@bsv/sdk 1.2.20 → 1.2.21

package/dist/esm/src/auth/transports/SimplifiedFetchTransport.js

@@ -0,0 +1,258 @@
+import { Utils } from '../../../mod.js';
+const SUCCESS_STATUS_CODES = [200, 402];
+/**
+ * Implements an HTTP-specific transport for handling Peer mutual authentication messages.
+ * This class integrates with fetch to send and receive authenticated messages between peers.
+ */
+export class SimplifiedFetchTransport {
+    onDataCallback;
+    fetchClient;
+    baseUrl;
+    /**
+     * Constructs a new instance of SimplifiedFetchTransport.
+     * @param baseUrl - The base URL for all HTTP requests made by this transport.
+     * @param fetchClient - A fetch implementation to use for HTTP requests (default: global fetch).
+     */
+    constructor(baseUrl, fetchClient = fetch) {
+        this.fetchClient = fetchClient;
+        this.baseUrl = baseUrl;
+    }
+    /**
+     * Sends a message to an HTTP server using the transport mechanism.
+     * Handles both general and authenticated message types. For general messages,
+     * the payload is deserialized and sent as an HTTP request. For other message types,
+     * the message is sent as a POST request to the `/auth` endpoint.
+     *
+     * @param message - The AuthMessage to send.
+     * @returns A promise that resolves when the message is successfully sent.
+     *
+     * @throws Will throw an error if no listener has been registered via `onData`.
+     */
+    async send(message) {
+        if (!this.onDataCallback) {
+            throw new Error('Listen before you start speaking. God gave you two ears and one mouth for a reason.');
+        }
+        if (message.messageType !== 'general') {
+            const response = await this.fetchClient(`${this.baseUrl}/.well-known/auth`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json'
+                },
+                body: JSON.stringify(message)
+            });
+            // Handle the response if data is received and callback is set
+            if (response.ok && this.onDataCallback) {
+                const responseMessage = await response.json();
+                if (responseMessage?.status !== 'certificate received') {
+                    this.onDataCallback(responseMessage);
+                }
+            }
+            else {
+                // Server may be a non authenticated server
+                throw new Error('HTTP server failed to authenticate');
+            }
+        }
+        else {
+            // Parse message payload
+            const httpRequest = this.deserializeRequestPayload(message.payload);
+            // Send the byte array as the HTTP payload
+            const url = `${this.baseUrl}${httpRequest.urlPostfix}`;
+            let httpRequestWithAuthHeaders = httpRequest;
+            if (typeof httpRequest.headers !== 'object') {
+                httpRequestWithAuthHeaders.headers = {};
+            }
+            // Append auth headers in request to server
+            httpRequestWithAuthHeaders.headers['x-bsv-auth-version'] = message.version;
+            httpRequestWithAuthHeaders.headers['x-bsv-auth-identity-key'] = message.identityKey;
+            httpRequestWithAuthHeaders.headers['x-bsv-auth-nonce'] = message.nonce;
+            httpRequestWithAuthHeaders.headers['x-bsv-auth-your-nonce'] = message.yourNonce;
+            httpRequestWithAuthHeaders.headers['x-bsv-auth-signature'] = Utils.toHex(message.signature);
+            httpRequestWithAuthHeaders.headers['x-bsv-auth-request-id'] = httpRequest.requestId;
+            // Ensure Content-Type is set for requests with a body
+            if (httpRequestWithAuthHeaders.body) {
+                const headers = httpRequestWithAuthHeaders.headers;
+                if (!headers['content-type']) {
+                    throw new Error('Content-Type header is required for requests with a body.');
+                }
+                const contentType = headers['content-type'];
+                // Transform body based on Content-Type
+                if (contentType.includes('application/json')) {
+                    // Convert byte array to JSON string
+                    httpRequestWithAuthHeaders.body = Utils.toUTF8(httpRequestWithAuthHeaders.body);
+                }
+                else if (contentType.includes('application/x-www-form-urlencoded')) {
+                    // Convert byte array to URL-encoded string
+                    httpRequestWithAuthHeaders.body = Utils.toUTF8(httpRequestWithAuthHeaders.body);
+                }
+                else if (contentType.includes('text/plain')) {
+                    // Convert byte array to plain UTF-8 string
+                    httpRequestWithAuthHeaders.body = Utils.toUTF8(httpRequestWithAuthHeaders.body);
+                }
+                else {
+                    // For all other content types, treat as binary data
+                    httpRequestWithAuthHeaders.body = new Uint8Array(httpRequestWithAuthHeaders.body);
+                }
+            }
+            // Send the actual fetch request to the server
+            const response = await this.fetchClient(url, {
+                method: httpRequestWithAuthHeaders.method,
+                headers: httpRequestWithAuthHeaders.headers,
+                body: httpRequestWithAuthHeaders.body
+            });
+            // Check for an acceptable status
+            if (!SUCCESS_STATUS_CODES.includes(response.status)) {
+                // Try parsing JSON error
+                let errorInfo;
+                try {
+                    errorInfo = await response.json();
+                }
+                catch {
+                    // Fallback to text if JSON parse fails
+                    const text = await response.text().catch(() => '');
+                    throw new Error(`HTTP ${response.status} - ${text || 'Unknown error'}`);
+                }
+                // If we find a known { status: 'error', code, description } structure
+                if (errorInfo?.status === 'error' && typeof errorInfo.description === 'string') {
+                    const msg = `HTTP ${response.status} - ${errorInfo.description}`;
+                    throw new Error(errorInfo.code ? `${msg} (code: ${errorInfo.code})` : msg);
+                }
+                // Otherwise just throw whatever we got
+                throw new Error(`HTTP ${response.status} - ${JSON.stringify(errorInfo)}`);
+            }
+            const parsedBody = await response.arrayBuffer();
+            const payloadWriter = new Utils.Writer();
+            payloadWriter.write(Utils.toArray(response.headers.get('x-bsv-auth-request-id'), 'base64'));
+            payloadWriter.writeVarIntNum(response.status);
+            // Filter out headers the server signed:
+            // - Custom headers prefixed with x-bsv are included, except auth
+            // - x-bsv-auth headers are not allowed
+            // - authorization header is signed by the server
+            const includedHeaders = [];
+            // Collect headers into a raw array for sorting
+            const headersArray = [];
+            response.headers.forEach((value, key) => {
+                const lowerKey = key.toLowerCase();
+                if (lowerKey.startsWith('x-bsv-') || lowerKey === 'authorization') {
+                    if (!lowerKey.startsWith('x-bsv-auth')) {
+                        headersArray.push([lowerKey, value]);
+                    }
+                }
+            });
+            // Sort headers explicitly to match server-side order
+            headersArray.sort(([keyA], [keyB]) => keyA.localeCompare(keyB));
+            includedHeaders.push(...headersArray);
+            // nHeaders
+            payloadWriter.writeVarIntNum(includedHeaders.length);
+            for (let i = 0; i < includedHeaders.length; i++) {
+                // headerKeyLength
+                const headerKeyAsArray = Utils.toArray(includedHeaders[i][0], 'utf8');
+                payloadWriter.writeVarIntNum(headerKeyAsArray.length);
+                // headerKey
+                payloadWriter.write(headerKeyAsArray);
+                // headerValueLength
+                const headerValueAsArray = Utils.toArray(includedHeaders[i][1], 'utf8');
+                payloadWriter.writeVarIntNum(headerValueAsArray.length);
+                // headerValue
+                payloadWriter.write(headerValueAsArray);
+            }
+            // Handle body
+            if (parsedBody) {
+                const bodyAsArray = Array.from(new Uint8Array(parsedBody));
+                payloadWriter.writeVarIntNum(bodyAsArray.length);
+                payloadWriter.write(bodyAsArray);
+            }
+            else {
+                payloadWriter.writeVarIntNum(-1);
+            }
+            // Build the correct AuthMessage for the response
+            const responseMessage = {
+                version: response.headers.get('x-bsv-auth-version'),
+                messageType: response.headers.get('x-bsv-auth-message-type') === 'certificateRequest' ? 'certificateRequest' : 'general',
+                identityKey: response.headers.get('x-bsv-auth-identity-key'),
+                nonce: response.headers.get('x-bsv-auth-nonce'),
+                yourNonce: response.headers.get('x-bsv-auth-your-nonce'),
+                requestedCertificates: JSON.parse(response.headers.get('x-bsv-auth-requested-certificates')),
+                payload: payloadWriter.toArray(),
+                signature: Utils.toArray(response.headers.get('x-bsv-auth-signature'), 'hex'),
+            };
+            // If the server didn't provide the correct authentication headers, throw an error
+            if (!responseMessage.version) {
+                throw new Error('HTTP server failed to authenticate');
+            }
+            // Handle the response if data is received and callback is set
+            this.onDataCallback(responseMessage);
+        }
+    }
+    /**
+     * Registers a callback to handle incoming messages.
+     * This must be called before sending any messages to ensure responses can be processed.
+     *
+     * @param callback - A function to invoke when an incoming AuthMessage is received.
+     * @returns A promise that resolves once the callback is set.
+     */
+    async onData(callback) {
+        this.onDataCallback = (m) => {
+            callback(m);
+        };
+    }
+    /**
+     * Deserializes a request payload from a byte array into an HTTP request-like structure.
+     *
+     * @param payload - The serialized payload to deserialize.
+     * @returns An object representing the deserialized request, including the method,
+     *          URL postfix (path and query string), headers, body, and request ID.
+     */
+    deserializeRequestPayload(payload) {
+        // Create a reader
+        const requestReader = new Utils.Reader(payload);
+        // The first 32 bytes is the requestId
+        const requestId = Utils.toBase64(requestReader.read(32));
+        // Method
+        const methodLength = requestReader.readVarIntNum();
+        let method = 'GET';
+        if (methodLength > 0) {
+            method = Utils.toUTF8(requestReader.read(methodLength));
+        }
+        // Path
+        const pathLength = requestReader.readVarIntNum();
+        let path = '';
+        if (pathLength > 0) {
+            path = Utils.toUTF8(requestReader.read(pathLength));
+        }
+        // Search
+        const searchLength = requestReader.readVarIntNum();
+        let search = '';
+        if (searchLength > 0) {
+            search = Utils.toUTF8(requestReader.read(searchLength));
+        }
+        // Read headers
+        const requestHeaders = {};
+        const nHeaders = requestReader.readVarIntNum();
+        if (nHeaders > 0) {
+            for (let i = 0; i < nHeaders; i++) {
+                const nHeaderKeyBytes = requestReader.readVarIntNum();
+                const headerKeyBytes = requestReader.read(nHeaderKeyBytes);
+                const headerKey = Utils.toUTF8(headerKeyBytes);
+                const nHeaderValueBytes = requestReader.readVarIntNum();
+                const headerValueBytes = requestReader.read(nHeaderValueBytes);
+                const headerValue = Utils.toUTF8(headerValueBytes);
+                requestHeaders[headerKey] = headerValue;
+            }
+        }
+        // Read body
+        let requestBody;
+        const requestBodyBytes = requestReader.readVarIntNum();
+        if (requestBodyBytes > 0) {
+            requestBody = requestReader.read(requestBodyBytes);
+        }
+        // Return the deserialized RequestInit
+        return {
+            urlPostfix: path + search,
+            method,
+            headers: requestHeaders,
+            body: requestBody,
+            requestId
+        };
+    }
+}
+//# sourceMappingURL=SimplifiedFetchTransport.js.map

package/dist/esm/src/auth/transports/SimplifiedFetchTransport.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SimplifiedFetchTransport.js","sourceRoot":"","sources":["../../../../../src/auth/transports/SimplifiedFetchTransport.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AAEvC,MAAM,oBAAoB,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;AAEvC;;;GAGG;AACH,MAAM,OAAO,wBAAwB;IAC3B,cAAc,CAAiC;IACvD,WAAW,CAAc;IACzB,OAAO,CAAQ;IAEf;;;;OAIG;IACH,YAAY,OAAe,EAAE,WAAW,GAAG,KAAK;QAC9C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;QAC9B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;IACxB,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,IAAI,CAAC,OAAoB;QAC7B,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,qFAAqF,CAAC,CAAA;QACxG,CAAC;QAED,IAAI,OAAO,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,OAAO,mBAAmB,EAAE;gBAC1E,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;iBACnC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;aAC9B,CAAC,CAAA;YACF,8DAA8D;YAC9D,IAAI,QAAQ,CAAC,EAAE,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACvC,MAAM,eAAe,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;gBAC7C,IAAI,eAAe,EAAE,MAAM,KAAK,sBAAsB,EAAE,CAAC;oBACvD,IAAI,CAAC,cAAc,CAAC,eAA8B,CAAC,CAAA;gBACrD,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,2CAA2C;gBAC3C,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;YACvD,CAAC;QACH,CAAC;aAAM,CAAC;YACN,wBAAwB;YACxB,MAAM,WAAW,GAAG,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;YAEnE,0CAA0C;YAC1C,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,WAAW,CAAC,UAAU,EAAE,CAAA;YACtD,IAAI,0BAA0B,GAAQ,WAAW,CAAA;YACjD,IAAI,OAAO,WAAW,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;gBAC5C,0BAA0B,CAAC,OAAO,GAAG,EAAE,CAAA;YACzC,CAAC;YAED,2CAA2C;YAC3C,0BAA0B,CAAC,OAAO,CAAC,oBAAoB,CAAC,GAAG,OAAO,CAAC,OAAO,CAAA;YAC1E,0BAA0B,CAAC,OAAO,CAAC,yBAAyB,CAAC,GAAG,OAAO,CAAC,WAAW,CAAA;YACnF,0BAA0B,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,OAAO,CAAC,KAAK,CAAA;YACtE,0BAA0B,CAAC,OAAO,CAAC,uBAAuB,CAAC,GAAG,OAAO,CAAC,SAAS,CAAA;YAC/E,0BAA0B,CAAC,OAAO,CAAC,sBAAsB,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;YAC3F,0BAA0B,CAAC,OAAO,CAAC,uBAAuB,CAAC,GAAG,WAAW,CAAC,SAAS,CAAA;YAEnF,sDAAsD;YACtD,IAAI,0BAA0B,CAAC,IAAI,EAAE,CAAC;gBACpC,MAAM,OAAO,GAAG,0BAA0B,CAAC,OAAO,CAAC;gBACnD,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;oBAC7B,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;gBAC/E,CAAC;gBAED,MAAM,WAAW,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;gBAE5C,uCAAuC;gBACvC,IAAI,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;oBAC7C,oCAAoC;oBACpC,0BAA0B,CAAC,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,0BAA0B,CAAC,IAAI,CAAC,CAAC;gBAClF,CAAC;qBAAM,IAAI,WAAW,CAAC,QAAQ,CAAC,mCAAmC,CAAC,EAAE,CAAC;oBACrE,2CAA2C;oBAC3C,0BAA0B,CAAC,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,0BAA0B,CAAC,IAAI,CAAC,CAAC;gBAClF,CAAC;qBAAM,IAAI,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;oBAC9C,2CAA2C;oBAC3C,0BAA0B,CAAC,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,0BAA0B,CAAC,IAAI,CAAC,CAAC;gBAClF,CAAC;qBAAM,CAAC;oBACN,oDAAoD;oBACpD,0BAA0B,CAAC,IAAI,GAAG,IAAI,UAAU,CAAC,0BAA0B,CAAC,IAAI,CAAC,CAAC;gBACpF,CAAC;YACH,CAAC;YAGD,8CAA8C;YAC9C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE;gBAC3C,MAAM,EAAE,0BAA0B,CAAC,MAAM;gBACzC,OAAO,EAAE,0BAA0B,CAAC,OAAO;gBAC3C,IAAI,EAAE,0BAA0B,CAAC,IAAI;aACtC,CAAC,CAAA;YAEF,iCAAiC;YACjC,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACpD,yBAAyB;gBACzB,IAAI,SAAS,CAAC;gBACd,IAAI,CAAC;oBACH,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACpC,CAAC;gBAAC,MAAM,CAAC;oBACP,uCAAuC;oBACvC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;oBACnD,MAAM,IAAI,KAAK,CAAC,QAAQ,QAAQ,CAAC,MAAM,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC,CAAC;gBAC1E,CAAC;gBAED,sEAAsE;gBACtE,IAAI,SAAS,EAAE,MAAM,KAAK,OAAO,IAAI,OAAO,SAAS,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;oBAC/E,MAAM,GAAG,GAAG,QAAQ,QAAQ,CAAC,MAAM,MAAM,SAAS,CAAC,WAAW,EAAE,CAAC;oBACjE,MAAM,IAAI,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,WAAW,SAAS,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBAC7E,CAAC;gBAED,uCAAuC;gBACvC,MAAM,IAAI,KAAK,CAAC,QAAQ,QAAQ,CAAC,MAAM,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;YAC5E,CAAC;YAED,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAA;YAC/C,MAAM,aAAa,GAAG,IAAI,KAAK,CAAC,MAAM,EAAE,CAAA;YACxC,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAA;YAC3F,aAAa,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;YAE7C,wCAAwC;YACxC,iEAAiE;YACjE,uCAAuC;YACvC,iDAAiD;YACjD,MAAM,eAAe,GAAuB,EAAE,CAAA;YAC9C,+CAA+C;YAC/C,MAAM,YAAY,GAAuB,EAAE,CAAA;YAC3C,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;gBACtC,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAA;gBAClC,IAAI,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,QAAQ,KAAK,eAAe,EAAE,CAAC;oBAClE,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;wBACvC,YAAY,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAA;oBACtC,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAA;YAEF,qDAAqD;YACrD,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAA;YAC/D,eAAe,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAA;YAErC,WAAW;YACX,aAAa,CAAC,cAAc,CAAC,eAAe,CAAC,MAAM,CAAC,CAAA;YACpD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,eAAe,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAChD,kBAAkB;gBAClB,MAAM,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAA;gBACrE,aAAa,CAAC,cAAc,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAA;gBACrD,YAAY;gBACZ,aAAa,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAA;gBACrC,oBAAoB;gBACpB,MAAM,kBAAkB,GAAG,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAA;gBACvE,aAAa,CAAC,cAAc,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAA;gBACvD,cAAc;gBACd,aAAa,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAA;YACzC,CAAC;YAED,cAAc;YACd,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAA;gBAC1D,aAAa,CAAC,cAAc,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;gBAChD,aAAa,CAAC,KAAK,CAAC,WAAW,CAAC,CAAA;YAClC,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAA;YAClC,CAAC;YAED,iDAAiD;YACjD,MAAM,eAAe,GAAgB;gBACnC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;gBACnD,WAAW,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,KAAK,oBAAoB,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS;gBACxH,WAAW,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;gBAC5D,KAAK,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;gBAC/C,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;gBACxD,qBAAqB,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAA4B;gBACvH,OAAO,EAAE,aAAa,CAAC,OAAO,EAAE;gBAChC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,EAAE,KAAK,CAAC;aAC9E,CAAA;YAED,kFAAkF;YAClF,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;YACvD,CAAC;YAED,8DAA8D;YAC9D,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,CAAA;QACtC,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,MAAM,CAAC,QAAiD;QAC5D,IAAI,CAAC,cAAc,GAAG,CAAC,CAAC,EAAE,EAAE;YAC1B,QAAQ,CAAC,CAAC,CAAC,CAAA;QACb,CAAC,CAAA;IACH,CAAC;IAED;;;;;;OAMG;IACH,yBAAyB,CAAC,OAAiB;QAOzC,kBAAkB;QAClB,MAAM,aAAa,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;QAC/C,sCAAsC;QACtC,MAAM,SAAS,GAAG,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;QAExD,SAAS;QACT,MAAM,YAAY,GAAG,aAAa,CAAC,aAAa,EAAE,CAAA;QAClD,IAAI,MAAM,GAAG,KAAK,CAAA;QAClB,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;YACrB,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAA;QACzD,CAAC;QAED,OAAO;QACP,MAAM,UAAU,GAAG,aAAa,CAAC,aAAa,EAAE,CAAA;QAChD,IAAI,IAAI,GAAG,EAAE,CAAA;QACb,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;YACnB,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAA;QACrD,CAAC;QAED,SAAS;QACT,MAAM,YAAY,GAAG,aAAa,CAAC,aAAa,EAAE,CAAA;QAClD,IAAI,MAAM,GAAG,EAAE,CAAA;QACf,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;YACrB,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAA;QACzD,CAAC;QAED,eAAe;QACf,MAAM,cAAc,GAAG,EAAE,CAAA;QACzB,MAAM,QAAQ,GAAG,aAAa,CAAC,aAAa,EAAE,CAAA;QAC9C,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;YACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC;gBAClC,MAAM,eAAe,GAAG,aAAa,CAAC,aAAa,EAAE,CAAA;gBACrD,MAAM,cAAc,GAAG,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;gBAC1D,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,cAAc,CAAC,CAAA;gBAC9C,MAAM,iBAAiB,GAAG,aAAa,CAAC,aAAa,EAAE,CAAA;gBACvD,MAAM,gBAAgB,GAAG,aAAa,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;gBAC9D,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAA;gBAClD,cAAc,CAAC,SAAS,CAAC,GAAG,WAAW,CAAA;YACzC,CAAC;QACH,CAAC;QAED,YAAY;QACZ,IAAI,WAAW,CAAA;QACf,MAAM,gBAAgB,GAAG,aAAa,CAAC,aAAa,EAAE,CAAA;QACtD,IAAI,gBAAgB,GAAG,CAAC,EAAE,CAAC;YACzB,WAAW,GAAG,aAAa,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;QACpD,CAAC;QAED,sCAAsC;QACtC,OAAO;YACL,UAAU,EAAE,IAAI,GAAG,MAAM;YACzB,MAAM;YACN,OAAO,EAAE,cAAc;YACvB,IAAI,EAAE,WAAW;YACjB,SAAS;SACV,CAAA;IACH,CAAC;CACF"}

package/dist/esm/src/auth/transports/index.js

@@ -0,0 +1,2 @@
+export * from './SimplifiedFetchTransport.js';
+//# sourceMappingURL=index.js.map

package/dist/esm/src/auth/transports/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/auth/transports/index.ts"],"names":[],"mappings":"AAAA,cAAc,+BAA+B,CAAA"}

package/dist/esm/src/auth/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/esm/src/auth/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/auth/types.ts"],"names":[],"mappings":""}

package/dist/esm/src/auth/utils/certificateHelpers.js

@@ -0,0 +1,47 @@
+import { SymmetricKey, Utils, ProtoWallet } from "../../../mod.js";
+import { MasterCertificate } from "../certificates/MasterCertificate.js";
+import { VerifiableCertificate } from "../certificates/VerifiableCertificate.js";
+/**
+ * Creates a Master Certificate by encrypting provided fields and generating a master keyring.
+ *
+ * @param {Wallet} wallet - The wallet instance used for encryption and public key retrieval.
+ * @param {Record<string, string>} fields - The certificate fields to encrypt.
+ * @param {string} certificateType - The type of the certificate being created.
+ * @param {string} certificateSerialNumber - The serial number of the certificate.
+ * @param {string} certifierPublicKey - The public key of the certifier.
+ * @returns {Promise<MasterCertificate>} A promise resolving to the created Master Certificate.
+ */
+export async function createMasterCertificate(wallet, fields, certificateType, certificateSerialNumber, certifierPublicKey) {
+    const certificateFields = {};
+    const masterKeyring = {};
+    for (const fieldName in fields) {
+        const fieldSymmetricKey = SymmetricKey.fromRandom();
+        const encryptedFieldValue = fieldSymmetricKey.encrypt(Utils.toArray(fields[fieldName], 'utf8'));
+        certificateFields[fieldName] = Utils.toBase64(encryptedFieldValue);
+        const encryptedFieldKey = await wallet.encrypt({
+            plaintext: fieldSymmetricKey.toArray(),
+            protocolID: [2, 'certificate field encryption'],
+            keyID: `${certificateSerialNumber} ${fieldName}`,
+            counterparty: 'self'
+        });
+        masterKeyring[fieldName] = Utils.toBase64(encryptedFieldKey.ciphertext);
+    }
+    return new MasterCertificate(certificateType, certificateSerialNumber, (await wallet.getPublicKey({ identityKey: true })).publicKey, certifierPublicKey, 'revocationOutpoint', certificateFields, masterKeyring);
+}
+/**
+ * Creates a Verifiable Certificate by signing a Master Certificate and generating a keyring for a verifier.
+ *
+ * @param {MasterCertificate} masterCertificate - The master certificate to convert into a verifiable certificate.
+ * @param {Wallet} wallet - The wallet instance used for generating a keyring for the verifier.
+ * @param {string} verifierIdentityKey - The identity key of the verifier.
+ * @param {string[]} fieldsToReveal - The list of fields to reveal to the verifier.
+ * @param {PrivateKey} certifierPrivateKey - The private key of the certifier for signing the certificate.
+ * @returns {Promise<VerifiableCertificate>} A promise resolving to the created Verifiable Certificate.
+ */
+export async function createVerifiableCertificate(masterCertificate, wallet, verifierIdentityKey, fieldsToReveal, certifierPrivateKey) {
+    const certifierWallet = new ProtoWallet(certifierPrivateKey);
+    await masterCertificate.sign(certifierWallet);
+    const keyringForVerifier = await masterCertificate.createKeyringForVerifier(wallet, verifierIdentityKey, fieldsToReveal);
+    return new VerifiableCertificate(masterCertificate.type, masterCertificate.serialNumber, masterCertificate.subject, masterCertificate.certifier, masterCertificate.revocationOutpoint, masterCertificate.fields, masterCertificate.signature, keyringForVerifier);
+}
+//# sourceMappingURL=certificateHelpers.js.map

package/dist/esm/src/auth/utils/certificateHelpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"certificateHelpers.js","sourceRoot":"","sources":["../../../../../src/auth/utils/certificateHelpers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,YAAY,EAAE,KAAK,EAAU,WAAW,EAAE,MAAM,iBAAiB,CAAA;AACtF,OAAO,EAAE,iBAAiB,EAAE,MAAM,sCAAsC,CAAA;AACxE,OAAO,EAAE,qBAAqB,EAAE,MAAM,0CAA0C,CAAA;AAEhF;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,MAAc,EACd,MAA8B,EAC9B,eAAuB,EACvB,uBAA+B,EAC/B,kBAA0B;IAE1B,MAAM,iBAAiB,GAA2B,EAAE,CAAA;IACpD,MAAM,aAAa,GAA2B,EAAE,CAAA;IAEhD,KAAK,MAAM,SAAS,IAAI,MAAM,EAAE,CAAC;QAC/B,MAAM,iBAAiB,GAAG,YAAY,CAAC,UAAU,EAAE,CAAA;QACnD,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,CAAC,CAAA;QAC/F,iBAAiB,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,mBAA+B,CAAC,CAAA;QAE9E,MAAM,iBAAiB,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;YAC7C,SAAS,EAAE,iBAAiB,CAAC,OAAO,EAAE;YACtC,UAAU,EAAE,CAAC,CAAC,EAAE,8BAA8B,CAAC;YAC/C,KAAK,EAAE,GAAG,uBAAuB,IAAI,SAAS,EAAE;YAChD,YAAY,EAAE,MAAM;SACrB,CAAC,CAAA;QACF,aAAa,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAA;IACzE,CAAC;IAED,OAAO,IAAI,iBAAiB,CAC1B,eAAe,EACf,uBAAuB,EACvB,CAAC,MAAM,MAAM,CAAC,YAAY,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,EAC5D,kBAAkB,EAClB,oBAAoB,EACpB,iBAAiB,EACjB,aAAa,CACd,CAAA;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,iBAAoC,EACpC,MAAc,EACd,mBAA2B,EAC3B,cAAwB,EACxB,mBAA+B;IAE/B,MAAM,eAAe,GAAG,IAAI,WAAW,CAAC,mBAAmB,CAAC,CAAA;IAC5D,MAAM,iBAAiB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IAE7C,MAAM,kBAAkB,GAAG,MAAM,iBAAiB,CAAC,wBAAwB,CACzE,MAAM,EACN,mBAAmB,EACnB,cAAc,CACf,CAAA;IAED,OAAO,IAAI,qBAAqB,CAC9B,iBAAiB,CAAC,IAAI,EACtB,iBAAiB,CAAC,YAAY,EAC9B,iBAAiB,CAAC,OAAO,EACzB,iBAAiB,CAAC,SAAS,EAC3B,iBAAiB,CAAC,kBAAkB,EACpC,iBAAiB,CAAC,MAAM,EACxB,iBAAiB,CAAC,SAAS,EAC3B,kBAAkB,CACnB,CAAA;AACH,CAAC"}

package/dist/esm/src/auth/utils/createNonce.js

@@ -0,0 +1,16 @@
+import { Utils, Random } from '../../../mod.js';
+/**
+ * Creates a nonce derived from a privateKey
+ * @param wallet
+ * @returns A random nonce derived with a wallet
+ */
+export async function createNonce(wallet) {
+    // Generate 16 random bytes for the first half of the data
+    const firstHalf = Random(16);
+    // Create an sha256 HMAC
+    const { hmac } = await wallet.createHmac({ protocolID: [2, 'server hmac'], keyID: Utils.toUTF8(firstHalf), data: firstHalf, counterparty: 'self' });
+    // Concatenate firstHalf and secondHalf as the nonce bytes
+    const nonceBytes = [...firstHalf, ...hmac];
+    return Utils.toBase64(nonceBytes);
+}
+//# sourceMappingURL=createNonce.js.map

package/dist/esm/src/auth/utils/createNonce.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"createNonce.js","sourceRoot":"","sources":["../../../../../src/auth/utils/createNonce.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,EAAU,MAAM,iBAAiB,CAAA;AAEvD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAAc;IAC9C,0DAA0D;IAC1D,MAAM,SAAS,GAAG,MAAM,CAAC,EAAE,CAAC,CAAA;IAC5B,wBAAwB;IACxB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC,CAAA;IACnJ,0DAA0D;IAC1D,MAAM,UAAU,GAAG,CAAC,GAAG,SAAS,EAAE,GAAG,IAAI,CAAC,CAAA;IAC1C,OAAO,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;AACnC,CAAC"}

package/dist/esm/src/auth/utils/getVerifiableCertificates.js

@@ -0,0 +1,27 @@
+import { VerifiableCertificate } from "../certificates/VerifiableCertificate.js";
+/**
+ * Retrieves an array of verifiable certificates based on the request.
+ *
+ * @private
+ * @param {RequestedCertificateSet} requestedCertificates - The set of certificates requested by the peer.
+ * @param {string} verifierIdentityKey - The public key of the verifier requesting the certificates.
+ * @returns {Promise<VerifiableCertificate[]>} An array of verifiable certificates.
+ */
+export const getVerifiableCertificates = async (wallet, requestedCertificates, verifierIdentityKey) => {
+    // Find matching certificates we have
+    // Note: This may return multiple certificates that match the correct type.
+    const matchingCertificates = await wallet.listCertificates({
+        certifiers: requestedCertificates.certifiers,
+        types: Object.keys(requestedCertificates.types)
+    });
+    // For each certificate requested, create a verifiable cert with selectively revealed fields
+    return await Promise.all(matchingCertificates.certificates.map(async (certificate) => {
+        const { keyringForVerifier } = await wallet.proveCertificate({
+            certificate,
+            fieldsToReveal: requestedCertificates.types[certificate.type],
+            verifier: verifierIdentityKey
+        });
+        return new VerifiableCertificate(certificate.type, certificate.serialNumber, certificate.subject, certificate.certifier, certificate.revocationOutpoint, certificate.fields, certificate.signature, keyringForVerifier);
+    }));
+};
+//# sourceMappingURL=getVerifiableCertificates.js.map

package/dist/esm/src/auth/utils/getVerifiableCertificates.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"getVerifiableCertificates.js","sourceRoot":"","sources":["../../../../../src/auth/utils/getVerifiableCertificates.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,0CAA0C,CAAA;AAIhF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,KAAK,EAAE,MAAc,EAAE,qBAA8C,EAAE,mBAA2B,EAAoC,EAAE;IAC/K,qCAAqC;IACrC,2EAA2E;IAC3E,MAAM,oBAAoB,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC;QACzD,UAAU,EAAE,qBAAqB,CAAC,UAAU;QAC5C,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC;KAChD,CAAC,CAAA;IAEF,4FAA4F;IAC5F,OAAO,MAAM,OAAO,CAAC,GAAG,CACtB,oBAAoB,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAC,WAAW,EAAC,EAAE;QACxD,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC;YAC3D,WAAW;YACX,cAAc,EAAE,qBAAqB,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC;YAC7D,QAAQ,EAAE,mBAAmB;SAC9B,CAAC,CAAA;QACF,OAAO,IAAI,qBAAqB,CAC9B,WAAW,CAAC,IAAI,EAChB,WAAW,CAAC,YAAY,EACxB,WAAW,CAAC,OAAO,EACnB,WAAW,CAAC,SAAS,EACrB,WAAW,CAAC,kBAAkB,EAC9B,WAAW,CAAC,MAAM,EAClB,WAAW,CAAC,SAAS,EACrB,kBAAkB,CACnB,CAAA;IACH,CAAC,CAAC,CAAC,CAAA;AACP,CAAC,CAAA"}

package/dist/esm/src/auth/utils/index.js

@@ -0,0 +1,5 @@
+export * from './verifyNonce.js';
+export * from './createNonce.js';
+export * from './getVerifiableCertificates.js';
+export * from './validateCertificates.js';
+//# sourceMappingURL=index.js.map

package/dist/esm/src/auth/utils/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/auth/utils/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAA;AAChC,cAAc,kBAAkB,CAAA;AAChC,cAAc,gCAAgC,CAAA;AAC9C,cAAc,2BAA2B,CAAA"}

package/dist/esm/src/auth/utils/validateCertificates.js

@@ -0,0 +1,38 @@
+import { VerifiableCertificate } from "../certificates/VerifiableCertificate.js";
+/**
+ * Validates and processes the certificates received from a peer.
+ *
+ * @private
+ * @param {AuthMessage} message - The message containing the certificates to validate.
+ * @returns {Promise<void>}
+ * @throws Will throw an error if certificate validation or field decryption fails.
+ */
+export const validateCertificates = async (verifierWallet, message, certificatesRequested) => {
+    await Promise.all(message.certificates.map(async (incomingCert) => {
+        if (incomingCert.subject !== message.identityKey) {
+            throw new Error(`The subject of one of your certificates ("${incomingCert.subject}") is not the same as the request sender ("${message.identityKey}").`);
+        }
+        // Verify Certificate structure and signature
+        const certToVerify = new VerifiableCertificate(incomingCert.type, incomingCert.serialNumber, incomingCert.subject, incomingCert.certifier, incomingCert.revocationOutpoint, incomingCert.fields, incomingCert.signature, incomingCert.keyring);
+        const isValidCert = await certToVerify.verify();
+        if (!isValidCert) {
+            throw new Error(`The signature for the certificate with serial number ${certToVerify.serialNumber} is invalid!`);
+        }
+        // Check if the certificate matches requested certifiers, types, and fields
+        if (certificatesRequested) {
+            const { certifiers, types } = certificatesRequested;
+            // Check certifier matches
+            if (!certifiers.includes(certToVerify.certifier)) {
+                throw new Error(`Certificate with serial number ${certToVerify.serialNumber} has an unrequested certifier: ${certToVerify.certifier}`);
+            }
+            // Check type and fields match requested
+            const requestedFields = types[certToVerify.type];
+            if (!requestedFields) {
+                throw new Error(`Certificate with type ${certToVerify.type} was not requested`);
+            }
+        }
+        // Attempt to decrypt fields
+        await certToVerify.decryptFields(verifierWallet);
+    }));
+};
+//# sourceMappingURL=validateCertificates.js.map

package/dist/esm/src/auth/utils/validateCertificates.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validateCertificates.js","sourceRoot":"","sources":["../../../../../src/auth/utils/validateCertificates.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,qBAAqB,EAAE,MAAM,0CAA0C,CAAA;AAEhF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,KAAK,EAAE,cAAsB,EAAE,OAAoB,EAAE,qBAA+C,EAAiB,EAAE;IACzJ,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,YAAmC,EAAE,EAAE;QACvF,IAAI,YAAY,CAAC,OAAO,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,6CAA6C,YAAY,CAAC,OAAO,8CAA8C,OAAO,CAAC,WAAW,KAAK,CAAC,CAAA;QAC1J,CAAC;QAED,6CAA6C;QAC7C,MAAM,YAAY,GAAG,IAAI,qBAAqB,CAC5C,YAAY,CAAC,IAAI,EACjB,YAAY,CAAC,YAAY,EACzB,YAAY,CAAC,OAAO,EACpB,YAAY,CAAC,SAAS,EACtB,YAAY,CAAC,kBAAkB,EAC/B,YAAY,CAAC,MAAM,EACnB,YAAY,CAAC,SAAS,EACtB,YAAY,CAAC,OAAO,CACrB,CAAA;QACD,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,CAAA;QAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,wDAAwD,YAAY,CAAC,YAAY,cAAc,CAAC,CAAA;QAClH,CAAC;QAED,2EAA2E;QAC3E,IAAI,qBAAqB,EAAE,CAAC;YAC1B,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,qBAAqB,CAAA;YAEnD,0BAA0B;YAC1B,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,YAAY,CAAC,YAAY,kCAAkC,YAAY,CAAC,SAAS,EAAE,CAAC,CAAA;YACxI,CAAC;YAED,wCAAwC;YACxC,MAAM,eAAe,GAAG,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;YAChD,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CAAC,yBAAyB,YAAY,CAAC,IAAI,oBAAoB,CAAC,CAAA;YACjF,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,MAAM,YAAY,CAAC,aAAa,CAAC,cAAc,CAAC,CAAA;IAClD,CAAC,CAAC,CAAC,CAAA;AACL,CAAC,CAAA"}

package/dist/esm/src/auth/utils/verifyNonce.js

@@ -0,0 +1,24 @@
+import { Utils } from '../../../mod.js';
+/**
+ * Verifies a nonce derived from a wallet
+ * @param nonce - A nonce to verify as a base64 string.
+ * @param wallet
+ * @returns The status of the validation
+ */
+export async function verifyNonce(nonce, wallet) {
+    // Convert nonce from base64 string to Uint8Array
+    const buffer = Utils.toArray(nonce, 'base64');
+    // Split the nonce buffer
+    const data = buffer.slice(0, 16);
+    const hmac = buffer.slice(16);
+    // Calculate the HMAC
+    const { valid } = await wallet.verifyHmac({
+        data,
+        hmac,
+        protocolID: [2, 'server hmac'],
+        keyID: Utils.toUTF8(data),
+        counterparty: 'self'
+    });
+    return valid;
+}
+//# sourceMappingURL=verifyNonce.js.map

package/dist/esm/src/auth/utils/verifyNonce.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifyNonce.js","sourceRoot":"","sources":["../../../../../src/auth/utils/verifyNonce.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAU,MAAM,iBAAiB,CAAA;AAE/C;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,KAAa,EAAE,MAAc;IAC7D,iDAAiD;IACjD,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAA;IAE7C,yBAAyB;IACzB,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IAChC,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;IAE7B,qBAAqB;IACrB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC;QACxC,IAAI;QACJ,IAAI;QACJ,UAAU,EAAE,CAAC,CAAC,EAAE,aAAa,CAAC;QAC9B,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC;QACzB,YAAY,EAAE,MAAM;KACrB,CAAC,CAAA;IAEF,OAAO,KAAK,CAAA;AACd,CAAC"}

package/dist/esm/src/wallet/substrates/WalletWireProcessor.js

@@ -1,6 +1,6 @@
 import { Utils } from '../../primitives/index.js';
 import calls from './WalletWireCalls.js';
-import Certificate from '../../auth/Certificate.js';
+import Certificate from '../../auth/certificates/Certificate.js';
 /**
  * Processes incoming wallet calls received over a wallet wire, with a given wallet.
  */