summon_api_sdk/

lib.rs

use cardano_message_signing::{self as ms, Label};
use cml_chain::address::Address;
use cml_chain::certs::Credential;
use cml_chain::crypto::hash;
use cml_chain::{address::BaseAddress, certs::StakeCredential};
use cml_crypto::chain_crypto::hash::Blake2b224;
use cml_crypto::PublicKey;
use cml_crypto::RawBytesEncoding;
use cml_crypto::{Ed25519KeyHash, Ed25519Signature};
use ms::utils::{FromBytes, ToBytes};
use reqwest::header;
use serde::{Deserialize, Serialize};
use std::str;
use wasm_bindgen::prelude::wasm_bindgen;
use wasm_bindgen::JsError;

/**
 *   signature:  COSESign1 bytes
 *   key: COSEKey hex bytes
 */
#[wasm_bindgen]
#[derive(Serialize, Deserialize)]
pub struct DataSignature {
    signature: Vec<u8>, //COSESign1 bytes
    key: Vec<u8>,       //COSEKey bytes
}

#[wasm_bindgen]
impl DataSignature {
    pub fn new(cose_signature: &[u8], cose_key: &[u8]) -> Self {
        Self {
            signature: cose_signature.to_vec(),
            key: cose_key.to_vec(),
        }
    }
    pub fn signature(&self) -> Vec<u8> {
        self.signature.clone()
    }
    pub fn key(&self) -> Vec<u8> {
        self.key.clone()
    }
}

#[wasm_bindgen]
#[derive(Serialize, Deserialize)]
pub struct VerifyResponse {
    error: String,
    is_valid: bool,
}

#[wasm_bindgen]
impl VerifyResponse {
    pub fn new(error: &str, valid: bool) -> Self {
        Self {
            error: error.to_string(),
            is_valid: valid,
        }
    }
    pub fn error(&self) -> String {
        self.error.clone()
    }
    pub fn is_valid(&self) -> bool {
        self.is_valid.clone()
    }
}

/**
 *  **Verify data signed according to CIP-008**
 *   returns ->
 *   VerifyResponse {
 *       error: String,
 *       is_valid: bool,
 *   }
 */
#[wasm_bindgen]
pub fn verify_data_signature(
    dt: DataSignature,
    expected_message: &str,
    expected_address_bech32: &str,
) -> VerifyResponse {
    let sign_res = verify_data_signature_cip008(dt, expected_message, expected_address_bech32);
    match sign_res {
        Ok(val) => VerifyResponse::new("", val),
        Err(er) => VerifyResponse::new(&er.as_str(), false),
    }
}

/**
 *  **Verify data signed according to CIP-008**
 *   returns ->
 *    bool or error message
 */
pub fn verify_data_signature_cip008(
    dt: DataSignature,
    expected_message: &str,
    expected_address_bech32: &str,
) -> Result<bool, String> {
    let cose_sign1 = ms::COSESign1::from_bytes(dt.signature).unwrap();

    let payload_to_verify_opt = cose_sign1.payload();

    if payload_to_verify_opt.is_none() {
        return Ok(false);
    }

    let payload_to_verify = payload_to_verify_opt.unwrap();

    let payload_text = str::from_utf8(&payload_to_verify).unwrap_or_else(|_| "DEFAULT");

    if expected_message != payload_text {
        return Ok(false);
    }

    let headers_to_verify = cose_sign1.headers();

    let header_addr_val = headers_to_verify
        .protected()
        .deserialized_headers()
        .header(&ms::Label::new_text("address".to_string()))
        .unwrap()
        .to_bytes();

    let cbor_val_address = ms::cbor::CBORValue::from_bytes(header_addr_val)
        .unwrap()
        .as_bytes()
        .unwrap();

    let address_res = Address::from_raw_bytes(&cbor_val_address);

    if address_res.is_err() {
        return Err("failed parsing address from header".to_string());
    }

    let cose_key = ms::COSEKey::from_bytes(dt.key).unwrap();

    let pk = PublicKey::from_raw_bytes(
        &cose_key
            .header(&ms::Label::new_int(&ms::utils::Int::new_negative(
                ms::utils::BigNum::from_str("2").unwrap(),
            )))
            .unwrap()
            .as_bytes()
            .unwrap(),
    )
    .unwrap();

    let is_address_valid =
        verify_signing_address(expected_address_bech32, address_res.unwrap(), &pk);

    if is_address_valid.is_err() || !is_address_valid.unwrap() {
        return Ok(false);
    }

    let signed_data = cose_sign1.signed_data(None, None).unwrap().to_bytes();
    let sig = Ed25519Signature::from_raw_bytes(&cose_sign1.signature()).unwrap();

    if pk.verify(&signed_data, &sig) {
        Ok(true)
    } else {
        Ok(false)
    }
}

/**
 *  **Verify signing address, needs to be full base address**
 *   returns ->
 *    Result<bool or error message>
 */

pub fn verify_signing_address(
    expected_address_bech32: &str,
    coseheader_address: Address,
    cose_pubkey: &PublicKey,
) -> Result<bool, JsError> {
    let expected_address = Address::from_bech32(expected_address_bech32)?;
    if coseheader_address.to_bech32(None)? != expected_address.to_bech32(None)? {
        return Ok(false);
    }

    // check if BaseAddress
    let base_address = BaseAddress::from_address(&coseheader_address);

    if base_address.is_none() {
        return Err(JsError::new("Signing address is not base address."));
    }

    //reconstruct address
    let payment_key_hash = cose_pubkey.hash();
    let stake_key = base_address.unwrap().stake;

    let reconstructed_address = BaseAddress::new(
        expected_address.network_id()?,
        Credential::new_pub_key(payment_key_hash),
        StakeCredential::from(stake_key),
    );
    if expected_address.to_bech32(None)? == reconstructed_address.to_address().to_bech32(None)? {
        return Ok(true);
    }
    return Ok(false);
}

#[derive(Serialize, Deserialize)]
#[wasm_bindgen]
pub struct CustomClaim {
    user_id: String,
    address: String,
}

#[wasm_bindgen]
impl CustomClaim {
    pub fn new(user_id: &str, address: &str) -> Self {
        Self {
            user_id: user_id.to_string(),
            address: address.to_string(),
        }
    }
    pub fn user_id(&self) -> String {
        self.user_id.clone()
    }
    pub fn address(&self) -> String {
        self.address.clone()
    }
}

/**
 *  **Verify data signed according to CIP-30**
 *   returns ->
 *   VerifyResponse {
 *       error: String,
 *       is_valid: bool,
 *   }
 */
#[wasm_bindgen]
pub fn verify_data_signature_new(
    dt: DataSignature,
    expected_message: &str,
    expected_address_bech32: &str,
) -> VerifyResponse {
    let sign_res = verify_data_signature_cip30(dt, expected_message, expected_address_bech32);
    match sign_res {
        Ok(val) => VerifyResponse::new("", val),
        Err(er) => VerifyResponse::new(&er.as_str(), false),
    }
}

/**
 *  **Verify data signed according to CIP-30**
 *   returns ->
 *    bool or error message
 */
pub fn verify_data_signature_cip30(
    dt: DataSignature,
    expected_message: &str,
    expected_address_bech32: &str,
) -> Result<bool, String> {
    let cose_sign1_res = ms::COSESign1::from_bytes(dt.signature);

    if cose_sign1_res.is_err() {
        return Err("Cose sign object could not be created from the signature".to_string());
    }

    let cose_sign1 = cose_sign1_res.unwrap();

    let payload_to_verify_opt = cose_sign1.payload();

    if payload_to_verify_opt.is_none() {
        return Err("No payload".to_string());
    }

    let payload_to_verify = payload_to_verify_opt.unwrap();

    let is_message_hashed = check_is_hashed_message(&cose_sign1).unwrap();

    if is_message_hashed {
        let expected_message_hash = Blake2b224::new(&expected_message.as_bytes()).to_string();
        let payload_array: [u8; 28] = payload_to_verify
            .as_slice()
            .try_into()
            .expect("Payload length is not 28 bytes");
        let payload_text = Blake2b224::from(payload_array).to_string();
        if expected_message_hash != payload_text {
            println!("CIP30 Debug: Hashed message mismatch. Expected hash: {}, Got hash: {}", expected_message_hash, payload_text);
            return Ok(false);
        }
    } else {
        let payload_text = str::from_utf8(&payload_to_verify).unwrap_or_else(|_| "DEFAULT");
        if expected_message != payload_text {
            println!("CIP30 Debug: Unhashed message mismatch. Expected: '{}', Got: '{}'", expected_message, payload_text);
            return Ok(false);
        }
       
    }

    let cose_key_res = ms::COSEKey::from_bytes(dt.key);
    if cose_key_res.is_err() {
        return Err(cose_key_res.err().unwrap().to_string());
    }

    let cose_key = cose_key_res.unwrap();

    let pk = PublicKey::from_raw_bytes(
        &cose_key
            .header(&ms::Label::new_int(&ms::utils::Int::new_negative(
                ms::utils::BigNum::from_str("2").unwrap(),
            )))
            .unwrap()
            .as_bytes()
            .unwrap(),
    )
    .unwrap();

    let is_address_valid_result = verify_signing_address_new(expected_address_bech32, &pk);

    match is_address_valid_result {
        Ok(true) => { /* Address is valid, continue */ }
        Ok(false) => {
            let pk_hash = pk.hash().to_string();
            println!("CIP30 Debug: Address validation returned false. Expected Address: {}, Public Key Hash: {}", expected_address_bech32, pk_hash);
            return Ok(false);
        }
        Err(e) => {
            let pk_hash = pk.hash().to_string();
            // Note: We capture the error `e` here but might need to adjust how it's printed depending on its type.
            // For now, using debug print.
            println!("CIP30 Debug: Address validation failed with error. Expected Address: {}, Public Key Hash: {}, Error: {:?}", expected_address_bech32, pk_hash, e);
            // Decide if an error during address validation should return Ok(false) or Err(...)
            // Returning Ok(false) for consistency with the previous logic.
            return Ok(false);
        }
    }

    let signed_data = cose_sign1.signed_data(None, None).unwrap().to_bytes();
    let sig = Ed25519Signature::from_raw_bytes(&cose_sign1.signature()).unwrap();

    if pk.verify(&signed_data, &sig) {
        Ok(true)
    } else {
        println!("CIP30 Debug: Final signature verification failed.");
        Ok(false)
    }
}

fn check_is_hashed_message(
    cose_sign1: &cardano_message_signing::COSESign1,
) -> Result<bool, String> {
    let headers_to_verify = cose_sign1.headers();
    let unprotected_headers = headers_to_verify.unprotected();
    let is_hashed_opt = unprotected_headers.header(&Label::new_text("hashed".to_string()));
    if is_hashed_opt.is_none() {
        return Err("No hashed header".to_string());
    }
    let is_hashed_cbor = is_hashed_opt.unwrap();
    let is_hashed_bool = if let Some(b) = is_hashed_cbor.as_special().and_then(|s| s.as_bool()) {
        b
    } else if let Some(s) = is_hashed_cbor.as_text() {
        s == "true"
    } else {
        return Err("Invalid type for hashed header".to_string());
    };
    if is_hashed_bool {
        return Ok(true);
    }
    return Ok(false);
}

fn extract_pubkey(credential: &Credential) -> Option<&Ed25519KeyHash> {
    match credential {
        Credential::PubKey { hash, .. } => Some(hash),
        _ => None,
    }
}

/**
 *  **Verify signing address, needs to be full base address**
 *   returns ->
 *    Result ( bool or error message )
 */
pub fn verify_signing_address_new(
    expected_address_bech32: &str,
    cose_pubkey: &PublicKey,
) -> Result<bool, JsError> {
    let expected_credential = Address::from_bech32(expected_address_bech32)?
        .staking_cred()
        .expect("Address doesn't have staking credential")
        .clone();

    let expected_pubkeyhash = extract_pubkey(&expected_credential).unwrap();
    let stake_key_hash = cose_pubkey.hash();
    if expected_pubkeyhash.eq(&stake_key_hash) {
        return Ok(true);
    }
    return Ok(false);
}