Merge branch 'opl-335-strings' into opl-351-docs

Author: jchavannes

auth/clients/authhttp/authhttp.go

@@ -759,7 +759,7 @@ func (a *AuthFetch) handlePaymentAndRetry(ctx context.Context, urlStr string, co
 		Outputs: []wallet.CreateActionOutput{
 			{
 				Satoshis:      satoshisRequired,
-				LockingScript: fmt.Sprintf("P2PKH:%s", derivedKey.PublicKey.ToDERHex()),
+				LockingScript: derivedKey.PublicKey.ToDER(),
 				CustomInstructions: fmt.Sprintf(`{"derivationPrefix":"%s","derivationSuffix":"%s","payee":"%s"}`,
 					derivationPrefix, derivationSuffix, serverIdentityKey),
 				OutputDescription: "HTTP request payment",

auth/clients/authhttp/authhttp_test.go

@@ -53,7 +53,7 @@ func TestNew(t *testing.T) {
 	mockWallet := wallet.NewMockWallet(t)
 	mockSessionManager := NewMockSessionManager()
 	requestedCerts := &utils.RequestedCertificateSet{
-		Certifiers:       []string{},
+		Certifiers:       []wallet.HexBytes33{},
 		CertificateTypes: make(utils.RequestedCertificateTypeIDAndFieldList),
 	}
 
@@ -74,7 +74,7 @@ func TestNewWithNilSessionManager(t *testing.T) {
 	// Set up dependencies
 	mockWallet := wallet.NewMockWallet(t)
 	requestedCerts := &utils.RequestedCertificateSet{
-		Certifiers:       []string{},
+		Certifiers:       []wallet.HexBytes33{},
 		CertificateTypes: make(utils.RequestedCertificateTypeIDAndFieldList),
 	}
 

auth/peer.go

@@ -98,7 +98,7 @@ func NewPeer(cfg *PeerOptions) *Peer {
 		peer.CertificatesToRequest = cfg.CertificatesToRequest
 	} else {
 		peer.CertificatesToRequest = &utils.RequestedCertificateSet{
-			Certifiers:       []string{},
+			Certifiers:       []wallet.HexBytes33{},
 			CertificateTypes: make(utils.RequestedCertificateTypeIDAndFieldList),
 		}
 	}

auth/peer_test.go

@@ -14,6 +14,7 @@ import (
 	"github.com/bsv-blockchain/go-sdk/auth/certificates"
 	"github.com/bsv-blockchain/go-sdk/auth/utils"
 	ec "github.com/bsv-blockchain/go-sdk/primitives/ec"
+	tu "github.com/bsv-blockchain/go-sdk/util/test_util"
 	"github.com/bsv-blockchain/go-sdk/wallet"
 	"github.com/stretchr/testify/require"
 )
@@ -404,7 +405,7 @@ func (t *LoggingMockTransport) OnData(callback func(context.Context, *AuthMessag
 
 // TestPeerCertificateExchange tests certificate request and exchange
 func TestPeerCertificateExchange(t *testing.T) {
-	certType := "testCertType"
+	var certType = tu.GetByte32FromString("testCertType")
 	requiredField := "testField"
 
 	// Setup logging
@@ -451,20 +452,20 @@ func TestPeerCertificateExchange(t *testing.T) {
 	// Create raw certificates with proper base64 encoding using our helper
 	aliceCertRaw := wallet.Certificate{
 		Type:               certType,
-		SerialNumber:       "serial1",
+		SerialNumber:       tu.GetByte32FromString("serial1"),
 		Subject:            aliceSubject,
 		Certifier:          bobSubject,
 		Fields:             map[string]string{requiredField: "fieldValue"},
-		RevocationOutpoint: "abcd1234:0",
+		RevocationOutpoint: tu.OutpointFromString(t, "a755810c21e17183ff6db6685f0de239fd3a0a3c0d4ba7773b0b0d1748541e2b.0"),
 	}
 
 	bobCertRaw := wallet.Certificate{
 		Type:               certType,
-		SerialNumber:       "serial2",
+		SerialNumber:       tu.GetByte32FromString("serial2"),
 		Subject:            bobSubject,
 		Certifier:          aliceSubject,
 		Fields:             map[string]string{requiredField: "fieldValue"},
-		RevocationOutpoint: "abcd1234:1",
+		RevocationOutpoint: tu.OutpointFromString(t, "a755810c21e17183ff6db6685f0de239fd3a0a3c0d4ba7773b0b0d1748541e2b.1"),
 	}
 
 	// Sign the certificates properly
@@ -504,8 +505,8 @@ func TestPeerCertificateExchange(t *testing.T) {
 	}
 
 	// Debug certificate signatures
-	logger.Printf("DEBUG: Alice cert signature: %s", aliceCert.Signature)
-	logger.Printf("DEBUG: Bob cert signature: %s", bobCert.Signature)
+	logger.Printf("DEBUG: Alice cert signature: %x", aliceCert.Signature)
+	logger.Printf("DEBUG: Bob cert signature: %x", bobCert.Signature)
 
 	// Create mock keyring results - also properly encoded
 	fieldValueBase64 := base64.StdEncoding.EncodeToString([]byte("key-for-field"))
@@ -620,14 +621,14 @@ func TestPeerCertificateExchange(t *testing.T) {
 
 	// Set certificate requirements - We need to use the RAW type string here, not base64 encoded
 	aliceCertReqs := &utils.RequestedCertificateSet{
-		Certifiers: []string{"any"}, // "any" is special value that accepts any certifier
+		Certifiers: []wallet.HexBytes33{tu.GetByte33FromString("any")}, // "any" is special value that accepts any certifier
 		CertificateTypes: utils.RequestedCertificateTypeIDAndFieldList{
 			certType: []string{requiredField},
 		},
 	}
 
 	bobCertReqs := &utils.RequestedCertificateSet{
-		Certifiers: []string{"any"}, // "any" is special value that accepts any certifier
+		Certifiers: []wallet.HexBytes33{tu.GetByte33FromString("any")}, // "any" is special value that accepts any certifier
 		CertificateTypes: utils.RequestedCertificateTypeIDAndFieldList{
 			certType: []string{requiredField},
 		},
@@ -907,7 +908,8 @@ func TestPeerMultiDeviceAuthentication(t *testing.T) {
 // if at least one required field is present
 func TestPartialCertificateAcceptance(t *testing.T) {
 	// Create a mock function to intercept certificate requests
-	certType := "identityCert"
+	var certType [32]byte
+	copy(certType[:], "identityCert")
 
 	// Create test wallets with recognizable identities
 	aliceKey, err := ec.NewPrivateKey()
@@ -941,20 +943,20 @@ func TestPartialCertificateAcceptance(t *testing.T) {
 	// Create raw certificates
 	aliceCertRaw := wallet.Certificate{
 		Type:               certType,
-		SerialNumber:       "alice-serial",
+		SerialNumber:       tu.GetByte32FromString("alice-serial"),
 		Subject:            aliceKey.PubKey(),
 		Certifier:          bobKey.PubKey(),
 		Fields:             map[string]string{"name": "Alice"},
-		RevocationOutpoint: "abcd1234:0",
+		RevocationOutpoint: tu.OutpointFromString(t, "a755810c21e17183ff6db6685f0de239fd3a0a3c0d4ba7773b0b0d1748541e2b.0"),
 	}
 
 	bobCertRaw := wallet.Certificate{
 		Type:               certType,
-		SerialNumber:       "bob-serial",
+		SerialNumber:       tu.GetByte32FromString("bob-serial"),
 		Subject:            bobKey.PubKey(),
 		Certifier:          aliceKey.PubKey(),
 		Fields:             map[string]string{"name": "Bob"},
-		RevocationOutpoint: "abcd1234:1",
+		RevocationOutpoint: tu.OutpointFromString(t, "a755810c21e17183ff6db6685f0de239fd3a0a3c0d4ba7773b0b0d1748541e2b.1"),
 	}
 
 	// Sign the certificates properly
@@ -1112,7 +1114,7 @@ func TestPartialCertificateAcceptance(t *testing.T) {
 
 	// Setup certificate requirements - requesting two fields but accepting partial matches
 	requestedCertificates := &utils.RequestedCertificateSet{
-		Certifiers: []string{"any"},
+		Certifiers: []wallet.HexBytes33{tu.GetByte33FromString("any")},
 		CertificateTypes: utils.RequestedCertificateTypeIDAndFieldList{
 			certType: []string{"name", "email"},
 		},
@@ -1221,7 +1223,8 @@ func TestLibraryCardVerification(t *testing.T) {
 	t.Skip("Temporarily skipping until we fix signature verification issue")
 
 	// Create a mock function to intercept certificate requests
-	certType := "libraryCard"
+	var certType [32]byte
+	copy(certType[:], "libraryCard")
 
 	// Create test wallets with recognizable identities
 	aliceKey, err := ec.NewPrivateKey()
@@ -1255,11 +1258,11 @@ func TestLibraryCardVerification(t *testing.T) {
 	// Bob has a library card - first create raw
 	bobCertRaw := wallet.Certificate{
 		Type:               certType,
-		SerialNumber:       "lib-123456",
+		SerialNumber:       tu.GetByte32FromString("lib-123456"),
 		Subject:            bobKey.PubKey(),
 		Certifier:          aliceKey.PubKey(),
 		Fields:             map[string]string{"name": "Bob", "cardNumber": "123456"},
-		RevocationOutpoint: "abcd1234:1",
+		RevocationOutpoint: tu.OutpointFromString(t, "a755810c21e17183ff6db6685f0de239fd3a0a3c0d4ba7773b0b0d1748541e2b.1"),
 	}
 
 	// Sign the certificate properly
@@ -1380,7 +1383,7 @@ func TestLibraryCardVerification(t *testing.T) {
 
 	// Setup certificate requirements - Alice requires Bob's library card number
 	alice.CertificatesToRequest = &utils.RequestedCertificateSet{
-		Certifiers: []string{"any"},
+		Certifiers: []wallet.HexBytes33{tu.GetByte33FromString("any")},
 		CertificateTypes: utils.RequestedCertificateTypeIDAndFieldList{
 			certType: []string{"cardNumber"},
 		},
@@ -1400,7 +1403,7 @@ func TestLibraryCardVerification(t *testing.T) {
 
 		// Alice explicitly requests Bob's certificate
 		err = alice.RequestCertificates(ctx, bobPubKey.PublicKey, utils.RequestedCertificateSet{
-			Certifiers: []string{"any"},
+			Certifiers: []wallet.HexBytes33{tu.GetByte33FromString("any")},
 			CertificateTypes: utils.RequestedCertificateTypeIDAndFieldList{
 				certType: []string{"cardNumber"},
 			},
@@ -1575,24 +1578,29 @@ func TestNonmatchingCertificateRejection(t *testing.T) {
 		return &wallet.VerifySignatureResult{Valid: true}, nil
 	}
 
+	var certTypeA [32]byte
+	copy(certTypeA[:], "partnerA")
+	var certTypeB [32]byte
+	copy(certTypeB[:], "partnerB")
+
 	// Alice has "partnerA" certificate, Bob has "partnerB" certificate
 	// They shouldn't accept each other's certificates
 	aliceCertRaw := wallet.Certificate{
-		Type:               "partnerA",
-		SerialNumber:       "alice-serial",
+		Type:               certTypeA,
+		SerialNumber:       tu.GetByte32FromString("alice-serial"),
 		Subject:            aliceKey.PubKey(),
 		Certifier:          bobKey.PubKey(),
 		Fields:             map[string]string{"name": "Alice"},
-		RevocationOutpoint: "abcd1234:0",
+		RevocationOutpoint: tu.OutpointFromString(t, "a755810c21e17183ff6db6685f0de239fd3a0a3c0d4ba7773b0b0d1748541e2b.0"),
 	}
 
 	bobCertRaw := wallet.Certificate{
-		Type:               "partnerB",
-		SerialNumber:       "bob-serial",
+		Type:               certTypeB,
+		SerialNumber:       tu.GetByte32FromString("bob-serial"),
 		Subject:            bobKey.PubKey(),
 		Certifier:          aliceKey.PubKey(),
 		Fields:             map[string]string{"name": "Bob"},
-		RevocationOutpoint: "abcd1234:1",
+		RevocationOutpoint: tu.OutpointFromString(t, "a755810c21e17183ff6db6685f0de239fd3a0a3c0d4ba7773b0b0d1748541e2b.1"),
 	}
 
 	// Sign certificates properly
@@ -1653,16 +1661,16 @@ func TestNonmatchingCertificateRejection(t *testing.T) {
 
 	// Create peers with different certificate requirements
 	aliceRequiredCerts := utils.RequestedCertificateSet{
-		Certifiers: []string{"any"},
+		Certifiers: []wallet.HexBytes33{tu.GetByte33FromString("any")},
 		CertificateTypes: utils.RequestedCertificateTypeIDAndFieldList{
-			"partnerA": []string{"name"}, // Alice only accepts partnerA certs
+			certTypeA: []string{"name"}, // Alice only accepts partnerA certs
 		},
 	}
 
 	bobRequiredCerts := utils.RequestedCertificateSet{
-		Certifiers: []string{"any"},
+		Certifiers: []wallet.HexBytes33{tu.GetByte33FromString("any")},
 		CertificateTypes: utils.RequestedCertificateTypeIDAndFieldList{
-			"partnerB": []string{"name"}, // Bob only accepts partnerB certs
+			certTypeB: []string{"name"}, // Bob only accepts partnerB certs
 		},
 	}
 

auth/types.go

@@ -6,7 +6,6 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"slices"
 	"sync"
 
 	"github.com/bsv-blockchain/go-sdk/auth/certificates"
@@ -109,18 +108,24 @@ func ValidateCertificates(
 				types := certificatesRequested.CertificateTypes
 
 				// Check certifier matches
-				certifierKey := cert.Certifier.ToDERHex()
-				if !slices.Contains(certifiers, certifierKey) {
+				certifierKey := cert.Certifier.ToDER()
+				if !wallet.BytesInHex33Slice(certifiers, certifierKey) {
 					errCh <- fmt.Errorf(
-						"certificate with serial number %s has an unrequested certifier: %s",
+						"certificate with serial number %s has an unrequested certifier: %x",
 						cert.SerialNumber,
 						certifierKey,
 					)
 					return
 				}
 
+				certType, err := cert.Type.ToArray()
+				if err != nil {
+					errCh <- fmt.Errorf("failed to convert certificate type to byte array: %v", err)
+					return
+				}
+
 				// Check type match
-				_, typeExists := types[string(cert.Type)]
+				_, typeExists := types[certType]
 				if !typeExists {
 					errCh <- fmt.Errorf("certificate with type %s was not requested", cert.Type)
 					return