@bsv/sdk 1.7.3 → 1.7.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/package.json +1 -1
- package/dist/cjs/src/auth/Peer.js +26 -25
- package/dist/cjs/src/auth/Peer.js.map +1 -1
- package/dist/cjs/src/auth/certificates/VerifiableCertificate.js +3 -3
- package/dist/cjs/src/auth/certificates/VerifiableCertificate.js.map +1 -1
- package/dist/cjs/src/auth/clients/AuthFetch.js +9 -9
- package/dist/cjs/src/auth/clients/AuthFetch.js.map +1 -1
- package/dist/cjs/src/auth/utils/createNonce.js +2 -2
- package/dist/cjs/src/auth/utils/createNonce.js.map +1 -1
- package/dist/cjs/src/auth/utils/getVerifiableCertificates.js +3 -3
- package/dist/cjs/src/auth/utils/getVerifiableCertificates.js.map +1 -1
- package/dist/cjs/src/auth/utils/validateCertificates.js +3 -3
- package/dist/cjs/src/auth/utils/validateCertificates.js.map +1 -1
- package/dist/cjs/src/auth/utils/verifyNonce.js +2 -2
- package/dist/cjs/src/auth/utils/verifyNonce.js.map +1 -1
- package/dist/cjs/src/identity/ContactsManager.js +12 -9
- package/dist/cjs/src/identity/ContactsManager.js.map +1 -1
- package/dist/cjs/src/identity/IdentityClient.js +3 -2
- package/dist/cjs/src/identity/IdentityClient.js.map +1 -1
- package/dist/cjs/src/storage/StorageDownloader.js +3 -3
- package/dist/cjs/src/storage/StorageDownloader.js.map +1 -1
- package/dist/cjs/src/wallet/ProtoWallet.js +1 -1
- package/dist/cjs/src/wallet/ProtoWallet.js.map +1 -1
- package/dist/cjs/tsconfig.cjs.tsbuildinfo +1 -1
- package/dist/esm/src/auth/Peer.js +27 -25
- package/dist/esm/src/auth/Peer.js.map +1 -1
- package/dist/esm/src/auth/certificates/VerifiableCertificate.js +3 -3
- package/dist/esm/src/auth/certificates/VerifiableCertificate.js.map +1 -1
- package/dist/esm/src/auth/clients/AuthFetch.js +10 -9
- package/dist/esm/src/auth/clients/AuthFetch.js.map +1 -1
- package/dist/esm/src/auth/utils/createNonce.js +2 -2
- package/dist/esm/src/auth/utils/createNonce.js.map +1 -1
- package/dist/esm/src/auth/utils/getVerifiableCertificates.js +3 -3
- package/dist/esm/src/auth/utils/getVerifiableCertificates.js.map +1 -1
- package/dist/esm/src/auth/utils/validateCertificates.js +3 -3
- package/dist/esm/src/auth/utils/validateCertificates.js.map +1 -1
- package/dist/esm/src/auth/utils/verifyNonce.js +2 -2
- package/dist/esm/src/auth/utils/verifyNonce.js.map +1 -1
- package/dist/esm/src/identity/ContactsManager.js +13 -10
- package/dist/esm/src/identity/ContactsManager.js.map +1 -1
- package/dist/esm/src/identity/IdentityClient.js +3 -2
- package/dist/esm/src/identity/IdentityClient.js.map +1 -1
- package/dist/esm/src/storage/StorageDownloader.js +4 -3
- package/dist/esm/src/storage/StorageDownloader.js.map +1 -1
- package/dist/esm/src/wallet/ProtoWallet.js +1 -1
- package/dist/esm/src/wallet/ProtoWallet.js.map +1 -1
- package/dist/esm/tsconfig.esm.tsbuildinfo +1 -1
- package/dist/types/src/auth/Peer.d.ts +3 -2
- package/dist/types/src/auth/Peer.d.ts.map +1 -1
- package/dist/types/src/auth/certificates/VerifiableCertificate.d.ts +2 -2
- package/dist/types/src/auth/certificates/VerifiableCertificate.d.ts.map +1 -1
- package/dist/types/src/auth/clients/AuthFetch.d.ts +3 -2
- package/dist/types/src/auth/clients/AuthFetch.d.ts.map +1 -1
- package/dist/types/src/auth/utils/createNonce.d.ts +2 -2
- package/dist/types/src/auth/utils/createNonce.d.ts.map +1 -1
- package/dist/types/src/auth/utils/getVerifiableCertificates.d.ts +2 -2
- package/dist/types/src/auth/utils/getVerifiableCertificates.d.ts.map +1 -1
- package/dist/types/src/auth/utils/validateCertificates.d.ts +2 -2
- package/dist/types/src/auth/utils/validateCertificates.d.ts.map +1 -1
- package/dist/types/src/auth/utils/verifyNonce.d.ts +2 -2
- package/dist/types/src/auth/utils/verifyNonce.d.ts.map +1 -1
- package/dist/types/src/identity/ContactsManager.d.ts +2 -1
- package/dist/types/src/identity/ContactsManager.d.ts.map +1 -1
- package/dist/types/src/identity/IdentityClient.d.ts +2 -1
- package/dist/types/src/identity/IdentityClient.d.ts.map +1 -1
- package/dist/types/src/storage/StorageDownloader.d.ts +1 -0
- package/dist/types/src/storage/StorageDownloader.d.ts.map +1 -1
- package/dist/types/src/wallet/ProtoWallet.d.ts +1 -1
- package/dist/types/src/wallet/ProtoWallet.d.ts.map +1 -1
- package/dist/types/tsconfig.types.tsbuildinfo +1 -1
- package/dist/umd/bundle.js +2 -2
- package/dist/umd/bundle.js.map +1 -1
- package/docs/reference/auth.md +23 -23
- package/docs/reference/identity.md +8 -4
- package/docs/reference/wallet.md +1 -1
- package/package.json +1 -1
- package/src/auth/Peer.ts +34 -26
- package/src/auth/certificates/VerifiableCertificate.ts +5 -4
- package/src/auth/clients/AuthFetch.ts +13 -10
- package/src/auth/utils/__tests/getVerifiableCertificates.test.ts +3 -3
- package/src/auth/utils/__tests/validateCertificates.test.ts +3 -3
- package/src/auth/utils/createNonce.ts +5 -3
- package/src/auth/utils/getVerifiableCertificates.ts +5 -4
- package/src/auth/utils/validateCertificates.ts +5 -4
- package/src/auth/utils/verifyNonce.ts +4 -3
- package/src/identity/ContactsManager.ts +12 -10
- package/src/identity/IdentityClient.ts +3 -2
- package/src/identity/__tests/IdentityClient.test.ts +10 -4
- package/src/storage/StorageDownloader.ts +4 -3
- package/src/wallet/ProtoWallet.ts +1 -2
package/docs/reference/auth.md
CHANGED
|
@@ -121,23 +121,23 @@ and sending BSV payment transactions when necessary.
|
|
|
121
121
|
```ts
|
|
122
122
|
export class AuthFetch {
|
|
123
123
|
peers: Record<string, AuthPeer> = {};
|
|
124
|
-
constructor(wallet: WalletInterface, requestedCertificates?: RequestedCertificateSet, sessionManager?: SessionManager)
|
|
124
|
+
constructor(wallet: WalletInterface, requestedCertificates?: RequestedCertificateSet, sessionManager?: SessionManager, originator?: OriginatorDomainNameStringUnder250Bytes)
|
|
125
125
|
async fetch(url: string, config: SimplifiedFetchRequestOptions = {}): Promise<Response>
|
|
126
126
|
async sendCertificateRequest(baseUrl: string, certificatesToRequest: RequestedCertificateSet): Promise<VerifiableCertificate[]>
|
|
127
127
|
public consumeReceivedCertificates(): VerifiableCertificate[]
|
|
128
128
|
}
|
|
129
129
|
```
|
|
130
130
|
|
|
131
|
-
See also: [RequestedCertificateSet](./auth.md#interface-requestedcertificateset), [SessionManager](./auth.md#class-sessionmanager), [VerifiableCertificate](./auth.md#class-verifiablecertificate), [WalletInterface](./wallet.md#interface-walletinterface)
|
|
131
|
+
See also: [OriginatorDomainNameStringUnder250Bytes](./wallet.md#type-originatordomainnamestringunder250bytes), [RequestedCertificateSet](./auth.md#interface-requestedcertificateset), [SessionManager](./auth.md#class-sessionmanager), [VerifiableCertificate](./auth.md#class-verifiablecertificate), [WalletInterface](./wallet.md#interface-walletinterface)
|
|
132
132
|
|
|
133
133
|
#### Constructor
|
|
134
134
|
|
|
135
135
|
Constructs a new AuthFetch instance.
|
|
136
136
|
|
|
137
137
|
```ts
|
|
138
|
-
constructor(wallet: WalletInterface, requestedCertificates?: RequestedCertificateSet, sessionManager?: SessionManager)
|
|
138
|
+
constructor(wallet: WalletInterface, requestedCertificates?: RequestedCertificateSet, sessionManager?: SessionManager, originator?: OriginatorDomainNameStringUnder250Bytes)
|
|
139
139
|
```
|
|
140
|
-
See also: [RequestedCertificateSet](./auth.md#interface-requestedcertificateset), [SessionManager](./auth.md#class-sessionmanager), [WalletInterface](./wallet.md#interface-walletinterface)
|
|
140
|
+
See also: [OriginatorDomainNameStringUnder250Bytes](./wallet.md#type-originatordomainnamestringunder250bytes), [RequestedCertificateSet](./auth.md#interface-requestedcertificateset), [SessionManager](./auth.md#class-sessionmanager), [WalletInterface](./wallet.md#interface-walletinterface)
|
|
141
141
|
|
|
142
142
|
Argument Details
|
|
143
143
|
|
|
@@ -643,7 +643,7 @@ This version supports multiple concurrent sessions per peer identityKey.
|
|
|
643
643
|
export class Peer {
|
|
644
644
|
public sessionManager: SessionManager;
|
|
645
645
|
certificatesToRequest: RequestedCertificateSet;
|
|
646
|
-
constructor(wallet: WalletInterface, transport: Transport, certificatesToRequest?: RequestedCertificateSet, sessionManager?: SessionManager, autoPersistLastSession?: boolean)
|
|
646
|
+
constructor(wallet: WalletInterface, transport: Transport, certificatesToRequest?: RequestedCertificateSet, sessionManager?: SessionManager, autoPersistLastSession?: boolean, originator?: OriginatorDomainNameStringUnder250Bytes)
|
|
647
647
|
async toPeer(message: number[], identityKey?: string, maxWaitTime?: number): Promise<void>
|
|
648
648
|
async requestCertificates(certificatesToRequest: RequestedCertificateSet, identityKey?: string, maxWaitTime = 10000): Promise<void>
|
|
649
649
|
async getAuthenticatedSession(identityKey?: string, maxWaitTime?: number): Promise<PeerSession>
|
|
@@ -657,16 +657,16 @@ export class Peer {
|
|
|
657
657
|
}
|
|
658
658
|
```
|
|
659
659
|
|
|
660
|
-
See also: [PeerSession](./auth.md#interface-peersession), [RequestedCertificateSet](./auth.md#interface-requestedcertificateset), [SessionManager](./auth.md#class-sessionmanager), [Transport](./auth.md#interface-transport), [VerifiableCertificate](./auth.md#class-verifiablecertificate), [WalletInterface](./wallet.md#interface-walletinterface)
|
|
660
|
+
See also: [OriginatorDomainNameStringUnder250Bytes](./wallet.md#type-originatordomainnamestringunder250bytes), [PeerSession](./auth.md#interface-peersession), [RequestedCertificateSet](./auth.md#interface-requestedcertificateset), [SessionManager](./auth.md#class-sessionmanager), [Transport](./auth.md#interface-transport), [VerifiableCertificate](./auth.md#class-verifiablecertificate), [WalletInterface](./wallet.md#interface-walletinterface)
|
|
661
661
|
|
|
662
662
|
#### Constructor
|
|
663
663
|
|
|
664
664
|
Creates a new Peer instance
|
|
665
665
|
|
|
666
666
|
```ts
|
|
667
|
-
constructor(wallet: WalletInterface, transport: Transport, certificatesToRequest?: RequestedCertificateSet, sessionManager?: SessionManager, autoPersistLastSession?: boolean)
|
|
667
|
+
constructor(wallet: WalletInterface, transport: Transport, certificatesToRequest?: RequestedCertificateSet, sessionManager?: SessionManager, autoPersistLastSession?: boolean, originator?: OriginatorDomainNameStringUnder250Bytes)
|
|
668
668
|
```
|
|
669
|
-
See also: [RequestedCertificateSet](./auth.md#interface-requestedcertificateset), [SessionManager](./auth.md#class-sessionmanager), [Transport](./auth.md#interface-transport), [WalletInterface](./wallet.md#interface-walletinterface)
|
|
669
|
+
See also: [OriginatorDomainNameStringUnder250Bytes](./wallet.md#type-originatordomainnamestringunder250bytes), [RequestedCertificateSet](./auth.md#interface-requestedcertificateset), [SessionManager](./auth.md#class-sessionmanager), [Transport](./auth.md#interface-transport), [WalletInterface](./wallet.md#interface-walletinterface)
|
|
670
670
|
|
|
671
671
|
Argument Details
|
|
672
672
|
|
|
@@ -1107,20 +1107,20 @@ export class VerifiableCertificate extends Certificate {
|
|
|
1107
1107
|
decryptedFields?: Record<CertificateFieldNameUnder50Bytes, Base64String>;
|
|
1108
1108
|
constructor(type: Base64String, serialNumber: Base64String, subject: PubKeyHex, certifier: PubKeyHex, revocationOutpoint: OutpointString, fields: Record<CertificateFieldNameUnder50Bytes, string>, keyring: Record<CertificateFieldNameUnder50Bytes, string>, signature?: HexString, decryptedFields?: Record<CertificateFieldNameUnder50Bytes, Base64String>)
|
|
1109
1109
|
static fromCertificate(certificate: WalletCertificate, keyring: Record<CertificateFieldNameUnder50Bytes, string>): VerifiableCertificate
|
|
1110
|
-
async decryptFields(verifierWallet: ProtoWallet, privileged?: boolean, privilegedReason?: string): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
|
|
1110
|
+
async decryptFields(verifierWallet: ProtoWallet, privileged?: boolean, privilegedReason?: string, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
|
|
1111
1111
|
}
|
|
1112
1112
|
```
|
|
1113
1113
|
|
|
1114
|
-
See also: [Base64String](./wallet.md#type-base64string), [Certificate](./auth.md#class-certificate), [CertificateFieldNameUnder50Bytes](./wallet.md#type-certificatefieldnameunder50bytes), [HexString](./wallet.md#type-hexstring), [OutpointString](./wallet.md#type-outpointstring), [ProtoWallet](./wallet.md#class-protowallet), [PubKeyHex](./wallet.md#type-pubkeyhex), [WalletCertificate](./wallet.md#interface-walletcertificate)
|
|
1114
|
+
See also: [Base64String](./wallet.md#type-base64string), [Certificate](./auth.md#class-certificate), [CertificateFieldNameUnder50Bytes](./wallet.md#type-certificatefieldnameunder50bytes), [HexString](./wallet.md#type-hexstring), [OriginatorDomainNameStringUnder250Bytes](./wallet.md#type-originatordomainnamestringunder250bytes), [OutpointString](./wallet.md#type-outpointstring), [ProtoWallet](./wallet.md#class-protowallet), [PubKeyHex](./wallet.md#type-pubkeyhex), [WalletCertificate](./wallet.md#interface-walletcertificate)
|
|
1115
1115
|
|
|
1116
1116
|
#### Method decryptFields
|
|
1117
1117
|
|
|
1118
1118
|
Decrypts selectively revealed certificate fields using the provided keyring and verifier wallet
|
|
1119
1119
|
|
|
1120
1120
|
```ts
|
|
1121
|
-
async decryptFields(verifierWallet: ProtoWallet, privileged?: boolean, privilegedReason?: string): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
|
|
1121
|
+
async decryptFields(verifierWallet: ProtoWallet, privileged?: boolean, privilegedReason?: string, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<Record<CertificateFieldNameUnder50Bytes, string>>
|
|
1122
1122
|
```
|
|
1123
|
-
See also: [CertificateFieldNameUnder50Bytes](./wallet.md#type-certificatefieldnameunder50bytes), [ProtoWallet](./wallet.md#class-protowallet)
|
|
1123
|
+
See also: [CertificateFieldNameUnder50Bytes](./wallet.md#type-certificatefieldnameunder50bytes), [OriginatorDomainNameStringUnder250Bytes](./wallet.md#type-originatordomainnamestringunder250bytes), [ProtoWallet](./wallet.md#class-protowallet)
|
|
1124
1124
|
|
|
1125
1125
|
Returns
|
|
1126
1126
|
|
|
@@ -1177,10 +1177,10 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
|
|
|
1177
1177
|
Creates a nonce derived from a wallet
|
|
1178
1178
|
|
|
1179
1179
|
```ts
|
|
1180
|
-
export async function createNonce(wallet: WalletInterface, counterparty: WalletCounterparty = "self"): Promise<Base64String>
|
|
1180
|
+
export async function createNonce(wallet: WalletInterface, counterparty: WalletCounterparty = "self", originator?: OriginatorDomainNameStringUnder250Bytes): Promise<Base64String>
|
|
1181
1181
|
```
|
|
1182
1182
|
|
|
1183
|
-
See also: [Base64String](./wallet.md#type-base64string), [WalletCounterparty](./wallet.md#type-walletcounterparty), [WalletInterface](./wallet.md#interface-walletinterface)
|
|
1183
|
+
See also: [Base64String](./wallet.md#type-base64string), [OriginatorDomainNameStringUnder250Bytes](./wallet.md#type-originatordomainnamestringunder250bytes), [WalletCounterparty](./wallet.md#type-walletcounterparty), [WalletInterface](./wallet.md#interface-walletinterface)
|
|
1184
1184
|
|
|
1185
1185
|
Returns
|
|
1186
1186
|
|
|
@@ -1199,10 +1199,10 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
|
|
|
1199
1199
|
Verifies a nonce derived from a wallet
|
|
1200
1200
|
|
|
1201
1201
|
```ts
|
|
1202
|
-
export async function verifyNonce(nonce: Base64String, wallet: WalletInterface, counterparty: WalletCounterparty = "self"): Promise<boolean>
|
|
1202
|
+
export async function verifyNonce(nonce: Base64String, wallet: WalletInterface, counterparty: WalletCounterparty = "self", originator?: OriginatorDomainNameStringUnder250Bytes): Promise<boolean>
|
|
1203
1203
|
```
|
|
1204
1204
|
|
|
1205
|
-
See also: [Base64String](./wallet.md#type-base64string), [WalletCounterparty](./wallet.md#type-walletcounterparty), [WalletInterface](./wallet.md#interface-walletinterface)
|
|
1205
|
+
See also: [Base64String](./wallet.md#type-base64string), [OriginatorDomainNameStringUnder250Bytes](./wallet.md#type-originatordomainnamestringunder250bytes), [WalletCounterparty](./wallet.md#type-walletcounterparty), [WalletInterface](./wallet.md#interface-walletinterface)
|
|
1206
1206
|
|
|
1207
1207
|
Returns
|
|
1208
1208
|
|
|
@@ -1236,23 +1236,23 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
|
|
|
1236
1236
|
### Variable: getVerifiableCertificates
|
|
1237
1237
|
|
|
1238
1238
|
```ts
|
|
1239
|
-
getVerifiableCertificates = async (wallet: WalletInterface, requestedCertificates: RequestedCertificateSet, verifierIdentityKey: string): Promise<VerifiableCertificate[]> => {
|
|
1239
|
+
getVerifiableCertificates = async (wallet: WalletInterface, requestedCertificates: RequestedCertificateSet, verifierIdentityKey: string, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<VerifiableCertificate[]> => {
|
|
1240
1240
|
const matchingCertificates = await wallet.listCertificates({
|
|
1241
1241
|
certifiers: requestedCertificates.certifiers,
|
|
1242
1242
|
types: Object.keys(requestedCertificates.types)
|
|
1243
|
-
});
|
|
1243
|
+
}, originator);
|
|
1244
1244
|
return await Promise.all(matchingCertificates.certificates.map(async (certificate) => {
|
|
1245
1245
|
const { keyringForVerifier } = await wallet.proveCertificate({
|
|
1246
1246
|
certificate,
|
|
1247
1247
|
fieldsToReveal: requestedCertificates.types[certificate.type],
|
|
1248
1248
|
verifier: verifierIdentityKey
|
|
1249
|
-
});
|
|
1249
|
+
}, originator);
|
|
1250
1250
|
return new VerifiableCertificate(certificate.type, certificate.serialNumber, certificate.subject, certificate.certifier, certificate.revocationOutpoint, certificate.fields, keyringForVerifier, certificate.signature);
|
|
1251
1251
|
}));
|
|
1252
1252
|
}
|
|
1253
1253
|
```
|
|
1254
1254
|
|
|
1255
|
-
See also: [RequestedCertificateSet](./auth.md#interface-requestedcertificateset), [VerifiableCertificate](./auth.md#class-verifiablecertificate), [WalletInterface](./wallet.md#interface-walletinterface)
|
|
1255
|
+
See also: [OriginatorDomainNameStringUnder250Bytes](./wallet.md#type-originatordomainnamestringunder250bytes), [RequestedCertificateSet](./auth.md#interface-requestedcertificateset), [VerifiableCertificate](./auth.md#class-verifiablecertificate), [WalletInterface](./wallet.md#interface-walletinterface)
|
|
1256
1256
|
|
|
1257
1257
|
Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
|
|
1258
1258
|
|
|
@@ -1260,7 +1260,7 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
|
|
|
1260
1260
|
### Variable: validateCertificates
|
|
1261
1261
|
|
|
1262
1262
|
```ts
|
|
1263
|
-
validateCertificates = async (verifierWallet: WalletInterface, message: AuthMessage, certificatesRequested?: RequestedCertificateSet): Promise<void> => {
|
|
1263
|
+
validateCertificates = async (verifierWallet: WalletInterface, message: AuthMessage, certificatesRequested?: RequestedCertificateSet, originator?: OriginatorDomainNameStringUnder250Bytes): Promise<void> => {
|
|
1264
1264
|
if ((message.certificates == null) || message.certificates.length === 0) {
|
|
1265
1265
|
throw new Error("No certificates were provided in the AuthMessage.");
|
|
1266
1266
|
}
|
|
@@ -1283,12 +1283,12 @@ validateCertificates = async (verifierWallet: WalletInterface, message: AuthMess
|
|
|
1283
1283
|
throw new Error(`Certificate with type ${certToVerify.type} was not requested`);
|
|
1284
1284
|
}
|
|
1285
1285
|
}
|
|
1286
|
-
await certToVerify.decryptFields(verifierWallet);
|
|
1286
|
+
await certToVerify.decryptFields(verifierWallet, undefined, undefined, originator);
|
|
1287
1287
|
}));
|
|
1288
1288
|
}
|
|
1289
1289
|
```
|
|
1290
1290
|
|
|
1291
|
-
See also: [AuthMessage](./auth.md#interface-authmessage), [Certificate](./auth.md#class-certificate), [RequestedCertificateSet](./auth.md#interface-requestedcertificateset), [VerifiableCertificate](./auth.md#class-verifiablecertificate), [WalletInterface](./wallet.md#interface-walletinterface), [verify](./compat.md#variable-verify)
|
|
1291
|
+
See also: [AuthMessage](./auth.md#interface-authmessage), [Certificate](./auth.md#class-certificate), [OriginatorDomainNameStringUnder250Bytes](./wallet.md#type-originatordomainnamestringunder250bytes), [RequestedCertificateSet](./auth.md#interface-requestedcertificateset), [VerifiableCertificate](./auth.md#class-verifiablecertificate), [WalletInterface](./wallet.md#interface-walletinterface), [verify](./compat.md#variable-verify)
|
|
1292
1292
|
|
|
1293
1293
|
Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
|
|
1294
1294
|
|
|
@@ -62,7 +62,7 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
|
|
|
62
62
|
```ts
|
|
63
63
|
export class ContactsManager {
|
|
64
64
|
constructor(wallet?: WalletInterface)
|
|
65
|
-
async getContacts(identityKey?: PubKeyHex, forceRefresh = false): Promise<Contact[]>
|
|
65
|
+
async getContacts(identityKey?: PubKeyHex, forceRefresh = false, limit = 1000): Promise<Contact[]>
|
|
66
66
|
async saveContact(contact: DisplayableIdentity, metadata?: Record<string, any>): Promise<void>
|
|
67
67
|
async removeContact(identityKey: string): Promise<void>
|
|
68
68
|
}
|
|
@@ -75,7 +75,7 @@ See also: [Contact](./identity.md#type-contact), [DisplayableIdentity](./identit
|
|
|
75
75
|
Load all records from the contacts basket
|
|
76
76
|
|
|
77
77
|
```ts
|
|
78
|
-
async getContacts(identityKey?: PubKeyHex, forceRefresh = false): Promise<Contact[]>
|
|
78
|
+
async getContacts(identityKey?: PubKeyHex, forceRefresh = false, limit = 1000): Promise<Contact[]>
|
|
79
79
|
```
|
|
80
80
|
See also: [Contact](./identity.md#type-contact), [PubKeyHex](./wallet.md#type-pubkeyhex)
|
|
81
81
|
|
|
@@ -89,6 +89,8 @@ Argument Details
|
|
|
89
89
|
+ Optional specific identity key to fetch
|
|
90
90
|
+ **forceRefresh**
|
|
91
91
|
+ Whether to force a check for new contact data
|
|
92
|
+
+ **limit**
|
|
93
|
+
+ Maximum number of contacts to return
|
|
92
94
|
|
|
93
95
|
#### Method removeContact
|
|
94
96
|
|
|
@@ -132,7 +134,7 @@ export class IdentityClient {
|
|
|
132
134
|
async publiclyRevealAttributes(certificate: WalletCertificate, fieldsToReveal: CertificateFieldNameUnder50Bytes[]): Promise<BroadcastResponse | BroadcastFailure>
|
|
133
135
|
async resolveByIdentityKey(args: DiscoverByIdentityKeyArgs, overrideWithContacts = true): Promise<DisplayableIdentity[]>
|
|
134
136
|
async resolveByAttributes(args: DiscoverByAttributesArgs, overrideWithContacts = true): Promise<DisplayableIdentity[]>
|
|
135
|
-
public async getContacts(identityKey?: PubKeyHex, forceRefresh = false): Promise<Contact[]>
|
|
137
|
+
public async getContacts(identityKey?: PubKeyHex, forceRefresh = false, limit = 1000): Promise<Contact[]>
|
|
136
138
|
public async saveContact(contact: DisplayableIdentity, metadata?: Record<string, any>): Promise<void>
|
|
137
139
|
public async removeContact(identityKey: PubKeyHex): Promise<void>
|
|
138
140
|
static parseIdentity(identityToParse: IdentityCertificate): DisplayableIdentity
|
|
@@ -149,7 +151,7 @@ Remove public certificate revelation from overlay services by spending the ident
|
|
|
149
151
|
Load all records from the contacts basket
|
|
150
152
|
|
|
151
153
|
```ts
|
|
152
|
-
public async getContacts(identityKey?: PubKeyHex, forceRefresh = false): Promise<Contact[]>
|
|
154
|
+
public async getContacts(identityKey?: PubKeyHex, forceRefresh = false, limit = 1000): Promise<Contact[]>
|
|
153
155
|
```
|
|
154
156
|
See also: [Contact](./identity.md#type-contact), [PubKeyHex](./wallet.md#type-pubkeyhex)
|
|
155
157
|
|
|
@@ -165,6 +167,8 @@ Argument Details
|
|
|
165
167
|
+ Optional specific identity key to fetch
|
|
166
168
|
+ **forceRefresh**
|
|
167
169
|
+ Whether to force a check for new contact data
|
|
170
|
+
+ **limit**
|
|
171
|
+
+ Optional limit on number of contacts to fetch
|
|
168
172
|
|
|
169
173
|
#### Method parseIdentity
|
|
170
174
|
|
package/docs/reference/wallet.md
CHANGED
|
@@ -2134,7 +2134,7 @@ export class ProtoWallet {
|
|
|
2134
2134
|
async revealCounterpartyKeyLinkage(args: RevealCounterpartyKeyLinkageArgs): Promise<RevealCounterpartyKeyLinkageResult>
|
|
2135
2135
|
async revealSpecificKeyLinkage(args: RevealSpecificKeyLinkageArgs): Promise<RevealSpecificKeyLinkageResult>
|
|
2136
2136
|
async encrypt(args: WalletEncryptArgs): Promise<WalletEncryptResult>
|
|
2137
|
-
async decrypt(args: WalletDecryptArgs): Promise<WalletDecryptResult>
|
|
2137
|
+
async decrypt(args: WalletDecryptArgs, originator?: string): Promise<WalletDecryptResult>
|
|
2138
2138
|
async createHmac(args: CreateHmacArgs): Promise<CreateHmacResult>
|
|
2139
2139
|
async verifyHmac(args: VerifyHmacArgs): Promise<VerifyHmacResult>
|
|
2140
2140
|
async createSignature(args: CreateSignatureArgs): Promise<CreateSignatureResult>
|
package/package.json
CHANGED
package/src/auth/Peer.ts
CHANGED
|
@@ -14,7 +14,7 @@ import {
|
|
|
14
14
|
import { VerifiableCertificate } from './certificates/VerifiableCertificate.js'
|
|
15
15
|
import Random from '../primitives/Random.js'
|
|
16
16
|
import * as Utils from '../primitives/utils.js'
|
|
17
|
-
import { WalletInterface } from '../wallet/Wallet.interfaces.js'
|
|
17
|
+
import { OriginatorDomainNameStringUnder250Bytes, WalletInterface } from '../wallet/Wallet.interfaces.js'
|
|
18
18
|
|
|
19
19
|
const AUTH_VERSION = '0.1'
|
|
20
20
|
|
|
@@ -62,6 +62,8 @@ export class Peer {
|
|
|
62
62
|
// Last-interacted-with peer identity key (if the user calls toPeer with no identityKey)
|
|
63
63
|
private lastInteractedWithPeer: string | undefined
|
|
64
64
|
|
|
65
|
+
private readonly originator?: OriginatorDomainNameStringUnder250Bytes
|
|
66
|
+
|
|
65
67
|
/**
|
|
66
68
|
* Creates a new Peer instance
|
|
67
69
|
*
|
|
@@ -76,9 +78,11 @@ export class Peer {
|
|
|
76
78
|
transport: Transport,
|
|
77
79
|
certificatesToRequest?: RequestedCertificateSet,
|
|
78
80
|
sessionManager?: SessionManager,
|
|
79
|
-
autoPersistLastSession?: boolean
|
|
81
|
+
autoPersistLastSession?: boolean,
|
|
82
|
+
originator?: OriginatorDomainNameStringUnder250Bytes
|
|
80
83
|
) {
|
|
81
84
|
this.wallet = wallet
|
|
85
|
+
this.originator = originator
|
|
82
86
|
this.transport = transport
|
|
83
87
|
this.certificatesToRequest = certificatesToRequest ?? {
|
|
84
88
|
certifiers: [],
|
|
@@ -127,12 +131,12 @@ export class Peer {
|
|
|
127
131
|
protocolID: [2, 'auth message signature'],
|
|
128
132
|
keyID: `${requestNonce} ${peerSession.peerNonce ?? ''}`,
|
|
129
133
|
counterparty: peerSession.peerIdentityKey
|
|
130
|
-
})
|
|
134
|
+
}, this.originator)
|
|
131
135
|
|
|
132
136
|
const generalMessage: AuthMessage = {
|
|
133
137
|
version: AUTH_VERSION,
|
|
134
138
|
messageType: 'general',
|
|
135
|
-
identityKey: (await this.wallet.getPublicKey({ identityKey: true }))
|
|
139
|
+
identityKey: (await this.wallet.getPublicKey({ identityKey: true }, this.originator))
|
|
136
140
|
.publicKey,
|
|
137
141
|
nonce: requestNonce,
|
|
138
142
|
yourNonce: peerSession.peerNonce,
|
|
@@ -191,12 +195,12 @@ export class Peer {
|
|
|
191
195
|
protocolID: [2, 'auth message signature'],
|
|
192
196
|
keyID: `${requestNonce} ${peerSession.peerNonce ?? ''}`,
|
|
193
197
|
counterparty: peerSession.peerIdentityKey
|
|
194
|
-
})
|
|
198
|
+
}, this.originator)
|
|
195
199
|
|
|
196
200
|
const certRequestMessage: AuthMessage = {
|
|
197
201
|
version: AUTH_VERSION,
|
|
198
202
|
messageType: 'certificateRequest',
|
|
199
|
-
identityKey: (await this.wallet.getPublicKey({ identityKey: true }))
|
|
203
|
+
identityKey: (await this.wallet.getPublicKey({ identityKey: true }, this.originator))
|
|
200
204
|
.publicKey,
|
|
201
205
|
nonce: requestNonce,
|
|
202
206
|
initialNonce: peerSession.sessionNonce,
|
|
@@ -342,7 +346,7 @@ export class Peer {
|
|
|
342
346
|
identityKey?: string,
|
|
343
347
|
maxWaitTime = 10000
|
|
344
348
|
): Promise<string> {
|
|
345
|
-
const sessionNonce = await createNonce(this.wallet) // Initial request nonce
|
|
349
|
+
const sessionNonce = await createNonce(this.wallet, undefined, this.originator) // Initial request nonce
|
|
346
350
|
|
|
347
351
|
// Create the preliminary session (not yet authenticated)
|
|
348
352
|
const now = Date.now()
|
|
@@ -356,7 +360,7 @@ export class Peer {
|
|
|
356
360
|
const initialRequest: AuthMessage = {
|
|
357
361
|
version: AUTH_VERSION,
|
|
358
362
|
messageType: 'initialRequest',
|
|
359
|
-
identityKey: (await this.wallet.getPublicKey({ identityKey: true }))
|
|
363
|
+
identityKey: (await this.wallet.getPublicKey({ identityKey: true }, this.originator))
|
|
360
364
|
.publicKey,
|
|
361
365
|
initialNonce: sessionNonce,
|
|
362
366
|
requestedCertificates: this.certificatesToRequest
|
|
@@ -473,7 +477,7 @@ export class Peer {
|
|
|
473
477
|
}
|
|
474
478
|
|
|
475
479
|
// Create a new sessionNonce for our side
|
|
476
|
-
const sessionNonce = await createNonce(this.wallet)
|
|
480
|
+
const sessionNonce = await createNonce(this.wallet, undefined, this.originator)
|
|
477
481
|
const now = Date.now()
|
|
478
482
|
|
|
479
483
|
// We'll treat this as fully authenticated from *our* perspective (the responding side).
|
|
@@ -502,7 +506,8 @@ export class Peer {
|
|
|
502
506
|
certificatesToInclude = await getVerifiableCertificates(
|
|
503
507
|
this.wallet,
|
|
504
508
|
message.requestedCertificates,
|
|
505
|
-
message.identityKey
|
|
509
|
+
message.identityKey,
|
|
510
|
+
this.originator
|
|
506
511
|
)
|
|
507
512
|
}
|
|
508
513
|
}
|
|
@@ -513,12 +518,12 @@ export class Peer {
|
|
|
513
518
|
protocolID: [2, 'auth message signature'],
|
|
514
519
|
keyID: `${message.initialNonce} ${sessionNonce}`,
|
|
515
520
|
counterparty: message.identityKey
|
|
516
|
-
})
|
|
521
|
+
}, this.originator)
|
|
517
522
|
|
|
518
523
|
const initialResponseMessage: AuthMessage = {
|
|
519
524
|
version: AUTH_VERSION,
|
|
520
525
|
messageType: 'initialResponse',
|
|
521
|
-
identityKey: (await this.wallet.getPublicKey({ identityKey: true }))
|
|
526
|
+
identityKey: (await this.wallet.getPublicKey({ identityKey: true }, this.originator))
|
|
522
527
|
.publicKey,
|
|
523
528
|
initialNonce: sessionNonce,
|
|
524
529
|
yourNonce: message.initialNonce,
|
|
@@ -544,7 +549,7 @@ export class Peer {
|
|
|
544
549
|
* @throws Will throw an error if nonce or signature verification fails.
|
|
545
550
|
*/
|
|
546
551
|
private async processInitialResponse (message: AuthMessage): Promise<void> {
|
|
547
|
-
const validNonce = await verifyNonce(message.yourNonce as string, this.wallet)
|
|
552
|
+
const validNonce = await verifyNonce(message.yourNonce as string, this.wallet, undefined, this.originator)
|
|
548
553
|
if (!validNonce) {
|
|
549
554
|
throw new Error(
|
|
550
555
|
`Initial response nonce verification failed from peer: ${message.identityKey}`
|
|
@@ -568,7 +573,7 @@ export class Peer {
|
|
|
568
573
|
protocolID: [2, 'auth message signature'],
|
|
569
574
|
keyID: `${peerSession.sessionNonce ?? ''} ${message.initialNonce ?? ''}`,
|
|
570
575
|
counterparty: message.identityKey
|
|
571
|
-
})
|
|
576
|
+
}, this.originator)
|
|
572
577
|
if (!valid) {
|
|
573
578
|
throw new Error(
|
|
574
579
|
`Unable to verify initial response signature for peer: ${message.identityKey}`
|
|
@@ -587,7 +592,7 @@ export class Peer {
|
|
|
587
592
|
this.certificatesToRequest?.certifiers?.length > 0 &&
|
|
588
593
|
message.certificates?.length as number > 0
|
|
589
594
|
) {
|
|
590
|
-
await validateCertificates(this.wallet, message, this.certificatesToRequest)
|
|
595
|
+
await validateCertificates(this.wallet, message, this.certificatesToRequest, this.originator)
|
|
591
596
|
|
|
592
597
|
// Notify listeners
|
|
593
598
|
this.onCertificatesReceivedCallbacks.forEach(cb =>
|
|
@@ -621,7 +626,8 @@ export class Peer {
|
|
|
621
626
|
const verifiableCertificates = await getVerifiableCertificates(
|
|
622
627
|
this.wallet,
|
|
623
628
|
message.requestedCertificates,
|
|
624
|
-
message.identityKey
|
|
629
|
+
message.identityKey,
|
|
630
|
+
this.originator
|
|
625
631
|
)
|
|
626
632
|
await this.sendCertificateResponse(
|
|
627
633
|
message.identityKey,
|
|
@@ -639,7 +645,7 @@ export class Peer {
|
|
|
639
645
|
* @throws {Error} if nonce or signature is invalid.
|
|
640
646
|
*/
|
|
641
647
|
private async processCertificateRequest (message: AuthMessage): Promise<void> {
|
|
642
|
-
const validNonce = await verifyNonce(message.yourNonce as string, this.wallet)
|
|
648
|
+
const validNonce = await verifyNonce(message.yourNonce as string, this.wallet, undefined, this.originator)
|
|
643
649
|
if (!validNonce) {
|
|
644
650
|
throw new Error(
|
|
645
651
|
`Unable to verify nonce for certificate request message from: ${message.identityKey}`
|
|
@@ -656,7 +662,7 @@ export class Peer {
|
|
|
656
662
|
protocolID: [2, 'auth message signature'],
|
|
657
663
|
keyID: `${message.nonce ?? ''} ${peerSession.sessionNonce ?? ''}`,
|
|
658
664
|
counterparty: peerSession.peerIdentityKey
|
|
659
|
-
})
|
|
665
|
+
}, this.originator)
|
|
660
666
|
if (!valid) {
|
|
661
667
|
throw new Error(
|
|
662
668
|
`Invalid signature in certificate request message from ${peerSession.peerIdentityKey as string}`
|
|
@@ -682,7 +688,8 @@ export class Peer {
|
|
|
682
688
|
const verifiableCertificates = await getVerifiableCertificates(
|
|
683
689
|
this.wallet,
|
|
684
690
|
message.requestedCertificates,
|
|
685
|
-
message.identityKey
|
|
691
|
+
message.identityKey,
|
|
692
|
+
this.originator
|
|
686
693
|
)
|
|
687
694
|
await this.sendCertificateResponse(message.identityKey, verifiableCertificates)
|
|
688
695
|
}
|
|
@@ -707,12 +714,12 @@ export class Peer {
|
|
|
707
714
|
protocolID: [2, 'auth message signature'],
|
|
708
715
|
keyID: `${requestNonce} ${peerSession.peerNonce ?? ''}`,
|
|
709
716
|
counterparty: peerSession.peerIdentityKey
|
|
710
|
-
})
|
|
717
|
+
}, this.originator)
|
|
711
718
|
|
|
712
719
|
const certificateResponse: AuthMessage = {
|
|
713
720
|
version: AUTH_VERSION,
|
|
714
721
|
messageType: 'certificateResponse',
|
|
715
|
-
identityKey: (await this.wallet.getPublicKey({ identityKey: true }))
|
|
722
|
+
identityKey: (await this.wallet.getPublicKey({ identityKey: true }, this.originator))
|
|
716
723
|
.publicKey,
|
|
717
724
|
nonce: requestNonce,
|
|
718
725
|
initialNonce: peerSession.sessionNonce,
|
|
@@ -744,7 +751,7 @@ export class Peer {
|
|
|
744
751
|
* @throws Will throw an error if nonce verification or signature verification fails.
|
|
745
752
|
*/
|
|
746
753
|
private async processCertificateResponse (message: AuthMessage): Promise<void> {
|
|
747
|
-
const validNonce = await verifyNonce(message.yourNonce as string, this.wallet)
|
|
754
|
+
const validNonce = await verifyNonce(message.yourNonce as string, this.wallet, undefined, this.originator)
|
|
748
755
|
if (!validNonce) {
|
|
749
756
|
throw new Error(
|
|
750
757
|
`Unable to verify nonce for certificate response from: ${message.identityKey}`
|
|
@@ -763,7 +770,7 @@ export class Peer {
|
|
|
763
770
|
protocolID: [2, 'auth message signature'],
|
|
764
771
|
keyID: `${message.nonce ?? ''} ${peerSession.sessionNonce ?? ''}`,
|
|
765
772
|
counterparty: message.identityKey
|
|
766
|
-
})
|
|
773
|
+
}, this.originator)
|
|
767
774
|
if (!valid) {
|
|
768
775
|
throw new Error(
|
|
769
776
|
`Unable to verify certificate response signature for peer: ${message.identityKey}`
|
|
@@ -774,7 +781,8 @@ export class Peer {
|
|
|
774
781
|
await validateCertificates(
|
|
775
782
|
this.wallet,
|
|
776
783
|
message,
|
|
777
|
-
message.requestedCertificates
|
|
784
|
+
message.requestedCertificates,
|
|
785
|
+
this.originator
|
|
778
786
|
)
|
|
779
787
|
|
|
780
788
|
// Notify any listeners
|
|
@@ -794,7 +802,7 @@ export class Peer {
|
|
|
794
802
|
* @throws Will throw an error if nonce or signature verification fails.
|
|
795
803
|
*/
|
|
796
804
|
private async processGeneralMessage (message: AuthMessage): Promise<void> {
|
|
797
|
-
const validNonce = await verifyNonce(message.yourNonce as string, this.wallet)
|
|
805
|
+
const validNonce = await verifyNonce(message.yourNonce as string, this.wallet, undefined, this.originator)
|
|
798
806
|
if (!validNonce) {
|
|
799
807
|
throw new Error(
|
|
800
808
|
`Unable to verify nonce for general message from: ${message.identityKey}`
|
|
@@ -812,7 +820,7 @@ export class Peer {
|
|
|
812
820
|
protocolID: [2, 'auth message signature'],
|
|
813
821
|
keyID: `${message.nonce ?? ''} ${peerSession.sessionNonce ?? ''}`,
|
|
814
822
|
counterparty: peerSession.peerIdentityKey
|
|
815
|
-
})
|
|
823
|
+
}, this.originator)
|
|
816
824
|
if (!valid) {
|
|
817
825
|
throw new Error(
|
|
818
826
|
`Invalid signature in generalMessage from ${peerSession.peerIdentityKey as string}`
|
|
@@ -5,6 +5,7 @@ import type {
|
|
|
5
5
|
HexString,
|
|
6
6
|
OutpointString,
|
|
7
7
|
WalletCertificate,
|
|
8
|
+
OriginatorDomainNameStringUnder250Bytes,
|
|
8
9
|
} from '../../wallet/Wallet.interfaces.js'
|
|
9
10
|
import SymmetricKey from '../../primitives/SymmetricKey.js'
|
|
10
11
|
import * as Utils from '../../primitives/utils.js'
|
|
@@ -85,9 +86,10 @@ export class VerifiableCertificate extends Certificate {
|
|
|
85
86
|
async decryptFields(
|
|
86
87
|
verifierWallet: ProtoWallet,
|
|
87
88
|
privileged?: boolean,
|
|
88
|
-
privilegedReason?: string
|
|
89
|
+
privilegedReason?: string,
|
|
90
|
+
originator?: OriginatorDomainNameStringUnder250Bytes
|
|
89
91
|
): Promise<Record<CertificateFieldNameUnder50Bytes, string>> {
|
|
90
|
-
if (this.keyring == null || Object.keys(this.keyring).length === 0) {
|
|
92
|
+
if (this.keyring == null || Object.keys(this.keyring).length === 0) {
|
|
91
93
|
throw new Error(
|
|
92
94
|
'A keyring is required to decrypt certificate fields for the verifier.'
|
|
93
95
|
)
|
|
@@ -106,7 +108,7 @@ export class VerifiableCertificate extends Certificate {
|
|
|
106
108
|
counterparty: this.subject,
|
|
107
109
|
privileged,
|
|
108
110
|
privilegedReason
|
|
109
|
-
})
|
|
111
|
+
}, originator)
|
|
110
112
|
|
|
111
113
|
const fieldValue = new SymmetricKey(fieldRevelationKey).decrypt(
|
|
112
114
|
Utils.toArray(this.fields[fieldName], 'base64')
|
|
@@ -117,7 +119,6 @@ export class VerifiableCertificate extends Certificate {
|
|
|
117
119
|
} catch (error) {
|
|
118
120
|
throw new Error(
|
|
119
121
|
`Failed to decrypt selectively revealed certificate fields using keyring: ${String(error instanceof Error ? error.message : error)}`
|
|
120
|
-
|
|
121
122
|
)
|
|
122
123
|
}
|
|
123
124
|
}
|
|
@@ -3,7 +3,7 @@ import * as Utils from '../../primitives/utils.js'
|
|
|
3
3
|
import Random from '../../primitives/Random.js'
|
|
4
4
|
import P2PKH from '../../script/templates/P2PKH.js'
|
|
5
5
|
import PublicKey from '../../primitives/PublicKey.js'
|
|
6
|
-
import { WalletInterface } from '../../wallet/Wallet.interfaces.js'
|
|
6
|
+
import { OriginatorDomainNameStringUnder250Bytes, WalletInterface } from '../../wallet/Wallet.interfaces.js'
|
|
7
7
|
import { createNonce } from '../utils/createNonce.js'
|
|
8
8
|
import { Peer } from '../Peer.js'
|
|
9
9
|
import { SimplifiedFetchTransport } from '../transports/SimplifiedFetchTransport.js'
|
|
@@ -43,6 +43,7 @@ export class AuthFetch {
|
|
|
43
43
|
private callbacks: Record<string, { resolve: Function, reject: Function }> = {}
|
|
44
44
|
private readonly certificatesReceived: VerifiableCertificate[] = []
|
|
45
45
|
private readonly requestedCertificates?: RequestedCertificateSet
|
|
46
|
+
private readonly originator?: OriginatorDomainNameStringUnder250Bytes
|
|
46
47
|
peers: Record<string, AuthPeer> = {}
|
|
47
48
|
|
|
48
49
|
/**
|
|
@@ -50,10 +51,10 @@ export class AuthFetch {
|
|
|
50
51
|
* @param wallet - The wallet instance for signing and authentication.
|
|
51
52
|
* @param requestedCertificates - Optional set of certificates to request from peers.
|
|
52
53
|
*/
|
|
53
|
-
constructor(wallet: WalletInterface, requestedCertificates?: RequestedCertificateSet, sessionManager?: SessionManager) {
|
|
54
|
+
constructor(wallet: WalletInterface, requestedCertificates?: RequestedCertificateSet, sessionManager?: SessionManager, originator?: OriginatorDomainNameStringUnder250Bytes) {
|
|
54
55
|
this.wallet = wallet
|
|
55
56
|
this.requestedCertificates = requestedCertificates
|
|
56
|
-
this.sessionManager = sessionManager
|
|
57
|
+
this.sessionManager = sessionManager ?? new SessionManager()
|
|
57
58
|
}
|
|
58
59
|
|
|
59
60
|
/**
|
|
@@ -91,7 +92,7 @@ export class AuthFetch {
|
|
|
91
92
|
// Create a peer for the request
|
|
92
93
|
const newTransport = new SimplifiedFetchTransport(baseURL)
|
|
93
94
|
peerToUse = {
|
|
94
|
-
peer: new Peer(this.wallet, newTransport, this.requestedCertificates, this.sessionManager),
|
|
95
|
+
peer: new Peer(this.wallet, newTransport, this.requestedCertificates, this.sessionManager, undefined, this.originator),
|
|
95
96
|
pendingCertificateRequests: []
|
|
96
97
|
}
|
|
97
98
|
this.peers[baseURL] = peerToUse
|
|
@@ -104,7 +105,8 @@ export class AuthFetch {
|
|
|
104
105
|
const certificatesToInclude = await getVerifiableCertificates(
|
|
105
106
|
this.wallet,
|
|
106
107
|
requestedCertificates,
|
|
107
|
-
verifier
|
|
108
|
+
verifier,
|
|
109
|
+
this.originator
|
|
108
110
|
)
|
|
109
111
|
await this.peers[baseURL].peer.sendCertificateResponse(verifier, certificatesToInclude)
|
|
110
112
|
} finally {
|
|
@@ -268,7 +270,8 @@ export class AuthFetch {
|
|
|
268
270
|
this.wallet,
|
|
269
271
|
newTransport,
|
|
270
272
|
this.requestedCertificates,
|
|
271
|
-
this.sessionManager
|
|
273
|
+
this.sessionManager,
|
|
274
|
+
this.originator
|
|
272
275
|
)
|
|
273
276
|
}
|
|
274
277
|
this.peers[baseURL] = peerToUse
|
|
@@ -460,7 +463,7 @@ export class AuthFetch {
|
|
|
460
463
|
}
|
|
461
464
|
|
|
462
465
|
const serverIdentityKey = originalResponse.headers.get('x-bsv-auth-identity-key')
|
|
463
|
-
if (
|
|
466
|
+
if (typeof serverIdentityKey !== 'string') {
|
|
464
467
|
throw new Error('Missing x-bsv-auth-identity-key response header.')
|
|
465
468
|
}
|
|
466
469
|
|
|
@@ -470,14 +473,14 @@ export class AuthFetch {
|
|
|
470
473
|
}
|
|
471
474
|
|
|
472
475
|
// Create a random suffix for the derivation path
|
|
473
|
-
const derivationSuffix = await createNonce(this.wallet)
|
|
476
|
+
const derivationSuffix = await createNonce(this.wallet, undefined, this.originator)
|
|
474
477
|
|
|
475
478
|
// Derive the script hex from the server identity key
|
|
476
479
|
const { publicKey: derivedPublicKey } = await this.wallet.getPublicKey({
|
|
477
480
|
protocolID: [2, '3241645161d8'], // wallet payment protocol
|
|
478
481
|
keyID: `${derivationPrefix} ${derivationSuffix}`,
|
|
479
482
|
counterparty: serverIdentityKey
|
|
480
|
-
})
|
|
483
|
+
}, this.originator)
|
|
481
484
|
const lockingScript = new P2PKH().lock(PublicKey.fromString(derivedPublicKey).toAddress()).toHex()
|
|
482
485
|
|
|
483
486
|
// Create the payment transaction using createAction
|
|
@@ -492,7 +495,7 @@ export class AuthFetch {
|
|
|
492
495
|
options: {
|
|
493
496
|
randomizeOutputs: false
|
|
494
497
|
}
|
|
495
|
-
})
|
|
498
|
+
}, this.originator)
|
|
496
499
|
|
|
497
500
|
|
|
498
501
|
|
|
@@ -52,13 +52,13 @@ describe('getVerifiableCertificates', () => {
|
|
|
52
52
|
expect(mockWallet.listCertificates).toHaveBeenCalledWith({
|
|
53
53
|
certifiers: requestedCertificates.certifiers,
|
|
54
54
|
types: Object.keys(requestedCertificates.types)
|
|
55
|
-
})
|
|
55
|
+
}, undefined)
|
|
56
56
|
|
|
57
57
|
expect(mockWallet.proveCertificate).toHaveBeenCalledWith({
|
|
58
58
|
certificate: mockCertificate,
|
|
59
59
|
fieldsToReveal: requestedCertificates.types[mockCertificate.type],
|
|
60
60
|
verifier: verifierIdentityKey
|
|
61
|
-
})
|
|
61
|
+
}, undefined)
|
|
62
62
|
|
|
63
63
|
expect(result).toHaveLength(1)
|
|
64
64
|
expect(result[0]).toBeInstanceOf(VerifiableCertificate)
|
|
@@ -147,6 +147,6 @@ describe('getVerifiableCertificates', () => {
|
|
|
147
147
|
expect(mockWallet.listCertificates).toHaveBeenCalledWith({
|
|
148
148
|
certifiers: [],
|
|
149
149
|
types: []
|
|
150
|
-
})
|
|
150
|
+
}, undefined)
|
|
151
151
|
})
|
|
152
152
|
})
|
|
@@ -79,7 +79,7 @@ describe('validateCertificates', () => {
|
|
|
79
79
|
message.certificates.length
|
|
80
80
|
)
|
|
81
81
|
expect(mockVerify).toHaveBeenCalledTimes(message.certificates.length)
|
|
82
|
-
expect(mockDecryptFields).toHaveBeenCalledWith(verifierWallet)
|
|
82
|
+
expect(mockDecryptFields).toHaveBeenCalledWith(verifierWallet, undefined, undefined, undefined)
|
|
83
83
|
})
|
|
84
84
|
|
|
85
85
|
it('throws an error for mismatched identity key', async () => {
|
|
@@ -127,7 +127,7 @@ describe('validateCertificates', () => {
|
|
|
127
127
|
validateCertificates(verifierWallet, message)
|
|
128
128
|
).resolves.not.toThrow()
|
|
129
129
|
for (const instance of mockInstances) {
|
|
130
|
-
expect(instance.decryptFields).toHaveBeenCalledWith(verifierWallet)
|
|
130
|
+
expect(instance.decryptFields).toHaveBeenCalledWith(verifierWallet, undefined, undefined, undefined)
|
|
131
131
|
}
|
|
132
132
|
})
|
|
133
133
|
|
|
@@ -158,7 +158,7 @@ describe('validateCertificates', () => {
|
|
|
158
158
|
expect(VerifiableCertificate).toHaveBeenCalledTimes(2)
|
|
159
159
|
expect(mockVerify).toHaveBeenCalledTimes(2)
|
|
160
160
|
for (const instance of mockInstances) {
|
|
161
|
-
expect(instance.decryptFields).toHaveBeenCalledWith(verifierWallet)
|
|
161
|
+
expect(instance.decryptFields).toHaveBeenCalledWith(verifierWallet, undefined, undefined, undefined)
|
|
162
162
|
}
|
|
163
163
|
})
|
|
164
164
|
})
|