@bsv/sdk 1.3.10 → 1.3.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/package.json +1 -1
- package/dist/cjs/src/auth/certificates/Certificate.js +1 -1
- package/dist/cjs/src/auth/certificates/Certificate.js.map +1 -1
- package/dist/cjs/src/auth/certificates/MasterCertificate.js +95 -65
- package/dist/cjs/src/auth/certificates/MasterCertificate.js.map +1 -1
- package/dist/cjs/src/auth/certificates/VerifiableCertificate.js +3 -3
- package/dist/cjs/src/auth/certificates/VerifiableCertificate.js.map +1 -1
- package/dist/cjs/src/auth/utils/getVerifiableCertificates.js +1 -1
- package/dist/cjs/src/auth/utils/getVerifiableCertificates.js.map +1 -1
- package/dist/cjs/src/auth/utils/validateCertificates.js +1 -1
- package/dist/cjs/src/auth/utils/validateCertificates.js.map +1 -1
- package/dist/cjs/src/wallet/ProtoWallet.js +9 -9
- package/dist/cjs/src/wallet/ProtoWallet.js.map +1 -1
- package/dist/cjs/tsconfig.cjs.tsbuildinfo +1 -1
- package/dist/esm/src/auth/certificates/Certificate.js +2 -2
- package/dist/esm/src/auth/certificates/Certificate.js.map +1 -1
- package/dist/esm/src/auth/certificates/MasterCertificate.js +95 -65
- package/dist/esm/src/auth/certificates/MasterCertificate.js.map +1 -1
- package/dist/esm/src/auth/certificates/VerifiableCertificate.js +3 -3
- package/dist/esm/src/auth/certificates/VerifiableCertificate.js.map +1 -1
- package/dist/esm/src/auth/utils/getVerifiableCertificates.js +1 -1
- package/dist/esm/src/auth/utils/getVerifiableCertificates.js.map +1 -1
- package/dist/esm/src/auth/utils/validateCertificates.js +1 -1
- package/dist/esm/src/auth/utils/validateCertificates.js.map +1 -1
- package/dist/esm/src/wallet/ProtoWallet.js +9 -9
- package/dist/esm/src/wallet/ProtoWallet.js.map +1 -1
- package/dist/esm/tsconfig.esm.tsbuildinfo +1 -1
- package/dist/types/src/auth/certificates/Certificate.d.ts +5 -5
- package/dist/types/src/auth/certificates/Certificate.d.ts.map +1 -1
- package/dist/types/src/auth/certificates/MasterCertificate.d.ts +44 -14
- package/dist/types/src/auth/certificates/MasterCertificate.d.ts.map +1 -1
- package/dist/types/src/auth/certificates/VerifiableCertificate.d.ts +4 -4
- package/dist/types/src/auth/certificates/VerifiableCertificate.d.ts.map +1 -1
- package/dist/types/src/wallet/ProtoWallet.d.ts +12 -12
- package/dist/types/src/wallet/ProtoWallet.d.ts.map +1 -1
- package/dist/types/tsconfig.types.tsbuildinfo +1 -1
- package/dist/umd/bundle.js +1 -1
- package/docs/auth.md +75 -33
- package/docs/wallet.md +12 -12
- package/package.json +1 -1
- package/src/auth/__tests/Peer.test.ts +19 -47
- package/src/auth/certificates/Certificate.ts +4 -5
- package/src/auth/certificates/MasterCertificate.ts +138 -71
- package/src/auth/certificates/VerifiableCertificate.ts +5 -6
- package/src/auth/certificates/__tests/MasterCertificate.test.ts +142 -51
- package/src/auth/certificates/__tests/VerifiableCertificate.test.ts +54 -30
- package/src/auth/utils/getVerifiableCertificates.ts +2 -2
- package/src/auth/utils/validateCertificates.ts +2 -2
- package/src/wallet/ProtoWallet.ts +20 -11
package/docs/auth.md
CHANGED
|
@@ -212,21 +212,21 @@ export default class Certificate {
|
|
|
212
212
|
subject: PubKeyHex;
|
|
213
213
|
certifier: PubKeyHex;
|
|
214
214
|
revocationOutpoint: OutpointString;
|
|
215
|
-
fields: Record<CertificateFieldNameUnder50Bytes,
|
|
215
|
+
fields: Record<CertificateFieldNameUnder50Bytes, Base64String>;
|
|
216
216
|
signature?: HexString;
|
|
217
217
|
constructor(type: Base64String, serialNumber: Base64String, subject: PubKeyHex, certifier: PubKeyHex, revocationOutpoint: OutpointString, fields: Record<CertificateFieldNameUnder50Bytes, string>, signature?: HexString)
|
|
218
218
|
toBinary(includeSignature: boolean = true): number[]
|
|
219
219
|
static fromBinary(bin: number[]): Certificate
|
|
220
220
|
async verify(): Promise<boolean>
|
|
221
|
-
async sign(certifierWallet:
|
|
222
|
-
static getCertificateFieldEncryptionDetails(
|
|
221
|
+
async sign(certifierWallet: ProtoWallet): Promise<void>
|
|
222
|
+
static getCertificateFieldEncryptionDetails(fieldName: string, serialNumber?: string): {
|
|
223
223
|
protocolID: WalletProtocol;
|
|
224
224
|
keyID: string;
|
|
225
225
|
}
|
|
226
226
|
}
|
|
227
227
|
```
|
|
228
228
|
|
|
229
|
-
See also: [Base64String](#type-base64string), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [HexString](#type-hexstring), [OutpointString](#type-outpointstring), [
|
|
229
|
+
See also: [Base64String](#type-base64string), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [HexString](#type-hexstring), [OutpointString](#type-outpointstring), [ProtoWallet](#class-protowallet), [PubKeyHex](#type-pubkeyhex), [WalletProtocol](#type-walletprotocol), [sign](#variable-sign), [verify](#variable-verify)
|
|
230
230
|
|
|
231
231
|
<details>
|
|
232
232
|
|
|
@@ -269,12 +269,12 @@ See also: [PubKeyHex](#type-pubkeyhex)
|
|
|
269
269
|
|
|
270
270
|
#### Property fields
|
|
271
271
|
|
|
272
|
-
All the fields present in the certificate, with field names as keys and field values as strings.
|
|
272
|
+
All the fields present in the certificate, with field names as keys and encrypted field values as Base64 strings.
|
|
273
273
|
|
|
274
274
|
```ts
|
|
275
|
-
fields: Record<CertificateFieldNameUnder50Bytes,
|
|
275
|
+
fields: Record<CertificateFieldNameUnder50Bytes, Base64String>
|
|
276
276
|
```
|
|
277
|
-
See also: [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes)
|
|
277
|
+
See also: [Base64String](#type-base64string), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes)
|
|
278
278
|
|
|
279
279
|
#### Property revocationOutpoint
|
|
280
280
|
|
|
@@ -344,7 +344,7 @@ Argument Details
|
|
|
344
344
|
Helper function which retrieves the protocol ID and key ID for certificate field encryption.
|
|
345
345
|
|
|
346
346
|
```ts
|
|
347
|
-
static getCertificateFieldEncryptionDetails(
|
|
347
|
+
static getCertificateFieldEncryptionDetails(fieldName: string, serialNumber?: string): {
|
|
348
348
|
protocolID: WalletProtocol;
|
|
349
349
|
keyID: string;
|
|
350
350
|
}
|
|
@@ -369,9 +369,9 @@ Argument Details
|
|
|
369
369
|
Signs the certificate using the provided certifier wallet.
|
|
370
370
|
|
|
371
371
|
```ts
|
|
372
|
-
async sign(certifierWallet:
|
|
372
|
+
async sign(certifierWallet: ProtoWallet): Promise<void>
|
|
373
373
|
```
|
|
374
|
-
See also: [
|
|
374
|
+
See also: [ProtoWallet](#class-protowallet)
|
|
375
375
|
|
|
376
376
|
Argument Details
|
|
377
377
|
|
|
@@ -466,18 +466,51 @@ export class MasterCertificate extends Certificate {
|
|
|
466
466
|
declare signature?: HexString;
|
|
467
467
|
masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>;
|
|
468
468
|
constructor(type: Base64String, serialNumber: Base64String, subject: PubKeyHex, certifier: PubKeyHex, revocationOutpoint: OutpointString, fields: Record<CertificateFieldNameUnder50Bytes, Base64String>, masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, signature?: HexString)
|
|
469
|
-
async
|
|
470
|
-
async createKeyringForVerifier(subjectWallet:
|
|
471
|
-
static async issueCertificateForSubject(certifierWallet:
|
|
469
|
+
static async createCertificateFields(creatorWallet: ProtoWallet, certifierOrSubject: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, string>, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<CreateCertificateFieldsResult>
|
|
470
|
+
static async createKeyringForVerifier(subjectWallet: ProtoWallet, certifier: WalletCounterparty, verifier: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, Base64String>, fieldsToReveal: string[], masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, serialNumber: Base64String, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
|
|
471
|
+
static async issueCertificateForSubject(certifierWallet: ProtoWallet, subject: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, string>, certificateType: string, getRevocationOutpoint = async (serialNumber: string): Promise<string> => { return "Certificate revocation not tracked."; }, serialNumber?: string): Promise<MasterCertificate>
|
|
472
|
+
static async decryptFields(subjectOrCertifierWallet: ProtoWallet, masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, fields: Record<CertificateFieldNameUnder50Bytes, Base64String>, counterparty: WalletCounterparty): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
|
|
473
|
+
static async decryptField(subjectOrCertifierWallet: ProtoWallet, masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, fieldName: Base64String, fieldValue: Base64String, counterparty: WalletCounterparty, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<{
|
|
474
|
+
fieldRevelationKey: number[];
|
|
475
|
+
decryptedFieldValue: string;
|
|
476
|
+
}>
|
|
472
477
|
}
|
|
473
478
|
```
|
|
474
479
|
|
|
475
|
-
See also: [Base64String](#type-base64string), [Certificate](#class-certificate), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [HexString](#type-hexstring), [OutpointString](#type-outpointstring), [
|
|
480
|
+
See also: [Base64String](#type-base64string), [Certificate](#class-certificate), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [HexString](#type-hexstring), [OriginatorDomainNameStringUnder250Bytes](#type-originatordomainnamestringunder250bytes), [OutpointString](#type-outpointstring), [ProtoWallet](#class-protowallet), [PubKeyHex](#type-pubkeyhex), [WalletCounterparty](#type-walletcounterparty)
|
|
476
481
|
|
|
477
482
|
<details>
|
|
478
483
|
|
|
479
484
|
<summary>Class MasterCertificate Details</summary>
|
|
480
485
|
|
|
486
|
+
#### Method createCertificateFields
|
|
487
|
+
|
|
488
|
+
Encrypts certificate fields for a subject and generates a master keyring.
|
|
489
|
+
This method returns a master keyring tied to a specific certifier or subject who will validate
|
|
490
|
+
and sign off on the fields, along with the encrypted certificate fields.
|
|
491
|
+
|
|
492
|
+
```ts
|
|
493
|
+
static async createCertificateFields(creatorWallet: ProtoWallet, certifierOrSubject: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, string>, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<CreateCertificateFieldsResult>
|
|
494
|
+
```
|
|
495
|
+
See also: [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [OriginatorDomainNameStringUnder250Bytes](#type-originatordomainnamestringunder250bytes), [ProtoWallet](#class-protowallet), [WalletCounterparty](#type-walletcounterparty)
|
|
496
|
+
|
|
497
|
+
Returns
|
|
498
|
+
|
|
499
|
+
A promise resolving to an object containing:
|
|
500
|
+
- `certificateFields` {Record<CertificateFieldNameUnder50Bytes, Base64String>}:
|
|
501
|
+
The encrypted certificate fields.
|
|
502
|
+
- `masterKeyring` {Record<CertificateFieldNameUnder50Bytes, Base64String>}:
|
|
503
|
+
The master keyring containing encrypted revelation keys for each field.
|
|
504
|
+
|
|
505
|
+
Argument Details
|
|
506
|
+
|
|
507
|
+
+ **creatorWallet**
|
|
508
|
+
+ The wallet of the creator responsible for encrypting the fields.
|
|
509
|
+
+ **certifierOrSubject**
|
|
510
|
+
+ The certifier or subject who will validate the certificate fields.
|
|
511
|
+
+ **fields**
|
|
512
|
+
+ A record of certificate field names (under 50 bytes) mapped to their values.
|
|
513
|
+
|
|
481
514
|
#### Method createKeyringForVerifier
|
|
482
515
|
|
|
483
516
|
Creates a keyring for a verifier, enabling them to decrypt specific certificate fields.
|
|
@@ -486,9 +519,9 @@ for the verifier's identity key. The result is a keyring containing the keys nec
|
|
|
486
519
|
for the verifier to access the designated fields.
|
|
487
520
|
|
|
488
521
|
```ts
|
|
489
|
-
async createKeyringForVerifier(subjectWallet:
|
|
522
|
+
static async createKeyringForVerifier(subjectWallet: ProtoWallet, certifier: WalletCounterparty, verifier: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, Base64String>, fieldsToReveal: string[], masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, serialNumber: Base64String, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
|
|
490
523
|
```
|
|
491
|
-
See also: [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [
|
|
524
|
+
See also: [Base64String](#type-base64string), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [OriginatorDomainNameStringUnder250Bytes](#type-originatordomainnamestringunder250bytes), [ProtoWallet](#class-protowallet), [WalletCounterparty](#type-walletcounterparty)
|
|
492
525
|
|
|
493
526
|
Returns
|
|
494
527
|
|
|
@@ -514,24 +547,33 @@ Throws an error if:
|
|
|
514
547
|
|
|
515
548
|
#### Method decryptFields
|
|
516
549
|
|
|
517
|
-
Decrypts all fields in the MasterCertificate using the subject's wallet.
|
|
550
|
+
Decrypts all fields in the MasterCertificate using the subject's or certifier's wallet.
|
|
518
551
|
|
|
519
|
-
This method
|
|
520
|
-
|
|
552
|
+
This method allows the subject or certifier to decrypt the `masterKeyring` and retrieve
|
|
553
|
+
the encryption keys for each field, which are then used to decrypt the corresponding field values.
|
|
554
|
+
The counterparty used for decryption depends on how the certificate fields were created:
|
|
555
|
+
- If the certificate is self-signed, the counterparty should be set to 'self'.
|
|
556
|
+
- Otherwise, the counterparty should always be the other party involved in the certificate issuance process (the subject or certifier).
|
|
521
557
|
|
|
522
558
|
```ts
|
|
523
|
-
async decryptFields(
|
|
559
|
+
static async decryptFields(subjectOrCertifierWallet: ProtoWallet, masterKeyring: Record<CertificateFieldNameUnder50Bytes, Base64String>, fields: Record<CertificateFieldNameUnder50Bytes, Base64String>, counterparty: WalletCounterparty): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
|
|
524
560
|
```
|
|
525
|
-
See also: [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [
|
|
561
|
+
See also: [Base64String](#type-base64string), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [ProtoWallet](#class-protowallet), [WalletCounterparty](#type-walletcounterparty)
|
|
526
562
|
|
|
527
563
|
Returns
|
|
528
564
|
|
|
529
|
-
|
|
565
|
+
A promise resolving to a record of field names and their decrypted values in plaintext.
|
|
530
566
|
|
|
531
567
|
Argument Details
|
|
532
568
|
|
|
533
|
-
+ **
|
|
534
|
-
+ The wallet of the subject, used to decrypt the master keyring and field values.
|
|
569
|
+
+ **subjectOrCertifierWallet**
|
|
570
|
+
+ The wallet of the subject or certifier, used to decrypt the master keyring and field values.
|
|
571
|
+
+ **masterKeyring**
|
|
572
|
+
+ A record containing encrypted keys for each field.
|
|
573
|
+
+ **fields**
|
|
574
|
+
+ A record of encrypted field names and their values.
|
|
575
|
+
+ **counterparty**
|
|
576
|
+
+ The counterparty responsible for creating or signing the certificate. For self-signed certificates, use 'self'.
|
|
535
577
|
|
|
536
578
|
Throws
|
|
537
579
|
|
|
@@ -547,9 +589,9 @@ generated symmetric key, which is then encrypted for the subject. The certificat
|
|
|
547
589
|
can also includes a revocation outpoint to manage potential revocation.
|
|
548
590
|
|
|
549
591
|
```ts
|
|
550
|
-
static async issueCertificateForSubject(certifierWallet:
|
|
592
|
+
static async issueCertificateForSubject(certifierWallet: ProtoWallet, subject: WalletCounterparty, fields: Record<CertificateFieldNameUnder50Bytes, string>, certificateType: string, getRevocationOutpoint = async (serialNumber: string): Promise<string> => { return "Certificate revocation not tracked."; }, serialNumber?: string): Promise<MasterCertificate>
|
|
551
593
|
```
|
|
552
|
-
See also: [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [MasterCertificate](#class-mastercertificate), [
|
|
594
|
+
See also: [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [MasterCertificate](#class-mastercertificate), [ProtoWallet](#class-protowallet), [WalletCounterparty](#type-walletcounterparty)
|
|
553
595
|
|
|
554
596
|
Returns
|
|
555
597
|
|
|
@@ -1078,12 +1120,12 @@ export class VerifiableCertificate extends Certificate {
|
|
|
1078
1120
|
declare signature?: HexString;
|
|
1079
1121
|
keyring: Record<CertificateFieldNameUnder50Bytes, string>;
|
|
1080
1122
|
decryptedFields?: Record<CertificateFieldNameUnder50Bytes, Base64String>;
|
|
1081
|
-
constructor(type: Base64String, serialNumber: Base64String, subject: PubKeyHex, certifier: PubKeyHex, revocationOutpoint: OutpointString, fields: Record<CertificateFieldNameUnder50Bytes, string>,
|
|
1082
|
-
async decryptFields(verifierWallet:
|
|
1123
|
+
constructor(type: Base64String, serialNumber: Base64String, subject: PubKeyHex, certifier: PubKeyHex, revocationOutpoint: OutpointString, fields: Record<CertificateFieldNameUnder50Bytes, string>, keyring: Record<CertificateFieldNameUnder50Bytes, string>, signature?: HexString, decryptedFields?: Record<CertificateFieldNameUnder50Bytes, Base64String>)
|
|
1124
|
+
async decryptFields(verifierWallet: ProtoWallet): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
|
|
1083
1125
|
}
|
|
1084
1126
|
```
|
|
1085
1127
|
|
|
1086
|
-
See also: [Base64String](#type-base64string), [Certificate](#class-certificate), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [HexString](#type-hexstring), [OutpointString](#type-outpointstring), [
|
|
1128
|
+
See also: [Base64String](#type-base64string), [Certificate](#class-certificate), [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [HexString](#type-hexstring), [OutpointString](#type-outpointstring), [ProtoWallet](#class-protowallet), [PubKeyHex](#type-pubkeyhex)
|
|
1087
1129
|
|
|
1088
1130
|
<details>
|
|
1089
1131
|
|
|
@@ -1094,9 +1136,9 @@ See also: [Base64String](#type-base64string), [Certificate](#class-certificate),
|
|
|
1094
1136
|
Decrypts selectively revealed certificate fields using the provided keyring and verifier wallet
|
|
1095
1137
|
|
|
1096
1138
|
```ts
|
|
1097
|
-
async decryptFields(verifierWallet:
|
|
1139
|
+
async decryptFields(verifierWallet: ProtoWallet): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
|
|
1098
1140
|
```
|
|
1099
|
-
See also: [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [
|
|
1141
|
+
See also: [CertificateFieldNameUnder50Bytes](#type-certificatefieldnameunder50bytes), [ProtoWallet](#class-protowallet)
|
|
1100
1142
|
|
|
1101
1143
|
Returns
|
|
1102
1144
|
|
|
@@ -1214,7 +1256,7 @@ getVerifiableCertificates = async (wallet: WalletInterface, requestedCertificate
|
|
|
1214
1256
|
fieldsToReveal: requestedCertificates.types[certificate.type],
|
|
1215
1257
|
verifier: verifierIdentityKey
|
|
1216
1258
|
});
|
|
1217
|
-
return new VerifiableCertificate(certificate.type, certificate.serialNumber, certificate.subject, certificate.certifier, certificate.revocationOutpoint, certificate.fields, certificate.signature
|
|
1259
|
+
return new VerifiableCertificate(certificate.type, certificate.serialNumber, certificate.subject, certificate.certifier, certificate.revocationOutpoint, certificate.fields, keyringForVerifier, certificate.signature);
|
|
1218
1260
|
}));
|
|
1219
1261
|
}
|
|
1220
1262
|
```
|
|
@@ -1232,7 +1274,7 @@ validateCertificates = async (verifierWallet: WalletInterface, message: AuthMess
|
|
|
1232
1274
|
if (incomingCert.subject !== message.identityKey) {
|
|
1233
1275
|
throw new Error(`The subject of one of your certificates ("${incomingCert.subject}") is not the same as the request sender ("${message.identityKey}").`);
|
|
1234
1276
|
}
|
|
1235
|
-
const certToVerify = new VerifiableCertificate(incomingCert.type, incomingCert.serialNumber, incomingCert.subject, incomingCert.certifier, incomingCert.revocationOutpoint, incomingCert.fields, incomingCert.
|
|
1277
|
+
const certToVerify = new VerifiableCertificate(incomingCert.type, incomingCert.serialNumber, incomingCert.subject, incomingCert.certifier, incomingCert.revocationOutpoint, incomingCert.fields, incomingCert.keyring, incomingCert.signature);
|
|
1236
1278
|
const isValidCert = await certToVerify.verify();
|
|
1237
1279
|
if (!isValidCert) {
|
|
1238
1280
|
throw new Error(`The signature for the certificate with serial number ${certToVerify.serialNumber} is invalid!`);
|
package/docs/wallet.md
CHANGED
|
@@ -2115,23 +2115,23 @@ enable the management of identity certificates, or store any data. It is also no
|
|
|
2115
2115
|
|
|
2116
2116
|
```ts
|
|
2117
2117
|
export class ProtoWallet {
|
|
2118
|
-
keyDeriver
|
|
2119
|
-
constructor(rootKeyOrKeyDeriver
|
|
2120
|
-
async getPublicKey(args: GetPublicKeyArgs): Promise<{
|
|
2118
|
+
keyDeriver?: KeyDeriverApi;
|
|
2119
|
+
constructor(rootKeyOrKeyDeriver?: PrivateKey | "anyone" | KeyDeriverApi)
|
|
2120
|
+
async getPublicKey(args: GetPublicKeyArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<{
|
|
2121
2121
|
publicKey: PubKeyHex;
|
|
2122
2122
|
}>
|
|
2123
|
-
async revealCounterpartyKeyLinkage(args: RevealCounterpartyKeyLinkageArgs): Promise<RevealCounterpartyKeyLinkageResult>
|
|
2124
|
-
async revealSpecificKeyLinkage(args: RevealSpecificKeyLinkageArgs): Promise<RevealSpecificKeyLinkageResult>
|
|
2125
|
-
async encrypt(args: WalletEncryptArgs): Promise<WalletEncryptResult>
|
|
2126
|
-
async decrypt(args: WalletDecryptArgs): Promise<WalletDecryptResult>
|
|
2127
|
-
async createHmac(args: CreateHmacArgs): Promise<CreateHmacResult>
|
|
2128
|
-
async verifyHmac(args: VerifyHmacArgs): Promise<VerifyHmacResult>
|
|
2129
|
-
async createSignature(args: CreateSignatureArgs): Promise<CreateSignatureResult>
|
|
2130
|
-
async verifySignature(args: VerifySignatureArgs): Promise<VerifySignatureResult>
|
|
2123
|
+
async revealCounterpartyKeyLinkage(args: RevealCounterpartyKeyLinkageArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<RevealCounterpartyKeyLinkageResult>
|
|
2124
|
+
async revealSpecificKeyLinkage(args: RevealSpecificKeyLinkageArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<RevealSpecificKeyLinkageResult>
|
|
2125
|
+
async encrypt(args: WalletEncryptArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<WalletEncryptResult>
|
|
2126
|
+
async decrypt(args: WalletDecryptArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<WalletDecryptResult>
|
|
2127
|
+
async createHmac(args: CreateHmacArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<CreateHmacResult>
|
|
2128
|
+
async verifyHmac(args: VerifyHmacArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<VerifyHmacResult>
|
|
2129
|
+
async createSignature(args: CreateSignatureArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<CreateSignatureResult>
|
|
2130
|
+
async verifySignature(args: VerifySignatureArgs, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<VerifySignatureResult>
|
|
2131
2131
|
}
|
|
2132
2132
|
```
|
|
2133
2133
|
|
|
2134
|
-
See also: [CreateHmacArgs](#interface-createhmacargs), [CreateHmacResult](#interface-createhmacresult), [CreateSignatureArgs](#interface-createsignatureargs), [CreateSignatureResult](#interface-createsignatureresult), [GetPublicKeyArgs](#interface-getpublickeyargs), [KeyDeriverApi](#interface-keyderiverapi), [PrivateKey](#class-privatekey), [PubKeyHex](#type-pubkeyhex), [RevealCounterpartyKeyLinkageArgs](#interface-revealcounterpartykeylinkageargs), [RevealCounterpartyKeyLinkageResult](#interface-revealcounterpartykeylinkageresult), [RevealSpecificKeyLinkageArgs](#interface-revealspecifickeylinkageargs), [RevealSpecificKeyLinkageResult](#interface-revealspecifickeylinkageresult), [VerifyHmacArgs](#interface-verifyhmacargs), [VerifyHmacResult](#interface-verifyhmacresult), [VerifySignatureArgs](#interface-verifysignatureargs), [VerifySignatureResult](#interface-verifysignatureresult), [WalletDecryptArgs](#interface-walletdecryptargs), [WalletDecryptResult](#interface-walletdecryptresult), [WalletEncryptArgs](#interface-walletencryptargs), [WalletEncryptResult](#interface-walletencryptresult), [decrypt](#variable-decrypt), [encrypt](#variable-encrypt)
|
|
2134
|
+
See also: [CreateHmacArgs](#interface-createhmacargs), [CreateHmacResult](#interface-createhmacresult), [CreateSignatureArgs](#interface-createsignatureargs), [CreateSignatureResult](#interface-createsignatureresult), [GetPublicKeyArgs](#interface-getpublickeyargs), [KeyDeriverApi](#interface-keyderiverapi), [OriginatorDomainNameStringUnder250Bytes](#type-originatordomainnamestringunder250bytes), [PrivateKey](#class-privatekey), [PubKeyHex](#type-pubkeyhex), [RevealCounterpartyKeyLinkageArgs](#interface-revealcounterpartykeylinkageargs), [RevealCounterpartyKeyLinkageResult](#interface-revealcounterpartykeylinkageresult), [RevealSpecificKeyLinkageArgs](#interface-revealspecifickeylinkageargs), [RevealSpecificKeyLinkageResult](#interface-revealspecifickeylinkageresult), [VerifyHmacArgs](#interface-verifyhmacargs), [VerifyHmacResult](#interface-verifyhmacresult), [VerifySignatureArgs](#interface-verifysignatureargs), [VerifySignatureResult](#interface-verifysignatureresult), [WalletDecryptArgs](#interface-walletdecryptargs), [WalletDecryptResult](#interface-walletdecryptresult), [WalletEncryptArgs](#interface-walletencryptargs), [WalletEncryptResult](#interface-walletencryptresult), [decrypt](#variable-decrypt), [encrypt](#variable-encrypt)
|
|
2135
2135
|
|
|
2136
2136
|
Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
|
|
2137
2137
|
|
package/package.json
CHANGED
|
@@ -7,44 +7,8 @@ import { Utils, PrivateKey, SymmetricKey } from '../../../dist/cjs/src/primitive
|
|
|
7
7
|
import { VerifiableCertificate, } from "../../../dist/cjs/src/auth/certificates/VerifiableCertificate.js"
|
|
8
8
|
import { MasterCertificate } from '../../../dist/cjs/src/auth/certificates/MasterCertificate.js'
|
|
9
9
|
import { getVerifiableCertificates } from '../../../dist/cjs/src/auth/utils/getVerifiableCertificates.js'
|
|
10
|
-
import { Certificate } from "../../../dist/cjs/src/auth/certificates/index.js"
|
|
11
10
|
jest.mock('../../../dist/cjs/src/auth/utils/getVerifiableCertificates.js')
|
|
12
11
|
|
|
13
|
-
/**
|
|
14
|
-
* A helper function to decrypt a VerifiableCertificate's fields using the provided wallets.
|
|
15
|
-
*/
|
|
16
|
-
async function decryptCertificateFields(
|
|
17
|
-
cert: VerifiableCertificate,
|
|
18
|
-
localWallet: Wallet,
|
|
19
|
-
counterpartyWallet: Wallet
|
|
20
|
-
): Promise<Record<string, string>> {
|
|
21
|
-
const entries = await Promise.all(
|
|
22
|
-
Object.entries(cert.keyring).map(async ([fieldName, encryptedKey]) => {
|
|
23
|
-
// Decrypt the per-field symmetric key
|
|
24
|
-
const { plaintext: masterFieldKey } = await localWallet.decrypt({
|
|
25
|
-
ciphertext: Utils.toArray(encryptedKey, 'base64'),
|
|
26
|
-
...Certificate.getCertificateFieldEncryptionDetails(cert.serialNumber, fieldName),
|
|
27
|
-
counterparty: (await counterpartyWallet.getPublicKey({ identityKey: true })).publicKey,
|
|
28
|
-
})
|
|
29
|
-
|
|
30
|
-
// Decrypt the actual field contents using the decrypted symmetric key
|
|
31
|
-
try {
|
|
32
|
-
const decryptedData = new SymmetricKey(masterFieldKey).decrypt(
|
|
33
|
-
Utils.toArray(cert.fields[fieldName], 'base64')
|
|
34
|
-
)
|
|
35
|
-
return { key: fieldName, value: Utils.toUTF8(decryptedData as number[]) }
|
|
36
|
-
} catch (_) {
|
|
37
|
-
throw new Error(`Decryption of the "${fieldName}" field with its revelation key failed.`)
|
|
38
|
-
}
|
|
39
|
-
})
|
|
40
|
-
)
|
|
41
|
-
|
|
42
|
-
return entries.reduce((acc, { key, value }) => {
|
|
43
|
-
acc[key] = value
|
|
44
|
-
return acc
|
|
45
|
-
}, {} as Record<string, string>)
|
|
46
|
-
}
|
|
47
|
-
|
|
48
12
|
class LocalTransport implements Transport {
|
|
49
13
|
private peerTransport?: LocalTransport
|
|
50
14
|
private onDataCallback?: (message: AuthMessage) => void
|
|
@@ -117,7 +81,15 @@ describe('Peer class mutual authentication and certificate exchange', () => {
|
|
|
117
81
|
): Promise<VerifiableCertificate> {
|
|
118
82
|
const certifierWallet = new ProtoWallet(certifierPrivateKey)
|
|
119
83
|
|
|
120
|
-
const keyringForVerifier = await
|
|
84
|
+
const keyringForVerifier = await MasterCertificate.createKeyringForVerifier(
|
|
85
|
+
wallet,
|
|
86
|
+
certifierWallet.keyDeriver.identityKey,
|
|
87
|
+
verifierIdentityKey,
|
|
88
|
+
masterCertificate.fields,
|
|
89
|
+
fieldsToReveal,
|
|
90
|
+
masterCertificate.masterKeyring,
|
|
91
|
+
masterCertificate.serialNumber
|
|
92
|
+
)
|
|
121
93
|
return new VerifiableCertificate(
|
|
122
94
|
masterCertificate.type,
|
|
123
95
|
masterCertificate.serialNumber,
|
|
@@ -125,8 +97,8 @@ describe('Peer class mutual authentication and certificate exchange', () => {
|
|
|
125
97
|
masterCertificate.certifier,
|
|
126
98
|
masterCertificate.revocationOutpoint,
|
|
127
99
|
masterCertificate.fields,
|
|
128
|
-
|
|
129
|
-
|
|
100
|
+
keyringForVerifier,
|
|
101
|
+
masterCertificate.signature
|
|
130
102
|
)
|
|
131
103
|
}
|
|
132
104
|
|
|
@@ -234,7 +206,7 @@ describe('Peer class mutual authentication and certificate exchange', () => {
|
|
|
234
206
|
if (certificatesReceivedByBob?.length !== 0) {
|
|
235
207
|
certificatesReceivedByBob?.forEach(async cert => {
|
|
236
208
|
// Decrypt to ensure it has the correct fields
|
|
237
|
-
const decryptedFields = await
|
|
209
|
+
const decryptedFields = await cert.decryptFields(walletB)
|
|
238
210
|
if (cert.certifier !== 'bob') {
|
|
239
211
|
console.log('Bob accepted the message:', Utils.toUTF8(payload))
|
|
240
212
|
console.log('Decrypted fields:', decryptedFields)
|
|
@@ -279,7 +251,7 @@ describe('Peer class mutual authentication and certificate exchange', () => {
|
|
|
279
251
|
alice.listenForCertificatesReceived(async (senderPublicKey, certificates) => {
|
|
280
252
|
for (const cert of certificates) {
|
|
281
253
|
// Decrypt Bob's certificate fields
|
|
282
|
-
const decryptedFields = await
|
|
254
|
+
const decryptedFields = await cert.decryptFields(walletA)
|
|
283
255
|
|
|
284
256
|
// Check and use the decrypted fields
|
|
285
257
|
if (Object.keys(decryptedFields).length !== 0 && decryptedFields.libraryCardNumber) {
|
|
@@ -342,7 +314,7 @@ describe('Peer class mutual authentication and certificate exchange', () => {
|
|
|
342
314
|
if (certificates.length > 0) {
|
|
343
315
|
// Decrypt to confirm
|
|
344
316
|
for (const cert of certificates) {
|
|
345
|
-
const decrypted = await
|
|
317
|
+
const decrypted = await cert.decryptFields(walletB)
|
|
346
318
|
console.log('Bob received additional certificates from Alice:', cert)
|
|
347
319
|
console.log('Decrypted fields:', decrypted)
|
|
348
320
|
}
|
|
@@ -384,7 +356,7 @@ describe('Peer class mutual authentication and certificate exchange', () => {
|
|
|
384
356
|
bob.listenForCertificatesReceived(async (senderPublicKey, certificates) => {
|
|
385
357
|
for (const cert of certificates) {
|
|
386
358
|
// Decrypt Alice's certificate fields
|
|
387
|
-
const decryptedFields = await
|
|
359
|
+
const decryptedFields = await cert.decryptFields(walletB)
|
|
388
360
|
if (decryptedFields.membershipStatus) {
|
|
389
361
|
console.log(`Bob received Alice's membership status: ${decryptedFields.membershipStatus}`)
|
|
390
362
|
bobAcceptedMembershipStatus()
|
|
@@ -451,7 +423,7 @@ describe('Peer class mutual authentication and certificate exchange', () => {
|
|
|
451
423
|
const waitForAliceToAcceptBobDL = new Promise<void>((resolve) => {
|
|
452
424
|
alice.listenForCertificatesReceived(async (senderPublicKey, certificates) => {
|
|
453
425
|
for (const cert of certificates) {
|
|
454
|
-
const decryptedFields = await
|
|
426
|
+
const decryptedFields = await cert.decryptFields(walletA)
|
|
455
427
|
if (decryptedFields.driversLicenseNumber) {
|
|
456
428
|
console.log(`Alice received Bob's driver's license number: ${decryptedFields.driversLicenseNumber}`)
|
|
457
429
|
aliceAcceptedBobDL()
|
|
@@ -464,7 +436,7 @@ describe('Peer class mutual authentication and certificate exchange', () => {
|
|
|
464
436
|
const waitForBobToAcceptAliceDL = new Promise<void>((resolve) => {
|
|
465
437
|
bob.listenForCertificatesReceived(async (senderPublicKey, certificates) => {
|
|
466
438
|
for (const cert of certificates) {
|
|
467
|
-
const decryptedFields = await
|
|
439
|
+
const decryptedFields = await cert.decryptFields(walletB)
|
|
468
440
|
if (decryptedFields.driversLicenseNumber) {
|
|
469
441
|
console.log(`Bob received Alice's driver's license number: ${decryptedFields.driversLicenseNumber}`)
|
|
470
442
|
bobAcceptedAliceDL()
|
|
@@ -544,7 +516,7 @@ describe('Peer class mutual authentication and certificate exchange', () => {
|
|
|
544
516
|
const waitForAlicePartialCert = new Promise<void>((resolve) => {
|
|
545
517
|
alice.listenForCertificatesReceived(async (senderPublicKey, certificates) => {
|
|
546
518
|
for (const cert of certificates) {
|
|
547
|
-
const decryptedFields = await
|
|
519
|
+
const decryptedFields = await cert.decryptFields(walletA)
|
|
548
520
|
if (decryptedFields.email || decryptedFields.name) {
|
|
549
521
|
console.log(`Alice received Bob's certificate with fields: ${Object.keys(decryptedFields).join(', ')}`)
|
|
550
522
|
aliceAcceptedPartialCert()
|
|
@@ -557,7 +529,7 @@ describe('Peer class mutual authentication and certificate exchange', () => {
|
|
|
557
529
|
const waitForBobPartialCert = new Promise<void>((resolve) => {
|
|
558
530
|
bob.listenForCertificatesReceived(async (senderPublicKey, certificates) => {
|
|
559
531
|
for (const cert of certificates) {
|
|
560
|
-
const decryptedFields = await
|
|
532
|
+
const decryptedFields = await cert.decryptFields(walletB)
|
|
561
533
|
if (decryptedFields.email || decryptedFields.name) {
|
|
562
534
|
console.log(`Bob received Alice's certificate with fields: ${Object.keys(decryptedFields).join(', ')}`)
|
|
563
535
|
bobAcceptedPartialCert()
|
|
@@ -5,7 +5,6 @@ import {
|
|
|
5
5
|
HexString,
|
|
6
6
|
OutpointString,
|
|
7
7
|
CertificateFieldNameUnder50Bytes,
|
|
8
|
-
WalletInterface,
|
|
9
8
|
Signature,
|
|
10
9
|
WalletProtocol,
|
|
11
10
|
ProtoWallet
|
|
@@ -43,9 +42,9 @@ export default class Certificate {
|
|
|
43
42
|
revocationOutpoint: OutpointString
|
|
44
43
|
|
|
45
44
|
/**
|
|
46
|
-
* All the fields present in the certificate, with field names as keys and field values as strings.
|
|
45
|
+
* All the fields present in the certificate, with field names as keys and encrypted field values as Base64 strings.
|
|
47
46
|
*/
|
|
48
|
-
fields: Record<CertificateFieldNameUnder50Bytes,
|
|
47
|
+
fields: Record<CertificateFieldNameUnder50Bytes, Base64String>
|
|
49
48
|
|
|
50
49
|
/**
|
|
51
50
|
* Certificate signature by the certifier's private key, DER encoded hex string.
|
|
@@ -232,7 +231,7 @@ export default class Certificate {
|
|
|
232
231
|
* @param {Wallet} certifierWallet - The wallet representing the certifier.
|
|
233
232
|
* @returns {Promise<void>}
|
|
234
233
|
*/
|
|
235
|
-
async sign(certifierWallet:
|
|
234
|
+
async sign(certifierWallet: ProtoWallet): Promise<void> {
|
|
236
235
|
if (this.signature) {
|
|
237
236
|
throw new Error(`Certificate has already been signed! Signature present: ${this.signature}`)
|
|
238
237
|
}
|
|
@@ -258,7 +257,7 @@ export default class Certificate {
|
|
|
258
257
|
* - `protocolID` (WalletProtocol): The protocol ID for certificate field encryption.
|
|
259
258
|
* - `keyID` (string): A unique key identifier derived from the serial number and field name.
|
|
260
259
|
*/
|
|
261
|
-
static getCertificateFieldEncryptionDetails(
|
|
260
|
+
static getCertificateFieldEncryptionDetails(fieldName: string, serialNumber?: string): { protocolID: WalletProtocol, keyID: string } {
|
|
262
261
|
return { protocolID: [2, 'certificate field encryption'], keyID: `${serialNumber} ${fieldName}` }
|
|
263
262
|
}
|
|
264
263
|
}
|