@solana-mobile/mobile-wallet-adapter-protocol 2.1.5 → 2.1.6

package/src/errors.ts

@@ -0,0 +1,101 @@
+// Typescript `enums` thwart tree-shaking. See https://bargsten.org/jsts/enums/
+export const SolanaMobileWalletAdapterErrorCode = {
+    ERROR_ASSOCIATION_PORT_OUT_OF_RANGE: 'ERROR_ASSOCIATION_PORT_OUT_OF_RANGE',
+    ERROR_REFLECTOR_ID_OUT_OF_RANGE: 'ERROR_REFLECTOR_ID_OUT_OF_RANGE',
+    ERROR_FORBIDDEN_WALLET_BASE_URL: 'ERROR_FORBIDDEN_WALLET_BASE_URL',
+    ERROR_SECURE_CONTEXT_REQUIRED: 'ERROR_SECURE_CONTEXT_REQUIRED',
+    ERROR_SESSION_CLOSED: 'ERROR_SESSION_CLOSED',
+    ERROR_SESSION_TIMEOUT: 'ERROR_SESSION_TIMEOUT',
+    ERROR_WALLET_NOT_FOUND: 'ERROR_WALLET_NOT_FOUND',
+    ERROR_INVALID_PROTOCOL_VERSION: 'ERROR_INVALID_PROTOCOL_VERSION',
+    ERROR_BROWSER_NOT_SUPPORTED: 'ERROR_BROWSER_NOT_SUPPORTED',
+} as const;
+type SolanaMobileWalletAdapterErrorCodeEnum =
+    typeof SolanaMobileWalletAdapterErrorCode[keyof typeof SolanaMobileWalletAdapterErrorCode];
+
+type ErrorDataTypeMap = {
+    [SolanaMobileWalletAdapterErrorCode.ERROR_ASSOCIATION_PORT_OUT_OF_RANGE]: {
+        port: number;
+    };
+    [SolanaMobileWalletAdapterErrorCode.ERROR_REFLECTOR_ID_OUT_OF_RANGE]: {
+        id: number;
+    };
+    [SolanaMobileWalletAdapterErrorCode.ERROR_FORBIDDEN_WALLET_BASE_URL]: undefined;
+    [SolanaMobileWalletAdapterErrorCode.ERROR_SECURE_CONTEXT_REQUIRED]: undefined;
+    [SolanaMobileWalletAdapterErrorCode.ERROR_SESSION_CLOSED]: {
+        closeEvent: CloseEvent;
+    };
+    [SolanaMobileWalletAdapterErrorCode.ERROR_SESSION_TIMEOUT]: undefined;
+    [SolanaMobileWalletAdapterErrorCode.ERROR_WALLET_NOT_FOUND]: undefined;
+    [SolanaMobileWalletAdapterErrorCode.ERROR_INVALID_PROTOCOL_VERSION]: undefined;
+    [SolanaMobileWalletAdapterErrorCode.ERROR_BROWSER_NOT_SUPPORTED]: undefined;
+};
+
+export class SolanaMobileWalletAdapterError<TErrorCode extends SolanaMobileWalletAdapterErrorCodeEnum> extends Error {
+    data: ErrorDataTypeMap[TErrorCode] | undefined;
+    code: TErrorCode;
+    constructor(
+        ...args: ErrorDataTypeMap[TErrorCode] extends Record<string, unknown>
+            ? [code: TErrorCode, message: string, data: ErrorDataTypeMap[TErrorCode]]
+            : [code: TErrorCode, message: string]
+    ) {
+        const [code, message, data] = args;
+        super(message);
+        this.code = code;
+        this.data = data;
+        this.name = 'SolanaMobileWalletAdapterError';
+    }
+}
+
+type JSONRPCErrorCode = number;
+
+// Typescript `enums` thwart tree-shaking. See https://bargsten.org/jsts/enums/
+export const SolanaMobileWalletAdapterProtocolErrorCode = {
+    // Keep these in sync with `mobilewalletadapter/common/ProtocolContract.java`.
+    ERROR_AUTHORIZATION_FAILED: -1,
+    ERROR_INVALID_PAYLOADS: -2,
+    ERROR_NOT_SIGNED: -3,
+    ERROR_NOT_SUBMITTED: -4,
+    ERROR_TOO_MANY_PAYLOADS: -5,
+    ERROR_ATTEST_ORIGIN_ANDROID: -100,
+} as const;
+type SolanaMobileWalletAdapterProtocolErrorCodeEnum =
+    typeof SolanaMobileWalletAdapterProtocolErrorCode[keyof typeof SolanaMobileWalletAdapterProtocolErrorCode];
+
+type ProtocolErrorDataTypeMap = {
+    [SolanaMobileWalletAdapterProtocolErrorCode.ERROR_AUTHORIZATION_FAILED]: undefined;
+    [SolanaMobileWalletAdapterProtocolErrorCode.ERROR_INVALID_PAYLOADS]: undefined;
+    [SolanaMobileWalletAdapterProtocolErrorCode.ERROR_NOT_SIGNED]: undefined;
+    [SolanaMobileWalletAdapterProtocolErrorCode.ERROR_NOT_SUBMITTED]: undefined;
+    [SolanaMobileWalletAdapterProtocolErrorCode.ERROR_TOO_MANY_PAYLOADS]: undefined;
+    [SolanaMobileWalletAdapterProtocolErrorCode.ERROR_ATTEST_ORIGIN_ANDROID]: {
+        attest_origin_uri: string;
+        challenge: string;
+        context: string;
+    };
+};
+
+export class SolanaMobileWalletAdapterProtocolError<
+    TErrorCode extends SolanaMobileWalletAdapterProtocolErrorCodeEnum,
+> extends Error {
+    data: ProtocolErrorDataTypeMap[TErrorCode] | undefined;
+    code: TErrorCode | JSONRPCErrorCode;
+    jsonRpcMessageId: number;
+    constructor(
+        ...args: ProtocolErrorDataTypeMap[TErrorCode] extends Record<string, unknown>
+            ? [
+                  jsonRpcMessageId: number,
+                  code: TErrorCode | JSONRPCErrorCode,
+                  message: string,
+                  data: ProtocolErrorDataTypeMap[TErrorCode],
+              ]
+            : [jsonRpcMessageId: number, code: TErrorCode | JSONRPCErrorCode, message: string]
+    ) {
+        const [jsonRpcMessageId, code, message, data] = args;
+        super(message);
+        this.code = code;
+        this.data = data;
+        this.jsonRpcMessageId = jsonRpcMessageId;
+        this.name = 'SolanaMobileWalletAdapterProtocolError';
+    }
+}

package/src/generateAssociationKeypair.ts

@@ -0,0 +1,10 @@
+export default async function generateAssociationKeypair(): Promise<CryptoKeyPair> {
+    return await crypto.subtle.generateKey(
+        {
+            name: 'ECDSA',
+            namedCurve: 'P-256',
+        },
+        false /* extractable */,
+        ['sign'] /* keyUsages */,
+    );
+}

package/src/generateECDHKeypair.ts

@@ -0,0 +1,10 @@
+export default async function generateECDHKeypair(): Promise<CryptoKeyPair> {
+    return await crypto.subtle.generateKey(
+        {
+            name: 'ECDH',
+            namedCurve: 'P-256',
+        },
+        false /* extractable */,
+        ['deriveKey', 'deriveBits'] /* keyUsages */,
+    );
+}

package/src/getAssociateAndroidIntentURL.ts

@@ -0,0 +1,77 @@
+import arrayBufferToBase64String from './arrayBufferToBase64String.js';
+import { assertAssociationPort } from './associationPort.js';
+import { SolanaMobileWalletAdapterError, SolanaMobileWalletAdapterErrorCode } from './errors.js';
+import getStringWithURLUnsafeBase64CharactersReplaced from './getStringWithURLUnsafeBase64CharactersReplaced.js';
+import { ProtocolVersion } from './types.js';
+import { fromUint8Array } from './base64Utils.js';
+
+const INTENT_NAME = 'solana-wallet';
+
+function getPathParts(pathString: string) {
+    return (
+        pathString
+            // Strip leading and trailing slashes
+            .replace(/(^\/+|\/+$)/g, '')
+            // Return an array of directories
+            .split('/')
+    );
+}
+
+function getIntentURL(methodPathname: string, intentUrlBase?: string) {
+    let baseUrl: URL | null = null;
+    if (intentUrlBase) {
+        try {
+            baseUrl = new URL(intentUrlBase);
+        } catch {} // eslint-disable-line no-empty
+        if (baseUrl?.protocol !== 'https:') {
+            throw new SolanaMobileWalletAdapterError(
+                SolanaMobileWalletAdapterErrorCode.ERROR_FORBIDDEN_WALLET_BASE_URL,
+                'Base URLs supplied by wallets must be valid `https` URLs',
+            );
+        }
+    }
+    baseUrl ||= new URL(`${INTENT_NAME}:/`);
+    const pathname = methodPathname.startsWith('/')
+        ? // Method is an absolute path. Replace it wholesale.
+          methodPathname
+        : // Method is a relative path. Merge it with the existing one.
+          [...getPathParts(baseUrl.pathname), ...getPathParts(methodPathname)].join('/');
+    return new URL(pathname, baseUrl);
+}
+
+export default async function getAssociateAndroidIntentURL(
+    associationPublicKey: CryptoKey,
+    putativePort: number,
+    associationURLBase?: string,
+    protocolVersions: ProtocolVersion[] = ['v1'],
+): Promise<URL> {
+    const associationPort = assertAssociationPort(putativePort);
+    const exportedKey = await crypto.subtle.exportKey('raw', associationPublicKey);
+    const encodedKey = arrayBufferToBase64String(exportedKey);
+    const url = getIntentURL('v1/associate/local', associationURLBase);
+    url.searchParams.set('association', getStringWithURLUnsafeBase64CharactersReplaced(encodedKey));
+    url.searchParams.set('port', `${associationPort}`);
+    protocolVersions.forEach( (version) => {
+        url.searchParams.set('v', version);
+    })
+    return url;
+}
+
+export async function getRemoteAssociateAndroidIntentURL(
+    associationPublicKey: CryptoKey,
+    hostAuthority: string,
+    reflectorId: Uint8Array,
+    associationURLBase?: string,
+    protocolVersions: ProtocolVersion[] = ['v1'],
+): Promise<URL> {
+    const exportedKey = await crypto.subtle.exportKey('raw', associationPublicKey);
+    const encodedKey = arrayBufferToBase64String(exportedKey);
+    const url = getIntentURL('v1/associate/remote', associationURLBase);
+    url.searchParams.set('association', getStringWithURLUnsafeBase64CharactersReplaced(encodedKey));
+    url.searchParams.set('reflector', `${hostAuthority}`);
+    url.searchParams.set('id', `${fromUint8Array(reflectorId, true)}`);
+    protocolVersions.forEach( (version) => {
+        url.searchParams.set('v', version);
+    })
+    return url;
+}

package/src/getJWS.ts

@@ -0,0 +1,19 @@
+import arrayBufferToBase64String from './arrayBufferToBase64String.js';
+
+export default async function getJWS(payload: string, privateKey: CryptoKey) {
+    const header = { alg: 'ES256' };
+    const headerEncoded = window.btoa(JSON.stringify(header));
+    const payloadEncoded = window.btoa(payload);
+    const message = `${headerEncoded}.${payloadEncoded}`;
+    const signatureBuffer = await crypto.subtle.sign(
+        {
+            name: 'ECDSA',
+            hash: 'SHA-256',
+        },
+        privateKey,
+        new TextEncoder().encode(message),
+    );
+    const signature = arrayBufferToBase64String(signatureBuffer);
+    const jws = `${message}.${signature}`;
+    return jws;
+}

package/src/getStringWithURLUnsafeBase64CharactersReplaced.ts

@@ -0,0 +1,11 @@
+export default function getStringWithURLUnsafeCharactersReplaced(unsafeBase64EncodedString: string): string {
+    return unsafeBase64EncodedString.replace(
+        /[/+=]/g,
+        (m) =>
+            ({
+                '/': '_',
+                '+': '-',
+                '=': '.',
+            }[m] as string),
+    );
+}

package/src/index.ts

@@ -0,0 +1,3 @@
+export * from './errors.js';
+export * from './transact.js';
+export * from './types.js';

package/src/jsonRpcMessage.ts

@@ -0,0 +1,38 @@
+import { decryptMessage, encryptMessage } from './encryptedMessage.js';
+import { SolanaMobileWalletAdapterProtocolError } from './errors.js';
+import { SharedSecret } from './parseHelloRsp.js';
+
+interface JSONRPCRequest<TParams> {
+    id: number;
+    jsonrpc: '2.0';
+    method: string;
+    params: TParams;
+}
+
+type JSONRPCResponse<TMessage> = {
+    id: number;
+    jsonrpc: '2.0';
+    result: TMessage;
+};
+
+export async function encryptJsonRpcMessage<TParams>(
+    jsonRpcMessage: JSONRPCRequest<TParams>,
+    sharedSecret: SharedSecret,
+) {
+    const plaintext = JSON.stringify(jsonRpcMessage);
+    const sequenceNumber = jsonRpcMessage.id;
+    return encryptMessage(plaintext, sequenceNumber, sharedSecret);
+}
+
+export async function decryptJsonRpcMessage<TMessage>(message: ArrayBuffer, sharedSecret: SharedSecret) {
+    const plaintext = await decryptMessage(message, sharedSecret);
+    const jsonRpcMessage = JSON.parse(plaintext);
+    if (Object.hasOwnProperty.call(jsonRpcMessage, 'error')) {
+        throw new SolanaMobileWalletAdapterProtocolError<typeof jsonRpcMessage.error.code>(
+            jsonRpcMessage.id,
+            jsonRpcMessage.error.code,
+            jsonRpcMessage.error.message,
+        );
+    }
+    return jsonRpcMessage as JSONRPCResponse<TMessage>;
+}

package/src/parseHelloRsp.ts

@@ -0,0 +1,46 @@
+import { ENCODED_PUBLIC_KEY_LENGTH_BYTES } from "./encryptedMessage";
+
+/**
+ * A secret agreed upon by the app and the wallet. Used as
+ * a symmetric key to encrypt and decrypt messages over an
+ * unsecured channel.
+ */
+export type SharedSecret = CryptoKey;
+
+export default async function parseHelloRsp(
+    payloadBuffer: ArrayBuffer, // The X9.62-encoded wallet endpoint ephemeral ECDH public keypoint.
+    associationPublicKey: CryptoKey,
+    ecdhPrivateKey: CryptoKey,
+): Promise<SharedSecret> {
+    const [associationPublicKeyBuffer, walletPublicKey] = await Promise.all([
+        crypto.subtle.exportKey('raw', associationPublicKey),
+        crypto.subtle.importKey(
+            'raw',
+            payloadBuffer.slice(0, ENCODED_PUBLIC_KEY_LENGTH_BYTES),
+            { name: 'ECDH', namedCurve: 'P-256' },
+            false /* extractable */,
+            [] /* keyUsages */,
+        ),
+    ]);
+    const sharedSecret = await crypto.subtle.deriveBits({ name: 'ECDH', public: walletPublicKey }, ecdhPrivateKey, 256);
+    const ecdhSecretKey = await crypto.subtle.importKey(
+        'raw',
+        sharedSecret,
+        'HKDF',
+        false /* extractable */,
+        ['deriveKey'] /* keyUsages */,
+    );
+    const aesKeyMaterialVal = await crypto.subtle.deriveKey(
+        {
+            name: 'HKDF',
+            hash: 'SHA-256',
+            salt: new Uint8Array(associationPublicKeyBuffer),
+            info: new Uint8Array(),
+        },
+        ecdhSecretKey,
+        { name: 'AES-GCM', length: 128 },
+        false /* extractable */,
+        ['encrypt', 'decrypt'],
+    );
+    return aesKeyMaterialVal as SharedSecret;
+}

package/src/parseSessionProps.ts

@@ -0,0 +1,33 @@
+import { decryptMessage } from "./encryptedMessage";
+import { SolanaMobileWalletAdapterError, SolanaMobileWalletAdapterErrorCode } from "./errors";
+import { SharedSecret } from "./parseHelloRsp";
+import { ProtocolVersion, SessionProperties } from "./types";
+
+export default async function parseSessionProps(
+    message: ArrayBuffer, 
+    sharedSecret: SharedSecret
+): Promise<SessionProperties> {
+    const plaintext = await decryptMessage(message, sharedSecret);
+    const jsonProperties = JSON.parse(plaintext);
+    let protocolVersion: ProtocolVersion = 'legacy';
+    if (Object.hasOwnProperty.call(jsonProperties, 'v')) {
+        switch (jsonProperties.v) {
+            case 1:
+            case '1':
+            case 'v1':
+                protocolVersion = 'v1'
+                break;
+            case 'legacy':
+                protocolVersion = 'legacy'
+                break;
+            default:
+                throw new SolanaMobileWalletAdapterError(
+                    SolanaMobileWalletAdapterErrorCode.ERROR_INVALID_PROTOCOL_VERSION, 
+                    `Unknown/unsupported protocol version: ${jsonProperties.v}`
+                );
+        }
+    }
+    return <SessionProperties>({
+        protocol_version: protocolVersion
+    })
+}

package/src/reflectorId.ts

@@ -0,0 +1,31 @@
+import { SolanaMobileWalletAdapterError, SolanaMobileWalletAdapterErrorCode } from './errors.js';
+
+declare const tag: unique symbol;
+export type ReflectorId = number & { readonly [tag]: 'ReflectorId' };
+
+export function getRandomReflectorId(): ReflectorId {
+    return assertReflectorId(getRandomInt(0, 9007199254740991)); // 0 < id < 2^53 - 1
+}
+
+function getRandomInt(min: number, max: number) {
+    const randomBuffer = new Uint32Array(1);
+
+    window.crypto.getRandomValues(randomBuffer);
+
+    let randomNumber = randomBuffer[0] / (0xffffffff + 1);
+
+    min = Math.ceil(min);
+    max = Math.floor(max);
+    return Math.floor(randomNumber * (max - min + 1)) + min;
+}
+
+export function assertReflectorId(id: number): ReflectorId {
+    if (id < 0 || id > 9007199254740991) { // 0 < id < 2^53 - 1
+        throw new SolanaMobileWalletAdapterError(
+            SolanaMobileWalletAdapterErrorCode.ERROR_REFLECTOR_ID_OUT_OF_RANGE,
+            `Association port number must be between 49152 and 65535. ${id} given.`,
+            { id },
+        );
+    }
+    return id as ReflectorId;
+}

package/src/startSession.ts

@@ -0,0 +1,98 @@
+import { AssociationPort, getRandomAssociationPort } from './associationPort.js';
+import { SolanaMobileWalletAdapterError, SolanaMobileWalletAdapterErrorCode } from './errors.js';
+import getAssociateAndroidIntentURL from './getAssociateAndroidIntentURL.js';
+
+// Typescript `enums` thwart tree-shaking. See https://bargsten.org/jsts/enums/
+const Browser = {
+    Firefox: 0,
+    Other: 1,
+} as const;
+type BrowserEnum = typeof Browser[keyof typeof Browser];
+
+function assertUnreachable(x: never): never {
+    return x;
+}
+
+function getBrowser(): BrowserEnum {
+    return navigator.userAgent.indexOf('Firefox/') !== -1 ? Browser.Firefox : Browser.Other;
+}
+
+function getDetectionPromise() {
+    // Chrome and others silently fail if a custom protocol is not supported.
+    // For these, we wait to see if the browser is navigated away from in
+    // a reasonable amount of time (ie. the native wallet opened).
+    return new Promise<void>((resolve, reject) => {
+        function cleanup() {
+            clearTimeout(timeoutId);
+            window.removeEventListener('blur', handleBlur);
+        }
+        function handleBlur() {
+            cleanup();
+            resolve();
+        }
+        window.addEventListener('blur', handleBlur);
+        const timeoutId = setTimeout(() => {
+            cleanup();
+            reject();
+        }, 3000);
+    });
+}
+
+let _frame: HTMLIFrameElement | null = null;
+function launchUrlThroughHiddenFrame(url: URL) {
+    if (_frame == null) {
+        _frame = document.createElement('iframe');
+        _frame.style.display = 'none';
+        document.body.appendChild(_frame);
+    }
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+    _frame.contentWindow!.location.href = url.toString();
+}
+
+async function launchAssociation(associationUrl: URL) {
+    if (associationUrl.protocol === 'https:') {
+        // The association URL is an Android 'App Link' or iOS 'Universal Link'.
+        // These are regular web URLs that are designed to launch an app if it
+        // is installed or load the actual target webpage if not.
+        window.location.assign(associationUrl);
+    } else {
+        // The association URL has a custom protocol (eg. `solana-wallet:`)
+        try {
+            const browser = getBrowser();
+            switch (browser) {
+                case Browser.Firefox:
+                    // If a custom protocol is not supported in Firefox, it throws.
+                    launchUrlThroughHiddenFrame(associationUrl);
+                    // If we reached this line, it's supported.
+                    break;
+                case Browser.Other: {
+                    const detectionPromise = getDetectionPromise();
+                    window.location.assign(associationUrl);
+                    await detectionPromise;
+                    break;
+                }
+                default:
+                    assertUnreachable(browser);
+            }
+        } catch (e) {
+            throw new SolanaMobileWalletAdapterError(
+                SolanaMobileWalletAdapterErrorCode.ERROR_WALLET_NOT_FOUND,
+                'Found no installed wallet that supports the mobile wallet protocol.',
+            );
+        }
+    }
+}
+
+export async function startSession(
+    associationPublicKey: CryptoKey,
+    associationURLBase?: string,
+): Promise<AssociationPort> {
+    const randomAssociationPort = getRandomAssociationPort();
+    const associationUrl = await getAssociateAndroidIntentURL(
+        associationPublicKey,
+        randomAssociationPort,
+        associationURLBase,
+    );
+    await launchAssociation(associationUrl);
+    return randomAssociationPort;
+}