Merge branch 'master' into opl-328-caps

Author: shruggr

auth/clients/authhttp/authhttp.go

@@ -759,7 +759,7 @@ func (a *AuthFetch) handlePaymentAndRetry(ctx context.Context, urlStr string, co
 		Outputs: []wallet.CreateActionOutput{
 			{
 				Satoshis:      satoshisRequired,
-				LockingScript: fmt.Sprintf("P2PKH:%s", derivedKey.PublicKey.ToDERHex()),
+				LockingScript: derivedKey.PublicKey.ToDER(),
 				CustomInstructions: fmt.Sprintf(`{"derivationPrefix":"%s","derivationSuffix":"%s","payee":"%s"}`,
 					derivationPrefix, derivationSuffix, serverIdentityKey),
 				OutputDescription: "HTTP request payment",

auth/clients/authhttp/authhttp_test.go

@@ -53,7 +53,7 @@ func TestNew(t *testing.T) {
 	mockWallet := wallet.NewMockWallet(t)
 	mockSessionManager := NewMockSessionManager()
 	requestedCerts := &utils.RequestedCertificateSet{
-		Certifiers:       []string{},
+		Certifiers:       []wallet.HexBytes33{},
 		CertificateTypes: make(utils.RequestedCertificateTypeIDAndFieldList),
 	}
 
@@ -74,7 +74,7 @@ func TestNewWithNilSessionManager(t *testing.T) {
 	// Set up dependencies
 	mockWallet := wallet.NewMockWallet(t)
 	requestedCerts := &utils.RequestedCertificateSet{
-		Certifiers:       []string{},
+		Certifiers:       []wallet.HexBytes33{},
 		CertificateTypes: make(utils.RequestedCertificateTypeIDAndFieldList),
 	}
 

auth/peer.go

@@ -21,10 +21,22 @@ const AUTH_PROTOCOL_ID = "authrite message signature"
 // AUTH_VERSION is the version of the auth protocol
 const AUTH_VERSION = "0.1"
 
+// OnGeneralMessageReceivedCallback is called when a general message is received from a peer.
+// The callback receives the sender's public key and the message payload.
 type OnGeneralMessageReceivedCallback func(senderPublicKey *ec.PublicKey, payload []byte) error
+
+// OnCertificateReceivedCallback is called when certificates are received from a peer.
+// The callback receives the sender's public key and the list of certificates.
 type OnCertificateReceivedCallback func(senderPublicKey *ec.PublicKey, certs []*certificates.VerifiableCertificate) error
+
+// OnCertificateRequestReceivedCallback is called when a certificate request is received from a peer.
+// The callback receives the sender's public key and the requested certificate set.
 type OnCertificateRequestReceivedCallback func(senderPublicKey *ec.PublicKey, requestedCertificates utils.RequestedCertificateSet) error
 
+// Peer represents a peer capable of performing mutual authentication.
+// It manages sessions, handles authentication handshakes, certificate requests and responses,
+// and sending and receiving general messages over a transport layer.
+// This implementation supports multiple concurrent sessions per peer identity key.
 type Peer struct {
 	sessionManager                        SessionManager
 	transport                             Transport
@@ -43,6 +55,7 @@ type Peer struct {
 	logger                 *log.Logger // Logger for debug messages
 }
 
+// PeerOptions contains configuration options for creating a new Peer instance.
 type PeerOptions struct {
 	Wallet                 wallet.Interface
 	Transport              Transport
@@ -85,7 +98,7 @@ func NewPeer(cfg *PeerOptions) *Peer {
 		peer.CertificatesToRequest = cfg.CertificatesToRequest
 	} else {
 		peer.CertificatesToRequest = &utils.RequestedCertificateSet{
-			Certifiers:       []string{},
+			Certifiers:       []wallet.HexBytes33{},
 			CertificateTypes: make(utils.RequestedCertificateTypeIDAndFieldList),
 		}
 	}

auth/peer_test.go

@@ -14,6 +14,7 @@ import (
 	"github.com/bsv-blockchain/go-sdk/auth/certificates"
 	"github.com/bsv-blockchain/go-sdk/auth/utils"
 	ec "github.com/bsv-blockchain/go-sdk/primitives/ec"
+	tu "github.com/bsv-blockchain/go-sdk/util/test_util"
 	"github.com/bsv-blockchain/go-sdk/wallet"
 	"github.com/stretchr/testify/require"
 )
@@ -404,7 +405,7 @@ func (t *LoggingMockTransport) OnData(callback func(context.Context, *AuthMessag
 
 // TestPeerCertificateExchange tests certificate request and exchange
 func TestPeerCertificateExchange(t *testing.T) {
-	certType := "testCertType"
+	var certType = tu.GetByte32FromString("testCertType")
 	requiredField := "testField"
 
 	// Setup logging
@@ -451,20 +452,20 @@ func TestPeerCertificateExchange(t *testing.T) {
 	// Create raw certificates with proper base64 encoding using our helper
 	aliceCertRaw := wallet.Certificate{
 		Type:               certType,
-		SerialNumber:       "serial1",
+		SerialNumber:       tu.GetByte32FromString("serial1"),
 		Subject:            aliceSubject,
 		Certifier:          bobSubject,
 		Fields:             map[string]string{requiredField: "fieldValue"},
-		RevocationOutpoint: "abcd1234:0",
+		RevocationOutpoint: tu.OutpointFromString(t, "a755810c21e17183ff6db6685f0de239fd3a0a3c0d4ba7773b0b0d1748541e2b.0"),
 	}
 
 	bobCertRaw := wallet.Certificate{
 		Type:               certType,
-		SerialNumber:       "serial2",
+		SerialNumber:       tu.GetByte32FromString("serial2"),
 		Subject:            bobSubject,
 		Certifier:          aliceSubject,
 		Fields:             map[string]string{requiredField: "fieldValue"},
-		RevocationOutpoint: "abcd1234:1",
+		RevocationOutpoint: tu.OutpointFromString(t, "a755810c21e17183ff6db6685f0de239fd3a0a3c0d4ba7773b0b0d1748541e2b.1"),
 	}
 
 	// Sign the certificates properly
@@ -504,8 +505,8 @@ func TestPeerCertificateExchange(t *testing.T) {
 	}
 
 	// Debug certificate signatures
-	logger.Printf("DEBUG: Alice cert signature: %s", aliceCert.Signature)
-	logger.Printf("DEBUG: Bob cert signature: %s", bobCert.Signature)
+	logger.Printf("DEBUG: Alice cert signature: %x", aliceCert.Signature)
+	logger.Printf("DEBUG: Bob cert signature: %x", bobCert.Signature)
 
 	// Create mock keyring results - also properly encoded
 	fieldValueBase64 := base64.StdEncoding.EncodeToString([]byte("key-for-field"))
@@ -620,14 +621,14 @@ func TestPeerCertificateExchange(t *testing.T) {
 
 	// Set certificate requirements - We need to use the RAW type string here, not base64 encoded
 	aliceCertReqs := &utils.RequestedCertificateSet{
-		Certifiers: []string{"any"}, // "any" is special value that accepts any certifier
+		Certifiers: []wallet.HexBytes33{tu.GetByte33FromString("any")}, // "any" is special value that accepts any certifier
 		CertificateTypes: utils.RequestedCertificateTypeIDAndFieldList{
 			certType: []string{requiredField},
 		},
 	}
 
 	bobCertReqs := &utils.RequestedCertificateSet{
-		Certifiers: []string{"any"}, // "any" is special value that accepts any certifier
+		Certifiers: []wallet.HexBytes33{tu.GetByte33FromString("any")}, // "any" is special value that accepts any certifier
 		CertificateTypes: utils.RequestedCertificateTypeIDAndFieldList{
 			certType: []string{requiredField},
 		},
@@ -907,7 +908,8 @@ func TestPeerMultiDeviceAuthentication(t *testing.T) {
 // if at least one required field is present
 func TestPartialCertificateAcceptance(t *testing.T) {
 	// Create a mock function to intercept certificate requests
-	certType := "identityCert"
+	var certType [32]byte
+	copy(certType[:], "identityCert")
 
 	// Create test wallets with recognizable identities
 	aliceKey, err := ec.NewPrivateKey()
@@ -941,20 +943,20 @@ func TestPartialCertificateAcceptance(t *testing.T) {
 	// Create raw certificates
 	aliceCertRaw := wallet.Certificate{
 		Type:               certType,
-		SerialNumber:       "alice-serial",
+		SerialNumber:       tu.GetByte32FromString("alice-serial"),
 		Subject:            aliceKey.PubKey(),
 		Certifier:          bobKey.PubKey(),
 		Fields:             map[string]string{"name": "Alice"},
-		RevocationOutpoint: "abcd1234:0",
+		RevocationOutpoint: tu.OutpointFromString(t, "a755810c21e17183ff6db6685f0de239fd3a0a3c0d4ba7773b0b0d1748541e2b.0"),
 	}
 
 	bobCertRaw := wallet.Certificate{
 		Type:               certType,
-		SerialNumber:       "bob-serial",
+		SerialNumber:       tu.GetByte32FromString("bob-serial"),
 		Subject:            bobKey.PubKey(),
 		Certifier:          aliceKey.PubKey(),
 		Fields:             map[string]string{"name": "Bob"},
-		RevocationOutpoint: "abcd1234:1",
+		RevocationOutpoint: tu.OutpointFromString(t, "a755810c21e17183ff6db6685f0de239fd3a0a3c0d4ba7773b0b0d1748541e2b.1"),
 	}
 
 	// Sign the certificates properly
@@ -1112,7 +1114,7 @@ func TestPartialCertificateAcceptance(t *testing.T) {
 
 	// Setup certificate requirements - requesting two fields but accepting partial matches
 	requestedCertificates := &utils.RequestedCertificateSet{
-		Certifiers: []string{"any"},
+		Certifiers: []wallet.HexBytes33{tu.GetByte33FromString("any")},
 		CertificateTypes: utils.RequestedCertificateTypeIDAndFieldList{
 			certType: []string{"name", "email"},
 		},
@@ -1221,7 +1223,8 @@ func TestLibraryCardVerification(t *testing.T) {
 	t.Skip("Temporarily skipping until we fix signature verification issue")
 
 	// Create a mock function to intercept certificate requests
-	certType := "libraryCard"
+	var certType [32]byte
+	copy(certType[:], "libraryCard")
 
 	// Create test wallets with recognizable identities
 	aliceKey, err := ec.NewPrivateKey()
@@ -1255,11 +1258,11 @@ func TestLibraryCardVerification(t *testing.T) {
 	// Bob has a library card - first create raw
 	bobCertRaw := wallet.Certificate{
 		Type:               certType,
-		SerialNumber:       "lib-123456",
+		SerialNumber:       tu.GetByte32FromString("lib-123456"),
 		Subject:            bobKey.PubKey(),
 		Certifier:          aliceKey.PubKey(),
 		Fields:             map[string]string{"name": "Bob", "cardNumber": "123456"},
-		RevocationOutpoint: "abcd1234:1",
+		RevocationOutpoint: tu.OutpointFromString(t, "a755810c21e17183ff6db6685f0de239fd3a0a3c0d4ba7773b0b0d1748541e2b.1"),
 	}
 
 	// Sign the certificate properly
@@ -1380,7 +1383,7 @@ func TestLibraryCardVerification(t *testing.T) {
 
 	// Setup certificate requirements - Alice requires Bob's library card number
 	alice.CertificatesToRequest = &utils.RequestedCertificateSet{
-		Certifiers: []string{"any"},
+		Certifiers: []wallet.HexBytes33{tu.GetByte33FromString("any")},
 		CertificateTypes: utils.RequestedCertificateTypeIDAndFieldList{
 			certType: []string{"cardNumber"},
 		},
@@ -1400,7 +1403,7 @@ func TestLibraryCardVerification(t *testing.T) {
 
 		// Alice explicitly requests Bob's certificate
 		err = alice.RequestCertificates(ctx, bobPubKey.PublicKey, utils.RequestedCertificateSet{
-			Certifiers: []string{"any"},
+			Certifiers: []wallet.HexBytes33{tu.GetByte33FromString("any")},
 			CertificateTypes: utils.RequestedCertificateTypeIDAndFieldList{
 				certType: []string{"cardNumber"},
 			},
@@ -1575,24 +1578,29 @@ func TestNonmatchingCertificateRejection(t *testing.T) {
 		return &wallet.VerifySignatureResult{Valid: true}, nil
 	}
 
+	var certTypeA [32]byte
+	copy(certTypeA[:], "partnerA")
+	var certTypeB [32]byte
+	copy(certTypeB[:], "partnerB")
+
 	// Alice has "partnerA" certificate, Bob has "partnerB" certificate
 	// They shouldn't accept each other's certificates
 	aliceCertRaw := wallet.Certificate{
-		Type:               "partnerA",
-		SerialNumber:       "alice-serial",
+		Type:               certTypeA,
+		SerialNumber:       tu.GetByte32FromString("alice-serial"),
 		Subject:            aliceKey.PubKey(),
 		Certifier:          bobKey.PubKey(),
 		Fields:             map[string]string{"name": "Alice"},
-		RevocationOutpoint: "abcd1234:0",
+		RevocationOutpoint: tu.OutpointFromString(t, "a755810c21e17183ff6db6685f0de239fd3a0a3c0d4ba7773b0b0d1748541e2b.0"),
 	}
 
 	bobCertRaw := wallet.Certificate{
-		Type:               "partnerB",
-		SerialNumber:       "bob-serial",
+		Type:               certTypeB,
+		SerialNumber:       tu.GetByte32FromString("bob-serial"),
 		Subject:            bobKey.PubKey(),
 		Certifier:          aliceKey.PubKey(),
 		Fields:             map[string]string{"name": "Bob"},
-		RevocationOutpoint: "abcd1234:1",
+		RevocationOutpoint: tu.OutpointFromString(t, "a755810c21e17183ff6db6685f0de239fd3a0a3c0d4ba7773b0b0d1748541e2b.1"),
 	}
 
 	// Sign certificates properly
@@ -1653,16 +1661,16 @@ func TestNonmatchingCertificateRejection(t *testing.T) {
 
 	// Create peers with different certificate requirements
 	aliceRequiredCerts := utils.RequestedCertificateSet{
-		Certifiers: []string{"any"},
+		Certifiers: []wallet.HexBytes33{tu.GetByte33FromString("any")},
 		CertificateTypes: utils.RequestedCertificateTypeIDAndFieldList{
-			"partnerA": []string{"name"}, // Alice only accepts partnerA certs
+			certTypeA: []string{"name"}, // Alice only accepts partnerA certs
 		},
 	}
 
 	bobRequiredCerts := utils.RequestedCertificateSet{
-		Certifiers: []string{"any"},
+		Certifiers: []wallet.HexBytes33{tu.GetByte33FromString("any")},
 		CertificateTypes: utils.RequestedCertificateTypeIDAndFieldList{
-			"partnerB": []string{"name"}, // Bob only accepts partnerB certs
+			certTypeB: []string{"name"}, // Bob only accepts partnerB certs
 		},
 	}
 

auth/transports/simplified_http_transport.go

@@ -142,6 +142,8 @@ func (t *SimplifiedHTTPTransport) Send(ctx context.Context, message *auth.AuthMe
 	return nil
 }
 
+// GetRegisteredOnData returns the first registered callback function for handling incoming AuthMessages.
+// Returns an error if no handlers are registered.
 func (t *SimplifiedHTTPTransport) GetRegisteredOnData() (func(context.Context, *auth.AuthMessage) error, error) {
 	t.mu.Lock()
 	defer t.mu.Unlock()

auth/transports/websocket_transport.go

@@ -25,11 +25,15 @@ type WebSocketTransport struct {
 	readDeadline time.Duration
 }
 
+// WebSocketTransportOptions contains configuration options for the WebSocketTransport.
 type WebSocketTransportOptions struct {
 	BaseURL      string
 	ReadDeadline int // seconds, default 30
 }
 
+// NewWebSocketTransport creates a new WebSocket transport instance with the given options.
+// The BaseURL is required and must be a valid WebSocket URL.
+// If ReadDeadline is not specified or is zero, it defaults to 30 seconds.
 func NewWebSocketTransport(options *WebSocketTransportOptions) (*WebSocketTransport, error) {
 	if options.BaseURL == "" {
 		return nil, errors.New("BaseURL is required for WebSocket transport")

auth/types.go

@@ -6,7 +6,6 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"slices"
 	"sync"
 
 	"github.com/bsv-blockchain/go-sdk/auth/certificates"
@@ -109,18 +108,24 @@ func ValidateCertificates(
 				types := certificatesRequested.CertificateTypes
 
 				// Check certifier matches
-				certifierKey := cert.Certifier.ToDERHex()
-				if !slices.Contains(certifiers, certifierKey) {
+				certifierKey := cert.Certifier.ToDER()
+				if !wallet.BytesInHex33Slice(certifiers, certifierKey) {
 					errCh <- fmt.Errorf(
-						"certificate with serial number %s has an unrequested certifier: %s",
+						"certificate with serial number %s has an unrequested certifier: %x",
 						cert.SerialNumber,
 						certifierKey,
 					)
 					return
 				}
 
+				certType, err := cert.Type.ToArray()
+				if err != nil {
+					errCh <- fmt.Errorf("failed to convert certificate type to byte array: %v", err)
+					return
+				}
+
 				// Check type match
-				_, typeExists := types[string(cert.Type)]
+				_, typeExists := types[certType]
 				if !typeExists {
 					errCh <- fmt.Errorf("certificate with type %s was not requested", cert.Type)
 					return
@@ -191,6 +196,8 @@ type CertificateQuery struct {
 	Subject string
 }
 
+// MarshalJSON customizes the JSON marshaling for AuthMessage to ensure proper formatting
+// of identity keys, payload, and signature fields as base64-encoded strings.
 func (m *AuthMessage) MarshalJSON() ([]byte, error) {
 	type Alias AuthMessage
 
@@ -232,6 +239,8 @@ func (m *AuthMessage) MarshalJSON() ([]byte, error) {
 	})
 }
 
+// UnmarshalJSON customizes the JSON unmarshaling for AuthMessage to properly decode
+// base64-encoded fields and reconstruct the public key from the hex-encoded identity key.
 func (m *AuthMessage) UnmarshalJSON(data []byte) error {
 	type Alias AuthMessage