Merge pull request #62 from niscy-eudiw/feature/access-token-updates

Feature/access token updates

Gemfile.lock

@@ -1,29 +1,32 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    CFPropertyList (3.0.6)
+    CFPropertyList (3.0.7)
+      base64
+      nkf
       rexml
-    addressable (2.8.5)
-      public_suffix (>= 2.0.2, < 6.0)
-    artifactory (3.0.15)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
+    artifactory (3.0.17)
     atomos (0.1.3)
-    aws-eventstream (1.2.0)
-    aws-partitions (1.835.0)
-    aws-sdk-core (3.185.1)
-      aws-eventstream (~> 1, >= 1.0.2)
+    aws-eventstream (1.3.0)
+    aws-partitions (1.953.0)
+    aws-sdk-core (3.201.1)
+      aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
-      aws-sigv4 (~> 1.5)
+      aws-sigv4 (~> 1.8)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.72.0)
-      aws-sdk-core (~> 3, >= 3.184.0)
-      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.136.0)
-      aws-sdk-core (~> 3, >= 3.181.0)
+    aws-sdk-kms (1.88.0)
+      aws-sdk-core (~> 3, >= 3.201.0)
+      aws-sigv4 (~> 1.5)
+    aws-sdk-s3 (1.156.0)
+      aws-sdk-core (~> 3, >= 3.201.0)
       aws-sdk-kms (~> 1)
-      aws-sigv4 (~> 1.6)
-    aws-sigv4 (1.6.0)
+      aws-sigv4 (~> 1.5)
+    aws-sigv4 (1.8.0)
       aws-eventstream (~> 1, >= 1.0.2)
     babosa (1.0.4)
+    base64 (0.2.0)
     claide (1.1.0)
     colored (1.2)
     colored2 (3.1.2)
@@ -32,11 +35,10 @@ GEM
     declarative (0.0.20)
     digest-crc (0.6.5)
       rake (>= 12.0.0, < 14.0.0)
-    domain_name (0.5.20190701)
-      unf (>= 0.0.5, < 1.0.0)
+    domain_name (0.6.20240107)
     dotenv (2.8.1)
     emoji_regex (3.2.3)
-    excon (0.104.0)
+    excon (0.111.0)
     faraday (1.10.3)
       faraday-em_http (~> 1.0)
       faraday-em_synchrony (~> 1.0)
@@ -65,15 +67,15 @@ GEM
     faraday-retry (1.0.3)
     faraday_middleware (1.2.0)
       faraday (~> 1.0)
-    fastimage (2.2.7)
-    fastlane (2.216.0)
+    fastimage (2.3.1)
+    fastlane (2.221.1)
       CFPropertyList (>= 2.3, < 4.0.0)
       addressable (>= 2.8, < 3.0.0)
       artifactory (~> 3.0)
       aws-sdk-s3 (~> 1.0)
       babosa (>= 1.0.3, < 2.0.0)
       bundler (>= 1.12.0, < 3.0.0)
-      colored
+      colored (~> 1.2)
       commander (~> 4.6)
       dotenv (>= 2.1.1, < 3.0.0)
       emoji_regex (>= 0.1, < 4.0)
@@ -85,6 +87,7 @@ GEM
       gh_inspector (>= 1.1.2, < 2.0.0)
       google-apis-androidpublisher_v3 (~> 0.3)
       google-apis-playcustomapp_v1 (~> 0.1)
+      google-cloud-env (>= 1.6.0, < 2.0.0)
       google-cloud-storage (~> 1.31)
       highline (~> 2.0)
       http-cookie (~> 1.0.5)
@@ -93,10 +96,10 @@ GEM
       mini_magick (>= 4.9.4, < 5.0.0)
       multipart-post (>= 2.0.0, < 3.0.0)
       naturally (~> 2.2)
-      optparse (~> 0.1.1)
+      optparse (>= 0.1.1, < 1.0.0)
       plist (>= 3.1.0, < 4.0.0)
       rubyzip (>= 2.0.0, < 3.0.0)
-      security (= 0.1.3)
+      security (= 0.1.5)
       simctl (~> 1.6.3)
       terminal-notifier (>= 2.0.0, < 3.0.0)
       terminal-table (~> 3)
@@ -105,36 +108,35 @@ GEM
       word_wrap (~> 1.0.0)
       xcodeproj (>= 1.13.0, < 2.0.0)
       xcpretty (~> 0.3.0)
-      xcpretty-travis-formatter (>= 0.0.3)
+      xcpretty-travis-formatter (>= 0.0.3, < 2.0.0)
     gh_inspector (1.1.3)
-    google-apis-androidpublisher_v3 (0.51.0)
+    google-apis-androidpublisher_v3 (0.54.0)
       google-apis-core (>= 0.11.0, < 2.a)
-    google-apis-core (0.11.1)
+    google-apis-core (0.11.3)
       addressable (~> 2.5, >= 2.5.1)
       googleauth (>= 0.16.2, < 2.a)
       httpclient (>= 2.8.1, < 3.a)
       mini_mime (~> 1.0)
       representable (~> 3.0)
       retriable (>= 2.0, < 4.a)
       rexml
-      webrick
     google-apis-iamcredentials_v1 (0.17.0)
       google-apis-core (>= 0.11.0, < 2.a)
     google-apis-playcustomapp_v1 (0.13.0)
       google-apis-core (>= 0.11.0, < 2.a)
-    google-apis-storage_v1 (0.19.0)
-      google-apis-core (>= 0.9.0, < 2.a)
-    google-cloud-core (1.6.0)
-      google-cloud-env (~> 1.0)
+    google-apis-storage_v1 (0.31.0)
+      google-apis-core (>= 0.11.0, < 2.a)
+    google-cloud-core (1.7.0)
+      google-cloud-env (>= 1.0, < 3.a)
       google-cloud-errors (~> 1.0)
     google-cloud-env (1.6.0)
       faraday (>= 0.17.3, < 3.0)
-    google-cloud-errors (1.3.1)
-    google-cloud-storage (1.44.0)
+    google-cloud-errors (1.4.0)
+    google-cloud-storage (1.47.0)
       addressable (~> 2.8)
       digest-crc (~> 0.4)
       google-apis-iamcredentials_v1 (~> 0.1)
-      google-apis-storage_v1 (~> 0.19.0)
+      google-apis-storage_v1 (~> 0.31.0)
       google-cloud-core (~> 1.6)
       googleauth (>= 0.16.2, < 2.a)
       mini_mime (~> 1.0)
@@ -145,57 +147,57 @@ GEM
       os (>= 0.9, < 2.0)
       signet (>= 0.16, < 2.a)
     highline (2.0.3)
-    http-cookie (1.0.5)
+    http-cookie (1.0.6)
       domain_name (~> 0.5)
     httpclient (2.8.3)
     jmespath (1.6.2)
-    json (2.6.3)
-    jwt (2.7.1)
-    mini_magick (4.12.0)
+    json (2.7.2)
+    jwt (2.8.2)
+      base64
+    mini_magick (4.13.2)
     mini_mime (1.1.5)
     multi_json (1.15.0)
-    multipart-post (2.3.0)
+    multipart-post (2.4.1)
     nanaimo (0.3.0)
     naturally (2.2.1)
-    optparse (0.1.1)
+    nkf (0.2.0)
+    optparse (0.5.0)
     os (1.1.4)
-    plist (3.7.0)
-    public_suffix (5.0.3)
-    rake (13.0.6)
+    plist (3.7.1)
+    public_suffix (6.0.0)
+    rake (13.2.1)
     representable (3.2.0)
       declarative (< 0.1.0)
       trailblazer-option (>= 0.1.1, < 0.2.0)
       uber (< 0.2.0)
     retriable (3.1.2)
-    rexml (3.2.6)
+    rexml (3.2.9)
+      strscan
     rouge (2.0.7)
     ruby2_keywords (0.0.5)
     rubyzip (2.3.2)
-    security (0.1.3)
-    signet (0.18.0)
+    security (0.1.5)
+    signet (0.19.0)
       addressable (~> 2.8)
       faraday (>= 0.17.5, < 3.a)
       jwt (>= 1.5, < 3.0)
       multi_json (~> 1.10)
     simctl (1.6.10)
       CFPropertyList
       naturally
+    strscan (3.1.0)
     terminal-notifier (2.0.0)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
     trailblazer-option (0.1.2)
     tty-cursor (0.7.1)
-    tty-screen (0.8.1)
+    tty-screen (0.8.2)
     tty-spinner (0.9.3)
       tty-cursor (~> 0.7)
     uber (0.1.0)
-    unf (0.1.4)
-      unf_ext
-    unf_ext (0.0.8.2)
     unicode-display_width (2.5.0)
-    webrick (1.8.1)
     word_wrap (1.0.0)
-    xcodeproj (1.23.0)
+    xcodeproj (1.24.0)
       CFPropertyList (>= 2.3.3, < 4.0)
       atomos (~> 0.1.3)
       claide (>= 1.0.2, < 2.0)
@@ -215,4 +217,4 @@ DEPENDENCIES
   fastlane
 
 BUNDLED WITH
-   2.4.19
+   2.5.14

Sources/Entities/CredentialIssuer/CredentialIssuerId.swift

@@ -25,7 +25,8 @@ public struct CredentialIssuerId: Codable, Equatable {
     }
 
     guard
-      let validURL = URL(string: string)
+      let validURL = URL(string: string),
+      validURL.fragment == nil
     else {
       throw CredentialError.genericError
     }

Sources/Entities/Issuance/AuthorizedRequest.swift

@@ -15,33 +15,81 @@
  */
 import Foundation
 
+public protocol CanExpire {
+  var expiresIn: TimeInterval? { get }
+  func isExpired(issued: TimeInterval, at: TimeInterval) -> Bool
+}
+
+public extension CanExpire {
+  func isExpired(issued: TimeInterval, at: TimeInterval) -> Bool {
+    if issued >= at {
+      return true
+    }
+
+    guard let expiresIn = expiresIn else {
+      return false
+    }
+
+    let expiration = issued + expiresIn
+    return expiration <= at
+  }
+}
+
 public enum AuthorizedRequest {
   case noProofRequired(
     accessToken: IssuanceAccessToken,
     refreshToken: IssuanceRefreshToken?,
-    credentialIdentifiers: AuthorizationDetailsIdentifiers?
-    )
+    credentialIdentifiers: AuthorizationDetailsIdentifiers?,
+    timeStamp: TimeInterval
+  )
   case proofRequired(
     accessToken: IssuanceAccessToken,
     refreshToken: IssuanceRefreshToken?,
     cNonce: CNonce,
-    credentialIdentifiers: AuthorizationDetailsIdentifiers?
+    credentialIdentifiers: AuthorizationDetailsIdentifiers?,
+    timeStamp: TimeInterval
   )
-
+
+  public func isAccessTokenExpired(clock: TimeInterval) -> Bool {
+    guard let timeStamp = self.timeStamp else {
+      return true
+    }
+    return accessToken?.isExpired(issued: timeStamp, at: clock) ?? false
+  }
+
+  public func isRefreshTokenExpired(clock: TimeInterval) -> Bool {
+    guard let timeStamp = self.timeStamp else {
+      return true
+    }
+    return accessToken?.isExpired(
+      issued: timeStamp,
+      at: clock
+      ) ?? false
+  }
+
+  public var timeStamp: TimeInterval? {
+    switch self {
+    case .noProofRequired(_, _, _, let timeStamp):
+      return timeStamp
+    case .proofRequired(_, _, _, _, let timeStamp):
+      return timeStamp
+    }
+  }
+
   public var noProofToken: IssuanceAccessToken? {
     switch self {
-    case .noProofRequired(let accessToken, _, _):
+    case .noProofRequired(let accessToken, _, _, _):
       return accessToken
     case .proofRequired:
       return nil
     }
   }
-
+    
   public var proofToken: IssuanceAccessToken? {
     switch self {
     case .noProofRequired:
       return nil
-    case .proofRequired(let accessToken, _, _, _):
+    case .proofRequired(let accessToken, _, _, _, _):
       return accessToken
     }
   }
@@ -50,22 +98,23 @@ public enum AuthorizedRequest {
 public extension AuthorizedRequest {
   var accessToken: IssuanceAccessToken? {
     switch self {
-    case .noProofRequired(let accessToken, _, _):
+    case .noProofRequired(let accessToken, _, _, _):
       return accessToken
-    case .proofRequired(let accessToken, _, _, _):
+    case .proofRequired(let accessToken, _, _, _, _):
       return accessToken
     }
   }
 
   func handleInvalidProof(cNonce: CNonce) throws -> AuthorizedRequest {
     switch self {
 
-    case .noProofRequired(let accessToken, let refreshToken, let credentialIdentifiers):
+    case .noProofRequired(let accessToken, let refreshToken, let credentialIdentifiers, let timeStamp):
       return .proofRequired(
         accessToken: accessToken,
         refreshToken: refreshToken,
         cNonce: cNonce,
-        credentialIdentifiers: credentialIdentifiers
+        credentialIdentifiers: credentialIdentifiers,
+        timeStamp: timeStamp
       )
     default: throw ValidationError.error(reason: "Expected .noProofRequired authorisation request")
     }

Sources/Entities/IssuanceAccessToken.swift

@@ -35,19 +35,23 @@ public enum TokenType: String, Codable {
   }
 }
 
-public struct IssuanceAccessToken: Codable {
+public struct IssuanceAccessToken: Codable, CanExpire {
+  public var expiresIn: TimeInterval?
+
   public let accessToken: String
   public let tokenType: TokenType?
 
   public init(
     accessToken: String,
-    tokenType: TokenType?
+    tokenType: TokenType?,
+    expiresIn: TimeInterval = .zero
   ) throws {
     guard !accessToken.isEmpty else {
       throw ValidationError.error(reason: "Access token cannot be empty")
     }
     self.accessToken = accessToken
     self.tokenType = tokenType
+    self.expiresIn = expiresIn
   }
 }
 

Sources/Entities/IssuanceFlows/GetAuthorizationCodeURL.swift

@@ -26,7 +26,7 @@ public struct GetAuthorizationCodeURL {
     guard let url = URL(string: urlString) else {
       throw ValidationError.invalidUrl(urlString)
     }
-
+      
     let parameters = url.queryParameters
     guard
       parameters["\(Self.PARAM_CLIENT_ID)"] != nil