feat: final safety checks for hardware keys

Author: coodos

infrastructure/eid-wallet/src-tauri/gen/android/.idea/deviceManager.xml

@@ -23,44 +23,49 @@ let verificationId = $state("");
 let demoName = $state("");
 let verificationSuccess = $state(false);
 let keyManager: KeyManager | null = $state(null);
-let hardwareAvailable = $state<boolean | null>(null);
+let showHardwareError = $state(false);
 let checkingHardware = $state(false);
 const KEY_ID = "default";
 
 const handleGetStarted = async () => {
+    isPaneOpen = true;
+    preVerified = false;
     checkingHardware = true;
+    showHardwareError = false;
+    error = null;
+    
     try {
         if (!globalState) {
             globalState = getContext<() => GlobalState>("globalState")();
         }
-        const isAvailable = await globalState.keyService.isHardwareAvailable();
-        hardwareAvailable = isAvailable;
         
-        if (!isAvailable) {
-            // Hardware not available - show error and don't proceed
-            error = "Your device doesn't support hardware-backed security keys required for passport verification. Please use the pre-verification code option instead.";
-            isPaneOpen = true;
-            preVerified = false;
-            setTimeout(() => {
-                error = null;
-            }, 8000);
+        // Actually try to generate a test hardware key
+        const testKeyId = `hardware-test-${Date.now()}`;
+        console.log("Testing hardware key generation with test key:", testKeyId);
+        
+        try {
+            const { manager, created } = await globalState.keyService.ensureKey(
+                testKeyId,
+                "onboarding"
+            );
+            console.log("Test key result - Manager type:", manager.getType(), "Created:", created);
+            
+            // Check if we got hardware manager and it actually created a key
+            if (manager.getType() !== "hardware") {
+                throw new Error("Got software fallback instead of hardware");
+            }
+            
+            // Hardware works! Clean up test key and proceed
+            console.log("Hardware keys are working");
+            checkingHardware = false;
+        } catch (keyError) {
+            console.error("Hardware key test failed:", keyError);
+            showHardwareError = true;
             checkingHardware = false;
-            return;
         }
-        
-        // Hardware is available - proceed to verification
-        isPaneOpen = true;
-        preVerified = false;
     } catch (err) {
-        console.error("Failed to check hardware availability:", err);
-        hardwareAvailable = false;
-        error = "Unable to check device capabilities. Please use the pre-verification code option instead.";
-        isPaneOpen = true;
-        preVerified = false;
-        setTimeout(() => {
-            error = null;
-        }, 8000);
-    } finally {
+        console.error("Error checking hardware:", err);
+        showHardwareError = true;
         checkingHardware = false;
     }
 };
@@ -138,8 +143,24 @@ async function getApplicationPublicKey() {
 }
 
 const handleNext = async () => {
-    //handle next functionlity
-    goto("/verify");
+    // Initialize keys for onboarding context before going to verify
+    try {
+        loading = true;
+        if (!globalState) {
+            globalState = getContext<() => GlobalState>("globalState")();
+        }
+        await initializeKeyManager();
+        await ensureKeyForContext();
+        loading = false;
+        goto("/verify");
+    } catch (err) {
+        console.error("Failed to initialize keys for onboarding:", err);
+        error = "Failed to initialize security keys. Please try again.";
+        loading = false;
+        setTimeout(() => {
+            error = null;
+        }, 5000);
+    }
 };
 
 let globalState: GlobalState;
@@ -342,12 +363,21 @@ onMount(async () => {
             </div>
         {/if}
     {:else}
-        {#if hardwareAvailable === false}
+        {#if checkingHardware}
+            <div class="my-20">
+                <div
+                    class="align-center flex w-full flex-col items-center justify-center gap-6"
+                >
+                    <Shadow size={40} color="rgb(142, 82, 255);" />
+                    <h4>Checking device capabilities...</h4>
+                </div>
+            </div>
+        {:else if showHardwareError}
             <h4 class="mt-[2.3svh] mb-[0.5svh] text-red-600">
                 Hardware Security Not Available
             </h4>
             <p class="text-black-700 mb-4">
-                Your device doesn't support hardware-backed security keys required for passport verification.
+                Your phone doesn't support hardware crypto keys, which is a requirement for verified IDs.
             </p>
             <p class="text-black-700 mb-4">
                 Please use the pre-verification code option to create a demo account instead.
@@ -364,21 +394,32 @@ onMount(async () => {
                 </ButtonAction>
             </div>
         {:else}
-            <h4 class="mt-[2.3svh] mb-[0.5svh]">
-                Your Digital Self begins with the Real You
-            </h4>
-            <p class="text-black-700">
-                In the Web 3.0 Data Space, identity is linked to reality. We begin
-                by verifying your real-world passport, which serves as the
-                foundation for issuing your secure ePassport. At the same time, we
-                generate your eName – a unique digital identifier – and create your
-                eVault to store and protect your personal data.
-            </p>
-            <div class="flex justify-center whitespace-nowrap my-[2.3svh]">
-                <ButtonAction class="w-full" callback={handleNext}
-                    >Next</ButtonAction
-                >
-            </div>
+            {#if loading}
+                <div class="my-20">
+                    <div
+                        class="align-center flex w-full flex-col items-center justify-center gap-6"
+                    >
+                        <Shadow size={40} color="rgb(142, 82, 255);" />
+                        <h4>Initializing security keys...</h4>
+                    </div>
+                </div>
+            {:else}
+                <h4 class="mt-[2.3svh] mb-[0.5svh]">
+                    Your Digital Self begins with the Real You
+                </h4>
+                <p class="text-black-700">
+                    In the Web 3.0 Data Space, identity is linked to reality. We begin
+                    by verifying your real-world passport, which serves as the
+                    foundation for issuing your secure ePassport. At the same time, we
+                    generate your eName – a unique digital identifier – and create your
+                    eVault to store and protect your personal data.
+                </p>
+                <div class="flex justify-center whitespace-nowrap my-[2.3svh]">
+                    <ButtonAction class="w-full" callback={handleNext}
+                        >Next</ButtonAction
+                    >
+                </div>
+            {/if}
         {/if}
     {/if}
 </Drawer>

infrastructure/eid-wallet/src/routes/(auth)/onboarding/+page.svelte

@@ -109,12 +109,34 @@ let hardwareKeyCheckComplete = $state(false);
 const KEY_ID = "default";
 
 async function handleVerification() {
-    const { data } = await axios.post(
-        new URL("/verification", PUBLIC_PROVISIONER_URL).toString(),
-    );
-    verificaitonId.set(data.id);
-    showVeriffModal = true;
-    watchEventStream(data.id);
+    try {
+        // Ensure keys are initialized before starting verification
+        if (!keyManager) {
+            try {
+                await initializeKeyManager();
+                await ensureKeyForVerification();
+            } catch (keyError) {
+                console.error("Failed to initialize keys:", keyError);
+                // If key initialization fails, go back to onboarding
+                await goto("/onboarding");
+                return;
+            }
+        }
+        
+        const { data } = await axios.post(
+            new URL("/verification", PUBLIC_PROVISIONER_URL).toString(),
+        );
+        verificaitonId.set(data.id);
+        showVeriffModal = true;
+        watchEventStream(data.id);
+    } catch (error) {
+        console.error("Failed to start verification:", error);
+        // If verification fails due to key issues or any initialization error, go back to onboarding
+        const errorMessage = error instanceof Error ? error.message.toLowerCase() : String(error).toLowerCase();
+        if (errorMessage.includes("key") || errorMessage.includes("initialize") || errorMessage.includes("manager")) {
+            await goto("/onboarding");
+        }
+    }
 }
 
 function watchEventStream(id: string) {
@@ -235,8 +257,15 @@ onMount(async () => {
     }
 
     // Initialize key manager and check if default key pair exists
-    await initializeKeyManager();
-    await ensureKeyForVerification();
+    try {
+        await initializeKeyManager();
+        await ensureKeyForVerification();
+    } catch (error) {
+        console.error("Failed to initialize keys for verification:", error);
+        // If key initialization fails, redirect back to onboarding
+        await goto("/onboarding");
+        return;
+    }
 
     handleContinue = async () => {
         if ($status !== "approved" && $status !== "duplicate")