@cubist-labs/cubesigner-sdk 0.1.23 → 0.1.50
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +47 -26
- package/dist/src/ethers/index.d.ts +25 -5
- package/dist/src/ethers/index.js +53 -16
- package/dist/src/index.d.ts +50 -33
- package/dist/src/index.js +79 -39
- package/dist/src/key.d.ts +58 -8
- package/dist/src/key.js +77 -14
- package/dist/src/org.d.ts +71 -6
- package/dist/src/org.js +90 -8
- package/dist/src/role.d.ts +19 -7
- package/dist/src/role.js +5 -3
- package/dist/src/schema.d.ts +1273 -91
- package/dist/src/schema.js +1 -1
- package/dist/src/session/cognito_manager.d.ts +59 -0
- package/dist/src/session/cognito_manager.js +111 -0
- package/dist/src/session/session_manager.d.ts +15 -0
- package/dist/src/session/session_manager.js +20 -1
- package/dist/src/session/signer_session_manager.d.ts +22 -12
- package/dist/src/session/signer_session_manager.js +42 -19
- package/dist/src/signer_session.d.ts +41 -29
- package/dist/src/signer_session.js +84 -69
- package/package.json +4 -1
- package/src/ethers/index.ts +83 -16
- package/src/index.ts +112 -64
- package/src/key.ts +103 -16
- package/src/org.ts +126 -10
- package/src/role.ts +21 -8
- package/src/schema.ts +1356 -168
- package/src/session/{management_session_manager.ts → cognito_manager.ts} +13 -15
- package/src/session/session_manager.ts +24 -0
- package/src/session/signer_session_manager.ts +52 -26
- package/src/signer_session.ts +90 -81
- package/src/session/oidc_session_manager.ts +0 -193
package/README.md
CHANGED
|
@@ -1,10 +1,23 @@
|
|
|
1
1
|
# CubeSigner TypeScript SDK
|
|
2
2
|
|
|
3
|
-
CubeSigner is a hardware-backed, non-custodial
|
|
4
|
-
|
|
3
|
+
CubeSigner is a hardware-backed, non-custodial platform for securely
|
|
4
|
+
managing cryptographic keys. This repository is the TypeScript SDK for
|
|
5
|
+
programmatically interacting with CubeSigner services.
|
|
5
6
|
|
|
6
|
-
|
|
7
|
-
|
|
7
|
+
## CubeSigner background
|
|
8
|
+
|
|
9
|
+
[The Cubist team](https://cubist.dev/about) built CubeSigner to address the key
|
|
10
|
+
security vs key availability tradeoff: right now, many teams are forced to keep
|
|
11
|
+
keys available in memory and therefore exposed to attackers, or try to keep
|
|
12
|
+
keys safe—usually only at rest—at serious latency and engineering cost.
|
|
13
|
+
CubeSigner addresses this problem by giving developers low-latency access to
|
|
14
|
+
hardware-backed key generation and signing. During each of these operations,
|
|
15
|
+
CubeSigner safeguards their users' keys in HSM-sealed Nitro Enclaves—combining
|
|
16
|
+
cold wallet security with hot wallet speed and simplicity.
|
|
17
|
+
|
|
18
|
+
Right now, the CubeSigner SDK supports signing for EVM chains like Ethereum
|
|
19
|
+
and Avalanche, and non-EVM chains Bitcoin and Solana. Support for more chains
|
|
20
|
+
is in the works!
|
|
8
21
|
|
|
9
22
|
## Installing the SDK
|
|
10
23
|
|
|
@@ -58,11 +71,11 @@ session manager:
|
|
|
58
71
|
|
|
59
72
|
```typescript
|
|
60
73
|
// Load session from a JSON file
|
|
61
|
-
const fileStorage = new cs.JsonFileSessionStorage<cs.
|
|
74
|
+
const fileStorage = new cs.JsonFileSessionStorage<cs.CognitoSessionInfo>(
|
|
62
75
|
`${process.env.HOME}/.config/cubesigner/management-session.json`,
|
|
63
76
|
);
|
|
64
77
|
// Create a session manager for a management token
|
|
65
|
-
const sessionMgr = await cs.
|
|
78
|
+
const sessionMgr = await cs.CognitoSessionManager.loadFromStorage(fileStorage);
|
|
66
79
|
new cs.CubeSigner({
|
|
67
80
|
sessionMgr,
|
|
68
81
|
});
|
|
@@ -100,7 +113,7 @@ transaction. For that, we need a key of type `Secp256k1.Evm`.
|
|
|
100
113
|
const secpKey = await org.createKey(cs.Secp256k1.Evm);
|
|
101
114
|
assert((await secpKey.owner()) == me.user_id);
|
|
102
115
|
assert(await secpKey.enabled());
|
|
103
|
-
console.log(`Created '${secpKey.type}' key ${secpKey.id}`);
|
|
116
|
+
console.log(`Created '${await secpKey.type()}' key ${secpKey.id}`);
|
|
104
117
|
```
|
|
105
118
|
|
|
106
119
|
### Create a `Role` and a `SignerSession`
|
|
@@ -188,7 +201,7 @@ assert(sig.data().rlp_signed_tx);
|
|
|
188
201
|
```typescript
|
|
189
202
|
const { ethers } = require("ethers");
|
|
190
203
|
// Create new Signer
|
|
191
|
-
const ethersSigner = new cs.ethers.Signer(secpKey.materialId, session
|
|
204
|
+
const ethersSigner = new cs.ethers.Signer(secpKey.materialId, session);
|
|
192
205
|
assert((await ethersSigner.getAddress()) === secpKey.materialId);
|
|
193
206
|
// sign transaction as usual:
|
|
194
207
|
console.log(
|
|
@@ -251,22 +264,30 @@ disabled for `BLS` keys, and for other key types it can be enabled by
|
|
|
251
264
|
attaching an `"AllowRawBlobSigning"` policy:
|
|
252
265
|
|
|
253
266
|
```typescript
|
|
254
|
-
|
|
255
|
-
const
|
|
256
|
-
|
|
257
|
-
};
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
267
|
+
// Create a new Ed25519 key (e.g., for Cardano) and add it to our session role
|
|
268
|
+
const edKey = await org.createKey(cs.Ed25519.Cardano);
|
|
269
|
+
await role.addKey(edKey);
|
|
270
|
+
console.log(`Created '${await edKey.type()}' key ${edKey.id} and added it to role ${role.id}`);
|
|
271
|
+
|
|
272
|
+
// Sign raw blobs with our new ed key and the secp we created before
|
|
273
|
+
for (const key of [edKey, secpKey]) {
|
|
274
|
+
console.log(`Confirming that raw blob with ${await key.type()} is rejected by default`);
|
|
275
|
+
const blobReq = <cs.BlobSignRequest>{
|
|
276
|
+
message_base64: "L1kE9g59xD3fzYQQSR7340BwU9fGrP6EMfIFcyX/YBc=",
|
|
277
|
+
};
|
|
278
|
+
try {
|
|
279
|
+
await session.signBlob(key, blobReq);
|
|
280
|
+
assert(false, "Must be rejected by policy");
|
|
281
|
+
} catch (e) {
|
|
282
|
+
assert(`${e}`.includes("Raw blob signing not allowed"));
|
|
283
|
+
}
|
|
284
|
+
|
|
285
|
+
console.log("Signing raw blob after adding 'AllowRawBlobSigning' policy");
|
|
286
|
+
await key.appendPolicy(["AllowRawBlobSigning"]);
|
|
287
|
+
const blobSig = await session.signBlob(key, blobReq);
|
|
288
|
+
console.log(blobSig.data());
|
|
289
|
+
assert(blobSig.data().signature);
|
|
263
290
|
}
|
|
264
|
-
|
|
265
|
-
console.log("Signing raw blob after adding 'AllowRawBlobSigning' policy");
|
|
266
|
-
await secpKey.appendPolicy(["AllowRawBlobSigning"]);
|
|
267
|
-
const blobSig = await session.signBlob(secpKey, blobReq);
|
|
268
|
-
console.log(blobSig.data());
|
|
269
|
-
assert(blobSig.data().signature);
|
|
270
291
|
```
|
|
271
292
|
|
|
272
293
|
> **Warning**
|
|
@@ -335,7 +356,7 @@ of `SignerSession`, required by all signing endpoints, e.g.,
|
|
|
335
356
|
`signEvm`)
|
|
336
357
|
|
|
337
358
|
```typescript
|
|
338
|
-
const oidcSession = await cubesigner.
|
|
359
|
+
const oidcSession = new cs.SignerSession(await cubesigner.oidcAuth(oidcToken, org.id, ["sign:*"]));
|
|
339
360
|
```
|
|
340
361
|
|
|
341
362
|
or a _management_ session (i.e., and instance of `CubeSigner`,
|
|
@@ -344,7 +365,7 @@ information, configuring user MFA methods, etc.).
|
|
|
344
365
|
|
|
345
366
|
```typescript
|
|
346
367
|
const oidcCubeSigner = new cs.CubeSigner({
|
|
347
|
-
sessionMgr: await cubesigner.
|
|
368
|
+
sessionMgr: await cubesigner.oidcAuth(oidcToken, org.id, ["manage:*"]),
|
|
348
369
|
});
|
|
349
370
|
```
|
|
350
371
|
|
|
@@ -392,7 +413,7 @@ as one of the configured MFA factors.
|
|
|
392
413
|
```typescript
|
|
393
414
|
const mfa = (await oidcCubeSigner.aboutMe()).mfa;
|
|
394
415
|
console.log("Configured MFA types", mfa);
|
|
395
|
-
assert(mfa.includes("
|
|
416
|
+
assert(mfa.map((m) => m.type).includes("totp"));
|
|
396
417
|
```
|
|
397
418
|
|
|
398
419
|
### Configure MFA policy for signing
|
|
@@ -1,16 +1,35 @@
|
|
|
1
1
|
import { TypedDataDomain, TypedDataField, ethers } from "ethers";
|
|
2
|
-
import { SignerSession } from "../signer_session";
|
|
2
|
+
import { MfaRequestInfo, SignerSession } from "../signer_session";
|
|
3
|
+
import { KeyInfo } from "../key";
|
|
4
|
+
import { CubeSigner } from "..";
|
|
5
|
+
/** Options for the signer */
|
|
6
|
+
interface SignerOptions {
|
|
7
|
+
/** Optional provider to use */
|
|
8
|
+
provider?: null | ethers.Provider;
|
|
9
|
+
/**
|
|
10
|
+
* The function to call when MFA information is retrieved. If this callback
|
|
11
|
+
* throws, no transaction is broadcast.
|
|
12
|
+
*/
|
|
13
|
+
onMfaPoll?: (arg0: MfaRequestInfo) => void;
|
|
14
|
+
/**
|
|
15
|
+
* The amount of time (in milliseconds) to wait between checks for MFA
|
|
16
|
+
* updates. Default is 1000ms
|
|
17
|
+
*/
|
|
18
|
+
mfaPollIntervalMs?: number;
|
|
19
|
+
/** Optional management session. Used to check for MFA updates */
|
|
20
|
+
managementSession?: CubeSigner;
|
|
21
|
+
}
|
|
3
22
|
/**
|
|
4
23
|
* A ethers.js Signer using CubeSigner
|
|
5
24
|
*/
|
|
6
25
|
export declare class Signer extends ethers.AbstractSigner {
|
|
7
26
|
#private;
|
|
8
27
|
/** Create new Signer instance
|
|
9
|
-
* @param {string} address The address of the account to use.
|
|
28
|
+
* @param {KeyInfo | string} address The key or the eth address of the account to use.
|
|
10
29
|
* @param {SignerSession} signerSession The underlying Signer session.
|
|
11
|
-
* @param {
|
|
30
|
+
* @param {SignerOptions} options The options to use for the Signer instance
|
|
12
31
|
*/
|
|
13
|
-
constructor(address: string, signerSession: SignerSession,
|
|
32
|
+
constructor(address: KeyInfo | string, signerSession: SignerSession, options?: SignerOptions);
|
|
14
33
|
/** Resolves to the signer address. */
|
|
15
34
|
getAddress(): Promise<string>;
|
|
16
35
|
/**
|
|
@@ -20,7 +39,7 @@ export declare class Signer extends ethers.AbstractSigner {
|
|
|
20
39
|
*/
|
|
21
40
|
connect(provider: null | ethers.Provider): Signer;
|
|
22
41
|
/**
|
|
23
|
-
* Signs a transaction. This populates the transaction type to `0x02` (EIP-1559) unless set.
|
|
42
|
+
* Signs a transaction. This populates the transaction type to `0x02` (EIP-1559) unless set. This method will block if the key requires MFA approval.
|
|
24
43
|
* @param {ethers.TransactionRequest} tx The transaction to sign.
|
|
25
44
|
* @return {Promise<string>} Hex-encoded RLP encoding of the transaction and its signature.
|
|
26
45
|
*/
|
|
@@ -48,3 +67,4 @@ export declare class Signer extends ethers.AbstractSigner {
|
|
|
48
67
|
*/
|
|
49
68
|
private signBlob;
|
|
50
69
|
}
|
|
70
|
+
export {};
|
package/dist/src/ethers/index.js
CHANGED
|
@@ -10,7 +10,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
|
|
|
10
10
|
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
|
|
11
11
|
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
12
12
|
};
|
|
13
|
-
var _Signer_address, _Signer_key, _Signer_signerSession;
|
|
13
|
+
var _Signer_instances, _Signer_address, _Signer_key, _Signer_signerSession, _Signer_onMfaPoll, _Signer_mfaPollIntervalMs, _Signer_managementSession, _Signer_handleMfa;
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
15
|
exports.Signer = void 0;
|
|
16
16
|
const ethers_1 = require("ethers");
|
|
@@ -19,20 +19,39 @@ const ethers_1 = require("ethers");
|
|
|
19
19
|
*/
|
|
20
20
|
class Signer extends ethers_1.ethers.AbstractSigner {
|
|
21
21
|
/** Create new Signer instance
|
|
22
|
-
* @param {string} address The address of the account to use.
|
|
22
|
+
* @param {KeyInfo | string} address The key or the eth address of the account to use.
|
|
23
23
|
* @param {SignerSession} signerSession The underlying Signer session.
|
|
24
|
-
* @param {
|
|
24
|
+
* @param {SignerOptions} options The options to use for the Signer instance
|
|
25
25
|
*/
|
|
26
|
-
constructor(address, signerSession,
|
|
27
|
-
super(provider);
|
|
26
|
+
constructor(address, signerSession, options) {
|
|
27
|
+
super(options?.provider);
|
|
28
|
+
_Signer_instances.add(this);
|
|
28
29
|
/** The address of the account */
|
|
29
30
|
_Signer_address.set(this, void 0);
|
|
30
31
|
/** The key to use for signing */
|
|
31
32
|
_Signer_key.set(this, void 0);
|
|
32
33
|
/** The underlying session */
|
|
33
34
|
_Signer_signerSession.set(this, void 0);
|
|
34
|
-
|
|
35
|
+
/**
|
|
36
|
+
* The function to call when MFA information is retrieved. If this callback
|
|
37
|
+
* throws, no transaction is broadcast.
|
|
38
|
+
*/
|
|
39
|
+
_Signer_onMfaPoll.set(this, void 0);
|
|
40
|
+
/** The amount of time to wait between checks for MFA updates */
|
|
41
|
+
_Signer_mfaPollIntervalMs.set(this, void 0);
|
|
42
|
+
/** Optional management session, used for MFA flows */
|
|
43
|
+
_Signer_managementSession.set(this, void 0);
|
|
44
|
+
if (typeof address === "string") {
|
|
45
|
+
__classPrivateFieldSet(this, _Signer_address, address, "f");
|
|
46
|
+
}
|
|
47
|
+
else {
|
|
48
|
+
__classPrivateFieldSet(this, _Signer_address, address.materialId, "f");
|
|
49
|
+
__classPrivateFieldSet(this, _Signer_key, address, "f");
|
|
50
|
+
}
|
|
35
51
|
__classPrivateFieldSet(this, _Signer_signerSession, signerSession, "f");
|
|
52
|
+
__classPrivateFieldSet(this, _Signer_onMfaPoll, options?.onMfaPoll ?? (( /* _mfaInfo: MfaRequestInfo */) => { }), "f"); // eslint-disable-line @typescript-eslint/no-empty-function
|
|
53
|
+
__classPrivateFieldSet(this, _Signer_mfaPollIntervalMs, options?.mfaPollIntervalMs ?? 1000, "f");
|
|
54
|
+
__classPrivateFieldSet(this, _Signer_managementSession, options?.managementSession, "f");
|
|
36
55
|
}
|
|
37
56
|
/** Resolves to the signer address. */
|
|
38
57
|
async getAddress() {
|
|
@@ -44,10 +63,10 @@ class Signer extends ethers_1.ethers.AbstractSigner {
|
|
|
44
63
|
* @return {Signer} The signer connected to signer.
|
|
45
64
|
*/
|
|
46
65
|
connect(provider) {
|
|
47
|
-
return new Signer(__classPrivateFieldGet(this, _Signer_address, "f"), __classPrivateFieldGet(this, _Signer_signerSession, "f"), provider);
|
|
66
|
+
return new Signer(__classPrivateFieldGet(this, _Signer_address, "f"), __classPrivateFieldGet(this, _Signer_signerSession, "f"), { provider });
|
|
48
67
|
}
|
|
49
68
|
/**
|
|
50
|
-
* Signs a transaction. This populates the transaction type to `0x02` (EIP-1559) unless set.
|
|
69
|
+
* Signs a transaction. This populates the transaction type to `0x02` (EIP-1559) unless set. This method will block if the key requires MFA approval.
|
|
51
70
|
* @param {ethers.TransactionRequest} tx The transaction to sign.
|
|
52
71
|
* @return {Promise<string>} Hex-encoded RLP encoding of the transaction and its signature.
|
|
53
72
|
*/
|
|
@@ -70,8 +89,9 @@ class Signer extends ethers_1.ethers.AbstractSigner {
|
|
|
70
89
|
chain_id: Number(chainId),
|
|
71
90
|
tx: rpcTx,
|
|
72
91
|
};
|
|
73
|
-
const
|
|
74
|
-
|
|
92
|
+
const res = await __classPrivateFieldGet(this, _Signer_signerSession, "f").signEvm(__classPrivateFieldGet(this, _Signer_address, "f"), req);
|
|
93
|
+
const data = await __classPrivateFieldGet(this, _Signer_instances, "m", _Signer_handleMfa).call(this, res);
|
|
94
|
+
return data.rlp_signed_tx;
|
|
75
95
|
}
|
|
76
96
|
/** Signs arbitrary messages. This uses ethers.js's [hashMessage](https://docs.ethers.org/v6/api/hashing/#hashMessage)
|
|
77
97
|
* to compute the EIP-191 digest and signs this digest using {@link Key#signBlob}.
|
|
@@ -106,17 +126,34 @@ class Signer extends ethers_1.ethers.AbstractSigner {
|
|
|
106
126
|
};
|
|
107
127
|
// Get the key corresponding to this address
|
|
108
128
|
if (__classPrivateFieldGet(this, _Signer_key, "f") === undefined) {
|
|
109
|
-
const key = (await __classPrivateFieldGet(this, _Signer_signerSession, "f").keys()).find((k) => k.
|
|
129
|
+
const key = (await __classPrivateFieldGet(this, _Signer_signerSession, "f").keys()).find((k) => k.material_id === __classPrivateFieldGet(this, _Signer_address, "f"));
|
|
110
130
|
if (key === undefined) {
|
|
111
131
|
throw new Error(`Cannot access key '${__classPrivateFieldGet(this, _Signer_address, "f")}'`);
|
|
112
132
|
}
|
|
113
133
|
__classPrivateFieldSet(this, _Signer_key, key, "f");
|
|
114
134
|
}
|
|
115
|
-
|
|
116
|
-
const
|
|
117
|
-
return
|
|
135
|
+
const res = await __classPrivateFieldGet(this, _Signer_signerSession, "f").signBlob(__classPrivateFieldGet(this, _Signer_key, "f").key_id, blobReq);
|
|
136
|
+
const data = await __classPrivateFieldGet(this, _Signer_instances, "m", _Signer_handleMfa).call(this, res);
|
|
137
|
+
return data.signature;
|
|
118
138
|
}
|
|
119
139
|
}
|
|
120
140
|
exports.Signer = Signer;
|
|
121
|
-
_Signer_address = new WeakMap(), _Signer_key = new WeakMap(), _Signer_signerSession = new WeakMap()
|
|
122
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvZXRoZXJzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7OztBQUFBLG1DQVFnQjtBQUloQjs7R0FFRztBQUNILE1BQWEsTUFBTyxTQUFRLGVBQU0sQ0FBQyxjQUFjO0lBVS9DOzs7O09BSUc7SUFDSCxZQUFZLE9BQWUsRUFBRSxhQUE0QixFQUFFLFFBQWlDO1FBQzFGLEtBQUssQ0FBQyxRQUFRLENBQUMsQ0FBQztRQWZsQixpQ0FBaUM7UUFDeEIsa0NBQWlCO1FBRTFCLGlDQUFpQztRQUNqQyw4QkFBVztRQUVYLDZCQUE2QjtRQUNwQix3Q0FBOEI7UUFTckMsdUJBQUEsSUFBSSxtQkFBWSxPQUFPLE1BQUEsQ0FBQztRQUN4Qix1QkFBQSxJQUFJLHlCQUFrQixhQUFhLE1BQUEsQ0FBQztJQUN0QyxDQUFDO0lBRUQsc0NBQXNDO0lBQ3RDLEtBQUssQ0FBQyxVQUFVO1FBQ2QsT0FBTyx1QkFBQSxJQUFJLHVCQUFTLENBQUM7SUFDdkIsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxPQUFPLENBQUMsUUFBZ0M7UUFDdEMsT0FBTyxJQUFJLE1BQU0sQ0FBQyx1QkFBQSxJQUFJLHVCQUFTLEVBQUUsdUJBQUEsSUFBSSw2QkFBZSxFQUFFLFFBQVEsQ0FBQyxDQUFDO0lBQ2xFLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLGVBQWUsQ0FBQyxFQUE2QjtRQUNqRCwwQ0FBMEM7UUFDMUMsSUFBSSxPQUFPLEdBQUcsRUFBRSxDQUFDLE9BQU8sQ0FBQztRQUN6QixJQUFJLE9BQU8sS0FBSyxTQUFTLEVBQUU7WUFDekIsTUFBTSxPQUFPLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxFQUFFLFVBQVUsRUFBRSxDQUFDO1lBQ2xELE9BQU8sR0FBRyxPQUFPLEVBQUUsT0FBTyxFQUFFLFFBQVEsRUFBRSxJQUFJLEdBQUcsQ0FBQztTQUMvQztRQUVELHNEQUFzRDtRQUN0RCxNQUFNLEtBQUssR0FDVCxJQUFJLENBQUMsUUFBUSxZQUFZLDJCQUFrQjtZQUN6QyxDQUFDLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxFQUFFLENBQUM7WUFDckMsQ0FBQyxDQUFDLGdEQUFnRDtnQkFDaEQsaURBQWlEO2dCQUNqRCwwQ0FBMEM7Z0JBQzFDLDJCQUFrQixDQUFDLFNBQVMsQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ3BFLEtBQUssQ0FBQyxJQUFJLEdBQUcsSUFBQSxnQkFBTyxFQUFDLEVBQUUsQ0FBQyxJQUFJLElBQUksSUFBSSxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMscUJBQXFCO1FBRS9ELE1BQU0sR0FBRyxHQUFtQjtZQUMxQixRQUFRLEVBQUUsTUFBTSxDQUFDLE9BQU8sQ0FBQztZQUN6QixFQUFFLEVBQUUsS0FBSztTQUNWLENBQUM7UUFDRixNQUFNLEdBQUcsR0FBRyxNQUFNLHVCQUFBLElBQUksNkJBQWUsQ0FBQyxPQUFPLENBQUMsdUJBQUEsSUFBSSx1QkFBUyxFQUFFLEdBQUcsQ0FBQyxDQUFDO1FBQ2xFLE9BQU8sR0FBRyxDQUFDLElBQUksRUFBRSxDQUFDLGFBQWEsQ0FBQztJQUNsQyxDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSCxLQUFLLENBQUMsV0FBVyxDQUFDLE9BQTRCO1FBQzVDLE1BQU0sTUFBTSxHQUFHLGVBQU0sQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDM0MsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQy9CLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNILEtBQUssQ0FBQyxhQUFhLENBQ2pCLE1BQXVCLEVBQ3ZCLEtBQTRDLEVBQzVDLEtBQTBCO1FBRTFCLE1BQU0sTUFBTSxHQUFHLHlCQUFnQixDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsS0FBSyxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzNELE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0ssS0FBSyxDQUFDLFFBQVEsQ0FBQyxNQUFjO1FBQ25DLE1BQU0sT0FBTyxHQUFvQjtZQUMvQixjQUFjLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFBLGlCQUFRLEVBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDO1NBQ2pFLENBQUM7UUFDRiw0Q0FBNEM7UUFDNUMsSUFBSSx1QkFBQSxJQUFJLG1CQUFLLEtBQUssU0FBUyxFQUFFO1lBQzNCLE1BQU0sR0FBRyxHQUFHLENBQUMsTUFBTSx1QkFBQSxJQUFJLDZCQUFlLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxVQUFVLEtBQUssdUJBQUEsSUFBSSx1QkFBUyxDQUFDLENBQUM7WUFDM0YsSUFBSSxHQUFHLEtBQUssU0FBUyxFQUFFO2dCQUNyQixNQUFNLElBQUksS0FBSyxDQUFDLHNCQUFzQix1QkFBQSxJQUFJLHVCQUFTLEdBQUcsQ0FBQyxDQUFDO2FBQ3pEO1lBQ0QsdUJBQUEsSUFBSSxlQUFRLEdBQUcsTUFBQSxDQUFDO1NBQ2pCO1FBQ0QsT0FBTztRQUNQLE1BQU0sTUFBTSxHQUFHLE1BQU0sdUJBQUEsSUFBSSw2QkFBZSxDQUFDLFFBQVEsQ0FBQyx1QkFBQSxJQUFJLG1CQUFLLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDdEUsT0FBTyxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUMsU0FBUyxDQUFDO0lBQ2pDLENBQUM7Q0FDRjtBQW5IRCx3QkFtSEMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQge1xuICBKc29uUnBjQXBpUHJvdmlkZXIsXG4gIFR5cGVkRGF0YURvbWFpbixcbiAgVHlwZWREYXRhRW5jb2RlcixcbiAgVHlwZWREYXRhRmllbGQsXG4gIGV0aGVycyxcbiAgZ2V0Qnl0ZXMsXG4gIHRvQmVIZXgsXG59IGZyb20gXCJldGhlcnNcIjtcbmltcG9ydCB7IEJsb2JTaWduUmVxdWVzdCwgRXZtU2lnblJlcXVlc3QsIFNpZ25lclNlc3Npb24gfSBmcm9tIFwiLi4vc2lnbmVyX3Nlc3Npb25cIjtcbmltcG9ydCB7IEtleSB9IGZyb20gXCIuLi9rZXlcIjtcblxuLyoqXG4gKiBBIGV0aGVycy5qcyBTaWduZXIgdXNpbmcgQ3ViZVNpZ25lclxuICovXG5leHBvcnQgY2xhc3MgU2lnbmVyIGV4dGVuZHMgZXRoZXJzLkFic3RyYWN0U2lnbmVyIHtcbiAgLyoqIFRoZSBhZGRyZXNzIG9mIHRoZSBhY2NvdW50ICovXG4gIHJlYWRvbmx5ICNhZGRyZXNzOiBzdHJpbmc7XG5cbiAgLyoqIFRoZSBrZXkgdG8gdXNlIGZvciBzaWduaW5nICovXG4gICNrZXk/OiBLZXk7XG5cbiAgLyoqIFRoZSB1bmRlcmx5aW5nIHNlc3Npb24gKi9cbiAgcmVhZG9ubHkgI3NpZ25lclNlc3Npb246IFNpZ25lclNlc3Npb247XG5cbiAgLyoqIENyZWF0ZSBuZXcgU2lnbmVyIGluc3RhbmNlXG4gICAqIEBwYXJhbSB7c3RyaW5nfSBhZGRyZXNzIFRoZSBhZGRyZXNzIG9mIHRoZSBhY2NvdW50IHRvIHVzZS5cbiAgICogQHBhcmFtIHtTaWduZXJTZXNzaW9ufSBzaWduZXJTZXNzaW9uIFRoZSB1bmRlcmx5aW5nIFNpZ25lciBzZXNzaW9uLlxuICAgKiBAcGFyYW0ge251bGwgfCBldGhlcnMuUHJvdmlkZXJ9IHByb3ZpZGVyIFRoZSBvcHRpb25hbCBwcm92aWRlciBpbnN0YW5jZSB0byB1c2UuXG4gICAqL1xuICBjb25zdHJ1Y3RvcihhZGRyZXNzOiBzdHJpbmcsIHNpZ25lclNlc3Npb246IFNpZ25lclNlc3Npb24sIHByb3ZpZGVyPzogbnVsbCB8IGV0aGVycy5Qcm92aWRlcikge1xuICAgIHN1cGVyKHByb3ZpZGVyKTtcbiAgICB0aGlzLiNhZGRyZXNzID0gYWRkcmVzcztcbiAgICB0aGlzLiNzaWduZXJTZXNzaW9uID0gc2lnbmVyU2Vzc2lvbjtcbiAgfVxuXG4gIC8qKiBSZXNvbHZlcyB0byB0aGUgc2lnbmVyIGFkZHJlc3MuICovXG4gIGFzeW5jIGdldEFkZHJlc3MoKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICByZXR1cm4gdGhpcy4jYWRkcmVzcztcbiAgfVxuXG4gIC8qKlxuICAgKiAgUmV0dXJucyB0aGUgc2lnbmVyIGNvbm5lY3RlZCB0byAlJXByb3ZpZGVyJSUuXG4gICAqICBAcGFyYW0ge251bGwgfCBldGhlcnMuUHJvdmlkZXJ9IHByb3ZpZGVyIFRoZSBvcHRpb25hbCBwcm92aWRlciBpbnN0YW5jZSB0byB1c2UuXG4gICAqICBAcmV0dXJuIHtTaWduZXJ9IFRoZSBzaWduZXIgY29ubmVjdGVkIHRvIHNpZ25lci5cbiAgICovXG4gIGNvbm5lY3QocHJvdmlkZXI6IG51bGwgfCBldGhlcnMuUHJvdmlkZXIpOiBTaWduZXIge1xuICAgIHJldHVybiBuZXcgU2lnbmVyKHRoaXMuI2FkZHJlc3MsIHRoaXMuI3NpZ25lclNlc3Npb24sIHByb3ZpZGVyKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBTaWducyBhIHRyYW5zYWN0aW9uLiBUaGlzIHBvcHVsYXRlcyB0aGUgdHJhbnNhY3Rpb24gdHlwZSB0byBgMHgwMmAgKEVJUC0xNTU5KSB1bmxlc3Mgc2V0LlxuICAgKiBAcGFyYW0ge2V0aGVycy5UcmFuc2FjdGlvblJlcXVlc3R9IHR4IFRoZSB0cmFuc2FjdGlvbiB0byBzaWduLlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPHN0cmluZz59IEhleC1lbmNvZGVkIFJMUCBlbmNvZGluZyBvZiB0aGUgdHJhbnNhY3Rpb24gYW5kIGl0cyBzaWduYXR1cmUuXG4gICAqL1xuICBhc3luYyBzaWduVHJhbnNhY3Rpb24odHg6IGV0aGVycy5UcmFuc2FjdGlvblJlcXVlc3QpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIC8vIGdldCB0aGUgY2hhaW4gaWQgZnJvbSB0aGUgbmV0d29yayBvciB0eFxuICAgIGxldCBjaGFpbklkID0gdHguY2hhaW5JZDtcbiAgICBpZiAoY2hhaW5JZCA9PT0gdW5kZWZpbmVkKSB7XG4gICAgICBjb25zdCBuZXR3b3JrID0gYXdhaXQgdGhpcy5wcm92aWRlcj8uZ2V0TmV0d29yaygpO1xuICAgICAgY2hhaW5JZCA9IG5ldHdvcms/LmNoYWluSWQ/LnRvU3RyaW5nKCkgPz8gXCIxXCI7XG4gICAgfVxuXG4gICAgLy8gQ29udmVydCB0aGUgdHJhbnNhY3Rpb24gaW50byBhIEpTT04tUlBDIHRyYW5zYWN0aW9uXG4gICAgY29uc3QgcnBjVHggPVxuICAgICAgdGhpcy5wcm92aWRlciBpbnN0YW5jZW9mIEpzb25ScGNBcGlQcm92aWRlclxuICAgICAgICA/IHRoaXMucHJvdmlkZXIuZ2V0UnBjVHJhbnNhY3Rpb24odHgpXG4gICAgICAgIDogLy8gV2UgY2FuIGp1c3QgY2FsbCB0aGUgZ2V0UnBjVHJhbnNhY3Rpb24gd2l0aCBhXG4gICAgICAgICAgLy8gbnVsbCByZWNlaXZlciBzaW5jZSBpdCBkb2Vzbid0IGFjdHVhbGx5IHVzZSBpdFxuICAgICAgICAgIC8vIChhbmQgcmVhbGx5IHNob3VsZCBiZSBkZWNsYXJlZCBzdGF0aWMpLlxuICAgICAgICAgIEpzb25ScGNBcGlQcm92aWRlci5wcm90b3R5cGUuZ2V0UnBjVHJhbnNhY3Rpb24uY2FsbChudWxsLCB0eCk7XG4gICAgcnBjVHgudHlwZSA9IHRvQmVIZXgodHgudHlwZSA/PyAweDAyLCAxKTsgLy8gd2UgZXhwZWN0IDB4MFswLTJdXG5cbiAgICBjb25zdCByZXEgPSA8RXZtU2lnblJlcXVlc3Q+e1xuICAgICAgY2hhaW5faWQ6IE51bWJlcihjaGFpbklkKSxcbiAgICAgIHR4OiBycGNUeCxcbiAgICB9O1xuICAgIGNvbnN0IHNpZyA9IGF3YWl0IHRoaXMuI3NpZ25lclNlc3Npb24uc2lnbkV2bSh0aGlzLiNhZGRyZXNzLCByZXEpO1xuICAgIHJldHVybiBzaWcuZGF0YSgpLnJscF9zaWduZWRfdHg7XG4gIH1cblxuICAvKiogU2lnbnMgYXJiaXRyYXJ5IG1lc3NhZ2VzLiBUaGlzIHVzZXMgZXRoZXJzLmpzJ3MgW2hhc2hNZXNzYWdlXShodHRwczovL2RvY3MuZXRoZXJzLm9yZy92Ni9hcGkvaGFzaGluZy8jaGFzaE1lc3NhZ2UpXG4gICAqIHRvIGNvbXB1dGUgdGhlIEVJUC0xOTEgZGlnZXN0IGFuZCBzaWducyB0aGlzIGRpZ2VzdCB1c2luZyB7QGxpbmsgS2V5I3NpZ25CbG9ifS5cbiAgICogVGhlIGtleSAoZm9yIHRoaXMgc2Vzc2lvbikgbXVzdCBoYXZlIHRoZSBgXCJBbGxvd1Jhd0Jsb2JTaWduaW5nXCJgIHBvbGljeSBhdHRhY2hlZC5cbiAgICogQHBhcmFtIHtzdHJpbmcgfCBVaW50OEFycmF5fSBtZXNzYWdlIFRoZSBtZXNzYWdlIHRvIHNpZ24uXG4gICAqIEByZXR1cm4ge1Byb21pc2U8c3RyaW5nPn0gVGhlIHNpZ25hdHVyZS5cbiAgICovXG4gIGFzeW5jIHNpZ25NZXNzYWdlKG1lc3NhZ2U6IHN0cmluZyB8IFVpbnQ4QXJyYXkpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGRpZ2VzdCA9IGV0aGVycy5oYXNoTWVzc2FnZShtZXNzYWdlKTtcbiAgICByZXR1cm4gdGhpcy5zaWduQmxvYihkaWdlc3QpO1xuICB9XG5cbiAgLyoqIFNpZ25zIEVJUC03MTIgdHlwZWQgZGF0YS4gVGhpcyB1c2VzIGV0aGVycy5qcydzXG4gICAqIFtUeXBlZERhdGFFbmNvZGVyLmhhc2hdKGh0dHBzOi8vZG9jcy5ldGhlcnMub3JnL3Y2L2FwaS9oYXNoaW5nLyNUeXBlZERhdGFFbmNvZGVyX2hhc2gpXG4gICAqIHRvIGNvbXB1dGUgdGhlIEVJUC03MTIgZGlnZXN0IGFuZCBzaWducyB0aGlzIGRpZ2VzdCB1c2luZyB7QGxpbmsgS2V5I3NpZ25CbG9ifS5cbiAgICogVGhlIGtleSAoZm9yIHRoaXMgc2Vzc2lvbikgbXVzdCBoYXZlIHRoZSBgXCJBbGxvd1Jhd0Jsb2JTaWduaW5nXCJgIHBvbGljeSBhdHRhY2hlZC5cbiAgICogQHBhcmFtIHtUeXBlZERhdGFEb21haW59IGRvbWFpbiBUaGUgZG9tYWluIG9mIHRoZSB0eXBlZCBkYXRhLlxuICAgKiBAcGFyYW0ge1JlY29yZDxzdHJpbmcsIEFycmF5PFR5cGVkRGF0YUZpZWxkPj59IHR5cGVzIFRoZSB0eXBlcyBvZiB0aGUgdHlwZWQgZGF0YS5cbiAgICogQHBhcmFtIHtSZWNvcmQ8c3RyaW5nLCBhbnk+fSB2YWx1ZSBUaGUgdmFsdWUgb2YgdGhlIHR5cGVkIGRhdGEuXG4gICAqIEByZXR1cm4ge1Byb21pc2U8c3RyaW5nPn0gVGhlIHNpZ25hdHVyZS5cbiAgICovXG4gIGFzeW5jIHNpZ25UeXBlZERhdGEoXG4gICAgZG9tYWluOiBUeXBlZERhdGFEb21haW4sXG4gICAgdHlwZXM6IFJlY29yZDxzdHJpbmcsIEFycmF5PFR5cGVkRGF0YUZpZWxkPj4sXG4gICAgdmFsdWU6IFJlY29yZDxzdHJpbmcsIGFueT4sIC8vIGVzbGludC1kaXNhYmxlLWxpbmUgQHR5cGVzY3JpcHQtZXNsaW50L25vLWV4cGxpY2l0LWFueVxuICApOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGRpZ2VzdCA9IFR5cGVkRGF0YUVuY29kZXIuaGFzaChkb21haW4sIHR5cGVzLCB2YWx1ZSk7XG4gICAgcmV0dXJuIHRoaXMuc2lnbkJsb2IoZGlnZXN0KTtcbiAgfVxuXG4gIC8qKiBTaWduIGFyYml0cmFyeSBkaWdlc3QuIFRoaXMgdXNlcyB7QGxpbmsgS2V5I3NpZ25CbG9ifS5cbiAgICogQHBhcmFtIHtzdHJpbmd9IGRpZ2VzdCBUaGUgZGlnZXN0IHRvIHNpZ24uXG4gICAqIEByZXR1cm4ge1Byb21pc2U8c3RyaW5nPn0gVGhlIHNpZ25hdHVyZS5cbiAgICovXG4gIHByaXZhdGUgYXN5bmMgc2lnbkJsb2IoZGlnZXN0OiBzdHJpbmcpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGJsb2JSZXEgPSA8QmxvYlNpZ25SZXF1ZXN0PntcbiAgICAgIG1lc3NhZ2VfYmFzZTY0OiBCdWZmZXIuZnJvbShnZXRCeXRlcyhkaWdlc3QpKS50b1N0cmluZyhcImJhc2U2NFwiKSxcbiAgICB9O1xuICAgIC8vIEdldCB0aGUga2V5IGNvcnJlc3BvbmRpbmcgdG8gdGhpcyBhZGRyZXNzXG4gICAgaWYgKHRoaXMuI2tleSA9PT0gdW5kZWZpbmVkKSB7XG4gICAgICBjb25zdCBrZXkgPSAoYXdhaXQgdGhpcy4jc2lnbmVyU2Vzc2lvbi5rZXlzKCkpLmZpbmQoKGspID0+IGsubWF0ZXJpYWxJZCA9PT0gdGhpcy4jYWRkcmVzcyk7XG4gICAgICBpZiAoa2V5ID09PSB1bmRlZmluZWQpIHtcbiAgICAgICAgdGhyb3cgbmV3IEVycm9yKGBDYW5ub3QgYWNjZXNzIGtleSAnJHt0aGlzLiNhZGRyZXNzfSdgKTtcbiAgICAgIH1cbiAgICAgIHRoaXMuI2tleSA9IGtleTtcbiAgICB9XG4gICAgLy8gc2lnblxuICAgIGNvbnN0IHJlc3VsdCA9IGF3YWl0IHRoaXMuI3NpZ25lclNlc3Npb24uc2lnbkJsb2IodGhpcy4ja2V5LCBibG9iUmVxKTtcbiAgICByZXR1cm4gcmVzdWx0LmRhdGEoKS5zaWduYXR1cmU7XG4gIH1cbn1cbiJdfQ==
|
|
141
|
+
_Signer_address = new WeakMap(), _Signer_key = new WeakMap(), _Signer_signerSession = new WeakMap(), _Signer_onMfaPoll = new WeakMap(), _Signer_mfaPollIntervalMs = new WeakMap(), _Signer_managementSession = new WeakMap(), _Signer_instances = new WeakSet(), _Signer_handleMfa =
|
|
142
|
+
/**
|
|
143
|
+
* If the sign request requires MFA, this method waits for approvals
|
|
144
|
+
*
|
|
145
|
+
* @param {SignResponse<U>} res The response of a sign request
|
|
146
|
+
* @return {Promise<U>} The sign data after MFA approvals
|
|
147
|
+
*/
|
|
148
|
+
async function _Signer_handleMfa(res) {
|
|
149
|
+
while (res.requiresMfa()) {
|
|
150
|
+
await new Promise((resolve) => setTimeout(resolve, __classPrivateFieldGet(this, _Signer_mfaPollIntervalMs, "f")));
|
|
151
|
+
const mfaInfo = await __classPrivateFieldGet(this, _Signer_signerSession, "f").getMfaInfo(__classPrivateFieldGet(this, _Signer_managementSession, "f"), res.mfaId());
|
|
152
|
+
__classPrivateFieldGet(this, _Signer_onMfaPoll, "f").call(this, mfaInfo);
|
|
153
|
+
if (mfaInfo.receipt) {
|
|
154
|
+
res = await res.signWithMfaApproval(mfaInfo);
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
return res.data();
|
|
158
|
+
};
|
|
159
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvZXRoZXJzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7OztBQUFBLG1DQVFnQjtBQTZCaEI7O0dBRUc7QUFDSCxNQUFhLE1BQU8sU0FBUSxlQUFNLENBQUMsY0FBYztJQXNCL0M7Ozs7T0FJRztJQUNILFlBQVksT0FBeUIsRUFBRSxhQUE0QixFQUFFLE9BQXVCO1FBQzFGLEtBQUssQ0FBQyxPQUFPLEVBQUUsUUFBUSxDQUFDLENBQUM7O1FBM0IzQixpQ0FBaUM7UUFDeEIsa0NBQWlCO1FBRTFCLGlDQUFpQztRQUNqQyw4QkFBZTtRQUVmLDZCQUE2QjtRQUNwQix3Q0FBOEI7UUFFdkM7OztXQUdHO1FBQ00sb0NBQTJDO1FBRXBELGdFQUFnRTtRQUN2RCw0Q0FBMkI7UUFFcEMsc0RBQXNEO1FBQzdDLDRDQUFnQztRQVN2QyxJQUFJLE9BQU8sT0FBTyxLQUFLLFFBQVEsRUFBRTtZQUMvQix1QkFBQSxJQUFJLG1CQUFZLE9BQU8sTUFBQSxDQUFDO1NBQ3pCO2FBQU07WUFDTCx1QkFBQSxJQUFJLG1CQUFZLE9BQU8sQ0FBQyxVQUFVLE1BQUEsQ0FBQztZQUNuQyx1QkFBQSxJQUFJLGVBQVEsT0FBa0IsTUFBQSxDQUFDO1NBQ2hDO1FBQ0QsdUJBQUEsSUFBSSx5QkFBa0IsYUFBYSxNQUFBLENBQUM7UUFDcEMsdUJBQUEsSUFBSSxxQkFBYyxPQUFPLEVBQUUsU0FBUyxJQUFJLENBQUMsRUFBQyw4QkFBOEIsRUFBRSxFQUFFLEdBQUUsQ0FBQyxDQUFDLE1BQUEsQ0FBQyxDQUFDLDJEQUEyRDtRQUM3SSx1QkFBQSxJQUFJLDZCQUFzQixPQUFPLEVBQUUsaUJBQWlCLElBQUksSUFBSSxNQUFBLENBQUM7UUFDN0QsdUJBQUEsSUFBSSw2QkFBc0IsT0FBTyxFQUFFLGlCQUFpQixNQUFBLENBQUM7SUFDdkQsQ0FBQztJQUVELHNDQUFzQztJQUN0QyxLQUFLLENBQUMsVUFBVTtRQUNkLE9BQU8sdUJBQUEsSUFBSSx1QkFBUyxDQUFDO0lBQ3ZCLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsT0FBTyxDQUFDLFFBQWdDO1FBQ3RDLE9BQU8sSUFBSSxNQUFNLENBQUMsdUJBQUEsSUFBSSx1QkFBUyxFQUFFLHVCQUFBLElBQUksNkJBQWUsRUFBRSxFQUFFLFFBQVEsRUFBRSxDQUFDLENBQUM7SUFDdEUsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxLQUFLLENBQUMsZUFBZSxDQUFDLEVBQTZCO1FBQ2pELDBDQUEwQztRQUMxQyxJQUFJLE9BQU8sR0FBRyxFQUFFLENBQUMsT0FBTyxDQUFDO1FBQ3pCLElBQUksT0FBTyxLQUFLLFNBQVMsRUFBRTtZQUN6QixNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLEVBQUUsVUFBVSxFQUFFLENBQUM7WUFDbEQsT0FBTyxHQUFHLE9BQU8sRUFBRSxPQUFPLEVBQUUsUUFBUSxFQUFFLElBQUksR0FBRyxDQUFDO1NBQy9DO1FBRUQsc0RBQXNEO1FBQ3RELE1BQU0sS0FBSyxHQUNULElBQUksQ0FBQyxRQUFRLFlBQVksMkJBQWtCO1lBQ3pDLENBQUMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDLEVBQUUsQ0FBQztZQUNyQyxDQUFDLENBQUMsZ0RBQWdEO2dCQUNoRCxpREFBaUQ7Z0JBQ2pELDBDQUEwQztnQkFDMUMsMkJBQWtCLENBQUMsU0FBUyxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDcEUsS0FBSyxDQUFDLElBQUksR0FBRyxJQUFBLGdCQUFPLEVBQUMsRUFBRSxDQUFDLElBQUksSUFBSSxJQUFJLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxxQkFBcUI7UUFFL0QsTUFBTSxHQUFHLEdBQW1CO1lBQzFCLFFBQVEsRUFBRSxNQUFNLENBQUMsT0FBTyxDQUFDO1lBQ3pCLEVBQUUsRUFBRSxLQUFLO1NBQ1YsQ0FBQztRQUVGLE1BQU0sR0FBRyxHQUFHLE1BQU0sdUJBQUEsSUFBSSw2QkFBZSxDQUFDLE9BQU8sQ0FBQyx1QkFBQSxJQUFJLHVCQUFTLEVBQUUsR0FBRyxDQUFDLENBQUM7UUFDbEUsTUFBTSxJQUFJLEdBQUcsTUFBTSx1QkFBQSxJQUFJLDRDQUFXLE1BQWYsSUFBSSxFQUFZLEdBQUcsQ0FBQyxDQUFDO1FBQ3hDLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQztJQUM1QixDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSCxLQUFLLENBQUMsV0FBVyxDQUFDLE9BQTRCO1FBQzVDLE1BQU0sTUFBTSxHQUFHLGVBQU0sQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDM0MsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQy9CLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNILEtBQUssQ0FBQyxhQUFhLENBQ2pCLE1BQXVCLEVBQ3ZCLEtBQTRDLEVBQzVDLEtBQTBCO1FBRTFCLE1BQU0sTUFBTSxHQUFHLHlCQUFnQixDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsS0FBSyxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzNELE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0ssS0FBSyxDQUFDLFFBQVEsQ0FBQyxNQUFjO1FBQ25DLE1BQU0sT0FBTyxHQUFvQjtZQUMvQixjQUFjLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFBLGlCQUFRLEVBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDO1NBQ2pFLENBQUM7UUFDRiw0Q0FBNEM7UUFDNUMsSUFBSSx1QkFBQSxJQUFJLG1CQUFLLEtBQUssU0FBUyxFQUFFO1lBQzNCLE1BQU0sR0FBRyxHQUFHLENBQUMsTUFBTSx1QkFBQSxJQUFJLDZCQUFlLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxXQUFXLEtBQUssdUJBQUEsSUFBSSx1QkFBUyxDQUFDLENBQUM7WUFDNUYsSUFBSSxHQUFHLEtBQUssU0FBUyxFQUFFO2dCQUNyQixNQUFNLElBQUksS0FBSyxDQUFDLHNCQUFzQix1QkFBQSxJQUFJLHVCQUFTLEdBQUcsQ0FBQyxDQUFDO2FBQ3pEO1lBQ0QsdUJBQUEsSUFBSSxlQUFRLEdBQUcsTUFBQSxDQUFDO1NBQ2pCO1FBRUQsTUFBTSxHQUFHLEdBQUcsTUFBTSx1QkFBQSxJQUFJLDZCQUFlLENBQUMsUUFBUSxDQUFDLHVCQUFBLElBQUksbUJBQUssQ0FBQyxNQUFNLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDMUUsTUFBTSxJQUFJLEdBQUcsTUFBTSx1QkFBQSxJQUFJLDRDQUFXLE1BQWYsSUFBSSxFQUFZLEdBQUcsQ0FBQyxDQUFDO1FBQ3hDLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQztJQUN4QixDQUFDO0NBb0JGO0FBN0pELHdCQTZKQzs7QUFsQkM7Ozs7O0dBS0c7QUFDSCxLQUFLLDRCQUFlLEdBQW9CO0lBQ3RDLE9BQU8sR0FBRyxDQUFDLFdBQVcsRUFBRSxFQUFFO1FBQ3hCLE1BQU0sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLFVBQVUsQ0FBQyxPQUFPLEVBQUUsdUJBQUEsSUFBSSxpQ0FBbUIsQ0FBQyxDQUFDLENBQUM7UUFFN0UsTUFBTSxPQUFPLEdBQUcsTUFBTSx1QkFBQSxJQUFJLDZCQUFlLENBQUMsVUFBVSxDQUFDLHVCQUFBLElBQUksaUNBQW9CLEVBQUUsR0FBRyxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUM7UUFDNUYsdUJBQUEsSUFBSSx5QkFBVyxNQUFmLElBQUksRUFBWSxPQUFPLENBQUMsQ0FBQztRQUN6QixJQUFJLE9BQU8sQ0FBQyxPQUFPLEVBQUU7WUFDbkIsR0FBRyxHQUFHLE1BQU0sR0FBRyxDQUFDLG1CQUFtQixDQUFDLE9BQU8sQ0FBQyxDQUFDO1NBQzlDO0tBQ0Y7SUFDRCxPQUFPLEdBQUcsQ0FBQyxJQUFJLEVBQUUsQ0FBQztBQUNwQixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHtcbiAgSnNvblJwY0FwaVByb3ZpZGVyLFxuICBUeXBlZERhdGFEb21haW4sXG4gIFR5cGVkRGF0YUVuY29kZXIsXG4gIFR5cGVkRGF0YUZpZWxkLFxuICBldGhlcnMsXG4gIGdldEJ5dGVzLFxuICB0b0JlSGV4LFxufSBmcm9tIFwiZXRoZXJzXCI7XG5pbXBvcnQge1xuICBCbG9iU2lnblJlcXVlc3QsXG4gIEV2bVNpZ25SZXF1ZXN0LFxuICBNZmFSZXF1ZXN0SW5mbyxcbiAgU2lnbmVyU2Vzc2lvbixcbiAgU2lnblJlc3BvbnNlLFxufSBmcm9tIFwiLi4vc2lnbmVyX3Nlc3Npb25cIjtcbmltcG9ydCB7IEtleUluZm8gfSBmcm9tIFwiLi4va2V5XCI7XG5pbXBvcnQgeyBDdWJlU2lnbmVyIH0gZnJvbSBcIi4uXCI7XG5cbi8qKiBPcHRpb25zIGZvciB0aGUgc2lnbmVyICovXG5pbnRlcmZhY2UgU2lnbmVyT3B0aW9ucyB7XG4gIC8qKiBPcHRpb25hbCBwcm92aWRlciB0byB1c2UgKi9cbiAgcHJvdmlkZXI/OiBudWxsIHwgZXRoZXJzLlByb3ZpZGVyO1xuICAvKipcbiAgICogVGhlIGZ1bmN0aW9uIHRvIGNhbGwgd2hlbiBNRkEgaW5mb3JtYXRpb24gaXMgcmV0cmlldmVkLiBJZiB0aGlzIGNhbGxiYWNrXG4gICAqIHRocm93cywgbm8gdHJhbnNhY3Rpb24gaXMgYnJvYWRjYXN0LlxuICAgKi9cbiAgb25NZmFQb2xsPzogKGFyZzA6IE1mYVJlcXVlc3RJbmZvKSA9PiB2b2lkO1xuICAvKipcbiAgICogVGhlIGFtb3VudCBvZiB0aW1lIChpbiBtaWxsaXNlY29uZHMpIHRvIHdhaXQgYmV0d2VlbiBjaGVja3MgZm9yIE1GQVxuICAgKiB1cGRhdGVzLiBEZWZhdWx0IGlzIDEwMDBtc1xuICAgKi9cbiAgbWZhUG9sbEludGVydmFsTXM/OiBudW1iZXI7XG4gIC8qKiBPcHRpb25hbCBtYW5hZ2VtZW50IHNlc3Npb24uIFVzZWQgdG8gY2hlY2sgZm9yIE1GQSB1cGRhdGVzICovXG4gIG1hbmFnZW1lbnRTZXNzaW9uPzogQ3ViZVNpZ25lcjtcbn1cblxuLyoqXG4gKiBBIGV0aGVycy5qcyBTaWduZXIgdXNpbmcgQ3ViZVNpZ25lclxuICovXG5leHBvcnQgY2xhc3MgU2lnbmVyIGV4dGVuZHMgZXRoZXJzLkFic3RyYWN0U2lnbmVyIHtcbiAgLyoqIFRoZSBhZGRyZXNzIG9mIHRoZSBhY2NvdW50ICovXG4gIHJlYWRvbmx5ICNhZGRyZXNzOiBzdHJpbmc7XG5cbiAgLyoqIFRoZSBrZXkgdG8gdXNlIGZvciBzaWduaW5nICovXG4gICNrZXk/OiBLZXlJbmZvO1xuXG4gIC8qKiBUaGUgdW5kZXJseWluZyBzZXNzaW9uICovXG4gIHJlYWRvbmx5ICNzaWduZXJTZXNzaW9uOiBTaWduZXJTZXNzaW9uO1xuXG4gIC8qKlxuICAgKiBUaGUgZnVuY3Rpb24gdG8gY2FsbCB3aGVuIE1GQSBpbmZvcm1hdGlvbiBpcyByZXRyaWV2ZWQuIElmIHRoaXMgY2FsbGJhY2tcbiAgICogdGhyb3dzLCBubyB0cmFuc2FjdGlvbiBpcyBicm9hZGNhc3QuXG4gICAqL1xuICByZWFkb25seSAjb25NZmFQb2xsOiAoYXJnMDogTWZhUmVxdWVzdEluZm8pID0+IHZvaWQ7XG5cbiAgLyoqIFRoZSBhbW91bnQgb2YgdGltZSB0byB3YWl0IGJldHdlZW4gY2hlY2tzIGZvciBNRkEgdXBkYXRlcyAqL1xuICByZWFkb25seSAjbWZhUG9sbEludGVydmFsTXM6IG51bWJlcjtcblxuICAvKiogT3B0aW9uYWwgbWFuYWdlbWVudCBzZXNzaW9uLCB1c2VkIGZvciBNRkEgZmxvd3MgKi9cbiAgcmVhZG9ubHkgI21hbmFnZW1lbnRTZXNzaW9uPzogQ3ViZVNpZ25lcjtcblxuICAvKiogQ3JlYXRlIG5ldyBTaWduZXIgaW5zdGFuY2VcbiAgICogQHBhcmFtIHtLZXlJbmZvIHwgc3RyaW5nfSBhZGRyZXNzIFRoZSBrZXkgb3IgdGhlIGV0aCBhZGRyZXNzIG9mIHRoZSBhY2NvdW50IHRvIHVzZS5cbiAgICogQHBhcmFtIHtTaWduZXJTZXNzaW9ufSBzaWduZXJTZXNzaW9uIFRoZSB1bmRlcmx5aW5nIFNpZ25lciBzZXNzaW9uLlxuICAgKiBAcGFyYW0ge1NpZ25lck9wdGlvbnN9IG9wdGlvbnMgVGhlIG9wdGlvbnMgdG8gdXNlIGZvciB0aGUgU2lnbmVyIGluc3RhbmNlXG4gICAqL1xuICBjb25zdHJ1Y3RvcihhZGRyZXNzOiBLZXlJbmZvIHwgc3RyaW5nLCBzaWduZXJTZXNzaW9uOiBTaWduZXJTZXNzaW9uLCBvcHRpb25zPzogU2lnbmVyT3B0aW9ucykge1xuICAgIHN1cGVyKG9wdGlvbnM/LnByb3ZpZGVyKTtcbiAgICBpZiAodHlwZW9mIGFkZHJlc3MgPT09IFwic3RyaW5nXCIpIHtcbiAgICAgIHRoaXMuI2FkZHJlc3MgPSBhZGRyZXNzO1xuICAgIH0gZWxzZSB7XG4gICAgICB0aGlzLiNhZGRyZXNzID0gYWRkcmVzcy5tYXRlcmlhbElkO1xuICAgICAgdGhpcy4ja2V5ID0gYWRkcmVzcyBhcyBLZXlJbmZvO1xuICAgIH1cbiAgICB0aGlzLiNzaWduZXJTZXNzaW9uID0gc2lnbmVyU2Vzc2lvbjtcbiAgICB0aGlzLiNvbk1mYVBvbGwgPSBvcHRpb25zPy5vbk1mYVBvbGwgPz8gKCgvKiBfbWZhSW5mbzogTWZhUmVxdWVzdEluZm8gKi8pID0+IHt9KTsgLy8gZXNsaW50LWRpc2FibGUtbGluZSBAdHlwZXNjcmlwdC1lc2xpbnQvbm8tZW1wdHktZnVuY3Rpb25cbiAgICB0aGlzLiNtZmFQb2xsSW50ZXJ2YWxNcyA9IG9wdGlvbnM/Lm1mYVBvbGxJbnRlcnZhbE1zID8/IDEwMDA7XG4gICAgdGhpcy4jbWFuYWdlbWVudFNlc3Npb24gPSBvcHRpb25zPy5tYW5hZ2VtZW50U2Vzc2lvbjtcbiAgfVxuXG4gIC8qKiBSZXNvbHZlcyB0byB0aGUgc2lnbmVyIGFkZHJlc3MuICovXG4gIGFzeW5jIGdldEFkZHJlc3MoKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICByZXR1cm4gdGhpcy4jYWRkcmVzcztcbiAgfVxuXG4gIC8qKlxuICAgKiAgUmV0dXJucyB0aGUgc2lnbmVyIGNvbm5lY3RlZCB0byAlJXByb3ZpZGVyJSUuXG4gICAqICBAcGFyYW0ge251bGwgfCBldGhlcnMuUHJvdmlkZXJ9IHByb3ZpZGVyIFRoZSBvcHRpb25hbCBwcm92aWRlciBpbnN0YW5jZSB0byB1c2UuXG4gICAqICBAcmV0dXJuIHtTaWduZXJ9IFRoZSBzaWduZXIgY29ubmVjdGVkIHRvIHNpZ25lci5cbiAgICovXG4gIGNvbm5lY3QocHJvdmlkZXI6IG51bGwgfCBldGhlcnMuUHJvdmlkZXIpOiBTaWduZXIge1xuICAgIHJldHVybiBuZXcgU2lnbmVyKHRoaXMuI2FkZHJlc3MsIHRoaXMuI3NpZ25lclNlc3Npb24sIHsgcHJvdmlkZXIgfSk7XG4gIH1cblxuICAvKipcbiAgICogU2lnbnMgYSB0cmFuc2FjdGlvbi4gVGhpcyBwb3B1bGF0ZXMgdGhlIHRyYW5zYWN0aW9uIHR5cGUgdG8gYDB4MDJgIChFSVAtMTU1OSkgdW5sZXNzIHNldC4gVGhpcyBtZXRob2Qgd2lsbCBibG9jayBpZiB0aGUga2V5IHJlcXVpcmVzIE1GQSBhcHByb3ZhbC5cbiAgICogQHBhcmFtIHtldGhlcnMuVHJhbnNhY3Rpb25SZXF1ZXN0fSB0eCBUaGUgdHJhbnNhY3Rpb24gdG8gc2lnbi5cbiAgICogQHJldHVybiB7UHJvbWlzZTxzdHJpbmc+fSBIZXgtZW5jb2RlZCBSTFAgZW5jb2Rpbmcgb2YgdGhlIHRyYW5zYWN0aW9uIGFuZCBpdHMgc2lnbmF0dXJlLlxuICAgKi9cbiAgYXN5bmMgc2lnblRyYW5zYWN0aW9uKHR4OiBldGhlcnMuVHJhbnNhY3Rpb25SZXF1ZXN0KTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICAvLyBnZXQgdGhlIGNoYWluIGlkIGZyb20gdGhlIG5ldHdvcmsgb3IgdHhcbiAgICBsZXQgY2hhaW5JZCA9IHR4LmNoYWluSWQ7XG4gICAgaWYgKGNoYWluSWQgPT09IHVuZGVmaW5lZCkge1xuICAgICAgY29uc3QgbmV0d29yayA9IGF3YWl0IHRoaXMucHJvdmlkZXI/LmdldE5ldHdvcmsoKTtcbiAgICAgIGNoYWluSWQgPSBuZXR3b3JrPy5jaGFpbklkPy50b1N0cmluZygpID8/IFwiMVwiO1xuICAgIH1cblxuICAgIC8vIENvbnZlcnQgdGhlIHRyYW5zYWN0aW9uIGludG8gYSBKU09OLVJQQyB0cmFuc2FjdGlvblxuICAgIGNvbnN0IHJwY1R4ID1cbiAgICAgIHRoaXMucHJvdmlkZXIgaW5zdGFuY2VvZiBKc29uUnBjQXBpUHJvdmlkZXJcbiAgICAgICAgPyB0aGlzLnByb3ZpZGVyLmdldFJwY1RyYW5zYWN0aW9uKHR4KVxuICAgICAgICA6IC8vIFdlIGNhbiBqdXN0IGNhbGwgdGhlIGdldFJwY1RyYW5zYWN0aW9uIHdpdGggYVxuICAgICAgICAgIC8vIG51bGwgcmVjZWl2ZXIgc2luY2UgaXQgZG9lc24ndCBhY3R1YWxseSB1c2UgaXRcbiAgICAgICAgICAvLyAoYW5kIHJlYWxseSBzaG91bGQgYmUgZGVjbGFyZWQgc3RhdGljKS5cbiAgICAgICAgICBKc29uUnBjQXBpUHJvdmlkZXIucHJvdG90eXBlLmdldFJwY1RyYW5zYWN0aW9uLmNhbGwobnVsbCwgdHgpO1xuICAgIHJwY1R4LnR5cGUgPSB0b0JlSGV4KHR4LnR5cGUgPz8gMHgwMiwgMSk7IC8vIHdlIGV4cGVjdCAweDBbMC0yXVxuXG4gICAgY29uc3QgcmVxID0gPEV2bVNpZ25SZXF1ZXN0PntcbiAgICAgIGNoYWluX2lkOiBOdW1iZXIoY2hhaW5JZCksXG4gICAgICB0eDogcnBjVHgsXG4gICAgfTtcblxuICAgIGNvbnN0IHJlcyA9IGF3YWl0IHRoaXMuI3NpZ25lclNlc3Npb24uc2lnbkV2bSh0aGlzLiNhZGRyZXNzLCByZXEpO1xuICAgIGNvbnN0IGRhdGEgPSBhd2FpdCB0aGlzLiNoYW5kbGVNZmEocmVzKTtcbiAgICByZXR1cm4gZGF0YS5ybHBfc2lnbmVkX3R4O1xuICB9XG5cbiAgLyoqIFNpZ25zIGFyYml0cmFyeSBtZXNzYWdlcy4gVGhpcyB1c2VzIGV0aGVycy5qcydzIFtoYXNoTWVzc2FnZV0oaHR0cHM6Ly9kb2NzLmV0aGVycy5vcmcvdjYvYXBpL2hhc2hpbmcvI2hhc2hNZXNzYWdlKVxuICAgKiB0byBjb21wdXRlIHRoZSBFSVAtMTkxIGRpZ2VzdCBhbmQgc2lnbnMgdGhpcyBkaWdlc3QgdXNpbmcge0BsaW5rIEtleSNzaWduQmxvYn0uXG4gICAqIFRoZSBrZXkgKGZvciB0aGlzIHNlc3Npb24pIG11c3QgaGF2ZSB0aGUgYFwiQWxsb3dSYXdCbG9iU2lnbmluZ1wiYCBwb2xpY3kgYXR0YWNoZWQuXG4gICAqIEBwYXJhbSB7c3RyaW5nIHwgVWludDhBcnJheX0gbWVzc2FnZSBUaGUgbWVzc2FnZSB0byBzaWduLlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPHN0cmluZz59IFRoZSBzaWduYXR1cmUuXG4gICAqL1xuICBhc3luYyBzaWduTWVzc2FnZShtZXNzYWdlOiBzdHJpbmcgfCBVaW50OEFycmF5KTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICBjb25zdCBkaWdlc3QgPSBldGhlcnMuaGFzaE1lc3NhZ2UobWVzc2FnZSk7XG4gICAgcmV0dXJuIHRoaXMuc2lnbkJsb2IoZGlnZXN0KTtcbiAgfVxuXG4gIC8qKiBTaWducyBFSVAtNzEyIHR5cGVkIGRhdGEuIFRoaXMgdXNlcyBldGhlcnMuanMnc1xuICAgKiBbVHlwZWREYXRhRW5jb2Rlci5oYXNoXShodHRwczovL2RvY3MuZXRoZXJzLm9yZy92Ni9hcGkvaGFzaGluZy8jVHlwZWREYXRhRW5jb2Rlcl9oYXNoKVxuICAgKiB0byBjb21wdXRlIHRoZSBFSVAtNzEyIGRpZ2VzdCBhbmQgc2lnbnMgdGhpcyBkaWdlc3QgdXNpbmcge0BsaW5rIEtleSNzaWduQmxvYn0uXG4gICAqIFRoZSBrZXkgKGZvciB0aGlzIHNlc3Npb24pIG11c3QgaGF2ZSB0aGUgYFwiQWxsb3dSYXdCbG9iU2lnbmluZ1wiYCBwb2xpY3kgYXR0YWNoZWQuXG4gICAqIEBwYXJhbSB7VHlwZWREYXRhRG9tYWlufSBkb21haW4gVGhlIGRvbWFpbiBvZiB0aGUgdHlwZWQgZGF0YS5cbiAgICogQHBhcmFtIHtSZWNvcmQ8c3RyaW5nLCBBcnJheTxUeXBlZERhdGFGaWVsZD4+fSB0eXBlcyBUaGUgdHlwZXMgb2YgdGhlIHR5cGVkIGRhdGEuXG4gICAqIEBwYXJhbSB7UmVjb3JkPHN0cmluZywgYW55Pn0gdmFsdWUgVGhlIHZhbHVlIG9mIHRoZSB0eXBlZCBkYXRhLlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPHN0cmluZz59IFRoZSBzaWduYXR1cmUuXG4gICAqL1xuICBhc3luYyBzaWduVHlwZWREYXRhKFxuICAgIGRvbWFpbjogVHlwZWREYXRhRG9tYWluLFxuICAgIHR5cGVzOiBSZWNvcmQ8c3RyaW5nLCBBcnJheTxUeXBlZERhdGFGaWVsZD4+LFxuICAgIHZhbHVlOiBSZWNvcmQ8c3RyaW5nLCBhbnk+LCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIEB0eXBlc2NyaXB0LWVzbGludC9uby1leHBsaWNpdC1hbnlcbiAgKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICBjb25zdCBkaWdlc3QgPSBUeXBlZERhdGFFbmNvZGVyLmhhc2goZG9tYWluLCB0eXBlcywgdmFsdWUpO1xuICAgIHJldHVybiB0aGlzLnNpZ25CbG9iKGRpZ2VzdCk7XG4gIH1cblxuICAvKiogU2lnbiBhcmJpdHJhcnkgZGlnZXN0LiBUaGlzIHVzZXMge0BsaW5rIEtleSNzaWduQmxvYn0uXG4gICAqIEBwYXJhbSB7c3RyaW5nfSBkaWdlc3QgVGhlIGRpZ2VzdCB0byBzaWduLlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPHN0cmluZz59IFRoZSBzaWduYXR1cmUuXG4gICAqL1xuICBwcml2YXRlIGFzeW5jIHNpZ25CbG9iKGRpZ2VzdDogc3RyaW5nKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICBjb25zdCBibG9iUmVxID0gPEJsb2JTaWduUmVxdWVzdD57XG4gICAgICBtZXNzYWdlX2Jhc2U2NDogQnVmZmVyLmZyb20oZ2V0Qnl0ZXMoZGlnZXN0KSkudG9TdHJpbmcoXCJiYXNlNjRcIiksXG4gICAgfTtcbiAgICAvLyBHZXQgdGhlIGtleSBjb3JyZXNwb25kaW5nIHRvIHRoaXMgYWRkcmVzc1xuICAgIGlmICh0aGlzLiNrZXkgPT09IHVuZGVmaW5lZCkge1xuICAgICAgY29uc3Qga2V5ID0gKGF3YWl0IHRoaXMuI3NpZ25lclNlc3Npb24ua2V5cygpKS5maW5kKChrKSA9PiBrLm1hdGVyaWFsX2lkID09PSB0aGlzLiNhZGRyZXNzKTtcbiAgICAgIGlmIChrZXkgPT09IHVuZGVmaW5lZCkge1xuICAgICAgICB0aHJvdyBuZXcgRXJyb3IoYENhbm5vdCBhY2Nlc3Mga2V5ICcke3RoaXMuI2FkZHJlc3N9J2ApO1xuICAgICAgfVxuICAgICAgdGhpcy4ja2V5ID0ga2V5O1xuICAgIH1cblxuICAgIGNvbnN0IHJlcyA9IGF3YWl0IHRoaXMuI3NpZ25lclNlc3Npb24uc2lnbkJsb2IodGhpcy4ja2V5LmtleV9pZCwgYmxvYlJlcSk7XG4gICAgY29uc3QgZGF0YSA9IGF3YWl0IHRoaXMuI2hhbmRsZU1mYShyZXMpO1xuICAgIHJldHVybiBkYXRhLnNpZ25hdHVyZTtcbiAgfVxuXG4gIC8qKlxuICAgKiBJZiB0aGUgc2lnbiByZXF1ZXN0IHJlcXVpcmVzIE1GQSwgdGhpcyBtZXRob2Qgd2FpdHMgZm9yIGFwcHJvdmFsc1xuICAgKlxuICAgKiBAcGFyYW0ge1NpZ25SZXNwb25zZTxVPn0gcmVzIFRoZSByZXNwb25zZSBvZiBhIHNpZ24gcmVxdWVzdFxuICAgKiBAcmV0dXJuIHtQcm9taXNlPFU+fSBUaGUgc2lnbiBkYXRhIGFmdGVyIE1GQSBhcHByb3ZhbHNcbiAgICovXG4gIGFzeW5jICNoYW5kbGVNZmE8VT4ocmVzOiBTaWduUmVzcG9uc2U8VT4pOiBQcm9taXNlPFU+IHtcbiAgICB3aGlsZSAocmVzLnJlcXVpcmVzTWZhKCkpIHtcbiAgICAgIGF3YWl0IG5ldyBQcm9taXNlKChyZXNvbHZlKSA9PiBzZXRUaW1lb3V0KHJlc29sdmUsIHRoaXMuI21mYVBvbGxJbnRlcnZhbE1zKSk7XG5cbiAgICAgIGNvbnN0IG1mYUluZm8gPSBhd2FpdCB0aGlzLiNzaWduZXJTZXNzaW9uLmdldE1mYUluZm8odGhpcy4jbWFuYWdlbWVudFNlc3Npb24hLCByZXMubWZhSWQoKSk7XG4gICAgICB0aGlzLiNvbk1mYVBvbGwobWZhSW5mbyk7XG4gICAgICBpZiAobWZhSW5mby5yZWNlaXB0KSB7XG4gICAgICAgIHJlcyA9IGF3YWl0IHJlcy5zaWduV2l0aE1mYUFwcHJvdmFsKG1mYUluZm8pO1xuICAgICAgfVxuICAgIH1cbiAgICByZXR1cm4gcmVzLmRhdGEoKTtcbiAgfVxufVxuIl19
|
package/dist/src/index.d.ts
CHANGED
|
@@ -1,34 +1,35 @@
|
|
|
1
1
|
import { EnvInterface } from "./env";
|
|
2
|
-
import { components, Client } from "./client";
|
|
2
|
+
import { components, Client, paths } from "./client";
|
|
3
3
|
import { Org } from "./org";
|
|
4
|
-
import { SignerSessionStorage } from "./session/signer_session_manager";
|
|
5
|
-
import { SignerSession } from "./signer_session";
|
|
6
|
-
import {
|
|
7
|
-
import { OidcSessionManager, OidcSessionStorage } from "./session/oidc_session_manager";
|
|
4
|
+
import { SignerSessionStorage, SignerSessionManager } from "./session/signer_session_manager";
|
|
5
|
+
import { MfaRequestInfo, SignResponse, SignerSession } from "./signer_session";
|
|
6
|
+
import { CognitoSessionManager, CognitoSessionStorage } from "./session/cognito_manager";
|
|
8
7
|
/** CubeSigner constructor options */
|
|
9
8
|
export interface CubeSignerOptions {
|
|
10
9
|
/** The environment to use */
|
|
11
10
|
env?: EnvInterface;
|
|
12
11
|
/** The management authorization token */
|
|
13
|
-
sessionMgr?:
|
|
12
|
+
sessionMgr?: CognitoSessionManager | SignerSessionManager;
|
|
14
13
|
}
|
|
15
14
|
export type UserInfo = components["schemas"]["UserInfo"];
|
|
16
15
|
export type TotpInfo = components["responses"]["TotpInfo"]["content"]["application/json"];
|
|
17
16
|
export type ConfiguredMfa = components["schemas"]["ConfiguredMfa"];
|
|
17
|
+
export type RatchetConfig = components["schemas"]["RatchetConfig"];
|
|
18
|
+
type OidcAuthResponse = paths["/v0/org/{org_id}/oidc"]["post"]["responses"]["200"]["content"]["application/json"];
|
|
18
19
|
/** CubeSigner client */
|
|
19
20
|
export declare class CubeSigner {
|
|
20
21
|
#private;
|
|
21
|
-
readonly sessionMgr?:
|
|
22
|
+
readonly sessionMgr?: CognitoSessionManager | SignerSessionManager;
|
|
22
23
|
/** @return {EnvInterface} The CubeSigner environment of this client */
|
|
23
24
|
get env(): EnvInterface;
|
|
24
25
|
/**
|
|
25
26
|
* Loads an existing management session and creates a CubeSigner instance.
|
|
26
|
-
* @param {
|
|
27
|
+
* @param {CognitoSessionStorage} storage Optional session storage to load
|
|
27
28
|
* the session from. If not specified, the management session from the config
|
|
28
29
|
* directory will be loaded.
|
|
29
30
|
* @return {Promise<CubeSigner>} New CubeSigner instance
|
|
30
31
|
*/
|
|
31
|
-
static loadManagementSession(storage?:
|
|
32
|
+
static loadManagementSession(storage?: CognitoSessionStorage): Promise<CubeSigner>;
|
|
32
33
|
/**
|
|
33
34
|
* Loads a signer session from a session storage (e.g., session file).
|
|
34
35
|
* @param {SignerSessionStorage} storage Optional session storage to load
|
|
@@ -37,37 +38,38 @@ export declare class CubeSigner {
|
|
|
37
38
|
* @return {Promise<SignerSession>} New signer session
|
|
38
39
|
*/
|
|
39
40
|
static loadSignerSession(storage?: SignerSessionStorage): Promise<SignerSession>;
|
|
40
|
-
/**
|
|
41
|
-
* Loads a signer session from OIDC storage
|
|
42
|
-
* @param {OidcSessionStorage} storage The storage to load from
|
|
43
|
-
* @return {Promise<SignerSession>} New signer session
|
|
44
|
-
*/
|
|
45
|
-
static loadOidcSession(storage: OidcSessionStorage): Promise<SignerSession>;
|
|
46
41
|
/**
|
|
47
42
|
* Create a new CubeSigner instance.
|
|
48
|
-
* @param {CubeSignerOptions} options The options for the CubeSigner instance.
|
|
43
|
+
* @param {CubeSignerOptions} options The optional configuraiton options for the CubeSigner instance.
|
|
49
44
|
*/
|
|
50
|
-
constructor(options
|
|
45
|
+
constructor(options?: CubeSignerOptions);
|
|
51
46
|
/**
|
|
52
|
-
* Authenticate an OIDC user and create a new
|
|
47
|
+
* Authenticate an OIDC user and create a new session manager for them.
|
|
53
48
|
* @param {string} oidcToken The OIDC token
|
|
54
49
|
* @param {string} orgId The id of the organization that the user is in
|
|
55
50
|
* @param {List<string>} scopes The scopes of the resulting session
|
|
56
|
-
* @param {
|
|
57
|
-
* @
|
|
51
|
+
* @param {RatchetConfig} lifetimes Lifetimes of the new session.
|
|
52
|
+
* @param {SignerSessionStorage?} storage Optional signer session storage (defaults to in-memory storage)
|
|
53
|
+
* @return {Promise<SignerSessionManager>} The signer session manager
|
|
58
54
|
*/
|
|
59
|
-
|
|
60
|
-
/**
|
|
61
|
-
* Authenticate an OIDC user and create a new session for them.
|
|
62
|
-
* @param {string} oidcToken The OIDC token
|
|
63
|
-
* @param {string} orgId The id of the organization that the user is in
|
|
64
|
-
* @param {List<string>} scopes The scopes of the resulting session
|
|
65
|
-
* @param {OidcSessionStorage} storage The signer session storage
|
|
66
|
-
* @return {Promise<SignerSession>} The signer session
|
|
67
|
-
*/
|
|
68
|
-
createOidcSession(oidcToken: string, orgId: string, scopes: Array<string>, storage?: OidcSessionStorage): Promise<SignerSession>;
|
|
55
|
+
oidcAuth(oidcToken: string, orgId: string, scopes: Array<string>, lifetimes?: RatchetConfig, storage?: SignerSessionStorage): Promise<SignerSessionManager>;
|
|
69
56
|
/** Retrieves information about the current user. */
|
|
70
57
|
aboutMe(): Promise<UserInfo>;
|
|
58
|
+
/**
|
|
59
|
+
* Creates and sets a new TOTP configuration for the logged in user,
|
|
60
|
+
* if and only if no TOTP configuration is already set.
|
|
61
|
+
*
|
|
62
|
+
* @return {Promise<TotpInfo>} Newly created TOTP configuration.
|
|
63
|
+
*/
|
|
64
|
+
initTotp(): Promise<TotpInfo>;
|
|
65
|
+
/**
|
|
66
|
+
* Retrieves existing MFA request.
|
|
67
|
+
*
|
|
68
|
+
* @param {string} orgId Organization ID
|
|
69
|
+
* @param {string} mfaId MFA request ID
|
|
70
|
+
* @return {Promise<MfaRequestInfo>} MFA request information
|
|
71
|
+
*/
|
|
72
|
+
mfaGet(orgId: string, mfaId: string): Promise<MfaRequestInfo>;
|
|
71
73
|
/**
|
|
72
74
|
* Creates and sets a new TOTP configuration for the logged-in user,
|
|
73
75
|
* overriding the existing one (if any).
|
|
@@ -89,6 +91,23 @@ export declare class CubeSigner {
|
|
|
89
91
|
* @internal
|
|
90
92
|
* */
|
|
91
93
|
management(): Promise<Client>;
|
|
94
|
+
/**
|
|
95
|
+
* Exchange an OIDC token for a CubeSigner session token.
|
|
96
|
+
* @param {string} oidcToken The OIDC token
|
|
97
|
+
* @param {string} orgId The id of the organization that the user is in
|
|
98
|
+
* @param {List<string>} scopes The scopes of the resulting session
|
|
99
|
+
* @param {RatchetConfig} lifetimes Lifetimes of the new session.
|
|
100
|
+
* @param {MfaReceipt} mfaReceipt Optional MFA receipt (id + confirmation code)
|
|
101
|
+
* @return {Promise<SignResponse<OidcAuthResponse>>} The session data.
|
|
102
|
+
*/
|
|
103
|
+
oidcLogin(oidcToken: string, orgId: string, scopes: Array<string>, lifetimes?: RatchetConfig, mfaReceipt?: MfaReceipt): Promise<SignResponse<OidcAuthResponse>>;
|
|
104
|
+
}
|
|
105
|
+
/** MFA receipt */
|
|
106
|
+
export interface MfaReceipt {
|
|
107
|
+
/** MFA request ID */
|
|
108
|
+
mfaId: string;
|
|
109
|
+
/** MFA confirmation code */
|
|
110
|
+
mfaConf: string;
|
|
92
111
|
}
|
|
93
112
|
/** Organizations */
|
|
94
113
|
export * from "./org";
|
|
@@ -105,9 +124,7 @@ export * from "./session/session_storage";
|
|
|
105
124
|
/** Session manager */
|
|
106
125
|
export * from "./session/session_manager";
|
|
107
126
|
/** Management session manager */
|
|
108
|
-
export * from "./session/
|
|
109
|
-
/** OIDC session manager */
|
|
110
|
-
export * from "./session/oidc_session_manager";
|
|
127
|
+
export * from "./session/cognito_manager";
|
|
111
128
|
/** Signer session manager */
|
|
112
129
|
export * from "./session/signer_session_manager";
|
|
113
130
|
/** Export ethers.js Signer */
|