feat: eid-reclaim

Author: coodos

infrastructure/eid-wallet/src-tauri/gen/android/app/universal/release/app-universal-release.aab

@@ -416,7 +416,7 @@
 					"$(TOOLCHAIN_DIR)/usr/lib/swift-5.0/$(PLATFORM_NAME)",
 				);
 				MARKETING_VERSION = 0.2.1;
-				PRODUCT_BUNDLE_IDENTIFIER = "foundation.metastate.eid-wallet";
+				PRODUCT_BUNDLE_IDENTIFIER = foundation.metastate.eid-wallet;
 				PRODUCT_NAME = "eID for W3DS";
 				SDKROOT = iphoneos;
 				SUPPORTED_PLATFORMS = "iphoneos iphonesimulator";
@@ -464,7 +464,7 @@
 					"$(TOOLCHAIN_DIR)/usr/lib/swift-5.0/$(PLATFORM_NAME)",
 				);
 				MARKETING_VERSION = 0.2.1;
-				PRODUCT_BUNDLE_IDENTIFIER = "foundation.metastate.eid-wallet";
+				PRODUCT_BUNDLE_IDENTIFIER = foundation.metastate.eid-wallet;
 				PRODUCT_NAME = "eID for W3DS";
 				SDKROOT = iphoneos;
 				SUPPORTED_PLATFORMS = "iphoneos iphonesimulator";

infrastructure/eid-wallet/src-tauri/gen/apple/eid-wallet.xcodeproj/project.pbxproj

@@ -61,4 +61,4 @@
 		<string>UIInterfaceOrientationLandscapeRight</string>
 	</array>
 </dict>
-</plist>
+</plist>

infrastructure/eid-wallet/src-tauri/gen/apple/eid-wallet_iOS/Info.plist

@@ -0,0 +1,91 @@
+import type { KeyManager } from './types';
+import { KeyManagerError, KeyManagerErrorCodes } from './types';
+import {
+    exists as hwExists,
+    generate as hwGenerate,
+    getPublicKey as hwGetPublicKey,
+    signPayload as hwSignPayload,
+    verifySignature as hwVerifySignature,
+} from '@auvo/tauri-plugin-crypto-hw-api';
+
+/**
+ * Hardware key manager implementation using Tauri crypto hardware API
+ */
+export class HardwareKeyManager implements KeyManager {
+    getType(): 'hardware' | 'software' {
+        return 'hardware';
+    }
+
+    async exists(keyId: string): Promise<boolean> {
+        try {
+            return await hwExists(keyId);
+        } catch (error) {
+            console.error('Hardware key exists check failed:', error);
+            throw new KeyManagerError(
+                'Failed to check if hardware key exists',
+                KeyManagerErrorCodes.HARDWARE_UNAVAILABLE,
+                keyId
+            );
+        }
+    }
+
+    async generate(keyId: string): Promise<string | undefined> {
+        try {
+            const result = await hwGenerate(keyId);
+            console.log(`Hardware key generated for ${keyId}:`, result);
+            return result;
+        } catch (error) {
+            console.error('Hardware key generation failed:', error);
+            throw new KeyManagerError(
+                'Failed to generate hardware key',
+                KeyManagerErrorCodes.KEY_GENERATION_FAILED,
+                keyId
+            );
+        }
+    }
+
+    async getPublicKey(keyId: string): Promise<string | undefined> {
+        try {
+            const publicKey = await hwGetPublicKey(keyId);
+            console.log(`Hardware public key retrieved for ${keyId}:`, publicKey);
+            return publicKey;
+        } catch (error) {
+            console.error('Hardware public key retrieval failed:', error);
+            throw new KeyManagerError(
+                'Failed to get hardware public key',
+                KeyManagerErrorCodes.KEY_NOT_FOUND,
+                keyId
+            );
+        }
+    }
+
+    async signPayload(keyId: string, payload: string): Promise<string> {
+        try {
+            const signature = await hwSignPayload(keyId, payload);
+            console.log(`Hardware signature created for ${keyId}`);
+            return signature;
+        } catch (error) {
+            console.error('Hardware signing failed:', error);
+            throw new KeyManagerError(
+                'Failed to sign payload with hardware key',
+                KeyManagerErrorCodes.SIGNING_FAILED,
+                keyId
+            );
+        }
+    }
+
+    async verifySignature(keyId: string, payload: string, signature: string): Promise<boolean> {
+        try {
+            const isValid = await hwVerifySignature(keyId, payload, signature);
+            console.log(`Hardware signature verification for ${keyId}:`, isValid);
+            return isValid;
+        } catch (error) {
+            console.error('Hardware signature verification failed:', error);
+            throw new KeyManagerError(
+                'Failed to verify signature with hardware key',
+                KeyManagerErrorCodes.VERIFICATION_FAILED,
+                keyId
+            );
+        }
+    }
+}

infrastructure/eid-wallet/src/lib/crypto/HardwareKeyManager.ts

@@ -0,0 +1,99 @@
+import type { KeyManager, KeyManagerConfig } from './types';
+import { HardwareKeyManager } from './HardwareKeyManager';
+import { SoftwareKeyManager } from './SoftwareKeyManager';
+import { KeyManagerError, KeyManagerErrorCodes } from './types';
+
+/**
+ * Factory class to create appropriate key managers based on context
+ */
+export class KeyManagerFactory {
+    private static hardwareKeyManager: HardwareKeyManager | null = null;
+    private static softwareKeyManager: SoftwareKeyManager | null = null;
+
+    /**
+     * Get a key manager instance based on the configuration
+     */
+    static async getKeyManager(config: KeyManagerConfig): Promise<KeyManager> {
+        // If explicitly requesting hardware and not in pre-verification mode
+        if (config.useHardware && !config.preVerificationMode) {
+            return this.getHardwareKeyManager();
+        }
+
+        // If in pre-verification mode, always use software keys
+        if (config.preVerificationMode) {
+            console.log('Using software key manager for pre-verification mode');
+            return this.getSoftwareKeyManager();
+        }
+
+        // Default behavior: try hardware first, fallback to software
+        try {
+            const hardwareManager = this.getHardwareKeyManager();
+            // Test if hardware is available by checking if we can call exists
+            await hardwareManager.exists(config.keyId);
+            console.log('Using hardware key manager');
+            return hardwareManager;
+        } catch (error) {
+            console.log('Hardware key manager not available, falling back to software');
+            return this.getSoftwareKeyManager();
+        }
+    }
+
+    /**
+     * Get hardware key manager instance (singleton)
+     */
+    private static getHardwareKeyManager(): HardwareKeyManager {
+        if (!this.hardwareKeyManager) {
+            this.hardwareKeyManager = new HardwareKeyManager();
+        }
+        return this.hardwareKeyManager;
+    }
+
+    /**
+     * Get software key manager instance (singleton)
+     */
+    private static getSoftwareKeyManager(): SoftwareKeyManager {
+        if (!this.softwareKeyManager) {
+            this.softwareKeyManager = new SoftwareKeyManager();
+        }
+        return this.softwareKeyManager;
+    }
+
+    /**
+     * Check if hardware key manager is available
+     */
+    static async isHardwareAvailable(): Promise<boolean> {
+        try {
+            const hardwareManager = this.getHardwareKeyManager();
+            // Try to check if a test key exists to verify hardware availability
+            await hardwareManager.exists('test-hardware-check');
+            return true;
+        } catch (error) {
+            console.log('Hardware key manager not available:', error);
+            return false;
+        }
+    }
+
+    /**
+     * Get the appropriate key manager for a specific use case
+     */
+    static async getKeyManagerForContext(
+        keyId: string,
+        context: 'onboarding' | 'signing' | 'verification' | 'pre-verification'
+    ): Promise<KeyManager> {
+        const config: KeyManagerConfig = {
+            keyId,
+            useHardware: context !== 'pre-verification',
+            preVerificationMode: context === 'pre-verification',
+        };
+
+        return this.getKeyManager(config);
+    }
+
+    /**
+     * Reset singleton instances (useful for testing)
+     */
+    static reset(): void {
+        this.hardwareKeyManager = null;
+        this.softwareKeyManager = null;
+    }
+}