@pagopa/io-react-native-wallet 0.24.0 → 0.24.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. package/lib/commonjs/credential/trustmark/get-credential-trustmark.js +14 -5
  2. package/lib/commonjs/credential/trustmark/get-credential-trustmark.js.map +1 -1
  3. package/lib/module/credential/trustmark/get-credential-trustmark.js +14 -5
  4. package/lib/module/credential/trustmark/get-credential-trustmark.js.map +1 -1
  5. package/lib/typescript/credential/trustmark/get-credential-trustmark.d.ts +4 -2
  6. package/lib/typescript/credential/trustmark/get-credential-trustmark.d.ts.map +1 -1
  7. package/package.json +1 -1
  8. package/src/credential/trustmark/get-credential-trustmark.ts +13 -4
package/lib/commonjs/credential/trustmark/get-credential-trustmark.js CHANGED
@@ -19,9 +19,11 @@ function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj &&
19
19
  * @param credentialType The type of credential for which the trustmark is generated
20
20
  * @param docNumber (Optional) Document number contained in the credential, if applicable
21
21
  * @param expirationTime (Optional) Expiration time for the trustmark, default is 2 minutes.
22
- * If a number is provided, it is interpreted as a timestamp in seconds.
23
- * If a string is provided, it is interpreted as a time span and added to the current timestamp.
22
+ * If a number is provided, it is interpreted as a timestamp in seconds.
23
+ * If a string is provided, it is interpreted as a time span and added to the current timestamp.
24
+ * @throws {IoWalletError} If the WIA is expired
24
25
  * @throws {IoWalletError} If the public key associated to the WIA is not the same for the CryptoContext
26
+ * @throws {JWSSignatureVerificationFailed} If the WIA signature is not valid
25
27
  * @returns A promise containing the signed JWT and its expiration time in seconds
26
28
  */
27
29
  const getCredentialTrustmark = async _ref => {
@@ -38,6 +40,13 @@ const getCredentialTrustmark = async _ref => {
38
40
  const holderBindingKey = await wiaCryptoContext.getPublicKey();
39
41
  const decodedWia = WalletInstanceAttestation.decode(walletInstanceAttestation);
40
42
 
43
+ /**
44
+ * Check that the WIA is not expired
45
+ */
46
+ if (decodedWia.payload.exp * 1000 < Date.now()) {
47
+ throw new _errors.IoWalletError("Wallet Instance Attestation expired");
48
+ }
49
+
41
50
  /**
42
51
  * Verify holder binding by comparing thumbprints of the WIA and the CryptoContext key
43
52
  */
@@ -54,13 +63,13 @@ const getCredentialTrustmark = async _ref => {
54
63
  alg: "ES256"
55
64
  }).setPayload({
56
65
  iss: walletInstanceAttestation,
57
- sub: credentialType,
58
66
  /**
59
67
  * If present, the document number is obfuscated before adding it to the payload
60
68
  */
61
69
  ...(docNumber ? {
62
- subtyp: (0, _string.obfuscateString)(docNumber)
63
- } : {})
70
+ sub: (0, _string.obfuscateString)(docNumber)
71
+ } : {}),
72
+ subtyp: credentialType
64
73
  }).setIssuedAt().setExpirationTime(expirationTime).sign();
65
74
  const decodedTrustmark = (0, _ioReactNativeJwt.decode)(signedTrustmarkJwt);
66
75
  return {
package/lib/commonjs/credential/trustmark/get-credential-trustmark.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_ioReactNativeJwt","require","WalletInstanceAttestation","_interopRequireWildcard","_errors","_string","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","getCredentialTrustmark","_ref","walletInstanceAttestation","wiaCryptoContext","credentialType","docNumber","expirationTime","holderBindingKey","getPublicKey","decodedWia","decode","wiaThumbprint","thumbprint","payload","cnf","jwk","cryptoContextThumbprint","IoWalletError","signedTrustmarkJwt","SignJWT","setProtectedHeader","alg","setPayload","iss","sub","subtyp","obfuscateString","setIssuedAt","setExpirationTime","sign","decodedTrustmark","decodeJwt","jwt","exp","exports"],"sourceRoot":"../../../../src","sources":["credential/trustmark/get-credential-trustmark.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAMA,IAAAC,yBAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAAqD,SAAAK,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAoCrD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMW,sBAAiD,GAAG,MAAAC,IAAA,IAM3D;EAAA,IANkE;IACtEC,yBAAyB;IACzBC,gBAAgB;IAChBC,cAAc;IACdC,SAAS;IACTC,cAAc,GAAG;EACnB,CAAC,GAAAL,IAAA;EACC;AACF;AACA;EACE,MAAMM,gBAAgB,GAAG,MAAMJ,gBAAgB,CAACK,YAAY,CAAC,CAAC;EAC9D,MAAMC,UAAU,GAAGnC,yBAAyB,CAACoC,MAAM,CACjDR,yBACF,CAAC;;EAED;AACF;AACA;EACE,MAAMS,aAAa,GAAG,MAAM,IAAAC,4BAAU,EAACH,UAAU,CAACI,OAAO,CAACC,GAAG,CAACC,GAAG,CAAC;EAClE,MAAMC,uBAAuB,GAAG,MAAM,IAAAJ,4BAAU,EAACL,gBAAgB,CAAC;EAElE,IAAII,aAAa,KAAKK,uBAAuB,EAAE;IAC7C,MAAM,IAAIC,qBAAa,CACpB,gFAA+ED,uBAAwB,UAASL,aAAc,EACjI,CAAC;EACH;;EAEA;AACF;AACA;EACE,MAAMO,kBAAkB,GAAG,MAAM,IAAIC,yBAAO,CAAChB,gBAAgB,CAAC,CAC3DiB,kBAAkB,CAAC;IAClBC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,GAAG,EAAErB,yBAAyB;IAC9BsB,GAAG,EAAEpB,cAAc;IACnB;AACN;AACA;IACM,IAAIC,SAAS,GAAG;MAAEoB,MAAM,EAAE,IAAAC,uBAAe,EAACrB,SAAS;IAAE,CAAC,GAAG,CAAC,CAAC;EAC7D,CAAC,CAAC,CACDsB,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAACtB,cAAc,CAAC,CACjCuB,IAAI,CAAC,CAAC;EAET,MAAMC,gBAAgB,GAAG,IAAAC,wBAAS,EAACb,kBAAkB,CAAC;EAEtD,OAAO;IACLc,GAAG,EAAEd,kBAAkB;IACvBZ,cAAc,EAAEwB,gBAAgB,CAACjB,OAAO,CAACoB,GAAG,IAAI;EAClD,CAAC;AACH,CAAC;AAACC,OAAA,CAAAlC,sBAAA,GAAAA,sBAAA"}
1
+ {"version":3,"names":["_ioReactNativeJwt","require","WalletInstanceAttestation","_interopRequireWildcard","_errors","_string","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","getCredentialTrustmark","_ref","walletInstanceAttestation","wiaCryptoContext","credentialType","docNumber","expirationTime","holderBindingKey","getPublicKey","decodedWia","decode","payload","exp","Date","now","IoWalletError","wiaThumbprint","thumbprint","cnf","jwk","cryptoContextThumbprint","signedTrustmarkJwt","SignJWT","setProtectedHeader","alg","setPayload","iss","sub","obfuscateString","subtyp","setIssuedAt","setExpirationTime","sign","decodedTrustmark","decodeJwt","jwt","exports"],"sourceRoot":"../../../../src","sources":["credential/trustmark/get-credential-trustmark.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAMA,IAAAC,yBAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAAqD,SAAAK,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAoCrD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMW,sBAAiD,GAAG,MAAAC,IAAA,IAM3D;EAAA,IANkE;IACtEC,yBAAyB;IACzBC,gBAAgB;IAChBC,cAAc;IACdC,SAAS;IACTC,cAAc,GAAG;EACnB,CAAC,GAAAL,IAAA;EACC;AACF;AACA;EACE,MAAMM,gBAAgB,GAAG,MAAMJ,gBAAgB,CAACK,YAAY,CAAC,CAAC;EAC9D,MAAMC,UAAU,GAAGnC,yBAAyB,CAACoC,MAAM,CACjDR,yBACF,CAAC;;EAED;AACF;AACA;EACE,IAAIO,UAAU,CAACE,OAAO,CAACC,GAAG,GAAG,IAAI,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC,EAAE;IAC9C,MAAM,IAAIC,qBAAa,CAAC,qCAAqC,CAAC;EAChE;;EAEA;AACF;AACA;EACE,MAAMC,aAAa,GAAG,MAAM,IAAAC,4BAAU,EAACR,UAAU,CAACE,OAAO,CAACO,GAAG,CAACC,GAAG,CAAC;EAClE,MAAMC,uBAAuB,GAAG,MAAM,IAAAH,4BAAU,EAACV,gBAAgB,CAAC;EAElE,IAAIS,aAAa,KAAKI,uBAAuB,EAAE;IAC7C,MAAM,IAAIL,qBAAa,CACpB,gFAA+EK,uBAAwB,UAASJ,aAAc,EACjI,CAAC;EACH;;EAEA;AACF;AACA;EACE,MAAMK,kBAAkB,GAAG,MAAM,IAAIC,yBAAO,CAACnB,gBAAgB,CAAC,CAC3DoB,kBAAkB,CAAC;IAClBC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,GAAG,EAAExB,yBAAyB;IAC9B;AACN;AACA;IACM,IAAIG,SAAS,GAAG;MAAEsB,GAAG,EAAE,IAAAC,uBAAe,EAACvB,SAAS;IAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzDwB,MAAM,EAAEzB;EACV,CAAC,CAAC,CACD0B,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAACzB,cAAc,CAAC,CACjC0B,IAAI,CAAC,CAAC;EAET,MAAMC,gBAAgB,GAAG,IAAAC,wBAAS,EAACb,kBAAkB,CAAC;EAEtD,OAAO;IACLc,GAAG,EAAEd,kBAAkB;IACvBf,cAAc,EAAE2B,gBAAgB,CAACtB,OAAO,CAACC,GAAG,IAAI;EAClD,CAAC;AACH,CAAC;AAACwB,OAAA,CAAApC,sBAAA,GAAAA,sBAAA"}
package/lib/module/credential/trustmark/get-credential-trustmark.js CHANGED
@@ -11,9 +11,11 @@ import { obfuscateString } from "../../utils/string";
11
11
  * @param credentialType The type of credential for which the trustmark is generated
12
12
  * @param docNumber (Optional) Document number contained in the credential, if applicable
13
13
  * @param expirationTime (Optional) Expiration time for the trustmark, default is 2 minutes.
14
- * If a number is provided, it is interpreted as a timestamp in seconds.
15
- * If a string is provided, it is interpreted as a time span and added to the current timestamp.
14
+ * If a number is provided, it is interpreted as a timestamp in seconds.
15
+ * If a string is provided, it is interpreted as a time span and added to the current timestamp.
16
+ * @throws {IoWalletError} If the WIA is expired
16
17
  * @throws {IoWalletError} If the public key associated to the WIA is not the same for the CryptoContext
18
+ * @throws {JWSSignatureVerificationFailed} If the WIA signature is not valid
17
19
  * @returns A promise containing the signed JWT and its expiration time in seconds
18
20
  */
19
21
  export const getCredentialTrustmark = async _ref => {
@@ -30,6 +32,13 @@ export const getCredentialTrustmark = async _ref => {
30
32
  const holderBindingKey = await wiaCryptoContext.getPublicKey();
31
33
  const decodedWia = WalletInstanceAttestation.decode(walletInstanceAttestation);
32
34
 
35
+ /**
36
+ * Check that the WIA is not expired
37
+ */
38
+ if (decodedWia.payload.exp * 1000 < Date.now()) {
39
+ throw new IoWalletError("Wallet Instance Attestation expired");
40
+ }
41
+
33
42
  /**
34
43
  * Verify holder binding by comparing thumbprints of the WIA and the CryptoContext key
35
44
  */
@@ -46,13 +55,13 @@ export const getCredentialTrustmark = async _ref => {
46
55
  alg: "ES256"
47
56
  }).setPayload({
48
57
  iss: walletInstanceAttestation,
49
- sub: credentialType,
50
58
  /**
51
59
  * If present, the document number is obfuscated before adding it to the payload
52
60
  */
53
61
  ...(docNumber ? {
54
- subtyp: obfuscateString(docNumber)
55
- } : {})
62
+ sub: obfuscateString(docNumber)
63
+ } : {}),
64
+ subtyp: credentialType
56
65
  }).setIssuedAt().setExpirationTime(expirationTime).sign();
57
66
  const decodedTrustmark = decodeJwt(signedTrustmarkJwt);
58
67
  return {
package/lib/module/credential/trustmark/get-credential-trustmark.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["SignJWT","thumbprint","decode","decodeJwt","WalletInstanceAttestation","IoWalletError","obfuscateString","getCredentialTrustmark","_ref","walletInstanceAttestation","wiaCryptoContext","credentialType","docNumber","expirationTime","holderBindingKey","getPublicKey","decodedWia","wiaThumbprint","payload","cnf","jwk","cryptoContextThumbprint","signedTrustmarkJwt","setProtectedHeader","alg","setPayload","iss","sub","subtyp","setIssuedAt","setExpirationTime","sign","decodedTrustmark","jwt","exp"],"sourceRoot":"../../../../src","sources":["credential/trustmark/get-credential-trustmark.ts"],"mappings":"AAAA,SACEA,OAAO,EACPC,UAAU,EAEVC,MAAM,IAAIC,SAAS,QACd,6BAA6B;AACpC,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAC9E,SAASC,aAAa,QAAQ,oBAAoB;AAClD,SAASC,eAAe,QAAQ,oBAAoB;AAoCpD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAiD,GAAG,MAAAC,IAAA,IAM3D;EAAA,IANkE;IACtEC,yBAAyB;IACzBC,gBAAgB;IAChBC,cAAc;IACdC,SAAS;IACTC,cAAc,GAAG;EACnB,CAAC,GAAAL,IAAA;EACC;AACF;AACA;EACE,MAAMM,gBAAgB,GAAG,MAAMJ,gBAAgB,CAACK,YAAY,CAAC,CAAC;EAC9D,MAAMC,UAAU,GAAGZ,yBAAyB,CAACF,MAAM,CACjDO,yBACF,CAAC;;EAED;AACF;AACA;EACE,MAAMQ,aAAa,GAAG,MAAMhB,UAAU,CAACe,UAAU,CAACE,OAAO,CAACC,GAAG,CAACC,GAAG,CAAC;EAClE,MAAMC,uBAAuB,GAAG,MAAMpB,UAAU,CAACa,gBAAgB,CAAC;EAElE,IAAIG,aAAa,KAAKI,uBAAuB,EAAE;IAC7C,MAAM,IAAIhB,aAAa,CACpB,gFAA+EgB,uBAAwB,UAASJ,aAAc,EACjI,CAAC;EACH;;EAEA;AACF;AACA;EACE,MAAMK,kBAAkB,GAAG,MAAM,IAAItB,OAAO,CAACU,gBAAgB,CAAC,CAC3Da,kBAAkB,CAAC;IAClBC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,GAAG,EAAEjB,yBAAyB;IAC9BkB,GAAG,EAAEhB,cAAc;IACnB;AACN;AACA;IACM,IAAIC,SAAS,GAAG;MAAEgB,MAAM,EAAEtB,eAAe,CAACM,SAAS;IAAE,CAAC,GAAG,CAAC,CAAC;EAC7D,CAAC,CAAC,CACDiB,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAACjB,cAAc,CAAC,CACjCkB,IAAI,CAAC,CAAC;EAET,MAAMC,gBAAgB,GAAG7B,SAAS,CAACmB,kBAAkB,CAAC;EAEtD,OAAO;IACLW,GAAG,EAAEX,kBAAkB;IACvBT,cAAc,EAAEmB,gBAAgB,CAACd,OAAO,CAACgB,GAAG,IAAI;EAClD,CAAC;AACH,CAAC"}
1
+ {"version":3,"names":["SignJWT","thumbprint","decode","decodeJwt","WalletInstanceAttestation","IoWalletError","obfuscateString","getCredentialTrustmark","_ref","walletInstanceAttestation","wiaCryptoContext","credentialType","docNumber","expirationTime","holderBindingKey","getPublicKey","decodedWia","payload","exp","Date","now","wiaThumbprint","cnf","jwk","cryptoContextThumbprint","signedTrustmarkJwt","setProtectedHeader","alg","setPayload","iss","sub","subtyp","setIssuedAt","setExpirationTime","sign","decodedTrustmark","jwt"],"sourceRoot":"../../../../src","sources":["credential/trustmark/get-credential-trustmark.ts"],"mappings":"AAAA,SACEA,OAAO,EACPC,UAAU,EAEVC,MAAM,IAAIC,SAAS,QACd,6BAA6B;AACpC,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAC9E,SAASC,aAAa,QAAQ,oBAAoB;AAClD,SAASC,eAAe,QAAQ,oBAAoB;AAoCpD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAiD,GAAG,MAAAC,IAAA,IAM3D;EAAA,IANkE;IACtEC,yBAAyB;IACzBC,gBAAgB;IAChBC,cAAc;IACdC,SAAS;IACTC,cAAc,GAAG;EACnB,CAAC,GAAAL,IAAA;EACC;AACF;AACA;EACE,MAAMM,gBAAgB,GAAG,MAAMJ,gBAAgB,CAACK,YAAY,CAAC,CAAC;EAC9D,MAAMC,UAAU,GAAGZ,yBAAyB,CAACF,MAAM,CACjDO,yBACF,CAAC;;EAED;AACF;AACA;EACE,IAAIO,UAAU,CAACC,OAAO,CAACC,GAAG,GAAG,IAAI,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC,EAAE;IAC9C,MAAM,IAAIf,aAAa,CAAC,qCAAqC,CAAC;EAChE;;EAEA;AACF;AACA;EACE,MAAMgB,aAAa,GAAG,MAAMpB,UAAU,CAACe,UAAU,CAACC,OAAO,CAACK,GAAG,CAACC,GAAG,CAAC;EAClE,MAAMC,uBAAuB,GAAG,MAAMvB,UAAU,CAACa,gBAAgB,CAAC;EAElE,IAAIO,aAAa,KAAKG,uBAAuB,EAAE;IAC7C,MAAM,IAAInB,aAAa,CACpB,gFAA+EmB,uBAAwB,UAASH,aAAc,EACjI,CAAC;EACH;;EAEA;AACF;AACA;EACE,MAAMI,kBAAkB,GAAG,MAAM,IAAIzB,OAAO,CAACU,gBAAgB,CAAC,CAC3DgB,kBAAkB,CAAC;IAClBC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,GAAG,EAAEpB,yBAAyB;IAC9B;AACN;AACA;IACM,IAAIG,SAAS,GAAG;MAAEkB,GAAG,EAAExB,eAAe,CAACM,SAAS;IAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzDmB,MAAM,EAAEpB;EACV,CAAC,CAAC,CACDqB,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAACpB,cAAc,CAAC,CACjCqB,IAAI,CAAC,CAAC;EAET,MAAMC,gBAAgB,GAAGhC,SAAS,CAACsB,kBAAkB,CAAC;EAEtD,OAAO;IACLW,GAAG,EAAEX,kBAAkB;IACvBZ,cAAc,EAAEsB,gBAAgB,CAAClB,OAAO,CAACC,GAAG,IAAI;EAClD,CAAC;AACH,CAAC"}
package/lib/typescript/credential/trustmark/get-credential-trustmark.d.ts CHANGED
@@ -41,9 +41,11 @@ export type GetCredentialTrustmarkJwt = (params: {
41
41
  * @param credentialType The type of credential for which the trustmark is generated
42
42
  * @param docNumber (Optional) Document number contained in the credential, if applicable
43
43
  * @param expirationTime (Optional) Expiration time for the trustmark, default is 2 minutes.
44
- * If a number is provided, it is interpreted as a timestamp in seconds.
45
- * If a string is provided, it is interpreted as a time span and added to the current timestamp.
44
+ * If a number is provided, it is interpreted as a timestamp in seconds.
45
+ * If a string is provided, it is interpreted as a time span and added to the current timestamp.
46
+ * @throws {IoWalletError} If the WIA is expired
46
47
  * @throws {IoWalletError} If the public key associated to the WIA is not the same for the CryptoContext
48
+ * @throws {JWSSignatureVerificationFailed} If the WIA signature is not valid
47
49
  * @returns A promise containing the signed JWT and its expiration time in seconds
48
50
  */
49
51
  export declare const getCredentialTrustmark: GetCredentialTrustmarkJwt;
package/lib/typescript/credential/trustmark/get-credential-trustmark.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"get-credential-trustmark.d.ts","sourceRoot":"","sources":["../../../../src/credential/trustmark/get-credential-trustmark.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,aAAa,EAEnB,MAAM,6BAA6B,CAAC;AAKrC,MAAM,MAAM,yBAAyB,GAAG,CAAC,MAAM,EAAE;IAC/C;;OAEG;IACH,yBAAyB,EAAE,MAAM,CAAC;IAClC;;OAEG;IACH,gBAAgB,EAAE,aAAa,CAAC;IAChC;;OAEG;IACH,cAAc,EAAE,MAAM,CAAC;IACvB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;CAClC,KAAK,OAAO,CAAC;IACZ;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC,CAAC;AAEH;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,sBAAsB,EAAE,yBAoDpC,CAAC"}
1
+ {"version":3,"file":"get-credential-trustmark.d.ts","sourceRoot":"","sources":["../../../../src/credential/trustmark/get-credential-trustmark.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,aAAa,EAEnB,MAAM,6BAA6B,CAAC;AAKrC,MAAM,MAAM,yBAAyB,GAAG,CAAC,MAAM,EAAE;IAC/C;;OAEG;IACH,yBAAyB,EAAE,MAAM,CAAC;IAClC;;OAEG;IACH,gBAAgB,EAAE,aAAa,CAAC;IAChC;;OAEG;IACH,cAAc,EAAE,MAAM,CAAC;IACvB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;CAClC,KAAK,OAAO,CAAC;IACZ;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC,CAAC;AAEH;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,sBAAsB,EAAE,yBA2DpC,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pagopa/io-react-native-wallet",
3
- "version": "0.24.0",
3
+ "version": "0.24.1",
4
4
  "description": "Provide data structures, helpers and API for IO Wallet",
5
5
  "main": "lib/commonjs/index",
6
6
  "module": "lib/module/index",
package/src/credential/trustmark/get-credential-trustmark.ts CHANGED
@@ -51,9 +51,11 @@ export type GetCredentialTrustmarkJwt = (params: {
51
51
  * @param credentialType The type of credential for which the trustmark is generated
52
52
  * @param docNumber (Optional) Document number contained in the credential, if applicable
53
53
  * @param expirationTime (Optional) Expiration time for the trustmark, default is 2 minutes.
54
- * If a number is provided, it is interpreted as a timestamp in seconds.
55
- * If a string is provided, it is interpreted as a time span and added to the current timestamp.
54
+ * If a number is provided, it is interpreted as a timestamp in seconds.
55
+ * If a string is provided, it is interpreted as a time span and added to the current timestamp.
56
+ * @throws {IoWalletError} If the WIA is expired
56
57
  * @throws {IoWalletError} If the public key associated to the WIA is not the same for the CryptoContext
58
+ * @throws {JWSSignatureVerificationFailed} If the WIA signature is not valid
57
59
  * @returns A promise containing the signed JWT and its expiration time in seconds
58
60
  */
59
61
  export const getCredentialTrustmark: GetCredentialTrustmarkJwt = async ({
@@ -71,6 +73,13 @@ export const getCredentialTrustmark: GetCredentialTrustmarkJwt = async ({
71
73
  walletInstanceAttestation
72
74
  );
73
75
 
76
+ /**
77
+ * Check that the WIA is not expired
78
+ */
79
+ if (decodedWia.payload.exp * 1000 < Date.now()) {
80
+ throw new IoWalletError("Wallet Instance Attestation expired");
81
+ }
82
+
74
83
  /**
75
84
  * Verify holder binding by comparing thumbprints of the WIA and the CryptoContext key
76
85
  */
@@ -92,11 +101,11 @@ export const getCredentialTrustmark: GetCredentialTrustmarkJwt = async ({
92
101
  })
93
102
  .setPayload({
94
103
  iss: walletInstanceAttestation,
95
- sub: credentialType,
96
104
  /**
97
105
  * If present, the document number is obfuscated before adding it to the payload
98
106
  */
99
- ...(docNumber ? { subtyp: obfuscateString(docNumber) } : {}),
107
+ ...(docNumber ? { sub: obfuscateString(docNumber) } : {}),
108
+ subtyp: credentialType,
100
109
  })
101
110
  .setIssuedAt()
102
111
  .setExpirationTime(expirationTime)