pwc-sdk-wallet 0.8.2 → 0.8.3

package/README.md

@@ -1881,6 +1881,9 @@ console.log('New account address:', newAccount.address);
 // Add a new Solana account
 const newSolanaAccount = await vault.addNewSolanaAccount();
 console.log('New Solana account:', newSolanaAccount.address);
+
+// Note: All Solana accounts are automatically persisted when you encrypt and save the vault.
+// When you load the vault later, all previously added accounts will be restored.
 ```
 
 #### Add New TRON Account

package/dist/keyrings/SolanaKeyring.d.ts

@@ -1,4 +1,12 @@
 import { Keypair } from '@solana/web3.js';
+/**
+ * Serialized keyring data structure
+ */
+export interface SerializedSolanaKeyring {
+    type: 'Solana';
+    mnemonic: string;
+    accounts: string[];
+}
 /**
  * Solana keyring for managing multiple Solana accounts
  * derived from a single mnemonic phrase using BIP-44 derivation paths.
@@ -9,12 +17,25 @@ export declare class SolanaKeyring {
     private keypairs;
     accounts: string[];
     private mnemonic;
+    private seed;
+    private static seedCache;
+    private static readonly ERROR_INVALID_MNEMONIC;
+    private static readonly ERROR_INVALID_INDEX;
+    private static readonly ERROR_DUPLICATE_ACCOUNT;
+    private static readonly ERROR_ADDRESS_NOT_FOUND;
+    private static readonly ERROR_INVALID_DESERIALIZE;
+    private static readonly ERROR_ADDRESS_MISMATCH;
     /**
      * Creates a new SolanaKeyring instance from a mnemonic phrase.
      * @param mnemonic - The mnemonic phrase (12, 15, 18, 21, or 24 words)
      * @throws Error if the mnemonic is invalid
      */
     constructor(mnemonic: string);
+    /**
+     * Gets or generates the seed for this keyring, using cache when available.
+     * @returns The seed buffer
+     */
+    private getSeed;
     /**
      * Initializes the keyring by generating the seed and creating the first account.
      * @param mnemonic - The mnemonic phrase to initialize from
@@ -23,21 +44,28 @@ export declare class SolanaKeyring {
     /**
      * Derives a Solana keypair at a specific index using BIP-44 derivation.
      * @param seed - The seed buffer to derive from
-     * @param index - The account index to derive (0-based)
+     * @param index - The account index to derive (0-based, must be non-negative integer)
      * @returns The derived Solana keypair
+     * @throws Error if index is invalid
      */
-    private deriveKeypair;
+    private static deriveKeypair;
     /**
      * Adds a new Solana account derived from the mnemonic at the next available index.
      * @returns Promise resolving to the public key address of the newly created account
      * @throws Error if account derivation fails or duplicate address is generated
      */
     addNewAccount(): Promise<string>;
+    /**
+     * Validates a Solana address format.
+     * @param address - The address to validate
+     * @returns True if the address is valid, false otherwise
+     */
+    static isValidAddress(address: string): boolean;
     /**
      * Gets the private key for a given address managed by this keyring.
      * @param address - The account's public key address to get the private key for
      * @returns Promise resolving to the private key as a hex string
-     * @throws Error if the address is not found in this keyring
+     * @throws Error if the address is not found in this keyring or is invalid
      */
     getPrivateKeyForAddress(address: string): Promise<string>;
     /**
@@ -47,9 +75,9 @@ export declare class SolanaKeyring {
     getMnemonic(): string;
     /**
      * Serializes the keyring data for encryption and storage.
-     * @returns An object containing the keyring type and mnemonic
+     * @returns An object containing the keyring type, mnemonic, and accounts
      */
-    serialize(): any;
+    serialize(): SerializedSolanaKeyring;
     /**
      * Deserializes data into a SolanaKeyring instance.
      * @param data - The serialized keyring data
@@ -61,6 +89,7 @@ export declare class SolanaKeyring {
      * Gets the Solana keypair for a given address.
      * @param address - The account's public key address
      * @returns The Solana keypair or undefined if not found
+     * @throws Error if the address format is invalid
      */
     getKeypair(address: string): Keypair | undefined;
     /**
@@ -68,4 +97,20 @@ export declare class SolanaKeyring {
      * @returns Array of all Solana keypairs
      */
     getAllKeypairs(): Keypair[];
+    /**
+     * Clears sensitive data from memory.
+     * This should be called when the keyring is no longer needed to help prevent memory dumps.
+     * Note: This does not clear the seed cache, only instance-specific data.
+     */
+    clearSensitiveData(): void;
+    /**
+     * Clears the seed cache to free up memory.
+     * Call this when you want to clear sensitive data from memory.
+     */
+    static clearSeedCache(): void;
+    /**
+     * Gets the cache size for debugging purposes.
+     * @returns Number of cached seeds
+     */
+    static getSeedCacheSize(): number;
 }

package/dist/keyrings/SolanaKeyring.js

@@ -39,6 +39,7 @@ const ed25519_hd_key_1 = require("ed25519-hd-key");
 const bip39 = __importStar(require("bip39"));
 const buffer_1 = require("buffer");
 const chains_1 = require("../config/chains");
+const EncryptionService_1 = require("../crypto/EncryptionService");
 /**
  * Solana keyring for managing multiple Solana accounts
  * derived from a single mnemonic phrase using BIP-44 derivation paths.
@@ -54,29 +55,52 @@ class SolanaKeyring {
         this.type = 'Solana';
         this.keypairs = new Map();
         this.accounts = [];
-        if (!bip39.validateMnemonic(mnemonic)) {
-            throw new Error('Invalid mnemonic');
+        this.seed = null;
+        if (!EncryptionService_1.EncryptionService.validateMnemonic(mnemonic)) {
+            throw new Error(SolanaKeyring.ERROR_INVALID_MNEMONIC);
         }
         this.mnemonic = mnemonic;
         this.initializeFromMnemonic(mnemonic);
     }
+    /**
+     * Gets or generates the seed for this keyring, using cache when available.
+     * @returns The seed buffer
+     */
+    getSeed() {
+        if (this.seed) {
+            return this.seed;
+        }
+        // Check cache first
+        if (SolanaKeyring.seedCache.has(this.mnemonic)) {
+            this.seed = SolanaKeyring.seedCache.get(this.mnemonic);
+            return this.seed;
+        }
+        // Generate and cache seed
+        this.seed = bip39.mnemonicToSeedSync(this.mnemonic);
+        SolanaKeyring.seedCache.set(this.mnemonic, this.seed);
+        return this.seed;
+    }
     /**
      * Initializes the keyring by generating the seed and creating the first account.
      * @param mnemonic - The mnemonic phrase to initialize from
      */
     initializeFromMnemonic(mnemonic) {
-        const seed = bip39.mnemonicToSeedSync(mnemonic);
-        const firstKeypair = this.deriveKeypair(seed, 0);
+        const seed = this.getSeed();
+        const firstKeypair = SolanaKeyring.deriveKeypair(seed, 0);
         this.keypairs.set(firstKeypair.publicKey.toString(), firstKeypair);
         this.accounts.push(firstKeypair.publicKey.toString());
     }
     /**
      * Derives a Solana keypair at a specific index using BIP-44 derivation.
      * @param seed - The seed buffer to derive from
-     * @param index - The account index to derive (0-based)
+     * @param index - The account index to derive (0-based, must be non-negative integer)
      * @returns The derived Solana keypair
+     * @throws Error if index is invalid
      */
-    deriveKeypair(seed, index) {
+    static deriveKeypair(seed, index) {
+        if (!Number.isInteger(index) || index < 0) {
+            throw new Error(SolanaKeyring.ERROR_INVALID_INDEX);
+        }
         const path = `${chains_1.DERIVATION_PATHS.SOLANA.slice(0, -1)}${index}'`;
         const derivedSeed = (0, ed25519_hd_key_1.derivePath)(path, seed.toString('hex')).key;
         return web3_js_1.Keypair.fromSeed(derivedSeed);
@@ -88,25 +112,46 @@ class SolanaKeyring {
      */
     async addNewAccount() {
         const newIndex = this.accounts.length;
-        const seed = bip39.mnemonicToSeedSync(this.mnemonic);
-        const newKeypair = this.deriveKeypair(seed, newIndex);
-        if (this.accounts.includes(newKeypair.publicKey.toString())) {
-            throw new Error('Duplicate account derived. Please check derivation path logic.');
+        const seed = this.getSeed();
+        const newKeypair = SolanaKeyring.deriveKeypair(seed, newIndex);
+        const newAddress = newKeypair.publicKey.toString();
+        if (this.accounts.includes(newAddress)) {
+            throw new Error(SolanaKeyring.ERROR_DUPLICATE_ACCOUNT);
+        }
+        this.keypairs.set(newAddress, newKeypair);
+        this.accounts.push(newAddress);
+        return newAddress;
+    }
+    /**
+     * Validates a Solana address format.
+     * @param address - The address to validate
+     * @returns True if the address is valid, false otherwise
+     */
+    static isValidAddress(address) {
+        if (!address || typeof address !== 'string') {
+            return false;
+        }
+        try {
+            new web3_js_1.PublicKey(address);
+            return true;
+        }
+        catch {
+            return false;
         }
-        this.keypairs.set(newKeypair.publicKey.toString(), newKeypair);
-        this.accounts.push(newKeypair.publicKey.toString());
-        return newKeypair.publicKey.toString();
     }
     /**
      * Gets the private key for a given address managed by this keyring.
      * @param address - The account's public key address to get the private key for
      * @returns Promise resolving to the private key as a hex string
-     * @throws Error if the address is not found in this keyring
+     * @throws Error if the address is not found in this keyring or is invalid
      */
     async getPrivateKeyForAddress(address) {
+        if (!SolanaKeyring.isValidAddress(address)) {
+            throw new Error(`Invalid Solana address format: ${address}`);
+        }
         const keypair = this.keypairs.get(address);
         if (!keypair) {
-            throw new Error('Address not found in this keyring.');
+            throw new Error(SolanaKeyring.ERROR_ADDRESS_NOT_FOUND);
         }
         return buffer_1.Buffer.from(keypair.secretKey).toString('hex');
     }
@@ -119,12 +164,13 @@ class SolanaKeyring {
     }
     /**
      * Serializes the keyring data for encryption and storage.
-     * @returns An object containing the keyring type and mnemonic
+     * @returns An object containing the keyring type, mnemonic, and accounts
      */
     serialize() {
         return {
             type: this.type,
-            mnemonic: this.mnemonic
+            mnemonic: this.mnemonic,
+            accounts: [...this.accounts] // Return a copy to prevent external modification
         };
     }
     /**
@@ -135,17 +181,53 @@ class SolanaKeyring {
      */
     static async deserialize(data) {
         if (data.type !== 'Solana' || !data.mnemonic) {
-            throw new Error('Invalid data for SolanaKeyring deserialization.');
+            throw new Error(SolanaKeyring.ERROR_INVALID_DESERIALIZE);
         }
-        // Only restore mnemonic, do not restore accounts
-        return new SolanaKeyring(data.mnemonic);
+        // Validate mnemonic before creating keyring
+        if (!EncryptionService_1.EncryptionService.validateMnemonic(data.mnemonic)) {
+            throw new Error(`${SolanaKeyring.ERROR_INVALID_DESERIALIZE}: Invalid mnemonic`);
+        }
+        // Validate accounts array if present
+        if (data.accounts && !Array.isArray(data.accounts)) {
+            throw new Error(`${SolanaKeyring.ERROR_INVALID_DESERIALIZE}: Accounts must be an array`);
+        }
+        const keyring = new SolanaKeyring(data.mnemonic);
+        // If accounts were persisted, restore them. Otherwise, keep the first account from initialization.
+        if (data.accounts && data.accounts.length > 0) {
+            // Clear the first account that was created during initialization
+            keyring.accounts = [];
+            keyring.keypairs.clear();
+            // Restore all accounts by deriving keypairs for each index
+            // Use getSeed() to leverage caching
+            const seed = keyring.getSeed();
+            for (let i = 0; i < data.accounts.length; i++) {
+                const savedAddress = data.accounts[i];
+                // Validate saved address format
+                if (!SolanaKeyring.isValidAddress(savedAddress)) {
+                    throw new Error(`${SolanaKeyring.ERROR_INVALID_DESERIALIZE}: Invalid address at index ${i}: ${savedAddress}`);
+                }
+                const keypair = SolanaKeyring.deriveKeypair(seed, i);
+                const derivedAddress = keypair.publicKey.toString();
+                // Verify that the derived address matches the saved address
+                if (derivedAddress !== savedAddress) {
+                    throw new Error(`${SolanaKeyring.ERROR_ADDRESS_MISMATCH} ${i}. Expected ${savedAddress}, got ${derivedAddress}.`);
+                }
+                keyring.keypairs.set(derivedAddress, keypair);
+                keyring.accounts.push(derivedAddress);
+            }
+        }
+        return keyring;
     }
     /**
      * Gets the Solana keypair for a given address.
      * @param address - The account's public key address
      * @returns The Solana keypair or undefined if not found
+     * @throws Error if the address format is invalid
      */
     getKeypair(address) {
+        if (!SolanaKeyring.isValidAddress(address)) {
+            throw new Error(`Invalid Solana address format: ${address}`);
+        }
         return this.keypairs.get(address);
     }
     /**
@@ -155,5 +237,45 @@ class SolanaKeyring {
     getAllKeypairs() {
         return Array.from(this.keypairs.values());
     }
+    /**
+     * Clears sensitive data from memory.
+     * This should be called when the keyring is no longer needed to help prevent memory dumps.
+     * Note: This does not clear the seed cache, only instance-specific data.
+     */
+    clearSensitiveData() {
+        // Clear keypairs from memory
+        this.keypairs.forEach((keypair) => {
+            // Attempt to zero out secret key (though JavaScript doesn't guarantee this)
+            if (keypair.secretKey) {
+                keypair.secretKey.fill(0);
+            }
+        });
+        this.keypairs.clear();
+        this.seed = null;
+        // Note: We don't clear accounts array as it contains public addresses (not sensitive)
+    }
+    /**
+     * Clears the seed cache to free up memory.
+     * Call this when you want to clear sensitive data from memory.
+     */
+    static clearSeedCache() {
+        SolanaKeyring.seedCache.clear();
+    }
+    /**
+     * Gets the cache size for debugging purposes.
+     * @returns Number of cached seeds
+     */
+    static getSeedCacheSize() {
+        return SolanaKeyring.seedCache.size;
+    }
 }
 exports.SolanaKeyring = SolanaKeyring;
+// Cache to avoid recreating seed
+SolanaKeyring.seedCache = new Map();
+// Error message constants
+SolanaKeyring.ERROR_INVALID_MNEMONIC = 'Invalid mnemonic';
+SolanaKeyring.ERROR_INVALID_INDEX = 'Account index must be a non-negative integer';
+SolanaKeyring.ERROR_DUPLICATE_ACCOUNT = 'Duplicate account derived. Please check derivation path logic.';
+SolanaKeyring.ERROR_ADDRESS_NOT_FOUND = 'Address not found in this keyring.';
+SolanaKeyring.ERROR_INVALID_DESERIALIZE = 'Invalid data for SolanaKeyring deserialization.';
+SolanaKeyring.ERROR_ADDRESS_MISMATCH = 'Account address mismatch at index';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pwc-sdk-wallet",
-  "version": "0.8.2",
+  "version": "0.8.3",
   "description": "A comprehensive wallet SDK for React Native (pwc), supporting multi-chain and multi-account features.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",