@pagopa/io-react-native-wallet 0.24.0 → 0.24.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/lib/commonjs/credential/trustmark/get-credential-trustmark.js +14 -5
  2. package/lib/commonjs/credential/trustmark/get-credential-trustmark.js.map +1 -1
  3. package/lib/module/credential/trustmark/get-credential-trustmark.js +14 -5
  4. package/lib/module/credential/trustmark/get-credential-trustmark.js.map +1 -1
  5. package/lib/typescript/credential/trustmark/get-credential-trustmark.d.ts +4 -2
  6. package/lib/typescript/credential/trustmark/get-credential-trustmark.d.ts.map +1 -1
  7. package/package.json +1 -1
  8. package/src/credential/trustmark/get-credential-trustmark.ts +13 -4
package/lib/commonjs/credential/trustmark/get-credential-trustmark.js CHANGED
@@ -19,9 +19,11 @@ function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj &&
19
19
  * @param credentialType The type of credential for which the trustmark is generated
20
20
  * @param docNumber (Optional) Document number contained in the credential, if applicable
21
21
  * @param expirationTime (Optional) Expiration time for the trustmark, default is 2 minutes.
22
- * If a number is provided, it is interpreted as a timestamp in seconds.
23
- * If a string is provided, it is interpreted as a time span and added to the current timestamp.
22
+ * If a number is provided, it is interpreted as a timestamp in seconds.
23
+ * If a string is provided, it is interpreted as a time span and added to the current timestamp.
24
+ * @throws {IoWalletError} If the WIA is expired
24
25
  * @throws {IoWalletError} If the public key associated to the WIA is not the same for the CryptoContext
26
+ * @throws {JWSSignatureVerificationFailed} If the WIA signature is not valid
25
27
  * @returns A promise containing the signed JWT and its expiration time in seconds
26
28
  */
27
29
  const getCredentialTrustmark = async _ref => {
@@ -38,6 +40,13 @@ const getCredentialTrustmark = async _ref => {
38
40
  const holderBindingKey = await wiaCryptoContext.getPublicKey();
39
41
  const decodedWia = WalletInstanceAttestation.decode(walletInstanceAttestation);
40
42
 
43
+ /**
44
+ * Check that the WIA is not expired
45
+ */
46
+ if (decodedWia.payload.exp * 1000 < Date.now()) {
47
+ throw new _errors.IoWalletError("Wallet Instance Attestation expired");
48
+ }
49
+
41
50
  /**
42
51
  * Verify holder binding by comparing thumbprints of the WIA and the CryptoContext key
43
52
  */
@@ -54,13 +63,13 @@ const getCredentialTrustmark = async _ref => {
54
63
  alg: "ES256"
55
64
  }).setPayload({
56
65
  iss: walletInstanceAttestation,
57
- sub: credentialType,
58
66
  /**
59
67
  * If present, the document number is obfuscated before adding it to the payload
60
68
  */
61
69
  ...(docNumber ? {
62
- subtyp: (0, _string.obfuscateString)(docNumber)
63
- } : {})
70
+ sub: (0, _string.obfuscateString)(docNumber)
71
+ } : {}),
72
+ subtyp: credentialType
64
73
  }).setIssuedAt().setExpirationTime(expirationTime).sign();
65
74
  const decodedTrustmark = (0, _ioReactNativeJwt.decode)(signedTrustmarkJwt);
66
75
  return {
package/lib/commonjs/credential/trustmark/get-credential-trustmark.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_ioReactNativeJwt","require","WalletInstanceAttestation","_interopRequireWildcard","_errors","_string","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","getCredentialTrustmark","_ref","walletInstanceAttestation","wiaCryptoContext","credentialType","docNumber","expirationTime","holderBindingKey","getPublicKey","decodedWia","decode","wiaThumbprint","thumbprint","payload","cnf","jwk","cryptoContextThumbprint","IoWalletError","signedTrustmarkJwt","SignJWT","setProtectedHeader","alg","setPayload","iss","sub","subtyp","obfuscateString","setIssuedAt","setExpirationTime","sign","decodedTrustmark","decodeJwt","jwt","exp","exports"],"sourceRoot":"../../../../src","sources":["credential/trustmark/get-credential-trustmark.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAMA,IAAAC,yBAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAAqD,SAAAK,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAoCrD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMW,sBAAiD,GAAG,MAAAC,IAAA,IAM3D;EAAA,IANkE;IACtEC,yBAAyB;IACzBC,gBAAgB;IAChBC,cAAc;IACdC,SAAS;IACTC,cAAc,GAAG;EACnB,CAAC,GAAAL,IAAA;EACC;AACF;AACA;EACE,MAAMM,gBAAgB,GAAG,MAAMJ,gBAAgB,CAACK,YAAY,CAAC,CAAC;EAC9D,MAAMC,UAAU,GAAGnC,yBAAyB,CAACoC,MAAM,CACjDR,yBACF,CAAC;;EAED;AACF;AACA;EACE,MAAMS,aAAa,GAAG,MAAM,IAAAC,4BAAU,EAACH,UAAU,CAACI,OAAO,CAACC,GAAG,CAACC,GAAG,CAAC;EAClE,MAAMC,uBAAuB,GAAG,MAAM,IAAAJ,4BAAU,EAACL,gBAAgB,CAAC;EAElE,IAAII,aAAa,KAAKK,uBAAuB,EAAE;IAC7C,MAAM,IAAIC,qBAAa,CACpB,gFAA+ED,uBAAwB,UAASL,aAAc,EACjI,CAAC;EACH;;EAEA;AACF;AACA;EACE,MAAMO,kBAAkB,GAAG,MAAM,IAAIC,yBAAO,CAAChB,gBAAgB,CAAC,CAC3DiB,kBAAkB,CAAC;IAClBC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,GAAG,EAAErB,yBAAyB;IAC9BsB,GAAG,EAAEpB,cAAc;IACnB;AACN;AACA;IACM,IAAIC,SAAS,GAAG;MAAEoB,MAAM,EAAE,IAAAC,uBAAe,EAACrB,SAAS;IAAE,CAAC,GAAG,CAAC,CAAC;EAC7D,CAAC,CAAC,CACDsB,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAACtB,cAAc,CAAC,CACjCuB,IAAI,CAAC,CAAC;EAET,MAAMC,gBAAgB,GAAG,IAAAC,wBAAS,EAACb,kBAAkB,CAAC;EAEtD,OAAO;IACLc,GAAG,EAAEd,kBAAkB;IACvBZ,cAAc,EAAEwB,gBAAgB,CAACjB,OAAO,CAACoB,GAAG,IAAI;EAClD,CAAC;AACH,CAAC;AAACC,OAAA,CAAAlC,sBAAA,GAAAA,sBAAA"}
1
+ {"version":3,"names":["_ioReactNativeJwt","require","WalletInstanceAttestation","_interopRequireWildcard","_errors","_string","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","getCredentialTrustmark","_ref","walletInstanceAttestation","wiaCryptoContext","credentialType","docNumber","expirationTime","holderBindingKey","getPublicKey","decodedWia","decode","payload","exp","Date","now","IoWalletError","wiaThumbprint","thumbprint","cnf","jwk","cryptoContextThumbprint","signedTrustmarkJwt","SignJWT","setProtectedHeader","alg","setPayload","iss","sub","obfuscateString","subtyp","setIssuedAt","setExpirationTime","sign","decodedTrustmark","decodeJwt","jwt","exports"],"sourceRoot":"../../../../src","sources":["credential/trustmark/get-credential-trustmark.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAMA,IAAAC,yBAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,OAAA,GAAAH,OAAA;AACA,IAAAI,OAAA,GAAAJ,OAAA;AAAqD,SAAAK,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAJ,wBAAAQ,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAoCrD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMW,sBAAiD,GAAG,MAAAC,IAAA,IAM3D;EAAA,IANkE;IACtEC,yBAAyB;IACzBC,gBAAgB;IAChBC,cAAc;IACdC,SAAS;IACTC,cAAc,GAAG;EACnB,CAAC,GAAAL,IAAA;EACC;AACF;AACA;EACE,MAAMM,gBAAgB,GAAG,MAAMJ,gBAAgB,CAACK,YAAY,CAAC,CAAC;EAC9D,MAAMC,UAAU,GAAGnC,yBAAyB,CAACoC,MAAM,CACjDR,yBACF,CAAC;;EAED;AACF;AACA;EACE,IAAIO,UAAU,CAACE,OAAO,CAACC,GAAG,GAAG,IAAI,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC,EAAE;IAC9C,MAAM,IAAIC,qBAAa,CAAC,qCAAqC,CAAC;EAChE;;EAEA;AACF;AACA;EACE,MAAMC,aAAa,GAAG,MAAM,IAAAC,4BAAU,EAACR,UAAU,CAACE,OAAO,CAACO,GAAG,CAACC,GAAG,CAAC;EAClE,MAAMC,uBAAuB,GAAG,MAAM,IAAAH,4BAAU,EAACV,gBAAgB,CAAC;EAElE,IAAIS,aAAa,KAAKI,uBAAuB,EAAE;IAC7C,MAAM,IAAIL,qBAAa,CACpB,gFAA+EK,uBAAwB,UAASJ,aAAc,EACjI,CAAC;EACH;;EAEA;AACF;AACA;EACE,MAAMK,kBAAkB,GAAG,MAAM,IAAIC,yBAAO,CAACnB,gBAAgB,CAAC,CAC3DoB,kBAAkB,CAAC;IAClBC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,GAAG,EAAExB,yBAAyB;IAC9B;AACN;AACA;IACM,IAAIG,SAAS,GAAG;MAAEsB,GAAG,EAAE,IAAAC,uBAAe,EAACvB,SAAS;IAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzDwB,MAAM,EAAEzB;EACV,CAAC,CAAC,CACD0B,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAACzB,cAAc,CAAC,CACjC0B,IAAI,CAAC,CAAC;EAET,MAAMC,gBAAgB,GAAG,IAAAC,wBAAS,EAACb,kBAAkB,CAAC;EAEtD,OAAO;IACLc,GAAG,EAAEd,kBAAkB;IACvBf,cAAc,EAAE2B,gBAAgB,CAACtB,OAAO,CAACC,GAAG,IAAI;EAClD,CAAC;AACH,CAAC;AAACwB,OAAA,CAAApC,sBAAA,GAAAA,sBAAA"}
package/lib/module/credential/trustmark/get-credential-trustmark.js CHANGED
@@ -11,9 +11,11 @@ import { obfuscateString } from "../../utils/string";
11
11
  * @param credentialType The type of credential for which the trustmark is generated
12
12
  * @param docNumber (Optional) Document number contained in the credential, if applicable
13
13
  * @param expirationTime (Optional) Expiration time for the trustmark, default is 2 minutes.
14
- * If a number is provided, it is interpreted as a timestamp in seconds.
15
- * If a string is provided, it is interpreted as a time span and added to the current timestamp.
14
+ * If a number is provided, it is interpreted as a timestamp in seconds.
15
+ * If a string is provided, it is interpreted as a time span and added to the current timestamp.
16
+ * @throws {IoWalletError} If the WIA is expired
16
17
  * @throws {IoWalletError} If the public key associated to the WIA is not the same for the CryptoContext
18
+ * @throws {JWSSignatureVerificationFailed} If the WIA signature is not valid
17
19
  * @returns A promise containing the signed JWT and its expiration time in seconds
18
20
  */
19
21
  export const getCredentialTrustmark = async _ref => {
@@ -30,6 +32,13 @@ export const getCredentialTrustmark = async _ref => {
30
32
  const holderBindingKey = await wiaCryptoContext.getPublicKey();
31
33
  const decodedWia = WalletInstanceAttestation.decode(walletInstanceAttestation);
32
34
 
35
+ /**
36
+ * Check that the WIA is not expired
37
+ */
38
+ if (decodedWia.payload.exp * 1000 < Date.now()) {
39
+ throw new IoWalletError("Wallet Instance Attestation expired");
40
+ }
41
+
33
42
  /**
34
43
  * Verify holder binding by comparing thumbprints of the WIA and the CryptoContext key
35
44
  */
@@ -46,13 +55,13 @@ export const getCredentialTrustmark = async _ref => {
46
55
  alg: "ES256"
47
56
  }).setPayload({
48
57
  iss: walletInstanceAttestation,
49
- sub: credentialType,
50
58
  /**
51
59
  * If present, the document number is obfuscated before adding it to the payload
52
60
  */
53
61
  ...(docNumber ? {
54
- subtyp: obfuscateString(docNumber)
55
- } : {})
62
+ sub: obfuscateString(docNumber)
63
+ } : {}),
64
+ subtyp: credentialType
56
65
  }).setIssuedAt().setExpirationTime(expirationTime).sign();
57
66
  const decodedTrustmark = decodeJwt(signedTrustmarkJwt);
58
67
  return {
package/lib/module/credential/trustmark/get-credential-trustmark.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["SignJWT","thumbprint","decode","decodeJwt","WalletInstanceAttestation","IoWalletError","obfuscateString","getCredentialTrustmark","_ref","walletInstanceAttestation","wiaCryptoContext","credentialType","docNumber","expirationTime","holderBindingKey","getPublicKey","decodedWia","wiaThumbprint","payload","cnf","jwk","cryptoContextThumbprint","signedTrustmarkJwt","setProtectedHeader","alg","setPayload","iss","sub","subtyp","setIssuedAt","setExpirationTime","sign","decodedTrustmark","jwt","exp"],"sourceRoot":"../../../../src","sources":["credential/trustmark/get-credential-trustmark.ts"],"mappings":"AAAA,SACEA,OAAO,EACPC,UAAU,EAEVC,MAAM,IAAIC,SAAS,QACd,6BAA6B;AACpC,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAC9E,SAASC,aAAa,QAAQ,oBAAoB;AAClD,SAASC,eAAe,QAAQ,oBAAoB;AAoCpD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAiD,GAAG,MAAAC,IAAA,IAM3D;EAAA,IANkE;IACtEC,yBAAyB;IACzBC,gBAAgB;IAChBC,cAAc;IACdC,SAAS;IACTC,cAAc,GAAG;EACnB,CAAC,GAAAL,IAAA;EACC;AACF;AACA;EACE,MAAMM,gBAAgB,GAAG,MAAMJ,gBAAgB,CAACK,YAAY,CAAC,CAAC;EAC9D,MAAMC,UAAU,GAAGZ,yBAAyB,CAACF,MAAM,CACjDO,yBACF,CAAC;;EAED;AACF;AACA;EACE,MAAMQ,aAAa,GAAG,MAAMhB,UAAU,CAACe,UAAU,CAACE,OAAO,CAACC,GAAG,CAACC,GAAG,CAAC;EAClE,MAAMC,uBAAuB,GAAG,MAAMpB,UAAU,CAACa,gBAAgB,CAAC;EAElE,IAAIG,aAAa,KAAKI,uBAAuB,EAAE;IAC7C,MAAM,IAAIhB,aAAa,CACpB,gFAA+EgB,uBAAwB,UAASJ,aAAc,EACjI,CAAC;EACH;;EAEA;AACF;AACA;EACE,MAAMK,kBAAkB,GAAG,MAAM,IAAItB,OAAO,CAACU,gBAAgB,CAAC,CAC3Da,kBAAkB,CAAC;IAClBC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,GAAG,EAAEjB,yBAAyB;IAC9BkB,GAAG,EAAEhB,cAAc;IACnB;AACN;AACA;IACM,IAAIC,SAAS,GAAG;MAAEgB,MAAM,EAAEtB,eAAe,CAACM,SAAS;IAAE,CAAC,GAAG,CAAC,CAAC;EAC7D,CAAC,CAAC,CACDiB,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAACjB,cAAc,CAAC,CACjCkB,IAAI,CAAC,CAAC;EAET,MAAMC,gBAAgB,GAAG7B,SAAS,CAACmB,kBAAkB,CAAC;EAEtD,OAAO;IACLW,GAAG,EAAEX,kBAAkB;IACvBT,cAAc,EAAEmB,gBAAgB,CAACd,OAAO,CAACgB,GAAG,IAAI;EAClD,CAAC;AACH,CAAC"}
1
+ {"version":3,"names":["SignJWT","thumbprint","decode","decodeJwt","WalletInstanceAttestation","IoWalletError","obfuscateString","getCredentialTrustmark","_ref","walletInstanceAttestation","wiaCryptoContext","credentialType","docNumber","expirationTime","holderBindingKey","getPublicKey","decodedWia","payload","exp","Date","now","wiaThumbprint","cnf","jwk","cryptoContextThumbprint","signedTrustmarkJwt","setProtectedHeader","alg","setPayload","iss","sub","subtyp","setIssuedAt","setExpirationTime","sign","decodedTrustmark","jwt"],"sourceRoot":"../../../../src","sources":["credential/trustmark/get-credential-trustmark.ts"],"mappings":"AAAA,SACEA,OAAO,EACPC,UAAU,EAEVC,MAAM,IAAIC,SAAS,QACd,6BAA6B;AACpC,OAAO,KAAKC,yBAAyB,MAAM,mCAAmC;AAC9E,SAASC,aAAa,QAAQ,oBAAoB;AAClD,SAASC,eAAe,QAAQ,oBAAoB;AAoCpD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,sBAAiD,GAAG,MAAAC,IAAA,IAM3D;EAAA,IANkE;IACtEC,yBAAyB;IACzBC,gBAAgB;IAChBC,cAAc;IACdC,SAAS;IACTC,cAAc,GAAG;EACnB,CAAC,GAAAL,IAAA;EACC;AACF;AACA;EACE,MAAMM,gBAAgB,GAAG,MAAMJ,gBAAgB,CAACK,YAAY,CAAC,CAAC;EAC9D,MAAMC,UAAU,GAAGZ,yBAAyB,CAACF,MAAM,CACjDO,yBACF,CAAC;;EAED;AACF;AACA;EACE,IAAIO,UAAU,CAACC,OAAO,CAACC,GAAG,GAAG,IAAI,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC,EAAE;IAC9C,MAAM,IAAIf,aAAa,CAAC,qCAAqC,CAAC;EAChE;;EAEA;AACF;AACA;EACE,MAAMgB,aAAa,GAAG,MAAMpB,UAAU,CAACe,UAAU,CAACC,OAAO,CAACK,GAAG,CAACC,GAAG,CAAC;EAClE,MAAMC,uBAAuB,GAAG,MAAMvB,UAAU,CAACa,gBAAgB,CAAC;EAElE,IAAIO,aAAa,KAAKG,uBAAuB,EAAE;IAC7C,MAAM,IAAInB,aAAa,CACpB,gFAA+EmB,uBAAwB,UAASH,aAAc,EACjI,CAAC;EACH;;EAEA;AACF;AACA;EACE,MAAMI,kBAAkB,GAAG,MAAM,IAAIzB,OAAO,CAACU,gBAAgB,CAAC,CAC3DgB,kBAAkB,CAAC;IAClBC,GAAG,EAAE;EACP,CAAC,CAAC,CACDC,UAAU,CAAC;IACVC,GAAG,EAAEpB,yBAAyB;IAC9B;AACN;AACA;IACM,IAAIG,SAAS,GAAG;MAAEkB,GAAG,EAAExB,eAAe,CAACM,SAAS;IAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzDmB,MAAM,EAAEpB;EACV,CAAC,CAAC,CACDqB,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAACpB,cAAc,CAAC,CACjCqB,IAAI,CAAC,CAAC;EAET,MAAMC,gBAAgB,GAAGhC,SAAS,CAACsB,kBAAkB,CAAC;EAEtD,OAAO;IACLW,GAAG,EAAEX,kBAAkB;IACvBZ,cAAc,EAAEsB,gBAAgB,CAAClB,OAAO,CAACC,GAAG,IAAI;EAClD,CAAC;AACH,CAAC"}
package/lib/typescript/credential/trustmark/get-credential-trustmark.d.ts CHANGED
@@ -41,9 +41,11 @@ export type GetCredentialTrustmarkJwt = (params: {
41
41
  * @param credentialType The type of credential for which the trustmark is generated
42
42
  * @param docNumber (Optional) Document number contained in the credential, if applicable
43
43
  * @param expirationTime (Optional) Expiration time for the trustmark, default is 2 minutes.
44
- * If a number is provided, it is interpreted as a timestamp in seconds.
45
- * If a string is provided, it is interpreted as a time span and added to the current timestamp.
44
+ * If a number is provided, it is interpreted as a timestamp in seconds.
45
+ * If a string is provided, it is interpreted as a time span and added to the current timestamp.
46
+ * @throws {IoWalletError} If the WIA is expired
46
47
  * @throws {IoWalletError} If the public key associated to the WIA is not the same for the CryptoContext
48
+ * @throws {JWSSignatureVerificationFailed} If the WIA signature is not valid
47
49
  * @returns A promise containing the signed JWT and its expiration time in seconds
48
50
  */
49
51
  export declare const getCredentialTrustmark: GetCredentialTrustmarkJwt;
package/lib/typescript/credential/trustmark/get-credential-trustmark.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"get-credential-trustmark.d.ts","sourceRoot":"","sources":["../../../../src/credential/trustmark/get-credential-trustmark.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,aAAa,EAEnB,MAAM,6BAA6B,CAAC;AAKrC,MAAM,MAAM,yBAAyB,GAAG,CAAC,MAAM,EAAE;IAC/C;;OAEG;IACH,yBAAyB,EAAE,MAAM,CAAC;IAClC;;OAEG;IACH,gBAAgB,EAAE,aAAa,CAAC;IAChC;;OAEG;IACH,cAAc,EAAE,MAAM,CAAC;IACvB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;CAClC,KAAK,OAAO,CAAC;IACZ;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC,CAAC;AAEH;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,sBAAsB,EAAE,yBAoDpC,CAAC"}
1
+ {"version":3,"file":"get-credential-trustmark.d.ts","sourceRoot":"","sources":["../../../../src/credential/trustmark/get-credential-trustmark.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,aAAa,EAEnB,MAAM,6BAA6B,CAAC;AAKrC,MAAM,MAAM,yBAAyB,GAAG,CAAC,MAAM,EAAE;IAC/C;;OAEG;IACH,yBAAyB,EAAE,MAAM,CAAC;IAClC;;OAEG;IACH,gBAAgB,EAAE,aAAa,CAAC;IAChC;;OAEG;IACH,cAAc,EAAE,MAAM,CAAC;IACvB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;CAClC,KAAK,OAAO,CAAC;IACZ;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ;;OAEG;IACH,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC,CAAC;AAEH;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,sBAAsB,EAAE,yBA2DpC,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pagopa/io-react-native-wallet",
3
- "version": "0.24.0",
3
+ "version": "0.24.1",
4
4
  "description": "Provide data structures, helpers and API for IO Wallet",
5
5
  "main": "lib/commonjs/index",
6
6
  "module": "lib/module/index",
package/src/credential/trustmark/get-credential-trustmark.ts CHANGED
@@ -51,9 +51,11 @@ export type GetCredentialTrustmarkJwt = (params: {
51
51
  * @param credentialType The type of credential for which the trustmark is generated
52
52
  * @param docNumber (Optional) Document number contained in the credential, if applicable
53
53
  * @param expirationTime (Optional) Expiration time for the trustmark, default is 2 minutes.
54
- * If a number is provided, it is interpreted as a timestamp in seconds.
55
- * If a string is provided, it is interpreted as a time span and added to the current timestamp.
54
+ * If a number is provided, it is interpreted as a timestamp in seconds.
55
+ * If a string is provided, it is interpreted as a time span and added to the current timestamp.
56
+ * @throws {IoWalletError} If the WIA is expired
56
57
  * @throws {IoWalletError} If the public key associated to the WIA is not the same for the CryptoContext
58
+ * @throws {JWSSignatureVerificationFailed} If the WIA signature is not valid
57
59
  * @returns A promise containing the signed JWT and its expiration time in seconds
58
60
  */
59
61
  export const getCredentialTrustmark: GetCredentialTrustmarkJwt = async ({
@@ -71,6 +73,13 @@ export const getCredentialTrustmark: GetCredentialTrustmarkJwt = async ({
71
73
  walletInstanceAttestation
72
74
  );
73
75
 
76
+ /**
77
+ * Check that the WIA is not expired
78
+ */
79
+ if (decodedWia.payload.exp * 1000 < Date.now()) {
80
+ throw new IoWalletError("Wallet Instance Attestation expired");
81
+ }
82
+
74
83
  /**
75
84
  * Verify holder binding by comparing thumbprints of the WIA and the CryptoContext key
76
85
  */
@@ -92,11 +101,11 @@ export const getCredentialTrustmark: GetCredentialTrustmarkJwt = async ({
92
101
  })
93
102
  .setPayload({
94
103
  iss: walletInstanceAttestation,
95
- sub: credentialType,
96
104
  /**
97
105
  * If present, the document number is obfuscated before adding it to the payload
98
106
  */
99
- ...(docNumber ? { subtyp: obfuscateString(docNumber) } : {}),
107
+ ...(docNumber ? { sub: obfuscateString(docNumber) } : {}),
108
+ subtyp: credentialType,
100
109
  })
101
110
  .setIssuedAt()
102
111
  .setExpirationTime(expirationTime)