@solana-mobile/mobile-wallet-adapter-protocol 2.0.0 → 2.0.1

package/src/errors.ts

@@ -0,0 +1,93 @@
+// Typescript `enums` thwart tree-shaking. See https://bargsten.org/jsts/enums/
+export const SolanaMobileWalletAdapterErrorCode = {
+    ERROR_ASSOCIATION_PORT_OUT_OF_RANGE: 'ERROR_ASSOCIATION_PORT_OUT_OF_RANGE',
+    ERROR_FORBIDDEN_WALLET_BASE_URL: 'ERROR_FORBIDDEN_WALLET_BASE_URL',
+    ERROR_SECURE_CONTEXT_REQUIRED: 'ERROR_SECURE_CONTEXT_REQUIRED',
+    ERROR_SESSION_CLOSED: 'ERROR_SESSION_CLOSED',
+    ERROR_SESSION_TIMEOUT: 'ERROR_SESSION_TIMEOUT',
+    ERROR_WALLET_NOT_FOUND: 'ERROR_WALLET_NOT_FOUND',
+} as const;
+type SolanaMobileWalletAdapterErrorCodeEnum =
+    typeof SolanaMobileWalletAdapterErrorCode[keyof typeof SolanaMobileWalletAdapterErrorCode];
+
+type ErrorDataTypeMap = {
+    [SolanaMobileWalletAdapterErrorCode.ERROR_ASSOCIATION_PORT_OUT_OF_RANGE]: {
+        port: number;
+    };
+    [SolanaMobileWalletAdapterErrorCode.ERROR_FORBIDDEN_WALLET_BASE_URL]: undefined;
+    [SolanaMobileWalletAdapterErrorCode.ERROR_SECURE_CONTEXT_REQUIRED]: undefined;
+    [SolanaMobileWalletAdapterErrorCode.ERROR_SESSION_CLOSED]: {
+        closeEvent: CloseEvent;
+    };
+    [SolanaMobileWalletAdapterErrorCode.ERROR_SESSION_TIMEOUT]: undefined;
+    [SolanaMobileWalletAdapterErrorCode.ERROR_WALLET_NOT_FOUND]: undefined;
+};
+
+export class SolanaMobileWalletAdapterError<TErrorCode extends SolanaMobileWalletAdapterErrorCodeEnum> extends Error {
+    data: ErrorDataTypeMap[TErrorCode] | undefined;
+    code: TErrorCode;
+    constructor(
+        ...args: ErrorDataTypeMap[TErrorCode] extends Record<string, unknown>
+            ? [code: TErrorCode, message: string, data: ErrorDataTypeMap[TErrorCode]]
+            : [code: TErrorCode, message: string]
+    ) {
+        const [code, message, data] = args;
+        super(message);
+        this.code = code;
+        this.data = data;
+        this.name = 'SolanaMobileWalletAdapterError';
+    }
+}
+
+type JSONRPCErrorCode = number;
+
+// Typescript `enums` thwart tree-shaking. See https://bargsten.org/jsts/enums/
+export const SolanaMobileWalletAdapterProtocolErrorCode = {
+    // Keep these in sync with `mobilewalletadapter/common/ProtocolContract.java`.
+    ERROR_AUTHORIZATION_FAILED: -1,
+    ERROR_INVALID_PAYLOADS: -2,
+    ERROR_NOT_SIGNED: -3,
+    ERROR_NOT_SUBMITTED: -4,
+    ERROR_TOO_MANY_PAYLOADS: -5,
+    ERROR_ATTEST_ORIGIN_ANDROID: -100,
+} as const;
+type SolanaMobileWalletAdapterProtocolErrorCodeEnum =
+    typeof SolanaMobileWalletAdapterProtocolErrorCode[keyof typeof SolanaMobileWalletAdapterProtocolErrorCode];
+
+type ProtocolErrorDataTypeMap = {
+    [SolanaMobileWalletAdapterProtocolErrorCode.ERROR_AUTHORIZATION_FAILED]: undefined;
+    [SolanaMobileWalletAdapterProtocolErrorCode.ERROR_INVALID_PAYLOADS]: undefined;
+    [SolanaMobileWalletAdapterProtocolErrorCode.ERROR_NOT_SIGNED]: undefined;
+    [SolanaMobileWalletAdapterProtocolErrorCode.ERROR_NOT_SUBMITTED]: undefined;
+    [SolanaMobileWalletAdapterProtocolErrorCode.ERROR_TOO_MANY_PAYLOADS]: undefined;
+    [SolanaMobileWalletAdapterProtocolErrorCode.ERROR_ATTEST_ORIGIN_ANDROID]: {
+        attest_origin_uri: string;
+        challenge: string;
+        context: string;
+    };
+};
+
+export class SolanaMobileWalletAdapterProtocolError<
+    TErrorCode extends SolanaMobileWalletAdapterProtocolErrorCodeEnum,
+> extends Error {
+    data: ProtocolErrorDataTypeMap[TErrorCode] | undefined;
+    code: TErrorCode | JSONRPCErrorCode;
+    jsonRpcMessageId: number;
+    constructor(
+        ...args: ProtocolErrorDataTypeMap[TErrorCode] extends Record<string, unknown>
+            ? [
+                  jsonRpcMessageId: number,
+                  code: TErrorCode | JSONRPCErrorCode,
+                  message: string,
+                  data: ProtocolErrorDataTypeMap[TErrorCode],
+              ]
+            : [jsonRpcMessageId: number, code: TErrorCode | JSONRPCErrorCode, message: string]
+    ) {
+        const [jsonRpcMessageId, code, message, data] = args;
+        super(message);
+        this.code = code;
+        this.data = data;
+        this.jsonRpcMessageId = jsonRpcMessageId;
+        this.name = 'SolanaMobileWalletAdapterProtocolError';
+    }
+}

package/src/generateAssociationKeypair.ts

@@ -0,0 +1,10 @@
+export default async function generateAssociationKeypair(): Promise<CryptoKeyPair> {
+    return await crypto.subtle.generateKey(
+        {
+            name: 'ECDSA',
+            namedCurve: 'P-256',
+        },
+        false /* extractable */,
+        ['sign'] /* keyUsages */,
+    );
+}

package/src/generateECDHKeypair.ts

@@ -0,0 +1,10 @@
+export default async function generateECDHKeypair(): Promise<CryptoKeyPair> {
+    return await crypto.subtle.generateKey(
+        {
+            name: 'ECDH',
+            namedCurve: 'P-256',
+        },
+        false /* extractable */,
+        ['deriveKey', 'deriveBits'] /* keyUsages */,
+    );
+}

package/src/getAssociateAndroidIntentURL.ts

@@ -0,0 +1,52 @@
+import arrayBufferToBase64String from './arrayBufferToBase64String.js';
+import { assertAssociationPort } from './associationPort.js';
+import { SolanaMobileWalletAdapterError, SolanaMobileWalletAdapterErrorCode } from './errors.js';
+import getStringWithURLUnsafeBase64CharactersReplaced from './getStringWithURLUnsafeBase64CharactersReplaced.js';
+
+const INTENT_NAME = 'solana-wallet';
+
+function getPathParts(pathString: string) {
+    return (
+        pathString
+            // Strip leading and trailing slashes
+            .replace(/(^\/+|\/+$)/g, '')
+            // Return an array of directories
+            .split('/')
+    );
+}
+
+function getIntentURL(methodPathname: string, intentUrlBase?: string) {
+    let baseUrl: URL | null = null;
+    if (intentUrlBase) {
+        try {
+            baseUrl = new URL(intentUrlBase);
+        } catch {} // eslint-disable-line no-empty
+        if (baseUrl?.protocol !== 'https:') {
+            throw new SolanaMobileWalletAdapterError(
+                SolanaMobileWalletAdapterErrorCode.ERROR_FORBIDDEN_WALLET_BASE_URL,
+                'Base URLs supplied by wallets must be valid `https` URLs',
+            );
+        }
+    }
+    baseUrl ||= new URL(`${INTENT_NAME}:/`);
+    const pathname = methodPathname.startsWith('/')
+        ? // Method is an absolute path. Replace it wholesale.
+          methodPathname
+        : // Method is a relative path. Merge it with the existing one.
+          [...getPathParts(baseUrl.pathname), ...getPathParts(methodPathname)].join('/');
+    return new URL(pathname, baseUrl);
+}
+
+export default async function getAssociateAndroidIntentURL(
+    associationPublicKey: CryptoKey,
+    putativePort: number,
+    associationURLBase?: string,
+): Promise<URL> {
+    const associationPort = assertAssociationPort(putativePort);
+    const exportedKey = await crypto.subtle.exportKey('raw', associationPublicKey);
+    const encodedKey = arrayBufferToBase64String(exportedKey);
+    const url = getIntentURL('v1/associate/local', associationURLBase);
+    url.searchParams.set('association', getStringWithURLUnsafeBase64CharactersReplaced(encodedKey));
+    url.searchParams.set('port', `${associationPort}`);
+    return url;
+}

package/src/getJWS.ts

@@ -0,0 +1,19 @@
+import arrayBufferToBase64String from './arrayBufferToBase64String.js';
+
+export default async function getJWS(payload: string, privateKey: CryptoKey) {
+    const header = { alg: 'ES256' };
+    const headerEncoded = window.btoa(JSON.stringify(header));
+    const payloadEncoded = window.btoa(payload);
+    const message = `${headerEncoded}.${payloadEncoded}`;
+    const signatureBuffer = await crypto.subtle.sign(
+        {
+            name: 'ECDSA',
+            hash: 'SHA-256',
+        },
+        privateKey,
+        new TextEncoder().encode(message),
+    );
+    const signature = arrayBufferToBase64String(signatureBuffer);
+    const jws = `${message}.${signature}`;
+    return jws;
+}

package/src/getStringWithURLUnsafeBase64CharactersReplaced.ts

@@ -0,0 +1,11 @@
+export default function getStringWithURLUnsafeCharactersReplaced(unsafeBase64EncodedString: string): string {
+    return unsafeBase64EncodedString.replace(
+        /[/+=]/g,
+        (m) =>
+            ({
+                '/': '_',
+                '+': '-',
+                '=': '.',
+            }[m] as string),
+    );
+}

package/src/index.ts

@@ -0,0 +1,3 @@
+export * from './errors.js';
+export * from './transact.js';
+export * from './types.js';

package/src/jsonRpcMessage.ts

@@ -0,0 +1,81 @@
+import createSequenceNumberVector, { SEQUENCE_NUMBER_BYTES } from './createSequenceNumberVector.js';
+import { SolanaMobileWalletAdapterProtocolError } from './errors.js';
+import { SharedSecret } from './parseHelloRsp.js';
+
+const INITIALIZATION_VECTOR_BYTES = 12;
+
+interface JSONRPCRequest<TParams> {
+    id: number;
+    jsonrpc: '2.0';
+    method: string;
+    params: TParams;
+}
+
+type JSONRPCResponse<TMessage> = {
+    id: number;
+    jsonrpc: '2.0';
+    result: TMessage;
+};
+
+export async function encryptJsonRpcMessage<TParams>(
+    jsonRpcMessage: JSONRPCRequest<TParams>,
+    sharedSecret: SharedSecret,
+) {
+    const plaintext = JSON.stringify(jsonRpcMessage);
+    const sequenceNumberVector = createSequenceNumberVector(jsonRpcMessage.id);
+    const initializationVector = new Uint8Array(INITIALIZATION_VECTOR_BYTES);
+    crypto.getRandomValues(initializationVector);
+    const ciphertext = await crypto.subtle.encrypt(
+        getAlgorithmParams(sequenceNumberVector, initializationVector),
+        sharedSecret,
+        new TextEncoder().encode(plaintext),
+    );
+    const response = new Uint8Array(
+        sequenceNumberVector.byteLength + initializationVector.byteLength + ciphertext.byteLength,
+    );
+    response.set(new Uint8Array(sequenceNumberVector), 0);
+    response.set(new Uint8Array(initializationVector), sequenceNumberVector.byteLength);
+    response.set(new Uint8Array(ciphertext), sequenceNumberVector.byteLength + initializationVector.byteLength);
+    return response;
+}
+
+export async function decryptJsonRpcMessage<TMessage>(message: ArrayBuffer, sharedSecret: SharedSecret) {
+    const sequenceNumberVector = message.slice(0, SEQUENCE_NUMBER_BYTES);
+    const initializationVector = message.slice(
+        SEQUENCE_NUMBER_BYTES,
+        SEQUENCE_NUMBER_BYTES + INITIALIZATION_VECTOR_BYTES,
+    );
+    const ciphertext = message.slice(SEQUENCE_NUMBER_BYTES + INITIALIZATION_VECTOR_BYTES);
+    const plaintextBuffer = await crypto.subtle.decrypt(
+        getAlgorithmParams(sequenceNumberVector, initializationVector),
+        sharedSecret,
+        ciphertext,
+    );
+    const plaintext = getUtf8Decoder().decode(plaintextBuffer);
+    const jsonRpcMessage = JSON.parse(plaintext);
+    if (Object.hasOwnProperty.call(jsonRpcMessage, 'error')) {
+        throw new SolanaMobileWalletAdapterProtocolError<typeof jsonRpcMessage.error.code>(
+            jsonRpcMessage.id,
+            jsonRpcMessage.error.code,
+            jsonRpcMessage.error.message,
+        );
+    }
+    return jsonRpcMessage as JSONRPCResponse<TMessage>;
+}
+
+function getAlgorithmParams(sequenceNumber: ArrayBuffer, initializationVector: ArrayBuffer) {
+    return {
+        additionalData: sequenceNumber,
+        iv: initializationVector,
+        name: 'AES-GCM',
+        tagLength: 128, // 16 byte tag => 128 bits
+    };
+}
+
+let _utf8Decoder: TextDecoder | undefined;
+function getUtf8Decoder() {
+    if (_utf8Decoder === undefined) {
+        _utf8Decoder = new TextDecoder('utf-8');
+    }
+    return _utf8Decoder;
+}

package/src/parseHelloRsp.ts

@@ -0,0 +1,44 @@
+/**
+ * A secret agreed upon by the app and the wallet. Used as
+ * a symmetric key to encrypt and decrypt messages over an
+ * unsecured channel.
+ */
+export type SharedSecret = CryptoKey;
+
+export default async function parseHelloRsp(
+    payloadBuffer: ArrayBuffer, // The X9.62-encoded wallet endpoint ephemeral ECDH public keypoint.
+    associationPublicKey: CryptoKey,
+    ecdhPrivateKey: CryptoKey,
+): Promise<SharedSecret> {
+    const [associationPublicKeyBuffer, walletPublicKey] = await Promise.all([
+        crypto.subtle.exportKey('raw', associationPublicKey),
+        crypto.subtle.importKey(
+            'raw',
+            payloadBuffer,
+            { name: 'ECDH', namedCurve: 'P-256' },
+            false /* extractable */,
+            [] /* keyUsages */,
+        ),
+    ]);
+    const sharedSecret = await crypto.subtle.deriveBits({ name: 'ECDH', public: walletPublicKey }, ecdhPrivateKey, 256);
+    const ecdhSecretKey = await crypto.subtle.importKey(
+        'raw',
+        sharedSecret,
+        'HKDF',
+        false /* extractable */,
+        ['deriveKey'] /* keyUsages */,
+    );
+    const aesKeyMaterialVal = await crypto.subtle.deriveKey(
+        {
+            name: 'HKDF',
+            hash: 'SHA-256',
+            salt: new Uint8Array(associationPublicKeyBuffer),
+            info: new Uint8Array(),
+        },
+        ecdhSecretKey,
+        { name: 'AES-GCM', length: 128 },
+        false /* extractable */,
+        ['encrypt', 'decrypt'],
+    );
+    return aesKeyMaterialVal as SharedSecret;
+}

package/src/startSession.ts

@@ -0,0 +1,94 @@
+import { AssociationPort, getRandomAssociationPort } from './associationPort.js';
+import { SolanaMobileWalletAdapterError, SolanaMobileWalletAdapterErrorCode } from './errors.js';
+import getAssociateAndroidIntentURL from './getAssociateAndroidIntentURL.js';
+
+// Typescript `enums` thwart tree-shaking. See https://bargsten.org/jsts/enums/
+const Browser = {
+    Firefox: 0,
+    Other: 1,
+} as const;
+type BrowserEnum = typeof Browser[keyof typeof Browser];
+
+function assertUnreachable(x: never): never {
+    return x;
+}
+
+function getBrowser(): BrowserEnum {
+    return navigator.userAgent.indexOf('Firefox/') !== -1 ? Browser.Firefox : Browser.Other;
+}
+
+function getDetectionPromise() {
+    // Chrome and others silently fail if a custom protocol is not supported.
+    // For these, we wait to see if the browser is navigated away from in
+    // a reasonable amount of time (ie. the native wallet opened).
+    return new Promise<void>((resolve, reject) => {
+        function cleanup() {
+            clearTimeout(timeoutId);
+            window.removeEventListener('blur', handleBlur);
+        }
+        function handleBlur() {
+            cleanup();
+            resolve();
+        }
+        window.addEventListener('blur', handleBlur);
+        const timeoutId = setTimeout(() => {
+            cleanup();
+            reject();
+        }, 2000);
+    });
+}
+
+let _frame: HTMLIFrameElement | null = null;
+function launchUrlThroughHiddenFrame(url: URL) {
+    if (_frame == null) {
+        _frame = document.createElement('iframe');
+        _frame.style.display = 'none';
+        document.body.appendChild(_frame);
+    }
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+    _frame.contentWindow!.location.href = url.toString();
+}
+
+export async function startSession(
+    associationPublicKey: CryptoKey,
+    associationURLBase?: string,
+): Promise<AssociationPort> {
+    const randomAssociationPort = getRandomAssociationPort();
+    const associationUrl = await getAssociateAndroidIntentURL(
+        associationPublicKey,
+        randomAssociationPort,
+        associationURLBase,
+    );
+    if (associationUrl.protocol === 'https:') {
+        // The association URL is an Android 'App Link' or iOS 'Universal Link'.
+        // These are regular web URLs that are designed to launch an app if it
+        // is installed or load the actual target webpage if not.
+        window.location.assign(associationUrl);
+    } else {
+        // The association URL has a custom protocol (eg. `solana-wallet:`)
+        try {
+            const browser = getBrowser();
+            switch (browser) {
+                case Browser.Firefox:
+                    // If a custom protocol is not supported in Firefox, it throws.
+                    launchUrlThroughHiddenFrame(associationUrl);
+                    // If we reached this line, it's supported.
+                    break;
+                case Browser.Other: {
+                    const detectionPromise = getDetectionPromise();
+                    window.location.assign(associationUrl);
+                    await detectionPromise;
+                    break;
+                }
+                default:
+                    assertUnreachable(browser);
+            }
+        } catch (e) {
+            throw new SolanaMobileWalletAdapterError(
+                SolanaMobileWalletAdapterErrorCode.ERROR_WALLET_NOT_FOUND,
+                'Found no installed wallet that supports the mobile wallet protocol.',
+            );
+        }
+    }
+    return randomAssociationPort;
+}