@bsv/sdk 1.3.10 → 1.3.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/package.json +1 -1
- package/dist/cjs/src/auth/certificates/Certificate.js +1 -1
- package/dist/cjs/src/auth/certificates/Certificate.js.map +1 -1
- package/dist/cjs/src/auth/certificates/MasterCertificate.js +93 -63
- package/dist/cjs/src/auth/certificates/MasterCertificate.js.map +1 -1
- package/dist/cjs/src/auth/certificates/VerifiableCertificate.js +2 -2
- package/dist/cjs/src/auth/certificates/VerifiableCertificate.js.map +1 -1
- package/dist/cjs/src/auth/utils/getVerifiableCertificates.js +1 -1
- package/dist/cjs/src/auth/utils/getVerifiableCertificates.js.map +1 -1
- package/dist/cjs/src/auth/utils/validateCertificates.js +1 -1
- package/dist/cjs/src/auth/utils/validateCertificates.js.map +1 -1
- package/dist/cjs/tsconfig.cjs.tsbuildinfo +1 -1
- package/dist/esm/src/auth/certificates/Certificate.js +2 -2
- package/dist/esm/src/auth/certificates/Certificate.js.map +1 -1
- package/dist/esm/src/auth/certificates/MasterCertificate.js +93 -63
- package/dist/esm/src/auth/certificates/MasterCertificate.js.map +1 -1
- package/dist/esm/src/auth/certificates/VerifiableCertificate.js +2 -2
- package/dist/esm/src/auth/certificates/VerifiableCertificate.js.map +1 -1
- package/dist/esm/src/auth/utils/getVerifiableCertificates.js +1 -1
- package/dist/esm/src/auth/utils/getVerifiableCertificates.js.map +1 -1
- package/dist/esm/src/auth/utils/validateCertificates.js +1 -1
- package/dist/esm/src/auth/utils/validateCertificates.js.map +1 -1
- package/dist/esm/tsconfig.esm.tsbuildinfo +1 -1
- package/dist/types/src/auth/certificates/Certificate.d.ts +3 -3
- package/dist/types/src/auth/certificates/Certificate.d.ts.map +1 -1
- package/dist/types/src/auth/certificates/MasterCertificate.d.ts +41 -11
- package/dist/types/src/auth/certificates/MasterCertificate.d.ts.map +1 -1
- package/dist/types/src/auth/certificates/VerifiableCertificate.d.ts +1 -1
- package/dist/types/src/auth/certificates/VerifiableCertificate.d.ts.map +1 -1
- package/dist/types/tsconfig.types.tsbuildinfo +1 -1
- package/dist/umd/bundle.js +1 -1
- package/docs/auth.md +59 -21
- package/package.json +1 -1
- package/src/auth/__tests/Peer.test.ts +19 -47
- package/src/auth/certificates/Certificate.ts +3 -3
- package/src/auth/certificates/MasterCertificate.ts +131 -67
- package/src/auth/certificates/VerifiableCertificate.ts +3 -4
- package/src/auth/certificates/__tests/MasterCertificate.test.ts +142 -51
- package/src/auth/certificates/__tests/VerifiableCertificate.test.ts +25 -30
- package/src/auth/utils/getVerifiableCertificates.ts +2 -2
- package/src/auth/utils/validateCertificates.ts +2 -2
|
@@ -21,38 +21,37 @@ export class MasterCertificate extends Certificate {
|
|
|
21
21
|
this.masterKeyring = masterKeyring;
|
|
22
22
|
}
|
|
23
23
|
/**
|
|
24
|
-
*
|
|
24
|
+
* Encrypts certificate fields for a subject and generates a master keyring.
|
|
25
|
+
* This method returns a master keyring tied to a specific certifier or subject who will validate
|
|
26
|
+
* and sign off on the fields, along with the encrypted certificate fields.
|
|
25
27
|
*
|
|
26
|
-
*
|
|
27
|
-
*
|
|
28
|
-
*
|
|
29
|
-
* @
|
|
30
|
-
*
|
|
31
|
-
*
|
|
32
|
-
*
|
|
28
|
+
* @param {WalletInterface} creatorWallet - The wallet of the creator responsible for encrypting the fields.
|
|
29
|
+
* @param {WalletCounterparty} certifierOrSubject - The certifier or subject who will validate the certificate fields.
|
|
30
|
+
* @param {Record<CertificateFieldNameUnder50Bytes, string>} fields - A record of certificate field names (under 50 bytes) mapped to their values.
|
|
31
|
+
* @returns {Promise<CreateCertificateFieldsResult>} A promise resolving to an object containing:
|
|
32
|
+
* - `certificateFields` {Record<CertificateFieldNameUnder50Bytes, Base64String>}:
|
|
33
|
+
* The encrypted certificate fields.
|
|
34
|
+
* - `masterKeyring` {Record<CertificateFieldNameUnder50Bytes, Base64String>}:
|
|
35
|
+
* The master keyring containing encrypted revelation keys for each field.
|
|
33
36
|
*/
|
|
34
|
-
async
|
|
35
|
-
|
|
36
|
-
const
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
});
|
|
48
|
-
const fieldValue = new SymmetricKey(fieldRevelationKey).decrypt(Utils.toArray(this.fields[fieldName], 'base64'));
|
|
49
|
-
decryptedFields[fieldName] = Utils.toUTF8(fieldValue);
|
|
50
|
-
}
|
|
51
|
-
return decryptedFields;
|
|
52
|
-
}
|
|
53
|
-
catch (e) {
|
|
54
|
-
throw new Error('Failed to decrypt all master certificate fields.');
|
|
37
|
+
static async createCertificateFields(creatorWallet, certifierOrSubject, fields) {
|
|
38
|
+
const certificateFields = {};
|
|
39
|
+
const masterKeyring = {};
|
|
40
|
+
for (const [fieldName, fieldValue] of Object.entries(fields)) {
|
|
41
|
+
const fieldSymmetricKey = SymmetricKey.fromRandom();
|
|
42
|
+
const encryptedFieldValue = fieldSymmetricKey.encrypt(Utils.toArray(fieldValue, 'utf8'));
|
|
43
|
+
certificateFields[fieldName] = Utils.toBase64(encryptedFieldValue);
|
|
44
|
+
const { ciphertext: encryptedFieldRevelationKey } = await creatorWallet.encrypt({
|
|
45
|
+
plaintext: fieldSymmetricKey.toArray(),
|
|
46
|
+
...Certificate.getCertificateFieldEncryptionDetails(fieldName), // Only fieldName used on MasterCertificate
|
|
47
|
+
counterparty: certifierOrSubject
|
|
48
|
+
});
|
|
49
|
+
masterKeyring[fieldName] = Utils.toBase64(encryptedFieldRevelationKey);
|
|
55
50
|
}
|
|
51
|
+
return {
|
|
52
|
+
certificateFields,
|
|
53
|
+
masterKeyring
|
|
54
|
+
};
|
|
56
55
|
}
|
|
57
56
|
/**
|
|
58
57
|
* Creates a keyring for a verifier, enabling them to decrypt specific certificate fields.
|
|
@@ -70,34 +69,22 @@ export class MasterCertificate extends Certificate {
|
|
|
70
69
|
* - A field in `fieldsToReveal` does not exist in the certificate.
|
|
71
70
|
* - The decrypted master field key fails to decrypt the corresponding field (indicating an invalid key).
|
|
72
71
|
*/
|
|
73
|
-
async createKeyringForVerifier(subjectWallet, verifier, fieldsToReveal, originator) {
|
|
72
|
+
static async createKeyringForVerifier(subjectWallet, certifier, verifier, fields, fieldsToReveal, masterKeyring, serialNumber, originator) {
|
|
74
73
|
if (!Array.isArray(fieldsToReveal)) {
|
|
75
74
|
throw new Error('fieldsToReveal must be an array of strings');
|
|
76
75
|
}
|
|
77
76
|
const fieldRevelationKeyring = {};
|
|
78
77
|
for (const fieldName of fieldsToReveal) {
|
|
79
78
|
// Make sure that fields to reveal is a subset of the certificate fields
|
|
80
|
-
if (!
|
|
79
|
+
if (!fields[fieldName]) {
|
|
81
80
|
throw new Error(`Fields to reveal must be a subset of the certificate fields. Missing the "${fieldName}" field.`);
|
|
82
81
|
}
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
const { plaintext: masterFieldKey } = await subjectWallet.decrypt({
|
|
86
|
-
ciphertext: Utils.toArray(encryptedMasterFieldKey, 'base64'),
|
|
87
|
-
...Certificate.getCertificateFieldEncryptionDetails(this.serialNumber, fieldName),
|
|
88
|
-
counterparty: this.certifier
|
|
89
|
-
}, originator);
|
|
90
|
-
// Verify that derived key actually decrypts requested field
|
|
91
|
-
try {
|
|
92
|
-
new SymmetricKey(masterFieldKey).decrypt(Utils.toArray(this.fields[fieldName], 'base64'));
|
|
93
|
-
}
|
|
94
|
-
catch (_) {
|
|
95
|
-
throw new Error(`Decryption of the "${fieldName}" field with its revelation key failed.`);
|
|
96
|
-
}
|
|
82
|
+
// Decrypt the master field key and verify that derived key actually decrypts requested field
|
|
83
|
+
const masterFieldKey = (await this.decryptField(subjectWallet, masterKeyring, fieldName, fields[fieldName], certifier)).fieldRevelationKey;
|
|
97
84
|
// Encrypt derived fieldRevelationKey for verifier
|
|
98
85
|
const { ciphertext: encryptedFieldRevelationKey } = await subjectWallet.encrypt({
|
|
99
86
|
plaintext: masterFieldKey,
|
|
100
|
-
...Certificate.getCertificateFieldEncryptionDetails(
|
|
87
|
+
...Certificate.getCertificateFieldEncryptionDetails(fieldName, serialNumber),
|
|
101
88
|
counterparty: verifier
|
|
102
89
|
}, originator);
|
|
103
90
|
// Add encryptedFieldRevelationKey to fieldRevelationKeyring
|
|
@@ -125,31 +112,74 @@ export class MasterCertificate extends Certificate {
|
|
|
125
112
|
*
|
|
126
113
|
* @throws {Error} Throws an error if any operation (e.g., encryption, signing) fails during certificate issuance.
|
|
127
114
|
*/
|
|
128
|
-
static async issueCertificateForSubject(certifierWallet, subject, fields, certificateType, getRevocationOutpoint = async (serialNumber) => { return 'Certificate revocation not tracked.'; }) {
|
|
129
|
-
// 1. Generate serialNumber
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
const masterKeyringForSubject = {};
|
|
133
|
-
// 2. For each field, generate a random key -> encrypt field -> encrypt key
|
|
134
|
-
for (const [fieldName, fieldValue] of Object.entries(fields)) {
|
|
135
|
-
const fieldSymmetricKey = SymmetricKey.fromRandom();
|
|
136
|
-
const encryptedFieldValue = fieldSymmetricKey.encrypt(Utils.toArray(fieldValue, 'utf8'));
|
|
137
|
-
encryptedCertificateFields[fieldName] = Utils.toBase64(encryptedFieldValue);
|
|
138
|
-
const { ciphertext: encryptedFieldRevelationKey } = await certifierWallet.encrypt({
|
|
139
|
-
plaintext: fieldSymmetricKey.toArray(),
|
|
140
|
-
...Certificate.getCertificateFieldEncryptionDetails(serialNumber, fieldName),
|
|
141
|
-
counterparty: subject
|
|
142
|
-
});
|
|
143
|
-
masterKeyringForSubject[fieldName] = Utils.toBase64(encryptedFieldRevelationKey);
|
|
115
|
+
static async issueCertificateForSubject(certifierWallet, subject, fields, certificateType, getRevocationOutpoint = async (serialNumber) => { return 'Certificate revocation not tracked.'; }, serialNumber) {
|
|
116
|
+
// 1. Generate a random serialNumber if not provided
|
|
117
|
+
if (!serialNumber) {
|
|
118
|
+
serialNumber = Utils.toBase64(Random(32));
|
|
144
119
|
}
|
|
120
|
+
// 2. Create encrypted certificate fields and associated master keyring
|
|
121
|
+
const { certificateFields, masterKeyring } = await this.createCertificateFields(certifierWallet, subject, fields);
|
|
145
122
|
// 3. Obtain a revocation outpoint (ex. certifier can call wallet.createAction())
|
|
146
123
|
const revocationOutpoint = await getRevocationOutpoint(serialNumber);
|
|
147
124
|
// TODO: Validate revocation outpoint format
|
|
148
125
|
// 4. Create new MasterCertificate instance
|
|
149
|
-
const certificate = new MasterCertificate(certificateType, serialNumber, subject, (await certifierWallet.getPublicKey({ identityKey: true })).publicKey, revocationOutpoint,
|
|
126
|
+
const certificate = new MasterCertificate(certificateType, serialNumber, subject, (await certifierWallet.getPublicKey({ identityKey: true })).publicKey, revocationOutpoint, certificateFields, masterKeyring);
|
|
150
127
|
// 5. Sign and return the new MasterCertificate certifying the subject.
|
|
151
128
|
await certificate.sign(certifierWallet);
|
|
152
129
|
return certificate;
|
|
153
130
|
}
|
|
131
|
+
/**
|
|
132
|
+
* Decrypts all fields in the MasterCertificate using the subject's or certifier's wallet.
|
|
133
|
+
*
|
|
134
|
+
* This method allows the subject or certifier to decrypt the `masterKeyring` and retrieve
|
|
135
|
+
* the encryption keys for each field, which are then used to decrypt the corresponding field values.
|
|
136
|
+
* The counterparty used for decryption depends on how the certificate fields were created:
|
|
137
|
+
* - If the certificate is self-signed, the counterparty should be set to 'self'.
|
|
138
|
+
* - Otherwise, the counterparty should always be the other party involved in the certificate issuance process (the subject or certifier).
|
|
139
|
+
*
|
|
140
|
+
* @param {WalletInterface} subjectOrCertifierWallet - The wallet of the subject or certifier, used to decrypt the master keyring and field values.
|
|
141
|
+
* @param {Record<CertificateFieldNameUnder50Bytes, Base64String>} masterKeyring - A record containing encrypted keys for each field.
|
|
142
|
+
* @param {Record<CertificateFieldNameUnder50Bytes, Base64String>} fields - A record of encrypted field names and their values.
|
|
143
|
+
* @param {WalletCounterparty} counterparty - The counterparty responsible for creating or signing the certificate. For self-signed certificates, use 'self'.
|
|
144
|
+
* @returns {Promise<Record<CertificateFieldNameUnder50Bytes, string>>} A promise resolving to a record of field names and their decrypted values in plaintext.
|
|
145
|
+
*
|
|
146
|
+
* @throws {Error} Throws an error if the `masterKeyring` is invalid or if decryption fails for any field.
|
|
147
|
+
*/
|
|
148
|
+
static async decryptFields(subjectOrCertifierWallet, masterKeyring, fields, counterparty) {
|
|
149
|
+
if (!masterKeyring || Object.keys(masterKeyring).length === 0) {
|
|
150
|
+
throw new Error('A MasterCertificate must have a valid masterKeyring!');
|
|
151
|
+
}
|
|
152
|
+
try {
|
|
153
|
+
const decryptedFields = {};
|
|
154
|
+
// Note: we want to iterate through all fields, not just masterKeyring keys/value pairs.
|
|
155
|
+
for (const fieldName of Object.keys(fields)) {
|
|
156
|
+
decryptedFields[fieldName] = (await this.decryptField(subjectOrCertifierWallet, masterKeyring, fieldName, fields[fieldName], counterparty)).decryptedFieldValue;
|
|
157
|
+
}
|
|
158
|
+
return decryptedFields;
|
|
159
|
+
}
|
|
160
|
+
catch (e) {
|
|
161
|
+
throw new Error('Failed to decrypt all master certificate fields.');
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
static async decryptField(subjectOrCertifierWallet, masterKeyring, fieldName, fieldValue, counterparty) {
|
|
165
|
+
if (!masterKeyring || Object.keys(masterKeyring).length === 0) {
|
|
166
|
+
throw new Error('A MasterCertificate must have a valid masterKeyring!');
|
|
167
|
+
}
|
|
168
|
+
try {
|
|
169
|
+
const { plaintext: fieldRevelationKey } = await subjectOrCertifierWallet.decrypt({
|
|
170
|
+
ciphertext: Utils.toArray(masterKeyring[fieldName], 'base64'),
|
|
171
|
+
...Certificate.getCertificateFieldEncryptionDetails(fieldName), // Only fieldName used on MasterCertificate
|
|
172
|
+
counterparty
|
|
173
|
+
});
|
|
174
|
+
const decryptedFieldValue = new SymmetricKey(fieldRevelationKey).decrypt(Utils.toArray(fieldValue, 'base64'));
|
|
175
|
+
return {
|
|
176
|
+
fieldRevelationKey,
|
|
177
|
+
decryptedFieldValue: Utils.toUTF8(decryptedFieldValue)
|
|
178
|
+
};
|
|
179
|
+
}
|
|
180
|
+
catch (e) {
|
|
181
|
+
throw new Error('Failed to decrypt certificate field!');
|
|
182
|
+
}
|
|
183
|
+
}
|
|
154
184
|
}
|
|
155
185
|
//# sourceMappingURL=MasterCertificate.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"MasterCertificate.js","sourceRoot":"","sources":["../../../../../src/auth/certificates/MasterCertificate.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,KAAK,EAML,MAAM,EAGP,MAAM,iBAAiB,CAAA;AACxB,OAAO,WAAW,MAAM,kBAAkB,CAAA;
|
|
1
|
+
{"version":3,"file":"MasterCertificate.js","sourceRoot":"","sources":["../../../../../src/auth/certificates/MasterCertificate.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,KAAK,EAML,MAAM,EAGP,MAAM,iBAAiB,CAAA;AACxB,OAAO,WAAW,MAAM,kBAAkB,CAAA;AAO1C;;;;;;;GAOG;AACH,MAAM,OAAO,iBAAkB,SAAQ,WAAW;IAShD,aAAa,CAAwD;IAErE,YACE,IAAkB,EAClB,YAA0B,EAC1B,OAAkB,EAClB,SAAoB,EACpB,kBAAkC,EAClC,MAA8D,EAC9D,aAAqE,EACrE,SAAqB;QAErB,KAAK,CAAC,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,EAAE,SAAS,CAAC,CAAA;QAEpF,4FAA4F;QAC5F,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5C,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CACb,gFAAgF,SAAS,IAAI,CAC9F,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,aAAa,GAAG,aAAa,CAAA;IACpC,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAClC,aAA8B,EAC9B,kBAAsC,EACtC,MAAwD;QAExD,MAAM,iBAAiB,GAA2D,EAAE,CAAA;QACpF,MAAM,aAAa,GAA2D,EAAE,CAAA;QAChF,KAAK,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7D,MAAM,iBAAiB,GAAG,YAAY,CAAC,UAAU,EAAE,CAAA;YACnD,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAA;YACxF,iBAAiB,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,mBAA+B,CAAC,CAAA;YAE9E,MAAM,EAAE,UAAU,EAAE,2BAA2B,EAAE,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC;gBAC9E,SAAS,EAAE,iBAAiB,CAAC,OAAO,EAAE;gBACtC,GAAG,WAAW,CAAC,oCAAoC,CAAC,SAAS,CAAC,EAAE,2CAA2C;gBAC3G,YAAY,EAAE,kBAAkB;aACjC,CAAC,CAAA;YACF,aAAa,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,2BAA2B,CAAC,CAAA;QACxE,CAAC;QAED,OAAO;YACL,iBAAiB;YACjB,aAAa;SACd,CAAA;IACH,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACH,MAAM,CAAC,KAAK,CAAC,wBAAwB,CACnC,aAA8B,EAC9B,SAA6B,EAC7B,QAA4B,EAC5B,MAA8D,EAC9D,cAAwB,EACxB,aAAqE,EACrE,YAA0B,EAC1B,UAAmB;QACnB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;QAC/D,CAAC;QACD,MAAM,sBAAsB,GAAG,EAAE,CAAA;QACjC,KAAK,MAAM,SAAS,IAAI,cAAc,EAAE,CAAC;YACvC,wEAAwE;YACxE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,6EAA6E,SAAS,UAAU,CAAC,CAAA;YACnH,CAAC;YAED,6FAA6F;YAC7F,MAAM,cAAc,GAAG,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,kBAAkB,CAAA;YAE1I,kDAAkD;YAClD,MAAM,EAAE,UAAU,EAAE,2BAA2B,EAAE,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC;gBAC9E,SAAS,EAAE,cAAc;gBACzB,GAAG,WAAW,CAAC,oCAAoC,CAAC,SAAS,EAAE,YAAY,CAAC;gBAC5E,YAAY,EAAE,QAAQ;aACvB,EAAE,UAAU,CAAC,CAAA;YAEd,4DAA4D;YAC5D,sBAAsB,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,2BAA2B,CAAC,CAAA;QACjF,CAAC;QAED,2GAA2G;QAC3G,OAAO,sBAAsB,CAAA;IAC/B,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,KAAK,CAAC,0BAA0B,CACrC,eAAgC,EAChC,OAA2B,EAC3B,MAAwD,EACxD,eAAuB,EACvB,wBAAwB,KAAK,EAC3B,YAAoB,EACH,EAAE,GAAG,OAAO,qCAAqC,CAAA,CAAC,CAAC,EACtE,YAAqB;QAErB,oDAAoD;QACpD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAA;QAC3C,CAAC;QAED,uEAAuE;QACvE,MAAM,EAAE,iBAAiB,EAAE,aAAa,EAAE,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAC7E,eAAe,EACf,OAAO,EACP,MAAM,CACP,CAAA;QAED,iFAAiF;QACjF,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CAAC,YAAY,CAAC,CAAA;QACpE,4CAA4C;QAE5C,2CAA2C;QAC3C,MAAM,WAAW,GAAG,IAAI,iBAAiB,CACvC,eAAe,EACf,YAAY,EACZ,OAAO,EACP,CAAC,MAAM,eAAe,CAAC,YAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,EACrE,kBAAkB,EAClB,iBAAiB,EACjB,aAAa,CACd,CAAA;QAED,uEAAuE;QACvE,MAAM,WAAW,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;QACvC,OAAO,WAAW,CAAA;IACpB,CAAC;IAGD;;;;;;;;;;;;;;;;OAgBG;IACH,MAAM,CAAC,KAAK,CAAC,aAAa,CACxB,wBAAyC,EACzC,aAAqE,EACrE,MAA8D,EAC9D,YAAgC;QAEhC,IAAI,CAAC,aAAa,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9D,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAA;QACzE,CAAC;QACD,IAAI,CAAC;YACH,MAAM,eAAe,GAAqD,EAAE,CAAA;YAC5E,wFAAwF;YACxF,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC5C,eAAe,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,wBAAwB,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,mBAAmB,CAAA;YACjK,CAAC;YACD,OAAO,eAAe,CAAA;QACxB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAA;QACrE,CAAC;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,YAAY,CACvB,wBAAyC,EACzC,aAAqE,EACrE,SAAuB,EACvB,UAAwB,EACxB,YAAgC;QAEhC,IAAI,CAAC,aAAa,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9D,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAA;QACzE,CAAC;QACD,IAAI,CAAC;YACH,MAAM,EAAE,SAAS,EAAE,kBAAkB,EAAE,GAAG,MAAM,wBAAwB,CAAC,OAAO,CAAC;gBAC/E,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC;gBAC7D,GAAG,WAAW,CAAC,oCAAoC,CAAC,SAAS,CAAC,EAAE,2CAA2C;gBAC3G,YAAY;aACb,CAAC,CAAA;YAEF,MAAM,mBAAmB,GAAG,IAAI,YAAY,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAA;YAC7G,OAAO;gBACL,kBAAkB;gBAClB,mBAAmB,EAAE,KAAK,CAAC,MAAM,CAAC,mBAA+B,CAAC;aACnE,CAAA;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;QACzD,CAAC;IACH,CAAC;CACF"}
|
|
@@ -7,7 +7,7 @@ import Certificate from './Certificate.js';
|
|
|
7
7
|
export class VerifiableCertificate extends Certificate {
|
|
8
8
|
keyring;
|
|
9
9
|
decryptedFields;
|
|
10
|
-
constructor(type, serialNumber, subject, certifier, revocationOutpoint, fields,
|
|
10
|
+
constructor(type, serialNumber, subject, certifier, revocationOutpoint, fields, keyring, signature, decryptedFields) {
|
|
11
11
|
super(type, serialNumber, subject, certifier, revocationOutpoint, fields, signature);
|
|
12
12
|
this.keyring = keyring;
|
|
13
13
|
this.decryptedFields = decryptedFields;
|
|
@@ -27,7 +27,7 @@ export class VerifiableCertificate extends Certificate {
|
|
|
27
27
|
for (const fieldName in this.keyring) {
|
|
28
28
|
const { plaintext: fieldRevelationKey } = await verifierWallet.decrypt({
|
|
29
29
|
ciphertext: Utils.toArray(this.keyring[fieldName], 'base64'),
|
|
30
|
-
...Certificate.getCertificateFieldEncryptionDetails(this.serialNumber
|
|
30
|
+
...Certificate.getCertificateFieldEncryptionDetails(fieldName, this.serialNumber),
|
|
31
31
|
counterparty: this.subject
|
|
32
32
|
});
|
|
33
33
|
const fieldValue = new SymmetricKey(fieldRevelationKey).decrypt(Utils.toArray(this.fields[fieldName], 'base64'));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"VerifiableCertificate.js","sourceRoot":"","sources":["../../../../../src/auth/certificates/VerifiableCertificate.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,KAAK,
|
|
1
|
+
{"version":3,"file":"VerifiableCertificate.js","sourceRoot":"","sources":["../../../../../src/auth/certificates/VerifiableCertificate.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,KAAK,EAON,MAAM,iBAAiB,CAAA;AACxB,OAAO,WAAW,MAAM,kBAAkB,CAAA;AAE1C;;;GAGG;AACH,MAAM,OAAO,qBAAsB,SAAQ,WAAW;IASpD,OAAO,CAAkD;IACzD,eAAe,CAAyD;IAExE,YACE,IAAkB,EAClB,YAA0B,EAC1B,OAAkB,EAClB,SAAoB,EACpB,kBAAkC,EAClC,MAAwD,EACxD,OAAyD,EACzD,SAAqB,EACrB,eAAwE;QAExE,KAAK,CAAC,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,EAAE,SAAS,CAAC,CAAA;QACpF,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,IAAI,CAAC,eAAe,GAAG,eAAe,CAAA;IACxC,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,aAAa,CAAC,cAA+B;QACjD,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,KAAK,CAAC,uEAAuE,CAAC,CAAA;QAC1F,CAAC;QACD,IAAI,CAAC;YACH,MAAM,eAAe,GAAqD,EAAE,CAAA;YAC5E,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACrC,MAAM,EAAE,SAAS,EAAE,kBAAkB,EAAE,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC;oBACrE,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC;oBAC5D,GAAG,WAAW,CAAC,oCAAoC,CAAC,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC;oBACjF,YAAY,EAAE,IAAI,CAAC,OAAO;iBAC3B,CAAC,CAAA;gBAEF,MAAM,UAAU,GAAG,IAAI,YAAY,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAA;gBAChH,eAAe,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,UAAsB,CAAC,CAAA;YACnE,CAAC;YACD,OAAO,eAAe,CAAA;QACxB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,4EAA4E,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAA;QAC/I,CAAC;IACH,CAAC;CACF"}
|
|
@@ -21,7 +21,7 @@ export const getVerifiableCertificates = async (wallet, requestedCertificates, v
|
|
|
21
21
|
fieldsToReveal: requestedCertificates.types[certificate.type],
|
|
22
22
|
verifier: verifierIdentityKey
|
|
23
23
|
});
|
|
24
|
-
return new VerifiableCertificate(certificate.type, certificate.serialNumber, certificate.subject, certificate.certifier, certificate.revocationOutpoint, certificate.fields, certificate.signature
|
|
24
|
+
return new VerifiableCertificate(certificate.type, certificate.serialNumber, certificate.subject, certificate.certifier, certificate.revocationOutpoint, certificate.fields, keyringForVerifier, certificate.signature);
|
|
25
25
|
}));
|
|
26
26
|
};
|
|
27
27
|
//# sourceMappingURL=getVerifiableCertificates.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getVerifiableCertificates.js","sourceRoot":"","sources":["../../../../../src/auth/utils/getVerifiableCertificates.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,0CAA0C,CAAA;AAIhF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,KAAK,EAAE,MAAuB,EAAE,qBAA8C,EAAE,mBAA2B,EAAoC,EAAE;IACxL,qCAAqC;IACrC,2EAA2E;IAC3E,MAAM,oBAAoB,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC;QACzD,UAAU,EAAE,qBAAqB,CAAC,UAAU;QAC5C,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC;KAChD,CAAC,CAAA;IAEF,4FAA4F;IAC5F,OAAO,MAAM,OAAO,CAAC,GAAG,CACtB,oBAAoB,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAC,WAAW,EAAC,EAAE;QACxD,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC;YAC3D,WAAW;YACX,cAAc,EAAE,qBAAqB,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC;YAC7D,QAAQ,EAAE,mBAAmB;SAC9B,CAAC,CAAA;QACF,OAAO,IAAI,qBAAqB,CAC9B,WAAW,CAAC,IAAI,EAChB,WAAW,CAAC,YAAY,EACxB,WAAW,CAAC,OAAO,EACnB,WAAW,CAAC,SAAS,EACrB,WAAW,CAAC,kBAAkB,EAC9B,WAAW,CAAC,MAAM,EAClB,WAAW,CAAC,SAAS,
|
|
1
|
+
{"version":3,"file":"getVerifiableCertificates.js","sourceRoot":"","sources":["../../../../../src/auth/utils/getVerifiableCertificates.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,0CAA0C,CAAA;AAIhF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,KAAK,EAAE,MAAuB,EAAE,qBAA8C,EAAE,mBAA2B,EAAoC,EAAE;IACxL,qCAAqC;IACrC,2EAA2E;IAC3E,MAAM,oBAAoB,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC;QACzD,UAAU,EAAE,qBAAqB,CAAC,UAAU;QAC5C,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC;KAChD,CAAC,CAAA;IAEF,4FAA4F;IAC5F,OAAO,MAAM,OAAO,CAAC,GAAG,CACtB,oBAAoB,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAC,WAAW,EAAC,EAAE;QACxD,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC;YAC3D,WAAW;YACX,cAAc,EAAE,qBAAqB,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC;YAC7D,QAAQ,EAAE,mBAAmB;SAC9B,CAAC,CAAA;QACF,OAAO,IAAI,qBAAqB,CAC9B,WAAW,CAAC,IAAI,EAChB,WAAW,CAAC,YAAY,EACxB,WAAW,CAAC,OAAO,EACnB,WAAW,CAAC,SAAS,EACrB,WAAW,CAAC,kBAAkB,EAC9B,WAAW,CAAC,MAAM,EAClB,kBAAkB,EAClB,WAAW,CAAC,SAAS,CACtB,CAAA;IACH,CAAC,CAAC,CAAC,CAAA;AACP,CAAC,CAAA"}
|
|
@@ -13,7 +13,7 @@ export const validateCertificates = async (verifierWallet, message, certificates
|
|
|
13
13
|
throw new Error(`The subject of one of your certificates ("${incomingCert.subject}") is not the same as the request sender ("${message.identityKey}").`);
|
|
14
14
|
}
|
|
15
15
|
// Verify Certificate structure and signature
|
|
16
|
-
const certToVerify = new VerifiableCertificate(incomingCert.type, incomingCert.serialNumber, incomingCert.subject, incomingCert.certifier, incomingCert.revocationOutpoint, incomingCert.fields, incomingCert.
|
|
16
|
+
const certToVerify = new VerifiableCertificate(incomingCert.type, incomingCert.serialNumber, incomingCert.subject, incomingCert.certifier, incomingCert.revocationOutpoint, incomingCert.fields, incomingCert.keyring, incomingCert.signature);
|
|
17
17
|
const isValidCert = await certToVerify.verify();
|
|
18
18
|
if (!isValidCert) {
|
|
19
19
|
throw new Error(`The signature for the certificate with serial number ${certToVerify.serialNumber} is invalid!`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateCertificates.js","sourceRoot":"","sources":["../../../../../src/auth/utils/validateCertificates.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,qBAAqB,EAAE,MAAM,0CAA0C,CAAA;AAEhF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,KAAK,EAAE,cAA+B,EAAE,OAAoB,EAAE,qBAA+C,EAAiB,EAAE;IAClK,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,YAAmC,EAAE,EAAE;QACvF,IAAI,YAAY,CAAC,OAAO,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,6CAA6C,YAAY,CAAC,OAAO,8CAA8C,OAAO,CAAC,WAAW,KAAK,CAAC,CAAA;QAC1J,CAAC;QAED,6CAA6C;QAC7C,MAAM,YAAY,GAAG,IAAI,qBAAqB,CAC5C,YAAY,CAAC,IAAI,EACjB,YAAY,CAAC,YAAY,EACzB,YAAY,CAAC,OAAO,EACpB,YAAY,CAAC,SAAS,EACtB,YAAY,CAAC,kBAAkB,EAC/B,YAAY,CAAC,MAAM,EACnB,YAAY,CAAC,
|
|
1
|
+
{"version":3,"file":"validateCertificates.js","sourceRoot":"","sources":["../../../../../src/auth/utils/validateCertificates.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,qBAAqB,EAAE,MAAM,0CAA0C,CAAA;AAEhF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,KAAK,EAAE,cAA+B,EAAE,OAAoB,EAAE,qBAA+C,EAAiB,EAAE;IAClK,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,YAAmC,EAAE,EAAE;QACvF,IAAI,YAAY,CAAC,OAAO,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,6CAA6C,YAAY,CAAC,OAAO,8CAA8C,OAAO,CAAC,WAAW,KAAK,CAAC,CAAA;QAC1J,CAAC;QAED,6CAA6C;QAC7C,MAAM,YAAY,GAAG,IAAI,qBAAqB,CAC5C,YAAY,CAAC,IAAI,EACjB,YAAY,CAAC,YAAY,EACzB,YAAY,CAAC,OAAO,EACpB,YAAY,CAAC,SAAS,EACtB,YAAY,CAAC,kBAAkB,EAC/B,YAAY,CAAC,MAAM,EACnB,YAAY,CAAC,OAAO,EACpB,YAAY,CAAC,SAAS,CACvB,CAAA;QACD,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,wDAAwD,YAAY,CAAC,YAAY,cAAc,CAAC,CAAA;QAClH,CAAC;QAED,2EAA2E;QAC3E,IAAI,qBAAqB,EAAE,CAAC;YAC1B,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,qBAAqB,CAAA;YAEnD,0BAA0B;YAC1B,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,YAAY,CAAC,YAAY,kCAAkC,YAAY,CAAC,SAAS,EAAE,CAAC,CAAA;YACxI,CAAC;YAED,wCAAwC;YACxC,MAAM,eAAe,GAAG,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;YAChD,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CAAC,yBAAyB,YAAY,CAAC,IAAI,oBAAoB,CAAC,CAAA;YACjF,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,MAAM,YAAY,CAAC,aAAa,CAAC,cAAc,CAAC,CAAA;IAClD,CAAC,CAAC,CAAC,CAAA;AACL,CAAC,CAAA"}
|