@bsv/sdk/dist/cjs/src/auth/certificates/VerifiableCertificate.js

BSV Blockchain Software Development Kit

"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    var desc = Object.getOwnPropertyDescriptor(m, k);
    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
      desc = { enumerable: true, get: function() { return m[k]; } };
    }
    Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
    Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
    o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
    if (mod && mod.__esModule) return mod;
    var result = {};
    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
    __setModuleDefault(result, mod);
    return result;
};
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.VerifiableCertificate = void 0;
const SymmetricKey_js_1 = __importDefault(require("../../primitives/SymmetricKey.js"));
const Utils = __importStar(require("../../primitives/utils.js"));
const Certificate_js_1 = __importDefault(require("./Certificate.js"));
/**
 * VerifiableCertificate extends the Certificate class, adding functionality to manage a verifier-specific keyring.
 * This keyring allows selective decryption of certificate fields for authorized verifiers.
 */
class VerifiableCertificate extends Certificate_js_1.default {
    constructor(type, serialNumber, subject, certifier, revocationOutpoint, fields, keyring, signature, decryptedFields) {
        super(type, serialNumber, subject, certifier, revocationOutpoint, fields, signature);
        this.keyring = keyring;
        this.decryptedFields = decryptedFields;
    }
    /**
     *
     * @param {WalletCertificate} certificate – The source certificate that was issued and signed by the certifier.
     * @param {Record<CertificateFieldNameUnder50Bytes, string>} keyring – A allows the verifier to decrypt selected certificate fields.
     * @returns {VerifiableCertificate} – A fully-formed instance containing the
     *   original certificate data plus the supplied keyring.
     */
    static fromCertificate(certificate, keyring) {
        return new VerifiableCertificate(certificate.type, certificate.serialNumber, certificate.subject, certificate.certifier, certificate.revocationOutpoint, certificate.fields, keyring, certificate.signature);
    }
    /**
     * Decrypts selectively revealed certificate fields using the provided keyring and verifier wallet
     * @param {ProtoWallet} verifierWallet - The wallet instance of the certificate's verifier, used to decrypt field keys.
     * @returns {Promise<Record<CertificateFieldNameUnder50Bytes, string>>} - A promise that resolves to an object where each key is a field name and each value is the decrypted field value as a string.
     * @param {BooleanDefaultFalse} [privileged] - Whether this is a privileged request.
     * @param {DescriptionString5to50Bytes} [privilegedReason] - Reason provided for privileged access, required if this is a privileged operation.
     * @throws {Error} Throws an error if any of the decryption operations fail, with a message indicating the failure context.
     */
    async decryptFields(verifierWallet, privileged, privilegedReason, originator) {
        if (this.keyring == null || Object.keys(this.keyring).length === 0) {
            throw new Error('A keyring is required to decrypt certificate fields for the verifier.');
        }
        try {
            const decryptedFields = {};
            for (const fieldName in this.keyring) {
                const { plaintext: fieldRevelationKey } = await verifierWallet.decrypt({
                    ciphertext: Utils.toArray(this.keyring[fieldName], 'base64'),
                    ...Certificate_js_1.default.getCertificateFieldEncryptionDetails(fieldName, this.serialNumber),
                    counterparty: this.subject,
                    privileged,
                    privilegedReason
                }, originator);
                const fieldValue = new SymmetricKey_js_1.default(fieldRevelationKey).decrypt(Utils.toArray(this.fields[fieldName], 'base64'));
                decryptedFields[fieldName] = Utils.toUTF8(fieldValue);
            }
            return decryptedFields;
        }
        catch (error) {
            throw new Error(`Failed to decrypt selectively revealed certificate fields using keyring: ${String(error instanceof Error ? error.message : error)}`);
        }
    }
}
exports.VerifiableCertificate = VerifiableCertificate;
//# sourceMappingURL=VerifiableCertificate.js.map