@reclaimprotocol/attestor-core 5.0.1-beta.1 → 5.0.1-beta.2

package/lib/utils/b64-json.js

@@ -0,0 +1,17 @@
+import { decodeBase64, encodeBase64 } from "ethers";
+const B64_JSON_REPLACER = (key, value) => {
+  if (value instanceof Uint8Array || typeof value === "object" && value && "buffer" in value && value.buffer instanceof ArrayBuffer) {
+    return { type: "uint8array", value: encodeBase64(value) };
+  }
+  return value;
+};
+const B64_JSON_REVIVER = (key, value) => {
+  if (value?.type === "uint8array") {
+    return decodeBase64(value.value);
+  }
+  return value;
+};
+export {
+  B64_JSON_REPLACER,
+  B64_JSON_REVIVER
+};

package/lib/utils/bgp-listener.d.ts

@@ -0,0 +1,7 @@
+import type { Logger } from 'pino';
+import type { BGPListener } from '#src/types/index.ts';
+/**
+ * Listens for BGP announcements and emits events whenever
+ * an announcement overlaps with a target IP.
+ */
+export declare function createBgpListener(logger: Logger): BGPListener;

package/lib/utils/bgp-listener.js

@@ -0,0 +1,123 @@
+import CIDR from "ip-cidr";
+import { BGP_WS_URL } from "../config/index.js";
+import { makeWebSocket } from "../utils/ws.js";
+const ANNOUNCEMENT_OVERLAP = "announcement-overlap";
+class BGPAnnouncementOverlapEvent extends Event {
+  data;
+  constructor(data) {
+    super(ANNOUNCEMENT_OVERLAP);
+    this.data = data;
+  }
+}
+function createBgpListener(logger) {
+  let ws;
+  let closed = false;
+  const targetIps = /* @__PURE__ */ new Set();
+  const eventTarget = new EventTarget();
+  openWs();
+  return {
+    onOverlap(ips, callback) {
+      for (const ip of ips) {
+        targetIps.add(ip);
+      }
+      eventTarget.addEventListener(
+        ANNOUNCEMENT_OVERLAP,
+        _callback
+      );
+      return () => {
+        for (const ip of ips) {
+          targetIps.delete(ip);
+        }
+        eventTarget.removeEventListener(
+          ANNOUNCEMENT_OVERLAP,
+          _callback
+        );
+      };
+      function _callback(event) {
+        callback(event.data);
+      }
+    },
+    close() {
+      ws.onclose = null;
+      ws.onerror = null;
+      ws.close();
+      closed = true;
+    }
+  };
+  function openWs() {
+    logger.debug("connecting to BGP websocket");
+    ws = makeWebSocket(BGP_WS_URL);
+    ws.onopen = onOpen;
+    ws.onerror = (ev) => onClose(ev);
+    ws.onclose = () => onClose(new Error("Unexpected close"));
+    ws.onmessage = ({ data }) => {
+      const str = typeof data === "string" ? data : data.toString();
+      try {
+        onMessage(str);
+      } catch (err) {
+        logger.error({ data, err }, "error processing BGP message");
+      }
+    };
+  }
+  function onOpen() {
+    const subscriptionMessage = {
+      type: "ris_subscribe",
+      data: {
+        type: "UPDATE"
+      }
+    };
+    ws.send(JSON.stringify(subscriptionMessage));
+    logger.info("connected to BGP websocket");
+  }
+  function onClose(err) {
+    if (closed) {
+      return;
+    }
+    logger.info({ err }, "BGP websocket closed");
+    if (!err) {
+      return;
+    }
+    logger.info("reconnecting to BGP websocket");
+    openWs();
+  }
+  function onMessage(message) {
+    const data = JSON.parse(message);
+    const announcements = data?.data?.announcements;
+    logger.trace({ data }, "got BGP update");
+    if (!Array.isArray(announcements)) {
+      return;
+    }
+    const asPath = data?.data?.path;
+    for (const announcement of announcements) {
+      const prefixes = announcement?.prefixes;
+      const nextHop = announcement?.["next_hop"];
+      const hasPrefixes = prefixes?.length && (nextHop || asPath);
+      if (!hasPrefixes) {
+        return;
+      }
+      for (const prefix of prefixes) {
+        if (!overlapsTargetIps(prefix)) {
+          continue;
+        }
+        eventTarget.dispatchEvent(
+          new BGPAnnouncementOverlapEvent({ prefix })
+        );
+      }
+    }
+  }
+  function overlapsTargetIps(prefix) {
+    if (prefix.endsWith("/0")) {
+      return false;
+    }
+    const cidr = new CIDR(prefix);
+    for (const ip of targetIps) {
+      if (cidr.contains(ip)) {
+        return true;
+      }
+    }
+    return false;
+  }
+}
+export {
+  createBgpListener
+};

package/lib/utils/claims.d.ts

@@ -0,0 +1,33 @@
+import { ClaimTunnelResponse } from '#src/proto/api.ts';
+import type { ClaimID, ClaimInfo, CompleteClaimData, ProviderParams } from '#src/types/index.ts';
+/**
+ * Creates the standard string to sign for a claim.
+ * This data is what the attestor will sign when it successfully
+ * verifies a claim.
+ */
+export declare function createSignDataForClaim(data: CompleteClaimData): string;
+/**
+ * Verify the claim tunnel response from a attestor.
+ *
+ * If you'd only like to verify the claim signature, you can
+ * optionally only pass "claim" & "signatures.claimSignature"
+ * to this function.
+ *
+ * The successful run of this function means that the claim
+ * is valid, and the attestor that signed the claim is valid.
+ */
+export declare function assertValidClaimSignatures({ signatures, ...res }: Partial<ClaimTunnelResponse>, metadata?: import("#src/proto/api.ts").InitRequest): Promise<void>;
+/**
+ * Generates a unique identifier for given claim info
+ * @param info
+ * @returns
+ */
+export declare function getIdentifierFromClaimInfo(info: ClaimInfo): ClaimID;
+/**
+ * Canonically stringifies an object, so that the same object will always
+ * produce the same string despite the order of keys
+ */
+export declare function canonicalStringify(params: {
+    [key: string]: any;
+} | undefined): string;
+export declare function hashProviderParams(params: ProviderParams<'http'>): string;

package/lib/utils/claims.js

@@ -0,0 +1,89 @@
+import canonicalize from "canonicalize";
+import { keccak256 } from "ethers";
+import { DEFAULT_METADATA } from "../config/index.js";
+import { ClaimTunnelResponse } from "../proto/api.js";
+import { SIGNATURES, strToUint8Array } from "../utils/index.js";
+function createSignDataForClaim(data) {
+  const lines = [
+    getIdentifierFromClaimInfo(data),
+    // we lowercase the owner to ensure that the
+    // ETH addresses always serialize the same way
+    data.owner.toLowerCase(),
+    data.timestampS.toString(),
+    data.epoch.toString()
+  ];
+  return lines.join("\n");
+}
+async function assertValidClaimSignatures({
+  signatures,
+  ...res
+}, metadata = DEFAULT_METADATA) {
+  if (!signatures) {
+    throw new Error("No signatures provided");
+  }
+  const {
+    resultSignature,
+    claimSignature,
+    attestorAddress
+  } = signatures;
+  const { verify } = SIGNATURES[metadata.signatureType];
+  if (signatures?.resultSignature) {
+    const resBytes = ClaimTunnelResponse.encode(ClaimTunnelResponse.create(res)).finish();
+    const verified = await verify(resBytes, resultSignature, attestorAddress);
+    if (!verified) {
+      throw new Error("Invalid result signature");
+    }
+  }
+  if (!res.claim) {
+    return;
+  }
+  const signData = createSignDataForClaim(res.claim);
+  const verifiedClaim = await verify(
+    strToUint8Array(signData),
+    claimSignature,
+    attestorAddress
+  );
+  if (!verifiedClaim) {
+    throw new Error("Invalid claim signature");
+  }
+}
+function getIdentifierFromClaimInfo(info) {
+  if (info.context?.length > 0) {
+    try {
+      const ctx = JSON.parse(info.context);
+      info.context = canonicalStringify(ctx);
+    } catch {
+      throw new Error("unable to parse non-empty context. Must be JSON");
+    }
+  }
+  const str = `${info.provider}
+${info.parameters}
+${info.context || ""}`;
+  return keccak256(strToUint8Array(str)).toLowerCase();
+}
+function canonicalStringify(params) {
+  if (!params) {
+    return "";
+  }
+  return canonicalize(params) || "";
+}
+function hashProviderParams(params) {
+  const filteredParams = {
+    url: params.url,
+    method: params.method,
+    body: params.body,
+    responseMatches: params.responseMatches,
+    responseRedactions: params.responseRedactions
+  };
+  const serializedParams = canonicalStringify(filteredParams);
+  return keccak256(
+    strToUint8Array(serializedParams)
+  ).toLowerCase();
+}
+export {
+  assertValidClaimSignatures,
+  canonicalStringify,
+  createSignDataForClaim,
+  getIdentifierFromClaimInfo,
+  hashProviderParams
+};

package/lib/utils/env.d.ts

@@ -0,0 +1,3 @@
+export type TransportType = 'node' | 'react-native' | 'browser';
+export declare function detectEnvironment(): TransportType;
+export declare function getEnvVariable(name: string): string | undefined;

package/lib/utils/env.js

@@ -0,0 +1,19 @@
+function detectEnvironment() {
+  if (typeof navigator !== "undefined" && navigator.product === "ReactNative") {
+    return "react-native";
+  }
+  if (typeof window !== "undefined") {
+    return "browser";
+  }
+  return "node";
+}
+function getEnvVariable(name) {
+  if (typeof process === "undefined") {
+    return void 0;
+  }
+  return process?.env[name];
+}
+export {
+  detectEnvironment,
+  getEnvVariable
+};

package/lib/utils/error.d.ts

@@ -0,0 +1,26 @@
+import { ErrorCode, ErrorData } from '#src/proto/api.ts';
+/**
+ * Represents an error that can be thrown by the Attestor Core
+ * or server. Provides a code, and optional data
+ * to pass along with the error.
+ */
+export declare class AttestorError extends Error {
+    readonly name = "AttestorError";
+    readonly code: keyof typeof ErrorCode;
+    readonly data: {
+        [_: string]: any;
+    } | undefined;
+    constructor(code: keyof typeof ErrorCode, message: string, data?: {
+        [_: string]: any;
+    });
+    /**
+     * Encodes the error as a ErrorData
+     * protobuf message
+     */
+    toProto(): ErrorData;
+    static fromProto(data?: ErrorData): AttestorError;
+    static fromError(err: Error, code?: keyof typeof ErrorCode): AttestorError;
+    static badRequest(message: string, data?: {
+        [_: string]: any;
+    }): AttestorError;
+}

package/lib/utils/error.js

@@ -0,0 +1,54 @@
+import { ErrorCode, ErrorData } from "../proto/api.js";
+const PROTO_ERROR = ErrorData.fromJSON({});
+class AttestorError extends Error {
+  name = "AttestorError";
+  code;
+  data;
+  constructor(code, message, data) {
+    super(message);
+    this.code = code;
+    this.data = data;
+  }
+  /**
+   * Encodes the error as a ErrorData
+   * protobuf message
+   */
+  toProto() {
+    return ErrorData.create({
+      code: ErrorCode[this.code],
+      message: this.message,
+      data: JSON.stringify(this.data)
+    });
+  }
+  static fromProto(data = PROTO_ERROR) {
+    return new AttestorError(
+      typeof data.code === "number" ? getKeyForValue(ErrorCode, data.code) || "UNRECOGNIZED" : data.code,
+      data.message,
+      data.data ? JSON.parse(data.data) : void 0
+    );
+  }
+  static fromError(err, code = "ERROR_INTERNAL") {
+    if (err instanceof AttestorError) {
+      return err;
+    }
+    return new AttestorError(code, err.message);
+  }
+  static badRequest(message, data) {
+    return new AttestorError(
+      "ERROR_BAD_REQUEST",
+      message,
+      data
+    );
+  }
+}
+function getKeyForValue(obj, value) {
+  for (const key in obj) {
+    if (obj[key] === value) {
+      return key;
+    }
+  }
+  return void 0;
+}
+export {
+  AttestorError
+};

package/lib/utils/generics.d.ts

@@ -0,0 +1,114 @@
+import type { CipherSuite, TLSProtocolVersion } from '@reclaimprotocol/tls';
+import { uint8ArrayToBinaryStr } from '@reclaimprotocol/tls';
+import { RPCMessage, RPCMessages } from '#src/proto/api.ts';
+import type { CompleteTLSPacket, IDecryptedTranscript, IDecryptedTranscriptMessage, ProviderField, RPCEvent, RPCEventMap, RPCEventType, RPCType, Transcript } from '#src/types/index.ts';
+export { uint8ArrayToBinaryStr };
+/**
+ * Decodes a Uint8Array to a UTF-8 string.
+ */
+export declare function uint8ArrayToStr(arr: Uint8Array): string;
+/**
+ * Encodes a UTF-8 string to a Uint8Array.
+ */
+export declare function strToUint8Array(str: string): Uint8Array;
+export declare function getTranscriptString(receipt: IDecryptedTranscript): string;
+export declare const unixTimestampSeconds: () => number;
+/**
+ * Find index of needle in haystack
+ */
+export declare function findIndexInUint8Array(haystack: Uint8Array, needle: Uint8Array): number;
+/**
+ * Fetch the ZK algorithm for the specified cipher suite
+ */
+export declare function getZkAlgorithmForCipherSuite(cipherSuite: CipherSuite): "aes-256-ctr" | "aes-128-ctr" | "chacha20";
+/**
+ * Get the pure ciphertext without any MAC,
+ * or authentication tag,
+ * @param content content w/o header
+ * @param cipherSuite
+ */
+export declare function getPureCiphertext(content: Uint8Array, cipherSuite: CipherSuite): Uint8Array<ArrayBufferLike>;
+/**
+ * Get the 8 byte IV part that's stored in the record for some cipher suites
+ * @param content content w/o header
+ * @param cipherSuite
+ */
+export declare function getRecordIV(content: Uint8Array, cipherSuite: CipherSuite): Uint8Array<ArrayBuffer>;
+export declare function getProviderValue<P, S, T>(params: P, fn: ProviderField<P, S, T>, secretParams?: S): T;
+export declare function generateRpcMessageId(): number;
+/**
+ * Random session ID for a WebSocket client.
+ */
+export declare function generateSessionId(): number;
+/**
+ * Random ID for a tunnel.
+ */
+export declare function generateTunnelId(): number;
+export declare function makeRpcEvent<T extends RPCEventType>(type: T, data: RPCEventMap[T]): RPCEvent<T>;
+/**
+ * Get the RPC type from the key.
+ * For eg. "claimTunnelRequest" ->
+ *    { type: 'claimTunnel', direction: 'request' }
+ */
+export declare function getRpcTypeFromKey(key: string): {
+    type: RPCType;
+    direction: "request";
+} | {
+    type: RPCType;
+    direction: "response";
+} | undefined;
+/**
+ * Get the RPC response type from the RPC type.
+ * For eg. "claimTunnel" -> "claimTunnelResponse"
+ */
+export declare function getRpcResponseType<T extends RPCType>(type: T): `${T}Response`;
+/**
+ * Get the RPC request type from the RPC type.
+ * For eg. "claimTunnel" -> "claimTunnelRequest"
+ */
+export declare function getRpcRequestType<T extends RPCType>(type: T): `${T}Request`;
+export declare function isApplicationData(packet: CompleteTLSPacket, tlsVersion: string | undefined): boolean;
+/**
+ * Convert the received data from a WS to a Uint8Array
+ */
+export declare function extractArrayBufferFromWsData(data: unknown): Promise<Uint8Array>;
+/**
+ * Check if the RPC message is a request or a response.
+ */
+export declare function getRpcRequest(msg: RPCMessage): {
+    type: RPCType;
+    direction: "request";
+} | {
+    type: RPCType;
+    direction: "response";
+} | {
+    direction: "response";
+    type: "error";
+} | undefined;
+/**
+ * Finds all application data messages in a transcript
+ * and returns them. Removes the "contentType" suffix from the message.
+ * in TLS 1.3
+ */
+export declare function extractApplicationDataFromTranscript({ transcript, tlsVersion }: IDecryptedTranscript): Transcript<Uint8Array<ArrayBufferLike>>;
+export type HandshakeTranscript<T> = {
+    sender: 'client' | 'server';
+    index: number;
+    message: T;
+}[];
+export declare function extractHandshakeFromTranscript({ transcript, tlsVersion }: {
+    transcript: IDecryptedTranscriptMessage[];
+    tlsVersion: TLSProtocolVersion;
+}): HandshakeTranscript<Uint8Array<ArrayBufferLike>>;
+export declare function decryptDirect(directReveal: any, cipherSuite: CipherSuite, recordHeader: Uint8Array, serverTlsVersion: TLSProtocolVersion, content: Uint8Array): Promise<{
+    plaintext: Uint8Array<ArrayBufferLike>;
+    iv: Uint8Array<ArrayBufferLike>;
+}>;
+export declare function packRpcMessages(...msgs: Partial<RPCMessage>[]): RPCMessages;
+/**
+ * Converts an Ethers struct (an array w named keys) to
+ * a plain object. Recursively converts all structs inside.
+ * Required to correctly JSON.stringify the struct.
+ */
+export declare function ethersStructToPlainObject<T>(struct: T): T;
+export declare function isTls13Suite(suite: CipherSuite): suite is "TLS_CHACHA20_POLY1305_SHA256" | "TLS_AES_256_GCM_SHA384" | "TLS_AES_128_GCM_SHA256";