From bae4a57bccf291922fed7ae7a5100da1f05c6ccb Mon Sep 17 00:00:00 2001
From: Berend Sliedrecht <sliedrecht@berend.io>
Date: Wed, 20 Nov 2024 13:41:12 +0100
Subject: [PATCH] fix: move salt generation to wsp

Signed-off-by: Berend Sliedrecht <sliedrecht@berend.io>
---
 apps/easypid/src/agent/initialize.ts          |  3 +-
 .../src/crypto/WalletServiceProviderClient.ts | 33 +++++++++++++++++--
 apps/easypid/src/crypto/salt.ts               | 25 --------------
 3 files changed, 31 insertions(+), 30 deletions(-)
 delete mode 100644 apps/easypid/src/crypto/salt.ts

diff --git a/apps/easypid/src/agent/initialize.ts b/apps/easypid/src/agent/initialize.ts
index 4d8ef91a..12252d70 100644
--- a/apps/easypid/src/agent/initialize.ts
+++ b/apps/easypid/src/agent/initialize.ts
@@ -1,7 +1,6 @@
 import { setFallbackSecureEnvironment } from '@animo-id/expo-secure-environment'
 import { trustedX509Certificates } from '@easypid/constants'
 import { WalletServiceProviderClient } from '@easypid/crypto/WalletServiceProviderClient'
-import { createSalt } from '@easypid/crypto/salt'
 import { initializeEasyPIDAgent } from '@package/agent'
 
 export async function initializeAppAgent({
@@ -24,7 +23,7 @@ export async function initializeAppAgent({
    */
   const wsp = new WalletServiceProviderClient(process.env.EXPO_PUBLIC_WALLET_SERVICE_PROVIDER_URL as string, agent)
   if (registerWallet) {
-    await createSalt(agent)
+    await wsp.createSalt()
     await wsp.register()
   }
   setFallbackSecureEnvironment(wsp)
diff --git a/apps/easypid/src/crypto/WalletServiceProviderClient.ts b/apps/easypid/src/crypto/WalletServiceProviderClient.ts
index e5eaab20..bce9c084 100644
--- a/apps/easypid/src/crypto/WalletServiceProviderClient.ts
+++ b/apps/easypid/src/crypto/WalletServiceProviderClient.ts
@@ -1,14 +1,14 @@
 import type { SecureEnvironment } from '@animo-id/expo-secure-environment'
 import {
-  type AgentContext,
+  CredoWebCrypto,
   type JwsProtectedHeaderOptions,
   JwsService,
   JwtPayload,
+  TypedArrayEncoder,
   getJwkFromKey,
 } from '@credo-ts/core'
 import type { EasyPIDAppAgent } from 'packages/agent/src'
 import { deriveKeypairFromPin } from './pin'
-import { getOrCreateSalt } from './salt'
 
 let __pin: Array<number> | undefined
 export const setWalletServiceProviderPin = (pin?: Array<number>) => {
@@ -16,6 +16,8 @@ export const setWalletServiceProviderPin = (pin?: Array<number>) => {
 }
 export const getWalletServiceProviderPin = () => __pin
 
+const GENERIC_RECORD_WALLET_SERVICE_PROVIDER_SALT_ID = 'GENERIC_RECORD_WALLET_SERVICE_PROVIDER_SALT_ID'
+
 export class WalletServiceProviderClient implements SecureEnvironment {
   private headers: Headers = new Headers({
     'Content-Type': 'application/json',
@@ -37,7 +39,7 @@ export class WalletServiceProviderClient implements SecureEnvironment {
         'Pin not set! call `setWalletServiceProviderPin(pin)` before calling a method on the WalletServiceProvider'
       )
     const jwsService = this.agent.context.dependencyManager.resolve(JwsService)
-    const salt = await getOrCreateSalt(this.agent)
+    const salt = await this.getOrCreateSalt()
     const key = await deriveKeypairFromPin(this.agent.context, pin, salt)
 
     const payload = new JwtPayload({
@@ -94,4 +96,29 @@ export class WalletServiceProviderClient implements SecureEnvironment {
 
     return new Uint8Array(publicKey)
   }
+
+  public async createSalt() {
+    const maybeSalt = await this.getSalt()
+    if (maybeSalt) return maybeSalt
+
+    const crypto = new CredoWebCrypto(this.agent.context)
+
+    const saltBytes = crypto.getRandomValues(new Uint8Array(12))
+    const saltString = TypedArrayEncoder.toBase64URL(saltBytes)
+    await this.agent.genericRecords.save({
+      content: { salt: saltString },
+      id: GENERIC_RECORD_WALLET_SERVICE_PROVIDER_SALT_ID,
+    })
+    return saltString
+  }
+
+  private async getSalt(): Promise<string | null> {
+    return (await this.agent.genericRecords.findById(GENERIC_RECORD_WALLET_SERVICE_PROVIDER_SALT_ID))?.content
+      .salt as string
+  }
+
+  private async getOrCreateSalt() {
+    const maybeSalt = await this.getSalt()
+    return maybeSalt ?? (await this.createSalt())
+  }
 }
diff --git a/apps/easypid/src/crypto/salt.ts b/apps/easypid/src/crypto/salt.ts
deleted file mode 100644
index 8988c85f..00000000
--- a/apps/easypid/src/crypto/salt.ts
+++ /dev/null
@@ -1,25 +0,0 @@
-import { CredoWebCrypto, TypedArrayEncoder } from '@credo-ts/core'
-import type { EasyPIDAppAgent } from '@package/agent'
-
-const GENERIC_RECORD_SALT_ID = 'GENERIC_RECORD_SALT_ID'
-
-export const createSalt = async (agent: EasyPIDAppAgent) => {
-  const maybeSalt = await getSalt(agent)
-  if (maybeSalt) return maybeSalt
-
-  const crypto = new CredoWebCrypto(agent.context)
-
-  const saltBytes = crypto.getRandomValues(new Uint8Array(12))
-  const saltString = TypedArrayEncoder.toBase64URL(saltBytes)
-  await agent.genericRecords.save({ content: { salt: saltString }, id: GENERIC_RECORD_SALT_ID })
-  return saltString
-}
-
-const getSalt = async (agent: EasyPIDAppAgent): Promise<string | null> => {
-  return (await agent.genericRecords.findById(GENERIC_RECORD_SALT_ID))?.content.salt as string
-}
-
-export const getOrCreateSalt = async (agent: EasyPIDAppAgent) => {
-  const maybeSalt = await getSalt(agent)
-  return maybeSalt ?? (await createSalt(agent))
-}