@keetanetwork/anchor 0.0.45 → 0.0.48

package/lib/certificates.js

@@ -1,19 +1,15 @@
 import * as KeetaNetClient from '@keetanetwork/keetanet-client';
 import * as oids from '../services/kyc/oids.generated.js';
 import * as ASN1 from './utils/asn1.js';
-import { arrayBufferLikeToBuffer, arrayBufferToBuffer, Buffer, bufferToArrayBuffer } from './utils/buffer.js';
-import crypto from './utils/crypto.js';
+import { arrayBufferToBuffer, Buffer, bufferToArrayBuffer } from './utils/buffer.js';
 import { assertNever } from './utils/never.js';
 import { CertificateAttributeOIDDB, CertificateAttributeSchema } from '../services/kyc/iso20022.generated.js';
-import { getOID, lookupByOID } from './utils/oid.js';
-import { toJSONSerializable } from './utils/json.js';
+import { lookupByOID } from './utils/oid.js';
 import { EncryptedContainer } from './encrypted-container.js';
 import { assertSharableCertificateAttributesContentsSchema } from './certificates.generated.js';
 import { checkHashWithOID } from './utils/external.js';
-/**
- * Short alias for printing a debug representation of an object
- */
-const DPO = KeetaNetClient.lib.Utils.Helper.debugPrintableObject.bind(KeetaNetClient.lib.Utils.Helper);
+import { SensitiveAttribute, encodeForSensitive, encodeAttribute } from './sensitive-attribute.js';
+export { SensitiveAttribute } from './sensitive-attribute.js';
 /**
  * Short alias for the KeetaNetAccount type
  */
@@ -180,9 +176,6 @@ async function walkObject(input, keyTransformer) {
     }
     return (newObj);
 }
-function toJSON(data) {
-    return (toJSONSerializable(data));
-}
 // Generic type guard to align decoded values with generated attribute types
 function isAttributeValue(_name, _v) {
     // Runtime schema validation is already performed by BufferStorageASN1; this guard
@@ -196,57 +189,6 @@ function asAttributeValue(name, v) {
     }
     return (v);
 }
-/**
- * Sensitive Attribute Schema
- *
- * ASN.1 Schema:
- * SensitiveAttributes DEFINITIONS ::= BEGIN
- *         SensitiveAttribute ::= SEQUENCE {
- *                 version        INTEGER { v1(0) },
- *                 cipher         SEQUENCE {
- *                         algorithm    OBJECT IDENTIFIER,
- *                         ivOrNonce    OCTET STRING,
- *                         key          OCTET STRING
- *                 },
- *                 hashedValue    SEQUENCE {
- *                         encryptedSalt  OCTET STRING,
- *                         algorithm      OBJECT IDENTIFIER,
- *                         value          OCTET STRING
- *                 },
- *                 encryptedValue OCTET STRING
- *         }
- * END
- *
- * https://keeta.notion.site/Keeta-KYC-Certificate-Extensions-13e5da848e588042bdcef81fc40458b7
- *
- * @internal
- */
-const SensitiveAttributeSchemaInternal = [
-    0n,
-    [
-        ASN1.ValidateASN1.IsOID,
-        ASN1.ValidateASN1.IsOctetString,
-        ASN1.ValidateASN1.IsOctetString
-    ],
-    [
-        ASN1.ValidateASN1.IsOctetString,
-        ASN1.ValidateASN1.IsOID,
-        ASN1.ValidateASN1.IsOctetString
-    ],
-    ASN1.ValidateASN1.IsOctetString
-];
-/*
- * Database of permitted algorithms and their OIDs
- */
-const sensitiveAttributeOIDDB = {
-    'aes-256-gcm': oids.AES_256_GCM,
-    'aes-256-cbc': oids.AES_256_CBC,
-    'sha2-256': oids.SHA2_256,
-    'sha3-256': oids.SHA3_256,
-    'sha256': oids.SHA2_256,
-    'aes256-gcm': oids.AES_256_GCM,
-    'aes256-cbc': oids.AES_256_CBC
-};
 function assertCertificateAttributeNames(name) {
     if (!(name in CertificateAttributeOIDDB)) {
         throw (new Error(`Unknown attribute name: ${name}`));
@@ -256,50 +198,6 @@ function asCertificateAttributeNames(name) {
     assertCertificateAttributeNames(name);
     return (name);
 }
-function encodeAttribute(name, value) {
-    const schema = CertificateAttributeSchema[name];
-    let encodedJS;
-    try {
-        encodedJS = new ASN1.ValidateASN1(schema).fromJavaScriptObject(value);
-    }
-    catch (err) {
-        const message = err instanceof Error ? err.message : String(err);
-        throw (new Error(`Attribute ${name}: ${message} (value: ${JSON.stringify(DPO(value))})`));
-    }
-    if (encodedJS === undefined) {
-        throw (new Error(`Unsupported attribute value for encoding: ${JSON.stringify(DPO(value))}`));
-    }
-    const asn1Object = ASN1.JStoASN1(encodedJS);
-    if (!asn1Object) {
-        throw (new Error(`Failed to encode value for attribute ${name}`));
-    }
-    return (asn1Object.toBER(false));
-}
-// Prepare a value for inclusion in a SensitiveAttribute: pre-encode complex and date types
-function encodeForSensitive(name, value) {
-    if (Buffer.isBuffer(value)) {
-        return (value);
-    }
-    if (value instanceof ArrayBuffer) {
-        return (arrayBufferToBuffer(value));
-    }
-    if (typeof value === 'string') {
-        const asn1 = ASN1.JStoASN1({ type: 'string', kind: 'utf8', value });
-        return (arrayBufferToBuffer(asn1.toBER(false)));
-    }
-    if (value instanceof Date) {
-        const asn1 = ASN1.JStoASN1(value);
-        return (arrayBufferToBuffer(asn1.toBER(false)));
-    }
-    if (typeof value === 'object' && value !== null) {
-        if (!name) {
-            throw (new Error('attributeName required for complex types'));
-        }
-        const encoded = encodeAttribute(name, value);
-        return (arrayBufferToBuffer(encoded));
-    }
-    return (Buffer.from(String(value), 'utf-8'));
-}
 function unwrapSingleLayer(schema) {
     if (typeof schema === 'object' && schema !== null && 'type' in schema && schema.type === 'context') {
         return (schema.contains);
@@ -438,216 +336,6 @@ async function decodeAttribute(name, value, principals) {
     const candidate = normalizeDecodedASN1(plainObject, principals);
     return (asAttributeValue(name, candidate));
 }
-class SensitiveAttributeBuilder {
-    #account;
-    #value;
-    constructor(account) {
-        this.#account = account;
-    }
-    set(value) {
-        this.#value = Buffer.isBuffer(value) ? value : arrayBufferLikeToBuffer(value);
-        return (this);
-    }
-    async build() {
-        if (this.#value === undefined) {
-            throw (new Error('Value not set'));
-        }
-        const salt = crypto.randomBytes(32);
-        const hashingAlgorithm = KeetaNetClient.lib.Utils.Hash.HashFunctionName;
-        const publicKey = Buffer.from(this.#account.publicKey.get());
-        const cipher = 'aes-256-gcm';
-        const key = crypto.randomBytes(32);
-        const nonce = crypto.randomBytes(12);
-        const encryptedKey = await this.#account.encrypt(bufferToArrayBuffer(key));
-        function encrypt(value) {
-            const cipherObject = crypto.createCipheriv(cipher, key, nonce);
-            let retval = cipherObject.update(value);
-            retval = Buffer.concat([retval, cipherObject.final()]);
-            /*
-             * For AES-GCM, the last 16 bytes are the authentication tag
-             */
-            if (cipher === 'aes-256-gcm') {
-                const getAuthTagFn = Reflect.get(cipherObject, 'getAuthTag');
-                if (typeof getAuthTagFn === 'function') {
-                    const tag = getAuthTagFn.call(cipherObject);
-                    if (!Buffer.isBuffer(tag)) {
-                        throw (new Error('getAuthTag did not return a Buffer'));
-                    }
-                    retval = Buffer.concat([retval, tag]);
-                }
-                else {
-                    throw (new Error('getAuthTag is not available on cipherObject'));
-                }
-            }
-            return (retval);
-        }
-        const encryptedValue = encrypt(this.#value);
-        const encryptedSalt = encrypt(arrayBufferLikeToBuffer(salt));
-        const saltedValue = Buffer.concat([salt, publicKey, encryptedValue, this.#value]);
-        const hashedAndSaltedValue = KeetaNetClient.lib.Utils.Hash.Hash(saltedValue);
-        const attributeStructure = [
-            /* Version */
-            0n,
-            /* Cipher Details */
-            [
-                /* Algorithm */
-                { type: 'oid', oid: getOID(cipher, sensitiveAttributeOIDDB) },
-                /* IV or Nonce */
-                nonce,
-                /* Symmetric key, encrypted with the public key of the account */
-                Buffer.from(encryptedKey)
-            ],
-            /* Hashed Value */
-            [
-                /* Encrypted Salt */
-                Buffer.from(encryptedSalt),
-                /* Hashing Algorithm */
-                { type: 'oid', oid: getOID(hashingAlgorithm, sensitiveAttributeOIDDB) },
-                /* Hash of <Encrypted Salt> || <Public Key> || <Value> */
-                Buffer.from(hashedAndSaltedValue)
-            ],
-            /* Encrypted Value, encrypted with the Cipher above */
-            encryptedValue
-        ];
-        const encodedAttributeObject = ASN1.JStoASN1(attributeStructure);
-        // Produce canonical DER as ArrayBuffer
-        const retval = encodedAttributeObject.toBER(false);
-        return (retval);
-    }
-}
-class SensitiveAttribute {
-    #account;
-    #info;
-    #decoder;
-    constructor(account, data, decoder) {
-        this.#account = account;
-        this.#info = this.decode(data);
-        if (decoder) {
-            this.#decoder = decoder;
-        }
-    }
-    decode(data) {
-        if (Buffer.isBuffer(data)) {
-            data = bufferToArrayBuffer(data);
-        }
-        let decodedAttribute;
-        try {
-            const dataObject = new ASN1.BufferStorageASN1(data, SensitiveAttributeSchemaInternal);
-            decodedAttribute = dataObject.getASN1();
-        }
-        catch {
-            const js = ASN1.ASN1toJS(data);
-            throw (new Error(`SensitiveAttribute.decode: unexpected DER shape ${JSON.stringify(DPO(js))}`));
-        }
-        const decodedVersion = decodedAttribute[0] + 1n;
-        if (decodedVersion !== 1n) {
-            throw (new Error(`Unsupported Sensitive Attribute version (${decodedVersion})`));
-        }
-        return ({
-            version: decodedVersion,
-            publicKey: this.#account.publicKeyString.get(),
-            cipher: {
-                algorithm: lookupByOID(decodedAttribute[1][0].oid, sensitiveAttributeOIDDB),
-                iv: decodedAttribute[1][1],
-                key: decodedAttribute[1][2]
-            },
-            hashedValue: {
-                encryptedSalt: decodedAttribute[2][0],
-                algorithm: lookupByOID(decodedAttribute[2][1].oid, sensitiveAttributeOIDDB),
-                value: decodedAttribute[2][2]
-            },
-            encryptedValue: decodedAttribute[3]
-        });
-    }
-    async #decryptValue(value) {
-        const decryptedKey = await this.#account.decrypt(bufferToArrayBuffer(this.#info.cipher.key));
-        const algorithm = this.#info.cipher.algorithm;
-        const iv = this.#info.cipher.iv;
-        const cipher = crypto.createDecipheriv(algorithm, Buffer.from(decryptedKey), iv);
-        // For AES-GCM, the last 16 bytes are the authentication tag
-        if (algorithm === 'aes-256-gcm') {
-            const authTag = value.subarray(value.length - 16);
-            const ciphertext = value.subarray(0, value.length - 16);
-            // XXX:TODO Fix typescript unsafe calls
-            // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
-            const setAuthTagFn = Reflect.get(cipher, 'setAuthTag');
-            if (typeof setAuthTagFn === 'function') {
-                // eslint-disable-next-line @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access
-                setAuthTagFn.call(cipher, authTag);
-            }
-            else {
-                throw (new Error('setAuthTag is not available on cipher'));
-            }
-            const decrypted = cipher.update(ciphertext);
-            cipher.final(); // Verify auth tag
-            return (decrypted);
-        }
-        // For other algorithms (like CBC), just decrypt normally
-        const decryptedValue = cipher.update(value);
-        cipher.final();
-        return (decryptedValue);
-    }
-    /**
-     * Get the value of the sensitive attribute
-     *
-     * This will decrypt the value using the account's private key
-     * and return the value as an ArrayBuffer
-     *
-     * Since sensitive attributes are binary blobs, this returns an
-     * ArrayBuffer
-     */
-    async get() {
-        const decryptedValue = await this.#decryptValue(arrayBufferLikeToBuffer(this.#info.encryptedValue));
-        return (bufferToArrayBuffer(decryptedValue));
-    }
-    async getValue() {
-        const value = await this.get();
-        if (!this.#decoder) {
-            /**
-             * TypeScript complains that T may not be the correct
-             * type here, but gives us no tools to enforce that it
-             * is -- it should always be ArrayBuffer if no decoder
-             * is provided, but someone could always specify a
-             * type parameter in that case and we cannot check
-             * that at runtime since T is only a compile-time type.
-             */
-            // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
-            return value;
-        }
-        return (this.#decoder(value));
-    }
-    /**
-     * Generate a proof that a sensitive attribute is a given value,
-     * which can be validated by a third party using the certificate
-     * and the `validateProof` method
-     */
-    async getProof() {
-        const value = await this.get();
-        const salt = await this.#decryptValue(arrayBufferLikeToBuffer(this.#info.hashedValue.encryptedSalt));
-        return ({
-            value: Buffer.from(value).toString('base64'),
-            hash: {
-                salt: salt.toString('base64')
-            }
-        });
-    }
-    /**
-     * Validate the proof that a sensitive attribute is a given value
-     */
-    async validateProof(proof) {
-        const plaintextValue = Buffer.from(proof.value, 'base64');
-        const proofSaltBuffer = Buffer.from(proof.hash.salt, 'base64');
-        const publicKeyBuffer = Buffer.from(this.#account.publicKey.get());
-        const encryptedValue = this.#info.encryptedValue;
-        const hashInput = Buffer.concat([proofSaltBuffer, publicKeyBuffer, encryptedValue, plaintextValue]);
-        const hashedAndSaltedValue = KeetaNetClient.lib.Utils.Hash.Hash(hashInput);
-        const hashedAndSaltedValueBuffer = Buffer.from(hashedAndSaltedValue);
-        return (this.#info.hashedValue.value.equals(hashedAndSaltedValueBuffer));
-    }
-    toJSON() {
-        return (toJSON(this.#info));
-    }
-}
 /**
  * ASN.1 Schema for Certificate KYC Attributes Extension
  *
@@ -679,6 +367,7 @@ const CertificateKYCAttributeSchemaValidation = {
 };
 export class CertificateBuilder extends BaseCertificateBuilder {
     #attributes = {};
+    #subjectPublicKeyString;
     /**
      * Map the parameters from the public interface to the internal
      * (Certificate library) interface
@@ -698,6 +387,9 @@ export class CertificateBuilder extends BaseCertificateBuilder {
     }
     constructor(params) {
         super(CertificateBuilder.mapParams(params));
+        if (params?.subject) {
+            this.#subjectPublicKeyString = params.subject.publicKeyString.get();
+        }
     }
     /**
      * Set a KYC Attribute to a given value.
@@ -708,14 +400,12 @@ export class CertificateBuilder extends BaseCertificateBuilder {
      * value can be proven later without revealing it.
      */
     setAttribute(name, sensitive, value) {
-        // Non-sensitive path: only primitive schema (string/date) allowed
         const schemaValidator = CertificateAttributeSchema[name];
         let encoded;
         if (value instanceof ArrayBuffer) {
             encoded = value;
         }
         else if (name in CertificateAttributeSchema) {
-            /* XXX: Why do we have two encoding methods ? */
             encoded = bufferToArrayBuffer(encodeForSensitive(name, value));
         }
         else if (schemaValidator === ASN1.ValidateASN1.IsDate) {
@@ -728,42 +418,50 @@ export class CertificateBuilder extends BaseCertificateBuilder {
             encoded = encodeAttribute(name, value);
         }
         else {
-            throw (new Error('Unsupported non-sensitive value type'));
+            throw (new Error('Unsupported attribute value type'));
         }
         this.#attributes[name] = {
             sensitive: sensitive,
             value: encoded
         };
     }
+    /**
+     * Set a pre-built SensitiveAttribute for a given attribute name.
+     *
+     * The attribute must have been encrypted for this certificate's subject.
+     *
+     * @throws Error if the attribute was encrypted for a different subject
+     */
+    setSensitiveAttribute(name, attribute) {
+        if (this.#subjectPublicKeyString && attribute.publicKey !== this.#subjectPublicKeyString) {
+            throw (new Error('SensitiveAttribute was encrypted for a different subject'));
+        }
+        this.#attributes[name] = {
+            sensitive: true,
+            attribute
+        };
+    }
     async addExtensions(...args) {
         const retval = await super.addExtensions(...args);
-        const subject = args[0].subjectPublicKey;
         /* Encode the attributes */
         const certAttributes = [];
         for (const [name, attribute] of Object.entries(this.#attributes)) {
             if (!(name in CertificateAttributeOIDDB)) {
                 throw (new Error(`Unknown attribute: ${name}`));
             }
-            /*
-             * Since we are iteratively building the certificate, we
-             * can assume that the attribute is always present in
-             * the object
-             */
             assertCertificateAttributeNames(name);
             const nameOID = CertificateAttributeOIDDB[name];
             let value;
-            if (attribute.sensitive) {
-                const builder = new SensitiveAttributeBuilder(subject);
-                builder.set(attribute.value);
-                value = arrayBufferToBuffer(await builder.build());
+            if ('attribute' in attribute) {
+                value = arrayBufferToBuffer(attribute.attribute.toDER());
+            }
+            else if (attribute.sensitive) {
+                const subject = args[0].subjectPublicKey;
+                const sensitiveAttr = await SensitiveAttribute.create(subject, name, attribute.value);
+                value = arrayBufferToBuffer(sensitiveAttr.toDER());
             }
             else {
-                if (typeof attribute.value === 'string') {
-                    value = Buffer.from(attribute.value, 'utf-8');
-                }
-                else {
-                    value = arrayBufferToBuffer(attribute.value);
-                }
+                value = arrayBufferToBuffer(attribute.value);
             }
             certAttributes.push([{
                     type: 'oid',
@@ -1297,7 +995,6 @@ export class SharableCertificateAttributes {
 Certificate.SharableAttributes = SharableCertificateAttributes;
 /** @internal */
 export const _Testing = {
-    SensitiveAttributeBuilder,
     SensitiveAttribute,
     ValidateASN1: ASN1.ValidateASN1,
     BufferStorageASN1: ASN1.BufferStorageASN1,