fix: move salt generation to wsp

Signed-off-by: Berend Sliedrecht <[email protected]>
animo · Nov 20, 2024 · bae4a57 · bae4a57
1 parent 14ea9ca
commit bae4a57
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 30 deletions.
diff --git a/apps/easypid/src/agent/initialize.ts b/apps/easypid/src/agent/initialize.ts
@@ -1,7 +1,6 @@
 import { setFallbackSecureEnvironment } from '@animo-id/expo-secure-environment'
 import { trustedX509Certificates } from '@easypid/constants'
 import { WalletServiceProviderClient } from '@easypid/crypto/WalletServiceProviderClient'
-import { createSalt } from '@easypid/crypto/salt'
 import { initializeEasyPIDAgent } from '@package/agent'
 
 export async function initializeAppAgent({
@@ -24,7 +23,7 @@ export async function initializeAppAgent({
    */
   const wsp = new WalletServiceProviderClient(process.env.EXPO_PUBLIC_WALLET_SERVICE_PROVIDER_URL as string, agent)
   if (registerWallet) {
-    await createSalt(agent)
+    await wsp.createSalt()
     await wsp.register()
   }
   setFallbackSecureEnvironment(wsp)

diff --git a/apps/easypid/src/crypto/WalletServiceProviderClient.ts b/apps/easypid/src/crypto/WalletServiceProviderClient.ts
@@ -1,21 +1,23 @@
 import type { SecureEnvironment } from '@animo-id/expo-secure-environment'
 import {
-  type AgentContext,
+  CredoWebCrypto,
   type JwsProtectedHeaderOptions,
   JwsService,
   JwtPayload,
+  TypedArrayEncoder,
   getJwkFromKey,
 } from '@credo-ts/core'
 import type { EasyPIDAppAgent } from 'packages/agent/src'
 import { deriveKeypairFromPin } from './pin'
-import { getOrCreateSalt } from './salt'
 
 let __pin: Array<number> | undefined
 export const setWalletServiceProviderPin = (pin?: Array<number>) => {
   __pin = pin
 }
 export const getWalletServiceProviderPin = () => __pin
 
+const GENERIC_RECORD_WALLET_SERVICE_PROVIDER_SALT_ID = 'GENERIC_RECORD_WALLET_SERVICE_PROVIDER_SALT_ID'
+
 export class WalletServiceProviderClient implements SecureEnvironment {
   private headers: Headers = new Headers({
     'Content-Type': 'application/json',
@@ -37,7 +39,7 @@ export class WalletServiceProviderClient implements SecureEnvironment {
         'Pin not set! call `setWalletServiceProviderPin(pin)` before calling a method on the WalletServiceProvider'
       )
     const jwsService = this.agent.context.dependencyManager.resolve(JwsService)
-    const salt = await getOrCreateSalt(this.agent)
+    const salt = await this.getOrCreateSalt()
     const key = await deriveKeypairFromPin(this.agent.context, pin, salt)
 
     const payload = new JwtPayload({
@@ -94,4 +96,29 @@ export class WalletServiceProviderClient implements SecureEnvironment {
 
     return new Uint8Array(publicKey)
   }
+
+  public async createSalt() {
+    const maybeSalt = await this.getSalt()
+    if (maybeSalt) return maybeSalt
+
+    const crypto = new CredoWebCrypto(this.agent.context)
+
+    const saltBytes = crypto.getRandomValues(new Uint8Array(12))
+    const saltString = TypedArrayEncoder.toBase64URL(saltBytes)
+    await this.agent.genericRecords.save({
+      content: { salt: saltString },
+      id: GENERIC_RECORD_WALLET_SERVICE_PROVIDER_SALT_ID,
+    })
+    return saltString
+  }
+
+  private async getSalt(): Promise<string | null> {
+    return (await this.agent.genericRecords.findById(GENERIC_RECORD_WALLET_SERVICE_PROVIDER_SALT_ID))?.content
+      .salt as string
+  }
+
+  private async getOrCreateSalt() {
+    const maybeSalt = await this.getSalt()
+    return maybeSalt ?? (await this.createSalt())
+  }
 }
diff --git a/apps/easypid/src/crypto/salt.ts b/apps/easypid/src/crypto/salt.ts