WAL-199 - Enhance error handling in waltid library

settings.gradle.kts

@@ -47,6 +47,7 @@ val modules = listOf(
 
     "$libraries:waltid-did",
     "$libraries:waltid-java-compat",
+    "$libraries:waltid-library-commons",
 
     // Service commons
     "$services:waltid-service-commons",

waltid-libraries/crypto/waltid-crypto/build.gradle.kts

@@ -72,13 +72,7 @@ kotlin {
         }
     }
     js(IR) {
-        moduleName = "crypto"/*browser {
-            commonWebpackConfig {
-                cssSupport {
-                    enabled.set(true)
-                }
-            }
-        }*/
+        moduleName = "crypto"
         nodejs {
             generateTypeScriptDefinitions()
             testTask {
@@ -87,8 +81,6 @@ kotlin {
         }
         binaries.library()
     }
-//    androidTarget()
-
     if (enableIosBuild) {
         iosArm64()
         iosSimulatorArm64()
@@ -130,8 +122,10 @@ kotlin {
                 // Logging
                 implementation("io.github.oshai:kotlin-logging:7.0.0")
 
-                // suspend-transform plugin annotations (required in the current version to avoid "compileOnly" warning)
                 implementation("${SuspendTransPluginConstants.ANNOTATION_GROUP}:${SuspendTransPluginConstants.ANNOTATION_NAME}:${SuspendTransPluginConstants.ANNOTATION_VERSION}")
+
+                implementation(project(":waltid-libraries:waltid-library-commons"))
+
             }
         }
         val commonTest by getting {
@@ -157,8 +151,6 @@ kotlin {
                 // JOSE
                 implementation("com.nimbusds:nimbus-jose-jwt:9.40")
 
-                // Multibase
-//                implementation("com.github.multiformats:java-multibase:v1.1.1")
             }
         }
         val jvmTest by getting {
@@ -179,26 +171,13 @@ kotlin {
                 // JOSE
                 implementation(npm("jose", "5.2.3"))
 
-                // Multibase
-                // implementation(npm("multiformats", "12.1.2"))
             }
         }
         val jsTest by getting {
             dependencies {
                 implementation(kotlin("test-js"))
             }
         }
-//        val androidMain by getting {
-//            dependencies {
-//                implementation("io.ktor:ktor-client-android:2.3.10")
-//            }
-//        }
-//        val androidUnitTest by getting {
-//            dependencies {
-//                implementation(kotlin("test"))
-//            }
-//        }
-
         if (enableIosBuild) {
             val iosArm64Main by getting
             val iosSimulatorArm64Main by getting
@@ -242,15 +221,9 @@ kotlin {
                     val secretMavenUsername = envUsername ?: usernameFile.let {
                         if (it.isFile) it.readLines().first() else ""
                     }
-                    //println("Deploy username length: ${secretMavenUsername.length}")
                     val secretMavenPassword = envPassword ?: passwordFile.let {
                         if (it.isFile) it.readLines().first() else ""
                     }
-
-                    //if (secretMavenPassword.isBlank()) {
-                    //   println("WARNING: Password is blank!")
-                    //}
-
                     credentials {
                         username = secretMavenUsername
                         password = secretMavenPassword

waltid-libraries/crypto/waltid-crypto/src/commonMain/kotlin/id/walt/crypto/keys/KeyManager.kt

@@ -1,5 +1,8 @@
 package id.walt.crypto.keys
 
+import id.walt.commons.exceptions.KeyBackendNotSupportedException
+import id.walt.commons.exceptions.KeyTypeMissingException
+import id.walt.commons.exceptions.KeyTypeNotSupportedException
 import id.walt.crypto.keys.jwk.JWKKey
 import id.walt.crypto.keys.oci.OCIKeyRestApi
 import id.walt.crypto.keys.tse.TSEKey
@@ -17,7 +20,7 @@ object KeyManager {
     val types = HashMap<String, KType>()
     val keyTypeGeneration = HashMap<String, suspend (KeyGenerationRequest) -> Key>()
 
-    fun getRegisteredKeyType(type: String): KType = types[type] ?: error("Unknown key type: $type")
+    fun getRegisteredKeyType(type: String): KType = types[type] ?: throw KeyTypeNotSupportedException(type)
 
     init {
         register<JWKKey>("jwk") { generateRequest: KeyGenerationRequest -> JWKKey.generate(generateRequest.keyType) }
@@ -40,14 +43,19 @@ object KeyManager {
         keyTypeGeneration[typeId] = createFunction
     }
 
-    inline fun <reified T : Key> register(typeId: String, noinline createFunction: suspend (KeyGenerationRequest) -> T) {
+    inline fun <reified T : Key> register(
+        typeId: String,
+        noinline createFunction: suspend (KeyGenerationRequest) -> T
+    ) {
         keyManagerLogger().trace { "Registering key type \"$typeId\" to ${T::class.simpleName}..." }
         val type = typeOf<T>()
         registerByType(type, typeId, createFunction)
     }
 
     suspend fun createKey(generationRequest: KeyGenerationRequest): Key {
-        val function = keyTypeGeneration[generationRequest.backend] ?: error("No such key backend registered: ${generationRequest.backend}")
+        val function = keyTypeGeneration[generationRequest.backend] ?: throw KeyBackendNotSupportedException(
+            generationRequest.backend
+        )
         log.debug { "Creating key with generation request: $generationRequest" }
 
         return function.invoke(generationRequest)
@@ -61,7 +69,7 @@ object KeyManager {
         val type = getRegisteredKeyType(it)
         val fields = json.filterKeys { it != "type" }.mapValues { it.value }
         Json.decodeFromJsonElement(serializer(type), JsonObject(fields)) as Key
-    }?.apply { init() } ?: error("No type in serialized key")
+    }?.apply { init() } ?: throw KeyTypeMissingException()
 
     fun resolveSerializedKeyBlocking(jsonString: String) =
         resolveSerializedKeyBlocking(json = Json.parseToJsonElement(jsonString).jsonObject)

waltid-libraries/crypto/waltid-crypto/src/commonMain/kotlin/id/walt/crypto/keys/jwk/JWKKey.kt

@@ -4,7 +4,6 @@ import id.walt.crypto.keys.JwkKeyMeta
 import id.walt.crypto.keys.Key
 import id.walt.crypto.keys.KeyType
 import kotlinx.serialization.KSerializer
-import kotlinx.serialization.decodeFromString
 import kotlinx.serialization.descriptors.SerialDescriptor
 import kotlinx.serialization.encodeToString
 import kotlinx.serialization.encoding.Decoder

waltid-libraries/crypto/waltid-crypto/src/commonMain/kotlin/id/walt/crypto/keys/oci/OCIKeyRestApi.kt

@@ -1,5 +1,9 @@
 package id.walt.crypto.keys.oci
 
+import id.walt.commons.exceptions.KeyNotFoundException
+import id.walt.commons.exceptions.KeyTypeNotSupportedException
+import id.walt.commons.exceptions.SigningException
+import id.walt.commons.exceptions.VerificationException
 import id.walt.crypto.keys.EccUtils
 import id.walt.crypto.keys.Key
 import id.walt.crypto.keys.KeyType
@@ -72,9 +76,9 @@ class OCIKeyRestApi(
     private suspend fun retrievePublicKey(): Key {
         val keyData = getKeys(vaultKeyId, config.managementEndpoint, config.tenancyOcid, config.signingKeyPem)
         val key =
-            keyData.firstOrNull { it["id"]?.jsonPrimitive?.content == id } ?: throw IllegalArgumentException("Key with id $id not found")
+            keyData.firstOrNull { it["id"]?.jsonPrimitive?.content == id } ?: throw KeyNotFoundException(id)
         val keyVersion = getKeyVersion(id, vaultKeyId, config.managementEndpoint, config.signingKeyPem)
-        val keyId = key["id"]?.jsonPrimitive?.content ?: ""
+        val keyId = key["id"]?.jsonPrimitive?.content ?: throw KeyNotFoundException(id)
 
         return getOCIPublicKey(
             keyId, vaultKeyId, config.managementEndpoint, keyVersion, config.signingKeyPem
@@ -119,7 +123,7 @@ class OCIKeyRestApi(
         when (keyType) {
             KeyType.secp256r1 -> "ECDSA_SHA_256"
             KeyType.RSA -> "SHA_256_RSA_PKCS_PSS"
-            else -> throw NotImplementedError("Keytype not yet implemented: $keyType")
+            else -> throw KeyTypeNotSupportedException(keyType.name)
         }
     }
 
@@ -154,7 +158,7 @@ class OCIKeyRestApi(
                 header("x-content-sha256", calculateSHA256(requestBody))
                 setBody(requestBody)
             }.ociJsonDataBody().jsonObject["signature"]?.jsonPrimitive?.content?.decodeFromBase64()
-            response ?: error("No signature returned from OCI.")
+            response ?: throw SigningException("No signature returned from OCI.")
         }
     }
 
@@ -217,7 +221,7 @@ class OCIKeyRestApi(
             setBody(requestBody)
         }.ociJsonDataBody().jsonObject["isSignatureValid"]?.jsonPrimitive?.boolean ?: false
         return if (response) Result.success(detachedPlaintext)
-        else Result.failure(Exception("Signature is not valid"))
+        else Result.failure(VerificationException("Signature is not valid"))
     }
 
     @JvmBlocking
@@ -273,14 +277,13 @@ class OCIKeyRestApi(
         private fun keyTypeToOciKeyMapping(type: KeyType) = when (type) {
             KeyType.secp256r1 -> "ECDSA"
             KeyType.RSA -> "RSA"
-            KeyType.secp256k1 -> throw IllegalArgumentException("Not supported: $type")
-            KeyType.Ed25519 -> throw IllegalArgumentException("Not supported: $type")
+            else -> throw KeyTypeNotSupportedException(type.name)
         }
 
         private fun ociKeyToKeyTypeMapping(type: String) = when (type) {
             "ECDSA" -> KeyType.secp256r1
             "RSA" -> KeyType.RSA
-            else -> throw IllegalArgumentException("Not supported: $type")
+            else -> throw KeyTypeNotSupportedException(type)
         }
 
         @JvmBlocking
@@ -293,10 +296,9 @@ class OCIKeyRestApi(
                 val vaultKeyId = "${config.tenancyOcid}/${config.userOcid}/${config.fingerprint}"
                 val host = config.managementEndpoint
                 val length = when (type) {
-                    KeyType.Ed25519 -> throw IllegalArgumentException("Not supported: $type")
                     KeyType.secp256r1 -> 32
                     KeyType.RSA -> 256
-                    KeyType.secp256k1 -> throw IllegalArgumentException("Not supported: $type")
+                    else -> throw KeyTypeNotSupportedException(type.name)
                 }
                 val requestBody = JsonObject(
                     mapOf(
@@ -388,7 +390,8 @@ class OCIKeyRestApi(
                 else -> throw IllegalArgumentException("Unsupported HTTP method: $method")
             }
 
-            val privateOciApiKey = signingKey ?: error("No private key provided for OCI signing. Please provide a private key.")
+            val privateOciApiKey = signingKey
+                ?: throw KeyNotFoundException("No private key provided for OCI signing. Please provide a private key.")
 
             return Base64.encode(sha256WithRsa(privateOciApiKey, signingString.encodeToByteArray()))
         }
@@ -438,7 +441,8 @@ class OCIKeyRestApi(
                 header("Host", host)
             }
 
-            val publicKeyPem = response.body<JsonObject>()["publicKey"]?.jsonPrimitive?.content ?: error("No public key returned from OCI.")
+            val publicKeyPem = response.body<JsonObject>()["publicKey"]?.jsonPrimitive?.content
+                ?: throw KeyNotFoundException("No public key returned from OCI for key ID: $OCIDKeyID and version: $keyVersion")
             val publicKey = JWKKey.importPEM(publicKeyPem).getOrThrow()
 
             return publicKey

waltid-libraries/crypto/waltid-crypto/src/commonMain/kotlin/id/walt/crypto/keys/tse/TSEAuth.kt

@@ -1,5 +1,6 @@
 package id.walt.crypto.keys.tse
 
+import id.walt.commons.exceptions.TSEError
 import io.github.reactivecircus.cache4k.Cache
 import io.ktor.client.*
 import io.ktor.client.call.*
@@ -56,26 +57,42 @@ data class TSEAuth(
     }
 
     init {
-        require(
-            accessKey != null
-                    || (roleId != null && secretId != null)
-                    || (username != null && password != null)
-        ) {
-            "No valid authentication method passed!"
+        requireAuthenticationMethod()
+    }
+
+    private fun requireAuthenticationMethod() {
+        val usingAccessKey = accessKey != null
+        val usingRoleIdAndSecret = roleId != null || secretId != null
+        val usingUsernameAndPassword = username != null || password != null
+        require(usingAccessKey || usingRoleIdAndSecret || usingUsernameAndPassword) {
+            throw TSEError.InvalidAuthenticationMethod.MissingAuthenticationMethodException()
+        }
+        if (usingRoleIdAndSecret) {
+            require(roleId != null && secretId != null) {
+                throw TSEError.InvalidAuthenticationMethod.IncompleteRoleAuthenticationMethodException()
+            }
+        }
+        if (usingUsernameAndPassword) {
+            require(username != null && password != null) {
+                throw TSEError.InvalidAuthenticationMethod.IncompleteUserAuthenticationMethodException()
+            }
         }
     }
 
     private fun String.getServerUpTov1() = substringBefore("/v1/") + "/v1"
 
     private suspend fun HttpResponse.getClientToken() =
         body<JsonObject>().let {
-            if (it.containsKey("errors")) {
-                error("Errors occurred at TSE login: " + it["errors"]!!.jsonArray.map { it.jsonPrimitive.content }.joinToString())
-            }
+            checkNoErrors(it)
             it["auth"]?.jsonObject?.get("client_token")?.jsonPrimitive?.contentOrNull
-                ?: error("Did not receive token after login!")
+                ?: throw TSEError.MissingAuthTokenException()
         }
 
+    private fun checkNoErrors(json: JsonObject) = json["errors"]?.let {
+        throw TSEError.LoginException(it.jsonArray.map { it.jsonPrimitive.content })
+    }
+
+
     private suspend fun loginAppRole(server: String): String =
         http.post("$server/auth/approle/login") {
             setBody(
@@ -104,7 +121,7 @@ data class TSEAuth(
             accessKey != null -> accessKey
             roleId != null -> loginAppRole(server)
             username != null -> loginUserPass(server)
-            else -> throw IllegalArgumentException("No valid authentication method passed!")
+            else -> throw TSEError.InvalidAuthenticationMethod.MissingAuthenticationMethodException()
         }
     }