@notabene/verify-proof 1.4.1 → 1.7.0

package/dist/tests/concordium.test.d.ts

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@notabene/verify-proof",
-  "version": "1.4.1",
+  "version": "1.7.0",
   "description": "Verify ownership proofs",
   "source": "src/index.ts",
   "type": "module",
@@ -44,8 +44,10 @@
   },
   "dependencies": {
     "@cardano-foundation/cardano-verify-datasignature": "^1.0.11",
+    "@concordium/web-sdk": "^9.1.1",
+    "@grpc/grpc-js": "^1.13.4",
     "@noble/curves": "^1.7.0",
-    "@notabene/javascript-sdk": "2.9.0",
+    "@notabene/javascript-sdk": "2.11.0",
     "@scure/base": "^1.2.1",
     "@stellar/stellar-sdk": "^13.1.0",
     "bip322-js": "^2.0.0",

package/src/bitcoin.ts

@@ -18,8 +18,8 @@ enum SEGWIT_TYPES {
 
 interface ChainConfig {
   messagePrefix: string;
-  pubKeyHashVersion: number;
-  scriptHashVersion: number;
+  pubKeyHashVersion: number | Uint8Array;
+  scriptHashVersion: number | Uint8Array;
   bech32Prefix?: string;
   isTestnet?: boolean;
 }
@@ -58,6 +58,13 @@ const CHAIN_CONFIGS: Record<string, ChainConfig> = {
     scriptHashVersion: 0x10, // 7...
     isTestnet: false,
   },
+  zcash: {
+    messagePrefix: "\u0018Zcash Signed Message:\n",
+    pubKeyHashVersion: Uint8Array.from([0x1C, 0xB8]), // <-- FIXED
+    scriptHashVersion: Uint8Array.from([0x1C, 0xBD]),
+    isTestnet: false,
+  },
+  
   testnet: {
     messagePrefix: "\u0018Bitcoin Signed Message:\n",
     pubKeyHashVersion: 0x6f, // m or n
@@ -87,7 +94,12 @@ export async function verifyBTCSignature(
   // Map chainId to our chain configuration
   const chainConfig = getChainConfig(address);
   if (!chainConfig) return { ...proof, status: ProofStatus.FAILED };
-  
+
+  const isZcash = address.startsWith("t1") || address.startsWith("t3");
+  if (isZcash) {
+    return verifyBIP137(address, proof, chainConfig);
+  }
+
   // Use BIP322 for testnet addresses
   if (chainConfig.isTestnet) {
     return verifyBIP322(address, proof);
@@ -120,6 +132,9 @@ function getChainConfig(address: string): ChainConfig {
   if (address.startsWith("1") || address.startsWith("3") || address.startsWith("bc1")) {
     return CHAIN_CONFIGS["bitcoin"];
   }
+  if (address.startsWith("t1") || address.startsWith("t3")) {
+    return CHAIN_CONFIGS["zcash"];
+  }
   if (address.startsWith("L") || address.startsWith("M") || address.startsWith("ltc1")) {
     return CHAIN_CONFIGS["litecoin"];
   }
@@ -275,11 +290,19 @@ function verify(
 
 const base58check = createBase58check(Hash.sha256);
 
-function encodeBase58AddressFormat(version: number, publicKeyHash: Uint8Array) {
-  const payload = new Uint8Array([version, ...publicKeyHash]);
+function encodeBase58AddressFormat(version: number | Uint8Array, publicKeyHash: Uint8Array) {
+  const prefixBytes =
+    typeof version === "number"
+      ? Uint8Array.of(version)
+      : version; // Accept raw Uint8Array for Zcash
+
+  const payload = new Uint8Array(prefixBytes.length + publicKeyHash.length);
+  payload.set(prefixBytes);
+  payload.set(publicKeyHash, prefixBytes.length);
   return base58check.encode(payload);
 }
 
+
 function magicHash(attestation: string, messagePrefix: string) {
   const prefix = new TextEncoder().encode(messagePrefix);
   const message = new TextEncoder().encode(attestation);

package/src/cardano.ts

@@ -5,17 +5,25 @@ export async function verifyCIP8Signature(
   proof: SignatureProof
 ): Promise<SignatureProof> {
   const [ns, , address] = proof.address.split(/:/);
-  const key = proof.chainSpecificData?.cardanoCoseKey;
-  
+  const key =
+    proof.chainSpecificData && "cardanoCoseKey" in proof.chainSpecificData
+      ? proof.chainSpecificData.cardanoCoseKey
+      : null;
+
   if (ns !== "cardano" || !key) {
     return { ...proof, status: ProofStatus.FAILED };
   }
-  
+
   try {
-    const verified = verifyDataSignature(proof.proof, key, proof.attestation, address);
+    const verified = verifyDataSignature(
+      proof.proof,
+      key,
+      proof.attestation,
+      address
+    );
     return {
       ...proof,
-      status: verified ? ProofStatus.VERIFIED : ProofStatus.FAILED
+      status: verified ? ProofStatus.VERIFIED : ProofStatus.FAILED,
     };
   } catch {
     return { ...proof, status: ProofStatus.FAILED };

package/src/concordium.ts

@@ -0,0 +1,33 @@
+import { ProofStatus, SignatureProof } from "@notabene/javascript-sdk";
+import { AccountAddress, AccountTransactionSignature, verifyMessageSignature } from "@concordium/web-sdk";
+import { ConcordiumGRPCNodeClient } from "@concordium/web-sdk/nodejs";
+import { credentials } from "@grpc/grpc-js";
+
+export const verifyConcordiumSignature = async (
+  proof: SignatureProof
+): Promise<SignatureProof> => {
+  const [ns, , address] = proof.address.split(/:/);
+  if (ns !== "ccd") return { ...proof, status: ProofStatus.FAILED };
+
+  const client = new ConcordiumGRPCNodeClient(
+    "grpc.testnet.concordium.com",
+    20000,
+    credentials.createSsl(),
+    {
+      timeout: 15000,
+    }
+  );
+
+  const accountInfo = await client.getAccountInfo(
+    AccountAddress.fromBase58(address)
+  );
+
+  const signature = JSON.parse(proof.proof) as AccountTransactionSignature;
+
+  const verified = await verifyMessageSignature(proof.attestation, signature, accountInfo);
+
+  return {
+    ...proof,
+    status: verified ? ProofStatus.VERIFIED : ProofStatus.FAILED,
+  };
+};

package/src/index.ts

@@ -13,6 +13,7 @@ import { verifyPersonalSignTIP191 } from "./tron";
 import { verifyCIP8Signature } from "./cardano";
 import { verifyPersonalSignXRPL } from "./xrpl";
 import { verifyStellarSignature } from "./xlm";
+import { verifyConcordiumSignature } from "./concordium";
 
 export async function verifyProof(
   proof: OwnershipProof,
@@ -43,6 +44,8 @@ export async function verifyProof(
       return verifyPersonalSignXRPL(proof as SignatureProof, publicKey);
     case ProofTypes.XLM_ED25519:
       return verifyStellarSignature(proof as SignatureProof);
+    case ProofTypes.CONCORDIUM:
+      return verifyConcordiumSignature(proof as SignatureProof);
     case ProofTypes.EIP712:
     case ProofTypes.BIP137:
     case ProofTypes.BIP322:

package/src/tests/bitcoin.test.ts

@@ -78,6 +78,16 @@ const dogeProof: SignatureProof = {
   wallet_provider: "Doge",
 };
 
+const zcashProof: SignatureProof = {
+  type: ProofTypes.BIP137,
+  address: "bip122:000000000019d6689c085ae165831e93:t1NmCz1oRS3e84NrUHsbHPJnz8a6KgZvbHL",
+  did: "did:pkh:bip122:000000000019d6689c085ae165831e93:t1NmCz1oRS3e84NrUHsbHPJnz8a6KgZvbHL",
+  attestation: "I certify that the blockchain address t1NmCz1oRS3e84NrUHsbHPJnz8a6KgZvbHL belongs to did:pkh:bip122:000000000019d6689c085ae165831e93:t1NmCz1oRS3e84NrUHsbHPJnz8a6KgZvbHL on Mon, 30 Jun 2025 08:41:29 GMT",
+  proof: "HzPW+q7EXixhtV/rBQ0sOtoXCDOml7C6P6rtIxLkBy3tenP978po7tuwj997DvJRiakL65Qw7xADK5hHs1Vu7es=",
+  status: ProofStatus.PENDING,
+  wallet_provider: "Manual Wallet Signature",
+};
+
 describe("verifyBTCSignature", () => {
   it("handles bip322 segwit testnet addresses", async () => {
     const result = await verifyBTCSignature(bip322SegwitTestnetProof);
@@ -109,6 +119,11 @@ describe("verifyBTCSignature", () => {
     expect(result).toEqual({ ...dogeProof, status: ProofStatus.VERIFIED });
   });
 
+  it("verifies zcash address signature", async () => {
+    const result = await verifyBTCSignature(zcashProof);
+    expect(result).toEqual({ ...zcashProof, status: ProofStatus.VERIFIED });
+  });
+
   it("fails for invalid bitcoin signature", async () => {
     const proof: SignatureProof = { ...legacyProof, proof: "invalitd" };
 

package/src/tests/concordium.test.ts

@@ -0,0 +1,45 @@
+import { describe, expect, it } from "vitest";
+import { verifyConcordiumSignature } from "../concordium";
+import {
+  ProofStatus,
+  ProofTypes,
+  SignatureProof,
+} from "@notabene/javascript-sdk";
+
+describe("verifyConcordiumSignature", () => {
+  it("returns verified proof when valid message and address", async () => {
+    const proof: SignatureProof = {
+      address:
+        "ccd:9dd9ca4d19e9393877d2c44b70f89acb:3thVBVWVwz1oHb4ob2VgehUGF7zyAJHkm5UDW8NdQKFKCvFnoF",
+      attestation:
+        "I certify that\n\nccd:9dd9ca4d19e9393877d2c44b70f89acb account 3thVBVWVwz1oHb4ob2VgehUGF7zyAJHkm5UDW8NdQKFKCvFnoF\n\nbelonged to did:key:z6MksamQq4oVRktkeSDxs6pbixYFUaUca8xgCvnTVLQA5PC5\n\non Thu, 12 Jun 2025 09:20:01 GMT",
+      type: ProofTypes.CONCORDIUM,
+      did: "did:key:z6MksamQq4oVRktkeSDxs6pbixYFUaUca8xgCvnTVLQA5PC5",
+      proof:
+        '{"0":{"0":"9b7263696072d4c5a0e060fec77bee5cb62ca9c8b674be864893f9d1dab75d28bf435efba9d4651ea1effdbd5b000f44d0d5be0fb10a11b3626a9a7be52e0d0d"}}',
+      status: ProofStatus.PENDING,
+      wallet_provider: "Concordium Wallet",
+    };
+    const result = await verifyConcordiumSignature(proof);
+
+    expect(result.status).toBe(ProofStatus.VERIFIED);
+  });
+
+  it("returns failed proof when invalid message and address", async () => {
+    const proof: SignatureProof = {
+      address:
+        "ccd:9dd9ca4d19e9393877d2c44b70f89acb:3thVBVWVwz1oHb4ob2VgehUGF7zyAJHkm5UDW8NdQKFKCvFnoF",
+      attestation:
+        "I certify that\n\nccd:9dd9ca4d19e9393877d2c44b70f89acb account 3thVBVWVwz1oHb4ob2VgehUGF7zyAJHkm5UDW8NdQKFKCvFnoF\n\nbelonged to did:key:z6MksamQq4oVRktkeSDxs6pbixYFUaUca8xgCvnTVLQA5PC5\n\non Thu, 12 Jun 2025 09:20:01 GMT",
+      proof: '{}',
+      did: "did:key:z6MksamQq4oVRktkeSDxs6pbixYFUaUca8xgCvnTVLQA5PC5",
+      status: ProofStatus.PENDING,
+      wallet_provider: "Concordium Wallet",
+      type: ProofTypes.CONCORDIUM,
+    };
+
+    const result = await verifyConcordiumSignature(proof);
+
+    expect(result.status).toBe(ProofStatus.FAILED);
+  });
+});

package/src/tests/index.test.ts

@@ -298,4 +298,48 @@ describe("verifyProof", () => {
       expect(result.status).toBe(ProofStatus.FAILED);
     });
   });
+
+  describe("SIWE", () => {
+    const proof: SignatureProof = {
+      address: "eip155:1:0xb5f28405d09746a20c7aa0399e5109f0c295b098",
+      attestation:
+        "localhost wants you to sign in with your **blockchain** account:\n0xb5f28405d09746a20c7aa0399e5109f0c295b098\n\nPlease sign this message to confirm your identity\n\nURI: http://localhost:8000\nVersion: 1\nChain ID: eip155:1\nNonce: 5389\nIssued At: 2025-05-22T09:28:38.992Z",
+      proof:
+        "0xf88efca56019b58d4523fa5b480fe549afd41d2d92a90e7b54126ca1d8a933fe4e5b3a507d1a2e9f28e6b9fab92d3fb288e946712903bbdafff4556694fc50f51b",
+      did: "did:pkh:eip155:1:0xb5f28405d09746a20c7aa0399e5109f0c295b098",
+      status: ProofStatus.PENDING,
+      type: ProofTypes.EIP191,
+      wallet_provider: "reown",
+    };
+    
+    it("should verify proof", async () => {
+      const result = await verifyProof(proof);
+      expect(result.status).toBe(ProofStatus.VERIFIED);
+    });
+
+    it("should fail if not valid proof", async () => {
+      const result = await verifyProof({
+        ...proof,
+        proof: "0x",
+      } as SignatureProof);
+      expect(result.status).toBe(ProofStatus.FAILED);
+    });
+  });
+
+  describe("Concordium", () => {
+    const proof: SignatureProof = {
+      type: ProofTypes.CONCORDIUM,
+      address: "ccd:9dd9ca4d19e9393877d2c44b70f89acb:3thVBVWVwz1oHb4ob2VgehUGF7zyAJHkm5UDW8NdQKFKCvFnoF",
+      attestation: "I certify that\n\nccd:9dd9ca4d19e9393877d2c44b70f89acb account 3thVBVWVwz1oHb4ob2VgehUGF7zyAJHkm5UDW8NdQKFKCvFnoF\n\nbelonged to did:key:z6MksamQq4oVRktkeSDxs6pbixYFUaUca8xgCvnTVLQA5PC5\n\non Thu, 12 Jun 2025 09:20:01 GMT",
+      proof: '{"0":{"0":"9b7263696072d4c5a0e060fec77bee5cb62ca9c8b674be864893f9d1dab75d28bf435efba9d4651ea1effdbd5b000f44d0d5be0fb10a11b3626a9a7be52e0d0d"}}',
+      did: "did:key:z6MksamQq4oVRktkeSDxs6pbixYFUaUca8xgCvnTVLQA5PC5",
+      status: ProofStatus.PENDING,
+      wallet_provider: "Concordium Wallet",
+    };
+
+    it("should verify proof", async () => {
+      const result = await verifyProof(proof);
+      expect(result.status).toBe(ProofStatus.VERIFIED);
+    });
+  })
 });