@bsv/sdk 2.0.3 → 2.0.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bsv/sdk",
-  "version": "2.0.3",
+  "version": "2.0.4",
   "type": "module",
   "description": "BSV Blockchain Software Development Kit",
   "main": "dist/cjs/mod.js",

package/src/auth/Peer.ts

@@ -136,7 +136,7 @@ export class Peer {
     }
 
     if (peerSession.certificatesRequired === true &&
-        peerSession.certificatesValidated !== true) {
+      peerSession.certificatesValidated !== true) {
       throw new Error(
         'Cannot send general message before certificate validation is complete'
       )
@@ -450,33 +450,28 @@ export class Peer {
       )
     }
 
-    try {
-      switch (message.messageType) {
-        case 'initialRequest':
-          await this.processInitialRequest(message)
-          break
-        case 'initialResponse':
-          await this.processInitialResponse(message)
-          break
-        case 'certificateRequest':
-          await this.processCertificateRequest(message)
-          break
-        case 'certificateResponse':
-          await this.processCertificateResponse(message)
-          break
-        case 'general':
-          await this.processGeneralMessage(message)
-          break
-        default:
-          throw new Error(
-            `Unknown message type of ${String(message.messageType)} from ${String(
-              message.identityKey
-            )}`
-          )
-      }
-    } catch (err) {
-      // Swallow protocol violations so transport does not crash the process
-      // (Message is intentionally rejected)
+    switch (message.messageType) {
+      case 'initialRequest':
+        await this.processInitialRequest(message)
+        break
+      case 'initialResponse':
+        await this.processInitialResponse(message)
+        break
+      case 'certificateRequest':
+        await this.processCertificateRequest(message)
+        break
+      case 'certificateResponse':
+        await this.processCertificateResponse(message)
+        break
+      case 'general':
+        await this.processGeneralMessage(message)
+        break
+      default:
+        throw new Error(
+          `Unknown message type of ${String(message.messageType)} from ${String(
+            message.identityKey
+          )}`
+        )
     }
   }
 
@@ -675,10 +670,16 @@ export class Peer {
           message.identityKey,
           this.originator
         )
-        await this.sendCertificateResponse(
-          message.identityKey,
-          verifiableCertificates
-        )
+        // Only send if we actually have certificates to provide.
+        // An empty certificateResponse has no value and can race with a
+        // subsequent certificateRequest that shares the same initialNonce,
+        // causing the server to mis-route non-general handle responses.
+        if (verifiableCertificates.length > 0) {
+          await this.sendCertificateResponse(
+            message.identityKey,
+            verifiableCertificates
+          )
+        }
       }
     }
   }
@@ -818,21 +819,23 @@ export class Peer {
       )
     }
 
-    // We also handle optional validation if there's a requestedCertificates field
-    await validateCertificates(
-      this.wallet,
-      message,
-      message.requestedCertificates,
-      this.originator
-    )
+    // Validate certificates only if they were actually provided
+    if (Array.isArray(message.certificates) && message.certificates.length > 0) {
+      await validateCertificates(
+        this.wallet,
+        message,
+        message.requestedCertificates,
+        this.originator
+      )
 
-    peerSession.certificatesValidated = true
-    peerSession.lastUpdate = Date.now()
-    this.sessionManager.updateSession(peerSession)
+      peerSession.certificatesValidated = true
+      peerSession.lastUpdate = Date.now()
+      this.sessionManager.updateSession(peerSession)
 
-    // Resolve any promises waiting for certificate validation
-    if (peerSession.sessionNonce != null) {
-      this.resolveCertificateValidation(peerSession.sessionNonce)
+      // Resolve any promises waiting for certificate validation
+      if (peerSession.sessionNonce != null) {
+        this.resolveCertificateValidation(peerSession.sessionNonce)
+      }
     }
 
     // Notify any listeners
@@ -886,8 +889,7 @@ export class Peer {
           if (promise != null) {
             this.certificateValidationPromises.delete(sessionNonce)
             reject(new Error(
-              `Timeout waiting for certificate validation from peer ${
-                peerSession.peerIdentityKey ?? 'unknown'
+              `Timeout waiting for certificate validation from peer ${peerSession.peerIdentityKey ?? 'unknown'
               }`
             ))
           }

package/src/auth/__tests/Peer.test.ts

@@ -40,13 +40,18 @@ class LocalTransport implements Transport {
   }
 
   async onData(
-    callback: (message: AuthMessage) => void
+    callback: (message: AuthMessage) => Promise<void>
   ): Promise<void> {
-    this.onDataCallback = callback
+    this.onDataCallback = (m) => {
+      void (callback(m) as Promise<void>).catch(() => {
+        // Match real transport behaviour: catch errors from handleIncomingMessage
+        // to prevent unhandled promise rejections in tests.
+      })
+    }
   }
 }
 
-function waitForNextGeneralMessage (
+function waitForNextGeneralMessage(
   peer: Peer,
   handler?: (senderPublicKey: string, payload: number[]) => void
 ): Promise<void> {
@@ -385,8 +390,8 @@ describe('Peer class mutual authentication and certificate exchange', () => {
   describe('propagateTransportError', () => {
     const createPeerInstance = (): Peer => {
       const transport: Transport = {
-        send: jest.fn(async (_message: AuthMessage) => {}),
-        onData: async () => {}
+        send: jest.fn(async (_message: AuthMessage) => { }),
+        onData: async () => { }
       }
       return new Peer({} as WalletInterface, transport)
     }
@@ -409,7 +414,7 @@ describe('Peer class mutual authentication and certificate exchange', () => {
     it('preserves existing details when appending peer identity', () => {
       const peer = createPeerInstance()
       const originalError = new Error('existing details')
-      ;(originalError as any).details = { status: 503 }
+        ; (originalError as any).details = { status: 503 }
 
       let thrown: Error | undefined
       try {
@@ -745,14 +750,14 @@ describe('Peer class mutual authentication and certificate exchange', () => {
     test('Should trigger "Failed to send message to peer" error with network failure', async () => {
       // Create a mock fetch that always fails
       const failingFetch = (jest.fn() as any).mockRejectedValue(new Error('Network connection failed'))
-      
+
       // Create a transport that will fail
       const transport = new SimplifiedFetchTransport('http://localhost:9999', failingFetch)
-      
+
       // Create a peer with the failing transport
       const wallet = new CompletedProtoWallet(privKey)
       const peer = new Peer(wallet, transport)
-      
+
       // Register a dummy onData callback (required before sending)
       await transport.onData(async (message) => {
         // This won't be called due to network failure
@@ -777,12 +782,12 @@ describe('Peer class mutual authentication and certificate exchange', () => {
           }, 100)
         })
       })
-      
+
       const transport = new SimplifiedFetchTransport('http://localhost:9999', timeoutFetch)
       const wallet = new CompletedProtoWallet(privKey)
       const peer = new Peer(wallet, transport)
-      
-      await transport.onData(async (message) => {})
+
+      await transport.onData(async (message) => { })
 
       try {
         await peer.toPeer([5, 6, 7, 8], '03def789abc123')
@@ -800,12 +805,12 @@ describe('Peer class mutual authentication and certificate exchange', () => {
         errno: -3008,
         message: 'getaddrinfo ENOTFOUND nonexistent.domain'
       })
-      
+
       const transport = new SimplifiedFetchTransport('http://nonexistent.domain:3000', dnsFetch)
       const wallet = new CompletedProtoWallet(privKey)
       const peer = new Peer(wallet, transport)
-      
-      await transport.onData(async (message) => {})
+
+      await transport.onData(async (message) => { })
 
       try {
         await peer.toPeer([9, 10, 11, 12], '03xyz987fed654')
@@ -819,12 +824,12 @@ describe('Peer class mutual authentication and certificate exchange', () => {
     test('Should trigger error during certificate request send', async () => {
       // Create a failing fetch
       const failingFetch = (jest.fn() as any).mockRejectedValue(new Error('Connection reset by peer'))
-      
+
       const transport = new SimplifiedFetchTransport('http://localhost:9999', failingFetch)
       const wallet = new CompletedProtoWallet(privKey)
       const peer = new Peer(wallet, transport)
-      
-      await transport.onData(async (message) => {})
+
+      await transport.onData(async (message) => { })
 
       try {
         // Try to send a certificate request - this should also trigger the error
@@ -842,12 +847,12 @@ describe('Peer class mutual authentication and certificate exchange', () => {
     test('Should trigger error during certificate response send', async () => {
       // Create a failing fetch
       const failingFetch = (jest.fn() as any).mockRejectedValue(new Error('Socket hang up'))
-      
+
       const transport = new SimplifiedFetchTransport('http://localhost:9999', failingFetch)
       const wallet = new CompletedProtoWallet(privKey)
       const peer = new Peer(wallet, transport)
-      
-      await transport.onData(async (message) => {})
+
+      await transport.onData(async (message) => { })
 
       try {
         // Try to send a certificate response - this should also trigger the error
@@ -864,12 +869,12 @@ describe('Peer class mutual authentication and certificate exchange', () => {
       const customError = new Error('Custom transport error')
       customError.stack = 'Custom stack trace'
       const failingFetch = (jest.fn() as any).mockRejectedValue(customError)
-      
+
       const transport = new SimplifiedFetchTransport('http://localhost:9999', failingFetch)
       const wallet = new CompletedProtoWallet(privKey)
       const peer = new Peer(wallet, transport)
-      
-      await transport.onData(async (message) => {})
+
+      await transport.onData(async (message) => { })
 
       try {
         await peer.toPeer([13, 14, 15, 16], '03peer123456')
@@ -886,12 +891,12 @@ describe('Peer class mutual authentication and certificate exchange', () => {
     test('Should handle non-Error transport failures', async () => {
       // Create a fetch that throws a non-Error object
       const failingFetch = (jest.fn() as any).mockRejectedValue('String error message')
-      
+
       const transport = new SimplifiedFetchTransport('http://localhost:9999', failingFetch)
       const wallet = new CompletedProtoWallet(privKey)
       const peer = new Peer(wallet, transport)
-      
-      await transport.onData(async (message) => {})
+
+      await transport.onData(async (message) => { })
 
       try {
         await peer.toPeer([17, 18, 19, 20], '03peer789abc')
@@ -906,12 +911,12 @@ describe('Peer class mutual authentication and certificate exchange', () => {
     test('Should handle undefined peer identity gracefully', async () => {
       // Create a failing fetch
       const failingFetch = (jest.fn() as any).mockRejectedValue('Network failure')
-      
+
       const transport = new SimplifiedFetchTransport('http://localhost:9999', failingFetch)
       const wallet = new CompletedProtoWallet(privKey)
       const peer = new Peer(wallet, transport)
-      
-      await transport.onData(async (message) => {})
+
+      await transport.onData(async (message) => { })
 
       try {
         // Try to send to an undefined peer (this might happen in some edge cases)

package/src/auth/clients/AuthFetch.ts

@@ -137,7 +137,9 @@ export class AuthFetch {
                 verifier,
                 this.originator
               )
-              await this.peers[baseURL].peer.sendCertificateResponse(verifier, certificatesToInclude)
+              if (certificatesToInclude.length > 0) {
+                await this.peers[baseURL].peer.sendCertificateResponse(verifier, certificatesToInclude)
+              }
             } finally {
               // Give the backend 500 ms to process the certificates we just sent, before releasing the queue entry
               await new Promise(resolve => setTimeout(resolve, 500))
@@ -263,7 +265,15 @@ export class AuthFetch {
 
         // Send the request, now that all listeners are set up
         await peerToUse.peer.toPeer(writer.toArray(), peerToUse.identityKey).catch(async error => {
-          if (error.message.includes('Session not found for nonce')) {
+          const isStaleSession =
+            error.message.includes('Session not found for nonce') ||
+            (error.message.includes('without valid BSV authentication') &&
+              peerToUse.identityKey != null &&
+              (error as any).details?.status === 401)
+          if (isStaleSession) {
+            // Stale session: server no longer recognises the session nonce
+            // (e.g. after a server restart). Clear the cached peer so a fresh
+            // handshake is performed on retry.
             delete this.peers[baseURL]
             config.retryCounter ??= 3
             const response = await this.fetch(url, config)
@@ -322,20 +332,38 @@ export class AuthFetch {
     }
 
     // Return a promise that resolves when certificates are received
+    const CERTIFICATE_REQUEST_TIMEOUT_MS = 30000
     return await new Promise<VerifiableCertificate[]>((async (resolve, reject) => {
+      let settled = false
+
+      const cleanup = (): void => {
+        settled = true
+        clearTimeout(timer)
+        peerToUse.peer.stopListeningForCertificatesReceived(callbackId)
+      }
+
       // Set up the listener before making the request
       const callbackId = peerToUse.peer.listenForCertificatesReceived((_senderPublicKey: string, certs: VerifiableCertificate[]) => {
-        peerToUse.peer.stopListeningForCertificatesReceived(callbackId)
+        if (settled) return
+        cleanup()
         this.certificatesReceived.push(...certs)
         resolve(certs)
       })
 
+      const timer = setTimeout(() => {
+        if (settled) return
+        cleanup()
+        reject(new Error(`sendCertificateRequest timed out after ${CERTIFICATE_REQUEST_TIMEOUT_MS}ms waiting for certificate response from ${baseURL}`))
+      }, CERTIFICATE_REQUEST_TIMEOUT_MS)
+
       try {
         // Initiate the certificate request
         await peerToUse.peer.requestCertificates(certificatesToRequest, peerToUse.identityKey)
       } catch (err) {
-        peerToUse.peer.stopListeningForCertificatesReceived(callbackId)
-        reject(err)
+        if (!settled) {
+          cleanup()
+          reject(err)
+        }
       }
     }) as Function)
   }
@@ -594,7 +622,7 @@ export class AuthFetch {
     }
   }
 
-  private isPaymentContextCompatible (
+  private isPaymentContextCompatible(
     context: PaymentRetryContext,
     satoshisRequired: number,
     serverIdentityKey: string,
@@ -607,7 +635,7 @@ export class AuthFetch {
     )
   }
 
-  private async createPaymentContext (
+  private async createPaymentContext(
     url: string,
     config: SimplifiedFetchRequestOptions,
     satoshisRequired: number,
@@ -652,7 +680,7 @@ export class AuthFetch {
     }
   }
 
-  private getMaxPaymentAttempts (config: SimplifiedFetchRequestOptions): number {
+  private getMaxPaymentAttempts(config: SimplifiedFetchRequestOptions): number {
     const attempts = typeof config.paymentRetryAttempts === 'number' ? config.paymentRetryAttempts : undefined
     if (typeof attempts === 'number' && attempts > 0) {
       return Math.floor(attempts)
@@ -660,7 +688,7 @@ export class AuthFetch {
     return 3
   }
 
-  private buildPaymentRequestSummary (
+  private buildPaymentRequestSummary(
     url: string,
     config: SimplifiedFetchRequestOptions
   ): PaymentRetryContext['requestSummary'] {
@@ -677,7 +705,7 @@ export class AuthFetch {
     }
   }
 
-  private describeRequestBodyForLogging (body: any): { type: string, byteLength: number } {
+  private describeRequestBodyForLogging(body: any): { type: string, byteLength: number } {
     if (body == null) {
       return { type: 'none', byteLength: 0 }
     }
@@ -733,7 +761,7 @@ export class AuthFetch {
     return { type: typeof body, byteLength: 0 }
   }
 
-  private composePaymentLogDetails (url: string, context: PaymentRetryContext): Record<string, any> {
+  private composePaymentLogDetails(url: string, context: PaymentRetryContext): Record<string, any> {
     return {
       url,
       request: context.requestSummary,
@@ -753,7 +781,7 @@ export class AuthFetch {
     }
   }
 
-  private logPaymentAttempt (
+  private logPaymentAttempt(
     level: 'info' | 'warn' | 'error',
     message: string,
     details: Record<string, any>
@@ -772,7 +800,7 @@ export class AuthFetch {
     }
   }
 
-  private createPaymentErrorEntry (attempt: number, error: unknown): PaymentErrorLogEntry {
+  private createPaymentErrorEntry(attempt: number, error: unknown): PaymentErrorLogEntry {
     const entry: PaymentErrorLogEntry = {
       attempt,
       timestamp: new Date().toISOString(),
@@ -790,20 +818,20 @@ export class AuthFetch {
     return entry
   }
 
-  private getPaymentRetryDelay (attempt: number): number {
+  private getPaymentRetryDelay(attempt: number): number {
     const baseDelay = 250
     const multiplier = Math.min(attempt, 5)
     return baseDelay * multiplier
   }
 
-  private async wait (ms: number): Promise<void> {
+  private async wait(ms: number): Promise<void> {
     if (ms <= 0) {
       return
     }
     await new Promise(resolve => setTimeout(resolve, ms))
   }
 
-  private buildPaymentFailureError (
+  private buildPaymentFailureError(
     url: string,
     context: PaymentRetryContext,
     lastError: unknown
@@ -828,10 +856,10 @@ export class AuthFetch {
       errors: context.errors
     }
 
-    ;(error as any).details = failureDetails
+      ; (error as any).details = failureDetails
 
     if (lastError instanceof Error) {
-      ;(error as any).cause = lastError
+      ; (error as any).cause = lastError
     }
 
     return error

package/src/auth/clients/__tests__/AuthFetch.test.ts

@@ -260,3 +260,100 @@ describe('AuthFetch payment handling', () => {
     expect(paymentContext.errors).toHaveLength(2)
   })
 })
+
+describe('AuthFetch certificate request handling', () => {
+  const requestedCertificates = {
+    certifiers: ['certifier-key'],
+    types: { 'certificate-type': ['firstName'] }
+  }
+
+  test('sendCertificateRequest resolves and cleans up listener when certificates are received', async () => {
+    const wallet = createWalletStub()
+    const authFetch = new AuthFetch(wallet as any)
+
+    let certificatesListener: ((senderPublicKey: string, certs: any[]) => void) | undefined
+    const stopListeningForCertificatesReceived = jest.fn()
+    const requestCertificates = jest.fn(async () => {
+      certificatesListener?.('server-identity', [{ serialNumber: 'abc123' } as any])
+    })
+
+    const peerStub = {
+      listenForCertificatesReceived: jest.fn((listener: (senderPublicKey: string, certs: any[]) => void) => {
+        certificatesListener = listener
+        return 7
+      }),
+      stopListeningForCertificatesReceived,
+      requestCertificates
+    }
+
+    ; (authFetch as any).peers['https://api.example.com'] = {
+      peer: peerStub,
+      pendingCertificateRequests: []
+    }
+
+    const certs = await authFetch.sendCertificateRequest('https://api.example.com', requestedCertificates as any)
+    expect(certs).toHaveLength(1)
+    expect(requestCertificates).toHaveBeenCalledWith(requestedCertificates, undefined)
+    expect(stopListeningForCertificatesReceived).toHaveBeenCalledWith(7)
+  })
+
+  test('sendCertificateRequest rejects and cleans up listener when requestCertificates throws', async () => {
+    const wallet = createWalletStub()
+    const authFetch = new AuthFetch(wallet as any)
+    const requestError = new Error('request failed')
+
+    const stopListeningForCertificatesReceived = jest.fn()
+    const requestCertificates = jest.fn(async () => {
+      throw requestError
+    })
+
+    const peerStub = {
+      listenForCertificatesReceived: jest.fn(() => 9),
+      stopListeningForCertificatesReceived,
+      requestCertificates
+    }
+
+    ; (authFetch as any).peers['https://api.example.com'] = {
+      peer: peerStub,
+      pendingCertificateRequests: []
+    }
+
+    await expect(
+      authFetch.sendCertificateRequest('https://api.example.com', requestedCertificates as any)
+    ).rejects.toThrow('request failed')
+    expect(stopListeningForCertificatesReceived).toHaveBeenCalledWith(9)
+  })
+
+  test('sendCertificateRequest times out and cleans up listener when no certificate response arrives', async () => {
+    jest.useFakeTimers()
+    try {
+      const wallet = createWalletStub()
+      const authFetch = new AuthFetch(wallet as any)
+
+      const stopListeningForCertificatesReceived = jest.fn()
+      const requestCertificates = jest.fn(async () => {})
+
+      const peerStub = {
+        listenForCertificatesReceived: jest.fn(() => 11),
+        stopListeningForCertificatesReceived,
+        requestCertificates
+      }
+
+      ; (authFetch as any).peers['https://api.example.com'] = {
+        peer: peerStub,
+        pendingCertificateRequests: []
+      }
+
+      const pending = authFetch.sendCertificateRequest('https://api.example.com', requestedCertificates as any)
+      const timeoutAssertion = expect(pending).rejects.toThrow(
+        'sendCertificateRequest timed out after 30000ms waiting for certificate response from https://api.example.com'
+      )
+      await jest.advanceTimersByTimeAsync(30000)
+
+      await timeoutAssertion
+      expect(stopListeningForCertificatesReceived).toHaveBeenCalledWith(11)
+    } finally {
+      jest.useRealTimers()
+    }
+  })
+})