@aptos-labs/ts-sdk 5.1.1-side-effect-free.1 → 5.1.2

package/dist/esm/core/crypto/abstraction.mjs

@@ -1,2 +1,2 @@
-import{AuthenticationKey as t}from"../authenticationKey";import{Hex as i}from"../hex";import{AccountPublicKey as s}from"./publicKey";import{Signature as n}from"./signature";class e extends n{constructor(r){super(),this.value=i.fromHexInput(r).toUint8Array()}serialize(r){r.serializeBytes(this.value)}static deserialize(r){return new e(r.deserializeBytes())}}class z extends s{constructor(r){super(),this.accountAddress=r}authKey(){return new t({data:this.accountAddress.toUint8Array()})}verifySignature(r){throw new Error("This function is not implemented for AbstractPublicKey.")}async verifySignatureAsync(r){throw new Error("This function is not implemented for AbstractPublicKey.")}serialize(r){throw new Error("This function is not implemented for AbstractPublicKey.")}}export{z as AbstractPublicKey,e as AbstractSignature};
+import{a,b}from"../../chunk-RQX6JOEN.mjs";import"../../chunk-WSR5EBJM.mjs";import"../../chunk-WCMW2L3P.mjs";import"../../chunk-FGFLPH5K.mjs";import"../../chunk-FZY4PMEE.mjs";import"../../chunk-TOBQ5UE6.mjs";import"../../chunk-MT2RJ7H3.mjs";import"../../chunk-Q4W3WJ2U.mjs";import"../../chunk-ORMOQWWH.mjs";import"../../chunk-FLZPUYXQ.mjs";import"../../chunk-RGKRCZ36.mjs";import"../../chunk-FD6FGKYY.mjs";import"../../chunk-MCFQE4GC.mjs";import"../../chunk-4WPQQPUF.mjs";import"../../chunk-EBMEXURY.mjs";import"../../chunk-STY74NUA.mjs";import"../../chunk-IF4UU2MT.mjs";import"../../chunk-56CNRT2K.mjs";import"../../chunk-KDMSOCZY.mjs";export{b as AbstractPublicKey,a as AbstractSignature};
 //# sourceMappingURL=abstraction.mjs.map

package/dist/esm/core/crypto/abstraction.mjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/core/crypto/abstraction.ts"],"sourcesContent":["import { Deserializer, Serializer } from \"../../bcs\";\nimport { HexInput } from \"../../types\";\nimport { AccountAddress } from \"../accountAddress\";\nimport { AuthenticationKey } from \"../authenticationKey\";\nimport { Hex } from \"../hex\";\nimport { AccountPublicKey, VerifySignatureArgs, VerifySignatureAsyncArgs } from \"./publicKey\";\nimport { Signature } from \"./signature\";\n\nexport class AbstractSignature extends Signature {\n  readonly value: Uint8Array;\n\n  constructor(value: HexInput) {\n    super();\n    this.value = Hex.fromHexInput(value).toUint8Array();\n  }\n\n  serialize(serializer: Serializer): void {\n    serializer.serializeBytes(this.value);\n  }\n\n  static deserialize(deserializer: Deserializer): AbstractSignature {\n    return new AbstractSignature(deserializer.deserializeBytes());\n  }\n}\n\nexport class AbstractPublicKey extends AccountPublicKey {\n  readonly accountAddress: AccountAddress;\n\n  constructor(accountAddress: AccountAddress) {\n    super();\n    this.accountAddress = accountAddress;\n  }\n\n  authKey(): AuthenticationKey {\n    return new AuthenticationKey({ data: this.accountAddress.toUint8Array() });\n  }\n\n  // eslint-disable-next-line class-methods-use-this, @typescript-eslint/no-unused-vars\n  verifySignature(args: VerifySignatureArgs): boolean {\n    throw new Error(\"This function is not implemented for AbstractPublicKey.\");\n  }\n\n  // eslint-disable-next-line class-methods-use-this, @typescript-eslint/no-unused-vars\n  async verifySignatureAsync(args: VerifySignatureAsyncArgs): Promise<boolean> {\n    throw new Error(\"This function is not implemented for AbstractPublicKey.\");\n  }\n\n  // eslint-disable-next-line class-methods-use-this, @typescript-eslint/no-unused-vars\n  serialize(serializer: Serializer): void {\n    throw new Error(\"This function is not implemented for AbstractPublicKey.\");\n  }\n}\n"],"mappings":"AAGA,OAAS,qBAAAA,MAAyB,uBAClC,OAAS,OAAAC,MAAW,SACpB,OAAS,oBAAAC,MAAuE,cAChF,OAAS,aAAAC,MAAiB,cAEnB,MAAMC,UAA0BD,CAAU,CAG/C,YAAYE,EAAiB,CAC3B,MAAM,EACN,KAAK,MAAQJ,EAAI,aAAaI,CAAK,EAAE,aAAa,CACpD,CAEA,UAAUC,EAA8B,CACtCA,EAAW,eAAe,KAAK,KAAK,CACtC,CAEA,OAAO,YAAYC,EAA+C,CAChE,OAAO,IAAIH,EAAkBG,EAAa,iBAAiB,CAAC,CAC9D,CACF,CAEO,MAAMC,UAA0BN,CAAiB,CAGtD,YAAYO,EAAgC,CAC1C,MAAM,EACN,KAAK,eAAiBA,CACxB,CAEA,SAA6B,CAC3B,OAAO,IAAIT,EAAkB,CAAE,KAAM,KAAK,eAAe,aAAa,CAAE,CAAC,CAC3E,CAGA,gBAAgBU,EAAoC,CAClD,MAAM,IAAI,MAAM,yDAAyD,CAC3E,CAGA,MAAM,qBAAqBA,EAAkD,CAC3E,MAAM,IAAI,MAAM,yDAAyD,CAC3E,CAGA,UAAUJ,EAA8B,CACtC,MAAM,IAAI,MAAM,yDAAyD,CAC3E,CACF","names":["AuthenticationKey","Hex","AccountPublicKey","Signature","AbstractSignature","value","serializer","deserializer","AbstractPublicKey","accountAddress","args"]}
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/esm/core/crypto/deserializationUtils.mjs

@@ -1,2 +1,2 @@
-import{AnyPublicKey as l,Ed25519PublicKey as a,MultiKey as c,KeylessPublicKey as d,MultiEd25519PublicKey as y,FederatedKeylessPublicKey as f,Secp256k1PublicKey as p,Ed25519Signature as S,Secp256k1Signature as K,KeylessSignature as g,AnySignature as E,MultiEd25519Signature as b,MultiKeySignature as P}from"..";import{Deserializer as u}from"../../bcs/deserializer";const t="Multiple possible deserializations found";function M(i){const n=[a,l,y,c,d,f,p];let r;for(const s of n)try{const e=u.fromHex(i),o=s.deserialize(e);if(e.assertFinished(),r)throw new Error(`${t}: ${i}`);r=o}catch(e){if(e instanceof Error&&e.message.includes(t))throw e}if(!r)throw new Error(`Failed to deserialize public key: ${i}`);return r}function T(i){const n=[S,E,b,P,g,K];let r;for(const s of n)try{const e=u.fromHex(i),o=s.deserialize(e);if(e.assertFinished(),r)throw new Error(`${t}: ${i}`);r=o}catch(e){if(e instanceof Error&&e.message.includes(t))throw e}if(!r)throw new Error(`Failed to deserialize signature: ${i}`);return r}export{M as deserializePublicKey,T as deserializeSignature};
+import{T as a,U as b}from"../../chunk-PJTG745G.mjs";import"../../chunk-A5L76YP7.mjs";import"../../chunk-5HXLZHDW.mjs";import"../../chunk-GOXRBEIJ.mjs";import"../../chunk-XJJVJOX5.mjs";import"../../chunk-QNARIAVM.mjs";import"../../chunk-2PASUPUO.mjs";import"../../chunk-C3Q23D22.mjs";import"../../chunk-NECL5FCQ.mjs";import"../../chunk-4QMXOWHP.mjs";import"../../chunk-RQX6JOEN.mjs";import"../../chunk-WSR5EBJM.mjs";import"../../chunk-WCMW2L3P.mjs";import"../../chunk-V74WPKSY.mjs";import"../../chunk-UYVPNUH3.mjs";import"../../chunk-G3MHXDYA.mjs";import"../../chunk-626KB2UQ.mjs";import"../../chunk-XKUIMGKU.mjs";import"../../chunk-N6YTF76Q.mjs";import"../../chunk-FGFLPH5K.mjs";import"../../chunk-QREVMGQZ.mjs";import"../../chunk-V3MBJJTL.mjs";import"../../chunk-ZP4DWSQA.mjs";import"../../chunk-2OPKZKOB.mjs";import"../../chunk-FC72YL4B.mjs";import"../../chunk-YS5IUILF.mjs";import"../../chunk-PSSIJHHC.mjs";import"../../chunk-YOZBVVKL.mjs";import"../../chunk-R7FWJP3N.mjs";import"../../chunk-UL777LTI.mjs";import"../../chunk-7ECCT6PK.mjs";import"../../chunk-AQW4BUKF.mjs";import"../../chunk-E2U27PNC.mjs";import"../../chunk-LAPXUUHK.mjs";import"../../chunk-HGLO5LDS.mjs";import"../../chunk-CW35YAMN.mjs";import"../../chunk-YZHAI55C.mjs";import"../../chunk-FZY4PMEE.mjs";import"../../chunk-TOBQ5UE6.mjs";import"../../chunk-MT2RJ7H3.mjs";import"../../chunk-Q4W3WJ2U.mjs";import"../../chunk-ORMOQWWH.mjs";import"../../chunk-FLZPUYXQ.mjs";import"../../chunk-LA56UDUK.mjs";import"../../chunk-ZYE7UTJZ.mjs";import"../../chunk-RGKRCZ36.mjs";import"../../chunk-FD6FGKYY.mjs";import"../../chunk-MCFQE4GC.mjs";import"../../chunk-4WPQQPUF.mjs";import"../../chunk-EBMEXURY.mjs";import"../../chunk-STY74NUA.mjs";import"../../chunk-IF4UU2MT.mjs";import"../../chunk-56CNRT2K.mjs";import"../../chunk-NCKJ7X57.mjs";import"../../chunk-P5HCJN3A.mjs";import"../../chunk-OLILO7VD.mjs";import"../../chunk-H3EP5CGP.mjs";import"../../chunk-KDMSOCZY.mjs";export{a as deserializePublicKey,b as deserializeSignature};
 //# sourceMappingURL=deserializationUtils.mjs.map

package/dist/esm/core/crypto/deserializationUtils.mjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/core/crypto/deserializationUtils.ts"],"sourcesContent":["import {\n  AnyPublicKey,\n  Ed25519PublicKey,\n  MultiKey,\n  KeylessPublicKey,\n  MultiEd25519PublicKey,\n  FederatedKeylessPublicKey,\n  Secp256k1PublicKey,\n  Signature,\n  PublicKey,\n  Ed25519Signature,\n  Secp256k1Signature,\n  KeylessSignature,\n  AnySignature,\n  MultiEd25519Signature,\n  MultiKeySignature,\n} from \"..\";\nimport { Deserializer } from \"../../bcs/deserializer\";\nimport { HexInput } from \"../../types\";\n\nconst MULTIPLE_DESERIALIZATIONS_ERROR_MSG = \"Multiple possible deserializations found\";\n\n/**\n * Deserializes a public key from a hex string.\n * Attempts to deserialize using various public key types in sequence until one succeeds.\n *\n * @param publicKey - The hex string representation of the public key to deserialize\n * @returns The deserialized public key\n * @throws Error if deserialization fails for all supported key types or if multiple deserializations are found\n */\nexport function deserializePublicKey(publicKey: HexInput): PublicKey {\n  const publicKeyTypes = [\n    Ed25519PublicKey,\n    AnyPublicKey,\n    MultiEd25519PublicKey,\n    MultiKey,\n    KeylessPublicKey,\n    FederatedKeylessPublicKey,\n    Secp256k1PublicKey,\n  ];\n\n  let result: PublicKey | undefined;\n  for (const KeyType of publicKeyTypes) {\n    try {\n      const deserializer = Deserializer.fromHex(publicKey);\n      const key = KeyType.deserialize(deserializer);\n      deserializer.assertFinished();\n      if (result) {\n        throw new Error(`${MULTIPLE_DESERIALIZATIONS_ERROR_MSG}: ${publicKey}`);\n      }\n      result = key;\n    } catch (error) {\n      if (error instanceof Error && error.message.includes(MULTIPLE_DESERIALIZATIONS_ERROR_MSG)) {\n        throw error;\n      }\n    }\n  }\n\n  if (!result) {\n    throw new Error(`Failed to deserialize public key: ${publicKey}`);\n  }\n\n  return result;\n}\n\n/**\n * Deserializes a signature from a hex string.\n * Attempts to deserialize using various signature types in sequence until one succeeds.\n *\n * @param signature - The hex string representation of the signature to deserialize\n * @returns The deserialized signature\n * @throws Error if deserialization fails for all supported signature types or if multiple deserializations are found\n */\nexport function deserializeSignature(signature: HexInput): Signature {\n  const signatureTypes = [\n    Ed25519Signature,\n    AnySignature,\n    MultiEd25519Signature,\n    MultiKeySignature,\n    KeylessSignature,\n    Secp256k1Signature,\n  ];\n\n  let result: Signature | undefined;\n  for (const SignatureType of signatureTypes) {\n    try {\n      const deserializer = Deserializer.fromHex(signature);\n      const sig = SignatureType.deserialize(deserializer);\n      deserializer.assertFinished();\n      if (result) {\n        throw new Error(`${MULTIPLE_DESERIALIZATIONS_ERROR_MSG}: ${signature}`);\n      }\n      result = sig;\n    } catch (error) {\n      if (error instanceof Error && error.message.includes(MULTIPLE_DESERIALIZATIONS_ERROR_MSG)) {\n        throw error;\n      }\n    }\n  }\n\n  if (!result) {\n    throw new Error(`Failed to deserialize signature: ${signature}`);\n  }\n\n  return result;\n}\n"],"mappings":"AAAA,OACE,gBAAAA,EACA,oBAAAC,EACA,YAAAC,EACA,oBAAAC,EACA,yBAAAC,EACA,6BAAAC,EACA,sBAAAC,EAGA,oBAAAC,EACA,sBAAAC,EACA,oBAAAC,EACA,gBAAAC,EACA,yBAAAC,EACA,qBAAAC,MACK,KACP,OAAS,gBAAAC,MAAoB,yBAG7B,MAAMC,EAAsC,2CAUrC,SAASC,EAAqBC,EAAgC,CACnE,MAAMC,EAAiB,CACrBhB,EACAD,EACAI,EACAF,EACAC,EACAE,EACAC,CACF,EAEA,IAAIY,EACJ,UAAWC,KAAWF,EACpB,GAAI,CACF,MAAMG,EAAeP,EAAa,QAAQG,CAAS,EAC7CK,EAAMF,EAAQ,YAAYC,CAAY,EAE5C,GADAA,EAAa,eAAe,EACxBF,EACF,MAAM,IAAI,MAAM,GAAGJ,CAAmC,KAAKE,CAAS,EAAE,EAExEE,EAASG,CACX,OAASC,EAAO,CACd,GAAIA,aAAiB,OAASA,EAAM,QAAQ,SAASR,CAAmC,EACtF,MAAMQ,CAEV,CAGF,GAAI,CAACJ,EACH,MAAM,IAAI,MAAM,qCAAqCF,CAAS,EAAE,EAGlE,OAAOE,CACT,CAUO,SAASK,EAAqBC,EAAgC,CACnE,MAAMC,EAAiB,CACrBlB,EACAG,EACAC,EACAC,EACAH,EACAD,CACF,EAEA,IAAIU,EACJ,UAAWQ,KAAiBD,EAC1B,GAAI,CACF,MAAML,EAAeP,EAAa,QAAQW,CAAS,EAC7CG,EAAMD,EAAc,YAAYN,CAAY,EAElD,GADAA,EAAa,eAAe,EACxBF,EACF,MAAM,IAAI,MAAM,GAAGJ,CAAmC,KAAKU,CAAS,EAAE,EAExEN,EAASS,CACX,OAASL,EAAO,CACd,GAAIA,aAAiB,OAASA,EAAM,QAAQ,SAASR,CAAmC,EACtF,MAAMQ,CAEV,CAGF,GAAI,CAACJ,EACH,MAAM,IAAI,MAAM,oCAAoCM,CAAS,EAAE,EAGjE,OAAON,CACT","names":["AnyPublicKey","Ed25519PublicKey","MultiKey","KeylessPublicKey","MultiEd25519PublicKey","FederatedKeylessPublicKey","Secp256k1PublicKey","Ed25519Signature","Secp256k1Signature","KeylessSignature","AnySignature","MultiEd25519Signature","MultiKeySignature","Deserializer","MULTIPLE_DESERIALIZATIONS_ERROR_MSG","deserializePublicKey","publicKey","publicKeyTypes","result","KeyType","deserializer","key","error","deserializeSignature","signature","signatureTypes","SignatureType","sig"]}
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/esm/core/crypto/ed25519.mjs

@@ -1,2 +1,2 @@
-import{ed25519 as o}from"@noble/curves/ed25519";import{Serializable as v}from"../../bcs/serializer";import{AuthenticationKey as P}from"../authenticationKey";import{Hex as y}from"../hex";import{SigningScheme as E,PrivateKeyVariants as f}from"../../types";import{CKDPriv as H,deriveKey as b,HARDENED_OFFSET as U,isValidHardenedPath as z,mnemonicToSeed as I,splitPath as w}from"./hdKey";import{PrivateKey as h}from"./privateKey";import{AccountPublicKey as T}from"./publicKey";import{Signature as L}from"./signature";import{convertSigningMessage as p}from"./utils";const x=[237,211,245,92,26,99,18,88,214,156,247,162,222,249,222,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16];function B(K){const e=K.toUint8Array().slice(32);for(let t=x.length-1;t>=0;t-=1){if(e[t]<x[t])return!0;if(e[t]>x[t])return!1}return!1}const n=class n extends T{constructor(e){super();const t=y.fromHexInput(e);if(t.toUint8Array().length!==n.LENGTH)throw new Error(`PublicKey length should be ${n.LENGTH}`);this.key=t}verifySignature(e){const{message:t,signature:i}=e;if(!B(i))return!1;const a=p(t),u=y.fromHexInput(a).toUint8Array(),c=i.toUint8Array(),l=this.key.toUint8Array();return o.verify(c,u,l)}async verifySignatureAsync(e){return this.verifySignature(e)}authKey(){return P.fromSchemeAndBytes({scheme:E.Ed25519,input:this.toUint8Array()})}toUint8Array(){return this.key.toUint8Array()}serialize(e){e.serializeBytes(this.key.toUint8Array())}static deserialize(e){const t=e.deserializeBytes();return new n(t)}static isPublicKey(e){return e instanceof n}static isInstance(e){return"key"in e&&e.key?.data?.length===n.LENGTH}};n.LENGTH=32;let d=n;const r=class r extends v{constructor(e,t){super();const i=h.parseHexInput(e,f.Ed25519,t);if(i.toUint8Array().length!==r.LENGTH)throw new Error(`PrivateKey length should be ${r.LENGTH}`);this.signingKey=i}static generate(){const e=o.utils.randomPrivateKey();return new r(e,!1)}static fromDerivationPath(e,t){if(!z(e))throw new Error(`Invalid derivation path ${e}`);return r.fromDerivationPathInner(e,I(t))}static fromDerivationPathInner(e,t,i=U){const{key:a,chainCode:u}=b(r.SLIP_0010_SEED,t),c=w(e).map(g=>parseInt(g,10)),{key:l}=c.reduce((g,S)=>H(g,S+i),{key:a,chainCode:u});return new r(l,!1)}publicKey(){const e=o.getPublicKey(this.signingKey.toUint8Array());return new d(e)}sign(e){const t=p(e),i=y.fromHexInput(t).toUint8Array(),a=o.sign(i,this.signingKey.toUint8Array());return new m(a)}toUint8Array(){return this.signingKey.toUint8Array()}toString(){return this.toAIP80String()}toHexString(){return this.signingKey.toString()}toAIP80String(){return h.formatPrivateKey(this.signingKey.toString(),f.Ed25519)}serialize(e){e.serializeBytes(this.toUint8Array())}static deserialize(e){const t=e.deserializeBytes();return new r(t,!1)}static isPrivateKey(e){return e instanceof r}};r.LENGTH=32,r.SLIP_0010_SEED="ed25519 seed";let A=r;const s=class s extends L{constructor(e){super();const t=y.fromHexInput(e);if(t.toUint8Array().length!==s.LENGTH)throw new Error(`Signature length should be ${s.LENGTH}`);this.data=t}toUint8Array(){return this.data.toUint8Array()}serialize(e){e.serializeBytes(this.data.toUint8Array())}static deserialize(e){const t=e.deserializeBytes();return new s(t)}};s.LENGTH=64;let m=s;export{A as Ed25519PrivateKey,d as Ed25519PublicKey,m as Ed25519Signature,B as isCanonicalEd25519Signature};
+import{P as a,Q as b,R as c,S as d}from"../../chunk-PJTG745G.mjs";import"../../chunk-A5L76YP7.mjs";import"../../chunk-5HXLZHDW.mjs";import"../../chunk-GOXRBEIJ.mjs";import"../../chunk-XJJVJOX5.mjs";import"../../chunk-QNARIAVM.mjs";import"../../chunk-2PASUPUO.mjs";import"../../chunk-C3Q23D22.mjs";import"../../chunk-NECL5FCQ.mjs";import"../../chunk-4QMXOWHP.mjs";import"../../chunk-RQX6JOEN.mjs";import"../../chunk-WSR5EBJM.mjs";import"../../chunk-WCMW2L3P.mjs";import"../../chunk-V74WPKSY.mjs";import"../../chunk-UYVPNUH3.mjs";import"../../chunk-G3MHXDYA.mjs";import"../../chunk-626KB2UQ.mjs";import"../../chunk-XKUIMGKU.mjs";import"../../chunk-N6YTF76Q.mjs";import"../../chunk-FGFLPH5K.mjs";import"../../chunk-QREVMGQZ.mjs";import"../../chunk-V3MBJJTL.mjs";import"../../chunk-ZP4DWSQA.mjs";import"../../chunk-2OPKZKOB.mjs";import"../../chunk-FC72YL4B.mjs";import"../../chunk-YS5IUILF.mjs";import"../../chunk-PSSIJHHC.mjs";import"../../chunk-YOZBVVKL.mjs";import"../../chunk-R7FWJP3N.mjs";import"../../chunk-UL777LTI.mjs";import"../../chunk-7ECCT6PK.mjs";import"../../chunk-AQW4BUKF.mjs";import"../../chunk-E2U27PNC.mjs";import"../../chunk-LAPXUUHK.mjs";import"../../chunk-HGLO5LDS.mjs";import"../../chunk-CW35YAMN.mjs";import"../../chunk-YZHAI55C.mjs";import"../../chunk-FZY4PMEE.mjs";import"../../chunk-TOBQ5UE6.mjs";import"../../chunk-MT2RJ7H3.mjs";import"../../chunk-Q4W3WJ2U.mjs";import"../../chunk-ORMOQWWH.mjs";import"../../chunk-FLZPUYXQ.mjs";import"../../chunk-LA56UDUK.mjs";import"../../chunk-ZYE7UTJZ.mjs";import"../../chunk-RGKRCZ36.mjs";import"../../chunk-FD6FGKYY.mjs";import"../../chunk-MCFQE4GC.mjs";import"../../chunk-4WPQQPUF.mjs";import"../../chunk-EBMEXURY.mjs";import"../../chunk-STY74NUA.mjs";import"../../chunk-IF4UU2MT.mjs";import"../../chunk-56CNRT2K.mjs";import"../../chunk-NCKJ7X57.mjs";import"../../chunk-P5HCJN3A.mjs";import"../../chunk-OLILO7VD.mjs";import"../../chunk-H3EP5CGP.mjs";import"../../chunk-KDMSOCZY.mjs";export{c as Ed25519PrivateKey,b as Ed25519PublicKey,d as Ed25519Signature,a as isCanonicalEd25519Signature};
 //# sourceMappingURL=ed25519.mjs.map

package/dist/esm/core/crypto/ed25519.mjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/core/crypto/ed25519.ts"],"sourcesContent":["// Copyright © Aptos Foundation\n// SPDX-License-Identifier: Apache-2.0\n\nimport { ed25519 } from \"@noble/curves/ed25519\";\nimport { Deserializer } from \"../../bcs/deserializer\";\nimport { Serializable, Serializer } from \"../../bcs/serializer\";\nimport { AuthenticationKey } from \"../authenticationKey\";\nimport { Hex } from \"../hex\";\nimport { HexInput, SigningScheme as AuthenticationKeyScheme, PrivateKeyVariants } from \"../../types\";\nimport { CKDPriv, deriveKey, HARDENED_OFFSET, isValidHardenedPath, mnemonicToSeed, splitPath } from \"./hdKey\";\nimport { PrivateKey } from \"./privateKey\";\nimport { AccountPublicKey, PublicKey, VerifySignatureArgs, VerifySignatureAsyncArgs } from \"./publicKey\";\nimport { Signature } from \"./signature\";\nimport { convertSigningMessage } from \"./utils\";\n\n/**\n * L is the value that greater than or equal to will produce a non-canonical signature, and must be rejected\n * @group Implementation\n * @category Serialization\n */\nconst L: number[] = [\n  0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00,\n  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10,\n];\n\n/**\n * Checks if an ED25519 signature is non-canonical.\n * This function helps determine the validity of a signature by verifying its canonical form.\n *\n * @param signature - The signature to be checked for canonicality.\n * @returns A boolean indicating whether the signature is non-canonical.\n *\n * Comes from Aptos Core\n * https://github.com/aptos-labs/aptos-core/blob/main/crates/aptos-crypto/src/ed25519/ed25519_sigs.rs#L47-L85\n * @group Implementation\n * @category Serialization\n */\nexport function isCanonicalEd25519Signature(signature: Signature): boolean {\n  const s = signature.toUint8Array().slice(32);\n  for (let i = L.length - 1; i >= 0; i -= 1) {\n    if (s[i] < L[i]) {\n      return true;\n    }\n    if (s[i] > L[i]) {\n      return false;\n    }\n  }\n  // As this stage S == L which implies a non-canonical S.\n  return false;\n}\n\n/**\n * Represents the public key of an Ed25519 key pair.\n *\n * Since [AIP-55](https://github.com/aptos-foundation/AIPs/pull/263) Aptos supports\n * `Legacy` and `Unified` authentication keys.\n *\n * Ed25519 scheme is represented in the SDK as `Legacy authentication key` and also\n * as `AnyPublicKey` that represents any `Unified authentication key`.\n * @group Implementation\n * @category Serialization\n */\nexport class Ed25519PublicKey extends AccountPublicKey {\n  /**\n   * Length of an Ed25519 public key\n   * @group Implementation\n   * @category Serialization\n   */\n  static readonly LENGTH: number = 32;\n\n  /**\n   * Bytes of the public key\n   * @private\n   * @group Implementation\n   * @category Serialization\n   */\n  private readonly key: Hex;\n\n  /**\n   * Creates an instance of the Ed25519Signature class from a hex input.\n   * This constructor validates the length of the signature to ensure it meets the required specifications.\n   *\n   * @param hexInput - The hex input representing the Ed25519 signature.\n   * @throws Error if the signature length is not equal to Ed25519Signature.LENGTH.\n   * @group Implementation\n   * @category Serialization\n   */\n  constructor(hexInput: HexInput) {\n    super();\n\n    const hex = Hex.fromHexInput(hexInput);\n    if (hex.toUint8Array().length !== Ed25519PublicKey.LENGTH) {\n      throw new Error(`PublicKey length should be ${Ed25519PublicKey.LENGTH}`);\n    }\n    this.key = hex;\n  }\n\n  // region AccountPublicKey\n\n  /**\n   * Verifies a signed message using a public key.\n   *\n   * @param args - The arguments for verification.\n   * @param args.message - A signed message as a Hex string or Uint8Array.\n   * @param args.signature - The signature of the message.\n   * @group Implementation\n   * @category Serialization\n   */\n  verifySignature(args: VerifySignatureArgs): boolean {\n    const { message, signature } = args;\n    // Verify malleability\n    if (!isCanonicalEd25519Signature(signature)) {\n      return false;\n    }\n\n    const messageToVerify = convertSigningMessage(message);\n    const messageBytes = Hex.fromHexInput(messageToVerify).toUint8Array();\n    const signatureBytes = signature.toUint8Array();\n    const publicKeyBytes = this.key.toUint8Array();\n    return ed25519.verify(signatureBytes, messageBytes, publicKeyBytes);\n  }\n\n  /**\n   * Note: Ed25519Signatures can be verified syncronously.\n   *\n   * Verifies the provided signature against the given message.\n   * This function helps ensure the integrity and authenticity of the message by confirming that the signature is valid.\n   *\n   * @param args - The arguments for signature verification.\n   * @param args.aptosConfig - The configuration object for connecting to the Aptos network\n   * @param args.message - The message that was signed.\n   * @param args.signature - The signature to verify, which must be an instance of Secp256k1Signature.\n   * @returns A boolean indicating whether the signature is valid for the given message.\n   * @group Implementation\n   * @category Serialization\n   */\n  async verifySignatureAsync(args: VerifySignatureAsyncArgs): Promise<boolean> {\n    return this.verifySignature(args);\n  }\n\n  /**\n   * Generates an authentication key from the public key using the Ed25519 scheme.\n   * This function is essential for creating a secure authentication key that can be used for further cryptographic operations.\n   *\n   * @returns {AuthenticationKey} The generated authentication key.\n   * @group Implementation\n   * @category Serialization\n   */\n  authKey(): AuthenticationKey {\n    return AuthenticationKey.fromSchemeAndBytes({\n      scheme: AuthenticationKeyScheme.Ed25519,\n      input: this.toUint8Array(),\n    });\n  }\n\n  /**\n   * Convert the internal data representation to a Uint8Array.\n   *\n   * @returns Uint8Array representation of the data.\n   * @group Implementation\n   * @category Serialization\n   */\n  toUint8Array(): Uint8Array {\n    return this.key.toUint8Array();\n  }\n\n  // endregion\n\n  // region Serializable\n\n  /**\n   * Serializes the data into a byte array using the provided serializer.\n   * This allows for the conversion of data into a format suitable for transmission or storage.\n   *\n   * @param serializer - The serializer instance used to perform the serialization.\n   * @group Implementation\n   * @category Serialization\n   */\n  serialize(serializer: Serializer): void {\n    serializer.serializeBytes(this.key.toUint8Array());\n  }\n\n  /**\n   * Deserialize bytes into an Ed25519Signature object.\n   * This function is used to convert serialized byte data into a usable Ed25519Signature instance.\n   *\n   * @param deserializer - The deserializer instance used to read the byte data.\n   * @group Implementation\n   * @category Serialization\n   */\n  static deserialize(deserializer: Deserializer): Ed25519PublicKey {\n    const bytes = deserializer.deserializeBytes();\n    return new Ed25519PublicKey(bytes);\n  }\n\n  // endregion\n\n  /**\n   * Determine if the provided public key is an instance of Ed25519PublicKey.\n   *\n   * @param publicKey - The public key to check.\n   * @returns True if the public key is an instance of Ed25519PublicKey, otherwise false.\n   * @deprecated use `instanceof Ed25519PublicKey` instead.\n   * @group Implementation\n   * @category Serialization\n   */\n  static isPublicKey(publicKey: AccountPublicKey): publicKey is Ed25519PublicKey {\n    return publicKey instanceof Ed25519PublicKey;\n  }\n\n  /**\n   * Determines if the provided public key is a valid Ed25519 public key.\n   * This function checks for the presence of the \"key\" property and verifies that its data length matches the expected length\n   * for Ed25519 public keys.\n   *\n   * @param publicKey - The public key to validate.\n   * @returns A boolean indicating whether the public key is a valid Ed25519 public key.\n   * @group Implementation\n   * @category Serialization\n   */\n  static isInstance(publicKey: PublicKey): publicKey is Ed25519PublicKey {\n    return \"key\" in publicKey && (publicKey.key as any)?.data?.length === Ed25519PublicKey.LENGTH;\n  }\n}\n\n/**\n * Represents the private key of an Ed25519 key pair.\n * @group Implementation\n * @category Serialization\n */\nexport class Ed25519PrivateKey extends Serializable implements PrivateKey {\n  /**\n   * Length of an Ed25519 private key\n   * @group Implementation\n   * @category Serialization\n   */\n  static readonly LENGTH: number = 32;\n\n  /**\n   * The Ed25519 key seed to use for BIP-32 compatibility\n   * See more {@link https://github.com/satoshilabs/slips/blob/master/slip-0010.md}\n   * @group Implementation\n   * @category Serialization\n   */\n  static readonly SLIP_0010_SEED = \"ed25519 seed\";\n\n  /**\n   * The Ed25519 signing key\n   * @private\n   * @group Implementation\n   * @category Serialization\n   */\n  private readonly signingKey: Hex;\n\n  // region Constructors\n\n  /**\n   * Create a new PrivateKey instance from a Uint8Array or String.\n   *\n   * [Read about AIP-80](https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-80.md)\n   *\n   * @param hexInput HexInput (string or Uint8Array)\n   * @param strict If true, private key must AIP-80 compliant.\n   * @group Implementation\n   * @category Serialization\n   */\n  constructor(hexInput: HexInput, strict?: boolean) {\n    super();\n\n    const privateKeyHex = PrivateKey.parseHexInput(hexInput, PrivateKeyVariants.Ed25519, strict);\n    if (privateKeyHex.toUint8Array().length !== Ed25519PrivateKey.LENGTH) {\n      throw new Error(`PrivateKey length should be ${Ed25519PrivateKey.LENGTH}`);\n    }\n\n    // Create keyPair from Private key in Uint8Array format\n    this.signingKey = privateKeyHex;\n  }\n\n  /**\n   * Generate a new random private key.\n   *\n   * @returns Ed25519PrivateKey A newly generated Ed25519 private key.\n   * @group Implementation\n   * @category Serialization\n   */\n  static generate(): Ed25519PrivateKey {\n    const keyPair = ed25519.utils.randomPrivateKey();\n    return new Ed25519PrivateKey(keyPair, false);\n  }\n\n  /**\n   * Derives a private key from a mnemonic seed phrase using a specified BIP44 path.\n   * To derive multiple keys from the same phrase, change the path\n   *\n   * IMPORTANT: Ed25519 supports hardened derivation only, as it lacks a key homomorphism, making non-hardened derivation impossible.\n   *\n   * @param path - The BIP44 path used for key derivation.\n   * @param mnemonics - The mnemonic seed phrase from which the key will be derived.\n   * @throws Error if the provided path is not a valid hardened path.\n   * @group Implementation\n   * @category Serialization\n   */\n  static fromDerivationPath(path: string, mnemonics: string): Ed25519PrivateKey {\n    if (!isValidHardenedPath(path)) {\n      throw new Error(`Invalid derivation path ${path}`);\n    }\n    return Ed25519PrivateKey.fromDerivationPathInner(path, mnemonicToSeed(mnemonics));\n  }\n\n  /**\n   * Derives a child private key from a given BIP44 path and seed.\n   * A private inner function so we can separate from the main fromDerivationPath() method\n   * to add tests to verify we create the keys correctly.\n   *\n   * @param path - The BIP44 path used for key derivation.\n   * @param seed - The seed phrase created by the mnemonics, represented as a Uint8Array.\n   * @param offset - The offset used for key derivation, defaults to HARDENED_OFFSET.\n   * @returns An instance of Ed25519PrivateKey derived from the specified path and seed.\n   * @group Implementation\n   * @category Serialization\n   */\n  private static fromDerivationPathInner(path: string, seed: Uint8Array, offset = HARDENED_OFFSET): Ed25519PrivateKey {\n    const { key, chainCode } = deriveKey(Ed25519PrivateKey.SLIP_0010_SEED, seed);\n\n    const segments = splitPath(path).map((el) => parseInt(el, 10));\n\n    // Derive the child key based on the path\n    const { key: privateKey } = segments.reduce((parentKeys, segment) => CKDPriv(parentKeys, segment + offset), {\n      key,\n      chainCode,\n    });\n    return new Ed25519PrivateKey(privateKey, false);\n  }\n\n  // endregion\n\n  // region PrivateKey\n\n  /**\n   * Derive the Ed25519PublicKey for this private key.\n   *\n   * @returns Ed25519PublicKey - The derived public key corresponding to the private key.\n   * @group Implementation\n   * @category Serialization\n   */\n  publicKey(): Ed25519PublicKey {\n    const bytes = ed25519.getPublicKey(this.signingKey.toUint8Array());\n    return new Ed25519PublicKey(bytes);\n  }\n\n  /**\n   * Sign the given message with the private key.\n   * This function generates a digital signature for the specified message, ensuring its authenticity and integrity.\n   *\n   * @param message - A message as a string or Uint8Array in HexInput format.\n   * @returns A digital signature for the provided message.\n   * @group Implementation\n   * @category Serialization\n   */\n  sign(message: HexInput): Ed25519Signature {\n    const messageToSign = convertSigningMessage(message);\n    const messageBytes = Hex.fromHexInput(messageToSign).toUint8Array();\n    const signatureBytes = ed25519.sign(messageBytes, this.signingKey.toUint8Array());\n    return new Ed25519Signature(signatureBytes);\n  }\n\n  /**\n   * Get the private key in bytes (Uint8Array).\n   *\n   * @returns Uint8Array representation of the private key\n   * @group Implementation\n   * @category Serialization\n   */\n  toUint8Array(): Uint8Array {\n    return this.signingKey.toUint8Array();\n  }\n\n  /**\n   * Get the private key as a hex string with the 0x prefix.\n   *\n   * @returns string representation of the private key.\n   * @group Implementation\n   * @category Serialization\n   */\n  toString(): string {\n    return this.toAIP80String();\n  }\n\n  /**\n   * Get the private key as a hex string with the 0x prefix.\n   *\n   * @returns string representation of the private key.\n   */\n  toHexString(): string {\n    return this.signingKey.toString();\n  }\n\n  /**\n   * Get the private key as a AIP-80 compliant hex string.\n   *\n   * [Read about AIP-80](https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-80.md)\n   *\n   * @returns AIP-80 compliant string representation of the private key.\n   */\n  toAIP80String(): string {\n    return PrivateKey.formatPrivateKey(this.signingKey.toString(), PrivateKeyVariants.Ed25519);\n  }\n\n  // endregion\n\n  // region Serializable\n\n  serialize(serializer: Serializer): void {\n    serializer.serializeBytes(this.toUint8Array());\n  }\n\n  static deserialize(deserializer: Deserializer): Ed25519PrivateKey {\n    const bytes = deserializer.deserializeBytes();\n    return new Ed25519PrivateKey(bytes, false);\n  }\n\n  // endregion\n\n  /**\n   * Determines if the provided private key is an instance of Ed25519PrivateKey.\n   *\n   * @param privateKey - The private key to check.\n   * @returns A boolean indicating whether the private key is an Ed25519PrivateKey.\n   *\n   * @deprecated Use `instanceof Ed25519PrivateKey` instead.\n   * @group Implementation\n   * @category Serialization\n   */\n  static isPrivateKey(privateKey: PrivateKey): privateKey is Ed25519PrivateKey {\n    return privateKey instanceof Ed25519PrivateKey;\n  }\n}\n\n/**\n * Represents a signature of a message signed using an Ed25519 private key.\n * @group Implementation\n * @category Serialization\n */\nexport class Ed25519Signature extends Signature {\n  /**\n   * Length of an Ed25519 signature, which is 64 bytes.\n   * @group Implementation\n   * @category Serialization\n   */\n  static readonly LENGTH = 64;\n\n  /**\n   * The signature bytes\n   * @private\n   * @group Implementation\n   * @category Serialization\n   */\n  private readonly data: Hex;\n\n  // region Constructors\n\n  constructor(hexInput: HexInput) {\n    super();\n    const data = Hex.fromHexInput(hexInput);\n    if (data.toUint8Array().length !== Ed25519Signature.LENGTH) {\n      throw new Error(`Signature length should be ${Ed25519Signature.LENGTH}`);\n    }\n    this.data = data;\n  }\n\n  // endregion\n\n  // region Signature\n\n  toUint8Array(): Uint8Array {\n    return this.data.toUint8Array();\n  }\n\n  // endregion\n\n  // region Serializable\n\n  serialize(serializer: Serializer): void {\n    serializer.serializeBytes(this.data.toUint8Array());\n  }\n\n  static deserialize(deserializer: Deserializer): Ed25519Signature {\n    const bytes = deserializer.deserializeBytes();\n    return new Ed25519Signature(bytes);\n  }\n\n  // endregion\n}\n"],"mappings":"AAGA,OAAS,WAAAA,MAAe,wBAExB,OAAS,gBAAAC,MAAgC,uBACzC,OAAS,qBAAAC,MAAyB,uBAClC,OAAS,OAAAC,MAAW,SACpB,OAAmB,iBAAiBC,EAAyB,sBAAAC,MAA0B,cACvF,OAAS,WAAAC,EAAS,aAAAC,EAAW,mBAAAC,EAAiB,uBAAAC,EAAqB,kBAAAC,EAAgB,aAAAC,MAAiB,UACpG,OAAS,cAAAC,MAAkB,eAC3B,OAAS,oBAAAC,MAAkF,cAC3F,OAAS,aAAAC,MAAiB,cAC1B,OAAS,yBAAAC,MAA6B,UAOtC,MAAMC,EAAc,CAClB,IAAM,IAAM,IAAM,GAAM,GAAM,GAAM,GAAM,GAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,GAAM,EAAM,EAAM,EAC5G,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAAM,EAC1E,EAcO,SAASC,EAA4BC,EAA+B,CACzE,MAAMC,EAAID,EAAU,aAAa,EAAE,MAAM,EAAE,EAC3C,QAASE,EAAIJ,EAAE,OAAS,EAAGI,GAAK,EAAGA,GAAK,EAAG,CACzC,GAAID,EAAEC,CAAC,EAAIJ,EAAEI,CAAC,EACZ,MAAO,GAET,GAAID,EAAEC,CAAC,EAAIJ,EAAEI,CAAC,EACZ,MAAO,EAEX,CAEA,MAAO,EACT,CAaO,MAAMC,EAAN,MAAMA,UAAyBR,CAAiB,CAyBrD,YAAYS,EAAoB,CAC9B,MAAM,EAEN,MAAMC,EAAMpB,EAAI,aAAamB,CAAQ,EACrC,GAAIC,EAAI,aAAa,EAAE,SAAWF,EAAiB,OACjD,MAAM,IAAI,MAAM,8BAA8BA,EAAiB,MAAM,EAAE,EAEzE,KAAK,IAAME,CACb,CAaA,gBAAgBC,EAAoC,CAClD,KAAM,CAAE,QAAAC,EAAS,UAAAP,CAAU,EAAIM,EAE/B,GAAI,CAACP,EAA4BC,CAAS,EACxC,MAAO,GAGT,MAAMQ,EAAkBX,EAAsBU,CAAO,EAC/CE,EAAexB,EAAI,aAAauB,CAAe,EAAE,aAAa,EAC9DE,EAAiBV,EAAU,aAAa,EACxCW,EAAiB,KAAK,IAAI,aAAa,EAC7C,OAAO7B,EAAQ,OAAO4B,EAAgBD,EAAcE,CAAc,CACpE,CAgBA,MAAM,qBAAqBL,EAAkD,CAC3E,OAAO,KAAK,gBAAgBA,CAAI,CAClC,CAUA,SAA6B,CAC3B,OAAOtB,EAAkB,mBAAmB,CAC1C,OAAQE,EAAwB,QAChC,MAAO,KAAK,aAAa,CAC3B,CAAC,CACH,CASA,cAA2B,CACzB,OAAO,KAAK,IAAI,aAAa,CAC/B,CAcA,UAAU0B,EAA8B,CACtCA,EAAW,eAAe,KAAK,IAAI,aAAa,CAAC,CACnD,CAUA,OAAO,YAAYC,EAA8C,CAC/D,MAAMC,EAAQD,EAAa,iBAAiB,EAC5C,OAAO,IAAIV,EAAiBW,CAAK,CACnC,CAaA,OAAO,YAAYC,EAA4D,CAC7E,OAAOA,aAAqBZ,CAC9B,CAYA,OAAO,WAAWY,EAAqD,CACrE,MAAO,QAASA,GAAcA,EAAU,KAAa,MAAM,SAAWZ,EAAiB,MACzF,CACF,EAjKaA,EAMK,OAAiB,GAN5B,IAAMa,EAANb,EAwKA,MAAMc,EAAN,MAAMA,UAA0BlC,CAAmC,CAoCxE,YAAYqB,EAAoBc,EAAkB,CAChD,MAAM,EAEN,MAAMC,EAAgBzB,EAAW,cAAcU,EAAUjB,EAAmB,QAAS+B,CAAM,EAC3F,GAAIC,EAAc,aAAa,EAAE,SAAWF,EAAkB,OAC5D,MAAM,IAAI,MAAM,+BAA+BA,EAAkB,MAAM,EAAE,EAI3E,KAAK,WAAaE,CACpB,CASA,OAAO,UAA8B,CACnC,MAAMC,EAAUtC,EAAQ,MAAM,iBAAiB,EAC/C,OAAO,IAAImC,EAAkBG,EAAS,EAAK,CAC7C,CAcA,OAAO,mBAAmBC,EAAcC,EAAsC,CAC5E,GAAI,CAAC/B,EAAoB8B,CAAI,EAC3B,MAAM,IAAI,MAAM,2BAA2BA,CAAI,EAAE,EAEnD,OAAOJ,EAAkB,wBAAwBI,EAAM7B,EAAe8B,CAAS,CAAC,CAClF,CAcA,OAAe,wBAAwBD,EAAcE,EAAkBC,EAASlC,EAAoC,CAClH,KAAM,CAAE,IAAAmC,EAAK,UAAAC,CAAU,EAAIrC,EAAU4B,EAAkB,eAAgBM,CAAI,EAErEI,EAAWlC,EAAU4B,CAAI,EAAE,IAAKO,GAAO,SAASA,EAAI,EAAE,CAAC,EAGvD,CAAE,IAAKC,CAAW,EAAIF,EAAS,OAAO,CAACG,EAAYC,IAAY3C,EAAQ0C,EAAYC,EAAUP,CAAM,EAAG,CAC1G,IAAAC,EACA,UAAAC,CACF,CAAC,EACD,OAAO,IAAIT,EAAkBY,EAAY,EAAK,CAChD,CAaA,WAA8B,CAC5B,MAAMf,EAAQhC,EAAQ,aAAa,KAAK,WAAW,aAAa,CAAC,EACjE,OAAO,IAAIkC,EAAiBF,CAAK,CACnC,CAWA,KAAKP,EAAqC,CACxC,MAAMyB,EAAgBnC,EAAsBU,CAAO,EAC7CE,EAAexB,EAAI,aAAa+C,CAAa,EAAE,aAAa,EAC5DtB,EAAiB5B,EAAQ,KAAK2B,EAAc,KAAK,WAAW,aAAa,CAAC,EAChF,OAAO,IAAIwB,EAAiBvB,CAAc,CAC5C,CASA,cAA2B,CACzB,OAAO,KAAK,WAAW,aAAa,CACtC,CASA,UAAmB,CACjB,OAAO,KAAK,cAAc,CAC5B,CAOA,aAAsB,CACpB,OAAO,KAAK,WAAW,SAAS,CAClC,CASA,eAAwB,CACtB,OAAOhB,EAAW,iBAAiB,KAAK,WAAW,SAAS,EAAGP,EAAmB,OAAO,CAC3F,CAMA,UAAUyB,EAA8B,CACtCA,EAAW,eAAe,KAAK,aAAa,CAAC,CAC/C,CAEA,OAAO,YAAYC,EAA+C,CAChE,MAAMC,EAAQD,EAAa,iBAAiB,EAC5C,OAAO,IAAII,EAAkBH,EAAO,EAAK,CAC3C,CAcA,OAAO,aAAae,EAAyD,CAC3E,OAAOA,aAAsBZ,CAC/B,CACF,EA9MaA,EAMK,OAAiB,GANtBA,EAcK,eAAiB,eAd5B,IAAMiB,EAANjB,EAqNA,MAAMkB,EAAN,MAAMA,UAAyBvC,CAAU,CAkB9C,YAAYQ,EAAoB,CAC9B,MAAM,EACN,MAAMgC,EAAOnD,EAAI,aAAamB,CAAQ,EACtC,GAAIgC,EAAK,aAAa,EAAE,SAAWD,EAAiB,OAClD,MAAM,IAAI,MAAM,8BAA8BA,EAAiB,MAAM,EAAE,EAEzE,KAAK,KAAOC,CACd,CAMA,cAA2B,CACzB,OAAO,KAAK,KAAK,aAAa,CAChC,CAMA,UAAUxB,EAA8B,CACtCA,EAAW,eAAe,KAAK,KAAK,aAAa,CAAC,CACpD,CAEA,OAAO,YAAYC,EAA8C,CAC/D,MAAMC,EAAQD,EAAa,iBAAiB,EAC5C,OAAO,IAAIsB,EAAiBrB,CAAK,CACnC,CAGF,EAjDaqB,EAMK,OAAS,GANpB,IAAMF,EAANE","names":["ed25519","Serializable","AuthenticationKey","Hex","AuthenticationKeyScheme","PrivateKeyVariants","CKDPriv","deriveKey","HARDENED_OFFSET","isValidHardenedPath","mnemonicToSeed","splitPath","PrivateKey","AccountPublicKey","Signature","convertSigningMessage","L","isCanonicalEd25519Signature","signature","s","i","_Ed25519PublicKey","hexInput","hex","args","message","messageToVerify","messageBytes","signatureBytes","publicKeyBytes","serializer","deserializer","bytes","publicKey","Ed25519PublicKey","_Ed25519PrivateKey","strict","privateKeyHex","keyPair","path","mnemonics","seed","offset","key","chainCode","segments","el","privateKey","parentKeys","segment","messageToSign","Ed25519Signature","Ed25519PrivateKey","_Ed25519Signature","data"]}
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/esm/core/crypto/ephemeral.mjs

@@ -1,2 +1,2 @@
-import{Deserializer as l}from"../../bcs";import{EphemeralPublicKeyVariant as t,EphemeralSignatureVariant as u}from"../../types";import{PublicKey as c}from"./publicKey";import{Signature as p}from"./signature";import{Ed25519PublicKey as n,Ed25519Signature as a}from"./ed25519";import{Hex as m}from"../hex";class s extends c{constructor(e){super();const r=e.constructor.name;switch(r){case n.name:this.publicKey=e,this.variant=t.Ed25519;break;default:throw new Error(`Unsupported key for EphemeralPublicKey - ${r}`)}}verifySignature(e){const{message:r,signature:i}=e;return this.publicKey.verifySignature({message:r,signature:i.signature})}async verifySignatureAsync(e){return this.verifySignature(e)}serialize(e){if(this.publicKey instanceof n)e.serializeU32AsUleb128(t.Ed25519),this.publicKey.serialize(e);else throw new Error("Unknown public key type")}static deserialize(e){const r=e.deserializeUleb128AsU32();switch(r){case t.Ed25519:return new s(n.deserialize(e));default:throw new Error(`Unknown variant index for EphemeralPublicKey: ${r}`)}}static isPublicKey(e){return e instanceof s}}class o extends p{constructor(e){super();const r=e.constructor.name;switch(r){case a.name:this.signature=e;break;default:throw new Error(`Unsupported signature for EphemeralSignature - ${r}`)}}static fromHex(e){const r=m.fromHexInput(e),i=new l(r.toUint8Array());return o.deserialize(i)}serialize(e){if(this.signature instanceof a)e.serializeU32AsUleb128(u.Ed25519),this.signature.serialize(e);else throw new Error("Unknown signature type")}static deserialize(e){const r=e.deserializeUleb128AsU32();switch(r){case u.Ed25519:return new o(a.deserialize(e));default:throw new Error(`Unknown variant index for EphemeralSignature: ${r}`)}}}export{s as EphemeralPublicKey,o as EphemeralSignature};
+import{a,b}from"../../chunk-PJTG745G.mjs";import"../../chunk-A5L76YP7.mjs";import"../../chunk-5HXLZHDW.mjs";import"../../chunk-GOXRBEIJ.mjs";import"../../chunk-XJJVJOX5.mjs";import"../../chunk-QNARIAVM.mjs";import"../../chunk-2PASUPUO.mjs";import"../../chunk-C3Q23D22.mjs";import"../../chunk-NECL5FCQ.mjs";import"../../chunk-4QMXOWHP.mjs";import"../../chunk-RQX6JOEN.mjs";import"../../chunk-WSR5EBJM.mjs";import"../../chunk-WCMW2L3P.mjs";import"../../chunk-V74WPKSY.mjs";import"../../chunk-UYVPNUH3.mjs";import"../../chunk-G3MHXDYA.mjs";import"../../chunk-626KB2UQ.mjs";import"../../chunk-XKUIMGKU.mjs";import"../../chunk-N6YTF76Q.mjs";import"../../chunk-FGFLPH5K.mjs";import"../../chunk-QREVMGQZ.mjs";import"../../chunk-V3MBJJTL.mjs";import"../../chunk-ZP4DWSQA.mjs";import"../../chunk-2OPKZKOB.mjs";import"../../chunk-FC72YL4B.mjs";import"../../chunk-YS5IUILF.mjs";import"../../chunk-PSSIJHHC.mjs";import"../../chunk-YOZBVVKL.mjs";import"../../chunk-R7FWJP3N.mjs";import"../../chunk-UL777LTI.mjs";import"../../chunk-7ECCT6PK.mjs";import"../../chunk-AQW4BUKF.mjs";import"../../chunk-E2U27PNC.mjs";import"../../chunk-LAPXUUHK.mjs";import"../../chunk-HGLO5LDS.mjs";import"../../chunk-CW35YAMN.mjs";import"../../chunk-YZHAI55C.mjs";import"../../chunk-FZY4PMEE.mjs";import"../../chunk-TOBQ5UE6.mjs";import"../../chunk-MT2RJ7H3.mjs";import"../../chunk-Q4W3WJ2U.mjs";import"../../chunk-ORMOQWWH.mjs";import"../../chunk-FLZPUYXQ.mjs";import"../../chunk-LA56UDUK.mjs";import"../../chunk-ZYE7UTJZ.mjs";import"../../chunk-RGKRCZ36.mjs";import"../../chunk-FD6FGKYY.mjs";import"../../chunk-MCFQE4GC.mjs";import"../../chunk-4WPQQPUF.mjs";import"../../chunk-EBMEXURY.mjs";import"../../chunk-STY74NUA.mjs";import"../../chunk-IF4UU2MT.mjs";import"../../chunk-56CNRT2K.mjs";import"../../chunk-NCKJ7X57.mjs";import"../../chunk-P5HCJN3A.mjs";import"../../chunk-OLILO7VD.mjs";import"../../chunk-H3EP5CGP.mjs";import"../../chunk-KDMSOCZY.mjs";export{a as EphemeralPublicKey,b as EphemeralSignature};
 //# sourceMappingURL=ephemeral.mjs.map

package/dist/esm/core/crypto/ephemeral.mjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/core/crypto/ephemeral.ts"],"sourcesContent":["import { Serializer, Deserializer } from \"../../bcs\";\nimport { EphemeralPublicKeyVariant, EphemeralSignatureVariant, HexInput } from \"../../types\";\nimport { PublicKey } from \"./publicKey\";\nimport { Signature } from \"./signature\";\nimport { Ed25519PublicKey, Ed25519Signature } from \"./ed25519\";\nimport { Hex } from \"../hex\";\nimport { AptosConfig } from \"../../api\";\n\n/**\n * Represents ephemeral public keys for Aptos Keyless accounts.\n *\n * These keys are used only temporarily within Keyless accounts and are not utilized as public keys for account identification.\n * @group Implementation\n * @category Serialization\n */\nexport class EphemeralPublicKey extends PublicKey {\n  /**\n   * The public key itself\n   * @group Implementation\n   * @category Serialization\n   */\n  public readonly publicKey: PublicKey;\n\n  /**\n   * An enum indicating the scheme of the ephemeral public key\n   * @group Implementation\n   * @category Serialization\n   */\n  public readonly variant: EphemeralPublicKeyVariant;\n\n  /**\n   * Creates an instance of EphemeralPublicKey using the provided public key.\n   * This constructor ensures that only supported signature types are accepted.\n   *\n   * @param publicKey - The public key to be used for the ephemeral public key.\n   * @throws Error if the signature type is unsupported.\n   * @group Implementation\n   * @category Serialization\n   */\n  constructor(publicKey: PublicKey) {\n    super();\n    const publicKeyType = publicKey.constructor.name;\n    switch (publicKeyType) {\n      case Ed25519PublicKey.name:\n        this.publicKey = publicKey;\n        this.variant = EphemeralPublicKeyVariant.Ed25519;\n        break;\n      default:\n        throw new Error(`Unsupported key for EphemeralPublicKey - ${publicKeyType}`);\n    }\n  }\n\n  /**\n   * Verifies a signed message using the ephemeral public key.\n   *\n   * @param args - The arguments for the verification.\n   * @param args.message - The message that was signed.\n   * @param args.signature - The signature that was signed by the private key of the ephemeral public key.\n   * @returns true if the signature is valid, otherwise false.\n   * @group Implementation\n   * @category Serialization\n   */\n  verifySignature(args: { message: HexInput; signature: EphemeralSignature }): boolean {\n    const { message, signature } = args;\n    return this.publicKey.verifySignature({ message, signature: signature.signature });\n  }\n\n  async verifySignatureAsync(args: {\n    aptosConfig: AptosConfig;\n    message: HexInput;\n    signature: EphemeralSignature;\n  }): Promise<boolean> {\n    return this.verifySignature(args);\n  }\n\n  /**\n   * Serializes the current instance, specifically handling the Ed25519 signature type.\n   * This function ensures that the signature is properly serialized using the provided serializer.\n   *\n   * @param serializer - The serializer instance used to serialize the signature.\n   * @throws Error if the signature type is unknown.\n   * @group Implementation\n   * @category Serialization\n   */\n  serialize(serializer: Serializer): void {\n    if (this.publicKey instanceof Ed25519PublicKey) {\n      serializer.serializeU32AsUleb128(EphemeralPublicKeyVariant.Ed25519);\n      this.publicKey.serialize(serializer);\n    } else {\n      throw new Error(\"Unknown public key type\");\n    }\n  }\n\n  /**\n   * Deserializes an EphemeralSignature from the provided deserializer.\n   * This function allows you to retrieve an EphemeralSignature based on the deserialized data.\n   *\n   * @param deserializer - The deserializer instance used to read the serialized data.\n   * @group Implementation\n   * @category Serialization\n   */\n  static deserialize(deserializer: Deserializer): EphemeralPublicKey {\n    const index = deserializer.deserializeUleb128AsU32();\n    switch (index) {\n      case EphemeralPublicKeyVariant.Ed25519:\n        return new EphemeralPublicKey(Ed25519PublicKey.deserialize(deserializer));\n      default:\n        throw new Error(`Unknown variant index for EphemeralPublicKey: ${index}`);\n    }\n  }\n\n  /**\n   * Determines if the provided public key is an instance of `EphemeralPublicKey`.\n   *\n   * @param publicKey - The public key to check.\n   * @returns A boolean indicating whether the public key is an ephemeral type.\n   * @group Implementation\n   * @category Serialization\n   */\n  static isPublicKey(publicKey: PublicKey): publicKey is EphemeralPublicKey {\n    return publicKey instanceof EphemeralPublicKey;\n  }\n}\n\n/**\n * Represents ephemeral signatures used in Aptos Keyless accounts.\n *\n * These signatures are utilized within the KeylessSignature framework.\n * @group Implementation\n * @category Serialization\n */\nexport class EphemeralSignature extends Signature {\n  /**\n   * The signature signed by the private key of an EphemeralKeyPair\n   * @group Implementation\n   * @category Serialization\n   */\n  public readonly signature: Signature;\n\n  constructor(signature: Signature) {\n    super();\n    const signatureType = signature.constructor.name;\n    switch (signatureType) {\n      case Ed25519Signature.name:\n        this.signature = signature;\n        break;\n      default:\n        throw new Error(`Unsupported signature for EphemeralSignature - ${signatureType}`);\n    }\n  }\n\n  /**\n   * Deserializes an ephemeral signature from a hexadecimal input.\n   * This function allows you to convert a hexadecimal representation of an ephemeral signature into its deserialized form for\n   * further processing.\n   *\n   * @param hexInput - The hexadecimal input representing the ephemeral signature.\n   * @group Implementation\n   * @category Serialization\n   */\n  static fromHex(hexInput: HexInput): EphemeralSignature {\n    const data = Hex.fromHexInput(hexInput);\n    const deserializer = new Deserializer(data.toUint8Array());\n    return EphemeralSignature.deserialize(deserializer);\n  }\n\n  serialize(serializer: Serializer): void {\n    if (this.signature instanceof Ed25519Signature) {\n      serializer.serializeU32AsUleb128(EphemeralSignatureVariant.Ed25519);\n      this.signature.serialize(serializer);\n    } else {\n      throw new Error(\"Unknown signature type\");\n    }\n  }\n\n  static deserialize(deserializer: Deserializer): EphemeralSignature {\n    const index = deserializer.deserializeUleb128AsU32();\n    switch (index) {\n      case EphemeralSignatureVariant.Ed25519:\n        return new EphemeralSignature(Ed25519Signature.deserialize(deserializer));\n      default:\n        throw new Error(`Unknown variant index for EphemeralSignature: ${index}`);\n    }\n  }\n}\n"],"mappings":"AAAA,OAAqB,gBAAAA,MAAoB,YACzC,OAAS,6BAAAC,EAA2B,6BAAAC,MAA2C,cAC/E,OAAS,aAAAC,MAAiB,cAC1B,OAAS,aAAAC,MAAiB,cAC1B,OAAS,oBAAAC,EAAkB,oBAAAC,MAAwB,YACnD,OAAS,OAAAC,MAAW,SAUb,MAAMC,UAA2BL,CAAU,CAwBhD,YAAYM,EAAsB,CAChC,MAAM,EACN,MAAMC,EAAgBD,EAAU,YAAY,KAC5C,OAAQC,EAAe,CACrB,KAAKL,EAAiB,KACpB,KAAK,UAAYI,EACjB,KAAK,QAAUR,EAA0B,QACzC,MACF,QACE,MAAM,IAAI,MAAM,4CAA4CS,CAAa,EAAE,CAC/E,CACF,CAYA,gBAAgBC,EAAqE,CACnF,KAAM,CAAE,QAAAC,EAAS,UAAAC,CAAU,EAAIF,EAC/B,OAAO,KAAK,UAAU,gBAAgB,CAAE,QAAAC,EAAS,UAAWC,EAAU,SAAU,CAAC,CACnF,CAEA,MAAM,qBAAqBF,EAIN,CACnB,OAAO,KAAK,gBAAgBA,CAAI,CAClC,CAWA,UAAUG,EAA8B,CACtC,GAAI,KAAK,qBAAqBT,EAC5BS,EAAW,sBAAsBb,EAA0B,OAAO,EAClE,KAAK,UAAU,UAAUa,CAAU,MAEnC,OAAM,IAAI,MAAM,yBAAyB,CAE7C,CAUA,OAAO,YAAYC,EAAgD,CACjE,MAAMC,EAAQD,EAAa,wBAAwB,EACnD,OAAQC,EAAO,CACb,KAAKf,EAA0B,QAC7B,OAAO,IAAIO,EAAmBH,EAAiB,YAAYU,CAAY,CAAC,EAC1E,QACE,MAAM,IAAI,MAAM,iDAAiDC,CAAK,EAAE,CAC5E,CACF,CAUA,OAAO,YAAYP,EAAuD,CACxE,OAAOA,aAAqBD,CAC9B,CACF,CASO,MAAMS,UAA2Bb,CAAU,CAQhD,YAAYS,EAAsB,CAChC,MAAM,EACN,MAAMK,EAAgBL,EAAU,YAAY,KAC5C,OAAQK,EAAe,CACrB,KAAKZ,EAAiB,KACpB,KAAK,UAAYO,EACjB,MACF,QACE,MAAM,IAAI,MAAM,kDAAkDK,CAAa,EAAE,CACrF,CACF,CAWA,OAAO,QAAQC,EAAwC,CACrD,MAAMC,EAAOb,EAAI,aAAaY,CAAQ,EAChCJ,EAAe,IAAIf,EAAaoB,EAAK,aAAa,CAAC,EACzD,OAAOH,EAAmB,YAAYF,CAAY,CACpD,CAEA,UAAUD,EAA8B,CACtC,GAAI,KAAK,qBAAqBR,EAC5BQ,EAAW,sBAAsBZ,EAA0B,OAAO,EAClE,KAAK,UAAU,UAAUY,CAAU,MAEnC,OAAM,IAAI,MAAM,wBAAwB,CAE5C,CAEA,OAAO,YAAYC,EAAgD,CACjE,MAAMC,EAAQD,EAAa,wBAAwB,EACnD,OAAQC,EAAO,CACb,KAAKd,EAA0B,QAC7B,OAAO,IAAIe,EAAmBX,EAAiB,YAAYS,CAAY,CAAC,EAC1E,QACE,MAAM,IAAI,MAAM,iDAAiDC,CAAK,EAAE,CAC5E,CACF,CACF","names":["Deserializer","EphemeralPublicKeyVariant","EphemeralSignatureVariant","PublicKey","Signature","Ed25519PublicKey","Ed25519Signature","Hex","EphemeralPublicKey","publicKey","publicKeyType","args","message","signature","serializer","deserializer","index","EphemeralSignature","signatureType","hexInput","data"]}
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/esm/core/crypto/federatedKeyless.mjs

@@ -1,2 +1,2 @@
-import{AccountPublicKey as o}from"./publicKey";import{Serializer as u}from"../../bcs";import{AnyPublicKeyVariant as c,SigningScheme as a}from"../../types";import{AuthenticationKey as l}from"../authenticationKey";import{AccountAddress as t}from"../accountAddress";import{KeylessPublicKey as r,verifyKeylessSignature as y,verifyKeylessSignatureWithJwkAndConfig as d}from"./keyless";class s extends o{constructor(e,i){super(),this.jwkAddress=t.from(e),this.keylessPublicKey=i}authKey(){const e=new u;return e.serializeU32AsUleb128(c.FederatedKeyless),e.serializeFixedBytes(this.bcsToBytes()),l.fromSchemeAndBytes({scheme:a.SingleKey,input:e.toUint8Array()})}verifySignature(e){try{return d({...e,publicKey:this}),!0}catch{return!1}}serialize(e){this.jwkAddress.serialize(e),this.keylessPublicKey.serialize(e)}static deserialize(e){const i=t.deserialize(e),n=r.deserialize(e);return new s(i,n)}static isPublicKey(e){return e instanceof s}async verifySignatureAsync(e){return y({...e,publicKey:this})}static create(e){return new s(e.jwkAddress,r.create(e))}static fromJwtAndPepper(e){return new s(e.jwkAddress,r.fromJwtAndPepper(e))}static isInstance(e){return"jwkAddress"in e&&e.jwkAddress instanceof t&&"keylessPublicKey"in e&&e.keylessPublicKey instanceof r}}export{s as FederatedKeylessPublicKey};
+import{B as a}from"../../chunk-PJTG745G.mjs";import"../../chunk-A5L76YP7.mjs";import"../../chunk-5HXLZHDW.mjs";import"../../chunk-GOXRBEIJ.mjs";import"../../chunk-XJJVJOX5.mjs";import"../../chunk-QNARIAVM.mjs";import"../../chunk-2PASUPUO.mjs";import"../../chunk-C3Q23D22.mjs";import"../../chunk-NECL5FCQ.mjs";import"../../chunk-4QMXOWHP.mjs";import"../../chunk-RQX6JOEN.mjs";import"../../chunk-WSR5EBJM.mjs";import"../../chunk-WCMW2L3P.mjs";import"../../chunk-V74WPKSY.mjs";import"../../chunk-UYVPNUH3.mjs";import"../../chunk-G3MHXDYA.mjs";import"../../chunk-626KB2UQ.mjs";import"../../chunk-XKUIMGKU.mjs";import"../../chunk-N6YTF76Q.mjs";import"../../chunk-FGFLPH5K.mjs";import"../../chunk-QREVMGQZ.mjs";import"../../chunk-V3MBJJTL.mjs";import"../../chunk-ZP4DWSQA.mjs";import"../../chunk-2OPKZKOB.mjs";import"../../chunk-FC72YL4B.mjs";import"../../chunk-YS5IUILF.mjs";import"../../chunk-PSSIJHHC.mjs";import"../../chunk-YOZBVVKL.mjs";import"../../chunk-R7FWJP3N.mjs";import"../../chunk-UL777LTI.mjs";import"../../chunk-7ECCT6PK.mjs";import"../../chunk-AQW4BUKF.mjs";import"../../chunk-E2U27PNC.mjs";import"../../chunk-LAPXUUHK.mjs";import"../../chunk-HGLO5LDS.mjs";import"../../chunk-CW35YAMN.mjs";import"../../chunk-YZHAI55C.mjs";import"../../chunk-FZY4PMEE.mjs";import"../../chunk-TOBQ5UE6.mjs";import"../../chunk-MT2RJ7H3.mjs";import"../../chunk-Q4W3WJ2U.mjs";import"../../chunk-ORMOQWWH.mjs";import"../../chunk-FLZPUYXQ.mjs";import"../../chunk-LA56UDUK.mjs";import"../../chunk-ZYE7UTJZ.mjs";import"../../chunk-RGKRCZ36.mjs";import"../../chunk-FD6FGKYY.mjs";import"../../chunk-MCFQE4GC.mjs";import"../../chunk-4WPQQPUF.mjs";import"../../chunk-EBMEXURY.mjs";import"../../chunk-STY74NUA.mjs";import"../../chunk-IF4UU2MT.mjs";import"../../chunk-56CNRT2K.mjs";import"../../chunk-NCKJ7X57.mjs";import"../../chunk-P5HCJN3A.mjs";import"../../chunk-OLILO7VD.mjs";import"../../chunk-H3EP5CGP.mjs";import"../../chunk-KDMSOCZY.mjs";export{a as FederatedKeylessPublicKey};
 //# sourceMappingURL=federatedKeyless.mjs.map

package/dist/esm/core/crypto/federatedKeyless.mjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/core/crypto/federatedKeyless.ts"],"sourcesContent":["// Copyright © Aptos Foundation\n// SPDX-License-Identifier: Apache-2.0\n\nimport { AccountPublicKey, PublicKey } from \"./publicKey\";\nimport { Deserializer, Serializer } from \"../../bcs\";\nimport { HexInput, AnyPublicKeyVariant, SigningScheme } from \"../../types\";\nimport { AuthenticationKey } from \"../authenticationKey\";\nimport { AccountAddress, AccountAddressInput } from \"../accountAddress\";\nimport {\n  KeylessConfiguration,\n  KeylessPublicKey,\n  KeylessSignature,\n  MoveJWK,\n  verifyKeylessSignature,\n  verifyKeylessSignatureWithJwkAndConfig,\n} from \"./keyless\";\nimport { AptosConfig } from \"../../api\";\nimport { Signature } from \"..\";\n\n/**\n * Represents the FederatedKeylessPublicKey public key\n *\n * These keys use an on-chain address as a source of truth for the JWK used to verify signatures.\n *\n * FederatedKeylessPublicKey authentication key is represented in the SDK as `AnyPublicKey`.\n * @group Implementation\n * @category Serialization\n */\nexport class FederatedKeylessPublicKey extends AccountPublicKey {\n  /**\n   * The address that contains the JWK set to be used for verification.\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly jwkAddress: AccountAddress;\n\n  /**\n   * The inner public key which contains the standard Keyless public key.\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly keylessPublicKey: KeylessPublicKey;\n\n  constructor(jwkAddress: AccountAddressInput, keylessPublicKey: KeylessPublicKey) {\n    super();\n    this.jwkAddress = AccountAddress.from(jwkAddress);\n    this.keylessPublicKey = keylessPublicKey;\n  }\n\n  /**\n   * Get the authentication key for the federated keyless public key\n   *\n   * @returns AuthenticationKey\n   * @group Implementation\n   * @category Serialization\n   */\n  authKey(): AuthenticationKey {\n    const serializer = new Serializer();\n    serializer.serializeU32AsUleb128(AnyPublicKeyVariant.FederatedKeyless);\n    serializer.serializeFixedBytes(this.bcsToBytes());\n    return AuthenticationKey.fromSchemeAndBytes({\n      scheme: SigningScheme.SingleKey,\n      input: serializer.toUint8Array(),\n    });\n  }\n\n  /**\n   * Verifies a signed data with a public key\n   *\n   * @param args.message message\n   * @param args.signature The signature\n   * @param args.jwk - The JWK to use for verification.\n   * @param args.keylessConfig - The keyless configuration to use for verification.\n   * @returns true if the signature is valid\n   * @group Implementation\n   * @category Serialization\n   */\n  verifySignature(args: {\n    message: HexInput;\n    signature: Signature;\n    jwk: MoveJWK;\n    keylessConfig: KeylessConfiguration;\n  }): boolean {\n    try {\n      verifyKeylessSignatureWithJwkAndConfig({ ...args, publicKey: this });\n      return true;\n    } catch (error) {\n      return false;\n    }\n  }\n\n  serialize(serializer: Serializer): void {\n    this.jwkAddress.serialize(serializer);\n    this.keylessPublicKey.serialize(serializer);\n  }\n\n  static deserialize(deserializer: Deserializer): FederatedKeylessPublicKey {\n    const jwkAddress = AccountAddress.deserialize(deserializer);\n    const keylessPublicKey = KeylessPublicKey.deserialize(deserializer);\n    return new FederatedKeylessPublicKey(jwkAddress, keylessPublicKey);\n  }\n\n  static isPublicKey(publicKey: PublicKey): publicKey is FederatedKeylessPublicKey {\n    return publicKey instanceof FederatedKeylessPublicKey;\n  }\n\n  /**\n   * Verifies a keyless signature for a given message.  It will fetch the keyless configuration and the JWK to\n   * use for verification from the appropriate network as defined by the aptosConfig.\n   *\n   * @param args.aptosConfig The aptos config to use for fetching the keyless configuration.\n   * @param args.message The message to verify the signature against.\n   * @param args.signature The signature to verify.\n   * @param args.options.throwErrorWithReason Whether to throw an error with the reason for the failure instead of returning false.\n   * @returns true if the signature is valid\n   */\n  async verifySignatureAsync(args: {\n    aptosConfig: AptosConfig;\n    message: HexInput;\n    signature: KeylessSignature;\n    options?: { throwErrorWithReason?: boolean };\n  }): Promise<boolean> {\n    return verifyKeylessSignature({\n      ...args,\n      publicKey: this,\n    });\n  }\n\n  /**\n   * Creates a FederatedKeylessPublicKey from the JWT components plus pepper\n   *\n   * @param args.iss the iss of the identity\n   * @param args.uidKey the key to use to get the uidVal in the JWT token\n   * @param args.uidVal the value of the uidKey in the JWT token\n   * @param args.aud the client ID of the application\n   * @param args.pepper The pepper used to maintain privacy of the account\n   * @returns FederatedKeylessPublicKey\n   * @group Implementation\n   * @category Serialization\n   */\n  static create(args: {\n    iss: string;\n    uidKey: string;\n    uidVal: string;\n    aud: string;\n    pepper: HexInput;\n    jwkAddress: AccountAddressInput;\n  }): FederatedKeylessPublicKey {\n    return new FederatedKeylessPublicKey(args.jwkAddress, KeylessPublicKey.create(args));\n  }\n\n  static fromJwtAndPepper(args: {\n    jwt: string;\n    pepper: HexInput;\n    jwkAddress: AccountAddressInput;\n    uidKey?: string;\n  }): FederatedKeylessPublicKey {\n    return new FederatedKeylessPublicKey(args.jwkAddress, KeylessPublicKey.fromJwtAndPepper(args));\n  }\n\n  static isInstance(publicKey: PublicKey) {\n    return (\n      \"jwkAddress\" in publicKey &&\n      publicKey.jwkAddress instanceof AccountAddress &&\n      \"keylessPublicKey\" in publicKey &&\n      publicKey.keylessPublicKey instanceof KeylessPublicKey\n    );\n  }\n}\n"],"mappings":"AAGA,OAAS,oBAAAA,MAAmC,cAC5C,OAAuB,cAAAC,MAAkB,YACzC,OAAmB,uBAAAC,EAAqB,iBAAAC,MAAqB,cAC7D,OAAS,qBAAAC,MAAyB,uBAClC,OAAS,kBAAAC,MAA2C,oBACpD,OAEE,oBAAAC,EAGA,0BAAAC,EACA,0CAAAC,MACK,YAaA,MAAMC,UAAkCT,CAAiB,CAe9D,YAAYU,EAAiCC,EAAoC,CAC/E,MAAM,EACN,KAAK,WAAaN,EAAe,KAAKK,CAAU,EAChD,KAAK,iBAAmBC,CAC1B,CASA,SAA6B,CAC3B,MAAMC,EAAa,IAAIX,EACvB,OAAAW,EAAW,sBAAsBV,EAAoB,gBAAgB,EACrEU,EAAW,oBAAoB,KAAK,WAAW,CAAC,EACzCR,EAAkB,mBAAmB,CAC1C,OAAQD,EAAc,UACtB,MAAOS,EAAW,aAAa,CACjC,CAAC,CACH,CAaA,gBAAgBC,EAKJ,CACV,GAAI,CACF,OAAAL,EAAuC,CAAE,GAAGK,EAAM,UAAW,IAAK,CAAC,EAC5D,EACT,MAAgB,CACd,MAAO,EACT,CACF,CAEA,UAAUD,EAA8B,CACtC,KAAK,WAAW,UAAUA,CAAU,EACpC,KAAK,iBAAiB,UAAUA,CAAU,CAC5C,CAEA,OAAO,YAAYE,EAAuD,CACxE,MAAMJ,EAAaL,EAAe,YAAYS,CAAY,EACpDH,EAAmBL,EAAiB,YAAYQ,CAAY,EAClE,OAAO,IAAIL,EAA0BC,EAAYC,CAAgB,CACnE,CAEA,OAAO,YAAYI,EAA8D,CAC/E,OAAOA,aAAqBN,CAC9B,CAYA,MAAM,qBAAqBI,EAKN,CACnB,OAAON,EAAuB,CAC5B,GAAGM,EACH,UAAW,IACb,CAAC,CACH,CAcA,OAAO,OAAOA,EAOgB,CAC5B,OAAO,IAAIJ,EAA0BI,EAAK,WAAYP,EAAiB,OAAOO,CAAI,CAAC,CACrF,CAEA,OAAO,iBAAiBA,EAKM,CAC5B,OAAO,IAAIJ,EAA0BI,EAAK,WAAYP,EAAiB,iBAAiBO,CAAI,CAAC,CAC/F,CAEA,OAAO,WAAWE,EAAsB,CACtC,MACE,eAAgBA,GAChBA,EAAU,sBAAsBV,GAChC,qBAAsBU,GACtBA,EAAU,4BAA4BT,CAE1C,CACF","names":["AccountPublicKey","Serializer","AnyPublicKeyVariant","SigningScheme","AuthenticationKey","AccountAddress","KeylessPublicKey","verifyKeylessSignature","verifyKeylessSignatureWithJwkAndConfig","FederatedKeylessPublicKey","jwkAddress","keylessPublicKey","serializer","args","deserializer","publicKey"]}
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/esm/core/crypto/hdKey.mjs

@@ -1,2 +1,2 @@
-import{hmac as a}from"@noble/hashes/hmac";import{sha512 as c}from"@noble/hashes/sha512";import*as p from"@scure/bip39";const d=/^m\/44'\/637'\/[0-9]+'\/[0-9]+'\/[0-9]+'?$/,m=/^m\/44'\/637'\/[0-9]+'\/[0-9]+\/[0-9]+$/;var y=(t=>(t.ED25519="ed25519 seed",t))(y||{});const u=2147483648;function D(e){return m.test(e)}function E(e){return d.test(e)}const A=(e,t)=>{const r=a.create(c,e).update(t).digest();return{key:r.slice(0,32),chainCode:r.slice(32)}},f=({key:e,chainCode:t},r)=>{const n=new ArrayBuffer(4);new DataView(n).setUint32(0,r);const i=new Uint8Array(n),o=new Uint8Array([0]),s=new Uint8Array([...o,...e,...i]);return A(t,s)},x=e=>e.replace(/'/g,""),U=e=>e.split("/").slice(1).map(x),h=e=>{const t=e.trim().split(/\s+/).map(r=>r.toLowerCase()).join(" ");return p.mnemonicToSeedSync(t)};export{m as APTOS_BIP44_REGEX,d as APTOS_HARDENED_REGEX,f as CKDPriv,u as HARDENED_OFFSET,y as KeyType,A as deriveKey,D as isValidBIP44Path,E as isValidHardenedPath,h as mnemonicToSeed,U as splitPath};
+import{a,b,c,d,e,f,g,h,i,j}from"../../chunk-C3Q23D22.mjs";import"../../chunk-KDMSOCZY.mjs";export{b as APTOS_BIP44_REGEX,a as APTOS_HARDENED_REGEX,h as CKDPriv,d as HARDENED_OFFSET,c as KeyType,g as deriveKey,e as isValidBIP44Path,f as isValidHardenedPath,j as mnemonicToSeed,i as splitPath};
 //# sourceMappingURL=hdKey.mjs.map

package/dist/esm/core/crypto/hdKey.mjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/core/crypto/hdKey.ts"],"sourcesContent":["// Copyright © Aptos Foundation\n// SPDX-License-Identifier: Apache-2.0\n\nimport { hmac } from \"@noble/hashes/hmac\";\nimport { sha512 } from \"@noble/hashes/sha512\";\nimport * as bip39 from \"@scure/bip39\";\n\n/**\n * Contains the derived cryptographic key as a Uint8Array.\n * @group Implementation\n * @category Serialization\n */\nexport type DerivedKeys = {\n  key: Uint8Array;\n  chainCode: Uint8Array;\n};\n\n/**\n * Aptos derive path is 637\n * @group Implementation\n * @category Serialization\n */\nexport const APTOS_HARDENED_REGEX = /^m\\/44'\\/637'\\/[0-9]+'\\/[0-9]+'\\/[0-9]+'?$/;\n\n/**\n * @group Implementation\n * @category Serialization\n */\nexport const APTOS_BIP44_REGEX = /^m\\/44'\\/637'\\/[0-9]+'\\/[0-9]+\\/[0-9]+$/;\n\n/**\n * Supported key types and their associated seeds.\n * @group Implementation\n * @category Serialization\n */\nexport enum KeyType {\n  ED25519 = \"ed25519 seed\",\n}\n\n/**\n * @group Implementation\n * @category Serialization\n */\nexport const HARDENED_OFFSET = 0x80000000;\n\n/**\n * Validate a BIP-44 derivation path string to ensure it meets the required format.\n * This function checks if the provided path adheres to the BIP-44 standard for Secp256k1.\n * Parse and validate a path that is compliant to BIP-44 in form m/44'/637'/{account_index}'/{change_index}/{address_index}\n * for Secp256k1\n *\n * Note that for Secp256k1, the last two components must be non-hardened.\n *\n * @param path - The path string to validate (e.g. `m/44'/637'/0'/0/0`).\n * @group Implementation\n * @category Serialization\n */\nexport function isValidBIP44Path(path: string): boolean {\n  return APTOS_BIP44_REGEX.test(path);\n}\n\n/**\n * Aptos derive path is 637\n *\n * Parse and validate a path that is compliant to SLIP-0010 and BIP-44\n * in form m/44'/637'/{account_index}'/{change_index}'/{address_index}'.\n * See SLIP-0010 {@link https://github.com/satoshilabs/slips/blob/master/slip-0044.md}\n * See BIP-44 {@link https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki}\n *\n * Note that for Ed25519, all components must be hardened.\n * This is because non-hardened [PK] derivation would not work due to Ed25519's lack of a key homomorphism.\n * Specifically, you cannot derive the PK associated with derivation path a/b/c given the PK of a/b.\n * This is because the PK in Ed25519 is, more or less, computed as 𝑔𝐻(𝑠𝑘),\n * with the hash function breaking the homomorphism.\n *\n * @param path - The derivation path string to validate (e.g. `m/44'/637'/0'/0'/0'`).\n * @group Implementation\n * @category Serialization\n */\nexport function isValidHardenedPath(path: string): boolean {\n  return APTOS_HARDENED_REGEX.test(path);\n}\n\n/**\n * @group Implementation\n * @category Serialization\n */\nexport const deriveKey = (hashSeed: Uint8Array | string, data: Uint8Array | string): DerivedKeys => {\n  const digest = hmac.create(sha512, hashSeed).update(data).digest();\n  return {\n    key: digest.slice(0, 32),\n    chainCode: digest.slice(32),\n  };\n};\n\n/**\n * Derive a child key from the private key\n * @param key\n * @param chainCode\n * @param index\n * @group Implementation\n * @category Serialization\n */\nexport const CKDPriv = ({ key, chainCode }: DerivedKeys, index: number): DerivedKeys => {\n  const buffer = new ArrayBuffer(4);\n  new DataView(buffer).setUint32(0, index);\n  const indexBytes = new Uint8Array(buffer);\n  const zero = new Uint8Array([0]);\n  const data = new Uint8Array([...zero, ...key, ...indexBytes]);\n  return deriveKey(chainCode, data);\n};\n\nconst removeApostrophes = (val: string): string => val.replace(/'/g, \"\");\n\n/**\n * Splits derive path into segments\n * @param path\n * @group Implementation\n * @category Serialization\n */\nexport const splitPath = (path: string): Array<string> => path.split(\"/\").slice(1).map(removeApostrophes);\n\n/**\n * Normalizes the mnemonic by removing extra whitespace and making it lowercase\n * @param mnemonic the mnemonic seed phrase\n * @group Implementation\n * @category Serialization\n */\nexport const mnemonicToSeed = (mnemonic: string): Uint8Array => {\n  const normalizedMnemonic = mnemonic\n    .trim()\n    .split(/\\s+/)\n    .map((part) => part.toLowerCase())\n    .join(\" \");\n  return bip39.mnemonicToSeedSync(normalizedMnemonic);\n};\n"],"mappings":"AAGA,OAAS,QAAAA,MAAY,qBACrB,OAAS,UAAAC,MAAc,uBACvB,UAAYC,MAAW,eAiBhB,MAAMC,EAAuB,6CAMvBC,EAAoB,0CAO1B,IAAKC,OACVA,EAAA,QAAU,eADAA,OAAA,IAQL,MAAMC,EAAkB,WAcxB,SAASC,EAAiBC,EAAuB,CACtD,OAAOJ,EAAkB,KAAKI,CAAI,CACpC,CAoBO,SAASC,EAAoBD,EAAuB,CACzD,OAAOL,EAAqB,KAAKK,CAAI,CACvC,CAMO,MAAME,EAAY,CAACC,EAA+BC,IAA2C,CAClG,MAAMC,EAASb,EAAK,OAAOC,EAAQU,CAAQ,EAAE,OAAOC,CAAI,EAAE,OAAO,EACjE,MAAO,CACL,IAAKC,EAAO,MAAM,EAAG,EAAE,EACvB,UAAWA,EAAO,MAAM,EAAE,CAC5B,CACF,EAUaC,EAAU,CAAC,CAAE,IAAAC,EAAK,UAAAC,CAAU,EAAgBC,IAA+B,CACtF,MAAMC,EAAS,IAAI,YAAY,CAAC,EAChC,IAAI,SAASA,CAAM,EAAE,UAAU,EAAGD,CAAK,EACvC,MAAME,EAAa,IAAI,WAAWD,CAAM,EAClCE,EAAO,IAAI,WAAW,CAAC,CAAC,CAAC,EACzBR,EAAO,IAAI,WAAW,CAAC,GAAGQ,EAAM,GAAGL,EAAK,GAAGI,CAAU,CAAC,EAC5D,OAAOT,EAAUM,EAAWJ,CAAI,CAClC,EAEMS,EAAqBC,GAAwBA,EAAI,QAAQ,KAAM,EAAE,EAQ1DC,EAAaf,GAAgCA,EAAK,MAAM,GAAG,EAAE,MAAM,CAAC,EAAE,IAAIa,CAAiB,EAQ3FG,EAAkBC,GAAiC,CAC9D,MAAMC,EAAqBD,EACxB,KAAK,EACL,MAAM,KAAK,EACX,IAAKE,GAASA,EAAK,YAAY,CAAC,EAChC,KAAK,GAAG,EACX,OAAOzB,EAAM,mBAAmBwB,CAAkB,CACpD","names":["hmac","sha512","bip39","APTOS_HARDENED_REGEX","APTOS_BIP44_REGEX","KeyType","HARDENED_OFFSET","isValidBIP44Path","path","isValidHardenedPath","deriveKey","hashSeed","data","digest","CKDPriv","key","chainCode","index","buffer","indexBytes","zero","removeApostrophes","val","splitPath","mnemonicToSeed","mnemonic","normalizedMnemonic","part"]}
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/esm/core/crypto/index.mjs

@@ -1,2 +1,2 @@
-export*from"./abstraction";export*from"./ed25519";export*from"./ephemeral";export*from"./federatedKeyless";export*from"./hdKey";export*from"./keyless";export*from"./multiEd25519";export*from"./multiKey";export*from"./poseidon";export*from"./privateKey";export*from"./publicKey";export*from"./secp256k1";export*from"./secp256r1";export*from"./signature";export*from"./singleKey";export*from"./types";export*from"./deserializationUtils";
+import{A as V,B as W,C as X,D as Y,E as Z,F as ca,G as da,H as ea,I as fa,J as ga,K as ha,L as ia,P as ja,Q as ka,R as la,S as ma,T as na,U as oa,a as q,b as r,c as x,d as y,e as z,f as A,g as B,h as C,i as D,j as E,k as F,l as G,m as H,n as I,o as J,p as K,q as L,r as M,s as N,t as O,u as P,v as Q,w as R,x as S,y as T,z as U}from"../../chunk-PJTG745G.mjs";import"../../chunk-A5L76YP7.mjs";import"../../chunk-5HXLZHDW.mjs";import{a as s,b as t,c as u,d as v,e as w}from"../../chunk-GOXRBEIJ.mjs";import"../../chunk-XJJVJOX5.mjs";import{a as _,b as $,c as aa,d as ba}from"../../chunk-QNARIAVM.mjs";import{a as p}from"../../chunk-2PASUPUO.mjs";import{a as f,b as g,c as h,d as i,e as j,f as k,g as l,h as m,i as n,j as o}from"../../chunk-C3Q23D22.mjs";import"../../chunk-NECL5FCQ.mjs";import"../../chunk-4QMXOWHP.mjs";import{a as d,b as e}from"../../chunk-RQX6JOEN.mjs";import{a,b}from"../../chunk-WSR5EBJM.mjs";import{a as c}from"../../chunk-WCMW2L3P.mjs";import"../../chunk-V74WPKSY.mjs";import"../../chunk-UYVPNUH3.mjs";import"../../chunk-G3MHXDYA.mjs";import"../../chunk-626KB2UQ.mjs";import"../../chunk-XKUIMGKU.mjs";import"../../chunk-N6YTF76Q.mjs";import"../../chunk-FGFLPH5K.mjs";import"../../chunk-QREVMGQZ.mjs";import"../../chunk-V3MBJJTL.mjs";import"../../chunk-ZP4DWSQA.mjs";import"../../chunk-2OPKZKOB.mjs";import"../../chunk-FC72YL4B.mjs";import"../../chunk-YS5IUILF.mjs";import"../../chunk-PSSIJHHC.mjs";import"../../chunk-YOZBVVKL.mjs";import"../../chunk-R7FWJP3N.mjs";import"../../chunk-UL777LTI.mjs";import"../../chunk-7ECCT6PK.mjs";import"../../chunk-AQW4BUKF.mjs";import"../../chunk-E2U27PNC.mjs";import"../../chunk-LAPXUUHK.mjs";import"../../chunk-HGLO5LDS.mjs";import"../../chunk-CW35YAMN.mjs";import"../../chunk-YZHAI55C.mjs";import"../../chunk-FZY4PMEE.mjs";import"../../chunk-TOBQ5UE6.mjs";import"../../chunk-MT2RJ7H3.mjs";import"../../chunk-Q4W3WJ2U.mjs";import"../../chunk-ORMOQWWH.mjs";import"../../chunk-FLZPUYXQ.mjs";import"../../chunk-LA56UDUK.mjs";import"../../chunk-ZYE7UTJZ.mjs";import"../../chunk-RGKRCZ36.mjs";import"../../chunk-FD6FGKYY.mjs";import"../../chunk-MCFQE4GC.mjs";import"../../chunk-4WPQQPUF.mjs";import"../../chunk-EBMEXURY.mjs";import"../../chunk-STY74NUA.mjs";import"../../chunk-IF4UU2MT.mjs";import"../../chunk-56CNRT2K.mjs";import"../../chunk-NCKJ7X57.mjs";import"../../chunk-P5HCJN3A.mjs";import"../../chunk-OLILO7VD.mjs";import"../../chunk-H3EP5CGP.mjs";import"../../chunk-KDMSOCZY.mjs";export{g as APTOS_BIP44_REGEX,f as APTOS_HARDENED_REGEX,ea as AbstractMultiKey,e as AbstractPublicKey,d as AbstractSignature,b as AccountPublicKey,ca as AnyPublicKey,da as AnySignature,m as CKDPriv,x as EPK_HORIZON_SECS,la as Ed25519PrivateKey,ka as Ed25519PublicKey,ma as Ed25519Signature,K as EphemeralCertificate,q as EphemeralPublicKey,r as EphemeralSignature,W as FederatedKeylessPublicKey,M as Groth16ProofAndStatement,Q as Groth16VerificationKey,L as Groth16Zkp,i as HARDENED_OFFSET,h as KeyType,P as KeylessConfiguration,F as KeylessPublicKey,J as KeylessSignature,y as MAX_AUD_VAL_BYTES,E as MAX_COMMITED_EPK_BYTES,C as MAX_EXTRA_FIELD_BYTES,B as MAX_ISS_VAL_BYTES,D as MAX_JWT_HEADER_B64_BYTES,z as MAX_UID_KEY_BYTES,A as MAX_UID_VAL_BYTES,U as MoveJWK,ha as MultiEd25519PublicKey,ia as MultiEd25519Signature,fa as MultiKey,ga as MultiKeySignature,p as PrivateKey,a as PublicKey,Y as Secp256k1PrivateKey,X as Secp256k1PublicKey,Z as Secp256k1Signature,$ as Secp256r1PrivateKey,_ as Secp256r1PublicKey,ba as Secp256r1Signature,c as Signature,aa as WebAuthnSignature,O as ZeroKnowledgeSig,N as ZkProof,v as bigIntToBytesLE,u as bytesToBigIntLE,l as deriveKey,na as deserializePublicKey,oa as deserializeSignature,I as fetchJWK,S as getIssAudAndUidVal,R as getKeylessConfig,T as getKeylessJWKs,s as hashStrToField,ja as isCanonicalEd25519Signature,j as isValidBIP44Path,k as isValidHardenedPath,o as mnemonicToSeed,t as padAndPackBytesWithLen,V as parseJwtHeader,w as poseidonHash,n as splitPath,G as verifyKeylessSignature,H as verifyKeylessSignatureWithJwkAndConfig};
 //# sourceMappingURL=index.mjs.map

package/dist/esm/core/crypto/index.mjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/core/crypto/index.ts"],"sourcesContent":["// Copyright © Aptos Foundation\n// SPDX-License-Identifier: Apache-2.0\n\nexport * from \"./abstraction\";\nexport * from \"./ed25519\";\nexport * from \"./ephemeral\";\nexport * from \"./federatedKeyless\";\nexport * from \"./hdKey\";\nexport * from \"./keyless\";\nexport * from \"./multiEd25519\";\nexport * from \"./multiKey\";\nexport * from \"./poseidon\";\nexport * from \"./privateKey\";\nexport * from \"./publicKey\";\nexport * from \"./secp256k1\";\nexport * from \"./secp256r1\";\nexport * from \"./signature\";\nexport * from \"./singleKey\";\nexport * from \"./types\";\nexport * from \"./deserializationUtils\";\n"],"mappings":"AAGA,WAAc,gBACd,WAAc,YACd,WAAc,cACd,WAAc,qBACd,WAAc,UACd,WAAc,YACd,WAAc,iBACd,WAAc,aACd,WAAc,aACd,WAAc,eACd,WAAc,cACd,WAAc,cACd,WAAc,cACd,WAAc,cACd,WAAc,cACd,WAAc,UACd,WAAc","names":[]}
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/esm/core/crypto/keyless.mjs

@@ -1,2 +1,2 @@
-import{jwtDecode as N}from"jwt-decode";import{sha3_256 as oe}from"@noble/hashes/sha3";import{AccountPublicKey as ne}from"./publicKey";import{Signature as G}from"./signature";import{Deserializer as C,Serializable as K,Serializer as M}from"../../bcs";import{Hex as w,hexToAsciiString as ae}from"../hex";import{EphemeralCertificateVariant as O,AnyPublicKeyVariant as ce,SigningScheme as le,ZkpVariant as L}from"../../types";import{EphemeralPublicKey as B,EphemeralSignature as H}from"./ephemeral";import{bigIntToBytesLE as Y,bytesToBigIntLE as R,hashStrToField as g,padAndPackBytesWithLen as pe,poseidonHash as U}from"./poseidon";import{AuthenticationKey as ue}from"../authenticationKey";import{Proof as ye}from"./proof";import{Ed25519PublicKey as Z,Ed25519Signature as de}from"./ed25519";import{getAptosFullNode as v}from"../../client";import{memoizeAsync as he}from"../../utils/memoize";import{AccountAddress as F}from"../accountAddress";import{base64UrlToBytes as ge,getErrorMessage as me,nowInSeconds as fe}from"../../utils";import{KeylessError as c,KeylessErrorType as l}from"../../errors";import{bn254 as d}from"@noble/curves/bn254";import{bytesToNumberBE as we}from"@noble/curves/abstract/utils";import{FederatedKeylessPublicKey as xe}from"./federatedKeyless";import{encode as be}from"js-base64";import{generateSigningMessage as Se}from"../..";const Ae=1e7,V=120,Ee=30,Ke=330,Pe=120,Ie=350,ke=300,ve=93,h=class h extends ne{constructor(e,t){super();const r=w.fromHexInput(t).toUint8Array();if(r.length!==h.ID_COMMITMENT_LENGTH)throw new Error(`Id Commitment length in bytes should be ${h.ID_COMMITMENT_LENGTH}`);this.iss=e,this.idCommitment=r}authKey(){const e=new M;return e.serializeU32AsUleb128(ce.Keyless),e.serializeFixedBytes(this.bcsToBytes()),ue.fromSchemeAndBytes({scheme:le.SingleKey,input:e.toUint8Array()})}verifySignature(e){try{return $({...e,publicKey:this}),!0}catch(t){if(t instanceof c)return!1;throw t}}async verifySignatureAsync(e){return _e({...e,publicKey:this})}serialize(e){e.serializeStr(this.iss),e.serializeBytes(this.idCommitment)}static deserialize(e){const t=e.deserializeStr(),r=e.deserializeBytes();return new h(t,r)}static load(e){const t=e.deserializeStr(),r=e.deserializeBytes();return new h(t,r)}static isPublicKey(e){return e instanceof h}static create(e){return X(e),new h(e.iss,X(e))}static fromJwtAndPepper(e){const{jwt:t,pepper:r,uidKey:i="sub"}=e,s=N(t);if(typeof s.iss!="string")throw new Error("iss was not found");if(typeof s.aud!="string")throw new Error("aud was not found or an array of values");const o=s[i];return h.create({iss:s.iss,uidKey:i,uidVal:o,aud:s.aud,pepper:r})}static isInstance(e){return"iss"in e&&typeof e.iss=="string"&&"idCommitment"in e&&e.idCommitment instanceof Uint8Array}};h.ID_COMMITMENT_LENGTH=32;let P=h;async function _e(a){const{aptosConfig:e,publicKey:t,message:r,signature:i,jwk:s,keylessConfig:o=await Ge({aptosConfig:e}),options:n}=a;try{if(!(i instanceof A))throw c.fromErrorType({type:l.SIGNATURE_TYPE_INVALID,details:"Not a keyless signature"});return $({message:r,publicKey:t,signature:i,jwk:s||await ze({aptosConfig:e,publicKey:t,kid:i.getJwkKid()}),keylessConfig:o}),!0}catch(p){if(n?.throwErrorWithReason)throw p;return!1}}function $(a){const{publicKey:e,message:t,signature:r,keylessConfig:i,jwk:s}=a,{verificationKey:o,maxExpHorizonSecs:n,trainingWheelsPubkey:p}=i;if(!(r instanceof A))throw c.fromErrorType({type:l.SIGNATURE_TYPE_INVALID,details:"Not a keyless signature"});if(!(r.ephemeralCertificate.signature instanceof b))throw c.fromErrorType({type:l.SIGNATURE_TYPE_INVALID,details:"Unsupported ephemeral certificate variant"});const u=r.ephemeralCertificate.signature;if(!(u.proof.proof instanceof S))throw c.fromErrorType({type:l.SIGNATURE_TYPE_INVALID,details:"Unsupported proof variant for ZeroKnowledgeSig"});const y=u.proof.proof;if(r.expiryDateSecs<fe())throw c.fromErrorType({type:l.SIGNATURE_EXPIRED,details:"The expiryDateSecs is in the past"});if(u.expHorizonSecs>n)throw c.fromErrorType({type:l.MAX_EXPIRY_HORIZON_EXCEEDED});if(!r.ephemeralPublicKey.verifySignature({message:t,signature:r.ephemeralSignature}))throw c.fromErrorType({type:l.EPHEMERAL_SIGNATURE_VERIFICATION_FAILED});const f=Te({publicKey:e,signature:r,jwk:s,keylessConfig:i});if(!o.verifyProof({publicInputsHash:f,groth16Proof:y}))throw c.fromErrorType({type:l.PROOF_VERIFICATION_FAILED});if(p){if(!u.trainingWheelsSignature)throw c.fromErrorType({type:l.TRAINING_WHEELS_SIGNATURE_MISSING});const E=new W(y,f);if(!p.verifySignature({message:E.hash(),signature:u.trainingWheelsSignature}))throw c.fromErrorType({type:l.TRAINING_WHEELS_SIGNATURE_VERIFICATION_FAILED})}}function Te(a){const{publicKey:e,signature:t,jwk:r,keylessConfig:i}=a,s=e instanceof P?e:e.keylessPublicKey;if(!(t.ephemeralCertificate.signature instanceof b))throw new Error("Signature is not a ZeroKnowledgeSig");const o=t.ephemeralCertificate.signature,n=[];return n.push(...pe(t.ephemeralPublicKey.toUint8Array(),i.maxCommitedEpkBytes)),n.push(R(s.idCommitment)),n.push(t.expiryDateSecs),n.push(o.expHorizonSecs),n.push(g(s.iss,i.maxIssValBytes)),o.extraField?(n.push(1n),n.push(g(o.extraField,i.maxExtraFieldBytes))):(n.push(0n),n.push(g(" ",i.maxExtraFieldBytes))),n.push(g(be(t.jwtHeader,!0)+".",i.maxJwtHeaderB64Bytes)),n.push(r.toScalar()),o.overrideAudVal?(n.push(g(o.overrideAudVal,V)),n.push(1n)):(n.push(g("",V)),n.push(0n)),U(n)}async function ze(a){const{aptosConfig:e,publicKey:t,kid:r}=a,i=t instanceof P?t:t.keylessPublicKey,{iss:s}=i;let o;const n=t instanceof xe?t.jwkAddress:void 0;try{o=await He({aptosConfig:e,jwkAddr:n})}catch(y){throw c.fromErrorType({type:l.FULL_NODE_JWKS_LOOKUP_ERROR,error:y,details:`Failed to fetch ${n?"Federated":"Patched"}JWKs ${n?`for address ${n}`:"0x1"}`})}const p=o.get(s);if(p===void 0)throw c.fromErrorType({type:l.INVALID_JWT_ISS_NOT_RECOGNIZED,details:`JWKs for issuer ${s} not found.`});const u=p.find(y=>y.kid===r);if(u===void 0)throw c.fromErrorType({type:l.INVALID_JWT_JWK_NOT_FOUND,details:`JWK with kid '${r}' for issuer '${s}' not found.`});return u}function X(a){const{uidKey:e,uidVal:t,aud:r,pepper:i}=a,s=[R(w.fromHexInput(i).toUint8Array()),g(r,V),g(t,Ke),g(e,Ee)];return Y(U(s),P.ID_COMMITMENT_LENGTH)}class A extends G{constructor(e){super();const{jwtHeader:t,ephemeralCertificate:r,expiryDateSecs:i,ephemeralPublicKey:s,ephemeralSignature:o}=e;this.jwtHeader=t,this.ephemeralCertificate=r,this.expiryDateSecs=i,this.ephemeralPublicKey=s,this.ephemeralSignature=o}getJwkKid(){return Ue(this.jwtHeader).kid}serialize(e){this.ephemeralCertificate.serialize(e),e.serializeStr(this.jwtHeader),e.serializeU64(this.expiryDateSecs),this.ephemeralPublicKey.serialize(e),this.ephemeralSignature.serialize(e)}static deserialize(e){const t=_.deserialize(e),r=e.deserializeStr(),i=e.deserializeU64(),s=B.deserialize(e),o=H.deserialize(e);return new A({jwtHeader:r,expiryDateSecs:Number(i),ephemeralCertificate:t,ephemeralPublicKey:s,ephemeralSignature:o})}static getSimulationSignature(){return new A({jwtHeader:"{}",ephemeralCertificate:new _(new b({proof:new T(new S({a:new Uint8Array(32),b:new Uint8Array(64),c:new Uint8Array(32)}),L.Groth16),expHorizonSecs:0}),O.ZkProof),expiryDateSecs:0,ephemeralPublicKey:new B(new Z(new Uint8Array(32))),ephemeralSignature:new H(new de(new Uint8Array(64)))})}static isSignature(e){return e instanceof A}}class _ extends G{constructor(e,t){super(),this.signature=e,this.variant=t}toUint8Array(){return this.signature.toUint8Array()}serialize(e){e.serializeU32AsUleb128(this.variant),this.signature.serialize(e)}static deserialize(e){const t=e.deserializeUleb128AsU32();switch(t){case O.ZkProof:return new _(b.deserialize(e),t);default:throw new Error(`Unknown variant index for EphemeralCertificate: ${t}`)}}}const I=class I extends K{constructor(e){if(super(),this.data=w.fromHexInput(e).toUint8Array(),this.data.length!==32)throw new Error("Input needs to be 32 bytes")}serialize(e){e.serializeFixedBytes(this.data)}static deserialize(e){const t=e.deserializeFixedBytes(32);return new I(t)}toArray(){const e=this.toProjectivePoint();return[e.x.toString(),e.y.toString(),e.pz.toString()]}toProjectivePoint(){const e=new Uint8Array(this.data);e.reverse();const t=(e[0]&128)>>7,{Fp:r}=d.fields,i=r.create(J(e)),s=r.sqrt(r.add(r.pow(i,3n),I.B)),o=r.neg(s),n=s>o==(t===1)?s:o;return d.G1.ProjectivePoint.fromAffine({x:i,y:n})}};I.B=d.fields.Fp.create(3n);let m=I;function J(a){if(a.length!==32)throw new Error("Input should be 32 bytes");const e=new Uint8Array(a);return e[0]=e[0]&63,we(e)}const k=class k extends K{constructor(e){if(super(),this.data=w.fromHexInput(e).toUint8Array(),this.data.length!==64)throw new Error("Input needs to be 64 bytes")}serialize(e){e.serializeFixedBytes(this.data)}static deserialize(e){const t=e.deserializeFixedBytes(64);return new k(t)}toArray(){const e=this.toProjectivePoint();return[[e.x.c0.toString(),e.x.c1.toString()],[e.y.c0.toString(),e.y.c1.toString()],[e.pz.c0.toString(),e.pz.c1.toString()]]}toProjectivePoint(){const e=new Uint8Array(this.data),t=e.slice(0,32).reverse(),r=e.slice(32,64).reverse(),i=(r[0]&128)>>7,{Fp2:s}=d.fields,o=s.fromBigTuple([J(t),J(r)]),n=s.sqrt(s.add(s.pow(o,3n),k.B)),p=s.neg(n),y=(n.c1>p.c1||n.c1===p.c1&&n.c0>p.c0)===(i===1)?n:p;return d.G2.ProjectivePoint.fromAffine({x:o,y})}};k.B=d.fields.Fp2.fromBigTuple([19485874751759354771024239261021720505790618469301721065564631296452457478373n,266929791119991161246907387137283842545076965332900288569378510910307636690n]);let x=k;class S extends ye{constructor(e){super();const{a:t,b:r,c:i}=e;this.a=new m(t),this.b=new x(r),this.c=new m(i)}serialize(e){this.a.serialize(e),this.b.serialize(e),this.c.serialize(e)}static deserialize(e){const t=m.deserialize(e).bcsToBytes(),r=x.deserialize(e).bcsToBytes(),i=m.deserialize(e).bcsToBytes();return new S({a:t,b:r,c:i})}toSnarkJsJson(){return{protocol:"groth16",curve:"bn128",pi_a:this.a.toArray(),pi_b:this.b.toArray(),pi_c:this.c.toArray()}}}class W extends K{constructor(t,r){super();this.domainSeparator="APTOS::Groth16ProofAndStatement";if(this.proof=t,this.publicInputsHash=typeof r=="bigint"?Y(r,32):w.fromHexInput(r).toUint8Array(),this.publicInputsHash.length!==32)throw new Error("Invalid public inputs hash")}serialize(t){this.proof.serialize(t),t.serializeFixedBytes(this.publicInputsHash)}static deserialize(t){return new W(S.deserialize(t),t.deserializeFixedBytes(32))}hash(){return Se(this.bcsToBytes(),this.domainSeparator)}}class T extends K{constructor(e,t){super(),this.proof=e,this.variant=t}serialize(e){e.serializeU32AsUleb128(this.variant),this.proof.serialize(e)}static deserialize(e){const t=e.deserializeUleb128AsU32();switch(t){case L.Groth16:return new T(S.deserialize(e),t);default:throw new Error(`Unknown variant index for ZkProof: ${t}`)}}}class b extends G{constructor(e){super();const{proof:t,expHorizonSecs:r,trainingWheelsSignature:i,extraField:s,overrideAudVal:o}=e;this.proof=t,this.expHorizonSecs=r,this.trainingWheelsSignature=i,this.extraField=s,this.overrideAudVal=o}static fromBytes(e){return b.deserialize(new C(e))}serialize(e){this.proof.serialize(e),e.serializeU64(this.expHorizonSecs),e.serializeOption(this.extraField),e.serializeOption(this.overrideAudVal),e.serializeOption(this.trainingWheelsSignature)}static deserialize(e){const t=T.deserialize(e),r=Number(e.deserializeU64()),i=e.deserializeOption("string"),s=e.deserializeOption("string"),o=e.deserializeOption(H);return new b({proof:t,expHorizonSecs:r,trainingWheelsSignature:o,extraField:i,overrideAudVal:s})}}class j{constructor(e){const{verificationKey:t,trainingWheelsPubkey:r,maxExpHorizonSecs:i=Ae,maxExtraFieldBytes:s=Ie,maxJwtHeaderB64Bytes:o=ke,maxIssValBytes:n=Pe,maxCommitedEpkBytes:p=ve}=e;this.verificationKey=t,this.maxExpHorizonSecs=i,r&&(this.trainingWheelsPubkey=new B(new Z(r))),this.maxExtraFieldBytes=s,this.maxJwtHeaderB64Bytes=o,this.maxIssValBytes=n,this.maxCommitedEpkBytes=p}static create(e,t){return new j({verificationKey:new D({alphaG1:e.alpha_g1,betaG2:e.beta_g2,deltaG2:e.delta_g2,gammaAbcG1:e.gamma_abc_g1,gammaG2:e.gamma_g2}),maxExpHorizonSecs:Number(t.max_exp_horizon_secs),trainingWheelsPubkey:t.training_wheels_pubkey.vec[0],maxExtraFieldBytes:t.max_extra_field_bytes,maxJwtHeaderB64Bytes:t.max_jwt_header_b64_bytes,maxIssValBytes:t.max_iss_val_bytes,maxCommitedEpkBytes:t.max_commited_epk_bytes})}}class D{constructor(e){const{alphaG1:t,betaG2:r,deltaG2:i,gammaAbcG1:s,gammaG2:o}=e;this.alphaG1=new m(t),this.betaG2=new x(r),this.deltaG2=new x(i),this.gammaAbcG1=[new m(s[0]),new m(s[1])],this.gammaG2=new x(o)}hash(){const e=new M;return this.serialize(e),oe.create().update(e.toUint8Array()).digest()}serialize(e){this.alphaG1.serialize(e),this.betaG2.serialize(e),this.deltaG2.serialize(e),this.gammaAbcG1[0].serialize(e),this.gammaAbcG1[1].serialize(e),this.gammaG2.serialize(e)}static fromGroth16VerificationKeyResponse(e){return new D({alphaG1:e.alpha_g1,betaG2:e.beta_g2,deltaG2:e.delta_g2,gammaAbcG1:e.gamma_abc_g1,gammaG2:e.gamma_g2})}verifyProof(e){const{publicInputsHash:t,groth16Proof:r}=e;try{const i=r.a.toProjectivePoint(),s=r.b.toProjectivePoint(),o=r.c.toProjectivePoint(),n=this.alphaG1.toProjectivePoint(),p=this.betaG2.toProjectivePoint(),u=this.gammaG2.toProjectivePoint(),y=this.deltaG2.toProjectivePoint(),f=this.gammaAbcG1.map(se=>se.toProjectivePoint()),{Fp12:E}=d.fields;let q=f[0].add(f[1].multiply(t));const Q=d.pairing(q,u),ee=d.pairing(i,s),te=d.pairing(n,p),re=d.pairing(o,y),ie=E.mul(te,E.mul(Q,re));return E.eql(ee,ie)}catch(i){throw c.fromErrorType({type:l.PROOF_VERIFICATION_FAILED,error:i,details:"Error encountered when checking zero knowledge relation"})}}toSnarkJsJson(){return{protocol:"groth16",curve:"bn128",nPublic:1,vk_alpha_1:this.alphaG1.toArray(),vk_beta_2:this.betaG2.toArray(),vk_gamma_2:this.gammaG2.toArray(),vk_delta_2:this.deltaG2.toArray(),IC:this.gammaAbcG1.map(e=>e.toArray())}}}async function Ge(a){const{aptosConfig:e}=a;try{return await he(async()=>{const[t,r]=await Promise.all([Ce(a),Be(a)]);return j.create(r,t)},`keyless-configuration-${e.network}`,1e3*60*5)()}catch(t){throw t instanceof c?t:c.fromErrorType({type:l.FULL_NODE_OTHER,error:t})}}function Et(a){const{jwt:e,uidKey:t="sub"}=a;let r;try{r=N(e)}catch(s){throw c.fromErrorType({type:l.JWT_PARSING_ERROR,details:`Failed to parse JWT - ${me(s)}`})}if(typeof r.iss!="string")throw c.fromErrorType({type:l.JWT_PARSING_ERROR,details:"JWT is missing 'iss' in the payload. This should never happen."});if(typeof r.aud!="string")throw c.fromErrorType({type:l.JWT_PARSING_ERROR,details:"JWT is missing 'aud' in the payload or 'aud' is an array of values."});const i=r[t];return{iss:r.iss,aud:r.aud,uidVal:i}}async function Ce(a){const{aptosConfig:e,options:t}=a,r="0x1::keyless_account::Configuration";try{const{data:i}=await v({aptosConfig:e,originMethod:"getKeylessConfigurationResource",path:`accounts/${F.from("0x1").toString()}/resource/${r}`,params:{ledger_version:t?.ledgerVersion}});return i.data}catch(i){throw c.fromErrorType({type:l.FULL_NODE_CONFIG_LOOKUP_ERROR,error:i})}}async function Be(a){const{aptosConfig:e,options:t}=a,r="0x1::keyless_account::Groth16VerificationKey";try{const{data:i}=await v({aptosConfig:e,originMethod:"getGroth16VerificationKeyResource",path:`accounts/${F.from("0x1").toString()}/resource/${r}`,params:{ledger_version:t?.ledgerVersion}});return i.data}catch(i){throw c.fromErrorType({type:l.FULL_NODE_VERIFICATION_KEY_LOOKUP_ERROR,error:i})}}async function He(a){const{aptosConfig:e,jwkAddr:t,options:r}=a;let i;if(t){const o="0x1::jwks::FederatedJWKs",{data:n}=await v({aptosConfig:e,originMethod:"getKeylessJWKs",path:`accounts/${F.from(t).toString()}/resource/${o}`,params:{ledger_version:r?.ledgerVersion}});i=n}else{const o="0x1::jwks::PatchedJWKs",{data:n}=await v({aptosConfig:e,originMethod:"getKeylessJWKs",path:`accounts/0x1/resource/${o}`,params:{ledger_version:r?.ledgerVersion}});i=n}const s=new Map;for(const o of i.data.jwks.entries){const n=[];for(const p of o.jwks){const{data:u}=p.variant,y=new C(w.fromHexInput(u).toUint8Array()),f=z.deserialize(y);n.push(f)}s.set(ae(o.issuer),n)}return s}class z extends K{constructor(e){super();const{kid:t,kty:r,alg:i,e:s,n:o}=e;this.kid=t,this.kty=r,this.alg=i,this.e=s,this.n=o}serialize(e){e.serializeStr(this.kid),e.serializeStr(this.kty),e.serializeStr(this.alg),e.serializeStr(this.e),e.serializeStr(this.n)}static fromMoveStruct(e){const{data:t}=e.variant,r=new C(w.fromHexInput(t).toUint8Array());return z.deserialize(r)}toScalar(){if(this.alg!=="RS256")throw c.fromErrorType({type:l.PROOF_VERIFICATION_FAILED,details:"Failed to convert JWK to scalar when calculating the public inputs hash. Only RSA 256 is supported currently"});const e=ge(this.n),r=Re(e.reverse()).map(i=>R(i));return r.push(256n),U(r)}static deserialize(e){const t=e.deserializeStr(),r=e.deserializeStr(),i=e.deserializeStr(),s=e.deserializeStr(),o=e.deserializeStr();return new z({kid:t,kty:r,alg:i,n:o,e:s})}}function Re(a){const e=[];for(let t=0;t<a.length;t+=24){const r=a.slice(t,Math.min(t+24,a.length));if(r.length<24){const i=new Uint8Array(24);i.set(r),e.push(i)}else e.push(r)}return e}function Ue(a){try{const e=JSON.parse(a);if(e.kid===void 0)throw new Error("JWT header missing kid");return e}catch{throw new Error("Failed to parse JWT header.")}}export{Ae as EPK_HORIZON_SECS,_ as EphemeralCertificate,W as Groth16ProofAndStatement,D as Groth16VerificationKey,S as Groth16Zkp,j as KeylessConfiguration,P as KeylessPublicKey,A as KeylessSignature,V as MAX_AUD_VAL_BYTES,ve as MAX_COMMITED_EPK_BYTES,Ie as MAX_EXTRA_FIELD_BYTES,Pe as MAX_ISS_VAL_BYTES,ke as MAX_JWT_HEADER_B64_BYTES,Ee as MAX_UID_KEY_BYTES,Ke as MAX_UID_VAL_BYTES,z as MoveJWK,b as ZeroKnowledgeSig,T as ZkProof,ze as fetchJWK,Et as getIssAudAndUidVal,Ge as getKeylessConfig,He as getKeylessJWKs,Ue as parseJwtHeader,_e as verifyKeylessSignature,$ as verifyKeylessSignatureWithJwkAndConfig};
+import{A as y,c as a,d as b,e as c,f as d,g as e,h as f,i as g,j as h,k as i,l as j,m as k,n as l,o as m,p as n,q as o,r as p,s as q,t as r,u as s,v as t,w as u,x as v,y as w,z as x}from"../../chunk-PJTG745G.mjs";import"../../chunk-A5L76YP7.mjs";import"../../chunk-5HXLZHDW.mjs";import"../../chunk-GOXRBEIJ.mjs";import"../../chunk-XJJVJOX5.mjs";import"../../chunk-QNARIAVM.mjs";import"../../chunk-2PASUPUO.mjs";import"../../chunk-C3Q23D22.mjs";import"../../chunk-NECL5FCQ.mjs";import"../../chunk-4QMXOWHP.mjs";import"../../chunk-RQX6JOEN.mjs";import"../../chunk-WSR5EBJM.mjs";import"../../chunk-WCMW2L3P.mjs";import"../../chunk-V74WPKSY.mjs";import"../../chunk-UYVPNUH3.mjs";import"../../chunk-G3MHXDYA.mjs";import"../../chunk-626KB2UQ.mjs";import"../../chunk-XKUIMGKU.mjs";import"../../chunk-N6YTF76Q.mjs";import"../../chunk-FGFLPH5K.mjs";import"../../chunk-QREVMGQZ.mjs";import"../../chunk-V3MBJJTL.mjs";import"../../chunk-ZP4DWSQA.mjs";import"../../chunk-2OPKZKOB.mjs";import"../../chunk-FC72YL4B.mjs";import"../../chunk-YS5IUILF.mjs";import"../../chunk-PSSIJHHC.mjs";import"../../chunk-YOZBVVKL.mjs";import"../../chunk-R7FWJP3N.mjs";import"../../chunk-UL777LTI.mjs";import"../../chunk-7ECCT6PK.mjs";import"../../chunk-AQW4BUKF.mjs";import"../../chunk-E2U27PNC.mjs";import"../../chunk-LAPXUUHK.mjs";import"../../chunk-HGLO5LDS.mjs";import"../../chunk-CW35YAMN.mjs";import"../../chunk-YZHAI55C.mjs";import"../../chunk-FZY4PMEE.mjs";import"../../chunk-TOBQ5UE6.mjs";import"../../chunk-MT2RJ7H3.mjs";import"../../chunk-Q4W3WJ2U.mjs";import"../../chunk-ORMOQWWH.mjs";import"../../chunk-FLZPUYXQ.mjs";import"../../chunk-LA56UDUK.mjs";import"../../chunk-ZYE7UTJZ.mjs";import"../../chunk-RGKRCZ36.mjs";import"../../chunk-FD6FGKYY.mjs";import"../../chunk-MCFQE4GC.mjs";import"../../chunk-4WPQQPUF.mjs";import"../../chunk-EBMEXURY.mjs";import"../../chunk-STY74NUA.mjs";import"../../chunk-IF4UU2MT.mjs";import"../../chunk-56CNRT2K.mjs";import"../../chunk-NCKJ7X57.mjs";import"../../chunk-P5HCJN3A.mjs";import"../../chunk-OLILO7VD.mjs";import"../../chunk-H3EP5CGP.mjs";import"../../chunk-KDMSOCZY.mjs";export{a as EPK_HORIZON_SECS,n as EphemeralCertificate,p as Groth16ProofAndStatement,t as Groth16VerificationKey,o as Groth16Zkp,s as KeylessConfiguration,i as KeylessPublicKey,m as KeylessSignature,b as MAX_AUD_VAL_BYTES,h as MAX_COMMITED_EPK_BYTES,f as MAX_EXTRA_FIELD_BYTES,e as MAX_ISS_VAL_BYTES,g as MAX_JWT_HEADER_B64_BYTES,c as MAX_UID_KEY_BYTES,d as MAX_UID_VAL_BYTES,x as MoveJWK,r as ZeroKnowledgeSig,q as ZkProof,l as fetchJWK,v as getIssAudAndUidVal,u as getKeylessConfig,w as getKeylessJWKs,y as parseJwtHeader,j as verifyKeylessSignature,k as verifyKeylessSignatureWithJwkAndConfig};
 //# sourceMappingURL=keyless.mjs.map

package/dist/esm/core/crypto/keyless.mjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/core/crypto/keyless.ts"],"sourcesContent":["// Copyright © Aptos Foundation\n// SPDX-License-Identifier: Apache-2.0\n\n// eslint-disable-next-line max-classes-per-file\nimport { JwtPayload, jwtDecode } from \"jwt-decode\";\nimport { sha3_256 } from \"@noble/hashes/sha3\";\nimport { AccountPublicKey, PublicKey } from \"./publicKey\";\nimport { Signature } from \"./signature\";\nimport { Deserializer, Serializable, Serializer } from \"../../bcs\";\nimport { Hex, hexToAsciiString } from \"../hex\";\nimport {\n  HexInput,\n  EphemeralCertificateVariant,\n  AnyPublicKeyVariant,\n  SigningScheme,\n  ZkpVariant,\n  LedgerVersionArg,\n  MoveResource,\n} from \"../../types\";\nimport { EphemeralPublicKey, EphemeralSignature } from \"./ephemeral\";\nimport { bigIntToBytesLE, bytesToBigIntLE, hashStrToField, padAndPackBytesWithLen, poseidonHash } from \"./poseidon\";\nimport { AuthenticationKey } from \"../authenticationKey\";\nimport { Proof } from \"./proof\";\nimport { Ed25519PublicKey, Ed25519Signature } from \"./ed25519\";\nimport {\n  Groth16VerificationKeyResponse,\n  KeylessConfigurationResponse,\n  MoveAnyStruct,\n  PatchedJWKsResponse,\n} from \"../../types/keyless\";\nimport { AptosConfig } from \"../../api/aptosConfig\";\nimport { getAptosFullNode } from \"../../client\";\nimport { memoizeAsync } from \"../../utils/memoize\";\nimport { AccountAddress, AccountAddressInput } from \"../accountAddress\";\nimport { base64UrlToBytes, getErrorMessage, nowInSeconds } from \"../../utils\";\nimport { KeylessError, KeylessErrorType } from \"../../errors\";\nimport { bn254 } from \"@noble/curves/bn254\";\nimport { bytesToNumberBE } from \"@noble/curves/abstract/utils\";\nimport { FederatedKeylessPublicKey } from \"./federatedKeyless\";\nimport { encode } from \"js-base64\";\nimport { generateSigningMessage } from \"../..\";\nimport { ProjPointType } from \"@noble/curves/abstract/weierstrass\";\nimport { Fp2 } from \"@noble/curves/abstract/tower\";\n\n/**\n * @group Implementation\n * @category Serialization\n */\nexport const EPK_HORIZON_SECS = 10000000;\n/**\n * @group Implementation\n * @category Serialization\n */\nexport const MAX_AUD_VAL_BYTES = 120;\n/**\n * @group Implementation\n * @category Serialization\n */\nexport const MAX_UID_KEY_BYTES = 30;\n/**\n * @group Implementation\n * @category Serialization\n */\nexport const MAX_UID_VAL_BYTES = 330;\n/**\n * @group Implementation\n * @category Serialization\n */\nexport const MAX_ISS_VAL_BYTES = 120;\n/**\n * @group Implementation\n * @category Serialization\n */\nexport const MAX_EXTRA_FIELD_BYTES = 350;\n/**\n * @group Implementation\n * @category Serialization\n */\nexport const MAX_JWT_HEADER_B64_BYTES = 300;\n/**\n * @group Implementation\n * @category Serialization\n */\nexport const MAX_COMMITED_EPK_BYTES = 93;\n\n/**\n * Represents a Keyless Public Key used for authentication.\n *\n * This class encapsulates the public key functionality for keyless authentication,\n * including methods for generating and verifying signatures, as well as serialization\n * and deserialization of the key. The KeylessPublicKey is represented in the SDK\n * as `AnyPublicKey`.\n * @group Implementation\n * @category Serialization\n */\nexport class KeylessPublicKey extends AccountPublicKey {\n  /**\n   * The number of bytes that `idCommitment` should be\n   * @group Implementation\n   * @category Serialization\n   */\n  static readonly ID_COMMITMENT_LENGTH: number = 32;\n\n  /**\n   * The value of the 'iss' claim on the JWT which identifies the OIDC provider.\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly iss: string;\n\n  /**\n   * A value representing a cryptographic commitment to a user identity.\n   *\n   * It is calculated from the aud, uidKey, uidVal, pepper.\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly idCommitment: Uint8Array;\n\n  /**\n   * Constructs an instance with the specified parameters for cryptographic operations.\n   *\n   * @param args - The parameters required to initialize the instance.\n   * @param args.alphaG1 - The hex representation of the alpha G1 value.\n   * @param args.betaG2 - The hex representation of the beta G2 value.\n   * @param args.deltaG2 - The hex representation of the delta G2 value.\n   * @param args.gammaAbcG1 - An array containing two hex representations for gamma ABC G1 values.\n   * @param args.gammaG2 - The hex representation of the gamma G2 value.\n   * @group Implementation\n   * @category Serialization\n   */\n  // TODO: Fix the JSDoc for the below values\n  constructor(iss: string, idCommitment: HexInput) {\n    super();\n    const idcBytes = Hex.fromHexInput(idCommitment).toUint8Array();\n    if (idcBytes.length !== KeylessPublicKey.ID_COMMITMENT_LENGTH) {\n      throw new Error(`Id Commitment length in bytes should be ${KeylessPublicKey.ID_COMMITMENT_LENGTH}`);\n    }\n    this.iss = iss;\n    this.idCommitment = idcBytes;\n  }\n\n  /**\n   * Get the authentication key for the keyless public key.\n   *\n   * @returns AuthenticationKey - The authentication key derived from the keyless public key.\n   * @group Implementation\n   * @category Serialization\n   */\n  authKey(): AuthenticationKey {\n    const serializer = new Serializer();\n    serializer.serializeU32AsUleb128(AnyPublicKeyVariant.Keyless);\n    serializer.serializeFixedBytes(this.bcsToBytes());\n    return AuthenticationKey.fromSchemeAndBytes({\n      scheme: SigningScheme.SingleKey,\n      input: serializer.toUint8Array(),\n    });\n  }\n\n  /**\n   * Verifies the validity of a signature for a given message.\n   *\n   * @param args - The arguments for signature verification.\n   * @param args.message - The message that was signed.\n   * @param args.signature - The signature to verify against the message.\n   * @param args.jwk - The JWK to use for verification.\n   * @param args.keylessConfig - The keyless configuration to use for verification.\n   * @returns true if the signature is valid; otherwise, false.\n   * @group Implementation\n   * @category Serialization\n   */\n  verifySignature(args: {\n    message: HexInput;\n    signature: Signature;\n    jwk: MoveJWK;\n    keylessConfig: KeylessConfiguration;\n  }): boolean {\n    try {\n      verifyKeylessSignatureWithJwkAndConfig({ ...args, publicKey: this });\n      return true;\n    } catch (error) {\n      if (error instanceof KeylessError) {\n        return false;\n      }\n      throw error;\n    }\n  }\n\n  /**\n   * Verifies a keyless signature for a given message.  It will fetch the keyless configuration and the JWK to\n   * use for verification from the appropriate network as defined by the aptosConfig.\n   *\n   * @param args.aptosConfig The aptos config to use for fetching the keyless configuration.\n   * @param args.message The message to verify the signature against.\n   * @param args.signature The signature to verify.\n   * @param args.options.throwErrorWithReason Whether to throw an error with the reason for the failure instead of returning false.\n   * @returns true if the signature is valid\n   */\n  async verifySignatureAsync(args: {\n    aptosConfig: AptosConfig;\n    message: HexInput;\n    signature: Signature;\n    options?: { throwErrorWithReason?: boolean };\n  }): Promise<boolean> {\n    return verifyKeylessSignature({\n      ...args,\n      publicKey: this,\n    });\n  }\n\n  /**\n   * Serializes the current instance into a format suitable for transmission or storage.\n   * This function ensures that all relevant fields are properly serialized, including the proof and optional fields.\n   *\n   * @param serializer - The serializer instance used to perform the serialization.\n   * @param serializer.proof - The proof to be serialized.\n   * @param serializer.expHorizonSecs - The expiration horizon in seconds.\n   * @param serializer.extraField - An optional additional field for serialization.\n   * @param serializer.overrideAudVal - An optional override value for auditing.\n   * @param serializer.trainingWheelsSignature - An optional signature for training wheels.\n   * @group Implementation\n   * @category Serialization\n   */\n  serialize(serializer: Serializer): void {\n    serializer.serializeStr(this.iss);\n    serializer.serializeBytes(this.idCommitment);\n  }\n\n  /**\n   * Deserializes a ZeroKnowledgeSig object from the provided deserializer.\n   * This function allows you to reconstruct a ZeroKnowledgeSig instance from its serialized form.\n   *\n   * @param deserializer - The deserializer instance used to read the serialized data.\n   * @returns A new instance of ZeroKnowledgeSig.\n   * @group Implementation\n   * @category Serialization\n   */\n  static deserialize(deserializer: Deserializer): KeylessPublicKey {\n    const iss = deserializer.deserializeStr();\n    const addressSeed = deserializer.deserializeBytes();\n    return new KeylessPublicKey(iss, addressSeed);\n  }\n\n  /**\n   * Loads a KeylessPublicKey instance from the provided deserializer.\n   * This function is used to deserialize the necessary components to create a KeylessPublicKey.\n   *\n   * @param deserializer - The deserializer used to extract the string and byte data.\n   * @param deserializer.deserializeStr - A method to deserialize a string value.\n   * @param deserializer.deserializeBytes - A method to deserialize byte data.\n   * @returns A new instance of KeylessPublicKey.\n   * @group Implementation\n   * @category Serialization\n   */\n  static load(deserializer: Deserializer): KeylessPublicKey {\n    const iss = deserializer.deserializeStr();\n    const addressSeed = deserializer.deserializeBytes();\n    return new KeylessPublicKey(iss, addressSeed);\n  }\n\n  /**\n   * Determines if the provided public key is an instance of KeylessPublicKey.\n   *\n   * @param publicKey - The public key to check.\n   * @returns A boolean indicating whether the public key is a KeylessPublicKey instance.\n   * @group Implementation\n   * @category Serialization\n   */\n  static isPublicKey(publicKey: PublicKey): publicKey is KeylessPublicKey {\n    return publicKey instanceof KeylessPublicKey;\n  }\n\n  /**\n   * Creates a KeylessPublicKey from the JWT components plus pepper\n   *\n   * @param args.iss the iss of the identity\n   * @param args.uidKey the key to use to get the uidVal in the JWT token\n   * @param args.uidVal the value of the uidKey in the JWT token\n   * @param args.aud the client ID of the application\n   * @param args.pepper The pepper used to maintain privacy of the account\n   * @returns KeylessPublicKey\n   * @group Implementation\n   * @category Serialization\n   */\n  static create(args: {\n    iss: string;\n    uidKey: string;\n    uidVal: string;\n    aud: string;\n    pepper: HexInput;\n  }): KeylessPublicKey {\n    computeIdCommitment(args);\n    return new KeylessPublicKey(args.iss, computeIdCommitment(args));\n  }\n\n  /**\n   * Creates a KeylessPublicKey instance from a JWT and a pepper value.\n   * This function is useful for generating a public key that can be used for authentication based on the provided JWT claims and pepper.\n   *\n   * @param args - The arguments for creating the KeylessPublicKey.\n   * @param args.jwt - The JSON Web Token to decode.\n   * @param args.pepper - The pepper value used in the key creation process.\n   * @param args.uidKey - An optional key to retrieve the unique identifier from the JWT payload, defaults to \"sub\".\n   * @returns A KeylessPublicKey instance created from the provided JWT and pepper.\n   * @group Implementation\n   * @category Serialization\n   */\n  static fromJwtAndPepper(args: { jwt: string; pepper: HexInput; uidKey?: string }): KeylessPublicKey {\n    const { jwt, pepper, uidKey = \"sub\" } = args;\n    const jwtPayload = jwtDecode<JwtPayload & { [key: string]: string }>(jwt);\n    if (typeof jwtPayload.iss !== \"string\") {\n      throw new Error(\"iss was not found\");\n    }\n    if (typeof jwtPayload.aud !== \"string\") {\n      throw new Error(\"aud was not found or an array of values\");\n    }\n    const uidVal = jwtPayload[uidKey];\n    return KeylessPublicKey.create({ iss: jwtPayload.iss, uidKey, uidVal, aud: jwtPayload.aud, pepper });\n  }\n\n  /**\n   * Checks if the provided public key is a valid instance by verifying its structure and types.\n   *\n   * @param publicKey - The public key to validate.\n   * @returns A boolean indicating whether the public key is a valid instance.\n   * @group Implementation\n   * @category Serialization\n   */\n  static isInstance(publicKey: PublicKey) {\n    return (\n      \"iss\" in publicKey &&\n      typeof publicKey.iss === \"string\" &&\n      \"idCommitment\" in publicKey &&\n      publicKey.idCommitment instanceof Uint8Array\n    );\n  }\n}\n\nexport async function verifyKeylessSignature(args: {\n  publicKey: KeylessPublicKey | FederatedKeylessPublicKey;\n  aptosConfig: AptosConfig;\n  message: HexInput;\n  signature: Signature;\n  keylessConfig?: KeylessConfiguration;\n  jwk?: MoveJWK;\n  options?: { throwErrorWithReason?: boolean };\n}): Promise<boolean> {\n  const {\n    aptosConfig,\n    publicKey,\n    message,\n    signature,\n    jwk,\n    keylessConfig = await getKeylessConfig({ aptosConfig }),\n    options,\n  } = args;\n  try {\n    if (!(signature instanceof KeylessSignature)) {\n      throw KeylessError.fromErrorType({\n        type: KeylessErrorType.SIGNATURE_TYPE_INVALID,\n        details: \"Not a keyless signature\",\n      });\n    }\n    verifyKeylessSignatureWithJwkAndConfig({\n      message,\n      publicKey,\n      signature,\n      jwk: jwk ? jwk : await fetchJWK({ aptosConfig, publicKey, kid: signature.getJwkKid() }),\n      keylessConfig,\n    });\n    return true;\n  } catch (error) {\n    if (options?.throwErrorWithReason) {\n      throw error;\n    }\n    return false;\n  }\n}\n\n/**\n * Syncronously verifies a keyless signature for a given message.  You need to provide the keyless configuration and the\n * JWK to use for verification.\n *\n * @param args.message The message to verify the signature against.\n * @param args.signature The signature to verify.\n * @param args.keylessConfig The keyless configuration.\n * @param args.jwk The JWK to use for verification.\n * @returns true if the signature is valid\n * @throws KeylessError if the signature is invalid\n */\nexport function verifyKeylessSignatureWithJwkAndConfig(args: {\n  publicKey: KeylessPublicKey | FederatedKeylessPublicKey;\n  message: HexInput;\n  signature: Signature;\n  keylessConfig: KeylessConfiguration;\n  jwk: MoveJWK;\n}): void {\n  const { publicKey, message, signature, keylessConfig, jwk } = args;\n  const { verificationKey, maxExpHorizonSecs, trainingWheelsPubkey } = keylessConfig;\n  if (!(signature instanceof KeylessSignature)) {\n    throw KeylessError.fromErrorType({\n      type: KeylessErrorType.SIGNATURE_TYPE_INVALID,\n      details: \"Not a keyless signature\",\n    });\n  }\n  if (!(signature.ephemeralCertificate.signature instanceof ZeroKnowledgeSig)) {\n    throw KeylessError.fromErrorType({\n      type: KeylessErrorType.SIGNATURE_TYPE_INVALID,\n      details: \"Unsupported ephemeral certificate variant\",\n    });\n  }\n  const zkSig = signature.ephemeralCertificate.signature;\n  if (!(zkSig.proof.proof instanceof Groth16Zkp)) {\n    throw KeylessError.fromErrorType({\n      type: KeylessErrorType.SIGNATURE_TYPE_INVALID,\n      details: \"Unsupported proof variant for ZeroKnowledgeSig\",\n    });\n  }\n  const groth16Proof = zkSig.proof.proof;\n  if (signature.expiryDateSecs < nowInSeconds()) {\n    throw KeylessError.fromErrorType({\n      type: KeylessErrorType.SIGNATURE_EXPIRED,\n      details: \"The expiryDateSecs is in the past\",\n    });\n  }\n  if (zkSig.expHorizonSecs > maxExpHorizonSecs) {\n    throw KeylessError.fromErrorType({\n      type: KeylessErrorType.MAX_EXPIRY_HORIZON_EXCEEDED,\n    });\n  }\n  if (!signature.ephemeralPublicKey.verifySignature({ message, signature: signature.ephemeralSignature })) {\n    throw KeylessError.fromErrorType({\n      type: KeylessErrorType.EPHEMERAL_SIGNATURE_VERIFICATION_FAILED,\n    });\n  }\n  const publicInputsHash = getPublicInputsHash({ publicKey, signature, jwk, keylessConfig });\n  if (!verificationKey.verifyProof({ publicInputsHash, groth16Proof })) {\n    throw KeylessError.fromErrorType({\n      type: KeylessErrorType.PROOF_VERIFICATION_FAILED,\n    });\n  }\n  if (trainingWheelsPubkey) {\n    if (!zkSig.trainingWheelsSignature) {\n      throw KeylessError.fromErrorType({\n        type: KeylessErrorType.TRAINING_WHEELS_SIGNATURE_MISSING,\n      });\n    }\n    const proofAndStatement = new Groth16ProofAndStatement(groth16Proof, publicInputsHash);\n    if (\n      !trainingWheelsPubkey.verifySignature({\n        message: proofAndStatement.hash(),\n        signature: zkSig.trainingWheelsSignature,\n      })\n    ) {\n      throw KeylessError.fromErrorType({\n        type: KeylessErrorType.TRAINING_WHEELS_SIGNATURE_VERIFICATION_FAILED,\n      });\n    }\n  }\n}\n\n/**\n * Get the public inputs hash for the keyless signature.\n *\n * @param args.signature The signature\n * @param args.jwk The JWK to use for the public inputs hash\n * @param args.keylessConfig The keyless configuration which defines the byte lengths to use when hashing fields.\n * @returns The public inputs hash\n */\nfunction getPublicInputsHash(args: {\n  publicKey: KeylessPublicKey | FederatedKeylessPublicKey;\n  signature: KeylessSignature;\n  jwk: MoveJWK;\n  keylessConfig: KeylessConfiguration;\n}): bigint {\n  const { publicKey, signature, jwk, keylessConfig } = args;\n  const innerKeylessPublicKey = publicKey instanceof KeylessPublicKey ? publicKey : publicKey.keylessPublicKey;\n  if (!(signature.ephemeralCertificate.signature instanceof ZeroKnowledgeSig)) {\n    throw new Error(\"Signature is not a ZeroKnowledgeSig\");\n  }\n  const proof = signature.ephemeralCertificate.signature;\n  const fields = [];\n  fields.push(\n    ...padAndPackBytesWithLen(signature.ephemeralPublicKey.toUint8Array(), keylessConfig.maxCommitedEpkBytes),\n  );\n  fields.push(bytesToBigIntLE(innerKeylessPublicKey.idCommitment));\n  fields.push(signature.expiryDateSecs);\n  fields.push(proof.expHorizonSecs);\n  fields.push(hashStrToField(innerKeylessPublicKey.iss, keylessConfig.maxIssValBytes));\n  if (!proof.extraField) {\n    fields.push(0n);\n    fields.push(hashStrToField(\" \", keylessConfig.maxExtraFieldBytes));\n  } else {\n    fields.push(1n);\n    fields.push(hashStrToField(proof.extraField, keylessConfig.maxExtraFieldBytes));\n  }\n  fields.push(hashStrToField(encode(signature.jwtHeader, true) + \".\", keylessConfig.maxJwtHeaderB64Bytes));\n  fields.push(jwk.toScalar());\n  if (!proof.overrideAudVal) {\n    fields.push(hashStrToField(\"\", MAX_AUD_VAL_BYTES));\n    fields.push(0n);\n  } else {\n    fields.push(hashStrToField(proof.overrideAudVal, MAX_AUD_VAL_BYTES));\n    fields.push(1n);\n  }\n  return poseidonHash(fields);\n}\n\n/**\n * Fetches the JWK from the issuer's well-known JWKS endpoint.\n *\n * @param args.publicKey The keyless public key which contains the issuer the address to fetch the JWK from (0x1 if not federated).\n * @param args.kid The kid of the JWK to fetch\n * @returns A JWK matching the `kid` in the JWT header.\n * @throws {KeylessError} If the JWK cannot be fetched\n */\nexport async function fetchJWK(args: {\n  aptosConfig: AptosConfig;\n  publicKey: KeylessPublicKey | FederatedKeylessPublicKey;\n  kid: string;\n}): Promise<MoveJWK> {\n  const { aptosConfig, publicKey, kid } = args;\n  const keylessPubKey = publicKey instanceof KeylessPublicKey ? publicKey : publicKey.keylessPublicKey;\n  const { iss } = keylessPubKey;\n\n  let allJWKs: Map<string, MoveJWK[]>;\n  const jwkAddr = publicKey instanceof FederatedKeylessPublicKey ? publicKey.jwkAddress : undefined;\n  try {\n    allJWKs = await getKeylessJWKs({ aptosConfig, jwkAddr });\n  } catch (error) {\n    throw KeylessError.fromErrorType({\n      type: KeylessErrorType.FULL_NODE_JWKS_LOOKUP_ERROR,\n      error,\n      details: `Failed to fetch ${jwkAddr ? \"Federated\" : \"Patched\"}JWKs ${jwkAddr ? `for address ${jwkAddr}` : \"0x1\"}`,\n    });\n  }\n\n  // Find the corresponding JWK set by `iss`\n  const jwksForIssuer = allJWKs.get(iss);\n\n  if (jwksForIssuer === undefined) {\n    throw KeylessError.fromErrorType({\n      type: KeylessErrorType.INVALID_JWT_ISS_NOT_RECOGNIZED,\n      details: `JWKs for issuer ${iss} not found.`,\n    });\n  }\n\n  // Find the corresponding JWK by `kid`\n  const jwk = jwksForIssuer.find((key) => key.kid === kid);\n\n  if (jwk === undefined) {\n    throw KeylessError.fromErrorType({\n      type: KeylessErrorType.INVALID_JWT_JWK_NOT_FOUND,\n      details: `JWK with kid '${kid}' for issuer '${iss}' not found.`,\n    });\n  }\n\n  return jwk;\n}\n\nfunction computeIdCommitment(args: { uidKey: string; uidVal: string; aud: string; pepper: HexInput }): Uint8Array {\n  const { uidKey, uidVal, aud, pepper } = args;\n\n  const fields = [\n    bytesToBigIntLE(Hex.fromHexInput(pepper).toUint8Array()),\n    hashStrToField(aud, MAX_AUD_VAL_BYTES),\n    hashStrToField(uidVal, MAX_UID_VAL_BYTES),\n    hashStrToField(uidKey, MAX_UID_KEY_BYTES),\n  ];\n\n  return bigIntToBytesLE(poseidonHash(fields), KeylessPublicKey.ID_COMMITMENT_LENGTH);\n}\n\n/**\n * Represents a signature of a message signed via a Keyless Account, utilizing proofs or a JWT token for authentication.\n * @group Implementation\n * @category Serialization\n */\nexport class KeylessSignature extends Signature {\n  /**\n   * The inner signature ZeroKnowledgeSignature or OpenIdSignature\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly ephemeralCertificate: EphemeralCertificate;\n\n  /**\n   * The jwt header in the token used to create the proof/signature.  In json string representation.\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly jwtHeader: string;\n\n  /**\n   * The expiry timestamp in seconds of the EphemeralKeyPair used to sign\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly expiryDateSecs: number;\n\n  /**\n   * The ephemeral public key used to verify the signature\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly ephemeralPublicKey: EphemeralPublicKey;\n\n  /**\n   * The signature resulting from signing with the private key of the EphemeralKeyPair\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly ephemeralSignature: EphemeralSignature;\n\n  constructor(args: {\n    jwtHeader: string;\n    ephemeralCertificate: EphemeralCertificate;\n    expiryDateSecs: number;\n    ephemeralPublicKey: EphemeralPublicKey;\n    ephemeralSignature: EphemeralSignature;\n  }) {\n    super();\n    const { jwtHeader, ephemeralCertificate, expiryDateSecs, ephemeralPublicKey, ephemeralSignature } = args;\n    this.jwtHeader = jwtHeader;\n    this.ephemeralCertificate = ephemeralCertificate;\n    this.expiryDateSecs = expiryDateSecs;\n    this.ephemeralPublicKey = ephemeralPublicKey;\n    this.ephemeralSignature = ephemeralSignature;\n  }\n\n  /**\n   * Get the kid of the JWT used to derive the Keyless Account used to sign.\n   *\n   * @returns the kid as a string\n   */\n  getJwkKid(): string {\n    return parseJwtHeader(this.jwtHeader).kid;\n  }\n\n  serialize(serializer: Serializer): void {\n    this.ephemeralCertificate.serialize(serializer);\n    serializer.serializeStr(this.jwtHeader);\n    serializer.serializeU64(this.expiryDateSecs);\n    this.ephemeralPublicKey.serialize(serializer);\n    this.ephemeralSignature.serialize(serializer);\n  }\n\n  static deserialize(deserializer: Deserializer): KeylessSignature {\n    const ephemeralCertificate = EphemeralCertificate.deserialize(deserializer);\n    const jwtHeader = deserializer.deserializeStr();\n    const expiryDateSecs = deserializer.deserializeU64();\n    const ephemeralPublicKey = EphemeralPublicKey.deserialize(deserializer);\n    const ephemeralSignature = EphemeralSignature.deserialize(deserializer);\n    return new KeylessSignature({\n      jwtHeader,\n      expiryDateSecs: Number(expiryDateSecs),\n      ephemeralCertificate,\n      ephemeralPublicKey,\n      ephemeralSignature,\n    });\n  }\n\n  static getSimulationSignature(): KeylessSignature {\n    return new KeylessSignature({\n      jwtHeader: \"{}\",\n      ephemeralCertificate: new EphemeralCertificate(\n        new ZeroKnowledgeSig({\n          proof: new ZkProof(\n            new Groth16Zkp({ a: new Uint8Array(32), b: new Uint8Array(64), c: new Uint8Array(32) }),\n            ZkpVariant.Groth16,\n          ),\n          expHorizonSecs: 0,\n        }),\n        EphemeralCertificateVariant.ZkProof,\n      ),\n      expiryDateSecs: 0,\n      ephemeralPublicKey: new EphemeralPublicKey(new Ed25519PublicKey(new Uint8Array(32))),\n      ephemeralSignature: new EphemeralSignature(new Ed25519Signature(new Uint8Array(64))),\n    });\n  }\n\n  static isSignature(signature: Signature): signature is KeylessSignature {\n    return signature instanceof KeylessSignature;\n  }\n}\n\n/**\n * Represents an ephemeral certificate containing a signature, specifically a ZeroKnowledgeSig.\n * This class can be extended to support additional signature types, such as OpenIdSignature.\n *\n * @extends Signature\n * @group Implementation\n * @category Serialization\n */\nexport class EphemeralCertificate extends Signature {\n  public readonly signature: Signature;\n\n  /**\n   * Index of the underlying enum variant\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly variant: EphemeralCertificateVariant;\n\n  constructor(signature: Signature, variant: EphemeralCertificateVariant) {\n    super();\n    this.signature = signature;\n    this.variant = variant;\n  }\n\n  /**\n   * Get the public key in bytes (Uint8Array).\n   *\n   * @returns Uint8Array representation of the public key\n   * @group Implementation\n   * @category Serialization\n   */\n  toUint8Array(): Uint8Array {\n    return this.signature.toUint8Array();\n  }\n\n  serialize(serializer: Serializer): void {\n    serializer.serializeU32AsUleb128(this.variant);\n    this.signature.serialize(serializer);\n  }\n\n  static deserialize(deserializer: Deserializer): EphemeralCertificate {\n    const variant = deserializer.deserializeUleb128AsU32();\n    switch (variant) {\n      case EphemeralCertificateVariant.ZkProof:\n        return new EphemeralCertificate(ZeroKnowledgeSig.deserialize(deserializer), variant);\n      default:\n        throw new Error(`Unknown variant index for EphemeralCertificate: ${variant}`);\n    }\n  }\n}\n\n/**\n * Represents a fixed-size byte array of 32 bytes, extending the Serializable class.\n * This class is used for handling and serializing G1 bytes in cryptographic operations.\n *\n * @extends Serializable\n * @group Implementation\n * @category Serialization\n */\nclass G1Bytes extends Serializable {\n  private static readonly B = bn254.fields.Fp.create(3n);\n\n  data: Uint8Array;\n\n  constructor(data: HexInput) {\n    super();\n    this.data = Hex.fromHexInput(data).toUint8Array();\n    if (this.data.length !== 32) {\n      throw new Error(\"Input needs to be 32 bytes\");\n    }\n  }\n\n  serialize(serializer: Serializer): void {\n    serializer.serializeFixedBytes(this.data);\n  }\n\n  static deserialize(deserializer: Deserializer): G1Bytes {\n    const bytes = deserializer.deserializeFixedBytes(32);\n    return new G1Bytes(bytes);\n  }\n\n  // Convert the projective coordinates to strings\n  toArray(): string[] {\n    const point = this.toProjectivePoint();\n    return [point.x.toString(), point.y.toString(), point.pz.toString()];\n  }\n\n  /**\n   * Converts the G1 bytes to a projective point.\n   * @returns The projective point.\n   */\n  toProjectivePoint(): ProjPointType<bigint> {\n    const bytes = new Uint8Array(this.data);\n    // Reverse the bytes to convert from little-endian to big-endian.\n    bytes.reverse();\n    // This gets the flag bit to determine which y to use.\n    const yFlag = (bytes[0] & 0x80) >> 7;\n    const { Fp } = bn254.fields;\n    const x = Fp.create(bytesToBn254FpBE(bytes));\n    const y = Fp.sqrt(Fp.add(Fp.pow(x, 3n), G1Bytes.B));\n    const negY = Fp.neg(y);\n    const yToUse = y > negY === (yFlag === 1) ? y : negY;\n    return bn254.G1.ProjectivePoint.fromAffine({\n      x: x,\n      y: yToUse,\n    });\n  }\n}\n\nfunction bytesToBn254FpBE(bytes: Uint8Array): bigint {\n  if (bytes.length !== 32) {\n    throw new Error(\"Input should be 32 bytes\");\n  }\n  // Clear the first two bits of the first byte which removes any flags.\n  const result = new Uint8Array(bytes);\n  result[0] = result[0] & 0x3f; // 0x3F = 00111111 in binary\n  return bytesToNumberBE(result);\n}\n\n/**\n * Represents a 64-byte G2 element in a cryptographic context.\n * This class provides methods for serialization and deserialization of G2 bytes.\n *\n * @extends Serializable\n * @group Implementation\n * @category Serialization\n */\nclass G2Bytes extends Serializable {\n  /**\n   * The constant b value used in G2 point calculations\n   */\n  private static readonly B = bn254.fields.Fp2.fromBigTuple([\n    19485874751759354771024239261021720505790618469301721065564631296452457478373n,\n    266929791119991161246907387137283842545076965332900288569378510910307636690n,\n  ]);\n\n  data: Uint8Array;\n\n  constructor(data: HexInput) {\n    super();\n    this.data = Hex.fromHexInput(data).toUint8Array();\n    if (this.data.length !== 64) {\n      throw new Error(\"Input needs to be 64 bytes\");\n    }\n  }\n\n  serialize(serializer: Serializer): void {\n    serializer.serializeFixedBytes(this.data);\n  }\n\n  static deserialize(deserializer: Deserializer): G2Bytes {\n    const bytes = deserializer.deserializeFixedBytes(64);\n    return new G2Bytes(bytes);\n  }\n\n  // Convert the projective coordinates to strings\n  toArray(): [string, string][] {\n    const point = this.toProjectivePoint();\n    return [\n      [\n        point.x.c0.toString(), // x real part\n        point.x.c1.toString(),\n      ], // x imaginary part\n      [\n        point.y.c0.toString(), // y real part\n        point.y.c1.toString(),\n      ], // y imaginary part\n      [\n        point.pz.c0.toString(), // z real part\n        point.pz.c1.toString(),\n      ], // z imaginary part\n    ];\n  }\n\n  toProjectivePoint(): ProjPointType<Fp2> {\n    const bytes = new Uint8Array(this.data);\n    // Reverse the bytes to convert from little-endian to big-endian for each part of x.\n    const x0 = bytes.slice(0, 32).reverse();\n    const x1 = bytes.slice(32, 64).reverse();\n    // This gets the flag bit to determine which y to use.\n    const yFlag = (x1[0] & 0x80) >> 7;\n    const { Fp2 } = bn254.fields;\n    const x = Fp2.fromBigTuple([bytesToBn254FpBE(x0), bytesToBn254FpBE(x1)]);\n    const y = Fp2.sqrt(Fp2.add(Fp2.pow(x, 3n), G2Bytes.B));\n    const negY = Fp2.neg(y);\n    const isYGreaterThanNegY = y.c1 > negY.c1 || (y.c1 === negY.c1 && y.c0 > negY.c0);\n    const yToUse = isYGreaterThanNegY === (yFlag === 1) ? y : negY;\n    return bn254.G2.ProjectivePoint.fromAffine({\n      x: x,\n      y: yToUse,\n    });\n  }\n}\n\n/**\n * Represents a Groth16 zero-knowledge proof, consisting of three proof points in compressed serialization format.\n * The points are the compressed serialization of affine representation of the proof.\n *\n * @extends Proof\n * @group Implementation\n * @category Serialization\n */\nexport class Groth16Zkp extends Proof {\n  /**\n   * The bytes of G1 proof point a\n   * @group Implementation\n   * @category Serialization\n   */\n  a: G1Bytes;\n\n  /**\n   * The bytes of G2 proof point b\n   * @group Implementation\n   * @category Serialization\n   */\n  b: G2Bytes;\n\n  /**\n   * The bytes of G1 proof point c\n   * @group Implementation\n   * @category Serialization\n   */\n  c: G1Bytes;\n\n  constructor(args: { a: HexInput; b: HexInput; c: HexInput }) {\n    super();\n    const { a, b, c } = args;\n    this.a = new G1Bytes(a);\n    this.b = new G2Bytes(b);\n    this.c = new G1Bytes(c);\n  }\n\n  serialize(serializer: Serializer): void {\n    this.a.serialize(serializer);\n    this.b.serialize(serializer);\n    this.c.serialize(serializer);\n  }\n\n  static deserialize(deserializer: Deserializer): Groth16Zkp {\n    const a = G1Bytes.deserialize(deserializer).bcsToBytes();\n    const b = G2Bytes.deserialize(deserializer).bcsToBytes();\n    const c = G1Bytes.deserialize(deserializer).bcsToBytes();\n    return new Groth16Zkp({ a, b, c });\n  }\n\n  toSnarkJsJson() {\n    return {\n      protocol: \"groth16\",\n      curve: \"bn128\",\n      pi_a: this.a.toArray(),\n      pi_b: this.b.toArray(),\n      pi_c: this.c.toArray(),\n    };\n  }\n}\n\n/**\n * Represents a Groth16 proof and statement, consisting of a Groth16 proof and a public inputs hash.\n * This is used to generate the signing message for the training wheels signature.\n *\n * @extends Serializable\n * @group Implementation\n * @category Serialization\n */\nexport class Groth16ProofAndStatement extends Serializable {\n  /**\n   * The Groth16 proof\n   * @group Implementation\n   * @category Serialization\n   */\n  proof: Groth16Zkp;\n\n  /**\n   * The public inputs hash as a 32 byte Uint8Array\n   * @group Implementation\n   * @category Serialization\n   */\n  publicInputsHash: Uint8Array;\n\n  /**\n   * The domain separator prefix used when hashing.\n   * @group Implementation\n   * @category Account (On-Chain Model)\n   */\n  readonly domainSeparator = \"APTOS::Groth16ProofAndStatement\";\n\n  constructor(proof: Groth16Zkp, publicInputsHash: HexInput | bigint) {\n    super();\n    this.proof = proof;\n    this.publicInputsHash =\n      typeof publicInputsHash === \"bigint\"\n        ? bigIntToBytesLE(publicInputsHash, 32)\n        : Hex.fromHexInput(publicInputsHash).toUint8Array();\n    if (this.publicInputsHash.length !== 32) {\n      throw new Error(\"Invalid public inputs hash\");\n    }\n  }\n\n  serialize(serializer: Serializer): void {\n    this.proof.serialize(serializer);\n    serializer.serializeFixedBytes(this.publicInputsHash);\n  }\n\n  static deserialize(deserializer: Deserializer): Groth16ProofAndStatement {\n    return new Groth16ProofAndStatement(Groth16Zkp.deserialize(deserializer), deserializer.deserializeFixedBytes(32));\n  }\n\n  hash(): Uint8Array {\n    return generateSigningMessage(this.bcsToBytes(), this.domainSeparator);\n  }\n}\n\n/**\n * Represents a container for different types of zero-knowledge proofs.\n *\n * @extends Serializable\n * @group Implementation\n * @category Serialization\n */\nexport class ZkProof extends Serializable {\n  public readonly proof: Proof;\n\n  /**\n   * Index of the underlying enum variant\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly variant: ZkpVariant;\n\n  constructor(proof: Proof, variant: ZkpVariant) {\n    super();\n    this.proof = proof;\n    this.variant = variant;\n  }\n\n  serialize(serializer: Serializer): void {\n    serializer.serializeU32AsUleb128(this.variant);\n    this.proof.serialize(serializer);\n  }\n\n  static deserialize(deserializer: Deserializer): ZkProof {\n    const variant = deserializer.deserializeUleb128AsU32();\n    switch (variant) {\n      case ZkpVariant.Groth16:\n        return new ZkProof(Groth16Zkp.deserialize(deserializer), variant);\n      default:\n        throw new Error(`Unknown variant index for ZkProof: ${variant}`);\n    }\n  }\n}\n\n/**\n * Represents a zero-knowledge signature, encapsulating the proof and its associated metadata.\n *\n * @extends Signature\n * @group Implementation\n * @category Serialization\n */\nexport class ZeroKnowledgeSig extends Signature {\n  /**\n   * The proof\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly proof: ZkProof;\n\n  /**\n   * The max lifespan of the proof\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly expHorizonSecs: number;\n\n  /**\n   * A key value pair on the JWT token that can be specified on the signature which would reveal the value on chain.\n   * Can be used to assert identity or other attributes.\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly extraField?: string;\n\n  /**\n   * The 'aud' value of the recovery service which is set when recovering an account.\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly overrideAudVal?: string;\n\n  /**\n   * The training wheels signature\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly trainingWheelsSignature?: EphemeralSignature;\n\n  constructor(args: {\n    proof: ZkProof;\n    expHorizonSecs: number;\n    extraField?: string;\n    overrideAudVal?: string;\n    trainingWheelsSignature?: EphemeralSignature;\n  }) {\n    super();\n    const { proof, expHorizonSecs, trainingWheelsSignature, extraField, overrideAudVal } = args;\n    this.proof = proof;\n    this.expHorizonSecs = expHorizonSecs;\n    this.trainingWheelsSignature = trainingWheelsSignature;\n    this.extraField = extraField;\n    this.overrideAudVal = overrideAudVal;\n  }\n\n  /**\n   * Deserialize a ZeroKnowledgeSig object from its BCS serialization in bytes.\n   *\n   * @param bytes - The bytes representing the serialized ZeroKnowledgeSig.\n   * @returns ZeroKnowledgeSig - The deserialized ZeroKnowledgeSig object.\n   * @group Implementation\n   * @category Serialization\n   */\n  static fromBytes(bytes: Uint8Array): ZeroKnowledgeSig {\n    return ZeroKnowledgeSig.deserialize(new Deserializer(bytes));\n  }\n\n  serialize(serializer: Serializer): void {\n    this.proof.serialize(serializer);\n    serializer.serializeU64(this.expHorizonSecs);\n    serializer.serializeOption(this.extraField);\n    serializer.serializeOption(this.overrideAudVal);\n    serializer.serializeOption(this.trainingWheelsSignature);\n  }\n\n  static deserialize(deserializer: Deserializer): ZeroKnowledgeSig {\n    const proof = ZkProof.deserialize(deserializer);\n    const expHorizonSecs = Number(deserializer.deserializeU64());\n    const extraField = deserializer.deserializeOption(\"string\");\n    const overrideAudVal = deserializer.deserializeOption(\"string\");\n    const trainingWheelsSignature = deserializer.deserializeOption(EphemeralSignature);\n    return new ZeroKnowledgeSig({ proof, expHorizonSecs, trainingWheelsSignature, extraField, overrideAudVal });\n  }\n}\n\n/**\n * Represents the on-chain configuration for how Keyless accounts operate.\n *\n * @remarks\n * This class encapsulates the verification key and the maximum lifespan of ephemeral key pairs,\n * which are essential for the functionality of Keyless accounts.\n * @group Implementation\n * @category Serialization\n */\nexport class KeylessConfiguration {\n  /**\n   * The verification key used to verify Groth16 proofs on chain\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly verificationKey: Groth16VerificationKey;\n\n  /**\n   * The maximum lifespan of an ephemeral key pair.  This is configured on chain.\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly maxExpHorizonSecs: number;\n\n  /**\n   * The public key of the training wheels account.\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly trainingWheelsPubkey?: EphemeralPublicKey;\n\n  /**\n   * The maximum number of bytes that can be used for the extra field.\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly maxExtraFieldBytes: number;\n\n  /**\n   * The maximum number of bytes that can be used for the JWT header.\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly maxJwtHeaderB64Bytes: number;\n\n  /**\n   * The maximum number of bytes that can be used for the issuer value.\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly maxIssValBytes: number;\n\n  /**\n   * The maximum number of bytes that can be used for the committed ephemeral public key.\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly maxCommitedEpkBytes: number;\n\n  constructor(args: {\n    verificationKey: Groth16VerificationKey;\n    trainingWheelsPubkey?: HexInput;\n    maxExpHorizonSecs?: number;\n    maxExtraFieldBytes?: number;\n    maxJwtHeaderB64Bytes?: number;\n    maxIssValBytes?: number;\n    maxCommitedEpkBytes?: number;\n  }) {\n    const {\n      verificationKey,\n      trainingWheelsPubkey,\n      maxExpHorizonSecs = EPK_HORIZON_SECS,\n      maxExtraFieldBytes = MAX_EXTRA_FIELD_BYTES,\n      maxJwtHeaderB64Bytes = MAX_JWT_HEADER_B64_BYTES,\n      maxIssValBytes = MAX_ISS_VAL_BYTES,\n      maxCommitedEpkBytes = MAX_COMMITED_EPK_BYTES,\n    } = args;\n\n    this.verificationKey = verificationKey;\n    this.maxExpHorizonSecs = maxExpHorizonSecs;\n    if (trainingWheelsPubkey) {\n      this.trainingWheelsPubkey = new EphemeralPublicKey(new Ed25519PublicKey(trainingWheelsPubkey));\n    }\n    this.maxExtraFieldBytes = maxExtraFieldBytes;\n    this.maxJwtHeaderB64Bytes = maxJwtHeaderB64Bytes;\n    this.maxIssValBytes = maxIssValBytes;\n    this.maxCommitedEpkBytes = maxCommitedEpkBytes;\n  }\n\n  /**\n   * Creates a new KeylessConfiguration instance from a Groth16VerificationKeyResponse and a KeylessConfigurationResponse.\n   * @param res - The Groth16VerificationKeyResponse object containing the verification key data.\n   * @param config - The KeylessConfigurationResponse object containing the configuration data.\n   * @returns A new KeylessConfiguration instance.\n   */\n  static create(res: Groth16VerificationKeyResponse, config: KeylessConfigurationResponse): KeylessConfiguration {\n    return new KeylessConfiguration({\n      verificationKey: new Groth16VerificationKey({\n        alphaG1: res.alpha_g1,\n        betaG2: res.beta_g2,\n        deltaG2: res.delta_g2,\n        gammaAbcG1: res.gamma_abc_g1,\n        gammaG2: res.gamma_g2,\n      }),\n      maxExpHorizonSecs: Number(config.max_exp_horizon_secs),\n      trainingWheelsPubkey: config.training_wheels_pubkey.vec[0],\n      maxExtraFieldBytes: config.max_extra_field_bytes,\n      maxJwtHeaderB64Bytes: config.max_jwt_header_b64_bytes,\n      maxIssValBytes: config.max_iss_val_bytes,\n      maxCommitedEpkBytes: config.max_commited_epk_bytes,\n    });\n  }\n}\n\n/**\n * Represents the verification key stored on-chain used to verify Groth16 proofs.\n * @group Implementation\n * @category Serialization\n */\nexport class Groth16VerificationKey {\n  // The docstrings below are borrowed from ark-groth16\n\n  /**\n   * The `alpha * G`, where `G` is the generator of G1\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly alphaG1: G1Bytes;\n\n  /**\n   * The `alpha * H`, where `H` is the generator of G2\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly betaG2: G2Bytes;\n\n  /**\n   * The `delta * H`, where `H` is the generator of G2\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly deltaG2: G2Bytes;\n\n  /**\n   * The `gamma^{-1} * (beta * a_i + alpha * b_i + c_i) * H`, where H is the generator of G1\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly gammaAbcG1: [G1Bytes, G1Bytes];\n\n  /**\n   * The `gamma * H`, where `H` is the generator of G2\n   * @group Implementation\n   * @category Serialization\n   */\n  readonly gammaG2: G2Bytes;\n\n  constructor(args: {\n    alphaG1: HexInput;\n    betaG2: HexInput;\n    deltaG2: HexInput;\n    gammaAbcG1: [HexInput, HexInput];\n    gammaG2: HexInput;\n  }) {\n    const { alphaG1, betaG2, deltaG2, gammaAbcG1, gammaG2 } = args;\n    this.alphaG1 = new G1Bytes(alphaG1);\n    this.betaG2 = new G2Bytes(betaG2);\n    this.deltaG2 = new G2Bytes(deltaG2);\n    this.gammaAbcG1 = [new G1Bytes(gammaAbcG1[0]), new G1Bytes(gammaAbcG1[1])];\n    this.gammaG2 = new G2Bytes(gammaG2);\n  }\n\n  /**\n   * Calculates the hash of the serialized form of the verification key.\n   * This is useful for comparing verification keys or using them as unique identifiers.\n   *\n   * @returns The SHA3-256 hash of the serialized verification key as a Uint8Array\n   */\n  public hash(): Uint8Array {\n    const serializer = new Serializer();\n    this.serialize(serializer);\n    return sha3_256.create().update(serializer.toUint8Array()).digest();\n  }\n\n  serialize(serializer: Serializer): void {\n    this.alphaG1.serialize(serializer);\n    this.betaG2.serialize(serializer);\n    this.deltaG2.serialize(serializer);\n    this.gammaAbcG1[0].serialize(serializer);\n    this.gammaAbcG1[1].serialize(serializer);\n    this.gammaG2.serialize(serializer);\n  }\n\n  /**\n   * Converts a Groth16VerificationKeyResponse object into a Groth16VerificationKey instance.\n   *\n   * @param res - The Groth16VerificationKeyResponse object containing the verification key data.\n   * @param res.alpha_g1 - The alpha G1 value from the response.\n   * @param res.beta_g2 - The beta G2 value from the response.\n   * @param res.delta_g2 - The delta G2 value from the response.\n   * @param res.gamma_abc_g1 - The gamma ABC G1 value from the response.\n   * @param res.gamma_g2 - The gamma G2 value from the response.\n   * @returns A Groth16VerificationKey instance constructed from the provided response data.\n   * @group Implementation\n   * @category Serialization\n   */\n  static fromGroth16VerificationKeyResponse(res: Groth16VerificationKeyResponse): Groth16VerificationKey {\n    return new Groth16VerificationKey({\n      alphaG1: res.alpha_g1,\n      betaG2: res.beta_g2,\n      deltaG2: res.delta_g2,\n      gammaAbcG1: res.gamma_abc_g1,\n      gammaG2: res.gamma_g2,\n    });\n  }\n\n  /**\n   * Verifies a Groth16 proof using the verification key given the public inputs hash and the proof.\n   *\n   * @param args.publicInputsHash The public inputs hash\n   * @param args.groth16Proof The Groth16 proof\n   * @returns true if the proof is valid\n   */\n  verifyProof(args: { publicInputsHash: bigint; groth16Proof: Groth16Zkp }): boolean {\n    const { publicInputsHash, groth16Proof } = args;\n\n    try {\n      // Get proof points\n      const proofA = groth16Proof.a.toProjectivePoint();\n      const proofB = groth16Proof.b.toProjectivePoint();\n      const proofC = groth16Proof.c.toProjectivePoint();\n\n      // Get verification key points\n      const vkAlpha1 = this.alphaG1.toProjectivePoint();\n      const vkBeta2 = this.betaG2.toProjectivePoint();\n      const vkGamma2 = this.gammaG2.toProjectivePoint();\n      const vkDelta2 = this.deltaG2.toProjectivePoint();\n      const vkIC = this.gammaAbcG1.map((g1) => g1.toProjectivePoint());\n\n      const { Fp12 } = bn254.fields;\n\n      // Check that the following pairing equation holds:\n      // e(A_1, B_2) = e(\\alpha_1, \\beta_2) + e(\\ic_0 + public_inputs_hash \\ic_1, \\gamma_2) + e(C_1, \\delta_2)\n      // Where A_1, B_2, C_1 are the proof points and \\alpha_1, \\beta_2, \\gamma_2, \\delta_2, \\ic_0, \\ic_1\n      // are the verification key points\n\n      // \\ic_0 + public_inputs_hash \\ic_1\n      let accum = vkIC[0].add(vkIC[1].multiply(publicInputsHash));\n      // e(\\ic_0 + public_inputs_hash \\ic_1, \\gamma_2)\n      const pairingAccumGamma = bn254.pairing(accum, vkGamma2);\n      // e(A_1, B_2)\n      const pairingAB = bn254.pairing(proofA, proofB);\n      // e(\\alpha_1, \\beta_2)\n      const pairingAlphaBeta = bn254.pairing(vkAlpha1, vkBeta2);\n      // e(C_1, \\delta_2)\n      const pairingCDelta = bn254.pairing(proofC, vkDelta2);\n      // Get the result of the right hand side of the pairing equation\n      const product = Fp12.mul(pairingAlphaBeta, Fp12.mul(pairingAccumGamma, pairingCDelta));\n      // Check if the left hand side equals the right hand side\n      return Fp12.eql(pairingAB, product);\n    } catch (error) {\n      throw KeylessError.fromErrorType({\n        type: KeylessErrorType.PROOF_VERIFICATION_FAILED,\n        error,\n        details: \"Error encountered when checking zero knowledge relation\",\n      });\n    }\n  }\n\n  /**\n   * Converts the verification key to a JSON format compatible with snarkjs groth16.verify\n   *\n   * @returns An object containing the verification key in snarkjs format\n   * @group Implementation\n   * @category Serialization\n   */\n  toSnarkJsJson() {\n    return {\n      protocol: \"groth16\",\n      curve: \"bn128\",\n      nPublic: 1,\n      vk_alpha_1: this.alphaG1.toArray(),\n      vk_beta_2: this.betaG2.toArray(),\n      vk_gamma_2: this.gammaG2.toArray(),\n      vk_delta_2: this.deltaG2.toArray(),\n      IC: this.gammaAbcG1.map((g1) => g1.toArray()),\n    };\n  }\n}\n\n/**\n * Retrieves the configuration parameters for Keyless Accounts on the blockchain, including the verifying key and the maximum\n * expiry horizon.\n *\n * @param args - The arguments for retrieving the keyless configuration.\n * @param args.aptosConfig - The Aptos configuration object containing network details.\n * @param args.options - Optional parameters for the request.\n * @param args.options.ledgerVersion - The ledger version to query; if not provided, the latest version will be used.\n * @returns KeylessConfiguration - The configuration object containing the verifying key and maximum expiry horizon.\n * @group Implementation\n * @category Serialization\n */\nexport async function getKeylessConfig(args: {\n  aptosConfig: AptosConfig;\n  options?: LedgerVersionArg;\n}): Promise<KeylessConfiguration> {\n  const { aptosConfig } = args;\n  try {\n    return await memoizeAsync(\n      async () => {\n        const [config, vk] = await Promise.all([\n          getKeylessConfigurationResource(args),\n          getGroth16VerificationKeyResource(args),\n        ]);\n        return KeylessConfiguration.create(vk, config);\n      },\n      `keyless-configuration-${aptosConfig.network}`,\n      1000 * 60 * 5, // 5 minutes\n    )();\n  } catch (error) {\n    if (error instanceof KeylessError) {\n      throw error;\n    }\n    throw KeylessError.fromErrorType({\n      type: KeylessErrorType.FULL_NODE_OTHER,\n      error,\n    });\n  }\n}\n\n/**\n * Parses a JWT and returns the 'iss', 'aud', and 'uid' values.\n *\n * @param args - The arguments for parsing the JWT.\n * @param args.jwt - The JWT to parse.\n * @param args.uidKey - The key to use for the 'uid' value; defaults to 'sub'.\n * @returns The 'iss', 'aud', and 'uid' values from the JWT.\n */\nexport function getIssAudAndUidVal(args: { jwt: string; uidKey?: string }): {\n  iss: string;\n  aud: string;\n  uidVal: string;\n} {\n  const { jwt, uidKey = \"sub\" } = args;\n  let jwtPayload: JwtPayload & { [key: string]: string };\n  try {\n    jwtPayload = jwtDecode<JwtPayload & { [key: string]: string }>(jwt);\n  } catch (error) {\n    throw KeylessError.fromErrorType({\n      type: KeylessErrorType.JWT_PARSING_ERROR,\n      details: `Failed to parse JWT - ${getErrorMessage(error)}`,\n    });\n  }\n  if (typeof jwtPayload.iss !== \"string\") {\n    throw KeylessError.fromErrorType({\n      type: KeylessErrorType.JWT_PARSING_ERROR,\n      details: \"JWT is missing 'iss' in the payload. This should never happen.\",\n    });\n  }\n  if (typeof jwtPayload.aud !== \"string\") {\n    throw KeylessError.fromErrorType({\n      type: KeylessErrorType.JWT_PARSING_ERROR,\n      details: \"JWT is missing 'aud' in the payload or 'aud' is an array of values.\",\n    });\n  }\n  const uidVal = jwtPayload[uidKey];\n  return { iss: jwtPayload.iss, aud: jwtPayload.aud, uidVal };\n}\n\n/**\n * Retrieves the KeylessConfiguration set on chain.\n *\n * @param args - The arguments for retrieving the configuration.\n * @param args.aptosConfig - The configuration for connecting to the Aptos network.\n * @param args.options - Optional parameters for the request.\n * @param args.options.ledgerVersion - The ledger version to query; if not provided, it will get the latest version.\n * @returns KeylessConfigurationResponse - The response containing the keyless configuration data.\n * @group Implementation\n * @category Serialization\n */\nasync function getKeylessConfigurationResource(args: {\n  aptosConfig: AptosConfig;\n  options?: LedgerVersionArg;\n}): Promise<KeylessConfigurationResponse> {\n  const { aptosConfig, options } = args;\n  const resourceType = \"0x1::keyless_account::Configuration\";\n  try {\n    const { data } = await getAptosFullNode<{}, MoveResource<KeylessConfigurationResponse>>({\n      aptosConfig,\n      originMethod: \"getKeylessConfigurationResource\",\n      path: `accounts/${AccountAddress.from(\"0x1\").toString()}/resource/${resourceType}`,\n      params: { ledger_version: options?.ledgerVersion },\n    });\n    return data.data;\n  } catch (error) {\n    throw KeylessError.fromErrorType({\n      type: KeylessErrorType.FULL_NODE_CONFIG_LOOKUP_ERROR,\n      error,\n    });\n  }\n}\n\n/**\n * Retrieves the Groth16VerificationKey set on the blockchain.\n *\n * @param args - The arguments for retrieving the verification key.\n * @param args.aptosConfig - The Aptos configuration object.\n * @param args.options - Optional parameters for the request.\n * @param args.options.ledgerVersion - The ledger version to query; if not provided, it will get the latest version.\n * @returns Groth16VerificationKeyResponse - The response containing the Groth16 verification key data.\n * @group Implementation\n * @category Serialization\n */\nasync function getGroth16VerificationKeyResource(args: {\n  aptosConfig: AptosConfig;\n  options?: LedgerVersionArg;\n}): Promise<Groth16VerificationKeyResponse> {\n  const { aptosConfig, options } = args;\n  const resourceType = \"0x1::keyless_account::Groth16VerificationKey\";\n  try {\n    const { data } = await getAptosFullNode<{}, MoveResource<Groth16VerificationKeyResponse>>({\n      aptosConfig,\n      originMethod: \"getGroth16VerificationKeyResource\",\n      path: `accounts/${AccountAddress.from(\"0x1\").toString()}/resource/${resourceType}`,\n      params: { ledger_version: options?.ledgerVersion },\n    });\n    return data.data;\n  } catch (error) {\n    throw KeylessError.fromErrorType({\n      type: KeylessErrorType.FULL_NODE_VERIFICATION_KEY_LOOKUP_ERROR,\n      error,\n    });\n  }\n}\n\nexport async function getKeylessJWKs(args: {\n  aptosConfig: AptosConfig;\n  jwkAddr?: AccountAddressInput;\n  options?: LedgerVersionArg;\n}): Promise<Map<string, MoveJWK[]>> {\n  const { aptosConfig, jwkAddr, options } = args;\n  let resource: MoveResource<PatchedJWKsResponse>;\n  if (!jwkAddr) {\n    const resourceType = \"0x1::jwks::PatchedJWKs\";\n    const { data } = await getAptosFullNode<{}, MoveResource<PatchedJWKsResponse>>({\n      aptosConfig,\n      originMethod: \"getKeylessJWKs\",\n      path: `accounts/0x1/resource/${resourceType}`,\n      params: { ledger_version: options?.ledgerVersion },\n    });\n    resource = data;\n  } else {\n    const resourceType = \"0x1::jwks::FederatedJWKs\";\n    const { data } = await getAptosFullNode<{}, MoveResource<PatchedJWKsResponse>>({\n      aptosConfig,\n      originMethod: \"getKeylessJWKs\",\n      path: `accounts/${AccountAddress.from(jwkAddr).toString()}/resource/${resourceType}`,\n      params: { ledger_version: options?.ledgerVersion },\n    });\n    resource = data;\n  }\n\n  // Create a map of issuer to JWK arrays\n  const jwkMap = new Map<string, MoveJWK[]>();\n  for (const entry of resource.data.jwks.entries) {\n    const jwks: MoveJWK[] = [];\n    for (const jwkStruct of entry.jwks) {\n      const { data: jwkData } = jwkStruct.variant;\n      const deserializer = new Deserializer(Hex.fromHexInput(jwkData).toUint8Array());\n      const jwk = MoveJWK.deserialize(deserializer);\n      jwks.push(jwk);\n    }\n    jwkMap.set(hexToAsciiString(entry.issuer), jwks);\n  }\n\n  return jwkMap;\n}\n\nexport class MoveJWK extends Serializable {\n  public kid: string;\n\n  public kty: string;\n\n  public alg: string;\n\n  public e: string;\n\n  public n: string;\n\n  constructor(args: { kid: string; kty: string; alg: string; e: string; n: string }) {\n    super();\n    const { kid, kty, alg, e, n } = args;\n    this.kid = kid;\n    this.kty = kty;\n    this.alg = alg;\n    this.e = e;\n    this.n = n;\n  }\n\n  serialize(serializer: Serializer): void {\n    serializer.serializeStr(this.kid);\n    serializer.serializeStr(this.kty);\n    serializer.serializeStr(this.alg);\n    serializer.serializeStr(this.e);\n    serializer.serializeStr(this.n);\n  }\n\n  static fromMoveStruct(struct: MoveAnyStruct): MoveJWK {\n    const { data } = struct.variant;\n    const deserializer = new Deserializer(Hex.fromHexInput(data).toUint8Array());\n    return MoveJWK.deserialize(deserializer);\n  }\n\n  toScalar(): bigint {\n    if (this.alg !== \"RS256\") {\n      throw KeylessError.fromErrorType({\n        type: KeylessErrorType.PROOF_VERIFICATION_FAILED,\n        details:\n          \"Failed to convert JWK to scalar when calculating the public inputs hash. Only RSA 256 is supported currently\",\n      });\n    }\n    const uint8Array = base64UrlToBytes(this.n);\n    const chunks = chunkInto24Bytes(uint8Array.reverse());\n    const scalars = chunks.map((chunk) => bytesToBigIntLE(chunk));\n    scalars.push(256n); // Add the modulus size\n    return poseidonHash(scalars);\n  }\n\n  static deserialize(deserializer: Deserializer): MoveJWK {\n    const kid = deserializer.deserializeStr();\n    const kty = deserializer.deserializeStr();\n    const alg = deserializer.deserializeStr();\n    const e = deserializer.deserializeStr();\n    const n = deserializer.deserializeStr();\n    return new MoveJWK({ kid, kty, alg, n, e });\n  }\n}\n\nfunction chunkInto24Bytes(data: Uint8Array): Uint8Array[] {\n  const chunks: Uint8Array[] = [];\n  for (let i = 0; i < data.length; i += 24) {\n    const chunk = data.slice(i, Math.min(i + 24, data.length));\n    // Pad last chunk with zeros if needed\n    if (chunk.length < 24) {\n      const paddedChunk = new Uint8Array(24);\n      paddedChunk.set(chunk);\n      chunks.push(paddedChunk);\n    } else {\n      chunks.push(chunk);\n    }\n  }\n  return chunks;\n}\n\ninterface JwtHeader {\n  kid: string; // Key ID\n}\n/**\n * Safely parses the JWT header.\n * @param jwtHeader The JWT header string\n * @returns Parsed JWT header as an object.\n */\nexport function parseJwtHeader(jwtHeader: string): JwtHeader {\n  try {\n    const header = JSON.parse(jwtHeader);\n    if (header.kid === undefined) {\n      throw new Error(\"JWT header missing kid\");\n    }\n    return header;\n  } catch (error) {\n    throw new Error(\"Failed to parse JWT header.\");\n  }\n}\n"],"mappings":"AAIA,OAAqB,aAAAA,MAAiB,aACtC,OAAS,YAAAC,OAAgB,qBACzB,OAAS,oBAAAC,OAAmC,cAC5C,OAAS,aAAAC,MAAiB,cAC1B,OAAS,gBAAAC,EAAc,gBAAAC,EAAc,cAAAC,MAAkB,YACvD,OAAS,OAAAC,EAAK,oBAAAC,OAAwB,SACtC,OAEE,+BAAAC,EACA,uBAAAC,GACA,iBAAAC,GACA,cAAAC,MAGK,cACP,OAAS,sBAAAC,EAAoB,sBAAAC,MAA0B,cACvD,OAAS,mBAAAC,EAAiB,mBAAAC,EAAiB,kBAAAC,EAAgB,0BAAAC,GAAwB,gBAAAC,MAAoB,aACvG,OAAS,qBAAAC,OAAyB,uBAClC,OAAS,SAAAC,OAAa,UACtB,OAAS,oBAAAC,EAAkB,oBAAAC,OAAwB,YAQnD,OAAS,oBAAAC,MAAwB,eACjC,OAAS,gBAAAC,OAAoB,sBAC7B,OAAS,kBAAAC,MAA2C,oBACpD,OAAS,oBAAAC,GAAkB,mBAAAC,GAAiB,gBAAAC,OAAoB,cAChE,OAAS,gBAAAC,EAAc,oBAAAC,MAAwB,eAC/C,OAAS,SAAAC,MAAa,sBACtB,OAAS,mBAAAC,OAAuB,+BAChC,OAAS,6BAAAC,OAAiC,qBAC1C,OAAS,UAAAC,OAAc,YACvB,OAAS,0BAAAC,OAA8B,QAQhC,MAAMC,GAAmB,IAKnBC,EAAoB,IAKpBC,GAAoB,GAKpBC,GAAoB,IAKpBC,GAAoB,IAKpBC,GAAwB,IAKxBC,GAA2B,IAK3BC,GAAyB,GAYzBC,EAAN,MAAMA,UAAyB3C,EAAiB,CAqCrD,YAAY4C,EAAaC,EAAwB,CAC/C,MAAM,EACN,MAAMC,EAAWzC,EAAI,aAAawC,CAAY,EAAE,aAAa,EAC7D,GAAIC,EAAS,SAAWH,EAAiB,qBACvC,MAAM,IAAI,MAAM,2CAA2CA,EAAiB,oBAAoB,EAAE,EAEpG,KAAK,IAAMC,EACX,KAAK,aAAeE,CACtB,CASA,SAA6B,CAC3B,MAAMC,EAAa,IAAI3C,EACvB,OAAA2C,EAAW,sBAAsBvC,GAAoB,OAAO,EAC5DuC,EAAW,oBAAoB,KAAK,WAAW,CAAC,EACzC7B,GAAkB,mBAAmB,CAC1C,OAAQT,GAAc,UACtB,MAAOsC,EAAW,aAAa,CACjC,CAAC,CACH,CAcA,gBAAgBC,EAKJ,CACV,GAAI,CACF,OAAAC,EAAuC,CAAE,GAAGD,EAAM,UAAW,IAAK,CAAC,EAC5D,EACT,OAASE,EAAO,CACd,GAAIA,aAAiBtB,EACnB,MAAO,GAET,MAAMsB,CACR,CACF,CAYA,MAAM,qBAAqBF,EAKN,CACnB,OAAOG,GAAuB,CAC5B,GAAGH,EACH,UAAW,IACb,CAAC,CACH,CAeA,UAAUD,EAA8B,CACtCA,EAAW,aAAa,KAAK,GAAG,EAChCA,EAAW,eAAe,KAAK,YAAY,CAC7C,CAWA,OAAO,YAAYK,EAA8C,CAC/D,MAAMR,EAAMQ,EAAa,eAAe,EAClCC,EAAcD,EAAa,iBAAiB,EAClD,OAAO,IAAIT,EAAiBC,EAAKS,CAAW,CAC9C,CAaA,OAAO,KAAKD,EAA8C,CACxD,MAAMR,EAAMQ,EAAa,eAAe,EAClCC,EAAcD,EAAa,iBAAiB,EAClD,OAAO,IAAIT,EAAiBC,EAAKS,CAAW,CAC9C,CAUA,OAAO,YAAYC,EAAqD,CACtE,OAAOA,aAAqBX,CAC9B,CAcA,OAAO,OAAOK,EAMO,CACnB,OAAAO,EAAoBP,CAAI,EACjB,IAAIL,EAAiBK,EAAK,IAAKO,EAAoBP,CAAI,CAAC,CACjE,CAcA,OAAO,iBAAiBA,EAA4E,CAClG,KAAM,CAAE,IAAAQ,EAAK,OAAAC,EAAQ,OAAAC,EAAS,KAAM,EAAIV,EAClCW,EAAa7D,EAAkD0D,CAAG,EACxE,GAAI,OAAOG,EAAW,KAAQ,SAC5B,MAAM,IAAI,MAAM,mBAAmB,EAErC,GAAI,OAAOA,EAAW,KAAQ,SAC5B,MAAM,IAAI,MAAM,yCAAyC,EAE3D,MAAMC,EAASD,EAAWD,CAAM,EAChC,OAAOf,EAAiB,OAAO,CAAE,IAAKgB,EAAW,IAAK,OAAAD,EAAQ,OAAAE,EAAQ,IAAKD,EAAW,IAAK,OAAAF,CAAO,CAAC,CACrG,CAUA,OAAO,WAAWH,EAAsB,CACtC,MACE,QAASA,GACT,OAAOA,EAAU,KAAQ,UACzB,iBAAkBA,GAClBA,EAAU,wBAAwB,UAEtC,CACF,EAjPaX,EAMK,qBAA+B,GAN1C,IAAMkB,EAANlB,EAmPP,eAAsBQ,GAAuBH,EAQxB,CACnB,KAAM,CACJ,YAAAc,EACA,UAAAR,EACA,QAAAS,EACA,UAAAC,EACA,IAAAC,EACA,cAAAC,EAAgB,MAAMC,GAAiB,CAAE,YAAAL,CAAY,CAAC,EACtD,QAAAM,CACF,EAAIpB,EACJ,GAAI,CACF,GAAI,EAAEgB,aAAqBK,GACzB,MAAMzC,EAAa,cAAc,CAC/B,KAAMC,EAAiB,uBACvB,QAAS,yBACX,CAAC,EAEH,OAAAoB,EAAuC,CACrC,QAAAc,EACA,UAAAT,EACA,UAAAU,EACA,IAAKC,GAAY,MAAMK,GAAS,CAAE,YAAAR,EAAa,UAAAR,EAAW,IAAKU,EAAU,UAAU,CAAE,CAAC,EACtF,cAAAE,CACF,CAAC,EACM,EACT,OAAShB,EAAO,CACd,GAAIkB,GAAS,qBACX,MAAMlB,EAER,MAAO,EACT,CACF,CAaO,SAASD,EAAuCD,EAM9C,CACP,KAAM,CAAE,UAAAM,EAAW,QAAAS,EAAS,UAAAC,EAAW,cAAAE,EAAe,IAAAD,CAAI,EAAIjB,EACxD,CAAE,gBAAAuB,EAAiB,kBAAAC,EAAmB,qBAAAC,CAAqB,EAAIP,EACrE,GAAI,EAAEF,aAAqBK,GACzB,MAAMzC,EAAa,cAAc,CAC/B,KAAMC,EAAiB,uBACvB,QAAS,yBACX,CAAC,EAEH,GAAI,EAAEmC,EAAU,qBAAqB,qBAAqBU,GACxD,MAAM9C,EAAa,cAAc,CAC/B,KAAMC,EAAiB,uBACvB,QAAS,2CACX,CAAC,EAEH,MAAM8C,EAAQX,EAAU,qBAAqB,UAC7C,GAAI,EAAEW,EAAM,MAAM,iBAAiBC,GACjC,MAAMhD,EAAa,cAAc,CAC/B,KAAMC,EAAiB,uBACvB,QAAS,gDACX,CAAC,EAEH,MAAMgD,EAAeF,EAAM,MAAM,MACjC,GAAIX,EAAU,eAAiBrC,GAAa,EAC1C,MAAMC,EAAa,cAAc,CAC/B,KAAMC,EAAiB,kBACvB,QAAS,mCACX,CAAC,EAEH,GAAI8C,EAAM,eAAiBH,EACzB,MAAM5C,EAAa,cAAc,CAC/B,KAAMC,EAAiB,2BACzB,CAAC,EAEH,GAAI,CAACmC,EAAU,mBAAmB,gBAAgB,CAAE,QAAAD,EAAS,UAAWC,EAAU,kBAAmB,CAAC,EACpG,MAAMpC,EAAa,cAAc,CAC/B,KAAMC,EAAiB,uCACzB,CAAC,EAEH,MAAMiD,EAAmBC,GAAoB,CAAE,UAAAzB,EAAW,UAAAU,EAAW,IAAAC,EAAK,cAAAC,CAAc,CAAC,EACzF,GAAI,CAACK,EAAgB,YAAY,CAAE,iBAAAO,EAAkB,aAAAD,CAAa,CAAC,EACjE,MAAMjD,EAAa,cAAc,CAC/B,KAAMC,EAAiB,yBACzB,CAAC,EAEH,GAAI4C,EAAsB,CACxB,GAAI,CAACE,EAAM,wBACT,MAAM/C,EAAa,cAAc,CAC/B,KAAMC,EAAiB,iCACzB,CAAC,EAEH,MAAMmD,EAAoB,IAAIC,EAAyBJ,EAAcC,CAAgB,EACrF,GACE,CAACL,EAAqB,gBAAgB,CACpC,QAASO,EAAkB,KAAK,EAChC,UAAWL,EAAM,uBACnB,CAAC,EAED,MAAM/C,EAAa,cAAc,CAC/B,KAAMC,EAAiB,6CACzB,CAAC,CAEL,CACF,CAUA,SAASkD,GAAoB/B,EAKlB,CACT,KAAM,CAAE,UAAAM,EAAW,UAAAU,EAAW,IAAAC,EAAK,cAAAC,CAAc,EAAIlB,EAC/CkC,EAAwB5B,aAAqBO,EAAmBP,EAAYA,EAAU,iBAC5F,GAAI,EAAEU,EAAU,qBAAqB,qBAAqBU,GACxD,MAAM,IAAI,MAAM,qCAAqC,EAEvD,MAAMS,EAAQnB,EAAU,qBAAqB,UACvCoB,EAAS,CAAC,EAChB,OAAAA,EAAO,KACL,GAAGpE,GAAuBgD,EAAU,mBAAmB,aAAa,EAAGE,EAAc,mBAAmB,CAC1G,EACAkB,EAAO,KAAKtE,EAAgBoE,EAAsB,YAAY,CAAC,EAC/DE,EAAO,KAAKpB,EAAU,cAAc,EACpCoB,EAAO,KAAKD,EAAM,cAAc,EAChCC,EAAO,KAAKrE,EAAemE,EAAsB,IAAKhB,EAAc,cAAc,CAAC,EAC9EiB,EAAM,YAITC,EAAO,KAAK,EAAE,EACdA,EAAO,KAAKrE,EAAeoE,EAAM,WAAYjB,EAAc,kBAAkB,CAAC,IAJ9EkB,EAAO,KAAK,EAAE,EACdA,EAAO,KAAKrE,EAAe,IAAKmD,EAAc,kBAAkB,CAAC,GAKnEkB,EAAO,KAAKrE,EAAekB,GAAO+B,EAAU,UAAW,EAAI,EAAI,IAAKE,EAAc,oBAAoB,CAAC,EACvGkB,EAAO,KAAKnB,EAAI,SAAS,CAAC,EACrBkB,EAAM,gBAITC,EAAO,KAAKrE,EAAeoE,EAAM,eAAgB/C,CAAiB,CAAC,EACnEgD,EAAO,KAAK,EAAE,IAJdA,EAAO,KAAKrE,EAAe,GAAIqB,CAAiB,CAAC,EACjDgD,EAAO,KAAK,EAAE,GAKTnE,EAAamE,CAAM,CAC5B,CAUA,eAAsBd,GAAStB,EAIV,CACnB,KAAM,CAAE,YAAAc,EAAa,UAAAR,EAAW,IAAA+B,CAAI,EAAIrC,EAClCsC,EAAgBhC,aAAqBO,EAAmBP,EAAYA,EAAU,iBAC9E,CAAE,IAAAV,CAAI,EAAI0C,EAEhB,IAAIC,EACJ,MAAMC,EAAUlC,aAAqBtB,GAA4BsB,EAAU,WAAa,OACxF,GAAI,CACFiC,EAAU,MAAME,GAAe,CAAE,YAAA3B,EAAa,QAAA0B,CAAQ,CAAC,CACzD,OAAStC,EAAO,CACd,MAAMtB,EAAa,cAAc,CAC/B,KAAMC,EAAiB,4BACvB,MAAAqB,EACA,QAAS,mBAAmBsC,EAAU,YAAc,SAAS,QAAQA,EAAU,eAAeA,CAAO,GAAK,KAAK,EACjH,CAAC,CACH,CAGA,MAAME,EAAgBH,EAAQ,IAAI3C,CAAG,EAErC,GAAI8C,IAAkB,OACpB,MAAM9D,EAAa,cAAc,CAC/B,KAAMC,EAAiB,+BACvB,QAAS,mBAAmBe,CAAG,aACjC,CAAC,EAIH,MAAMqB,EAAMyB,EAAc,KAAMC,GAAQA,EAAI,MAAQN,CAAG,EAEvD,GAAIpB,IAAQ,OACV,MAAMrC,EAAa,cAAc,CAC/B,KAAMC,EAAiB,0BACvB,QAAS,iBAAiBwD,CAAG,iBAAiBzC,CAAG,cACnD,CAAC,EAGH,OAAOqB,CACT,CAEA,SAASV,EAAoBP,EAAqF,CAChH,KAAM,CAAE,OAAAU,EAAQ,OAAAE,EAAQ,IAAAgC,EAAK,OAAAnC,CAAO,EAAIT,EAElCoC,EAAS,CACbtE,EAAgBT,EAAI,aAAaoD,CAAM,EAAE,aAAa,CAAC,EACvD1C,EAAe6E,EAAKxD,CAAiB,EACrCrB,EAAe6C,EAAQtB,EAAiB,EACxCvB,EAAe2C,EAAQrB,EAAiB,CAC1C,EAEA,OAAOxB,EAAgBI,EAAamE,CAAM,EAAGvB,EAAiB,oBAAoB,CACpF,CAOO,MAAMQ,UAAyBpE,CAAU,CAoC9C,YAAY+C,EAMT,CACD,MAAM,EACN,KAAM,CAAE,UAAA6C,EAAW,qBAAAC,EAAsB,eAAAC,EAAgB,mBAAAC,EAAoB,mBAAAC,CAAmB,EAAIjD,EACpG,KAAK,UAAY6C,EACjB,KAAK,qBAAuBC,EAC5B,KAAK,eAAiBC,EACtB,KAAK,mBAAqBC,EAC1B,KAAK,mBAAqBC,CAC5B,CAOA,WAAoB,CAClB,OAAOC,GAAe,KAAK,SAAS,EAAE,GACxC,CAEA,UAAUnD,EAA8B,CACtC,KAAK,qBAAqB,UAAUA,CAAU,EAC9CA,EAAW,aAAa,KAAK,SAAS,EACtCA,EAAW,aAAa,KAAK,cAAc,EAC3C,KAAK,mBAAmB,UAAUA,CAAU,EAC5C,KAAK,mBAAmB,UAAUA,CAAU,CAC9C,CAEA,OAAO,YAAYK,EAA8C,CAC/D,MAAM0C,EAAuBK,EAAqB,YAAY/C,CAAY,EACpEyC,EAAYzC,EAAa,eAAe,EACxC2C,EAAiB3C,EAAa,eAAe,EAC7C4C,EAAqBrF,EAAmB,YAAYyC,CAAY,EAChE6C,EAAqBrF,EAAmB,YAAYwC,CAAY,EACtE,OAAO,IAAIiB,EAAiB,CAC1B,UAAAwB,EACA,eAAgB,OAAOE,CAAc,EACrC,qBAAAD,EACA,mBAAAE,EACA,mBAAAC,CACF,CAAC,CACH,CAEA,OAAO,wBAA2C,CAChD,OAAO,IAAI5B,EAAiB,CAC1B,UAAW,KACX,qBAAsB,IAAI8B,EACxB,IAAIzB,EAAiB,CACnB,MAAO,IAAI0B,EACT,IAAIxB,EAAW,CAAE,EAAG,IAAI,WAAW,EAAE,EAAG,EAAG,IAAI,WAAW,EAAE,EAAG,EAAG,IAAI,WAAW,EAAE,CAAE,CAAC,EACtFlE,EAAW,OACb,EACA,eAAgB,CAClB,CAAC,EACDH,EAA4B,OAC9B,EACA,eAAgB,EAChB,mBAAoB,IAAII,EAAmB,IAAIS,EAAiB,IAAI,WAAW,EAAE,CAAC,CAAC,EACnF,mBAAoB,IAAIR,EAAmB,IAAIS,GAAiB,IAAI,WAAW,EAAE,CAAC,CAAC,CACrF,CAAC,CACH,CAEA,OAAO,YAAY2C,EAAqD,CACtE,OAAOA,aAAqBK,CAC9B,CACF,CAUO,MAAM8B,UAA6BlG,CAAU,CAUlD,YAAY+D,EAAsBqC,EAAsC,CACtE,MAAM,EACN,KAAK,UAAYrC,EACjB,KAAK,QAAUqC,CACjB,CASA,cAA2B,CACzB,OAAO,KAAK,UAAU,aAAa,CACrC,CAEA,UAAUtD,EAA8B,CACtCA,EAAW,sBAAsB,KAAK,OAAO,EAC7C,KAAK,UAAU,UAAUA,CAAU,CACrC,CAEA,OAAO,YAAYK,EAAkD,CACnE,MAAMiD,EAAUjD,EAAa,wBAAwB,EACrD,OAAQiD,EAAS,CACf,KAAK9F,EAA4B,QAC/B,OAAO,IAAI4F,EAAqBzB,EAAiB,YAAYtB,CAAY,EAAGiD,CAAO,EACrF,QACE,MAAM,IAAI,MAAM,mDAAmDA,CAAO,EAAE,CAChF,CACF,CACF,CAUA,MAAMC,EAAN,MAAMA,UAAgBnG,CAAa,CAKjC,YAAYoG,EAAgB,CAG1B,GAFA,MAAM,EACN,KAAK,KAAOlG,EAAI,aAAakG,CAAI,EAAE,aAAa,EAC5C,KAAK,KAAK,SAAW,GACvB,MAAM,IAAI,MAAM,4BAA4B,CAEhD,CAEA,UAAUxD,EAA8B,CACtCA,EAAW,oBAAoB,KAAK,IAAI,CAC1C,CAEA,OAAO,YAAYK,EAAqC,CACtD,MAAMoD,EAAQpD,EAAa,sBAAsB,EAAE,EACnD,OAAO,IAAIkD,EAAQE,CAAK,CAC1B,CAGA,SAAoB,CAClB,MAAMC,EAAQ,KAAK,kBAAkB,EACrC,MAAO,CAACA,EAAM,EAAE,SAAS,EAAGA,EAAM,EAAE,SAAS,EAAGA,EAAM,GAAG,SAAS,CAAC,CACrE,CAMA,mBAA2C,CACzC,MAAMD,EAAQ,IAAI,WAAW,KAAK,IAAI,EAEtCA,EAAM,QAAQ,EAEd,MAAME,GAASF,EAAM,CAAC,EAAI,MAAS,EAC7B,CAAE,GAAAG,CAAG,EAAI7E,EAAM,OACf8E,EAAID,EAAG,OAAOE,EAAiBL,CAAK,CAAC,EACrCM,EAAIH,EAAG,KAAKA,EAAG,IAAIA,EAAG,IAAIC,EAAG,EAAE,EAAGN,EAAQ,CAAC,CAAC,EAC5CS,EAAOJ,EAAG,IAAIG,CAAC,EACfE,EAASF,EAAIC,IAAUL,IAAU,GAAKI,EAAIC,EAChD,OAAOjF,EAAM,GAAG,gBAAgB,WAAW,CACzC,EAAG8E,EACH,EAAGI,CACL,CAAC,CACH,CACF,EAhDMV,EACoB,EAAIxE,EAAM,OAAO,GAAG,OAAO,EAAE,EADvD,IAAMmF,EAANX,EAkDA,SAASO,EAAiBL,EAA2B,CACnD,GAAIA,EAAM,SAAW,GACnB,MAAM,IAAI,MAAM,0BAA0B,EAG5C,MAAMU,EAAS,IAAI,WAAWV,CAAK,EACnC,OAAAU,EAAO,CAAC,EAAIA,EAAO,CAAC,EAAI,GACjBnF,GAAgBmF,CAAM,CAC/B,CAUA,MAAMC,EAAN,MAAMA,UAAgBhH,CAAa,CAWjC,YAAYoG,EAAgB,CAG1B,GAFA,MAAM,EACN,KAAK,KAAOlG,EAAI,aAAakG,CAAI,EAAE,aAAa,EAC5C,KAAK,KAAK,SAAW,GACvB,MAAM,IAAI,MAAM,4BAA4B,CAEhD,CAEA,UAAUxD,EAA8B,CACtCA,EAAW,oBAAoB,KAAK,IAAI,CAC1C,CAEA,OAAO,YAAYK,EAAqC,CACtD,MAAMoD,EAAQpD,EAAa,sBAAsB,EAAE,EACnD,OAAO,IAAI+D,EAAQX,CAAK,CAC1B,CAGA,SAA8B,CAC5B,MAAMC,EAAQ,KAAK,kBAAkB,EACrC,MAAO,CACL,CACEA,EAAM,EAAE,GAAG,SAAS,EACpBA,EAAM,EAAE,GAAG,SAAS,CACtB,EACA,CACEA,EAAM,EAAE,GAAG,SAAS,EACpBA,EAAM,EAAE,GAAG,SAAS,CACtB,EACA,CACEA,EAAM,GAAG,GAAG,SAAS,EACrBA,EAAM,GAAG,GAAG,SAAS,CACvB,CACF,CACF,CAEA,mBAAwC,CACtC,MAAMD,EAAQ,IAAI,WAAW,KAAK,IAAI,EAEhCY,EAAKZ,EAAM,MAAM,EAAG,EAAE,EAAE,QAAQ,EAChCa,EAAKb,EAAM,MAAM,GAAI,EAAE,EAAE,QAAQ,EAEjCE,GAASW,EAAG,CAAC,EAAI,MAAS,EAC1B,CAAE,IAAAC,CAAI,EAAIxF,EAAM,OAChB8E,EAAIU,EAAI,aAAa,CAACT,EAAiBO,CAAE,EAAGP,EAAiBQ,CAAE,CAAC,CAAC,EACjEP,EAAIQ,EAAI,KAAKA,EAAI,IAAIA,EAAI,IAAIV,EAAG,EAAE,EAAGO,EAAQ,CAAC,CAAC,EAC/CJ,EAAOO,EAAI,IAAIR,CAAC,EAEhBE,GADqBF,EAAE,GAAKC,EAAK,IAAOD,EAAE,KAAOC,EAAK,IAAMD,EAAE,GAAKC,EAAK,OACvCL,IAAU,GAAKI,EAAIC,EAC1D,OAAOjF,EAAM,GAAG,gBAAgB,WAAW,CACzC,EAAG8E,EACHI,CACF,CAAC,CACH,CACF,EAjEMG,EAIoB,EAAIrF,EAAM,OAAO,IAAI,aAAa,CACxD,+EACA,4EACF,CAAC,EAPH,IAAMyF,EAANJ,EA2EO,MAAMvC,UAAmBzD,EAAM,CAsBpC,YAAY6B,EAAiD,CAC3D,MAAM,EACN,KAAM,CAAE,EAAAwE,EAAG,EAAAC,EAAG,EAAAC,CAAE,EAAI1E,EACpB,KAAK,EAAI,IAAIiE,EAAQO,CAAC,EACtB,KAAK,EAAI,IAAID,EAAQE,CAAC,EACtB,KAAK,EAAI,IAAIR,EAAQS,CAAC,CACxB,CAEA,UAAU3E,EAA8B,CACtC,KAAK,EAAE,UAAUA,CAAU,EAC3B,KAAK,EAAE,UAAUA,CAAU,EAC3B,KAAK,EAAE,UAAUA,CAAU,CAC7B,CAEA,OAAO,YAAYK,EAAwC,CACzD,MAAMoE,EAAIP,EAAQ,YAAY7D,CAAY,EAAE,WAAW,EACjDqE,EAAIF,EAAQ,YAAYnE,CAAY,EAAE,WAAW,EACjDsE,EAAIT,EAAQ,YAAY7D,CAAY,EAAE,WAAW,EACvD,OAAO,IAAIwB,EAAW,CAAE,EAAA4C,EAAG,EAAAC,EAAG,EAAAC,CAAE,CAAC,CACnC,CAEA,eAAgB,CACd,MAAO,CACL,SAAU,UACV,MAAO,QACP,KAAM,KAAK,EAAE,QAAQ,EACrB,KAAM,KAAK,EAAE,QAAQ,EACrB,KAAM,KAAK,EAAE,QAAQ,CACvB,CACF,CACF,CAUO,MAAMzC,UAAiC9E,CAAa,CAsBzD,YAAYgF,EAAmBL,EAAqC,CAClE,MAAM,EAHR,KAAS,gBAAkB,kCAIzB,QAAK,MAAQK,EACb,KAAK,iBACH,OAAOL,GAAqB,SACxBjE,EAAgBiE,EAAkB,EAAE,EACpCzE,EAAI,aAAayE,CAAgB,EAAE,aAAa,EAClD,KAAK,iBAAiB,SAAW,GACnC,MAAM,IAAI,MAAM,4BAA4B,CAEhD,CAEA,UAAU/B,EAA8B,CACtC,KAAK,MAAM,UAAUA,CAAU,EAC/BA,EAAW,oBAAoB,KAAK,gBAAgB,CACtD,CAEA,OAAO,YAAYK,EAAsD,CACvE,OAAO,IAAI6B,EAAyBL,EAAW,YAAYxB,CAAY,EAAGA,EAAa,sBAAsB,EAAE,CAAC,CAClH,CAEA,MAAmB,CACjB,OAAOlB,GAAuB,KAAK,WAAW,EAAG,KAAK,eAAe,CACvE,CACF,CASO,MAAMkE,UAAgBjG,CAAa,CAUxC,YAAYgF,EAAckB,EAAqB,CAC7C,MAAM,EACN,KAAK,MAAQlB,EACb,KAAK,QAAUkB,CACjB,CAEA,UAAUtD,EAA8B,CACtCA,EAAW,sBAAsB,KAAK,OAAO,EAC7C,KAAK,MAAM,UAAUA,CAAU,CACjC,CAEA,OAAO,YAAYK,EAAqC,CACtD,MAAMiD,EAAUjD,EAAa,wBAAwB,EACrD,OAAQiD,EAAS,CACf,KAAK3F,EAAW,QACd,OAAO,IAAI0F,EAAQxB,EAAW,YAAYxB,CAAY,EAAGiD,CAAO,EAClE,QACE,MAAM,IAAI,MAAM,sCAAsCA,CAAO,EAAE,CACnE,CACF,CACF,CASO,MAAM3B,UAAyBzE,CAAU,CAqC9C,YAAY+C,EAMT,CACD,MAAM,EACN,KAAM,CAAE,MAAAmC,EAAO,eAAAwC,EAAgB,wBAAAC,EAAyB,WAAAC,EAAY,eAAAC,CAAe,EAAI9E,EACvF,KAAK,MAAQmC,EACb,KAAK,eAAiBwC,EACtB,KAAK,wBAA0BC,EAC/B,KAAK,WAAaC,EAClB,KAAK,eAAiBC,CACxB,CAUA,OAAO,UAAUtB,EAAqC,CACpD,OAAO9B,EAAiB,YAAY,IAAIxE,EAAasG,CAAK,CAAC,CAC7D,CAEA,UAAUzD,EAA8B,CACtC,KAAK,MAAM,UAAUA,CAAU,EAC/BA,EAAW,aAAa,KAAK,cAAc,EAC3CA,EAAW,gBAAgB,KAAK,UAAU,EAC1CA,EAAW,gBAAgB,KAAK,cAAc,EAC9CA,EAAW,gBAAgB,KAAK,uBAAuB,CACzD,CAEA,OAAO,YAAYK,EAA8C,CAC/D,MAAM+B,EAAQiB,EAAQ,YAAYhD,CAAY,EACxCuE,EAAiB,OAAOvE,EAAa,eAAe,CAAC,EACrDyE,EAAazE,EAAa,kBAAkB,QAAQ,EACpD0E,EAAiB1E,EAAa,kBAAkB,QAAQ,EACxDwE,EAA0BxE,EAAa,kBAAkBxC,CAAkB,EACjF,OAAO,IAAI8D,EAAiB,CAAE,MAAAS,EAAO,eAAAwC,EAAgB,wBAAAC,EAAyB,WAAAC,EAAY,eAAAC,CAAe,CAAC,CAC5G,CACF,CAWO,MAAMC,CAAqB,CAkDhC,YAAY/E,EAQT,CACD,KAAM,CACJ,gBAAAuB,EACA,qBAAAE,EACA,kBAAAD,EAAoBrC,GACpB,mBAAA6F,EAAqBxF,GACrB,qBAAAyF,EAAuBxF,GACvB,eAAAyF,EAAiB3F,GACjB,oBAAA4F,EAAsBzF,EACxB,EAAIM,EAEJ,KAAK,gBAAkBuB,EACvB,KAAK,kBAAoBC,EACrBC,IACF,KAAK,qBAAuB,IAAI9D,EAAmB,IAAIS,EAAiBqD,CAAoB,CAAC,GAE/F,KAAK,mBAAqBuD,EAC1B,KAAK,qBAAuBC,EAC5B,KAAK,eAAiBC,EACtB,KAAK,oBAAsBC,CAC7B,CAQA,OAAO,OAAOC,EAAqCC,EAA4D,CAC7G,OAAO,IAAIN,EAAqB,CAC9B,gBAAiB,IAAIO,EAAuB,CAC1C,QAASF,EAAI,SACb,OAAQA,EAAI,QACZ,QAASA,EAAI,SACb,WAAYA,EAAI,aAChB,QAASA,EAAI,QACf,CAAC,EACD,kBAAmB,OAAOC,EAAO,oBAAoB,EACrD,qBAAsBA,EAAO,uBAAuB,IAAI,CAAC,EACzD,mBAAoBA,EAAO,sBAC3B,qBAAsBA,EAAO,yBAC7B,eAAgBA,EAAO,kBACvB,oBAAqBA,EAAO,sBAC9B,CAAC,CACH,CACF,CAOO,MAAMC,CAAuB,CAsClC,YAAYtF,EAMT,CACD,KAAM,CAAE,QAAAuF,EAAS,OAAAC,EAAQ,QAAAC,EAAS,WAAAC,EAAY,QAAAC,CAAQ,EAAI3F,EAC1D,KAAK,QAAU,IAAIiE,EAAQsB,CAAO,EAClC,KAAK,OAAS,IAAIhB,EAAQiB,CAAM,EAChC,KAAK,QAAU,IAAIjB,EAAQkB,CAAO,EAClC,KAAK,WAAa,CAAC,IAAIxB,EAAQyB,EAAW,CAAC,CAAC,EAAG,IAAIzB,EAAQyB,EAAW,CAAC,CAAC,CAAC,EACzE,KAAK,QAAU,IAAInB,EAAQoB,CAAO,CACpC,CAQO,MAAmB,CACxB,MAAM5F,EAAa,IAAI3C,EACvB,YAAK,UAAU2C,CAAU,EAClBhD,GAAS,OAAO,EAAE,OAAOgD,EAAW,aAAa,CAAC,EAAE,OAAO,CACpE,CAEA,UAAUA,EAA8B,CACtC,KAAK,QAAQ,UAAUA,CAAU,EACjC,KAAK,OAAO,UAAUA,CAAU,EAChC,KAAK,QAAQ,UAAUA,CAAU,EACjC,KAAK,WAAW,CAAC,EAAE,UAAUA,CAAU,EACvC,KAAK,WAAW,CAAC,EAAE,UAAUA,CAAU,EACvC,KAAK,QAAQ,UAAUA,CAAU,CACnC,CAeA,OAAO,mCAAmCqF,EAA6D,CACrG,OAAO,IAAIE,EAAuB,CAChC,QAASF,EAAI,SACb,OAAQA,EAAI,QACZ,QAASA,EAAI,SACb,WAAYA,EAAI,aAChB,QAASA,EAAI,QACf,CAAC,CACH,CASA,YAAYpF,EAAuE,CACjF,KAAM,CAAE,iBAAA8B,EAAkB,aAAAD,CAAa,EAAI7B,EAE3C,GAAI,CAEF,MAAM4F,EAAS/D,EAAa,EAAE,kBAAkB,EAC1CgE,EAAShE,EAAa,EAAE,kBAAkB,EAC1CiE,EAASjE,EAAa,EAAE,kBAAkB,EAG1CkE,EAAW,KAAK,QAAQ,kBAAkB,EAC1CC,EAAU,KAAK,OAAO,kBAAkB,EACxCC,EAAW,KAAK,QAAQ,kBAAkB,EAC1CC,EAAW,KAAK,QAAQ,kBAAkB,EAC1CC,EAAO,KAAK,WAAW,IAAKC,IAAOA,GAAG,kBAAkB,CAAC,EAEzD,CAAE,KAAAC,CAAK,EAAIvH,EAAM,OAQvB,IAAIwH,EAAQH,EAAK,CAAC,EAAE,IAAIA,EAAK,CAAC,EAAE,SAASrE,CAAgB,CAAC,EAE1D,MAAMyE,EAAoBzH,EAAM,QAAQwH,EAAOL,CAAQ,EAEjDO,GAAY1H,EAAM,QAAQ8G,EAAQC,CAAM,EAExCY,GAAmB3H,EAAM,QAAQiH,EAAUC,CAAO,EAElDU,GAAgB5H,EAAM,QAAQgH,EAAQI,CAAQ,EAE9CS,GAAUN,EAAK,IAAII,GAAkBJ,EAAK,IAAIE,EAAmBG,EAAa,CAAC,EAErF,OAAOL,EAAK,IAAIG,GAAWG,EAAO,CACpC,OAASzG,EAAO,CACd,MAAMtB,EAAa,cAAc,CAC/B,KAAMC,EAAiB,0BACvB,MAAAqB,EACA,QAAS,yDACX,CAAC,CACH,CACF,CASA,eAAgB,CACd,MAAO,CACL,SAAU,UACV,MAAO,QACP,QAAS,EACT,WAAY,KAAK,QAAQ,QAAQ,EACjC,UAAW,KAAK,OAAO,QAAQ,EAC/B,WAAY,KAAK,QAAQ,QAAQ,EACjC,WAAY,KAAK,QAAQ,QAAQ,EACjC,GAAI,KAAK,WAAW,IAAKkG,GAAOA,EAAG,QAAQ,CAAC,CAC9C,CACF,CACF,CAcA,eAAsBjF,GAAiBnB,EAGL,CAChC,KAAM,CAAE,YAAAc,CAAY,EAAId,EACxB,GAAI,CACF,OAAO,MAAMzB,GACX,SAAY,CACV,KAAM,CAAC8G,EAAQuB,CAAE,EAAI,MAAM,QAAQ,IAAI,CACrCC,GAAgC7G,CAAI,EACpC8G,GAAkC9G,CAAI,CACxC,CAAC,EACD,OAAO+E,EAAqB,OAAO6B,EAAIvB,CAAM,CAC/C,EACA,yBAAyBvE,EAAY,OAAO,GAC5C,IAAO,GAAK,CACd,EAAE,CACJ,OAASZ,EAAO,CACd,MAAIA,aAAiBtB,EACbsB,EAEFtB,EAAa,cAAc,CAC/B,KAAMC,EAAiB,gBACvB,MAAAqB,CACF,CAAC,CACH,CACF,CAUO,SAAS6G,GAAmB/G,EAIjC,CACA,KAAM,CAAE,IAAAQ,EAAK,OAAAE,EAAS,KAAM,EAAIV,EAChC,IAAIW,EACJ,GAAI,CACFA,EAAa7D,EAAkD0D,CAAG,CACpE,OAASN,EAAO,CACd,MAAMtB,EAAa,cAAc,CAC/B,KAAMC,EAAiB,kBACvB,QAAS,yBAAyBH,GAAgBwB,CAAK,CAAC,EAC1D,CAAC,CACH,CACA,GAAI,OAAOS,EAAW,KAAQ,SAC5B,MAAM/B,EAAa,cAAc,CAC/B,KAAMC,EAAiB,kBACvB,QAAS,gEACX,CAAC,EAEH,GAAI,OAAO8B,EAAW,KAAQ,SAC5B,MAAM/B,EAAa,cAAc,CAC/B,KAAMC,EAAiB,kBACvB,QAAS,qEACX,CAAC,EAEH,MAAM+B,EAASD,EAAWD,CAAM,EAChC,MAAO,CAAE,IAAKC,EAAW,IAAK,IAAKA,EAAW,IAAK,OAAAC,CAAO,CAC5D,CAaA,eAAeiG,GAAgC7G,EAGL,CACxC,KAAM,CAAE,YAAAc,EAAa,QAAAM,CAAQ,EAAIpB,EAC3BgH,EAAe,sCACrB,GAAI,CACF,KAAM,CAAE,KAAAzD,CAAK,EAAI,MAAMjF,EAAiE,CACtF,YAAAwC,EACA,aAAc,kCACd,KAAM,YAAYtC,EAAe,KAAK,KAAK,EAAE,SAAS,CAAC,aAAawI,CAAY,GAChF,OAAQ,CAAE,eAAgB5F,GAAS,aAAc,CACnD,CAAC,EACD,OAAOmC,EAAK,IACd,OAASrD,EAAO,CACd,MAAMtB,EAAa,cAAc,CAC/B,KAAMC,EAAiB,8BACvB,MAAAqB,CACF,CAAC,CACH,CACF,CAaA,eAAe4G,GAAkC9G,EAGL,CAC1C,KAAM,CAAE,YAAAc,EAAa,QAAAM,CAAQ,EAAIpB,EAC3BgH,EAAe,+CACrB,GAAI,CACF,KAAM,CAAE,KAAAzD,CAAK,EAAI,MAAMjF,EAAmE,CACxF,YAAAwC,EACA,aAAc,oCACd,KAAM,YAAYtC,EAAe,KAAK,KAAK,EAAE,SAAS,CAAC,aAAawI,CAAY,GAChF,OAAQ,CAAE,eAAgB5F,GAAS,aAAc,CACnD,CAAC,EACD,OAAOmC,EAAK,IACd,OAASrD,EAAO,CACd,MAAMtB,EAAa,cAAc,CAC/B,KAAMC,EAAiB,wCACvB,MAAAqB,CACF,CAAC,CACH,CACF,CAEA,eAAsBuC,GAAezC,EAID,CAClC,KAAM,CAAE,YAAAc,EAAa,QAAA0B,EAAS,QAAApB,CAAQ,EAAIpB,EAC1C,IAAIiH,EACJ,GAAKzE,EASE,CACL,MAAMwE,EAAe,2BACf,CAAE,KAAAzD,CAAK,EAAI,MAAMjF,EAAwD,CAC7E,YAAAwC,EACA,aAAc,iBACd,KAAM,YAAYtC,EAAe,KAAKgE,CAAO,EAAE,SAAS,CAAC,aAAawE,CAAY,GAClF,OAAQ,CAAE,eAAgB5F,GAAS,aAAc,CACnD,CAAC,EACD6F,EAAW1D,CACb,KAlBc,CACZ,MAAMyD,EAAe,yBACf,CAAE,KAAAzD,CAAK,EAAI,MAAMjF,EAAwD,CAC7E,YAAAwC,EACA,aAAc,iBACd,KAAM,yBAAyBkG,CAAY,GAC3C,OAAQ,CAAE,eAAgB5F,GAAS,aAAc,CACnD,CAAC,EACD6F,EAAW1D,CACb,CAYA,MAAM2D,EAAS,IAAI,IACnB,UAAWC,KAASF,EAAS,KAAK,KAAK,QAAS,CAC9C,MAAMG,EAAkB,CAAC,EACzB,UAAWC,KAAaF,EAAM,KAAM,CAClC,KAAM,CAAE,KAAMG,CAAQ,EAAID,EAAU,QAC9BjH,EAAe,IAAIlD,EAAaG,EAAI,aAAaiK,CAAO,EAAE,aAAa,CAAC,EACxErG,EAAMsG,EAAQ,YAAYnH,CAAY,EAC5CgH,EAAK,KAAKnG,CAAG,CACf,CACAiG,EAAO,IAAI5J,GAAiB6J,EAAM,MAAM,EAAGC,CAAI,CACjD,CAEA,OAAOF,CACT,CAEO,MAAMK,UAAgBpK,CAAa,CAWxC,YAAY6C,EAAuE,CACjF,MAAM,EACN,KAAM,CAAE,IAAAqC,EAAK,IAAAmF,EAAK,IAAAC,EAAK,EAAAC,EAAG,EAAAC,CAAE,EAAI3H,EAChC,KAAK,IAAMqC,EACX,KAAK,IAAMmF,EACX,KAAK,IAAMC,EACX,KAAK,EAAIC,EACT,KAAK,EAAIC,CACX,CAEA,UAAU5H,EAA8B,CACtCA,EAAW,aAAa,KAAK,GAAG,EAChCA,EAAW,aAAa,KAAK,GAAG,EAChCA,EAAW,aAAa,KAAK,GAAG,EAChCA,EAAW,aAAa,KAAK,CAAC,EAC9BA,EAAW,aAAa,KAAK,CAAC,CAChC,CAEA,OAAO,eAAe6H,EAAgC,CACpD,KAAM,CAAE,KAAArE,CAAK,EAAIqE,EAAO,QAClBxH,EAAe,IAAIlD,EAAaG,EAAI,aAAakG,CAAI,EAAE,aAAa,CAAC,EAC3E,OAAOgE,EAAQ,YAAYnH,CAAY,CACzC,CAEA,UAAmB,CACjB,GAAI,KAAK,MAAQ,QACf,MAAMxB,EAAa,cAAc,CAC/B,KAAMC,EAAiB,0BACvB,QACE,8GACJ,CAAC,EAEH,MAAMgJ,EAAapJ,GAAiB,KAAK,CAAC,EAEpCqJ,EADSC,GAAiBF,EAAW,QAAQ,CAAC,EAC7B,IAAKG,GAAUlK,EAAgBkK,CAAK,CAAC,EAC5D,OAAAF,EAAQ,KAAK,IAAI,EACV7J,EAAa6J,CAAO,CAC7B,CAEA,OAAO,YAAY1H,EAAqC,CACtD,MAAMiC,EAAMjC,EAAa,eAAe,EAClCoH,EAAMpH,EAAa,eAAe,EAClCqH,EAAMrH,EAAa,eAAe,EAClCsH,EAAItH,EAAa,eAAe,EAChCuH,EAAIvH,EAAa,eAAe,EACtC,OAAO,IAAImH,EAAQ,CAAE,IAAAlF,EAAK,IAAAmF,EAAK,IAAAC,EAAK,EAAAE,EAAG,EAAAD,CAAE,CAAC,CAC5C,CACF,CAEA,SAASK,GAAiBxE,EAAgC,CACxD,MAAM0E,EAAuB,CAAC,EAC9B,QAASC,EAAI,EAAGA,EAAI3E,EAAK,OAAQ2E,GAAK,GAAI,CACxC,MAAMF,EAAQzE,EAAK,MAAM2E,EAAG,KAAK,IAAIA,EAAI,GAAI3E,EAAK,MAAM,CAAC,EAEzD,GAAIyE,EAAM,OAAS,GAAI,CACrB,MAAMG,EAAc,IAAI,WAAW,EAAE,EACrCA,EAAY,IAAIH,CAAK,EACrBC,EAAO,KAAKE,CAAW,CACzB,MACEF,EAAO,KAAKD,CAAK,CAErB,CACA,OAAOC,CACT,CAUO,SAAS/E,GAAeL,EAA8B,CAC3D,GAAI,CACF,MAAMuF,EAAS,KAAK,MAAMvF,CAAS,EACnC,GAAIuF,EAAO,MAAQ,OACjB,MAAM,IAAI,MAAM,wBAAwB,EAE1C,OAAOA,CACT,MAAgB,CACd,MAAM,IAAI,MAAM,6BAA6B,CAC/C,CACF","names":["jwtDecode","sha3_256","AccountPublicKey","Signature","Deserializer","Serializable","Serializer","Hex","hexToAsciiString","EphemeralCertificateVariant","AnyPublicKeyVariant","SigningScheme","ZkpVariant","EphemeralPublicKey","EphemeralSignature","bigIntToBytesLE","bytesToBigIntLE","hashStrToField","padAndPackBytesWithLen","poseidonHash","AuthenticationKey","Proof","Ed25519PublicKey","Ed25519Signature","getAptosFullNode","memoizeAsync","AccountAddress","base64UrlToBytes","getErrorMessage","nowInSeconds","KeylessError","KeylessErrorType","bn254","bytesToNumberBE","FederatedKeylessPublicKey","encode","generateSigningMessage","EPK_HORIZON_SECS","MAX_AUD_VAL_BYTES","MAX_UID_KEY_BYTES","MAX_UID_VAL_BYTES","MAX_ISS_VAL_BYTES","MAX_EXTRA_FIELD_BYTES","MAX_JWT_HEADER_B64_BYTES","MAX_COMMITED_EPK_BYTES","_KeylessPublicKey","iss","idCommitment","idcBytes","serializer","args","verifyKeylessSignatureWithJwkAndConfig","error","verifyKeylessSignature","deserializer","addressSeed","publicKey","computeIdCommitment","jwt","pepper","uidKey","jwtPayload","uidVal","KeylessPublicKey","aptosConfig","message","signature","jwk","keylessConfig","getKeylessConfig","options","KeylessSignature","fetchJWK","verificationKey","maxExpHorizonSecs","trainingWheelsPubkey","ZeroKnowledgeSig","zkSig","Groth16Zkp","groth16Proof","publicInputsHash","getPublicInputsHash","proofAndStatement","Groth16ProofAndStatement","innerKeylessPublicKey","proof","fields","kid","keylessPubKey","allJWKs","jwkAddr","getKeylessJWKs","jwksForIssuer","key","aud","jwtHeader","ephemeralCertificate","expiryDateSecs","ephemeralPublicKey","ephemeralSignature","parseJwtHeader","EphemeralCertificate","ZkProof","variant","_G1Bytes","data","bytes","point","yFlag","Fp","x","bytesToBn254FpBE","y","negY","yToUse","G1Bytes","result","_G2Bytes","x0","x1","Fp2","G2Bytes","a","b","c","expHorizonSecs","trainingWheelsSignature","extraField","overrideAudVal","KeylessConfiguration","maxExtraFieldBytes","maxJwtHeaderB64Bytes","maxIssValBytes","maxCommitedEpkBytes","res","config","Groth16VerificationKey","alphaG1","betaG2","deltaG2","gammaAbcG1","gammaG2","proofA","proofB","proofC","vkAlpha1","vkBeta2","vkGamma2","vkDelta2","vkIC","g1","Fp12","accum","pairingAccumGamma","pairingAB","pairingAlphaBeta","pairingCDelta","product","vk","getKeylessConfigurationResource","getGroth16VerificationKeyResource","getIssAudAndUidVal","resourceType","resource","jwkMap","entry","jwks","jwkStruct","jwkData","MoveJWK","kty","alg","e","n","struct","uint8Array","scalars","chunkInto24Bytes","chunk","chunks","i","paddedChunk","header"]}
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/esm/core/crypto/multiEd25519.mjs

@@ -1,2 +1,2 @@
-import{SigningScheme as E}from"../../types";import{AuthenticationKey as p}from"../authenticationKey";import{Ed25519PublicKey as u,Ed25519Signature as l}from"./ed25519";import{AbstractMultiKey as d}from"./multiKey";import{Signature as m}from"./signature";const a=class a extends d{constructor(e){const{publicKeys:t,threshold:r}=e;if(super({publicKeys:t}),t.length>a.MAX_KEYS||t.length<a.MIN_KEYS)throw new Error(`Must have between ${a.MIN_KEYS} and ${a.MAX_KEYS} public keys, inclusive`);if(r<a.MIN_THRESHOLD||r>t.length)throw new Error(`Threshold must be between ${a.MIN_THRESHOLD} and ${t.length}, inclusive`);this.publicKeys=t,this.threshold=r}getSignaturesRequired(){return this.threshold}verifySignature(e){const{message:t,signature:r}=e;if(!(r instanceof g))return!1;const s=[];for(let i=0;i<4;i+=1)for(let n=0;n<8;n+=1)if((r.bitmap[i]&1<<7-n)!==0){const c=i*8+n;s.push(c)}if(s.length!==r.signatures.length)throw new Error("Bitmap and signatures length mismatch");if(s.length<this.threshold)throw new Error("Not enough signatures");for(let i=0;i<s.length;i+=1)if(!this.publicKeys[s[i]].verifySignature({message:t,signature:r.signatures[i]}))return!1;return!0}async verifySignatureAsync(e){return this.verifySignature(e)}authKey(){return p.fromSchemeAndBytes({scheme:E.MultiEd25519,input:this.toUint8Array()})}toUint8Array(){const e=new Uint8Array(this.publicKeys.length*u.LENGTH+1);return this.publicKeys.forEach((t,r)=>{e.set(t.toUint8Array(),r*u.LENGTH)}),e[this.publicKeys.length*u.LENGTH]=this.threshold,e}serialize(e){e.serializeBytes(this.toUint8Array())}static deserialize(e){const t=e.deserializeBytes(),r=t[t.length-1],s=[];for(let i=0;i<t.length-1;i+=u.LENGTH){const n=i;s.push(new u(t.subarray(n,n+u.LENGTH)))}return new a({publicKeys:s,threshold:r})}static deserializeWithoutLength(e){const t=e.remaining(),r=e.deserializeFixedBytes(t),s=r[r.length-1],i=[];for(let n=0;n<r.length-1;n+=u.LENGTH){const h=n;i.push(new u(r.subarray(h,h+u.LENGTH)))}return new a({publicKeys:i,threshold:s})}getIndex(e){return super.getIndex(e)}};a.MAX_KEYS=32,a.MIN_KEYS=2,a.MIN_THRESHOLD=1;let b=a;const o=class o extends m{constructor(e){super();const{signatures:t,bitmap:r}=e;if(t.length>o.MAX_SIGNATURES_SUPPORTED)throw new Error(`The number of signatures cannot be greater than ${o.MAX_SIGNATURES_SUPPORTED}`);if(this.signatures=t,!(r instanceof Uint8Array))this.bitmap=o.createBitmap({bits:r});else{if(r.length!==o.BITMAP_LEN)throw new Error(`"bitmap" length should be ${o.BITMAP_LEN}`);this.bitmap=r}}toUint8Array(){const e=new Uint8Array(this.signatures.length*l.LENGTH+o.BITMAP_LEN);return this.signatures.forEach((t,r)=>{e.set(t.toUint8Array(),r*l.LENGTH)}),e.set(this.bitmap,this.signatures.length*l.LENGTH),e}serialize(e){e.serializeBytes(this.toUint8Array())}static deserialize(e){const t=e.deserializeBytes(),r=t.subarray(t.length-4),s=[];for(let i=0;i<t.length-r.length;i+=l.LENGTH){const n=i;s.push(new l(t.subarray(n,n+l.LENGTH)))}return new o({signatures:s,bitmap:r})}static createBitmap(e){const{bits:t}=e,r=128,s=new Uint8Array([0,0,0,0]),i=new Set;return t.forEach((n,h)=>{if(n>=o.MAX_SIGNATURES_SUPPORTED)throw new Error(`Cannot have a signature larger than ${o.MAX_SIGNATURES_SUPPORTED-1}.`);if(i.has(n))throw new Error("Duplicate bits detected.");if(h>0&&n<=t[h-1])throw new Error("The bits need to be sorted in ascending order.");i.add(n);const c=Math.floor(n/8);let y=s[c];y|=r>>n%8,s[c]=y}),s}};o.MAX_SIGNATURES_SUPPORTED=32,o.BITMAP_LEN=4;let g=o;export{b as MultiEd25519PublicKey,g as MultiEd25519Signature};
+import{K as a,L as b}from"../../chunk-PJTG745G.mjs";import"../../chunk-A5L76YP7.mjs";import"../../chunk-5HXLZHDW.mjs";import"../../chunk-GOXRBEIJ.mjs";import"../../chunk-XJJVJOX5.mjs";import"../../chunk-QNARIAVM.mjs";import"../../chunk-2PASUPUO.mjs";import"../../chunk-C3Q23D22.mjs";import"../../chunk-NECL5FCQ.mjs";import"../../chunk-4QMXOWHP.mjs";import"../../chunk-RQX6JOEN.mjs";import"../../chunk-WSR5EBJM.mjs";import"../../chunk-WCMW2L3P.mjs";import"../../chunk-V74WPKSY.mjs";import"../../chunk-UYVPNUH3.mjs";import"../../chunk-G3MHXDYA.mjs";import"../../chunk-626KB2UQ.mjs";import"../../chunk-XKUIMGKU.mjs";import"../../chunk-N6YTF76Q.mjs";import"../../chunk-FGFLPH5K.mjs";import"../../chunk-QREVMGQZ.mjs";import"../../chunk-V3MBJJTL.mjs";import"../../chunk-ZP4DWSQA.mjs";import"../../chunk-2OPKZKOB.mjs";import"../../chunk-FC72YL4B.mjs";import"../../chunk-YS5IUILF.mjs";import"../../chunk-PSSIJHHC.mjs";import"../../chunk-YOZBVVKL.mjs";import"../../chunk-R7FWJP3N.mjs";import"../../chunk-UL777LTI.mjs";import"../../chunk-7ECCT6PK.mjs";import"../../chunk-AQW4BUKF.mjs";import"../../chunk-E2U27PNC.mjs";import"../../chunk-LAPXUUHK.mjs";import"../../chunk-HGLO5LDS.mjs";import"../../chunk-CW35YAMN.mjs";import"../../chunk-YZHAI55C.mjs";import"../../chunk-FZY4PMEE.mjs";import"../../chunk-TOBQ5UE6.mjs";import"../../chunk-MT2RJ7H3.mjs";import"../../chunk-Q4W3WJ2U.mjs";import"../../chunk-ORMOQWWH.mjs";import"../../chunk-FLZPUYXQ.mjs";import"../../chunk-LA56UDUK.mjs";import"../../chunk-ZYE7UTJZ.mjs";import"../../chunk-RGKRCZ36.mjs";import"../../chunk-FD6FGKYY.mjs";import"../../chunk-MCFQE4GC.mjs";import"../../chunk-4WPQQPUF.mjs";import"../../chunk-EBMEXURY.mjs";import"../../chunk-STY74NUA.mjs";import"../../chunk-IF4UU2MT.mjs";import"../../chunk-56CNRT2K.mjs";import"../../chunk-NCKJ7X57.mjs";import"../../chunk-P5HCJN3A.mjs";import"../../chunk-OLILO7VD.mjs";import"../../chunk-H3EP5CGP.mjs";import"../../chunk-KDMSOCZY.mjs";export{a as MultiEd25519PublicKey,b as MultiEd25519Signature};
 //# sourceMappingURL=multiEd25519.mjs.map