@cheqd/did-provider-cheqd 4.5.5-develop.1 → 4.6.0

package/src/did-manager/cheqd-did-provider.ts

@@ -82,7 +82,16 @@ export const DefaultStatusList2021ResourceTypes = {
 	suspension: 'StatusList2021Suspension',
 } as const;
 
-export const DefaultStatusList2021Encodings = {
+export const BitstringStatusPurposeTypes = {
+	refresh: 'refresh',
+	revocation: 'revocation',
+	suspension: 'suspension',
+	message: 'message',
+} as const;
+
+export const BitstringStatusListResourceType = 'BitstringStatusListCredential';
+
+export const DefaultStatusListEncodings = {
 	base64url: 'base64url',
 	hex: 'hex',
 } as const;
@@ -97,14 +106,19 @@ export type DefaultStatusList2021ResourceType =
 export type DefaultStatusList2021StatusPurposeType =
 	(typeof DefaultStatusList2021StatusPurposeTypes)[keyof typeof DefaultStatusList2021StatusPurposeTypes];
 
-export type DefaultStatusList2021Encoding =
-	(typeof DefaultStatusList2021Encodings)[keyof typeof DefaultStatusList2021Encodings];
+export type DefaultStatusListEncoding = (typeof DefaultStatusListEncodings)[keyof typeof DefaultStatusListEncodings];
+
+export type BitstringStatusListPurposeType =
+	(typeof BitstringStatusPurposeTypes)[keyof typeof BitstringStatusPurposeTypes];
 
 export type LinkedResource = Omit<MsgCreateResourcePayload, 'data'> & { data?: string };
 
 export type ResourcePayload = Partial<MsgCreateResourcePayload>;
 
 export type StatusList2021ResourcePayload = ResourcePayload & { resourceType: DefaultStatusList2021ResourceType };
+export type BitstringStatusListResourcePayload = ResourcePayload & {
+	resourceType: typeof BitstringStatusListResourceType;
+};
 
 export type TImportableEd25519Key = Required<Pick<IKey, 'publicKeyHex' | 'privateKeyHex'>> & {
 	kid: TImportableEd25519Key['publicKeyHex'];
@@ -1076,10 +1090,11 @@ export class CheqdDIDProvider extends AbstractIdentifierProvider {
 	}
 
 	async instantiateDkgThresholdProtocolClient(dkgOptions: DkgOptions = this.dkgOptions): Promise<LitProtocol> {
+		const signer = await this._aminoSigner;
 		return await LitProtocol.create({
 			chain: dkgOptions.chain || this.dkgOptions.chain,
 			litNetwork: dkgOptions.network || this.dkgOptions.network,
-			cosmosAuthWallet: await this._aminoSigner,
+			cosmosAuthWallet: signer,
 		});
 	}
 

package/src/dkg-threshold/lit-protocol/v6.ts

@@ -1,3 +1,5 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
+/* eslint-disable no-empty-pattern */
 import { OfflineAminoSigner, Secp256k1HdWallet, Secp256k1Wallet, StdSignDoc } from '@cosmjs/amino';
 import { toString } from 'uint8arrays/to-string';
 import { sha256 } from '@cosmjs/crypto';
@@ -22,6 +24,7 @@ import { LitProtocolDebugEnabled } from '../../utils/constants.js';
 import { LitAccessControlConditionResource } from '@lit-protocol/auth-helpers';
 import { ethers } from 'ethers';
 import { LIT_RPC } from '@lit-protocol/constants';
+import { initWasmBlsSdk } from '@lit-protocol/bls-sdk';
 
 export type ThresholdEncryptionResult = {
 	encryptedString: Uint8Array;
@@ -152,16 +155,27 @@ export class LitProtocol {
 		secret: Uint8Array,
 		unifiedAccessControlConditions: NonNullable<UnifiedAccessControlConditions>
 	): Promise<ThresholdEncryptionResult> {
-		// encrypt
-		const { ciphertext: encryptedString, dataToEncryptHash: stringHash } = (await this.client.encrypt({
-			dataToEncrypt: secret,
-			unifiedAccessControlConditions,
-		})) satisfies EncryptStringMethodResult;
+		try {
+			// encrypt
+			const { ciphertext: encryptedString, dataToEncryptHash: stringHash } = (await this.client.encrypt({
+				dataToEncrypt: secret,
+				unifiedAccessControlConditions,
+			})) satisfies EncryptStringMethodResult;
 
-		return {
-			encryptedString: fromString(encryptedString, 'base64'),
-			stringHash,
-		};
+			return {
+				encryptedString: fromString(encryptedString, 'base64'),
+				stringHash,
+			};
+		} catch (error: any) {
+			console.error('Encryption failed:', error);
+			if (error.stack) {
+				console.error('Stack:', error.stack);
+			}
+			// standardize error
+			throw new Error(
+				`[did-provider-cheqd]: lit-protocol: Encryption failed: ${(error as Error).message || error}`
+			);
+		}
 	}
 
 	async decrypt(
@@ -170,33 +184,44 @@ export class LitProtocol {
 		unifiedAccessControlConditions: NonNullable<UnifiedAccessControlConditions>,
 		capacityDelegationAuthSig?: GenericAuthSig
 	): Promise<string> {
-		// generate session signatures
-		const sessionSigs = await this.client.getSessionSigs({
-			chain: 'cheqd',
-			resourceAbilityRequests: [
-				{
-					resource: new LitAccessControlConditionResource('*'),
-					ability: LitAbility.AccessControlConditionDecryption,
+		try {
+			// generate session signatures
+			const sessionSigs = await this.client.getSessionSigs({
+				chain: 'cheqd',
+				resourceAbilityRequests: [
+					{
+						resource: new LitAccessControlConditionResource('*'),
+						ability: LitAbility.AccessControlConditionDecryption,
+					},
+				],
+				capabilityAuthSigs: capacityDelegationAuthSig ? [capacityDelegationAuthSig] : undefined,
+				authNeededCallback: async ({}) => {
+					// generate auth signature
+					const authSig = await LitProtocol.generateAuthSignature(this.cosmosAuthWallet);
+					return authSig;
 				},
-			],
-			capabilityAuthSigs: capacityDelegationAuthSig ? [capacityDelegationAuthSig] : undefined,
-			authNeededCallback: async ({}) => {
-				// generate auth signature
-				const authSig = await LitProtocol.generateAuthSignature(this.cosmosAuthWallet);
-				return authSig;
-			},
-		});
-
-		// decrypt
-		const { decryptedData } = (await this.client.decrypt({
-			chain: this.chain,
-			ciphertext: encryptedString,
-			dataToEncryptHash: stringHash,
-			unifiedAccessControlConditions,
-			sessionSigs,
-		})) satisfies DecryptToStringMethodResult;
+			});
 
-		return toString(decryptedData, 'utf-8');
+			// decrypt
+			const { decryptedData } = (await this.client.decrypt({
+				chain: this.chain,
+				ciphertext: encryptedString,
+				dataToEncryptHash: stringHash,
+				unifiedAccessControlConditions,
+				sessionSigs,
+			})) satisfies DecryptToStringMethodResult;
+
+			return toString(decryptedData, 'utf-8');
+		} catch (error: any) {
+			console.error('Decryption failed:', error);
+			if (error.stack) {
+				console.error('Stack:', error.stack);
+			}
+			// standardize error
+			throw new Error(
+				`[did-provider-cheqd]: lit-protocol: Decryption failed: ${(error as Error).message || error}`
+			);
+		}
 	}
 
 	async delegateCapacitCredit(
@@ -300,6 +325,12 @@ export class LitProtocol {
 
 		const litProtocol = new LitProtocol(options as LitProtocolOptions);
 		await litProtocol.connect();
+		// Initialize BLS SDK WASM module explicitly
+		try {
+			await initWasmBlsSdk();
+		} catch (initError) {
+			throw new Error(`BLS SDK WASM initialization failed: ${(initError as Error).message || initError}`);
+		}
 		return litProtocol;
 	}
 

package/src/utils/helpers.ts

@@ -1,7 +1,8 @@
+/* eslint-disable @typescript-eslint/no-unused-vars */
 import { DIDDocument } from '@veramo/core-types';
-import { generate as generateSecret, type GenerateOptions } from 'generate-password';
-import { toString } from 'uint8arrays/to-string';
-import { EncodedList, EncodedListAsArray } from '../agent/index.js';
+import { fromString, toString } from 'uint8arrays';
+import { randomBytes as cryptoRandomBytes } from 'crypto';
+import { Cheqd, EncodedList, EncodedListAsArray, StatusOptions } from '../agent/index.js';
 
 export function isEncodedList(list: unknown): list is EncodedList {
 	return typeof list === 'string' && list.split('-').every((item) => typeof item === 'string' && item && item.length);
@@ -55,37 +56,10 @@ export async function randomFromRange(min: number, max: number, notIn: number[])
 	return random;
 }
 
-export async function randomUniqueSubsetInRange(min: number, max: number, count: number): Promise<Array<number>> {
-	const subset: number[] = [];
-	for (let i = 0; i < count; i++) {
-		subset.push(await randomFromRange(min, max, subset));
-	}
-	return subset;
-}
-
 export async function randomBytes(length: number): Promise<Buffer> {
 	return Buffer.from(Array.from({ length }, () => Math.floor(Math.random() * 256)));
 }
 
-export async function randomUniqueSecret(options?: GenerateOptions): Promise<string> {
-	return generateSecret({
-		length: 64,
-		numbers: true,
-		symbols: true,
-		uppercase: true,
-		...options,
-	});
-}
-
-export async function initialiseIndexArray(length: number): Promise<Array<boolean>> {
-	return Array(length).fill(true);
-}
-
-export async function shuffleArray<T>(array: Array<T>): Promise<Array<T>> {
-	const shuffled = array.sort(() => Math.random() - 0.5);
-	return shuffled;
-}
-
 export async function toBlob(data: Uint8Array): Promise<Blob> {
 	return new Blob([data]);
 }
@@ -100,10 +74,9 @@ export async function blobToHexString(blob: Blob): Promise<string> {
 	return toString(uint8Array, 'hex');
 }
 
-export function unescapeUnicode(str: string): string {
-	return str.replace(/\\u([a-fA-F0-9]{4})/g, (m, cc) => {
-		return String.fromCharCode(parseInt(cc, 16));
-	});
+export async function blobToUint8Array(blob: Blob): Promise<Uint8Array> {
+	const arrayBuffer = await blob.arrayBuffer();
+	return new Uint8Array(arrayBuffer);
 }
 
 export function getControllers(didDocument: DIDDocument): string[] {
@@ -118,3 +91,168 @@ export function getControllers(didDocument: DIDDocument): string[] {
 	}
 	return controllers;
 }
+
+/**
+ * Check if encoded bitstring is valid base64url format
+ */
+export function isValidEncodedBitstring(encodedList: string): boolean {
+	try {
+		// Should be valid base64url
+		fromString(encodedList, 'base64url');
+		return true;
+	} catch {
+		return false;
+	}
+}
+// Enhanced encoding function that returns metadata
+export async function encodeWithMetadata(
+	symmetricEncryptionCiphertext: Blob,
+	thresholdEncryptionCiphertext: Uint8Array
+): Promise<{ encodedList: string; symmetricLength: number }> {
+	const symmetricBytes = await blobToUint8Array(symmetricEncryptionCiphertext);
+	// Concatenate both byte arrays
+	const combinedBytes = new Uint8Array(symmetricBytes.length + thresholdEncryptionCiphertext.length);
+	combinedBytes.set(symmetricBytes, 0);
+	combinedBytes.set(thresholdEncryptionCiphertext, symmetricBytes.length);
+
+	// Encode as base64url
+	const encodedList = toString(combinedBytes, 'base64url');
+
+	return { encodedList, symmetricLength: symmetricBytes.length };
+}
+
+export function decodeWithMetadata(
+	encodedList: string,
+	symmetricLength: number
+): {
+	symmetricEncryptionCiphertext: Blob;
+	thresholdEncryptionCiphertext: Uint8Array;
+} {
+	// Decode from base64url to bytes
+	const combinedBytes = fromString(encodedList, 'base64url');
+
+	// Split based on the symmetric length
+	const symmetricBytes = combinedBytes.slice(0, symmetricLength);
+	const thresholdBytes = combinedBytes.slice(symmetricLength);
+
+	// Return as desired types
+	return {
+		symmetricEncryptionCiphertext: new Blob([symmetricBytes]),
+		thresholdEncryptionCiphertext: thresholdBytes,
+	};
+}
+
+interface IndexGenerationConfig {
+	statusSize?: number;
+	length?: number; // Bitstring length (default: 131072)
+	maxRetries?: number;
+}
+/**
+ * Generates a random statusListIndex based on external system constraints
+ *
+ * @param statusOptions - Constraints from external StatusListIndexManager
+ * @param config - Bitstring configuration (statusSize, length, etc.)
+ * @returns Random statusListIndex that satisfies all constraints
+ */
+export function generateRandomStatusListIndex(
+	statusOptions: StatusOptions,
+	config: IndexGenerationConfig = {}
+): number {
+	const {
+		statusSize = Cheqd.DefaultBitstringStatusSize,
+		length = Cheqd.DefaultBitstringLength,
+		maxRetries = 1000,
+	} = config;
+
+	// If external system already provided a specific index, validate and return it
+	if (statusOptions.statusListIndex !== undefined) {
+		validateStatusListIndex(statusOptions.statusListIndex, statusOptions, config);
+		return statusOptions.statusListIndex;
+	}
+
+	// Calculate valid range bounds
+	const bounds = calculateValidRange(statusOptions, config);
+	const excludedIndices = new Set(statusOptions.indexNotIn || []);
+
+	// Check if generation is possible
+	const totalPossibleIndices = bounds.end - bounds.start + 1;
+	if (excludedIndices.size >= totalPossibleIndices) {
+		throw new Error(`Cannot generate index: all indices in range [${bounds.start}, ${bounds.end}] are excluded`);
+	}
+	let attempts = 0;
+	while (attempts < maxRetries) {
+		// Generate cryptographically secure random index within range
+		const randBytes = cryptoRandomBytes(4);
+		const randomValue = randBytes.readUInt32BE(0);
+
+		// Map to valid range [bounds.start, bounds.end]
+		const rangeSize = bounds.end - bounds.start + 1;
+		const statusListIndex = bounds.start + (randomValue % rangeSize);
+
+		// Check if this index is excluded
+		if (!excludedIndices.has(statusListIndex)) {
+			return statusListIndex;
+		}
+
+		attempts++;
+	}
+
+	throw new Error(
+		`Failed to generate unique statusListIndex after ${maxRetries} attempts. ` +
+			`Range: [${bounds.start}, ${bounds.end}], Excluded: ${excludedIndices.size} indices`
+	);
+}
+/**
+ * Validates a specific statusListIndex against constraints
+ */
+function validateStatusListIndex(index: number, statusOptions: StatusOptions, config: IndexGenerationConfig): void {
+	const bounds = calculateValidRange(statusOptions, config);
+	const excludedIndices = statusOptions.indexNotIn || [];
+
+	if (index < bounds.start || index > bounds.end) {
+		throw new Error(`StatusListIndex ${index} is outside valid range [${bounds.start}, ${bounds.end}]`);
+	}
+
+	if (excludedIndices.includes(index)) {
+		throw new Error(`StatusListIndex ${index} is in the excluded list: [${excludedIndices.join(', ')}]`);
+	}
+}
+/**
+ * Calculates the valid range for statusListIndex generation
+ */
+function calculateValidRange(
+	statusOptions: StatusOptions,
+	config: IndexGenerationConfig
+): { start: number; end: number } {
+	const { statusSize = Cheqd.DefaultBitstringStatusSize, length = Cheqd.DefaultBitstringLength } = config;
+
+	// Calculate maximum possible index based on bitstring configuration
+	const totalBits = length * statusSize;
+	const alignedLength = Math.ceil(totalBits / 8) * 8;
+	const maxPossibleIndex = Math.floor(alignedLength / statusSize) - 1;
+
+	// Start with external system's range constraints
+	let start = statusOptions.statusListRangeStart ?? 0;
+	let end = statusOptions.statusListRangeEnd ?? maxPossibleIndex;
+
+	// Ensure range is within bitstring bounds
+	start = Math.max(0, start);
+	end = Math.min(maxPossibleIndex, end);
+
+	// Validate range
+	if (start > end) {
+		throw new Error(
+			`Invalid range: start (${start}) is greater than end (${end}). ` +
+				`Maximum possible index for this configuration: ${maxPossibleIndex}`
+		);
+	}
+
+	if (start < 0 || end > maxPossibleIndex) {
+		throw new Error(
+			`Range [${start}, ${end}] exceeds valid bounds [0, ${maxPossibleIndex}] ` +
+				`for statusSize=${statusSize} and length=${length}`
+		);
+	}
+
+	return { start, end };
+}

package/tsconfig.json

@@ -5,6 +5,7 @@
     "sourceMap": true,
     "module": "NodeNext",
     "esModuleInterop": true,
+    "resolveJsonModule": true,
     "downlevelIteration": true,
     "declarationMap": true,
     "declaration": true,
@@ -12,6 +13,7 @@
     "noImplicitAny": false,
     "emitDecoratorMetadata": true,
     "experimentalDecorators": true,
+    "outDir": "build",
     "skipLibCheck": true,
     "rootDir": "src",
   },