npm - @canton-network/core-signing-fireblocks - Versions diffs - 0.9.0 → 0.10.0 - Mend

@canton-network/core-signing-fireblocks 0.9.0 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/dist/index.cjs +458 -0
package/dist/index.cjs.map +1 -0
package/dist/index.js +443 -155
package/dist/index.js.map +1 -0
package/package.json +17 -6
package/dist/fireblocks.js +0 -288
package/dist/fireblocks.test.d.ts +0 -2
package/dist/fireblocks.test.d.ts.map +0 -1
package/dist/fireblocks.test.js +0 -54
package/dist/index.test.d.ts +0 -3
package/dist/index.test.d.ts.map +0 -1
package/dist/index.test.js +0 -190

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,458 @@
+'use strict';
+var coreSigningLib = require('@canton-network/core-signing-lib');
+var tsSdk = require('@fireblocks/ts-sdk');
+var pino = require('pino');
+var zod = require('zod');
+var _ = require('lodash');
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+var ___default = /*#__PURE__*/_interopDefault(_);
+var __defProp = Object.defineProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+var RawMessageSchema = zod.z.object({
+  content: zod.z.string(),
+  derivationPath: zod.z.array(zod.z.number())
+});
+var RawMessageDataSchema = zod.z.object({
+  messages: zod.z.array(RawMessageSchema),
+  algorithm: zod.z.string()
+});
+var RawMessageExtraParametersSchema = zod.z.object({
+  rawMessageData: RawMessageDataSchema
+});
+var logger = pino.pino({ name: "main", level: "debug" });
+var FireblocksHandler = class {
+  constructor(defaultKey, userKeys, apiPath = "https://api.fireblocks.io/v1") {
+    __publicField(this, "defaultClient");
+    __publicField(this, "clients", /* @__PURE__ */ new Map());
+    __publicField(this, "keyInfoByPublicKey", /* @__PURE__ */ new Map());
+    __publicField(this, "publicKeyByDerivationPath", /* @__PURE__ */ new Map());
+    __publicField(this, "getClient", (userId) => {
+      if (userId !== void 0 && this.clients.has(userId)) {
+        return this.clients.get(userId);
+      } else if (this.defaultClient) {
+        return this.defaultClient;
+      } else {
+        throw new Error("No Fireblocks client available for this user.");
+      }
+    });
+    if (defaultKey) {
+      this.defaultClient = new tsSdk.Fireblocks({
+        apiKey: defaultKey.apiKey,
+        basePath: apiPath,
+        secretKey: defaultKey.apiSecret
+      });
+    }
+    userKeys.forEach((keyInfo, userId) => {
+      const client = new tsSdk.Fireblocks({
+        apiKey: keyInfo.apiKey,
+        basePath: apiPath,
+        secretKey: keyInfo.apiSecret
+      });
+      this.clients.set(userId, client);
+    });
+  }
+  /**
+   * Get all public keys which correspond to Fireblocks vault accounts. This will
+   * also refresh the key cache.
+   * @returns List of Fireblocks public key information
+   */
+  async getPublicKeys(userId) {
+    const keys = [];
+    try {
+      const client = this.getClient(userId);
+      const vaultAccounts = [];
+      let after = void 0;
+      do {
+        const resp = await client.vaults.getPagedVaultAccounts(
+          after ? { after } : {}
+        );
+        after = resp.data.paging?.after;
+        vaultAccounts.push(...resp.data.accounts || []);
+      } while (after !== void 0);
+      for (const vault of vaultAccounts) {
+        if (vault.id) {
+          const derivationPath = [
+            44,
+            coreSigningLib.CC_COIN_TYPE,
+            Number(vault.id) || 0,
+            0,
+            0
+          ];
+          const publicKey = await this.lookupPublicKey(
+            userId,
+            derivationPath
+          );
+          const storedKey = {
+            derivationPath,
+            publicKey,
+            name: vault.name || vault.id,
+            algorithm: tsSdk.PublicKeyInformationAlgorithmEnum.EddsaEd25519
+          };
+          keys.push(storedKey);
+          this.keyInfoByPublicKey.set(storedKey.publicKey, storedKey);
+        }
+      }
+    } catch (error) {
+      logger.error(error, "Error fetching vault accounts:");
+      throw error;
+    }
+    return keys;
+  }
+  /**
+   * Takes a Fireblocks response from a transactions call and extracts the transaction information
+   * relevant to the Wallet Gateway. This will potentially fetch the public key since unsigned transactions
+   * do  not include it
+   * @returns FireblocksTransaction
+   */
+  async formatTransaction(userId, tx) {
+    if (tx.signedMessages && tx.signedMessages.length > 0) {
+      const signedMessage = tx.signedMessages[0];
+      if (!signedMessage.publicKey || !signedMessage.content || !signedMessage.signature) {
+        return void 0;
+      }
+      return {
+        txId: tx.id,
+        status: "signed",
+        createdAt: tx.createdAt,
+        publicKey: signedMessage.publicKey,
+        signature: signedMessage.signature.fullSig,
+        derivationPath: signedMessage.derivationPath
+      };
+    } else {
+      const rawMessageData = RawMessageExtraParametersSchema.safeParse(
+        tx.extraParameters
+      );
+      if (!rawMessageData.success) {
+        return void 0;
+      }
+      const message = rawMessageData.data.rawMessageData.messages[0];
+      const publicKey = await this.lookupPublicKey(
+        userId,
+        message.derivationPath
+      );
+      const status = tx.status === "REJECTED" || tx.status === "BLOCKED" ? "rejected" : tx.status === "FAILED" ? "failed" : "pending";
+      return {
+        txId: tx.id,
+        status,
+        createdAt: tx.createdAt,
+        publicKey,
+        derivationPath: message.derivationPath
+      };
+    }
+  }
+  /**
+   * Looks up or fetches the public key (only) for a given derivation path
+   * @returns The public key as a string
+   */
+  async lookupPublicKey(userId, derivationPath) {
+    const derivationPathString = JSON.stringify(derivationPath);
+    if (this.publicKeyByDerivationPath.has(derivationPathString)) {
+      return this.publicKeyByDerivationPath.get(derivationPathString);
+    } else {
+      try {
+        const client = this.getClient(userId);
+        const key = await client.vaults.getPublicKeyInfo({
+          algorithm: tsSdk.PublicKeyInformationAlgorithmEnum.EddsaEd25519,
+          derivationPath: derivationPathString
+        });
+        if (key.data.publicKey) {
+          this.publicKeyByDerivationPath.set(
+            derivationPathString,
+            key.data.publicKey
+          );
+          return key.data.publicKey;
+        } else {
+          throw new Error(
+            "Malformed public key response from Fireblocks"
+          );
+        }
+      } catch (error) {
+        throw new Error(`Error looking up public key: ${error}`);
+      }
+    }
+  }
+  /**
+   * Fetch a single RAW transaction from Fireblocks by its transaction ID
+   * @returns FireblocksTransaction or undefined if not found
+   */
+  async getTransaction(userId, txId) {
+    try {
+      const client = this.getClient(userId);
+      const transaction = await client.transactions.getTransaction({
+        txId
+      });
+      return await this.formatTransaction(userId, transaction.data);
+    } catch {
+      return void 0;
+    }
+  }
+  /**
+   * Get all RAW transactions from Fireblocks. Returns an async generator as
+   * this may return a large number of transactions and will occasionally need to
+   * refresh the key cache.
+   * @returns AsyncGenerator of FireblocksTransactions
+   */
+  async *getTransactions(userId, {
+    limit = 200,
+    before
+  } = {}) {
+    let fetchedLength = 0;
+    let beforeQuery = before;
+    try {
+      const client = this.getClient(userId);
+      do {
+        const transactions = await client.transactions.getTransactions({
+          sourceType: "VAULT_ACCOUNT",
+          limit,
+          ...beforeQuery ? { before: beforeQuery.toString() } : {}
+        });
+        fetchedLength = transactions.data.length;
+        for (const tx of transactions.data) {
+          beforeQuery = tx.createdAt - 1;
+          const formatTransaction = await this.formatTransaction(
+            userId,
+            tx
+          );
+          if (formatTransaction) {
+            yield formatTransaction;
+          } else {
+            continue;
+          }
+        }
+      } while (fetchedLength > 0);
+    } catch (error) {
+      logger.error(error, "Error fetching signatures");
+      throw error;
+    }
+  }
+  /**
+   * Sign a transaction using a public key
+   * @param tx - The transaction to sign, as a string
+   * @param publicKey - The public key to use for signing
+   * @param externalTxId - The transaction ID assigned by the Wallet Gateway
+   * @return The transaction object from Fireblocks
+   */
+  async signTransaction(userId, tx, publicKey, externalTxId) {
+    try {
+      const client = this.getClient(userId);
+      if (!this.keyInfoByPublicKey.has(publicKey)) {
+        await this.getPublicKeys(userId);
+      }
+      const key = this.keyInfoByPublicKey.get(publicKey);
+      if (!key) {
+        throw new Error(`Public key ${publicKey} not found in vaults`);
+      }
+      const transaction = await client.transactions.createTransaction({
+        transactionRequest: {
+          operation: "RAW",
+          note: `Signing transaction with public key ${publicKey}`,
+          externalTxId,
+          extraParameters: {
+            rawMessageData: {
+              messages: [
+                {
+                  content: tx,
+                  derivationPath: key.derivationPath
+                }
+              ],
+              algorithm: key.algorithm
+            }
+          }
+        }
+      });
+      let status = "pending";
+      switch (transaction.data.status) {
+        case "REJECTED":
+          status = "rejected";
+          break;
+        case "COMPLETED":
+          status = "signed";
+          break;
+        case "CANCELLED":
+        case "FAILED":
+        case "BLOCKED":
+          status = "failed";
+          break;
+      }
+      return {
+        txId: transaction.data.id,
+        status,
+        publicKey: key.publicKey,
+        derivationPath: key.derivationPath
+      };
+    } catch (error) {
+      logger.error(error, "Error signing transaction:");
+      throw error;
+    }
+  }
+};
+var FireblocksApiKeyInfoSchema = zod.z.object({
+  apiKey: zod.z.string(),
+  apiSecret: zod.z.string()
+});
+var FireblocksConfigSchema = zod.z.object({
+  defaultApiKey: FireblocksApiKeyInfoSchema.optional(),
+  userApiKeys: zod.z.map(zod.z.string(), FireblocksApiKeyInfoSchema),
+  apiPath: zod.z.string().optional()
+});
+var createFireblocksHandler = (config) => {
+  return new FireblocksHandler(
+    config.defaultKeyInfo ? {
+      apiKey: config.defaultKeyInfo.apiKey,
+      apiSecret: config.defaultKeyInfo.apiSecret
+    } : void 0,
+    config.userApiKeys,
+    config.apiPath || "https://api.fireblocks.io/v1"
+  );
+};
+var FireblocksSigningDriver = class {
+  constructor(config) {
+    __publicField(this, "fireblocks");
+    __publicField(this, "config");
+    __publicField(this, "partyMode", coreSigningLib.PartyMode.EXTERNAL);
+    __publicField(this, "signingProvider", coreSigningLib.SigningProvider.FIREBLOCKS);
+    __publicField(this, "controller", (userId) => coreSigningLib.buildController({
+      signTransaction: async (params) => {
+        try {
+          const tx = await this.fireblocks.signTransaction(
+            userId,
+            params.txHash,
+            params.publicKey,
+            params.internalTxId
+          );
+          return {
+            txId: tx.txId,
+            status: tx.status,
+            signature: tx.signature,
+            publicKey: tx.publicKey
+          };
+        } catch (error) {
+          return {
+            error: "signing_error",
+            error_description: error.message
+          };
+        }
+      },
+      getTransaction: async (params) => {
+        const tx = await this.fireblocks.getTransaction(
+          userId,
+          params.txId
+        );
+        if (tx) {
+          return {
+            txId: tx.txId,
+            status: tx.status,
+            signature: tx.signature,
+            publicKey: tx.publicKey
+          };
+        } else {
+          return {
+            error: "transaction_not_found",
+            error_description: "The requested transaction does not exist."
+          };
+        }
+      },
+      getTransactions: async (params) => {
+        const transactions = [];
+        if (params.publicKeys || params.txIds) {
+          const txIds = new Set(params.txIds);
+          const publicKeys = new Set(params.publicKeys);
+          for await (const tx of this.fireblocks.getTransactions(
+            userId
+          )) {
+            if (txIds.has(tx.txId) || publicKeys.has(tx.publicKey || "")) {
+              transactions.push({
+                txId: tx.txId,
+                status: tx.status,
+                signature: tx.signature,
+                publicKey: tx.publicKey
+              });
+            }
+            if (params.txIds && !params.publicKeys && transactions.length == txIds.size) {
+              break;
+            }
+          }
+          return {
+            transactions
+          };
+        } else {
+          return {
+            error: "bad_arguments",
+            error_description: "either public key or txIds must be supplied"
+          };
+        }
+      },
+      getKeys: async () => {
+        try {
+          const keys = await this.fireblocks.getPublicKeys(userId);
+          return {
+            keys: keys.map((k) => ({
+              id: k.derivationPath.join("-"),
+              name: k.name,
+              publicKey: k.publicKey
+            }))
+          };
+        } catch (error) {
+          return {
+            error: "fetch_error",
+            error_description: error.message
+          };
+        }
+      },
+      createKey: async (_params) => {
+        return {
+          error: "not_allowed",
+          error_description: "Creating a Fireblocks key through the Wallet Gateway is not allowed, please create new keys directly in Fireblocks."
+        };
+      },
+      getConfiguration: async () => {
+        const hideFireblocksKeySecret = (keyInfo) => {
+          return keyInfo ? {
+            apiKey: keyInfo.apiKey,
+            apiSecret: "***HIDDEN***"
+          } : void 0;
+        };
+        return {
+          ...this.config,
+          defaultKeyInfo: hideFireblocksKeySecret(
+            this.config.defaultKeyInfo
+          ),
+          userApiKeys: new Map(
+            [...this.config.userApiKeys].map(([k, v]) => [
+              k,
+              hideFireblocksKeySecret(v)
+            ])
+          )
+        };
+      },
+      setConfiguration: async (params) => {
+        const validated = FireblocksConfigSchema.safeParse(params);
+        if (!validated.success) {
+          return {
+            error: "bad_arguments",
+            error_description: validated.error.message
+          };
+        }
+        if (!___default.default.isEqual(validated.data, this.config)) {
+          this.config = validated.data;
+          this.fireblocks = createFireblocksHandler(this.config);
+        }
+        return params;
+      },
+      // TODO: implement subscribeTransactions - we will need to figure out how to handle subscriptions
+      // when the controller is not running in a server context
+      subscribeTransactions: async (params) => Promise.resolve({})
+    }));
+    this.config = config;
+    this.fireblocks = createFireblocksHandler(config);
+  }
+};
+module.exports = FireblocksSigningDriver;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/fireblocks.ts","../src/index.ts"],"names":["z","pino","Fireblocks","CC_COIN_TYPE","PublicKeyInformationAlgorithmEnum","PartyMode","SigningProvider","buildController","_"],"mappings":";;;;;;;;;;;;;;;AAaA,IAAM,gBAAA,GAAmBA,MAAE,MAAA,CAAO;AAAA,EAC9B,OAAA,EAASA,MAAE,MAAA,EAAO;AAAA,EAClB,cAAA,EAAgBA,KAAA,CAAE,KAAA,CAAMA,KAAA,CAAE,QAAQ;AACtC,CAAC,CAAA;AAED,IAAM,oBAAA,GAAuBA,MAAE,MAAA,CAAO;AAAA,EAClC,QAAA,EAAUA,KAAA,CAAE,KAAA,CAAM,gBAAgB,CAAA;AAAA,EAClC,SAAA,EAAWA,MAAE,MAAA;AACjB,CAAC,CAAA;AAED,IAAM,+BAAA,GAAkCA,MAAE,MAAA,CAAO;AAAA,EAC7C,cAAA,EAAgB;AACpB,CAAC,CAAA;AAuBD,IAAM,SAASC,SAAA,CAAK,EAAE,MAAM,MAAA,EAAQ,KAAA,EAAO,SAAS,CAAA;AAE7C,IAAM,oBAAN,MAAwB;AAAA,EAiB3B,WAAA,CACI,UAAA,EACA,QAAA,EACA,OAAA,GAAkB,8BAAA,EACpB;AApBF,IAAA,aAAA,CAAA,IAAA,EAAQ,eAAA,CAAA;AACR,IAAA,aAAA,CAAA,IAAA,EAAQ,SAAA,sBAAuC,GAAA,EAAI,CAAA;AAEnD,IAAA,aAAA,CAAA,IAAA,EAAQ,oBAAA,sBAAqD,GAAA,EAAI,CAAA;AACjE,IAAA,aAAA,CAAA,IAAA,EAAQ,2BAAA,sBAAqD,GAAA,EAAI,CAAA;AAEjE,IAAA,aAAA,CAAA,IAAA,EAAQ,WAAA,EAAY,CAAC,MAAA,KAA2C;AAC5D,MAAA,IAAI,WAAW,MAAA,IAAa,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,MAAM,CAAA,EAAG;AAClD,QAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,MAAM,CAAA;AAAA,MAClC,CAAA,MAAA,IAAW,KAAK,aAAA,EAAe;AAC3B,QAAA,OAAO,IAAA,CAAK,aAAA;AAAA,MAChB,CAAA,MAAO;AACH,QAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,MACnE;AAAA,IACJ,CAAA,CAAA;AAOI,IAAA,IAAI,UAAA,EAAY;AACZ,MAAA,IAAA,CAAK,aAAA,GAAgB,IAAIC,gBAAA,CAAW;AAAA,QAChC,QAAQ,UAAA,CAAW,MAAA;AAAA,QACnB,QAAA,EAAU,OAAA;AAAA,QACV,WAAW,UAAA,CAAW;AAAA,OACzB,CAAA;AAAA,IACL;AACA,IAAA,QAAA,CAAS,OAAA,CAAQ,CAAC,OAAA,EAAS,MAAA,KAAW;AAClC,MAAA,MAAM,MAAA,GAAS,IAAIA,gBAAA,CAAW;AAAA,QAC1B,QAAQ,OAAA,CAAQ,MAAA;AAAA,QAChB,QAAA,EAAU,OAAA;AAAA,QACV,WAAW,OAAA,CAAQ;AAAA,OACtB,CAAA;AACD,MAAA,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,MAAA,EAAQ,MAAM,CAAA;AAAA,IACnC,CAAC,CAAA;AAAA,EACL;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,cACT,MAAA,EACwB;AACxB,IAAA,MAAM,OAAwB,EAAC;AAC/B,IAAA,IAAI;AACA,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,SAAA,CAAU,MAAM,CAAA;AACpC,MAAA,MAAM,gBAAgC,EAAC;AACvC,MAAA,IAAI,KAAA,GAA4B,KAAA,CAAA;AAEhC,MAAA,GAAG;AACC,QAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,MAAA,CAAO,qBAAA;AAAA,UAC7B,KAAA,GAAQ,EAAE,KAAA,EAAM,GAAI;AAAC,SACzB;AACA,QAAA,KAAA,GAAQ,IAAA,CAAK,KAAK,MAAA,EAAQ,KAAA;AAC1B,QAAA,aAAA,CAAc,KAAK,GAAI,IAAA,CAAK,IAAA,CAAK,QAAA,IAAY,EAAG,CAAA;AAAA,MACpD,SAAS,KAAA,KAAU,KAAA,CAAA;AAEnB,MAAA,KAAA,MAAW,SAAS,aAAA,EAAe;AAC/B,QAAA,IAAI,MAAM,EAAA,EAAI;AACV,UAAA,MAAM,cAAA,GAAiB;AAAA,YACnB,EAAA;AAAA,YACAC,2BAAA;AAAA,YACA,MAAA,CAAO,KAAA,CAAM,EAAE,CAAA,IAAK,CAAA;AAAA,YACpB,CAAA;AAAA,YACA;AAAA,WACJ;AACA,UAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,eAAA;AAAA,YACzB,MAAA;AAAA,YACA;AAAA,WACJ;AAEA,UAAA,MAAM,SAAA,GAAY;AAAA,YACd,cAAA;AAAA,YACA,SAAA;AAAA,YACA,IAAA,EAAM,KAAA,CAAM,IAAA,IAAQ,KAAA,CAAM,EAAA;AAAA,YAC1B,WACIC,uCAAA,CAAkC;AAAA,WAC1C;AACA,UAAA,IAAA,CAAK,KAAK,SAAS,CAAA;AACnB,UAAA,IAAA,CAAK,kBAAA,CAAmB,GAAA,CAAI,SAAA,CAAU,SAAA,EAAW,SAAS,CAAA;AAAA,QAC9D;AAAA,MACJ;AAAA,IACJ,SAAS,KAAA,EAAO;AACZ,MAAA,MAAA,CAAO,KAAA,CAAM,OAAO,gCAAgC,CAAA;AACpD,MAAA,MAAM,KAAA;AAAA,IACV;AACA,IAAA,OAAO,IAAA;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAc,iBAAA,CACV,MAAA,EACA,EAAA,EAC0C;AAC1C,IAAA,IAAI,EAAA,CAAG,cAAA,IAAkB,EAAA,CAAG,cAAA,CAAe,SAAS,CAAA,EAAG;AACnD,MAAA,MAAM,aAAA,GAAgB,EAAA,CAAG,cAAA,CAAe,CAAC,CAAA;AACzC,MAAA,IACI,CAAC,cAAc,SAAA,IACf,CAAC,cAAc,OAAA,IACf,CAAC,cAAc,SAAA,EACjB;AACE,QAAA,OAAO,MAAA;AAAA,MACX;AACA,MAAA,OAAO;AAAA,QACH,MAAM,EAAA,CAAG,EAAA;AAAA,QACT,MAAA,EAAQ,QAAA;AAAA,QACR,WAAW,EAAA,CAAG,SAAA;AAAA,QACd,WAAW,aAAA,CAAc,SAAA;AAAA,QACzB,SAAA,EAAW,cAAc,SAAA,CAAU,OAAA;AAAA,QACnC,gBAAgB,aAAA,CAAc;AAAA,OAClC;AAAA,IACJ,CAAA,MAAO;AACH,MAAA,MAAM,iBAAiB,+BAAA,CAAgC,SAAA;AAAA,QACnD,EAAA,CAAG;AAAA,OACP;AACA,MAAA,IAAI,CAAC,eAAe,OAAA,EAAS;AAEzB,QAAA,OAAO,MAAA;AAAA,MACX;AACA,MAAA,MAAM,OAAA,GAAU,cAAA,CAAe,IAAA,CAAK,cAAA,CAAe,SAAS,CAAC,CAAA;AAC7D,MAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,eAAA;AAAA,QACzB,MAAA;AAAA,QACA,OAAA,CAAQ;AAAA,OACZ;AAEA,MAAA,MAAM,MAAA,GACF,EAAA,CAAG,MAAA,KAAW,UAAA,IAAc,EAAA,CAAG,MAAA,KAAW,SAAA,GACpC,UAAA,GACA,EAAA,CAAG,MAAA,KAAW,QAAA,GACZ,QAAA,GACA,SAAA;AACZ,MAAA,OAAO;AAAA,QACH,MAAM,EAAA,CAAG,EAAA;AAAA,QACT,MAAA;AAAA,QACA,WAAW,EAAA,CAAG,SAAA;AAAA,QACd,SAAA;AAAA,QACA,gBAAgB,OAAA,CAAQ;AAAA,OAC5B;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,eAAA,CACV,MAAA,EACA,cAAA,EACe;AACf,IAAA,MAAM,oBAAA,GAAuB,IAAA,CAAK,SAAA,CAAU,cAAc,CAAA;AAC1D,IAAA,IAAI,IAAA,CAAK,yBAAA,CAA0B,GAAA,CAAI,oBAAoB,CAAA,EAAG;AAC1D,MAAA,OAAO,IAAA,CAAK,yBAAA,CAA0B,GAAA,CAAI,oBAAoB,CAAA;AAAA,IAClE,CAAA,MAAO;AACH,MAAA,IAAI;AACA,QAAA,MAAM,MAAA,GAAS,IAAA,CAAK,SAAA,CAAU,MAAM,CAAA;AACpC,QAAA,MAAM,GAAA,GAAM,MAAM,MAAA,CAAO,MAAA,CAAO,gBAAA,CAAiB;AAAA,UAC7C,WAAWA,uCAAA,CAAkC,YAAA;AAAA,UAC7C,cAAA,EAAgB;AAAA,SACnB,CAAA;AACD,QAAA,IAAI,GAAA,CAAI,KAAK,SAAA,EAAW;AACpB,UAAA,IAAA,CAAK,yBAAA,CAA0B,GAAA;AAAA,YAC3B,oBAAA;AAAA,YACA,IAAI,IAAA,CAAK;AAAA,WACb;AACA,UAAA,OAAO,IAAI,IAAA,CAAK,SAAA;AAAA,QACpB,CAAA,MAAO;AACH,UAAA,MAAM,IAAI,KAAA;AAAA,YACN;AAAA,WACJ;AAAA,QACJ;AAAA,MACJ,SAAS,KAAA,EAAO;AACZ,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,6BAAA,EAAgC,KAAK,CAAA,CAAE,CAAA;AAAA,MAC3D;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAa,cAAA,CACT,MAAA,EACA,IAAA,EAC0C;AAC1C,IAAA,IAAI;AACA,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,SAAA,CAAU,MAAM,CAAA;AACpC,MAAA,MAAM,WAAA,GAAc,MAAM,MAAA,CAAO,YAAA,CAAa,cAAA,CAAe;AAAA,QACzD;AAAA,OACH,CAAA;AACD,MAAA,OAAO,MAAM,IAAA,CAAK,iBAAA,CAAkB,MAAA,EAAQ,YAAY,IAAI,CAAA;AAAA,IAChE,CAAA,CAAA,MAAQ;AAEJ,MAAA,OAAO,MAAA;AAAA,IACX;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAc,gBACV,MAAA,EACA;AAAA,IACI,KAAA,GAAQ,GAAA;AAAA,IACR;AAAA,GACJ,GAGI,EAAC,EACgC;AACrC,IAAA,IAAI,aAAA,GAAgB,CAAA;AACpB,IAAA,IAAI,WAAA,GAAkC,MAAA;AACtC,IAAA,IAAI;AACA,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,SAAA,CAAU,MAAM,CAAA;AACpC,MAAA,GAAG;AACC,QAAA,MAAM,YAAA,GAAe,MAAM,MAAA,CAAO,YAAA,CAAa,eAAA,CAAgB;AAAA,UAC3D,UAAA,EAAY,eAAA;AAAA,UACZ,KAAA;AAAA,UACA,GAAI,cAAc,EAAE,MAAA,EAAQ,YAAY,QAAA,EAAS,KAAM;AAAC,SAC3D,CAAA;AACD,QAAA,aAAA,GAAgB,aAAa,IAAA,CAAK,MAAA;AAClC,QAAA,KAAA,MAAW,EAAA,IAAM,aAAa,IAAA,EAAM;AAGhC,UAAA,WAAA,GAAc,GAAG,SAAA,GAAa,CAAA;AAC9B,UAAA,MAAM,iBAAA,GAAoB,MAAM,IAAA,CAAK,iBAAA;AAAA,YACjC,MAAA;AAAA,YACA;AAAA,WACJ;AACA,UAAA,IAAI,iBAAA,EAAmB;AACnB,YAAA,MAAM,iBAAA;AAAA,UACV,CAAA,MAAO;AAEH,YAAA;AAAA,UACJ;AAAA,QACJ;AAAA,MAGJ,SAAS,aAAA,GAAgB,CAAA;AAAA,IAC7B,SAAS,KAAA,EAAO;AACZ,MAAA,MAAA,CAAO,KAAA,CAAM,OAAO,2BAA2B,CAAA;AAC/C,MAAA,MAAM,KAAA;AAAA,IACV;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAa,eAAA,CACT,MAAA,EACA,EAAA,EACA,WACA,YAAA,EAC8B;AAC9B,IAAA,IAAI;AACA,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,SAAA,CAAU,MAAM,CAAA;AACpC,MAAA,IAAI,CAAC,IAAA,CAAK,kBAAA,CAAmB,GAAA,CAAI,SAAS,CAAA,EAAG;AAEzC,QAAA,MAAM,IAAA,CAAK,cAAc,MAAM,CAAA;AAAA,MACnC;AACA,MAAA,MAAM,GAAA,GAAM,IAAA,CAAK,kBAAA,CAAmB,GAAA,CAAI,SAAS,CAAA;AACjD,MAAA,IAAI,CAAC,GAAA,EAAK;AACN,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,WAAA,EAAc,SAAS,CAAA,oBAAA,CAAsB,CAAA;AAAA,MACjE;AAEA,MAAA,MAAM,WAAA,GAAc,MAAM,MAAA,CAAO,YAAA,CAAa,iBAAA,CAAkB;AAAA,QAC5D,kBAAA,EAAoB;AAAA,UAChB,SAAA,EAAW,KAAA;AAAA,UACX,IAAA,EAAM,uCAAuC,SAAS,CAAA,CAAA;AAAA,UACtD,YAAA;AAAA,UACA,eAAA,EAAiB;AAAA,YACb,cAAA,EAAgB;AAAA,cACZ,QAAA,EAAU;AAAA,gBACN;AAAA,kBACI,OAAA,EAAS,EAAA;AAAA,kBACT,gBAAgB,GAAA,CAAI;AAAA;AACxB,eACJ;AAAA,cACA,WAAW,GAAA,CAAI;AAAA;AACnB;AACJ;AACJ,OACH,CAAA;AACD,MAAA,IAAI,MAAA,GAAwB,SAAA;AAC5B,MAAA,QAAQ,WAAA,CAAY,KAAK,MAAA;AAAQ,QAC7B,KAAK,UAAA;AACD,UAAA,MAAA,GAAS,UAAA;AACT,UAAA;AAAA,QACJ,KAAK,WAAA;AACD,UAAA,MAAA,GAAS,QAAA;AACT,UAAA;AAAA,QACJ,KAAK,WAAA;AAAA,QACL,KAAK,QAAA;AAAA,QACL,KAAK,SAAA;AACD,UAAA,MAAA,GAAS,QAAA;AACT,UAAA;AAAA;AAGR,MAAA,OAAO;AAAA,QACH,IAAA,EAAM,YAAY,IAAA,CAAK,EAAA;AAAA,QACvB,MAAA;AAAA,QACA,WAAW,GAAA,CAAI,SAAA;AAAA,QACf,gBAAgB,GAAA,CAAI;AAAA,OACxB;AAAA,IACJ,SAAS,KAAA,EAAO;AACZ,MAAA,MAAA,CAAO,KAAA,CAAM,OAAO,4BAA4B,CAAA;AAChD,MAAA,MAAM,KAAA;AAAA,IACV;AAAA,EACJ;AACJ,CAAA;AC7UA,IAAM,0BAAA,GAA6BJ,MAAE,MAAA,CAAO;AAAA,EACxC,MAAA,EAAQA,MAAE,MAAA,EAAO;AAAA,EACjB,SAAA,EAAWA,MAAE,MAAA;AACjB,CAAC,CAAA;AAED,IAAM,sBAAA,GAAyBA,MAAE,MAAA,CAAO;AAAA,EACpC,aAAA,EAAe,2BAA2B,QAAA,EAAS;AAAA,EACnD,aAAaA,KAAAA,CAAE,GAAA,CAAIA,KAAAA,CAAE,MAAA,IAAU,0BAA0B,CAAA;AAAA,EACzD,OAAA,EAASA,KAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACxB,CAAC,CAAA;AAED,IAAM,uBAAA,GAA0B,CAC5B,MAAA,KACoB;AACpB,EAAA,OAAO,IAAI,iBAAA;AAAA,IACP,OAAO,cAAA,GACD;AAAA,MACI,MAAA,EAAQ,OAAO,cAAA,CAAe,MAAA;AAAA,MAC9B,SAAA,EAAW,OAAO,cAAA,CAAe;AAAA,KACrC,GACA,MAAA;AAAA,IACN,MAAA,CAAO,WAAA;AAAA,IACP,OAAO,OAAA,IAAW;AAAA,GACtB;AACJ,CAAA;AAEA,IAAqB,0BAArB,MAA+E;AAAA,EAI3E,YAAY,MAAA,EAA0B;AAHtC,IAAA,aAAA,CAAA,IAAA,EAAQ,YAAA,CAAA;AACR,IAAA,aAAA,CAAA,IAAA,EAAQ,QAAA,CAAA;AAMR,IAAA,aAAA,CAAA,IAAA,EAAO,aAAYK,wBAAA,CAAU,QAAA,CAAA;AAC7B,IAAA,aAAA,CAAA,IAAA,EAAO,mBAAkBC,8BAAA,CAAgB,UAAA,CAAA;AACzC,IAAA,aAAA,CAAA,IAAA,EAAO,YAAA,EAAa,CAAC,MAAA,KACjBC,8BAAA,CAAgB;AAAA,MACZ,eAAA,EAAiB,OACb,MAAA,KACiC;AAGjC,QAAA,IAAI;AACA,UAAA,MAAM,EAAA,GAAK,MAAM,IAAA,CAAK,UAAA,CAAW,eAAA;AAAA,YAC7B,MAAA;AAAA,YACA,MAAA,CAAO,MAAA;AAAA,YACP,MAAA,CAAO,SAAA;AAAA,YACP,MAAA,CAAO;AAAA,WACX;AACA,UAAA,OAAO;AAAA,YACH,MAAM,EAAA,CAAG,IAAA;AAAA,YACT,QAAQ,EAAA,CAAG,MAAA;AAAA,YACX,WAAW,EAAA,CAAG,SAAA;AAAA,YACd,WAAW,EAAA,CAAG;AAAA,WAClB;AAAA,QACJ,SAAS,KAAA,EAAO;AACZ,UAAA,OAAO;AAAA,YACH,KAAA,EAAO,eAAA;AAAA,YACP,mBAAoB,KAAA,CAAgB;AAAA,WACxC;AAAA,QACJ;AAAA,MACJ,CAAA;AAAA,MAEA,cAAA,EAAgB,OACZ,MAAA,KACgC;AAChC,QAAA,MAAM,EAAA,GAAK,MAAM,IAAA,CAAK,UAAA,CAAW,cAAA;AAAA,UAC7B,MAAA;AAAA,UACA,MAAA,CAAO;AAAA,SACX;AACA,QAAA,IAAI,EAAA,EAAI;AACJ,UAAA,OAAO;AAAA,YACH,MAAM,EAAA,CAAG,IAAA;AAAA,YACT,QAAQ,EAAA,CAAG,MAAA;AAAA,YACX,WAAW,EAAA,CAAG,SAAA;AAAA,YACd,WAAW,EAAA,CAAG;AAAA,WAClB;AAAA,QACJ,CAAA,MAAO;AACH,UAAA,OAAO;AAAA,YACH,KAAA,EAAO,uBAAA;AAAA,YACP,iBAAA,EACI;AAAA,WACR;AAAA,QACJ;AAAA,MACJ,CAAA;AAAA,MAEA,eAAA,EAAiB,OACb,MAAA,KACiC;AACjC,QAAA,MAAM,eAA8B,EAAC;AACrC,QAAA,IAAI,MAAA,CAAO,UAAA,IAAc,MAAA,CAAO,KAAA,EAAO;AACnC,UAAA,MAAM,KAAA,GAAQ,IAAI,GAAA,CAAI,MAAA,CAAO,KAAK,CAAA;AAClC,UAAA,MAAM,UAAA,GAAa,IAAI,GAAA,CAAI,MAAA,CAAO,UAAU,CAAA;AAC5C,UAAA,WAAA,MAAiB,EAAA,IAAM,KAAK,UAAA,CAAW,eAAA;AAAA,YACnC;AAAA,WACJ,EAAG;AACC,YAAA,IACI,KAAA,CAAM,GAAA,CAAI,EAAA,CAAG,IAAI,CAAA,IACjB,WAAW,GAAA,CAAI,EAAA,CAAG,SAAA,IAAa,EAAE,CAAA,EACnC;AACE,cAAA,YAAA,CAAa,IAAA,CAAK;AAAA,gBACd,MAAM,EAAA,CAAG,IAAA;AAAA,gBACT,QAAQ,EAAA,CAAG,MAAA;AAAA,gBACX,WAAW,EAAA,CAAG,SAAA;AAAA,gBACd,WAAW,EAAA,CAAG;AAAA,eACjB,CAAA;AAAA,YACL;AACA,YAAA,IACI,MAAA,CAAO,SACP,CAAC,MAAA,CAAO,cACR,YAAA,CAAa,MAAA,IAAU,MAAM,IAAA,EAC/B;AAEE,cAAA;AAAA,YACJ;AAAA,UACJ;AACA,UAAA,OAAO;AAAA,YACH;AAAA,WACJ;AAAA,QACJ,CAAA,MAAO;AACH,UAAA,OAAO;AAAA,YACH,KAAA,EAAO,eAAA;AAAA,YACP,iBAAA,EACI;AAAA,WACR;AAAA,QACJ;AAAA,MACJ,CAAA;AAAA,MAEA,SAAS,YAAoC;AACzC,QAAA,IAAI;AACA,UAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,UAAA,CAAW,cAAc,MAAM,CAAA;AACvD,UAAA,OAAO;AAAA,YACH,IAAA,EAAM,IAAA,CAAK,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,cACnB,EAAA,EAAI,CAAA,CAAE,cAAA,CAAe,IAAA,CAAK,GAAG,CAAA;AAAA,cAC7B,MAAM,CAAA,CAAE,IAAA;AAAA,cACR,WAAW,CAAA,CAAE;AAAA,aACjB,CAAE;AAAA,WACN;AAAA,QACJ,SAAS,KAAA,EAAO;AACZ,UAAA,OAAO;AAAA,YACH,KAAA,EAAO,aAAA;AAAA,YACP,mBAAoB,KAAA,CAAgB;AAAA,WACxC;AAAA,QACJ;AAAA,MACJ,CAAA;AAAA,MAEA,SAAA,EAAW,OACP,OAAA,KAC2B;AAC3B,QAAA,OAAO;AAAA,UACH,KAAA,EAAO,aAAA;AAAA,UACP,iBAAA,EACI;AAAA,SACR;AAAA,MACJ,CAAA;AAAA,MAEA,kBAAkB,YAA6C;AAC3D,QAAA,MAAM,uBAAA,GAA0B,CAC5B,OAAA,KACmC;AACnC,UAAA,OAAO,OAAA,GACD;AAAA,YACI,QAAQ,OAAA,CAAQ,MAAA;AAAA,YAChB,SAAA,EAAW;AAAA,WACf,GACA,MAAA;AAAA,QACV,CAAA;AAEA,QAAA,OAAO;AAAA,UACH,GAAG,IAAA,CAAK,MAAA;AAAA,UACR,cAAA,EAAgB,uBAAA;AAAA,YACZ,KAAK,MAAA,CAAO;AAAA,WAChB;AAAA,UACA,aAAa,IAAI,GAAA;AAAA,YACb,CAAC,GAAG,IAAA,CAAK,MAAA,CAAO,WAAW,CAAA,CAAE,GAAA,CAAI,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM;AAAA,cACzC,CAAA;AAAA,cACA,wBAAwB,CAAC;AAAA,aAC5B;AAAA;AACL,SACJ;AAAA,MACJ,CAAA;AAAA,MAEA,gBAAA,EAAkB,OACd,MAAA,KACkC;AAClC,QAAA,MAAM,SAAA,GAAY,sBAAA,CAAuB,SAAA,CAAU,MAAM,CAAA;AACzD,QAAA,IAAI,CAAC,UAAU,OAAA,EAAS;AACpB,UAAA,OAAO;AAAA,YACH,KAAA,EAAO,eAAA;AAAA,YACP,iBAAA,EAAmB,UAAU,KAAA,CAAM;AAAA,WACvC;AAAA,QACJ;AACA,QAAA,IAAI,CAACC,kBAAA,CAAE,OAAA,CAAQ,UAAU,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,EAAG;AACzC,UAAA,IAAA,CAAK,SAAS,SAAA,CAAU,IAAA;AACxB,UAAA,IAAA,CAAK,UAAA,GAAa,uBAAA,CAAwB,IAAA,CAAK,MAAM,CAAA;AAAA,QACzD;AACA,QAAA,OAAO,MAAA;AAAA,MACX,CAAA;AAAA;AAAA;AAAA,MAIA,uBAAuB,OACnB,MAAA,KAEA,OAAA,CAAQ,OAAA,CAAQ,EAAiC;AAAA,KACxD,CAAA,CAAA;AA/KD,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,UAAA,GAAa,wBAAwB,MAAM,CAAA;AAAA,EACpD;AA8KJ","file":"index.cjs","sourcesContent":["// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.\n// SPDX-License-Identifier: Apache-2.0\n\nimport {\n Fireblocks,\n PublicKeyInformationAlgorithmEnum,\n TransactionResponse,\n VaultAccount,\n} from '@fireblocks/ts-sdk'\nimport { pino } from 'pino'\nimport { SigningStatus, CC_COIN_TYPE } from '@canton-network/core-signing-lib'\nimport { z } from 'zod'\n\nconst RawMessageSchema = z.object({\n content: z.string(),\n derivationPath: z.array(z.number()),\n})\n\nconst RawMessageDataSchema = z.object({\n messages: z.array(RawMessageSchema),\n algorithm: z.string(),\n})\n\nconst RawMessageExtraParametersSchema = z.object({\n rawMessageData: RawMessageDataSchema,\n})\n\ninterface FireblocksKey {\n name: string\n publicKey: string\n derivationPath: number[]\n algorithm: PublicKeyInformationAlgorithmEnum\n}\n\nexport interface FireblocksTransaction {\n txId: string\n status: SigningStatus\n createdAt?: number\n signature?: string | undefined\n publicKey?: string | undefined\n derivationPath: number[]\n}\n\nexport interface FireblocksApiKeyInfo {\n apiKey: string\n apiSecret: string\n}\n\nconst logger = pino({ name: 'main', level: 'debug' })\n\nexport class FireblocksHandler {\n private defaultClient: Fireblocks | undefined = undefined\n private clients: Map<string, Fireblocks> = new Map()\n\n private keyInfoByPublicKey: Map<string, FireblocksKey> = new Map()\n private publicKeyByDerivationPath: Map<string, string> = new Map()\n\n private getClient = (userId: string | undefined): Fireblocks => {\n if (userId !== undefined && this.clients.has(userId)) {\n return this.clients.get(userId)!\n } else if (this.defaultClient) {\n return this.defaultClient\n } else {\n throw new Error('No Fireblocks client available for this user.')\n }\n }\n\n constructor(\n defaultKey: FireblocksApiKeyInfo | undefined,\n userKeys: Map<string, FireblocksApiKeyInfo>,\n apiPath: string = 'https://api.fireblocks.io/v1'\n ) {\n if (defaultKey) {\n this.defaultClient = new Fireblocks({\n apiKey: defaultKey.apiKey,\n basePath: apiPath,\n secretKey: defaultKey.apiSecret,\n })\n }\n userKeys.forEach((keyInfo, userId) => {\n const client = new Fireblocks({\n apiKey: keyInfo.apiKey,\n basePath: apiPath,\n secretKey: keyInfo.apiSecret,\n })\n this.clients.set(userId, client)\n })\n }\n\n /**\n * Get all public keys which correspond to Fireblocks vault accounts. This will\n * also refresh the key cache.\n * @returns List of Fireblocks public key information\n */\n public async getPublicKeys(\n userId: string | undefined\n ): Promise<FireblocksKey[]> {\n const keys: FireblocksKey[] = []\n try {\n const client = this.getClient(userId)\n const vaultAccounts: VaultAccount[] = []\n let after: string | undefined = undefined\n\n do {\n const resp = await client.vaults.getPagedVaultAccounts(\n after ? { after } : {}\n )\n after = resp.data.paging?.after\n vaultAccounts.push(...(resp.data.accounts || []))\n } while (after !== undefined)\n\n for (const vault of vaultAccounts) {\n if (vault.id) {\n const derivationPath = [\n 44,\n CC_COIN_TYPE,\n Number(vault.id) || 0,\n 0,\n 0,\n ]\n const publicKey = await this.lookupPublicKey(\n userId,\n derivationPath\n )\n\n const storedKey = {\n derivationPath,\n publicKey,\n name: vault.name || vault.id,\n algorithm:\n PublicKeyInformationAlgorithmEnum.EddsaEd25519,\n }\n keys.push(storedKey)\n this.keyInfoByPublicKey.set(storedKey.publicKey, storedKey)\n }\n }\n } catch (error) {\n logger.error(error, 'Error fetching vault accounts:')\n throw error\n }\n return keys\n }\n\n /**\n * Takes a Fireblocks response from a transactions call and extracts the transaction information\n * relevant to the Wallet Gateway. This will potentially fetch the public key since unsigned transactions\n * do not include it\n * @returns FireblocksTransaction\n */\n private async formatTransaction(\n userId: string | undefined,\n tx: TransactionResponse\n ): Promise<FireblocksTransaction | undefined> {\n if (tx.signedMessages && tx.signedMessages.length > 0) {\n const signedMessage = tx.signedMessages[0]\n if (\n !signedMessage.publicKey ||\n !signedMessage.content ||\n !signedMessage.signature\n ) {\n return undefined\n }\n return {\n txId: tx.id!,\n status: 'signed',\n createdAt: tx.createdAt!,\n publicKey: signedMessage.publicKey,\n signature: signedMessage.signature.fullSig,\n derivationPath: signedMessage.derivationPath!,\n }\n } else {\n const rawMessageData = RawMessageExtraParametersSchema.safeParse(\n tx.extraParameters\n )\n if (!rawMessageData.success) {\n // Skip transactions with invalid rawMessageData\n return undefined\n }\n const message = rawMessageData.data.rawMessageData.messages[0]\n const publicKey = await this.lookupPublicKey(\n userId,\n message.derivationPath\n )\n\n const status =\n tx.status === 'REJECTED' || tx.status === 'BLOCKED'\n ? 'rejected'\n : tx.status === 'FAILED'\n ? 'failed'\n : 'pending'\n return {\n txId: tx.id!,\n status: status,\n createdAt: tx.createdAt!,\n publicKey: publicKey,\n derivationPath: message.derivationPath,\n }\n }\n }\n\n /**\n * Looks up or fetches the public key (only) for a given derivation path\n * @returns The public key as a string\n */\n private async lookupPublicKey(\n userId: string | undefined,\n derivationPath: number[]\n ): Promise<string> {\n const derivationPathString = JSON.stringify(derivationPath)\n if (this.publicKeyByDerivationPath.has(derivationPathString)) {\n return this.publicKeyByDerivationPath.get(derivationPathString)!\n } else {\n try {\n const client = this.getClient(userId)\n const key = await client.vaults.getPublicKeyInfo({\n algorithm: PublicKeyInformationAlgorithmEnum.EddsaEd25519,\n derivationPath: derivationPathString,\n })\n if (key.data.publicKey) {\n this.publicKeyByDerivationPath.set(\n derivationPathString,\n key.data.publicKey\n )\n return key.data.publicKey\n } else {\n throw new Error(\n 'Malformed public key response from Fireblocks'\n )\n }\n } catch (error) {\n throw new Error(`Error looking up public key: ${error}`)\n }\n }\n }\n\n /**\n * Fetch a single RAW transaction from Fireblocks by its transaction ID\n * @returns FireblocksTransaction or undefined if not found\n */\n public async getTransaction(\n userId: string | undefined,\n txId: string\n ): Promise<FireblocksTransaction | undefined> {\n try {\n const client = this.getClient(userId)\n const transaction = await client.transactions.getTransaction({\n txId: txId,\n })\n return await this.formatTransaction(userId, transaction.data)\n } catch {\n // if the transaction was not found for any reason, return undefined\n return undefined\n }\n }\n\n /**\n * Get all RAW transactions from Fireblocks. Returns an async generator as\n * this may return a large number of transactions and will occasionally need to\n * refresh the key cache.\n * @returns AsyncGenerator of FireblocksTransactions\n */\n public async *getTransactions(\n userId: string | undefined,\n {\n limit = 200,\n before,\n }: {\n limit?: number\n before?: number\n } = {}\n ): AsyncGenerator<FireblocksTransaction> {\n let fetchedLength = 0\n let beforeQuery: number | undefined = before\n try {\n const client = this.getClient(userId)\n do {\n const transactions = await client.transactions.getTransactions({\n sourceType: 'VAULT_ACCOUNT',\n limit,\n ...(beforeQuery ? { before: beforeQuery.toString() } : {}),\n })\n fetchedLength = transactions.data.length\n for (const tx of transactions.data) {\n // set next before to createdAt - 1 as before is inclusive of any transaction exactly at that\n // timestamp\n beforeQuery = tx.createdAt! - 1\n const formatTransaction = await this.formatTransaction(\n userId,\n tx\n )\n if (formatTransaction) {\n yield formatTransaction\n } else {\n // if the transaction failed to format, continue so we do not skip remaining valid transactions\n continue\n }\n }\n // once the fetched length is 0 before our last createdAt tx,\n // there will be no transactions to fetch\n } while (fetchedLength > 0)\n } catch (error) {\n logger.error(error, 'Error fetching signatures')\n throw error\n }\n }\n /**\n * Sign a transaction using a public key\n * @param tx - The transaction to sign, as a string\n * @param publicKey - The public key to use for signing\n * @param externalTxId - The transaction ID assigned by the Wallet Gateway\n * @return The transaction object from Fireblocks\n */\n public async signTransaction(\n userId: string | undefined,\n tx: string,\n publicKey: string,\n externalTxId?: string\n ): Promise<FireblocksTransaction> {\n try {\n const client = this.getClient(userId)\n if (!this.keyInfoByPublicKey.has(publicKey)) {\n // refresh the keycache\n await this.getPublicKeys(userId)\n }\n const key = this.keyInfoByPublicKey.get(publicKey)\n if (!key) {\n throw new Error(`Public key ${publicKey} not found in vaults`)\n }\n\n const transaction = await client.transactions.createTransaction({\n transactionRequest: {\n operation: 'RAW',\n note: `Signing transaction with public key ${publicKey}`,\n externalTxId,\n extraParameters: {\n rawMessageData: {\n messages: [\n {\n content: tx,\n derivationPath: key.derivationPath,\n },\n ],\n algorithm: key.algorithm,\n },\n },\n },\n })\n let status: SigningStatus = 'pending'\n switch (transaction.data.status) {\n case 'REJECTED':\n status = 'rejected'\n break\n case 'COMPLETED':\n status = 'signed'\n break\n case 'CANCELLED':\n case 'FAILED':\n case 'BLOCKED':\n status = 'failed'\n break\n }\n\n return {\n txId: transaction.data.id!,\n status,\n publicKey: key.publicKey,\n derivationPath: key.derivationPath,\n }\n } catch (error) {\n logger.error(error, 'Error signing transaction:')\n throw error\n }\n }\n}\n","// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.\n// SPDX-License-Identifier: Apache-2.0\n// Disabled unused vars rule to allow for future implementations\n\n/* eslint-disable @typescript-eslint/no-unused-vars */\nimport {\n buildController,\n PartyMode,\n SigningDriverInterface,\n SigningProvider,\n} from '@canton-network/core-signing-lib'\n\nimport {\n SignTransactionParams,\n SignTransactionResult,\n GetTransactionParams,\n GetTransactionResult,\n GetTransactionsResult,\n GetTransactionsParams,\n GetKeysResult,\n CreateKeyParams,\n CreateKeyResult,\n GetConfigurationResult,\n SetConfigurationParams,\n SubscribeTransactionsParams,\n SubscribeTransactionsResult,\n SetConfigurationResult,\n Transaction,\n} from '@canton-network/core-signing-lib'\nimport { FireblocksHandler, FireblocksApiKeyInfo } from './fireblocks.js'\nimport _ from 'lodash'\nimport { z } from 'zod'\nimport { AuthContext } from '@canton-network/core-wallet-auth'\n\nexport interface FireblocksConfig {\n defaultKeyInfo?: FireblocksApiKeyInfo\n userApiKeys: Map<string, FireblocksApiKeyInfo>\n apiPath?: string\n}\n\nconst FireblocksApiKeyInfoSchema = z.object({\n apiKey: z.string(),\n apiSecret: z.string(),\n})\n\nconst FireblocksConfigSchema = z.object({\n defaultApiKey: FireblocksApiKeyInfoSchema.optional(),\n userApiKeys: z.map(z.string(), FireblocksApiKeyInfoSchema),\n apiPath: z.string().optional(),\n})\n\nconst createFireblocksHandler = (\n config: FireblocksConfig\n): FireblocksHandler => {\n return new FireblocksHandler(\n config.defaultKeyInfo\n ? {\n apiKey: config.defaultKeyInfo.apiKey,\n apiSecret: config.defaultKeyInfo.apiSecret,\n }\n : undefined,\n config.userApiKeys,\n config.apiPath || 'https://api.fireblocks.io/v1'\n )\n}\n\nexport default class FireblocksSigningDriver implements SigningDriverInterface {\n private fireblocks: FireblocksHandler\n private config: FireblocksConfig\n\n constructor(config: FireblocksConfig) {\n this.config = config\n this.fireblocks = createFireblocksHandler(config)\n }\n public partyMode = PartyMode.EXTERNAL\n public signingProvider = SigningProvider.FIREBLOCKS\n public controller = (userId: AuthContext['userId'] | undefined) =>\n buildController({\n signTransaction: async (\n params: SignTransactionParams\n ): Promise<SignTransactionResult> => {\n // TODO: validate transaction here\n\n try {\n const tx = await this.fireblocks.signTransaction(\n userId,\n params.txHash,\n params.publicKey,\n params.internalTxId\n )\n return {\n txId: tx.txId,\n status: tx.status,\n signature: tx.signature,\n publicKey: tx.publicKey,\n }\n } catch (error) {\n return {\n error: 'signing_error',\n error_description: (error as Error).message,\n }\n }\n },\n\n getTransaction: async (\n params: GetTransactionParams\n ): Promise<GetTransactionResult> => {\n const tx = await this.fireblocks.getTransaction(\n userId,\n params.txId\n )\n if (tx) {\n return {\n txId: tx.txId,\n status: tx.status,\n signature: tx.signature,\n publicKey: tx.publicKey,\n } as GetTransactionResult\n } else {\n return {\n error: 'transaction_not_found',\n error_description:\n 'The requested transaction does not exist.',\n }\n }\n },\n\n getTransactions: async (\n params: GetTransactionsParams\n ): Promise<GetTransactionsResult> => {\n const transactions: Transaction[] = []\n if (params.publicKeys || params.txIds) {\n const txIds = new Set(params.txIds)\n const publicKeys = new Set(params.publicKeys)\n for await (const tx of this.fireblocks.getTransactions(\n userId\n )) {\n if (\n txIds.has(tx.txId) ||\n publicKeys.has(tx.publicKey || '')\n ) {\n transactions.push({\n txId: tx.txId,\n status: tx.status,\n signature: tx.signature,\n publicKey: tx.publicKey,\n })\n }\n if (\n params.txIds &&\n !params.publicKeys &&\n transactions.length == txIds.size\n ) {\n // stop if we are filtering by only txIds and have found all requested transactions\n break\n }\n }\n return {\n transactions: transactions,\n }\n } else {\n return {\n error: 'bad_arguments',\n error_description:\n 'either public key or txIds must be supplied',\n }\n }\n },\n\n getKeys: async (): Promise<GetKeysResult> => {\n try {\n const keys = await this.fireblocks.getPublicKeys(userId)\n return {\n keys: keys.map((k) => ({\n id: k.derivationPath.join('-'),\n name: k.name,\n publicKey: k.publicKey,\n })),\n }\n } catch (error) {\n return {\n error: 'fetch_error',\n error_description: (error as Error).message,\n }\n }\n },\n\n createKey: async (\n _params: CreateKeyParams\n ): Promise<CreateKeyResult> => {\n return {\n error: 'not_allowed',\n error_description:\n 'Creating a Fireblocks key through the Wallet Gateway is not allowed, please create new keys directly in Fireblocks.',\n }\n },\n\n getConfiguration: async (): Promise<GetConfigurationResult> => {\n const hideFireblocksKeySecret = (\n keyInfo: FireblocksApiKeyInfo | undefined\n ): FireblocksApiKeyInfo | undefined => {\n return keyInfo\n ? {\n apiKey: keyInfo.apiKey,\n apiSecret: '***HIDDEN***',\n }\n : undefined\n }\n\n return {\n ...this.config,\n defaultKeyInfo: hideFireblocksKeySecret(\n this.config.defaultKeyInfo\n ),\n userApiKeys: new Map(\n [...this.config.userApiKeys].map(([k, v]) => [\n k,\n hideFireblocksKeySecret(v),\n ])\n ),\n }\n },\n\n setConfiguration: async (\n params: SetConfigurationParams\n ): Promise<SetConfigurationResult> => {\n const validated = FireblocksConfigSchema.safeParse(params)\n if (!validated.success) {\n return {\n error: 'bad_arguments',\n error_description: validated.error.message,\n }\n }\n if (!_.isEqual(validated.data, this.config)) {\n this.config = validated.data\n this.fireblocks = createFireblocksHandler(this.config)\n }\n return params\n },\n\n // TODO: implement subscribeTransactions - we will need to figure out how to handle subscriptions\n // when the controller is not running in a server context\n subscribeTransactions: async (\n params: SubscribeTransactionsParams\n ): Promise<SubscribeTransactionsResult> =>\n Promise.resolve({} as SubscribeTransactionsResult),\n })\n}\n"]}