Draft
Conversation
…rectness, and architecture improvements Critical fixes: - Fix Android exportKey compilation error (undefined keyPair variable) - Fix Android importKey type mismatch (KeyPair vs KeyPairEntry) - Fix iOS silent failure in getRandomValues (now calls fatalError on CSPRNG failure) - Fix iOS importKey key size calculation (derive from modulus, not DER blob) - Fix iOS ASN.1 DER parsing with proper length decoding (replaces hardcoded offsets) - Fix iOS hardcoded exponent with parsed value from key data Security & safety: - Eliminate all force-unwrap (as!) casts in iOS via typed KeyEntry struct - Add synchronized blocks to all Android keyStore accesses for thread safety - Add key usage validation in JS verify() to match WebCrypto spec - JS getRandomValues validates returned length matches requested length Architecture: - Migrate bridge serialization from number[]/[NSNumber]/ReadableArray to Base64 strings across all layers (iOS, Android, TypeScript spec, JS polyfill), reducing serialization overhead from ~400% to ~33% - Extract iOS RSA DER parsing/construction into standalone RSAKeyUtils.swift for testability - Replace Android hand-rolled X.509 DER construction (~60 lines) with platform RSAPublicKeySpec - Remove dead code (getCryptoAlg), fix typos, clean up unused parameters Infrastructure: - Fix Jest config (testMatch pattern, setupFiles path, test import paths) - Add unit tests for digest, getRandomValues, importKey, verify, and polyfill installation - Update mocks to match Base64 bridge interface - Remove private:true flag, remove nonexistent ./cpp from files array - Update Android SDK defaults to 35
Harden native crypto bridge with security, correctness, and architecture improvements
Android module is on the wrong path. Add biometric auth and fix the android implementation by using android keystore.
update the android components.
Configures automated testing for packages/react-native-webcrypto-bridge: - Android: JUnit/Robolectric tests via Gradle on Linux executor - iOS: Swift Package Manager tests on macOS executor - Both jobs run in parallel with intelligent caching Jobs restore dependencies from cache based on build.gradle/Package.swift checksums, reducing build times by 50-70% on subsequent runs. Test results and artifacts are stored for CircleCI reporting.
Change xcode from 'latest' to '16.1' to match CircleCI schema requirements. Xcode version must be a specific version string, not 'latest'.
Change macos.m1 to macos.medium for valid Xcode 16.1 compatibility. Remove unnecessary environment variables.
Change cimg/android:latest to cimg/android:2024.12 (a valid versioned image). CircleCI requires specific image versions, not 'latest' tags.
The circleci/macos orb doesn't provide executor definitions. Use simple custom executors with direct Docker and macOS config.
jaredperreault-okta
force-pushed
the
jp-rn-tokenstorage
branch
from
0bec06a to
3041064
Compare
jaredperreault-okta
force-pushed
the
jp-rn-tokenstorage
branch
from
3041064 to
87182b8
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.