@smartledger/bsv 3.3.5 → 3.4.1

package/lib/statuslist/index.js

@@ -0,0 +1,164 @@
+'use strict'
+
+/**
+ * StatusList2021 Module
+ * W3C StatusList2021 for credential revocation and suspension
+ */
+
+var vcjwt = require('../vcjwt')
+var crypto = require('crypto')
+
+// Create a new status list
+async function createStatusList(params) {
+  if (!params.issuerDid || !params.privateJwk) {
+    throw new Error('issuerDid and privateJwk are required')
+  }
+
+  var listId = params.listId || params.issuerDid + '/status/' + Date.now()
+  
+  // Create a bitstring for 100,000 credentials (default size)
+  var listSize = params.listSize || 100000
+  var byteSize = Math.ceil(listSize / 8)
+  var bitstringBuffer = Buffer.alloc(byteSize, 0)
+
+  // Compress with gzip
+  var zlib = require('zlib')
+  var compressed = zlib.gzipSync(bitstringBuffer)
+  var encodedCompressed = compressed.toString('base64')
+
+  // Create StatusList2021 credential
+  var statusListCredential = {
+    '@context': [
+      'https://www.w3.org/2018/credentials/v1',
+      'https://w3id.org/vc/status-list/2021/v1'
+    ],
+    type: ['VerifiableCredential', 'StatusList2021Credential'],
+    issuer: params.issuerDid,
+    issuanceDate: new Date().toISOString(),
+    credentialSubject: {
+      id: listId,
+      type: 'StatusList2021',
+      statusPurpose: 'revocation',
+      encodedList: encodedCompressed
+    }
+  }
+
+  // Issue as JWT
+  var result = await vcjwt.issueVcJwt({
+    issuerDid: params.issuerDid,
+    subjectId: listId,
+    types: ['VerifiableCredential', 'StatusList2021Credential'],
+    credentialSubject: statusListCredential.credentialSubject,
+    privateJwk: params.privateJwk,
+    alg: params.privateJwk.alg || 'ES256'
+  })
+
+  return {
+    listVcJwt: result.jwt,
+    listId: listId
+  }
+}
+
+// Update status list (revoke/suspend/activate)
+async function updateStatusList(params) {
+  if (!params.listVcJwt || params.index === undefined || !params.status || !params.privateJwk) {
+    throw new Error('listVcJwt, index, status, and privateJwk are required')
+  }
+
+  // Decode the existing status list JWT
+  var parts = params.listVcJwt.split('.')
+  if (parts.length !== 3) {
+    throw new Error('Invalid JWT format')
+  }
+
+  var payload = JSON.parse(vcjwt.base64UrlDecode(parts[1]).toString())
+  var encodedList = payload.vc.credentialSubject.encodedList
+
+  // Decompress
+  var zlib = require('zlib')
+  var compressed = Buffer.from(encodedList, 'base64')
+  var bitstring = zlib.gunzipSync(compressed)
+
+  // Update the bit at the given index
+  var byteIndex = Math.floor(params.index / 8)
+  var bitIndex = params.index % 8
+  
+  if (byteIndex >= bitstring.length) {
+    throw new Error('Index out of range')
+  }
+
+  // StatusList2021 uses 2 bits per credential for 4 states
+  // For simplicity, we'll use single bit: 0=valid, 1=revoked/suspended
+  var statusBit = (params.status === 'revoked' || params.status === 'suspended') ? 1 : 0
+  
+  if (statusBit === 1) {
+    bitstring[byteIndex] |= (1 << bitIndex)
+  } else {
+    bitstring[byteIndex] &= ~(1 << bitIndex)
+  }
+
+  // Recompress
+  var recompressed = zlib.gzipSync(bitstring)
+  var newEncodedList = recompressed.toString('base64')
+
+  // Create updated credential
+  var updatedCredentialSubject = {
+    id: payload.vc.credentialSubject.id,
+    type: 'StatusList2021',
+    statusPurpose: 'revocation',
+    encodedList: newEncodedList
+  }
+
+  // Re-issue as JWT
+  var result = await vcjwt.issueVcJwt({
+    issuerDid: payload.iss,
+    subjectId: payload.vc.credentialSubject.id,
+    types: ['VerifiableCredential', 'StatusList2021Credential'],
+    credentialSubject: updatedCredentialSubject,
+    privateJwk: params.privateJwk,
+    alg: params.privateJwk.alg || 'ES256'
+  })
+
+  return {
+    listVcJwt: result.jwt
+  }
+}
+
+// Get credential status entry
+function getCredentialStatusEntry(params) {
+  if (!params.listVcJwt || params.index === undefined) {
+    throw new Error('listVcJwt and index are required')
+  }
+
+  // Decode the status list JWT
+  var parts = params.listVcJwt.split('.')
+  if (parts.length !== 3) {
+    throw new Error('Invalid JWT format')
+  }
+
+  var payload = JSON.parse(vcjwt.base64UrlDecode(parts[1]).toString())
+  var encodedList = payload.vc.credentialSubject.encodedList
+
+  // Decompress
+  var zlib = require('zlib')
+  var compressed = Buffer.from(encodedList, 'base64')
+  var bitstring = zlib.gunzipSync(compressed)
+
+  // Check the bit at the given index
+  var byteIndex = Math.floor(params.index / 8)
+  var bitIndex = params.index % 8
+  
+  if (byteIndex >= bitstring.length) {
+    throw new Error('Index out of range')
+  }
+
+  var bit = (bitstring[byteIndex] >> bitIndex) & 1
+  
+  return bit === 1 ? 'revoked' : 'valid'
+}
+
+module.exports = {
+  createStatusList: createStatusList,
+  updateStatusList: updateStatusList,
+  getCredentialStatusEntry: getCredentialStatusEntry
+}

package/lib/transaction/transaction.js

@@ -577,7 +577,7 @@ Transaction.prototype._fromMultisigUtxo = function (utxo, pubkeys, threshold) {
   } else if (utxo.script.isScriptHashOut()) {
     Clazz = MultiSigScriptHashInput
   } else {
-    throw new Error('@TODO')
+    throw new errors.Transaction.Input.UnsupportedScript(utxo.script.toString())
   }
   this.addInput(new Clazz({
     output: new Output({

package/lib/util/_.js

@@ -1,5 +1,7 @@
 'use strict'
 
+var Random = require('../crypto/random')
+
 var _ = {}
 
 _.isArray = t => Array.isArray(t)
@@ -28,10 +30,14 @@ _.values = o => Object.values(o)
 _.filter = (a, f) => a.filter(f)
 _.reduce = (a, f, s) => a.reduce(f, s)
 _.without = (a, n) => a.filter(t => t !== n)
+// CSPRNG-backed Fisher-Yates. Output-order shuffling is a privacy primitive
+// (Transaction.shuffleOutputs); a predictable PRNG defeats the purpose.
 _.shuffle = a => {
   const result = a.slice(0)
   for (let i = result.length - 1; i > 0; i--) {
-    const j = Math.floor(Math.random() * (i + 1));
+    const buf = Random.getRandomBuffer(4)
+    const r = buf.readUInt32BE(0) / 0x100000000
+    const j = Math.floor(r * (i + 1));
     [result[i], result[j]] = [result[j], result[i]]
   }
   return result

package/lib/vcjwt/index.js

@@ -0,0 +1,189 @@
+'use strict'
+
+/**
+ * VC-JWT Module
+ * W3C Verifiable Credentials using JWT/JWS
+ * Supports ES256 (P-256) and ES256K (secp256k1)
+ */
+
+var crypto = require('crypto')
+
+// Base64URL encoding
+function base64UrlEncode(buffer) {
+  return buffer.toString('base64')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=/g, '')
+}
+
+// Base64URL decoding
+function base64UrlDecode(str) {
+  str = str.replace(/-/g, '+').replace(/_/g, '/')
+  while (str.length % 4) {
+    str += '='
+  }
+  return Buffer.from(str, 'base64')
+}
+
+// Issue a Verifiable Credential as JWT
+async function issueVcJwt(params) {
+  if (!params.issuerDid || !params.subjectId || !params.credentialSubject || !params.privateJwk) {
+    throw new Error('issuerDid, subjectId, credentialSubject, and privateJwk are required')
+  }
+
+  var alg = params.alg || 'ES256'
+  var kid = params.kid || params.privateJwk.kid
+  var types = params.types || ['VerifiableCredential']
+  var expSeconds = params.expSeconds || (365 * 24 * 60 * 60) // 1 year default
+
+  var now = Math.floor(Date.now() / 1000)
+  var issuedAt = new Date().toISOString()
+
+  // Build VC payload
+  var vcPayload = {
+    '@context': [
+      'https://www.w3.org/2018/credentials/v1'
+    ],
+    type: types,
+    issuer: params.issuerDid,
+    issuanceDate: issuedAt,
+    credentialSubject: Object.assign({
+      id: params.subjectId
+    }, params.credentialSubject)
+  }
+
+  // Build JWT claims
+  var jwtPayload = {
+    iss: params.issuerDid,
+    sub: params.subjectId,
+    iat: now,
+    exp: now + expSeconds,
+    vc: vcPayload
+  }
+
+  // Build JWT header
+  var header = {
+    alg: alg,
+    typ: 'JWT',
+    kid: kid
+  }
+
+  // Encode header and payload
+  var headerB64 = base64UrlEncode(Buffer.from(JSON.stringify(header)))
+  var payloadB64 = base64UrlEncode(Buffer.from(JSON.stringify(jwtPayload)))
+  var signingInput = headerB64 + '.' + payloadB64
+
+  // Sign with private key
+  var privateKey = crypto.createPrivateKey({
+    key: params.privateJwk,
+    format: 'jwk'
+  })
+
+  var signature
+  if (alg === 'ES256') {
+    signature = crypto.sign('sha256', Buffer.from(signingInput), privateKey)
+  } else if (alg === 'ES256K') {
+    signature = crypto.sign('sha256', Buffer.from(signingInput), privateKey)
+  } else {
+    throw new Error('Unsupported algorithm: ' + alg)
+  }
+
+  var signatureB64 = base64UrlEncode(signature)
+  var jwt = signingInput + '.' + signatureB64
+
+  return { jwt: jwt }
+}
+
+// Verify a VC-JWT
+async function verifyVcJwt(jwt, opts) {
+  opts = opts || {}
+
+  try {
+    // Parse JWT
+    var parts = jwt.split('.')
+    if (parts.length !== 3) {
+      return { valid: false, error: 'Invalid JWT format' }
+    }
+
+    var headerB64 = parts[0]
+    var payloadB64 = parts[1]
+    var signatureB64 = parts[2]
+
+    var header = JSON.parse(base64UrlDecode(headerB64).toString())
+    var payload = JSON.parse(base64UrlDecode(payloadB64).toString())
+    var signature = base64UrlDecode(signatureB64)
+
+    // Check expiration
+    var now = Math.floor(Date.now() / 1000)
+    var clockTolerance = opts.clockToleranceSec || 60
+    
+    if (payload.exp && payload.exp < (now - clockTolerance)) {
+      return { valid: false, error: 'JWT expired', header: header, payload: payload }
+    }
+
+    // Check issuer if expected
+    if (opts.expectedIssuerDid && payload.iss !== opts.expectedIssuerDid) {
+      return { valid: false, error: 'Unexpected issuer', header: header, payload: payload }
+    }
+
+    // Get public key from DID resolver or use default resolver
+    var publicKey
+    if (opts.didResolver) {
+      var resolved = await opts.didResolver(payload.iss)
+      if (!resolved || !resolved.jwks || !resolved.jwks.keys) {
+        return { valid: false, error: 'Failed to resolve issuer DID', header: header, payload: payload }
+      }
+      
+      // Find matching key by kid
+      var matchingKey = resolved.jwks.keys.find(function(k) {
+        return k.kid === header.kid
+      })
+      
+      if (!matchingKey) {
+        return { valid: false, error: 'Key not found in JWKS', header: header, payload: payload }
+      }
+      
+      publicKey = matchingKey
+    } else {
+      // Without resolver, verification cannot proceed
+      return { valid: false, error: 'DID resolver required for verification', header: header, payload: payload }
+    }
+
+    // Verify signature
+    var signingInput = headerB64 + '.' + payloadB64
+    var pubKey = crypto.createPublicKey({
+      key: publicKey,
+      format: 'jwk'
+    })
+
+    var isValid = crypto.verify(
+      'sha256',
+      Buffer.from(signingInput),
+      pubKey,
+      signature
+    )
+
+    if (!isValid) {
+      return { valid: false, error: 'Invalid signature', header: header, payload: payload }
+    }
+
+    return {
+      valid: true,
+      header: header,
+      payload: payload
+    }
+
+  } catch (error) {
+    return {
+      valid: false,
+      error: error.message || 'Verification failed'
+    }
+  }
+}
+
+module.exports = {
+  issueVcJwt: issueVcJwt,
+  verifyVcJwt: verifyVcJwt,
+  base64UrlEncode: base64UrlEncode,
+  base64UrlDecode: base64UrlDecode
+}

package/package.json

@@ -1,13 +1,16 @@
 {
   "name": "@smartledger/bsv",
-  "version": "3.3.5",
-  "description": "🚀 Complete Bitcoin SV development framework with Legal Token Protocol (LTP), Global Digital Attestation Framework (GDAF), Shamir Secret Sharing, and 12 flexible loading options. Includes primitives-only architecture for maximum integration flexibility, SmartContract framework, covenant builder, and comprehensive Bitcoin SV API. Perfect for legal tokens, DeFi, smart contracts, and secure Bitcoin applications.",
+  "version": "3.4.1",
+  "description": "🚀 Complete Bitcoin SV development framework with legally-recognizable DID:web + W3C VC-JWT toolkit, Legal Token Protocol (LTP), Global Digital Attestation Framework (GDAF), StatusList2021 revocation, and 16 flexible loading options. Standards-based credentials with ES256/ES256K support, on-chain BSV anchoring, and comprehensive Bitcoin SV API. Perfect for legal tokens, verifiable credentials, DeFi, smart contracts, and secure Bitcoin applications.",
   "author": "SmartLedger Technology <hello@smartledger.technology> (https://smartledger.technology)",
   "homepage": "https://github.com/codenlighten/smartledger-bsv#readme",
   "bugs": {
     "url": "https://github.com/codenlighten/smartledger-bsv/issues"
   },
   "main": "index.js",
+  "bin": {
+    "smartledger-bsv": "./bin/cli.js"
+  },
   "scripts": {
     "lint": "standard",
     "test": "mocha",
@@ -46,15 +49,20 @@
     "build-covenant": "NODE_OPTIONS=\"--openssl-legacy-provider\" webpack covenant-entry.js --config build/webpack.covenant.config.js",
     "build-script-helper": "NODE_OPTIONS=\"--openssl-legacy-provider\" webpack script-helper-entry.js --config build/webpack.script-helper.config.js",
     "build-security": "NODE_OPTIONS=\"--openssl-legacy-provider\" webpack security-entry.js --config build/webpack.security.config.js",
+    "build-didweb": "NODE_OPTIONS=\"--openssl-legacy-provider\" webpack didweb-entry.js --config build/webpack.didweb.config.js",
+    "build-vcjwt": "NODE_OPTIONS=\"--openssl-legacy-provider\" webpack vcjwt-entry.js --config build/webpack.vcjwt.config.js",
+    "build-statuslist": "NODE_OPTIONS=\"--openssl-legacy-provider\" webpack statuslist-entry.js --config build/webpack.statuslist.config.js",
+    "build-anchor": "NODE_OPTIONS=\"--openssl-legacy-provider\" webpack anchor-entry.js --config build/webpack.anchor.config.js",
     "build-bundle": "NODE_OPTIONS=\"--openssl-legacy-provider\" webpack bundle-entry.js --config build/webpack.bundle.config.js",
     "build": "npm run build-bsv && npm run build-ecies && npm run build-message && npm run build-mnemonic && npm run build-shamir && npm run build-smartcontract",
     "build-specialized": "npm run build-covenant && npm run build-script-helper && npm run build-security",
+    "build-credentials": "npm run build-didweb && npm run build-vcjwt && npm run build-statuslist && npm run build-anchor",
     "build-advanced": "npm run build-ltp && npm run build-gdaf",
-    "build-all": "npm run build && npm run build-bundle && npm run build-specialized && npm run build-advanced",
+    "build-all": "npm run build && npm run build-bundle && npm run build-specialized && npm run build-advanced && npm run build-credentials",
     "test:browser": "echo 'Open tests/standalone-modules-test.html in browser for comprehensive testing'",
     "test:bundle": "echo 'Open tests/bundle-completeness-test.html in browser to verify bundle completeness'",
     "preimage:extract": "node examples/preimage/extract_preimage_bidirectional.js",
-    "prepublishOnly": "NODE_OPTIONS=\"--openssl-legacy-provider\" npm run build"
+    "prepublishOnly": "NODE_OPTIONS=\"--openssl-legacy-provider\" npm run build-all"
   },
   "unpkg": "bsv.min.js",
   "jsdelivr": "bsv.min.js",
@@ -62,12 +70,13 @@
   "files": [
     "index.js",
     "lib/",
-    "utilities/",
+    "utilities/*.js",
+    "utilities/README.md",
+    "utilities/wallet.json",
     "ecies/",
     "message/",
     "mnemonic/",
     "build/",
-    "tests/",
     "*-entry.js",
     "bsv.min.js",
     "bsv.bundle.js",
@@ -81,14 +90,11 @@
     "bsv-covenant.min.js",
     "bsv-script-helper.min.js",
     "bsv-security.min.js",
+    "bsv-didweb.min.js",
+    "bsv-vcjwt.min.js",
+    "bsv-statuslist.min.js",
+    "bsv-anchor.min.js",
     "bsv.d.ts",
-    "validation_test.js",
-    "test_shamir.js",
-    "shamir_demo.js",
-    "complete_ltp_demo.js",
-    "simple_demo.js",
-    "architecture_demo.js",
-    "test_standalone_shamir.html",
     "docs/",
     "demos/",
     "examples/",

package/statuslist-entry.js

@@ -0,0 +1 @@
+module.exports = require('./lib/statuslist')

package/vcjwt-entry.js

@@ -0,0 +1 @@
+module.exports = require('./lib/vcjwt')

package/demos/gdaf_core_test.js

@@ -1,131 +0,0 @@
-/**
- * Simple GDAF Demo
- * 
- * Tests core GDAF functionality without async verification issues
- */
-
-const bsv = require('../index.js')
-
-console.log('🌐 SmartLedger BSV GDAF - Core Components Test')
-console.log('==============================================\n')
-
-// Initialize GDAF
-const gdaf = new bsv.GDAF()
-
-try {
-  // 1. Create test identities
-  console.log('🔑 Creating Test Identities')
-  const issuerPrivateKey = new bsv.PrivateKey()
-  const subjectPrivateKey = new bsv.PrivateKey()
-  
-  const issuerDID = gdaf.createDID(issuerPrivateKey.toPublicKey())
-  const subjectDID = gdaf.createDID(subjectPrivateKey.toPublicKey())
-  
-  console.log('✅ Issuer DID:', issuerDID)
-  console.log('✅ Subject DID:', subjectDID)
-  console.log()
-  
-  // 2. Create credentials
-  console.log('📝 Creating Credentials')
-  
-  const emailCredential = gdaf.createEmailCredential(
-    issuerDID,
-    subjectDID,
-    'user@example.com',
-    issuerPrivateKey
-  )
-  
-  const ageCredential = gdaf.createAgeCredential(
-    issuerDID,
-    subjectDID,
-    21,
-    new Date('1995-06-15'),
-    issuerPrivateKey
-  )
-  
-  console.log('✅ Email credential created with proof')
-  console.log('✅ Age credential created with proof')
-  console.log()
-  
-  // 3. Schema validation
-  console.log('🔍 Schema Validation')
-  
-  const emailValidation = gdaf.validateCredential(emailCredential, 'EmailVerifiedCredential')
-  const ageValidation = gdaf.validateCredential(ageCredential, 'AgeVerifiedCredential')
-  
-  console.log('✅ Email validation:', emailValidation.valid ? 'PASSED' : 'FAILED')
-  console.log('✅ Age validation:', ageValidation.valid ? 'PASSED' : 'FAILED')
-  console.log()
-  
-  // 4. Zero-knowledge proofs
-  console.log('🔒 Zero-Knowledge Proofs')
-  
-  const nonce = gdaf.generateNonce()
-  
-  // Selective disclosure proof
-  const selectiveProof = gdaf.generateSelectiveProof(
-    emailCredential,
-    ['credentialSubject.verified'],
-    nonce
-  )
-  
-  console.log('✅ Selective disclosure proof generated')
-  console.log('   - Proof type:', selectiveProof.type)
-  console.log('   - Disclosed fields:', selectiveProof.disclosedFields.length)
-  console.log('   - Merkle proofs:', selectiveProof.merkleProofs.length)
-  
-  // Age proof
-  const ageProof = gdaf.generateAgeProof(ageCredential, 18, nonce)
-  
-  console.log('✅ Age proof generated')
-  console.log('   - Minimum age:', ageProof.minimumAge)
-  console.log('   - Meets requirement:', ageProof.meetsRequirement)
-  
-  // Verify age proof
-  const ageProofVerification = gdaf.verifyAgeProof(ageProof, 18, issuerDID)
-  console.log('✅ Age proof verification:', ageProofVerification ? 'PASSED' : 'FAILED')
-  console.log()
-  
-  // 5. Available schemas
-  console.log('📚 Available Schema Types')
-  const allSchemas = gdaf.getAllSchemas()
-  const schemaNames = Object.keys(allSchemas)
-  
-  console.log('✅ Schema count:', schemaNames.length)
-  console.log('✅ Available types:', schemaNames.join(', '))
-  console.log()
-  
-  // 6. Template generation
-  console.log('📋 Template Generation')
-  
-  const emailTemplate = gdaf.createTemplate('EmailVerifiedCredential')
-  const kycTemplate = gdaf.createTemplate('KYCVerifiedCredential')
-  
-  console.log('✅ Email template generated')
-  console.log('✅ KYC template generated')
-  console.log()
-  
-  // 7. Framework info
-  console.log('ℹ️  Framework Information')
-  const info = gdaf.getInfo()
-  console.log('✅ Name:', info.name)
-  console.log('✅ Version:', info.version)
-  console.log('✅ Standards:', info.standards.length, 'standards supported')
-  console.log('✅ Components:', Object.keys(info.components).length, 'components')
-  console.log()
-  
-  console.log('🎉 GDAF Core Components Test: SUCCESS!')
-  console.log('\n✅ All tested components are working correctly:')
-  console.log('   ✓ DID Creation and Resolution')
-  console.log('   ✓ Credential Creation and Signing')
-  console.log('   ✓ Schema Validation')
-  console.log('   ✓ Zero-Knowledge Proof Generation')
-  console.log('   ✓ Age Proof Verification')
-  console.log('   ✓ Template Generation')
-  console.log('   ✓ Framework Information')
-  
-} catch (error) {
-  console.error('❌ GDAF Core Test failed:', error.message)
-  console.error('Stack trace:', error.stack)
-  process.exit(1)
-}