@capawesome/capacitor-app-integrity 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CapawesomeCapacitorAppIntegrity.podspec +17 -0
- package/LICENSE +21 -0
- package/Package.swift +28 -0
- package/README.md +385 -0
- package/android/build.gradle +60 -0
- package/android/src/main/AndroidManifest.xml +2 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/appintegrity/AppIntegrity.java +208 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/appintegrity/AppIntegrityPlugin.java +137 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/appintegrity/classes/CustomException.java +20 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/appintegrity/classes/CustomExceptions.java +11 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/appintegrity/classes/options/PrepareIntegrityTokenOptions.java +26 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/appintegrity/classes/options/RequestIntegrityTokenOptions.java +51 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/appintegrity/classes/results/IsAvailableResult.java +22 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/appintegrity/classes/results/RequestIntegrityTokenResult.java +23 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/appintegrity/interfaces/Callback.java +5 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/appintegrity/interfaces/EmptyCallback.java +5 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/appintegrity/interfaces/NonEmptyResultCallback.java +7 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/appintegrity/interfaces/Result.java +7 -0
- package/android/src/main/res/.gitkeep +0 -0
- package/dist/docs.json +472 -0
- package/dist/esm/definitions.d.ts +384 -0
- package/dist/esm/definitions.js +152 -0
- package/dist/esm/definitions.js.map +1 -0
- package/dist/esm/index.d.ts +4 -0
- package/dist/esm/index.js +7 -0
- package/dist/esm/index.js.map +1 -0
- package/dist/esm/web.d.ts +10 -0
- package/dist/esm/web.js +22 -0
- package/dist/esm/web.js.map +1 -0
- package/dist/plugin.cjs.js +188 -0
- package/dist/plugin.cjs.js.map +1 -0
- package/dist/plugin.js +191 -0
- package/dist/plugin.js.map +1 -0
- package/ios/Plugin/AppIntegrity.swift +78 -0
- package/ios/Plugin/AppIntegrityPlugin.swift +116 -0
- package/ios/Plugin/Classes/Options/AttestKeyOptions.swift +29 -0
- package/ios/Plugin/Classes/Options/GenerateAssertionOptions.swift +29 -0
- package/ios/Plugin/Classes/Results/AttestKeyResult.swift +16 -0
- package/ios/Plugin/Classes/Results/GenerateAssertionResult.swift +16 -0
- package/ios/Plugin/Classes/Results/GenerateKeyResult.swift +16 -0
- package/ios/Plugin/Classes/Results/IsAvailableResult.swift +16 -0
- package/ios/Plugin/Enums/CustomError.swift +59 -0
- package/ios/Plugin/Info.plist +24 -0
- package/ios/Plugin/Protocols/Result.swift +5 -0
- package/package.json +91 -0
|
@@ -0,0 +1,384 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @since 0.1.0
|
|
3
|
+
*/
|
|
4
|
+
export interface AppIntegrityPlugin {
|
|
5
|
+
/**
|
|
6
|
+
* Attest a key generated with `generateKey()` using Apple's App Attest service.
|
|
7
|
+
*
|
|
8
|
+
* The returned attestation object must be sent to your server, which verifies
|
|
9
|
+
* it with Apple and stores the key identifier for future assertions.
|
|
10
|
+
*
|
|
11
|
+
* Only available on iOS.
|
|
12
|
+
*
|
|
13
|
+
* @since 0.1.0
|
|
14
|
+
*/
|
|
15
|
+
attestKey(options: AttestKeyOptions): Promise<AttestKeyResult>;
|
|
16
|
+
/**
|
|
17
|
+
* Generate an assertion for the given client data using an attested key.
|
|
18
|
+
*
|
|
19
|
+
* The returned assertion must be sent to your server along with the client
|
|
20
|
+
* data, where it is verified using the previously stored key identifier.
|
|
21
|
+
*
|
|
22
|
+
* Only available on iOS.
|
|
23
|
+
*
|
|
24
|
+
* @since 0.1.0
|
|
25
|
+
*/
|
|
26
|
+
generateAssertion(options: GenerateAssertionOptions): Promise<GenerateAssertionResult>;
|
|
27
|
+
/**
|
|
28
|
+
* Generate a new App Attest key pair.
|
|
29
|
+
*
|
|
30
|
+
* The private key is stored in the Secure Enclave. Store the returned key
|
|
31
|
+
* identifier in your app to attest the key and generate assertions later.
|
|
32
|
+
*
|
|
33
|
+
* Only available on iOS.
|
|
34
|
+
*
|
|
35
|
+
* @since 0.1.0
|
|
36
|
+
*/
|
|
37
|
+
generateKey(): Promise<GenerateKeyResult>;
|
|
38
|
+
/**
|
|
39
|
+
* Check whether app integrity attestation is available on this device.
|
|
40
|
+
*
|
|
41
|
+
* On Android, this checks whether Google Play Services is available.
|
|
42
|
+
* On iOS, this checks whether the App Attest service is supported.
|
|
43
|
+
* On iOS, the App Attest service is not supported on simulators.
|
|
44
|
+
*
|
|
45
|
+
* @since 0.1.0
|
|
46
|
+
*/
|
|
47
|
+
isAvailable(): Promise<IsAvailableResult>;
|
|
48
|
+
/**
|
|
49
|
+
* Prepare the integrity token provider for standard integrity token requests.
|
|
50
|
+
*
|
|
51
|
+
* Call this method once, for example at app start, before calling
|
|
52
|
+
* `requestIntegrityToken(...)` with a request hash. The preparation can take
|
|
53
|
+
* several seconds, so it should be done well ahead of the first request.
|
|
54
|
+
*
|
|
55
|
+
* Only available on Android.
|
|
56
|
+
*
|
|
57
|
+
* @since 0.1.0
|
|
58
|
+
*/
|
|
59
|
+
prepareIntegrityToken(options: PrepareIntegrityTokenOptions): Promise<void>;
|
|
60
|
+
/**
|
|
61
|
+
* Request an integrity token from the Play Integrity API.
|
|
62
|
+
*
|
|
63
|
+
* Provide a `requestHash` for a standard request (recommended, requires a
|
|
64
|
+
* prior call to `prepareIntegrityToken(...)`) or a `nonce` for a classic request.
|
|
65
|
+
*
|
|
66
|
+
* The returned token must be sent to your server, which decrypts and
|
|
67
|
+
* verifies it via Google's servers.
|
|
68
|
+
*
|
|
69
|
+
* Only available on Android.
|
|
70
|
+
*
|
|
71
|
+
* @since 0.1.0
|
|
72
|
+
*/
|
|
73
|
+
requestIntegrityToken(options: RequestIntegrityTokenOptions): Promise<RequestIntegrityTokenResult>;
|
|
74
|
+
}
|
|
75
|
+
/**
|
|
76
|
+
* @since 0.1.0
|
|
77
|
+
*/
|
|
78
|
+
export interface AttestKeyOptions {
|
|
79
|
+
/**
|
|
80
|
+
* The one-time challenge received from your server, encoded as a
|
|
81
|
+
* base64 string.
|
|
82
|
+
*
|
|
83
|
+
* The challenge is hashed with SHA-256 on the device before it is passed
|
|
84
|
+
* to the App Attest service.
|
|
85
|
+
*
|
|
86
|
+
* @example 'dGhpc2lzYWNoYWxsZW5nZQ=='
|
|
87
|
+
* @since 0.1.0
|
|
88
|
+
*/
|
|
89
|
+
challenge: string;
|
|
90
|
+
/**
|
|
91
|
+
* The identifier of the key to attest, as returned by `generateKey()`.
|
|
92
|
+
*
|
|
93
|
+
* @example 'Kh0DIEwVJTDJUyIRZ4M9BvJn/i4RSSGDkFvUZOaSm5g='
|
|
94
|
+
* @since 0.1.0
|
|
95
|
+
*/
|
|
96
|
+
keyId: string;
|
|
97
|
+
}
|
|
98
|
+
/**
|
|
99
|
+
* @since 0.1.0
|
|
100
|
+
*/
|
|
101
|
+
export interface AttestKeyResult {
|
|
102
|
+
/**
|
|
103
|
+
* The attestation object, encoded as a base64 string.
|
|
104
|
+
*
|
|
105
|
+
* Send this to your server for verification with Apple.
|
|
106
|
+
*
|
|
107
|
+
* @since 0.1.0
|
|
108
|
+
*/
|
|
109
|
+
attestationObject: string;
|
|
110
|
+
}
|
|
111
|
+
/**
|
|
112
|
+
* @since 0.1.0
|
|
113
|
+
*/
|
|
114
|
+
export interface GenerateAssertionOptions {
|
|
115
|
+
/**
|
|
116
|
+
* The client data to sign, encoded as a base64 string.
|
|
117
|
+
*
|
|
118
|
+
* This is usually a JSON payload that includes a one-time challenge
|
|
119
|
+
* received from your server. The client data is hashed with SHA-256 on the
|
|
120
|
+
* device before it is passed to the App Attest service.
|
|
121
|
+
*
|
|
122
|
+
* @example 'eyJjaGFsbGVuZ2UiOiJkR2hwYzJsellXTm9ZV3hzWlc1blpRPT0ifQ=='
|
|
123
|
+
* @since 0.1.0
|
|
124
|
+
*/
|
|
125
|
+
clientData: string;
|
|
126
|
+
/**
|
|
127
|
+
* The identifier of an attested key, as returned by `generateKey()`.
|
|
128
|
+
*
|
|
129
|
+
* @example 'Kh0DIEwVJTDJUyIRZ4M9BvJn/i4RSSGDkFvUZOaSm5g='
|
|
130
|
+
* @since 0.1.0
|
|
131
|
+
*/
|
|
132
|
+
keyId: string;
|
|
133
|
+
}
|
|
134
|
+
/**
|
|
135
|
+
* @since 0.1.0
|
|
136
|
+
*/
|
|
137
|
+
export interface GenerateAssertionResult {
|
|
138
|
+
/**
|
|
139
|
+
* The assertion object, encoded as a base64 string.
|
|
140
|
+
*
|
|
141
|
+
* Send this to your server for verification.
|
|
142
|
+
*
|
|
143
|
+
* @since 0.1.0
|
|
144
|
+
*/
|
|
145
|
+
assertion: string;
|
|
146
|
+
}
|
|
147
|
+
/**
|
|
148
|
+
* @since 0.1.0
|
|
149
|
+
*/
|
|
150
|
+
export interface GenerateKeyResult {
|
|
151
|
+
/**
|
|
152
|
+
* The identifier of the generated key pair.
|
|
153
|
+
*
|
|
154
|
+
* @example 'Kh0DIEwVJTDJUyIRZ4M9BvJn/i4RSSGDkFvUZOaSm5g='
|
|
155
|
+
* @since 0.1.0
|
|
156
|
+
*/
|
|
157
|
+
keyId: string;
|
|
158
|
+
}
|
|
159
|
+
/**
|
|
160
|
+
* @since 0.1.0
|
|
161
|
+
*/
|
|
162
|
+
export interface IsAvailableResult {
|
|
163
|
+
/**
|
|
164
|
+
* Whether app integrity attestation is available on this device.
|
|
165
|
+
*
|
|
166
|
+
* @example true
|
|
167
|
+
* @since 0.1.0
|
|
168
|
+
*/
|
|
169
|
+
available: boolean;
|
|
170
|
+
}
|
|
171
|
+
/**
|
|
172
|
+
* @since 0.1.0
|
|
173
|
+
*/
|
|
174
|
+
export interface PrepareIntegrityTokenOptions {
|
|
175
|
+
/**
|
|
176
|
+
* The Google Cloud project number of the project that is linked
|
|
177
|
+
* to your Play Console developer account.
|
|
178
|
+
*
|
|
179
|
+
* @example 123456789012
|
|
180
|
+
* @since 0.1.0
|
|
181
|
+
*/
|
|
182
|
+
cloudProjectNumber: number;
|
|
183
|
+
}
|
|
184
|
+
/**
|
|
185
|
+
* @since 0.1.0
|
|
186
|
+
*/
|
|
187
|
+
export interface RequestIntegrityTokenOptions {
|
|
188
|
+
/**
|
|
189
|
+
* The Google Cloud project number of the project that is linked
|
|
190
|
+
* to your Play Console developer account.
|
|
191
|
+
*
|
|
192
|
+
* Only used for classic requests. It is required if your app is
|
|
193
|
+
* distributed outside of Google Play.
|
|
194
|
+
*
|
|
195
|
+
* @example 123456789012
|
|
196
|
+
* @since 0.1.0
|
|
197
|
+
*/
|
|
198
|
+
cloudProjectNumber?: number;
|
|
199
|
+
/**
|
|
200
|
+
* The one-time nonce for a classic request, encoded as a base64
|
|
201
|
+
* web-safe no-wrap string.
|
|
202
|
+
*
|
|
203
|
+
* Provide either `nonce` or `requestHash`.
|
|
204
|
+
*
|
|
205
|
+
* @example 'dGhpc2lzYW5vbmNl'
|
|
206
|
+
* @since 0.1.0
|
|
207
|
+
*/
|
|
208
|
+
nonce?: string;
|
|
209
|
+
/**
|
|
210
|
+
* The request hash for a standard request.
|
|
211
|
+
*
|
|
212
|
+
* Requires a prior call to `prepareIntegrityToken(...)`.
|
|
213
|
+
*
|
|
214
|
+
* Provide either `nonce` or `requestHash`.
|
|
215
|
+
*
|
|
216
|
+
* @example '2cp24z...'
|
|
217
|
+
* @since 0.1.0
|
|
218
|
+
*/
|
|
219
|
+
requestHash?: string;
|
|
220
|
+
}
|
|
221
|
+
/**
|
|
222
|
+
* @since 0.1.0
|
|
223
|
+
*/
|
|
224
|
+
export interface RequestIntegrityTokenResult {
|
|
225
|
+
/**
|
|
226
|
+
* The integrity token.
|
|
227
|
+
*
|
|
228
|
+
* Send this to your server, which decrypts and verifies it via
|
|
229
|
+
* Google's servers.
|
|
230
|
+
*
|
|
231
|
+
* @since 0.1.0
|
|
232
|
+
*/
|
|
233
|
+
token: string;
|
|
234
|
+
}
|
|
235
|
+
/**
|
|
236
|
+
* @since 0.1.0
|
|
237
|
+
*/
|
|
238
|
+
export declare enum ErrorCode {
|
|
239
|
+
/**
|
|
240
|
+
* The Play Integrity API is not available on this device.
|
|
241
|
+
*
|
|
242
|
+
* Only available on Android.
|
|
243
|
+
*
|
|
244
|
+
* @since 0.1.0
|
|
245
|
+
*/
|
|
246
|
+
ApiNotAvailable = "API_NOT_AVAILABLE",
|
|
247
|
+
/**
|
|
248
|
+
* The calling app is not installed.
|
|
249
|
+
*
|
|
250
|
+
* Only available on Android.
|
|
251
|
+
*
|
|
252
|
+
* @since 0.1.0
|
|
253
|
+
*/
|
|
254
|
+
AppNotInstalled = "APP_NOT_INSTALLED",
|
|
255
|
+
/**
|
|
256
|
+
* The calling app UID does not match the one from the package manager.
|
|
257
|
+
*
|
|
258
|
+
* Only available on Android.
|
|
259
|
+
*
|
|
260
|
+
* @since 0.1.0
|
|
261
|
+
*/
|
|
262
|
+
AppUidMismatch = "APP_UID_MISMATCH",
|
|
263
|
+
/**
|
|
264
|
+
* The assertion could not be generated.
|
|
265
|
+
*
|
|
266
|
+
* Only available on iOS.
|
|
267
|
+
*
|
|
268
|
+
* @since 0.1.0
|
|
269
|
+
*/
|
|
270
|
+
AssertionFailed = "ASSERTION_FAILED",
|
|
271
|
+
/**
|
|
272
|
+
* The attestation could not be generated.
|
|
273
|
+
*
|
|
274
|
+
* Only available on iOS.
|
|
275
|
+
*
|
|
276
|
+
* @since 0.1.0
|
|
277
|
+
*/
|
|
278
|
+
AttestationFailed = "ATTESTATION_FAILED",
|
|
279
|
+
/**
|
|
280
|
+
* The app could not bind to the integrity service in the Play Store.
|
|
281
|
+
*
|
|
282
|
+
* Only available on Android.
|
|
283
|
+
*
|
|
284
|
+
* @since 0.1.0
|
|
285
|
+
*/
|
|
286
|
+
CannotBindToService = "CANNOT_BIND_TO_SERVICE",
|
|
287
|
+
/**
|
|
288
|
+
* A transient error occurred on the device. Retry with an exponential backoff.
|
|
289
|
+
*
|
|
290
|
+
* Only available on Android.
|
|
291
|
+
*
|
|
292
|
+
* @since 0.1.0
|
|
293
|
+
*/
|
|
294
|
+
ClientTransientError = "CLIENT_TRANSIENT_ERROR",
|
|
295
|
+
/**
|
|
296
|
+
* The Google server is currently unavailable. Retry with an exponential backoff.
|
|
297
|
+
*
|
|
298
|
+
* Only available on Android.
|
|
299
|
+
*
|
|
300
|
+
* @since 0.1.0
|
|
301
|
+
*/
|
|
302
|
+
GoogleServerUnavailable = "GOOGLE_SERVER_UNAVAILABLE",
|
|
303
|
+
/**
|
|
304
|
+
* The integrity token provider is invalid. Call `prepareIntegrityToken(...)` again.
|
|
305
|
+
*
|
|
306
|
+
* Only available on Android.
|
|
307
|
+
*
|
|
308
|
+
* @since 0.1.0
|
|
309
|
+
*/
|
|
310
|
+
IntegrityTokenProviderInvalid = "INTEGRITY_TOKEN_PROVIDER_INVALID",
|
|
311
|
+
/**
|
|
312
|
+
* An internal error occurred. Retry with an exponential backoff.
|
|
313
|
+
*
|
|
314
|
+
* Only available on Android.
|
|
315
|
+
*
|
|
316
|
+
* @since 0.1.0
|
|
317
|
+
*/
|
|
318
|
+
InternalError = "INTERNAL_ERROR",
|
|
319
|
+
/**
|
|
320
|
+
* The key is invalid or was not recognized by the App Attest service.
|
|
321
|
+
* Generate and attest a new key.
|
|
322
|
+
*
|
|
323
|
+
* Only available on iOS.
|
|
324
|
+
*
|
|
325
|
+
* @since 0.1.0
|
|
326
|
+
*/
|
|
327
|
+
InvalidKey = "INVALID_KEY",
|
|
328
|
+
/**
|
|
329
|
+
* No network connection is available. Retry when the device is online.
|
|
330
|
+
*
|
|
331
|
+
* Only available on Android.
|
|
332
|
+
*
|
|
333
|
+
* @since 0.1.0
|
|
334
|
+
*/
|
|
335
|
+
NetworkError = "NETWORK_ERROR",
|
|
336
|
+
/**
|
|
337
|
+
* Google Play Services is not available on this device.
|
|
338
|
+
*
|
|
339
|
+
* Only available on Android.
|
|
340
|
+
*
|
|
341
|
+
* @since 0.1.0
|
|
342
|
+
*/
|
|
343
|
+
PlayServicesNotFound = "PLAY_SERVICES_NOT_FOUND",
|
|
344
|
+
/**
|
|
345
|
+
* Google Play Services needs to be updated.
|
|
346
|
+
*
|
|
347
|
+
* Only available on Android.
|
|
348
|
+
*
|
|
349
|
+
* @since 0.1.0
|
|
350
|
+
*/
|
|
351
|
+
PlayServicesVersionOutdated = "PLAY_SERVICES_VERSION_OUTDATED",
|
|
352
|
+
/**
|
|
353
|
+
* No official Play Store app was found on the device.
|
|
354
|
+
*
|
|
355
|
+
* Only available on Android.
|
|
356
|
+
*
|
|
357
|
+
* @since 0.1.0
|
|
358
|
+
*/
|
|
359
|
+
PlayStoreNotFound = "PLAY_STORE_NOT_FOUND",
|
|
360
|
+
/**
|
|
361
|
+
* The Play Store app needs to be updated.
|
|
362
|
+
*
|
|
363
|
+
* Only available on Android.
|
|
364
|
+
*
|
|
365
|
+
* @since 0.1.0
|
|
366
|
+
*/
|
|
367
|
+
PlayStoreVersionOutdated = "PLAY_STORE_VERSION_OUTDATED",
|
|
368
|
+
/**
|
|
369
|
+
* The App Attest service is currently unavailable. Retry later.
|
|
370
|
+
*
|
|
371
|
+
* Only available on iOS.
|
|
372
|
+
*
|
|
373
|
+
* @since 0.1.0
|
|
374
|
+
*/
|
|
375
|
+
ServerUnavailable = "SERVER_UNAVAILABLE",
|
|
376
|
+
/**
|
|
377
|
+
* The calling app is making too many requests and has been throttled.
|
|
378
|
+
*
|
|
379
|
+
* Only available on Android.
|
|
380
|
+
*
|
|
381
|
+
* @since 0.1.0
|
|
382
|
+
*/
|
|
383
|
+
TooManyRequests = "TOO_MANY_REQUESTS"
|
|
384
|
+
}
|
|
@@ -0,0 +1,152 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @since 0.1.0
|
|
3
|
+
*/
|
|
4
|
+
export var ErrorCode;
|
|
5
|
+
(function (ErrorCode) {
|
|
6
|
+
/**
|
|
7
|
+
* The Play Integrity API is not available on this device.
|
|
8
|
+
*
|
|
9
|
+
* Only available on Android.
|
|
10
|
+
*
|
|
11
|
+
* @since 0.1.0
|
|
12
|
+
*/
|
|
13
|
+
ErrorCode["ApiNotAvailable"] = "API_NOT_AVAILABLE";
|
|
14
|
+
/**
|
|
15
|
+
* The calling app is not installed.
|
|
16
|
+
*
|
|
17
|
+
* Only available on Android.
|
|
18
|
+
*
|
|
19
|
+
* @since 0.1.0
|
|
20
|
+
*/
|
|
21
|
+
ErrorCode["AppNotInstalled"] = "APP_NOT_INSTALLED";
|
|
22
|
+
/**
|
|
23
|
+
* The calling app UID does not match the one from the package manager.
|
|
24
|
+
*
|
|
25
|
+
* Only available on Android.
|
|
26
|
+
*
|
|
27
|
+
* @since 0.1.0
|
|
28
|
+
*/
|
|
29
|
+
ErrorCode["AppUidMismatch"] = "APP_UID_MISMATCH";
|
|
30
|
+
/**
|
|
31
|
+
* The assertion could not be generated.
|
|
32
|
+
*
|
|
33
|
+
* Only available on iOS.
|
|
34
|
+
*
|
|
35
|
+
* @since 0.1.0
|
|
36
|
+
*/
|
|
37
|
+
ErrorCode["AssertionFailed"] = "ASSERTION_FAILED";
|
|
38
|
+
/**
|
|
39
|
+
* The attestation could not be generated.
|
|
40
|
+
*
|
|
41
|
+
* Only available on iOS.
|
|
42
|
+
*
|
|
43
|
+
* @since 0.1.0
|
|
44
|
+
*/
|
|
45
|
+
ErrorCode["AttestationFailed"] = "ATTESTATION_FAILED";
|
|
46
|
+
/**
|
|
47
|
+
* The app could not bind to the integrity service in the Play Store.
|
|
48
|
+
*
|
|
49
|
+
* Only available on Android.
|
|
50
|
+
*
|
|
51
|
+
* @since 0.1.0
|
|
52
|
+
*/
|
|
53
|
+
ErrorCode["CannotBindToService"] = "CANNOT_BIND_TO_SERVICE";
|
|
54
|
+
/**
|
|
55
|
+
* A transient error occurred on the device. Retry with an exponential backoff.
|
|
56
|
+
*
|
|
57
|
+
* Only available on Android.
|
|
58
|
+
*
|
|
59
|
+
* @since 0.1.0
|
|
60
|
+
*/
|
|
61
|
+
ErrorCode["ClientTransientError"] = "CLIENT_TRANSIENT_ERROR";
|
|
62
|
+
/**
|
|
63
|
+
* The Google server is currently unavailable. Retry with an exponential backoff.
|
|
64
|
+
*
|
|
65
|
+
* Only available on Android.
|
|
66
|
+
*
|
|
67
|
+
* @since 0.1.0
|
|
68
|
+
*/
|
|
69
|
+
ErrorCode["GoogleServerUnavailable"] = "GOOGLE_SERVER_UNAVAILABLE";
|
|
70
|
+
/**
|
|
71
|
+
* The integrity token provider is invalid. Call `prepareIntegrityToken(...)` again.
|
|
72
|
+
*
|
|
73
|
+
* Only available on Android.
|
|
74
|
+
*
|
|
75
|
+
* @since 0.1.0
|
|
76
|
+
*/
|
|
77
|
+
ErrorCode["IntegrityTokenProviderInvalid"] = "INTEGRITY_TOKEN_PROVIDER_INVALID";
|
|
78
|
+
/**
|
|
79
|
+
* An internal error occurred. Retry with an exponential backoff.
|
|
80
|
+
*
|
|
81
|
+
* Only available on Android.
|
|
82
|
+
*
|
|
83
|
+
* @since 0.1.0
|
|
84
|
+
*/
|
|
85
|
+
ErrorCode["InternalError"] = "INTERNAL_ERROR";
|
|
86
|
+
/**
|
|
87
|
+
* The key is invalid or was not recognized by the App Attest service.
|
|
88
|
+
* Generate and attest a new key.
|
|
89
|
+
*
|
|
90
|
+
* Only available on iOS.
|
|
91
|
+
*
|
|
92
|
+
* @since 0.1.0
|
|
93
|
+
*/
|
|
94
|
+
ErrorCode["InvalidKey"] = "INVALID_KEY";
|
|
95
|
+
/**
|
|
96
|
+
* No network connection is available. Retry when the device is online.
|
|
97
|
+
*
|
|
98
|
+
* Only available on Android.
|
|
99
|
+
*
|
|
100
|
+
* @since 0.1.0
|
|
101
|
+
*/
|
|
102
|
+
ErrorCode["NetworkError"] = "NETWORK_ERROR";
|
|
103
|
+
/**
|
|
104
|
+
* Google Play Services is not available on this device.
|
|
105
|
+
*
|
|
106
|
+
* Only available on Android.
|
|
107
|
+
*
|
|
108
|
+
* @since 0.1.0
|
|
109
|
+
*/
|
|
110
|
+
ErrorCode["PlayServicesNotFound"] = "PLAY_SERVICES_NOT_FOUND";
|
|
111
|
+
/**
|
|
112
|
+
* Google Play Services needs to be updated.
|
|
113
|
+
*
|
|
114
|
+
* Only available on Android.
|
|
115
|
+
*
|
|
116
|
+
* @since 0.1.0
|
|
117
|
+
*/
|
|
118
|
+
ErrorCode["PlayServicesVersionOutdated"] = "PLAY_SERVICES_VERSION_OUTDATED";
|
|
119
|
+
/**
|
|
120
|
+
* No official Play Store app was found on the device.
|
|
121
|
+
*
|
|
122
|
+
* Only available on Android.
|
|
123
|
+
*
|
|
124
|
+
* @since 0.1.0
|
|
125
|
+
*/
|
|
126
|
+
ErrorCode["PlayStoreNotFound"] = "PLAY_STORE_NOT_FOUND";
|
|
127
|
+
/**
|
|
128
|
+
* The Play Store app needs to be updated.
|
|
129
|
+
*
|
|
130
|
+
* Only available on Android.
|
|
131
|
+
*
|
|
132
|
+
* @since 0.1.0
|
|
133
|
+
*/
|
|
134
|
+
ErrorCode["PlayStoreVersionOutdated"] = "PLAY_STORE_VERSION_OUTDATED";
|
|
135
|
+
/**
|
|
136
|
+
* The App Attest service is currently unavailable. Retry later.
|
|
137
|
+
*
|
|
138
|
+
* Only available on iOS.
|
|
139
|
+
*
|
|
140
|
+
* @since 0.1.0
|
|
141
|
+
*/
|
|
142
|
+
ErrorCode["ServerUnavailable"] = "SERVER_UNAVAILABLE";
|
|
143
|
+
/**
|
|
144
|
+
* The calling app is making too many requests and has been throttled.
|
|
145
|
+
*
|
|
146
|
+
* Only available on Android.
|
|
147
|
+
*
|
|
148
|
+
* @since 0.1.0
|
|
149
|
+
*/
|
|
150
|
+
ErrorCode["TooManyRequests"] = "TOO_MANY_REQUESTS";
|
|
151
|
+
})(ErrorCode || (ErrorCode = {}));
|
|
152
|
+
//# sourceMappingURL=definitions.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"definitions.js","sourceRoot":"","sources":["../../src/definitions.ts"],"names":[],"mappings":"AAwPA;;GAEG;AACH,MAAM,CAAN,IAAY,SAkJX;AAlJD,WAAY,SAAS;IACnB;;;;;;OAMG;IACH,kDAAqC,CAAA;IACrC;;;;;;OAMG;IACH,kDAAqC,CAAA;IACrC;;;;;;OAMG;IACH,gDAAmC,CAAA;IACnC;;;;;;OAMG;IACH,iDAAoC,CAAA;IACpC;;;;;;OAMG;IACH,qDAAwC,CAAA;IACxC;;;;;;OAMG;IACH,2DAA8C,CAAA;IAC9C;;;;;;OAMG;IACH,4DAA+C,CAAA;IAC/C;;;;;;OAMG;IACH,kEAAqD,CAAA;IACrD;;;;;;OAMG;IACH,+EAAkE,CAAA;IAClE;;;;;;OAMG;IACH,6CAAgC,CAAA;IAChC;;;;;;;OAOG;IACH,uCAA0B,CAAA;IAC1B;;;;;;OAMG;IACH,2CAA8B,CAAA;IAC9B;;;;;;OAMG;IACH,6DAAgD,CAAA;IAChD;;;;;;OAMG;IACH,2EAA8D,CAAA;IAC9D;;;;;;OAMG;IACH,uDAA0C,CAAA;IAC1C;;;;;;OAMG;IACH,qEAAwD,CAAA;IACxD;;;;;;OAMG;IACH,qDAAwC,CAAA;IACxC;;;;;;OAMG;IACH,kDAAqC,CAAA;AACvC,CAAC,EAlJW,SAAS,KAAT,SAAS,QAkJpB","sourcesContent":["/**\n * @since 0.1.0\n */\nexport interface AppIntegrityPlugin {\n /**\n * Attest a key generated with `generateKey()` using Apple's App Attest service.\n *\n * The returned attestation object must be sent to your server, which verifies\n * it with Apple and stores the key identifier for future assertions.\n *\n * Only available on iOS.\n *\n * @since 0.1.0\n */\n attestKey(options: AttestKeyOptions): Promise<AttestKeyResult>;\n /**\n * Generate an assertion for the given client data using an attested key.\n *\n * The returned assertion must be sent to your server along with the client\n * data, where it is verified using the previously stored key identifier.\n *\n * Only available on iOS.\n *\n * @since 0.1.0\n */\n generateAssertion(\n options: GenerateAssertionOptions,\n ): Promise<GenerateAssertionResult>;\n /**\n * Generate a new App Attest key pair.\n *\n * The private key is stored in the Secure Enclave. Store the returned key\n * identifier in your app to attest the key and generate assertions later.\n *\n * Only available on iOS.\n *\n * @since 0.1.0\n */\n generateKey(): Promise<GenerateKeyResult>;\n /**\n * Check whether app integrity attestation is available on this device.\n *\n * On Android, this checks whether Google Play Services is available.\n * On iOS, this checks whether the App Attest service is supported.\n * On iOS, the App Attest service is not supported on simulators.\n *\n * @since 0.1.0\n */\n isAvailable(): Promise<IsAvailableResult>;\n /**\n * Prepare the integrity token provider for standard integrity token requests.\n *\n * Call this method once, for example at app start, before calling\n * `requestIntegrityToken(...)` with a request hash. The preparation can take\n * several seconds, so it should be done well ahead of the first request.\n *\n * Only available on Android.\n *\n * @since 0.1.0\n */\n prepareIntegrityToken(options: PrepareIntegrityTokenOptions): Promise<void>;\n /**\n * Request an integrity token from the Play Integrity API.\n *\n * Provide a `requestHash` for a standard request (recommended, requires a\n * prior call to `prepareIntegrityToken(...)`) or a `nonce` for a classic request.\n *\n * The returned token must be sent to your server, which decrypts and\n * verifies it via Google's servers.\n *\n * Only available on Android.\n *\n * @since 0.1.0\n */\n requestIntegrityToken(\n options: RequestIntegrityTokenOptions,\n ): Promise<RequestIntegrityTokenResult>;\n}\n\n/**\n * @since 0.1.0\n */\nexport interface AttestKeyOptions {\n /**\n * The one-time challenge received from your server, encoded as a\n * base64 string.\n *\n * The challenge is hashed with SHA-256 on the device before it is passed\n * to the App Attest service.\n *\n * @example 'dGhpc2lzYWNoYWxsZW5nZQ=='\n * @since 0.1.0\n */\n challenge: string;\n /**\n * The identifier of the key to attest, as returned by `generateKey()`.\n *\n * @example 'Kh0DIEwVJTDJUyIRZ4M9BvJn/i4RSSGDkFvUZOaSm5g='\n * @since 0.1.0\n */\n keyId: string;\n}\n\n/**\n * @since 0.1.0\n */\nexport interface AttestKeyResult {\n /**\n * The attestation object, encoded as a base64 string.\n *\n * Send this to your server for verification with Apple.\n *\n * @since 0.1.0\n */\n attestationObject: string;\n}\n\n/**\n * @since 0.1.0\n */\nexport interface GenerateAssertionOptions {\n /**\n * The client data to sign, encoded as a base64 string.\n *\n * This is usually a JSON payload that includes a one-time challenge\n * received from your server. The client data is hashed with SHA-256 on the\n * device before it is passed to the App Attest service.\n *\n * @example 'eyJjaGFsbGVuZ2UiOiJkR2hwYzJsellXTm9ZV3hzWlc1blpRPT0ifQ=='\n * @since 0.1.0\n */\n clientData: string;\n /**\n * The identifier of an attested key, as returned by `generateKey()`.\n *\n * @example 'Kh0DIEwVJTDJUyIRZ4M9BvJn/i4RSSGDkFvUZOaSm5g='\n * @since 0.1.0\n */\n keyId: string;\n}\n\n/**\n * @since 0.1.0\n */\nexport interface GenerateAssertionResult {\n /**\n * The assertion object, encoded as a base64 string.\n *\n * Send this to your server for verification.\n *\n * @since 0.1.0\n */\n assertion: string;\n}\n\n/**\n * @since 0.1.0\n */\nexport interface GenerateKeyResult {\n /**\n * The identifier of the generated key pair.\n *\n * @example 'Kh0DIEwVJTDJUyIRZ4M9BvJn/i4RSSGDkFvUZOaSm5g='\n * @since 0.1.0\n */\n keyId: string;\n}\n\n/**\n * @since 0.1.0\n */\nexport interface IsAvailableResult {\n /**\n * Whether app integrity attestation is available on this device.\n *\n * @example true\n * @since 0.1.0\n */\n available: boolean;\n}\n\n/**\n * @since 0.1.0\n */\nexport interface PrepareIntegrityTokenOptions {\n /**\n * The Google Cloud project number of the project that is linked\n * to your Play Console developer account.\n *\n * @example 123456789012\n * @since 0.1.0\n */\n cloudProjectNumber: number;\n}\n\n/**\n * @since 0.1.0\n */\nexport interface RequestIntegrityTokenOptions {\n /**\n * The Google Cloud project number of the project that is linked\n * to your Play Console developer account.\n *\n * Only used for classic requests. It is required if your app is\n * distributed outside of Google Play.\n *\n * @example 123456789012\n * @since 0.1.0\n */\n cloudProjectNumber?: number;\n /**\n * The one-time nonce for a classic request, encoded as a base64\n * web-safe no-wrap string.\n *\n * Provide either `nonce` or `requestHash`.\n *\n * @example 'dGhpc2lzYW5vbmNl'\n * @since 0.1.0\n */\n nonce?: string;\n /**\n * The request hash for a standard request.\n *\n * Requires a prior call to `prepareIntegrityToken(...)`.\n *\n * Provide either `nonce` or `requestHash`.\n *\n * @example '2cp24z...'\n * @since 0.1.0\n */\n requestHash?: string;\n}\n\n/**\n * @since 0.1.0\n */\nexport interface RequestIntegrityTokenResult {\n /**\n * The integrity token.\n *\n * Send this to your server, which decrypts and verifies it via\n * Google's servers.\n *\n * @since 0.1.0\n */\n token: string;\n}\n\n/**\n * @since 0.1.0\n */\nexport enum ErrorCode {\n /**\n * The Play Integrity API is not available on this device.\n *\n * Only available on Android.\n *\n * @since 0.1.0\n */\n ApiNotAvailable = 'API_NOT_AVAILABLE',\n /**\n * The calling app is not installed.\n *\n * Only available on Android.\n *\n * @since 0.1.0\n */\n AppNotInstalled = 'APP_NOT_INSTALLED',\n /**\n * The calling app UID does not match the one from the package manager.\n *\n * Only available on Android.\n *\n * @since 0.1.0\n */\n AppUidMismatch = 'APP_UID_MISMATCH',\n /**\n * The assertion could not be generated.\n *\n * Only available on iOS.\n *\n * @since 0.1.0\n */\n AssertionFailed = 'ASSERTION_FAILED',\n /**\n * The attestation could not be generated.\n *\n * Only available on iOS.\n *\n * @since 0.1.0\n */\n AttestationFailed = 'ATTESTATION_FAILED',\n /**\n * The app could not bind to the integrity service in the Play Store.\n *\n * Only available on Android.\n *\n * @since 0.1.0\n */\n CannotBindToService = 'CANNOT_BIND_TO_SERVICE',\n /**\n * A transient error occurred on the device. Retry with an exponential backoff.\n *\n * Only available on Android.\n *\n * @since 0.1.0\n */\n ClientTransientError = 'CLIENT_TRANSIENT_ERROR',\n /**\n * The Google server is currently unavailable. Retry with an exponential backoff.\n *\n * Only available on Android.\n *\n * @since 0.1.0\n */\n GoogleServerUnavailable = 'GOOGLE_SERVER_UNAVAILABLE',\n /**\n * The integrity token provider is invalid. Call `prepareIntegrityToken(...)` again.\n *\n * Only available on Android.\n *\n * @since 0.1.0\n */\n IntegrityTokenProviderInvalid = 'INTEGRITY_TOKEN_PROVIDER_INVALID',\n /**\n * An internal error occurred. Retry with an exponential backoff.\n *\n * Only available on Android.\n *\n * @since 0.1.0\n */\n InternalError = 'INTERNAL_ERROR',\n /**\n * The key is invalid or was not recognized by the App Attest service.\n * Generate and attest a new key.\n *\n * Only available on iOS.\n *\n * @since 0.1.0\n */\n InvalidKey = 'INVALID_KEY',\n /**\n * No network connection is available. Retry when the device is online.\n *\n * Only available on Android.\n *\n * @since 0.1.0\n */\n NetworkError = 'NETWORK_ERROR',\n /**\n * Google Play Services is not available on this device.\n *\n * Only available on Android.\n *\n * @since 0.1.0\n */\n PlayServicesNotFound = 'PLAY_SERVICES_NOT_FOUND',\n /**\n * Google Play Services needs to be updated.\n *\n * Only available on Android.\n *\n * @since 0.1.0\n */\n PlayServicesVersionOutdated = 'PLAY_SERVICES_VERSION_OUTDATED',\n /**\n * No official Play Store app was found on the device.\n *\n * Only available on Android.\n *\n * @since 0.1.0\n */\n PlayStoreNotFound = 'PLAY_STORE_NOT_FOUND',\n /**\n * The Play Store app needs to be updated.\n *\n * Only available on Android.\n *\n * @since 0.1.0\n */\n PlayStoreVersionOutdated = 'PLAY_STORE_VERSION_OUTDATED',\n /**\n * The App Attest service is currently unavailable. Retry later.\n *\n * Only available on iOS.\n *\n * @since 0.1.0\n */\n ServerUnavailable = 'SERVER_UNAVAILABLE',\n /**\n * The calling app is making too many requests and has been throttled.\n *\n * Only available on Android.\n *\n * @since 0.1.0\n */\n TooManyRequests = 'TOO_MANY_REQUESTS',\n}\n"]}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { registerPlugin } from '@capacitor/core';
|
|
2
|
+
const AppIntegrity = registerPlugin('AppIntegrity', {
|
|
3
|
+
web: () => import('./web').then(m => new m.AppIntegrityWeb()),
|
|
4
|
+
});
|
|
5
|
+
export * from './definitions';
|
|
6
|
+
export { AppIntegrity };
|
|
7
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAIjD,MAAM,YAAY,GAAG,cAAc,CAAqB,cAAc,EAAE;IACtE,GAAG,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,eAAe,EAAE,CAAC;CAC9D,CAAC,CAAC;AAEH,cAAc,eAAe,CAAC;AAC9B,OAAO,EAAE,YAAY,EAAE,CAAC","sourcesContent":["import { registerPlugin } from '@capacitor/core';\n\nimport type { AppIntegrityPlugin } from './definitions';\n\nconst AppIntegrity = registerPlugin<AppIntegrityPlugin>('AppIntegrity', {\n web: () => import('./web').then(m => new m.AppIntegrityWeb()),\n});\n\nexport * from './definitions';\nexport { AppIntegrity };\n"]}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { WebPlugin } from '@capacitor/core';
|
|
2
|
+
import type { AppIntegrityPlugin, AttestKeyResult, GenerateAssertionResult, GenerateKeyResult, IsAvailableResult, RequestIntegrityTokenResult } from './definitions';
|
|
3
|
+
export declare class AppIntegrityWeb extends WebPlugin implements AppIntegrityPlugin {
|
|
4
|
+
attestKey(): Promise<AttestKeyResult>;
|
|
5
|
+
generateAssertion(): Promise<GenerateAssertionResult>;
|
|
6
|
+
generateKey(): Promise<GenerateKeyResult>;
|
|
7
|
+
isAvailable(): Promise<IsAvailableResult>;
|
|
8
|
+
prepareIntegrityToken(): Promise<void>;
|
|
9
|
+
requestIntegrityToken(): Promise<RequestIntegrityTokenResult>;
|
|
10
|
+
}
|
package/dist/esm/web.js
ADDED
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import { WebPlugin } from '@capacitor/core';
|
|
2
|
+
export class AppIntegrityWeb extends WebPlugin {
|
|
3
|
+
async attestKey() {
|
|
4
|
+
throw this.unimplemented('Not implemented on web.');
|
|
5
|
+
}
|
|
6
|
+
async generateAssertion() {
|
|
7
|
+
throw this.unimplemented('Not implemented on web.');
|
|
8
|
+
}
|
|
9
|
+
async generateKey() {
|
|
10
|
+
throw this.unimplemented('Not implemented on web.');
|
|
11
|
+
}
|
|
12
|
+
async isAvailable() {
|
|
13
|
+
throw this.unimplemented('Not implemented on web.');
|
|
14
|
+
}
|
|
15
|
+
async prepareIntegrityToken() {
|
|
16
|
+
throw this.unimplemented('Not implemented on web.');
|
|
17
|
+
}
|
|
18
|
+
async requestIntegrityToken() {
|
|
19
|
+
throw this.unimplemented('Not implemented on web.');
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
//# sourceMappingURL=web.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"web.js","sourceRoot":"","sources":["../../src/web.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAW5C,MAAM,OAAO,eAAgB,SAAQ,SAAS;IAC5C,KAAK,CAAC,SAAS;QACb,MAAM,IAAI,CAAC,aAAa,CAAC,yBAAyB,CAAC,CAAC;IACtD,CAAC;IAED,KAAK,CAAC,iBAAiB;QACrB,MAAM,IAAI,CAAC,aAAa,CAAC,yBAAyB,CAAC,CAAC;IACtD,CAAC;IAED,KAAK,CAAC,WAAW;QACf,MAAM,IAAI,CAAC,aAAa,CAAC,yBAAyB,CAAC,CAAC;IACtD,CAAC;IAED,KAAK,CAAC,WAAW;QACf,MAAM,IAAI,CAAC,aAAa,CAAC,yBAAyB,CAAC,CAAC;IACtD,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,MAAM,IAAI,CAAC,aAAa,CAAC,yBAAyB,CAAC,CAAC;IACtD,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,MAAM,IAAI,CAAC,aAAa,CAAC,yBAAyB,CAAC,CAAC;IACtD,CAAC;CACF","sourcesContent":["import { WebPlugin } from '@capacitor/core';\n\nimport type {\n AppIntegrityPlugin,\n AttestKeyResult,\n GenerateAssertionResult,\n GenerateKeyResult,\n IsAvailableResult,\n RequestIntegrityTokenResult,\n} from './definitions';\n\nexport class AppIntegrityWeb extends WebPlugin implements AppIntegrityPlugin {\n async attestKey(): Promise<AttestKeyResult> {\n throw this.unimplemented('Not implemented on web.');\n }\n\n async generateAssertion(): Promise<GenerateAssertionResult> {\n throw this.unimplemented('Not implemented on web.');\n }\n\n async generateKey(): Promise<GenerateKeyResult> {\n throw this.unimplemented('Not implemented on web.');\n }\n\n async isAvailable(): Promise<IsAvailableResult> {\n throw this.unimplemented('Not implemented on web.');\n }\n\n async prepareIntegrityToken(): Promise<void> {\n throw this.unimplemented('Not implemented on web.');\n }\n\n async requestIntegrityToken(): Promise<RequestIntegrityTokenResult> {\n throw this.unimplemented('Not implemented on web.');\n }\n}\n"]}
|