feat: hardware backed keys for openid4vci using P256

Signed-off-by: Berend Sliedrecht <[email protected]>
animo · Jul 30, 2024 · fadad1a · fadad1a
1 parent ae80de0
commit fadad1a
Show file tree

Hide file tree

Showing 8 changed files with 218 additions and 157 deletions.
diff --git a/apps/funke/app.config.js b/apps/funke/app.config.js
@@ -6,14 +6,23 @@ const variants = {
   development: {
     bundle: '.dev',
     name: ' (Dev)',
+    trustedCertificates: [
+      // https://funke.animo.id
+      'MIIBAzCBq6ADAgECAhArxq0w60RTDK4WY9HzgcvBMAoGCCqGSM49BAMCMAAwIBcNNzAwMTAxMDAwMDAwWhgPMjI4NjExMjAxNzQ2NDBaMAAwOTATBgcqhkjOPQIBBggqhkjOPQMBBwMiAALcD1XzKepFxWMAOqV+ln1fybBt7DRO5CV0f9A6mRp2xaMlMCMwIQYDVR0RBBowGIYWaHR0cHM6Ly9mdW5rZS5hbmltby5pZDAKBggqhkjOPQQDAgNHADBEAiAfvGG6sqrvzIMWYpJB5VLloo9f51loYXSkKxJIOztlNwIgLLSvEl0Dmp5vtj2buZ2nXQ2RBKxiLbc5eYGeMeoUnjk=',
+    ],
   },
   preview: {
     bundle: '.preview',
     name: ' (Preview)',
+    trustedCertificates: [
+      // https://funke.animo.id
+      'MIIBAzCBq6ADAgECAhArxq0w60RTDK4WY9HzgcvBMAoGCCqGSM49BAMCMAAwIBcNNzAwMTAxMDAwMDAwWhgPMjI4NjExMjAxNzQ2NDBaMAAwOTATBgcqhkjOPQIBBggqhkjOPQMBBwMiAALcD1XzKepFxWMAOqV+ln1fybBt7DRO5CV0f9A6mRp2xaMlMCMwIQYDVR0RBBowGIYWaHR0cHM6Ly9mdW5rZS5hbmltby5pZDAKBggqhkjOPQQDAgNHADBEAiAfvGG6sqrvzIMWYpJB5VLloo9f51loYXSkKxJIOztlNwIgLLSvEl0Dmp5vtj2buZ2nXQ2RBKxiLbc5eYGeMeoUnjk=',
+    ],
   },
   production: {
     bundle: '',
     name: '',
+    trustedCertificates: [],
   },
 }
 
@@ -106,6 +115,7 @@ const config = {
     eas: {
       projectId: 'b5f457fa-bcab-4c6e-8092-8cdf1239027a',
     },
+    trustedCertificates: variant.trustedCertificates,
   },
 }
 

diff --git a/apps/funke/constants.ts b/apps/funke/constants.ts
@@ -1 +1,11 @@
+import ExpoConstants from 'expo-constants'
+
 export const FUNKE_WALLET_INSTANCE_LONG_TERM_AES_KEY_ID = 'FUNKE_WALLET_INSTANCE_LONG_TERM_AES_KEY_ID'
+
+const TRUSTED_CERTIFICATES = ExpoConstants.expoConfig?.extra?.trustedCertificates as [string, ...string[]] | undefined
+
+if (!Array.isArray(TRUSTED_CERTIFICATES)) {
+  throw new Error('Trusted Certificates provided in the expo config is not an array')
+}
+
+export const trustedCertificates = TRUSTED_CERTIFICATES
diff --git a/apps/funke/package.json b/apps/funke/package.json
@@ -10,6 +10,8 @@
 		"prebuild": "APP_VARIANT=development expo prebuild --no-install"
 	},
 	"dependencies": {
+		"@animo-id/expo-secure-environment": "0.0.1-alpha.0",
+		"@credo-ts/core": "*",
 		"@expo-google-fonts/open-sans": "^0.2.3",
 		"@expo-google-fonts/raleway": "^0.2.3",
 		"@gorhom/bottom-sheet": "^4.6.3",
@@ -18,8 +20,8 @@
 		"@hyperledger/indy-vdr-react-native": "*",
 		"@package/agent": "workspace:*",
 		"@package/app": "workspace:*",
-		"@package/ui": "workspace:*",
 		"@package/secure-store": "workspace:*",
+		"@package/ui": "workspace:*",
 		"@react-native-community/blur": "^4.3.2",
 		"@react-native-community/netinfo": "11.3.1",
 		"@react-native-masked-view/masked-view": "0.3.1",
@@ -37,6 +39,7 @@
 		"expo-linking": "~6.3.1",
 		"expo-navigation-bar": "~3.0.6",
 		"expo-router": "~3.5.16",
+		"expo-secure-store": "~13.0.1",
 		"expo-splash-screen": "~0.27.5",
 		"expo-status-bar": "~1.12.1",
 		"expo-system-ui": "~3.0.6",
@@ -55,7 +58,6 @@
 	},
 	"devDependencies": {
 		"@babel/core": "^7.24.4",
-		"@credo-ts/core": "*",
 		"@tamagui/babel-plugin": "^1.104.2",
 		"typescript": "*"
 	}

diff --git a/package.json b/package.json
@@ -1,51 +1,51 @@
 {
-  "name": "wallets",
-  "private": true,
-  "scripts": {
-    "postinstall": "pnpm deps:check",
-    "build": "pnpm -r build",
-    "upgrade:tamagui": "pnpm up '*tamagui*'@latest '@tamagui/*'@latest",
-    "upgrade:tamagui:canary": "pnpm up '*tamagui*'@canary '@tamagui/*'@canary",
-    "deps:check": "check-dependency-version-consistency .",
-    "deps:fix": "pnpm deps:check --fix",
-    "types:check": "tsc --noEmit",
-    "style:check": "biome check --unsafe",
-    "style:fix": "biome check --write --unsafe"
-  },
-  "engines": {
-    "node": ">=18.0.0"
-  },
-  "devDependencies": {
-    "@biomejs/biome": "1.8.1",
-    "check-dependency-version-consistency": "^3.0.3",
-    "typescript": "*"
-  },
-  "pnpm": {
-    "overrides": {
-      "@types/react": "~18.2.79",
-      "react": "18.2.0",
-      "react-docgen-typescript": "2.2.2",
-      "typescript": "~5.3.3",
-      "@unimodules/react-native-adapter": "./noop",
-      "@unimodules/core": "./noop",
+	"name": "wallets",
+	"private": true,
+	"scripts": {
+		"postinstall": "pnpm deps:check",
+		"build": "pnpm -r build",
+		"upgrade:tamagui": "pnpm up '*tamagui*'@latest '@tamagui/*'@latest",
+		"upgrade:tamagui:canary": "pnpm up '*tamagui*'@canary '@tamagui/*'@canary",
+		"deps:check": "check-dependency-version-consistency .",
+		"deps:fix": "pnpm deps:check --fix",
+		"types:check": "tsc --noEmit",
+		"style:check": "biome check --unsafe",
+		"style:fix": "biome check --write --unsafe"
+	},
+	"engines": {
+		"node": ">=18.0.0"
+	},
+	"devDependencies": {
+		"@biomejs/biome": "1.8.1",
+		"check-dependency-version-consistency": "^3.0.3",
+		"typescript": "*"
+	},
+	"pnpm": {
+		"overrides": {
+			"@types/react": "~18.2.79",
+			"react": "18.2.0",
+			"react-docgen-typescript": "2.2.2",
+			"typescript": "~5.3.3",
+			"@unimodules/react-native-adapter": "./noop",
+			"@unimodules/core": "./noop",
 
-      "@hyperledger/anoncreds-react-native": "^0.2.2",
-      "@hyperledger/aries-askar-react-native": "^0.2.3",
-      "@hyperledger/indy-vdr-react-native": "^0.2.0",
+			"@hyperledger/anoncreds-react-native": "^0.2.2",
+			"@hyperledger/aries-askar-react-native": "^0.2.3",
+			"@hyperledger/indy-vdr-react-native": "^0.2.0",
 
-      "@credo-ts/anoncreds": "0.5.10-alpha-20240729100152",
-      "@credo-ts/askar": "0.5.10-alpha-20240729100152",
-      "@credo-ts/cheqd": "0.5.10-alpha-20240729100152",
-      "@credo-ts/core": "0.5.10-alpha-20240729100152",
-      "@credo-ts/indy-vdr": "0.5.10-alpha-20240729100152",
-      "@credo-ts/openid4vc": "0.5.10-alpha-20240729100152",
-      "@credo-ts/question-answer": "0.5.10-alpha-20240729100152",
-      "@credo-ts/react-hooks": "0.6.1",
-      "@credo-ts/react-native": "0.5.10-alpha-20240729100152"
-    },
-    "patchedDependencies": {
-      "@hyperledger/[email protected]": "patches/@[email protected]",
-      "@hyperledger/[email protected]": "patches/@[email protected]"
-    }
-  }
+			"@credo-ts/anoncreds": "0.5.10-alpha-20240729100152",
+			"@credo-ts/askar": "file:../../openwallet-foundation/credo-ts/packages/askar/credo-ts-askar-1.7.0.tgz",
+			"@credo-ts/cheqd": "0.5.10-alpha-20240729100152",
+			"@credo-ts/core": "0.5.10-alpha-20240729100152",
+			"@credo-ts/indy-vdr": "0.5.10-alpha-20240729100152",
+			"@credo-ts/openid4vc": "0.5.10-alpha-20240729100152",
+			"@credo-ts/question-answer": "0.5.10-alpha-20240729100152",
+			"@credo-ts/react-hooks": "0.6.1",
+			"@credo-ts/react-native": "0.5.10-alpha-20240729100152"
+		},
+		"patchedDependencies": {
+			"@hyperledger/[email protected]": "patches/@[email protected]",
+			"@hyperledger/[email protected]": "patches/@[email protected]"
+		}
+	}
 }
diff --git a/packages/agent/src/agent.ts b/packages/agent/src/agent.ts
@@ -30,6 +30,7 @@ import {
   V2ProofProtocol,
   WebDidResolver,
   WsOutboundTransport,
+  X509Module,
 } from '@credo-ts/core'
 import {
   IndyVdrAnonCredsRegistry,
@@ -45,6 +46,7 @@ import { ariesAskar } from '@hyperledger/aries-askar-react-native'
 import { indyVdr } from '@hyperledger/indy-vdr-react-native'
 import { DidWebAnonCredsRegistry } from 'credo-ts-didweb-anoncreds'
 
+import { trustedCertificates } from 'apps/funke/constants'
 import { indyNetworks } from './indyNetworks'
 import { appLogger } from './logger'
 
@@ -86,6 +88,9 @@ const agentModules = {
         }),
       ],
     }),
+    x509: new X509Module({
+      trustedCertificates,
+    }),
     cheqd: new CheqdModule(
       new CheqdModuleConfig({
         networks: [
@@ -99,7 +104,7 @@ const agentModules = {
       })
     ),
   },
-  openid4vcholder: {
+  openId4VcHolder: {
     openId4VcHolder: new OpenId4VcHolderModule(),
   },
   didcomm: {
@@ -146,7 +151,7 @@ export const initializeOpenId4VcHolderAgent = async ({
       autoUpdateStorageOnStartup: true,
       logger: appLogger(LogLevel.debug),
     },
-    modules: { ...agentModules.base, ...agentModules.openid4vcholder },
+    modules: { ...agentModules.base, ...agentModules.openId4VcHolder },
   })
 
   agent.registerOutboundTransport(new HttpOutboundTransport())
@@ -180,7 +185,11 @@ export const initializeFullAgent = async ({
       autoUpdateStorageOnStartup: true,
       logger: appLogger(LogLevel.debug),
     },
-    modules: { ...agentModules.base, ...agentModules.openid4vcholder, ...agentModules.didcomm },
+    modules: {
+      ...agentModules.base,
+      ...agentModules.openId4VcHolder,
+      ...agentModules.didcomm,
+    },
   })
 
   agent.registerOutboundTransport(new HttpOutboundTransport())
@@ -195,7 +204,10 @@ export type FullAppAgent = Awaited<ReturnType<typeof initializeFullAgent>>
 export type OpenId4VcHolderAppAgent = Awaited<ReturnType<typeof initializeOpenId4VcHolderAgent>>
 
 // biome-ignore lint/suspicious/noExplicitAny: it just needs to extend any, it won't actually be used
-export const useAgent = <A extends Agent<any> = FullAppAgent>(): { agent: A; loading: boolean } => {
+export const useAgent = <A extends Agent<any> = FullAppAgent>(): {
+  agent: A
+  loading: boolean
+} => {
   const { agent, loading } = useAgentLib<A>()
 
   if (!agent) {