@blamejs/core 0.12.43 → 0.12.44

package/CHANGELOG.md

@@ -8,6 +8,8 @@ upgrading across more than a few patches at a time.
 
 ## v0.12.x
 
+- v0.12.44 (2026-05-25) — **`b.did` adds the did:jwk method.** Completes b.did's method set with did:jwk alongside did:key and did:web. did:jwk encodes a public key as a base64url-encoded JWK directly in the identifier, so resolution is deterministic and offline — the same self-contained shape as did:key but in JWK form, which is what OpenID4VCI and the EU Digital Identity Wallet ecosystem commonly use. b.did.resolve("did:jwk:…") returns the verification key as a node:crypto KeyObject (kty/crv allowlisted — Ed25519 / P-256 / P-384 / secp256k1 — so an unexpected key type is refused, not blindly imported), and b.did.keyToDid(publicKey, { method: "jwk" }) produces a did:jwk from a key (the private member is stripped). No new runtime dependency. **Added:** *did:jwk in `b.did.resolve` / `b.did.keyToDid`* — `resolve` decodes the base64url JWK (bounded via `b.safeJson`), allowlists its `kty`/`crv`, and returns `{ didDocument, verificationMethods: [{ publicKey, … }] }` with the key as a KeyObject ready for `b.vc` / `b.mdoc` / `b.scitt`; `keyToDid(publicKey, { method: "jwk" })` encodes a public key as `did:jwk:<base64url-JWK>` (default remains `did:key`). Malformed base64url-JSON is refused with `did/bad-jwk` and an unsupported key type with `did/unsupported-key`.
+
 - v0.12.43 (2026-05-25) — **`b.crypto.selfTest` — FIPS 140-3-style power-on self-test for the crypto stack.** A power-on self-test over the framework's cryptographic primitives — the integrity check a FIPS 140-3-validated module runs at start-up. The hash / XOF checks are known-answer tests against NIST FIPS 202 published vectors (SHA3-256 / SHA3-512 / SHAKE256), so they confirm the framework's hashing matches the standard rather than merely itself; the AEAD check round-trips XChaCha20-Poly1305 and confirms a tampered ciphertext is rejected; and the post-quantum checks run a pairwise-consistency + negative test for ML-KEM-1024, ML-DSA-87, and SLH-DSA-SHAKE-256f (a fresh keypair must encaps/decaps and sign/verify consistently and reject a tampered signature — FIPS 140-3 §10.3 pairwise consistency, since the runtime exposes no seed-injection API for a fixed-seed KAT). selfTest returns a structured report and, by default, throws on any failure so a broken crypto stack fails closed at boot rather than silently producing bad output. Operators in regulated deployments can run it at start-up as a self-integrity gate. **Added:** *`b.crypto.selfTest(opts?)`* — Runs eight checks — SHA3-512 / SHA3-256 / SHAKE256 known-answer tests (NIST FIPS 202), HMAC-SHA3-512 determinism, XChaCha20-Poly1305 round-trip + tamper-detect, and ML-KEM-1024 / ML-DSA-87 / SLH-DSA-SHAKE-256f pairwise-consistency + negative tests — and returns `{ ok, results: [{ name, ok, detail? }], failures, ranAt }`. Throws `crypto/self-test-failed` (with the report attached) on any failure unless `opts.throwOnFailure` is `false`. Exercises the framework's real primitive paths so a self-test failure means the shipped crypto is broken.
 
 - v0.12.42 (2026-05-24) — **`b.vc.present` / `b.vc.verifyPresentation` — W3C Verifiable Presentations.** Completes b.vc with the holder side: a Verifiable Presentation is a holder-signed envelope wrapping one or more credentials, proving the presenter controls the key the credentials were issued to. b.vc.present builds and signs a VerifiablePresentation (each credential enveloped per VC-JOSE-COSE) as a compact JWS (vp+jwt) or COSE_Sign1 (application/vp+cose), matching b.vc.issue's algorithms; an optional nonce / audience is embedded in the signed presentation for holder-binding and replay protection. b.vc.verifyPresentation verifies the holder signature (auto-detected jose/cose, mandatory algorithm allowlist, JOSE none refused), the VCDM structure, and the embedded nonce / audience / expectedHolder when given, and — with verifyCredentials: true — verifies each enveloped credential through b.vc.verify and returns them. The holder is typically a DID, resolved to a key via b.did. Composes b.cose; no new runtime dependency. **Added:** *`b.vc.present(opts)` / `b.vc.verifyPresentation(secured, opts)`* — `present` wraps `opts.credentials` (secured VCs — compact-JWS strings or COSE_Sign1 bytes, each enveloped as an `EnvelopedVerifiableCredential` data: URI) in a `VerifiablePresentation` signed by the holder, with optional `nonce` / `audience` embedded for binding. `verifyPresentation` verifies the holder signature against the mandatory `opts.algorithms` allowlist (JOSE `none` always refused), re-checks the VCDM structure, enforces `expectedHolder` / `nonce` / `audience` when supplied, and with `verifyCredentials: true` verifies each enveloped credential through `b.vc.verify` (using `opts.credentialOpts`), returning `{ presentation, holder, credentials, securing, alg }`. The enveloped-credential count is bounded. A `vp+jwt` presentation is refused by `b.vc.verify` and a `vc+jwt` credential is refused by `verifyPresentation` — the media-type binding keeps the two surfaces distinct.

package/README.md

@@ -134,7 +134,7 @@ The framework bundles the surface a typical Node app reaches for. Every primitiv
 - **Trusted timestamping** — `b.tsa` RFC 3161 timestamp client: `buildRequest` a TimeStampReq, `parseResponse`, and `verifyToken` against your data — the message imprint, sent nonce, critical/sole `id-kp-timeStamping` EKU, and CMS signature are all checked, with optional certificate-chain verification. Timestamp a release artifact, audit checkpoint, or signed statement against any RFC 3161 TSA. Composes `b.cms` + the in-tree ASN.1 DER codec
 - **Verifiable Credentials** — `b.vc` W3C Verifiable Credentials Data Model 2.0 (VC-JOSE-COSE): `issue` / `verify` a signed credential, and `present` / `verifyPresentation` a holder-signed Verifiable Presentation wrapping credentials (with `nonce`/`audience` holder-binding) — as a compact JWS (`vc+jwt` / `vp+jwt`, ES256/384/512 + EdDSA) or a COSE_Sign1 (`vc+cose` / `vp+cose`, + ML-DSA-87) over `b.cose`. VCDM structural + `validFrom`/`validUntil` checks; the JOSE `none` algorithm is always refused. The W3C model, distinct from the IETF SD-JWT VC at `b.auth.sdJwtVc`
 - **Mobile credentials (mDL)** — `b.mdoc` ISO/IEC 18013-5 issuer-data verification: `verifyIssuerSigned` checks the COSE_Sign1 IssuerAuth (issuer cert from the `x5chain` header), the Mobile Security Object validity window, and every disclosed element's digest against the MSO `valueDigests` (the selective-disclosure integrity check), with optional issuer-chain verification. The ISO credential ecosystem alongside `b.vc` and `b.auth.sdJwtVc`. Composes `b.cose` + `b.cbor`
-- **Decentralized Identifiers** — `b.did` W3C DID resolution (DID Core 1.0): `resolve` a `did:key` (deterministic, offline — Ed25519 / P-256 / P-384 / secp256k1) or `did:web` (operator-fetched document) to `node:crypto` verification keys, so a credential's issuer DID resolves to the key that verifies it (`b.vc` / `b.mdoc` / `b.scitt`). `keyToDid` names a key as a `did:key`; document JWKs are kty/crv-allowlisted before import
+- **Decentralized Identifiers** — `b.did` W3C DID resolution (DID Core 1.0): `resolve` a `did:key` / `did:jwk` (deterministic, offline — Ed25519 / P-256 / P-384 / secp256k1) or `did:web` (operator-fetched document) to `node:crypto` verification keys, so a credential's issuer DID resolves to the key that verifies it (`b.vc` / `b.mdoc` / `b.scitt`). `keyToDid` names a key as a `did:key` or `did:jwk`; document/JWK keys are kty/crv-allowlisted before import
 - **Document parsers** — `b.parsers` (XML / TOML / YAML / .env); `b.config` (schema-validated env)
 - **File-type detection** — `b.fileType` magic-byte content classification with deny-on-upload categories (image / document / archive / executable / etc.)
 ### Content-safety gates

package/lib/did.js

@@ -12,14 +12,16 @@
  *   <code>b.scitt</code> credential to a <code>node:crypto</code>
  *   KeyObject, then hand that key to the verifier.
  *
- *   Two methods are supported. <strong>did:key</strong> encodes a public
- *   key directly in the identifier (multicodec + base58btc multibase),
- *   so resolution is deterministic and offline — Ed25519, P-256, P-384,
- *   and secp256k1 keys round-trip. <strong>did:web</strong> places the
- *   DID document at an HTTPS URL derived from the identifier; the network
- *   fetch is the operator's to make (the same operator-supplied-input
- *   stance as the rest of the framework), and <code>resolve</code> takes
- *   the fetched document and extracts its verification methods.
+ *   Three methods are supported. <strong>did:key</strong> encodes a
+ *   public key directly in the identifier (multicodec + base58btc
+ *   multibase) and <strong>did:jwk</strong> encodes it as a base64url
+ *   public JWK — both resolve deterministically and offline (Ed25519,
+ *   P-256, P-384, and secp256k1 round-trip). <strong>did:web</strong>
+ *   places the DID document at an HTTPS URL derived from the identifier;
+ *   the network fetch is the operator's to make (the same
+ *   operator-supplied-input stance as the rest of the framework), and
+ *   <code>resolve</code> takes the fetched document and extracts its
+ *   verification methods.
  *
  *   <code>b.did.keyToDid(publicKey)</code> produces a did:key from a
  *   KeyObject (an issuer naming itself); <code>b.did.parse(did)</code>
@@ -36,13 +38,15 @@
  *   deployed and interoperable today; pin the dependency deliberately.
  *
  * @card
- *   W3C DID resolution (did:key + did:web) → verification KeyObjects for
- *   the credential verifiers. did:key is deterministic + offline
- *   (Ed25519 / P-256 / P-384 / secp256k1); did:web parses an
- *   operator-fetched DID document. Composes node:crypto; no new dep.
+ *   W3C DID resolution (did:key + did:jwk + did:web) → verification
+ *   KeyObjects for the credential verifiers. did:key + did:jwk are
+ *   deterministic + offline (Ed25519 / P-256 / P-384 / secp256k1);
+ *   did:web parses an operator-fetched DID document. Composes
+ *   node:crypto; no new dep.
  */
 
 var nodeCrypto = require("node:crypto");
+var safeJson = require("./safe-json");
 var validateOpts = require("./validate-opts");
 var { defineClass } = require("./framework-error");
 
@@ -55,6 +59,7 @@ var B58_MAP = (function () {
   return m;
 })();
 var MAX_MULTIBASE_CHARS = 1024;                        // allow:raw-byte-literal — bounded did:key multibase length (DoS cap)
+var MAX_JWK_B64_CHARS = 8192;                          // allow:raw-byte-literal — bounded did:jwk encoded-JWK length (DoS cap)
 
 // multicodec public-key codes (unsigned-varint) → curve descriptor.
 // keyLen is the multicodec payload: Ed25519 raw 32; EC compressed point.
@@ -224,23 +229,43 @@ function _didWebUrl(id) {
 
 /**
  * @primitive b.did.keyToDid
- * @signature b.did.keyToDid(publicKey)
+ * @signature b.did.keyToDid(publicKey, opts?)
  * @since     0.12.41
  * @status    experimental
  * @related   b.did.resolve
  *
  * Encode a public key (a <code>node:crypto</code> KeyObject or PEM) as a
- * <code>did:key</code> — the inverse of resolution, for an issuer that
- * names itself by its key. Ed25519, P-256, P-384, and secp256k1 are
- * supported.
+ * DID — the inverse of resolution, for an issuer that names itself by
+ * its key. Defaults to <code>did:key</code> (multicodec + base58btc);
+ * pass <code>opts.method = "jwk"</code> for <code>did:jwk</code>
+ * (base64url-encoded public JWK). Ed25519, P-256, P-384, and secp256k1
+ * are supported.
+ *
+ * @opts
+ *   {
+ *     method: string,   // "key" (default) | "jwk"
+ *   }
  *
  * @example
- *   var did = b.did.keyToDid(issuerPublicKey);   // → "did:key:z6Mk…"
+ *   var did = b.did.keyToDid(issuerPublicKey);                 // → "did:key:z6Mk…"
+ *   var dj  = b.did.keyToDid(issuerPublicKey, { method: "jwk" }); // → "did:jwk:eyJr…"
  */
-function keyToDid(publicKey) {
+function keyToDid(publicKey, opts) {
   var key = (publicKey && typeof publicKey === "object" && publicKey.asymmetricKeyType)
     ? publicKey : nodeCrypto.createPublicKey(publicKey);
   var jwk = key.export({ format: "jwk" });
+  if (opts && opts.method === "jwk") {
+    // did:jwk — base64url(UTF-8(JSON of the PUBLIC JWK)). Strip any
+    // private member defensively (a public KeyObject has none, but a
+    // caller could pass a private key by mistake).
+    var pub = {};
+    Object.keys(jwk).forEach(function (k) { if (k !== "d") pub[k] = jwk[k]; });
+    // Gate on the same kty/crv allowlist resolution enforces, so a
+    // produced did:jwk always round-trips (no generate-succeeds /
+    // resolve-fails RSA-style identifiers).
+    _jwkToKey(pub);
+    return "did:jwk:" + Buffer.from(JSON.stringify(pub), "utf8").toString("base64url");
+  }
   var code, payload;
   if (jwk.kty === "OKP" && jwk.crv === "Ed25519") {
     code = NAME_TO_CODE["Ed25519"];
@@ -266,8 +291,8 @@ function keyToDid(publicKey) {
  *
  * Resolve a DID to its document and verification methods (each with a
  * <code>node:crypto</code> public KeyObject ready for a verifier).
- * <code>did:key</code> resolves deterministically and offline.
- * <code>did:web</code> requires the operator to supply the fetched DID
+ * <code>did:key</code> and <code>did:jwk</code> resolve deterministically
+ * and offline. <code>did:web</code> requires the operator to supply the fetched DID
  * document as <code>opts.document</code> (the network fetch is the
  * operator's; the URL to fetch is on <code>b.did.parse(did).url</code>).
  *
@@ -304,6 +329,30 @@ function resolve(did, opts) {
     return { didDocument: doc, verificationMethods: [vm] };
   }
 
+  if (parsed.method === "jwk") {
+    if (parsed.id.length > MAX_JWK_B64_CHARS) {
+      throw new DidError("did/too-long", "did:jwk: encoded JWK exceeds the " + MAX_JWK_B64_CHARS + "-char cap");
+    }
+    var jwkJson = Buffer.from(parsed.id, "base64url").toString("utf8");
+    var jwk;
+    try { jwk = safeJson.parse(jwkJson, { maxBytes: MAX_JWK_B64_CHARS }); } catch (_e) {
+      throw new DidError("did/bad-jwk", "did:jwk: method-specific id is not base64url-encoded JSON");
+    }
+    if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
+      throw new DidError("did/bad-jwk", "did:jwk: decoded value is not a JWK object");
+    }
+    var jwkKey = _jwkToKey(jwk);                        // kty/crv allowlisted
+    var jwkVmId = did + "#0";
+    var jwkVm = { id: jwkVmId, controller: did, type: "JsonWebKey2020", publicKey: jwkKey };
+    var jwkDoc = {
+      "@context": ["https://www.w3.org/ns/did/v1"],
+      id: did,
+      verificationMethod: [{ id: jwkVmId, controller: did, type: "JsonWebKey2020", publicKeyJwk: jwk }],
+      assertionMethod: [jwkVmId], authentication: [jwkVmId],
+    };
+    return { didDocument: jwkDoc, verificationMethods: [jwkVm] };
+  }
+
   if (parsed.method === "web") {
     if (!opts.document || typeof opts.document !== "object") {
       throw new DidError("did/document-required",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.12.43",
+  "version": "0.12.44",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:2659855c-303c-4b3d-931b-a39839633612",
+  "serialNumber": "urn:uuid:645939ff-86bb-46c2-a5af-52ac1e920cb5",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-25T07:30:43.059Z",
+    "timestamp": "2026-05-25T08:20:43.623Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.12.43",
+      "bom-ref": "@blamejs/core@0.12.44",
       "type": "application",
       "name": "blamejs",
-      "version": "0.12.43",
+      "version": "0.12.44",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.12.43",
+      "purl": "pkg:npm/%40blamejs/core@0.12.44",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.12.43",
+      "ref": "@blamejs/core@0.12.44",
       "dependsOn": []
     }
   ]