspec
index cfebb0e..ca0dbf5 100644
--- a/pagopa-io-react-native-jwt.podspec
+++ b/pagopa-io-react-native-jwt.podspec
@@ -17,7 +17,7 @@ Pod::Spec.new do |s|
   s.source_files = "ios/**/*.{h,m,mm,swift}"
 
   #JOSESwift dependency
-  s.dependency "JOSESwift", "~> 2.3"
+  s.dependency "JOSESwift", "~> 3.0"
 
   # Use install_modules_dependencies helper to install the dependencies if React Native version >=0.71.0.
   # See https://github.com/facebook/react-native/blob/febf6b7f33fdb4904669f99d795eba4c0f95d7bf/scripts/cocoapods/new_architecture.rb#L79.

From 11f19cf74e6ca90f4e529abef919f2d23351e4b8 Mon Sep 17 00:00:00 2001
From: LazyAfternoons <lazyafternoons@outlook.it>
Date: Sun, 2 Feb 2025 16:10:35 +0100
Subject: [PATCH 2/6] chore: release v2.0.0

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 42e2a95..84a7201 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/io-react-native-jwt",
-  "version": "1.5.0",
+  "version": "2.0.0",
   "description": "Native support for JWT",
   "source": "src/index",
   "main": "lib/commonjs/index",

From 84f5d065765d24d0f86422df0cd166df22ced72c Mon Sep 17 00:00:00 2001
From: Manuel Rafeli <manuel.rafeli@pagopa.it>
Date: Wed, 19 Feb 2025 12:39:46 +0100
Subject: [PATCH 3/6] feat: [WLEO-270] Add support to A256GCM encryption (#40)

---
 docs/interfaces/types.JWEHeaderParameters.md | 2 +-
 example/src/App.tsx                          | 2 +-
 ios/IoReactNativeJwt.swift                   | 2 ++
 src/types.ts                                 | 2 +-
 4 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/docs/interfaces/types.JWEHeaderParameters.md b/docs/interfaces/types.JWEHeaderParameters.md
index 9008c53..3b82996 100644
--- a/docs/interfaces/types.JWEHeaderParameters.md
+++ b/docs/interfaces/types.JWEHeaderParameters.md
@@ -53,7 +53,7 @@ ___
 
 ### enc
 
-• `Optional` **enc**: ``"A256CBC-HS512"`` \| ``"A128CBC-HS256"``
+• `Optional` **enc**: ``"A256CBC-HS512"`` \| ``"A128CBC-HS256"``| ``"A256GCM"``
 
 JWE "enc" (Encryption Algorithm) Header Parameter.
 
diff --git a/example/src/App.tsx b/example/src/App.tsx
index b9e8e2d..3b422c5 100644
--- a/example/src/App.tsx
+++ b/example/src/App.tsx
@@ -129,7 +129,7 @@ export default function App() {
     loading();
     const jwe = new EncryptJwe(plaintext, {
       alg: 'ECDH-ES',
-      enc: 'A128CBC-HS256',
+      enc: 'A256GCM',
     }).encrypt(encKey);
     jwe.then(setResult).catch(showError);
   };
diff --git a/ios/IoReactNativeJwt.swift b/ios/IoReactNativeJwt.swift
index 40f7ba5..ed3a0b8 100644
--- a/ios/IoReactNativeJwt.swift
+++ b/ios/IoReactNativeJwt.swift
@@ -38,6 +38,8 @@ class IoReactNativeJwt: NSObject {
                 return ContentEncryptionAlgorithm.A128CBCHS256
             case "A256CBC-HS512":
                 return ContentEncryptionAlgorithm.A256CBCHS512
+            case "A256GCM":
+                return ContentEncryptionAlgorithm.A256GCM
         default:
             throw HeaderError.invalidAlg("enc value not supported")
         }
diff --git a/src/types.ts b/src/types.ts
index 97cf56a..6bddd28 100644
--- a/src/types.ts
+++ b/src/types.ts
@@ -64,7 +64,7 @@ export interface JWEHeaderParameters extends JoseHeaderParameters {
   alg?: 'RSA-OAEP-256' | 'RSA-OAEP' | 'ECDH-ES';
 
   /** JWE "enc" (Encryption Algorithm) Header Parameter. */
-  enc?: 'A256CBC-HS512' | 'A128CBC-HS256' | 'A128CBC-HS256';
+  enc?: 'A256CBC-HS512' | 'A128CBC-HS256' | 'A128CBC-HS256' | 'A256GCM';
 
   /** Any other JWE Header member. */
   [propName: string]: unknown;

From f6ac7be158b9b2b1f61479fa4fafbd10921c8691 Mon Sep 17 00:00:00 2001
From: manuraf <manuel.rafeli@pagopa.it>
Date: Wed, 19 Feb 2025 12:46:36 +0100
Subject: [PATCH 4/6] chore: release v2.1.0

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 84a7201..0587b89 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@pagopa/io-react-native-jwt",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "description": "Native support for JWT",
   "source": "src/index",
   "main": "lib/commonjs/index",

From d2efcd8271759d77504cb017cb6d575ec3b1d176 Mon Sep 17 00:00:00 2001
From: sebastianopriscan <92364304+sebastianopriscan@users.noreply.github.com>
Date: Thu, 27 Mar 2025 09:28:38 +0100
Subject: [PATCH 5/6] fix: [WLEO-309] Add stronger null checking to iOS native
 bridge (#41)

Co-authored-by: eudiwtech <eudiwtech@pagopa.it>
---
 example/src/App.tsx        |  8 ++++++++
 ios/IoReactNativeJwt.swift | 12 ++++++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/example/src/App.tsx b/example/src/App.tsx
index 3b422c5..e0448d9 100644
--- a/example/src/App.tsx
+++ b/example/src/App.tsx
@@ -210,6 +210,14 @@ export default function App() {
           title="Generate JWE (EC)"
           onPress={() => encryptPlaintextEcdh('hello', ecEncJwk)}
         />
+        <Button
+          title="Generate JWE (RSA) (WrongKey)"
+          onPress={() => encryptPlaintextRsa('hello', ecEncJwk)}
+        />
+        <Button
+          title="Generate JWE (EC) (WrongKey)"
+          onPress={() => encryptPlaintextEcdh('hello', encJwk)}
+        />
         <Button title="Verify with JWKSet" onPress={() => verifyWithJwks()} />
       </View>
       <View>
diff --git a/ios/IoReactNativeJwt.swift b/ios/IoReactNativeJwt.swift
index ed3a0b8..350ec9c 100644
--- a/ios/IoReactNativeJwt.swift
+++ b/ios/IoReactNativeJwt.swift
@@ -200,7 +200,11 @@ class IoReactNativeJwt: NSObject {
                 if isECKey(jwk:jwk) {
                     // --- ECDH-ES / EC Key ---
                     let ecPublicKey = try ECPublicKey(data: publicKeyJson)
-                    let encrypter = Encrypter(keyManagementAlgorithm: try getKeyManagmentAlg(header: header), contentEncryptionAlgorithm: try getContentEncryptionAlgorithm(header: header), encryptionKey: ecPublicKey)!
+                    guard let encrypter = Encrypter(keyManagementAlgorithm: try getKeyManagmentAlg(header: header), contentEncryptionAlgorithm: try getContentEncryptionAlgorithm(header: header), encryptionKey: ecPublicKey)
+                    else {
+                      reject("Error", "Error creating Encrypter, incompatible key", nil)
+                      return
+                    }
                     
                     let jwe = try JWE(header: jweHeader, payload: payload, encrypter: encrypter)
 
@@ -208,7 +212,11 @@ class IoReactNativeJwt: NSObject {
                 } else {
                     let rsaJwk = try RSAPublicKey(data: publicKeyJson)
                     let publicKey = try rsaJwk.converted(to: SecKey.self)
-                    let encrypter = Encrypter(keyManagementAlgorithm: try getKeyManagmentAlg(header: header), contentEncryptionAlgorithm: try getContentEncryptionAlgorithm(header: header), encryptionKey: publicKey)!
+                    guard let encrypter = Encrypter(keyManagementAlgorithm: try getKeyManagmentAlg(header: header), contentEncryptionAlgorithm: try getContentEncryptionAlgorithm(header: header), encryptionKey: publicKey)
+                    else {
+                      reject("Error", "Error creating Encrypter, incompatible key", nil)
+                      return
+                    }
                     let jwe = try JWE(header: jweHeader, payload: payload, encrypter: encrypter)
 
                     resolve(jwe.compactSerializedString)

From 7091ec6b76da78ec1aa36d617920bcab72e68570 Mon Sep 17 00:00:00 2001
From: LazyAfternoons <lazyafternoons@outlook.it>
Date: Fri, 28 Mar 2025 11:05:48 +0100
Subject: [PATCH 6/6] chore: update podfile

---
 example/.ruby-version    | 1 +
 example/ios/Podfile.lock | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)
 create mode 100644 example/.ruby-version

diff --git a/example/.ruby-version b/example/.ruby-version
new file mode 100644
index 0000000..06eda28
--- /dev/null
+++ b/example/.ruby-version
@@ -0,0 +1 @@
+3.2.3
\ No newline at end of file
diff --git a/example/ios/Podfile.lock b/example/ios/Podfile.lock
index eb45d79..f943e91 100644
--- a/example/ios/Podfile.lock
+++ b/example/ios/Podfile.lock
@@ -15,7 +15,7 @@ PODS:
     - React-Codegen
     - React-Core
     - ReactCommon/turbomodule/core
-  - pagopa-io-react-native-jwt (1.5.0):
+  - pagopa-io-react-native-jwt (2.1.0):
     - DoubleConversion
     - glog
     - hermes-engine
@@ -1760,7 +1760,7 @@ SPEC CHECKSUMS:
   hermes-engine: 46f1ffbf0297f4298862068dd4c274d4ac17a1fd
   JOSESwift: 7784b1b844194d0f534eb6ac4fba5af683bccc79
   pagopa-io-react-native-crypto: 4f58db16d6100eb26155948bd7517e5e5f6053f4
-  pagopa-io-react-native-jwt: 2ff95200df33349d36346609885408cfb3454a00
+  pagopa-io-react-native-jwt: 504efa2b740fc5f143b9b08c19be5532dfe52d31
   RCT-Folly: bf5c0376ffe4dd2cf438dcf86db385df9fdce648
   RCTDeprecation: fde92935b3caa6cb65cbff9fbb7d3a9867ffb259
   RCTRequired: 75c6cee42d21c1530a6f204ba32ff57335d19007