@voxepay/checkout 0.3.2 → 0.3.4

package/src/utils/encryption.ts

@@ -0,0 +1,496 @@
+/**
+ * Pure JavaScript RSA Encryption for card data
+ * No Node.js crypto dependency — works directly in the browser
+ */
+
+// ============ BigInteger Implementation (minimal, for RSA) ============
+
+class BigInt {
+    private digits: number[];
+    private negative: boolean;
+
+    constructor(value?: string | number[], radix?: number) {
+        this.digits = [];
+        this.negative = false;
+
+        if (typeof value === 'string') {
+            this.fromString(value, radix || 10);
+        } else if (Array.isArray(value)) {
+            this.digits = value;
+        }
+    }
+
+    private fromString(s: string, radix: number): void {
+        if (s.length === 0) return;
+
+        let start = 0;
+        if (s[0] === '-') {
+            this.negative = true;
+            start = 1;
+        }
+
+        if (radix === 16) {
+            // Parse hex string
+            for (let i = s.length; i > start; i -= 7) {
+                const from = Math.max(start, i - 7);
+                this.digits.push(parseInt(s.substring(from, i), 16));
+            }
+        } else {
+            // Parse decimal
+            for (let i = s.length; i > start; i -= 7) {
+                const from = Math.max(start, i - 7);
+                this.digits.push(parseInt(s.substring(from, i), 10));
+            }
+        }
+        this.trim();
+    }
+
+    private trim(): void {
+        while (this.digits.length > 0 && this.digits[this.digits.length - 1] === 0) {
+            this.digits.pop();
+        }
+    }
+
+    isZero(): boolean {
+        return this.digits.length === 0;
+    }
+}
+
+// ============ Minimal forge-compatible RSA using raw math ============
+
+/**
+ * Convert a string to its hex representation
+ */
+const toHex = (str: string): string => {
+    let hex = '';
+    for (let i = 0; i < str.length; i++) {
+        hex += str.charCodeAt(i).toString(16).padStart(2, '0');
+    }
+    return hex;
+};
+
+/**
+ * Convert hex string to byte array
+ */
+const hexToBytes = (hex: string): number[] => {
+    const bytes: number[] = [];
+    for (let i = 0; i < hex.length; i += 2) {
+        bytes.push(parseInt(hex.substring(i, i + 2), 16));
+    }
+    return bytes;
+};
+
+/**
+ * Convert byte array to base64 string
+ */
+const bytesToBase64 = (bytes: number[]): string => {
+    if (typeof btoa !== 'undefined') {
+        // Browser
+        return btoa(String.fromCharCode(...bytes));
+    }
+    // Node.js fallback
+    return Buffer.from(bytes).toString('base64');
+};
+
+// ============ BigInteger arithmetic for RSA ============
+
+/**
+ * Arbitrary precision integer using base-2^26 representation
+ */
+class RSABigInt {
+    static BASE = 0x4000000;  // 2^26
+    static BITS = 26;
+
+    data: number[];
+    sign: number;
+
+    constructor() {
+        this.data = [];
+        this.sign = 0;
+    }
+
+    static fromHex(hex: string): RSABigInt {
+        const n = new RSABigInt();
+        if (hex.length === 0) return n;
+
+        n.sign = 1;
+        // Process hex string from right to left, 26 bits at a time
+        // 26 bits ≈ 6.5 hex chars, so we'll use 6 hex chars (24 bits) per digit
+        // and handle the alignment
+        let bitPos = 0;
+        let current = 0;
+
+        for (let i = hex.length - 1; i >= 0; i--) {
+            const nibble = parseInt(hex[i], 16);
+            current |= nibble << bitPos;
+            bitPos += 4;
+            if (bitPos >= RSABigInt.BITS) {
+                n.data.push(current & (RSABigInt.BASE - 1));
+                current = current >>> RSABigInt.BITS;
+                bitPos -= RSABigInt.BITS;
+            }
+        }
+        if (current > 0 || bitPos > 0) {
+            n.data.push(current);
+        }
+
+        n.trim();
+        return n;
+    }
+
+    static fromBytes(bytes: number[]): RSABigInt {
+        const hex = bytes.map(b => b.toString(16).padStart(2, '0')).join('');
+        return RSABigInt.fromHex(hex);
+    }
+
+    trim(): void {
+        while (this.data.length > 0 && this.data[this.data.length - 1] === 0) {
+            this.data.pop();
+        }
+        if (this.data.length === 0) this.sign = 0;
+    }
+
+    isZero(): boolean {
+        return this.data.length === 0;
+    }
+
+    bitLength(): number {
+        if (this.data.length === 0) return 0;
+        const topWord = this.data[this.data.length - 1];
+        let bits = (this.data.length - 1) * RSABigInt.BITS;
+        let w = topWord;
+        while (w > 0) {
+            bits++;
+            w >>>= 1;
+        }
+        return bits;
+    }
+
+    toBytes(length?: number): number[] {
+        // Convert to hex then to bytes
+        let hex = '';
+        for (let i = this.data.length - 1; i >= 0; i--) {
+            const h = this.data[i].toString(16);
+            if (i === this.data.length - 1) {
+                hex += h;
+            } else {
+                // Pad to full digit width (26 bits ≈ 7 hex chars, but only 6 guaranteed)
+                const padLen = Math.ceil(RSABigInt.BITS / 4);
+                hex += h.padStart(padLen, '0');
+            }
+        }
+        // Ensure even length
+        if (hex.length % 2 !== 0) hex = '0' + hex;
+
+        const bytes = hexToBytes(hex);
+
+        if (length && bytes.length < length) {
+            // Pad with leading zeros
+            const padded = new Array(length - bytes.length).fill(0);
+            return padded.concat(bytes);
+        }
+        return bytes;
+    }
+
+    clone(): RSABigInt {
+        const r = new RSABigInt();
+        r.data = this.data.slice();
+        r.sign = this.sign;
+        return r;
+    }
+
+    /**
+     * Compare absolute values: returns -1, 0, or 1
+     */
+    compareAbs(other: RSABigInt): number {
+        if (this.data.length !== other.data.length) {
+            return this.data.length > other.data.length ? 1 : -1;
+        }
+        for (let i = this.data.length - 1; i >= 0; i--) {
+            if (this.data[i] !== other.data[i]) {
+                return this.data[i] > other.data[i] ? 1 : -1;
+            }
+        }
+        return 0;
+    }
+
+    /**
+     * Multiply two RSABigInts
+     */
+    multiply(other: RSABigInt): RSABigInt {
+        if (this.isZero() || other.isZero()) return new RSABigInt();
+
+        const result = new RSABigInt();
+        result.data = new Array(this.data.length + other.data.length).fill(0);
+        result.sign = 1;
+
+        for (let i = 0; i < this.data.length; i++) {
+            let carry = 0;
+            for (let j = 0; j < other.data.length; j++) {
+                const prod = this.data[i] * other.data[j] + result.data[i + j] + carry;
+                result.data[i + j] = prod & (RSABigInt.BASE - 1);
+                carry = Math.floor(prod / RSABigInt.BASE);
+            }
+            if (carry > 0) {
+                result.data[i + other.data.length] += carry;
+            }
+        }
+
+        result.trim();
+        return result;
+    }
+
+    /**
+     * Modular exponentiation: this^exp mod m
+     * Uses square-and-multiply method
+     */
+    modPow(exp: RSABigInt, mod: RSABigInt): RSABigInt {
+        if (mod.isZero()) throw new Error('Division by zero');
+
+        let result = RSABigInt.fromHex('1');
+        let base = this.mod(mod);
+        const expBits = exp.bitLength();
+
+        for (let i = 0; i < expBits; i++) {
+            const wordIdx = Math.floor(i / RSABigInt.BITS);
+            const bitIdx = i % RSABigInt.BITS;
+
+            if (wordIdx < exp.data.length && (exp.data[wordIdx] & (1 << bitIdx)) !== 0) {
+                result = result.multiply(base).mod(mod);
+            }
+            base = base.multiply(base).mod(mod);
+        }
+
+        return result;
+    }
+
+    /**
+     * this mod m (positive remainder)
+     */
+    mod(m: RSABigInt): RSABigInt {
+        const result = this.divmod(m);
+        return result.remainder;
+    }
+
+    /**
+     * Division with remainder
+     */
+    divmod(divisor: RSABigInt): { quotient: RSABigInt; remainder: RSABigInt } {
+        if (divisor.isZero()) throw new Error('Division by zero');
+        if (this.isZero()) return { quotient: new RSABigInt(), remainder: new RSABigInt() };
+
+        const cmp = this.compareAbs(divisor);
+        if (cmp < 0) return { quotient: new RSABigInt(), remainder: this.clone() };
+        if (cmp === 0) {
+            const one = RSABigInt.fromHex('1');
+            return { quotient: one, remainder: new RSABigInt() };
+        }
+
+        // Binary long division
+        const quotient = new RSABigInt();
+        quotient.data = new Array(this.data.length).fill(0);
+        quotient.sign = 1;
+
+        let remainder = new RSABigInt();
+
+        const totalBits = this.bitLength();
+
+        for (let i = totalBits - 1; i >= 0; i--) {
+            // Shift remainder left by 1 bit
+            remainder = remainder.shiftLeft(1);
+
+            // Set lowest bit of remainder to bit i of this
+            const wordIdx = Math.floor(i / RSABigInt.BITS);
+            const bitIdx = i % RSABigInt.BITS;
+            if (wordIdx < this.data.length && (this.data[wordIdx] & (1 << bitIdx)) !== 0) {
+                if (remainder.data.length === 0) remainder.data.push(0);
+                remainder.data[0] |= 1;
+                remainder.sign = 1;
+            }
+
+            // If remainder >= divisor, subtract
+            if (remainder.compareAbs(divisor) >= 0) {
+                remainder = remainder.subtract(divisor);
+                const qWordIdx = Math.floor(i / RSABigInt.BITS);
+                const qBitIdx = i % RSABigInt.BITS;
+                while (quotient.data.length <= qWordIdx) quotient.data.push(0);
+                quotient.data[qWordIdx] |= (1 << qBitIdx);
+            }
+        }
+
+        quotient.trim();
+        remainder.trim();
+        return { quotient, remainder };
+    }
+
+    /**
+     * Shift left by n bits
+     */
+    shiftLeft(n: number): RSABigInt {
+        if (this.isZero() || n === 0) return this.clone();
+
+        const wordShift = Math.floor(n / RSABigInt.BITS);
+        const bitShift = n % RSABigInt.BITS;
+
+        const result = new RSABigInt();
+        result.sign = this.sign;
+        result.data = new Array(this.data.length + wordShift + 1).fill(0);
+
+        for (let i = 0; i < this.data.length; i++) {
+            result.data[i + wordShift] |= (this.data[i] << bitShift) & (RSABigInt.BASE - 1);
+            if (bitShift > 0) {
+                result.data[i + wordShift + 1] |= this.data[i] >>> (RSABigInt.BITS - bitShift);
+            }
+        }
+
+        result.trim();
+        return result;
+    }
+
+    /**
+     * Subtract (absolute values, assumes this >= other)
+     */
+    subtract(other: RSABigInt): RSABigInt {
+        const result = new RSABigInt();
+        result.sign = 1;
+        result.data = new Array(Math.max(this.data.length, other.data.length)).fill(0);
+
+        let borrow = 0;
+        for (let i = 0; i < result.data.length; i++) {
+            let diff = (this.data[i] || 0) - (other.data[i] || 0) - borrow;
+            if (diff < 0) {
+                diff += RSABigInt.BASE;
+                borrow = 1;
+            } else {
+                borrow = 0;
+            }
+            result.data[i] = diff;
+        }
+
+        result.trim();
+        return result;
+    }
+}
+
+// ============ PKCS#1 v1.5 Padding ============
+
+/**
+ * Apply PKCS#1 v1.5 type 2 padding for encryption
+ */
+const pkcs1Pad = (data: number[], keyByteLen: number): number[] => {
+    if (data.length > keyByteLen - 11) {
+        throw new Error('Message too long for RSA encryption');
+    }
+
+    const padLen = keyByteLen - data.length - 3;
+    const padded = new Array(keyByteLen);
+    padded[0] = 0x00;
+    padded[1] = 0x02;
+
+    // Fill with random non-zero bytes
+    for (let i = 0; i < padLen; i++) {
+        // Use crypto.getRandomValues if available, otherwise Math.random
+        let r = 0;
+        if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
+            const arr = new Uint8Array(1);
+            while (r === 0) {
+                crypto.getRandomValues(arr);
+                r = arr[0];
+            }
+        } else {
+            while (r === 0) {
+                r = Math.floor(Math.random() * 255) + 1;
+            }
+        }
+        padded[2 + i] = r;
+    }
+
+    padded[2 + padLen] = 0x00;
+    for (let i = 0; i < data.length; i++) {
+        padded[3 + padLen + i] = data[i];
+    }
+
+    return padded;
+};
+
+// ============ RSA Encryption Config ============
+
+const RSA_CONFIG = {
+    modulus:
+        '009c7b3ba621a26c4b02f48cfc07ef6ee0aed8e12b4bd11c5cc0abf80d5206be69e1891e60fc88e2d565e2fabe4d0cf630e318a6c721c3ded718d0c530cdf050387ad0a30a336899bbda877d0ec7c7c3ffe693988bfae0ffbab71b25468c7814924f022cb5fda36e0d2c30a7161fa1c6fb5fbd7d05adbef7e68d48f8b6c5f511827c4b1c5ed15b6f20555affc4d0857ef7ab2b5c18ba22bea5d3a79bd1834badb5878d8c7a4b19da20c1f62340b1f7fbf01d2f2e97c9714a9df376ac0ea58072b2b77aeb7872b54a89667519de44d0fc73540beeaec4cb778a45eebfbefe2d817a8a8319b2bc6d9fa714f5289ec7c0dbc43496d71cf2a642cb679b0fc4072fd2cf',
+    publicExponent: '010001',
+};
+
+// ============ Public API ============
+
+export interface AuthDataParams {
+    version: string;
+    pan: string;
+    pin: string;
+    expiryDate: string;
+    cvv: string;
+}
+
+/**
+ * Generates encrypted auth data for card payment
+ * Uses pure JavaScript RSA — no Node.js crypto dependency
+ *
+ * @param params - Card details for encryption
+ * @returns Base64 encoded encrypted auth data
+ */
+export const generateAuthData = async ({
+    version,
+    pan,
+    pin,
+    expiryDate,
+    cvv,
+}: AuthDataParams): Promise<string> => {
+    try {
+        // Build the cipher text
+        const authDataCipher = `${version}Z${pan}Z${pin}Z${expiryDate}Z${cvv}`;
+        const messageBytes = hexToBytes(toHex(authDataCipher));
+
+        // Parse RSA public key
+        const modulus = RSABigInt.fromHex(RSA_CONFIG.modulus);
+        const exponent = RSABigInt.fromHex(RSA_CONFIG.publicExponent);
+
+        // Determine key size in bytes
+        const keyByteLen = Math.ceil(modulus.bitLength() / 8);
+
+        // Apply PKCS#1 v1.5 padding
+        const padded = pkcs1Pad(messageBytes, keyByteLen);
+
+        // Convert padded message to BigInt
+        const m = RSABigInt.fromBytes(padded);
+
+        // RSA encrypt: c = m^e mod n
+        const c = m.modPow(exponent, modulus);
+
+        // Convert result to bytes (padded to key length)
+        const encryptedBytes = c.toBytes(keyByteLen);
+
+        // Base64 encode
+        return bytesToBase64(encryptedBytes);
+    } catch (error) {
+        console.error('[VoxePay] Encryption error:', error);
+        throw new Error('Failed to encrypt card data');
+    }
+};
+
+/**
+ * Converts MM/YY format to YYMM format required by API
+ */
+export const formatExpiryForApi = (expiry: string): string => {
+    const cleaned = expiry.replace(/\s|\//g, '');
+    if (cleaned.length !== 4) return '';
+    const month = cleaned.substring(0, 2);
+    const year = cleaned.substring(2, 4);
+    return `${year}${month}`;
+};
+
+/**
+ * Removes spaces and formatting from PAN
+ */
+export const cleanPan = (pan: string): string => {
+    return pan.replace(/\s/g, '');
+};

package/src/utils/formatter.ts

@@ -0,0 +1,71 @@
+/**
+ * Input formatting utilities for VoxePay Checkout
+ */
+
+/**
+ * Format card number with spaces every 4 digits
+ */
+export function formatCardNumber(value: string): string {
+    const cleaned = value.replace(/\D/g, '');
+    const groups = cleaned.match(/.{1,4}/g) || [];
+    return groups.join(' ').slice(0, 23); // Max: 19 digits + 4 spaces
+}
+
+/**
+ * Format expiry date as MM/YY
+ */
+export function formatExpiry(value: string): string {
+    const cleaned = value.replace(/\D/g, '');
+
+    if (cleaned.length === 0) return '';
+    if (cleaned.length === 1) {
+        return parseInt(cleaned) > 1 ? `0${cleaned}` : cleaned;
+    }
+    if (cleaned.length === 2) {
+        const month = parseInt(cleaned);
+        if (month > 12) return '12';
+        if (month === 0) return '01';
+        return cleaned;
+    }
+
+    const month = cleaned.slice(0, 2);
+    const year = cleaned.slice(2, 4);
+    return `${month}/${year}`;
+}
+
+/**
+ * Format CVV (numbers only, max 4 digits)
+ */
+export function formatCVV(value: string): string {
+    return value.replace(/\D/g, '').slice(0, 4);
+}
+
+/**
+ * Format currency amount
+ */
+export function formatAmount(amount: number, currency: string): string {
+    const formatter = new Intl.NumberFormat('en-US', {
+        style: 'currency',
+        currency: currency,
+        minimumFractionDigits: 2,
+    });
+
+    // Convert from smallest unit (cents/kobo) to main unit
+    return formatter.format(amount / 100);
+}
+
+/**
+ * Get currency symbol
+ */
+export function getCurrencySymbol(currency: string): string {
+    const symbols: Record<string, string> = {
+        NGN: '₦',
+        USD: '$',
+        EUR: '€',
+        GBP: '£',
+        GHS: '₵',
+        KES: 'KSh',
+        ZAR: 'R',
+    };
+    return symbols[currency.toUpperCase()] || currency;
+}