@astrox/identity-ledgerhq 0.0.24 → 0.0.27

package/lib/cjs/identity/ledger.d.ts

@@ -0,0 +1,24 @@
+import { HttpAgentRequest, PublicKey, Signature, SignIdentity } from '@astrox/agent';
+/**
+ * A Hardware Ledger Internet Computer Agent identity.
+ */
+export declare class LedgerIdentity extends SignIdentity {
+    private readonly _app;
+    readonly derivePath: string;
+    private readonly _publicKey;
+    private readonly _address;
+    /**
+     * Create a LedgerIdentity using the Web USB transport.
+     * @param derivePath The derivation path.
+     */
+    static create(derivePath?: string): Promise<LedgerIdentity>;
+    private constructor();
+    /**
+     * Required by Ledger.com that the user should be able to press a Button in UI
+     * and verify the address/pubkey are the same as on the device screen.
+     */
+    showAddressAndPubKeyOnDevice(): Promise<void>;
+    getPublicKey(): PublicKey;
+    sign(blob: ArrayBuffer): Promise<Signature>;
+    transformRequest(request: HttpAgentRequest): Promise<unknown>;
+}

package/lib/cjs/identity/ledger.js

@@ -0,0 +1,113 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __rest = (this && this.__rest) || function (s, e) {
+    var t = {};
+    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
+        t[p] = s[p];
+    if (s != null && typeof Object.getOwnPropertySymbols === "function")
+        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
+            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
+                t[p[i]] = s[p[i]];
+        }
+    return t;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LedgerIdentity = void 0;
+const agent_1 = require("@astrox/agent");
+const principal_1 = require("@astrox/principal");
+const ledger_dfinity_1 = __importDefault(require("@zondax/ledger-dfinity"));
+const buffer_1 = require("buffer/");
+const secp256k1_1 = require("./secp256k1");
+/**
+ * Convert the HttpAgentRequest body into cbor which can be signed by the Ledger Hardware Wallet.
+ * @param request - body of the HttpAgentRequest
+ */
+function _prepareCborForLedger(request) {
+    return agent_1.Cbor.encode({ content: request });
+}
+/**
+ * A Hardware Ledger Internet Computer Agent identity.
+ */
+class LedgerIdentity extends agent_1.SignIdentity {
+    constructor(_app, derivePath, _publicKey, _address) {
+        super();
+        this._app = _app;
+        this.derivePath = derivePath;
+        this._publicKey = _publicKey;
+        this._address = _address;
+    }
+    /**
+     * Create a LedgerIdentity using the Web USB transport.
+     * @param derivePath The derivation path.
+     */
+    static async create(derivePath = `m/44'/223'/0'/0/0`) {
+        const TransportClass = (await Promise.resolve().then(() => __importStar(require('@ledgerhq/hw-transport-webhid')))).default;
+        const transport = await TransportClass.create();
+        const app = new ledger_dfinity_1.default(transport);
+        const resp = await app.getAddressAndPubKey(derivePath);
+        // This type doesn't have the right fields in it, so we have to manually type it.
+        const principal = resp.principalText;
+        const publicKey = secp256k1_1.Secp256k1PublicKey.fromRaw(resp.publicKey);
+        const address = resp.address;
+        if (principal !== principal_1.Principal.selfAuthenticating(new Uint8Array(publicKey.toDer())).toText()) {
+            throw new Error('Principal returned by device does not match public key.');
+        }
+        return new this(app, derivePath, publicKey, address.buffer);
+    }
+    /**
+     * Required by Ledger.com that the user should be able to press a Button in UI
+     * and verify the address/pubkey are the same as on the device screen.
+     */
+    async showAddressAndPubKeyOnDevice() {
+        await this._app.showAddressAndPubKey(this.derivePath);
+    }
+    getPublicKey() {
+        return this._publicKey;
+    }
+    async sign(blob) {
+        // Force an `as any` because the types are compatible but TypeScript cannot figure it out.
+        const resp = await this._app.sign(this.derivePath, buffer_1.Buffer.from(blob));
+        const signatureRS = resp.signatureRS;
+        if (!signatureRS) {
+            throw new Error(`A ledger error happened during signature:\n` +
+                `Code: ${resp.returnCode}\n` +
+                `Message: ${JSON.stringify(resp.errorMessage)}\n`);
+        }
+        if ((signatureRS === null || signatureRS === void 0 ? void 0 : signatureRS.byteLength) !== 64) {
+            throw new Error(`Signature must be 64 bytes long (is ${signatureRS.length})`);
+        }
+        return signatureRS.buffer;
+    }
+    async transformRequest(request) {
+        const { body } = request, fields = __rest(request, ["body"]);
+        const signature = await this.sign(_prepareCborForLedger(body));
+        return Object.assign(Object.assign({}, fields), { body: {
+                content: body,
+                sender_pubkey: this._publicKey.toDer(),
+                sender_sig: signature,
+            } });
+    }
+}
+exports.LedgerIdentity = LedgerIdentity;
+//# sourceMappingURL=ledger.js.map

package/lib/cjs/identity/ledger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ledger.js","sourceRoot":"","sources":["../../../src/identity/ledger.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yCAQuB;AACvB,iDAA8C;AAC9C,4EAAkE;AAClE,oCAAiC;AACjC,2CAAiD;AAEjD;;;GAGG;AACH,SAAS,qBAAqB,CAAC,OAAkC;IAC/D,OAAO,YAAI,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAa,cAAe,SAAQ,oBAAY;IAuB9C,YACmB,IAAgB,EACjB,UAAkB,EACjB,UAA8B,EAC9B,QAAqB;QAEtC,KAAK,EAAE,CAAC;QALS,SAAI,GAAJ,IAAI,CAAY;QACjB,eAAU,GAAV,UAAU,CAAQ;QACjB,eAAU,GAAV,UAAU,CAAoB;QAC9B,aAAQ,GAAR,QAAQ,CAAa;IAGxC,CAAC;IA7BD;;;OAGG;IACI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,GAAG,mBAAmB;QACzD,MAAM,cAAc,GAAG,CAAC,wDAAa,+BAA+B,GAAC,CAAC,CAAC,OAAO,CAAC;QAC/E,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,CAAC;QAChD,MAAM,GAAG,GAAG,IAAI,wBAAU,CAAC,SAAS,CAAC,CAAC;QAEtC,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;QACvD,iFAAiF;QACjF,MAAM,SAAS,GAAI,IAA6C,CAAC,aAAa,CAAC;QAC/E,MAAM,SAAS,GAAG,8BAAkB,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QAE7B,IAAI,SAAS,KAAK,qBAAS,CAAC,kBAAkB,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE;YAC1F,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;SAC5E;QAED,OAAO,IAAI,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9D,CAAC;IAWD;;;OAGG;IACI,KAAK,CAAC,4BAA4B;QACvC,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACxD,CAAC;IAEM,YAAY;QACjB,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAEM,KAAK,CAAC,IAAI,CAAC,IAAiB;QACjC,0FAA0F;QAC1F,MAAM,IAAI,GAAiB,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,eAAM,CAAC,IAAI,CAAC,IAAI,CAAQ,CAAC,CAAC;QAC3F,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;QACrC,IAAI,CAAC,WAAW,EAAE;YAChB,MAAM,IAAI,KAAK,CACb,6CAA6C;gBAC3C,SAAS,IAAI,CAAC,UAAU,IAAI;gBAC5B,YAAY,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CACpD,CAAC;SACH;QAED,IAAI,CAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,UAAU,MAAK,EAAE,EAAE;YAClC,MAAM,IAAI,KAAK,CAAC,uCAAuC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC;SAC/E;QAED,OAAO,WAAW,CAAC,MAAmB,CAAC;IACzC,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAAC,OAAyB;QACrD,MAAM,EAAE,IAAI,KAAgB,OAAO,EAAlB,MAAM,UAAK,OAAO,EAA7B,QAAmB,CAAU,CAAC;QACpC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;QAC/D,uCACK,MAAM,KACT,IAAI,EAAE;gBACJ,OAAO,EAAE,IAAI;gBACb,aAAa,EAAE,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE;gBACtC,UAAU,EAAE,SAAS;aACtB,IACD;IACJ,CAAC;CACF;AA3ED,wCA2EC"}

package/lib/cjs/identity/secp256k1.d.ts

@@ -0,0 +1,14 @@
+import { DerEncodedPublicKey, PublicKey } from '@astrox/agent';
+export declare class Secp256k1PublicKey implements PublicKey {
+    static fromRaw(rawKey: ArrayBuffer): Secp256k1PublicKey;
+    static fromDer(derKey: DerEncodedPublicKey): Secp256k1PublicKey;
+    private static RAW_KEY_LENGTH;
+    private static DER_PREFIX;
+    static derEncode(publicKey: ArrayBuffer): DerEncodedPublicKey;
+    static derDecode(key: DerEncodedPublicKey): ArrayBuffer;
+    private readonly rawKey;
+    private readonly derKey;
+    private constructor();
+    toDer(): DerEncodedPublicKey;
+    toRaw(): ArrayBuffer;
+}

package/lib/cjs/identity/secp256k1.js

@@ -0,0 +1,75 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Secp256k1PublicKey = void 0;
+function equals(b1, b2) {
+    if (b1.byteLength !== b2.byteLength) {
+        return false;
+    }
+    const u1 = new Uint8Array(b1);
+    const u2 = new Uint8Array(b2);
+    for (let i = 0; i < u1.length; i++) {
+        if (u1[i] !== u2[i]) {
+            return false;
+        }
+    }
+    return true;
+}
+// This implementation is adjusted from the Ed25519PublicKey.
+// The RAW_KEY_LENGTH and DER_PREFIX are modified accordingly
+class Secp256k1PublicKey {
+    // `fromRaw` and `fromDer` should be used for instantiation, not this constructor.
+    constructor(key) {
+        this.rawKey = key;
+        this.derKey = Secp256k1PublicKey.derEncode(key);
+    }
+    static fromRaw(rawKey) {
+        return new Secp256k1PublicKey(rawKey);
+    }
+    static fromDer(derKey) {
+        return new Secp256k1PublicKey(this.derDecode(derKey));
+    }
+    static derEncode(publicKey) {
+        if (publicKey.byteLength !== Secp256k1PublicKey.RAW_KEY_LENGTH) {
+            const bl = publicKey.byteLength;
+            throw new TypeError(`secp256k1 public key must be ${Secp256k1PublicKey.RAW_KEY_LENGTH} bytes long (is ${bl})`);
+        }
+        const derPublicKey = Uint8Array.from([
+            ...Secp256k1PublicKey.DER_PREFIX,
+            ...new Uint8Array(publicKey),
+        ]);
+        return derPublicKey.buffer;
+    }
+    static derDecode(key) {
+        const expectedLength = Secp256k1PublicKey.DER_PREFIX.length + Secp256k1PublicKey.RAW_KEY_LENGTH;
+        if (key.byteLength !== expectedLength) {
+            const bl = key.byteLength;
+            throw new TypeError(`secp256k1 DER-encoded public key must be ${expectedLength} bytes long (is ${bl})`);
+        }
+        const rawKey = key.slice(0, Secp256k1PublicKey.DER_PREFIX.length);
+        if (!equals(this.derEncode(rawKey), key)) {
+            throw new TypeError('secp256k1 DER-encoded public key is invalid. A valid secp256k1 DER-encoded public key ' +
+                `must have the following prefix: ${Secp256k1PublicKey.DER_PREFIX}`);
+        }
+        return rawKey;
+    }
+    toDer() {
+        return this.derKey;
+    }
+    toRaw() {
+        return this.rawKey;
+    }
+}
+exports.Secp256k1PublicKey = Secp256k1PublicKey;
+// The length of secp256k1 public keys is always 65 bytes.
+Secp256k1PublicKey.RAW_KEY_LENGTH = 65;
+// Adding this prefix to a raw public key is sufficient to DER-encode it.
+// prettier-ignore
+Secp256k1PublicKey.DER_PREFIX = Uint8Array.from([
+    0x30, 0x56,
+    0x30, 0x10,
+    0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01,
+    0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x0a,
+    0x03, 0x42,
+    0x00, // no padding
+]);
+//# sourceMappingURL=secp256k1.js.map

package/lib/cjs/identity/secp256k1.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secp256k1.js","sourceRoot":"","sources":["../../../src/identity/secp256k1.ts"],"names":[],"mappings":";;;AAEA,SAAS,MAAM,CAAC,EAAe,EAAE,EAAe;IAC9C,IAAI,EAAE,CAAC,UAAU,KAAK,EAAE,CAAC,UAAU,EAAE;QACnC,OAAO,KAAK,CAAC;KACd;IAED,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC9B,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QAClC,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE;YACnB,OAAO,KAAK,CAAC;SACd;KACF;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,6DAA6D;AAC7D,6DAA6D;AAC7D,MAAa,kBAAkB;IA8D7B,kFAAkF;IAClF,YAAoB,GAAgB;QAClC,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC;QAClB,IAAI,CAAC,MAAM,GAAG,kBAAkB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAClD,CAAC;IAjEM,MAAM,CAAC,OAAO,CAAC,MAAmB;QACvC,OAAO,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC;IAEM,MAAM,CAAC,OAAO,CAAC,MAA2B;QAC/C,OAAO,IAAI,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,CAAC;IAgBM,MAAM,CAAC,SAAS,CAAC,SAAsB;QAC5C,IAAI,SAAS,CAAC,UAAU,KAAK,kBAAkB,CAAC,cAAc,EAAE;YAC9D,MAAM,EAAE,GAAG,SAAS,CAAC,UAAU,CAAC;YAChC,MAAM,IAAI,SAAS,CACjB,gCAAgC,kBAAkB,CAAC,cAAc,mBAAmB,EAAE,GAAG,CAC1F,CAAC;SACH;QAED,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC;YACnC,GAAG,kBAAkB,CAAC,UAAU;YAChC,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC;SAC7B,CAAC,CAAC;QAEH,OAAO,YAAY,CAAC,MAA6B,CAAC;IACpD,CAAC;IAEM,MAAM,CAAC,SAAS,CAAC,GAAwB;QAC9C,MAAM,cAAc,GAAG,kBAAkB,CAAC,UAAU,CAAC,MAAM,GAAG,kBAAkB,CAAC,cAAc,CAAC;QAChG,IAAI,GAAG,CAAC,UAAU,KAAK,cAAc,EAAE;YACrC,MAAM,EAAE,GAAG,GAAG,CAAC,UAAU,CAAC;YAC1B,MAAM,IAAI,SAAS,CACjB,4CAA4C,cAAc,mBAAmB,EAAE,GAAG,CACnF,CAAC;SACH;QAED,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,kBAAkB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAClE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,GAAG,CAAC,EAAE;YACxC,MAAM,IAAI,SAAS,CACjB,wFAAwF;gBACtF,mCAAmC,kBAAkB,CAAC,UAAU,EAAE,CACrE,CAAC;SACH;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAWM,KAAK;QACV,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAEM,KAAK;QACV,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;;AA1EH,gDA2EC;AAlEC,0DAA0D;AAC3C,iCAAc,GAAG,EAAE,CAAC;AAEnC,yEAAyE;AACzE,kBAAkB;AACH,6BAAU,GAAG,UAAU,CAAC,IAAI,CAAC;IAC1C,IAAI,EAAE,IAAI;IACV,IAAI,EAAE,IAAI;IACV,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IACpD,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IACxC,IAAI,EAAE,IAAI;IACV,IAAI,EAAE,aAAa;CACpB,CAAC,CAAC"}

package/lib/cjs/index.d.ts

@@ -0,0 +1,2 @@
+export * from './identity/ledger';
+export * from './identity/secp256k1';

package/lib/cjs/index.js

@@ -0,0 +1,15 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./identity/ledger"), exports);
+__exportStar(require("./identity/secp256k1"), exports);
+//# sourceMappingURL=index.js.map

package/lib/cjs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAAkC;AAClC,uDAAqC"}

package/lib/esm/identity/ledger.d.ts

@@ -0,0 +1,24 @@
+import { HttpAgentRequest, PublicKey, Signature, SignIdentity } from '@astrox/agent';
+/**
+ * A Hardware Ledger Internet Computer Agent identity.
+ */
+export declare class LedgerIdentity extends SignIdentity {
+    private readonly _app;
+    readonly derivePath: string;
+    private readonly _publicKey;
+    private readonly _address;
+    /**
+     * Create a LedgerIdentity using the Web USB transport.
+     * @param derivePath The derivation path.
+     */
+    static create(derivePath?: string): Promise<LedgerIdentity>;
+    private constructor();
+    /**
+     * Required by Ledger.com that the user should be able to press a Button in UI
+     * and verify the address/pubkey are the same as on the device screen.
+     */
+    showAddressAndPubKeyOnDevice(): Promise<void>;
+    getPublicKey(): PublicKey;
+    sign(blob: ArrayBuffer): Promise<Signature>;
+    transformRequest(request: HttpAgentRequest): Promise<unknown>;
+}

package/lib/esm/identity/ledger.js

@@ -0,0 +1,87 @@
+var __rest = (this && this.__rest) || function (s, e) {
+    var t = {};
+    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
+        t[p] = s[p];
+    if (s != null && typeof Object.getOwnPropertySymbols === "function")
+        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
+            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
+                t[p[i]] = s[p[i]];
+        }
+    return t;
+};
+import { Cbor, SignIdentity, } from '@astrox/agent';
+import { Principal } from '@astrox/principal';
+import DfinityApp from '@zondax/ledger-dfinity';
+import { Buffer } from 'buffer/';
+import { Secp256k1PublicKey } from './secp256k1';
+/**
+ * Convert the HttpAgentRequest body into cbor which can be signed by the Ledger Hardware Wallet.
+ * @param request - body of the HttpAgentRequest
+ */
+function _prepareCborForLedger(request) {
+    return Cbor.encode({ content: request });
+}
+/**
+ * A Hardware Ledger Internet Computer Agent identity.
+ */
+export class LedgerIdentity extends SignIdentity {
+    constructor(_app, derivePath, _publicKey, _address) {
+        super();
+        this._app = _app;
+        this.derivePath = derivePath;
+        this._publicKey = _publicKey;
+        this._address = _address;
+    }
+    /**
+     * Create a LedgerIdentity using the Web USB transport.
+     * @param derivePath The derivation path.
+     */
+    static async create(derivePath = `m/44'/223'/0'/0/0`) {
+        const TransportClass = (await import('@ledgerhq/hw-transport-webhid')).default;
+        const transport = await TransportClass.create();
+        const app = new DfinityApp(transport);
+        const resp = await app.getAddressAndPubKey(derivePath);
+        // This type doesn't have the right fields in it, so we have to manually type it.
+        const principal = resp.principalText;
+        const publicKey = Secp256k1PublicKey.fromRaw(resp.publicKey);
+        const address = resp.address;
+        if (principal !== Principal.selfAuthenticating(new Uint8Array(publicKey.toDer())).toText()) {
+            throw new Error('Principal returned by device does not match public key.');
+        }
+        return new this(app, derivePath, publicKey, address.buffer);
+    }
+    /**
+     * Required by Ledger.com that the user should be able to press a Button in UI
+     * and verify the address/pubkey are the same as on the device screen.
+     */
+    async showAddressAndPubKeyOnDevice() {
+        await this._app.showAddressAndPubKey(this.derivePath);
+    }
+    getPublicKey() {
+        return this._publicKey;
+    }
+    async sign(blob) {
+        // Force an `as any` because the types are compatible but TypeScript cannot figure it out.
+        const resp = await this._app.sign(this.derivePath, Buffer.from(blob));
+        const signatureRS = resp.signatureRS;
+        if (!signatureRS) {
+            throw new Error(`A ledger error happened during signature:\n` +
+                `Code: ${resp.returnCode}\n` +
+                `Message: ${JSON.stringify(resp.errorMessage)}\n`);
+        }
+        if ((signatureRS === null || signatureRS === void 0 ? void 0 : signatureRS.byteLength) !== 64) {
+            throw new Error(`Signature must be 64 bytes long (is ${signatureRS.length})`);
+        }
+        return signatureRS.buffer;
+    }
+    async transformRequest(request) {
+        const { body } = request, fields = __rest(request, ["body"]);
+        const signature = await this.sign(_prepareCborForLedger(body));
+        return Object.assign(Object.assign({}, fields), { body: {
+                content: body,
+                sender_pubkey: this._publicKey.toDer(),
+                sender_sig: signature,
+            } });
+    }
+}
+//# sourceMappingURL=ledger.js.map

package/lib/esm/identity/ledger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ledger.js","sourceRoot":"","sources":["../../../src/identity/ledger.ts"],"names":[],"mappings":";;;;;;;;;;;AAAA,OAAO,EAEL,IAAI,EAKJ,YAAY,GACb,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,UAA4B,MAAM,wBAAwB,CAAC;AAClE,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAEjD;;;GAGG;AACH,SAAS,qBAAqB,CAAC,OAAkC;IAC/D,OAAO,IAAI,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,cAAe,SAAQ,YAAY;IAuB9C,YACmB,IAAgB,EACjB,UAAkB,EACjB,UAA8B,EAC9B,QAAqB;QAEtC,KAAK,EAAE,CAAC;QALS,SAAI,GAAJ,IAAI,CAAY;QACjB,eAAU,GAAV,UAAU,CAAQ;QACjB,eAAU,GAAV,UAAU,CAAoB;QAC9B,aAAQ,GAAR,QAAQ,CAAa;IAGxC,CAAC;IA7BD;;;OAGG;IACI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,GAAG,mBAAmB;QACzD,MAAM,cAAc,GAAG,CAAC,MAAM,MAAM,CAAC,+BAA+B,CAAC,CAAC,CAAC,OAAO,CAAC;QAC/E,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,CAAC;QAChD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;QAEtC,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;QACvD,iFAAiF;QACjF,MAAM,SAAS,GAAI,IAA6C,CAAC,aAAa,CAAC;QAC/E,MAAM,SAAS,GAAG,kBAAkB,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QAE7B,IAAI,SAAS,KAAK,SAAS,CAAC,kBAAkB,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE;YAC1F,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;SAC5E;QAED,OAAO,IAAI,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9D,CAAC;IAWD;;;OAGG;IACI,KAAK,CAAC,4BAA4B;QACvC,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACxD,CAAC;IAEM,YAAY;QACjB,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAEM,KAAK,CAAC,IAAI,CAAC,IAAiB;QACjC,0FAA0F;QAC1F,MAAM,IAAI,GAAiB,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAQ,CAAC,CAAC;QAC3F,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;QACrC,IAAI,CAAC,WAAW,EAAE;YAChB,MAAM,IAAI,KAAK,CACb,6CAA6C;gBAC3C,SAAS,IAAI,CAAC,UAAU,IAAI;gBAC5B,YAAY,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CACpD,CAAC;SACH;QAED,IAAI,CAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,UAAU,MAAK,EAAE,EAAE;YAClC,MAAM,IAAI,KAAK,CAAC,uCAAuC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC;SAC/E;QAED,OAAO,WAAW,CAAC,MAAmB,CAAC;IACzC,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAAC,OAAyB;QACrD,MAAM,EAAE,IAAI,KAAgB,OAAO,EAAlB,MAAM,UAAK,OAAO,EAA7B,QAAmB,CAAU,CAAC;QACpC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;QAC/D,uCACK,MAAM,KACT,IAAI,EAAE;gBACJ,OAAO,EAAE,IAAI;gBACb,aAAa,EAAE,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE;gBACtC,UAAU,EAAE,SAAS;aACtB,IACD;IACJ,CAAC;CACF"}

package/lib/esm/identity/secp256k1.d.ts

@@ -0,0 +1,14 @@
+import { DerEncodedPublicKey, PublicKey } from '@astrox/agent';
+export declare class Secp256k1PublicKey implements PublicKey {
+    static fromRaw(rawKey: ArrayBuffer): Secp256k1PublicKey;
+    static fromDer(derKey: DerEncodedPublicKey): Secp256k1PublicKey;
+    private static RAW_KEY_LENGTH;
+    private static DER_PREFIX;
+    static derEncode(publicKey: ArrayBuffer): DerEncodedPublicKey;
+    static derDecode(key: DerEncodedPublicKey): ArrayBuffer;
+    private readonly rawKey;
+    private readonly derKey;
+    private constructor();
+    toDer(): DerEncodedPublicKey;
+    toRaw(): ArrayBuffer;
+}

package/lib/esm/identity/secp256k1.js

@@ -0,0 +1,71 @@
+function equals(b1, b2) {
+    if (b1.byteLength !== b2.byteLength) {
+        return false;
+    }
+    const u1 = new Uint8Array(b1);
+    const u2 = new Uint8Array(b2);
+    for (let i = 0; i < u1.length; i++) {
+        if (u1[i] !== u2[i]) {
+            return false;
+        }
+    }
+    return true;
+}
+// This implementation is adjusted from the Ed25519PublicKey.
+// The RAW_KEY_LENGTH and DER_PREFIX are modified accordingly
+export class Secp256k1PublicKey {
+    // `fromRaw` and `fromDer` should be used for instantiation, not this constructor.
+    constructor(key) {
+        this.rawKey = key;
+        this.derKey = Secp256k1PublicKey.derEncode(key);
+    }
+    static fromRaw(rawKey) {
+        return new Secp256k1PublicKey(rawKey);
+    }
+    static fromDer(derKey) {
+        return new Secp256k1PublicKey(this.derDecode(derKey));
+    }
+    static derEncode(publicKey) {
+        if (publicKey.byteLength !== Secp256k1PublicKey.RAW_KEY_LENGTH) {
+            const bl = publicKey.byteLength;
+            throw new TypeError(`secp256k1 public key must be ${Secp256k1PublicKey.RAW_KEY_LENGTH} bytes long (is ${bl})`);
+        }
+        const derPublicKey = Uint8Array.from([
+            ...Secp256k1PublicKey.DER_PREFIX,
+            ...new Uint8Array(publicKey),
+        ]);
+        return derPublicKey.buffer;
+    }
+    static derDecode(key) {
+        const expectedLength = Secp256k1PublicKey.DER_PREFIX.length + Secp256k1PublicKey.RAW_KEY_LENGTH;
+        if (key.byteLength !== expectedLength) {
+            const bl = key.byteLength;
+            throw new TypeError(`secp256k1 DER-encoded public key must be ${expectedLength} bytes long (is ${bl})`);
+        }
+        const rawKey = key.slice(0, Secp256k1PublicKey.DER_PREFIX.length);
+        if (!equals(this.derEncode(rawKey), key)) {
+            throw new TypeError('secp256k1 DER-encoded public key is invalid. A valid secp256k1 DER-encoded public key ' +
+                `must have the following prefix: ${Secp256k1PublicKey.DER_PREFIX}`);
+        }
+        return rawKey;
+    }
+    toDer() {
+        return this.derKey;
+    }
+    toRaw() {
+        return this.rawKey;
+    }
+}
+// The length of secp256k1 public keys is always 65 bytes.
+Secp256k1PublicKey.RAW_KEY_LENGTH = 65;
+// Adding this prefix to a raw public key is sufficient to DER-encode it.
+// prettier-ignore
+Secp256k1PublicKey.DER_PREFIX = Uint8Array.from([
+    0x30, 0x56,
+    0x30, 0x10,
+    0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01,
+    0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x0a,
+    0x03, 0x42,
+    0x00, // no padding
+]);
+//# sourceMappingURL=secp256k1.js.map

package/lib/esm/identity/secp256k1.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secp256k1.js","sourceRoot":"","sources":["../../../src/identity/secp256k1.ts"],"names":[],"mappings":"AAEA,SAAS,MAAM,CAAC,EAAe,EAAE,EAAe;IAC9C,IAAI,EAAE,CAAC,UAAU,KAAK,EAAE,CAAC,UAAU,EAAE;QACnC,OAAO,KAAK,CAAC;KACd;IAED,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC9B,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QAClC,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE;YACnB,OAAO,KAAK,CAAC;SACd;KACF;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,6DAA6D;AAC7D,6DAA6D;AAC7D,MAAM,OAAO,kBAAkB;IA8D7B,kFAAkF;IAClF,YAAoB,GAAgB;QAClC,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC;QAClB,IAAI,CAAC,MAAM,GAAG,kBAAkB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAClD,CAAC;IAjEM,MAAM,CAAC,OAAO,CAAC,MAAmB;QACvC,OAAO,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC;IAEM,MAAM,CAAC,OAAO,CAAC,MAA2B;QAC/C,OAAO,IAAI,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,CAAC;IAgBM,MAAM,CAAC,SAAS,CAAC,SAAsB;QAC5C,IAAI,SAAS,CAAC,UAAU,KAAK,kBAAkB,CAAC,cAAc,EAAE;YAC9D,MAAM,EAAE,GAAG,SAAS,CAAC,UAAU,CAAC;YAChC,MAAM,IAAI,SAAS,CACjB,gCAAgC,kBAAkB,CAAC,cAAc,mBAAmB,EAAE,GAAG,CAC1F,CAAC;SACH;QAED,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC;YACnC,GAAG,kBAAkB,CAAC,UAAU;YAChC,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC;SAC7B,CAAC,CAAC;QAEH,OAAO,YAAY,CAAC,MAA6B,CAAC;IACpD,CAAC;IAEM,MAAM,CAAC,SAAS,CAAC,GAAwB;QAC9C,MAAM,cAAc,GAAG,kBAAkB,CAAC,UAAU,CAAC,MAAM,GAAG,kBAAkB,CAAC,cAAc,CAAC;QAChG,IAAI,GAAG,CAAC,UAAU,KAAK,cAAc,EAAE;YACrC,MAAM,EAAE,GAAG,GAAG,CAAC,UAAU,CAAC;YAC1B,MAAM,IAAI,SAAS,CACjB,4CAA4C,cAAc,mBAAmB,EAAE,GAAG,CACnF,CAAC;SACH;QAED,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,kBAAkB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAClE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,GAAG,CAAC,EAAE;YACxC,MAAM,IAAI,SAAS,CACjB,wFAAwF;gBACtF,mCAAmC,kBAAkB,CAAC,UAAU,EAAE,CACrE,CAAC;SACH;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAWM,KAAK;QACV,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAEM,KAAK;QACV,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;;AAjED,0DAA0D;AAC3C,iCAAc,GAAG,EAAE,CAAC;AAEnC,yEAAyE;AACzE,kBAAkB;AACH,6BAAU,GAAG,UAAU,CAAC,IAAI,CAAC;IAC1C,IAAI,EAAE,IAAI;IACV,IAAI,EAAE,IAAI;IACV,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IACpD,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;IACxC,IAAI,EAAE,IAAI;IACV,IAAI,EAAE,aAAa;CACpB,CAAC,CAAC"}

package/lib/esm/index.d.ts

@@ -0,0 +1,2 @@
+export * from './identity/ledger';
+export * from './identity/secp256k1';

package/lib/esm/index.js

@@ -0,0 +1,3 @@
+export * from './identity/ledger';
+export * from './identity/secp256k1';
+//# sourceMappingURL=index.js.map

package/lib/esm/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,sBAAsB,CAAC"}