@nuggetslife/vc 0.0.9 → 0.0.15

package/src/lib.rs

@@ -3,466 +3,6 @@
 #[macro_use]
 extern crate napi_derive;
 
-use base64::{
-  engine::general_purpose::URL_SAFE, engine::general_purpose::URL_SAFE_NO_PAD, Engine as _,
-};
-use napi::bindgen_prelude::*;
-use types::{
-  Bls12381G2KeyPair, BlsCurveName, FingerPrintFromPublicKeyOptions, GenerateKeyPairOptions,
-  JsonWebKey, JwkKeyPairOptions, JwkKty, KeyPairFromFingerPrintOptions, KeyPairOptions,
-};
-use validators::{assert_bls_12381_g2_private_jwk, assert_bls_12381_g2_public_jwk};
-use vc::bbs_signatures::bls12381::{
-  bls_generate_g2_key, bls_sign, bls_verify, BlsBbsSignRequest, BlsBbsVerifyRequest, BlsKeyPair,
-  BLS12381G2_MULTICODEC_IDENTIFIER, DEFAULT_BLS12381_G2_PUBLIC_KEY_LENGTH,
-  MULTIBASE_ENCODED_BASE58_IDENTIFIER, VARIABLE_INTEGER_TRAILING_BYTE,
-};
-
-pub mod types;
-pub mod validators;
-
-#[napi]
-impl Bls12381G2KeyPair {
-  #[napi(constructor)]
-  pub async fn new(options: Option<KeyPairOptions>) -> Self {
-    match options {
-      Some(o) => {
-        // The provided publicKey needs to be 384 bits / 5.85 = 65.6
-        // which means the base58 encoded publicKey can be either 65 or 66 chars
-        // 5.85 = log base 2 (58) which is equivalent to the number of bits
-        // encoded per character of a base58 encoded string.
-        // if let Some(ref pubkey_bs58) = o.public_key_base58 {
-        //   if pubkey_bs58.len() != 131 && pubkey_bs58.len() != 132 {
-        //     panic!(
-        //       "public_key_base58 invalid length. expected 131 or 132. got {}",
-        //       pubkey_bs58.len()
-        //     )
-        //   }
-        // };
-
-        // Validates the size of the private key if one is included
-        // This is done by 256 bits / 5.85 = 43.7 which means
-        // the base58 encoded privateKey can be either 43 or 44 chars
-        // if let Some(ref privkey_bs58) = o.private_key_base58 {
-        //   if privkey_bs58.len() != 43 && privkey_bs58.len() != 44 {
-        //     panic!(
-        //       "private_key_base58 invalid length. expected 43 or 44. got {}",
-        //       privkey_bs58.len()
-        //     )
-        //   }
-        // };
-
-        let private_key_inner = o
-          .private_key_base58
-          .map(|v| bs58::decode(v).into_vec().unwrap());
-        let public_key_inner = o
-          .public_key_base58
-          .map(|v| bs58::decode(v).into_vec().unwrap());
-
-        Self {
-          id: o.id,
-          controller: o.controller,
-          private_key_inner,
-          public_key_inner,
-          type_: String::from("Bls12381G2Key2020"),
-        }
-      }
-      None => Self {
-        id: None,
-        controller: None,
-        private_key_inner: None,
-        public_key_inner: None,
-        type_: String::from("Bls12381G2Key2020"),
-      },
-    }
-  }
-
-  #[napi(factory)]
-  pub async fn generate(options: Option<GenerateKeyPairOptions>) -> Self {
-    match options {
-      Some(o) => {
-        let seed: Option<Vec<u8>> = o.seed.map(|s| s.into());
-        let kp = bls_generate_g2_key(seed).await;
-        let public_key_base58 = kp.public_key.map(|v| bs58::encode(v).into_string());
-        let private_key_base58 = kp.secret_key.map(|v| bs58::encode(v).into_string());
-
-        Self::new(Some(KeyPairOptions {
-          id: o.id,
-          controller: o.controller,
-          private_key_base58,
-          public_key_base58,
-        }))
-        .await
-      }
-      None => {
-        let kp = bls_generate_g2_key(None).await;
-        let public_key_base58 = kp.public_key.map(|v| bs58::encode(v).into_string());
-        let private_key_base58 = kp.secret_key.map(|v| bs58::encode(v).into_string());
-
-        Self::new(Some(KeyPairOptions {
-          id: None,
-          controller: None,
-          private_key_base58,
-          public_key_base58,
-        }))
-        .await
-      }
-    }
-  }
-
-  #[napi(factory)]
-  pub async fn from(options: KeyPairOptions) -> Self {
-    Bls12381G2KeyPair::new(Some(options)).await
-  }
-
-  #[napi(factory)]
-  pub async fn from_jwk(options: JwkKeyPairOptions) -> Result<Bls12381G2KeyPair> {
-    let JwkKeyPairOptions {
-      id,
-      controller,
-      private_key_jwk,
-      public_key_jwk,
-    } = options;
-
-    if let Some(jwk) = private_key_jwk {
-      assert_bls_12381_g2_private_jwk(&jwk)?;
-      let public_key_base58 = Some(convert_base64_url_to_base58(jwk.x)?);
-      let d = jwk
-        .d
-        .ok_or(napi::Error::from_reason("jwk.d value is none"))?;
-      let private_key_base58 = Some(convert_base64_url_to_base58(d)?);
-
-      let kp = Bls12381G2KeyPair::new(Some(KeyPairOptions {
-        id,
-        controller,
-        public_key_base58,
-        private_key_base58,
-      }))
-      .await;
-
-      Ok(kp)
-    } else if let Some(jwk) = public_key_jwk {
-      assert_bls_12381_g2_public_jwk(&jwk)?;
-      let public_key_base58 = Some(convert_base64_url_to_base58(jwk.x)?);
-      let kp = Bls12381G2KeyPair::new(Some(KeyPairOptions {
-        id,
-        controller,
-        public_key_base58,
-        private_key_base58: None,
-      }))
-      .await;
-
-      Ok(kp)
-    } else {
-      Err(napi::Error::from_reason("The JWK provided is not a valid"))
-    }
-  }
-
-  #[napi(factory)]
-  pub async fn from_fingerprint(
-    options: KeyPairFromFingerPrintOptions,
-  ) -> Result<Bls12381G2KeyPair> {
-    let KeyPairFromFingerPrintOptions {
-      id,
-      controller,
-      fingerprint,
-    } = options;
-    let mut chars = fingerprint.chars();
-    let head = chars
-      .next()
-      .ok_or(napi::Error::from_reason("fingerprint string is empty"))?
-      .to_string();
-
-    if head != MULTIBASE_ENCODED_BASE58_IDENTIFIER {
-      return Err(napi::Error::from_reason(
-      format!("Unsupported fingerprint type: expected first character to be `z` indicating base58 encoding, received {head}")
-    ));
-    };
-
-    let rest = chars.collect::<String>();
-    let buffer = bs58::decode(rest).into_vec().map_err(|err| {
-      napi::Error::from_reason(format!(
-        "failed to decode bs58 fingerprint to bytes. error: {err}"
-      ))
-    })?;
-
-    if buffer.len() != BLS12381G2_MULTICODEC_IDENTIFIER as usize {
-      return Err(napi::Error::from_reason(
-      format!("Unsupported public key length: expected `${DEFAULT_BLS12381_G2_PUBLIC_KEY_LENGTH}` received {}", buffer.len())
-    ));
-    }
-
-    if buffer[0] != DEFAULT_BLS12381_G2_PUBLIC_KEY_LENGTH {
-      return Err(napi::Error::from_reason(
-      format!("Unsupported public key identifier: expected second character to be {BLS12381G2_MULTICODEC_IDENTIFIER} indicating BLS12381G2 key pair, received  {}", buffer[0])
-    ));
-    }
-
-    if buffer[1] != VARIABLE_INTEGER_TRAILING_BYTE {
-      return Err(napi::Error::from_reason(
-      format!("Missing variable integer trailing byte: expected third character to be {BLS12381G2_MULTICODEC_IDENTIFIER} indicating BLS12381G2 key pair, received  {}", buffer[1])
-    ));
-    }
-
-    let pubkey_base58 = bs58::encode(buffer).into_string();
-    let opts = FingerPrintFromPublicKeyOptions {
-      public_key_base58: pubkey_base58.clone(),
-    };
-    let fingerprint = Bls12381G2KeyPair::fingerprint_from_public_key(opts).map_err(|err| {
-      napi::Error::from_reason(format!("fingerprint_from_public_key failed. error: {err}"))
-    })?;
-    let mapped_controller = match controller {
-      Some(v) => v,
-      None => {
-        format!("did:key:{fingerprint}",)
-      }
-    };
-
-    let mapped_id = match id {
-      Some(v) => v,
-      None => {
-        format!("#{fingerprint}",)
-      }
-    };
-
-    let kp = Bls12381G2KeyPair::new(Some(KeyPairOptions {
-      id: Some(mapped_id),
-      controller: Some(mapped_controller),
-      public_key_base58: Some(pubkey_base58),
-      private_key_base58: None,
-    }))
-    .await;
-
-    Ok(kp)
-  }
-
-  #[napi(getter)]
-  pub fn public_key(&self) -> Option<String> {
-    self
-      .public_key_inner
-      .clone()
-      .map(|b| bs58::encode(b).into_string())
-  }
-
-  #[napi(getter)]
-  pub fn public_key_buffer(&self) -> Buffer {
-    self.public_key_inner.clone().unwrap().into()
-  }
-
-  #[napi(getter)]
-  pub fn private_key_buffer(&self) -> Buffer {
-    self.private_key_inner.clone().unwrap().into()
-  }
-
-  #[napi]
-  pub fn public_key_jwk(&self) -> Result<JsonWebKey> {
-    let Some(ref public_key_inner) = self.public_key_inner else {
-      return Err(napi::Error::from_reason("no public_key_inner"));
-    };
-
-    Ok(JsonWebKey {
-      kid: self.id.to_owned(),
-      kty: JwkKty::EC.into(),
-      crv: BlsCurveName::G2.into(),
-      x: URL_SAFE_NO_PAD.encode(public_key_inner),
-      use_: None,
-      key_ops: None,
-      alg: None,
-      d: None,
-      y: None,
-      ext: None,
-    })
-  }
-
-  #[napi(getter)]
-  pub fn private_key(&self) -> Option<String> {
-    self
-      .private_key_inner
-      .clone()
-      .map(|b| bs58::encode(b).into_string())
-  }
-
-  #[napi]
-  pub fn private_key_jwk(&self) -> Result<JsonWebKey> {
-    let Some(ref public_key_inner) = self.public_key_inner else {
-      return Err(napi::Error::from_reason("no public_key_inner"));
-    };
-
-    let Some(ref private_key_inner) = self.private_key_inner else {
-      return Err(napi::Error::from_reason("no private_key_inner"));
-    };
-
-    Ok(JsonWebKey {
-      kid: self.id.to_owned(),
-      kty: JwkKty::EC.into(),
-      crv: BlsCurveName::G2.into(),
-      x: URL_SAFE_NO_PAD.encode(public_key_inner),
-      d: Some(URL_SAFE_NO_PAD.encode(private_key_inner)),
-      use_: None,
-      key_ops: None,
-      alg: None,
-      y: None,
-      ext: None,
-    })
-  }
-
-  #[napi]
-  pub fn signer(&self) -> KeyPairSigner {
-    KeyPairSigner { key: self.clone() }
-  }
-
-  #[napi]
-  pub fn verifier(&self) -> KeyPairVerifier {
-    KeyPairVerifier { key: self.clone() }
-  }
-
-  #[napi]
-  pub fn fingerprint(&self) -> Result<String> {
-    let Some(public_key_base58) = self.public_key() else {
-      return Err(napi::Error::from_reason("no public key"));
-    };
-    Bls12381G2KeyPair::fingerprint_from_public_key(FingerPrintFromPublicKeyOptions {
-      public_key_base58,
-    })
-  }
-
-  #[napi]
-  pub fn fingerprint_from_public_key(options: FingerPrintFromPublicKeyOptions) -> Result<String> {
-    let FingerPrintFromPublicKeyOptions { public_key_base58 } = options;
-    let mut key_bytes = bs58::decode(public_key_base58).into_vec().map_err(|err| {
-      napi::Error::from_reason(format!(
-        "failed to decode public_key_base58 value. error: {err}"
-      ))
-    })?;
-
-    let mut buffer = vec![
-      BLS12381G2_MULTICODEC_IDENTIFIER,
-      VARIABLE_INTEGER_TRAILING_BYTE,
-    ];
-    buffer.append(&mut key_bytes);
-
-    Ok(format!(
-      "{}{}",
-      MULTIBASE_ENCODED_BASE58_IDENTIFIER,
-      bs58::encode(buffer).into_string()
-    ))
-  }
-
-  #[napi]
-  pub fn verify_fingerprint(&self, fingerprint: String) -> Result<()> {
-    // fingerprint should have `z` prefix indicating
-    // that it's multi-base encoded
-    let mut chars = fingerprint.chars();
-    let head = chars
-      .next()
-      .ok_or(napi::Error::from_reason("fingerprint string is empty"))?
-      .to_string();
-
-    let rest = chars.collect::<String>();
-
-    if head != MULTIBASE_ENCODED_BASE58_IDENTIFIER {
-      return Err(napi::Error::from_reason(
-        "`fingerprint` must be a multibase encoded string.",
-      ));
-    };
-
-    let fingerprint_buffer = bs58::decode(rest).into_vec().map_err(|err| {
-      napi::Error::from_reason(format!("failed to decode bs58 value: error: {err}"))
-    })?;
-
-    let public_key_inner = self
-      .public_key_inner
-      .clone()
-      .ok_or(napi::Error::from_reason("public key buffer is missing"))?;
-
-    let leader = hex::encode(&fingerprint_buffer[..2]);
-    let leader_match = if leader == "eb01" { true } else { false };
-    let bytes_match = if &public_key_inner == &fingerprint_buffer[2..] {
-      true
-    } else {
-      false
-    };
-
-    if leader_match && bytes_match {
-      Ok(())
-    } else {
-      Err(napi::Error::from_reason(
-        "The fingerprint does not match the public key",
-      ))
-    }
-  }
-}
-
-pub fn convert_base64_url_to_base58(value: String) -> Result<String> {
-  let decoded = URL_SAFE.decode(value).map_err(|err| {
-    napi::Error::from_reason(format!("failed to decode base64 url_safe. error {err}"))
-  })?;
-  Ok(bs58::encode(decoded).into_string())
-}
-
-#[napi]
-pub struct KeyPairSigner {
-  key: Bls12381G2KeyPair,
-}
-
-#[napi(object)]
-pub struct KeyPairSignerOptions {
-  pub data: Vec<Uint8Array>,
-}
-
-#[napi]
-impl KeyPairSigner {
-  #[napi]
-  pub async fn sign(&self, options: KeyPairSignerOptions) -> Result<Uint8Array> {
-    if self.key.private_key_inner.is_none() {
-      return Err(napi::Error::from_reason("No private key to sign with."));
-    }
-
-    let messages: Vec<Vec<u8>> = options.data.into_iter().map(|x| x.to_vec()).collect();
-    let key_pair = BlsKeyPair {
-      public_key: self.key.public_key_inner.clone(),
-      secret_key: self.key.private_key_inner.clone(),
-    };
-    let sig = bls_sign(BlsBbsSignRequest { messages, key_pair })
-      .await
-      .map_err(|err| napi::Error::from_reason(format!("bls_signed failed: {err}")))?;
-
-    Ok(Uint8Array::from(sig))
-  }
-}
-
-#[napi]
-pub struct KeyPairVerifier {
-  key: Bls12381G2KeyPair,
-}
-
-#[napi(object)]
-pub struct KeyPairVerifierOptions {
-  pub data: Vec<Uint8Array>,
-  pub signature: Uint8Array,
-}
-
-#[napi]
-impl KeyPairVerifier {
-  #[napi]
-  pub async fn verify(&self, options: KeyPairVerifierOptions) -> Result<bool> {
-    let KeyPairVerifierOptions { data, signature } = options;
-    let Some(public_key) = self.key.public_key_inner.clone() else {
-      return Err(napi::Error::from_reason(
-        "key.public_key is required for verify",
-      ));
-    };
-    let signature = signature.to_vec();
-    let messages = data.into_iter().map(|a| a.to_vec()).collect::<Vec<_>>();
-
-    let verified = bls_verify(BlsBbsVerifyRequest {
-      public_key,
-      signature,
-      messages,
-    })
-    .await
-    .map_err(|err| napi::Error::from_reason(format!("bls_verify failed: {err}")))?;
-
-    Ok(verified)
-  }
-}
+pub mod bls_signatures;
+pub mod jsonld;
+pub mod ld_signatures;

package/test-data/bbs.json

@@ -0,0 +1,92 @@
+{
+  "@context": {
+    "@version": 1.1,
+    "id": "@id",
+    "type": "@type",
+    "BbsBlsSignature2020": {
+      "@id": "https://w3id.org/security#BbsBlsSignature2020",
+      "@context": {
+        "@version": 1.1,
+        "@protected": true,
+        "id": "@id",
+        "type": "@type",
+        "challenge": "https://w3id.org/security#challenge",
+        "created": {
+          "@id": "http://purl.org/dc/terms/created",
+          "@type": "http://www.w3.org/2001/XMLSchema#dateTime"
+        },
+        "domain": "https://w3id.org/security#domain",
+        "proofValue": "https://w3id.org/security#proofValue",
+        "nonce": "https://w3id.org/security#nonce",
+        "proofPurpose": {
+          "@id": "https://w3id.org/security#proofPurpose",
+          "@type": "@vocab",
+          "@context": {
+            "@version": 1.1,
+            "@protected": true,
+            "id": "@id",
+            "type": "@type",
+            "assertionMethod": {
+              "@id": "https://w3id.org/security#assertionMethod",
+              "@type": "@id",
+              "@container": "@set"
+            },
+            "authentication": {
+              "@id": "https://w3id.org/security#authenticationMethod",
+              "@type": "@id",
+              "@container": "@set"
+            }
+          }
+        },
+        "verificationMethod": {
+          "@id": "https://w3id.org/security#verificationMethod",
+          "@type": "@id"
+        }
+      }
+    },
+    "BbsBlsSignatureProof2020": {
+      "@id": "https://w3id.org/security#BbsBlsSignatureProof2020",
+      "@context": {
+        "@version": 1.1,
+        "@protected": true,
+        "id": "@id",
+        "type": "@type",
+
+        "challenge": "https://w3id.org/security#challenge",
+        "created": {
+          "@id": "http://purl.org/dc/terms/created",
+          "@type": "http://www.w3.org/2001/XMLSchema#dateTime"
+        },
+        "domain": "https://w3id.org/security#domain",
+        "nonce": "https://w3id.org/security#nonce",
+        "proofPurpose": {
+          "@id": "https://w3id.org/security#proofPurpose",
+          "@type": "@vocab",
+          "@context": {
+            "@version": 1.1,
+            "@protected": true,
+            "id": "@id",
+            "type": "@type",
+            "sec": "https://w3id.org/security#",
+            "assertionMethod": {
+              "@id": "https://w3id.org/security#assertionMethod",
+              "@type": "@id",
+              "@container": "@set"
+            },
+            "authentication": {
+              "@id": "https://w3id.org/security#authenticationMethod",
+              "@type": "@id",
+              "@container": "@set"
+            }
+          }
+        },
+        "proofValue": "https://w3id.org/security#proofValue",
+        "verificationMethod": {
+          "@id": "https://w3id.org/security#verificationMethod",
+          "@type": "@id"
+        }
+      }
+    },
+    "Bls12381G2Key2020": "https://w3id.org/security#Bls12381G2Key2020"
+  }
+}

package/test-data/citizenVocab.json

@@ -0,0 +1,57 @@
+{
+  "@context": {
+    "@version": 1.1,
+    "@protected": true,
+
+    "name": "http://schema.org/name",
+    "description": "http://schema.org/description",
+    "identifier": "http://schema.org/identifier",
+    "image": { "@id": "http://schema.org/image", "@type": "@id" },
+
+    "PermanentResidentCard": {
+      "@id": "https://w3id.org/citizenship#PermanentResidentCard",
+      "@context": {
+        "@version": 1.1,
+        "@protected": true,
+
+        "id": "@id",
+        "type": "@type",
+
+        "description": "http://schema.org/description",
+        "name": "http://schema.org/name",
+        "identifier": "http://schema.org/identifier",
+        "image": { "@id": "http://schema.org/image", "@type": "@id" }
+      }
+    },
+
+    "PermanentResident": {
+      "@id": "https://w3id.org/citizenship#PermanentResident",
+      "@context": {
+        "@version": 1.1,
+        "@protected": true,
+
+        "id": "@id",
+        "type": "@type",
+
+        "ctzn": "https://w3id.org/citizenship#",
+        "schema": "http://schema.org/",
+        "xsd": "http://www.w3.org/2001/XMLSchema#",
+
+        "birthCountry": "ctzn:birthCountry",
+        "birthDate": { "@id": "schema:birthDate", "@type": "xsd:dateTime" },
+        "commuterClassification": "ctzn:commuterClassification",
+        "familyName": "schema:familyName",
+        "gender": "schema:gender",
+        "givenName": "schema:givenName",
+        "lprCategory": "ctzn:lprCategory",
+        "lprNumber": "ctzn:lprNumber",
+        "residentSince": {
+          "@id": "ctzn:residentSince",
+          "@type": "xsd:dateTime"
+        }
+      }
+    },
+
+    "Person": "http://schema.org/Person"
+  }
+}

package/test-data/controllerDocument.json

@@ -0,0 +1,5 @@
+{
+  "@context": "https://w3id.org/security/v2",
+  "id": "did:example:489398593",
+  "assertionMethod": ["did:example:489398593#test"]
+}