@agirails/sdk 2.0.1-beta → 2.0.2

package/dist/protocol/MessageSigner.js

@@ -4,12 +4,75 @@ exports.MessageSigner = void 0;
 const ethers_1 = require("ethers");
 const errors_1 = require("../errors");
 const eip712_1 = require("../types/eip712");
+/**
+ * MessageSigner - Cryptographic signing for ACTP messages with EIP-712
+ * Reference: Yellow Paper §11.4.2
+ *
+ * V4 Security Enhancement: Optional nonce replay protection via ReceivedNonceTracker
+ *
+ * IMPORTANT: Use MessageSigner.create() factory method to ensure domain is initialized.
+ */
 class MessageSigner {
+    /**
+     * SECURITY FIX (H-5): Private constructor - MUST use MessageSigner.create() factory method
+     *
+     * This ensures EIP-712 domain is ALWAYS initialized before use (prevents race conditions).
+     * Direct construction would allow calling sign/verify without domain initialization.
+     */
     constructor(signer, nonceTracker) {
         this.signer = signer;
         this.nonceTracker = nonceTracker;
         this.domain = null;
     }
+    /**
+     * SECURITY FIX (H-4): Factory method to create MessageSigner with guaranteed domain initialization
+     *
+     * This factory ensures the EIP-712 domain is always properly initialized before use.
+     * Prevents the common bug of calling sign/verify without initializing domain first.
+     *
+     * @param signer - Ethers signer for signing messages
+     * @param kernelAddress - Address of ACTP Kernel contract (for domain separation)
+     * @param options - Optional configuration (chainId, nonceTracker)
+     * @returns Promise resolving to initialized MessageSigner
+     *
+     * @example
+     * ```typescript
+     * const messageSigner = await MessageSigner.create(
+     *   signer,
+     *   KERNEL_ADDRESS,
+     *   { chainId: 84532 }
+     * );
+     * const signature = await messageSigner.signMessage(message);
+     * ```
+     */
+    static async create(signer, kernelAddress, options) {
+        const messageSigner = new MessageSigner(signer, options?.nonceTracker);
+        await messageSigner.initDomain(kernelAddress, options?.chainId);
+        return messageSigner;
+    }
+    /**
+     * Check if domain is initialized
+     * @returns true if domain has been initialized
+     */
+    isDomainInitialized() {
+        return this.domain !== null;
+    }
+    /**
+     * Get the current domain (throws if not initialized)
+     * @returns Current EIP-712 domain
+     * @throws Error if domain not initialized
+     */
+    getDomain() {
+        if (!this.domain) {
+            throw new Error('Domain not initialized. Use MessageSigner.create() factory or call initDomain() first.');
+        }
+        return this.domain;
+    }
+    /**
+     * Initialize EIP-712 domain (must be called before signing)
+     * @param kernelAddress - Address of ACTP Kernel contract
+     * @param chainId - Optional chainId (defaults to signer's chainId or 84532 for Base Sepolia)
+     */
     async initDomain(kernelAddress, chainId) {
         let resolvedChainId;
         if (chainId !== undefined) {
@@ -17,30 +80,70 @@ class MessageSigner {
         }
         else {
             try {
+                // ethers v6: signer.provider might be null, check first
                 if (this.signer.provider) {
                     const network = await this.signer.provider.getNetwork();
                     resolvedChainId = Number(network.chainId);
                 }
                 else {
+                    // Fallback to Base Sepolia for testing without provider
                     resolvedChainId = 84532;
                 }
             }
             catch (error) {
+                // Fallback to Base Sepolia for testing without provider
                 resolvedChainId = 84532;
             }
         }
+        // SECURITY FIX (H-6): Standardize domain name to 'AGIRAILS' for brand consistency
+        // Note: This change requires coordination with any existing signed messages
         this.domain = {
-            name: 'ACTP',
+            name: 'AGIRAILS',
             version: '1.0',
             chainId: resolvedChainId,
             verifyingContract: kernelAddress
         };
     }
+    /**
+     * Sign ACTP message using EIP-712 typed data
+     * Uses ECDSA (secp256k1) with domain separation per Yellow Paper §11.4.2
+     *
+     * SECURITY FIX (H-3): Validates nonce format and warns about sequential nonces
+     *
+     * Generic ACTPMessage format (backward compatible).
+     * For strict typed AIP messages, use signQuoteRequest/signQuoteResponse/signDeliveryProof
+     */
     async signMessage(message) {
         if (!this.domain) {
-            throw new Error('Domain not initialized. Call initDomain() first.');
+            throw new Error('Domain not initialized. Use MessageSigner.create() factory or call initDomain() first.');
         }
         const { type, version, from, to, timestamp, nonce, signature, ...payload } = message;
+        // SECURITY FIX (H-3): Validate nonce format (must be bytes32)
+        if (!nonce || !/^0x[a-fA-F0-9]{64}$/.test(nonce)) {
+            throw new Error(`Invalid nonce format: "${nonce}". ` +
+                `Nonce MUST be a bytes32 hex string (0x + 64 hex chars). ` +
+                `Use SecureNonce.generateSecureNonce() to generate cryptographically secure nonces. ` +
+                `Never use sequential integers (1, 2, 3...) or timestamps as nonces.`);
+        }
+        // SECURITY FIX (H-3): Warn about sequential nonces (low entropy)
+        // Sequential nonces like 0x0000...0001, 0x0000...0002 are weak
+        // Check if nonce has low entropy (e.g., last 8 bytes are zero, or all same digits)
+        const nonceValue = BigInt(nonce);
+        if (nonceValue < 0xffffffffn) {
+            // Nonce is suspiciously small (< 4 billion = likely sequential)
+            console.warn(`[SECURITY WARNING] Nonce ${nonce} appears to be sequential (value < 2^32). ` +
+                `This makes replay attacks easier. ` +
+                `Use SecureNonce.generateSecureNonce() for cryptographically secure random nonces.`);
+        }
+        // Check if nonce has all same digits (e.g., 0x111...111 or 0x000...000)
+        const hexDigits = nonce.slice(2); // Remove '0x'
+        const firstDigit = hexDigits[0];
+        if (hexDigits.split('').every(d => d === firstDigit)) {
+            console.warn(`[SECURITY WARNING] Nonce ${nonce} has low entropy (all digits are '${firstDigit}'). ` +
+                `This is NOT cryptographically secure. ` +
+                `Use SecureNonce.generateSecureNonce() instead.`);
+        }
+        // Generic ACTPMessage with payload encoding (backward compatible)
         const abiCoder = ethers_1.AbiCoder.defaultAbiCoder();
         const payloadBytes = abiCoder.encode(['string'], [this.canonicalizePayload(payload)]);
         const typedMessage = {
@@ -52,42 +155,62 @@ class MessageSigner {
             nonce,
             payload: payloadBytes
         };
+        // Use generic ACTPMessage types
         const messageTypes = (0, eip712_1.getMessageTypes)('default');
+        // Sign using EIP-712 (ethers v6 API)
         const signer = this.signer;
         const sig = await signer.signTypedData(this.domain, messageTypes, typedMessage);
         return sig;
     }
+    /**
+     * Sign typed QuoteRequest message
+     */
     async signQuoteRequest(data) {
         if (!this.domain) {
-            throw new Error('Domain not initialized. Call initDomain() first.');
+            throw new Error('Domain not initialized. Use MessageSigner.create() factory or call initDomain() first.');
         }
         const messageTypes = (0, eip712_1.getMessageTypes)('quote.request');
         const signer = this.signer;
         return await signer.signTypedData(this.domain, messageTypes, data);
     }
+    /**
+     * Sign typed QuoteResponse message
+     */
     async signQuoteResponse(data) {
         if (!this.domain) {
-            throw new Error('Domain not initialized. Call initDomain() first.');
+            throw new Error('Domain not initialized. Use MessageSigner.create() factory or call initDomain() first.');
         }
         const messageTypes = (0, eip712_1.getMessageTypes)('quote.response');
         const signer = this.signer;
         return await signer.signTypedData(this.domain, messageTypes, data);
     }
+    /**
+     * Sign typed DeliveryProof message
+     */
     async signDeliveryProof(data) {
         if (!this.domain) {
-            throw new Error('Domain not initialized. Call initDomain() first.');
+            throw new Error('Domain not initialized. Use MessageSigner.create() factory or call initDomain() first.');
         }
         const messageTypes = (0, eip712_1.getMessageTypes)('delivery.proof');
         const signer = this.signer;
         return await signer.signTypedData(this.domain, messageTypes, data);
     }
+    /**
+     * Convenience helper to sign a DeliveryProof generated by ProofGenerator
+     */
     async signGeneratedDeliveryProof(proof) {
         const typedData = (0, eip712_1.deliveryProofDataFromProof)(proof);
         return await this.signDeliveryProof(typedData);
     }
+    /**
+     * Verify message signature using EIP-712
+     * Uses generic ACTPMessage types (backward compatible)
+     *
+     * V4 Security: If nonceTracker is configured, validates nonce for replay protection
+     */
     async verifySignature(message, signature) {
         if (!this.domain) {
-            throw new Error('Domain not initialized. Call initDomain() first.');
+            throw new Error('Domain not initialized. Use MessageSigner.create() factory or call initDomain() first.');
         }
         const { type, version, from, to, timestamp, nonce, signature: _, ...payload } = message;
         const abiCoder = ethers_1.AbiCoder.defaultAbiCoder();
@@ -101,20 +224,28 @@ class MessageSigner {
             nonce,
             payload: payloadBytes
         };
+        // Use generic ACTPMessage types (backward compatible)
         const messageTypes = (0, eip712_1.getMessageTypes)('default');
         const recoveredAddress = ethers_1.ethers.verifyTypedData(this.domain, messageTypes, typedMessage, signature);
         const expectedAddress = this.didToAddress(from);
+        // Verify signature matches sender
         if (recoveredAddress.toLowerCase() !== expectedAddress.toLowerCase()) {
             return false;
         }
+        // V4 Security: Validate nonce for replay protection (if tracker configured)
         if (this.nonceTracker) {
             const nonceValidation = this.nonceTracker.validateAndRecord(from, type, nonce);
             if (!nonceValidation.valid) {
+                // Nonce replay detected - return false
                 return false;
             }
         }
         return true;
     }
+    /**
+     * Verify signature and throw if invalid
+     * V4 Security: Throws specific error for nonce replay detection
+     */
     async verifySignatureOrThrow(message, signature) {
         if (!this.domain) {
             throw new Error('Domain not initialized');
@@ -126,28 +257,41 @@ class MessageSigner {
         const messageTypes = (0, eip712_1.getMessageTypes)('default');
         const recoveredAddress = ethers_1.ethers.verifyTypedData(this.domain, messageTypes, typedMessage, signature);
         const expectedAddress = this.didToAddress(from);
+        // Check signature validity first
         if (recoveredAddress.toLowerCase() !== expectedAddress.toLowerCase()) {
             throw new errors_1.SignatureVerificationError(expectedAddress, recoveredAddress);
         }
+        // V4 Security: Validate nonce for replay protection (if tracker configured)
         if (this.nonceTracker) {
             const nonceValidation = this.nonceTracker.validateAndRecord(from, type, nonce);
             if (!nonceValidation.valid) {
+                // Throw specific error for nonce replay
                 throw new Error(`Nonce replay attack detected: ${nonceValidation.reason}. ` +
                     `Received nonce: ${nonceValidation.receivedNonce}. ` +
                     (nonceValidation.expectedMinimum ? `Expected minimum: ${nonceValidation.expectedMinimum}` : ''));
             }
         }
     }
+    /**
+     * Canonicalize payload to deterministic string (recursively sorted keys)
+     * Prevents JSON serialization ambiguity across different JS runtimes
+     * Recursively handles nested objects and arrays
+     */
     canonicalizePayload(payload) {
         return JSON.stringify(this.recursiveSort(payload));
     }
+    /**
+     * Recursively sort object keys for deterministic JSON encoding
+     */
     recursiveSort(obj) {
         if (obj === null || obj === undefined) {
             return obj;
         }
+        // Handle arrays: recursively sort each element
         if (Array.isArray(obj)) {
             return obj.map((item) => this.recursiveSort(item));
         }
+        // Handle objects: sort keys and recursively sort values
         if (typeof obj === 'object' && obj.constructor === Object) {
             const sortedKeys = Object.keys(obj).sort();
             const canonical = {};
@@ -156,21 +300,83 @@ class MessageSigner {
             }
             return canonical;
         }
+        // Primitives (string, number, boolean)
         return obj;
     }
+    /**
+     * Convert DID to Ethereum address
+     *
+     * SECURITY FIX (DID-FORMAT): Handles both DID formats:
+     * - Legacy: did:ethr:<address>
+     * - Canonical (EIP-3770): did:ethr:<chainId>:<address>
+     *
+     * Examples:
+     * - "did:ethr:0x1234...abcd" → "0x1234...abcd"
+     * - "did:ethr:84532:0x1234...abcd" → "0x1234...abcd"
+     * - "0x1234...abcd" → "0x1234...abcd" (raw address passthrough)
+     */
     didToAddress(did) {
-        if (did.startsWith('did:ethr:')) {
-            return did.replace('did:ethr:', '');
+        // Check for DID format first
+        const DID_PREFIX = 'did:ethr:';
+        if (did.startsWith(DID_PREFIX)) {
+            const remainder = did.slice(DID_PREFIX.length);
+            // Check if it's canonical format: did:ethr:<chainId>:<address>
+            // chainId is numeric, address starts with 0x
+            const parts = remainder.split(':');
+            if (parts.length === 2) {
+                // Canonical format: did:ethr:<chainId>:<address>
+                const [chainIdStr, address] = parts;
+                const chainId = parseInt(chainIdStr, 10);
+                if (isNaN(chainId)) {
+                    throw new Error(`Invalid DID format: ${did}. ` +
+                        `Expected did:ethr:<chainId>:<address> but chainId "${chainIdStr}" is not a number.`);
+                }
+                if (!ethers_1.ethers.isAddress(address)) {
+                    throw new Error(`Invalid DID format: ${did}. ` +
+                        `Expected did:ethr:<chainId>:<address> but "${address}" is not a valid Ethereum address.`);
+                }
+                // SECURITY: Optionally validate chainId matches domain chainId
+                // This prevents cross-chain replay attacks where a message signed for one chain
+                // is replayed on another. For now, we just extract the address but log a warning.
+                if (this.domain && this.domain.chainId !== chainId) {
+                    console.warn(`[SECURITY WARNING] DID chainId (${chainId}) does not match domain chainId (${this.domain.chainId}). ` +
+                        `This could indicate a cross-chain replay attempt. DID: ${did}`);
+                }
+                return address;
+            }
+            else if (parts.length === 1 && ethers_1.ethers.isAddress(parts[0])) {
+                // Legacy format: did:ethr:<address>
+                return parts[0];
+            }
+            else {
+                throw new Error(`Invalid DID format: ${did}. ` +
+                    `Expected did:ethr:<address> or did:ethr:<chainId>:<address>.`);
+            }
         }
+        // If already an address (raw 0x format), return as-is
         if (ethers_1.ethers.isAddress(did)) {
             return did;
         }
-        throw new Error(`Invalid DID format: ${did}`);
+        throw new Error(`Invalid DID format: ${did}. ` +
+            `Expected Ethereum address (0x...) or DID (did:ethr:...).`);
     }
+    /**
+     * Convert Ethereum address to DID
+     *
+     * SECURITY FIX (DID-FORMAT): Now generates canonical DID format
+     * with chainId when domain is initialized: did:ethr:<chainId>:<address>
+     *
+     * Falls back to legacy format if domain not initialized.
+     */
     addressToDID(address) {
         if (!ethers_1.ethers.isAddress(address)) {
             throw new Error(`Invalid Ethereum address: ${address}`);
         }
+        // Use canonical format with chainId if domain is initialized
+        if (this.domain && this.domain.chainId) {
+            return `did:ethr:${this.domain.chainId}:${address}`;
+        }
+        // Fallback to legacy format (backward compatible)
         return `did:ethr:${address}`;
     }
 }

package/dist/protocol/MessageSigner.js.map

@@ -1 +1 @@
-{"version":3,"file":"MessageSigner.js","sourceRoot":"","sources":["../../src/protocol/MessageSigner.ts"],"names":[],"mappings":";;;AAAA,mCAAkD;AAElD,sCAAuD;AACvD,4CAOyB;AAyBzB,MAAa,aAAa;IAGxB,YACmB,MAAc,EACd,YAAoC;QADpC,WAAM,GAAN,MAAM,CAAQ;QACd,iBAAY,GAAZ,YAAY,CAAwB;QAJ/C,WAAM,GAAwB,IAAI,CAAC;IAKxC,CAAC;IAOJ,KAAK,CAAC,UAAU,CAAC,aAAqB,EAAE,OAAgB;QACtD,IAAI,eAAuB,CAAC;QAE5B,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,eAAe,GAAG,OAAO,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,IAAI,CAAC;gBAEH,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;oBACzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC;oBACxD,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;gBAC5C,CAAC;qBAAM,CAAC;oBAEN,eAAe,GAAG,KAAK,CAAC;gBAC1B,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBAEf,eAAe,GAAG,KAAK,CAAC;YAC1B,CAAC;QACH,CAAC;QAED,IAAI,CAAC,MAAM,GAAG;YACZ,IAAI,EAAE,MAAM;YACZ,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,eAAe;YACxB,iBAAiB,EAAE,aAAa;SACjC,CAAC;IACJ,CAAC;IASD,KAAK,CAAC,WAAW,CAAC,OAAoB;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,OAAO,EAAE,GAAG,OAAO,CAAC;QAGrF,MAAM,QAAQ,GAAG,iBAAQ,CAAC,eAAe,EAAE,CAAC;QAC5C,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAClC,CAAC,QAAQ,CAAC,EACV,CAAC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CACpC,CAAC;QAEF,MAAM,YAAY,GAAG;YACnB,IAAI;YACJ,OAAO;YACP,IAAI;YACJ,EAAE;YACF,SAAS;YACT,KAAK;YACL,OAAO,EAAE,YAAY;SACtB,CAAC;QAGF,MAAM,YAAY,GAAG,IAAA,wBAAe,EAAC,SAAS,CAAC,CAAC;QAGhD,MAAM,MAAM,GAAG,IAAI,CAAC,MAA6B,CAAC;QAClD,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;QAEhF,OAAO,GAAG,CAAC;IACb,CAAC;IAKD,KAAK,CAAC,gBAAgB,CAAC,IAAsB;QAC3C,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,YAAY,GAAG,IAAA,wBAAe,EAAC,eAAe,CAAC,CAAC;QACtD,MAAM,MAAM,GAAG,IAAI,CAAC,MAA6B,CAAC;QAClD,OAAO,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC;IACrE,CAAC;IAKD,KAAK,CAAC,iBAAiB,CAAC,IAAuB;QAC7C,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,YAAY,GAAG,IAAA,wBAAe,EAAC,gBAAgB,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,IAAI,CAAC,MAA6B,CAAC;QAClD,OAAO,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC;IACrE,CAAC;IAKD,KAAK,CAAC,iBAAiB,CAAC,IAAuB;QAC7C,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,YAAY,GAAG,IAAA,wBAAe,EAAC,gBAAgB,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,IAAI,CAAC,MAA6B,CAAC;QAClD,OAAO,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC;IACrE,CAAC;IAKD,KAAK,CAAC,0BAA0B,CAAC,KAAoB;QACnD,MAAM,SAAS,GAAG,IAAA,mCAA0B,EAAC,KAAK,CAAC,CAAC;QACpD,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;IACjD,CAAC;IAQD,KAAK,CAAC,eAAe,CAAC,OAAoB,EAAE,SAAiB;QAC3D,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,EAAE,GAAG,OAAO,EAAE,GAAG,OAAO,CAAC;QAExF,MAAM,QAAQ,GAAG,iBAAQ,CAAC,eAAe,EAAE,CAAC;QAC5C,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAClC,CAAC,QAAQ,CAAC,EACV,CAAC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CACpC,CAAC;QAEF,MAAM,YAAY,GAAG;YACnB,IAAI;YACJ,OAAO;YACP,IAAI;YACJ,EAAE;YACF,SAAS;YACT,KAAK;YACL,OAAO,EAAE,YAAY;SACtB,CAAC;QAGF,MAAM,YAAY,GAAG,IAAA,wBAAe,EAAC,SAAS,CAAC,CAAC;QAChD,MAAM,gBAAgB,GAAG,eAAM,CAAC,eAAe,CAC7C,IAAI,CAAC,MAAM,EACX,YAAY,EACZ,YAAY,EACZ,SAAS,CACV,CAAC;QAEF,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QAGhD,IAAI,gBAAgB,CAAC,WAAW,EAAE,KAAK,eAAe,CAAC,WAAW,EAAE,EAAE,CAAC;YACrE,OAAO,KAAK,CAAC;QACf,CAAC;QAGD,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,iBAAiB,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;YAC/E,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;gBAE3B,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAMD,KAAK,CAAC,sBAAsB,CAAC,OAAoB,EAAE,SAAiB;QAClE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,EAAE,GAAG,OAAO,EAAE,GAAG,OAAO,CAAC;QAExF,MAAM,QAAQ,GAAG,iBAAQ,CAAC,eAAe,EAAE,CAAC;QAC5C,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAClC,CAAC,QAAQ,CAAC,EACV,CAAC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CACpC,CAAC;QAEF,MAAM,YAAY,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC;QAE1F,MAAM,YAAY,GAAG,IAAA,wBAAe,EAAC,SAAS,CAAC,CAAC;QAChD,MAAM,gBAAgB,GAAG,eAAM,CAAC,eAAe,CAC7C,IAAI,CAAC,MAAM,EACX,YAAY,EACZ,YAAY,EACZ,SAAS,CACV,CAAC;QAEF,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QAGhD,IAAI,gBAAgB,CAAC,WAAW,EAAE,KAAK,eAAe,CAAC,WAAW,EAAE,EAAE,CAAC;YACrE,MAAM,IAAI,mCAA0B,CAAC,eAAe,EAAE,gBAAgB,CAAC,CAAC;QAC1E,CAAC;QAGD,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,iBAAiB,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;YAC/E,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;gBAE3B,MAAM,IAAI,KAAK,CACb,iCAAiC,eAAe,CAAC,MAAM,IAAI;oBAC3D,mBAAmB,eAAe,CAAC,aAAa,IAAI;oBACpD,CAAC,eAAe,CAAC,eAAe,CAAC,CAAC,CAAC,qBAAqB,eAAe,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAChG,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAOO,mBAAmB,CAAC,OAA4B;QACtD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC;IACrD,CAAC;IAKO,aAAa,CAAC,GAAQ;QAC5B,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtC,OAAO,GAAG,CAAC;QACb,CAAC;QAGD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;QACrD,CAAC;QAGD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,WAAW,KAAK,MAAM,EAAE,CAAC;YAC1D,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3C,MAAM,SAAS,GAAwB,EAAE,CAAC;YAE1C,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;gBAC7B,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;YAChD,CAAC;YAED,OAAO,SAAS,CAAC;QACnB,CAAC;QAGD,OAAO,GAAG,CAAC;IACb,CAAC;IAMO,YAAY,CAAC,GAAW;QAC9B,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAChC,OAAO,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACtC,CAAC;QAGD,IAAI,eAAM,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,OAAO,GAAG,CAAC;QACb,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,EAAE,CAAC,CAAC;IAChD,CAAC;IAKD,YAAY,CAAC,OAAe;QAC1B,IAAI,CAAC,eAAM,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,6BAA6B,OAAO,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,OAAO,YAAY,OAAO,EAAE,CAAC;IAC/B,CAAC;CACF;AA5SD,sCA4SC"}
+{"version":3,"file":"MessageSigner.js","sourceRoot":"","sources":["../../src/protocol/MessageSigner.ts"],"names":[],"mappings":";;;AAAA,mCAAkD;AAElD,sCAAuD;AACvD,4CAOyB;AAmBzB;;;;;;;GAOG;AACH,MAAa,aAAa;IAGxB;;;;;OAKG;IACH,YACmB,MAAc,EACd,YAAoC;QADpC,WAAM,GAAN,MAAM,CAAQ;QACd,iBAAY,GAAZ,YAAY,CAAwB;QAV/C,WAAM,GAAwB,IAAI,CAAC;IAWxC,CAAC;IAEJ;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,MAAM,CAAC,KAAK,CAAC,MAAM,CACjB,MAAc,EACd,aAAqB,EACrB,OAGC;QAED,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC,MAAM,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;QACvE,MAAM,aAAa,CAAC,UAAU,CAAC,aAAa,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAChE,OAAO,aAAa,CAAC;IACvB,CAAC;IAED;;;OAGG;IACH,mBAAmB;QACjB,OAAO,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC;IAC9B,CAAC;IAED;;;;OAIG;IACH,SAAS;QACP,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,wFAAwF,CACzF,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,UAAU,CAAC,aAAqB,EAAE,OAAgB;QACtD,IAAI,eAAuB,CAAC;QAE5B,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,eAAe,GAAG,OAAO,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,IAAI,CAAC;gBACH,wDAAwD;gBACxD,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;oBACzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC;oBACxD,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;gBAC5C,CAAC;qBAAM,CAAC;oBACN,wDAAwD;oBACxD,eAAe,GAAG,KAAK,CAAC;gBAC1B,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,wDAAwD;gBACxD,eAAe,GAAG,KAAK,CAAC;YAC1B,CAAC;QACH,CAAC;QAED,kFAAkF;QAClF,4EAA4E;QAC5E,IAAI,CAAC,MAAM,GAAG;YACZ,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,eAAe;YACxB,iBAAiB,EAAE,aAAa;SACjC,CAAC;IACJ,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,WAAW,CAAC,OAAoB;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,wFAAwF,CACzF,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,OAAO,EAAE,GAAG,OAAO,CAAC;QAErF,8DAA8D;QAC9D,IAAI,CAAC,KAAK,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CACb,0BAA0B,KAAK,KAAK;gBACpC,0DAA0D;gBAC1D,qFAAqF;gBACrF,qEAAqE,CACtE,CAAC;QACJ,CAAC;QAED,iEAAiE;QACjE,+DAA+D;QAC/D,mFAAmF;QACnF,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;QACjC,IAAI,UAAU,GAAG,WAAW,EAAE,CAAC;YAC7B,gEAAgE;YAChE,OAAO,CAAC,IAAI,CACV,4BAA4B,KAAK,4CAA4C;gBAC7E,oCAAoC;gBACpC,mFAAmF,CACpF,CAAC;QACJ,CAAC;QAED,wEAAwE;QACxE,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc;QAChD,MAAM,UAAU,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,UAAU,CAAC,EAAE,CAAC;YACrD,OAAO,CAAC,IAAI,CACV,4BAA4B,KAAK,qCAAqC,UAAU,MAAM;gBACtF,wCAAwC;gBACxC,gDAAgD,CACjD,CAAC;QACJ,CAAC;QAED,kEAAkE;QAClE,MAAM,QAAQ,GAAG,iBAAQ,CAAC,eAAe,EAAE,CAAC;QAC5C,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAClC,CAAC,QAAQ,CAAC,EACV,CAAC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CACpC,CAAC;QAEF,MAAM,YAAY,GAAG;YACnB,IAAI;YACJ,OAAO;YACP,IAAI;YACJ,EAAE;YACF,SAAS;YACT,KAAK;YACL,OAAO,EAAE,YAAY;SACtB,CAAC;QAEF,gCAAgC;QAChC,MAAM,YAAY,GAAG,IAAA,wBAAe,EAAC,SAAS,CAAC,CAAC;QAEhD,qCAAqC;QACrC,MAAM,MAAM,GAAG,IAAI,CAAC,MAA6B,CAAC;QAClD,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;QAEhF,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,IAAsB;QAC3C,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,wFAAwF,CACzF,CAAC;QACJ,CAAC;QAED,MAAM,YAAY,GAAG,IAAA,wBAAe,EAAC,eAAe,CAAC,CAAC;QACtD,MAAM,MAAM,GAAG,IAAI,CAAC,MAA6B,CAAC;QAClD,OAAO,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC;IACrE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CAAC,IAAuB;QAC7C,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,wFAAwF,CACzF,CAAC;QACJ,CAAC;QAED,MAAM,YAAY,GAAG,IAAA,wBAAe,EAAC,gBAAgB,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,IAAI,CAAC,MAA6B,CAAC;QAClD,OAAO,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC;IACrE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CAAC,IAAuB;QAC7C,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,wFAAwF,CACzF,CAAC;QACJ,CAAC;QAED,MAAM,YAAY,GAAG,IAAA,wBAAe,EAAC,gBAAgB,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,IAAI,CAAC,MAA6B,CAAC;QAClD,OAAO,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC;IACrE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,0BAA0B,CAAC,KAAoB;QACnD,MAAM,SAAS,GAAG,IAAA,mCAA0B,EAAC,KAAK,CAAC,CAAC;QACpD,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;IACjD,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,eAAe,CAAC,OAAoB,EAAE,SAAiB;QAC3D,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,wFAAwF,CACzF,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,EAAE,GAAG,OAAO,EAAE,GAAG,OAAO,CAAC;QAExF,MAAM,QAAQ,GAAG,iBAAQ,CAAC,eAAe,EAAE,CAAC;QAC5C,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAClC,CAAC,QAAQ,CAAC,EACV,CAAC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CACpC,CAAC;QAEF,MAAM,YAAY,GAAG;YACnB,IAAI;YACJ,OAAO;YACP,IAAI;YACJ,EAAE;YACF,SAAS;YACT,KAAK;YACL,OAAO,EAAE,YAAY;SACtB,CAAC;QAEF,sDAAsD;QACtD,MAAM,YAAY,GAAG,IAAA,wBAAe,EAAC,SAAS,CAAC,CAAC;QAChD,MAAM,gBAAgB,GAAG,eAAM,CAAC,eAAe,CAC7C,IAAI,CAAC,MAAM,EACX,YAAY,EACZ,YAAY,EACZ,SAAS,CACV,CAAC;QAEF,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QAEhD,kCAAkC;QAClC,IAAI,gBAAgB,CAAC,WAAW,EAAE,KAAK,eAAe,CAAC,WAAW,EAAE,EAAE,CAAC;YACrE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,4EAA4E;QAC5E,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,iBAAiB,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;YAC/E,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;gBAC3B,uCAAuC;gBACvC,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,sBAAsB,CAAC,OAAoB,EAAE,SAAiB;QAClE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,EAAE,GAAG,OAAO,EAAE,GAAG,OAAO,CAAC;QAExF,MAAM,QAAQ,GAAG,iBAAQ,CAAC,eAAe,EAAE,CAAC;QAC5C,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAClC,CAAC,QAAQ,CAAC,EACV,CAAC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CACpC,CAAC;QAEF,MAAM,YAAY,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC;QAE1F,MAAM,YAAY,GAAG,IAAA,wBAAe,EAAC,SAAS,CAAC,CAAC;QAChD,MAAM,gBAAgB,GAAG,eAAM,CAAC,eAAe,CAC7C,IAAI,CAAC,MAAM,EACX,YAAY,EACZ,YAAY,EACZ,SAAS,CACV,CAAC;QAEF,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QAEhD,iCAAiC;QACjC,IAAI,gBAAgB,CAAC,WAAW,EAAE,KAAK,eAAe,CAAC,WAAW,EAAE,EAAE,CAAC;YACrE,MAAM,IAAI,mCAA0B,CAAC,eAAe,EAAE,gBAAgB,CAAC,CAAC;QAC1E,CAAC;QAED,4EAA4E;QAC5E,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,iBAAiB,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;YAC/E,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;gBAC3B,wCAAwC;gBACxC,MAAM,IAAI,KAAK,CACb,iCAAiC,eAAe,CAAC,MAAM,IAAI;oBAC3D,mBAAmB,eAAe,CAAC,aAAa,IAAI;oBACpD,CAAC,eAAe,CAAC,eAAe,CAAC,CAAC,CAAC,qBAAqB,eAAe,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAChG,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,mBAAmB,CAAC,OAA4B;QACtD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC;IACrD,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,GAAQ;QAC5B,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtC,OAAO,GAAG,CAAC;QACb,CAAC;QAED,+CAA+C;QAC/C,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;QACrD,CAAC;QAED,wDAAwD;QACxD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,WAAW,KAAK,MAAM,EAAE,CAAC;YAC1D,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3C,MAAM,SAAS,GAAwB,EAAE,CAAC;YAE1C,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;gBAC7B,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;YAChD,CAAC;YAED,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,uCAAuC;QACvC,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;;;;;;OAWG;IACK,YAAY,CAAC,GAAW;QAC9B,6BAA6B;QAC7B,MAAM,UAAU,GAAG,WAAW,CAAC;QAC/B,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAE/C,+DAA+D;YAC/D,6CAA6C;YAC7C,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAEnC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,iDAAiD;gBACjD,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,KAAK,CAAC;gBACpC,MAAM,OAAO,GAAG,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;gBAEzC,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;oBACnB,MAAM,IAAI,KAAK,CACb,uBAAuB,GAAG,IAAI;wBAC9B,sDAAsD,UAAU,oBAAoB,CACrF,CAAC;gBACJ,CAAC;gBAED,IAAI,CAAC,eAAM,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC/B,MAAM,IAAI,KAAK,CACb,uBAAuB,GAAG,IAAI;wBAC9B,8CAA8C,OAAO,oCAAoC,CAC1F,CAAC;gBACJ,CAAC;gBAED,+DAA+D;gBAC/D,gFAAgF;gBAChF,kFAAkF;gBAClF,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;oBACnD,OAAO,CAAC,IAAI,CACV,mCAAmC,OAAO,oCAAoC,IAAI,CAAC,MAAM,CAAC,OAAO,KAAK;wBACtG,0DAA0D,GAAG,EAAE,CAChE,CAAC;gBACJ,CAAC;gBAED,OAAO,OAAO,CAAC;YACjB,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,eAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC5D,oCAAoC;gBACpC,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CACb,uBAAuB,GAAG,IAAI;oBAC9B,8DAA8D,CAC/D,CAAC;YACJ,CAAC;QACH,CAAC;QAED,sDAAsD;QACtD,IAAI,eAAM,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,OAAO,GAAG,CAAC;QACb,CAAC;QAED,MAAM,IAAI,KAAK,CACb,uBAAuB,GAAG,IAAI;YAC9B,0DAA0D,CAC3D,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACH,YAAY,CAAC,OAAe;QAC1B,IAAI,CAAC,eAAM,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,6BAA6B,OAAO,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,6DAA6D;QAC7D,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACvC,OAAO,YAAY,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,OAAO,EAAE,CAAC;QACtD,CAAC;QAED,kDAAkD;QAClD,OAAO,YAAY,OAAO,EAAE,CAAC;IAC/B,CAAC;CACF;AA9dD,sCA8dC"}

package/dist/protocol/ProofGenerator.d.ts

@@ -1,22 +1,115 @@
+/// <reference types="node" />
 import { BytesLike } from 'ethers';
 import { DeliveryProof } from '../types';
 import { DeliveryProofData } from '../types/eip712';
+/**
+ * SECURITY FIX (MEDIUM-2): URL validation configuration for SSRF prevention
+ */
+export interface URLValidationConfig {
+    /**
+     * Allowed URL protocols (default: ['https:'])
+     * Set to ['https:', 'http:'] to allow HTTP in development
+     */
+    allowedProtocols?: string[];
+    /**
+     * Allow localhost URLs (default: false in production, true in dev)
+     */
+    allowLocalhost?: boolean;
+    /**
+     * Maximum response size in bytes (default: 10MB)
+     */
+    maxSize?: number;
+    /**
+     * Request timeout in milliseconds (default: 30000)
+     */
+    timeout?: number;
+    /**
+     * Blocked hostnames (e.g., internal services)
+     */
+    blockedHosts?: string[];
+}
+/**
+ * ProofGenerator - Content hashing and delivery proofs
+ * Reference: Yellow Paper §11.4.1
+ *
+ * SECURITY FIX (MEDIUM-2): Now includes URL validation for SSRF prevention
+ */
 export declare class ProofGenerator {
+    private readonly urlConfig;
+    /**
+     * Create ProofGenerator with optional URL validation config
+     *
+     * @param urlConfig - URL validation configuration for hashFromUrl()
+     */
+    constructor(urlConfig?: URLValidationConfig);
+    /**
+     * Hash deliverable content
+     * Uses Keccak256 per Yellow Paper §11.4.1
+     */
     hashContent(content: string | Buffer): string;
+    /**
+     * Generate delivery proof (AIP-4)
+     * Reference: Yellow Paper §8.2
+     * Complete schema with type field for AIP compliance
+     * Computed fields (size, mimeType) cannot be overwritten
+     */
     generateDeliveryProof(params: {
         txId: string;
         deliverable: string | Buffer;
         deliveryUrl?: string;
         metadata?: Record<string, any>;
     }): DeliveryProof;
+    /**
+     * Convert a generated delivery proof into typed EIP-712 data
+     */
     toDeliveryProofTypedData(proof: DeliveryProof): DeliveryProofData;
+    /**
+     * Encode proof for on-chain submission
+     */
     encodeProof(proof: DeliveryProof): BytesLike;
+    /**
+     * Decode proof from on-chain data
+     */
     decodeProof(proofData: BytesLike): {
         txId: string;
         contentHash: string;
         timestamp: number;
     };
+    /**
+     * Verify deliverable matches expected hash
+     */
     verifyDeliverable(deliverable: string | Buffer, expectedHash: string): boolean;
+    /**
+     * Generate content hash from URL (for IPFS/Arweave)
+     *
+     * SECURITY FIX (MEDIUM-2): Now includes:
+     * - Protocol validation (HTTPS only by default)
+     * - Hostname blocklist (prevents SSRF to internal services)
+     * - Size limits (prevents DoS via large responses)
+     * - Request timeout
+     *
+     * @param url - URL to fetch content from
+     * @returns Keccak256 hash of content
+     * @throws Error if URL is blocked, too large, or fetch fails
+     */
     hashFromUrl(url: string): Promise<string>;
+    /**
+     * SECURITY FIX (MEDIUM-2): Validate URL against security rules
+     *
+     * @param url - URL to validate
+     * @throws Error if URL is not allowed
+     */
+    private validateUrl;
+    /**
+     * Check if hostname is a private IP address
+     *
+     * @param hostname - Hostname to check
+     * @returns true if hostname is a private IP
+     */
+    private isPrivateIP;
+    /**
+     * Get the URL validation config (for testing/inspection)
+     */
+    getUrlConfig(): Required<URLValidationConfig>;
 }
 //# sourceMappingURL=ProofGenerator.d.ts.map

package/dist/protocol/ProofGenerator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ProofGenerator.d.ts","sourceRoot":"","sources":["../../src/protocol/ProofGenerator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAoC,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAA8B,MAAM,iBAAiB,CAAC;AAMhF,qBAAa,cAAc;IAKzB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM;IAY7C,qBAAqB,CAAC,MAAM,EAAE;QAC5B,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,GAAG,MAAM,CAAC;QAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;KAChC,GAAG,aAAa;IA8BjB,wBAAwB,CAAC,KAAK,EAAE,aAAa,GAAG,iBAAiB;IAOjE,WAAW,CAAC,KAAK,EAAE,aAAa,GAAG,SAAS;IAW5C,WAAW,CAAC,SAAS,EAAE,SAAS,GAAG;QACjC,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,SAAS,EAAE,MAAM,CAAC;KACnB;IAiBD,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IAQxE,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAWhD"}
+{"version":3,"file":"ProofGenerator.d.ts","sourceRoot":"","sources":["../../src/protocol/ProofGenerator.ts"],"names":[],"mappings":";AAAA,OAAO,EAAoC,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAA8B,MAAM,iBAAiB,CAAC;AAEhF;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAE5B;;OAEG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAqBD;;;;;GAKG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAgC;IAE1D;;;;OAIG;gBACS,SAAS,CAAC,EAAE,mBAAmB;IAa3C;;;OAGG;IACH,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM;IAM7C;;;;;OAKG;IACH,qBAAqB,CAAC,MAAM,EAAE;QAC5B,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,GAAG,MAAM,CAAC;QAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;KAChC,GAAG,aAAa;IA2BjB;;OAEG;IACH,wBAAwB,CAAC,KAAK,EAAE,aAAa,GAAG,iBAAiB;IAIjE;;OAEG;IACH,WAAW,CAAC,KAAK,EAAE,aAAa,GAAG,SAAS;IAQ5C;;OAEG;IACH,WAAW,CAAC,SAAS,EAAE,SAAS,GAAG;QACjC,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,SAAS,EAAE,MAAM,CAAC;KACnB;IAcD;;OAEG;IACH,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IAK9E;;;;;;;;;;;;OAYG;IACG,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IA2E/C;;;;;OAKG;IACH,OAAO,CAAC,WAAW;IAmCnB;;;;;OAKG;IACH,OAAO,CAAC,WAAW;IAoBnB;;OAEG;IACH,YAAY,IAAI,QAAQ,CAAC,mBAAmB,CAAC;CAG9C"}