@oxyhq/services 5.17.8 → 5.17.9

package/lib/typescript/crypto/keyManager.d.ts

@@ -1,80 +0,0 @@
-/**
- * Key Manager - ECDSA secp256k1 Key Generation and Storage
- *
- * Handles secure generation, storage, and retrieval of cryptographic keys.
- * Private keys are stored securely using expo-secure-store and never leave the device.
- */
-import type { ECKeyPair } from 'elliptic';
-export interface KeyPair {
-    publicKey: string;
-    privateKey: string;
-}
-export declare class KeyManager {
-    /**
-     * Generate a new ECDSA secp256k1 key pair
-     * Returns the keys in hexadecimal format
-     */
-    static generateKeyPairSync(): KeyPair;
-    /**
-     * Generate a new key pair using secure random bytes
-     */
-    static generateKeyPair(): Promise<KeyPair>;
-    /**
-     * Generate and securely store a new key pair on the device
-     * Returns only the public key (private key is stored securely)
-     */
-    static createIdentity(): Promise<string>;
-    /**
-     * Import an existing key pair (e.g., from backup file)
-     */
-    static importKeyPair(privateKey: string): Promise<string>;
-    /**
-     * Get the stored private key
-     * WARNING: Only use this for signing operations within the app
-     */
-    static getPrivateKey(): Promise<string | null>;
-    /**
-     * Get the stored public key
-     */
-    static getPublicKey(): Promise<string | null>;
-    /**
-     * Check if an identity (key pair) exists on this device
-     */
-    static hasIdentity(): Promise<boolean>;
-    /**
-     * Delete the stored identity (both keys)
-     * Use with EXTREME caution - this is irreversible without a backup file
-     * This should ONLY be called when explicitly requested by the user
-     * @param force - If true, skip confirmation checks (default: false)
-     * @param userConfirmed - If true, user has explicitly confirmed deletion (default: false)
-     */
-    static deleteIdentity(force?: boolean, userConfirmed?: boolean): Promise<void>;
-    /**
-     * Verify identity integrity - checks if keys are valid and accessible
-     */
-    static verifyIdentityIntegrity(): Promise<boolean>;
-    /**
-     * Get the elliptic curve key object from the stored private key
-     * Used internally for signing operations
-     */
-    static getKeyPairObject(): Promise<ECKeyPair | null>;
-    /**
-     * Derive public key from a private key (without storing)
-     */
-    static derivePublicKey(privateKey: string): string;
-    /**
-     * Validate that a string is a valid public key
-     */
-    static isValidPublicKey(publicKey: string): boolean;
-    /**
-     * Validate that a string is a valid private key
-     */
-    static isValidPrivateKey(privateKey: string): boolean;
-    /**
-     * Get a shortened version of the public key for display
-     * Format: first 8 chars...last 8 chars
-     */
-    static shortenPublicKey(publicKey: string): string;
-}
-export default KeyManager;
-//# sourceMappingURL=keyManager.d.ts.map

package/lib/typescript/crypto/keyManager.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"keyManager.d.ts","sourceRoot":"","sources":["../../../src/crypto/keyManager.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAsG1C,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,UAAU;IAErB;;;OAGG;IACH,MAAM,CAAC,mBAAmB,IAAI,OAAO;IAQrC;;OAEG;WACU,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IAWhD;;;OAGG;WACU,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC;IAgB9C;;OAEG;WACU,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAiB/D;;;OAGG;WACU,aAAa,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAiBpD;;OAEG;WACU,YAAY,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAgBnD;;OAEG;WACU,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAgB5C;;;;;;OAMG;WACU,cAAc,CACzB,KAAK,GAAE,OAAe,EACtB,aAAa,GAAE,OAAe,GAC7B,OAAO,CAAC,IAAI,CAAC;IAqBhB;;OAEG;WACU,uBAAuB,IAAI,OAAO,CAAC,OAAO,CAAC;IA2CxD;;;OAGG;WACU,gBAAgB,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAS1D;;OAEG;IACH,MAAM,CAAC,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;IAKlD;;OAEG;IACH,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IASnD;;OAEG;IACH,MAAM,CAAC,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAWrD;;;OAGG;IACH,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;CAInD;AAED,eAAe,UAAU,CAAC"}

package/lib/typescript/crypto/signatureService.d.ts

@@ -1,77 +0,0 @@
-/**
- * Signature Service - ECDSA Digital Signatures
- *
- * Handles signing and verification of messages using ECDSA secp256k1.
- * Used for authenticating requests and proving identity ownership.
- */
-export interface SignedMessage {
-    message: string;
-    signature: string;
-    publicKey: string;
-    timestamp: number;
-}
-export interface AuthChallenge {
-    challenge: string;
-    publicKey: string;
-    timestamp: number;
-}
-export declare class SignatureService {
-    /**
-     * Generate a random challenge string (for offline use)
-     * Uses expo-crypto in React Native, crypto.randomBytes in Node.js
-     */
-    static generateChallenge(): Promise<string>;
-    /**
-     * Hash a message using SHA-256
-     */
-    static hashMessage(message: string): Promise<string>;
-    /**
-     * Sign a message using the stored private key
-     * Returns the signature in DER format (hex encoded)
-     */
-    static sign(message: string): Promise<string>;
-    /**
-     * Sign a message with an explicit private key (without storing)
-     * Useful for one-time operations or testing
-     */
-    static signWithKey(message: string, privateKey: string): Promise<string>;
-    /**
-     * Verify a signature against a message and public key
-     */
-    static verify(message: string, signature: string, publicKey: string): Promise<boolean>;
-    /**
-     * Synchronous verification (for Node.js backend)
-     * Uses crypto module directly for hashing
-     * Note: This method should only be used in Node.js environments
-     */
-    static verifySync(message: string, signature: string, publicKey: string): boolean;
-    /**
-     * Create a signed message object with metadata
-     */
-    static createSignedMessage(message: string): Promise<SignedMessage>;
-    /**
-     * Verify a signed message object
-     * Checks both signature validity and timestamp freshness
-     */
-    static verifySignedMessage(signedMessage: SignedMessage, maxAgeMs?: number): Promise<boolean>;
-    /**
-     * Create a signed authentication challenge response
-     * Used for challenge-response authentication
-     */
-    static signChallenge(challenge: string): Promise<AuthChallenge>;
-    /**
-     * Verify a challenge response
-     */
-    static verifyChallengeResponse(originalChallenge: string, response: AuthChallenge, maxAgeMs?: number): Promise<boolean>;
-    /**
-     * Sign arbitrary data for API requests
-     * Creates a canonical string representation and signs it
-     */
-    static signRequestData(data: Record<string, unknown>): Promise<{
-        signature: string;
-        publicKey: string;
-        timestamp: number;
-    }>;
-}
-export default SignatureService;
-//# sourceMappingURL=signatureService.d.ts.map

package/lib/typescript/crypto/signatureService.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"signatureService.d.ts","sourceRoot":"","sources":["../../../src/crypto/signatureService.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAiEH,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,qBAAa,gBAAgB;IAC3B;;;OAGG;WACU,iBAAiB,IAAI,OAAO,CAAC,MAAM,CAAC;IA0BjD;;OAEG;WACU,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAI1D;;;OAGG;WACU,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAWnD;;;OAGG;WACU,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAO9E;;OAEG;WACU,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAU5F;;;;OAIG;IACH,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO;IAkBjF;;OAEG;WACU,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAkBzE;;;OAGG;WACU,mBAAmB,CAC9B,aAAa,EAAE,aAAa,EAC5B,QAAQ,GAAE,MAAsB,GAC/B,OAAO,CAAC,OAAO,CAAC;IAcnB;;;OAGG;WACU,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAiBrE;;OAEG;WACU,uBAAuB,CAClC,iBAAiB,EAAE,MAAM,EACzB,QAAQ,EAAE,aAAa,EACvB,QAAQ,GAAE,MAAsB,GAC/B,OAAO,CAAC,OAAO,CAAC;IAanB;;;OAGG;WACU,eAAe,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC;QACnE,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CAsBH;AAED,eAAe,gBAAgB,CAAC"}

package/src/crypto/keyManager.ts

@@ -1,379 +0,0 @@
-/**
- * Key Manager - ECDSA secp256k1 Key Generation and Storage
- * 
- * Handles secure generation, storage, and retrieval of cryptographic keys.
- * Private keys are stored securely using expo-secure-store and never leave the device.
- */
-
-import { ec as EC } from 'elliptic';
-import type { ECKeyPair } from 'elliptic';
-import { Platform } from 'react-native';
-
-// Lazy imports for React Native specific modules
-let SecureStore: typeof import('expo-secure-store') | null = null;
-let ExpoCrypto: typeof import('expo-crypto') | null = null;
-
-const ec = new EC('secp256k1');
-
-const STORAGE_KEYS = {
-  PRIVATE_KEY: 'oxy_identity_private_key',
-  PUBLIC_KEY: 'oxy_identity_public_key',
-} as const;
-
-/**
- * Initialize React Native specific modules
- * This allows the module to work in both Node.js and React Native environments
- */
-async function initSecureStore(): Promise<typeof import('expo-secure-store')> {
-  if (!SecureStore) {
-    try {
-      SecureStore = await import('expo-secure-store');
-    } catch (error) {
-      const errorMessage = error instanceof Error ? error.message : String(error);
-      throw new Error(`Failed to load expo-secure-store: ${errorMessage}. Make sure expo-secure-store is installed and properly configured.`);
-    }
-  }
-  if (!SecureStore) {
-    throw new Error('expo-secure-store module is not available');
-  }
-  return SecureStore;
-}
-
-/**
- * Check if we're in a React Native environment
- */
-function isReactNative(): boolean {
-  return typeof navigator !== 'undefined' && navigator.product === 'ReactNative';
-}
-
-/**
- * Check if we're in a Node.js environment
- */
-function isNodeJS(): boolean {
-  return typeof process !== 'undefined' && process.versions != null && process.versions.node != null;
-}
-
-/**
- * Check if we're on web platform
- * Identity storage is only available on native platforms (iOS/Android)
- */
-function isWebPlatform(): boolean {
-  try {
-    return Platform.OS === 'web';
-  } catch {
-    // Fallback if Platform is not available
-    return typeof window !== 'undefined' && typeof navigator !== 'undefined' && navigator.product !== 'ReactNative';
-  }
-}
-
-async function initExpoCrypto(): Promise<typeof import('expo-crypto')> {
-  if (!ExpoCrypto) {
-    ExpoCrypto = await import('expo-crypto');
-  }
-  return ExpoCrypto;
-}
-
-/**
- * Convert Uint8Array to hexadecimal string
- * Works in both Node.js and React Native
- */
-function uint8ArrayToHex(bytes: Uint8Array): string {
-  return Array.from(bytes)
-    .map(b => b.toString(16).padStart(2, '0'))
-    .join('');
-}
-
-/**
- * Generate cryptographically secure random bytes
- */
-async function getSecureRandomBytes(length: number): Promise<Uint8Array> {
-  // In React Native, always use expo-crypto
-  if (isReactNative() || !isNodeJS()) {
-    const Crypto = await initExpoCrypto();
-    return Crypto.getRandomBytes(length);
-  }
-  
-  // In Node.js, use Node's crypto module
-  // Use Function constructor to prevent Metro bundler from statically analyzing this require
-  // This ensures the require is only evaluated in Node.js runtime, not during Metro bundling
-  try {
-    // eslint-disable-next-line @typescript-eslint/no-implied-eval
-    const getCrypto = new Function('return require("crypto")');
-    const crypto = getCrypto();
-    return new Uint8Array(crypto.randomBytes(length));
-  } catch (error) {
-    // Fallback to expo-crypto if Node crypto fails
-    const Crypto = await initExpoCrypto();
-    return Crypto.getRandomBytes(length);
-  }
-}
-
-export interface KeyPair {
-  publicKey: string;
-  privateKey: string;
-}
-
-export class KeyManager {
-
-  /**
-   * Generate a new ECDSA secp256k1 key pair
-   * Returns the keys in hexadecimal format
-   */
-  static generateKeyPairSync(): KeyPair {
-    const keyPair = ec.genKeyPair();
-    return {
-      privateKey: keyPair.getPrivate('hex'),
-      publicKey: keyPair.getPublic('hex'),
-    };
-  }
-
-  /**
-   * Generate a new key pair using secure random bytes
-   */
-  static async generateKeyPair(): Promise<KeyPair> {
-    const randomBytes = await getSecureRandomBytes(32);
-    const privateKeyHex = uint8ArrayToHex(randomBytes);
-    const keyPair = ec.keyFromPrivate(privateKeyHex);
-    
-    return {
-      privateKey: keyPair.getPrivate('hex'),
-      publicKey: keyPair.getPublic('hex'),
-    };
-  }
-
-  /**
-   * Generate and securely store a new key pair on the device
-   * Returns only the public key (private key is stored securely)
-   */
-  static async createIdentity(): Promise<string> {
-    if (isWebPlatform()) {
-      throw new Error('Identity creation is only available on native platforms (iOS/Android). Please use the native app to create your identity.');
-    }
-    const store = await initSecureStore();
-    const { privateKey, publicKey } = await KeyManager.generateKeyPair();
-
-    await store.setItemAsync(STORAGE_KEYS.PRIVATE_KEY, privateKey, {
-      keychainAccessible: store.WHEN_UNLOCKED_THIS_DEVICE_ONLY,
-    });
-
-    await store.setItemAsync(STORAGE_KEYS.PUBLIC_KEY, publicKey);
-
-    return publicKey;
-  }
-
-  /**
-   * Import an existing key pair (e.g., from backup file)
-   */
-  static async importKeyPair(privateKey: string): Promise<string> {
-    if (isWebPlatform()) {
-      throw new Error('Identity import is only available on native platforms (iOS/Android). Please use the native app to import your identity.');
-    }
-    const store = await initSecureStore();
-    
-    const keyPair = ec.keyFromPrivate(privateKey);
-    const publicKey = keyPair.getPublic('hex');
-
-    await store.setItemAsync(STORAGE_KEYS.PRIVATE_KEY, privateKey, {
-      keychainAccessible: store.WHEN_UNLOCKED_THIS_DEVICE_ONLY,
-    });
-    await store.setItemAsync(STORAGE_KEYS.PUBLIC_KEY, publicKey);
-
-    return publicKey;
-  }
-
-  /**
-   * Get the stored private key
-   * WARNING: Only use this for signing operations within the app
-   */
-  static async getPrivateKey(): Promise<string | null> {
-    if (isWebPlatform()) {
-      return null; // Identity storage is only available on native platforms
-    }
-    try {
-      const store = await initSecureStore();
-      return await store.getItemAsync(STORAGE_KEYS.PRIVATE_KEY);
-    } catch (error) {
-      // If secure store is not available, return null (no identity)
-      // This allows the app to continue functioning even if secure store fails to load
-      if (__DEV__) {
-        console.warn('[KeyManager] Failed to access secure store:', error);
-      }
-      return null;
-    }
-  }
-
-  /**
-   * Get the stored public key
-   */
-  static async getPublicKey(): Promise<string | null> {
-    if (isWebPlatform()) {
-      return null; // Identity storage is only available on native platforms
-    }
-
-    try {
-      const store = await initSecureStore();
-      return await store.getItemAsync(STORAGE_KEYS.PUBLIC_KEY);
-    } catch (error) {
-      if (__DEV__) {
-        console.warn('[KeyManager] Failed to access secure store:', error);
-      }
-      return null;
-    }
-  }
-
-  /**
-   * Check if an identity (key pair) exists on this device
-   */
-  static async hasIdentity(): Promise<boolean> {
-    if (isWebPlatform()) {
-      return false; // Identity storage is only available on native platforms
-    }
-
-    try {
-      const privateKey = await KeyManager.getPrivateKey();
-      return privateKey !== null;
-    } catch (error) {
-      if (__DEV__) {
-        console.warn('[KeyManager] Failed to check identity:', error);
-      }
-      return false;
-    }
-  }
-
-  /**
-   * Delete the stored identity (both keys)
-   * Use with EXTREME caution - this is irreversible without a backup file
-   * This should ONLY be called when explicitly requested by the user
-   * @param force - If true, skip confirmation checks (default: false)
-   * @param userConfirmed - If true, user has explicitly confirmed deletion (default: false)
-   */
-  static async deleteIdentity(
-    force: boolean = false,
-    userConfirmed: boolean = false
-  ): Promise<void> {
-    if (isWebPlatform()) {
-      return; // Identity storage is only available on native platforms, nothing to delete
-    }
-    // CRITICAL SAFEGUARD: Require explicit user confirmation unless force is true
-    if (!force && !userConfirmed) {
-      throw new Error('Identity deletion requires explicit user confirmation. This is a safety measure to prevent accidental data loss.');
-    }
-
-    if (!force) {
-      const hasIdentity = await KeyManager.hasIdentity();
-      if (!hasIdentity) {
-        return; // Nothing to delete
-      }
-    }
-
-    const store = await initSecureStore();
-    await store.deleteItemAsync(STORAGE_KEYS.PRIVATE_KEY);
-    await store.deleteItemAsync(STORAGE_KEYS.PUBLIC_KEY);
-  }
-
-  /**
-   * Verify identity integrity - checks if keys are valid and accessible
-   */
-  static async verifyIdentityIntegrity(): Promise<boolean> {
-    if (isWebPlatform()) {
-      return false; // Identity storage is only available on native platforms
-    }
-    try {
-      const privateKey = await KeyManager.getPrivateKey();
-      const publicKey = await KeyManager.getPublicKey();
-
-      if (!privateKey || !publicKey) {
-        return false;
-      }
-
-      // Validate private key format
-      if (!KeyManager.isValidPrivateKey(privateKey)) {
-        return false;
-      }
-
-      // Validate public key format
-      if (!KeyManager.isValidPublicKey(publicKey)) {
-        return false;
-      }
-
-      // Verify public key can be derived from private key
-      const derivedPublicKey = KeyManager.derivePublicKey(privateKey);
-      if (derivedPublicKey !== publicKey) {
-        return false; // Keys don't match
-      }
-
-      // Verify we can create a key pair object (tests elliptic curve operations)
-      const keyPair = await KeyManager.getKeyPairObject();
-      if (!keyPair) {
-        return false;
-      }
-
-      return true;
-    } catch (error) {
-      if (typeof __DEV__ !== 'undefined' && __DEV__) {
-        console.error('[KeyManager] Identity integrity check failed:', error);
-      }
-      return false;
-    }
-  }
-
-  /**
-   * Get the elliptic curve key object from the stored private key
-   * Used internally for signing operations
-   */
-  static async getKeyPairObject(): Promise<ECKeyPair | null> {
-    if (isWebPlatform()) {
-      return null; // Identity storage is only available on native platforms
-    }
-    const privateKey = await KeyManager.getPrivateKey();
-    if (!privateKey) return null;
-    return ec.keyFromPrivate(privateKey);
-  }
-
-  /**
-   * Derive public key from a private key (without storing)
-   */
-  static derivePublicKey(privateKey: string): string {
-    const keyPair = ec.keyFromPrivate(privateKey);
-    return keyPair.getPublic('hex');
-  }
-
-  /**
-   * Validate that a string is a valid public key
-   */
-  static isValidPublicKey(publicKey: string): boolean {
-    try {
-      ec.keyFromPublic(publicKey, 'hex');
-      return true;
-    } catch {
-      return false;
-    }
-  }
-
-  /**
-   * Validate that a string is a valid private key
-   */
-  static isValidPrivateKey(privateKey: string): boolean {
-    try {
-      const keyPair = ec.keyFromPrivate(privateKey);
-      // Verify it can derive a public key
-      keyPair.getPublic('hex');
-      return true;
-    } catch {
-      return false;
-    }
-  }
-
-  /**
-   * Get a shortened version of the public key for display
-   * Format: first 8 chars...last 8 chars
-   */
-  static shortenPublicKey(publicKey: string): string {
-    if (publicKey.length <= 20) return publicKey;
-    return `${publicKey.slice(0, 8)}...${publicKey.slice(-8)}`;
-  }
-}
-
-export default KeyManager;
-
-