UNPKG

@veramo/kms-web3

Version:

Veramo KMS implementation backed by web3 wallets

github.com/decentralized-identity/veramo

decentralized-identity/veramo

137 lines (123 loc) 4.68 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
import { JsonRpcSigner, BrowserProvider, toUtf8String } from 'ethers' import { TKeyType, IKey, ManagedKeyInfo, MinimalImportableKey } from '@veramo/core-types' import { AbstractKeyManagementSystem, Eip712Payload } from '@veramo/key-manager' /** * This is a {@link @veramo/key-manager#AbstractKeyManagementSystem | KMS} implementation that uses the addresses of a * web3 wallet as key identifiers, and calls the respective wallet for signing operations. * @beta */ export class Web3KeyManagementSystem extends AbstractKeyManagementSystem { /** * * @param providers - the key can be any unique name. * Example `{ metamask: metamaskProvider, walletConnect: walletConnectProvider }` */ constructor(private providers: Record<string, BrowserProvider>) { super() } createKey({ type }: { type: TKeyType }): Promise<ManagedKeyInfo> { throw Error('not_supported: Web3KeyManagementSystem cannot create new keys') } async importKey(args: Omit<MinimalImportableKey, 'kms'>): Promise<ManagedKeyInfo> { // throw Error('Not implemented') return args as any as ManagedKeyInfo } async listKeys(): Promise<ManagedKeyInfo[]> { const keys: ManagedKeyInfo[] = [] for (const provider in this.providers) { const accounts = await this.providers[provider].listAccounts() for (const account of accounts) { const key: ManagedKeyInfo = { kid: `${provider}-${account}`, type: 'Secp256k1', publicKeyHex: '', kms: '', meta: { account, provider, algorithms: ['eth_signMessage', 'eth_signTypedData'], }, } keys.push(key) } } return keys } async sharedSecret(args: { myKeyRef: Pick<IKey, 'kid'> theirKey: Pick<IKey, 'type' | 'publicKeyHex'> }): Promise<string> { throw Error('not_implemented: Web3KeyManagementSystem sharedSecret') } async deleteKey(args: { kid: string }) { // this kms doesn't need to delete keys return true } // keyRef should be in this format '{providerName-account} // example: 'metamask-0xf3beac30c498d9e26865f34fcaa57dbb935b0d74' private async getAccountAndSignerByKeyRef(keyRef: Pick<IKey, 'kid'>): Promise<{ account: string; signer: JsonRpcSigner }> { const [providerName, account] = keyRef.kid.split('-') if (!this.providers[providerName]) { throw Error(`not_available: provider ${providerName}`) } const signer = await this.providers[providerName].getSigner(account) return { account, signer } } async sign({ keyRef, algorithm, data, }: { keyRef: Pick<IKey, 'kid'> algorithm?: string data: Uint8Array }): Promise<string> { if (algorithm) { if (algorithm === 'eth_signMessage') { return await this.eth_signMessage(keyRef, data) } else if (['eth_signTypedData', 'EthereumEip712Signature2021'].includes(algorithm)) { return await this.eth_signTypedData(keyRef, data) } } throw Error(`not_supported: Cannot sign ${algorithm} `) } /** * @returns a `0x` prefixed hex string representing the signed EIP712 data */ private async eth_signTypedData(keyRef: Pick<IKey, 'kid'>, data: Uint8Array) { let msg, msgDomain, msgTypes, msgPrimaryType const serializedData = toUtf8String(data) try { const jsonData = JSON.parse(serializedData) as Eip712Payload if (typeof jsonData.domain === 'object' && typeof jsonData.types === 'object') { const { domain, types, message, primaryType } = jsonData msg = message msgDomain = domain msgTypes = types msgPrimaryType = primaryType } else { // next check will throw since the data couldn't be parsed } } catch (e) { // next check will throw since the data couldn't be parsed } if (typeof msgDomain !== 'object' || typeof msgTypes !== 'object' || typeof msg !== 'object') { throw Error( `invalid_arguments: Cannot sign typed data. 'domain', 'types', and 'message' must be provided`, ) } delete msgTypes.EIP712Domain const { signer } = await this.getAccountAndSignerByKeyRef(keyRef) const signature = await signer.signTypedData(msgDomain, msgTypes, msg) return signature } /** * @returns a `0x` prefixed hex string representing the signed message */ private async eth_signMessage(keyRef: Pick<IKey, 'kid'>, rawMessageBytes: Uint8Array) { const { signer } = await this.getAccountAndSignerByKeyRef(keyRef) const signature = await signer.signMessage(rawMessageBytes) // HEX encoded string, 0x prefixed return signature } }