@reclaimprotocol/js-sdk 5.4.0 → 5.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +86 -1
- package/dist/index.js +335 -66
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -84,7 +84,7 @@ var require_package = __commonJS({
|
|
|
84
84
|
"package.json"(exports2, module2) {
|
|
85
85
|
module2.exports = {
|
|
86
86
|
name: "@reclaimprotocol/js-sdk",
|
|
87
|
-
version: "5.4.
|
|
87
|
+
version: "5.4.1",
|
|
88
88
|
description: "Designed to request proofs from the Reclaim protocol and manage the flow of claims and witness interactions.",
|
|
89
89
|
main: "dist/index.js",
|
|
90
90
|
types: "dist/index.d.ts",
|
|
@@ -227,6 +227,7 @@ __export(index_exports, {
|
|
|
227
227
|
takeTemplateParametersFromProofs: () => takeTemplateParametersFromProofs,
|
|
228
228
|
transformForOnchain: () => transformForOnchain,
|
|
229
229
|
updateSession: () => updateSession,
|
|
230
|
+
verifyAttestorTeeAttestation: () => verifyAttestorTeeAttestation,
|
|
230
231
|
verifyProof: () => verifyProof,
|
|
231
232
|
verifyTeeAttestation: () => verifyTeeAttestation
|
|
232
233
|
});
|
|
@@ -241,7 +242,7 @@ var RECLAIM_EXTENSION_ACTIONS = {
|
|
|
241
242
|
};
|
|
242
243
|
|
|
243
244
|
// src/Reclaim.ts
|
|
244
|
-
var
|
|
245
|
+
var import_ethers7 = require("ethers");
|
|
245
246
|
var import_canonicalize3 = __toESM(require("canonicalize"));
|
|
246
247
|
|
|
247
248
|
// src/utils/errors.ts
|
|
@@ -289,6 +290,7 @@ var ProofSubmissionFailedError = createErrorClass("ProofSubmissionFailedError");
|
|
|
289
290
|
var ErrorDuringVerificationError = createErrorClass("ErrorDuringVerificationError");
|
|
290
291
|
var CallbackUrlRequiredError = createErrorClass("CallbackUrlRequiredError");
|
|
291
292
|
var TeeVerificationError = createErrorClass("TeeVerificationError");
|
|
293
|
+
var AttestorTeeVerificationError = createErrorClass("AttestorTeeVerificationError");
|
|
292
294
|
|
|
293
295
|
// src/utils/logger.ts
|
|
294
296
|
var SimpleLogger = class {
|
|
@@ -563,19 +565,21 @@ function scheduleIntervalEndingTask(sessionId, intervals, onFailureCallback, tim
|
|
|
563
565
|
}
|
|
564
566
|
}, timeout);
|
|
565
567
|
}
|
|
566
|
-
var createVerifyProofResultSuccess = (proofs, isTeeAttestationVerified) => {
|
|
568
|
+
var createVerifyProofResultSuccess = (proofs, isTeeAttestationVerified, isAttestorTeeAttestationVerified) => {
|
|
567
569
|
return {
|
|
568
570
|
isVerified: true,
|
|
569
571
|
isTeeAttestationVerified,
|
|
572
|
+
isAttestorTeeAttestationVerified,
|
|
570
573
|
error: void 0,
|
|
571
574
|
data: proofs.map(createTrustedDataFromProofData),
|
|
572
575
|
publicData: getPublicDataFromProofs(proofs)
|
|
573
576
|
};
|
|
574
577
|
};
|
|
575
|
-
var createVerifyProofResultFailure = (error, isTeeAttestationVerified) => {
|
|
578
|
+
var createVerifyProofResultFailure = (error, isTeeAttestationVerified, isAttestorTeeAttestationVerified) => {
|
|
576
579
|
return {
|
|
577
580
|
isVerified: false,
|
|
578
581
|
isTeeAttestationVerified,
|
|
582
|
+
isAttestorTeeAttestationVerified,
|
|
579
583
|
error,
|
|
580
584
|
data: [],
|
|
581
585
|
publicData: []
|
|
@@ -651,6 +655,43 @@ var constants = {
|
|
|
651
655
|
// Chrome extension URL for Reclaim Protocol
|
|
652
656
|
CHROME_EXTENSION_URL: "https://chromewebstore.google.com/detail/reclaim-extension/oafieibbbcepkmenknelhmgaoahamdeh"
|
|
653
657
|
};
|
|
658
|
+
var GCP_CONFIDENTIAL_SPACE_ROOT_CA = `-----BEGIN CERTIFICATE-----
|
|
659
|
+
MIIGCDCCA/CgAwIBAgITYBvRy5g9aYYMh7tJS7pFwafL6jANBgkqhkiG9w0BAQsF
|
|
660
|
+
ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT
|
|
661
|
+
DU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxFTATBgNVBAsTDEdv
|
|
662
|
+
b2dsZSBDbG91ZDEjMCEGA1UEAxMaQ29uZmlkZW50aWFsIFNwYWNlIFJvb3QgQ0Ew
|
|
663
|
+
HhcNMjQwMTE5MjIxMDUwWhcNMzQwMTE2MjIxMDQ5WjCBizELMAkGA1UEBhMCVVMx
|
|
664
|
+
EzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzAR
|
|
665
|
+
BgNVBAoTCkdvb2dsZSBMTEMxFTATBgNVBAsTDEdvb2dsZSBDbG91ZDEjMCEGA1UE
|
|
666
|
+
AxMaQ29uZmlkZW50aWFsIFNwYWNlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUA
|
|
667
|
+
A4ICDwAwggIKAoICAQCvRuZasczAqhMZe1ODHJ6MFLX8EYVV+RN7xiO9GpuA53iz
|
|
668
|
+
l9Oxgp3NXik3FbYn+7bcIkMMSQpCr6K0jbSQCZT6d5P5PJT5DpNGYjLHkW67/fl+
|
|
669
|
+
Bu7eSMb0qRCa1jS+3OhNK7t7SIaHm1XdmSRghjwoglKRuk3CGrF4Zia9RcE/p2MU
|
|
670
|
+
69GyJZpqHYwTplNr3x4zF+2nJk86GywDP+sGwSPWfcmqY04VQD7ZPDEZZ/qgzdoL
|
|
671
|
+
5ilE92eQnAsy+6m6LxBEHHVcFpfDtNVUIt2VMCWLBeOKUQcn5js756xblInqw/Qt
|
|
672
|
+
QRR0An0yfRjBuGvmMjAwETDo5ETY/fc+nbQVYJzNQTc9EOpFFWPpw/ZjFcN9Amnd
|
|
673
|
+
dxYUETFXPmBYerMez0LKNtGpfKYHHhMMTI3mj0m/V9fCbfh2YbBUnMS2Swd20YSI
|
|
674
|
+
Mi/HiGaqOpGUqXMeQVw7phGTS3QYK8ZM65sC/QhIQzXdsiLDgFBitVnlIu3lIv6C
|
|
675
|
+
uiHvXeSJBRlRxQ8Vu+t6J7hBdl0etWBKAu9Vti46af5cjC03dspkHR3MAUGcrLWE
|
|
676
|
+
TkQ0msQAKvIAlwyQRLuQOI5D6pF+6af1Nbl+vR7sLCbDWdMqm1E9X6KyFKd6e3rn
|
|
677
|
+
E9O4dkFJp35WvR2gqIAkUoa+Vq1MXLFYG4imanZKH0igrIblbawRCr3Gr24FXQID
|
|
678
|
+
AQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
|
|
679
|
+
FgQUF+fBOE6Th1snpKuvIb6S8/mtPL4wHwYDVR0jBBgwFoAUF+fBOE6Th1snpKuv
|
|
680
|
+
Ib6S8/mtPL4wDQYJKoZIhvcNAQELBQADggIBAGtCuV5eHxWcffylK9GPumaD6Yjd
|
|
681
|
+
cs76KDBe3mky5ItBIrEOeZq3z47zM4dbKZHhFuoq4yAaO1MyApnG0w9wIQLBDndI
|
|
682
|
+
ovtkw6j9/64aqPWpNaoB5MB0SahCUCgI83Dx9SRqGmjPI/MTMfwDLdE5EF9gFmVI
|
|
683
|
+
oH62YnG2aa/sc6m/8wIK8WtTJazEI16/8GPG4ZUhwT6aR3IGGnEBPMbMd5VZQ0Hw
|
|
684
|
+
VbHBKWK3UykaSCxnEg8uaNx/rhNaOWuWtos4qL00dYyGV7ZXg4fpAq7244QUgkWV
|
|
685
|
+
AtVcU2SPBjDd30OFHASnenDHRzQdOtHaxLp4a4WaY3jb2V6Sn3LfE8zSy6GevxmN
|
|
686
|
+
COIWW3xnPF8rwKz4ABEPqECe37zzu3W1nzZAFtdkhPBNnlWYkIusTMtU+8v6EPKp
|
|
687
|
+
GIIRphpaDhtGPJQukpENOfk2728lenPycRfjxwA96UKWq0dKZC45MwBEK9Jngn8Q
|
|
688
|
+
cPmpPmx7pSMkSxEX2Vos2JNaNmCKJd2VaXz8M6F2cxscRdh9TbAYAjGEEjE1nLUH
|
|
689
|
+
2YHDS8Y7xYNFIDSFaJAlqGcCUbzjGhrwHGj4voTe9ZvlmngrcA/ptSuBidvsnRDw
|
|
690
|
+
kNPLowCd0NqxYYSLNL7GroYCFPxoBpr+++4vsCaXalbs8iJxdU2EPqG4MB4xWKYg
|
|
691
|
+
uyT5CnJulxSC5CT1
|
|
692
|
+
-----END CERTIFICATE-----`;
|
|
693
|
+
var ATTESTOR_NONCE_PATTERN = /^attestor_public_key:0x([0-9a-fA-F]{40})$/;
|
|
694
|
+
var GCP_CONFIDENTIAL_SPACE_ISSUER = "https://confidentialcomputing.googleapis.com";
|
|
654
695
|
|
|
655
696
|
// src/utils/fetch.ts
|
|
656
697
|
var import_fetch_retry = __toESM(require("fetch-retry"));
|
|
@@ -1692,7 +1733,6 @@ function assertValidateProof(proofs, config) {
|
|
|
1692
1733
|
// src/utils/verifyTee.ts
|
|
1693
1734
|
var import_ethers5 = require("ethers");
|
|
1694
1735
|
var logger9 = logger_default.logger;
|
|
1695
|
-
var EXPECTED_ISSUER = "https://confidentialcomputing.googleapis.com";
|
|
1696
1736
|
var EXPECTED_HW_MODEL = "GCP_AMD_SEV";
|
|
1697
1737
|
var EXPECTED_TEE_PROVIDER = "gcp";
|
|
1698
1738
|
var EXPECTED_TEE_TECHNOLOGY = "amd-sev";
|
|
@@ -1979,8 +2019,8 @@ ${teeAttestation.verifier.image_digest}`
|
|
|
1979
2019
|
function verifyGcpClaims(teeAttestation, expectedNonce) {
|
|
1980
2020
|
return __async(this, null, function* () {
|
|
1981
2021
|
var _a;
|
|
1982
|
-
const claims = yield verifyJwtSignature(teeAttestation.attestation.token,
|
|
1983
|
-
assert(claims.iss ===
|
|
2022
|
+
const claims = yield verifyJwtSignature(teeAttestation.attestation.token, GCP_CONFIDENTIAL_SPACE_ISSUER);
|
|
2023
|
+
assert(claims.iss === GCP_CONFIDENTIAL_SPACE_ISSUER, `unexpected issuer: ${claims.iss}`);
|
|
1984
2024
|
assertAudienceClaim(claims.aud);
|
|
1985
2025
|
assert(Array.isArray(claims.eat_nonce), "eat_nonce claim missing");
|
|
1986
2026
|
const digestBinding = yield computeDigestBinding(teeAttestation);
|
|
@@ -2047,8 +2087,225 @@ function runTeeVerification(proofs, config) {
|
|
|
2047
2087
|
});
|
|
2048
2088
|
}
|
|
2049
2089
|
|
|
2050
|
-
// src/
|
|
2090
|
+
// src/utils/verifyAttestorTee.ts
|
|
2091
|
+
var import_crypto = __toESM(require("crypto"));
|
|
2092
|
+
var import_ethers6 = require("ethers");
|
|
2051
2093
|
var logger10 = logger_default.logger;
|
|
2094
|
+
var BROWSER_ENVIRONMENT_ERROR2 = "Attestor TEE attestation verification is only supported in non-browser environments. Run verifyAttestorTeeAttestation on your server or API route.";
|
|
2095
|
+
function isBrowserEnvironment2() {
|
|
2096
|
+
if (typeof window !== "undefined" || typeof document !== "undefined") {
|
|
2097
|
+
return true;
|
|
2098
|
+
}
|
|
2099
|
+
if (typeof navigator !== "undefined" && typeof process === "undefined") {
|
|
2100
|
+
return true;
|
|
2101
|
+
}
|
|
2102
|
+
const workerGlobalScope = globalThis.WorkerGlobalScope;
|
|
2103
|
+
if (typeof workerGlobalScope !== "undefined" && typeof self !== "undefined" && self instanceof workerGlobalScope) {
|
|
2104
|
+
return true;
|
|
2105
|
+
}
|
|
2106
|
+
return false;
|
|
2107
|
+
}
|
|
2108
|
+
function assertNonBrowserEnvironment2() {
|
|
2109
|
+
if (isBrowserEnvironment2()) {
|
|
2110
|
+
throw new Error(BROWSER_ENVIRONMENT_ERROR2);
|
|
2111
|
+
}
|
|
2112
|
+
}
|
|
2113
|
+
var TOKEN_CLOCK_SKEW_S2 = 60;
|
|
2114
|
+
function decodeBase64Url2(input) {
|
|
2115
|
+
const normalized = input.replace(/-/g, "+").replace(/_/g, "/");
|
|
2116
|
+
const padded = normalized + "=".repeat((4 - normalized.length % 4) % 4);
|
|
2117
|
+
return Buffer.from(padded, "base64");
|
|
2118
|
+
}
|
|
2119
|
+
function normalizeAddress(address) {
|
|
2120
|
+
return address.trim().toLowerCase().replace(/^0x/, "");
|
|
2121
|
+
}
|
|
2122
|
+
function verifyX5cChain(x5cChain) {
|
|
2123
|
+
if (!x5cChain || x5cChain.length === 0) {
|
|
2124
|
+
throw new Error("Empty x5c certificate chain");
|
|
2125
|
+
}
|
|
2126
|
+
const certs = x5cChain.map(
|
|
2127
|
+
(b64) => new import_crypto.X509Certificate(`-----BEGIN CERTIFICATE-----
|
|
2128
|
+
${b64}
|
|
2129
|
+
-----END CERTIFICATE-----`)
|
|
2130
|
+
);
|
|
2131
|
+
const root = new import_crypto.X509Certificate(GCP_CONFIDENTIAL_SPACE_ROOT_CA);
|
|
2132
|
+
for (let i = 0; i < certs.length - 1; i++) {
|
|
2133
|
+
if (!certs[i].verify(certs[i + 1].publicKey)) {
|
|
2134
|
+
throw new Error(`Certificate chain verification failed at level ${i}`);
|
|
2135
|
+
}
|
|
2136
|
+
}
|
|
2137
|
+
const top = certs[certs.length - 1];
|
|
2138
|
+
if (!top.verify(root.publicKey)) {
|
|
2139
|
+
throw new Error("Certificate chain does not root to GCP Confidential Space Root CA");
|
|
2140
|
+
}
|
|
2141
|
+
return certs[0].publicKey;
|
|
2142
|
+
}
|
|
2143
|
+
function verifyAttestorTeeAttestation(report, expectedAttestorAddress) {
|
|
2144
|
+
return __async(this, null, function* () {
|
|
2145
|
+
var _a, _b, _c, _d, _e;
|
|
2146
|
+
try {
|
|
2147
|
+
assertNonBrowserEnvironment2();
|
|
2148
|
+
if (!report || typeof report !== "string") {
|
|
2149
|
+
throw new Error("attestation report is empty or not a string");
|
|
2150
|
+
}
|
|
2151
|
+
if (!expectedAttestorAddress || typeof expectedAttestorAddress !== "string") {
|
|
2152
|
+
throw new Error("expectedAttestorAddress is required");
|
|
2153
|
+
}
|
|
2154
|
+
const parts = report.split(".");
|
|
2155
|
+
if (parts.length !== 3) {
|
|
2156
|
+
throw new Error("attestation report is not a JWT (expected 3 parts)");
|
|
2157
|
+
}
|
|
2158
|
+
const [headerB64, payloadB64, signatureB64] = parts;
|
|
2159
|
+
const header = JSON.parse(decodeBase64Url2(headerB64).toString("utf8"));
|
|
2160
|
+
const payload = JSON.parse(decodeBase64Url2(payloadB64).toString("utf8"));
|
|
2161
|
+
if (header.alg !== "RS256") {
|
|
2162
|
+
throw new Error(`unexpected signing algorithm: ${header.alg}`);
|
|
2163
|
+
}
|
|
2164
|
+
if (!Array.isArray(header.x5c) || header.x5c.length === 0) {
|
|
2165
|
+
throw new Error("attestation report is missing x5c certificate chain");
|
|
2166
|
+
}
|
|
2167
|
+
if (payload.iss !== GCP_CONFIDENTIAL_SPACE_ISSUER) {
|
|
2168
|
+
throw new Error(`unexpected issuer: ${payload.iss}`);
|
|
2169
|
+
}
|
|
2170
|
+
const now = Math.floor(Date.now() / 1e3);
|
|
2171
|
+
if (typeof payload.nbf === "number" && now + TOKEN_CLOCK_SKEW_S2 < payload.nbf) {
|
|
2172
|
+
throw new Error(`attestation not yet valid (nbf=${payload.nbf})`);
|
|
2173
|
+
}
|
|
2174
|
+
if (typeof payload.exp === "number" && now - TOKEN_CLOCK_SKEW_S2 > payload.exp) {
|
|
2175
|
+
throw new Error(`attestation expired (exp=${payload.exp})`);
|
|
2176
|
+
}
|
|
2177
|
+
if (typeof payload.iat === "number" && payload.iat > now + TOKEN_CLOCK_SKEW_S2) {
|
|
2178
|
+
throw new Error(`attestation issued in future (iat=${payload.iat})`);
|
|
2179
|
+
}
|
|
2180
|
+
const publicKey = verifyX5cChain(header.x5c);
|
|
2181
|
+
const verifier = import_crypto.default.createVerify("RSA-SHA256");
|
|
2182
|
+
verifier.update(`${headerB64}.${payloadB64}`);
|
|
2183
|
+
if (!verifier.verify(publicKey, new Uint8Array(decodeBase64Url2(signatureB64)))) {
|
|
2184
|
+
throw new Error("attestation signature verification failed");
|
|
2185
|
+
}
|
|
2186
|
+
if (!payload.eat_nonce) {
|
|
2187
|
+
throw new Error("eat_nonce claim is missing");
|
|
2188
|
+
}
|
|
2189
|
+
const nonces = Array.isArray(payload.eat_nonce) ? payload.eat_nonce : [payload.eat_nonce];
|
|
2190
|
+
let attestedAddress;
|
|
2191
|
+
for (const n of nonces) {
|
|
2192
|
+
const m = typeof n === "string" ? n.match(ATTESTOR_NONCE_PATTERN) : null;
|
|
2193
|
+
if (m) {
|
|
2194
|
+
attestedAddress = m[1];
|
|
2195
|
+
break;
|
|
2196
|
+
}
|
|
2197
|
+
}
|
|
2198
|
+
if (!attestedAddress) {
|
|
2199
|
+
throw new Error(
|
|
2200
|
+
`attestor_public_key nonce not found in eat_nonce: ${JSON.stringify(payload.eat_nonce)}`
|
|
2201
|
+
);
|
|
2202
|
+
}
|
|
2203
|
+
if (normalizeAddress(attestedAddress) !== normalizeAddress(expectedAttestorAddress)) {
|
|
2204
|
+
throw new Error(
|
|
2205
|
+
`attestor address mismatch: attestation binds to 0x${attestedAddress.toLowerCase()}, expected ${expectedAttestorAddress}`
|
|
2206
|
+
);
|
|
2207
|
+
}
|
|
2208
|
+
const imageDigest = (_e = (_b = (_a = payload.submods) == null ? void 0 : _a.container) == null ? void 0 : _b.image_digest) != null ? _e : (_d = (_c = payload.google) == null ? void 0 : _c.compute_engine) == null ? void 0 : _d.image_digest;
|
|
2209
|
+
return { isVerified: true, imageDigest };
|
|
2210
|
+
} catch (error) {
|
|
2211
|
+
return {
|
|
2212
|
+
isVerified: false,
|
|
2213
|
+
error: error instanceof Error ? error.message : String(error)
|
|
2214
|
+
};
|
|
2215
|
+
}
|
|
2216
|
+
});
|
|
2217
|
+
}
|
|
2218
|
+
function normalizeAttestorAddress(address) {
|
|
2219
|
+
return address.trim().toLowerCase();
|
|
2220
|
+
}
|
|
2221
|
+
function normalizeSignature(sig) {
|
|
2222
|
+
return sig.trim().toLowerCase();
|
|
2223
|
+
}
|
|
2224
|
+
function verifyAttestorTeeForProof(proof, config) {
|
|
2225
|
+
return __async(this, null, function* () {
|
|
2226
|
+
var _a;
|
|
2227
|
+
if (!proof.witnesses || proof.witnesses.length === 0) {
|
|
2228
|
+
throw new AttestorTeeVerificationError("Proof has no witnesses");
|
|
2229
|
+
}
|
|
2230
|
+
const expectedDigests = (_a = config.expectedImageDigests) == null ? void 0 : _a.map((d) => d.trim());
|
|
2231
|
+
const proofSignatures = new Set((proof.signatures || []).map(normalizeSignature));
|
|
2232
|
+
const claimSignData = createSignDataForClaim(proof.claimData);
|
|
2233
|
+
for (const witness of proof.witnesses) {
|
|
2234
|
+
const att = witness.claimAttestation;
|
|
2235
|
+
if (!att) {
|
|
2236
|
+
throw new AttestorTeeVerificationError(
|
|
2237
|
+
`Witness ${witness.id} is missing claimAttestation`
|
|
2238
|
+
);
|
|
2239
|
+
}
|
|
2240
|
+
if (normalizeAttestorAddress(att.attestor_address) !== normalizeAttestorAddress(witness.id)) {
|
|
2241
|
+
throw new AttestorTeeVerificationError(
|
|
2242
|
+
`claimAttestation.attestor_address ${att.attestor_address} does not match witness id ${witness.id}`
|
|
2243
|
+
);
|
|
2244
|
+
}
|
|
2245
|
+
if (!proofSignatures.has(normalizeSignature(att.claim_signature))) {
|
|
2246
|
+
throw new AttestorTeeVerificationError(
|
|
2247
|
+
`claimAttestation.claim_signature for witness ${witness.id} is not present in proof.signatures`
|
|
2248
|
+
);
|
|
2249
|
+
}
|
|
2250
|
+
let recoveredSigner;
|
|
2251
|
+
try {
|
|
2252
|
+
recoveredSigner = import_ethers6.ethers.verifyMessage(claimSignData, att.claim_signature);
|
|
2253
|
+
} catch (error) {
|
|
2254
|
+
throw new AttestorTeeVerificationError(
|
|
2255
|
+
`Failed to recover signer from claimAttestation.claim_signature for witness ${witness.id}`,
|
|
2256
|
+
error
|
|
2257
|
+
);
|
|
2258
|
+
}
|
|
2259
|
+
if (normalizeAttestorAddress(recoveredSigner) !== normalizeAttestorAddress(witness.id)) {
|
|
2260
|
+
throw new AttestorTeeVerificationError(
|
|
2261
|
+
`claim_signature recovers to ${recoveredSigner}, expected attestor ${witness.id}`
|
|
2262
|
+
);
|
|
2263
|
+
}
|
|
2264
|
+
const result = yield verifyAttestorTeeAttestation(att.attestation_report, witness.id);
|
|
2265
|
+
if (!result.isVerified) {
|
|
2266
|
+
throw new AttestorTeeVerificationError(
|
|
2267
|
+
`Attestor TEE attestation verification failed for witness ${witness.id}: ${result.error}`
|
|
2268
|
+
);
|
|
2269
|
+
}
|
|
2270
|
+
if (expectedDigests && expectedDigests.length > 0) {
|
|
2271
|
+
if (!result.imageDigest) {
|
|
2272
|
+
throw new AttestorTeeVerificationError(
|
|
2273
|
+
`Attestor TEE attestation for witness ${witness.id} did not expose an image digest to check against expectedImageDigests`
|
|
2274
|
+
);
|
|
2275
|
+
}
|
|
2276
|
+
if (!expectedDigests.includes(result.imageDigest)) {
|
|
2277
|
+
throw new AttestorTeeVerificationError(
|
|
2278
|
+
`Attestor image digest ${result.imageDigest} for witness ${witness.id} is not in expectedImageDigests`
|
|
2279
|
+
);
|
|
2280
|
+
}
|
|
2281
|
+
}
|
|
2282
|
+
}
|
|
2283
|
+
});
|
|
2284
|
+
}
|
|
2285
|
+
function runAttestorTeeVerification(_0) {
|
|
2286
|
+
return __async(this, arguments, function* (proofs, config = {}) {
|
|
2287
|
+
if (!proofs || proofs.length === 0) {
|
|
2288
|
+
throw new AttestorTeeVerificationError("No proofs provided for attestor TEE verification");
|
|
2289
|
+
}
|
|
2290
|
+
try {
|
|
2291
|
+
for (const proof of proofs) {
|
|
2292
|
+
yield verifyAttestorTeeForProof(proof, config);
|
|
2293
|
+
}
|
|
2294
|
+
} catch (error) {
|
|
2295
|
+
logger10.error("Attestor TEE attestation verification failed:", error);
|
|
2296
|
+
if (error instanceof AttestorTeeVerificationError) {
|
|
2297
|
+
throw error;
|
|
2298
|
+
}
|
|
2299
|
+
throw new AttestorTeeVerificationError(
|
|
2300
|
+
"Attestor TEE attestation verification failed",
|
|
2301
|
+
error
|
|
2302
|
+
);
|
|
2303
|
+
}
|
|
2304
|
+
});
|
|
2305
|
+
}
|
|
2306
|
+
|
|
2307
|
+
// src/Reclaim.ts
|
|
2308
|
+
var logger11 = logger_default.logger;
|
|
2052
2309
|
var sdkVersion = require_package().version;
|
|
2053
2310
|
var SDK_TEE_ATTESTATION_VERSION = "v3";
|
|
2054
2311
|
function verifyProof(proofOrProofs, config) {
|
|
@@ -2067,16 +2324,21 @@ function verifyProof(proofOrProofs, config) {
|
|
|
2067
2324
|
}
|
|
2068
2325
|
yield assertValidateProof(proofs, config);
|
|
2069
2326
|
let isTeeAttestationVerified;
|
|
2327
|
+
let isAttestorTeeAttestationVerified;
|
|
2070
2328
|
if (config.teeAttestation && "dangerouslyDisableContentValidation" in config && config.dangerouslyDisableContentValidation) {
|
|
2071
|
-
|
|
2329
|
+
logger11.warn("teeAttestation is enabled but content validation is disabled \u2014 TEE attestation alone does not guarantee proof contents are valid");
|
|
2072
2330
|
}
|
|
2073
2331
|
if (config.teeAttestation) {
|
|
2074
2332
|
yield runTeeVerification(proofs, config.teeAttestation);
|
|
2075
2333
|
isTeeAttestationVerified = true;
|
|
2076
2334
|
}
|
|
2077
|
-
|
|
2335
|
+
if (config.attestorTeeAttestation) {
|
|
2336
|
+
yield runAttestorTeeVerification(proofs, config.attestorTeeAttestation);
|
|
2337
|
+
isAttestorTeeAttestationVerified = true;
|
|
2338
|
+
}
|
|
2339
|
+
return createVerifyProofResultSuccess(proofs, isTeeAttestationVerified, isAttestorTeeAttestationVerified);
|
|
2078
2340
|
} catch (error) {
|
|
2079
|
-
|
|
2341
|
+
logger11.error("Error in validating proof:", error);
|
|
2080
2342
|
const _error = error instanceof Error ? error : new Error(String(error));
|
|
2081
2343
|
return createVerifyProofResultFailure(_error);
|
|
2082
2344
|
}
|
|
@@ -2226,7 +2488,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
2226
2488
|
}
|
|
2227
2489
|
this.options = options;
|
|
2228
2490
|
this.sdkVersion = "js-" + sdkVersion;
|
|
2229
|
-
|
|
2491
|
+
logger11.info(`Initializing client with applicationId: ${this.applicationId}`);
|
|
2230
2492
|
}
|
|
2231
2493
|
/**
|
|
2232
2494
|
* Initializes a new Reclaim proof request instance with automatic signature generation and session creation.
|
|
@@ -2285,7 +2547,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
2285
2547
|
return proofRequestInstance;
|
|
2286
2548
|
} catch (error) {
|
|
2287
2549
|
console.error(error);
|
|
2288
|
-
|
|
2550
|
+
logger11.info("Failed to initialize ReclaimProofRequest", error);
|
|
2289
2551
|
throw new InitError("Failed to initialize ReclaimProofRequest", error);
|
|
2290
2552
|
}
|
|
2291
2553
|
});
|
|
@@ -2374,7 +2636,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
2374
2636
|
return proofRequestInstance;
|
|
2375
2637
|
} catch (error) {
|
|
2376
2638
|
console.error(error);
|
|
2377
|
-
|
|
2639
|
+
logger11.info("Failed to initialize ReclaimProofRequest with signature", error);
|
|
2378
2640
|
throw new InitError("Failed to initialize ReclaimProofRequest with signature", error);
|
|
2379
2641
|
}
|
|
2380
2642
|
});
|
|
@@ -2491,7 +2753,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
2491
2753
|
Intl.getCanonicalLocales(options.preferredLocale);
|
|
2492
2754
|
return true;
|
|
2493
2755
|
} catch (error) {
|
|
2494
|
-
|
|
2756
|
+
logger11.info("Failed to canonicalize locale", error);
|
|
2495
2757
|
return false;
|
|
2496
2758
|
}
|
|
2497
2759
|
}
|
|
@@ -2516,7 +2778,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
2516
2778
|
proofRequestInstance.cancelRedirectUrlOptions = cancelRedirectUrlOptions;
|
|
2517
2779
|
return proofRequestInstance;
|
|
2518
2780
|
} catch (error) {
|
|
2519
|
-
|
|
2781
|
+
logger11.info("Failed to parse JSON string in fromJsonString:", error);
|
|
2520
2782
|
throw new InvalidParamError("Invalid JSON string provided to fromJsonString");
|
|
2521
2783
|
}
|
|
2522
2784
|
});
|
|
@@ -2677,9 +2939,9 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
2677
2939
|
try {
|
|
2678
2940
|
validateModalOptions(options, "setModalOptions");
|
|
2679
2941
|
this.modalOptions = __spreadValues(__spreadValues({}, this.modalOptions), options);
|
|
2680
|
-
|
|
2942
|
+
logger11.info("Modal options set successfully");
|
|
2681
2943
|
} catch (error) {
|
|
2682
|
-
|
|
2944
|
+
logger11.info("Error setting modal options:", error);
|
|
2683
2945
|
throw new SetParamsError("Error setting modal options", error);
|
|
2684
2946
|
}
|
|
2685
2947
|
}
|
|
@@ -2709,7 +2971,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
2709
2971
|
this.context = JSON.parse(canonicalStringify(__spreadProps(__spreadValues({}, context), { reclaimSessionId: this.sessionId })));
|
|
2710
2972
|
this.applyAttestationContext();
|
|
2711
2973
|
} catch (error) {
|
|
2712
|
-
|
|
2974
|
+
logger11.info("Error setting context", error);
|
|
2713
2975
|
throw new SetContextError("Error setting context", error);
|
|
2714
2976
|
}
|
|
2715
2977
|
}
|
|
@@ -2741,7 +3003,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
2741
3003
|
this.context = { contextAddress: address, contextMessage: message, reclaimSessionId: this.sessionId };
|
|
2742
3004
|
this.applyAttestationContext();
|
|
2743
3005
|
} catch (error) {
|
|
2744
|
-
|
|
3006
|
+
logger11.info("Error setting context", error);
|
|
2745
3007
|
throw new SetContextError("Error setting context", error);
|
|
2746
3008
|
}
|
|
2747
3009
|
}
|
|
@@ -2776,7 +3038,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
2776
3038
|
validateParameters(params);
|
|
2777
3039
|
this.parameters = __spreadValues(__spreadValues({}, this.parameters), params);
|
|
2778
3040
|
} catch (error) {
|
|
2779
|
-
|
|
3041
|
+
logger11.info("Error Setting Params:", error);
|
|
2780
3042
|
throw new SetParamsError("Error setting params", error);
|
|
2781
3043
|
}
|
|
2782
3044
|
}
|
|
@@ -2800,7 +3062,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
2800
3062
|
validateFunctionParams([{ input: this.sessionId, paramName: "sessionId", isString: true }], "getAppCallbackUrl");
|
|
2801
3063
|
return this.appCallbackUrl || `${constants.DEFAULT_RECLAIM_CALLBACK_URL}${this.sessionId}`;
|
|
2802
3064
|
} catch (error) {
|
|
2803
|
-
|
|
3065
|
+
logger11.info("Error getting app callback url", error);
|
|
2804
3066
|
throw new GetAppCallbackUrlError("Error getting app callback url", error);
|
|
2805
3067
|
}
|
|
2806
3068
|
}
|
|
@@ -2824,7 +3086,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
2824
3086
|
validateFunctionParams([{ input: this.sessionId, paramName: "sessionId", isString: true }], "getCancelCallbackUrl");
|
|
2825
3087
|
return this.cancelCallbackUrl || `${constants.DEFAULT_RECLAIM_CANCEL_CALLBACK_URL}${this.sessionId}`;
|
|
2826
3088
|
} catch (error) {
|
|
2827
|
-
|
|
3089
|
+
logger11.info("Error getting cancel callback url", error);
|
|
2828
3090
|
throw new GetAppCallbackUrlError("Error getting cancel callback url", error);
|
|
2829
3091
|
}
|
|
2830
3092
|
}
|
|
@@ -2847,7 +3109,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
2847
3109
|
validateFunctionParams([{ input: this.sessionId, paramName: "sessionId", isString: true }], "getStatusUrl");
|
|
2848
3110
|
return `${constants.DEFAULT_RECLAIM_STATUS_URL}${this.sessionId}`;
|
|
2849
3111
|
} catch (error) {
|
|
2850
|
-
|
|
3112
|
+
logger11.info("Error fetching Status Url", error);
|
|
2851
3113
|
throw new GetStatusUrlError("Error fetching status url", error);
|
|
2852
3114
|
}
|
|
2853
3115
|
}
|
|
@@ -2917,7 +3179,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
2917
3179
|
Intl.getCanonicalLocales(options.preferredLocale);
|
|
2918
3180
|
return true;
|
|
2919
3181
|
} catch (error) {
|
|
2920
|
-
|
|
3182
|
+
logger11.info("Failed to canonicalize locale", error);
|
|
2921
3183
|
return false;
|
|
2922
3184
|
}
|
|
2923
3185
|
}
|
|
@@ -2929,24 +3191,24 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
2929
3191
|
try {
|
|
2930
3192
|
validateFunctionParams([{ input: signature, paramName: "signature", isString: true }], "setSignature");
|
|
2931
3193
|
this.signature = signature;
|
|
2932
|
-
|
|
3194
|
+
logger11.info(`Signature set successfully for applicationId: ${this.applicationId}`);
|
|
2933
3195
|
} catch (error) {
|
|
2934
|
-
|
|
3196
|
+
logger11.info("Error setting signature", error);
|
|
2935
3197
|
throw new SetSignatureError("Error setting signature", error);
|
|
2936
3198
|
}
|
|
2937
3199
|
}
|
|
2938
3200
|
generateSignature(applicationSecret) {
|
|
2939
3201
|
return __async(this, null, function* () {
|
|
2940
3202
|
try {
|
|
2941
|
-
const wallet = new
|
|
3203
|
+
const wallet = new import_ethers7.ethers.Wallet(applicationSecret);
|
|
2942
3204
|
const canonicalData = (0, import_canonicalize3.default)({ providerId: this.providerId, timestamp: this.timeStamp });
|
|
2943
3205
|
if (!canonicalData) {
|
|
2944
3206
|
throw new SignatureGeneratingError("Failed to canonicalize data for signing.");
|
|
2945
3207
|
}
|
|
2946
|
-
const messageHash =
|
|
2947
|
-
return yield wallet.signMessage(
|
|
3208
|
+
const messageHash = import_ethers7.ethers.keccak256(new TextEncoder().encode(canonicalData));
|
|
3209
|
+
return yield wallet.signMessage(import_ethers7.ethers.getBytes(messageHash));
|
|
2948
3210
|
} catch (err) {
|
|
2949
|
-
|
|
3211
|
+
logger11.info(`Error generating proof request for applicationId: ${this.applicationId}, providerId: ${this.providerId}, timeStamp: ${this.timeStamp}`);
|
|
2950
3212
|
throw new SignatureGeneratingError(`Error generating signature for applicationId: ${this.applicationId}`);
|
|
2951
3213
|
}
|
|
2952
3214
|
});
|
|
@@ -2987,7 +3249,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
2987
3249
|
return __async(this, null, function* () {
|
|
2988
3250
|
const newTab = preOpenedTab != null ? preOpenedTab : window.open("about:blank", "_blank");
|
|
2989
3251
|
const link = yield createLinkWithTemplateData(templateData, this.customSharePageUrl);
|
|
2990
|
-
|
|
3252
|
+
logger11.info("Opening portal in new tab: " + link);
|
|
2991
3253
|
if (newTab) {
|
|
2992
3254
|
this.portalTab = newTab;
|
|
2993
3255
|
newTab.location = link;
|
|
@@ -3017,7 +3279,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3017
3279
|
let link = yield createLinkWithTemplateData(templateData, this.customSharePageUrl);
|
|
3018
3280
|
const separator = link.includes("?") ? "&" : "?";
|
|
3019
3281
|
link = `${link}${separator}embedded=true`;
|
|
3020
|
-
|
|
3282
|
+
logger11.info("Embedding portal in iframe: " + link);
|
|
3021
3283
|
this.closeEmbeddedFlow();
|
|
3022
3284
|
const iframe = document.createElement("iframe");
|
|
3023
3285
|
iframe.src = link;
|
|
@@ -3129,7 +3391,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3129
3391
|
var _a, _b, _c;
|
|
3130
3392
|
const options = __spreadValues(__spreadValues({}, (_a = this.options) == null ? void 0 : _a.launchOptions), launchOptions);
|
|
3131
3393
|
const mode = (_b = options.verificationMode) != null ? _b : "portal";
|
|
3132
|
-
|
|
3394
|
+
logger11.info("Creating Request Url");
|
|
3133
3395
|
if (!this.signature) {
|
|
3134
3396
|
throw new SignatureNotFoundError("Signature is not set.");
|
|
3135
3397
|
}
|
|
@@ -3140,18 +3402,18 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3140
3402
|
const template = this.encodeTemplateData(templateData);
|
|
3141
3403
|
if (((_c = this.options) == null ? void 0 : _c.useAppClip) && getDeviceType() === "mobile" /* MOBILE */ && getMobileDeviceType() === "ios" /* IOS */) {
|
|
3142
3404
|
const appClipUrl = this.customAppClipUrl ? `${this.customAppClipUrl}&template=${template}` : `https://appclip.apple.com/id?p=org.reclaimprotocol.app.clip&template=${template}`;
|
|
3143
|
-
|
|
3405
|
+
logger11.info("App Clip Url created successfully: " + appClipUrl);
|
|
3144
3406
|
return appClipUrl;
|
|
3145
3407
|
}
|
|
3146
3408
|
const sharePageUrl = yield createLinkWithTemplateData(templateData, this.appSharePageUrl);
|
|
3147
|
-
|
|
3409
|
+
logger11.info("Share page Url created successfully: " + sharePageUrl);
|
|
3148
3410
|
return sharePageUrl;
|
|
3149
3411
|
}
|
|
3150
3412
|
const link = yield createLinkWithTemplateData(templateData, this.customSharePageUrl);
|
|
3151
|
-
|
|
3413
|
+
logger11.info("Request Url created successfully: " + link);
|
|
3152
3414
|
return link;
|
|
3153
3415
|
} catch (error) {
|
|
3154
|
-
|
|
3416
|
+
logger11.info("Error creating Request Url:", error);
|
|
3155
3417
|
throw error;
|
|
3156
3418
|
}
|
|
3157
3419
|
});
|
|
@@ -3210,11 +3472,11 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3210
3472
|
try {
|
|
3211
3473
|
const templateData = this.getTemplateData();
|
|
3212
3474
|
this.templateData = templateData;
|
|
3213
|
-
|
|
3475
|
+
logger11.info(`Triggering Reclaim flow (mode: ${mode})`);
|
|
3214
3476
|
const deviceType = getDeviceType();
|
|
3215
3477
|
updateSession(this.sessionId, "SESSION_STARTED" /* SESSION_STARTED */);
|
|
3216
3478
|
if (launchOptions && "target" in launchOptions && !launchOptions.target) {
|
|
3217
|
-
|
|
3479
|
+
logger11.warn("triggerReclaimFlow: target was provided but is null/undefined \u2014 falling back to default flow. Ensure the element exists in the DOM.");
|
|
3218
3480
|
}
|
|
3219
3481
|
if ((launchOptions == null ? void 0 : launchOptions.target) && mode === "portal") {
|
|
3220
3482
|
yield this.embedPortalIframe(templateData, launchOptions.target);
|
|
@@ -3227,7 +3489,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3227
3489
|
if ((_c = this.options) == null ? void 0 : _c.useBrowserExtension) {
|
|
3228
3490
|
const extensionAvailable = yield this.isBrowserExtensionAvailable();
|
|
3229
3491
|
if (extensionAvailable) {
|
|
3230
|
-
|
|
3492
|
+
logger11.info("Triggering browser extension flow");
|
|
3231
3493
|
this.triggerBrowserExtensionFlow();
|
|
3232
3494
|
return {
|
|
3233
3495
|
close: () => {
|
|
@@ -3239,16 +3501,16 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3239
3501
|
if (mode === "portal") {
|
|
3240
3502
|
yield this.openPortalTab(templateData);
|
|
3241
3503
|
} else {
|
|
3242
|
-
|
|
3504
|
+
logger11.info("Showing QR code modal with share page URL");
|
|
3243
3505
|
yield this.showQRCodeModal();
|
|
3244
3506
|
}
|
|
3245
3507
|
} else if (deviceType === "mobile" /* MOBILE */) {
|
|
3246
3508
|
if (mode === "app") {
|
|
3247
3509
|
if (((_d = this.options) == null ? void 0 : _d.useAppClip) && getMobileDeviceType() === "ios" /* IOS */) {
|
|
3248
|
-
|
|
3510
|
+
logger11.info("Redirecting to iOS app clip");
|
|
3249
3511
|
this.redirectToAppClip();
|
|
3250
3512
|
} else {
|
|
3251
|
-
|
|
3513
|
+
logger11.info("Redirecting to share page");
|
|
3252
3514
|
yield this.redirectToInstantApp(options);
|
|
3253
3515
|
}
|
|
3254
3516
|
} else {
|
|
@@ -3265,7 +3527,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3265
3527
|
tab: (_e = this.portalTab) != null ? _e : void 0
|
|
3266
3528
|
};
|
|
3267
3529
|
} catch (error) {
|
|
3268
|
-
|
|
3530
|
+
logger11.info("Error triggering Reclaim flow:", error);
|
|
3269
3531
|
throw error;
|
|
3270
3532
|
}
|
|
3271
3533
|
});
|
|
@@ -3313,7 +3575,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3313
3575
|
window.postMessage(message, "*");
|
|
3314
3576
|
});
|
|
3315
3577
|
} catch (error) {
|
|
3316
|
-
|
|
3578
|
+
logger11.info("Error checking Reclaim extension installed:", error);
|
|
3317
3579
|
return false;
|
|
3318
3580
|
}
|
|
3319
3581
|
});
|
|
@@ -3326,7 +3588,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3326
3588
|
extensionID: this.extensionID
|
|
3327
3589
|
};
|
|
3328
3590
|
window.postMessage(message, "*");
|
|
3329
|
-
|
|
3591
|
+
logger11.info("Browser extension flow triggered");
|
|
3330
3592
|
}
|
|
3331
3593
|
showQRCodeModal() {
|
|
3332
3594
|
return __async(this, null, function* () {
|
|
@@ -3335,7 +3597,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3335
3597
|
this.modal = new QRCodeModal(this.modalOptions);
|
|
3336
3598
|
yield this.modal.show(requestUrl);
|
|
3337
3599
|
} catch (error) {
|
|
3338
|
-
|
|
3600
|
+
logger11.info("Error showing QR code modal:", error);
|
|
3339
3601
|
throw error;
|
|
3340
3602
|
}
|
|
3341
3603
|
});
|
|
@@ -3346,7 +3608,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3346
3608
|
try {
|
|
3347
3609
|
const template = this.encodeTemplateData(this.templateData);
|
|
3348
3610
|
let instantAppUrl = this.buildSharePageUrl(template);
|
|
3349
|
-
|
|
3611
|
+
logger11.info("Redirecting to Android instant app: " + instantAppUrl);
|
|
3350
3612
|
const isDeferredDeeplinksFlowEnabled = (_a = options.canUseDeferredDeepLinksFlow) != null ? _a : false;
|
|
3351
3613
|
if (isDeferredDeeplinksFlowEnabled) {
|
|
3352
3614
|
instantAppUrl = instantAppUrl.replace("/verifier", "/link");
|
|
@@ -3396,7 +3658,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3396
3658
|
}
|
|
3397
3659
|
window.location.href = instantAppUrl;
|
|
3398
3660
|
} catch (error) {
|
|
3399
|
-
|
|
3661
|
+
logger11.info("Error redirecting to instant app:", error);
|
|
3400
3662
|
throw error;
|
|
3401
3663
|
}
|
|
3402
3664
|
});
|
|
@@ -3405,14 +3667,14 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3405
3667
|
try {
|
|
3406
3668
|
const template = this.encodeTemplateData(this.templateData);
|
|
3407
3669
|
const appClipUrl = this.customAppClipUrl ? `${this.customAppClipUrl}&template=${template}` : `https://appclip.apple.com/id?p=org.reclaimprotocol.app.clip&template=${template}`;
|
|
3408
|
-
|
|
3670
|
+
logger11.info("Redirecting to iOS app clip: " + appClipUrl);
|
|
3409
3671
|
const verifierUrl = `${this.appSharePageUrl}/?template=${template}`;
|
|
3410
3672
|
window.location.href = appClipUrl;
|
|
3411
3673
|
setTimeout(() => {
|
|
3412
3674
|
window.location.href = verifierUrl;
|
|
3413
3675
|
}, 5 * 1e3);
|
|
3414
3676
|
} catch (error) {
|
|
3415
|
-
|
|
3677
|
+
logger11.info("Error redirecting to app clip:", error);
|
|
3416
3678
|
throw error;
|
|
3417
3679
|
}
|
|
3418
3680
|
}
|
|
@@ -3493,13 +3755,13 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3493
3755
|
return __async(this, arguments, function* ({ onSuccess, onError, verificationConfig }) {
|
|
3494
3756
|
if (!this.sessionId) {
|
|
3495
3757
|
const message = "Session can't be started due to undefined value of sessionId";
|
|
3496
|
-
|
|
3758
|
+
logger11.info(message);
|
|
3497
3759
|
throw new SessionNotStartedError(message);
|
|
3498
3760
|
}
|
|
3499
|
-
|
|
3761
|
+
logger11.info("Starting session");
|
|
3500
3762
|
const sessionUpdatePollingInterval = 3 * 1e3;
|
|
3501
3763
|
const interval = setInterval(() => __async(this, null, function* () {
|
|
3502
|
-
var _a, _b, _c, _d, _e;
|
|
3764
|
+
var _a, _b, _c, _d, _e, _f;
|
|
3503
3765
|
try {
|
|
3504
3766
|
const statusUrlResponse = yield fetchStatusUrl(this.sessionId);
|
|
3505
3767
|
if (!statusUrlResponse.session) return;
|
|
@@ -3524,9 +3786,15 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3524
3786
|
if (statusUrlResponse.session.proofs && statusUrlResponse.session.proofs.length > 0) {
|
|
3525
3787
|
const proofs = statusUrlResponse.session.proofs;
|
|
3526
3788
|
if (this.claimCreationType === "createClaim" /* STANDALONE */) {
|
|
3527
|
-
const
|
|
3789
|
+
const sessionProviderVersion = statusUrlResponse.session.providerVersionString;
|
|
3790
|
+
const effectiveConfig = verificationConfig != null ? verificationConfig : {
|
|
3791
|
+
providerId: this.providerId,
|
|
3792
|
+
providerVersion: sessionProviderVersion || this.resolvedProviderVersion || "",
|
|
3793
|
+
allowedTags: ((_b = this.options) == null ? void 0 : _b.acceptAiProviders) ? ["ai"] : []
|
|
3794
|
+
};
|
|
3795
|
+
const result = yield verifyProof(proofs, effectiveConfig);
|
|
3528
3796
|
if (!result.isVerified) {
|
|
3529
|
-
|
|
3797
|
+
logger11.info(`Proofs not verified: count=${proofs == null ? void 0 : proofs.length}`);
|
|
3530
3798
|
throw new ProofNotVerifiedError(`Proofs not verified: count=${proofs == null ? void 0 : proofs.length}`, result.error);
|
|
3531
3799
|
}
|
|
3532
3800
|
}
|
|
@@ -3536,13 +3804,13 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3536
3804
|
onSuccess(proofs);
|
|
3537
3805
|
}
|
|
3538
3806
|
this.clearInterval();
|
|
3539
|
-
(
|
|
3807
|
+
(_c = this.modal) == null ? void 0 : _c.close();
|
|
3540
3808
|
this.closePortalTab();
|
|
3541
3809
|
this.closeEmbeddedFlow();
|
|
3542
3810
|
}
|
|
3543
3811
|
} else {
|
|
3544
3812
|
if (statusUrlResponse.session.statusV2 === "PROOF_SUBMISSION_FAILED" /* PROOF_SUBMISSION_FAILED */) {
|
|
3545
|
-
const errorMessage = ((
|
|
3813
|
+
const errorMessage = ((_d = statusUrlResponse.session.error) == null ? void 0 : _d.message) || "Proof submission failed";
|
|
3546
3814
|
throw new ProofSubmissionFailedError(errorMessage);
|
|
3547
3815
|
}
|
|
3548
3816
|
if (statusUrlResponse.session.statusV2 === "PROOF_SUBMITTED" /* PROOF_SUBMITTED */ || statusUrlResponse.session.statusV2 === "AI_PROOF_SUBMITTED" /* AI_PROOF_SUBMITTED */) {
|
|
@@ -3550,7 +3818,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3550
3818
|
onSuccess([]);
|
|
3551
3819
|
}
|
|
3552
3820
|
this.clearInterval();
|
|
3553
|
-
(
|
|
3821
|
+
(_e = this.modal) == null ? void 0 : _e.close();
|
|
3554
3822
|
this.closePortalTab();
|
|
3555
3823
|
this.closeEmbeddedFlow();
|
|
3556
3824
|
}
|
|
@@ -3560,7 +3828,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3560
3828
|
onError(e);
|
|
3561
3829
|
}
|
|
3562
3830
|
this.clearInterval();
|
|
3563
|
-
(
|
|
3831
|
+
(_f = this.modal) == null ? void 0 : _f.close();
|
|
3564
3832
|
this.closePortalTab();
|
|
3565
3833
|
this.closeEmbeddedFlow();
|
|
3566
3834
|
}
|
|
@@ -3584,7 +3852,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3584
3852
|
closeModal() {
|
|
3585
3853
|
if (this.modal) {
|
|
3586
3854
|
this.modal.close();
|
|
3587
|
-
|
|
3855
|
+
logger11.info("Modal closed by user");
|
|
3588
3856
|
}
|
|
3589
3857
|
}
|
|
3590
3858
|
/**
|
|
@@ -3604,7 +3872,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
|
|
|
3604
3872
|
};
|
|
3605
3873
|
|
|
3606
3874
|
// src/utils/signatureUtils.ts
|
|
3607
|
-
var
|
|
3875
|
+
var import_ethers8 = require("ethers");
|
|
3608
3876
|
var import_canonicalize4 = __toESM(require("canonicalize"));
|
|
3609
3877
|
function generateInitSignature(appSecret, providerId, timestamp) {
|
|
3610
3878
|
return __async(this, null, function* () {
|
|
@@ -3614,13 +3882,13 @@ function generateInitSignature(appSecret, providerId, timestamp) {
|
|
|
3614
3882
|
{ input: timestamp, paramName: "timestamp", isString: true }
|
|
3615
3883
|
], "generateInitSignature");
|
|
3616
3884
|
try {
|
|
3617
|
-
const wallet = new
|
|
3885
|
+
const wallet = new import_ethers8.ethers.Wallet(appSecret);
|
|
3618
3886
|
const canonicalData = (0, import_canonicalize4.default)({ providerId, timestamp });
|
|
3619
3887
|
if (!canonicalData) {
|
|
3620
3888
|
throw new SignatureGeneratingError("Failed to canonicalize data for signing.");
|
|
3621
3889
|
}
|
|
3622
|
-
const messageHash =
|
|
3623
|
-
return yield wallet.signMessage(
|
|
3890
|
+
const messageHash = import_ethers8.ethers.keccak256(new TextEncoder().encode(canonicalData));
|
|
3891
|
+
return yield wallet.signMessage(import_ethers8.ethers.getBytes(messageHash));
|
|
3624
3892
|
} catch (err) {
|
|
3625
3893
|
throw new SignatureGeneratingError(
|
|
3626
3894
|
`Error generating init signature for providerId: ${providerId}`,
|
|
@@ -3666,6 +3934,7 @@ function generateInitSignature(appSecret, providerId, timestamp) {
|
|
|
3666
3934
|
takeTemplateParametersFromProofs,
|
|
3667
3935
|
transformForOnchain,
|
|
3668
3936
|
updateSession,
|
|
3937
|
+
verifyAttestorTeeAttestation,
|
|
3669
3938
|
verifyProof,
|
|
3670
3939
|
verifyTeeAttestation
|
|
3671
3940
|
});
|