smartledger-bsv 3.3.5 → 3.4.0

package/build/webpack.anchor.config.js

@@ -0,0 +1,21 @@
+var path = require('path')
+
+module.exports = {
+  target: 'web',
+  mode: 'production',
+  entry: './anchor-entry.js',
+  output: {
+    path: path.resolve(__dirname, '..'),
+    filename: 'bsv-anchor.min.js',
+    library: 'bsvAnchor',
+    libraryTarget: 'umd'
+  },
+  node: {
+    crypto: true,
+    stream: true,
+    buffer: true
+  },
+  node: {
+    Buffer: true
+  }
+}

package/build/webpack.didweb.config.js

@@ -0,0 +1,21 @@
+var path = require('path')
+
+module.exports = {
+  target: 'web',
+  mode: 'production',
+  entry: './didweb-entry.js',
+  output: {
+    path: path.resolve(__dirname, '..'),
+    filename: 'bsv-didweb.min.js',
+    library: 'bsvDidWeb',
+    libraryTarget: 'umd'
+  },
+  node: {
+    crypto: true,
+    stream: true,
+    buffer: true
+  },
+  node: {
+    Buffer: true
+  }
+}

package/build/webpack.statuslist.config.js

@@ -0,0 +1,22 @@
+var path = require('path')
+
+module.exports = {
+  target: 'web',
+  mode: 'production',
+  entry: './statuslist-entry.js',
+  output: {
+    path: path.resolve(__dirname, '..'),
+    filename: 'bsv-statuslist.min.js',
+    library: 'bsvStatusList',
+    libraryTarget: 'umd'
+  },
+  node: {
+    crypto: true,
+    stream: true,
+    buffer: true,
+    zlib: true
+  },
+  node: {
+    Buffer: true
+  }
+}

package/build/webpack.vcjwt.config.js

@@ -0,0 +1,21 @@
+var path = require('path')
+
+module.exports = {
+  target: 'web',
+  mode: 'production',
+  entry: './vcjwt-entry.js',
+  output: {
+    path: path.resolve(__dirname, '..'),
+    filename: 'bsv-vcjwt.min.js',
+    library: 'bsvVcJwt',
+    libraryTarget: 'umd'
+  },
+  node: {
+    crypto: true,
+    stream: true,
+    buffer: true
+  },
+  node: {
+    Buffer: true
+  }
+}

package/demos/browser-test.html

@@ -182,7 +182,7 @@
     </div>
 
     <!-- Load SmartLedger-BSV from CDN -->
-    <script src="https://unpkg.com/smartledger-bsv@3.3.4/bsv.bundle.js"></script>
+    <script src="https://unpkg.com/smartledger-bsv@3.3.5/bsv.bundle.js"></script>
     
     <script>
         let bsv;

package/didweb-entry.js

@@ -0,0 +1 @@
+module.exports = require('./lib/didweb')

package/docs/technical/roadmap.md

@@ -606,11 +606,11 @@ Provides hardened Bitcoin SV primitives + SmartLedger security modules.
 
 - **GitHub Repository** - https://github.com/codenlighten/smartledger-bsv🔒 *“Verified cryptographic fabric + transaction interpreter.”*
 
-- **Developer Documentation** - https://docs.smartledger.io
+- **Developer Documentation** - https://docs.smartledger.technology
 
 - **Community Discord** - https://discord.gg/smartledger---
 
-- **Standards Working Group** - https://standards.smartledger.io
+- **Standards Working Group** - https://standards.smartledger.technology
 
 ## 2️⃣ Identity Layer: GDAF (Global Digital Attestation Framework)
 
@@ -903,7 +903,7 @@ SmartLedger-BSV/
 
 ### 🔹 **Minified CDN Build**
 
-`https://cdn.smartledger.io/smartledger-bsv.min.js`
+`https://cdn.smartledger.technology/smartledger-bsv.min.js`
 Provides browser-side access to the same hardened primitives used in Node:
 
 ```js

package/index.js

@@ -136,6 +136,34 @@ if (typeof window === 'undefined' && typeof require === 'function') {
 // Global Digital Attestation Framework (GDAF)
 bsv.GDAF = require('./lib/gdaf')
 
+// DID:web Module (W3C standards-based DIDs)
+try {
+  bsv.DIDWeb = require('./lib/didweb')
+} catch (e) {
+  // DIDWeb module not available - use standalone bsv-didweb.min.js
+}
+
+// VC-JWT Module (W3C Verifiable Credentials)
+try {
+  bsv.VcJwt = require('./lib/vcjwt')
+} catch (e) {
+  // VcJwt module not available - use standalone bsv-vcjwt.min.js
+}
+
+// StatusList2021 Module (Credential revocation)
+try {
+  bsv.StatusList = require('./lib/statuslist')
+} catch (e) {
+  // StatusList module not available - use standalone bsv-statuslist.min.js
+}
+
+// Anchor Module (BSV hash anchoring)
+try {
+  bsv.Anchor = require('./lib/anchor')
+} catch (e) {
+  // Anchor module not available - use standalone bsv-anchor.min.js
+}
+
 // GDAF Direct Access Methods (for easier developer experience)
 bsv.createDID = function(publicKey) {
   var gdaf = new bsv.GDAF()

package/lib/anchor/index.js

@@ -0,0 +1,102 @@
+'use strict'
+
+/**
+ * BSV Anchor Module
+ * Hash anchoring helpers for on-chain evidence (no PII)
+ */
+
+var crypto = require('crypto')
+
+// SHA-256 hex hash
+function sha256Hex(data) {
+  var buffer
+  if (typeof data === 'string') {
+    buffer = Buffer.from(data, 'utf8')
+  } else if (Buffer.isBuffer(data)) {
+    buffer = data
+  } else if (data instanceof Uint8Array) {
+    buffer = Buffer.from(data)
+  } else {
+    throw new Error('Data must be string, Buffer, or Uint8Array')
+  }
+  
+  return crypto.createHash('sha256').update(buffer).digest('hex')
+}
+
+// Build anchor payload for OP_RETURN
+function buildAnchorPayload(params) {
+  if (!params.kind || !params.hash || !params.issuerDid) {
+    throw new Error('kind, hash, and issuerDid are required')
+  }
+
+  var validKinds = ['VC_ANCHOR_SHA256', 'STATUSLIST_SHA256', 'PRESENTATION_SHA256']
+  if (validKinds.indexOf(params.kind) === -1) {
+    throw new Error('Invalid kind. Must be one of: ' + validKinds.join(', '))
+  }
+
+  // Validate hash format (64 hex characters)
+  if (!/^[a-fA-F0-9]{64}$/.test(params.hash)) {
+    throw new Error('Invalid hash format. Must be 64 hex characters')
+  }
+
+  var payload = {
+    protocol: 'SmartLedger',
+    version: '1.0',
+    type: params.kind,
+    hash: params.hash,
+    issuer: params.issuerDid,
+    timestamp: params.issuedAt || new Date().toISOString()
+  }
+
+  return {
+    json: JSON.stringify(payload)
+  }
+}
+
+// Verify anchor hash against original data
+function verifyAnchorHash(originalData, anchorHash) {
+  var computed = sha256Hex(originalData)
+  return computed === anchorHash
+}
+
+// Extract anchor info from OP_RETURN data
+function parseAnchorPayload(opReturnData) {
+  try {
+    var parsed = JSON.parse(opReturnData)
+    
+    if (parsed.protocol !== 'SmartLedger') {
+      return { valid: false, error: 'Invalid protocol' }
+    }
+
+    var validTypes = ['VC_ANCHOR_SHA256', 'STATUSLIST_SHA256', 'PRESENTATION_SHA256']
+    if (validTypes.indexOf(parsed.type) === -1) {
+      return { valid: false, error: 'Invalid anchor type' }
+    }
+
+    if (!/^[a-fA-F0-9]{64}$/.test(parsed.hash)) {
+      return { valid: false, error: 'Invalid hash format' }
+    }
+
+    return {
+      valid: true,
+      protocol: parsed.protocol,
+      version: parsed.version,
+      type: parsed.type,
+      hash: parsed.hash,
+      issuer: parsed.issuer,
+      timestamp: parsed.timestamp
+    }
+  } catch (error) {
+    return {
+      valid: false,
+      error: 'Failed to parse anchor payload: ' + error.message
+    }
+  }
+}
+
+module.exports = {
+  sha256Hex: sha256Hex,
+  buildAnchorPayload: buildAnchorPayload,
+  verifyAnchorHash: verifyAnchorHash,
+  parseAnchorPayload: parseAnchorPayload
+}

package/lib/didweb/index.js

@@ -0,0 +1,177 @@
+'use strict'
+
+/**
+ * DID:web Module
+ * Legally-recognizable DID (did:web) generation and management
+ * Supports ES256 (P-256) and ES256K (secp256k1) keys
+ */
+
+var crypto = require('crypto')
+
+// Generate issuer keys (ES256 or ES256K)
+async function generateIssuerKeys(opts) {
+  opts = opts || {}
+  var alg = opts.alg || 'ES256'
+  var kid = opts.kid || 'key-' + Date.now()
+
+  if (alg !== 'ES256' && alg !== 'ES256K') {
+    throw new Error('Invalid algorithm. Must be ES256 or ES256K')
+  }
+
+  var keyPair
+  if (alg === 'ES256') {
+    // P-256 (NIST curve)
+    keyPair = crypto.generateKeyPairSync('ec', {
+      namedCurve: 'P-256',
+      publicKeyEncoding: { type: 'spki', format: 'pem' },
+      privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
+    })
+  } else {
+    // secp256k1
+    keyPair = crypto.generateKeyPairSync('ec', {
+      namedCurve: 'secp256k1',
+      publicKeyEncoding: { type: 'spki', format: 'pem' },
+      privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
+    })
+  }
+
+  // Convert to JWK format
+  var publicJwk = crypto.createPublicKey(keyPair.publicKey).export({ format: 'jwk' })
+  var privateJwk = crypto.createPrivateKey(keyPair.privateKey).export({ format: 'jwk' })
+
+  // Add required JWK fields
+  publicJwk.kid = kid
+  publicJwk.alg = alg
+  publicJwk.use = 'sig'
+  publicJwk.kty = 'EC'
+  
+  privateJwk.kid = kid
+  privateJwk.alg = alg
+  privateJwk.use = 'sig'
+  privateJwk.kty = 'EC'
+
+  return {
+    privateJwk: privateJwk,
+    publicJwk: publicJwk,
+    kid: kid,
+    alg: alg
+  }
+}
+
+// Build did:web documents (did.json and jwks.json)
+function buildDidWebDocuments(params) {
+  if (!params.domain) {
+    throw new Error('domain is required')
+  }
+
+  var domain = params.domain
+  var did = 'did:web:' + domain.replace(/:/g, '%3A')
+  
+  var verificationMethods = []
+  var publicKeys = []
+
+  // Add P-256 key if provided
+  if (params.p256) {
+    var p256Method = {
+      id: did + '#' + params.p256.kid,
+      type: 'JsonWebKey2020',
+      controller: did,
+      publicKeyJwk: params.p256.jwk
+    }
+    verificationMethods.push(p256Method)
+    publicKeys.push(params.p256.jwk)
+  }
+
+  // Add secp256k1 key if provided
+  if (params.k1) {
+    var k1Method = {
+      id: did + '#' + params.k1.kid,
+      type: 'JsonWebKey2020',
+      controller: did,
+      publicKeyJwk: params.k1.jwk
+    }
+    verificationMethods.push(k1Method)
+    publicKeys.push(params.k1.jwk)
+  }
+
+  if (verificationMethods.length === 0) {
+    throw new Error('At least one key (p256 or k1) must be provided')
+  }
+
+  // Build DID Document
+  var didDocument = {
+    '@context': [
+      'https://www.w3.org/ns/did/v1',
+      'https://w3id.org/security/suites/jws-2020/v1'
+    ],
+    id: did,
+    verificationMethod: verificationMethods,
+    authentication: verificationMethods.map(function(vm) { return vm.id }),
+    assertionMethod: verificationMethods.map(function(vm) { return vm.id })
+  }
+
+  if (params.controllerName) {
+    didDocument.controller = params.controllerName
+  }
+
+  // Build JWKS
+  var jwks = {
+    keys: publicKeys
+  }
+
+  return {
+    did: did,
+    didDocument: didDocument,
+    jwks: jwks
+  }
+}
+
+// Rotate issuer key
+function rotateIssuerKey(params) {
+  if (!params.domain || !params.newKey) {
+    throw new Error('domain and newKey are required')
+  }
+
+  var domain = params.domain
+  var did = 'did:web:' + domain.replace(/:/g, '%3A')
+  var keepOldForDays = params.keepOldForDays || 30
+
+  // Create verification method for new key
+  var newMethod = {
+    id: did + '#' + params.newKey.kid,
+    type: 'JsonWebKey2020',
+    controller: did,
+    publicKeyJwk: params.newKey.jwk
+  }
+
+  // Build updated DID Document with new key as primary
+  var didDocument = {
+    '@context': [
+      'https://www.w3.org/ns/did/v1',
+      'https://w3id.org/security/suites/jws-2020/v1'
+    ],
+    id: did,
+    verificationMethod: [newMethod],
+    authentication: [newMethod.id],
+    assertionMethod: [newMethod.id],
+    rotationInfo: {
+      rotatedAt: new Date().toISOString(),
+      gracePeriodDays: keepOldForDays
+    }
+  }
+
+  var jwks = {
+    keys: [params.newKey.jwk]
+  }
+
+  return {
+    didDocument: didDocument,
+    jwks: jwks
+  }
+}
+
+module.exports = {
+  generateIssuerKeys: generateIssuerKeys,
+  buildDidWebDocuments: buildDidWebDocuments,
+  rotateIssuerKey: rotateIssuerKey
+}

package/lib/statuslist/index.js

@@ -0,0 +1,164 @@
+'use strict'
+
+/**
+ * StatusList2021 Module
+ * W3C StatusList2021 for credential revocation and suspension
+ */
+
+var vcjwt = require('../vcjwt')
+var crypto = require('crypto')
+
+// Create a new status list
+async function createStatusList(params) {
+  if (!params.issuerDid || !params.privateJwk) {
+    throw new Error('issuerDid and privateJwk are required')
+  }
+
+  var listId = params.listId || params.issuerDid + '/status/' + Date.now()
+  
+  // Create a bitstring for 100,000 credentials (default size)
+  var listSize = params.listSize || 100000
+  var byteSize = Math.ceil(listSize / 8)
+  var bitstringBuffer = Buffer.alloc(byteSize, 0)
+
+  // Compress with gzip
+  var zlib = require('zlib')
+  var compressed = zlib.gzipSync(bitstringBuffer)
+  var encodedCompressed = compressed.toString('base64')
+
+  // Create StatusList2021 credential
+  var statusListCredential = {
+    '@context': [
+      'https://www.w3.org/2018/credentials/v1',
+      'https://w3id.org/vc/status-list/2021/v1'
+    ],
+    type: ['VerifiableCredential', 'StatusList2021Credential'],
+    issuer: params.issuerDid,
+    issuanceDate: new Date().toISOString(),
+    credentialSubject: {
+      id: listId,
+      type: 'StatusList2021',
+      statusPurpose: 'revocation',
+      encodedList: encodedCompressed
+    }
+  }
+
+  // Issue as JWT
+  var result = await vcjwt.issueVcJwt({
+    issuerDid: params.issuerDid,
+    subjectId: listId,
+    types: ['VerifiableCredential', 'StatusList2021Credential'],
+    credentialSubject: statusListCredential.credentialSubject,
+    privateJwk: params.privateJwk,
+    alg: params.privateJwk.alg || 'ES256'
+  })
+
+  return {
+    listVcJwt: result.jwt,
+    listId: listId
+  }
+}
+
+// Update status list (revoke/suspend/activate)
+async function updateStatusList(params) {
+  if (!params.listVcJwt || params.index === undefined || !params.status || !params.privateJwk) {
+    throw new Error('listVcJwt, index, status, and privateJwk are required')
+  }
+
+  // Decode the existing status list JWT
+  var parts = params.listVcJwt.split('.')
+  if (parts.length !== 3) {
+    throw new Error('Invalid JWT format')
+  }
+
+  var payload = JSON.parse(vcjwt.base64UrlDecode(parts[1]).toString())
+  var encodedList = payload.vc.credentialSubject.encodedList
+
+  // Decompress
+  var zlib = require('zlib')
+  var compressed = Buffer.from(encodedList, 'base64')
+  var bitstring = zlib.gunzipSync(compressed)
+
+  // Update the bit at the given index
+  var byteIndex = Math.floor(params.index / 8)
+  var bitIndex = params.index % 8
+  
+  if (byteIndex >= bitstring.length) {
+    throw new Error('Index out of range')
+  }
+
+  // StatusList2021 uses 2 bits per credential for 4 states
+  // For simplicity, we'll use single bit: 0=valid, 1=revoked/suspended
+  var statusBit = (params.status === 'revoked' || params.status === 'suspended') ? 1 : 0
+  
+  if (statusBit === 1) {
+    bitstring[byteIndex] |= (1 << bitIndex)
+  } else {
+    bitstring[byteIndex] &= ~(1 << bitIndex)
+  }
+
+  // Recompress
+  var recompressed = zlib.gzipSync(bitstring)
+  var newEncodedList = recompressed.toString('base64')
+
+  // Create updated credential
+  var updatedCredentialSubject = {
+    id: payload.vc.credentialSubject.id,
+    type: 'StatusList2021',
+    statusPurpose: 'revocation',
+    encodedList: newEncodedList
+  }
+
+  // Re-issue as JWT
+  var result = await vcjwt.issueVcJwt({
+    issuerDid: payload.iss,
+    subjectId: payload.vc.credentialSubject.id,
+    types: ['VerifiableCredential', 'StatusList2021Credential'],
+    credentialSubject: updatedCredentialSubject,
+    privateJwk: params.privateJwk,
+    alg: params.privateJwk.alg || 'ES256'
+  })
+
+  return {
+    listVcJwt: result.jwt
+  }
+}
+
+// Get credential status entry
+function getCredentialStatusEntry(params) {
+  if (!params.listVcJwt || params.index === undefined) {
+    throw new Error('listVcJwt and index are required')
+  }
+
+  // Decode the status list JWT
+  var parts = params.listVcJwt.split('.')
+  if (parts.length !== 3) {
+    throw new Error('Invalid JWT format')
+  }
+
+  var payload = JSON.parse(vcjwt.base64UrlDecode(parts[1]).toString())
+  var encodedList = payload.vc.credentialSubject.encodedList
+
+  // Decompress
+  var zlib = require('zlib')
+  var compressed = Buffer.from(encodedList, 'base64')
+  var bitstring = zlib.gunzipSync(compressed)
+
+  // Check the bit at the given index
+  var byteIndex = Math.floor(params.index / 8)
+  var bitIndex = params.index % 8
+  
+  if (byteIndex >= bitstring.length) {
+    throw new Error('Index out of range')
+  }
+
+  var bit = (bitstring[byteIndex] >> bitIndex) & 1
+  
+  return bit === 1 ? 'revoked' : 'valid'
+}
+
+module.exports = {
+  createStatusList: createStatusList,
+  updateStatusList: updateStatusList,
+  getCredentialStatusEntry: getCredentialStatusEntry
+}