hbsig 0.0.1

package/cjs/id.js

@@ -0,0 +1,470 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.base = base;
+exports.extractCommitmentIds = extractCommitmentIds;
+exports.generateCommitmentId = generateCommitmentId;
+exports.hashpath = hashpath;
+exports.hmacid = hmacid;
+exports.id = id;
+exports.parseStructuredFieldDictionary = parseStructuredFieldDictionary;
+exports.rsaid = rsaid;
+exports.verifyCommitmentId = verifyCommitmentId;
+var _fastSha = require("fast-sha256");
+function _createForOfIteratorHelper(r, e) { var t = "undefined" != typeof Symbol && r[Symbol.iterator] || r["@@iterator"]; if (!t) { if (Array.isArray(r) || (t = _unsupportedIterableToArray(r)) || e && r && "number" == typeof r.length) { t && (r = t); var _n = 0, F = function F() {}; return { s: F, n: function n() { return _n >= r.length ? { done: !0 } : { done: !1, value: r[_n++] }; }, e: function e(r) { throw r; }, f: F }; } throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); } var o, a = !0, u = !1; return { s: function s() { t = t.call(r); }, n: function n() { var r = t.next(); return a = r.done, r; }, e: function e(r) { u = !0, o = r; }, f: function f() { try { a || null == t["return"] || t["return"](); } finally { if (u) throw o; } } }; }
+function _toConsumableArray(r) { return _arrayWithoutHoles(r) || _iterableToArray(r) || _unsupportedIterableToArray(r) || _nonIterableSpread(); }
+function _nonIterableSpread() { throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); }
+function _iterableToArray(r) { if ("undefined" != typeof Symbol && null != r[Symbol.iterator] || null != r["@@iterator"]) return Array.from(r); }
+function _arrayWithoutHoles(r) { if (Array.isArray(r)) return _arrayLikeToArray(r); }
+function _slicedToArray(r, e) { return _arrayWithHoles(r) || _iterableToArrayLimit(r, e) || _unsupportedIterableToArray(r, e) || _nonIterableRest(); }
+function _nonIterableRest() { throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); }
+function _unsupportedIterableToArray(r, a) { if (r) { if ("string" == typeof r) return _arrayLikeToArray(r, a); var t = {}.toString.call(r).slice(8, -1); return "Object" === t && r.constructor && (t = r.constructor.name), "Map" === t || "Set" === t ? Array.from(r) : "Arguments" === t || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t) ? _arrayLikeToArray(r, a) : void 0; } }
+function _arrayLikeToArray(r, a) { (null == a || a > r.length) && (a = r.length); for (var e = 0, n = Array(a); e < a; e++) n[e] = r[e]; return n; }
+function _iterableToArrayLimit(r, l) { var t = null == r ? null : "undefined" != typeof Symbol && r[Symbol.iterator] || r["@@iterator"]; if (null != t) { var e, n, i, u, a = [], f = !0, o = !1; try { if (i = (t = t.call(r)).next, 0 === l) { if (Object(t) !== t) return; f = !1; } else for (; !(f = (e = i.call(t)).done) && (a.push(e.value), a.length !== l); f = !0); } catch (r) { o = !0, n = r; } finally { try { if (!f && null != t["return"] && (u = t["return"](), Object(u) !== u)) return; } finally { if (o) throw n; } } return a; } }
+function _arrayWithHoles(r) { if (Array.isArray(r)) return r; }
+/**
+ * Parse structured field dictionary format
+ * Handles both complex format: name=(components);params
+ * and simple format: name=:value:
+ */
+function parseStructuredFieldDictionary(input) {
+  // Try complex format first
+  var match = input.match(/([^=]+)=\((.*?)\);(.*)$/);
+  if (match) {
+    var name = match[1];
+    var components = match[2].split(" ");
+    var params = {};
+    var paramPairs = match[3].split(";").filter(function (p) {
+      return p;
+    });
+    paramPairs.forEach(function (pair) {
+      var _pair$split = pair.split("="),
+        _pair$split2 = _slicedToArray(_pair$split, 2),
+        key = _pair$split2[0],
+        value = _pair$split2[1];
+      if (key && value) {
+        params[key] = value.replace(/"/g, "");
+      }
+    });
+    return {
+      name: name,
+      components: components,
+      params: params
+    };
+  }
+
+  // Try simple format
+  var simpleMatch = input.match(/([^=]+)=:([^:]+):/);
+  if (simpleMatch) {
+    return {
+      name: simpleMatch[1],
+      value: simpleMatch[2]
+    };
+  }
+  return null;
+}
+
+/**
+ * Convert base64url string to base64
+ */
+function base64urlToBase64(str) {
+  return str.replace(/-/g, "+").replace(/_/g, "/");
+}
+
+/**
+ * Generate commitment ID for RSA-PSS and ECDSA signatures
+ * The ID is the SHA256 hash of the raw signature bytes
+ *
+ * @param {Object} commitment - The commitment object containing signature
+ * @returns {string} The commitment ID in base64url format
+ */
+function rsaid(commitment) {
+  // Extract the base64 signature from structured field format
+  // Format: "signature-name=:BASE64_SIGNATURE:"
+  var match = commitment.signature.match(/^[^=]+=:([^:]+):/);
+  if (!match) {
+    throw new Error("Invalid signature format");
+  }
+  var signatureBase64 = match[1];
+  // Convert base64 to Uint8Array
+  var signatureBinary = Uint8Array.from(atob(signatureBase64), function (c) {
+    return c.charCodeAt(0);
+  });
+
+  // SHA256 hash of the raw signature
+  var hashResult = (0, _fastSha.hash)(signatureBinary);
+  var id = uint8ArrayToBase64url(hashResult);
+  return id;
+}
+
+/**
+ * Generate HMAC commitment ID for HyperBEAM messages
+ * The ID is deterministic based on message content only
+ *
+ * The Erlang implementation sorts components WITH @ prefix included,
+ * then removes @ from derived components in the signature base.
+ *
+ * @param {Object} message - The message with signature and signature-input
+ * @returns {string} The commitment ID in base64url format
+ */
+function hmacid(message) {
+  // Parse signature-input to get components
+  var parsed = parseStructuredFieldDictionary(message["signature-input"]);
+  if (!parsed || !parsed.components) {
+    throw new Error("Failed to parse signature-input");
+  }
+
+  // Sort components AS-IS (with quotes and @ prefix)
+  var sortedComponents = _toConsumableArray(parsed.components).sort();
+
+  // Build signature base in sorted order
+  var lines = [];
+  sortedComponents.forEach(function (component) {
+    var cleanComponent = component.replace(/"/g, "");
+    var fieldName = cleanComponent;
+    var value;
+
+    // For derived components (starting with @), remove @ in the signature base
+    if (cleanComponent.startsWith("@")) {
+      fieldName = cleanComponent.substring(1);
+      value = message[fieldName];
+    } else {
+      value = message[cleanComponent];
+    }
+    if (value === undefined || value === null) {
+      value = "";
+    } else if (typeof value === "number") {
+      value = value.toString();
+    }
+    lines.push("\"".concat(fieldName, "\": ").concat(value));
+  });
+
+  // Add signature-params line with sorted components (keeping @ prefix)
+  var paramsComponents = sortedComponents.join(" ");
+  lines.push("\"@signature-params\": (".concat(paramsComponents, ");alg=\"hmac-sha256\";keyid=\"ao\""));
+  var signatureBase = lines.join("\n");
+
+  // Generate HMAC with key "ao"
+  // Convert string to Uint8Array
+  var messageBytes = new TextEncoder().encode(signatureBase);
+  var keyBytes = new TextEncoder().encode("ao");
+  var hmacResult = (0, _fastSha.hmac)(keyBytes, messageBytes);
+  return uint8ArrayToBase64url(hmacResult);
+}
+
+/**
+ * Generate commitment ID based on the algorithm type
+ *
+ * @param {Object} commitment - The commitment object containing alg, signature, etc.
+ * @param {Object} fullMessage - The full message (required for HMAC)
+ * @returns {string} The commitment ID in base64url format
+ */
+function generateCommitmentId(commitment) {
+  var fullMessage = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : null;
+  switch (commitment.alg) {
+    case "rsa-pss-sha512":
+    case "ecdsa-p256-sha256":
+      return rsaid(commitment);
+    case "hmac-sha256":
+      if (!fullMessage) {
+        throw new Error("HMAC commitment IDs require full message context");
+      }
+      return hmacid(fullMessage);
+    default:
+      throw new Error("Unsupported algorithm: ".concat(commitment.alg));
+  }
+}
+
+/**
+ * Extract all commitment IDs from a HyperBEAM message
+ *
+ * @param {Object} message - The message with commitments
+ * @returns {Object} Map of commitment IDs to their types
+ */
+function extractCommitmentIds(message) {
+  var ids = {};
+  if (!message.commitments) {
+    return ids;
+  }
+  for (var _i = 0, _Object$entries = Object.entries(message.commitments); _i < _Object$entries.length; _i++) {
+    var _Object$entries$_i = _slicedToArray(_Object$entries[_i], 2),
+      _id = _Object$entries$_i[0],
+      commitment = _Object$entries$_i[1];
+    ids[_id] = {
+      alg: commitment.alg,
+      committer: commitment.committer,
+      device: commitment["commitment-device"]
+    };
+  }
+  return ids;
+}
+
+/**
+ * Verify a commitment ID matches the expected value
+ *
+ * @param {Object} commitment - The commitment object
+ * @param {string} expectedId - The expected commitment ID
+ * @param {Object} fullMessage - The full message (required for HMAC)
+ * @returns {boolean} True if the ID matches
+ */
+function verifyCommitmentId(commitment, expectedId) {
+  var fullMessage = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : null;
+  try {
+    var calculatedId = generateCommitmentId(commitment, fullMessage);
+    return calculatedId === expectedId;
+  } catch (error) {
+    console.error("Error verifying commitment ID:", error);
+    return false;
+  }
+}
+
+/**
+ * Convert Uint8Array to base64url string
+ */
+function uint8ArrayToBase64url(bytes) {
+  var binary = "";
+  for (var i = 0; i < bytes.length; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  var base64 = btoa(binary);
+  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+
+/**
+ * Parse structured field dictionary to extract components
+ * Handles format: name=(components);params
+ */
+function parseSignatureInput(sigInput) {
+  // Extract components from format: name=(components);params
+  var match = sigInput.match(/[^=]+=\(([^)]+)\)/);
+  if (!match) return [];
+
+  // Split components and clean quotes
+  return match[1].split(" ").map(function (c) {
+    return c.replace(/"/g, "");
+  });
+}
+
+/**
+ * Calculate HMAC commitment ID for HyperBEAM messages
+ */
+function calculateHmacId(message) {
+  if (!message["signature-input"]) {
+    throw new Error("HMAC calculation requires signature-input");
+  }
+
+  // Parse components from signature-input
+  var components = parseSignatureInput(message["signature-input"]);
+
+  // Sort components AS-IS (with @ prefix)
+  var sortedComponents = _toConsumableArray(components).sort();
+
+  // Build signature base in sorted order
+  var lines = [];
+  var _iterator = _createForOfIteratorHelper(sortedComponents),
+    _step;
+  try {
+    for (_iterator.s(); !(_step = _iterator.n()).done;) {
+      var component = _step.value;
+      var fieldName = component;
+      var value = void 0;
+
+      // For derived components (starting with @), remove @ in the signature base
+      if (component.startsWith("@")) {
+        fieldName = component.substring(1);
+        value = message[fieldName];
+      } else {
+        value = message[component];
+      }
+      if (value === undefined || value === null) {
+        value = "";
+      } else if (typeof value === "number") {
+        value = value.toString();
+      }
+      lines.push("\"".concat(fieldName, "\": ").concat(value));
+    }
+
+    // Add signature-params line with sorted components (keeping @ prefix)
+  } catch (err) {
+    _iterator.e(err);
+  } finally {
+    _iterator.f();
+  }
+  var paramsComponents = sortedComponents.join(" ");
+  lines.push("\"@signature-params\": (".concat(paramsComponents, ");alg=\"hmac-sha256\";keyid=\"ao\""));
+  var signatureBase = lines.join("\n");
+
+  // Generate HMAC with key "ao"
+  var messageBytes = new TextEncoder().encode(signatureBase);
+  var keyBytes = new TextEncoder().encode("ao");
+  var hmacResult = (0, _fastSha.hmac)(keyBytes, messageBytes);
+  return uint8ArrayToBase64url(hmacResult);
+}
+
+/**
+ * Calculate unsigned message ID following the exact Erlang flow
+ */
+function calculateUnsignedId(message) {
+  // Derived components from Erlang ?DERIVED_COMPONENTS
+  var DERIVED_COMPONENTS = ["method", "target-uri", "authority", "scheme", "request-target", "path", "query", "query-param", "status"];
+
+  // Convert message for httpsig format
+  var httpsigMsg = {};
+  for (var _i2 = 0, _Object$entries2 = Object.entries(message); _i2 < _Object$entries2.length; _i2++) {
+    var _Object$entries2$_i = _slicedToArray(_Object$entries2[_i2], 2),
+      key = _Object$entries2$_i[0],
+      value = _Object$entries2$_i[1];
+    httpsigMsg[key.toLowerCase()] = value;
+  }
+
+  // Get keys and add @ to derived components
+  var keys = Object.keys(httpsigMsg);
+  var componentsWithPrefix = keys.map(function (key) {
+    // Check if this is a derived component
+    if (DERIVED_COMPONENTS.includes(key.replace(/_/g, "-"))) {
+      return "@" + key;
+    }
+    return key;
+  }).sort(); // Sort AFTER adding @ prefix
+
+  // Build signature base - use the components in order
+  var lines = [];
+  var _iterator2 = _createForOfIteratorHelper(componentsWithPrefix),
+    _step2;
+  try {
+    for (_iterator2.s(); !(_step2 = _iterator2.n()).done;) {
+      var component = _step2.value;
+      var _key = component.replace("@", "");
+      var _value = httpsigMsg[_key];
+      var valueStr = typeof _value === "string" ? _value : String(_value);
+      lines.push("\"".concat(_key, "\": ").concat(valueStr));
+    }
+
+    // Add signature-params line with the @ prefixes
+  } catch (err) {
+    _iterator2.e(err);
+  } finally {
+    _iterator2.f();
+  }
+  var componentsList = componentsWithPrefix.map(function (k) {
+    return "\"".concat(k, "\"");
+  }).join(" ");
+  lines.push("\"@signature-params\": (".concat(componentsList, ");alg=\"hmac-sha256\";keyid=\"ao\""));
+  var signatureBase = lines.join("\n");
+
+  // HMAC with key "ao"
+  var messageBytes = new TextEncoder().encode(signatureBase);
+  var keyBytes = new TextEncoder().encode("ao");
+  var hmacResult = (0, _fastSha.hmac)(keyBytes, messageBytes);
+  return uint8ArrayToBase64url(hmacResult);
+}
+function id(message) {
+  // Get commitment IDs
+  var commitmentIds = Object.keys(message.commitments || {});
+  if (commitmentIds.length === 0) {
+    // No commitments - calculate unsigned ID using HMAC
+    return calculateUnsignedId(message);
+  } else if (commitmentIds.length === 1) {
+    // Single commitment - the ID is just the commitment ID
+    return commitmentIds[0];
+  } else {
+    // Multiple commitments - sort, join with ", ", and hash
+    var sortedIds = commitmentIds.sort();
+    var idsLine = sortedIds.join(", ");
+
+    // Calculate SHA-256 hash using fast-sha256
+    var encoder = new TextEncoder();
+    var data = encoder.encode(idsLine);
+    var hashArray = (0, _fastSha.hash)(data);
+
+    // Convert to base64url
+    return uint8ArrayToBase64url(hashArray);
+  }
+}
+// Export all functions
+
+/**
+ * Calculate the next base from a hashpath
+ * A hashpath has the format: base/request
+ * The next base is calculated as: sha256(base + request)
+ *
+ * @param {string} hashpath - The current hashpath in format "base/request"
+ * @returns {string} The next base in base64url format
+ */
+function base(hashpath) {
+  // Split the hashpath into base and request
+  var parts = hashpath.split("/");
+  if (parts.length !== 2) {
+    throw new Error("Invalid hashpath format. Expected 'base/request'");
+  }
+  var _parts = _slicedToArray(parts, 2),
+    base = _parts[0],
+    request = _parts[1];
+
+  // Convert base64url to native binary (Uint8Array)
+  var baseBinary = base64urlToUint8Array(base);
+  var requestBinary = base64urlToUint8Array(request);
+
+  // Concatenate base and request
+  var combined = new Uint8Array(baseBinary.length + requestBinary.length);
+  combined.set(baseBinary, 0);
+  combined.set(requestBinary, baseBinary.length);
+
+  // Calculate SHA256 of the combined data
+  var nextBaseHash = (0, _fastSha.hash)(combined);
+
+  // Convert to base64url
+  return uint8ArrayToBase64url(nextBaseHash);
+}
+
+/**
+ * Calculate the next hashpath given the current hashpath and a new message
+ *
+ * @param {string} currentHashpath - The current hashpath (or null for first operation)
+ * @param {Object} newMessage - The new message/request
+ * @returns {string} The next hashpath in format "nextBase/newMessageId"
+ */
+function hashpath(currentHashpath, newMessage) {
+  // Calculate the ID of the new message
+  var newMessageId = id(newMessage);
+  if (!currentHashpath) {
+    // First operation: the hashpath is just the message ID
+    // In the Erlang code, the first hashpath is "baseId/requestId"
+    // where baseId is the ID of the initial message
+    throw new Error("For first operation, provide the base message ID as currentHashpath");
+  }
+
+  // Check if this is the first operation (currentHashpath is just an ID, not a path)
+  if (!currentHashpath.includes("/")) {
+    // First operation: currentHashpath is the base message ID
+    return "".concat(currentHashpath, "/").concat(newMessageId);
+  }
+
+  // Subsequent operations: calculate the next base from current hashpath
+  var nextBase = base(currentHashpath);
+
+  // Return the new hashpath
+  return "".concat(nextBase, "/").concat(newMessageId);
+}
+
+/**
+ * Helper function to convert base64url string to Uint8Array
+ */
+function base64urlToUint8Array(base64url) {
+  // Convert base64url to base64
+  var base64 = base64urlToBase64(base64url);
+
+  // Decode base64 to binary string
+  var binaryString = atob(base64);
+
+  // Convert binary string to Uint8Array
+  var bytes = new Uint8Array(binaryString.length);
+  for (var i = 0; i < binaryString.length; i++) {
+    bytes[i] = binaryString.charCodeAt(i);
+  }
+  return bytes;
+}
+
+// Export the new functions

package/cjs/index.js

@@ -0,0 +1,63 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+Object.defineProperty(exports, "base", {
+  enumerable: true,
+  get: function get() {
+    return _id.base;
+  }
+});
+Object.defineProperty(exports, "hashpath", {
+  enumerable: true,
+  get: function get() {
+    return _id.hashpath;
+  }
+});
+Object.defineProperty(exports, "hmacid", {
+  enumerable: true,
+  get: function get() {
+    return _id.hmacid;
+  }
+});
+Object.defineProperty(exports, "id", {
+  enumerable: true,
+  get: function get() {
+    return _id.id;
+  }
+});
+Object.defineProperty(exports, "rsaid", {
+  enumerable: true,
+  get: function get() {
+    return _id.rsaid;
+  }
+});
+Object.defineProperty(exports, "send", {
+  enumerable: true,
+  get: function get() {
+    return _send.send;
+  }
+});
+Object.defineProperty(exports, "sign", {
+  enumerable: true,
+  get: function get() {
+    return _signer.sign;
+  }
+});
+Object.defineProperty(exports, "signer", {
+  enumerable: true,
+  get: function get() {
+    return _signer.signer;
+  }
+});
+Object.defineProperty(exports, "toAddr", {
+  enumerable: true,
+  get: function get() {
+    return _utils.toAddr;
+  }
+});
+var _id = require("./id.js");
+var _utils = require("./utils.js");
+var _signer = require("./signer.js");
+var _send = require("./send.js");