@coinbase/cdp-app-attest 0.0.0 → 0.0.95

package/android/build.gradle

@@ -0,0 +1,40 @@
+apply plugin: 'com.android.library'
+apply plugin: 'kotlin-android'
+apply plugin: 'expo-module-gradle-plugin'
+
+android {
+  namespace "expo.modules.cdpappattest"
+  compileSdkVersion safeExtGet("compileSdkVersion", 34)
+
+  defaultConfig {
+    minSdkVersion safeExtGet("minSdkVersion", 23)
+    targetSdkVersion safeExtGet("targetSdkVersion", 34)
+    versionName "0.0.1"
+    versionCode 1
+  }
+
+  compileOptions {
+    sourceCompatibility JavaVersion.VERSION_17
+    targetCompatibility JavaVersion.VERSION_17
+  }
+
+  kotlinOptions {
+    jvmTarget = "17"
+  }
+}
+
+dependencies {
+  implementation project(':expo-modules-core')
+  implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk7:${getKotlinVersion()}"
+  implementation "com.google.android.play:integrity:1.4.0"
+  implementation "com.google.android.gms:play-services-base:18.5.0"
+}
+
+def safeExtGet(prop, fallback) {
+  rootProject.ext.has(prop) ? rootProject.ext.get(prop) : fallback
+}
+
+def getKotlinVersion() {
+  def kotlinVersion = rootProject.ext.has("kotlinVersion") ? rootProject.ext.get("kotlinVersion") : "1.9.23"
+  return kotlinVersion
+}

package/android/src/main/AndroidManifest.xml

@@ -0,0 +1 @@
+<manifest />

package/android/src/main/java/expo/modules/cdpappattest/CdpAppAttestModule.kt

@@ -0,0 +1,105 @@
+package expo.modules.cdpappattest
+
+import com.google.android.play.core.integrity.IntegrityManagerFactory
+import com.google.android.play.core.integrity.StandardIntegrityManager
+import com.google.android.play.core.integrity.StandardIntegrityManager.StandardIntegrityTokenProvider
+import expo.modules.kotlin.Promise
+import expo.modules.kotlin.exception.CodedException
+import expo.modules.kotlin.modules.Module
+import expo.modules.kotlin.modules.ModuleDefinition
+import expo.modules.kotlin.records.Field
+import expo.modules.kotlin.records.Record
+
+class InitializeConfig : Record {
+    @Field
+    val cloudProjectNumber: String = ""
+}
+
+class CdpAppAttestModule : Module() {
+    private var tokenProvider: StandardIntegrityTokenProvider? = null
+
+    override fun definition() = ModuleDefinition {
+        Name("CdpAppAttest")
+
+        AsyncFunction("isSupported") {
+            val context = appContext.reactContext ?: return@AsyncFunction false
+            try {
+                com.google.android.gms.common.GoogleApiAvailability.getInstance()
+                    .isGooglePlayServicesAvailable(context) == com.google.android.gms.common.ConnectionResult.SUCCESS
+            } catch (_: Exception) {
+                false
+            }
+        }
+
+        AsyncFunction("initialize") { config: InitializeConfig, promise: Promise ->
+            val context = appContext.reactContext
+            if (context == null) {
+                promise.reject(CodedException("ERR_MISSING_CONTEXT", "Application context is not available", null))
+                return@AsyncFunction
+            }
+
+            val projectNumber = config.cloudProjectNumber.toLongOrNull()
+            if (projectNumber == null) {
+                promise.reject(CodedException("ERR_INVALID_CONFIG", "cloudProjectNumber must be a valid number", null))
+                return@AsyncFunction
+            }
+
+            try {
+                val manager = IntegrityManagerFactory.createStandard(context)
+                val prepareRequest = StandardIntegrityManager.PrepareIntegrityTokenRequest.builder()
+                    .setCloudProjectNumber(projectNumber)
+                    .build()
+
+                manager.prepareIntegrityToken(prepareRequest)
+                    .addOnSuccessListener { provider ->
+                        tokenProvider = provider
+                        promise.resolve(null)
+                    }
+                    .addOnFailureListener { e ->
+                        promise.reject(CodedException("ERR_PREPARE_FAILED", "Failed to prepare integrity token: ${e.message}", e))
+                    }
+            } catch (e: Exception) {
+                promise.reject(CodedException("ERR_INITIALIZE_FAILED", "Failed to initialize Play Integrity: ${e.message}", e))
+            }
+        }
+
+        AsyncFunction("attest") { _: String, promise: Promise ->
+            promise.reject(CodedException("ERR_NOT_SUPPORTED", "Attestation exchange is not supported on Android. Use createAssertion() instead.", null))
+        }
+
+        AsyncFunction("createAssertion") { clientData: String, promise: Promise ->
+            val provider = tokenProvider
+            if (provider == null) {
+                promise.reject(CodedException("ERR_NOT_INITIALIZED", "Token provider not initialized. Call initialize() first.", null))
+                return@AsyncFunction
+            }
+
+            try {
+                val request = StandardIntegrityManager.StandardIntegrityTokenRequest.builder()
+                    .setRequestHash(clientData)
+                    .build()
+
+                provider.request(request)
+                    .addOnSuccessListener { response ->
+                        val result = mapOf(
+                            "android" to mapOf(
+                                "integrityToken" to response.token()
+                            )
+                        )
+                        promise.resolve(result)
+                    }
+                    .addOnFailureListener { e ->
+                        promise.reject(CodedException("ERR_INTEGRITY_TOKEN", "Failed to get integrity token: ${e.message}", e))
+                    }
+            } catch (e: Exception) {
+                promise.reject(CodedException("ERR_INTEGRITY_TOKEN", "Failed to request integrity token: ${e.message}", e))
+            }
+        }
+
+        AsyncFunction("clearKey") { promise: Promise ->
+            tokenProvider = null
+            promise.resolve(true)
+        }
+
+    }
+}

package/dist/esm/index.js

@@ -0,0 +1,34 @@
+import { requireNativeModule as a } from "expo-modules-core";
+const t = a("CdpAppAttest");
+async function r() {
+  return await t.isSupported();
+}
+async function c(e) {
+  if (typeof t.initialize == "function")
+    return await t.initialize(e);
+}
+async function o(e) {
+  return await t.attest(e);
+}
+async function s(e) {
+  return await t.createAssertion(e);
+}
+const i = "coinbase.cdp.attestation-registration-confirmed";
+async function u(e) {
+  await t.setKeychainValue(i, e);
+}
+async function p() {
+  return await t.getKeychainValue(i);
+}
+async function f() {
+  await t.clearKey(), await t.deleteKeychainValue(i);
+}
+export {
+  o as attest,
+  f as clearAttestation,
+  u as confirmRegistration,
+  s as createAssertion,
+  p as getRegisteredKeyId,
+  c as initialize,
+  r as isSupported
+};

package/dist/types/index.d.ts

@@ -0,0 +1,43 @@
+declare interface AndroidIntegrityData {
+    integrityToken: string;
+}
+
+export declare interface AssertionResult {
+    ios?: IOSAssertionData;
+    android?: AndroidIntegrityData;
+}
+
+export declare function attest(challenge: string): Promise<AttestationResult>;
+
+export declare interface AttestationResult {
+    ios?: IOSAttestationData;
+}
+
+export declare function clearAttestation(): Promise<void>;
+
+export declare function confirmRegistration(keyId: string): Promise<void>;
+
+export declare function createAssertion(clientData: string): Promise<AssertionResult>;
+
+export declare function getRegisteredKeyId(): Promise<string | null>;
+
+export declare function initialize(config?: InitializeConfig): Promise<void>;
+
+export declare interface InitializeConfig {
+    cloudProjectNumber?: string;
+}
+
+declare interface IOSAssertionData {
+    assertion: string;
+    keyId: string;
+}
+
+declare interface IOSAttestationData {
+    keyId: string;
+    attestation: string;
+    bundleId: string;
+}
+
+export declare function isSupported(): Promise<boolean>;
+
+export { }

package/expo-module.config.json

@@ -0,0 +1,9 @@
+{
+  "platforms": ["ios", "android"],
+  "ios": {
+    "modules": ["CdpAppAttestModule"]
+  },
+  "android": {
+    "modules": ["expo.modules.cdpappattest.CdpAppAttestModule"]
+  }
+}

package/ios/CdpAppAttest.podspec

@@ -0,0 +1,27 @@
+require 'json'
+
+package = JSON.parse(File.read(File.join(__dir__, '..', 'package.json')))
+
+Pod::Spec.new do |s|
+  s.name           = 'CdpAppAttest'
+  s.version        = package['version']
+  s.summary        = package['description']
+  s.description    = package['description']
+  s.license        = package['license']
+  s.author         = package['author']
+  s.homepage       = package['homepage']
+  s.platforms      = { :ios => '14.0' }
+  s.swift_version  = '5.4'
+  s.source         = { git: 'https://github.com/coinbase/cdp-web' }
+  s.static_framework = true
+
+  s.dependency 'ExpoModulesCore'
+
+  # Swift/Objective-C compatibility
+  s.pod_target_xcconfig = {
+    'DEFINES_MODULE' => 'YES',
+    'SWIFT_COMPILATION_MODE' => 'wholemodule'
+  }
+
+  s.source_files = "**/*.{h,m,mm,swift,hpp,cpp}"
+end

package/ios/CdpAppAttestModule.swift

@@ -0,0 +1,282 @@
+import ExpoModulesCore
+import DeviceCheck
+import CryptoKit
+
+/**
+ * CDP module for iOS App Attest.
+ *
+ * Wraps DCAppAttestService to provide JavaScript access to Apple's App Attest
+ * device attestation APIs. Allows apps to prove they are legitimate instances
+ * running on genuine Apple devices.
+ */
+public class CdpAppAttestModule: Module {
+  // Storage key for the attestation key ID in Keychain
+  private let keyIdStorageKey = "cdp_attestation_key_id"
+  // Keychain service name
+  private let keychainService = "com.coinbase.cdp.attestation"
+
+  // MARK: - Keychain Helpers
+
+  /// Saves a string to the Keychain
+  private func saveToKeychain(key: String, value: String) -> Bool {
+    guard let data = value.data(using: .utf8) else {
+      return false
+    }
+
+    // First try to update existing item
+    let updateQuery: [String: Any] = [
+      kSecClass as String: kSecClassGenericPassword,
+      kSecAttrService as String: keychainService,
+      kSecAttrAccount as String: key
+    ]
+
+    let updateAttributes: [String: Any] = [
+      kSecValueData as String: data
+    ]
+
+    let updateStatus = SecItemUpdate(updateQuery as CFDictionary, updateAttributes as CFDictionary)
+
+    if updateStatus == errSecSuccess {
+      return true
+    } else if updateStatus == errSecItemNotFound {
+      // Item doesn't exist, add it
+      let addQuery: [String: Any] = [
+        kSecClass as String: kSecClassGenericPassword,
+        kSecAttrService as String: keychainService,
+        kSecAttrAccount as String: key,
+        kSecValueData as String: data,
+        kSecAttrAccessible as String: kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
+      ]
+
+      let addStatus = SecItemAdd(addQuery as CFDictionary, nil)
+      return addStatus == errSecSuccess
+    }
+
+    return false
+  }
+
+  /// Retrieves a string from the Keychain
+  private func getFromKeychain(key: String) -> String? {
+    let query: [String: Any] = [
+      kSecClass as String: kSecClassGenericPassword,
+      kSecAttrService as String: keychainService,
+      kSecAttrAccount as String: key,
+      kSecReturnData as String: true,
+      kSecMatchLimit as String: kSecMatchLimitOne
+    ]
+
+    var result: AnyObject?
+    let status = SecItemCopyMatching(query as CFDictionary, &result)
+
+    guard status == errSecSuccess,
+          let data = result as? Data,
+          let string = String(data: data, encoding: .utf8) else {
+      return nil
+    }
+
+    return string
+  }
+
+  /// Deletes a value from the Keychain
+  private func deleteFromKeychain(key: String) -> Bool {
+    let query: [String: Any] = [
+      kSecClass as String: kSecClassGenericPassword,
+      kSecAttrService as String: keychainService,
+      kSecAttrAccount as String: key
+    ]
+
+    let status = SecItemDelete(query as CFDictionary)
+    return status == errSecSuccess || status == errSecItemNotFound
+  }
+
+  // MARK: - Key Management
+
+  /// Gets cached key ID from Keychain or generates a new one
+  private func getOrGenerateKeyId(completion: @escaping (String?, Error?) -> Void) {
+    if #available(iOS 14.0, *) {
+      let service = DCAppAttestService.shared
+
+      // Check if we have a cached key ID in Keychain
+      if let cachedKeyId = getFromKeychain(key: keyIdStorageKey) {
+        completion(cachedKeyId, nil)
+        return
+      }
+
+      // Generate new key
+      service.generateKey { keyId, error in
+        if let error = error {
+          completion(nil, error)
+          return
+        }
+
+        guard let keyId = keyId else {
+          completion(nil, NSError(domain: "CdpAppAttest", code: -1, userInfo: [NSLocalizedDescriptionKey: "Key generation returned nil"]))
+          return
+        }
+
+        // Save to Keychain
+        if !self.saveToKeychain(key: self.keyIdStorageKey, value: keyId) {
+          completion(nil, NSError(domain: "CdpAppAttest", code: -1, userInfo: [NSLocalizedDescriptionKey: "Failed to save key ID to Keychain"]))
+          return
+        }
+
+        completion(keyId, nil)
+      }
+    } else {
+      completion(nil, NSError(domain: "CdpAppAttest", code: -1, userInfo: [NSLocalizedDescriptionKey: "iOS 14.0+ required"]))
+    }
+  }
+
+  // Define module metadata
+  public func definition() -> ModuleDefinition {
+    Name("CdpAppAttest")
+
+    // Check if App Attest is supported on this device
+    AsyncFunction("isSupported") { () -> Bool in
+      if #available(iOS 14.0, *) {
+        return DCAppAttestService.shared.isSupported
+      }
+      return false
+    }
+
+    // Attest the app instance with automatic key management
+    AsyncFunction("attest") { (challenge: String, promise: Promise) in
+      if #available(iOS 14.0, *) {
+        let service = DCAppAttestService.shared
+
+        guard service.isSupported else {
+          promise.reject("ERR_NOT_SUPPORTED", "App Attest is not supported on this device")
+          return
+        }
+
+        // Get or generate key ID
+        self.getOrGenerateKeyId { keyId, error in
+          if let error = error {
+            promise.reject("ERR_GET_KEY", "Failed to get or generate key: \(error.localizedDescription)")
+            return
+          }
+
+          guard let keyId = keyId else {
+            promise.reject("ERR_GET_KEY", "Failed to get key ID")
+            return
+          }
+
+          // Decode base64 challenge
+          guard let challengeData = Data(base64Encoded: challenge) else {
+            promise.reject("ERR_INVALID_CHALLENGE", "Challenge must be base64-encoded")
+            return
+          }
+
+          // Hash the challenge
+          let challengeHash = Data(SHA256.hash(data: challengeData))
+
+          // Attest the key
+          service.attestKey(keyId, clientDataHash: challengeHash) { attestation, error in
+            if let error = error {
+              promise.reject("ERR_ATTEST_KEY", "Failed to attest key: \(error.localizedDescription)")
+              return
+            }
+
+            guard let attestation = attestation else {
+              promise.reject("ERR_ATTEST_KEY", "Attestation returned nil")
+              return
+            }
+
+            let bundleId = Bundle.main.bundleIdentifier ?? "unknown"
+
+            // Wrap response in "ios" key for CDP API spec
+            let result: [String: Any] = [
+              "ios": [
+                "keyId": keyId,
+                "attestation": attestation.base64EncodedString(),
+                "bundleId": bundleId
+              ]
+            ]
+
+            promise.resolve(result)
+          }
+        }
+      } else {
+        promise.reject("ERR_NOT_SUPPORTED", "App Attest requires iOS 14.0 or later")
+      }
+    }
+
+    // Clear cached attestation key (allows re-attestation with a new key)
+    AsyncFunction("clearKey") { (promise: Promise) in
+      let success = self.deleteFromKeychain(key: self.keyIdStorageKey)
+      promise.resolve(success)
+    }
+
+    // Generic Keychain storage (allows SDK to store custom flags)
+    AsyncFunction("setKeychainValue") { (key: String, value: String, promise: Promise) in
+      let success = self.saveToKeychain(key: key, value: value)
+      promise.resolve(success)
+    }
+
+    // Generic Keychain retrieval
+    AsyncFunction("getKeychainValue") { (key: String, promise: Promise) in
+      if let value = self.getFromKeychain(key: key) {
+        promise.resolve(value)
+      } else {
+        promise.resolve(nil)
+      }
+    }
+
+    // Generic Keychain deletion
+    AsyncFunction("deleteKeychainValue") { (key: String, promise: Promise) in
+      let success = self.deleteFromKeychain(key: key)
+      promise.resolve(success)
+    }
+
+    // Simplified generateAssertion that uses cached key
+    AsyncFunction("createAssertion") { (clientData: String, promise: Promise) in
+      if #available(iOS 14.0, *) {
+        let service = DCAppAttestService.shared
+
+        guard service.isSupported else {
+          promise.reject("ERR_NOT_SUPPORTED", "App Attest is not supported on this device")
+          return
+        }
+
+        // Get cached key ID from Keychain
+        guard let keyId = self.getFromKeychain(key: self.keyIdStorageKey) else {
+          promise.reject("ERR_NO_KEY", "No attestation key found. Call attest() first to generate a key.")
+          return
+        }
+
+        // Decode base64 client data
+        guard let clientDataBytes = Data(base64Encoded: clientData) else {
+          promise.reject("ERR_INVALID_DATA", "Client data must be base64-encoded")
+          return
+        }
+
+        // Hash the client data
+        let clientDataHash = Data(SHA256.hash(data: clientDataBytes))
+
+        service.generateAssertion(keyId, clientDataHash: clientDataHash) { assertion, error in
+          if let error = error {
+            promise.reject("ERR_GENERATE_ASSERTION", "Failed to generate assertion: \(error.localizedDescription)")
+            return
+          }
+
+          guard let assertion = assertion else {
+            promise.reject("ERR_GENERATE_ASSERTION", "Assertion generation returned nil")
+            return
+          }
+
+          // Wrap response in "ios" key for CDP API spec
+          let result: [String: Any] = [
+            "ios": [
+              "assertion": assertion.base64EncodedString(),
+              "keyId": keyId
+            ]
+          ]
+
+          promise.resolve(result)
+        }
+      } else {
+        promise.reject("ERR_NOT_SUPPORTED", "App Attest requires iOS 14.0 or later")
+      }
+    }
+  }
+}

package/package.json

@@ -1,8 +1,64 @@
 {
   "name": "@coinbase/cdp-app-attest",
-  "version": "0.0.0",
-  "description": "Placeholder package",
-  "main": "index.js",
-  "author": "Coinbase Inc.",
-  "license": "Apache-2.0"
-}
+  "version": "0.0.95",
+  "type": "module",
+  "description": "CDP native module for iOS App Attest and Android Play Integrity",
+  "files": [
+    "dist/**",
+    "ios/**",
+    "android/**",
+    "expo-module.config.json",
+    "!dist/**/*.tsbuildinfo"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/types/index.d.ts",
+      "default": "./dist/esm/index.js"
+    },
+    "./package.json": "./package.json"
+  },
+  "keywords": [
+    "react-native",
+    "expo",
+    "app-attest",
+    "play-integrity",
+    "attestation"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/coinbase/cdp-web.git",
+    "directory": "packages/cdp-app-attest"
+  },
+  "bugs": {
+    "url": "https://github.com/coinbase/cdp-web/issues"
+  },
+  "author": "Coinbase",
+  "license": "Apache-2.0",
+  "homepage": "https://github.com/coinbase/cdp-web/tree/master/packages/cdp-app-attest",
+  "peerDependencies": {
+    "expo": "*",
+    "expo-modules-core": "*",
+    "react": "*",
+    "react-native": "*"
+  },
+  "devDependencies": {
+    "@size-limit/preset-small-lib": "^11.2.0",
+    "size-limit": "^11.2.0"
+  },
+  "size-limit": [
+    {
+      "name": "full-package",
+      "path": "./dist/esm/index.js",
+      "limit": "2 KB"
+    }
+  ],
+  "scripts": {
+    "build": "pnpm run clean && pnpm run check:types && vite build",
+    "check:types": "tsc --noEmit",
+    "clean": "rm -rf dist build",
+    "clean:all": "pnpm clean && rm -rf node_modules",
+    "size-limit": "size-limit",
+    "test": "vitest",
+    "test:run": "vitest --run"
+  }
+}

package/index.js

@@ -1 +0,0 @@
-console.log("Temporary package");