@pagopa/io-react-native-wallet 0.24.0 → 0.25.0

package/src/credential/status/types.ts

@@ -41,18 +41,3 @@ export const ParsedStatusAttestation = z.object({
     iat: UnixTime,
   }),
 });
-
-/**
- * Shape from parsing a status attestation response in case of error.
- */
-export const InvalidStatusAttestationResponse = z.object({
-  error: z.string(),
-});
-
-/**
- * Type from parsing a status attestation response in case of error.
- * Inferred from {@link InvalidStatusAttestationResponse}.
- */
-export type InvalidStatusAttestationResponse = z.infer<
-  typeof InvalidStatusAttestationResponse
->;

package/src/credential/trustmark/get-credential-trustmark.ts

@@ -51,9 +51,11 @@ export type GetCredentialTrustmarkJwt = (params: {
  * @param credentialType The type of credential for which the trustmark is generated
  * @param docNumber (Optional) Document number contained in the credential, if applicable
  * @param expirationTime (Optional) Expiration time for the trustmark, default is 2 minutes.
- * If a number is provided, it is interpreted as a timestamp in seconds.
- * If a string is provided, it is interpreted as a time span and added to the current timestamp.
+ *                        If a number is provided, it is interpreted as a timestamp in seconds.
+ *                        If a string is provided, it is interpreted as a time span and added to the current timestamp.
+ * @throws {IoWalletError} If the WIA is expired
  * @throws {IoWalletError} If the public key associated to the WIA is not the same for the CryptoContext
+ * @throws {JWSSignatureVerificationFailed} If the WIA signature is not valid
  * @returns A promise containing the signed JWT and its expiration time in seconds
  */
 export const getCredentialTrustmark: GetCredentialTrustmarkJwt = async ({
@@ -71,6 +73,13 @@ export const getCredentialTrustmark: GetCredentialTrustmarkJwt = async ({
     walletInstanceAttestation
   );
 
+  /**
+   * Check that the WIA is not expired
+   */
+  if (decodedWia.payload.exp * 1000 < Date.now()) {
+    throw new IoWalletError("Wallet Instance Attestation expired");
+  }
+
   /**
    * Verify holder binding by comparing thumbprints of the WIA and the CryptoContext key
    */
@@ -92,11 +101,11 @@ export const getCredentialTrustmark: GetCredentialTrustmarkJwt = async ({
     })
     .setPayload({
       iss: walletInstanceAttestation,
-      sub: credentialType,
       /**
        * If present, the document number is obfuscated before adding it to the payload
        */
-      ...(docNumber ? { subtyp: obfuscateString(docNumber) } : {}),
+      ...(docNumber ? { sub: obfuscateString(docNumber) } : {}),
+      subtyp: credentialType,
     })
     .setIssuedAt()
     .setExpirationTime(expirationTime)

package/src/sd-jwt/errors.ts

@@ -0,0 +1,39 @@
+/**
+ * When claims are requested but not found in the credential
+ *
+ */
+export class ClaimsNotFoundBetweenDisclosures extends Error {
+  code = "ERR_CLAIMS_NOT_FOUND";
+
+  /** The Claims not found */
+  claims: string[];
+
+  constructor(claims: string | string[]) {
+    const c = Array.isArray(claims) ? claims : [claims];
+    const message = `Some requested claims are not present in the disclosurable values, claims: ${c.join(
+      ", "
+    )}`;
+    super(message);
+    this.claims = c;
+  }
+}
+
+/**
+ * When the SD-JWT does not contain an hashed reference to a given set of claims
+ */
+export class ClaimsNotFoundInToken extends Error {
+  code = "ERR_CLAIMS_NOT_FOUND_IN_TOKEN";
+
+  /** The Claims not found */
+  claims: string[];
+
+  constructor(claims: string | string[]) {
+    const claimsArray = Array.isArray(claims) ? claims : [claims];
+    super(
+      `Some requested claims are not present in the disclosurable values: ${claimsArray.join(
+        ", "
+      )}`
+    );
+    this.claims = claimsArray;
+  }
+}

package/src/sd-jwt/index.ts

@@ -6,10 +6,7 @@ import { sha256ToBase64 } from "@pagopa/io-react-native-jwt";
 import { Disclosure, SdJwt4VC, type DisclosureWithEncoded } from "./types";
 import { verifyDisclosure } from "./verifier";
 import type { JWK } from "../utils/jwk";
-import {
-  ClaimsNotFoundBetweenDislosures,
-  ClaimsNotFoundInToken,
-} from "../utils/errors";
+import * as Errors from "./errors";
 import { Base64 } from "js-base64";
 
 const decodeDisclosure = (encoded: string): DisclosureWithEncoded => {
@@ -73,7 +70,7 @@ export const decode = <S extends z.ZodType<SdJwt4VC>>(
  * @param token The encoded token that represents a valid sd-jwt for verifiable credentials
  * @param claims The list of claims to be disclosed
  *
- * @throws {ClaimsNotFoundBetweenDislosures} When one or more claims does not relate to any discloure.
+ * @throws {ClaimsNotFoundBetweenDisclosures} When one or more claims does not relate to any discloure.
  * @throws {ClaimsNotFoundInToken} When one or more claims are not contained in the SD-JWT token.
  * @returns The encoded token with only the requested disclosures, along with the path each claim can be found on the SD-JWT token
  *
@@ -94,7 +91,7 @@ export const disclose = async (
 
       // check every claim represents a known disclosure
       if (!disclosure) {
-        throw new ClaimsNotFoundBetweenDislosures(claim);
+        throw new Errors.ClaimsNotFoundBetweenDisclosures(claim);
       }
 
       const hash = await sha256ToBase64(disclosure.encoded);
@@ -106,7 +103,7 @@ export const disclose = async (
         return { claim, path: `verified_claims.claims._sd[${index}]` };
       }
 
-      throw new ClaimsNotFoundInToken(claim);
+      throw new Errors.ClaimsNotFoundInToken(claim);
     })
   );
 
@@ -166,4 +163,4 @@ export const verify = async <S extends z.ZodType<SdJwt4VC>>(
   };
 };
 
-export { SdJwt4VC };
+export { SdJwt4VC, Errors };

package/src/sd-jwt/verifier.ts

@@ -9,10 +9,10 @@ export const verifyDisclosure = async (
 ) => {
   let hash = await sha256ToBase64(encoded);
   if (!claims.includes(hash)) {
-    throw new ValidationFailed(
-      "Validation of disclosure failed",
-      `${decoded}`,
-      "Disclosure hash not found in claims"
-    );
+    throw new ValidationFailed({
+      message: "Validation of disclosure failed",
+      claim: `${decoded}`,
+      reason: "Disclosure hash not found in claims",
+    });
   }
 };

package/src/trust/index.ts

@@ -8,7 +8,7 @@ import {
   EntityStatement,
 } from "./types";
 import { validateTrustChain, renewTrustChain } from "./chain";
-import { hasStatus } from "../utils/misc";
+import { hasStatusOrThrow } from "../utils/misc";
 
 export type {
   WalletProviderEntityConfiguration,
@@ -70,7 +70,7 @@ export async function getSignedEntityConfiguration(
   return await appFetch(wellKnownUrl, {
     method: "GET",
   })
-    .then(hasStatus(200))
+    .then(hasStatusOrThrow(200))
     .then((res) => res.text());
 }
 
@@ -256,6 +256,6 @@ export async function getSignedEntityStatement(
   return await appFetch(url, {
     method: "GET",
   })
-    .then(hasStatus(200))
+    .then(hasStatusOrThrow(200))
     .then((res) => res.text());
 }

package/src/utils/decoder.ts

@@ -47,7 +47,7 @@ export const getJwtFromFormPost = async (
     }
   }
 
-  throw new ValidationFailed(
-    `Unable to obtain JWT from form_post.jwt. Form data: ${formData}`
-  );
+  throw new ValidationFailed({
+    message: `Unable to obtain JWT from form_post.jwt. Form data: ${formData}`,
+  });
 };

package/src/utils/error-codes.ts

@@ -0,0 +1,50 @@
+export const IssuerResponseErrorCodes = {
+  IssuerGenericError: "ERR_ISSUER_GENERIC_ERROR",
+  /**
+   * Error code thrown when a credential cannot be issued immediately because it follows the async flow.
+   */
+  CredentialIssuingNotSynchronous: "ERR_CREDENTIAL_ISSUING_NOT_SYNCHRONOUS",
+  /**
+   * Error code thrown when an error occurs while requesting a credential.
+   */
+  CredentialRequestFailed: "ERR_CREDENTIAL_REQUEST_FAILED",
+  /**
+   * Error code thrown when a credential status is invalid, either during issuance or when requesting a status attestation.
+   */
+  CredentialInvalidStatus: "ERR_CREDENTIAL_INVALID_STATUS",
+  /**
+   * Error code thrown when an error occurs while obtaining a status attestation for a credential.
+   */
+  StatusAttestationRequestFailed: "ERR_STATUS_ATTESTATION_REQUEST_FAILED",
+} as const;
+
+export const WalletProviderResponseErrorCodes = {
+  WalletProviderGenericError: "ERR_IO_WALLET_PROVIDER_GENERIC_ERROR",
+  /**
+   * An error code thrown when an error occurs during the wallet instance creation process.
+   */
+  WalletInstanceCreationFailed: "ERR_IO_WALLET_INSTANCE_CREATION_FAILED",
+  /**
+   * An error code thrown when validation fail
+   */
+  WalletInstanceAttestationIssuingFailed:
+    "ERR_IO_WALLET_INSTANCE_ATTESTATION_ISSUING_FAILED",
+  /**
+   * An error code thrown when the requester does not pass the integrity checks when interacting with the Wallet Provider.
+   */
+  WalletInstanceIntegrityFailed: "ERR_IO_WALLET_INSTANCE_INTEGRITY_FAILED",
+  /**
+   * An error code thrown when obtaining a wallet instance attestation but the wallet instance is revoked.
+   */
+  WalletInstanceRevoked: "ERR_IO_WALLET_INSTANCE_REVOKED",
+  /**
+   * An error code thrown when obtaining a wallet instance attestation but the wallet instance is not found.
+   */
+  WalletInstanceNotFound: "ERR_IO_WALLET_INSTANCE_NOT_FOUND",
+} as const;
+
+export type IssuerResponseErrorCode =
+  (typeof IssuerResponseErrorCodes)[keyof typeof IssuerResponseErrorCodes];
+
+export type WalletProviderResponseErrorCode =
+  (typeof WalletProviderResponseErrorCodes)[keyof typeof WalletProviderResponseErrorCodes];