@nuggetslife/vc 0.0.7 → 0.0.9

package/Cargo.toml

@@ -10,6 +10,7 @@ crate-type = ["cdylib"]
 # Default enable napi4 feature, see https://nodejs.org/api/n-api.html#node-api-version-matrix
 base64 = "0.22.1"
 bs58 = "0.5.1"
+hex = "0.4.3"
 # Default enable napi4 feature, see https://nodejs.org/api/n-api.html#node-api-version-matrix
 napi = { version = "2.12.2", default-features = false, features = ["napi4", "tokio_rt"] }
 napi-derive = "2.12.2"

package/index.d.ts

@@ -15,6 +15,14 @@ export interface JwkKeyPairOptions {
   privateKeyJwk?: JsonWebKey
   publicKeyJwk?: JsonWebKey
 }
+export interface FingerPrintFromPublicKeyOptions {
+  publicKeyBase58: string
+}
+export interface KeyPairFromFingerPrintOptions {
+  id?: string
+  controller?: string
+  fingerprint: string
+}
 export interface JsonWebKey {
   /**
    * Indicates the key type used
@@ -89,17 +97,25 @@ export interface KeyPairVerifierOptions {
 export class Bls12381G2KeyPair {
   id?: string
   controller?: string
-  privateKeyBuffer?: Array<number>
-  publicKeyBuffer?: Array<number>
+  privateKeyInner?: Array<number>
+  publicKeyInner?: Array<number>
   type: string
   constructor(options?: KeyPairOptions | undefined | null)
   static generate(options?: GenerateKeyPairOptions | undefined | null): Promise<Bls12381G2KeyPair>
   static from(options: KeyPairOptions): Promise<Bls12381G2KeyPair>
   static fromJwk(options: JwkKeyPairOptions): Promise<Bls12381G2KeyPair>
+  static fromFingerprint(options: KeyPairFromFingerPrintOptions): Promise<Bls12381G2KeyPair>
   get publicKey(): string | null
+  get publicKeyBuffer(): Buffer
+  get privateKeyBuffer(): Buffer
+  publicKeyJwk(): JsonWebKey
   get privateKey(): string | null
+  privateKeyJwk(): JsonWebKey
   signer(): KeyPairSigner
   verifier(): KeyPairVerifier
+  fingerprint(): string
+  static fingerprintFromPublicKey(options: FingerPrintFromPublicKeyOptions): string
+  verifyFingerprint(fingerprint: string): void
 }
 export class KeyPairSigner {
   sign(options: KeyPairSignerOptions): Promise<Uint8Array>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nuggetslife/vc",
-  "version": "0.0.7",
+  "version": "0.0.9",
   "main": "index.js",
   "types": "index.d.ts",
   "napi": {
@@ -38,6 +38,6 @@
   },
   "packageManager": "yarn@4.3.1",
   "optionalDependencies": {
-    "@nuggetslife/vc-darwin-arm64": "0.0.7"
+    "@nuggetslife/vc-darwin-arm64": "0.0.9"
   }
 }

package/src/lib.rs

@@ -3,12 +3,19 @@
 #[macro_use]
 extern crate napi_derive;
 
-use base64::{engine::general_purpose::URL_SAFE, Engine as _};
+use base64::{
+  engine::general_purpose::URL_SAFE, engine::general_purpose::URL_SAFE_NO_PAD, Engine as _,
+};
 use napi::bindgen_prelude::*;
-use types::{Bls12381G2KeyPair, GenerateKeyPairOptions, JwkKeyPairOptions, KeyPairOptions};
+use types::{
+  Bls12381G2KeyPair, BlsCurveName, FingerPrintFromPublicKeyOptions, GenerateKeyPairOptions,
+  JsonWebKey, JwkKeyPairOptions, JwkKty, KeyPairFromFingerPrintOptions, KeyPairOptions,
+};
 use validators::{assert_bls_12381_g2_private_jwk, assert_bls_12381_g2_public_jwk};
 use vc::bbs_signatures::bls12381::{
   bls_generate_g2_key, bls_sign, bls_verify, BlsBbsSignRequest, BlsBbsVerifyRequest, BlsKeyPair,
+  BLS12381G2_MULTICODEC_IDENTIFIER, DEFAULT_BLS12381_G2_PUBLIC_KEY_LENGTH,
+  MULTIBASE_ENCODED_BASE58_IDENTIFIER, VARIABLE_INTEGER_TRAILING_BYTE,
 };
 
 pub mod types;
@@ -45,26 +52,26 @@ impl Bls12381G2KeyPair {
         //   }
         // };
 
-        let private_key_buffer = o
+        let private_key_inner = o
           .private_key_base58
           .map(|v| bs58::decode(v).into_vec().unwrap());
-        let public_key_buffer = o
+        let public_key_inner = o
           .public_key_base58
           .map(|v| bs58::decode(v).into_vec().unwrap());
 
         Self {
           id: o.id,
           controller: o.controller,
-          private_key_buffer,
-          public_key_buffer,
+          private_key_inner,
+          public_key_inner,
           type_: String::from("Bls12381G2Key2020"),
         }
       }
       None => Self {
         id: None,
         controller: None,
-        private_key_buffer: None,
-        public_key_buffer: None,
+        private_key_inner: None,
+        public_key_inner: None,
         type_: String::from("Bls12381G2Key2020"),
       },
     }
@@ -151,30 +158,239 @@ impl Bls12381G2KeyPair {
     }
   }
 
+  #[napi(factory)]
+  pub async fn from_fingerprint(
+    options: KeyPairFromFingerPrintOptions,
+  ) -> Result<Bls12381G2KeyPair> {
+    let KeyPairFromFingerPrintOptions {
+      id,
+      controller,
+      fingerprint,
+    } = options;
+    let mut chars = fingerprint.chars();
+    let head = chars
+      .next()
+      .ok_or(napi::Error::from_reason("fingerprint string is empty"))?
+      .to_string();
+
+    if head != MULTIBASE_ENCODED_BASE58_IDENTIFIER {
+      return Err(napi::Error::from_reason(
+      format!("Unsupported fingerprint type: expected first character to be `z` indicating base58 encoding, received {head}")
+    ));
+    };
+
+    let rest = chars.collect::<String>();
+    let buffer = bs58::decode(rest).into_vec().map_err(|err| {
+      napi::Error::from_reason(format!(
+        "failed to decode bs58 fingerprint to bytes. error: {err}"
+      ))
+    })?;
+
+    if buffer.len() != BLS12381G2_MULTICODEC_IDENTIFIER as usize {
+      return Err(napi::Error::from_reason(
+      format!("Unsupported public key length: expected `${DEFAULT_BLS12381_G2_PUBLIC_KEY_LENGTH}` received {}", buffer.len())
+    ));
+    }
+
+    if buffer[0] != DEFAULT_BLS12381_G2_PUBLIC_KEY_LENGTH {
+      return Err(napi::Error::from_reason(
+      format!("Unsupported public key identifier: expected second character to be {BLS12381G2_MULTICODEC_IDENTIFIER} indicating BLS12381G2 key pair, received  {}", buffer[0])
+    ));
+    }
+
+    if buffer[1] != VARIABLE_INTEGER_TRAILING_BYTE {
+      return Err(napi::Error::from_reason(
+      format!("Missing variable integer trailing byte: expected third character to be {BLS12381G2_MULTICODEC_IDENTIFIER} indicating BLS12381G2 key pair, received  {}", buffer[1])
+    ));
+    }
+
+    let pubkey_base58 = bs58::encode(buffer).into_string();
+    let opts = FingerPrintFromPublicKeyOptions {
+      public_key_base58: pubkey_base58.clone(),
+    };
+    let fingerprint = Bls12381G2KeyPair::fingerprint_from_public_key(opts).map_err(|err| {
+      napi::Error::from_reason(format!("fingerprint_from_public_key failed. error: {err}"))
+    })?;
+    let mapped_controller = match controller {
+      Some(v) => v,
+      None => {
+        format!("did:key:{fingerprint}",)
+      }
+    };
+
+    let mapped_id = match id {
+      Some(v) => v,
+      None => {
+        format!("#{fingerprint}",)
+      }
+    };
+
+    let kp = Bls12381G2KeyPair::new(Some(KeyPairOptions {
+      id: Some(mapped_id),
+      controller: Some(mapped_controller),
+      public_key_base58: Some(pubkey_base58),
+      private_key_base58: None,
+    }))
+    .await;
+
+    Ok(kp)
+  }
+
   #[napi(getter)]
   pub fn public_key(&self) -> Option<String> {
     self
-      .public_key_buffer
+      .public_key_inner
       .clone()
       .map(|b| bs58::encode(b).into_string())
   }
 
+  #[napi(getter)]
+  pub fn public_key_buffer(&self) -> Buffer {
+    self.public_key_inner.clone().unwrap().into()
+  }
+
+  #[napi(getter)]
+  pub fn private_key_buffer(&self) -> Buffer {
+    self.private_key_inner.clone().unwrap().into()
+  }
+
+  #[napi]
+  pub fn public_key_jwk(&self) -> Result<JsonWebKey> {
+    let Some(ref public_key_inner) = self.public_key_inner else {
+      return Err(napi::Error::from_reason("no public_key_inner"));
+    };
+
+    Ok(JsonWebKey {
+      kid: self.id.to_owned(),
+      kty: JwkKty::EC.into(),
+      crv: BlsCurveName::G2.into(),
+      x: URL_SAFE_NO_PAD.encode(public_key_inner),
+      use_: None,
+      key_ops: None,
+      alg: None,
+      d: None,
+      y: None,
+      ext: None,
+    })
+  }
+
   #[napi(getter)]
   pub fn private_key(&self) -> Option<String> {
     self
-      .private_key_buffer
+      .private_key_inner
       .clone()
       .map(|b| bs58::encode(b).into_string())
   }
 
+  #[napi]
+  pub fn private_key_jwk(&self) -> Result<JsonWebKey> {
+    let Some(ref public_key_inner) = self.public_key_inner else {
+      return Err(napi::Error::from_reason("no public_key_inner"));
+    };
+
+    let Some(ref private_key_inner) = self.private_key_inner else {
+      return Err(napi::Error::from_reason("no private_key_inner"));
+    };
+
+    Ok(JsonWebKey {
+      kid: self.id.to_owned(),
+      kty: JwkKty::EC.into(),
+      crv: BlsCurveName::G2.into(),
+      x: URL_SAFE_NO_PAD.encode(public_key_inner),
+      d: Some(URL_SAFE_NO_PAD.encode(private_key_inner)),
+      use_: None,
+      key_ops: None,
+      alg: None,
+      y: None,
+      ext: None,
+    })
+  }
+
   #[napi]
   pub fn signer(&self) -> KeyPairSigner {
     KeyPairSigner { key: self.clone() }
   }
+
   #[napi]
   pub fn verifier(&self) -> KeyPairVerifier {
     KeyPairVerifier { key: self.clone() }
   }
+
+  #[napi]
+  pub fn fingerprint(&self) -> Result<String> {
+    let Some(public_key_base58) = self.public_key() else {
+      return Err(napi::Error::from_reason("no public key"));
+    };
+    Bls12381G2KeyPair::fingerprint_from_public_key(FingerPrintFromPublicKeyOptions {
+      public_key_base58,
+    })
+  }
+
+  #[napi]
+  pub fn fingerprint_from_public_key(options: FingerPrintFromPublicKeyOptions) -> Result<String> {
+    let FingerPrintFromPublicKeyOptions { public_key_base58 } = options;
+    let mut key_bytes = bs58::decode(public_key_base58).into_vec().map_err(|err| {
+      napi::Error::from_reason(format!(
+        "failed to decode public_key_base58 value. error: {err}"
+      ))
+    })?;
+
+    let mut buffer = vec![
+      BLS12381G2_MULTICODEC_IDENTIFIER,
+      VARIABLE_INTEGER_TRAILING_BYTE,
+    ];
+    buffer.append(&mut key_bytes);
+
+    Ok(format!(
+      "{}{}",
+      MULTIBASE_ENCODED_BASE58_IDENTIFIER,
+      bs58::encode(buffer).into_string()
+    ))
+  }
+
+  #[napi]
+  pub fn verify_fingerprint(&self, fingerprint: String) -> Result<()> {
+    // fingerprint should have `z` prefix indicating
+    // that it's multi-base encoded
+    let mut chars = fingerprint.chars();
+    let head = chars
+      .next()
+      .ok_or(napi::Error::from_reason("fingerprint string is empty"))?
+      .to_string();
+
+    let rest = chars.collect::<String>();
+
+    if head != MULTIBASE_ENCODED_BASE58_IDENTIFIER {
+      return Err(napi::Error::from_reason(
+        "`fingerprint` must be a multibase encoded string.",
+      ));
+    };
+
+    let fingerprint_buffer = bs58::decode(rest).into_vec().map_err(|err| {
+      napi::Error::from_reason(format!("failed to decode bs58 value: error: {err}"))
+    })?;
+
+    let public_key_inner = self
+      .public_key_inner
+      .clone()
+      .ok_or(napi::Error::from_reason("public key buffer is missing"))?;
+
+    let leader = hex::encode(&fingerprint_buffer[..2]);
+    let leader_match = if leader == "eb01" { true } else { false };
+    let bytes_match = if &public_key_inner == &fingerprint_buffer[2..] {
+      true
+    } else {
+      false
+    };
+
+    if leader_match && bytes_match {
+      Ok(())
+    } else {
+      Err(napi::Error::from_reason(
+        "The fingerprint does not match the public key",
+      ))
+    }
+  }
 }
 
 pub fn convert_base64_url_to_base58(value: String) -> Result<String> {
@@ -198,14 +414,14 @@ pub struct KeyPairSignerOptions {
 impl KeyPairSigner {
   #[napi]
   pub async fn sign(&self, options: KeyPairSignerOptions) -> Result<Uint8Array> {
-    if self.key.private_key_buffer.is_none() {
+    if self.key.private_key_inner.is_none() {
       return Err(napi::Error::from_reason("No private key to sign with."));
     }
 
     let messages: Vec<Vec<u8>> = options.data.into_iter().map(|x| x.to_vec()).collect();
     let key_pair = BlsKeyPair {
-      public_key: self.key.public_key_buffer.clone(),
-      secret_key: self.key.private_key_buffer.clone(),
+      public_key: self.key.public_key_inner.clone(),
+      secret_key: self.key.private_key_inner.clone(),
     };
     let sig = bls_sign(BlsBbsSignRequest { messages, key_pair })
       .await
@@ -231,7 +447,7 @@ impl KeyPairVerifier {
   #[napi]
   pub async fn verify(&self, options: KeyPairVerifierOptions) -> Result<bool> {
     let KeyPairVerifierOptions { data, signature } = options;
-    let Some(public_key) = self.key.public_key_buffer.clone() else {
+    let Some(public_key) = self.key.public_key_inner.clone() else {
       return Err(napi::Error::from_reason(
         "key.public_key is required for verify",
       ));

package/src/types.rs

@@ -5,8 +5,8 @@ use napi::bindgen_prelude::*;
 pub struct Bls12381G2KeyPair {
   pub id: Option<String>,
   pub controller: Option<String>,
-  pub private_key_buffer: Option<Vec<u8>>,
-  pub public_key_buffer: Option<Vec<u8>>,
+  pub private_key_inner: Option<Vec<u8>>,
+  pub public_key_inner: Option<Vec<u8>>,
   #[napi(js_name = "type")]
   pub type_: String,
 }
@@ -27,6 +27,18 @@ pub struct JwkKeyPairOptions {
   pub public_key_jwk: Option<JsonWebKey>,
 }
 
+#[napi(object)]
+pub struct FingerPrintFromPublicKeyOptions {
+  pub public_key_base58: String,
+}
+
+#[napi(object)]
+pub struct KeyPairFromFingerPrintOptions {
+  pub id: Option<String>,
+  pub controller: Option<String>,
+  pub fingerprint: String,
+}
+
 #[napi(object)]
 pub struct JsonWebKey {
   /////
@@ -130,6 +142,17 @@ impl TryFrom<&str> for BlsCurveName {
   }
 }
 
+impl Into<String> for BlsCurveName {
+  fn into(self) -> String {
+    match self {
+      BlsCurveName::DeprecatedG1 => String::from("BLS12381_G1"),
+      BlsCurveName::DeprecatedG2 => String::from("BLS12381_G2"),
+      BlsCurveName::G1 => String::from("Bls12381G1"),
+      BlsCurveName::G2 => String::from("Bls12381G2"),
+    }
+  }
+}
+
 #[derive(PartialEq)]
 pub enum JwkKty {
   OctetKeyPair,
@@ -152,3 +175,13 @@ impl TryFrom<&str> for JwkKty {
     }
   }
 }
+
+impl Into<String> for JwkKty {
+  fn into(self) -> String {
+    match self {
+      JwkKty::OctetKeyPair => String::from("OKP"),
+      JwkKty::EC => String::from("EC"),
+      JwkKty::RSA => String::from("RSA"),
+    }
+  }
+}

package/test.mjs

@@ -76,3 +76,17 @@ test('sign and verify', async () => {
     assert.equal(ms_verify_ms_sig, true)
     assert.equal(ms_verify_hs_sig, true)
 })
+
+test('issuer jwk', async () => {
+
+    const mattr = await Bls12381G2KeyPair.generate({ seed, });
+    const harry = await NewKeyPairClass.generate({ seed })
+    console.log(mattr.publicKeyBuffer)
+    console.log(mattr.privateKeyBuffer)
+
+    console.log(harry.publicKeyBuffer)
+    console.log(harry.publicKeyBuffer2)
+    console.log(harry.privateKeyBuffer)
+
+
+})