@bsv/sdk 1.3.32 → 1.3.33
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/package.json +1 -1
- package/dist/cjs/src/auth/certificates/MasterCertificate.js +25 -15
- package/dist/cjs/src/auth/certificates/MasterCertificate.js.map +1 -1
- package/dist/cjs/src/auth/certificates/VerifiableCertificate.js +6 -2
- package/dist/cjs/src/auth/certificates/VerifiableCertificate.js.map +1 -1
- package/dist/cjs/tsconfig.cjs.tsbuildinfo +1 -1
- package/dist/esm/src/auth/certificates/MasterCertificate.js +25 -15
- package/dist/esm/src/auth/certificates/MasterCertificate.js.map +1 -1
- package/dist/esm/src/auth/certificates/VerifiableCertificate.js +6 -2
- package/dist/esm/src/auth/certificates/VerifiableCertificate.js.map +1 -1
- package/dist/esm/tsconfig.esm.tsbuildinfo +1 -1
- package/dist/types/src/auth/certificates/MasterCertificate.d.ts +10 -4
- package/dist/types/src/auth/certificates/MasterCertificate.d.ts.map +1 -1
- package/dist/types/src/auth/certificates/VerifiableCertificate.d.ts +3 -1
- package/dist/types/src/auth/certificates/VerifiableCertificate.d.ts.map +1 -1
- package/dist/types/tsconfig.types.tsbuildinfo +1 -1
- package/dist/umd/bundle.js +1 -1
- package/docs/auth.md +25 -9
- package/package.json +1 -1
- package/src/auth/certificates/MasterCertificate.ts +37 -13
- package/src/auth/certificates/VerifiableCertificate.ts +8 -2
|
@@ -28,13 +28,15 @@ export class MasterCertificate extends Certificate {
|
|
|
28
28
|
* @param {ProtoWallet} creatorWallet - The wallet of the creator responsible for encrypting the fields.
|
|
29
29
|
* @param {WalletCounterparty} certifierOrSubject - The certifier or subject who will validate the certificate fields.
|
|
30
30
|
* @param {Record<CertificateFieldNameUnder50Bytes, string>} fields - A record of certificate field names (under 50 bytes) mapped to their values.
|
|
31
|
+
* @param {BooleanDefaultFalse} [privileged] - Whether this is a privileged request.
|
|
32
|
+
* @param {DescriptionString5to50Bytes} [privilegedReason] - Reason provided for privileged access, required if this is a privileged operation. *
|
|
31
33
|
* @returns {Promise<CreateCertificateFieldsResult>} A promise resolving to an object containing:
|
|
32
34
|
* - `certificateFields` {Record<CertificateFieldNameUnder50Bytes, Base64String>}:
|
|
33
35
|
* The encrypted certificate fields.
|
|
34
36
|
* - `masterKeyring` {Record<CertificateFieldNameUnder50Bytes, Base64String>}:
|
|
35
37
|
* The master keyring containing encrypted revelation keys for each field.
|
|
36
38
|
*/
|
|
37
|
-
static async createCertificateFields(creatorWallet, certifierOrSubject, fields) {
|
|
39
|
+
static async createCertificateFields(creatorWallet, certifierOrSubject, fields, privileged, privilegedReason) {
|
|
38
40
|
const certificateFields = {};
|
|
39
41
|
const masterKeyring = {};
|
|
40
42
|
for (const [fieldName, fieldValue] of Object.entries(fields)) {
|
|
@@ -44,7 +46,9 @@ export class MasterCertificate extends Certificate {
|
|
|
44
46
|
const { ciphertext: encryptedFieldRevelationKey } = await creatorWallet.encrypt({
|
|
45
47
|
plaintext: fieldSymmetricKey.toArray(),
|
|
46
48
|
...Certificate.getCertificateFieldEncryptionDetails(fieldName),
|
|
47
|
-
counterparty: certifierOrSubject
|
|
49
|
+
counterparty: certifierOrSubject,
|
|
50
|
+
privileged,
|
|
51
|
+
privilegedReason
|
|
48
52
|
});
|
|
49
53
|
masterKeyring[fieldName] = Utils.toBase64(encryptedFieldRevelationKey);
|
|
50
54
|
}
|
|
@@ -64,12 +68,14 @@ export class MasterCertificate extends Certificate {
|
|
|
64
68
|
* @param {string[]} fieldsToReveal - An array of field names to be revealed to the verifier. Must be a subset of the certificate's fields.
|
|
65
69
|
* @param {string} [originator] - Optional originator identifier, used if additional context is needed for decryption and encryption operations.
|
|
66
70
|
* @returns {Promise<Record<CertificateFieldNameUnder50Bytes, string>>} - A keyring mapping field names to encrypted field revelation keys, allowing the verifier to decrypt specified fields.
|
|
71
|
+
* @param {BooleanDefaultFalse} [privileged] - Whether this is a privileged request.
|
|
72
|
+
* @param {DescriptionString5to50Bytes} [privilegedReason] - Reason provided for privileged access, required if this is a privileged operation. *
|
|
67
73
|
* @throws {Error} Throws an error if:
|
|
68
74
|
* - fieldsToReveal is not an array of strings.
|
|
69
75
|
* - A field in `fieldsToReveal` does not exist in the certificate.
|
|
70
76
|
* - The decrypted master field key fails to decrypt the corresponding field (indicating an invalid key).
|
|
71
77
|
*/
|
|
72
|
-
static async createKeyringForVerifier(subjectWallet, certifier, verifier, fields, fieldsToReveal, masterKeyring, serialNumber) {
|
|
78
|
+
static async createKeyringForVerifier(subjectWallet, certifier, verifier, fields, fieldsToReveal, masterKeyring, serialNumber, privileged, privilegedReason) {
|
|
73
79
|
if (!Array.isArray(fieldsToReveal)) {
|
|
74
80
|
throw new Error('fieldsToReveal must be an array of strings');
|
|
75
81
|
}
|
|
@@ -80,12 +86,14 @@ export class MasterCertificate extends Certificate {
|
|
|
80
86
|
throw new Error(`Fields to reveal must be a subset of the certificate fields. Missing the "${fieldName}" field.`);
|
|
81
87
|
}
|
|
82
88
|
// Decrypt the master field key and verify that derived key actually decrypts requested field
|
|
83
|
-
const masterFieldKey = (await this.decryptField(subjectWallet, masterKeyring, fieldName, fields[fieldName], certifier)).fieldRevelationKey;
|
|
89
|
+
const masterFieldKey = (await this.decryptField(subjectWallet, masterKeyring, fieldName, fields[fieldName], certifier, privileged, privilegedReason)).fieldRevelationKey;
|
|
84
90
|
// Encrypt derived fieldRevelationKey for verifier
|
|
85
91
|
const { ciphertext: encryptedFieldRevelationKey } = await subjectWallet.encrypt({
|
|
86
92
|
plaintext: masterFieldKey,
|
|
87
93
|
...Certificate.getCertificateFieldEncryptionDetails(fieldName, serialNumber),
|
|
88
|
-
counterparty: verifier
|
|
94
|
+
counterparty: verifier,
|
|
95
|
+
privileged,
|
|
96
|
+
privilegedReason
|
|
89
97
|
});
|
|
90
98
|
// Add encryptedFieldRevelationKey to fieldRevelationKeyring
|
|
91
99
|
fieldRevelationKeyring[fieldName] = Utils.toBase64(encryptedFieldRevelationKey);
|
|
@@ -115,17 +123,15 @@ export class MasterCertificate extends Certificate {
|
|
|
115
123
|
static async issueCertificateForSubject(certifierWallet, subject, fields, certificateType, getRevocationOutpoint = async (_serial) => {
|
|
116
124
|
void _serial; // Explicitly acknowledge unused parameter
|
|
117
125
|
return 'Certificate revocation not tracked.';
|
|
118
|
-
}, serialNumber
|
|
119
|
-
) {
|
|
126
|
+
}, serialNumber) {
|
|
120
127
|
// 1. Generate a random serialNumber if not provided
|
|
121
|
-
const finalSerialNumber = serialNumber ?? Utils.toBase64(Random(32));
|
|
128
|
+
const finalSerialNumber = serialNumber ?? Utils.toBase64(Random(32));
|
|
122
129
|
// 2. Create encrypted certificate fields and associated master keyring
|
|
123
130
|
const { certificateFields, masterKeyring } = await this.createCertificateFields(certifierWallet, subject, fields);
|
|
124
131
|
// 3. Obtain a revocation outpoint
|
|
125
|
-
const revocationOutpoint = await getRevocationOutpoint(finalSerialNumber);
|
|
132
|
+
const revocationOutpoint = await getRevocationOutpoint(finalSerialNumber);
|
|
126
133
|
// 4. Create new MasterCertificate instance
|
|
127
|
-
const certificate = new MasterCertificate(certificateType, finalSerialNumber,
|
|
128
|
-
subject, (await certifierWallet.getPublicKey({ identityKey: true })).publicKey, revocationOutpoint, certificateFields, masterKeyring);
|
|
134
|
+
const certificate = new MasterCertificate(certificateType, finalSerialNumber, subject, (await certifierWallet.getPublicKey({ identityKey: true })).publicKey, revocationOutpoint, certificateFields, masterKeyring);
|
|
129
135
|
// 5. Sign and return the new MasterCertificate certifying the subject.
|
|
130
136
|
await certificate.sign(certifierWallet);
|
|
131
137
|
return certificate;
|
|
@@ -143,11 +149,13 @@ export class MasterCertificate extends Certificate {
|
|
|
143
149
|
* @param {Record<CertificateFieldNameUnder50Bytes, Base64String>} masterKeyring - A record containing encrypted keys for each field.
|
|
144
150
|
* @param {Record<CertificateFieldNameUnder50Bytes, Base64String>} fields - A record of encrypted field names and their values.
|
|
145
151
|
* @param {WalletCounterparty} counterparty - The counterparty responsible for creating or signing the certificate. For self-signed certificates, use 'self'.
|
|
152
|
+
* @param {BooleanDefaultFalse} [privileged] - Whether this is a privileged request.
|
|
153
|
+
* @param {DescriptionString5to50Bytes} [privilegedReason] - Reason provided for privileged access, required if this is a privileged operation.
|
|
146
154
|
* @returns {Promise<Record<CertificateFieldNameUnder50Bytes, string>>} A promise resolving to a record of field names and their decrypted values in plaintext.
|
|
147
155
|
*
|
|
148
156
|
* @throws {Error} Throws an error if the `masterKeyring` is invalid or if decryption fails for any field.
|
|
149
157
|
*/
|
|
150
|
-
static async decryptFields(subjectOrCertifierWallet, masterKeyring, fields, counterparty) {
|
|
158
|
+
static async decryptFields(subjectOrCertifierWallet, masterKeyring, fields, counterparty, privileged, privilegedReason) {
|
|
151
159
|
if (masterKeyring == null || Object.keys(masterKeyring).length === 0) {
|
|
152
160
|
throw new Error('A MasterCertificate must have a valid masterKeyring!');
|
|
153
161
|
}
|
|
@@ -155,7 +163,7 @@ export class MasterCertificate extends Certificate {
|
|
|
155
163
|
const decryptedFields = {};
|
|
156
164
|
// Note: we want to iterate through all fields, not just masterKeyring keys/value pairs.
|
|
157
165
|
for (const fieldName of Object.keys(fields)) {
|
|
158
|
-
decryptedFields[fieldName] = (await this.decryptField(subjectOrCertifierWallet, masterKeyring, fieldName, fields[fieldName], counterparty)).decryptedFieldValue;
|
|
166
|
+
decryptedFields[fieldName] = (await this.decryptField(subjectOrCertifierWallet, masterKeyring, fieldName, fields[fieldName], counterparty, privileged, privilegedReason)).decryptedFieldValue;
|
|
159
167
|
}
|
|
160
168
|
return decryptedFields;
|
|
161
169
|
}
|
|
@@ -163,7 +171,7 @@ export class MasterCertificate extends Certificate {
|
|
|
163
171
|
throw new Error('Failed to decrypt all master certificate fields.');
|
|
164
172
|
}
|
|
165
173
|
}
|
|
166
|
-
static async decryptField(subjectOrCertifierWallet, masterKeyring, fieldName, fieldValue, counterparty) {
|
|
174
|
+
static async decryptField(subjectOrCertifierWallet, masterKeyring, fieldName, fieldValue, counterparty, privileged, privilegedReason) {
|
|
167
175
|
if (masterKeyring == null || Object.keys(masterKeyring).length === 0) {
|
|
168
176
|
throw new Error('A MasterCertificate must have a valid masterKeyring!');
|
|
169
177
|
}
|
|
@@ -171,7 +179,9 @@ export class MasterCertificate extends Certificate {
|
|
|
171
179
|
const { plaintext: fieldRevelationKey } = await subjectOrCertifierWallet.decrypt({
|
|
172
180
|
ciphertext: Utils.toArray(masterKeyring[fieldName], 'base64'),
|
|
173
181
|
...Certificate.getCertificateFieldEncryptionDetails(fieldName),
|
|
174
|
-
counterparty
|
|
182
|
+
counterparty,
|
|
183
|
+
privileged,
|
|
184
|
+
privilegedReason
|
|
175
185
|
});
|
|
176
186
|
const decryptedFieldValue = new SymmetricKey(fieldRevelationKey).decrypt(Utils.toArray(fieldValue, 'base64'));
|
|
177
187
|
return {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"MasterCertificate.js","sourceRoot":"","sources":["../../../../../src/auth/certificates/MasterCertificate.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,KAAK,EAML,MAAM,EAGP,MAAM,iBAAiB,CAAA;AACxB,OAAO,WAAW,MAAM,kBAAkB,CAAA;AAO1C;;;;;;;GAOG;AACH,MAAM,OAAO,iBAAkB,SAAQ,WAAW;IAShD,aAAa,CAAwD;IAErE,YACE,IAAkB,EAClB,YAA0B,EAC1B,OAAkB,EAClB,SAAoB,EACpB,kBAAkC,EAClC,MAA8D,EAC9D,aAAqE,EACrE,SAAqB;QAErB,KAAK,CACH,IAAI,EACJ,YAAY,EACZ,OAAO,EACP,SAAS,EACT,kBAAkB,EAClB,MAAM,EACN,SAAS,CACV,CAAA;QAED,4FAA4F;QAC5F,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;YAC3C,IAAI,aAAa,CAAC,SAAS,CAAC,KAAK,SAAS,IAAI,aAAa,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE;gBAC7E,MAAM,IAAI,KAAK,CACb,yFAAyF,SAAS,IAAI,CACvG,CAAA;aACF;SACF;QAED,IAAI,CAAC,aAAa,GAAG,aAAa,CAAA;IACpC,CAAC;IAED
|
|
1
|
+
{"version":3,"file":"MasterCertificate.js","sourceRoot":"","sources":["../../../../../src/auth/certificates/MasterCertificate.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,KAAK,EAML,MAAM,EAGP,MAAM,iBAAiB,CAAA;AACxB,OAAO,WAAW,MAAM,kBAAkB,CAAA;AAO1C;;;;;;;GAOG;AACH,MAAM,OAAO,iBAAkB,SAAQ,WAAW;IAShD,aAAa,CAAwD;IAErE,YACE,IAAkB,EAClB,YAA0B,EAC1B,OAAkB,EAClB,SAAoB,EACpB,kBAAkC,EAClC,MAA8D,EAC9D,aAAqE,EACrE,SAAqB;QAErB,KAAK,CACH,IAAI,EACJ,YAAY,EACZ,OAAO,EACP,SAAS,EACT,kBAAkB,EAClB,MAAM,EACN,SAAS,CACV,CAAA;QAED,4FAA4F;QAC5F,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;YAC3C,IAAI,aAAa,CAAC,SAAS,CAAC,KAAK,SAAS,IAAI,aAAa,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE;gBAC7E,MAAM,IAAI,KAAK,CACb,yFAAyF,SAAS,IAAI,CACvG,CAAA;aACF;SACF;QAED,IAAI,CAAC,aAAa,GAAG,aAAa,CAAA;IACpC,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACH,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAClC,aAA0B,EAC1B,kBAAsC,EACtC,MAAwD,EACxD,UAAoB,EACpB,gBAAyB;QAEzB,MAAM,iBAAiB,GAGnB,EAAE,CAAA;QACN,MAAM,aAAa,GAGf,EAAE,CAAA;QACN,KAAK,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;YAC5D,MAAM,iBAAiB,GAAG,YAAY,CAAC,UAAU,EAAE,CAAA;YACnD,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,OAAO,CACnD,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,CAClC,CAAA;YACD,iBAAiB,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,QAAQ,CAC3C,mBAA+B,CAChC,CAAA;YAED,MAAM,EAAE,UAAU,EAAE,2BAA2B,EAAE,GAC/C,MAAM,aAAa,CAAC,OAAO,CACzB;gBACE,SAAS,EAAE,iBAAiB,CAAC,OAAO,EAAE;gBACtC,GAAG,WAAW,CAAC,oCAAoC,CAAC,SAAS,CAAC;gBAC9D,YAAY,EAAE,kBAAkB;gBAChC,UAAU;gBACV,gBAAgB;aACjB,CACF,CAAA;YACH,aAAa,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,2BAA2B,CAAC,CAAA;SACvE;QAED,OAAO;YACL,iBAAiB;YACjB,aAAa;SACd,CAAA;IACH,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACH,MAAM,CAAC,KAAK,CAAC,wBAAwB,CACnC,aAA0B,EAC1B,SAA6B,EAC7B,QAA4B,EAC5B,MAA8D,EAC9D,cAAwB,EACxB,aAAqE,EACrE,YAA0B,EAC1B,UAAoB,EACpB,gBAAyB;QAEzB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE;YAClC,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;SAC9D;QACD,MAAM,sBAAsB,GAAG,EAAE,CAAA;QACjC,KAAK,MAAM,SAAS,IAAI,cAAc,EAAE;YACtC,wEAAwE;YACxE,IAAI,MAAM,CAAC,SAAS,CAAC,KAAK,SAAS,IAAI,MAAM,CAAC,SAAS,CAAC,KAAK,IAAI,IAAI,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE;gBAC7F,MAAM,IAAI,KAAK,CACb,6EAA6E,SAAS,UAAU,CACjG,CAAA;aACF;YAED,6FAA6F;YAC7F,MAAM,cAAc,GAAG,CACrB,MAAM,IAAI,CAAC,YAAY,CACrB,aAAa,EACb,aAAa,EACb,SAAS,EACT,MAAM,CAAC,SAAS,CAAC,EACjB,SAAS,EACT,UAAU,EACV,gBAAgB,CACjB,CACF,CAAC,kBAAkB,CAAA;YAEpB,kDAAkD;YAClD,MAAM,EAAE,UAAU,EAAE,2BAA2B,EAAE,GAC/C,MAAM,aAAa,CAAC,OAAO,CACzB;gBACE,SAAS,EAAE,cAAc;gBACzB,GAAG,WAAW,CAAC,oCAAoC,CACjD,SAAS,EACT,YAAY,CACb;gBACD,YAAY,EAAE,QAAQ;gBACtB,UAAU;gBACV,gBAAgB;aACjB,CACF,CAAA;YAEH,4DAA4D;YAC5D,sBAAsB,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,QAAQ,CAChD,2BAA2B,CAC5B,CAAA;SACF;QAED,2GAA2G;QAC3G,OAAO,sBAAsB,CAAA;IAC/B,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,KAAK,CAAC,0BAA0B,CACrC,eAA4B,EAC5B,OAA2B,EAC3B,MAAwD,EACxD,eAAuB,EACvB,wBAAwB,KAAK,EAAE,OAAe,EAAmB,EAAE;QACjE,KAAK,OAAO,CAAA,CAAC,0CAA0C;QACvD,OAAO,qCAAqC,CAAA;IAC9C,CAAC,EACD,YAAqB;QAErB,oDAAoD;QACpD,MAAM,iBAAiB,GAAG,YAAY,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAA;QAEpE,uEAAuE;QACvE,MAAM,EAAE,iBAAiB,EAAE,aAAa,EAAE,GACxC,MAAM,IAAI,CAAC,uBAAuB,CAAC,eAAe,EAAE,OAAO,EAAE,MAAM,CAAC,CAAA;QAEtE,kCAAkC;QAClC,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CAAC,iBAAiB,CAAC,CAAA;QAEzE,2CAA2C;QAC3C,MAAM,WAAW,GAAG,IAAI,iBAAiB,CACvC,eAAe,EACf,iBAAiB,EACjB,OAAO,EACP,CAAC,MAAM,eAAe,CAAC,YAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,EACrE,kBAAkB,EAClB,iBAAiB,EACjB,aAAa,CACd,CAAA;QAED,uEAAuE;QACvE,MAAM,WAAW,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;QACvC,OAAO,WAAW,CAAA;IACpB,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACH,MAAM,CAAC,KAAK,CAAC,aAAa,CACxB,wBAAqC,EACrC,aAAqE,EACrE,MAA8D,EAC9D,YAAgC,EAChC,UAAoB,EACpB,gBAAyB;QAEzB,IAAI,aAAa,IAAI,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;YACpE,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAA;SACxE;QACD,IAAI;YACF,MAAM,eAAe,GACnB,EAAE,CAAA;YACJ,wFAAwF;YACxF,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;gBAC3C,eAAe,CAAC,SAAS,CAAC,GAAG,CAC3B,MAAM,IAAI,CAAC,YAAY,CACrB,wBAAwB,EACxB,aAAa,EACb,SAAS,EACT,MAAM,CAAC,SAAS,CAAC,EACjB,YAAY,EACZ,UAAU,EACV,gBAAgB,CACjB,CACF,CAAC,mBAAmB,CAAA;aACtB;YACD,OAAO,eAAe,CAAA;SACvB;QAAC,MAAM;YACN,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAA;SACpE;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,YAAY,CACvB,wBAAqC,EACrC,aAAqE,EACrE,SAAuB,EACvB,UAAwB,EACxB,YAAgC,EAChC,UAAoB,EACpB,gBAAyB;QAEzB,IAAI,aAAa,IAAI,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;YACpE,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAA;SACxE;QACD,IAAI;YACF,MAAM,EAAE,SAAS,EAAE,kBAAkB,EAAE,GACrC,MAAM,wBAAwB,CAAC,OAAO,CACpC;gBACE,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC;gBAC7D,GAAG,WAAW,CAAC,oCAAoC,CAAC,SAAS,CAAC;gBAC9D,YAAY;gBACZ,UAAU;gBACV,gBAAgB;aACjB,CACF,CAAA;YAEH,MAAM,mBAAmB,GAAG,IAAI,YAAY,CAAC,kBAAkB,CAAC,CAAC,OAAO,CACtE,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,CAAC,CACpC,CAAA;YACD,OAAO;gBACL,kBAAkB;gBAClB,mBAAmB,EAAE,KAAK,CAAC,MAAM,CAAC,mBAA+B,CAAC;aACnE,CAAA;SACF;QAAC,MAAM;YACN,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;SACxD;IACH,CAAC;CACF"}
|
|
@@ -16,9 +16,11 @@ export class VerifiableCertificate extends Certificate {
|
|
|
16
16
|
* Decrypts selectively revealed certificate fields using the provided keyring and verifier wallet
|
|
17
17
|
* @param {ProtoWallet} verifierWallet - The wallet instance of the certificate's verifier, used to decrypt field keys.
|
|
18
18
|
* @returns {Promise<Record<CertificateFieldNameUnder50Bytes, string>>} - A promise that resolves to an object where each key is a field name and each value is the decrypted field value as a string.
|
|
19
|
+
* @param {BooleanDefaultFalse} [privileged] - Whether this is a privileged request.
|
|
20
|
+
* @param {DescriptionString5to50Bytes} [privilegedReason] - Reason provided for privileged access, required if this is a privileged operation.
|
|
19
21
|
* @throws {Error} Throws an error if any of the decryption operations fail, with a message indicating the failure context.
|
|
20
22
|
*/
|
|
21
|
-
async decryptFields(verifierWallet) {
|
|
23
|
+
async decryptFields(verifierWallet, privileged, privilegedReason) {
|
|
22
24
|
if (this.keyring == null || Object.keys(this.keyring).length === 0) { // ✅ Explicitly check null and empty object
|
|
23
25
|
throw new Error('A keyring is required to decrypt certificate fields for the verifier.');
|
|
24
26
|
}
|
|
@@ -28,7 +30,9 @@ export class VerifiableCertificate extends Certificate {
|
|
|
28
30
|
const { plaintext: fieldRevelationKey } = await verifierWallet.decrypt({
|
|
29
31
|
ciphertext: Utils.toArray(this.keyring[fieldName], 'base64'),
|
|
30
32
|
...Certificate.getCertificateFieldEncryptionDetails(fieldName, this.serialNumber),
|
|
31
|
-
counterparty: this.subject
|
|
33
|
+
counterparty: this.subject,
|
|
34
|
+
privileged,
|
|
35
|
+
privilegedReason
|
|
32
36
|
});
|
|
33
37
|
const fieldValue = new SymmetricKey(fieldRevelationKey).decrypt(Utils.toArray(this.fields[fieldName], 'base64'));
|
|
34
38
|
decryptedFields[fieldName] = Utils.toUTF8(fieldValue);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"VerifiableCertificate.js","sourceRoot":"","sources":["../../../../../src/auth/certificates/VerifiableCertificate.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,KAAK,EAON,MAAM,iBAAiB,CAAA;AACxB,OAAO,WAAW,MAAM,kBAAkB,CAAA;AAE1C;;;GAGG;AACH,MAAM,OAAO,qBAAsB,SAAQ,WAAW;IASpD,OAAO,CAAkD;IACzD,eAAe,CAAyD;IAExE,YACE,IAAkB,EAClB,YAA0B,EAC1B,OAAkB,EAClB,SAAoB,EACpB,kBAAkC,EAClC,MAAwD,EACxD,OAAyD,EACzD,SAAqB,EACrB,eAAwE;QAExE,KAAK,CACH,IAAI,EACJ,YAAY,EACZ,OAAO,EACP,SAAS,EACT,kBAAkB,EAClB,MAAM,EACN,SAAS,CACV,CAAA;QACD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,IAAI,CAAC,eAAe,GAAG,eAAe,CAAA;IACxC,CAAC;IAED
|
|
1
|
+
{"version":3,"file":"VerifiableCertificate.js","sourceRoot":"","sources":["../../../../../src/auth/certificates/VerifiableCertificate.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,KAAK,EAON,MAAM,iBAAiB,CAAA;AACxB,OAAO,WAAW,MAAM,kBAAkB,CAAA;AAE1C;;;GAGG;AACH,MAAM,OAAO,qBAAsB,SAAQ,WAAW;IASpD,OAAO,CAAkD;IACzD,eAAe,CAAyD;IAExE,YACE,IAAkB,EAClB,YAA0B,EAC1B,OAAkB,EAClB,SAAoB,EACpB,kBAAkC,EAClC,MAAwD,EACxD,OAAyD,EACzD,SAAqB,EACrB,eAAwE;QAExE,KAAK,CACH,IAAI,EACJ,YAAY,EACZ,OAAO,EACP,SAAS,EACT,kBAAkB,EAClB,MAAM,EACN,SAAS,CACV,CAAA;QACD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,IAAI,CAAC,eAAe,GAAG,eAAe,CAAA;IACxC,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,aAAa,CACjB,cAA2B,EAC3B,UAAoB,EACpB,gBAAyB;QAEzB,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,EAAE,2CAA2C;YAC/G,MAAM,IAAI,KAAK,CACb,uEAAuE,CACxE,CAAA;SACF;QAED,IAAI;YACF,MAAM,eAAe,GACnB,EAAE,CAAA;YACJ,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,OAAO,EAAE;gBACpC,MAAM,EAAE,SAAS,EAAE,kBAAkB,EAAE,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC;oBACrE,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC;oBAC5D,GAAG,WAAW,CAAC,oCAAoC,CACjD,SAAS,EACT,IAAI,CAAC,YAAY,CAClB;oBACD,YAAY,EAAE,IAAI,CAAC,OAAO;oBAC1B,UAAU;oBACV,gBAAgB;iBACjB,CAAC,CAAA;gBAEF,MAAM,UAAU,GAAG,IAAI,YAAY,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAC7D,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC,CAChD,CAAA;gBACD,eAAe,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,UAAsB,CAAC,CAAA;aAClE;YACD,OAAO,eAAe,CAAA;SACvB;QAAC,OAAO,KAAK,EAAE;YACd,MAAM,IAAI,KAAK,CACb,4EAA4E,MAAM,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAErI,CAAA;SACF;IACH,CAAC;CACF"}
|