@bsv/sdk 1.2.20 → 1.2.21

package/src/auth/utils/certificateHelpers.ts

@@ -0,0 +1,86 @@
+import { PrivateKey, SymmetricKey, Utils, Wallet, ProtoWallet } from "../../../mod.js"
+import { MasterCertificate } from "../certificates/MasterCertificate.js"
+import { VerifiableCertificate } from "../certificates/VerifiableCertificate.js"
+
+/**
+ * Creates a Master Certificate by encrypting provided fields and generating a master keyring.
+ * 
+ * @param {Wallet} wallet - The wallet instance used for encryption and public key retrieval.
+ * @param {Record<string, string>} fields - The certificate fields to encrypt.
+ * @param {string} certificateType - The type of the certificate being created.
+ * @param {string} certificateSerialNumber - The serial number of the certificate.
+ * @param {string} certifierPublicKey - The public key of the certifier.
+ * @returns {Promise<MasterCertificate>} A promise resolving to the created Master Certificate.
+ */
+export async function createMasterCertificate(
+  wallet: Wallet,
+  fields: Record<string, string>,
+  certificateType: string,
+  certificateSerialNumber: string,
+  certifierPublicKey: string
+): Promise<MasterCertificate> {
+  const certificateFields: Record<string, string> = {}
+  const masterKeyring: Record<string, string> = {}
+
+  for (const fieldName in fields) {
+    const fieldSymmetricKey = SymmetricKey.fromRandom()
+    const encryptedFieldValue = fieldSymmetricKey.encrypt(Utils.toArray(fields[fieldName], 'utf8'))
+    certificateFields[fieldName] = Utils.toBase64(encryptedFieldValue as number[])
+
+    const encryptedFieldKey = await wallet.encrypt({
+      plaintext: fieldSymmetricKey.toArray(),
+      protocolID: [2, 'certificate field encryption'],
+      keyID: `${certificateSerialNumber} ${fieldName}`,
+      counterparty: 'self'
+    })
+    masterKeyring[fieldName] = Utils.toBase64(encryptedFieldKey.ciphertext)
+  }
+
+  return new MasterCertificate(
+    certificateType,
+    certificateSerialNumber,
+    (await wallet.getPublicKey({ identityKey: true })).publicKey,
+    certifierPublicKey,
+    'revocationOutpoint',
+    certificateFields,
+    masterKeyring
+  )
+}
+
+/**
+ * Creates a Verifiable Certificate by signing a Master Certificate and generating a keyring for a verifier.
+ * 
+ * @param {MasterCertificate} masterCertificate - The master certificate to convert into a verifiable certificate.
+ * @param {Wallet} wallet - The wallet instance used for generating a keyring for the verifier.
+ * @param {string} verifierIdentityKey - The identity key of the verifier.
+ * @param {string[]} fieldsToReveal - The list of fields to reveal to the verifier.
+ * @param {PrivateKey} certifierPrivateKey - The private key of the certifier for signing the certificate.
+ * @returns {Promise<VerifiableCertificate>} A promise resolving to the created Verifiable Certificate.
+ */
+export async function createVerifiableCertificate(
+  masterCertificate: MasterCertificate,
+  wallet: Wallet,
+  verifierIdentityKey: string,
+  fieldsToReveal: string[],
+  certifierPrivateKey: PrivateKey
+): Promise<VerifiableCertificate> {
+  const certifierWallet = new ProtoWallet(certifierPrivateKey)
+  await masterCertificate.sign(certifierWallet)
+
+  const keyringForVerifier = await masterCertificate.createKeyringForVerifier(
+    wallet,
+    verifierIdentityKey,
+    fieldsToReveal
+  )
+
+  return new VerifiableCertificate(
+    masterCertificate.type,
+    masterCertificate.serialNumber,
+    masterCertificate.subject,
+    masterCertificate.certifier,
+    masterCertificate.revocationOutpoint,
+    masterCertificate.fields,
+    masterCertificate.signature,
+    keyringForVerifier
+  )
+}

package/src/auth/utils/createNonce.ts

@@ -0,0 +1,16 @@
+import { Utils, Random, Wallet } from '../../../mod.js'
+
+/**
+ * Creates a nonce derived from a privateKey
+ * @param wallet
+ * @returns A random nonce derived with a wallet
+ */
+export async function createNonce(wallet: Wallet): Promise<string> {
+  // Generate 16 random bytes for the first half of the data
+  const firstHalf = Random(16)
+  // Create an sha256 HMAC
+  const { hmac } = await wallet.createHmac({ protocolID: [2, 'server hmac'], keyID: Utils.toUTF8(firstHalf), data: firstHalf, counterparty: 'self' })
+  // Concatenate firstHalf and secondHalf as the nonce bytes
+  const nonceBytes = [...firstHalf, ...hmac]
+  return Utils.toBase64(nonceBytes)
+}

package/src/auth/utils/getVerifiableCertificates.ts

@@ -0,0 +1,40 @@
+import { VerifiableCertificate } from "../certificates/VerifiableCertificate.js"
+import { Wallet } from "../../../mod.js"
+import { RequestedCertificateSet } from "../types.js"
+
+/**
+ * Retrieves an array of verifiable certificates based on the request.
+ *
+ * @private
+ * @param {RequestedCertificateSet} requestedCertificates - The set of certificates requested by the peer.
+ * @param {string} verifierIdentityKey - The public key of the verifier requesting the certificates.
+ * @returns {Promise<VerifiableCertificate[]>} An array of verifiable certificates.
+ */
+export const getVerifiableCertificates = async (wallet: Wallet, requestedCertificates: RequestedCertificateSet, verifierIdentityKey: string): Promise<VerifiableCertificate[]> => {
+  // Find matching certificates we have
+  // Note: This may return multiple certificates that match the correct type.
+  const matchingCertificates = await wallet.listCertificates({
+    certifiers: requestedCertificates.certifiers,
+    types: Object.keys(requestedCertificates.types)
+  })
+
+  // For each certificate requested, create a verifiable cert with selectively revealed fields
+  return await Promise.all(
+    matchingCertificates.certificates.map(async certificate => {
+      const { keyringForVerifier } = await wallet.proveCertificate({
+        certificate,
+        fieldsToReveal: requestedCertificates.types[certificate.type],
+        verifier: verifierIdentityKey
+      })
+      return new VerifiableCertificate(
+        certificate.type,
+        certificate.serialNumber,
+        certificate.subject,
+        certificate.certifier,
+        certificate.revocationOutpoint,
+        certificate.fields,
+        certificate.signature,
+        keyringForVerifier
+      )
+    }))
+}

package/src/auth/utils/index.ts

@@ -0,0 +1,4 @@
+export * from './verifyNonce.js'
+export * from './createNonce.js'
+export * from './getVerifiableCertificates.js'
+export * from './validateCertificates.js'

package/src/auth/utils/validateCertificates.ts

@@ -0,0 +1,54 @@
+import { Wallet } from "../../wallet/index.js"
+import { AuthMessage, RequestedCertificateSet } from "../types.js"
+import { VerifiableCertificate } from "../certificates/VerifiableCertificate.js"
+
+/**
+ * Validates and processes the certificates received from a peer.
+ *
+ * @private
+ * @param {AuthMessage} message - The message containing the certificates to validate.
+ * @returns {Promise<void>}
+ * @throws Will throw an error if certificate validation or field decryption fails.
+ */
+export const validateCertificates = async (verifierWallet: Wallet, message: AuthMessage, certificatesRequested?: RequestedCertificateSet): Promise<void> => {
+  await Promise.all(message.certificates.map(async (incomingCert: VerifiableCertificate) => {
+    if (incomingCert.subject !== message.identityKey) {
+      throw new Error(`The subject of one of your certificates ("${incomingCert.subject}") is not the same as the request sender ("${message.identityKey}").`)
+    }
+
+    // Verify Certificate structure and signature
+    const certToVerify = new VerifiableCertificate(
+      incomingCert.type,
+      incomingCert.serialNumber,
+      incomingCert.subject,
+      incomingCert.certifier,
+      incomingCert.revocationOutpoint,
+      incomingCert.fields,
+      incomingCert.signature,
+      incomingCert.keyring
+    )
+    const isValidCert = await certToVerify.verify()
+    if (!isValidCert) {
+      throw new Error(`The signature for the certificate with serial number ${certToVerify.serialNumber} is invalid!`)
+    }
+
+    // Check if the certificate matches requested certifiers, types, and fields
+    if (certificatesRequested) {
+      const { certifiers, types } = certificatesRequested
+
+      // Check certifier matches
+      if (!certifiers.includes(certToVerify.certifier)) {
+        throw new Error(`Certificate with serial number ${certToVerify.serialNumber} has an unrequested certifier: ${certToVerify.certifier}`)
+      }
+
+      // Check type and fields match requested
+      const requestedFields = types[certToVerify.type]
+      if (!requestedFields) {
+        throw new Error(`Certificate with type ${certToVerify.type} was not requested`)
+      }
+    }
+
+    // Attempt to decrypt fields
+    await certToVerify.decryptFields(verifierWallet)
+  }))
+}

package/src/auth/utils/verifyNonce.ts

@@ -0,0 +1,27 @@
+import { Utils, Wallet } from '../../../mod.js'
+
+/**
+ * Verifies a nonce derived from a wallet
+ * @param nonce - A nonce to verify as a base64 string.
+ * @param wallet
+ * @returns The status of the validation
+ */
+export async function verifyNonce(nonce: string, wallet: Wallet): Promise<boolean> {
+  // Convert nonce from base64 string to Uint8Array
+  const buffer = Utils.toArray(nonce, 'base64')
+
+  // Split the nonce buffer
+  const data = buffer.slice(0, 16)
+  const hmac = buffer.slice(16)
+
+  // Calculate the HMAC
+  const { valid } = await wallet.verifyHmac({
+    data,
+    hmac,
+    protocolID: [2, 'server hmac'],
+    keyID: Utils.toUTF8(data),
+    counterparty: 'self'
+  })
+
+  return valid
+}

package/src/wallet/substrates/WalletWireProcessor.ts

@@ -2,7 +2,7 @@ import { Wallet } from '../Wallet.interfaces.js'
 import WalletWire from './WalletWire.js'
 import { Utils } from '../../primitives/index.js'
 import calls from './WalletWireCalls.js'
-import Certificate from '../../auth/Certificate.js'
+import Certificate from '../../auth/certificates/Certificate.js'
 import { SecurityLevel } from '../Wallet.interfaces.js'
 
 /**

package/src/wallet/substrates/WalletWireTransceiver.ts

@@ -1,6 +1,6 @@
 import { AcquireCertificateArgs, AcquireCertificateResult, SecurityLevel, Base64String, BasketStringUnder300Bytes, BEEF, BooleanDefaultFalse, BooleanDefaultTrue, Byte, CertificateFieldNameUnder50Bytes, CreateActionArgs, CreateActionResult, DescriptionString5to50Bytes, DiscoverCertificatesResult, EntityIconURLStringMax500Bytes, EntityNameStringMax100Bytes, HexString, InternalizeActionArgs, ISOTimestampString, KeyIDStringUnder800Bytes, LabelStringUnder300Bytes, ListActionsArgs, ListActionsResult, ListCertificatesResult, ListOutputsArgs, ListOutputsResult, OriginatorDomainNameStringUnder250Bytes, OutpointString, OutputTagStringUnder300Bytes, PositiveInteger, PositiveIntegerDefault10Max10000, PositiveIntegerMax10, PositiveIntegerOrZero, ProtocolString5To400Bytes, ProveCertificateArgs, ProveCertificateResult, PubKeyHex, SatoshiValue, SignActionArgs, SignActionResult, TXIDHexString, VersionString7To30Bytes, Wallet } from '../Wallet.interfaces.js'
 import WalletWire from './WalletWire.js'
-import Certificate from '../../auth/Certificate.js'
+import { Certificate } from '../../auth/index.js'
 import { Utils } from '../../primitives/index.js'
 import calls, { CallType } from './WalletWireCalls.js'
 import { WalletError } from '../WalletError.js'

package/dist/cjs/src/auth/Certificate.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"Certificate.js","sourceRoot":"","sources":["../../../../src/auth/Certificate.ts"],"names":[],"mappings":";;;;;AAAA,qDAA8C;AAE9C,8EAAkD;AAElD;;;;GAIG;AACH,MAAqB,WAAW;IAoC9B;;;;;;;;;;OAUG;IACH,YACE,IAAkB,EAClB,YAA0B,EAC1B,OAAkB,EAClB,SAAoB,EACpB,kBAAkC,EAClC,MAAwD,EACxD,SAAqB;QAErB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAA;QAChB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;QAChC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;QAC1B,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAA;QAC5C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;IAC5B,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAE,mBAA4B,IAAI;QACrC,MAAM,MAAM,GAAG,IAAI,gBAAK,CAAC,MAAM,EAAE,CAAA;QAEjC,sCAAsC;QACtC,MAAM,SAAS,GAAG,gBAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;QACpD,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QAEvB,8CAA8C;QAC9C,MAAM,iBAAiB,GAAG,gBAAK,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAA;QACpE,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAA;QAE/B,gDAAgD;QAChD,MAAM,YAAY,GAAG,gBAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QACvD,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;QAE1B,kDAAkD;QAClD,MAAM,cAAc,GAAG,gBAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QAC3D,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;QAE5B,gDAAgD;QAChD,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,GAAG,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC9D,MAAM,SAAS,GAAG,gBAAK,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;QAC5C,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QACvB,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;QAE1C,eAAe;QACf,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAChD,MAAM,CAAC,cAAc,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;QAC1C,KAAK,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,IAAI,YAAY,EAAE,CAAC;YACnD,aAAa;YACb,MAAM,cAAc,GAAG,gBAAK,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;YACvD,MAAM,CAAC,cAAc,CAAC,cAAc,CAAC,MAAM,CAAC,CAAA;YAC5C,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;YAE5B,cAAc;YACd,MAAM,eAAe,GAAG,gBAAK,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAAA;YACzD,MAAM,CAAC,cAAc,CAAC,eAAe,CAAC,MAAM,CAAC,CAAA;YAC7C,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,CAAA;QAC/B,CAAC;QAED,8BAA8B;QAC9B,IAAI,gBAAgB,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpE,MAAM,cAAc,GAAG,gBAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;YAC3D,MAAM,CAAC,cAAc,CAAC,cAAc,CAAC,MAAM,CAAC,CAAA;YAC5C,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;QAC9B,CAAC;QAED,OAAO,MAAM,CAAC,OAAO,EAAE,CAAA;IACzB,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,OAAO,CAAE,GAAa;QAC3B,MAAM,MAAM,GAAG,IAAI,gBAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QAEpC,YAAY;QACZ,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACjC,MAAM,IAAI,GAAG,gBAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;QAEtC,oBAAoB;QACpB,MAAM,iBAAiB,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACzC,MAAM,YAAY,GAAG,gBAAK,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAA;QAEtD,0BAA0B;QAC1B,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACpC,MAAM,OAAO,GAAG,gBAAK,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;QAEzC,4BAA4B;QAC5B,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACtC,MAAM,SAAS,GAAG,gBAAK,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;QAE7C,0BAA0B;QAC1B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACjC,MAAM,IAAI,GAAG,gBAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QACnC,MAAM,WAAW,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;QAC1C,MAAM,kBAAkB,GAAG,GAAG,IAAI,IAAI,WAAW,EAAE,CAAA;QAEnD,cAAc;QACd,MAAM,SAAS,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;QACxC,MAAM,MAAM,GAAqD,EAAE,CAAA;QACnE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;YACnC,aAAa;YACb,MAAM,eAAe,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;YAC9C,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;YACnD,MAAM,SAAS,GAAG,gBAAK,CAAC,MAAM,CAAC,cAAc,CAAC,CAAA;YAE9C,cAAc;YACd,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;YAC/C,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;YACrD,MAAM,UAAU,GAAG,gBAAK,CAAC,MAAM,CAAC,eAAe,CAAC,CAAA;YAEhD,MAAM,CAAC,SAAS,CAAC,GAAG,UAAU,CAAA;QAChC,CAAC;QAED,4BAA4B;QAC5B,IAAI,SAA6B,CAAA;QACjC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,EAAE,CAAC;YAClB,MAAM,eAAe,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;YAC9C,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;YACnD,SAAS,GAAG,gBAAK,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;QACzC,CAAC;QAED,OAAO,IAAI,WAAW,CACpB,IAAI,EACJ,YAAY,EACZ,OAAO,EACP,SAAS,EACT,kBAAkB,EAClB,MAAM,EACN,SAAS,CACV,CAAA;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM;QACV,+DAA+D;QAC/D,MAAM,QAAQ,GAAG,IAAI,wBAAW,CAAC,QAAQ,CAAC,CAAA;QAC1C,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA,CAAC,mDAAmD;QAE9F,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,eAAe,CAAC;YAC/C,SAAS,EAAE,gBAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC;YAC/C,IAAI,EAAE,gBAAgB;YACtB,UAAU,EAAE,CAAC,CAAC,EAAE,uBAAuB,CAAC;YACxC,KAAK,EAAE,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE;YAC1C,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,sDAAsD;SACpF,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,IAAI,CAAE,SAAiB;QAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA,CAAC,qCAAqC;QACxE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,SAAS,CAAC,eAAe,CAAC;YACpD,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,CAAC,CAAC,EAAE,uBAAuB,CAAC;YACxC,KAAK,EAAE,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE;SAC3C,CAAC,CAAA;QACF,IAAI,CAAC,SAAS,GAAG,gBAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;IACzC,CAAC;CACF;AA/ND,8BA+NC"}

package/dist/esm/src/auth/Certificate.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"Certificate.js","sourceRoot":"","sources":["../../../../src/auth/Certificate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,wBAAwB,CAAA;AAE9C,OAAO,WAAW,MAAM,0BAA0B,CAAA;AAElD;;;;GAIG;AACH,MAAM,CAAC,OAAO,OAAO,WAAW;IAC9B;;OAEG;IACH,IAAI,CAAc;IAElB;;OAEG;IACH,YAAY,CAAc;IAE1B;;OAEG;IACH,OAAO,CAAW;IAElB;;OAEG;IACH,SAAS,CAAW;IAEpB;;OAEG;IACH,kBAAkB,CAAgB;IAElC;;OAEG;IACH,MAAM,CAAkD;IAExD;;MAEE;IACF,SAAS,CAAY;IAErB;;;;;;;;;;OAUG;IACH,YACE,IAAkB,EAClB,YAA0B,EAC1B,OAAkB,EAClB,SAAoB,EACpB,kBAAkC,EAClC,MAAwD,EACxD,SAAqB;QAErB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAA;QAChB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;QAChC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;QAC1B,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAA;QAC5C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;IAC5B,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAE,mBAA4B,IAAI;QACrC,MAAM,MAAM,GAAG,IAAI,KAAK,CAAC,MAAM,EAAE,CAAA;QAEjC,sCAAsC;QACtC,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;QACpD,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QAEvB,8CAA8C;QAC9C,MAAM,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAA;QACpE,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAA;QAE/B,gDAAgD;QAChD,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QACvD,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;QAE1B,kDAAkD;QAClD,MAAM,cAAc,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QAC3D,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;QAE5B,gDAAgD;QAChD,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,GAAG,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC9D,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;QAC5C,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QACvB,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAA;QAE1C,eAAe;QACf,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAChD,MAAM,CAAC,cAAc,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;QAC1C,KAAK,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,IAAI,YAAY,EAAE,CAAC;YACnD,aAAa;YACb,MAAM,cAAc,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;YACvD,MAAM,CAAC,cAAc,CAAC,cAAc,CAAC,MAAM,CAAC,CAAA;YAC5C,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;YAE5B,cAAc;YACd,MAAM,eAAe,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAAA;YACzD,MAAM,CAAC,cAAc,CAAC,eAAe,CAAC,MAAM,CAAC,CAAA;YAC7C,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,CAAA;QAC/B,CAAC;QAED,8BAA8B;QAC9B,IAAI,gBAAgB,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpE,MAAM,cAAc,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;YAC3D,MAAM,CAAC,cAAc,CAAC,cAAc,CAAC,MAAM,CAAC,CAAA;YAC5C,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;QAC9B,CAAC;QAED,OAAO,MAAM,CAAC,OAAO,EAAE,CAAA;IACzB,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,OAAO,CAAE,GAAa;QAC3B,MAAM,MAAM,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QAEpC,YAAY;QACZ,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACjC,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;QAEtC,oBAAoB;QACpB,MAAM,iBAAiB,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACzC,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAA;QAEtD,0BAA0B;QAC1B,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACpC,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;QAEzC,4BAA4B;QAC5B,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACtC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;QAE7C,0BAA0B;QAC1B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACjC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QACnC,MAAM,WAAW,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;QAC1C,MAAM,kBAAkB,GAAG,GAAG,IAAI,IAAI,WAAW,EAAE,CAAA;QAEnD,cAAc;QACd,MAAM,SAAS,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;QACxC,MAAM,MAAM,GAAqD,EAAE,CAAA;QACnE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;YACnC,aAAa;YACb,MAAM,eAAe,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;YAC9C,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;YACnD,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,cAAc,CAAC,CAAA;YAE9C,cAAc;YACd,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;YAC/C,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;YACrD,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,eAAe,CAAC,CAAA;YAEhD,MAAM,CAAC,SAAS,CAAC,GAAG,UAAU,CAAA;QAChC,CAAC;QAED,4BAA4B;QAC5B,IAAI,SAA6B,CAAA;QACjC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,EAAE,CAAC;YAClB,MAAM,eAAe,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;YAC9C,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;YACnD,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,cAAc,CAAC,CAAA;QACzC,CAAC;QAED,OAAO,IAAI,WAAW,CACpB,IAAI,EACJ,YAAY,EACZ,OAAO,EACP,SAAS,EACT,kBAAkB,EAClB,MAAM,EACN,SAAS,CACV,CAAA;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM;QACV,+DAA+D;QAC/D,MAAM,QAAQ,GAAG,IAAI,WAAW,CAAC,QAAQ,CAAC,CAAA;QAC1C,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA,CAAC,mDAAmD;QAE9F,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,eAAe,CAAC;YAC/C,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC;YAC/C,IAAI,EAAE,gBAAgB;YACtB,UAAU,EAAE,CAAC,CAAC,EAAE,uBAAuB,CAAC;YACxC,KAAK,EAAE,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE;YAC1C,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,sDAAsD;SACpF,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,IAAI,CAAE,SAAiB;QAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA,CAAC,qCAAqC;QACxE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,SAAS,CAAC,eAAe,CAAC;YACpD,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,CAAC,CAAC,EAAE,uBAAuB,CAAC;YACxC,KAAK,EAAE,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE;SAC3C,CAAC,CAAA;QACF,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;IACzC,CAAC;CACF"}

package/dist/types/src/auth/Certificate.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"Certificate.d.ts","sourceRoot":"","sources":["../../../../src/auth/Certificate.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE,cAAc,EAAE,gCAAgC,EAAE,MAAM,gCAAgC,CAAA;AAG7I;;;;GAIG;AACH,MAAM,CAAC,OAAO,OAAO,WAAW;IAC9B;;OAEG;IACH,IAAI,EAAE,YAAY,CAAA;IAElB;;OAEG;IACH,YAAY,EAAE,YAAY,CAAA;IAE1B;;OAEG;IACH,OAAO,EAAE,SAAS,CAAA;IAElB;;OAEG;IACH,SAAS,EAAE,SAAS,CAAA;IAEpB;;OAEG;IACH,kBAAkB,EAAE,cAAc,CAAA;IAElC;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC,gCAAgC,EAAE,MAAM,CAAC,CAAA;IAExD;;MAEE;IACF,SAAS,CAAC,EAAE,SAAS,CAAA;IAErB;;;;;;;;;;OAUG;gBAED,IAAI,EAAE,YAAY,EAClB,YAAY,EAAE,YAAY,EAC1B,OAAO,EAAE,SAAS,EAClB,SAAS,EAAE,SAAS,EACpB,kBAAkB,EAAE,cAAc,EAClC,MAAM,EAAE,MAAM,CAAC,gCAAgC,EAAE,MAAM,CAAC,EACxD,SAAS,CAAC,EAAE,SAAS;IAWvB;;;;;OAKG;IACH,KAAK,CAAE,gBAAgB,GAAE,OAAc,GAAG,MAAM,EAAE;IAkDlD;;;;;OAKG;IACH,MAAM,CAAC,OAAO,CAAE,GAAG,EAAE,MAAM,EAAE,GAAG,WAAW;IA6D3C;;;;OAIG;IACG,MAAM,IAAK,OAAO,CAAC,OAAO,CAAC;IAejC;;;;;OAKG;IACG,IAAI,CAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAS9C"}

package/src/auth/__tests/Certificate.test.ts

@@ -1,282 +0,0 @@
-import Certificate from '../../../dist/cjs/src/auth/Certificate.js'
-import ProtoWallet from '../../../dist/cjs/src/wallet/ProtoWallet.js'
-import { Utils, PrivateKey } from '../../../dist/cjs/src/primitives/index.js'
-
-describe('Certificate', () => {
-    // Sample data for testing
-    const sampleType = Utils.toBase64(new Array(32).fill(1))
-    const sampleSerialNumber = Utils.toBase64(new Array(32).fill(2))
-    const sampleSubjectPrivateKey = PrivateKey.fromRandom()
-    const sampleSubjectPubKey = sampleSubjectPrivateKey.toPublicKey().toString()
-    const sampleCertifierPrivateKey = PrivateKey.fromRandom()
-    const sampleCertifierPubKey = sampleCertifierPrivateKey.toPublicKey().toString()
-    const sampleRevocationOutpoint = 'deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef.1'
-    const sampleFields = {
-        name: 'Alice',
-        email: 'alice@example.com',
-        organization: 'Example Corp'
-    }
-    const sampleFieldsEmpty = {}
-
-    it('should construct a Certificate with valid data', () => {
-        const certificate = new Certificate(
-            sampleType,
-            sampleSerialNumber,
-            sampleSubjectPubKey,
-            sampleCertifierPubKey,
-            sampleRevocationOutpoint,
-            sampleFields,
-            undefined // No signature
-        )
-
-        expect(certificate.type).toEqual(sampleType)
-        expect(certificate.serialNumber).toEqual(sampleSerialNumber)
-        expect(certificate.subject).toEqual(sampleSubjectPubKey)
-        expect(certificate.certifier).toEqual(sampleCertifierPubKey)
-        expect(certificate.revocationOutpoint).toEqual(sampleRevocationOutpoint)
-        expect(certificate.signature).toBeUndefined()
-        expect(certificate.fields).toEqual(sampleFields)
-    })
-
-    it('should serialize and deserialize the Certificate without signature', () => {
-        const certificate = new Certificate(
-            sampleType,
-            sampleSerialNumber,
-            sampleSubjectPubKey,
-            sampleCertifierPubKey,
-            sampleRevocationOutpoint,
-            sampleFields,
-            undefined // No signature
-        )
-
-        const serialized = certificate.toBin(false) // Exclude signature
-        const deserializedCertificate = Certificate.fromBin(serialized)
-
-        expect(deserializedCertificate.type).toEqual(sampleType)
-        expect(deserializedCertificate.serialNumber).toEqual(sampleSerialNumber)
-        expect(deserializedCertificate.subject).toEqual(sampleSubjectPubKey)
-        expect(deserializedCertificate.certifier).toEqual(sampleCertifierPubKey)
-        expect(deserializedCertificate.revocationOutpoint).toEqual(sampleRevocationOutpoint)
-        expect(deserializedCertificate.signature).toBeUndefined()
-        expect(deserializedCertificate.fields).toEqual(sampleFields)
-    })
-
-    it('should serialize and deserialize the Certificate with signature', async () => {
-        const certificate = new Certificate(
-            sampleType,
-            sampleSerialNumber,
-            sampleSubjectPubKey,
-            sampleCertifierPubKey,
-            sampleRevocationOutpoint,
-            sampleFields,
-            undefined // No signature
-        )
-
-        // Sign the certificate
-        const certifierWallet: ProtoWallet = new ProtoWallet(sampleCertifierPrivateKey)
-        await certificate.sign(certifierWallet)
-
-        const serialized = certificate.toBin(true) // Include signature
-        const deserializedCertificate = Certificate.fromBin(serialized)
-
-        expect(deserializedCertificate.type).toEqual(sampleType)
-        expect(deserializedCertificate.serialNumber).toEqual(sampleSerialNumber)
-        expect(deserializedCertificate.subject).toEqual(sampleSubjectPubKey)
-        expect(deserializedCertificate.certifier).toEqual(sampleCertifierPubKey)
-        expect(deserializedCertificate.revocationOutpoint).toEqual(sampleRevocationOutpoint)
-        expect(deserializedCertificate.signature).toEqual(certificate.signature)
-        expect(deserializedCertificate.fields).toEqual(sampleFields)
-    })
-
-    it('should sign the Certificate and verify the signature successfully', async () => {
-        const certificate = new Certificate(
-            sampleType,
-            sampleSerialNumber,
-            sampleSubjectPubKey,
-            sampleCertifierPubKey,
-            sampleRevocationOutpoint,
-            sampleFields,
-            undefined // No signature
-        )
-
-        // Sign the certificate
-        const certifierWallet: ProtoWallet = new ProtoWallet(sampleCertifierPrivateKey)
-        await certificate.sign(certifierWallet)
-
-        // Verify the signature
-        const isValid = await certificate.verify()
-        expect(isValid).toBe(true)
-    })
-
-    it('should fail verification if the Certificate is tampered with', async () => {
-        const certificate = new Certificate(
-            sampleType,
-            sampleSerialNumber,
-            sampleSubjectPubKey,
-            sampleCertifierPubKey,
-            sampleRevocationOutpoint,
-            sampleFields,
-            undefined // No signature
-        )
-
-        // Sign the certificate
-        const certifierWallet: ProtoWallet = new ProtoWallet(sampleCertifierPrivateKey)
-        await certificate.sign(certifierWallet)
-
-        // Tamper with the certificate (modify a field)
-        certificate.fields.email = 'attacker@example.com'
-
-        // Verify the signature
-        await expect(certificate.verify()).rejects.toThrow()
-    })
-
-    it('should fail verification if the signature is missing', async () => {
-        const certificate = new Certificate(
-            sampleType,
-            sampleSerialNumber,
-            sampleSubjectPubKey,
-            sampleCertifierPubKey,
-            sampleRevocationOutpoint,
-            sampleFields,
-            undefined // No signature
-        )
-
-        // Verify the signature
-        await expect(certificate.verify()).rejects.toThrow()
-    })
-
-    it('should fail verification if the signature is incorrect', async () => {
-        const certificate = new Certificate(
-            sampleType,
-            sampleSerialNumber,
-            sampleSubjectPubKey,
-            sampleCertifierPubKey,
-            sampleRevocationOutpoint,
-            sampleFields,
-            '3045022100cde229279465bb91992ccbc30bf6ed4eb8cdd9d517f31b30ff778d500d5400010220134f0e4065984f8668a642a5ad7a80886265f6aaa56d215d6400c216a4802177' // Incorrect signature
-        )
-
-        // Verify the signature
-        await expect(certificate.verify()).rejects.toThrowErrorMatchingInlineSnapshot(`"Signature is not valid"`)
-    })
-
-    it('should handle certificates with empty fields', async () => {
-        const certificate = new Certificate(
-            sampleType,
-            sampleSerialNumber,
-            sampleSubjectPubKey,
-            sampleCertifierPubKey,
-            sampleRevocationOutpoint,
-            sampleFieldsEmpty,
-            undefined // No signature
-        )
-
-        // Sign the certificate
-        const certifierWallet: ProtoWallet = new ProtoWallet(sampleCertifierPrivateKey)
-        await certificate.sign(certifierWallet)
-
-        // Serialize and deserialize
-        const serialized = certificate.toBin(true)
-        const deserializedCertificate = Certificate.fromBin(serialized)
-
-        expect(deserializedCertificate.fields).toEqual(sampleFieldsEmpty)
-
-        // Verify the signature
-        const isValid = await deserializedCertificate.verify()
-        expect(isValid).toBe(true)
-    })
-
-    it('should correctly handle serialization/deserialization when signature is excluded', () => {
-        const certificate = new Certificate(
-            sampleType,
-            sampleSerialNumber,
-            sampleSubjectPubKey,
-            sampleCertifierPubKey,
-            sampleRevocationOutpoint,
-            sampleFields,
-            'deadbeef1234', // Placeholder signature
-        )
-
-        // Serialize without signature
-        const serialized = certificate.toBin(false)
-        const deserializedCertificate = Certificate.fromBin(serialized)
-
-        expect(deserializedCertificate.signature).toBeUndefined() // Signature should be empty
-        expect(deserializedCertificate.fields).toEqual(sampleFields)
-    })
-
-    it('should correctly handle certificates with long field names and values', async () => {
-        const longFieldName = 'longFieldName_'.repeat(10) as any // Exceeding typical lengths
-        const longFieldValue = 'longFieldValue_'.repeat(20)
-        const fields = {
-            [longFieldName]: longFieldValue
-        }
-
-        const certificate = new Certificate(
-            sampleType,
-            sampleSerialNumber,
-            sampleSubjectPubKey,
-            sampleCertifierPubKey,
-            sampleRevocationOutpoint,
-            fields,
-            undefined // No signature
-        )
-
-        // Sign the certificate
-        const certifierWallet: ProtoWallet = new ProtoWallet(sampleCertifierPrivateKey)
-        await certificate.sign(certifierWallet)
-
-        // Serialize and deserialize
-        const serialized = certificate.toBin(true)
-        const deserializedCertificate = Certificate.fromBin(serialized)
-
-        expect(deserializedCertificate.fields).toEqual(fields)
-
-        // Verify the signature
-        const isValid = await deserializedCertificate.verify()
-        expect(isValid).toBe(true)
-    })
-
-    it('should correctly serialize and deserialize the revocationOutpoint', () => {
-        const certificate = new Certificate(
-            sampleType,
-            sampleSerialNumber,
-            sampleSubjectPubKey,
-            sampleCertifierPubKey,
-            sampleRevocationOutpoint,
-            sampleFields,
-            undefined // No signature
-        )
-
-        const serialized = certificate.toBin(false)
-        const deserializedCertificate = Certificate.fromBin(serialized)
-
-        expect(deserializedCertificate.revocationOutpoint).toEqual(sampleRevocationOutpoint)
-    })
-
-    it('should correctly handle certificates with no fields', async () => {
-        const certificate = new Certificate(
-            sampleType,
-            sampleSerialNumber,
-            sampleSubjectPubKey,
-            sampleCertifierPubKey,
-            sampleRevocationOutpoint,
-            {}, // No fields
-            undefined // No signature
-        )
-
-        // Sign the certificate
-        const certifierWallet: ProtoWallet = new ProtoWallet(sampleCertifierPrivateKey)
-        await certificate.sign(certifierWallet)
-
-        // Serialize and deserialize
-        const serialized = certificate.toBin(true)
-        const deserializedCertificate = Certificate.fromBin(serialized)
-
-        expect(deserializedCertificate.fields).toEqual({})
-
-        // Verify the signature
-        const isValid = await deserializedCertificate.verify()
-        expect(isValid).toBe(true)
-    })
-})