@canton-network/wallet-gateway-remote 0.16.0 → 0.18.0

package/dist/web/frontend/assets/login-lehCoCJX.js

@@ -1,186 +0,0 @@
-import{o as D,f as l,l as $,g as ye,c as ue,s as A,r as ke,e as Me,b as N,a as Ue,i as Le,t as ze}from"./index-chWxxmO7.js";import{r as I}from"./state-UchZlNDY.js";const Q=crypto,_e=t=>t instanceof CryptoKey,P=new TextEncoder,B=new TextDecoder;function Fe(...t){const e=t.reduce((o,{length:n})=>o+n,0),r=new Uint8Array(e);let s=0;for(const o of t)r.set(o,s),s+=o.length;return r}const Ve=t=>{let e=t;typeof e=="string"&&(e=P.encode(e));const r=32768,s=[];for(let o=0;o<e.length;o+=r)s.push(String.fromCharCode.apply(null,e.subarray(o,o+r)));return btoa(s.join(""))},G=t=>Ve(t).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_"),Ge=t=>{const e=atob(t),r=new Uint8Array(e.length);for(let s=0;s<e.length;s++)r[s]=e.charCodeAt(s);return r},ee=t=>{let e=t;e instanceof Uint8Array&&(e=B.decode(e)),e=e.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"");try{return Ge(e)}catch{throw new TypeError("The input to be decoded is not correctly encoded.")}};class h extends Error{constructor(e,r){super(e,r),this.code="ERR_JOSE_GENERIC",this.name=this.constructor.name,Error.captureStackTrace?.(this,this.constructor)}}h.code="ERR_JOSE_GENERIC";class je extends h{constructor(e,r,s="unspecified",o="unspecified"){super(e,{cause:{claim:s,reason:o,payload:r}}),this.code="ERR_JWT_CLAIM_VALIDATION_FAILED",this.claim=s,this.reason=o,this.payload=r}}je.code="ERR_JWT_CLAIM_VALIDATION_FAILED";class qe extends h{constructor(e,r,s="unspecified",o="unspecified"){super(e,{cause:{claim:s,reason:o,payload:r}}),this.code="ERR_JWT_EXPIRED",this.claim=s,this.reason=o,this.payload=r}}qe.code="ERR_JWT_EXPIRED";class Be extends h{constructor(){super(...arguments),this.code="ERR_JOSE_ALG_NOT_ALLOWED"}}Be.code="ERR_JOSE_ALG_NOT_ALLOWED";class E extends h{constructor(){super(...arguments),this.code="ERR_JOSE_NOT_SUPPORTED"}}E.code="ERR_JOSE_NOT_SUPPORTED";class Ye extends h{constructor(e="decryption operation failed",r){super(e,r),this.code="ERR_JWE_DECRYPTION_FAILED"}}Ye.code="ERR_JWE_DECRYPTION_FAILED";class Xe extends h{constructor(){super(...arguments),this.code="ERR_JWE_INVALID"}}Xe.code="ERR_JWE_INVALID";class C extends h{constructor(){super(...arguments),this.code="ERR_JWS_INVALID"}}C.code="ERR_JWS_INVALID";class Se extends h{constructor(){super(...arguments),this.code="ERR_JWT_INVALID"}}Se.code="ERR_JWT_INVALID";class Ze extends h{constructor(){super(...arguments),this.code="ERR_JWK_INVALID"}}Ze.code="ERR_JWK_INVALID";class Qe extends h{constructor(){super(...arguments),this.code="ERR_JWKS_INVALID"}}Qe.code="ERR_JWKS_INVALID";class et extends h{constructor(e="no applicable key found in the JSON Web Key Set",r){super(e,r),this.code="ERR_JWKS_NO_MATCHING_KEY"}}et.code="ERR_JWKS_NO_MATCHING_KEY";class tt extends h{constructor(e="multiple matching keys found in the JSON Web Key Set",r){super(e,r),this.code="ERR_JWKS_MULTIPLE_MATCHING_KEYS"}}tt.code="ERR_JWKS_MULTIPLE_MATCHING_KEYS";class rt extends h{constructor(e="request timed out",r){super(e,r),this.code="ERR_JWKS_TIMEOUT"}}rt.code="ERR_JWKS_TIMEOUT";class st extends h{constructor(e="signature verification failed",r){super(e,r),this.code="ERR_JWS_SIGNATURE_VERIFICATION_FAILED"}}st.code="ERR_JWS_SIGNATURE_VERIFICATION_FAILED";function g(t,e="algorithm.name"){return new TypeError(`CryptoKey does not support this operation, its ${e} must be ${t}`)}function O(t,e){return t.name===e}function j(t){return parseInt(t.name.slice(4),10)}function ot(t){switch(t){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw new Error("unreachable")}}function nt(t,e){if(e.length&&!e.some(r=>t.usages.includes(r))){let r="CryptoKey does not support this operation, its usages must include ";if(e.length>2){const s=e.pop();r+=`one of ${e.join(", ")}, or ${s}.`}else e.length===2?r+=`one of ${e[0]} or ${e[1]}.`:r+=`${e[0]}.`;throw new TypeError(r)}}function it(t,e,...r){switch(e){case"HS256":case"HS384":case"HS512":{if(!O(t.algorithm,"HMAC"))throw g("HMAC");const s=parseInt(e.slice(2),10);if(j(t.algorithm.hash)!==s)throw g(`SHA-${s}`,"algorithm.hash");break}case"RS256":case"RS384":case"RS512":{if(!O(t.algorithm,"RSASSA-PKCS1-v1_5"))throw g("RSASSA-PKCS1-v1_5");const s=parseInt(e.slice(2),10);if(j(t.algorithm.hash)!==s)throw g(`SHA-${s}`,"algorithm.hash");break}case"PS256":case"PS384":case"PS512":{if(!O(t.algorithm,"RSA-PSS"))throw g("RSA-PSS");const s=parseInt(e.slice(2),10);if(j(t.algorithm.hash)!==s)throw g(`SHA-${s}`,"algorithm.hash");break}case"EdDSA":{if(t.algorithm.name!=="Ed25519"&&t.algorithm.name!=="Ed448")throw g("Ed25519 or Ed448");break}case"Ed25519":{if(!O(t.algorithm,"Ed25519"))throw g("Ed25519");break}case"ES256":case"ES384":case"ES512":{if(!O(t.algorithm,"ECDSA"))throw g("ECDSA");const s=ot(e);if(t.algorithm.namedCurve!==s)throw g(s,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}nt(t,r)}function we(t,e,...r){if(r=r.filter(Boolean),r.length>2){const s=r.pop();t+=`one of type ${r.join(", ")}, or ${s}.`}else r.length===2?t+=`one of type ${r[0]} or ${r[1]}.`:t+=`of type ${r[0]}.`;return e==null?t+=` Received ${e}`:typeof e=="function"&&e.name?t+=` Received function ${e.name}`:typeof e=="object"&&e!=null&&e.constructor?.name&&(t+=` Received an instance of ${e.constructor.name}`),t}const pe=(t,...e)=>we("Key must be ",t,...e);function be(t,e,...r){return we(`Key for the ${t} algorithm must be `,e,...r)}const Ee=t=>_e(t)?!0:t?.[Symbol.toStringTag]==="KeyObject",M=["CryptoKey"],at=(...t)=>{const e=t.filter(Boolean);if(e.length===0||e.length===1)return!0;let r;for(const s of e){const o=Object.keys(s);if(!r||r.size===0){r=new Set(o);continue}for(const n of o){if(r.has(n))return!1;r.add(n)}}return!0};function ct(t){return typeof t=="object"&&t!==null}function ve(t){if(!ct(t)||Object.prototype.toString.call(t)!=="[object Object]")return!1;if(Object.getPrototypeOf(t)===null)return!0;let e=t;for(;Object.getPrototypeOf(e)!==null;)e=Object.getPrototypeOf(e);return Object.getPrototypeOf(t)===e}const dt=(t,e)=>{if(t.startsWith("RS")||t.startsWith("PS")){const{modulusLength:r}=e.algorithm;if(typeof r!="number"||r<2048)throw new TypeError(`${t} requires key modulusLength to be 2048 bits or larger`)}};function k(t){return ve(t)&&typeof t.kty=="string"}function lt(t){return t.kty!=="oct"&&typeof t.d=="string"}function ht(t){return t.kty!=="oct"&&typeof t.d>"u"}function ut(t){return k(t)&&t.kty==="oct"&&typeof t.k=="string"}function pt(t){let e,r;switch(t.kty){case"RSA":{switch(t.alg){case"PS256":case"PS384":case"PS512":e={name:"RSA-PSS",hash:`SHA-${t.alg.slice(-3)}`},r=t.d?["sign"]:["verify"];break;case"RS256":case"RS384":case"RS512":e={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${t.alg.slice(-3)}`},r=t.d?["sign"]:["verify"];break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":e={name:"RSA-OAEP",hash:`SHA-${parseInt(t.alg.slice(-3),10)||1}`},r=t.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new E('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case"EC":{switch(t.alg){case"ES256":e={name:"ECDSA",namedCurve:"P-256"},r=t.d?["sign"]:["verify"];break;case"ES384":e={name:"ECDSA",namedCurve:"P-384"},r=t.d?["sign"]:["verify"];break;case"ES512":e={name:"ECDSA",namedCurve:"P-521"},r=t.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":e={name:"ECDH",namedCurve:t.crv},r=t.d?["deriveBits"]:[];break;default:throw new E('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case"OKP":{switch(t.alg){case"Ed25519":e={name:"Ed25519"},r=t.d?["sign"]:["verify"];break;case"EdDSA":e={name:t.crv},r=t.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":e={name:t.crv},r=t.d?["deriveBits"]:[];break;default:throw new E('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}default:throw new E('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return{algorithm:e,keyUsages:r}}const ft=async t=>{if(!t.alg)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');const{algorithm:e,keyUsages:r}=pt(t),s=[e,t.ext??!1,t.key_ops??r],o={...t};return delete o.alg,delete o.use,Q.subtle.importKey("jwk",o,...s)},Ae=t=>ee(t);let T,R;const Ie=t=>t?.[Symbol.toStringTag]==="KeyObject",U=async(t,e,r,s,o=!1)=>{let n=t.get(e);if(n?.[s])return n[s];const i=await ft({...r,alg:s});return o&&Object.freeze(e),n?n[s]=i:t.set(e,{[s]:i}),i},mt=(t,e)=>{if(Ie(t)){let r=t.export({format:"jwk"});return delete r.d,delete r.dp,delete r.dq,delete r.p,delete r.q,delete r.qi,r.k?Ae(r.k):(R||(R=new WeakMap),U(R,t,r,e))}return k(t)?t.k?ee(t.k):(R||(R=new WeakMap),U(R,t,t,e,!0)):t},gt=(t,e)=>{if(Ie(t)){let r=t.export({format:"jwk"});return r.k?Ae(r.k):(T||(T=new WeakMap),U(T,t,r,e))}return k(t)?t.k?ee(t.k):(T||(T=new WeakMap),U(T,t,t,e,!0)):t},yt={normalizePublicKey:mt,normalizePrivateKey:gt},K=t=>t?.[Symbol.toStringTag],Y=(t,e,r)=>{if(e.use!==void 0&&e.use!=="sig")throw new TypeError("Invalid key for this operation, when present its use must be sig");if(e.key_ops!==void 0&&e.key_ops.includes?.(r)!==!0)throw new TypeError(`Invalid key for this operation, when present its key_ops must include ${r}`);if(e.alg!==void 0&&e.alg!==t)throw new TypeError(`Invalid key for this operation, when present its alg must be ${t}`);return!0},_t=(t,e,r,s)=>{if(!(e instanceof Uint8Array)){if(s&&k(e)){if(ut(e)&&Y(t,e,r))return;throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!Ee(e))throw new TypeError(be(t,e,...M,"Uint8Array",s?"JSON Web Key":null));if(e.type!=="secret")throw new TypeError(`${K(e)} instances for symmetric algorithms must be of type "secret"`)}},St=(t,e,r,s)=>{if(s&&k(e))switch(r){case"sign":if(lt(e)&&Y(t,e,r))return;throw new TypeError("JSON Web Key for this operation be a private JWK");case"verify":if(ht(e)&&Y(t,e,r))return;throw new TypeError("JSON Web Key for this operation be a public JWK")}if(!Ee(e))throw new TypeError(be(t,e,...M,s?"JSON Web Key":null));if(e.type==="secret")throw new TypeError(`${K(e)} instances for asymmetric algorithms must not be of type "secret"`);if(r==="sign"&&e.type==="public")throw new TypeError(`${K(e)} instances for asymmetric algorithm signing must be of type "private"`);if(r==="decrypt"&&e.type==="public")throw new TypeError(`${K(e)} instances for asymmetric algorithm decryption must be of type "private"`);if(e.algorithm&&r==="verify"&&e.type==="private")throw new TypeError(`${K(e)} instances for asymmetric algorithm verifying must be of type "public"`);if(e.algorithm&&r==="encrypt"&&e.type==="private")throw new TypeError(`${K(e)} instances for asymmetric algorithm encryption must be of type "public"`)};function Te(t,e,r,s){e.startsWith("HS")||e==="dir"||e.startsWith("PBES2")||/^A\d{3}(?:GCM)?KW$/.test(e)?_t(e,r,s,t):St(e,r,s,t)}Te.bind(void 0,!1);const wt=Te.bind(void 0,!0);function bt(t,e,r,s,o){if(o.crit!==void 0&&s?.crit===void 0)throw new t('"crit" (Critical) Header Parameter MUST be integrity protected');if(!s||s.crit===void 0)return new Set;if(!Array.isArray(s.crit)||s.crit.length===0||s.crit.some(i=>typeof i!="string"||i.length===0))throw new t('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let n;r!==void 0?n=new Map([...Object.entries(r),...e.entries()]):n=e;for(const i of s.crit){if(!n.has(i))throw new E(`Extension Header Parameter "${i}" is not recognized`);if(o[i]===void 0)throw new t(`Extension Header Parameter "${i}" is missing`);if(n.get(i)&&s[i]===void 0)throw new t(`Extension Header Parameter "${i}" MUST be integrity protected`)}return new Set(s.crit)}function Et(t,e){const r=`SHA-${t.slice(-3)}`;switch(t){case"HS256":case"HS384":case"HS512":return{hash:r,name:"HMAC"};case"PS256":case"PS384":case"PS512":return{hash:r,name:"RSA-PSS",saltLength:t.slice(-3)>>3};case"RS256":case"RS384":case"RS512":return{hash:r,name:"RSASSA-PKCS1-v1_5"};case"ES256":case"ES384":case"ES512":return{hash:r,name:"ECDSA",namedCurve:e.namedCurve};case"Ed25519":return{name:"Ed25519"};case"EdDSA":return{name:e.name};default:throw new E(`alg ${t} is not supported either by JOSE or your javascript runtime`)}}async function vt(t,e,r){if(e=await yt.normalizePrivateKey(e,t),_e(e))return it(e,t,r),e;if(e instanceof Uint8Array){if(!t.startsWith("HS"))throw new TypeError(pe(e,...M));return Q.subtle.importKey("raw",e,{hash:`SHA-${t.slice(-3)}`,name:"HMAC"},!1,[r])}throw new TypeError(pe(e,...M,"Uint8Array","JSON Web Key"))}const w=t=>Math.floor(t.getTime()/1e3),Re=60,We=Re*60,te=We*24,At=te*7,It=te*365.25,Tt=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i,q=t=>{const e=Tt.exec(t);if(!e||e[4]&&e[1])throw new TypeError("Invalid time period format");const r=parseFloat(e[2]),s=e[3].toLowerCase();let o;switch(s){case"sec":case"secs":case"second":case"seconds":case"s":o=Math.round(r);break;case"minute":case"minutes":case"min":case"mins":case"m":o=Math.round(r*Re);break;case"hour":case"hours":case"hr":case"hrs":case"h":o=Math.round(r*We);break;case"day":case"days":case"d":o=Math.round(r*te);break;case"week":case"weeks":case"w":o=Math.round(r*At);break;default:o=Math.round(r*It);break}return e[1]==="-"||e[4]==="ago"?-o:o},Rt=async(t,e,r)=>{const s=await vt(t,e,"sign");dt(t,s);const o=await Q.subtle.sign(Et(t,s.algorithm),s,r);return new Uint8Array(o)};class Wt{constructor(e){if(!(e instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");this._payload=e}setProtectedHeader(e){if(this._protectedHeader)throw new TypeError("setProtectedHeader can only be called once");return this._protectedHeader=e,this}setUnprotectedHeader(e){if(this._unprotectedHeader)throw new TypeError("setUnprotectedHeader can only be called once");return this._unprotectedHeader=e,this}async sign(e,r){if(!this._protectedHeader&&!this._unprotectedHeader)throw new C("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!at(this._protectedHeader,this._unprotectedHeader))throw new C("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");const s={...this._protectedHeader,...this._unprotectedHeader},o=bt(C,new Map([["b64",!0]]),r?.crit,this._protectedHeader,s);let n=!0;if(o.has("b64")&&(n=this._protectedHeader.b64,typeof n!="boolean"))throw new C('The "b64" (base64url-encode payload) Header Parameter must be a boolean');const{alg:i}=s;if(typeof i!="string"||!i)throw new C('JWS "alg" (Algorithm) Header Parameter missing or invalid');wt(i,e,"sign");let c=this._payload;n&&(c=P.encode(G(c)));let _;this._protectedHeader?_=P.encode(G(JSON.stringify(this._protectedHeader))):_=P.encode("");const S=Fe(_,P.encode("."),c),J=await Rt(i,e,S),a={signature:G(J),payload:""};return n&&(a.payload=B.decode(c)),this._unprotectedHeader&&(a.header=this._unprotectedHeader),this._protectedHeader&&(a.protected=B.decode(_)),a}}class Ct{constructor(e){this._flattened=new Wt(e)}setProtectedHeader(e){return this._flattened.setProtectedHeader(e),this}async sign(e,r){const s=await this._flattened.sign(e,r);if(s.payload===void 0)throw new TypeError("use the flattened module for creating JWS with b64: false");return`${s.protected}.${s.payload}.${s.signature}`}}function b(t,e){if(!Number.isFinite(e))throw new TypeError(`Invalid ${t} input`);return e}class Kt{constructor(e={}){if(!ve(e))throw new TypeError("JWT Claims Set MUST be an object");this._payload=e}setIssuer(e){return this._payload={...this._payload,iss:e},this}setSubject(e){return this._payload={...this._payload,sub:e},this}setAudience(e){return this._payload={...this._payload,aud:e},this}setJti(e){return this._payload={...this._payload,jti:e},this}setNotBefore(e){return typeof e=="number"?this._payload={...this._payload,nbf:b("setNotBefore",e)}:e instanceof Date?this._payload={...this._payload,nbf:b("setNotBefore",w(e))}:this._payload={...this._payload,nbf:w(new Date)+q(e)},this}setExpirationTime(e){return typeof e=="number"?this._payload={...this._payload,exp:b("setExpirationTime",e)}:e instanceof Date?this._payload={...this._payload,exp:b("setExpirationTime",w(e))}:this._payload={...this._payload,exp:w(new Date)+q(e)},this}setIssuedAt(e){return typeof e>"u"?this._payload={...this._payload,iat:w(new Date)}:e instanceof Date?this._payload={...this._payload,iat:b("setIssuedAt",w(e))}:typeof e=="string"?this._payload={...this._payload,iat:b("setIssuedAt",w(new Date)+q(e))}:this._payload={...this._payload,iat:b("setIssuedAt",e)},this}}class Pt extends Kt{setProtectedHeader(e){return this._protectedHeader=e,this}async sign(e,r){const s=new Ct(P.encode(JSON.stringify(this._payload)));if(s.setProtectedHeader(this._protectedHeader),Array.isArray(this._protectedHeader?.crit)&&this._protectedHeader.crit.includes("b64")&&this._protectedHeader.b64===!1)throw new Se("JWTs MUST NOT use unencoded payload");return s.sign(e,r)}}var xt=D({method:$("authorization_code"),audience:l(),scope:l(),clientId:l()}),Jt=D({method:$("client_credentials"),audience:l(),scope:l(),clientId:l(),clientSecret:l()}),Nt=D({method:$("self_signed"),issuer:l(),audience:l(),scope:l(),clientId:l(),clientSecret:l()});ye("method",[xt,Jt,Nt]);ye("type",[D({id:l(),type:$("self_signed"),issuer:l()}),D({id:l(),type:$("oauth"),issuer:l(),configUrl:l().url()})]);var Ot=class X{constructor(e,r,s,o=3600){this.auth=e,this.authAdmin=r,this.logger=s,this.expirySeconds=o}async getUserAccessToken(){return this.logger.debug("Fetching self-signed user auth token"),X.fetchToken(this.logger,{clientId:this.auth.clientId,clientSecret:this.auth.clientSecret,scope:this.auth.scope,audience:this.auth.audience},this.auth.issuer,this.expirySeconds)}async getAdminAccessToken(){if(this.logger.debug("Fetching self-signed admin auth token"),!this.authAdmin)throw new Error("Admin credentials are not configured");return X.fetchToken(this.logger,{clientId:this.authAdmin.clientId,clientSecret:this.authAdmin.clientSecret,scope:this.authAdmin.scope,audience:this.authAdmin.audience},this.authAdmin.issuer,this.expirySeconds)}static async fetchToken(e,r,s,o=3600){const n=new TextEncoder().encode(r.clientSecret),i=Math.floor(Date.now()/1e3),c=await new Pt({sub:r.clientId,aud:r.audience||"",scope:r.scope||"",iat:i,exp:i+o,iss:s}).setProtectedHeader({alg:"HS256"}).sign(n);return e.info(`Generated self-signed JWT token: ${c}`),c}},Ht=Object.create,re=Object.defineProperty,Dt=Object.getOwnPropertyDescriptor,Ce=(t,e)=>(e=Symbol[t])?e:Symbol.for("Symbol."+t),x=t=>{throw TypeError(t)},$t=(t,e,r)=>e in t?re(t,e,{enumerable:!0,configurable:!0,writable:!0,value:r}):t[e]=r,fe=(t,e)=>re(t,"name",{value:e,configurable:!0}),kt=t=>[,,,Ht(t?.[Ce("metadata")]??null)],Ke=["class","method","getter","setter","accessor","field","value","get","set"],H=t=>t!==void 0&&typeof t!="function"?x("Function expected"):t,Mt=(t,e,r,s,o)=>({kind:Ke[t],name:e,metadata:s,addInitializer:n=>r._?x("Already initialized"):o.push(H(n||null))}),Ut=(t,e)=>$t(e,Ce("metadata"),t[3]),p=(t,e,r,s)=>{for(var o=0,n=t[e>>1],i=n&&n.length;o<i;o++)e&1?n[o].call(r):s=n[o].call(r,s);return s},v=(t,e,r,s,o,n)=>{var i,c,_,S,J,a=e&7,L=!!(e&8),m=!!(e&16),z=a>3?t.length+1:a?L?1:2:0,le=Ke[a+5],he=a>3&&(t[z-1]=[]),$e=t[z]||(t[z]=[]),f=a&&(!m&&!L&&(o=o.prototype),a<5&&(a>3||!m)&&Dt(a<4?o:{get[r](){return me(this,n)},set[r](u){return ge(this,n,u)}},r));a?m&&a<4&&fe(n,(a>2?"set ":a>1?"get ":"")+r):fe(o,r);for(var F=s.length-1;F>=0;F--)S=Mt(a,r,_={},t[3],$e),a&&(S.static=L,S.private=m,J=S.access={has:m?u=>Lt(o,u):u=>r in u},a^3&&(J.get=m?u=>(a^1?me:zt)(u,o,a^4?n:f.get):u=>u[r]),a>2&&(J.set=m?(u,V)=>ge(u,o,V,a^4?n:f.set):(u,V)=>u[r]=V)),c=(0,s[F])(a?a<4?m?n:f[le]:a>4?void 0:{get:f.get,set:f.set}:o,S),_._=1,a^4||c===void 0?H(c)&&(a>4?he.unshift(c):a?m?n=c:f[le]=c:o=c):typeof c!="object"||c===null?x("Object expected"):(H(i=c.get)&&(f.get=i),H(i=c.set)&&(f.set=i),H(i=c.init)&&he.unshift(i));return a||Ut(t,o),f&&re(o,r,f),m?a^4?n:f:o},se=(t,e,r)=>e.has(t)||x("Cannot "+r),Lt=(t,e)=>Object(e)!==e?x('Cannot use the "in" operator on this value'):t.has(e),me=(t,e,r)=>(se(t,e,"read from private field"),r?r.call(t):e.get(t)),W=(t,e,r)=>e.has(t)?x("Cannot add the same private member more than once"):e instanceof WeakSet?e.add(t):e.set(t,r),ge=(t,e,r,s)=>(se(t,e,"write to private field"),s?s.call(t,r):e.set(t,r),r),zt=(t,e,r)=>(se(t,e,"access private method"),r),Pe,xe,Je,Ne,Oe,He,Z,De,d,oe,ne,ie,ae,ce,de;De=[ze("user-ui-login")];class y extends(Z=Le,He=[I()],Oe=[I()],Ne=[I()],Je=[I()],xe=[I()],Pe=[I()],Z){constructor(){super(...arguments),W(this,oe,p(d,8,this,[])),p(d,11,this),W(this,ne,p(d,12,this,[])),p(d,15,this),W(this,ie,p(d,16,this,null)),p(d,19,this),W(this,ae,p(d,20,this,null)),p(d,23,this),W(this,ce,p(d,24,this,null)),p(d,27,this),W(this,de,p(d,28,this,null)),p(d,31,this)}handleChange(e){const r=parseInt(e.target.value);this.selectedNetwork=this.networks[r]??null,this.selectedIdp=this.idps.find(s=>s.id===this.selectedNetwork?.identityProviderId)??null,this.message=null}async loadNetworks(){return(await(await ue(A.accessToken.get())).request("listNetworks")).networks}async loadIdps(){return(await(await ue(A.accessToken.get())).request("listIdps")).idps}async connectedCallback(){super.connectedCallback(),this.networks=await this.loadNetworks(),this.idps=await this.loadIdps()}async handleConnectToIDP(){if(this.message=null,!this.selectedNetwork){this.messageType="error",this.message="Please select a network before connecting.";return}const e=this.renderRoot.querySelector("#client-id")?.value||this.selectedNetwork.auth.clientId;A.networkId.set(this.selectedNetwork.id);const r=this.idps.find(s=>s.id===this.selectedNetwork?.identityProviderId);if(!r){this.messageType="error",this.message="Identity provider misconfigured for this network.";return}if(r.type==="self_signed")await this.selfSign({clientId:e,clientSecret:this.selectedNetwork.auth.clientSecret||"",scope:this.selectedNetwork.auth.scope,audience:this.selectedNetwork.auth.audience}),ke();else if(r.type==="oauth")if(this.selectedNetwork.auth.method==="authorization_code"){const s=`${window.origin}/callback/`;this.messageType="info",this.message=`Redirecting to ${this.selectedNetwork.name}...`;const o=this.selectedNetwork.auth,n=await fetch(r.configUrl||"").then(_=>_.json()),i={configUrl:r.configUrl,clientId:o.clientId,audience:o.audience},c=new URLSearchParams({response_type:"code",client_id:this.selectedNetwork.auth.clientId||"",redirect_uri:s||"",nonce:crypto.randomUUID(),scope:o.scope||"",audience:o.audience||"",state:btoa(JSON.stringify(i))});setTimeout(()=>{window.location.href=`${n.authorization_endpoint}?${c.toString()}`},400)}else{this.messageType="error",this.message="This authentication method is not valid.";return}else this.messageType="error",this.message="This authentication type is not supported yet."}async selfSign(e){const r=await Ot.fetchToken(console,e,"unsafe-auth",3600),s=JSON.parse(atob(r.split(".")[1]));A.expirationDate.set(new Date(s.exp*1e3).toISOString()),A.accessToken.set(r);const o=A.networkId.get()||"";Me(r,o)}render(){return N`
-            <div class="card">
-                <h1>Sign in to Canton Network</h1>
-
-                <select id="network" @change=${this.handleChange}>
-                    <option value="">Select Network</option>
-                    ${this.networks.map((e,r)=>N`<option
-                                value=${r}
-                                ?disabled=${e.auth.method=="client_credentials"}
-                            >
-                                ${e.name}
-                            </option>`)}
-                </select>
-
-                ${this.selectedIdp?.type==="self_signed"?N`
-                          <input
-                              type="text"
-                              title="client id"
-                              id="client-id"
-                              .value=${this.selectedNetwork?.auth.clientId||""}
-                          />
-                      `:null}
-                <button @click=${this.handleConnectToIDP}>Connect</button>
-
-                ${this.message?N`<div class="message ${this.messageType}">
-                          ${this.message}
-                      </div>`:N`<p>
-                          ${this.selectedNetwork?`Selected: ${this.selectedNetwork.name}`:"Please choose a network"}
-                      </p>`}
-            </div>
-        `}}d=kt(Z);oe=new WeakMap;ne=new WeakMap;ie=new WeakMap;ae=new WeakMap;ce=new WeakMap;de=new WeakMap;v(d,4,"networks",He,y,oe);v(d,4,"idps",Oe,y,ne);v(d,4,"selectedNetwork",Ne,y,ie);v(d,4,"selectedIdp",Je,y,ae);v(d,4,"message",xe,y,ce);v(d,4,"messageType",Pe,y,de);y=v(d,0,"LoginUI",De,y);y.styles=Ue`
-        :host {
-            display: flex;
-            align-items: center;
-            justify-content: center;
-            width: 100%;
-            padding: 1.5rem;
-            box-sizing: border-box;
-            color: var(--text-color, #222);
-            background: transparent;
-        }
-
-        :host([theme='dark']) {
-            --card-bg: #1e1e1e;
-            --text-color: #fff;
-            --border-color: #333;
-            --button-bg: #4caf50;
-            --button-hover: #66bb6a;
-            --error-color: #ff6b6b;
-            --info-color: #81c784;
-        }
-
-        :host(:not([theme='dark'])) {
-            --card-bg: #fff;
-            --border-color: #ddd;
-            --button-bg: #4caf50;
-            --button-hover: #43a047;
-            --error-color: #d32f2f;
-            --info-color: #388e3c;
-        }
-
-        .card {
-            background: var(--card-bg);
-            border: 1px solid var(--border-color);
-            border-radius: 16px;
-            box-shadow: 0 2px 8px rgba(0, 0, 0, 0.1);
-            padding: 1.5rem;
-            width: 100%;
-            max-width: 360px;
-            display: flex;
-            flex-direction: column;
-            gap: 1rem;
-            text-align: center;
-            box-sizing: border-box;
-        }
-
-        h1 {
-            font-size: 1.25rem;
-            margin: 0.25rem 0 0.5rem 0;
-        }
-
-        select {
-            appearance: none;
-            padding: 0.6rem 0.75rem;
-            border-radius: 8px;
-            border: 1px solid var(--border-color);
-            background: var(--card-bg);
-            color: var(--text-color);
-            font-size: 1rem;
-            cursor: pointer;
-            outline: none;
-            transition: border 0.2s ease;
-            width: 100%;
-            box-sizing: border-box;
-        }
-
-        select:focus {
-            border-color: #4caf50;
-        }
-
-        input[type='text'] {
-            appearance: none;
-            padding: 0.6rem 0.75rem;
-            border-radius: 8px;
-            border: 1px solid var(--border-color);
-            background: var(--card-bg);
-            color: var(--text-color);
-            font-size: 1rem;
-            cursor: pointer;
-            outline: none;
-            transition: border 0.2s ease;
-            width: 100%;
-            box-sizing: border-box;
-        }
-
-        input[type='text']:focus {
-            border-color: #4caf50;
-        }
-
-        button {
-            padding: 0.7rem;
-            border-radius: 8px;
-            border: none;
-            cursor: pointer;
-            background: var(--button-bg);
-            color: white;
-            font-weight: 600;
-            font-size: 1rem;
-            transition: background 0.2s ease;
-            width: 100%;
-        }
-
-        button:hover {
-            background: var(--button-hover);
-        }
-
-        .message {
-            font-size: 0.85rem;
-            border-radius: 6px;
-            padding: 0.5rem;
-            text-align: center;
-            transition: opacity 0.2s ease;
-        }
-
-        .message.error {
-            color: var(--error-color);
-            background-color: color-mix(
-                in srgb,
-                var(--error-color) 10%,
-                transparent
-            );
-        }
-
-        .message.info {
-            color: var(--info-color);
-            background-color: color-mix(
-                in srgb,
-                var(--info-color) 10%,
-                transparent
-            );
-        }
-
-        p {
-            font-size: 0.85rem;
-            color: var(--text-color);
-            opacity: 0.8;
-            margin-top: 0.25rem;
-        }
-
-        @media (max-width: 480px) {
-            .card {
-                border-radius: 12px;
-                padding: 1.25rem;
-                gap: 0.75rem;
-            }
-
-            h1 {
-                font-size: 1.1rem;
-            }
-
-            button,
-            select {
-                font-size: 0.95rem;
-            }
-        }
-    `;p(d,1,y);