DIDComm alignment: expires_time & created_time (#288)

* DIDComm alignement: expires_time & created_time

Author: volodymyr-basiuk

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@0xpolygonid/js-sdk",
-  "version": "1.22.0",
+  "version": "1.23.0",
   "description": "SDK to work with Polygon ID",
   "main": "dist/node/cjs/index.js",
   "module": "dist/node/esm/index.js",

package.json

@@ -12,15 +12,19 @@ import {
   ZeroKnowledgeProofRequest,
   JSONObject
 } from '../types';
-import { DID } from '@iden3/js-iden3-core';
+import { DID, getUnixTimestamp } from '@iden3/js-iden3-core';
 import { proving } from '@iden3/js-jwz';
 
 import * as uuid from 'uuid';
 import { ProofQuery } from '../../verifiable';
 import { byteDecoder, byteEncoder } from '../../utils';
-import { processZeroKnowledgeProofRequests } from './common';
+import { processZeroKnowledgeProofRequests, verifyExpiresTime } from './common';
 import { CircuitId } from '../../circuits';
-import { AbstractMessageHandler, IProtocolMessageHandler } from './message-handler';
+import {
+  AbstractMessageHandler,
+  BasicHandlerOptions,
+  IProtocolMessageHandler
+} from './message-handler';
 import { parseAcceptProfile } from '../utils';
 
 /**
@@ -30,6 +34,7 @@ import { parseAcceptProfile } from '../utils';
 export type AuthorizationRequestCreateOptions = {
   accept?: string[];
   scope?: ZeroKnowledgeProofRequest[];
+  expires_time?: Date;
 };
 
 /**
@@ -77,7 +82,9 @@ export function createAuthorizationRequestWithMessage(
       message: message,
       callbackUrl: callbackUrl,
       scope: opts?.scope ?? []
-    }
+    },
+    created_time: getUnixTimestamp(new Date()),
+    expires_time: opts?.expires_time ? getUnixTimestamp(opts.expires_time) : undefined
   };
   return request;
 }
@@ -88,10 +95,11 @@ export function createAuthorizationRequestWithMessage(
  *
  * @public
  */
-export type AuthResponseHandlerOptions = StateVerificationOpts & {
-  // acceptedProofGenerationDelay is the period of time in milliseconds that a generated proof remains valid.
-  acceptedProofGenerationDelay?: number;
-};
+export type AuthResponseHandlerOptions = StateVerificationOpts &
+  BasicHandlerOptions & {
+    // acceptedProofGenerationDelay is the period of time in milliseconds that a generated proof remains valid.
+    acceptedProofGenerationDelay?: number;
+  };
 
 /**
  * Interface that allows the processing of the authorization request in the raw format for given identifier
@@ -169,10 +177,10 @@ export type AuthMessageHandlerOptions = AuthReqOptions | AuthRespOptions;
  * @public
  * @interface AuthHandlerOptions
  */
-export interface AuthHandlerOptions {
+export type AuthHandlerOptions = BasicHandlerOptions & {
   mediaType: MediaType;
   packerOptions?: JWSPackerParams;
-}
+};
 
 /**
  *
@@ -243,7 +251,6 @@ export class AuthHandler
     if (authRequest.type !== PROTOCOL_MESSAGE_TYPE.AUTHORIZATION_REQUEST_MESSAGE_TYPE) {
       throw new Error('Invalid message type for authorization request');
     }
-
     // override sender did if it's explicitly specified in the auth request
     const to = authRequest.to ? DID.parse(authRequest.to) : ctx.senderDid;
     const guid = uuid.v4();
@@ -295,7 +302,9 @@ export class AuthHandler
     authResponse: AuthorizationResponseMessage;
   }> {
     const authRequest = await this.parseAuthorizationRequest(request);
-
+    if (!opts?.allowExpiredMessages) {
+      verifyExpiresTime(authRequest);
+    }
     if (!opts) {
       opts = {
         mediaType: MediaType.ZKPMessage
@@ -428,6 +437,9 @@ export class AuthHandler
     request: AuthorizationRequestMessage;
     response: AuthorizationResponseMessage;
   }> {
+    if (!opts?.allowExpiredMessages) {
+      verifyExpiresTime(response);
+    }
     const authResp = (await this.handleAuthResponse(response, {
       request,
       acceptedStateTransitionDelay: opts?.acceptedStateTransitionDelay,

src/iden3comm/handlers/auth.ts

@@ -1,5 +1,6 @@
 import { getRandomBytes } from '@iden3/js-crypto';
 import {
+  BasicMessage,
   JsonDocumentObject,
   JWSPackerParams,
   ZeroKnowledgeProofQuery,
@@ -8,7 +9,7 @@ import {
 } from '../types';
 import { mergeObjects } from '../../utils';
 import { RevocationStatus, W3CCredential } from '../../verifiable';
-import { DID } from '@iden3/js-iden3-core';
+import { DID, getUnixTimestamp } from '@iden3/js-iden3-core';
 import { IProofService } from '../../proof';
 import { CircuitId } from '../../circuits';
 import { MediaType } from '../constants';
@@ -134,3 +135,14 @@ export const processZeroKnowledgeProofRequests = async (
 
   return zkpResponses;
 };
+
+/**
+ * Verifies that the expires_time field of a message is not in the past. Throws an error if it is.
+ *
+ * @param message - Basic message to verify.
+ */
+export const verifyExpiresTime = (message: BasicMessage) => {
+  if (message?.expires_time && message.expires_time < getUnixTimestamp(new Date())) {
+    throw new Error('Message expired');
+  }
+};

src/iden3comm/handlers/common.ts

@@ -3,11 +3,15 @@ import { IProofService } from '../../proof/proof-service';
 import { PROTOCOL_MESSAGE_TYPE } from '../constants';
 import { BasicMessage, IPackageManager, ZeroKnowledgeProofResponse } from '../types';
 import { ContractInvokeRequest, ContractInvokeResponse } from '../types/protocol/contract-request';
-import { DID, ChainIds } from '@iden3/js-iden3-core';
+import { DID, ChainIds, getUnixTimestamp } from '@iden3/js-iden3-core';
 import { FunctionSignatures, IOnChainZKPVerifier } from '../../storage';
 import { Signer } from 'ethers';
-import { processZeroKnowledgeProofRequests } from './common';
-import { AbstractMessageHandler, IProtocolMessageHandler } from './message-handler';
+import { processZeroKnowledgeProofRequests, verifyExpiresTime } from './common';
+import {
+  AbstractMessageHandler,
+  BasicHandlerOptions,
+  IProtocolMessageHandler
+} from './message-handler';
 
 /**
  * Interface that allows the processing of the contract request
@@ -40,7 +44,7 @@ export interface IContractRequestHandler {
 }
 
 /** ContractInvokeHandlerOptions represents contract invoke handler options */
-export type ContractInvokeHandlerOptions = {
+export type ContractInvokeHandlerOptions = BasicHandlerOptions & {
   ethSigner: Signer;
   challenge?: bigint;
 };
@@ -193,7 +197,8 @@ export class ContractRequestHandler
       body: {
         transaction_data: request.body.transaction_data,
         scope: []
-      }
+      },
+      created_time: getUnixTimestamp(new Date())
     };
     for (const [txHash, zkpResponses] of txHashToZkpResponseMap) {
       for (const zkpResponse of zkpResponses) {
@@ -222,7 +227,9 @@ export class ContractRequestHandler
     opts: ContractInvokeHandlerOptions
   ): Promise<Map<string, ZeroKnowledgeProofResponse>> {
     const ciRequest = await this.parseContractInvokeRequest(request);
-
+    if (!opts.allowExpiredMessages) {
+      verifyExpiresTime(ciRequest);
+    }
     if (ciRequest.body.transaction_data.method_id !== FunctionSignatures.SubmitZKPResponseV1) {
       throw new Error(`please use handle method to work with other method ids`);
     }

src/iden3comm/handlers/contract-request.ts

@@ -9,7 +9,7 @@ import {
   PackerParams
 } from '../types';
 
-import { DID } from '@iden3/js-iden3-core';
+import { DID, getUnixTimestamp } from '@iden3/js-iden3-core';
 import * as uuid from 'uuid';
 import { proving } from '@iden3/js-jwz';
 import {
@@ -21,13 +21,24 @@ import {
 import { IIdentityWallet } from '../../identity';
 import { byteEncoder } from '../../utils';
 import { W3CCredential } from '../../verifiable';
-import { AbstractMessageHandler, IProtocolMessageHandler } from './message-handler';
+import {
+  AbstractMessageHandler,
+  BasicHandlerOptions,
+  IProtocolMessageHandler
+} from './message-handler';
+import { verifyExpiresTime } from './common';
 
 /** @beta ProposalRequestCreationOptions represents proposal-request creation options */
 export type ProposalRequestCreationOptions = {
   credentials: ProposalRequestCredential[];
   metadata?: { type: string; data?: JsonDocumentObject };
   did_doc?: DIDDocument;
+  expires_time?: Date;
+};
+
+/** @beta ProposalCreationOptions represents proposal creation options */
+export type ProposalCreationOptions = {
+  expires_time?: Date;
 };
 
 /**
@@ -51,7 +62,9 @@ export function createProposalRequest(
     to: receiver.string(),
     typ: MediaType.PlainMessage,
     type: PROTOCOL_MESSAGE_TYPE.PROPOSAL_REQUEST_MESSAGE_TYPE,
-    body: opts
+    body: opts,
+    created_time: getUnixTimestamp(new Date()),
+    expires_time: opts?.expires_time ? getUnixTimestamp(opts.expires_time) : undefined
   };
   return request;
 }
@@ -67,7 +80,8 @@ export function createProposalRequest(
 export function createProposal(
   sender: DID,
   receiver: DID,
-  proposals?: Proposal[]
+  proposals?: Proposal[],
+  opts?: ProposalCreationOptions
 ): ProposalMessage {
   const uuidv4 = uuid.v4();
   const request: ProposalMessage = {
@@ -79,7 +93,9 @@ export function createProposal(
     type: PROTOCOL_MESSAGE_TYPE.PROPOSAL_MESSAGE_TYPE,
     body: {
       proposals: proposals || []
-    }
+    },
+    created_time: getUnixTimestamp(new Date()),
+    expires_time: opts?.expires_time ? getUnixTimestamp(opts.expires_time) : undefined
   };
   return request;
 }
@@ -129,10 +145,10 @@ export interface ICredentialProposalHandler {
 }
 
 /** @beta ProposalRequestHandlerOptions represents proposal-request handler options */
-export type ProposalRequestHandlerOptions = object;
+export type ProposalRequestHandlerOptions = BasicHandlerOptions;
 
 /** @beta ProposalHandlerOptions represents proposal handler options */
-export type ProposalHandlerOptions = {
+export type ProposalHandlerOptions = BasicHandlerOptions & {
   proposalRequest?: ProposalRequestMessage;
 };
 
@@ -310,6 +326,9 @@ export class CredentialProposalHandler
     if (!proposalRequest.from) {
       throw new Error(`failed request. empty 'from' field`);
     }
+    if (!opts?.allowExpiredMessages) {
+      verifyExpiresTime(proposalRequest);
+    }
 
     const senderDID = DID.parse(proposalRequest.from);
     const message = await this.handleProposalRequestMessage(proposalRequest);
@@ -332,6 +351,9 @@ export class CredentialProposalHandler
    * @inheritdoc ICredentialProposalHandler#handleProposal
    */
   async handleProposal(proposal: ProposalMessage, opts?: ProposalHandlerOptions) {
+    if (!opts?.allowExpiredMessages) {
+      verifyExpiresTime(proposal);
+    }
     if (opts?.proposalRequest && opts.proposalRequest.from !== proposal.to) {
       throw new Error(
         `sender of the request is not a target of response - expected ${opts.proposalRequest.from}, given ${proposal.to}`