UNPKG

@bsv/wallet-toolbox-client

Version:

Client only Wallet Storage

github.com/bsv-blockchain/wallet-toolbox

bsv-blockchain/wallet-toolbox

315 lines 13.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.SimpleWalletManager = void 0; const sdk_1 = require("@bsv/sdk"); /** * SimpleWalletManager is a slimmed-down wallet manager that only requires two things to authenticate: * 1. A primary key (32 bytes), which represents the core secret for the wallet. * 2. A privileged key manager (an instance of `PrivilegedKeyManager`), responsible for * more sensitive operations. * * Once both pieces are provided (or if a snapshot containing the primary key is loaded, * and the privileged key manager is provided separately), the wallet becomes authenticated. * * After authentication, calls to the standard wallet methods (`createAction`, `signAction`, etc.) * are proxied to an underlying `WalletInterface` instance returned by a user-supplied `walletBuilder`. * * **Important**: This manager does not handle user password flows, recovery, or on-chain * token management. It is a straightforward wrapper that ensures the user has provided * both their main secret (primary key) and a privileged key manager before allowing usage. * * It also prevents calls from the special "admin originator" from being used externally. * (Any call that tries to use the admin originator as its originator, other than the manager itself, * will result in an error, ensuring that only internal operations can use that originator.) * * The manager can also save and load snapshots of its state. In this simplified version, * the snapshot only contains the primary key. If you load a snapshot, you still need to * re-provide the privileged key manager to complete authentication. */ class SimpleWalletManager { /** * Constructs a new `SimpleWalletManager`. * * @param adminOriginator The domain name of the administrative originator. * @param walletBuilder A function that, given a primary key and privileged key manager, * returns a fully functional `WalletInterface`. * @param stateSnapshot If provided, a previously saved snapshot of the wallet's state. * If the snapshot contains a primary key, it will be loaded immediately * (though you will still need to provide a privileged key manager to authenticate). */ constructor(adminOriginator, walletBuilder, stateSnapshot) { this.authenticated = false; this.adminOriginator = adminOriginator; this.walletBuilder = walletBuilder; if (stateSnapshot) { this.loadSnapshot(stateSnapshot); } } /** * Provides the primary key (32 bytes) needed for authentication. * If a privileged key manager has already been provided, we attempt to build * the underlying wallet. Otherwise, we wait until the manager is also provided. * * @param key A 32-byte primary key. */ async providePrimaryKey(key) { this.primaryKey = key; await this.tryBuildUnderlying(); } /** * Provides the privileged key manager needed for sensitive tasks. * If a primary key has already been provided (or loaded from a snapshot), * we attempt to build the underlying wallet. Otherwise, we wait until the key is provided. * * @param manager An instance of `PrivilegedKeyManager`. */ async providePrivilegedKeyManager(manager) { this.underlyingPrivilegedKeyManager = manager; await this.tryBuildUnderlying(); } /** * Internal method that checks if we have both the primary key and privileged manager. * If so, we build the underlying wallet instance and become authenticated. */ async tryBuildUnderlying() { if (this.authenticated) { throw new Error('The user is already authenticated.'); } if (!this.primaryKey || !this.underlyingPrivilegedKeyManager) { return; } // Build the underlying wallet: this.underlying = await this.walletBuilder(this.primaryKey, this.underlyingPrivilegedKeyManager); this.authenticated = true; } /** * Destroys the underlying wallet, returning to a default (unauthenticated) state. * * This clears the primary key, the privileged key manager, and the `authenticated` flag. */ destroy() { this.underlying = undefined; this.underlyingPrivilegedKeyManager = undefined; this.authenticated = false; this.primaryKey = undefined; } /** * Saves the current wallet state (including just the primary key) * into an encrypted snapshot. This snapshot can be stored and later * passed to `loadSnapshot` to restore the primary key (and partially authenticate). * * **Note**: The snapshot does NOT include the privileged key manager. * You must still provide that separately after loading the snapshot * in order to complete authentication. * * @remarks * Storing the snapshot (which contains the primary key) provides a significant * portion of the wallet's secret material. It must be protected carefully. * * @returns A byte array representing the encrypted snapshot. * @throws {Error} if no primary key is currently set. */ saveSnapshot() { if (!this.primaryKey) { throw new Error('No primary key is set; cannot save snapshot.'); } // Generate a random snapshot encryption key: const snapshotKey = (0, sdk_1.Random)(32); // For this simple wallet manager, we only store the primary key. const writer = new sdk_1.Utils.Writer(); // Write a 1-byte version: writer.writeUInt8(1); // Write a varint length and then the primary key bytes: writer.writeVarIntNum(this.primaryKey.length); writer.write(this.primaryKey); const snapshotPreimage = writer.toArray(); // Encrypt the data with the snapshotKey: const encryptedPayload = new sdk_1.SymmetricKey(snapshotKey).encrypt(snapshotPreimage); // Build the final snapshot: [ snapshotKey (32 bytes) + encryptedPayload ] const snapshotWriter = new sdk_1.Utils.Writer(); snapshotWriter.write(snapshotKey); snapshotWriter.write(encryptedPayload); return snapshotWriter.toArray(); } /** * Loads a previously saved state snapshot (produced by `saveSnapshot`). * This will restore the primary key but will **not** restore the privileged key manager * (that must be provided separately to complete authentication). * * @param snapshot A byte array that was previously returned by `saveSnapshot`. * @throws {Error} If the snapshot format is invalid or decryption fails. */ async loadSnapshot(snapshot) { try { const reader = new sdk_1.Utils.Reader(snapshot); // First 32 bytes is the snapshotKey: const snapshotKey = reader.read(32); // The rest is the encrypted payload: const encryptedPayload = reader.read(); // Decrypt the payload with the snapshotKey: const decrypted = new sdk_1.SymmetricKey(snapshotKey).decrypt(encryptedPayload); const payloadReader = new sdk_1.Utils.Reader(decrypted); // Check version: const version = payloadReader.readUInt8(); if (version !== 1) { throw new Error(`Unsupported snapshot version: ${version}`); } // Read the varint length and the primary key: const pkLength = payloadReader.readVarIntNum(); const pk = payloadReader.read(pkLength); this.primaryKey = pk; // Attempt to build the underlying wallet if the privileged manager is already provided: await this.tryBuildUnderlying(); } catch (error) { throw new Error(`Failed to load snapshot: ${error.message}`); } } /** * Returns whether the user is currently authenticated (the wallet has a primary key * and a privileged key manager). If not authenticated, an error is thrown. * * @param _ Not used in this manager. * @param originator The originator domain, which must not be the admin originator. * @throws If not authenticated, or if the originator is the admin. */ async isAuthenticated(_, originator) { this.ensureCanCall(originator); return { authenticated: true }; } /** * Blocks until the user is authenticated (by providing primaryKey and privileged manager). * If not authenticated yet, it waits until that occurs. * * @param _ Not used in this manager. * @param originator The originator domain, which must not be the admin originator. * @throws If the originator is the admin. */ async waitForAuthentication(_, originator) { if (originator === this.adminOriginator) { throw new Error('External applications cannot use the admin originator.'); } while (!this.authenticated) { await new Promise(resolve => setTimeout(resolve, 100)); } return { authenticated: true }; } async getPublicKey(args, originator) { this.ensureCanCall(originator); return this.underlying.getPublicKey(args, originator); } async revealCounterpartyKeyLinkage(args, originator) { this.ensureCanCall(originator); return this.underlying.revealCounterpartyKeyLinkage(args, originator); } async revealSpecificKeyLinkage(args, originator) { this.ensureCanCall(originator); return this.underlying.revealSpecificKeyLinkage(args, originator); } async encrypt(args, originator) { this.ensureCanCall(originator); return this.underlying.encrypt(args, originator); } async decrypt(args, originator) { this.ensureCanCall(originator); return this.underlying.decrypt(args, originator); } async createHmac(args, originator) { this.ensureCanCall(originator); return this.underlying.createHmac(args, originator); } async verifyHmac(args, originator) { this.ensureCanCall(originator); return this.underlying.verifyHmac(args, originator); } async createSignature(args, originator) { this.ensureCanCall(originator); return this.underlying.createSignature(args, originator); } async verifySignature(args, originator) { this.ensureCanCall(originator); return this.underlying.verifySignature(args, originator); } async createAction(args, originator) { this.ensureCanCall(originator); return this.underlying.createAction(args, originator); } async signAction(args, originator) { this.ensureCanCall(originator); return this.underlying.signAction(args, originator); } async abortAction(args, originator) { this.ensureCanCall(originator); return this.underlying.abortAction(args, originator); } async listActions(args, originator) { this.ensureCanCall(originator); return this.underlying.listActions(args, originator); } async internalizeAction(args, originator) { this.ensureCanCall(originator); return this.underlying.internalizeAction(args, originator); } async listOutputs(args, originator) { this.ensureCanCall(originator); return this.underlying.listOutputs(args, originator); } async relinquishOutput(args, originator) { this.ensureCanCall(originator); return this.underlying.relinquishOutput(args, originator); } async acquireCertificate(args, originator) { this.ensureCanCall(originator); return this.underlying.acquireCertificate(args, originator); } async listCertificates(args, originator) { this.ensureCanCall(originator); return this.underlying.listCertificates(args, originator); } async proveCertificate(args, originator) { this.ensureCanCall(originator); return this.underlying.proveCertificate(args, originator); } async relinquishCertificate(args, originator) { this.ensureCanCall(originator); return this.underlying.relinquishCertificate(args, originator); } async discoverByIdentityKey(args, originator) { this.ensureCanCall(originator); return this.underlying.discoverByIdentityKey(args, originator); } async discoverByAttributes(args, originator) { this.ensureCanCall(originator); return this.underlying.discoverByAttributes(args, originator); } async getHeight(_, originator) { this.ensureCanCall(originator); return this.underlying.getHeight({}, originator); } async getHeaderForHeight(args, originator) { this.ensureCanCall(originator); return this.underlying.getHeaderForHeight(args, originator); } async getNetwork(_, originator) { this.ensureCanCall(originator); return this.underlying.getNetwork({}, originator); } async getVersion(_, originator) { this.ensureCanCall(originator); return this.underlying.getVersion({}, originator); } /** * A small helper that throws if the user is not authenticated or if the * provided originator is the admin (which is not permitted externally). */ ensureCanCall(originator) { if (originator === this.adminOriginator) { throw new Error('External applications cannot use the admin originator.'); } if (!this.authenticated) { throw new Error('User is not authenticated.'); } } } exports.SimpleWalletManager = SimpleWalletManager; //# sourceMappingURL=SimpleWalletManager.js.map