Standardize custom byte types

Author: jchavannes

auth/certificates/certificate.go

@@ -24,10 +24,10 @@ var (
 // It provides methods for serialization, deserialization, signing, and verifying certificates.
 type Certificate struct {
 	// Type identifier for the certificate, base64 encoded string, 32 bytes
-	Type wallet.Base64String `json:"type"`
+	Type wallet.StringBase64 `json:"type"`
 
 	// Unique serial number of the certificate, base64 encoded string, 32 bytes
-	SerialNumber wallet.Base64String `json:"serialNumber"`
+	SerialNumber wallet.StringBase64 `json:"serialNumber"`
 
 	// The public key belonging to the certificate's subject
 	Subject ec.PublicKey `json:"subject"`
@@ -39,20 +39,20 @@ type Certificate struct {
 	RevocationOutpoint *overlay.Outpoint `json:"revocationOutpoint"`
 
 	// All the fields present in the certificate, with field names as keys and encrypted field values as strings
-	Fields map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String `json:"fields"`
+	Fields map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64 `json:"fields"`
 
 	// Certificate signature by the certifier's private key
 	Signature []byte `json:"signature,omitempty"`
 }
 
 // NewCertificate creates a new certificate with the given fields
 func NewCertificate(
-	certType wallet.Base64String,
-	serialNumber wallet.Base64String,
+	certType wallet.StringBase64,
+	serialNumber wallet.StringBase64,
 	subject ec.PublicKey,
 	certifier ec.PublicKey,
 	revocationOutpoint *overlay.Outpoint,
-	fields map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String,
+	fields map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64,
 	signature []byte,
 ) *Certificate {
 	return &Certificate{
@@ -75,14 +75,14 @@ func (c *Certificate) ToBinary(includeSignature bool) ([]byte, error) {
 
 	writer := util.NewWriter()
 
-	// Write type (Base64String, 32 bytes)
+	// Write type (StringBase64, 32 bytes)
 	typeBytes, err := base64.StdEncoding.DecodeString(string(c.Type))
 	if err != nil {
 		return nil, fmt.Errorf("invalid type encoding: %w", err)
 	}
 	writer.WriteBytes(typeBytes)
 
-	// Write serialNumber (Base64String, 32 bytes)
+	// Write serialNumber (StringBase64, 32 bytes)
 	serialNumberBytes, err := base64.StdEncoding.DecodeString(string(c.SerialNumber))
 	if err != nil {
 		return nil, fmt.Errorf("invalid serial number encoding: %w", err)
@@ -197,7 +197,7 @@ func CertificateFromBinary(data []byte) (*Certificate, error) {
 	}
 
 	// Read fields
-	fields := make(map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String)
+	fields := make(map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64)
 	for i := uint64(0); i < fieldCount; i++ {
 		// Field name length (varint)
 		fieldNameLength, err := reader.ReadVarInt()
@@ -223,7 +223,7 @@ func CertificateFromBinary(data []byte) (*Certificate, error) {
 		if err != nil {
 			return nil, fmt.Errorf("failed to read field value: %w", err)
 		}
-		fieldValue := wallet.Base64String(string(fieldValueBytes))
+		fieldValue := wallet.StringBase64(string(fieldValueBytes))
 
 		fields[fieldName] = fieldValue
 	}
@@ -235,8 +235,8 @@ func CertificateFromBinary(data []byte) (*Certificate, error) {
 	}
 
 	return &Certificate{
-		Type:               wallet.Base64String(typeStr),
-		SerialNumber:       wallet.Base64String(serialNumber),
+		Type:               wallet.StringBase64(typeStr),
+		SerialNumber:       wallet.StringBase64(serialNumber),
 		Subject:            *subject,
 		Certifier:          *certifier,
 		RevocationOutpoint: revocationOutpoint,

auth/certificates/certificate_test.go

@@ -13,8 +13,8 @@ import (
 
 func TestCertificate(t *testing.T) {
 	// Sample data for testing - use consistent data like in TS
-	sampleType := wallet.Base64String(base64.StdEncoding.EncodeToString(make([]byte, 32)))
-	sampleSerialNumber := wallet.Base64String(base64.StdEncoding.EncodeToString(make([]byte, 32)))
+	sampleType := wallet.StringBase64(base64.StdEncoding.EncodeToString(make([]byte, 32)))
+	sampleSerialNumber := wallet.StringBase64(base64.StdEncoding.EncodeToString(make([]byte, 32)))
 
 	// Create private keys
 	sampleSubjectPrivateKey, err := ec.NewPrivateKey()
@@ -33,12 +33,12 @@ func TestCertificate(t *testing.T) {
 	sampleRevocationOutpoint := &outpoint
 
 	// Convert string maps to the proper types
-	sampleFields := map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String{
-		wallet.CertificateFieldNameUnder50Bytes("name"):         wallet.Base64String("Alice"),
-		wallet.CertificateFieldNameUnder50Bytes("email"):        wallet.Base64String("alice@example.com"),
-		wallet.CertificateFieldNameUnder50Bytes("organization"): wallet.Base64String("Example Corp"),
+	sampleFields := map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64{
+		wallet.CertificateFieldNameUnder50Bytes("name"):         wallet.StringBase64("Alice"),
+		wallet.CertificateFieldNameUnder50Bytes("email"):        wallet.StringBase64("alice@example.com"),
+		wallet.CertificateFieldNameUnder50Bytes("organization"): wallet.StringBase64("Example Corp"),
 	}
-	sampleFieldsEmpty := map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String{}
+	sampleFieldsEmpty := map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64{}
 
 	// Helper function to create a ProtoWallet for testing
 	createProtoWallet := func(privateKey *ec.PrivateKey) *wallet.ProtoWallet {
@@ -166,7 +166,7 @@ func TestCertificate(t *testing.T) {
 		require.NoError(t, err)
 
 		// Tamper with the certificate (modify a field)
-		certificate.Fields[wallet.CertificateFieldNameUnder50Bytes("email")] = wallet.Base64String("attacker@example.com")
+		certificate.Fields[wallet.CertificateFieldNameUnder50Bytes("email")] = wallet.StringBase64("attacker@example.com")
 
 		// Verify the signature
 		err = certificate.Verify(t.Context())
@@ -275,8 +275,8 @@ func TestCertificate(t *testing.T) {
 			longFieldValue += "longFieldValue_"
 		}
 
-		fields := map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String{
-			wallet.CertificateFieldNameUnder50Bytes(longFieldName): wallet.Base64String(longFieldValue),
+		fields := map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64{
+			wallet.CertificateFieldNameUnder50Bytes(longFieldName): wallet.StringBase64(longFieldValue),
 		}
 
 		certificate := &Certificate{

auth/certificates/master.go

@@ -29,14 +29,14 @@ type MasterCertificate struct {
 	Certificate
 	// MasterKeyring contains encrypted symmetric keys (Base64 encoded) for each field.
 	// The key is the field name, and the value is the encrypted key.
-	MasterKeyring map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String `json:"masterKeyring,omitempty"`
+	MasterKeyring map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64 `json:"masterKeyring,omitempty"`
 }
 
 // NewMasterCertificate creates a new MasterCertificate instance.
 // It validates that the masterKeyring contains an entry for every field in the base certificate.
 func NewMasterCertificate(
 	cert *Certificate,
-	masterKeyring map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String,
+	masterKeyring map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64,
 ) (*MasterCertificate, error) {
 	if len(masterKeyring) == 0 {
 		return nil, ErrMissingMasterKeyring
@@ -59,8 +59,8 @@ func NewMasterCertificate(
 
 // CertificateFieldsResult holds the results from creating encrypted certificate fields.
 type CertificateFieldsResult struct {
-	CertificateFields map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String
-	MasterKeyring     map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String
+	CertificateFields map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64
+	MasterKeyring     map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64
 }
 
 // CreateCertificateFields encrypts certificate fields for a subject and generates a master keyring.
@@ -73,8 +73,8 @@ func CreateCertificateFields(
 	privileged bool,
 	privilegedReason string,
 ) (*CertificateFieldsResult, error) {
-	certificateFields := make(map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String)
-	masterKeyring := make(map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String)
+	certificateFields := make(map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64)
+	masterKeyring := make(map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64)
 
 	for fieldName, fieldValue := range fields {
 		// 1. Generate a random symmetric key (32 bytes)
@@ -89,7 +89,7 @@ func CreateCertificateFields(
 		if err != nil {
 			return nil, fmt.Errorf("failed to encrypt field value for %s: %w", fieldName, err)
 		}
-		certificateFields[fieldName] = wallet.Base64String(base64.StdEncoding.EncodeToString(encryptedFieldValue))
+		certificateFields[fieldName] = wallet.StringBase64(base64.StdEncoding.EncodeToString(encryptedFieldValue))
 
 		// 3. Encrypt the symmetric key for the certifier/subject
 		protocolID, keyID := GetCertificateEncryptionDetails(string(fieldName), "") // No serial number for master keyring creation
@@ -106,7 +106,7 @@ func CreateCertificateFields(
 		if err != nil {
 			return nil, fmt.Errorf("failed to encrypt field revelation key for %s: %w", fieldName, err)
 		}
-		masterKeyring[fieldName] = wallet.Base64String(base64.StdEncoding.EncodeToString(encryptedKey.Ciphertext))
+		masterKeyring[fieldName] = wallet.StringBase64(base64.StdEncoding.EncodeToString(encryptedKey.Ciphertext))
 	}
 
 	return &CertificateFieldsResult{
@@ -128,19 +128,19 @@ func IssueCertificateForSubject(
 	plainFields map[string]string, // Plaintext fields
 	certificateType string,
 	getRevocationOutpoint func(string) (*overlay.Outpoint, error), // Optional func
-	serialNumberStr string, // Optional serial number as Base64String
+	serialNumberStr string, // Optional serial number as StringBase64
 ) (*MasterCertificate, error) {
 
 	// 1. Generate a random serialNumber if not provided
-	var serialNumber wallet.Base64String
+	var serialNumber wallet.StringBase64
 	if serialNumberStr != "" {
-		serialNumber = wallet.Base64String(serialNumberStr)
+		serialNumber = wallet.StringBase64(serialNumberStr)
 	} else {
 		serialBytes := make([]byte, 32)
 		if _, err := rand.Read(serialBytes); err != nil {
 			return nil, fmt.Errorf("failed to generate random serial number: %w", err)
 		}
-		serialNumber = wallet.Base64String(base64.StdEncoding.EncodeToString(serialBytes))
+		serialNumber = wallet.StringBase64(base64.StdEncoding.EncodeToString(serialBytes))
 	}
 
 	// Convert plainFields map[string]string to map[wallet.CertificateFieldNameUnder50Bytes]string
@@ -183,7 +183,7 @@ func IssueCertificateForSubject(
 
 	// 5. Create the base Certificate struct
 	baseCert := &Certificate{
-		Type:               wallet.Base64String(certificateType),
+		Type:               wallet.StringBase64(certificateType),
 		SerialNumber:       serialNumber,
 		Certifier:          *certifierPubKey.PublicKey,
 		RevocationOutpoint: revocationOutpoint,
@@ -234,9 +234,9 @@ type DecryptFieldResult struct {
 func DecryptField(
 	ctx context.Context,
 	subjectOrCertifierWallet *wallet.ProtoWallet,
-	masterKeyring map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String,
+	masterKeyring map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64,
 	fieldName wallet.CertificateFieldNameUnder50Bytes,
-	encryptedFieldValue wallet.Base64String, // Base64 encoded encrypted value
+	encryptedFieldValue wallet.StringBase64, // Base64 encoded encrypted value
 	counterparty wallet.Counterparty,
 	privileged bool,
 	privilegedReason string,
@@ -296,8 +296,8 @@ func DecryptField(
 func DecryptFields(
 	ctx context.Context,
 	subjectOrCertifierWallet *wallet.ProtoWallet,
-	masterKeyring map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String,
-	fields map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String, // Encrypted fields
+	masterKeyring map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64,
+	fields map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64, // Encrypted fields
 	counterparty wallet.Counterparty,
 	privileged bool,
 	privilegedReason string,
@@ -341,19 +341,19 @@ func CreateKeyringForVerifier(
 	subjectWallet *wallet.ProtoWallet,
 	certifier wallet.Counterparty, // Counterparty used when decrypting master key
 	verifier wallet.Counterparty, // Counterparty to encrypt for
-	fields map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String, // All encrypted fields from cert
+	fields map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64, // All encrypted fields from cert
 	fieldsToReveal []wallet.CertificateFieldNameUnder50Bytes, // Which fields to include in the new keyring
-	masterKeyring map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String, // The original master keyring
-	serialNumber wallet.Base64String, // Serial number needed for encryption protocol/key ID
+	masterKeyring map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64, // The original master keyring
+	serialNumber wallet.StringBase64, // Serial number needed for encryption protocol/key ID
 	privileged bool,
 	privilegedReason string,
-) (map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String, error) { // Returns the verifier-specific keyring
+) (map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64, error) { // Returns the verifier-specific keyring
 	if len(masterKeyring) == 0 {
 		return nil, ErrMissingMasterKeyring
 	}
 
 	// Create a new verifier-specific keyring
-	keyringForVerifier := make(map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String)
+	keyringForVerifier := make(map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64)
 
 	// For each field to reveal:
 	for _, fieldName := range fieldsToReveal {
@@ -397,7 +397,7 @@ func CreateKeyringForVerifier(
 		}
 
 		// 3. Store in verifier keyring
-		keyringForVerifier[fieldName] = wallet.Base64String(base64.StdEncoding.EncodeToString(encryptedKeyForVerifier.Ciphertext))
+		keyringForVerifier[fieldName] = wallet.StringBase64(base64.StdEncoding.EncodeToString(encryptedKeyForVerifier.Ciphertext))
 	}
 
 	return keyringForVerifier, nil

auth/certificates/master_test.go

@@ -47,27 +47,27 @@ func TestMasterCertificate(t *testing.T) {
 			if err != nil {
 				t.Fatalf("Failed to encrypt field value: %v", err)
 			}
-			encryptedFieldValue := wallet.Base64String(base64.StdEncoding.EncodeToString(encryptedFieldValueBytes))
+			encryptedFieldValue := wallet.StringBase64(base64.StdEncoding.EncodeToString(encryptedFieldValueBytes))
 
-			encryptedKeyForSubject := wallet.Base64String(base64.StdEncoding.EncodeToString([]byte{0, 1, 2, 3}))
+			encryptedKeyForSubject := wallet.StringBase64(base64.StdEncoding.EncodeToString([]byte{0, 1, 2, 3}))
 
 			// We assume we have the same fieldName in both `fields` and `masterKeyring`.
-			fields := map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String{
+			fields := map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64{
 				"name": encryptedFieldValue,
 			}
 
-			masterKeyring := map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String{
+			masterKeyring := map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64{
 				"name": encryptedKeyForSubject,
 			}
 
 			// certificate type is 16 random bytes base64 encoded
 			certTypeBytes := make([]byte, 16)
 			_, _ = rand.Read(certTypeBytes)
-			certType := wallet.Base64String(base64.StdEncoding.EncodeToString(certTypeBytes))
+			certType := wallet.StringBase64(base64.StdEncoding.EncodeToString(certTypeBytes))
 
 			serialNumberBytes := make([]byte, 16)
 			_, _ = rand.Read(serialNumberBytes)
-			serialNumber := wallet.Base64String(base64.StdEncoding.EncodeToString(serialNumberBytes))
+			serialNumber := wallet.StringBase64(base64.StdEncoding.EncodeToString(serialNumberBytes))
 
 			baseCert := &certificates.Certificate{
 				Type:               certType,
@@ -102,8 +102,8 @@ func TestMasterCertificate(t *testing.T) {
 		})
 
 		t.Run("should return error if masterKeyring is missing a key for any field", func(t *testing.T) {
-			fields := map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String{"name": utils.RandomBase64(16)}
-			masterKeyring := map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String{} // Intentionally empty
+			fields := map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64{"name": utils.RandomBase64(16)}
+			masterKeyring := map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64{} // Intentionally empty
 
 			baseCert := &certificates.Certificate{
 				Type:               utils.RandomBase64(16),
@@ -192,7 +192,7 @@ func TestMasterCertificate(t *testing.T) {
 			_, err = certificates.DecryptFields(
 				t.Context(),
 				subjectWallet.ProtoWallet,
-				map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String{}, // Test empty keyring
+				map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64{}, // Test empty keyring
 				issueCert.Fields, // Uses issuedCert from outer scope
 				certifierCounterparty,
 				false,
@@ -209,7 +209,7 @@ func TestMasterCertificate(t *testing.T) {
 
 		t.Run("should return error if decryption fails for any field", func(t *testing.T) {
 			// Create a bad keyring manually
-			badMasterKeyring := make(map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String)
+			badMasterKeyring := make(map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64)
 			for k := range issueCert.Fields { // Uses issuedCert from outer scope
 				badMasterKeyring[k] = utils.RandomBase64(64) // Provide structurally valid (>48 bytes) but incorrect key data
 			}
@@ -316,7 +316,7 @@ func TestMasterCertificate(t *testing.T) {
 
 		t.Run("should return error if the master key fails to decrypt", func(t *testing.T) {
 			// Tamper with the master keyring
-			tamperedMasterKeyring := make(map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String)
+			tamperedMasterKeyring := make(map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64)
 			for k, v := range issueCert.MasterKeyring { // Uses issuedCert from outer scope
 				if k == "name" {
 					tamperedMasterKeyring[k] = utils.RandomBase64(64) // Provide structurally valid (>48 bytes) but incorrect key data

auth/certificates/verifiable.go

@@ -24,7 +24,7 @@ type VerifiableCertificate struct {
 
 	// KeyRing contains the encrypted field revelation keys, specifically encrypted for the intended verifier.
 	// The map keys are the field names (string), and values are the base64 encoded encrypted keys (string).
-	Keyring map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String `json:"keyring,omitempty"`
+	Keyring map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64 `json:"keyring,omitempty"`
 
 	// DecryptedFields stores the successfully decrypted field values after calling DecryptFields.
 	// Populated only upon successful decryption of all fields present in the KeyRing.
@@ -36,7 +36,7 @@ type VerifiableCertificate struct {
 // It takes a pointer to a base Certificate and the verifier-specific KeyRing.
 func NewVerifiableCertificate(
 	cert *Certificate, // Pointer to the base Certificate data
-	keyring map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String, // Verifier-specific keyring
+	keyring map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64, // Verifier-specific keyring
 ) *VerifiableCertificate {
 	return &VerifiableCertificate{
 		Certificate: *cert, // Dereference and copy the base certificate data
@@ -56,7 +56,7 @@ func NewVerifiableCertificateFromBinary(data []byte) (*VerifiableCertificate, er
 	// Create a VerifiableCertificate with an empty keyring
 	verifiableCert := &VerifiableCertificate{
 		Certificate:     *cert,
-		Keyring:         make(map[wallet.CertificateFieldNameUnder50Bytes]wallet.Base64String),
+		Keyring:         make(map[wallet.CertificateFieldNameUnder50Bytes]wallet.StringBase64),
 		DecryptedFields: make(map[string]string),
 	}