Crypto import for non-node envs

[mvid]

crypto import:
change import pattern of crypto, to allow import error to be caught and acted on. the current model fails in react native, not exactly sure why, but using require instead avoids the issue.

Changed the lookup for subtle. Currently, if subtle doesn't exist on the crypto library, cosmjs will attempt to reimport node crypto, even if a proper crypto was already shimmed in. The changeset will pull subtle if it exists, otherwise return undefined. getCryptoModule will only be called if crypto is not already set on window/this

authz queries:
add more authz grant queries to catch up to current authz types

[webmaster128]

Thank you. This looks both promising at first glance.

Could you split the additional queries and the crypto changes in 2 PRs please? This way we can keep the discussion specific and not block one change on the other change.

[mvid]

Thank you. This looks both promising at first glance.

Could you split the additional queries and the crypto changes in 2 PRs please? This way we can keep the discussion specific and not block one change on the other change.

Done, the authz queries PR is now in #1308

[webmaster128]

Could you try this instead?

    // HACK: Use a variable to get webpack to ignore this and cause a
    // runtime error instead of build system error or fallback implementation.
    const nodeCryptoPackageName = "crypto";
    const crypto = await import(nodeCryptoPackageName);

We use this in a different place already. This should avoid build systems trying to bundle a crypto implementation when it is not available natively.

[mvid]

@webmaster128 I introduced this, however the problem is the same. It attempts to resolve crypto when bundling. In my current project, using Expo/React-Native/Metro, it seems to parse/resolve any import call, hence why I switched it to a require. I believe this is specific to the Metro bundler.

Any ideas on how to solve this?

[webmaster128]

The change LGTM. Good point regarding the subtle import.

I'd just like to get rid of the Node.js specific require call.

[webmaster128]

Sorry for letting you wait so long. I'm now trying to catch up with CosmJS.

It seems like metro allows us to use an "empty" crypto module. See

• https://facebook.github.io/metro/docs/configuration/
• https://facebook.github.io/metro/docs/resolution#resolverequest-customresolver

I never worked with metro though. Do you have a test project where I can reproduce the issues you are facing?

[webmaster128]

Changed the lookup for subtle. Currently, if subtle doesn't exist on the crypto library, cosmjs will attempt to reimport node crypto, even if a proper crypto was already shimmed in. The changeset will pull subtle if it exists, otherwise return undefined. getCryptoModule will only be called if crypto is not already set on window/this

I think the motivation for the current codebase was this: subtle is either

1. in globalThis.crypto.subtle (https://www.w3.org/TR/WebCryptoAPI/) which works in browsers and node.js 18+, or
2. in (await import("crypto")).webcrypto.subtle (node.js 15+ versions)

But turns out there is a 3rd option in between:

• in globalThis.crypto.webcrypto.subtle (node.js 16+)

I'll update the code to better reflect that.

[webmaster128]

I looked even more into this and have two changes in the pipeline:

1. getSubtle does not need to call getCryptoModule at all since I am not aware of any environment where subtle is only available in the crypto module
2. getCryptoModule can be removed entirely if we are willing to use a pure-JS pbkdf2 implementation for Node.js 14. Given that Node.js 14 EOLs in 4 months and 3 weeks (30 Apr 2023), I think this is fine for CosmJS 0.30.0

[webmaster128]

Thank you for bringing up this problem and proposing a solution. After looking into it I gained cnfidence that #1340 (for 0.29.x) and #1341 (for 0.30.0) are the two necessary steps to fix this nicely. Let's continue the discussion in those more specific tickets.

[webmaster128]

okay, this is far from solved. See #1354 for a follow-up ticket.