✨ (solana-signer) [DSDK-1098]: Solana transaction check & Solana provide context refactor (#1481)

Author: fAnselmi-Ledger

.changeset/large-stars-relate.md

@@ -0,0 +1,5 @@
+---
+"@ledgerhq/device-signer-kit-solana": minor
+---
+
+Add transaction check

.changeset/swift-otters-roam.md

@@ -0,0 +1,5 @@
+---
+"@ledgerhq/device-management-kit": minor
+---
+
+Extend `ApplicationChecker` with app-name aware constraints: track the current running app from the device session state and expose `excludeApp`, `excludeApps`, and `excludeDeviceModels` builder methods.

packages/device-management-kit/src/api/utils/ApplicationChecker.ts

@@ -12,13 +12,16 @@ export class ApplicationChecker {
   private isCompatible: boolean;
   private version: string;
   private modelId: DeviceModelId;
+  private readonly appName: string | undefined;
 
   constructor(
     deviceState: DeviceSessionState,
     appConfig: AppConfig,
     resolver: ApplicationResolver,
   ) {
     this.modelId = deviceState.deviceModelId;
+    this.appName =
+      "currentApp" in deviceState ? deviceState.currentApp.name : undefined;
     const resolved = resolver.resolve(deviceState, appConfig);
     this.isCompatible = resolved.isCompatible;
     this.version = resolved.version;
@@ -39,6 +42,21 @@ export class ApplicationChecker {
     return this;
   }
 
+  excludeDeviceModels(...modelIds: DeviceModelId[]): ApplicationChecker {
+    for (const id of modelIds) this.excludeDeviceModel(id);
+    return this;
+  }
+
+  excludeApp(name: string): ApplicationChecker {
+    if (this.appName === name) this.isCompatible = false;
+    return this;
+  }
+
+  excludeApps(...names: string[]): ApplicationChecker {
+    for (const name of names) this.excludeApp(name);
+    return this;
+  }
+
   check(): boolean {
     return this.isCompatible;
   }

packages/signer/context-module/src/DefaultContextModule.ts

@@ -121,6 +121,9 @@ export class DefaultContextModule implements ContextModule {
           this._container.get<ContextLoader>(
             ownerInfoTypes.OwnerInfoContextLoader,
           ),
+          this._container.get<ContextLoader>(
+            transactionCheckTypes.TransactionCheckLoader,
+          ),
         ];
       case ContextModuleChainID.Concordium:
         return [

packages/signer/context-module/src/di.ts

@@ -22,6 +22,7 @@ import { uniswapModuleFactory } from "@/modules/ethereum/uniswap/di/uniswapModul
 import { nanoPkiModuleFactory } from "@/modules/multichain/pki/di/pkiModuleFactory";
 import { reporterModuleFactory } from "@/modules/multichain/reporter/di/reporterModuleFactory";
 import { ethereumTransactionCheckModuleFactory } from "@/modules/multichain/transaction-check/di/ethereumTransactionCheckModuleFactory";
+import { solanaTransactionCheckModuleFactory } from "@/modules/multichain/transaction-check/di/solanaTransactionCheckModuleFactory";
 import { lifiModuleFactory } from "@/modules/solana/lifi/di/lifiModuleFactory";
 import { ownerInfoModuleFactory } from "@/modules/solana/owner-info/di/ownerInfoModuleFactory";
 import { tokenModuleFactory as solanaTokenModuleFactory } from "@/modules/solana/token/di/tokenModuleFactory";
@@ -71,6 +72,7 @@ export const makeContainer = ({ config }: MakeContainerArgs) => {
         ownerInfoModuleFactory(),
         solanaTokenModuleFactory(),
         lifiModuleFactory(),
+        solanaTransactionCheckModuleFactory(),
       );
       break;
     case ContextModuleChainID.Concordium:

packages/signer/context-module/src/index.ts

@@ -72,8 +72,10 @@ export * from "./modules/multichain/reporter/domain/BlindSigningReporter";
 export * from "./modules/multichain/reporter/domain/DefaultBlindSigningReporter";
 export * from "./modules/multichain/reporter/model/BlindSigningEvent";
 export * from "./modules/multichain/reporter/model/BlindSigningModelId";
+export * from "./modules/multichain/transaction-check/utils/constants";
 export * from "./modules/solana/model/SolanaClearSignContext";
 export * from "./modules/solana/model/SolanaContextTypes";
+export * from "./modules/solana/model/SolanaTransactionScanChainId";
 export * from "./modules/solana/owner-info/data/HttpOwnerInfoDataSource";
 export * from "./modules/solana/owner-info/data/OwnerInfoDataSource";
 export * from "./modules/solana/owner-info/domain/OwnerInfoContextLoader";

packages/signer/context-module/src/modules/multichain/transaction-check/di/solanaTransactionCheckModuleFactory.ts

@@ -0,0 +1,15 @@
+import { ContainerModule } from "inversify";
+
+import { HttpTransactionCheckDataSource } from "@/modules/multichain/transaction-check/data/HttpTransactionCheckDataSource";
+import { transactionCheckTypes } from "@/modules/multichain/transaction-check/di/transactionCheckTypes";
+import { SolanaTransactionCheckLoader } from "@/modules/multichain/transaction-check/loaders/SolanaTransactionCheckLoader";
+
+export const solanaTransactionCheckModuleFactory = () =>
+  new ContainerModule(({ bind }) => {
+    bind(transactionCheckTypes.TransactionCheckDataSource).to(
+      HttpTransactionCheckDataSource,
+    );
+    bind(transactionCheckTypes.TransactionCheckLoader).to(
+      SolanaTransactionCheckLoader,
+    );
+  });

packages/signer/context-module/src/modules/multichain/transaction-check/loaders/SolanaTransactionCheckLoader.ts

@@ -0,0 +1,115 @@
+import {
+  DeviceModelId,
+  LoggerPublisherService,
+} from "@ledgerhq/device-management-kit";
+import { inject, injectable } from "inversify";
+import { Codec, exactly, number, oneOf, string } from "purify-ts";
+
+import { configTypes } from "@/config/di/configTypes";
+import { pkiTypes } from "@/modules/multichain/pki/di/pkiTypes";
+import { type PkiCertificateLoader } from "@/modules/multichain/pki/domain/PkiCertificateLoader";
+import { KeyUsage } from "@/modules/multichain/pki/model/KeyUsage";
+import { type TransactionCheckDataSource } from "@/modules/multichain/transaction-check/data/TransactionCheckDataSource";
+import { transactionCheckTypes } from "@/modules/multichain/transaction-check/di/transactionCheckTypes";
+import { type TransactionCheckLoader } from "@/modules/multichain/transaction-check/loaders/TransactionCheckLoader";
+import { TransactionCheckPaths } from "@/modules/multichain/transaction-check/utils/constants";
+import {
+  ClearSignContext,
+  ClearSignContextType,
+} from "@/shared/model/ClearSignContext";
+
+export type SolanaTransactionCheckRequest = {
+  from: string;
+  rawTx: string;
+  chain: number;
+};
+
+export type SolanaTransactionCheckContextInput = {
+  deviceModelId: DeviceModelId;
+  transactionCheck: SolanaTransactionCheckRequest;
+};
+
+const SUPPORTED_TYPES: ClearSignContextType[] = [
+  ClearSignContextType.SOLANA_TRANSACTION_CHECK,
+];
+
+const solanaTransactionCheckInputCodec = Codec.interface({
+  deviceModelId: oneOf([
+    exactly(DeviceModelId.NANO_X),
+    exactly(DeviceModelId.NANO_SP),
+    exactly(DeviceModelId.STAX),
+    exactly(DeviceModelId.FLEX),
+  ]),
+  transactionCheck: Codec.interface({
+    from: string,
+    rawTx: string,
+    chain: number,
+  }),
+});
+
+@injectable()
+export class SolanaTransactionCheckLoader
+  implements TransactionCheckLoader<SolanaTransactionCheckContextInput>
+{
+  private readonly logger: LoggerPublisherService;
+
+  constructor(
+    @inject(transactionCheckTypes.TransactionCheckDataSource)
+    private readonly transactionCheckDataSource: TransactionCheckDataSource,
+    @inject(pkiTypes.PkiCertificateLoader)
+    private readonly certificateLoader: PkiCertificateLoader,
+    @inject(configTypes.ContextModuleLoggerFactory)
+    loggerFactory: (tag: string) => LoggerPublisherService,
+  ) {
+    this.logger = loggerFactory("SolanaTransactionCheckLoader");
+  }
+
+  canHandle(
+    input: unknown,
+    expectedType: ClearSignContextType[],
+  ): input is SolanaTransactionCheckContextInput {
+    if (!SUPPORTED_TYPES.every((type) => expectedType.includes(type)))
+      return false;
+    return solanaTransactionCheckInputCodec.decode(input).caseOf({
+      Left: () => false,
+      Right: ({ transactionCheck: { from, rawTx } }) =>
+        from.length > 0 && rawTx.length > 0,
+    });
+  }
+
+  async load(
+    ctx: SolanaTransactionCheckContextInput,
+  ): Promise<ClearSignContext[]> {
+    const { from, rawTx, chain } = ctx.transactionCheck;
+
+    const txCheck = await this.transactionCheckDataSource.check({
+      path: TransactionCheckPaths.SOLANA_TRANSACTION,
+      body: { tx: { from, raw: rawTx }, chain },
+    });
+
+    const context = await txCheck.caseOf<Promise<ClearSignContext>>({
+      Left: (error) =>
+        Promise.resolve({
+          type: ClearSignContextType.ERROR,
+          error,
+        }),
+      Right: async (data) => {
+        const certificate = await this.certificateLoader.loadCertificate({
+          keyId: data.publicKeyId,
+          keyUsage: KeyUsage.TxSimulationSigner,
+          targetDevice: ctx.deviceModelId,
+        });
+
+        return {
+          type: ClearSignContextType.SOLANA_TRANSACTION_CHECK,
+          payload: { descriptor: data.descriptor },
+          certificate,
+        };
+      },
+    });
+
+    const result = [context];
+    this.logger.debug("load result", { data: { result } });
+    return result;
+  }
+}

packages/signer/context-module/src/modules/multichain/transaction-check/loaders/TransactionCheckLoader.ts

@@ -2,8 +2,12 @@ import { type DeviceModelId } from "@ledgerhq/device-management-kit";
 
 import { type ContextLoader } from "@/shared/domain/ContextLoader";
 
+/**
+ * Common requirement across all transaction-check loaders: a target device
+ * model is needed to fetch the right PKI certificate. Other fields (signer
+ * address, raw tx, chain id) are shaped per chain.
+ */
 export type TransactionCheckInput = {
-  from: string;
   deviceModelId: DeviceModelId;
 };
 

packages/signer/context-module/src/modules/multichain/transaction-check/utils/constants.ts

@@ -1,4 +1,5 @@
 export enum TransactionCheckPaths {
   ETHEREUM_TRANSACTION = "/ethereum/scan/tx",
   ETHEREUM_TYPED_DATA = "/ethereum/scan/eip-712",
+  SOLANA_TRANSACTION = "/solana/scan/tx",
 }