@oobit/react-native-sdk 1.0.3 → 1.0.5

package/src/config.ts

@@ -3,14 +3,14 @@
  * Environment-based configuration for the widget URL
  */
 
-import { WidgetEnvironment } from './types';
+import { WidgetEnvironment } from "./types";
 
 /**
  * Widget URLs by environment
  */
 export const WIDGET_URLS = {
   development: "https://oobit-widget-dev.web.app",
-  production: "https://widget.oobit.com",
+  production: "https://oobit-widget.web.app",
 } as const;
 
 /**
@@ -18,6 +18,8 @@ export const WIDGET_URLS = {
  * @param environment - The environment to use (defaults to 'production')
  * @returns The widget URL for the specified environment
  */
-export function getWidgetUrl(environment: WidgetEnvironment = 'production'): string {
+export function getWidgetUrl(
+  environment: WidgetEnvironment = "production"
+): string {
   return WIDGET_URLS[environment];
 }

package/src/cryptoUtils.ts

@@ -0,0 +1,160 @@
+/**
+ * Crypto Utilities for Card Details Session Generation
+ *
+ * CRITICAL: This implementation MUST match Android's PublicKeyCryptoHelper.kt exactly:
+ * - RSA Algorithm: RSA/ECB/OAEPWithSHA-1AndMGF1Padding
+ * - Secret Key: UUID without dashes (32 hex chars = 16 bytes = 128-bit)
+ * - Input to RSA: secretKey as Base64 string
+ * - Output: encrypted sessionId as Base64 string
+ *
+ * Uses react-native-quick-crypto for native RSA-OAEP encryption
+ * (OpenSSL on Android, CommonCrypto on iOS)
+ *
+ * @requires react-native-quick-crypto - npm install react-native-quick-crypto
+ */
+
+import QuickCrypto from 'react-native-quick-crypto';
+
+/**
+ * Generates a random hex key matching Android's generateRandomHexKey()
+ *
+ * Creates a UUID v4 without dashes = 32 hex characters = 16 bytes = 128-bit key
+ * This matches the format used in Android's PublicKeyCryptoHelper
+ *
+ * @returns 32-character hexadecimal string
+ */
+export function generateRandomHexKey(): string {
+  // Generate UUID v4 pattern and remove dashes
+  // This matches Android's java.util.UUID.randomUUID().toString().replace("-", "")
+  return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'
+    .replace(/[xy]/g, (c) => {
+      const r = (Math.random() * 16) | 0;
+      const v = c === 'x' ? r : (r & 0x3) | 0x8;
+      return v.toString(16);
+    })
+    .replace(/-/g, '');
+}
+
+/**
+ * Converts a hex string to Base64 encoding
+ * Matches Android's hexToBase64() method
+ *
+ * @param hexString - Hexadecimal string (must have even length)
+ * @returns Base64 encoded string
+ */
+export function hexToBase64(hexString: string): string {
+  // Convert hex string to binary string
+  let binaryString = '';
+  for (let i = 0; i < hexString.length; i += 2) {
+    const byte = parseInt(hexString.substring(i, i + 2), 16);
+    binaryString += String.fromCharCode(byte);
+  }
+
+  // Use btoa for Base64 encoding (available in React Native with Hermes)
+  if (typeof btoa === 'function') {
+    return btoa(binaryString);
+  }
+
+  // Fallback: manual Base64 encoding
+  const base64Chars =
+    'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+  let result = '';
+  let i = 0;
+
+  while (i < binaryString.length) {
+    const a = binaryString.charCodeAt(i++);
+    const b = binaryString.charCodeAt(i++);
+    const c = binaryString.charCodeAt(i++);
+
+    const triplet = (a << 16) | ((b || 0) << 8) | (c || 0);
+
+    result +=
+      base64Chars[(triplet >> 18) & 0x3f] +
+      base64Chars[(triplet >> 12) & 0x3f] +
+      (isNaN(b) ? '=' : base64Chars[(triplet >> 6) & 0x3f]) +
+      (isNaN(c) ? '=' : base64Chars[triplet & 0x3f]);
+  }
+
+  return result;
+}
+
+/**
+ * Encrypts data using RSA with OAEP-SHA1 padding (native implementation)
+ *
+ * MUST match Android's RSA/ECB/OAEPWithSHA-1AndMGF1Padding algorithm
+ * Uses native crypto (OpenSSL on Android, CommonCrypto on iOS)
+ *
+ * @param data - Plain text data to encrypt (Base64 string of the secret key)
+ * @param publicKeyPem - RSA public key in PEM format
+ * @returns Encrypted data as Base64 string
+ * @throws Error if encryption fails
+ */
+export function encryptWithRSA(data: string, publicKeyPem: string): string {
+  try {
+    // Convert string to Buffer
+    const dataBuffer = Buffer.from(data, 'utf8');
+
+    // Encrypt using RSA-OAEP with SHA-1 (matches Android's OAEPWithSHA-1AndMGF1Padding)
+    const encrypted = QuickCrypto.publicEncrypt(
+      {
+        key: publicKeyPem,
+        padding: QuickCrypto.constants.RSA_PKCS1_OAEP_PADDING,
+        oaepHash: 'sha1',
+      },
+      dataBuffer
+    );
+
+    // Return as Base64 string
+    return encrypted.toString('base64');
+  } catch (error) {
+    console.error('[CryptoUtils] RSA encryption failed:', error);
+    throw new Error('Failed to encrypt session data');
+  }
+}
+
+/**
+ * Generates session credentials for card details API request
+ *
+ * This is the main function that creates the cryptographically linked
+ * sessionId + secretKey pair, matching Android's PublicKeyCryptoHelper.generateSessionId()
+ *
+ * Flow:
+ * 1. Generate random secretKeyHex (UUID without dashes)
+ * 2. Convert secretKeyHex to Base64
+ * 3. Encrypt Base64 key with RSA public key → sessionId
+ * 4. Return both secretKeyHex (for client-side decryption) and sessionId (for API header)
+ *
+ * @param publicKeyPem - RSA public key in PEM format (from widget)
+ * @returns Object containing:
+ *   - secretKeyHex: Keep on device for AES-GCM decryption (32 hex chars)
+ *   - sessionId: Send to API as SessionId header (RSA-encrypted, Base64)
+ * @throws Error if key generation or encryption fails
+ */
+export function generateSessionCredentials(publicKeyPem: string): SessionCredentials {
+  // Validate public key
+  if (!publicKeyPem || !publicKeyPem.includes('BEGIN PUBLIC KEY')) {
+    throw new Error('Invalid RSA public key format');
+  }
+
+  // Step 1: Generate random secret key (matches Android's generateRandomHexKey)
+  const secretKeyHex = generateRandomHexKey();
+
+  // Step 2: Convert to Base64 (matches Android's hexToBase64)
+  const secretKeyBase64 = hexToBase64(secretKeyHex);
+
+  // Step 3: Encrypt with RSA public key (matches Android's encryptWithPublicKey)
+  const sessionId = encryptWithRSA(secretKeyBase64, publicKeyPem);
+
+  console.log('[CryptoUtils] Session credentials generated successfully');
+
+  return {
+    secretKeyHex,
+    sessionId,
+  };
+}
+
+// Export types for type safety
+export interface SessionCredentials {
+  secretKeyHex: string;
+  sessionId: string;
+}

package/src/index.ts

@@ -23,6 +23,7 @@ export type {
   WidgetErrorMessage,
   WidgetCloseMessage,
   TransactionRequestedMessage,
+  RequestCardDetailsSessionMessage,
 
   // Native → Widget message types
   NativeMessageType,
@@ -31,6 +32,8 @@ export type {
   NativeNavigateBackMessage,
   NativePlatformInfoMessage,
   NativeWalletOpenedMessage,
+  NativeCardDetailsSessionMessage,
+  NativeBiometricFailedMessage,
 } from './types';
 
 // Export constants
@@ -39,3 +42,20 @@ export { WIDGET_URLS, getWidgetUrl } from './config';
 
 // Export wallet utilities
 export { openNativeWallet, isWalletAvailable } from './walletUtils';
+
+// Export biometric utilities
+export {
+  authenticateWithBiometrics,
+  isBiometricAvailable,
+  getBiometryTypeLabel,
+  BiometryTypes,
+} from './biometricUtils';
+export type { BiometricResult, BiometricAvailability } from './biometricUtils';
+
+// Export crypto utilities (for advanced usage)
+export {
+  generateSessionCredentials,
+  generateRandomHexKey,
+  hexToBase64,
+} from './cryptoUtils';
+export type { SessionCredentials } from './cryptoUtils';

package/src/types.ts

@@ -15,36 +15,39 @@ export interface DepositToken {
 }
 
 export type WidgetMessageType =
-  | 'widget:ready'
-  | 'widget:open-wallet'
-  | 'widget:card-created'
-  | 'widget:error'
-  | 'widget:close'
-  | 'widget:transaction-requested'
-  | 'widget:token-expired';
+  | "widget:ready"
+  | "widget:open-wallet"
+  | "widget:card-created"
+  | "widget:error"
+  | "widget:close"
+  | "widget:transaction-requested"
+  | "widget:token-expired"
+  | "widget:request-card-details-session";
 
 /**
  * Native Message Types
  * Messages sent from the native app to the web widget
  */
 export type NativeMessageType =
-  | 'native:platform-info'
-  | 'native:wallet-opened'
-  | 'native:back-pressed'
-  | 'native:navigate-back';
+  | "native:platform-info"
+  | "native:wallet-opened"
+  | "native:back-pressed"
+  | "native:navigate-back"
+  | "native:card-details-session"
+  | "native:biometric-failed";
 
 export interface NativeBackPressedMessage {
-  type: 'native:back-pressed';
+  type: "native:back-pressed";
   timestamp: number;
 }
 
 export interface NativeNavigateBackMessage {
-  type: 'native:navigate-back';
+  type: "native:navigate-back";
   timestamp: number;
 }
 
 export interface NativePlatformInfoMessage {
-  type: 'native:platform-info';
+  type: "native:platform-info";
   payload: {
     platform: string;
     walletAvailable: boolean;
@@ -52,17 +55,35 @@ export interface NativePlatformInfoMessage {
 }
 
 export interface NativeWalletOpenedMessage {
-  type: 'native:wallet-opened';
+  type: "native:wallet-opened";
   payload: {
     success: boolean;
   };
 }
 
+export interface NativeCardDetailsSessionMessage {
+  type: "native:card-details-session";
+  payload: {
+    sessionId: string; // RSA-encrypted session ID (Base64)
+    secretKey: string; // Secret key in hex format (32 chars)
+  };
+}
+
+export interface NativeBiometricFailedMessage {
+  type: "native:biometric-failed";
+  payload: {
+    reason: "cancelled" | "failed" | "not_available" | "not_enrolled";
+    message?: string;
+  };
+}
+
 export type NativeMessage =
   | NativeBackPressedMessage
   | NativeNavigateBackMessage
   | NativePlatformInfoMessage
-  | NativeWalletOpenedMessage;
+  | NativeWalletOpenedMessage
+  | NativeCardDetailsSessionMessage
+  | NativeBiometricFailedMessage;
 
 export interface BaseWidgetMessage {
   type: WidgetMessageType;
@@ -70,27 +91,27 @@ export interface BaseWidgetMessage {
 }
 
 export interface WidgetReadyMessage extends BaseWidgetMessage {
-  type: 'widget:ready';
+  type: "widget:ready";
 }
 
 export interface OpenWalletMessage extends BaseWidgetMessage {
-  type: 'widget:open-wallet';
+  type: "widget:open-wallet";
   payload: {
-    platform: 'ios' | 'android';
+    platform: "ios" | "android";
   };
 }
 
 export interface CardCreatedMessage extends BaseWidgetMessage {
-  type: 'widget:card-created';
+  type: "widget:card-created";
   payload: {
     cardId: string;
-    cardType: 'virtual' | 'physical';
+    cardType: "virtual" | "physical";
     last4: string;
   };
 }
 
 export interface WidgetErrorMessage extends BaseWidgetMessage {
-  type: 'widget:error';
+  type: "widget:error";
   payload: {
     code: string;
     message: string;
@@ -98,11 +119,11 @@ export interface WidgetErrorMessage extends BaseWidgetMessage {
 }
 
 export interface WidgetCloseMessage extends BaseWidgetMessage {
-  type: 'widget:close';
+  type: "widget:close";
 }
 
 export interface TransactionRequestedMessage extends BaseWidgetMessage {
-  type: 'widget:transaction-requested';
+  type: "widget:transaction-requested";
   payload: {
     token: DepositToken;
     cryptoAmount: string;
@@ -112,12 +133,19 @@ export interface TransactionRequestedMessage extends BaseWidgetMessage {
 }
 
 export interface TokenExpiredMessage extends BaseWidgetMessage {
-  type: 'widget:token-expired';
+  type: "widget:token-expired";
   payload?: {
     reason?: string;
   };
 }
 
+export interface RequestCardDetailsSessionMessage extends BaseWidgetMessage {
+  type: "widget:request-card-details-session";
+  payload: {
+    publicKey: string; // RSA public key in PEM format
+  };
+}
+
 export type WidgetMessage =
   | WidgetReadyMessage
   | OpenWalletMessage
@@ -125,14 +153,15 @@ export type WidgetMessage =
   | WidgetErrorMessage
   | WidgetCloseMessage
   | TransactionRequestedMessage
-  | TokenExpiredMessage;
+  | TokenExpiredMessage
+  | RequestCardDetailsSessionMessage;
 
 /**
  * Widget environment configuration
  * - 'development': Uses development/staging widget URL
  * - 'production': Uses production widget URL
  */
-export type WidgetEnvironment = 'development' | 'production';
+export type WidgetEnvironment = "development" | "production";
 
 /**
  * SDK Configuration
@@ -151,7 +180,12 @@ export interface WidgetSDKConfig {
   onCardCreated?: (cardId: string, cardType: string, last4: string) => void;
   onError?: (code: string, message: string) => void;
   onClose?: () => void;
-  onTransactionRequested?: (token: DepositToken, cryptoAmount: string, depositAddress: string, depositAddressTag: string | null) => void;
+  onTransactionRequested?: (
+    token: DepositToken,
+    cryptoAmount: string,
+    depositAddress: string,
+    depositAddressTag: string | null
+  ) => void;
 }
 
 /**
@@ -159,12 +193,12 @@ export interface WidgetSDKConfig {
  */
 export const WALLET_URLS = {
   ios: {
-    passkit: 'shoebox://', // Apple Wallet deep link
-    fallback: 'https://wallet.apple.com',
+    passkit: "shoebox://", // Apple Wallet deep link
+    fallback: "https://wallet.apple.com",
   },
   android: {
-    googlePay: 'https://pay.google.com/gp/w/home/wallet',
-    fallback: 'https://wallet.google.com',
+    googlePay: "https://pay.google.com/gp/w/home/wallet",
+    fallback: "https://wallet.google.com",
   },
 } as const;
 
@@ -177,17 +211,19 @@ export const WALLET_URLS = {
  */
 export const MessageTypes = {
   // Widget → Native
-  READY: 'widget:ready',
-  OPEN_WALLET: 'widget:open-wallet',
-  CARD_CREATED: 'widget:card-created',
-  ERROR: 'widget:error',
-  CLOSE: 'widget:close',
-  TRANSACTION_REQUESTED: 'widget:transaction-requested',
-  TOKEN_EXPIRED: 'widget:token-expired',
+  READY: "widget:ready",
+  OPEN_WALLET: "widget:open-wallet",
+  CARD_CREATED: "widget:card-created",
+  ERROR: "widget:error",
+  CLOSE: "widget:close",
+  TRANSACTION_REQUESTED: "widget:transaction-requested",
+  TOKEN_EXPIRED: "widget:token-expired",
+  REQUEST_CARD_DETAILS_SESSION: "widget:request-card-details-session",
   // Native → Widget
-  PLATFORM_INFO: 'native:platform-info',
-  WALLET_OPENED: 'native:wallet-opened',
-  BACK_PRESSED: 'native:back-pressed',
-  NAVIGATE_BACK: 'native:navigate-back',
+  PLATFORM_INFO: "native:platform-info",
+  WALLET_OPENED: "native:wallet-opened",
+  BACK_PRESSED: "native:back-pressed",
+  NAVIGATE_BACK: "native:navigate-back",
+  CARD_DETAILS_SESSION: "native:card-details-session",
+  BIOMETRIC_FAILED: "native:biometric-failed",
 } as const;
-