@waku/rln 0.0.1 → 0.0.2-ce9a6ae.0

package/src/identity.ts

@@ -0,0 +1,101 @@
+import { arrayify } from "@ethersproject/bytes";
+import { keccak256 } from "@ethersproject/keccak256";
+import { Poseidon } from "@iden3/js-crypto";
+import { streamXOR } from "@stablelib/chacha";
+
+import { buildBigIntFromUint8Array } from "./utils/index.js";
+
+// BN254 curve field size (Snark friendly curve)
+const BN254_FIELD_SIZE = BigInt(
+  "21888242871839275222246405745257275088548364400416034343698204186575808495617"
+);
+
+export class IdentityCredential {
+  public constructor(
+    public readonly IDTrapdoor: Uint8Array,
+    public readonly IDNullifier: Uint8Array,
+    public readonly IDSecretHash: Uint8Array,
+    public readonly IDCommitment: Uint8Array,
+    public readonly IDCommitmentBigInt: bigint
+  ) {}
+
+  public static fromBytes(memKeys: Uint8Array): IdentityCredential {
+    if (memKeys.length < 128) {
+      throw new Error("Invalid memKeys length - must be at least 128 bytes");
+    }
+
+    const idTrapdoor = memKeys.subarray(0, 32);
+    const idNullifier = memKeys.subarray(32, 64);
+    const idSecretHash = memKeys.subarray(64, 96);
+    const idCommitment = memKeys.subarray(96, 128);
+    const idCommitmentBigInt = buildBigIntFromUint8Array(idCommitment, 32);
+
+    return new IdentityCredential(
+      idTrapdoor,
+      idNullifier,
+      idSecretHash,
+      idCommitment,
+      idCommitmentBigInt
+    );
+  }
+
+  /**
+   * Normalizes a bigint to be within the BN254 field size
+   * @param value The bigint value to normalize
+   * @returns A bigint value that is within the field size
+   */
+  private static normalizeToFieldSize(value: bigint): bigint {
+    // Apply modulo operation to ensure the value is within the field
+    return value % BN254_FIELD_SIZE;
+  }
+
+  public static generateSeeded(signature: Uint8Array): IdentityCredential {
+    try {
+      // Generate deterministic seed from signature
+      const seed = arrayify(keccak256(signature));
+
+      // Use ChaCha for deterministic randomness (as in Rust code)
+      const nonce = new Uint8Array(12);
+      const idSecretHash = new Uint8Array(32);
+      streamXOR(seed, nonce, idSecretHash, idSecretHash);
+
+      // Convert to bigint for Poseidon
+      const secretBigInt = BigInt(
+        "0x" + Buffer.from(idSecretHash).toString("hex")
+      );
+
+      // Normalize the value to be within the field size
+      const normalizedSecretBigInt = this.normalizeToFieldSize(secretBigInt);
+
+      // Generate commitment using Poseidon with normalized value
+      const idCommitmentBigInt = Poseidon.hash([normalizedSecretBigInt]);
+
+      // Convert commitment back to Uint8Array
+      const idCommitment = arrayify(
+        "0x" + idCommitmentBigInt.toString(16).padStart(64, "0")
+      );
+
+      // Generate deterministic trapdoor and nullifier from the secret hash
+      const idTrapdoor = new Uint8Array(32);
+      const idNullifier = new Uint8Array(32);
+      streamXOR(idSecretHash, nonce, idTrapdoor, idTrapdoor);
+      streamXOR(idTrapdoor, nonce, idNullifier, idNullifier);
+
+      return new IdentityCredential(
+        idTrapdoor,
+        idNullifier,
+        idSecretHash,
+        idCommitment,
+        idCommitmentBigInt
+      );
+    } catch (error) {
+      // Additional fallback for any other errors
+      if (error instanceof Error) {
+        throw new Error(
+          `Failed to generate identity credential: ${error.message}`
+        );
+      }
+      throw error;
+    }
+  }
+}

package/src/index.ts

@@ -1,11 +1,25 @@
-import { RLNInstance } from "./rln";
+import { RLNDecoder, RLNEncoder } from "./codec.js";
+import { RLN_V2_ABI } from "./contract/abi/rlnv2.js";
+import { RLNContract, SEPOLIA_CONTRACT } from "./contract/index.js";
+import { createRLN } from "./create.js";
+import { IdentityCredential } from "./identity.js";
+import { Keystore } from "./keystore/index.js";
+import { Proof } from "./proof.js";
+import { RLNInstance } from "./rln.js";
+import { MerkleRootTracker } from "./root_tracker.js";
+import { extractMetaMaskSigner } from "./utils/index.js";
 
-// reexport the create function, dynamically imported from rln.ts
-export async function create(): Promise<RLNInstance> {
-  // A dependency graph that contains any wasm must all be imported
-  // asynchronously. This file does the single async import, so
-  // that no one else needs to worry about it again.
-  const rlnModule = await import("./rln");
-
-  return await rlnModule.create();
-}
+export {
+  createRLN,
+  Keystore,
+  RLNInstance,
+  IdentityCredential,
+  Proof,
+  RLNEncoder,
+  RLNDecoder,
+  MerkleRootTracker,
+  RLNContract,
+  SEPOLIA_CONTRACT,
+  extractMetaMaskSigner,
+  RLN_V2_ABI
+};

package/src/keystore/cipher.ts

@@ -0,0 +1,54 @@
+import type { IKeystore as IEipKeystore } from "@chainsafe/bls-keystore";
+import { cipherDecrypt } from "@chainsafe/bls-keystore/lib/cipher";
+import { kdf } from "@chainsafe/bls-keystore/lib/kdf";
+import { normalizePassword } from "@chainsafe/bls-keystore/lib/password";
+import { keccak256 } from "ethereum-cryptography/keccak";
+import {
+  bytesToHex,
+  concatBytes,
+  hexToBytes
+} from "ethereum-cryptography/utils";
+
+import type { Keccak256Hash, Password } from "./types.js";
+
+// eipKeystore supports only sha256 checksum so we just make an assumption it is keccak256
+const validateChecksum = async (
+  password: Password,
+  eipKeystore: IEipKeystore
+): Promise<boolean> => {
+  const computedChecksum = await keccak256Checksum(password, eipKeystore);
+  return computedChecksum === eipKeystore.crypto.checksum.message;
+};
+
+// decrypt from @chainsafe/bls-keystore supports only sha256
+// but nwaku uses keccak256
+// https://github.com/waku-org/nwaku/blob/25d6e52e3804d15f9b61bc4cc6dd448540c072a1/waku/waku_keystore/keyfile.nim#L367
+export const decryptEipKeystore = async (
+  password: Password,
+  eipKeystore: IEipKeystore
+): Promise<Uint8Array> => {
+  const decryptionKey = await kdf(
+    eipKeystore.crypto.kdf,
+    normalizePassword(password)
+  );
+  const isChecksumValid = await validateChecksum(password, eipKeystore);
+
+  if (!isChecksumValid) {
+    throw Error("Password is invalid.");
+  }
+
+  return cipherDecrypt(eipKeystore.crypto.cipher, decryptionKey.slice(0, 16));
+};
+
+export const keccak256Checksum = async (
+  password: Password,
+  eipKeystore: IEipKeystore
+): Promise<Keccak256Hash> => {
+  const key = await kdf(eipKeystore.crypto.kdf, normalizePassword(password));
+  const payload = concatBytes(
+    key.slice(16),
+    hexToBytes(eipKeystore.crypto.cipher.message)
+  );
+  const ciphertext = keccak256(payload);
+  return bytesToHex(ciphertext);
+};

package/src/keystore/credential_validation_generated.ts

@@ -0,0 +1,7 @@
+/* eslint eslint-comments/no-unlimited-disable: "off" */
+// This file was generated by /scripts/schema-validation-codegen.ts
+// Do not modify this file by hand.
+
+/* eslint-disable */
+// @ts-ignore
+"use strict";export const Credential = validate11;const schema12 = {"type":"object","properties":{"crypto":{"type":"object","properties":{"cipher":{"type":"string"},"cipherparams":{"type":"object"},"ciphertext":{"type":"string"},"kdf":{"type":"string"},"kdfparams":{"type":"object"},"mac":{"type":"string"}},"required":["cipher","cipherparams","ciphertext","kdf","kdfparams","mac"]}},"required":["crypto"]};function validate11(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(data && typeof data == "object" && !Array.isArray(data)){let missing0;if((data.crypto === undefined) && (missing0 = "crypto")){validate11.errors = [{instancePath,schemaPath:"#/required",keyword:"required",params:{missingProperty: missing0},message:"must have required property '"+missing0+"'"}];return false;}else {if(data.crypto !== undefined){let data0 = data.crypto;const _errs1 = errors;if(errors === _errs1){if(data0 && typeof data0 == "object" && !Array.isArray(data0)){let missing1;if(((((((data0.cipher === undefined) && (missing1 = "cipher")) || ((data0.cipherparams === undefined) && (missing1 = "cipherparams"))) || ((data0.ciphertext === undefined) && (missing1 = "ciphertext"))) || ((data0.kdf === undefined) && (missing1 = "kdf"))) || ((data0.kdfparams === undefined) && (missing1 = "kdfparams"))) || ((data0.mac === undefined) && (missing1 = "mac"))){validate11.errors = [{instancePath:instancePath+"/crypto",schemaPath:"#/properties/crypto/required",keyword:"required",params:{missingProperty: missing1},message:"must have required property '"+missing1+"'"}];return false;}else {if(data0.cipher !== undefined){const _errs3 = errors;if(typeof data0.cipher !== "string"){validate11.errors = [{instancePath:instancePath+"/crypto/cipher",schemaPath:"#/properties/crypto/properties/cipher/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}var valid1 = _errs3 === errors;}else {var valid1 = true;}if(valid1){if(data0.cipherparams !== undefined){let data2 = data0.cipherparams;const _errs5 = errors;if(!(data2 && typeof data2 == "object" && !Array.isArray(data2))){validate11.errors = [{instancePath:instancePath+"/crypto/cipherparams",schemaPath:"#/properties/crypto/properties/cipherparams/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}var valid1 = _errs5 === errors;}else {var valid1 = true;}if(valid1){if(data0.ciphertext !== undefined){const _errs7 = errors;if(typeof data0.ciphertext !== "string"){validate11.errors = [{instancePath:instancePath+"/crypto/ciphertext",schemaPath:"#/properties/crypto/properties/ciphertext/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}var valid1 = _errs7 === errors;}else {var valid1 = true;}if(valid1){if(data0.kdf !== undefined){const _errs9 = errors;if(typeof data0.kdf !== "string"){validate11.errors = [{instancePath:instancePath+"/crypto/kdf",schemaPath:"#/properties/crypto/properties/kdf/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}var valid1 = _errs9 === errors;}else {var valid1 = true;}if(valid1){if(data0.kdfparams !== undefined){let data5 = data0.kdfparams;const _errs11 = errors;if(!(data5 && typeof data5 == "object" && !Array.isArray(data5))){validate11.errors = [{instancePath:instancePath+"/crypto/kdfparams",schemaPath:"#/properties/crypto/properties/kdfparams/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}var valid1 = _errs11 === errors;}else {var valid1 = true;}if(valid1){if(data0.mac !== undefined){const _errs13 = errors;if(typeof data0.mac !== "string"){validate11.errors = [{instancePath:instancePath+"/crypto/mac",schemaPath:"#/properties/crypto/properties/mac/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}var valid1 = _errs13 === errors;}else {var valid1 = true;}}}}}}}}else {validate11.errors = [{instancePath:instancePath+"/crypto",schemaPath:"#/properties/crypto/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}}}}else {validate11.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}validate11.errors = vErrors;return errors === 0;}

package/src/keystore/index.ts

@@ -0,0 +1,5 @@
+import { Keystore } from "./keystore.js";
+import type { DecryptedCredentials, EncryptedCredentials } from "./types.js";
+
+export { Keystore };
+export type { EncryptedCredentials, DecryptedCredentials };

package/src/keystore/keystore.ts

@@ -0,0 +1,330 @@
+import type {
+  ICipherModule,
+  IKeystore as IEipKeystore,
+  IPbkdf2KdfModule
+} from "@chainsafe/bls-keystore";
+import { create as createEipKeystore } from "@chainsafe/bls-keystore";
+import { Logger } from "@waku/utils";
+import { sha256 } from "ethereum-cryptography/sha256";
+import {
+  bytesToHex,
+  bytesToUtf8,
+  utf8ToBytes
+} from "ethereum-cryptography/utils";
+import _ from "lodash";
+import { v4 as uuidV4 } from "uuid";
+
+import { buildBigIntFromUint8Array } from "../utils/bytes.js";
+
+import { decryptEipKeystore, keccak256Checksum } from "./cipher.js";
+import { isCredentialValid, isKeystoreValid } from "./schema_validator.js";
+import type {
+  Keccak256Hash,
+  KeystoreEntity,
+  MembershipHash,
+  MembershipInfo,
+  Password,
+  Sha256Hash
+} from "./types.js";
+
+const log = new Logger("waku:rln:keystore");
+
+type NwakuCredential = {
+  crypto: {
+    cipher: ICipherModule["function"];
+    cipherparams: ICipherModule["params"];
+    ciphertext: ICipherModule["message"];
+    kdf: IPbkdf2KdfModule["function"];
+    kdfparams: IPbkdf2KdfModule["params"];
+    mac: Sha256Hash;
+  };
+};
+
+// examples from nwaku
+// https://github.com/waku-org/nwaku/blob/f05528d4be3d3c876a8b07f9bb7dfaae8aa8ec6e/tests/test_waku_keystore.nim#L43
+// https://github.com/waku-org/nwaku/blob/f05528d4be3d3c876a8b07f9bb7dfaae8aa8ec6e/waku/waku_keystore/keystore.nim#L154C35-L154C38
+// important: each credential has it's own password
+// important: not compatible with https://eips.ethereum.org/EIPS/eip-2335
+interface NwakuKeystore {
+  application: string;
+  version: string;
+  appIdentifier: string;
+  credentials: {
+    [key: MembershipHash]: NwakuCredential;
+  };
+}
+
+type KeystoreCreateOptions = {
+  application?: string;
+  version?: string;
+  appIdentifier?: string;
+};
+
+export class Keystore {
+  private data: NwakuKeystore;
+
+  private constructor(options: KeystoreCreateOptions | NwakuKeystore) {
+    this.data = Object.assign(
+      {
+        application: "waku-rln-relay",
+        appIdentifier: "01234567890abcdef",
+        version: "0.2",
+        credentials: {}
+      },
+      options
+    );
+  }
+
+  public static create(options: KeystoreCreateOptions = {}): Keystore {
+    return new Keystore(options);
+  }
+
+  // should be valid JSON string that contains Keystore file
+  // https://github.com/waku-org/nwaku/blob/f05528d4be3d3c876a8b07f9bb7dfaae8aa8ec6e/waku/waku_keystore/keyfile.nim#L376
+  public static fromString(str: string): undefined | Keystore {
+    try {
+      const obj = JSON.parse(str);
+
+      if (!Keystore.isValidNwakuStore(obj)) {
+        throw Error("Invalid string, does not match Nwaku Keystore format.");
+      }
+
+      return new Keystore(obj);
+    } catch (err) {
+      log.error("Cannot create Keystore from string:", err);
+      return;
+    }
+  }
+
+  public static fromObject(obj: NwakuKeystore): Keystore {
+    if (!Keystore.isValidNwakuStore(obj)) {
+      throw Error("Invalid object, does not match Nwaku Keystore format.");
+    }
+
+    return new Keystore(obj);
+  }
+
+  public async addCredential(
+    options: KeystoreEntity,
+    password: Password
+  ): Promise<MembershipHash> {
+    const membershipHash: MembershipHash = Keystore.computeMembershipHash(
+      options.membership
+    );
+
+    if (this.data.credentials[membershipHash]) {
+      throw Error("Credential already exists in the store.");
+    }
+
+    // these are not important
+    const stubPath = "/stub/path";
+    const stubPubkey = new Uint8Array([0]);
+    const secret = Keystore.fromIdentityToBytes(options);
+
+    const eipKeystore = await createEipKeystore(
+      password,
+      secret,
+      stubPubkey,
+      stubPath
+    );
+    // need to re-compute checksum since nwaku uses keccak256 instead of sha256
+    const checksum = await keccak256Checksum(password, eipKeystore);
+    const nwakuCredential = Keystore.fromEipToCredential(eipKeystore, checksum);
+
+    this.data.credentials[membershipHash] = nwakuCredential;
+    return membershipHash;
+  }
+
+  public async readCredential(
+    membershipHash: MembershipHash,
+    password: Password
+  ): Promise<undefined | KeystoreEntity> {
+    const nwakuCredential = this.data.credentials[membershipHash];
+
+    if (!nwakuCredential) {
+      return;
+    }
+
+    const eipKeystore = Keystore.fromCredentialToEip(nwakuCredential);
+    const bytes = await decryptEipKeystore(password, eipKeystore);
+
+    return Keystore.fromBytesToIdentity(bytes);
+  }
+
+  public removeCredential(hash: MembershipHash): void {
+    if (!this.data.credentials[hash]) {
+      return;
+    }
+
+    delete this.data.credentials[hash];
+  }
+
+  public toString(): string {
+    return JSON.stringify(this.data);
+  }
+
+  public toObject(): NwakuKeystore {
+    return this.data;
+  }
+
+  /**
+   * Read array of hashes of current credentials
+   * @returns array of keys of credentials in current Keystore
+   */
+  public keys(): string[] {
+    return Object.keys(this.toObject().credentials || {});
+  }
+
+  private static isValidNwakuStore(obj: unknown): boolean {
+    if (!isKeystoreValid(obj)) {
+      return false;
+    }
+
+    const areCredentialsValid = Object.values(_.get(obj, "credentials", {}))
+      .map((c) => isCredentialValid(c))
+      .every((v) => v);
+
+    return areCredentialsValid;
+  }
+
+  private static fromCredentialToEip(
+    credential: NwakuCredential
+  ): IEipKeystore {
+    const nwakuCrypto = credential.crypto;
+    const eipCrypto: IEipKeystore["crypto"] = {
+      kdf: {
+        function: nwakuCrypto.kdf,
+        params: nwakuCrypto.kdfparams,
+        message: ""
+      },
+      cipher: {
+        function: nwakuCrypto.cipher,
+        params: nwakuCrypto.cipherparams,
+        message: nwakuCrypto.ciphertext
+      },
+      checksum: {
+        // @chainsafe/bls-keystore supports only sha256
+        // but nwaku uses keccak256
+        // https://github.com/waku-org/nwaku/blob/25d6e52e3804d15f9b61bc4cc6dd448540c072a1/waku/waku_keystore/keyfile.nim#L367
+        function: "sha256",
+        params: {},
+        message: nwakuCrypto.mac
+      }
+    };
+
+    return {
+      version: 4,
+      uuid: uuidV4(),
+      description: undefined,
+      path: "safe to ignore, not important for decrypt",
+      pubkey: "safe to ignore, not important for decrypt",
+      crypto: eipCrypto
+    };
+  }
+
+  private static fromEipToCredential(
+    eipKeystore: IEipKeystore,
+    checksum: Keccak256Hash
+  ): NwakuCredential {
+    const eipCrypto = eipKeystore.crypto;
+    const eipKdf = eipCrypto.kdf as IPbkdf2KdfModule;
+    return {
+      crypto: {
+        cipher: eipCrypto.cipher.function,
+        cipherparams: eipCrypto.cipher.params,
+        ciphertext: eipCrypto.cipher.message,
+        kdf: eipKdf.function,
+        kdfparams: eipKdf.params,
+        // @chainsafe/bls-keystore generates only sha256
+        // but nwaku uses keccak256
+        // https://github.com/waku-org/nwaku/blob/25d6e52e3804d15f9b61bc4cc6dd448540c072a1/waku/waku_keystore/keyfile.nim#L367
+        mac: checksum
+      }
+    };
+  }
+
+  private static fromBytesToIdentity(
+    bytes: Uint8Array
+  ): undefined | KeystoreEntity {
+    try {
+      const str = bytesToUtf8(bytes);
+      const obj = JSON.parse(str);
+
+      // TODO: add runtime validation of nwaku credentials
+      return {
+        identity: {
+          IDCommitment: Keystore.fromArraylikeToBytes(
+            _.get(obj, "identityCredential.idCommitment", [])
+          ),
+          IDTrapdoor: Keystore.fromArraylikeToBytes(
+            _.get(obj, "identityCredential.idTrapdoor", [])
+          ),
+          IDNullifier: Keystore.fromArraylikeToBytes(
+            _.get(obj, "identityCredential.idNullifier", [])
+          ),
+          IDCommitmentBigInt: buildBigIntFromUint8Array(
+            Keystore.fromArraylikeToBytes(
+              _.get(obj, "identityCredential.idCommitment", [])
+            )
+          ),
+          IDSecretHash: Keystore.fromArraylikeToBytes(
+            _.get(obj, "identityCredential.idSecretHash", [])
+          )
+        },
+        membership: {
+          treeIndex: _.get(obj, "treeIndex"),
+          chainId: _.get(obj, "membershipContract.chainId"),
+          address: _.get(obj, "membershipContract.address")
+        }
+      };
+    } catch (err) {
+      log.error("Cannot parse bytes to Nwaku Credentials:", err);
+      return;
+    }
+  }
+
+  private static fromArraylikeToBytes(obj: {
+    [key: number]: number;
+  }): Uint8Array {
+    const bytes = [];
+
+    let index = 0;
+    let lastElement = obj[index];
+
+    while (lastElement !== undefined) {
+      bytes.push(lastElement);
+      index += 1;
+      lastElement = obj[index];
+    }
+
+    return new Uint8Array(bytes);
+  }
+
+  // follows nwaku implementation
+  // https://github.com/waku-org/nwaku/blob/f05528d4be3d3c876a8b07f9bb7dfaae8aa8ec6e/waku/waku_keystore/protocol_types.nim#L111
+  private static computeMembershipHash(info: MembershipInfo): MembershipHash {
+    return bytesToHex(
+      sha256(utf8ToBytes(`${info.chainId}${info.address}${info.treeIndex}`))
+    ).toUpperCase();
+  }
+
+  // follows nwaku implementation
+  // https://github.com/waku-org/nwaku/blob/f05528d4be3d3c876a8b07f9bb7dfaae8aa8ec6e/waku/waku_keystore/protocol_types.nim#L98
+  private static fromIdentityToBytes(options: KeystoreEntity): Uint8Array {
+    return utf8ToBytes(
+      JSON.stringify({
+        treeIndex: options.membership.treeIndex,
+        identityCredential: {
+          idCommitment: options.identity.IDCommitment,
+          idNullifier: options.identity.IDNullifier,
+          idSecretHash: options.identity.IDSecretHash,
+          idTrapdoor: options.identity.IDTrapdoor
+        },
+        membershipContract: {
+          chainId: options.membership.chainId,
+          address: options.membership.address
+        }
+      })
+    );
+  }
+}

package/src/keystore/keystore_validation_generated.ts

@@ -0,0 +1,7 @@
+/* eslint eslint-comments/no-unlimited-disable: "off" */
+// This file was generated by /scripts/schema-validation-codegen.ts
+// Do not modify this file by hand.
+
+/* eslint-disable */
+// @ts-ignore
+"use strict";export const Keystore = validate11;const schema12 = {"type":"object","properties":{"credentials":{"type":"object"},"appIdentifier":{"type":"string"},"version":{"type":"string"},"application":{"type":"string"}},"required":["application","appIdentifier","credentials","version"]};function validate11(data, {instancePath="", parentData, parentDataProperty, rootData=data}={}){let vErrors = null;let errors = 0;if(errors === 0){if(data && typeof data == "object" && !Array.isArray(data)){let missing0;if(((((data.application === undefined) && (missing0 = "application")) || ((data.appIdentifier === undefined) && (missing0 = "appIdentifier"))) || ((data.credentials === undefined) && (missing0 = "credentials"))) || ((data.version === undefined) && (missing0 = "version"))){validate11.errors = [{instancePath,schemaPath:"#/required",keyword:"required",params:{missingProperty: missing0},message:"must have required property '"+missing0+"'"}];return false;}else {if(data.credentials !== undefined){let data0 = data.credentials;const _errs1 = errors;if(!(data0 && typeof data0 == "object" && !Array.isArray(data0))){validate11.errors = [{instancePath:instancePath+"/credentials",schemaPath:"#/properties/credentials/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}var valid0 = _errs1 === errors;}else {var valid0 = true;}if(valid0){if(data.appIdentifier !== undefined){const _errs3 = errors;if(typeof data.appIdentifier !== "string"){validate11.errors = [{instancePath:instancePath+"/appIdentifier",schemaPath:"#/properties/appIdentifier/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}var valid0 = _errs3 === errors;}else {var valid0 = true;}if(valid0){if(data.version !== undefined){const _errs5 = errors;if(typeof data.version !== "string"){validate11.errors = [{instancePath:instancePath+"/version",schemaPath:"#/properties/version/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}var valid0 = _errs5 === errors;}else {var valid0 = true;}if(valid0){if(data.application !== undefined){const _errs7 = errors;if(typeof data.application !== "string"){validate11.errors = [{instancePath:instancePath+"/application",schemaPath:"#/properties/application/type",keyword:"type",params:{type: "string"},message:"must be string"}];return false;}var valid0 = _errs7 === errors;}else {var valid0 = true;}}}}}}else {validate11.errors = [{instancePath,schemaPath:"#/type",keyword:"type",params:{type: "object"},message:"must be object"}];return false;}}validate11.errors = vErrors;return errors === 0;}

package/src/keystore/schema_validator.ts

@@ -0,0 +1,34 @@
+import { Credential as _validateCredentialGenerated } from "./credential_validation_generated.js";
+import { Keystore as _validateKeystoreGenerated } from "./keystore_validation_generated.js";
+
+type ErrorObject = {
+  instancePath: string;
+  schemaPath: string;
+  keyword: string;
+  params: object;
+  message: string;
+};
+
+type ValidatorFn = ((data: unknown) => boolean) & { errors: ErrorObject[] };
+
+const _validateKeystore = _validateKeystoreGenerated as ValidatorFn;
+const _validateCredential = _validateCredentialGenerated as ValidatorFn;
+
+function schemaValidationErrors(
+  validator: ValidatorFn,
+  data: unknown
+): ErrorObject[] | null {
+  const validated = validator(data);
+  if (validated) {
+    return null;
+  }
+  return validator.errors;
+}
+
+export function isKeystoreValid(keystore: unknown): boolean {
+  return !schemaValidationErrors(_validateKeystore, keystore);
+}
+
+export function isCredentialValid(credential: unknown): boolean {
+  return !schemaValidationErrors(_validateCredential, credential);
+}

package/src/keystore/types.ts

@@ -0,0 +1,36 @@
+import type { IdentityCredential } from "../identity.js";
+
+export type MembershipHash = string;
+export type Sha256Hash = string;
+export type Keccak256Hash = string;
+export type Password = string | Uint8Array;
+
+// see reference
+// https://github.com/waku-org/nwaku/blob/f05528d4be3d3c876a8b07f9bb7dfaae8aa8ec6e/waku/waku_keystore/protocol_types.nim#L111
+export type MembershipInfo = {
+  chainId: number;
+  address: string;
+  treeIndex: number;
+};
+
+export type KeystoreEntity = {
+  identity: IdentityCredential;
+  membership: MembershipInfo;
+};
+
+export type DecryptedCredentials = KeystoreEntity;
+
+export type EncryptedCredentials = {
+  /**
+   * Valid JSON string that contains Keystore
+   */
+  keystore: string;
+  /**
+   * ID of credentials from provided Keystore to use
+   */
+  id: string;
+  /**
+   * Password to decrypt credentials provided
+   */
+  password: Password;
+};