feat: use hardware backed keys (#125)

Signed-off-by: Berend Sliedrecht <[email protected]>
Signed-off-by: Timo Glastra <[email protected]>
Co-authored-by: Timo Glastra <[email protected]>

apps/funke/app.config.js

@@ -6,14 +6,23 @@ const variants = {
   development: {
     bundle: '.dev',
     name: ' (Dev)',
+    trustedCertificates: [
+      // https://funke.animo.id
+      'MIIBAzCBq6ADAgECAhArxq0w60RTDK4WY9HzgcvBMAoGCCqGSM49BAMCMAAwIBcNNzAwMTAxMDAwMDAwWhgPMjI4NjExMjAxNzQ2NDBaMAAwOTATBgcqhkjOPQIBBggqhkjOPQMBBwMiAALcD1XzKepFxWMAOqV+ln1fybBt7DRO5CV0f9A6mRp2xaMlMCMwIQYDVR0RBBowGIYWaHR0cHM6Ly9mdW5rZS5hbmltby5pZDAKBggqhkjOPQQDAgNHADBEAiAfvGG6sqrvzIMWYpJB5VLloo9f51loYXSkKxJIOztlNwIgLLSvEl0Dmp5vtj2buZ2nXQ2RBKxiLbc5eYGeMeoUnjk=',
+    ],
   },
   preview: {
     bundle: '.preview',
     name: ' (Preview)',
+    trustedCertificates: [
+      // https://funke.animo.id
+      'MIIBAzCBq6ADAgECAhArxq0w60RTDK4WY9HzgcvBMAoGCCqGSM49BAMCMAAwIBcNNzAwMTAxMDAwMDAwWhgPMjI4NjExMjAxNzQ2NDBaMAAwOTATBgcqhkjOPQIBBggqhkjOPQMBBwMiAALcD1XzKepFxWMAOqV+ln1fybBt7DRO5CV0f9A6mRp2xaMlMCMwIQYDVR0RBBowGIYWaHR0cHM6Ly9mdW5rZS5hbmltby5pZDAKBggqhkjOPQQDAgNHADBEAiAfvGG6sqrvzIMWYpJB5VLloo9f51loYXSkKxJIOztlNwIgLLSvEl0Dmp5vtj2buZ2nXQ2RBKxiLbc5eYGeMeoUnjk=',
+    ],
   },
   production: {
     bundle: '',
     name: '',
+    trustedCertificates: [],
   },
 }
 
@@ -106,6 +115,7 @@ const config = {
     eas: {
       projectId: 'b5f457fa-bcab-4c6e-8092-8cdf1239027a',
     },
+    trustedCertificates: variant.trustedCertificates,
   },
 }
 

apps/funke/constants.ts

@@ -1 +1,11 @@
+import ExpoConstants from 'expo-constants'
+
 export const FUNKE_WALLET_INSTANCE_LONG_TERM_AES_KEY_ID = 'FUNKE_WALLET_INSTANCE_LONG_TERM_AES_KEY_ID'
+
+const TRUSTED_CERTIFICATES = ExpoConstants.expoConfig?.extra?.trustedCertificates as [string, ...string[]] | undefined
+
+if (!Array.isArray(TRUSTED_CERTIFICATES)) {
+  throw new Error('Trusted Certificates provided in the expo config is not an array')
+}
+
+export const trustedCertificates = TRUSTED_CERTIFICATES

apps/funke/package.json

@@ -10,16 +10,18 @@
 		"prebuild": "APP_VARIANT=development expo prebuild --no-install"
 	},
 	"dependencies": {
+		"@animo-id/expo-secure-environment": "0.0.1-alpha.0",
+		"@credo-ts/core": "*",
 		"@expo-google-fonts/open-sans": "^0.2.3",
 		"@expo-google-fonts/raleway": "^0.2.3",
 		"@gorhom/bottom-sheet": "^4.6.3",
-		"@hyperledger/anoncreds-react-native": "^0.2.2",
-		"@hyperledger/aries-askar-react-native": "^0.2.0",
-		"@hyperledger/indy-vdr-react-native": "^0.2.0",
+		"@hyperledger/anoncreds-react-native": "*",
+		"@hyperledger/aries-askar-react-native": "*",
+		"@hyperledger/indy-vdr-react-native": "*",
 		"@package/agent": "workspace:*",
 		"@package/app": "workspace:*",
-		"@package/ui": "workspace:*",
 		"@package/secure-store": "workspace:*",
+		"@package/ui": "workspace:*",
 		"@react-native-community/blur": "^4.3.2",
 		"@react-native-community/netinfo": "11.3.1",
 		"@react-native-masked-view/masked-view": "0.3.1",
@@ -37,6 +39,7 @@
 		"expo-linking": "~6.3.1",
 		"expo-navigation-bar": "~3.0.6",
 		"expo-router": "~3.5.16",
+		"expo-secure-store": "~13.0.1",
 		"expo-splash-screen": "~0.27.5",
 		"expo-status-bar": "~1.12.1",
 		"expo-system-ui": "~3.0.6",
@@ -55,7 +58,6 @@
 	},
 	"devDependencies": {
 		"@babel/core": "^7.24.4",
-		"@credo-ts/core": "0.5.1-alpha.51",
 		"@tamagui/babel-plugin": "^1.104.2",
 		"typescript": "*"
 	}

apps/paradym/package.json

@@ -10,9 +10,9 @@
 		"prebuild": "APP_VARIANT=development pnpm expo prebuild --no-install"
 	},
 	"dependencies": {
-		"@hyperledger/anoncreds-react-native": "^0.2.2",
-		"@hyperledger/aries-askar-react-native": "^0.2.0",
-		"@hyperledger/indy-vdr-react-native": "^0.2.0",
+		"@hyperledger/anoncreds-react-native": "*",
+		"@hyperledger/aries-askar-react-native": "*",
+		"@hyperledger/indy-vdr-react-native": "*",
 		"@package/agent": "workspace:*",
 		"@package/app": "workspace:*",
 		"@package/ui": "workspace:*",

package.json

@@ -27,10 +27,25 @@
 			"react-docgen-typescript": "2.2.2",
 			"typescript": "~5.3.3",
 			"@unimodules/react-native-adapter": "./noop",
-			"@unimodules/core": "./noop"
+			"@unimodules/core": "./noop",
+
+			"@hyperledger/anoncreds-react-native": "^0.2.2",
+			"@hyperledger/aries-askar-react-native": "^0.2.3",
+			"@hyperledger/indy-vdr-react-native": "^0.2.0",
+
+			"@credo-ts/anoncreds": "0.5.10-alpha-20240730111842",
+			"@credo-ts/askar": "0.5.10-alpha-20240730111842",
+			"@credo-ts/cheqd": "0.5.10-alpha-20240730111842",
+			"@credo-ts/core": "0.5.10-alpha-20240730111842",
+			"@credo-ts/indy-vdr": "0.5.10-alpha-20240730111842",
+			"@credo-ts/openid4vc": "0.5.10-alpha-20240730111842",
+			"@credo-ts/question-answer": "0.5.10-alpha-20240730111842",
+			"@credo-ts/react-hooks": "0.6.1",
+			"@credo-ts/react-native": "0.5.10-alpha-20240730111842"
 		},
 		"patchedDependencies": {
-			"@credo-ts/[email protected]": "patches/@[email protected]"
+			"@hyperledger/[email protected]": "patches/@[email protected]",
+			"@hyperledger/[email protected]": "patches/@[email protected]"
 		}
 	}
 }

packages/agent/package.json

@@ -4,15 +4,15 @@
 	"private": true,
 	"main": "src/index.ts",
 	"dependencies": {
-		"@credo-ts/anoncreds": "0.5.1-alpha.51",
-		"@credo-ts/askar": "0.5.1-alpha.51",
-		"@credo-ts/cheqd": "0.5.1-alpha.51",
-		"@credo-ts/core": "0.5.1-alpha.51",
-		"@credo-ts/indy-vdr": "0.5.1-alpha.51",
-		"@credo-ts/openid4vc": "0.5.1-alpha.51",
-		"@credo-ts/question-answer": "0.5.1-alpha.51",
-		"@credo-ts/react-hooks": "0.6.1",
-		"@credo-ts/react-native": "0.5.1-alpha.51",
+		"@credo-ts/anoncreds": "*",
+		"@credo-ts/askar": "*",
+		"@credo-ts/cheqd": "*",
+		"@credo-ts/core": "*",
+		"@credo-ts/indy-vdr": "*",
+		"@credo-ts/openid4vc": "*",
+		"@credo-ts/question-answer": "*",
+		"@credo-ts/react-hooks": "*",
+		"@credo-ts/react-native": "*",
 		"@package/utils": "workspace:*",
 		"@tanstack/react-query": "^4.33.0",
 		"credo-ts-didweb-anoncreds": "0.0.1-alpha.13",

packages/agent/src/agent.ts

@@ -30,6 +30,7 @@ import {
   V2ProofProtocol,
   WebDidResolver,
   WsOutboundTransport,
+  X509Module,
 } from '@credo-ts/core'
 import {
   IndyVdrAnonCredsRegistry,
@@ -45,6 +46,7 @@ import { ariesAskar } from '@hyperledger/aries-askar-react-native'
 import { indyVdr } from '@hyperledger/indy-vdr-react-native'
 import { DidWebAnonCredsRegistry } from 'credo-ts-didweb-anoncreds'
 
+import { trustedCertificates } from 'apps/funke/constants'
 import { indyNetworks } from './indyNetworks'
 import { appLogger } from './logger'
 
@@ -86,6 +88,9 @@ const agentModules = {
         }),
       ],
     }),
+    x509: new X509Module({
+      trustedCertificates,
+    }),
     cheqd: new CheqdModule(
       new CheqdModuleConfig({
         networks: [
@@ -99,7 +104,7 @@ const agentModules = {
       })
     ),
   },
-  openid4vcholder: {
+  openId4VcHolder: {
     openId4VcHolder: new OpenId4VcHolderModule(),
   },
   didcomm: {
@@ -146,7 +151,7 @@ export const initializeOpenId4VcHolderAgent = async ({
       autoUpdateStorageOnStartup: true,
       logger: appLogger(LogLevel.debug),
     },
-    modules: { ...agentModules.base, ...agentModules.openid4vcholder },
+    modules: { ...agentModules.base, ...agentModules.openId4VcHolder },
   })
 
   agent.registerOutboundTransport(new HttpOutboundTransport())
@@ -180,7 +185,11 @@ export const initializeFullAgent = async ({
       autoUpdateStorageOnStartup: true,
       logger: appLogger(LogLevel.debug),
     },
-    modules: { ...agentModules.base, ...agentModules.openid4vcholder, ...agentModules.didcomm },
+    modules: {
+      ...agentModules.base,
+      ...agentModules.openId4VcHolder,
+      ...agentModules.didcomm,
+    },
   })
 
   agent.registerOutboundTransport(new HttpOutboundTransport())
@@ -195,7 +204,10 @@ export type FullAppAgent = Awaited<ReturnType<typeof initializeFullAgent>>
 export type OpenId4VcHolderAppAgent = Awaited<ReturnType<typeof initializeOpenId4VcHolderAgent>>
 
 // biome-ignore lint/suspicious/noExplicitAny: it just needs to extend any, it won't actually be used
-export const useAgent = <A extends Agent<any> = FullAppAgent>(): { agent: A; loading: boolean } => {
+export const useAgent = <A extends Agent<any> = FullAppAgent>(): {
+  agent: A
+  loading: boolean
+} => {
   const { agent, loading } = useAgentLib<A>()
 
   if (!agent) {