@nuggetslife/vc 0.0.21 → 0.0.23

package/index.d.ts

@@ -164,6 +164,120 @@ export interface BoundKeyPairOptions {
   commitment: Uint8Array
   blinded: Array<number>
 }
+export const enum JoseNamedCurve {
+  P256 = 0,
+  P384 = 1,
+  P521 = 2,
+  Secp256k1 = 3,
+  Ed25519 = 4,
+  Ed448 = 5,
+  X25519 = 6,
+  X448 = 7
+}
+export const enum JoseContentEncryption {
+  A128gcm = 0,
+  A192gcm = 1,
+  A256gcm = 2,
+  A128cbcHs256 = 3,
+  A192cbcHs384 = 4,
+  A256cbcHs512 = 5
+}
+export const enum JoseKeyEncryption {
+  Dir = 0,
+  EcdhEs = 1,
+  EcdhEsA128kw = 2,
+  EcdhEsA192kw = 3,
+  EcdhEsA256kw = 4,
+  Rsa1_5 = 5,
+  RsaOaep = 6,
+  RsaOaep256 = 7,
+  RsaOaep384 = 8,
+  RsaOaep512 = 9,
+  Pbes2Hs256A128kw = 10,
+  Pbes2Hs384A192kw = 11,
+  Pbes2Hs512A256kw = 12,
+  A128kw = 13,
+  A192kw = 14,
+  A256kw = 15,
+  A128gcmkw = 16,
+  A192gcmkw = 17,
+  A256gcmkw = 18
+}
+export const enum JoseSigningAlgorithm {
+  Es256 = 0,
+  Es384 = 1,
+  Es512 = 2,
+  Es256k = 3,
+  Eddsa = 4,
+  Hs256 = 5,
+  Hs384 = 6,
+  Hs512 = 7,
+  Rs256 = 8,
+  Rs384 = 9,
+  Rs512 = 10,
+  Ps256 = 11,
+  Ps384 = 12,
+  Ps512 = 13
+}
+export interface JoseEncryptResult {
+  ciphertext: string
+  tag?: string
+}
+/**
+ * Generate a JWK key pair and return the JWK (public + private) as a JSON object.
+ * Matches ffi-jose `generateJWK({ namedCurve })`.
+ */
+export declare function generateJwk(namedCurve: JoseNamedCurve): any
+/**
+ * Generate a full key pair (JWK, PEM, DER formats) and return as a JSON object.
+ * Matches ffi-jose `generateKeyPair(type, { namedCurve })`.
+ */
+export declare function generateKeyPair(namedCurve: JoseNamedCurve): any
+/**
+ * Low-level symmetric encryption. Key and IV as hex strings, plaintext as base64.
+ * Matches ffi-jose `encrypt(enc, plaintext, cek, iv, aad, didcomm)`.
+ */
+export declare function joseEncrypt(enc: JoseContentEncryption, key: string, iv: string, message: string, aad?: string | undefined | null): JoseEncryptResult
+/**
+ * Low-level symmetric decryption. Returns base64-encoded plaintext.
+ * Matches ffi-jose `decrypt(enc, cek, ciphertext, iv, tag, aad)`.
+ */
+export declare function joseDecrypt(enc: JoseContentEncryption, key: string, iv: string, ciphertext: string, aad?: string | undefined | null, tag?: string | undefined | null): string
+/**
+ * Encrypt a JSON payload for one or more recipients using JWE General JSON serialization.
+ * Matches ffi-jose `generalEncryptJson(alg, enc, payload, recipients, didcomm)`.
+ */
+export declare function generalEncryptJson(alg: JoseKeyEncryption, enc: JoseContentEncryption, payload: any, recipients: Array<any>, didcomm?: boolean | undefined | null): any
+/**
+ * Decrypt a JWE JSON object using a JWK private key.
+ * Matches ffi-jose `decryptJson(jwe, jwk)`.
+ */
+export declare function decryptJson(jwe: any, jwk: any): any
+/**
+ * Sign a JSON payload using JWS Compact serialization.
+ * Matches ffi-jose `compactSignJson(alg, payload, jwk, didcomm)`.
+ */
+export declare function compactSignJson(alg: JoseSigningAlgorithm, payload: any, jwk: any, didcomm?: boolean | undefined | null): string
+/**
+ * Verify a JWS Compact serialization and return the payload.
+ * Matches ffi-jose `compactJsonVerify(jws, jwk)`.
+ */
+export declare function compactJsonVerify(jws: string, jwk: any): any
+/**
+ * Sign a JSON payload using JWS Flattened JSON serialization.
+ * Matches ffi-jose `flattenedSignJson(alg, payload, jwk, didcomm)`.
+ */
+export declare function flattenedSignJson(alg: JoseSigningAlgorithm, payload: any, jwk: any, didcomm?: boolean | undefined | null): any
+/**
+ * Verify a JWS Flattened or General JSON serialization and return the payload.
+ * Matches ffi-jose `jsonVerify(jws, jwk)`.
+ */
+export declare function jsonVerify(jws: any, jwk: any): any
+/**
+ * Sign a JSON payload using JWS General JSON serialization with multiple signers.
+ * Matches ffi-jose `generalSignJson(payload, jwks, didcomm)`.
+ */
+export declare function generalSignJson(payload: any, jwks: Array<any>, didcomm?: boolean | undefined | null): any
 /**
  * Sign a document with BbsBlsSignature2020 and embed the proof.
  *

package/index.js

@@ -310,7 +310,7 @@ if (!nativeBinding) {
   throw new Error(`Failed to load native binding`)
 }
 
-const { BbsBlsHolderBoundSignature2022, BbsBlsHolderBoundSignatureProof2022, BbsBlsSignature2020, BbsBlsSignatureProof2020, Bls12381G2KeyPair, KeyPairSigner, KeyPairVerifier, BoundBls12381G2KeyPair, JsonLd, ldSign, ldVerify, ldDeriveProof, deriveProof, createCommitment, verifyCommitment, unblindSignature, deriveProofHolderBound } = nativeBinding
+const { BbsBlsHolderBoundSignature2022, BbsBlsHolderBoundSignatureProof2022, BbsBlsSignature2020, BbsBlsSignatureProof2020, Bls12381G2KeyPair, KeyPairSigner, KeyPairVerifier, BoundBls12381G2KeyPair, JoseNamedCurve, JoseContentEncryption, JoseKeyEncryption, JoseSigningAlgorithm, generateJwk, generateKeyPair, joseEncrypt, joseDecrypt, generalEncryptJson, decryptJson, compactSignJson, compactJsonVerify, flattenedSignJson, jsonVerify, generalSignJson, JsonLd, ldSign, ldVerify, ldDeriveProof, deriveProof, createCommitment, verifyCommitment, unblindSignature, deriveProofHolderBound } = nativeBinding
 
 module.exports.BbsBlsHolderBoundSignature2022 = BbsBlsHolderBoundSignature2022
 module.exports.BbsBlsHolderBoundSignatureProof2022 = BbsBlsHolderBoundSignatureProof2022
@@ -320,6 +320,21 @@ module.exports.Bls12381G2KeyPair = Bls12381G2KeyPair
 module.exports.KeyPairSigner = KeyPairSigner
 module.exports.KeyPairVerifier = KeyPairVerifier
 module.exports.BoundBls12381G2KeyPair = BoundBls12381G2KeyPair
+module.exports.JoseNamedCurve = JoseNamedCurve
+module.exports.JoseContentEncryption = JoseContentEncryption
+module.exports.JoseKeyEncryption = JoseKeyEncryption
+module.exports.JoseSigningAlgorithm = JoseSigningAlgorithm
+module.exports.generateJwk = generateJwk
+module.exports.generateKeyPair = generateKeyPair
+module.exports.joseEncrypt = joseEncrypt
+module.exports.joseDecrypt = joseDecrypt
+module.exports.generalEncryptJson = generalEncryptJson
+module.exports.decryptJson = decryptJson
+module.exports.compactSignJson = compactSignJson
+module.exports.compactJsonVerify = compactJsonVerify
+module.exports.flattenedSignJson = flattenedSignJson
+module.exports.jsonVerify = jsonVerify
+module.exports.generalSignJson = generalSignJson
 module.exports.JsonLd = JsonLd
 module.exports.ldSign = ldSign
 module.exports.ldVerify = ldVerify

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nuggetslife/vc",
-  "version": "0.0.21",
+  "version": "0.0.23",
   "main": "index.js",
   "types": "index.d.ts",
   "napi": {
@@ -22,10 +22,7 @@
     "@mattrglobal/jsonld-signatures-bbs": "^1.2.0",
     "@napi-rs/cli": "^2.18.3",
     "@types/node": "^20.14.9",
-    "ava": "^6.0.1"
-  },
-  "ava": {
-    "timeout": "3m"
+    "jsonld": "^8.3.3"
   },
   "engines": {
     "node": ">= 10"
@@ -35,17 +32,17 @@
     "build": "napi build --platform --release",
     "build:debug": "napi build --platform",
     "prepublishOnly": "napi prepublish -t npm",
-    "test": "ava",
+    "test": "node test.mjs && node test_jose.mjs && node test_jsonld_crossverify.mjs",
     "universal": "napi universal",
     "version": "napi version"
   },
   "packageManager": "yarn@4.3.1",
   "optionalDependencies": {
-    "@nuggetslife/vc-darwin-arm64": "0.0.21",
-    "@nuggetslife/vc-linux-arm64-gnu": "0.0.21",
-    "@nuggetslife/vc-linux-arm64-musl": "0.0.21",
-    "@nuggetslife/vc-linux-x64-gnu": "0.0.21",
-    "@nuggetslife/vc-linux-x64-musl": "0.0.21"
+    "@nuggetslife/vc-darwin-arm64": "0.0.23",
+    "@nuggetslife/vc-linux-arm64-gnu": "0.0.23",
+    "@nuggetslife/vc-linux-arm64-musl": "0.0.23",
+    "@nuggetslife/vc-linux-x64-gnu": "0.0.23",
+    "@nuggetslife/vc-linux-x64-musl": "0.0.23"
   },
   "dependencies": {}
 }

package/src/bls_signatures/bbs_bls_holder_bound_signature_2022/mod.rs

@@ -1,10 +1,10 @@
-#![allow(dead_code)]
 use napi::bindgen_prelude::*;
 use serde_json::json;
 use types::{BoundCreateProofOptions, BoundSignatureSuiteOptions, BoundVerifyProofOptions};
 
+use super::bbs_bls_signature_2020::napi_key_to_rust_key;
 use super::bls_12381_g2_keypair::Bls12381G2KeyPair;
-use crate::ld_signatures::{create_document_loader, parse_contexts};
+use crate::ld_signatures::loader_from_contexts;
 
 pub mod types;
 
@@ -80,22 +80,9 @@ impl BbsBlsHolderBoundSignature2022 {
     &self,
     options: BoundCreateProofOptions,
   ) -> Result<serde_json::Value> {
-    let additional_contexts = options
-      .contexts
-      .as_ref()
-      .map(|v| parse_contexts(&json!({ "contexts": v })))
-      .unwrap_or_default();
-    let (loader, cr) = create_document_loader(additional_contexts);
+    let (loader, cr) = loader_from_contexts(options.contexts.as_ref());
 
-    let rust_key =
-      vc::jsonld::signatures::bbs::bls_12381_g2_keypair::Bls12381G2KeyPair::new(Some(
-        vc::jsonld::signatures::bbs::bls_12381_g2_keypair::types::KeyPairOptions {
-          id: self.key.id.clone(),
-          controller: self.key.controller.clone(),
-          public_key_base58: self.key.public_key(),
-          private_key_base58: self.key.private_key(),
-        },
-      ));
+    let rust_key = napi_key_to_rust_key(&self.key);
 
     // Commitment/blinded not needed for counting messages — use empty placeholders.
     let bound_key = vc::jsonld::signatures::bbs::bound_keypair::BoundBls12381G2KeyPair::new(
@@ -128,12 +115,7 @@ impl BbsBlsHolderBoundSignature2022 {
     &self,
     options: BoundCreateProofOptions,
   ) -> Result<serde_json::Value> {
-    let additional_contexts = options
-      .contexts
-      .as_ref()
-      .map(|v| parse_contexts(&json!({ "contexts": v })))
-      .unwrap_or_default();
-    let (loader, cr) = create_document_loader(additional_contexts);
+    let (loader, cr) = loader_from_contexts(options.contexts.as_ref());
 
     let commitment = self
       .commitment
@@ -144,15 +126,7 @@ impl BbsBlsHolderBoundSignature2022 {
       .as_ref()
       .ok_or_else(|| napi::Error::from_reason("No blinded indices set on suite"))?;
 
-    let rust_key =
-      vc::jsonld::signatures::bbs::bls_12381_g2_keypair::Bls12381G2KeyPair::new(Some(
-        vc::jsonld::signatures::bbs::bls_12381_g2_keypair::types::KeyPairOptions {
-          id: self.key.id.clone(),
-          controller: self.key.controller.clone(),
-          public_key_base58: self.key.public_key(),
-          private_key_base58: self.key.private_key(),
-        },
-      ));
+    let rust_key = napi_key_to_rust_key(&self.key);
 
     let bound_key = vc::jsonld::signatures::bbs::bound_keypair::BoundBls12381G2KeyPair::new(
       rust_key,
@@ -189,12 +163,7 @@ impl BbsBlsHolderBoundSignature2022 {
     &self,
     options: BoundVerifyProofOptions,
   ) -> Result<serde_json::Value> {
-    let additional_contexts = options
-      .contexts
-      .as_ref()
-      .map(|v| parse_contexts(&json!({ "contexts": v })))
-      .unwrap_or_default();
-    let (loader, cr) = create_document_loader(additional_contexts);
+    let (loader, cr) = loader_from_contexts(options.contexts.as_ref());
 
     let blinding_factor = options.blinding_factor.to_vec();
     let blinded_messages: Vec<Vec<u8>> =

package/src/bls_signatures/bbs_bls_holder_bound_signature_proof_2022/mod.rs

@@ -2,7 +2,7 @@ use napi::bindgen_prelude::*;
 use serde_json::json;
 use types::{BoundDeriveProofOptions, BoundVerifyDerivedProofOptions};
 
-use crate::ld_signatures::{create_document_loader, parse_contexts};
+use crate::ld_signatures::loader_from_contexts;
 
 pub mod types;
 
@@ -27,12 +27,7 @@ impl BbsBlsHolderBoundSignatureProof2022 {
     &self,
     options: BoundDeriveProofOptions,
   ) -> Result<serde_json::Value> {
-    let additional_contexts = options
-      .contexts
-      .as_ref()
-      .map(|v| parse_contexts(&json!({ "contexts": v })))
-      .unwrap_or_default();
-    let (loader, cr) = create_document_loader(additional_contexts);
+    let (loader, cr) = loader_from_contexts(options.contexts.as_ref());
 
     let blinding_factor = options.blinding_factor.to_vec();
     let blinded_messages: Vec<Vec<u8>> =
@@ -60,12 +55,7 @@ impl BbsBlsHolderBoundSignatureProof2022 {
     &self,
     options: BoundVerifyDerivedProofOptions,
   ) -> Result<serde_json::Value> {
-    let additional_contexts = options
-      .contexts
-      .as_ref()
-      .map(|v| parse_contexts(&json!({ "contexts": v })))
-      .unwrap_or_default();
-    let (loader, cr) = create_document_loader(additional_contexts);
+    let (loader, cr) = loader_from_contexts(options.contexts.as_ref());
 
     let purpose = vc::jsonld::signatures::AssertionProofPurpose::new();
     let result = vc::jsonld::signatures::verify(&options.document, &purpose, loader, cr)

package/src/bls_signatures/bbs_bls_signature_2020/mod.rs

@@ -1,4 +1,3 @@
-#![allow(dead_code)]
 use base64::{engine::general_purpose::STANDARD, Engine as _};
 use chrono::Utc;
 use napi::bindgen_prelude::*;
@@ -11,12 +10,12 @@ use types::{
 use super::bls_12381_g2_keypair::{
   Bls12381G2KeyPair, KeyPairSigner, KeyPairSignerOptions, KeyPairVerifier, KeyPairVerifierOptions,
 };
-use crate::ld_signatures::{create_document_loader, parse_contexts};
+use crate::ld_signatures::loader_from_contexts;
 
 pub mod types;
 
 /// Convert a NAPI Bls12381G2KeyPair to a Rust core Bls12381G2KeyPair.
-fn napi_key_to_rust_key(
+pub(crate) fn napi_key_to_rust_key(
   napi_key: &Bls12381G2KeyPair,
 ) -> vc::jsonld::signatures::bbs::bls_12381_g2_keypair::Bls12381G2KeyPair {
   vc::jsonld::signatures::bbs::bls_12381_g2_keypair::Bls12381G2KeyPair::new(Some(
@@ -166,12 +165,7 @@ impl BbsBlsSignature2020 {
   /// Returns just the proof object (matching JS reference behavior).
   #[napi]
   pub async fn create_proof(&self, options: CreateProofOptions) -> Result<serde_json::Value> {
-    let additional_contexts = options
-      .contexts
-      .as_ref()
-      .map(|v| parse_contexts(&json!({ "contexts": v })))
-      .unwrap_or_default();
-    let (loader, cr) = create_document_loader(additional_contexts);
+    let (loader, cr) = loader_from_contexts(options.contexts.as_ref());
 
     let rust_key = napi_key_to_rust_key(&self.key);
     let suite = vc::jsonld::signatures::bbs::BbsBlsSignature2020::new(
@@ -200,12 +194,7 @@ impl BbsBlsSignature2020 {
   /// Returns `{ verified: boolean, error?: string }`.
   #[napi]
   pub async fn verify_proof(&self, options: VerifyProofOptions) -> Result<serde_json::Value> {
-    let additional_contexts = options
-      .contexts
-      .as_ref()
-      .map(|v| parse_contexts(&json!({ "contexts": v })))
-      .unwrap_or_default();
-    let (loader, cr) = create_document_loader(additional_contexts);
+    let (loader, cr) = loader_from_contexts(options.contexts.as_ref());
 
     let purpose = vc::jsonld::signatures::AssertionProofPurpose::new();
     let result = vc::jsonld::signatures::verify(&options.document, &purpose, loader, cr)
@@ -308,22 +297,3 @@ impl BbsBlsSignature2020 {
     Ok(verified)
   }
 }
-
-#[cfg(test)]
-mod tests {
-
-  use super::*;
-  #[test]
-  pub fn it_works() {
-    let mut j = json!({});
-
-    let Some(obj) = j.as_object_mut() else {
-      return ();
-    };
-
-    obj.insert(String::from("hello"), "there".into());
-    let _x = STANDARD.decode("hello");
-
-    println!("{j}")
-  }
-}

package/src/bls_signatures/bbs_bls_signature_2020/types.rs

@@ -1,4 +1,3 @@
-#![allow(dead_code)]
 use napi::bindgen_prelude::Uint8Array;
 
 use crate::bls_signatures::bls_12381_g2_keypair::types::KeyPairOptions;

package/src/bls_signatures/bbs_bls_signature_proof_2020/mod.rs

@@ -2,7 +2,7 @@ use napi::bindgen_prelude::*;
 use serde_json::json;
 use types::{DeriveProofOptions, VerifyDerivedProofOptions};
 
-use crate::ld_signatures::{create_document_loader, parse_contexts};
+use crate::ld_signatures::loader_from_contexts;
 
 pub mod types;
 
@@ -24,12 +24,7 @@ impl BbsBlsSignatureProof2020 {
   /// Derive a selective disclosure proof from a signed document.
   #[napi]
   pub async fn derive_proof(&self, options: DeriveProofOptions) -> Result<serde_json::Value> {
-    let additional_contexts = options
-      .contexts
-      .as_ref()
-      .map(|v| parse_contexts(&json!({ "contexts": v })))
-      .unwrap_or_default();
-    let (loader, cr) = create_document_loader(additional_contexts);
+    let (loader, cr) = loader_from_contexts(options.contexts.as_ref());
 
     let nonce = options.nonce.map(|s| s.as_bytes().to_vec());
 
@@ -52,12 +47,7 @@ impl BbsBlsSignatureProof2020 {
     &self,
     options: VerifyDerivedProofOptions,
   ) -> Result<serde_json::Value> {
-    let additional_contexts = options
-      .contexts
-      .as_ref()
-      .map(|v| parse_contexts(&json!({ "contexts": v })))
-      .unwrap_or_default();
-    let (loader, cr) = create_document_loader(additional_contexts);
+    let (loader, cr) = loader_from_contexts(options.contexts.as_ref());
 
     let purpose = vc::jsonld::signatures::AssertionProofPurpose::new();
     let result = vc::jsonld::signatures::verify(&options.document, &purpose, loader, cr)

package/src/bls_signatures/bls_12381_g2_keypair/mod.rs

@@ -58,12 +58,8 @@ impl Bls12381G2KeyPair {
         //   }
         // };
 
-        let private_key_inner = o
-          .private_key_base58
-          .map(|v| bs58::decode(v).into_vec().unwrap());
-        let public_key_inner = o
-          .public_key_base58
-          .map(|v| bs58::decode(v).into_vec().unwrap());
+        let private_key_inner = o.private_key_base58.and_then(|v| bs58::decode(v).into_vec().ok());
+        let public_key_inner = o.public_key_base58.and_then(|v| bs58::decode(v).into_vec().ok());
 
         Self {
           id: o.id,
@@ -246,13 +242,21 @@ impl Bls12381G2KeyPair {
   }
 
   #[napi(getter)]
-  pub fn public_key_buffer(&self) -> Buffer {
-    self.public_key_inner.clone().unwrap().into()
+  pub fn public_key_buffer(&self) -> Result<Buffer> {
+    self
+      .public_key_inner
+      .clone()
+      .map(|b| b.into())
+      .ok_or_else(|| napi::Error::from_reason("no public key set"))
   }
 
   #[napi(getter)]
-  pub fn private_key_buffer(&self) -> Buffer {
-    self.private_key_inner.clone().unwrap().into()
+  pub fn private_key_buffer(&self) -> Result<Buffer> {
+    self
+      .private_key_inner
+      .clone()
+      .map(|b| b.into())
+      .ok_or_else(|| napi::Error::from_reason("no private key set"))
   }
 
   #[napi]
@@ -377,12 +381,8 @@ impl Bls12381G2KeyPair {
       .ok_or(napi::Error::from_reason("public key buffer is missing"))?;
 
     let leader = hex::encode(&fingerprint_buffer[..2]);
-    let leader_match = if leader == "eb01" { true } else { false };
-    let bytes_match = if &public_key_inner == &fingerprint_buffer[2..] {
-      true
-    } else {
-      false
-    };
+    let leader_match = leader == "eb01";
+    let bytes_match = public_key_inner == fingerprint_buffer[2..];
 
     if leader_match && bytes_match {
       Ok(())

package/src/bls_signatures/bound_bls_12381_g2_keypair/mod.rs

@@ -1,4 +1,3 @@
-#![allow(dead_code)]
 use napi::bindgen_prelude::*;
 
 use super::bls_12381_g2_keypair::Bls12381G2KeyPair;
@@ -64,12 +63,12 @@ impl BoundBls12381G2KeyPair {
   }
 
   #[napi(getter)]
-  pub fn public_key_buffer(&self) -> Buffer {
+  pub fn public_key_buffer(&self) -> Result<Buffer> {
     self.inner.public_key_buffer()
   }
 
   #[napi(getter)]
-  pub fn private_key_buffer(&self) -> Buffer {
+  pub fn private_key_buffer(&self) -> Result<Buffer> {
     self.inner.private_key_buffer()
   }
 
@@ -84,6 +83,7 @@ impl BoundBls12381G2KeyPair {
   }
 
   /// Convert to a Rust core BoundBls12381G2KeyPair for use in signing.
+  #[allow(dead_code)] // Used by holder-bound suite after refactoring
   pub(crate) fn to_rust_bound_key(
     &self,
   ) -> vc::jsonld::signatures::bbs::bound_keypair::BoundBls12381G2KeyPair {