Merge branch 'bopen-master' into opl-335-bytes

Author: shruggr

auth/certificates/master_test.go

@@ -255,9 +255,9 @@ func TestMasterCertificate(t *testing.T) {
 
 		// Define verifier within this scope too
 		verifierPrivateKey, _ := ec.NewPrivateKey()
-		// Use a standard ProtoWallet for the verifier
-		verifierWallet, _ := wallet.NewProtoWallet(wallet.ProtoWalletArgs{Type: wallet.ProtoWalletArgsTypePrivateKey, PrivateKey: verifierPrivateKey})
-		verifierIdentityKey, _ := verifierWallet.GetPublicKey(ctx, wallet.GetPublicKeyArgs{IdentityKey: true}, "")
+		// Use CompletedProtoWallet for the verifier
+		verifierWallet, _ := certificates.NewCompletedProtoWallet(verifierPrivateKey)
+		verifierIdentityKey, _ := verifierWallet.GetPublicKey(ctx, wallet.GetPublicKeyArgs{IdentityKey: true, ForSelf: false}, "go-sdk")
 		verifierCounterparty := wallet.Counterparty{Type: wallet.CounterpartyTypeOther, Counterparty: verifierIdentityKey.PublicKey}
 
 		t.Run("should create a verifier keyring for specified fields", func(t *testing.T) {
@@ -287,8 +287,37 @@ func TestMasterCertificate(t *testing.T) {
 				t.Error("Expected keyring to contain 'name' key")
 			}
 
-			// TODO: When VerifiableCertificate is implemented, create one and test decryption
-			// by the verifierWallet using the keyringForVerifier.
+			// Test VerifiableCertificate decryption using the verifierWallet and keyringForVerifier
+			verifiableCert := certificates.NewVerifiableCertificate(&issueCert.Certificate, keyringForVerifier)
+			
+			decryptedFields, err := verifiableCert.DecryptFields(
+				t.Context(),
+				verifierWallet,
+				false,
+				"",
+			)
+			if err != nil {
+				t.Fatalf("VerifiableCertificate.DecryptFields failed: %v", err)
+			}
+			
+			// Verify that only the revealed field was decrypted
+			if len(decryptedFields) != 1 {
+				t.Errorf("Expected 1 decrypted field, got %d", len(decryptedFields))
+			}
+			
+			expectedValue := plainFieldsKrStr["name"]
+			if decryptedFields["name"] != expectedValue {
+				t.Errorf("Expected decrypted field 'name' to be '%s', got '%s'", expectedValue, decryptedFields["name"])
+			}
+			
+			// Verify that DecryptedFields was populated on the VerifiableCertificate
+			if verifiableCert.DecryptedFields == nil {
+				t.Error("Expected VerifiableCertificate.DecryptedFields to be populated")
+			} else if len(verifiableCert.DecryptedFields) != 1 {
+				t.Errorf("Expected VerifiableCertificate.DecryptedFields to have 1 field, got %d", len(verifiableCert.DecryptedFields))
+			} else if verifiableCert.DecryptedFields["name"] != expectedValue {
+				t.Errorf("Expected VerifiableCertificate.DecryptedFields['name'] to be '%s', got '%s'", expectedValue, verifiableCert.DecryptedFields["name"])
+			}
 		})
 
 		t.Run("should return error if fields to reveal are not a subset", func(t *testing.T) {

compat/bip32/hd_key_test.go

@@ -224,26 +224,6 @@ func TestGetHDKeyByPath(t *testing.T) {
 	require.NoError(t, err)
 	assert.NotNil(t, validKey)
 
-	// Max depth key
-	/*
-		var maxKey *ExtendedKey
-		maxKey, err = GetHDKeyByPath(validKey, 1<<9, 1<<9)
-		if err != nil {
-			t.Fatalf("error occurred: %s", err.Error())
-		}
-	*/
-
-	// Test depth limit
-	// todo: make a better test (after 126 maxKey is now nil)
-	/*
-		for i := 0; i < 1<<8-1; i++ {
-			maxKey, err = GetHDKeyByPath(maxKey, uint32(i), uint32(i))
-			if i >= 126 && err == nil {
-				t.Fatalf("expected to hit depth limit on HD key index: %d", i)
-			}
-		}
-	*/
-
 	var tests = []struct {
 		inputHDKey    *compat.ExtendedKey
 		inputChain    uint32
@@ -327,32 +307,6 @@ func TestGetHDKeyChild(t *testing.T) {
 	require.NoError(t, err)
 	assert.NotNil(t, validKey)
 
-	// Max depth key
-	/*
-		var maxKey *ExtendedKey
-		maxKey, err = GetHDKeyByPath(validKey, 1<<9, 1<<9)
-		if err != nil {
-			t.Fatalf("error occurred: %s", err.Error())
-		}
-	*/
-
-	// Test depth limit
-	// todo: make a better test (after 126 maxKey is now nil)
-	/*
-		for i := 0; i < 1<<8-1; i++ {
-			maxKey, err = GetHDKeyChild(maxKey, uint32(i))
-			if i < 126 && err != nil {
-				t.Fatalf("error occurred: %s", err.Error())
-			}
-			// TODO: make this better rather than grabbing the child twice. This is
-			// basically a copy of the GetHDKeyByPath test
-			maxKey, err = GetHDKeyChild(maxKey, uint32(i))
-			if i >= 126 && err == nil {
-				t.Fatalf("expected to hit depth limit on HD key index: %d", i)
-			}
-		}
-	*/
-
 	var tests = []struct {
 		inputHDKey    *compat.ExtendedKey
 		inputNum      uint32

identity/client.go

@@ -25,9 +25,9 @@ import (
 
 // Client lets you discover who others are, and let the world know who you are.
 type Client struct {
-	wallet     wallet.Interface
-	options    IdentityClientOptions
-	originator OriginatorDomainNameStringUnder250Bytes
+	Wallet     wallet.Interface
+	Options    IdentityClientOptions
+	Originator OriginatorDomainNameStringUnder250Bytes
 }
 
 // NewClient creates a new IdentityClient with the provided wallet and options
@@ -57,9 +57,9 @@ func NewClient(w wallet.Interface, options *IdentityClientOptions, originator Or
 	}
 
 	return &Client{
-		wallet:     w,
-		options:    *options,
-		originator: originator,
+		Wallet:     w,
+		Options:    *options,
+		Originator: originator,
 	}, nil
 }
 
@@ -107,11 +107,11 @@ func (c *Client) PubliclyRevealAttributes(
 	}
 
 	// Get keyring for verifier through certificate proving
-	proveResult, err := c.wallet.ProveCertificate(ctx, wallet.ProveCertificateArgs{
+	proveResult, err := c.Wallet.ProveCertificate(ctx, wallet.ProveCertificateArgs{
 		Certificate:    *certificate,
 		FieldsToReveal: fieldNamesAsStrings,
 		Verifier:       dummyPk.PubKey(),
-	}, string(c.originator))
+	}, string(c.Originator))
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to prove certificate: %w", err)
 	}
@@ -141,16 +141,16 @@ func (c *Client) PubliclyRevealAttributes(
 
 	// Create PushDrop with the certificate data
 	pushDropTemplate := &pushdrop.PushDropTemplate{
-		Wallet:     c.wallet,
-		Originator: string(c.originator),
+		Wallet:     c.Wallet,
+		Originator: string(c.Originator),
 	}
 
 	// Create locking script using PushDrop with the certificate JSON
 	lockingScript, err := pushDropTemplate.Lock(
 		ctx,
 		[][]byte{certJSON},
-		c.options.ProtocolID,
-		c.options.KeyID,
+		c.Options.ProtocolID,
+		c.Options.KeyID,
 		wallet.Counterparty{Type: wallet.CounterpartyTypeAnyone},
 		true,
 		true,
@@ -161,19 +161,19 @@ func (c *Client) PubliclyRevealAttributes(
 	}
 
 	// Create a transaction with the certificate as an output
-	createResult, err := c.wallet.CreateAction(ctx, wallet.CreateActionArgs{
+	createResult, err := c.Wallet.CreateAction(ctx, wallet.CreateActionArgs{
 		Description: "Create a new Identity Token",
 		Outputs: []wallet.CreateActionOutput{
 			{
-				Satoshis:          c.options.TokenAmount,
+				Satoshis:          c.Options.TokenAmount,
 				LockingScript:     lockingScript.Bytes(),
 				OutputDescription: "Identity Token",
 			},
 		},
 		Options: &wallet.CreateActionOptions{
 			RandomizeOutputs: util.BoolPtr(false),
 		},
-	}, string(c.originator))
+	}, string(c.Originator))
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to create action: %w", err)
 	}
@@ -189,7 +189,7 @@ func (c *Client) PubliclyRevealAttributes(
 	}
 
 	// Submit the transaction to an overlay
-	networkResult, err := c.wallet.GetNetwork(ctx, nil, string(c.originator))
+	networkResult, err := c.Wallet.GetNetwork(ctx, nil, string(c.Originator))
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to get network: %w", err)
 	}
@@ -242,7 +242,7 @@ func (c *Client) ResolveByIdentityKey(
 	ctx context.Context,
 	args wallet.DiscoverByIdentityKeyArgs,
 ) ([]DisplayableIdentity, error) {
-	result, err := c.wallet.DiscoverByIdentityKey(ctx, args, string(c.originator))
+	result, err := c.Wallet.DiscoverByIdentityKey(ctx, args, string(c.Originator))
 	if err != nil {
 		return nil, err
 	}
@@ -260,7 +260,7 @@ func (c *Client) ResolveByAttributes(
 	ctx context.Context,
 	args wallet.DiscoverByAttributesArgs,
 ) ([]DisplayableIdentity, error) {
-	result, err := c.wallet.DiscoverByAttributes(ctx, args, string(c.originator))
+	result, err := c.Wallet.DiscoverByAttributes(ctx, args, string(c.Originator))
 	if err != nil {
 		return nil, err
 	}
@@ -284,42 +284,42 @@ func (c *Client) parseIdentity(identity *wallet.IdentityCertificate) Displayable
 		avatarURL = identity.DecryptedFields["profilePhoto"]
 		badgeLabel = fmt.Sprintf("X account certified by %s", identity.CertifierInfo.Name)
 		badgeIconURL = identity.CertifierInfo.IconUrl
-		badgeClickURL = "https://socialcert.net" // TODO Make a specific page for this.
+		badgeClickURL = "https://socialcert.net"
 
 	case KnownIdentityTypes.DiscordCert:
 		name = identity.DecryptedFields["userName"]
 		avatarURL = identity.DecryptedFields["profilePhoto"]
 		badgeLabel = fmt.Sprintf("Discord account certified by %s", identity.CertifierInfo.Name)
 		badgeIconURL = identity.CertifierInfo.IconUrl
-		badgeClickURL = "https://socialcert.net" // TODO Make a specific page for this.
+		badgeClickURL = "https://socialcert.net"
 
 	case KnownIdentityTypes.EmailCert:
 		name = identity.DecryptedFields["email"]
 		avatarURL = "XUTZxep7BBghAJbSBwTjNfmcsDdRFs5EaGEgkESGSgjJVYgMEizu"
 		badgeLabel = fmt.Sprintf("Email certified by %s", identity.CertifierInfo.Name)
 		badgeIconURL = identity.CertifierInfo.IconUrl
-		badgeClickURL = "https://socialcert.net" // TODO Make a specific page for this.
+		badgeClickURL = "https://socialcert.net"
 
 	case KnownIdentityTypes.PhoneCert:
 		name = identity.DecryptedFields["phoneNumber"]
 		avatarURL = "XUTLxtX3ELNUwRhLwL7kWNGbdnFM8WG2eSLv84J7654oH8HaJWrU"
 		badgeLabel = fmt.Sprintf("Phone certified by %s", identity.CertifierInfo.Name)
 		badgeIconURL = identity.CertifierInfo.IconUrl
-		badgeClickURL = "https://socialcert.net" // TODO Make a specific page for this.
+		badgeClickURL = "https://socialcert.net"
 
 	case KnownIdentityTypes.IdentiCert:
 		name = fmt.Sprintf("%s %s", identity.DecryptedFields["firstName"], identity.DecryptedFields["lastName"])
 		avatarURL = identity.DecryptedFields["profilePhoto"]
 		badgeLabel = fmt.Sprintf("Government ID certified by %s", identity.CertifierInfo.Name)
 		badgeIconURL = identity.CertifierInfo.IconUrl
-		badgeClickURL = "https://identicert.me" // TODO Make a specific page for this.
+		badgeClickURL = "https://identicert.me"
 
 	case KnownIdentityTypes.Registrant:
 		name = identity.DecryptedFields["name"]
 		avatarURL = identity.DecryptedFields["icon"]
 		badgeLabel = fmt.Sprintf("Entity certified by %s", identity.CertifierInfo.Name)
 		badgeIconURL = identity.CertifierInfo.IconUrl
-		badgeClickURL = "https://projectbabbage.com/docs/registrant" // TODO: Make this doc page exist
+		badgeClickURL = "https://projectbabbage.com/docs/registrant"
 
 	case KnownIdentityTypes.CoolCert:
 		if identity.DecryptedFields["cool"] == "true" {
@@ -333,14 +333,14 @@ func (c *Client) parseIdentity(identity *wallet.IdentityCertificate) Displayable
 		avatarURL = "XUT4bpQ6cpBaXi1oMzZsXfpkWGbtp2JTUYAoN7PzhStFJ6wLfoeR"
 		badgeLabel = "Represents the ability for anyone to access this information."
 		badgeIconURL = "XUUV39HVPkpmMzYNTx7rpKzJvXfeiVyQWg2vfSpjBAuhunTCA9uG"
-		badgeClickURL = "https://projectbabbage.com/docs/anyone-identity" // TODO: Make this doc page exist
+		badgeClickURL = "https://projectbabbage.com/docs/anyone-identity"
 
 	case KnownIdentityTypes.Self:
 		name = "You"
 		avatarURL = "XUT9jHGk2qace148jeCX5rDsMftkSGYKmigLwU2PLLBc7Hm63VYR"
 		badgeLabel = "Represents your ability to access this information."
 		badgeIconURL = "XUUV39HVPkpmMzYNTx7rpKzJvXfeiVyQWg2vfSpjBAuhunTCA9uG"
-		badgeClickURL = "https://projectbabbage.com/docs/self-identity" // TODO: Make this doc page exist
+		badgeClickURL = "https://projectbabbage.com/docs/self-identity"
 
 	default:
 		name = DefaultIdentity.Name

identity/testable_client.go

@@ -31,7 +31,6 @@ func (v *DefaultCertificateVerifier) Verify(ctx context.Context, certificate *wa
 	// For now, since we can't access the actual implementation in the tests,
 	// we'll just return nil (successful verification)
 	// In a production environment, this would be replaced with proper certificate verification
-	// TODO: Implement proper certificate verification
 	return nil
 }
 
@@ -113,27 +112,27 @@ func (c *TestableIdentityClient) PubliclyRevealAttributes(
 		return nil, nil, fmt.Errorf("failed to create dummy key: %w", err)
 	}
 
-	_, err = c.wallet.ProveCertificate(ctx, wallet.ProveCertificateArgs{
+	_, err = c.Wallet.ProveCertificate(ctx, wallet.ProveCertificateArgs{
 		Certificate:    *certificate,
 		FieldsToReveal: fieldNamesAsStrings,
 		Verifier:       dummyPk.PubKey(),
-	}, string(c.originator))
+	}, string(c.Originator))
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to prove certificate: %w", err)
 	}
 
 	// Create PushDrop with the certificate data
 	pushDropTemplate := &pushdrop.PushDropTemplate{
-		Wallet:     c.wallet,
-		Originator: string(c.originator),
+		Wallet:     c.Wallet,
+		Originator: string(c.Originator),
 	}
 
 	// Create locking script using PushDrop with the certificate JSON
 	lockingScript, err := pushDropTemplate.Lock(
 		ctx,
 		[][]byte{[]byte("test-cert-data")}, // Simplified for testing
-		c.options.ProtocolID,
-		c.options.KeyID,
+		c.Options.ProtocolID,
+		c.Options.KeyID,
 		wallet.Counterparty{Type: wallet.CounterpartyTypeAnyone},
 		true,
 		true,
@@ -144,19 +143,19 @@ func (c *TestableIdentityClient) PubliclyRevealAttributes(
 	}
 
 	// Create a transaction with the certificate as an output
-	createResult, err := c.wallet.CreateAction(ctx, wallet.CreateActionArgs{
+	createResult, err := c.Wallet.CreateAction(ctx, wallet.CreateActionArgs{
 		Description: "Create a new Identity Token",
 		Outputs: []wallet.CreateActionOutput{
 			{
-				Satoshis:          c.options.TokenAmount,
+				Satoshis:          c.Options.TokenAmount,
 				LockingScript:     lockingScript.Bytes(),
 				OutputDescription: "Identity Token",
 			},
 		},
 		Options: &wallet.CreateActionOptions{
 			RandomizeOutputs: util.BoolPtr(false),
 		},
-	}, string(c.originator))
+	}, string(c.Originator))
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to create action: %w", err)
 	}
@@ -172,7 +171,7 @@ func (c *TestableIdentityClient) PubliclyRevealAttributes(
 	}
 
 	// Submit the transaction to an overlay
-	networkResult, err := c.wallet.GetNetwork(ctx, nil, string(c.originator))
+	networkResult, err := c.Wallet.GetNetwork(ctx, nil, string(c.Originator))
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to get network: %w", err)
 	}

primitives/ec/precompute.go

@@ -1,6 +1,5 @@
 package primitives
 
-// TODO: Move to license file
 // Copyright 2015 The btcsuite developers
 // Use of this source code is governed by an ISC
 // license that can be found in the LICENSE file.

primitives/ec/publickey.go

@@ -301,6 +301,7 @@ func (p *PublicKey) ToDERHex() string {
 	return hex.EncodeToString(p.ToDER())
 }
 
+// DeriveChild derives a new public key from this public key and the given private key
 func (p *PublicKey) DeriveChild(privateKey *PrivateKey, invoiceNumber string) (*PublicKey, error) {
 	invoiceNumberBin := []byte(invoiceNumber)
 	sharedSecret, err := p.DeriveSharedSecret(privateKey)
@@ -319,9 +320,7 @@ func (p *PublicKey) DeriveChild(privateKey *PrivateKey, invoiceNumber string) (*
 	}, nil
 }
 
-// TODO: refactor to have 1 function for both private and public key
-// call it multiply point with scalar or something and pass in private key
-// and public key
+// DeriveSharedSecret derives a shared secret from this public key and the given private key.
 func (p *PublicKey) DeriveSharedSecret(priv *PrivateKey) (*PublicKey, error) {
 	if !p.IsOnCurve(p.X, p.Y) {
 		return nil, errors.New("public key not valid for secret derivation")