bsv-blockchain
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎auth/certificates/certificate.go‎
Lines changed: 5 additions & 0 deletions b/‎auth/certificates/certificate.go‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎auth/peer.go‎
Lines changed: 5 additions & 0 deletions b/‎auth/peer.go‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎auth/peer_test.go‎
Lines changed: 124 additions & 69 deletions b/‎auth/peer_test.go‎
Lines changed: 124 additions & 69 deletions
diff --git a/‎auth/transports/interface.go‎
Lines changed: 5 additions & 0 deletions b/‎auth/transports/interface.go‎
Lines changed: 5 additions & 0 deletions
@@ -3,6 +3,7 @@
 *.dll
 *.so
 *.dylib
+*.test
 
 # Ignore dependencies
 /node_modules
 
@@ -1,3 +1,8 @@
+// Package certificates implements a certificate-based authentication system for the BSV blockchain.
+// It provides structures and methods for creating, validating, and managing both master certificates
+// (which establish identity) and verifiable certificates (which grant specific permissions).
+// Certificates support field encryption/decryption, signature verification, and integration with
+// the wallet system for cryptographic operations.
 package certificates
 
 import (
 
@@ -1,3 +1,8 @@
+// Package auth provides a comprehensive authentication framework for secure peer-to-peer
+// communication. It implements certificate-based authentication with support for master
+// and verifiable certificates, session management, and authenticated message exchange.
+// The package supports multiple transport layers including HTTP and WebSocket, enabling
+// flexible integration patterns for distributed applications.
 package auth
 
 import (
 
@@ -726,8 +726,6 @@ func TestPeerCertificateExchange(t *testing.T) {
 
 // TestPeerMultiDeviceAuthentication tests Alice talking to Bob across two devices
 func TestPeerMultiDeviceAuthentication(t *testing.T) {
-	t.Skip("Skipping multi-device test until transport issues are resolved")
-
 	// Create wallets and transports
 	alicePk, err := ec.NewPrivateKey()
 	require.NoError(t, err)
@@ -779,21 +777,37 @@ func TestPeerMultiDeviceAuthentication(t *testing.T) {
 		return &wallet.DecryptResult{Plaintext: []byte("decrypted")}, nil
 	}
 
+	// Create Bob's key and wallets (separate instances for each connection)
 	bobPk, err := ec.NewPrivateKey()
 	require.NoError(t, err)
-	bobWallet := wallet.NewMockWallet(t)
-	bobWallet.MockGetPublicKey = func(ctx context.Context, args wallet.GetPublicKeyArgs, originator string) (*wallet.GetPublicKeyResult, error) {
+
+	// Bob wallet for first device connection
+	bobWallet1 := wallet.NewMockWallet(t)
+	bobWallet1.MockGetPublicKey = func(ctx context.Context, args wallet.GetPublicKeyArgs, originator string) (*wallet.GetPublicKeyResult, error) {
+		return &wallet.GetPublicKeyResult{PublicKey: bobPk.PubKey()}, nil
+	}
+
+	// Bob wallet for second device connection
+	bobWallet2 := wallet.NewMockWallet(t)
+	bobWallet2.MockGetPublicKey = func(ctx context.Context, args wallet.GetPublicKeyArgs, originator string) (*wallet.GetPublicKeyResult, error) {
 		return &wallet.GetPublicKeyResult{PublicKey: bobPk.PubKey()}, nil
 	}
 
 	// Setup Bob's crypto operations
 	dummyBobSig, err := bobPk.Sign([]byte("test"))
 	require.NoError(t, err)
 
-	bobWallet.MockCreateSignature = func(ctx context.Context, args wallet.CreateSignatureArgs, originator string) (*wallet.CreateSignatureResult, error) {
+	bobWallet1.MockCreateSignature = func(ctx context.Context, args wallet.CreateSignatureArgs, originator string) (*wallet.CreateSignatureResult, error) {
 		return &wallet.CreateSignatureResult{Signature: *dummyBobSig}, nil
 	}
-	bobWallet.MockVerifySignature = func(ctx context.Context, args wallet.VerifySignatureArgs, originator string) (*wallet.VerifySignatureResult, error) {
+	bobWallet1.MockVerifySignature = func(ctx context.Context, args wallet.VerifySignatureArgs, originator string) (*wallet.VerifySignatureResult, error) {
+		return &wallet.VerifySignatureResult{Valid: true}, nil
+	}
+
+	bobWallet2.MockCreateSignature = func(ctx context.Context, args wallet.CreateSignatureArgs, originator string) (*wallet.CreateSignatureResult, error) {
+		return &wallet.CreateSignatureResult{Signature: *dummyBobSig}, nil
+	}
+	bobWallet2.MockVerifySignature = func(ctx context.Context, args wallet.VerifySignatureArgs, originator string) (*wallet.VerifySignatureResult, error) {
 		return &wallet.VerifySignatureResult{Valid: true}, nil
 	}
 
@@ -802,19 +816,29 @@ func TestPeerMultiDeviceAuthentication(t *testing.T) {
 		hmacBytes2[i] = byte(i)
 	}
 
-	bobWallet.MockCreateHmac = func(ctx context.Context, args wallet.CreateHmacArgs, originator string) (*wallet.CreateHmacResult, error) {
+	bobWallet1.MockCreateHmac = func(ctx context.Context, args wallet.CreateHmacArgs, originator string) (*wallet.CreateHmacResult, error) {
 		return &wallet.CreateHmacResult{Hmac: hmacBytes2}, nil
 	}
-	bobWallet.MockDecrypt = func(ctx context.Context, args wallet.DecryptArgs, originator string) (*wallet.DecryptResult, error) {
+	bobWallet1.MockDecrypt = func(ctx context.Context, args wallet.DecryptArgs, originator string) (*wallet.DecryptResult, error) {
+		return &wallet.DecryptResult{Plaintext: []byte("decrypted")}, nil
+	}
+
+	bobWallet2.MockCreateHmac = func(ctx context.Context, args wallet.CreateHmacArgs, originator string) (*wallet.CreateHmacResult, error) {
+		return &wallet.CreateHmacResult{Hmac: hmacBytes2}, nil
+	}
+	bobWallet2.MockDecrypt = func(ctx context.Context, args wallet.DecryptArgs, originator string) (*wallet.DecryptResult, error) {
 		return &wallet.DecryptResult{Plaintext: []byte("decrypted")}, nil
 	}
 
+	// Create separate transport pairs for each connection
 	aliceTransport1 := NewMockTransport()
 	aliceTransport2 := NewMockTransport()
-	bobTransport := NewMockTransport()
+	bobTransport1 := NewMockTransport()
+	bobTransport2 := NewMockTransport()
 
-	// Connect transports
-	PairTransports(aliceTransport1, bobTransport)
+	// Connect transports: Alice device 1 <-> Bob instance 1, Alice device 2 <-> Bob instance 2
+	PairTransports(aliceTransport1, bobTransport1)
+	PairTransports(aliceTransport2, bobTransport2)
 
 	// Create peers
 	aliceFirstDevice := NewPeer(&PeerOptions{
@@ -827,15 +851,21 @@ func TestPeerMultiDeviceAuthentication(t *testing.T) {
 		Transport: aliceTransport2,
 	})
 
-	bob := NewPeer(&PeerOptions{
-		Wallet:    bobWallet,
-		Transport: bobTransport,
+	bob1 := NewPeer(&PeerOptions{
+		Wallet:    bobWallet1,
+		Transport: bobTransport1,
+	})
+
+	bob2 := NewPeer(&PeerOptions{
+		Wallet:    bobWallet2,
+		Transport: bobTransport2,
 	})
 
 	// Setup message tracking
 	aliceDevice1Received := make(chan bool, 2) // May receive multiple messages
 	aliceDevice2Received := make(chan bool, 1)
-	bobReceived := make(chan bool, 3) // Will receive multiple messages
+	bob1Received := make(chan bool, 3) // Will receive multiple messages
+	bob2Received := make(chan bool, 3) // Will receive multiple messages
 	ctx := t.Context()
 
 	aliceFirstDevice.ListenForGeneralMessages(func(senderPublicKey *ec.PublicKey, payload []byte) error {
@@ -848,27 +878,37 @@ func TestPeerMultiDeviceAuthentication(t *testing.T) {
 		return nil
 	})
 
-	bob.ListenForGeneralMessages(func(senderPublicKey *ec.PublicKey, payload []byte) error {
-		bobReceived <- true
+	bob1.ListenForGeneralMessages(func(senderPublicKey *ec.PublicKey, payload []byte) error {
+		bob1Received <- true
+		// Bob will respond to all messages
+		go func() {
+			err := bob1.ToPeer(ctx, []byte("Hello Alice from Bob1!"), senderPublicKey, 5000)
+			require.NoError(t, err)
+		}()
+		return nil
+	})
+
+	bob2.ListenForGeneralMessages(func(senderPublicKey *ec.PublicKey, payload []byte) error {
+		bob2Received <- true
 		// Bob will respond to all messages
 		go func() {
-			err := bob.ToPeer(ctx, []byte("Hello Alice!"), senderPublicKey, 5000)
+			err := bob2.ToPeer(ctx, []byte("Hello Alice from Bob2!"), senderPublicKey, 5000)
 			require.NoError(t, err)
 		}()
 		return nil
 	})
 
 	// Alice's first device sends a message to Bob
-	bobPubKey, _ := bobWallet.GetPublicKey(ctx, wallet.GetPublicKeyArgs{IdentityKey: true}, "")
+	bobPubKey, _ := bobWallet1.GetPublicKey(ctx, wallet.GetPublicKeyArgs{IdentityKey: true}, "")
 	err = aliceFirstDevice.ToPeer(ctx, []byte("Hello Bob from first device!"), bobPubKey.PublicKey, 5000)
 	require.NoError(t, err)
 
-	// Wait for Bob to receive and respond
+	// Wait for Bob1 to receive and respond
 	select {
-	case <-bobReceived:
+	case <-bob1Received:
 		// Bob received message
 	case <-time.After(2 * time.Second):
-		require.Fail(t, "Timed out waiting for Bob to receive message from Alice's first device")
+		require.Fail(t, "Timed out waiting for Bob1 to receive message from Alice's first device")
 	}
 
 	// Wait for Alice's first device to get response
@@ -879,19 +919,17 @@ func TestPeerMultiDeviceAuthentication(t *testing.T) {
 		require.Fail(t, "Timed out waiting for Alice's first device to receive response")
 	}
 
-	// Now connect Alice's second device to Bob
-	PairTransports(aliceTransport2, bobTransport)
-
-	// Alice's second device sends a message to Bob
-	err = aliceOtherDevice.ToPeer(ctx, []byte("Hello Bob from other device!"), bobPubKey.PublicKey, 5000)
+	// Alice's second device sends a message to Bob (different Bob instance)
+	bobPubKey2, _ := bobWallet2.GetPublicKey(ctx, wallet.GetPublicKeyArgs{IdentityKey: true}, "")
+	err = aliceOtherDevice.ToPeer(ctx, []byte("Hello Bob from other device!"), bobPubKey2.PublicKey, 5000)
 	require.NoError(t, err)
 
-	// Wait for Bob to receive and respond
+	// Wait for Bob2 to receive and respond
 	select {
-	case <-bobReceived:
+	case <-bob2Received:
 		// Bob received message
 	case <-time.After(2 * time.Second):
-		require.Fail(t, "Timed out waiting for Bob to receive message from Alice's second device")
+		require.Fail(t, "Timed out waiting for Bob2 to receive message from Alice's second device")
 	}
 
 	// Wait for Alice's second device to get response
@@ -1217,11 +1255,9 @@ func TestPartialCertificateAcceptance(t *testing.T) {
 // TestLibraryCardVerification tests the scenario where Alice asks for
 // Bob's library card number before lending him a book.
 func TestLibraryCardVerification(t *testing.T) {
-	// Skip test temporarily until we fix the certificate signature verification issue
-	t.Skip("Temporarily skipping until we fix signature verification issue")
-
 	// Create a mock function to intercept certificate requests
 	certType := "libraryCard"
+	certTypeBase64 := base64.StdEncoding.EncodeToString([]byte(certType))
 
 	// Create test wallets with recognizable identities
 	aliceKey, err := ec.NewPrivateKey()
@@ -1252,13 +1288,16 @@ func TestLibraryCardVerification(t *testing.T) {
 		return &wallet.VerifySignatureResult{Valid: true}, nil
 	}
 
-	// Bob has a library card - first create raw
+	// Bob has a library card - create with proper base64 encoding
 	bobCertRaw := wallet.Certificate{
-		Type:               certType,
-		SerialNumber:       "lib-123456",
-		Subject:            bobKey.PubKey(),
-		Certifier:          aliceKey.PubKey(),
-		Fields:             map[string]string{"name": "Bob", "cardNumber": "123456"},
+		Type:         certTypeBase64,                                          // Use base64-encoded type
+		SerialNumber: base64.StdEncoding.EncodeToString([]byte("lib-123456")), // Base64-encode serial number
+		Subject:      bobKey.PubKey(),
+		Certifier:    aliceKey.PubKey(),
+		Fields: map[string]string{
+			"name":       base64.StdEncoding.EncodeToString([]byte("Bob")),    // Base64-encode field values
+			"cardNumber": base64.StdEncoding.EncodeToString([]byte("123456")), // Base64-encode field values
+		},
 		RevocationOutpoint: "abcd1234:1",
 	}
 
@@ -1324,20 +1363,22 @@ func TestLibraryCardVerification(t *testing.T) {
 		return &wallet.CreateHmacResult{Hmac: hmacBytes}, nil
 	}
 
-	// Create mocked transports
-	aliceTransport := NewMockTransport()
-	bobTransport := NewMockTransport()
-	PairTransports(aliceTransport, bobTransport)
+	// Create mocked transports with debugging
+	aliceTransport := NewLoggingMockTransport("ALICE", log.New(os.Stdout, "[ALICE] ", log.LstdFlags))
+	bobTransport := NewLoggingMockTransport("BOB", log.New(os.Stdout, "[BOB] ", log.LstdFlags))
+	PairTransports(aliceTransport.MockTransport, bobTransport.MockTransport)
 
-	// Create peers
+	// Create peers with debugging
 	alice := NewPeer(&PeerOptions{
 		Wallet:    aliceWallet,
 		Transport: aliceTransport,
+		Logger:    log.New(os.Stdout, "[ALICE PEER] ", log.LstdFlags),
 	})
 
 	bob := NewPeer(&PeerOptions{
 		Wallet:    bobWallet,
 		Transport: bobTransport,
+		Logger:    log.New(os.Stdout, "[BOB PEER] ", log.LstdFlags),
 	})
 
 	// Setup certificate tracking
@@ -1353,7 +1394,7 @@ func TestLibraryCardVerification(t *testing.T) {
 		return nil
 	})
 
-	// Bob listens for certificate requests
+	// Bob listens for certificate requests with debugging
 	bob.ListenForCertificatesRequested(func(senderPublicKey *ec.PublicKey, req utils.RequestedCertificateSet) error {
 		t.Logf("Bob received certificate request from %s with %d types",
 			senderPublicKey.ToDERHex(), len(req.CertificateTypes))
@@ -1379,10 +1420,11 @@ func TestLibraryCardVerification(t *testing.T) {
 	})
 
 	// Setup certificate requirements - Alice requires Bob's library card number
+	// Use the base64-encoded certificate type in the request
 	alice.CertificatesToRequest = &utils.RequestedCertificateSet{
 		Certifiers: []string{"any"},
 		CertificateTypes: utils.RequestedCertificateTypeIDAndFieldList{
-			certType: []string{"cardNumber"},
+			certTypeBase64: []string{"cardNumber"}, // Use base64-encoded type
 		},
 	}
 
@@ -1391,44 +1433,60 @@ func TestLibraryCardVerification(t *testing.T) {
 	// Alice sends an initial message to Bob to trigger the certificate exchange
 	bobPubKey, _ := bobWallet.GetPublicKey(ctx, wallet.GetPublicKeyArgs{IdentityKey: true}, "")
 
-	go func() {
-		err := alice.ToPeer(ctx, []byte("Can I see your library card?"), bobPubKey.PublicKey, 5000)
-		require.NoError(t, err)
+	// First establish a session between Alice and Bob
+	t.Logf("Alice sending initial message to Bob to establish session")
+	err = alice.ToPeer(ctx, []byte("Can I see your library card?"), bobPubKey.PublicKey, 5000)
+	require.NoError(t, err)
 
-		// Add a small delay before explicitly requesting certificates
-		time.Sleep(500 * time.Millisecond)
+	// Wait for session to be established
+	time.Sleep(1 * time.Second)
 
-		// Alice explicitly requests Bob's certificate
-		err = alice.RequestCertificates(ctx, bobPubKey.PublicKey, utils.RequestedCertificateSet{
-			Certifiers: []string{"any"},
-			CertificateTypes: utils.RequestedCertificateTypeIDAndFieldList{
-				certType: []string{"cardNumber"},
-			},
-		}, 5000)
-		if err != nil {
-			t.Logf("Error when Alice requested Bob's library card: %v", err)
-		} else {
-			t.Logf("Alice explicitly requested Bob's library card")
-		}
-	}()
+	// Now Alice explicitly requests Bob's certificate
+	t.Logf("Alice explicitly requesting Bob's library card certificate")
+	err = alice.RequestCertificates(ctx, bobPubKey.PublicKey, utils.RequestedCertificateSet{
+		Certifiers: []string{"any"},
+		CertificateTypes: utils.RequestedCertificateTypeIDAndFieldList{
+			certTypeBase64: []string{"cardNumber"}, // Use base64-encoded type
+		},
+	}, 5000)
+	require.NoError(t, err, "Alice should be able to request Bob's certificate")
 
 	// Wait for certificate exchange
 	select {
 	case <-aliceCertReceived:
+		t.Logf("SUCCESS: Alice received Bob's certificate")
 		// Alice received Bob's certificate, now she'll verify the card number and lend him the book
 		go func() {
 			err := alice.ToPeer(ctx, []byte("Here's your book"), bobPubKey.PublicKey, 5000)
 			require.NoError(t, err)
 		}()
-	case <-time.After(5 * time.Second):
+	case <-time.After(10 * time.Second):
+		// Debug session state
+		t.Logf("=== DEBUG SESSION INFO ===")
+		alicePubKey, _ := aliceWallet.GetPublicKey(ctx, wallet.GetPublicKeyArgs{IdentityKey: true}, "")
+
+		if bobSession, err := bob.sessionManager.GetSession(alicePubKey.PublicKey.ToDERHex()); err == nil && bobSession != nil {
+			t.Logf("Bob's session for Alice - Authenticated: %v, Session Nonce: %s, Peer Nonce: %s",
+				bobSession.IsAuthenticated, bobSession.SessionNonce, bobSession.PeerNonce)
+		} else {
+			t.Logf("Bob has no session for Alice")
+		}
+
+		if aliceSession, err := alice.sessionManager.GetSession(bobPubKey.PublicKey.ToDERHex()); err == nil && aliceSession != nil {
+			t.Logf("Alice's session for Bob - Authenticated: %v, Session Nonce: %s, Peer Nonce: %s",
+				aliceSession.IsAuthenticated, aliceSession.SessionNonce, aliceSession.PeerNonce)
+		} else {
+			t.Logf("Alice has no session for Bob")
+		}
+
 		require.Fail(t, "Timed out waiting for Alice to receive Bob's library card")
 		return
 	}
 
 	// Wait for Bob to receive the book
 	select {
 	case <-bobMessageReceived:
-		// Success! Bob got his book
+		t.Logf("SUCCESS: Bob received the book from Alice")
 	case <-time.After(5 * time.Second):
 		require.Fail(t, "Timed out waiting for Bob to receive a message from Alice")
 	}
@@ -1477,9 +1535,6 @@ func TestPeerSessionManagement(t *testing.T) {
 
 // TestPeerErrorHandling tests error handling in various scenarios
 func TestPeerErrorHandling(t *testing.T) {
-	// Skip for now and add a more targeted test
-	t.Skip("Skip error handling tests until we have proper mock implementations")
-
 	alice, _, aliceWallet, bobWallet := CreatePeerPair(t)
 
 	// Use all variables to avoid linter errors
 
@@ -1,3 +1,8 @@
+// Package transports provides abstractions for different communication protocols used in
+// authentication. It defines a common Transport interface that can be implemented by various
+// protocols such as HTTP and WebSocket, enabling flexible peer-to-peer communication patterns.
+// The package includes implementations for simplified HTTP transport and full-duplex WebSocket
+// transport, both supporting authenticated message exchange.
 package transports
 
 import (