implement EncryptRequestSourceWithWalletID

callmedenchick · callmedenchick · commit 0bc0780e2a3b · 2025-08-27T10:34:31.000+02:00
diff --git a/internal/utils/tls.go b/internal/utils/tls.go
@@ -6,11 +6,17 @@ import (
 	"crypto/rand"
 	"crypto/x509"
 	"crypto/x509/pkix"
+	"encoding/base64"
+	"encoding/hex"
+	"encoding/json"
 	"encoding/pem"
+	"fmt"
 	"math/big"
 	"time"
-)
 
+	"github.com/ton-connect/bridge3/internal/models"
+	"golang.org/x/crypto/nacl/box"
+// GenerateSelfSignedCertificate generates a self-signed X.509 certificate and private key
 func GenerateSelfSignedCertificate() ([]byte, []byte, error) {
 	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	if err != nil {
@@ -50,3 +56,31 @@ func GenerateSelfSignedCertificate() ([]byte, []byte, error) {
 
 	return certPEM, keyPEM, nil
 }
+
+// EncryptRequestSourceWithWalletID encrypts the request source metadata using the wallet's Curve25519 public key
+func EncryptRequestSourceWithWalletID(requestSource models.BridgeRequestSource, walletID string) (string, error) {
+	data, err := json.Marshal(requestSource)
+	if err != nil {
+		return "", fmt.Errorf("failed to marshal request source: %w", err)
+	}
+
+	publicKeyBytes, err := hex.DecodeString(walletID)
+	if err != nil {
+		return "", fmt.Errorf("failed to decode wallet ID: %w", err)
+	}
+
+	if len(publicKeyBytes) != 32 {
+		return "", fmt.Errorf("invalid public key length: expected 32 bytes, got %d", len(publicKeyBytes))
+	}
+
+	// Convert to Curve25519 public key format
+	var recipientPublicKey [32]byte
+	copy(recipientPublicKey[:], publicKeyBytes)
+
+	encrypted, err := box.SealAnonymous(nil, data, &recipientPublicKey, rand.Reader)
+	if err != nil {
+		return "", fmt.Errorf("failed to encrypt data: %w", err)
+	}
+
+	return base64.StdEncoding.EncodeToString(encrypted), nil
+}
