@phantom/react-native-sdk 0.1.6 → 0.1.7

package/dist/index.js

@@ -295,7 +295,8 @@ var import_sdk_types = require("@phantom/sdk-types");
 var ReactNativeStamper = class {
   // Optional for PKI, required for OIDC
   constructor(config = {}) {
-    this.keyInfo = null;
+    this.activeKeyRecord = null;
+    this.pendingKeyRecord = null;
     this.algorithm = import_sdk_types.Algorithm.ed25519;
     this.type = "PKI";
     this.keyPrefix = config.keyPrefix || "phantom-rn-stamper";
@@ -305,32 +306,27 @@ var ReactNativeStamper = class {
    * Initialize the stamper and generate/load cryptographic keys
    */
   async init() {
-    const storedSecretKey = await this.getStoredSecretKey();
-    if (storedSecretKey) {
-      const keyInfo2 = await this.getStoredKeyInfo();
-      if (keyInfo2) {
-        this.keyInfo = keyInfo2;
-        return keyInfo2;
-      }
+    this.activeKeyRecord = await this.loadActiveKeyRecord();
+    if (!this.activeKeyRecord) {
+      this.activeKeyRecord = await this.generateAndStoreNewKeyRecord("active");
     }
-    const keyInfo = await this.generateAndStoreKeyPair();
-    this.keyInfo = keyInfo;
-    return keyInfo;
+    this.pendingKeyRecord = await this.loadPendingKeyRecord();
+    return this.activeKeyRecord.keyInfo;
   }
   /**
    * Get the current key information
    */
   getKeyInfo() {
-    return this.keyInfo;
+    return this.activeKeyRecord?.keyInfo || null;
   }
   /**
    * Generate and store a new key pair, replacing any existing keys
    */
   async resetKeyPair() {
     await this.clear();
-    const keyInfo = await this.generateAndStoreKeyPair();
-    this.keyInfo = keyInfo;
-    return keyInfo;
+    this.activeKeyRecord = await this.generateAndStoreNewKeyRecord("active");
+    this.pendingKeyRecord = null;
+    return this.activeKeyRecord.keyInfo;
   }
   /**
    * Create X-Phantom-Stamp header value using stored secret key
@@ -338,79 +334,129 @@ var ReactNativeStamper = class {
    * @returns Complete X-Phantom-Stamp header value
    */
   async stamp(params) {
-    if (!this.keyInfo) {
+    if (!this.activeKeyRecord) {
       throw new Error("Stamper not initialized. Call init() first.");
     }
-    const storedSecretKey = await this.getStoredSecretKey();
-    if (!storedSecretKey) {
-      throw new Error("Secret key not found in secure storage");
-    }
-    const apiKeyStamper = new import_api_key_stamper.ApiKeyStamper({ apiSecretKey: storedSecretKey });
+    const apiKeyStamper = new import_api_key_stamper.ApiKeyStamper({ apiSecretKey: this.activeKeyRecord.secretKey });
     return await apiKeyStamper.stamp(params);
   }
   /**
    * Clear all stored keys from SecureStore
    */
   async clear() {
-    const infoKey = this.getInfoKey();
-    const secretKey = this.getSecretKey();
+    const activeKey = this.getActiveKeyName();
+    const pendingKey = this.getPendingKeyName();
+    try {
+      await SecureStore2.deleteItemAsync(activeKey);
+    } catch (error) {
+    }
     try {
-      await SecureStore2.deleteItemAsync(infoKey);
+      await SecureStore2.deleteItemAsync(pendingKey);
     } catch (error) {
     }
+    this.activeKeyRecord = null;
+    this.pendingKeyRecord = null;
+  }
+  /**
+   * Generate a new keypair for rotation without making it active
+   */
+  async rotateKeyPair() {
+    this.pendingKeyRecord = await this.generateAndStoreNewKeyRecord("pending");
+    return this.pendingKeyRecord.keyInfo;
+  }
+  /**
+   * Switch to the pending keypair, making it active and cleaning up the old one
+   */
+  async commitRotation(authenticatorId) {
+    if (!this.pendingKeyRecord) {
+      throw new Error("No pending keypair to commit");
+    }
+    if (this.activeKeyRecord) {
+      try {
+        await SecureStore2.deleteItemAsync(this.getActiveKeyName());
+      } catch (error) {
+      }
+    }
+    this.pendingKeyRecord.status = "active";
+    this.pendingKeyRecord.authenticatorId = authenticatorId;
+    this.pendingKeyRecord.keyInfo.authenticatorId = authenticatorId;
+    this.activeKeyRecord = this.pendingKeyRecord;
+    this.pendingKeyRecord = null;
+    await this.storeKeyRecord(this.activeKeyRecord, "active");
     try {
-      await SecureStore2.deleteItemAsync(secretKey);
+      await SecureStore2.deleteItemAsync(this.getPendingKeyName());
     } catch (error) {
     }
-    this.keyInfo = null;
   }
-  async generateAndStoreKeyPair() {
+  /**
+   * Discard the pending keypair on rotation failure
+   */
+  async rollbackRotation() {
+    if (!this.pendingKeyRecord) {
+      return;
+    }
+    try {
+      await SecureStore2.deleteItemAsync(this.getPendingKeyName());
+    } catch (error) {
+    }
+    this.pendingKeyRecord = null;
+  }
+  async generateAndStoreNewKeyRecord(type) {
     const keypair = (0, import_crypto.generateKeyPair)();
     const keyId = this.createKeyId(keypair.publicKey);
+    const now = Date.now();
     const keyInfo = {
       keyId,
-      publicKey: keypair.publicKey
+      publicKey: keypair.publicKey,
+      createdAt: now
+    };
+    const record = {
+      keyInfo,
+      secretKey: keypair.secretKey,
+      createdAt: now,
+      expiresAt: 0,
+      // Not used anymore, kept for backward compatibility
+      status: type
     };
-    await this.storeKeyPair(keypair.secretKey, keyInfo);
-    return keyInfo;
+    await this.storeKeyRecord(record, type);
+    return record;
   }
   createKeyId(publicKey) {
     return (0, import_base64url.base64urlEncode)(new TextEncoder().encode(publicKey)).substring(0, 16);
   }
-  async storeKeyPair(secretKey, keyInfo) {
-    const infoKey = this.getInfoKey();
-    const secretKeyName = this.getSecretKey();
-    await SecureStore2.setItemAsync(infoKey, JSON.stringify(keyInfo), {
-      requireAuthentication: false
-    });
-    await SecureStore2.setItemAsync(secretKeyName, secretKey, {
+  async storeKeyRecord(record, type) {
+    const keyName = type === "active" ? this.getActiveKeyName() : this.getPendingKeyName();
+    await SecureStore2.setItemAsync(keyName, JSON.stringify(record), {
       requireAuthentication: false
     });
   }
-  async getStoredKeyInfo() {
+  async loadActiveKeyRecord() {
     try {
-      const infoKey = this.getInfoKey();
-      const storedInfo = await SecureStore2.getItemAsync(infoKey);
-      if (storedInfo) {
-        return JSON.parse(storedInfo);
+      const activeKey = this.getActiveKeyName();
+      const storedRecord = await SecureStore2.getItemAsync(activeKey);
+      if (storedRecord) {
+        return JSON.parse(storedRecord);
       }
     } catch (error) {
     }
     return null;
   }
-  async getStoredSecretKey() {
+  async loadPendingKeyRecord() {
     try {
-      const secretKeyName = this.getSecretKey();
-      return await SecureStore2.getItemAsync(secretKeyName);
+      const pendingKey = this.getPendingKeyName();
+      const storedRecord = await SecureStore2.getItemAsync(pendingKey);
+      if (storedRecord) {
+        return JSON.parse(storedRecord);
+      }
     } catch (error) {
-      return null;
     }
+    return null;
   }
-  getInfoKey() {
-    return `${this.keyPrefix}-${this.organizationId}-info`;
+  getActiveKeyName() {
+    return `${this.keyPrefix}-${this.organizationId}-active`;
   }
-  getSecretKey() {
-    return `${this.keyPrefix}-${this.organizationId}-secret`;
+  getPendingKeyName() {
+    return `${this.keyPrefix}-${this.organizationId}-pending`;
   }
 };
 

package/dist/index.mjs

@@ -251,7 +251,8 @@ import { Algorithm } from "@phantom/sdk-types";
 var ReactNativeStamper = class {
   // Optional for PKI, required for OIDC
   constructor(config = {}) {
-    this.keyInfo = null;
+    this.activeKeyRecord = null;
+    this.pendingKeyRecord = null;
     this.algorithm = Algorithm.ed25519;
     this.type = "PKI";
     this.keyPrefix = config.keyPrefix || "phantom-rn-stamper";
@@ -261,32 +262,27 @@ var ReactNativeStamper = class {
    * Initialize the stamper and generate/load cryptographic keys
    */
   async init() {
-    const storedSecretKey = await this.getStoredSecretKey();
-    if (storedSecretKey) {
-      const keyInfo2 = await this.getStoredKeyInfo();
-      if (keyInfo2) {
-        this.keyInfo = keyInfo2;
-        return keyInfo2;
-      }
+    this.activeKeyRecord = await this.loadActiveKeyRecord();
+    if (!this.activeKeyRecord) {
+      this.activeKeyRecord = await this.generateAndStoreNewKeyRecord("active");
     }
-    const keyInfo = await this.generateAndStoreKeyPair();
-    this.keyInfo = keyInfo;
-    return keyInfo;
+    this.pendingKeyRecord = await this.loadPendingKeyRecord();
+    return this.activeKeyRecord.keyInfo;
   }
   /**
    * Get the current key information
    */
   getKeyInfo() {
-    return this.keyInfo;
+    return this.activeKeyRecord?.keyInfo || null;
   }
   /**
    * Generate and store a new key pair, replacing any existing keys
    */
   async resetKeyPair() {
     await this.clear();
-    const keyInfo = await this.generateAndStoreKeyPair();
-    this.keyInfo = keyInfo;
-    return keyInfo;
+    this.activeKeyRecord = await this.generateAndStoreNewKeyRecord("active");
+    this.pendingKeyRecord = null;
+    return this.activeKeyRecord.keyInfo;
   }
   /**
    * Create X-Phantom-Stamp header value using stored secret key
@@ -294,79 +290,129 @@ var ReactNativeStamper = class {
    * @returns Complete X-Phantom-Stamp header value
    */
   async stamp(params) {
-    if (!this.keyInfo) {
+    if (!this.activeKeyRecord) {
       throw new Error("Stamper not initialized. Call init() first.");
     }
-    const storedSecretKey = await this.getStoredSecretKey();
-    if (!storedSecretKey) {
-      throw new Error("Secret key not found in secure storage");
-    }
-    const apiKeyStamper = new ApiKeyStamper({ apiSecretKey: storedSecretKey });
+    const apiKeyStamper = new ApiKeyStamper({ apiSecretKey: this.activeKeyRecord.secretKey });
     return await apiKeyStamper.stamp(params);
   }
   /**
    * Clear all stored keys from SecureStore
    */
   async clear() {
-    const infoKey = this.getInfoKey();
-    const secretKey = this.getSecretKey();
+    const activeKey = this.getActiveKeyName();
+    const pendingKey = this.getPendingKeyName();
+    try {
+      await SecureStore2.deleteItemAsync(activeKey);
+    } catch (error) {
+    }
     try {
-      await SecureStore2.deleteItemAsync(infoKey);
+      await SecureStore2.deleteItemAsync(pendingKey);
     } catch (error) {
     }
+    this.activeKeyRecord = null;
+    this.pendingKeyRecord = null;
+  }
+  /**
+   * Generate a new keypair for rotation without making it active
+   */
+  async rotateKeyPair() {
+    this.pendingKeyRecord = await this.generateAndStoreNewKeyRecord("pending");
+    return this.pendingKeyRecord.keyInfo;
+  }
+  /**
+   * Switch to the pending keypair, making it active and cleaning up the old one
+   */
+  async commitRotation(authenticatorId) {
+    if (!this.pendingKeyRecord) {
+      throw new Error("No pending keypair to commit");
+    }
+    if (this.activeKeyRecord) {
+      try {
+        await SecureStore2.deleteItemAsync(this.getActiveKeyName());
+      } catch (error) {
+      }
+    }
+    this.pendingKeyRecord.status = "active";
+    this.pendingKeyRecord.authenticatorId = authenticatorId;
+    this.pendingKeyRecord.keyInfo.authenticatorId = authenticatorId;
+    this.activeKeyRecord = this.pendingKeyRecord;
+    this.pendingKeyRecord = null;
+    await this.storeKeyRecord(this.activeKeyRecord, "active");
     try {
-      await SecureStore2.deleteItemAsync(secretKey);
+      await SecureStore2.deleteItemAsync(this.getPendingKeyName());
     } catch (error) {
     }
-    this.keyInfo = null;
   }
-  async generateAndStoreKeyPair() {
+  /**
+   * Discard the pending keypair on rotation failure
+   */
+  async rollbackRotation() {
+    if (!this.pendingKeyRecord) {
+      return;
+    }
+    try {
+      await SecureStore2.deleteItemAsync(this.getPendingKeyName());
+    } catch (error) {
+    }
+    this.pendingKeyRecord = null;
+  }
+  async generateAndStoreNewKeyRecord(type) {
     const keypair = generateKeyPair();
     const keyId = this.createKeyId(keypair.publicKey);
+    const now = Date.now();
     const keyInfo = {
       keyId,
-      publicKey: keypair.publicKey
+      publicKey: keypair.publicKey,
+      createdAt: now
+    };
+    const record = {
+      keyInfo,
+      secretKey: keypair.secretKey,
+      createdAt: now,
+      expiresAt: 0,
+      // Not used anymore, kept for backward compatibility
+      status: type
     };
-    await this.storeKeyPair(keypair.secretKey, keyInfo);
-    return keyInfo;
+    await this.storeKeyRecord(record, type);
+    return record;
   }
   createKeyId(publicKey) {
     return base64urlEncode(new TextEncoder().encode(publicKey)).substring(0, 16);
   }
-  async storeKeyPair(secretKey, keyInfo) {
-    const infoKey = this.getInfoKey();
-    const secretKeyName = this.getSecretKey();
-    await SecureStore2.setItemAsync(infoKey, JSON.stringify(keyInfo), {
-      requireAuthentication: false
-    });
-    await SecureStore2.setItemAsync(secretKeyName, secretKey, {
+  async storeKeyRecord(record, type) {
+    const keyName = type === "active" ? this.getActiveKeyName() : this.getPendingKeyName();
+    await SecureStore2.setItemAsync(keyName, JSON.stringify(record), {
       requireAuthentication: false
     });
   }
-  async getStoredKeyInfo() {
+  async loadActiveKeyRecord() {
     try {
-      const infoKey = this.getInfoKey();
-      const storedInfo = await SecureStore2.getItemAsync(infoKey);
-      if (storedInfo) {
-        return JSON.parse(storedInfo);
+      const activeKey = this.getActiveKeyName();
+      const storedRecord = await SecureStore2.getItemAsync(activeKey);
+      if (storedRecord) {
+        return JSON.parse(storedRecord);
       }
     } catch (error) {
     }
     return null;
   }
-  async getStoredSecretKey() {
+  async loadPendingKeyRecord() {
     try {
-      const secretKeyName = this.getSecretKey();
-      return await SecureStore2.getItemAsync(secretKeyName);
+      const pendingKey = this.getPendingKeyName();
+      const storedRecord = await SecureStore2.getItemAsync(pendingKey);
+      if (storedRecord) {
+        return JSON.parse(storedRecord);
+      }
     } catch (error) {
-      return null;
     }
+    return null;
   }
-  getInfoKey() {
-    return `${this.keyPrefix}-${this.organizationId}-info`;
+  getActiveKeyName() {
+    return `${this.keyPrefix}-${this.organizationId}-active`;
   }
-  getSecretKey() {
-    return `${this.keyPrefix}-${this.organizationId}-secret`;
+  getPendingKeyName() {
+    return `${this.keyPrefix}-${this.organizationId}-pending`;
   }
 };
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@phantom/react-native-sdk",
-  "version": "0.1.6",
+  "version": "0.1.7",
   "description": "Phantom Wallet SDK for React Native and Expo applications",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -47,11 +47,11 @@
   "dependencies": {
     "@phantom/api-key-stamper": "^0.1.5",
     "@phantom/base64url": "^0.1.0",
-    "@phantom/client": "^0.1.8",
+    "@phantom/client": "^0.1.10",
     "@phantom/constants": "^0.0.3",
     "@phantom/crypto": "^0.1.2",
-    "@phantom/embedded-provider-core": "^0.1.7",
-    "@phantom/sdk-types": "^0.1.4",
+    "@phantom/embedded-provider-core": "^0.1.9",
+    "@phantom/sdk-types": "^0.1.5",
     "@types/bs58": "^5.0.0",
     "bs58": "^6.0.0",
     "buffer": "^6.0.3"