@smartledger/bsv 3.3.4 → 3.4.0

package/lib/statuslist/index.js

@@ -0,0 +1,164 @@
+'use strict'
+
+/**
+ * StatusList2021 Module
+ * W3C StatusList2021 for credential revocation and suspension
+ */
+
+var vcjwt = require('../vcjwt')
+var crypto = require('crypto')
+
+// Create a new status list
+async function createStatusList(params) {
+  if (!params.issuerDid || !params.privateJwk) {
+    throw new Error('issuerDid and privateJwk are required')
+  }
+
+  var listId = params.listId || params.issuerDid + '/status/' + Date.now()
+  
+  // Create a bitstring for 100,000 credentials (default size)
+  var listSize = params.listSize || 100000
+  var byteSize = Math.ceil(listSize / 8)
+  var bitstringBuffer = Buffer.alloc(byteSize, 0)
+
+  // Compress with gzip
+  var zlib = require('zlib')
+  var compressed = zlib.gzipSync(bitstringBuffer)
+  var encodedCompressed = compressed.toString('base64')
+
+  // Create StatusList2021 credential
+  var statusListCredential = {
+    '@context': [
+      'https://www.w3.org/2018/credentials/v1',
+      'https://w3id.org/vc/status-list/2021/v1'
+    ],
+    type: ['VerifiableCredential', 'StatusList2021Credential'],
+    issuer: params.issuerDid,
+    issuanceDate: new Date().toISOString(),
+    credentialSubject: {
+      id: listId,
+      type: 'StatusList2021',
+      statusPurpose: 'revocation',
+      encodedList: encodedCompressed
+    }
+  }
+
+  // Issue as JWT
+  var result = await vcjwt.issueVcJwt({
+    issuerDid: params.issuerDid,
+    subjectId: listId,
+    types: ['VerifiableCredential', 'StatusList2021Credential'],
+    credentialSubject: statusListCredential.credentialSubject,
+    privateJwk: params.privateJwk,
+    alg: params.privateJwk.alg || 'ES256'
+  })
+
+  return {
+    listVcJwt: result.jwt,
+    listId: listId
+  }
+}
+
+// Update status list (revoke/suspend/activate)
+async function updateStatusList(params) {
+  if (!params.listVcJwt || params.index === undefined || !params.status || !params.privateJwk) {
+    throw new Error('listVcJwt, index, status, and privateJwk are required')
+  }
+
+  // Decode the existing status list JWT
+  var parts = params.listVcJwt.split('.')
+  if (parts.length !== 3) {
+    throw new Error('Invalid JWT format')
+  }
+
+  var payload = JSON.parse(vcjwt.base64UrlDecode(parts[1]).toString())
+  var encodedList = payload.vc.credentialSubject.encodedList
+
+  // Decompress
+  var zlib = require('zlib')
+  var compressed = Buffer.from(encodedList, 'base64')
+  var bitstring = zlib.gunzipSync(compressed)
+
+  // Update the bit at the given index
+  var byteIndex = Math.floor(params.index / 8)
+  var bitIndex = params.index % 8
+  
+  if (byteIndex >= bitstring.length) {
+    throw new Error('Index out of range')
+  }
+
+  // StatusList2021 uses 2 bits per credential for 4 states
+  // For simplicity, we'll use single bit: 0=valid, 1=revoked/suspended
+  var statusBit = (params.status === 'revoked' || params.status === 'suspended') ? 1 : 0
+  
+  if (statusBit === 1) {
+    bitstring[byteIndex] |= (1 << bitIndex)
+  } else {
+    bitstring[byteIndex] &= ~(1 << bitIndex)
+  }
+
+  // Recompress
+  var recompressed = zlib.gzipSync(bitstring)
+  var newEncodedList = recompressed.toString('base64')
+
+  // Create updated credential
+  var updatedCredentialSubject = {
+    id: payload.vc.credentialSubject.id,
+    type: 'StatusList2021',
+    statusPurpose: 'revocation',
+    encodedList: newEncodedList
+  }
+
+  // Re-issue as JWT
+  var result = await vcjwt.issueVcJwt({
+    issuerDid: payload.iss,
+    subjectId: payload.vc.credentialSubject.id,
+    types: ['VerifiableCredential', 'StatusList2021Credential'],
+    credentialSubject: updatedCredentialSubject,
+    privateJwk: params.privateJwk,
+    alg: params.privateJwk.alg || 'ES256'
+  })
+
+  return {
+    listVcJwt: result.jwt
+  }
+}
+
+// Get credential status entry
+function getCredentialStatusEntry(params) {
+  if (!params.listVcJwt || params.index === undefined) {
+    throw new Error('listVcJwt and index are required')
+  }
+
+  // Decode the status list JWT
+  var parts = params.listVcJwt.split('.')
+  if (parts.length !== 3) {
+    throw new Error('Invalid JWT format')
+  }
+
+  var payload = JSON.parse(vcjwt.base64UrlDecode(parts[1]).toString())
+  var encodedList = payload.vc.credentialSubject.encodedList
+
+  // Decompress
+  var zlib = require('zlib')
+  var compressed = Buffer.from(encodedList, 'base64')
+  var bitstring = zlib.gunzipSync(compressed)
+
+  // Check the bit at the given index
+  var byteIndex = Math.floor(params.index / 8)
+  var bitIndex = params.index % 8
+  
+  if (byteIndex >= bitstring.length) {
+    throw new Error('Index out of range')
+  }
+
+  var bit = (bitstring[byteIndex] >> bitIndex) & 1
+  
+  return bit === 1 ? 'revoked' : 'valid'
+}
+
+module.exports = {
+  createStatusList: createStatusList,
+  updateStatusList: updateStatusList,
+  getCredentialStatusEntry: getCredentialStatusEntry
+}

package/lib/vcjwt/index.js

@@ -0,0 +1,189 @@
+'use strict'
+
+/**
+ * VC-JWT Module
+ * W3C Verifiable Credentials using JWT/JWS
+ * Supports ES256 (P-256) and ES256K (secp256k1)
+ */
+
+var crypto = require('crypto')
+
+// Base64URL encoding
+function base64UrlEncode(buffer) {
+  return buffer.toString('base64')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=/g, '')
+}
+
+// Base64URL decoding
+function base64UrlDecode(str) {
+  str = str.replace(/-/g, '+').replace(/_/g, '/')
+  while (str.length % 4) {
+    str += '='
+  }
+  return Buffer.from(str, 'base64')
+}
+
+// Issue a Verifiable Credential as JWT
+async function issueVcJwt(params) {
+  if (!params.issuerDid || !params.subjectId || !params.credentialSubject || !params.privateJwk) {
+    throw new Error('issuerDid, subjectId, credentialSubject, and privateJwk are required')
+  }
+
+  var alg = params.alg || 'ES256'
+  var kid = params.kid || params.privateJwk.kid
+  var types = params.types || ['VerifiableCredential']
+  var expSeconds = params.expSeconds || (365 * 24 * 60 * 60) // 1 year default
+
+  var now = Math.floor(Date.now() / 1000)
+  var issuedAt = new Date().toISOString()
+
+  // Build VC payload
+  var vcPayload = {
+    '@context': [
+      'https://www.w3.org/2018/credentials/v1'
+    ],
+    type: types,
+    issuer: params.issuerDid,
+    issuanceDate: issuedAt,
+    credentialSubject: Object.assign({
+      id: params.subjectId
+    }, params.credentialSubject)
+  }
+
+  // Build JWT claims
+  var jwtPayload = {
+    iss: params.issuerDid,
+    sub: params.subjectId,
+    iat: now,
+    exp: now + expSeconds,
+    vc: vcPayload
+  }
+
+  // Build JWT header
+  var header = {
+    alg: alg,
+    typ: 'JWT',
+    kid: kid
+  }
+
+  // Encode header and payload
+  var headerB64 = base64UrlEncode(Buffer.from(JSON.stringify(header)))
+  var payloadB64 = base64UrlEncode(Buffer.from(JSON.stringify(jwtPayload)))
+  var signingInput = headerB64 + '.' + payloadB64
+
+  // Sign with private key
+  var privateKey = crypto.createPrivateKey({
+    key: params.privateJwk,
+    format: 'jwk'
+  })
+
+  var signature
+  if (alg === 'ES256') {
+    signature = crypto.sign('sha256', Buffer.from(signingInput), privateKey)
+  } else if (alg === 'ES256K') {
+    signature = crypto.sign('sha256', Buffer.from(signingInput), privateKey)
+  } else {
+    throw new Error('Unsupported algorithm: ' + alg)
+  }
+
+  var signatureB64 = base64UrlEncode(signature)
+  var jwt = signingInput + '.' + signatureB64
+
+  return { jwt: jwt }
+}
+
+// Verify a VC-JWT
+async function verifyVcJwt(jwt, opts) {
+  opts = opts || {}
+
+  try {
+    // Parse JWT
+    var parts = jwt.split('.')
+    if (parts.length !== 3) {
+      return { valid: false, error: 'Invalid JWT format' }
+    }
+
+    var headerB64 = parts[0]
+    var payloadB64 = parts[1]
+    var signatureB64 = parts[2]
+
+    var header = JSON.parse(base64UrlDecode(headerB64).toString())
+    var payload = JSON.parse(base64UrlDecode(payloadB64).toString())
+    var signature = base64UrlDecode(signatureB64)
+
+    // Check expiration
+    var now = Math.floor(Date.now() / 1000)
+    var clockTolerance = opts.clockToleranceSec || 60
+    
+    if (payload.exp && payload.exp < (now - clockTolerance)) {
+      return { valid: false, error: 'JWT expired', header: header, payload: payload }
+    }
+
+    // Check issuer if expected
+    if (opts.expectedIssuerDid && payload.iss !== opts.expectedIssuerDid) {
+      return { valid: false, error: 'Unexpected issuer', header: header, payload: payload }
+    }
+
+    // Get public key from DID resolver or use default resolver
+    var publicKey
+    if (opts.didResolver) {
+      var resolved = await opts.didResolver(payload.iss)
+      if (!resolved || !resolved.jwks || !resolved.jwks.keys) {
+        return { valid: false, error: 'Failed to resolve issuer DID', header: header, payload: payload }
+      }
+      
+      // Find matching key by kid
+      var matchingKey = resolved.jwks.keys.find(function(k) {
+        return k.kid === header.kid
+      })
+      
+      if (!matchingKey) {
+        return { valid: false, error: 'Key not found in JWKS', header: header, payload: payload }
+      }
+      
+      publicKey = matchingKey
+    } else {
+      // Without resolver, verification cannot proceed
+      return { valid: false, error: 'DID resolver required for verification', header: header, payload: payload }
+    }
+
+    // Verify signature
+    var signingInput = headerB64 + '.' + payloadB64
+    var pubKey = crypto.createPublicKey({
+      key: publicKey,
+      format: 'jwk'
+    })
+
+    var isValid = crypto.verify(
+      'sha256',
+      Buffer.from(signingInput),
+      pubKey,
+      signature
+    )
+
+    if (!isValid) {
+      return { valid: false, error: 'Invalid signature', header: header, payload: payload }
+    }
+
+    return {
+      valid: true,
+      header: header,
+      payload: payload
+    }
+
+  } catch (error) {
+    return {
+      valid: false,
+      error: error.message || 'Verification failed'
+    }
+  }
+}
+
+module.exports = {
+  issueVcJwt: issueVcJwt,
+  verifyVcJwt: verifyVcJwt,
+  base64UrlEncode: base64UrlEncode,
+  base64UrlDecode: base64UrlDecode
+}

package/package.json

@@ -1,13 +1,16 @@
 {
   "name": "@smartledger/bsv",
-  "version": "3.3.4",
-  "description": "🚀 Complete Bitcoin SV development framework with Legal Token Protocol (LTP), Global Digital Attestation Framework (GDAF), Shamir Secret Sharing, and 12 flexible loading options. Includes primitives-only architecture for maximum integration flexibility, SmartContract framework, covenant builder, and comprehensive Bitcoin SV API. Perfect for legal tokens, DeFi, smart contracts, and secure Bitcoin applications.",
+  "version": "3.4.0",
+  "description": "🚀 Complete Bitcoin SV development framework with legally-recognizable DID:web + W3C VC-JWT toolkit, Legal Token Protocol (LTP), Global Digital Attestation Framework (GDAF), StatusList2021 revocation, and 16 flexible loading options. Standards-based credentials with ES256/ES256K support, on-chain BSV anchoring, and comprehensive Bitcoin SV API. Perfect for legal tokens, verifiable credentials, DeFi, smart contracts, and secure Bitcoin applications.",
   "author": "SmartLedger Technology <hello@smartledger.technology> (https://smartledger.technology)",
   "homepage": "https://github.com/codenlighten/smartledger-bsv#readme",
   "bugs": {
     "url": "https://github.com/codenlighten/smartledger-bsv/issues"
   },
   "main": "index.js",
+  "bin": {
+    "smartledger-bsv": "./bin/cli.js"
+  },
   "scripts": {
     "lint": "standard",
     "test": "mocha",
@@ -46,11 +49,16 @@
     "build-covenant": "NODE_OPTIONS=\"--openssl-legacy-provider\" webpack covenant-entry.js --config build/webpack.covenant.config.js",
     "build-script-helper": "NODE_OPTIONS=\"--openssl-legacy-provider\" webpack script-helper-entry.js --config build/webpack.script-helper.config.js",
     "build-security": "NODE_OPTIONS=\"--openssl-legacy-provider\" webpack security-entry.js --config build/webpack.security.config.js",
+    "build-didweb": "NODE_OPTIONS=\"--openssl-legacy-provider\" webpack didweb-entry.js --config build/webpack.didweb.config.js",
+    "build-vcjwt": "NODE_OPTIONS=\"--openssl-legacy-provider\" webpack vcjwt-entry.js --config build/webpack.vcjwt.config.js",
+    "build-statuslist": "NODE_OPTIONS=\"--openssl-legacy-provider\" webpack statuslist-entry.js --config build/webpack.statuslist.config.js",
+    "build-anchor": "NODE_OPTIONS=\"--openssl-legacy-provider\" webpack anchor-entry.js --config build/webpack.anchor.config.js",
     "build-bundle": "NODE_OPTIONS=\"--openssl-legacy-provider\" webpack bundle-entry.js --config build/webpack.bundle.config.js",
     "build": "npm run build-bsv && npm run build-ecies && npm run build-message && npm run build-mnemonic && npm run build-shamir && npm run build-smartcontract",
     "build-specialized": "npm run build-covenant && npm run build-script-helper && npm run build-security",
+    "build-credentials": "npm run build-didweb && npm run build-vcjwt && npm run build-statuslist && npm run build-anchor",
     "build-advanced": "npm run build-ltp && npm run build-gdaf",
-    "build-all": "npm run build && npm run build-bundle && npm run build-specialized && npm run build-advanced",
+    "build-all": "npm run build && npm run build-bundle && npm run build-specialized && npm run build-advanced && npm run build-credentials",
     "test:browser": "echo 'Open tests/standalone-modules-test.html in browser for comprehensive testing'",
     "test:bundle": "echo 'Open tests/bundle-completeness-test.html in browser to verify bundle completeness'",
     "preimage:extract": "node examples/preimage/extract_preimage_bidirectional.js",
@@ -72,7 +80,7 @@
     "bsv.min.js",
     "bsv.bundle.js",
     "bsv-ecies.min.js",
-    "bsv-message.min.js", 
+    "bsv-message.min.js",
     "bsv-mnemonic.min.js",
     "bsv-shamir.min.js",
     "bsv-gdaf.min.js",
@@ -99,7 +107,7 @@
   ],
   "keywords": [
     "bitcoin",
-    "bitcoin-sv", 
+    "bitcoin-sv",
     "bsv",
     "legal-token-protocol",
     "ltp",

package/statuslist-entry.js

@@ -0,0 +1 @@
+module.exports = require('./lib/statuslist')

package/tests/browser-compatibility/test-cdn-vs-local.html

@@ -58,10 +58,10 @@
             
             // Load CDN scripts
             const bsvScript = document.createElement('script');
-            bsvScript.src = 'https://cdn.jsdelivr.net/npm/smartledger-bsv@3.3.3/bsv.min.js';
+            bsvScript.src = 'https://cdn.jsdelivr.net/npm/smartledger-bsv@3.3.4/bsv.min.js';
             bsvScript.onload = () => {
                 const mnemonicScript = document.createElement('script');
-                mnemonicScript.src = 'https://cdn.jsdelivr.net/npm/smartledger-bsv@3.3.3/bsv-mnemonic.min.js';
+                mnemonicScript.src = 'https://cdn.jsdelivr.net/npm/smartledger-bsv@3.3.4/bsv-mnemonic.min.js';
                 mnemonicScript.onload = () => {
                     testMnemonicGeneration('cdn-results', 'CDN');
                 };

package/vcjwt-entry.js

@@ -0,0 +1 @@
+module.exports = require('./lib/vcjwt')