@nuggetslife/vc 0.0.10 → 0.0.15

package/src/jsonld.rs

@@ -0,0 +1,200 @@
+use serde_json::{json, Value};
+use std::collections::HashMap;
+use std::num::NonZeroUsize;
+use std::sync::Arc;
+
+use lru::LruCache;
+
+use vc::{
+    document_loader::nuggets::{load_nuggets_context, DocumentLoader},
+    jsonld::{self, context_resolver::ContextResolver},
+};
+
+use crate::ld_signatures::parse_contexts;
+
+/// JSON-LD processor — drop-in replacement for the jsonld.js API.
+///
+/// Holds a `DocumentLoader` and `ContextResolver` internally so they are
+/// created once and reused across all method calls.
+///
+/// ```js
+/// const jsonld = new JsonLd({ contexts: { "https://example.org/ctx": {...} } });
+/// const expanded = await jsonld.expand(doc);
+/// const compacted = await jsonld.compact(expanded, ctx);
+/// ```
+#[napi]
+pub struct JsonLd {
+    loader: Arc<DocumentLoader>,
+    cr: Arc<ContextResolver>,
+}
+
+#[napi]
+impl JsonLd {
+    /// Create a new JSON-LD processor.
+    ///
+    /// Accepts optional `{ contexts?: Record<string, any> }` to register
+    /// additional URL → document mappings in the document loader (on top
+    /// of the built-in nuggets contexts).
+    #[napi(constructor)]
+    pub fn new(options: Option<Value>) -> Self {
+        let additional: HashMap<String, Value> = options
+            .as_ref()
+            .map(|o| parse_contexts(o))
+            .unwrap_or_default();
+
+        let mut ctx = load_nuggets_context();
+        ctx.extend(additional);
+
+        let resolver = Arc::new(tokio::sync::RwLock::new(
+            vc::did_resolver::resolver::Resolver::new(
+                vc::did_resolver::resolver::ResolverRegistry::new(),
+                None,
+            ),
+        ));
+        let opts = vc::did_resolver::resolver::DidResolutionOptions::default();
+        let loader = Arc::new(DocumentLoader::new(ctx, resolver, opts));
+        let cr = Arc::new(ContextResolver::new(LruCache::new(
+            NonZeroUsize::new(10).unwrap(),
+        )));
+
+        Self { loader, cr }
+    }
+
+    /// Expand a JSON-LD document.
+    ///
+    /// `options` can include: `base`, `expandContext`, `keepFreeFloatingNodes`,
+    /// `processingMode`.
+    ///
+    /// Returns an array of expanded JSON-LD objects.
+    #[napi]
+    pub async fn expand(
+        &self,
+        input: Value,
+        options: Option<Value>,
+    ) -> napi::Result<Value> {
+        let opts = options.unwrap_or(json!({}));
+        jsonld::expand(input, self.loader.clone(), self.cr.clone(), opts)
+            .await
+            .map_err(|e| napi::Error::from_reason(format!("expand failed: {e}")))
+    }
+
+    /// Compact a JSON-LD document using a context.
+    ///
+    /// `ctx` — the compaction context (object, array, or string URL).
+    /// `options` can include: `base`, `compactArrays`, `graph`,
+    /// `skipExpansion`, `processingMode`.
+    ///
+    /// Returns the compacted JSON-LD object.
+    #[napi]
+    pub async fn compact(
+        &self,
+        input: Value,
+        ctx: Value,
+        options: Option<Value>,
+    ) -> napi::Result<Value> {
+        let opts = options.unwrap_or(json!({}));
+        jsonld::compact_api(input, ctx, self.loader.clone(), self.cr.clone(), opts)
+            .await
+            .map_err(|e| napi::Error::from_reason(format!("compact failed: {e}")))
+    }
+
+    /// Flatten a JSON-LD document.
+    ///
+    /// `ctx` — optional context for compacting the flattened result.
+    ///   Pass `null` to get the flattened expanded form.
+    /// `options` can include: `base`, `expandContext`, `processingMode`.
+    ///
+    /// Returns flattened array (no context) or compacted object (with context).
+    #[napi]
+    pub async fn flatten(
+        &self,
+        input: Value,
+        ctx: Option<Value>,
+        options: Option<Value>,
+    ) -> napi::Result<Value> {
+        let opts = options.unwrap_or(json!({}));
+        // Filter out null ctx (JS passes null, Rust expects None)
+        let ctx = ctx.filter(|v| !v.is_null());
+        jsonld::flatten(input, ctx, self.loader.clone(), self.cr.clone(), opts)
+            .await
+            .map_err(|e| napi::Error::from_reason(format!("flatten failed: {e}")))
+    }
+
+    /// Frame a JSON-LD document.
+    ///
+    /// `frame` — the framing template.
+    /// `options` can include: `base`, `embed`, `explicit`, `requireAll`,
+    /// `omitDefault`, `omitGraph`, `processingMode`.
+    ///
+    /// Returns the framed JSON-LD object.
+    #[napi]
+    pub async fn frame(
+        &self,
+        input: Value,
+        frame: Value,
+        options: Option<Value>,
+    ) -> napi::Result<Value> {
+        let opts = options.unwrap_or(json!({}));
+        jsonld::frame(input, frame, self.loader.clone(), self.cr.clone(), opts)
+            .await
+            .map_err(|e| napi::Error::from_reason(format!("frame failed: {e}")))
+    }
+
+    /// Convert a JSON-LD document to an RDF dataset.
+    ///
+    /// `options` can include: `base`, `expandContext`, `skipExpansion`,
+    /// `format` (`"application/n-quads"` for string output), `processingMode`.
+    ///
+    /// Returns an array of quads or an N-Quads string (depending on `format`).
+    #[napi(js_name = "toRDF")]
+    pub async fn to_rdf(
+        &self,
+        input: Value,
+        options: Option<Value>,
+    ) -> napi::Result<Value> {
+        let opts = options.unwrap_or(json!({}));
+        jsonld::to_rdf(input, self.loader.clone(), self.cr.clone(), opts)
+            .await
+            .map_err(|e| napi::Error::from_reason(format!("toRDF failed: {e}")))
+    }
+
+    /// Convert an RDF dataset to a JSON-LD document.
+    ///
+    /// `dataset` — N-Quads string or array of quads.
+    /// `options` can include: `useRdfType`, `useNativeTypes`, `rdfDirection`.
+    ///
+    /// Returns an array of JSON-LD objects.
+    #[napi(js_name = "fromRDF")]
+    pub fn from_rdf(&self, dataset: Value, options: Option<Value>) -> napi::Result<Value> {
+        let opts = options.unwrap_or(json!({}));
+        jsonld::from_rdf_api(dataset, opts)
+            .map_err(|e| napi::Error::from_reason(format!("fromRDF failed: {e}")))
+    }
+
+    /// Canonize (normalize) a JSON-LD document.
+    ///
+    /// `options` can include: `base`, `expandContext`, `skipExpansion`,
+    /// `inputFormat` (`"application/n-quads"`), `format`, `algorithm`,
+    /// `processingMode`.
+    ///
+    /// Returns the canonical N-Quads string.
+    #[napi]
+    pub async fn canonize(
+        &self,
+        input: Value,
+        options: Option<Value>,
+    ) -> napi::Result<Value> {
+        let mut opts = options.unwrap_or(json!({}));
+        // Defaults matching JS jsonld.js canonize()
+        if opts.get("algorithm").is_none() {
+            opts["algorithm"] = json!("RDFC-1.0");
+        }
+        if opts.get("format").is_none() {
+            opts["format"] = json!("application/n-quads");
+        }
+        let result = jsonld::canonize(input, self.loader.clone(), self.cr.clone(), opts)
+            .await
+            .map_err(|e| napi::Error::from_reason(format!("canonize failed: {e}")))?;
+        Ok(Value::String(result))
+    }
+}

package/src/ld_signatures.rs

@@ -0,0 +1,311 @@
+use std::collections::{BTreeMap, HashMap};
+use std::num::NonZeroUsize;
+use std::sync::Arc;
+
+use base64::Engine;
+use lru::LruCache;
+use napi::bindgen_prelude::*;
+use serde_json::Value;
+
+use vc::{
+    bbs_signatures::bls12381::{
+        bls_blind_signature_commitment, bls_unblind_signature, bls_verify_blind_signature_proof,
+    },
+    did_resolver::resolver::{DidResolutionOptions, Resolver, ResolverRegistry},
+    document_loader::nuggets::{load_nuggets_context, DocumentLoader},
+    jsonld::{
+        context_resolver::ContextResolver,
+        signatures::{
+            self,
+            bbs::{
+                bls_12381_g2_keypair::{types::KeyPairOptions, Bls12381G2KeyPair},
+                BbsBlsSignature2020 as BbsSignatureSuite, SignatureSuiteOptions,
+            },
+            AssertionProofPurpose,
+        },
+    },
+};
+
+/// Create a DocumentLoader with nuggets contexts plus additional caller-provided contexts.
+pub(crate) fn create_document_loader(
+    additional_contexts: HashMap<String, Value>,
+) -> (Arc<DocumentLoader>, Arc<ContextResolver>) {
+    let mut ctx = load_nuggets_context();
+    ctx.extend(additional_contexts);
+
+    let resolver = Arc::new(tokio::sync::RwLock::new(Resolver::new(
+        ResolverRegistry::new(),
+        None,
+    )));
+    let opts = DidResolutionOptions::default();
+    let loader = Arc::new(DocumentLoader::new(ctx, resolver, opts));
+    let cr = Arc::new(ContextResolver::new(LruCache::new(
+        NonZeroUsize::new(10).unwrap(),
+    )));
+
+    (loader, cr)
+}
+
+/// Parse the `contexts` field from options JSON into a HashMap.
+pub(crate) fn parse_contexts(options: &Value) -> HashMap<String, Value> {
+    options
+        .get("contexts")
+        .and_then(|v| v.as_object())
+        .map(|obj| {
+            obj.iter()
+                .map(|(k, v)| (k.clone(), v.clone()))
+                .collect()
+        })
+        .unwrap_or_default()
+}
+
+/// Sign a document with BbsBlsSignature2020 and embed the proof.
+///
+/// Input: `{ document, keyPair: {id, controller, publicKeyBase58, privateKeyBase58}, contexts? }`
+/// Output: signed document JSON with embedded proof
+#[napi]
+pub async fn ld_sign(options: Value) -> napi::Result<Value> {
+    let document = options
+        .get("document")
+        .cloned()
+        .ok_or_else(|| napi::Error::from_reason("missing 'document' in options"))?;
+
+    let key_pair_opts: KeyPairOptions =
+        serde_json::from_value(options.get("keyPair").cloned().unwrap_or(Value::Null))
+            .map_err(|e| napi::Error::from_reason(format!("failed to parse keyPair: {e}")))?;
+
+    let additional_contexts = parse_contexts(&options);
+
+    let key = Bls12381G2KeyPair::new(Some(key_pair_opts));
+    let (loader, cr) = create_document_loader(additional_contexts);
+
+    let suite = BbsSignatureSuite::new(SignatureSuiteOptions {
+        key,
+        verification_method: None,
+        date: None,
+        canonize_options: None,
+    })
+    .await;
+
+    let purpose = AssertionProofPurpose::new();
+    signatures::sign(document, &suite, &purpose, loader, cr)
+        .await
+        .map_err(|e| napi::Error::from_reason(format!("ld_sign failed: {e}")))
+}
+
+/// Verify a document with an embedded proof (auto-detects proof type).
+///
+/// Input: `{ document, contexts? }`
+/// Output: `{ verified: boolean, error?: string }`
+#[napi]
+pub async fn ld_verify(options: Value) -> napi::Result<Value> {
+    let document = options
+        .get("document")
+        .cloned()
+        .ok_or_else(|| napi::Error::from_reason("missing 'document' in options"))?;
+
+    let additional_contexts = parse_contexts(&options);
+
+    let (loader, cr) = create_document_loader(additional_contexts);
+    let purpose = AssertionProofPurpose::new();
+    let result = signatures::verify(&document, &purpose, loader, cr)
+        .await
+        .map_err(|e| napi::Error::from_reason(format!("ld_verify failed: {e}")))?;
+
+    Ok(serde_json::json!({
+        "verified": result.verified,
+        "error": result.error,
+    }))
+}
+
+/// Derive a selective disclosure proof from a signed document.
+///
+/// Input: `{ document, revealDocument, nonce?, contexts? }`
+/// Output: derived document JSON with embedded proof
+#[napi]
+pub async fn ld_derive_proof(options: Value) -> napi::Result<Value> {
+    let document = options
+        .get("document")
+        .cloned()
+        .ok_or_else(|| napi::Error::from_reason("missing 'document' in options"))?;
+
+    let reveal_document = options
+        .get("revealDocument")
+        .cloned()
+        .ok_or_else(|| napi::Error::from_reason("missing 'revealDocument' in options"))?;
+
+    let nonce = options
+        .get("nonce")
+        .and_then(|v| v.as_str())
+        .map(|s| s.as_bytes().to_vec());
+
+    let additional_contexts = parse_contexts(&options);
+
+    let (loader, cr) = create_document_loader(additional_contexts);
+    signatures::derive_proof(&document, &reveal_document, nonce, loader, cr)
+        .await
+        .map_err(|e| napi::Error::from_reason(format!("ld_derive_proof failed: {e}")))
+}
+
+/// Standalone deriveProof function matching the JS reference's
+/// `deriveProof(proofDocument, revealDocument, { suite, documentLoader, nonce })`.
+///
+/// Input: proofDocument (signed doc), revealDocument (frame), options `{ contexts?, nonce? }`
+/// Output: derived document JSON with embedded proof
+#[napi]
+pub async fn derive_proof(
+    proof_document: Value,
+    reveal_document: Value,
+    options: Value,
+) -> napi::Result<Value> {
+    let nonce = options
+        .get("nonce")
+        .and_then(|v| v.as_str())
+        .map(|s| s.as_bytes().to_vec());
+
+    let additional_contexts = parse_contexts(&options);
+
+    let (loader, cr) = create_document_loader(additional_contexts);
+    signatures::derive_proof(&proof_document, &reveal_document, nonce, loader, cr)
+        .await
+        .map_err(|e| napi::Error::from_reason(format!("deriveProof failed: {e}")))
+}
+
+/// Create a blind signature commitment (holder side).
+///
+/// Input: issuerDID (for resolving public key), messages (blinded messages as Uint8Array[]),
+///        blinded (indices), nonce, knownMessageCount, options `{ contexts? }`
+/// Output: `{ commitment, challengeHash, blindingFactor, proofOfHiddenMessages }` (all Uint8Array)
+#[napi]
+pub async fn create_commitment(
+    public_key: Uint8Array,
+    messages: Vec<Uint8Array>,
+    blinded: Vec<u32>,
+    nonce: Uint8Array,
+    known_message_count: u32,
+) -> napi::Result<serde_json::Value> {
+    let pk = public_key.to_vec();
+    let nonce_vec = nonce.to_vec();
+    let blinded_indices: Vec<usize> = blinded.iter().map(|&i| i as usize).collect();
+    let total_message_count = blinded_indices.len() + known_message_count as usize;
+
+    let mut msgs = BTreeMap::new();
+    for (idx, msg) in blinded_indices.iter().zip(messages.iter()) {
+        msgs.insert(*idx, msg.to_vec());
+    }
+
+    let result =
+        bls_blind_signature_commitment(pk, msgs, nonce_vec, total_message_count)
+            .await
+            .map_err(|e| napi::Error::from_reason(format!("createCommitment failed: {e}")))?;
+
+    Ok(serde_json::json!({
+        "commitment": base64::prelude::BASE64_STANDARD.encode(&result.commitment),
+        "challengeHash": base64::prelude::BASE64_STANDARD.encode(&result.challenge_hash),
+        "blindingFactor": base64::prelude::BASE64_STANDARD.encode(&result.blinding_factor),
+        "proofOfHiddenMessages": base64::prelude::BASE64_STANDARD.encode(&result.proof_of_hidden_messages),
+    }))
+}
+
+/// Verify a blind signature commitment (issuer side).
+///
+/// Returns true if the commitment proof is valid.
+#[napi]
+pub async fn verify_commitment(
+    public_key: Uint8Array,
+    commitment: Uint8Array,
+    proof_of_hidden_messages: Uint8Array,
+    challenge_hash: Uint8Array,
+    blinded: Vec<u32>,
+    nonce: Uint8Array,
+    known_message_count: u32,
+) -> napi::Result<bool> {
+    let pk = public_key.to_vec();
+    let blinded_indices: Vec<usize> = blinded.iter().map(|&i| i as usize).collect();
+    let total_message_count = blinded_indices.len() + known_message_count as usize;
+
+    bls_verify_blind_signature_proof(
+        pk,
+        commitment.to_vec(),
+        challenge_hash.to_vec(),
+        proof_of_hidden_messages.to_vec(),
+        blinded_indices,
+        nonce.to_vec(),
+        total_message_count,
+    )
+    .await
+    .map_err(|e| napi::Error::from_reason(format!("verifyCommitment failed: {e}")))
+}
+
+/// Unblind a blind signature (holder side).
+///
+/// Takes the blind signature from the issuer and the holder's blinding factor,
+/// returns the unblinded standard signature.
+#[napi]
+pub async fn unblind_signature(
+    blind_signature: Uint8Array,
+    blinding_factor: Uint8Array,
+) -> napi::Result<Uint8Array> {
+    let result = bls_unblind_signature(blind_signature.to_vec(), blinding_factor.to_vec())
+        .await
+        .map_err(|e| napi::Error::from_reason(format!("unblindSignature failed: {e}")))?;
+
+    Ok(Uint8Array::from(result))
+}
+
+/// Derive a selective disclosure proof from a holder-bound signed document.
+///
+/// Input: proofDocument (signed doc), revealDocument (frame),
+///        options `{ blindingFactor: Uint8Array, blindedMessages: Uint8Array[], contexts?, nonce? }`
+/// Output: derived document JSON with embedded proof
+#[napi]
+pub async fn derive_proof_holder_bound(
+    proof_document: Value,
+    reveal_document: Value,
+    options: Value,
+) -> napi::Result<Value> {
+    let blinding_factor = options
+        .get("blindingFactor")
+        .and_then(|v| v.as_str())
+        .map(|s| {
+            base64::prelude::BASE64_STANDARD
+                .decode(s)
+                .map_err(|e| napi::Error::from_reason(format!("failed to decode blindingFactor: {e}")))
+        })
+        .transpose()?
+        .ok_or_else(|| napi::Error::from_reason("missing 'blindingFactor' in options"))?;
+
+    let blinded_messages: Vec<Vec<u8>> = options
+        .get("blindedMessages")
+        .and_then(|v| v.as_array())
+        .ok_or_else(|| napi::Error::from_reason("missing 'blindedMessages' in options"))?
+        .iter()
+        .map(|v| {
+            base64::prelude::BASE64_STANDARD
+                .decode(v.as_str().unwrap_or_default())
+                .map_err(|e| {
+                    napi::Error::from_reason(format!("failed to decode blinded message: {e}"))
+                })
+        })
+        .collect::<napi::Result<_>>()?;
+
+    let nonce = options
+        .get("nonce")
+        .and_then(|v| v.as_str())
+        .map(|s| s.as_bytes().to_vec());
+
+    let additional_contexts = parse_contexts(&options);
+
+    let (loader, cr) = create_document_loader(additional_contexts);
+    signatures::derive_proof_holder_bound(
+        &proof_document,
+        &reveal_document,
+        blinding_factor,
+        blinded_messages,
+        nonce,
+        loader,
+        cr,
+    )
+    .await
+    .map_err(|e| napi::Error::from_reason(format!("deriveProofHolderBound failed: {e}")))
+}