@nuggetslife/vc 0.0.9 → 0.0.15

package/src/bls_signatures/bbs_bls_holder_bound_signature_2022/types.rs

@@ -0,0 +1,26 @@
+use napi::bindgen_prelude::*;
+
+use crate::bls_signatures::bls_12381_g2_keypair::types::KeyPairOptions;
+
+#[napi(object)]
+pub struct BoundSignatureSuiteOptions {
+  pub key: Option<KeyPairOptions>,
+  pub verification_method: Option<String>,
+  pub date: Option<String>,
+  pub commitment: Option<Uint8Array>,
+  pub blinded: Option<Vec<u32>>,
+}
+
+#[napi(object)]
+pub struct BoundCreateProofOptions {
+  pub document: serde_json::Value,
+  pub contexts: Option<serde_json::Value>,
+}
+
+#[napi(object)]
+pub struct BoundVerifyProofOptions {
+  pub document: serde_json::Value,
+  pub blinding_factor: Uint8Array,
+  pub blinded_messages: Vec<Uint8Array>,
+  pub contexts: Option<serde_json::Value>,
+}

package/src/bls_signatures/bbs_bls_holder_bound_signature_proof_2022/mod.rs

@@ -0,0 +1,100 @@
+use napi::bindgen_prelude::*;
+use serde_json::json;
+use types::{BoundDeriveProofOptions, BoundVerifyDerivedProofOptions};
+
+use crate::ld_signatures::{create_document_loader, parse_contexts};
+
+pub mod types;
+
+#[napi]
+pub struct BbsBlsHolderBoundSignatureProof2022 {
+  #[napi(js_name = "type")]
+  pub type_: String,
+}
+
+#[napi]
+impl BbsBlsHolderBoundSignatureProof2022 {
+  #[napi(constructor)]
+  pub fn new() -> Self {
+    Self {
+      type_: String::from("sec:BbsBlsHolderBoundSignatureProof2022"),
+    }
+  }
+
+  /// Derive a selective disclosure proof from a holder-bound signed document.
+  #[napi]
+  pub async fn derive_proof(
+    &self,
+    options: BoundDeriveProofOptions,
+  ) -> Result<serde_json::Value> {
+    let additional_contexts = options
+      .contexts
+      .as_ref()
+      .map(|v| parse_contexts(&json!({ "contexts": v })))
+      .unwrap_or_default();
+    let (loader, cr) = create_document_loader(additional_contexts);
+
+    let blinding_factor = options.blinding_factor.to_vec();
+    let blinded_messages: Vec<Vec<u8>> =
+      options.blinded_messages.iter().map(|m| m.to_vec()).collect();
+    let nonce = options.nonce.map(|s| s.as_bytes().to_vec());
+
+    vc::jsonld::signatures::derive_proof_holder_bound(
+      &options.document,
+      &options.reveal_document,
+      blinding_factor,
+      blinded_messages,
+      nonce,
+      loader,
+      cr,
+    )
+    .await
+    .map_err(|e| napi::Error::from_reason(format!("deriveProof failed: {e}")))
+  }
+
+  /// Verify a derived (selective disclosure) holder-bound proof.
+  ///
+  /// Returns `{ verified: boolean, error?: string }`.
+  #[napi]
+  pub async fn verify_proof(
+    &self,
+    options: BoundVerifyDerivedProofOptions,
+  ) -> Result<serde_json::Value> {
+    let additional_contexts = options
+      .contexts
+      .as_ref()
+      .map(|v| parse_contexts(&json!({ "contexts": v })))
+      .unwrap_or_default();
+    let (loader, cr) = create_document_loader(additional_contexts);
+
+    let purpose = vc::jsonld::signatures::AssertionProofPurpose::new();
+    let result = vc::jsonld::signatures::verify(&options.document, &purpose, loader, cr)
+      .await
+      .map_err(|e| napi::Error::from_reason(format!("verifyProof failed: {e}")))?;
+
+    Ok(json!({
+      "verified": result.verified,
+      "error": result.error,
+    }))
+  }
+
+  /// Returns the proof types this suite produces.
+  #[napi(getter)]
+  pub fn proof_type(&self) -> Vec<String> {
+    vec![
+      "BbsBlsHolderBoundSignatureProof2022".to_string(),
+      "sec:BbsBlsHolderBoundSignatureProof2022".to_string(),
+      "https://w3id.org/security#BbsBlsHolderBoundSignatureProof2022".to_string(),
+    ]
+  }
+
+  /// Returns the proof types from which this suite can derive.
+  #[napi(getter)]
+  pub fn supported_derived_proof_type(&self) -> Vec<String> {
+    vec![
+      "BbsBlsHolderBoundSignature2022".to_string(),
+      "sec:BbsBlsHolderBoundSignature2022".to_string(),
+      "https://w3id.org/security#BbsBlsHolderBoundSignature2022".to_string(),
+    ]
+  }
+}

package/src/bls_signatures/bbs_bls_holder_bound_signature_proof_2022/types.rs

@@ -0,0 +1,17 @@
+use napi::bindgen_prelude::*;
+
+#[napi(object)]
+pub struct BoundDeriveProofOptions {
+  pub document: serde_json::Value,
+  pub reveal_document: serde_json::Value,
+  pub blinding_factor: Uint8Array,
+  pub blinded_messages: Vec<Uint8Array>,
+  pub contexts: Option<serde_json::Value>,
+  pub nonce: Option<String>,
+}
+
+#[napi(object)]
+pub struct BoundVerifyDerivedProofOptions {
+  pub document: serde_json::Value,
+  pub contexts: Option<serde_json::Value>,
+}

package/src/bls_signatures/bbs_bls_signature_2020/mod.rs

@@ -0,0 +1,329 @@
+#![allow(dead_code)]
+use base64::{engine::general_purpose::STANDARD, Engine as _};
+use chrono::Utc;
+use napi::bindgen_prelude::*;
+use serde_json::json;
+use types::{
+  CreateProofOptions, SignatureSuiteOptions, SuiteSignOptions, VerifyProofOptions,
+  VerifySignatureOptions,
+};
+
+use super::bls_12381_g2_keypair::{
+  Bls12381G2KeyPair, KeyPairSigner, KeyPairSignerOptions, KeyPairVerifier, KeyPairVerifierOptions,
+};
+use crate::ld_signatures::{create_document_loader, parse_contexts};
+
+pub mod types;
+
+/// Convert a NAPI Bls12381G2KeyPair to a Rust core Bls12381G2KeyPair.
+fn napi_key_to_rust_key(
+  napi_key: &Bls12381G2KeyPair,
+) -> vc::jsonld::signatures::bbs::bls_12381_g2_keypair::Bls12381G2KeyPair {
+  vc::jsonld::signatures::bbs::bls_12381_g2_keypair::Bls12381G2KeyPair::new(Some(
+    vc::jsonld::signatures::bbs::bls_12381_g2_keypair::types::KeyPairOptions {
+      id: napi_key.id.clone(),
+      controller: napi_key.controller.clone(),
+      public_key_base58: napi_key.public_key(),
+      private_key_base58: napi_key.private_key(),
+    },
+  ))
+}
+
+#[napi]
+pub struct BbsBlsSignature2020 {
+  proof: serde_json::Value,
+  signer: Option<KeyPairSigner>,
+  verifier: KeyPairVerifier,
+  key: Bls12381G2KeyPair,
+  verification_method: Option<String>,
+  proof_signature_key: String,
+  date: String,
+  #[napi(js_name = "type")]
+  pub type_: String,
+}
+
+#[napi]
+impl BbsBlsSignature2020 {
+  #[napi(constructor)]
+  pub fn new(options: Option<SignatureSuiteOptions>) -> Self {
+    let proof = json!({
+      "@context": [
+        {
+          "sec": "https://w3id.org/security#",
+          "proof": {
+            "@id": "sec:proof",
+            "@type": "@id",
+            "@container": "@graph",
+          },
+        },
+        "https://w3id.org/security/bbs/v1",
+      ],
+      "type": "BbsBlsSignature2020",
+    });
+
+    match options {
+      Some(opts) => {
+        let key = match opts.key {
+          Some(kp_opts) => Bls12381G2KeyPair::new(Some(
+            super::bls_12381_g2_keypair::types::KeyPairOptions {
+              id: kp_opts.id,
+              controller: kp_opts.controller,
+              public_key_base58: kp_opts.public_key_base58,
+              private_key_base58: kp_opts.private_key_base58,
+            },
+          )),
+          None => Bls12381G2KeyPair::new(None),
+        };
+
+        let signer = if key.private_key_inner.is_some() {
+          Some(key.signer())
+        } else {
+          None
+        };
+
+        Self {
+          proof,
+          signer,
+          verifier: key.verifier(),
+          verification_method: match opts.verification_method {
+            Some(vm) => Some(vm),
+            None => key.id.clone(),
+          },
+          key,
+          date: match opts.date {
+            Some(d) => d,
+            None => Utc::now().to_rfc3339(),
+          },
+          proof_signature_key: String::from("proofValue"),
+          type_: String::from("sec:BbsBlsSignature2020"),
+        }
+      }
+      None => {
+        let key = Bls12381G2KeyPair::new(None);
+        Self {
+          proof,
+          signer: None,
+          verifier: key.verifier(),
+          verification_method: None,
+          key,
+          date: Utc::now().to_rfc3339(),
+          proof_signature_key: String::from("proofValue"),
+          type_: String::from("sec:BbsBlsSignature2020"),
+        }
+      }
+    }
+  }
+
+  /// Generate a BbsBlsSignature2020 suite from a seed (async key generation).
+  #[napi(factory)]
+  pub async fn generate(options: SignatureSuiteOptions) -> Self {
+    let key = Bls12381G2KeyPair::generate(
+      options.key.map(|kp| {
+        super::bls_12381_g2_keypair::types::GenerateKeyPairOptions {
+          id: kp.id,
+          controller: kp.controller,
+          seed: kp.private_key_base58.map(|s| s.into_bytes().into()),
+        }
+      }),
+    )
+    .await;
+
+    let proof = json!({
+      "@context": [
+        {
+          "sec": "https://w3id.org/security#",
+          "proof": {
+            "@id": "sec:proof",
+            "@type": "@id",
+            "@container": "@graph",
+          },
+        },
+        "https://w3id.org/security/bbs/v1",
+      ],
+      "type": "BbsBlsSignature2020",
+    });
+
+    Self {
+      proof,
+      signer: Some(key.signer()),
+      verifier: key.verifier(),
+      verification_method: match options.verification_method {
+        Some(vm) => Some(vm),
+        None => key.id.clone(),
+      },
+      key,
+      date: match options.date {
+        Some(d) => d,
+        None => Utc::now().to_rfc3339(),
+      },
+      proof_signature_key: String::from("proofValue"),
+      type_: String::from("sec:BbsBlsSignature2020"),
+    }
+  }
+
+  /// Create a proof for a document using BbsBlsSignature2020.
+  ///
+  /// Returns just the proof object (matching JS reference behavior).
+  #[napi]
+  pub async fn create_proof(&self, options: CreateProofOptions) -> Result<serde_json::Value> {
+    let additional_contexts = options
+      .contexts
+      .as_ref()
+      .map(|v| parse_contexts(&json!({ "contexts": v })))
+      .unwrap_or_default();
+    let (loader, cr) = create_document_loader(additional_contexts);
+
+    let rust_key = napi_key_to_rust_key(&self.key);
+    let suite = vc::jsonld::signatures::bbs::BbsBlsSignature2020::new(
+      vc::jsonld::signatures::bbs::SignatureSuiteOptions {
+        key: rust_key,
+        verification_method: self.verification_method.clone(),
+        date: None,
+        canonize_options: None,
+      },
+    )
+    .await;
+
+    let purpose = vc::jsonld::signatures::AssertionProofPurpose::new();
+    let signed = vc::jsonld::signatures::sign(options.document, &suite, &purpose, loader, cr)
+      .await
+      .map_err(|e| napi::Error::from_reason(format!("createProof failed: {e}")))?;
+
+    signed
+      .get("proof")
+      .cloned()
+      .ok_or_else(|| napi::Error::from_reason("createProof: no proof in signed document"))
+  }
+
+  /// Verify a document with an embedded proof.
+  ///
+  /// Returns `{ verified: boolean, error?: string }`.
+  #[napi]
+  pub async fn verify_proof(&self, options: VerifyProofOptions) -> Result<serde_json::Value> {
+    let additional_contexts = options
+      .contexts
+      .as_ref()
+      .map(|v| parse_contexts(&json!({ "contexts": v })))
+      .unwrap_or_default();
+    let (loader, cr) = create_document_loader(additional_contexts);
+
+    let purpose = vc::jsonld::signatures::AssertionProofPurpose::new();
+    let result = vc::jsonld::signatures::verify(&options.document, &purpose, loader, cr)
+      .await
+      .map_err(|e| napi::Error::from_reason(format!("verifyProof failed: {e}")))?;
+
+    Ok(json!({
+      "verified": result.verified,
+      "error": result.error,
+    }))
+  }
+
+  /// Ensure the BBS suite context is present in the document's @context.
+  #[napi]
+  pub fn ensure_suite_context(
+    &self,
+    document: serde_json::Value,
+  ) -> Result<serde_json::Value> {
+    let bbs_context = "https://w3id.org/security/bbs/v1";
+    let mut doc = document;
+
+    // Check if already present
+    let has_context = match doc.get("@context") {
+      Some(serde_json::Value::String(s)) => s == bbs_context,
+      Some(serde_json::Value::Array(arr)) => {
+        arr.iter().any(|v| v.as_str() == Some(bbs_context))
+      }
+      _ => false,
+    };
+
+    if !has_context {
+      if let Some(obj) = doc.as_object_mut() {
+        let existing = obj.get("@context").cloned().unwrap_or(serde_json::Value::Null);
+        let mut new_context = match existing {
+          serde_json::Value::Array(arr) => serde_json::Value::Array(arr),
+          other => serde_json::Value::Array(vec![other]),
+        };
+        if let serde_json::Value::Array(arr) = &mut new_context {
+          arr.push(serde_json::Value::String(bbs_context.to_string()));
+        }
+        obj.insert("@context".to_string(), new_context);
+      }
+    }
+
+    Ok(doc)
+  }
+
+  #[napi]
+  pub async fn sign(&self, options: SuiteSignOptions) -> Result<serde_json::Value> {
+    let signer = self
+      .signer
+      .as_ref()
+      .ok_or_else(|| napi::Error::from_reason("No signer available (no private key)"))?;
+
+    let mut proof_mut = options.proof.clone();
+    let Some(proof_obj) = proof_mut.as_object_mut() else {
+      return Err(napi::Error::from_reason("proof is not a json object"));
+    };
+    let proof_value = signer
+      .sign(KeyPairSignerOptions {
+        data: options.verify_data,
+      })
+      .await?;
+    let proof_value = STANDARD.encode(proof_value.to_vec());
+
+    proof_obj.insert(
+      self.proof_signature_key.clone(),
+      serde_json::Value::String(proof_value),
+    );
+
+    Ok(proof_mut)
+  }
+
+  #[napi]
+  pub async fn verify_signature(&self, options: VerifySignatureOptions) -> Result<bool> {
+    let Some(serde_json::Value::String(proof_value)) = options.proof.get(&self.proof_signature_key)
+    else {
+      return Err(napi::Error::from_reason(format!(
+        "key: {} is missing from proof",
+        self.proof_signature_key
+      )));
+    };
+
+    let signature = STANDARD.decode(proof_value).map_err(|err| {
+      napi::Error::from_reason(format!(
+        "failed to decode proof_value from base64 string. error: {err}"
+      ))
+    })?;
+
+    let signature = Uint8Array::from(signature);
+    let verified = self
+      .verifier
+      .verify(KeyPairVerifierOptions {
+        data: options.verify_data,
+        signature,
+      })
+      .await
+      .map_err(|err| napi::Error::from_reason(format!("verifySignature failed: {err}")))?;
+
+    Ok(verified)
+  }
+}
+
+#[cfg(test)]
+mod tests {
+
+  use super::*;
+  #[test]
+  pub fn it_works() {
+    let mut j = json!({});
+
+    let Some(obj) = j.as_object_mut() else {
+      return ();
+    };
+
+    obj.insert(String::from("hello"), "there".into());
+    let _x = STANDARD.decode("hello");
+
+    println!("{j}")
+  }
+}

package/src/bls_signatures/bbs_bls_signature_2020/types.rs

@@ -0,0 +1,37 @@
+#![allow(dead_code)]
+use napi::bindgen_prelude::Uint8Array;
+
+use crate::bls_signatures::bls_12381_g2_keypair::types::KeyPairOptions;
+
+#[napi(object)]
+pub struct SignatureSuiteOptions {
+  pub key: Option<KeyPairOptions>,
+  pub verification_method: Option<String>,
+  pub date: Option<String>,
+}
+
+#[napi(object)]
+pub struct CreateProofOptions {
+  pub document: serde_json::Value,
+  pub contexts: Option<serde_json::Value>,
+}
+
+#[napi(object)]
+pub struct VerifyProofOptions {
+  pub document: serde_json::Value,
+  pub contexts: Option<serde_json::Value>,
+}
+
+#[napi(object)]
+pub struct SuiteSignOptions {
+  pub document: serde_json::Value,
+  pub proof: serde_json::Value,
+  pub verify_data: Vec<Uint8Array>,
+}
+
+#[napi(object)]
+pub struct VerifySignatureOptions {
+  pub document: serde_json::Value,
+  pub proof: serde_json::Value,
+  pub verify_data: Vec<Uint8Array>,
+}

package/src/bls_signatures/bbs_bls_signature_proof_2020/mod.rs

@@ -0,0 +1,92 @@
+use napi::bindgen_prelude::*;
+use serde_json::json;
+use types::{DeriveProofOptions, VerifyDerivedProofOptions};
+
+use crate::ld_signatures::{create_document_loader, parse_contexts};
+
+pub mod types;
+
+#[napi]
+pub struct BbsBlsSignatureProof2020 {
+  #[napi(js_name = "type")]
+  pub type_: String,
+}
+
+#[napi]
+impl BbsBlsSignatureProof2020 {
+  #[napi(constructor)]
+  pub fn new() -> Self {
+    Self {
+      type_: String::from("sec:BbsBlsSignatureProof2020"),
+    }
+  }
+
+  /// Derive a selective disclosure proof from a signed document.
+  #[napi]
+  pub async fn derive_proof(&self, options: DeriveProofOptions) -> Result<serde_json::Value> {
+    let additional_contexts = options
+      .contexts
+      .as_ref()
+      .map(|v| parse_contexts(&json!({ "contexts": v })))
+      .unwrap_or_default();
+    let (loader, cr) = create_document_loader(additional_contexts);
+
+    let nonce = options.nonce.map(|s| s.as_bytes().to_vec());
+
+    vc::jsonld::signatures::derive_proof(
+      &options.document,
+      &options.reveal_document,
+      nonce,
+      loader,
+      cr,
+    )
+    .await
+    .map_err(|e| napi::Error::from_reason(format!("deriveProof failed: {e}")))
+  }
+
+  /// Verify a derived (selective disclosure) proof.
+  ///
+  /// Returns `{ verified: boolean, error?: string }`.
+  #[napi]
+  pub async fn verify_proof(
+    &self,
+    options: VerifyDerivedProofOptions,
+  ) -> Result<serde_json::Value> {
+    let additional_contexts = options
+      .contexts
+      .as_ref()
+      .map(|v| parse_contexts(&json!({ "contexts": v })))
+      .unwrap_or_default();
+    let (loader, cr) = create_document_loader(additional_contexts);
+
+    let purpose = vc::jsonld::signatures::AssertionProofPurpose::new();
+    let result = vc::jsonld::signatures::verify(&options.document, &purpose, loader, cr)
+      .await
+      .map_err(|e| napi::Error::from_reason(format!("verifyProof failed: {e}")))?;
+
+    Ok(json!({
+      "verified": result.verified,
+      "error": result.error,
+    }))
+  }
+
+  /// Returns the proof types this suite produces.
+  #[napi(getter)]
+  pub fn proof_type(&self) -> Vec<String> {
+    vec![
+      "BbsBlsSignatureProof2020".to_string(),
+      "sec:BbsBlsSignatureProof2020".to_string(),
+      "https://w3id.org/security#BbsBlsSignatureProof2020".to_string(),
+    ]
+  }
+
+  /// Returns the proof types from which this suite can derive.
+  #[napi(getter)]
+  pub fn supported_derived_proof_type(&self) -> Vec<String> {
+    vec![
+      "BbsBlsSignature2020".to_string(),
+      "sec:BbsBlsSignature2020".to_string(),
+      "https://w3id.org/security#BbsBlsSignature2020".to_string(),
+    ]
+  }
+}

package/src/bls_signatures/bbs_bls_signature_proof_2020/types.rs

@@ -0,0 +1,13 @@
+#[napi(object)]
+pub struct DeriveProofOptions {
+  pub document: serde_json::Value,
+  pub reveal_document: serde_json::Value,
+  pub contexts: Option<serde_json::Value>,
+  pub nonce: Option<String>,
+}
+
+#[napi(object)]
+pub struct VerifyDerivedProofOptions {
+  pub document: serde_json::Value,
+  pub contexts: Option<serde_json::Value>,
+}