fixed sub-org specific bundles leaking to other sub-org sessions

Author: ethankonk

export-and-sign/dist/bundle.3f29bf7d8e30fb1dd823.js

@@ -1 +1 @@
-<!doctype html><html class="no-js"><head><link rel="icon" type="image/svg+xml" href="./favicon.svg"/><meta charset="utf-8"/><title>Turnkey Export</title><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="turnkey-signer-environment" content="__TURNKEY_SIGNER_ENVIRONMENT__"/><meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self'; base-uri 'self'; object-src 'none'; form-action 'none'"><link href="/styles.e084a69a94c0575bc6ba.css" rel="stylesheet" integrity="sha384-uIrxQTbBoDAwjgotQ+GUHgbxFM2iajB5QKNa4WuL9wn/Ou+2383e3dM2FCWOAq9m" crossorigin="anonymous"></head><body><h2>Export Key Material</h2><p><em>This public key will be sent along with a private key ID or wallet ID inside of a new <code>EXPORT_PRIVATE_KEY</code> or <code>EXPORT_WALLET</code> activity</em></p><form><label>Embedded key</label> <input name="embedded-key" id="embedded-key" disabled="disabled"/> <button id="reset">Reset Key</button></form><br/><br/><br/><h2>Inject Key Export Bundle</h2><p><em>The export bundle comes from the parent page and is composed of a public key and an encrypted payload. The payload is encrypted to this document's embedded key (stored in local storage and displayed above). The scheme relies on <a target="_blank" href="https://datatracker.ietf.org/doc/rfc9180/">HPKE (RFC 9180)</a></em>.</p><form><label>Bundle</label> <input name="key-export-bundle" id="key-export-bundle"/> <button id="inject-key">Inject Bundle</button><br/><label>Key Format</label> <select id="key-export-format" name="key-export-format"><option value="HEXADECIMAL">Hexadecimal (Default)</option><option value="SOLANA">Solana</option></select><br/><label>Organization Id</label> <input name="key-organization-id" id="key-organization-id"/></form><br/><br/><h2>Inject Wallet Export Bundle</h2><p><em>The export bundle comes from the parent page and is composed of a public key and an encrypted payload. The payload is encrypted to this document's embedded key (stored in local storage and displayed above). The scheme relies on <a target="_blank" href="https://datatracker.ietf.org/doc/rfc9180/">HPKE (RFC 9180)</a></em>.</p><form><label>Bundle</label> <input name="wallet-export-bundle" id="wallet-export-bundle"/> <button id="inject-wallet">Inject Bundle</button><br/><label>Organization Id</label> <input name="wallet-organization-id" id="wallet-organization-id"/></form><br/><br/><h2>Sign Transaction</h2><p><em>Input a serialized transaction to sign.</em></p><form><label>Transaction</label> <input name="transaction-to-sign" id="transaction-to-sign"/> <button id="sign-transaction">Sign</button></form><br/><br/><h2>Sign Message</h2><p><em>Input a serialized message to sign.</em></p><form><label>Message</label> <input name="message-to-sign" id="message-to-sign"/> <button id="sign-message">Sign</button></form><br/><br/><h2>Message log</h2><p><em>Below we display a log of the messages sent / received. The forms above send messages, and the code communicates results by sending events via the <code>postMessage</code> API.</em></p><div id="message-log"></div><div id="key-div"></div><script defer="defer" src="/bundle.921b01a774677f8e2da8.js" integrity="sha384-P/yUGeA+YjATjB94JS/FcpAKrqBRW/oFjpTPQJAEZMy2zDCV+2mfOqsTbuxZkCcy" crossorigin="anonymous"></script><script defer="defer" src="/bundle.8ccdeed719db48416e34.js" integrity="sha384-54fp27cW7hyp60JZSDbPoHZ8CRF09rdlr5J5iKQYIUFKkM6ggf68Br6KBtpJ9F6O" crossorigin="anonymous"></script></body></html>
+<!doctype html><html class="no-js"><head><link rel="icon" type="image/svg+xml" href="./favicon.svg"/><meta charset="utf-8"/><title>Turnkey Export</title><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="turnkey-signer-environment" content="__TURNKEY_SIGNER_ENVIRONMENT__"/><meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self'; base-uri 'self'; object-src 'none'; form-action 'none'"><link href="/styles.e084a69a94c0575bc6ba.css" rel="stylesheet" integrity="sha384-uIrxQTbBoDAwjgotQ+GUHgbxFM2iajB5QKNa4WuL9wn/Ou+2383e3dM2FCWOAq9m" crossorigin="anonymous"></head><body><h2>Export Key Material</h2><p><em>This public key will be sent along with a private key ID or wallet ID inside of a new <code>EXPORT_PRIVATE_KEY</code> or <code>EXPORT_WALLET</code> activity</em></p><form><label>Embedded key</label> <input name="embedded-key" id="embedded-key" disabled="disabled"/> <button id="reset">Reset Key</button></form><br/><br/><br/><h2>Inject Key Export Bundle</h2><p><em>The export bundle comes from the parent page and is composed of a public key and an encrypted payload. The payload is encrypted to this document's embedded key (stored in local storage and displayed above). The scheme relies on <a target="_blank" href="https://datatracker.ietf.org/doc/rfc9180/">HPKE (RFC 9180)</a></em>.</p><form><label>Bundle</label> <input name="key-export-bundle" id="key-export-bundle"/> <button id="inject-key">Inject Bundle</button><br/><label>Key Format</label> <select id="key-export-format" name="key-export-format"><option value="HEXADECIMAL">Hexadecimal (Default)</option><option value="SOLANA">Solana</option></select><br/><label>Organization Id</label> <input name="key-organization-id" id="key-organization-id"/></form><br/><br/><h2>Inject Wallet Export Bundle</h2><p><em>The export bundle comes from the parent page and is composed of a public key and an encrypted payload. The payload is encrypted to this document's embedded key (stored in local storage and displayed above). The scheme relies on <a target="_blank" href="https://datatracker.ietf.org/doc/rfc9180/">HPKE (RFC 9180)</a></em>.</p><form><label>Bundle</label> <input name="wallet-export-bundle" id="wallet-export-bundle"/> <button id="inject-wallet">Inject Bundle</button><br/><label>Organization Id</label> <input name="wallet-organization-id" id="wallet-organization-id"/></form><br/><br/><h2>Sign Transaction</h2><p><em>Input a serialized transaction to sign.</em></p><form><label>Transaction</label> <input name="transaction-to-sign" id="transaction-to-sign"/> <button id="sign-transaction">Sign</button></form><br/><br/><h2>Sign Message</h2><p><em>Input a serialized message to sign.</em></p><form><label>Message</label> <input name="message-to-sign" id="message-to-sign"/> <button id="sign-message">Sign</button></form><br/><br/><h2>Message log</h2><p><em>Below we display a log of the messages sent / received. The forms above send messages, and the code communicates results by sending events via the <code>postMessage</code> API.</em></p><div id="message-log"></div><div id="key-div"></div><script defer="defer" src="/bundle.921b01a774677f8e2da8.js" integrity="sha384-P/yUGeA+YjATjB94JS/FcpAKrqBRW/oFjpTPQJAEZMy2zDCV+2mfOqsTbuxZkCcy" crossorigin="anonymous"></script><script defer="defer" src="/bundle.3f29bf7d8e30fb1dd823.js" integrity="sha384-2FahO+4Ckv/SX/ymp4E9OL0qChHU6KW6jUewg//yvqWnWvCOMJVHD1HLeBZUAB0G" crossorigin="anonymous"></script></body></html>

…ndle.8ccdeed719db48416e34.js.LICENSE.txt …ndle.3f29bf7d8e30fb1dd823.js.LICENSE.txtexport-and-sign/dist/bundle.8ccdeed719db48416e34.js.LICENSE.txt renamed to export-and-sign/dist/bundle.3f29bf7d8e30fb1dd823.js.LICENSE.txt export-and-sign/dist/bundle.8ccdeed719db48416e34.js.LICENSE.txt renamed to export-and-sign/dist/bundle.3f29bf7d8e30fb1dd823.js.LICENSE.txt

@@ -1018,7 +1018,7 @@ describe("Encryption Escrow", () => {
         keyFormat: "SOLANA",
       });
 
-      TKHQ.removeEncryptedBundle("addr1");
+      TKHQ.removeEncryptedBundle("addr1", "org1");
 
       const bundles = TKHQ.getEncryptedBundles();
       expect(bundles["addr1"]).toBeUndefined();
@@ -1033,7 +1033,7 @@ describe("Encryption Escrow", () => {
         keyFormat: "SOLANA",
       });
 
-      TKHQ.removeEncryptedBundle("addr1");
+      TKHQ.removeEncryptedBundle("addr1", "org1");
       expect(TKHQ.getEncryptedBundles()).toBeNull();
     });
 
@@ -1051,7 +1051,7 @@ describe("Encryption Escrow", () => {
         keyFormat: "SOLANA",
       });
 
-      TKHQ.clearAllEncryptedBundles();
+      TKHQ.clearAllEncryptedBundles("org1");
       expect(TKHQ.getEncryptedBundles()).toBeNull();
     });
   });
@@ -1414,7 +1414,7 @@ describe("Encryption Escrow", () => {
         keyFormat: "SOLANA",
       });
 
-      onGetStoredWalletAddresses(requestId);
+      onGetStoredWalletAddresses(requestId, "org1");
 
       expect(sendMessageSpy).toHaveBeenCalledWith(
         "STORED_WALLET_ADDRESSES",
@@ -1424,7 +1424,7 @@ describe("Encryption Escrow", () => {
     });
 
     it("returns empty array when no bundles stored", () => {
-      onGetStoredWalletAddresses(requestId);
+      onGetStoredWalletAddresses(requestId, "org1");
 
       expect(sendMessageSpy).toHaveBeenCalledWith(
         "STORED_WALLET_ADDRESSES",
@@ -1471,7 +1471,7 @@ describe("Encryption Escrow", () => {
       );
 
       // Clear addr1
-      onClearStoredBundles(requestId, "addr1");
+      onClearStoredBundles(requestId, "addr1", "org1");
 
       expect(sendMessageSpy).toHaveBeenCalledWith(
         "STORED_BUNDLES_CLEARED",
@@ -1528,7 +1528,7 @@ describe("Encryption Escrow", () => {
       );
 
       // Clear all
-      onClearStoredBundles(requestId, undefined);
+      onClearStoredBundles(requestId, undefined, "org1");
 
       expect(sendMessageSpy).toHaveBeenCalledWith(
         "STORED_BUNDLES_CLEARED",

export-and-sign/dist/bundle.3f29bf7d8e30fb1dd823.js.map

@@ -477,6 +477,10 @@ async function onInjectDecryptionKeyBundle(
       const bundleData = storedBundles[addr];
 
       try {
+        const bundleOrgId = bundleData.organizationId;
+
+        if (organizationId !== bundleOrgId) continue; // skip bundles that don't match the organization ID of the decryption key
+
         const encappedKeyBuf = TKHQ.uint8arrayFromHexString(
           bundleData.encappedPublic
         );
@@ -527,10 +531,15 @@ function onBurnSession(requestId) {
  * Handler for GET_STORED_WALLET_ADDRESSES events.
  * Returns a JSON array of all wallet addresses that have encrypted bundles in localStorage.
  * @param {string} requestId
+ * @param {string} organizationId - Organization ID to filter addresses by (only return addresses with bundles matching the organization ID)
  */
-function onGetStoredWalletAddresses(requestId) {
+function onGetStoredWalletAddresses(requestId, organizationId) {
   const bundles = TKHQ.getEncryptedBundles();
-  const addresses = bundles ? Object.keys(bundles) : [];
+  const addresses = bundles
+    ? Object.entries(bundles)
+        .filter(([, bundle]) => bundle.organizationId === organizationId)
+        .map(([address]) => address)
+    : [];
   TKHQ.sendMessageUp(
     "STORED_WALLET_ADDRESSES",
     JSON.stringify(addresses),
@@ -544,14 +553,15 @@ function onGetStoredWalletAddresses(requestId) {
  * in-memory keys. If address is provided, removes only that address.
  * If no address, removes ALL encrypted bundles and ALL in-memory keys.
  * @param {string} requestId
+ * @param {string} organizationId - Organization ID to filter addresses by (only remove bundles matching the organization ID)
  * @param {string|undefined} address - Optional wallet address
  */
-function onClearStoredBundles(requestId, address) {
+function onClearStoredBundles(requestId, address, organizationId) {
   if (address) {
-    TKHQ.removeEncryptedBundle(address);
+    TKHQ.removeEncryptedBundle(address, organizationId);
     delete inMemoryKeys[address];
   } else {
-    TKHQ.clearAllEncryptedBundles();
+    TKHQ.clearAllEncryptedBundles(organizationId);
     inMemoryKeys = {};
   }
   TKHQ.sendMessageUp("STORED_BUNDLES_CLEARED", true, requestId);
@@ -873,7 +883,10 @@ function initMessageEventListener(HpkeDecrypt) {
     if (event.data && event.data["type"] == "GET_STORED_WALLET_ADDRESSES") {
       TKHQ.logMessage(`⬇️ Received message ${event.data["type"]}`);
       try {
-        onGetStoredWalletAddresses(event.data["requestId"]);
+        onGetStoredWalletAddresses(
+          event.data["requestId"],
+          event.data["organizationId"]
+        );
       } catch (e) {
         TKHQ.sendMessageUp("ERROR", e.toString(), event.data["requestId"]);
       }
@@ -883,7 +896,11 @@ function initMessageEventListener(HpkeDecrypt) {
         `⬇️ Received message ${event.data["type"]}: address=${event.data["address"]}`
       );
       try {
-        onClearStoredBundles(event.data["requestId"], event.data["address"]);
+        onClearStoredBundles(
+          event.data["requestId"],
+          event.data["address"],
+          event.data["organizationId"]
+        );
       } catch (e) {
         TKHQ.sendMessageUp("ERROR", e.toString(), event.data["requestId"]);
       }

export-and-sign/dist/bundle.8ccdeed719db48416e34.js

@@ -223,7 +223,16 @@ function setSettings(settings) {
  */
 function getEncryptedBundles() {
   const data = window.localStorage.getItem(TURNKEY_ENCRYPTED_BUNDLES);
-  return data ? JSON.parse(data) : null;
+  if (!data) {
+    return null;
+  }
+  try {
+    return JSON.parse(data);
+  } catch (e) {
+    // If the stored data is corrupted or not valid JSON, remove it to self-heal.
+    window.localStorage.removeItem(TURNKEY_ENCRYPTED_BUNDLES);
+    return null;
+  }
 }
 
 /**
@@ -242,28 +251,52 @@ function setEncryptedBundle(address, bundleData) {
 
 /**
  * Removes a single encrypted bundle by address.
+ * Only removes the bundle if it belongs to the specified organization.
  * @param {string} address - The wallet address to remove
+ * @param {string} organizationId - Only remove if the bundle belongs to this org
  */
-function removeEncryptedBundle(address) {
+function removeEncryptedBundle(address, organizationId) {
   const bundles = getEncryptedBundles();
-  if (bundles && bundles[address]) {
-    delete bundles[address];
-    if (Object.keys(bundles).length === 0) {
-      window.localStorage.removeItem(TURNKEY_ENCRYPTED_BUNDLES);
-    } else {
-      window.localStorage.setItem(
-        TURNKEY_ENCRYPTED_BUNDLES,
-        JSON.stringify(bundles)
-      );
-    }
+  if (!bundles || !bundles[address]) return;
+
+  // Only remove if the bundle belongs to the specified organization
+  if (bundles[address].organizationId !== organizationId) return;
+
+  delete bundles[address];
+  if (Object.keys(bundles).length === 0) {
+    window.localStorage.removeItem(TURNKEY_ENCRYPTED_BUNDLES);
+  } else {
+    window.localStorage.setItem(
+      TURNKEY_ENCRYPTED_BUNDLES,
+      JSON.stringify(bundles)
+    );
   }
 }
 
 /**
- * Removes all encrypted bundles from localStorage.
+ * Removes all encrypted bundles belonging to the specified organization.
+ * Bundles from other organizations are preserved.
+ * @param {string} organizationId - Remove bundles belonging to this org
  */
-function clearAllEncryptedBundles() {
-  window.localStorage.removeItem(TURNKEY_ENCRYPTED_BUNDLES);
+function clearAllEncryptedBundles(organizationId) {
+  const bundles = getEncryptedBundles();
+  if (!bundles) return;
+
+  // Keep only bundles that do NOT belong to this organization
+  const remaining = Object.fromEntries(
+    Object.entries(bundles).filter(
+      ([, bundle]) => bundle.organizationId !== organizationId
+    )
+  );
+
+  if (Object.keys(remaining).length === 0) {
+    window.localStorage.removeItem(TURNKEY_ENCRYPTED_BUNDLES);
+  } else {
+    window.localStorage.setItem(
+      TURNKEY_ENCRYPTED_BUNDLES,
+      JSON.stringify(remaining)
+    );
+  }
 }
 
 /**