@succinctlabs/react-native-zcam1 0.4.0-alpha.5 → 0.4.0

package/src/capture.tsx

@@ -62,10 +62,15 @@ export type {
  * Device registration information including keys, certificate chain, and attestation.
  */
 export type CaptureInfo = {
+  /** Application identifier. On iOS, formatted as `<TEAM_ID>.<BUNDLE_ID>` (e.g. `NLS5R4YCGX.com.example.myapp`). On Android, the app's package name (e.g. `com.example.myapp`). */
   appId: string;
+  /** Unique identifier for the device key. */
   deviceKeyId: string;
+  /** EC public key used to sign captured content. */
   contentPublicKey: ECKey;
+  /** Identifier for the content key. */
   contentKeyId: Uint8Array;
+  /** Device attestation blob. */
   attestation: string;
 };
 
@@ -73,7 +78,9 @@ export type CaptureInfo = {
  * Configuration settings for device initialization and backend communication.
  */
 export type Settings = {
-  appId: string;
+  /** iOS only. The app identifier, formatted as `<TEAM_ID>.<BUNDLE_ID>` (e.g. `NLS5R4YCGX.com.example.myapp`). Required on iOS — omitting it will throw. Ignored on Android, where the package name is derived automatically from the app bundle. */
+  appId?: string;
+  /** Whether to use the production backend. */
   production: boolean;
 };
 
@@ -96,11 +103,11 @@ export class ZPhoto {
  * @returns Device information including keys, certificate chain, and attestation
  */
 export async function initCapture(settings: Settings): Promise<CaptureInfo> {
-  const contentPublicKey = await getContentPublicKey();
   const isSimulator = await isEmulator();
-
-  // On Android, the appId is the package name.
-  const appId = Platform.OS == "android" ? getBundleId() : settings.appId;
+  const appId = getAppId(settings);
+  const deviceKeyId = await getAndPersistDeviceKeyId(appId, isSimulator);
+  const attestation = await getAndPersistAttestation(deviceKeyId, isSimulator);
+  const contentPublicKey = await getContentPublicKey();
 
   if (contentPublicKey.kty !== "EC") {
     throw new Error("Only EC public keys are supported");
@@ -108,74 +115,69 @@ export async function initCapture(settings: Settings): Promise<CaptureInfo> {
 
   const contentKeyId = getSecureEnclaveKeyId(contentPublicKey);
 
-  let deviceKeyId = await EncryptedStorage.getItem(`deviceKeyId-${settings.appId}`);
-  let attestation = deviceKeyId
-    ? await EncryptedStorage.getItem(`attestation-${deviceKeyId}`)
-    : null;
-
-  if (deviceKeyId == null || attestation == null) {
-    switch (Platform.OS) {
-      case "android":
-        // On Android, getAttestation() creates the key AND returns the attestation
-        // certificate chain in a single call. generateHardwareKey() is iOS-only.
-        deviceKeyId = `ZCAM1_ANDROID_DEVICE_${appId}`;
-
-        if (isSimulator) {
-          // Emulator or device without Play Integrity support — use mock attestation.
-          console.warn(
-            "[ZCAM] Play Integrity not available - using mock attestation. This is for development only.",
-          );
-          attestation = `SIMULATOR_MOCK_${deviceKeyId}_${Date.now()}`;
-        } else {
-          attestation = await getAttestation(deviceKeyId, deviceKeyId);
-        }
-        break;
-
-      case "ios":
-      case "macos":
-        // iOS: generate key first, then attest separately
-        if (deviceKeyId == null) {
-          if (isSimulator) {
-            console.warn(
-              "[ZCAM] Running in simulator - using mock device key. This is for development only.",
-            );
-            deviceKeyId = `SIMULATOR_DEVICE_KEY_${Date.now()}`;
-          } else {
-            deviceKeyId = await generateHardwareKey();
-          }
-        }
-        attestation = await updateRegistration(deviceKeyId!, settings);
-        break;
-
-      default:
-        throw new Error(`initCapture: ${Platform.OS} not supported`);
-    }
-
-    await EncryptedStorage.setItem(`deviceKeyId-${settings.appId}`, deviceKeyId!);
-    await EncryptedStorage.setItem(`attestation-${deviceKeyId}`, attestation!);
-  }
-
-  if (deviceKeyId == null) {
-    throw new Error("Failed to generate a device key");
-  }
-
   return {
-    appId,
+    appId: appId!,
     deviceKeyId,
     contentPublicKey,
     contentKeyId,
-    attestation: attestation!,
+    attestation,
   };
 }
 
-/**
- * Updates device registration by performing attestation with the backend.
- * @param keyId - The hardware key identifier
- * @param settings - Configuration settings for registration
- * @returns Attestation data and challenge
- */
-export async function updateRegistration(keyId: string, _settings: Settings): Promise<string> {
-  const isSimulator = await isEmulator();
+function getAppId(settings: Settings): string {
+  switch (Platform.OS) {
+    case "android":
+      return getBundleId();
+
+    case "ios":
+    case "macos":
+      if (settings.appId === undefined) {
+        throw new Error("The appId is required on iOS");
+      }
+      return settings.appId;
+
+    default:
+      throw new Error(`getAppId: ${Platform.OS} not supported`);
+  }
+}
+
+async function getAndPersistDeviceKeyId(appId: string, isSimulator: boolean): Promise<string> {
+  let deviceKeyId = await EncryptedStorage.getItem(`deviceKeyId-${appId}`);
+
+  if (deviceKeyId) return deviceKeyId;
+
+  if (isSimulator) {
+    console.warn(
+      "[ZCAM] Running in simulator - using mock device key. This is for development only.",
+    );
+    return `SIMULATOR_DEVICE_KEY_${Date.now()}`;
+  }
+
+  switch (Platform.OS) {
+    case "android":
+      // On Android, getAttestation() creates the key AND returns the attestation
+      // certificate chain in a single call. generateHardwareKey() is iOS-only.
+      deviceKeyId = `ZCAM1_ANDROID_DEVICE_${appId}`;
+      break;
+
+    case "ios":
+    case "macos":
+      deviceKeyId = await generateHardwareKey();
+      break;
+
+    default:
+      throw new Error(`getDeviceKeyId: ${Platform.OS} not supported`);
+  }
+
+  await EncryptedStorage.setItem(`deviceKeyId-${appId}`, deviceKeyId);
+
+  return deviceKeyId;
+}
+
+async function getAndPersistAttestation(keyId: string, isSimulator: boolean): Promise<string> {
+  let attestation = await EncryptedStorage.getItem(`attestation-${keyId}`);
+
+  if (attestation) return attestation;
 
   if (isSimulator) {
     console.warn(
@@ -184,12 +186,24 @@ export async function updateRegistration(keyId: string, _settings: Settings): Pr
     return `SIMULATOR_MOCK_${keyId}_${Date.now()}`;
   }
 
-  const attestation = await getAttestation(keyId, keyId);
+  attestation = await getAttestation(keyId, keyId);
+
   await EncryptedStorage.setItem(`attestation-${keyId}`, attestation);
 
   return attestation;
 }
 
+/**
+ * Updates device registration by performing attestation with the backend.
+ * @param keyId - The hardware key identifier
+ * @returns Attestation data and challenge
+ */
+export async function updateRegistration(keyId: string, isSimulator: boolean): Promise<string> {
+  await EncryptedStorage.removeItem(`attestation-${keyId}`);
+
+  return getAndPersistAttestation(keyId, isSimulator);
+}
+
 /**
  * Requests camera (and microphone) permissions on Android.
  * No-op on iOS — the system prompts automatically when the camera is accessed.

package/src/generated/zcam1_verify_utils.ts

@@ -136,7 +136,10 @@ export enum VerifyError_Tags {
   Base64 = "Base64",
   Io = "Io",
   Groth16 = "Groth16",
+  BindingsNotFound = "BindingsNotFound",
   ProofNotFound = "ProofNotFound",
+  MetadataNotFound = "MetadataNotFound",
+  SimulatorNotAllowed = "SimulatorNotAllowed",
   PlatformNotSupported = "PlatformNotSupported",
 }
 export const VerifyError = (() => {
@@ -272,7 +275,7 @@ export const VerifyError = (() => {
       return instanceOf(e) && (e as any)[variantOrdinalSymbol] === 6;
     }
   }
-  class ProofNotFound extends UniffiError {
+  class BindingsNotFound extends UniffiError {
     /**
      * @private
      * This field is private and should not be used.
@@ -284,6 +287,28 @@ export const VerifyError = (() => {
      */
     readonly [variantOrdinalSymbol] = 7;
 
+    readonly tag = VerifyError_Tags.BindingsNotFound;
+
+    constructor(message: string) {
+      super("VerifyError", "BindingsNotFound", message);
+    }
+
+    static instanceOf(e: any): e is BindingsNotFound {
+      return instanceOf(e) && (e as any)[variantOrdinalSymbol] === 7;
+    }
+  }
+  class ProofNotFound extends UniffiError {
+    /**
+     * @private
+     * This field is private and should not be used.
+     */
+    readonly [uniffiTypeNameSymbol]: string = "VerifyError";
+    /**
+     * @private
+     * This field is private and should not be used.
+     */
+    readonly [variantOrdinalSymbol] = 8;
+
     readonly tag = VerifyError_Tags.ProofNotFound;
 
     constructor(message: string) {
@@ -291,7 +316,51 @@ export const VerifyError = (() => {
     }
 
     static instanceOf(e: any): e is ProofNotFound {
-      return instanceOf(e) && (e as any)[variantOrdinalSymbol] === 7;
+      return instanceOf(e) && (e as any)[variantOrdinalSymbol] === 8;
+    }
+  }
+  class MetadataNotFound extends UniffiError {
+    /**
+     * @private
+     * This field is private and should not be used.
+     */
+    readonly [uniffiTypeNameSymbol]: string = "VerifyError";
+    /**
+     * @private
+     * This field is private and should not be used.
+     */
+    readonly [variantOrdinalSymbol] = 9;
+
+    readonly tag = VerifyError_Tags.MetadataNotFound;
+
+    constructor(message: string) {
+      super("VerifyError", "MetadataNotFound", message);
+    }
+
+    static instanceOf(e: any): e is MetadataNotFound {
+      return instanceOf(e) && (e as any)[variantOrdinalSymbol] === 9;
+    }
+  }
+  class SimulatorNotAllowed extends UniffiError {
+    /**
+     * @private
+     * This field is private and should not be used.
+     */
+    readonly [uniffiTypeNameSymbol]: string = "VerifyError";
+    /**
+     * @private
+     * This field is private and should not be used.
+     */
+    readonly [variantOrdinalSymbol] = 10;
+
+    readonly tag = VerifyError_Tags.SimulatorNotAllowed;
+
+    constructor(message: string) {
+      super("VerifyError", "SimulatorNotAllowed", message);
+    }
+
+    static instanceOf(e: any): e is SimulatorNotAllowed {
+      return instanceOf(e) && (e as any)[variantOrdinalSymbol] === 10;
     }
   }
   class PlatformNotSupported extends UniffiError {
@@ -304,7 +373,7 @@ export const VerifyError = (() => {
      * @private
      * This field is private and should not be used.
      */
-    readonly [variantOrdinalSymbol] = 8;
+    readonly [variantOrdinalSymbol] = 11;
 
     readonly tag = VerifyError_Tags.PlatformNotSupported;
 
@@ -313,7 +382,7 @@ export const VerifyError = (() => {
     }
 
     static instanceOf(e: any): e is PlatformNotSupported {
-      return instanceOf(e) && (e as any)[variantOrdinalSymbol] === 8;
+      return instanceOf(e) && (e as any)[variantOrdinalSymbol] === 11;
     }
   }
 
@@ -328,7 +397,10 @@ export const VerifyError = (() => {
     Base64,
     Io,
     Groth16,
+    BindingsNotFound,
     ProofNotFound,
+    MetadataNotFound,
+    SimulatorNotAllowed,
     PlatformNotSupported,
     instanceOf,
   };
@@ -365,9 +437,18 @@ const FfiConverterTypeVerifyError = (() => {
           return new VerifyError.Groth16(FfiConverterString.read(from));
 
         case 7:
-          return new VerifyError.ProofNotFound(FfiConverterString.read(from));
+          return new VerifyError.BindingsNotFound(FfiConverterString.read(from));
 
         case 8:
+          return new VerifyError.ProofNotFound(FfiConverterString.read(from));
+
+        case 9:
+          return new VerifyError.MetadataNotFound(FfiConverterString.read(from));
+
+        case 10:
+          return new VerifyError.SimulatorNotAllowed(FfiConverterString.read(from));
+
+        case 11:
           return new VerifyError.PlatformNotSupported(FfiConverterString.read(from));
 
         default:

package/src/index.ts

@@ -39,6 +39,7 @@ export type {
   CaptureFormat,
   FilmStyleEffect,
   FilmStyleRecipe,
+  HardwareShutterAction,
   HighlightShadowConfig,
   MonochromeConfig,
   TakePhotoOptions,
@@ -47,7 +48,13 @@ export type {
 } from "./camera";
 export { ZCamera } from "./camera";
 export type { CaptureInfo, DeviceOrientation } from "./capture";
-export { initCapture, previewFile, requestCameraPermission, requestLocationPermission, updateRegistration } from "./capture";
+export {
+  initCapture,
+  previewFile,
+  requestCameraPermission,
+  requestLocationPermission,
+  updateRegistration,
+} from "./capture";
 
 /**
  * Core cryptographic key types and secure enclave utilities.

package/src/picker.tsx

@@ -1,7 +1,7 @@
 import { CameraRoll } from "@react-native-camera-roll/camera-roll";
 import { FlashList, useRecyclingState } from "@shopify/flash-list";
 import { useCallback, useEffect, useMemo, useState } from "react";
-import { Dimensions, Image, StyleSheet, TouchableOpacity, View } from "react-native";
+import { Dimensions, Image, Platform, StyleSheet, TouchableOpacity, View } from "react-native";
 import { createThumbnail } from "react-native-create-thumbnail";
 import { Dirs, FileSystem, Util } from "react-native-file-access";
 
@@ -141,8 +141,9 @@ const ZImageItem = ({
       const ext = Util.extname(uri)?.toLowerCase();
 
       if (ext === "mov" || ext === "mp4") {
+        const url = Platform.OS == "android" ? uri : stripFileProtocol(uri);
         const thumbnail = await createThumbnail({
-          url: stripFileProtocol(uri),
+          url,
         });
         setThumbnail(thumbnail.path);
       }

package/src/verify.tsx

@@ -57,6 +57,7 @@ export class VerifiableFile {
 
   /**
    * Verifies the cryptographic proof embedded in the C2PA manifest.
+   * @param appId - The app identifier used during capture. On iOS: `TEAM_ID.BUNDLE_ID` (e.g. `NLS5R4YCGX.com.example.myapp`). On Android: the package name (e.g. `com.example.myapp`).
    * @returns True if the proof is valid, false otherwise
    */
   verifyProof(appId: string): boolean {