@cubist-labs/cubesigner-sdk 0.1.26 → 0.1.50

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/README.md +30 -22
  2. package/dist/src/ethers/index.d.ts +25 -5
  3. package/dist/src/ethers/index.js +53 -16
  4. package/dist/src/index.d.ts +50 -33
  5. package/dist/src/index.js +79 -39
  6. package/dist/src/key.d.ts +58 -8
  7. package/dist/src/key.js +77 -14
  8. package/dist/src/org.d.ts +71 -6
  9. package/dist/src/org.js +90 -8
  10. package/dist/src/role.d.ts +19 -7
  11. package/dist/src/role.js +5 -3
  12. package/dist/src/schema.d.ts +1273 -91
  13. package/dist/src/schema.js +1 -1
  14. package/dist/src/session/cognito_manager.d.ts +59 -0
  15. package/dist/src/session/cognito_manager.js +111 -0
  16. package/dist/src/session/session_manager.d.ts +15 -0
  17. package/dist/src/session/session_manager.js +20 -1
  18. package/dist/src/session/signer_session_manager.d.ts +22 -12
  19. package/dist/src/session/signer_session_manager.js +42 -19
  20. package/dist/src/signer_session.d.ts +41 -29
  21. package/dist/src/signer_session.js +84 -69
  22. package/package.json +4 -1
  23. package/src/ethers/index.ts +83 -16
  24. package/src/index.ts +112 -64
  25. package/src/key.ts +103 -16
  26. package/src/org.ts +126 -10
  27. package/src/role.ts +21 -8
  28. package/src/schema.ts +1356 -168
  29. package/src/session/{management_session_manager.ts → cognito_manager.ts} +13 -15
  30. package/src/session/session_manager.ts +24 -0
  31. package/src/session/signer_session_manager.ts +52 -26
  32. package/src/signer_session.ts +90 -81
  33. package/src/session/oidc_session_manager.ts +0 -193
package/README.md CHANGED
@@ -71,11 +71,11 @@ session manager:
71
71
 
72
72
  ```typescript
73
73
  // Load session from a JSON file
74
- const fileStorage = new cs.JsonFileSessionStorage<cs.ManagementSessionInfo>(
74
+ const fileStorage = new cs.JsonFileSessionStorage<cs.CognitoSessionInfo>(
75
75
  `${process.env.HOME}/.config/cubesigner/management-session.json`,
76
76
  );
77
77
  // Create a session manager for a management token
78
- const sessionMgr = await cs.ManagementSessionManager.loadFromStorage(fileStorage);
78
+ const sessionMgr = await cs.CognitoSessionManager.loadFromStorage(fileStorage);
79
79
  new cs.CubeSigner({
80
80
  sessionMgr,
81
81
  });
@@ -113,7 +113,7 @@ transaction. For that, we need a key of type `Secp256k1.Evm`.
113
113
  const secpKey = await org.createKey(cs.Secp256k1.Evm);
114
114
  assert((await secpKey.owner()) == me.user_id);
115
115
  assert(await secpKey.enabled());
116
- console.log(`Created '${secpKey.type}' key ${secpKey.id}`);
116
+ console.log(`Created '${await secpKey.type()}' key ${secpKey.id}`);
117
117
  ```
118
118
 
119
119
  ### Create a `Role` and a `SignerSession`
@@ -201,7 +201,7 @@ assert(sig.data().rlp_signed_tx);
201
201
  ```typescript
202
202
  const { ethers } = require("ethers");
203
203
  // Create new Signer
204
- const ethersSigner = new cs.ethers.Signer(secpKey.materialId, session /*, provider */);
204
+ const ethersSigner = new cs.ethers.Signer(secpKey.materialId, session);
205
205
  assert((await ethersSigner.getAddress()) === secpKey.materialId);
206
206
  // sign transaction as usual:
207
207
  console.log(
@@ -264,22 +264,30 @@ disabled for `BLS` keys, and for other key types it can be enabled by
264
264
  attaching an `"AllowRawBlobSigning"` policy:
265
265
 
266
266
  ```typescript
267
- console.log("Confirming that raw blob is rejected by default");
268
- const blobReq = <cs.BlobSignRequest>{
269
- message_base64: "L1kE9g59xD3fzYQQSR7340BwU9fGrP6EMfIFcyX/YBc=",
270
- };
271
- try {
272
- await session.signBlob(secpKey, blobReq);
273
- assert(false, "Must be rejected by policy");
274
- } catch (e) {
275
- assert(`${e}`.includes("Raw blob signing not allowed"));
267
+ // Create a new Ed25519 key (e.g., for Cardano) and add it to our session role
268
+ const edKey = await org.createKey(cs.Ed25519.Cardano);
269
+ await role.addKey(edKey);
270
+ console.log(`Created '${await edKey.type()}' key ${edKey.id} and added it to role ${role.id}`);
271
+
272
+ // Sign raw blobs with our new ed key and the secp we created before
273
+ for (const key of [edKey, secpKey]) {
274
+ console.log(`Confirming that raw blob with ${await key.type()} is rejected by default`);
275
+ const blobReq = <cs.BlobSignRequest>{
276
+ message_base64: "L1kE9g59xD3fzYQQSR7340BwU9fGrP6EMfIFcyX/YBc=",
277
+ };
278
+ try {
279
+ await session.signBlob(key, blobReq);
280
+ assert(false, "Must be rejected by policy");
281
+ } catch (e) {
282
+ assert(`${e}`.includes("Raw blob signing not allowed"));
283
+ }
284
+
285
+ console.log("Signing raw blob after adding 'AllowRawBlobSigning' policy");
286
+ await key.appendPolicy(["AllowRawBlobSigning"]);
287
+ const blobSig = await session.signBlob(key, blobReq);
288
+ console.log(blobSig.data());
289
+ assert(blobSig.data().signature);
276
290
  }
277
-
278
- console.log("Signing raw blob after adding 'AllowRawBlobSigning' policy");
279
- await secpKey.appendPolicy(["AllowRawBlobSigning"]);
280
- const blobSig = await session.signBlob(secpKey, blobReq);
281
- console.log(blobSig.data());
282
- assert(blobSig.data().signature);
283
291
  ```
284
292
 
285
293
  > **Warning**
@@ -348,7 +356,7 @@ of `SignerSession`, required by all signing endpoints, e.g.,
348
356
  `signEvm`)
349
357
 
350
358
  ```typescript
351
- const oidcSession = await cubesigner.createOidcSession(oidcToken, org.id, ["sign:*"]);
359
+ const oidcSession = new cs.SignerSession(await cubesigner.oidcAuth(oidcToken, org.id, ["sign:*"]));
352
360
  ```
353
361
 
354
362
  or a _management_ session (i.e., and instance of `CubeSigner`,
@@ -357,7 +365,7 @@ information, configuring user MFA methods, etc.).
357
365
 
358
366
  ```typescript
359
367
  const oidcCubeSigner = new cs.CubeSigner({
360
- sessionMgr: await cubesigner.createOidcManager(oidcToken, org.id, ["manage:*"]),
368
+ sessionMgr: await cubesigner.oidcAuth(oidcToken, org.id, ["manage:*"]),
361
369
  });
362
370
  ```
363
371
 
@@ -405,7 +413,7 @@ as one of the configured MFA factors.
405
413
  ```typescript
406
414
  const mfa = (await oidcCubeSigner.aboutMe()).mfa;
407
415
  console.log("Configured MFA types", mfa);
408
- assert(mfa.includes("Totp"));
416
+ assert(mfa.map((m) => m.type).includes("totp"));
409
417
  ```
410
418
 
411
419
  ### Configure MFA policy for signing
package/dist/src/ethers/index.d.ts CHANGED
@@ -1,16 +1,35 @@
1
1
  import { TypedDataDomain, TypedDataField, ethers } from "ethers";
2
- import { SignerSession } from "../signer_session";
2
+ import { MfaRequestInfo, SignerSession } from "../signer_session";
3
+ import { KeyInfo } from "../key";
4
+ import { CubeSigner } from "..";
5
+ /** Options for the signer */
6
+ interface SignerOptions {
7
+ /** Optional provider to use */
8
+ provider?: null | ethers.Provider;
9
+ /**
10
+ * The function to call when MFA information is retrieved. If this callback
11
+ * throws, no transaction is broadcast.
12
+ */
13
+ onMfaPoll?: (arg0: MfaRequestInfo) => void;
14
+ /**
15
+ * The amount of time (in milliseconds) to wait between checks for MFA
16
+ * updates. Default is 1000ms
17
+ */
18
+ mfaPollIntervalMs?: number;
19
+ /** Optional management session. Used to check for MFA updates */
20
+ managementSession?: CubeSigner;
21
+ }
3
22
  /**
4
23
  * A ethers.js Signer using CubeSigner
5
24
  */
6
25
  export declare class Signer extends ethers.AbstractSigner {
7
26
  #private;
8
27
  /** Create new Signer instance
9
- * @param {string} address The address of the account to use.
28
+ * @param {KeyInfo | string} address The key or the eth address of the account to use.
10
29
  * @param {SignerSession} signerSession The underlying Signer session.
11
- * @param {null | ethers.Provider} provider The optional provider instance to use.
30
+ * @param {SignerOptions} options The options to use for the Signer instance
12
31
  */
13
- constructor(address: string, signerSession: SignerSession, provider?: null | ethers.Provider);
32
+ constructor(address: KeyInfo | string, signerSession: SignerSession, options?: SignerOptions);
14
33
  /** Resolves to the signer address. */
15
34
  getAddress(): Promise<string>;
16
35
  /**
@@ -20,7 +39,7 @@ export declare class Signer extends ethers.AbstractSigner {
20
39
  */
21
40
  connect(provider: null | ethers.Provider): Signer;
22
41
  /**
23
- * Signs a transaction. This populates the transaction type to `0x02` (EIP-1559) unless set.
42
+ * Signs a transaction. This populates the transaction type to `0x02` (EIP-1559) unless set. This method will block if the key requires MFA approval.
24
43
  * @param {ethers.TransactionRequest} tx The transaction to sign.
25
44
  * @return {Promise<string>} Hex-encoded RLP encoding of the transaction and its signature.
26
45
  */
@@ -48,3 +67,4 @@ export declare class Signer extends ethers.AbstractSigner {
48
67
  */
49
68
  private signBlob;
50
69
  }
70
+ export {};
package/dist/src/ethers/index.js CHANGED
@@ -10,7 +10,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
10
10
  if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
11
11
  return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
12
12
  };
13
- var _Signer_address, _Signer_key, _Signer_signerSession;
13
+ var _Signer_instances, _Signer_address, _Signer_key, _Signer_signerSession, _Signer_onMfaPoll, _Signer_mfaPollIntervalMs, _Signer_managementSession, _Signer_handleMfa;
14
14
  Object.defineProperty(exports, "__esModule", { value: true });
15
15
  exports.Signer = void 0;
16
16
  const ethers_1 = require("ethers");
@@ -19,20 +19,39 @@ const ethers_1 = require("ethers");
19
19
  */
20
20
  class Signer extends ethers_1.ethers.AbstractSigner {
21
21
  /** Create new Signer instance
22
- * @param {string} address The address of the account to use.
22
+ * @param {KeyInfo | string} address The key or the eth address of the account to use.
23
23
  * @param {SignerSession} signerSession The underlying Signer session.
24
- * @param {null | ethers.Provider} provider The optional provider instance to use.
24
+ * @param {SignerOptions} options The options to use for the Signer instance
25
25
  */
26
- constructor(address, signerSession, provider) {
27
- super(provider);
26
+ constructor(address, signerSession, options) {
27
+ super(options?.provider);
28
+ _Signer_instances.add(this);
28
29
  /** The address of the account */
29
30
  _Signer_address.set(this, void 0);
30
31
  /** The key to use for signing */
31
32
  _Signer_key.set(this, void 0);
32
33
  /** The underlying session */
33
34
  _Signer_signerSession.set(this, void 0);
34
- __classPrivateFieldSet(this, _Signer_address, address, "f");
35
+ /**
36
+ * The function to call when MFA information is retrieved. If this callback
37
+ * throws, no transaction is broadcast.
38
+ */
39
+ _Signer_onMfaPoll.set(this, void 0);
40
+ /** The amount of time to wait between checks for MFA updates */
41
+ _Signer_mfaPollIntervalMs.set(this, void 0);
42
+ /** Optional management session, used for MFA flows */
43
+ _Signer_managementSession.set(this, void 0);
44
+ if (typeof address === "string") {
45
+ __classPrivateFieldSet(this, _Signer_address, address, "f");
46
+ }
47
+ else {
48
+ __classPrivateFieldSet(this, _Signer_address, address.materialId, "f");
49
+ __classPrivateFieldSet(this, _Signer_key, address, "f");
50
+ }
35
51
  __classPrivateFieldSet(this, _Signer_signerSession, signerSession, "f");
52
+ __classPrivateFieldSet(this, _Signer_onMfaPoll, options?.onMfaPoll ?? (( /* _mfaInfo: MfaRequestInfo */) => { }), "f"); // eslint-disable-line @typescript-eslint/no-empty-function
53
+ __classPrivateFieldSet(this, _Signer_mfaPollIntervalMs, options?.mfaPollIntervalMs ?? 1000, "f");
54
+ __classPrivateFieldSet(this, _Signer_managementSession, options?.managementSession, "f");
36
55
  }
37
56
  /** Resolves to the signer address. */
38
57
  async getAddress() {
@@ -44,10 +63,10 @@ class Signer extends ethers_1.ethers.AbstractSigner {
44
63
  * @return {Signer} The signer connected to signer.
45
64
  */
46
65
  connect(provider) {
47
- return new Signer(__classPrivateFieldGet(this, _Signer_address, "f"), __classPrivateFieldGet(this, _Signer_signerSession, "f"), provider);
66
+ return new Signer(__classPrivateFieldGet(this, _Signer_address, "f"), __classPrivateFieldGet(this, _Signer_signerSession, "f"), { provider });
48
67
  }
49
68
  /**
50
- * Signs a transaction. This populates the transaction type to `0x02` (EIP-1559) unless set.
69
+ * Signs a transaction. This populates the transaction type to `0x02` (EIP-1559) unless set. This method will block if the key requires MFA approval.
51
70
  * @param {ethers.TransactionRequest} tx The transaction to sign.
52
71
  * @return {Promise<string>} Hex-encoded RLP encoding of the transaction and its signature.
53
72
  */
@@ -70,8 +89,9 @@ class Signer extends ethers_1.ethers.AbstractSigner {
70
89
  chain_id: Number(chainId),
71
90
  tx: rpcTx,
72
91
  };
73
- const sig = await __classPrivateFieldGet(this, _Signer_signerSession, "f").signEvm(__classPrivateFieldGet(this, _Signer_address, "f"), req);
74
- return sig.data().rlp_signed_tx;
92
+ const res = await __classPrivateFieldGet(this, _Signer_signerSession, "f").signEvm(__classPrivateFieldGet(this, _Signer_address, "f"), req);
93
+ const data = await __classPrivateFieldGet(this, _Signer_instances, "m", _Signer_handleMfa).call(this, res);
94
+ return data.rlp_signed_tx;
75
95
  }
76
96
  /** Signs arbitrary messages. This uses ethers.js's [hashMessage](https://docs.ethers.org/v6/api/hashing/#hashMessage)
77
97
  * to compute the EIP-191 digest and signs this digest using {@link Key#signBlob}.
@@ -106,17 +126,34 @@ class Signer extends ethers_1.ethers.AbstractSigner {
106
126
  };
107
127
  // Get the key corresponding to this address
108
128
  if (__classPrivateFieldGet(this, _Signer_key, "f") === undefined) {
109
- const key = (await __classPrivateFieldGet(this, _Signer_signerSession, "f").keys()).find((k) => k.materialId === __classPrivateFieldGet(this, _Signer_address, "f"));
129
+ const key = (await __classPrivateFieldGet(this, _Signer_signerSession, "f").keys()).find((k) => k.material_id === __classPrivateFieldGet(this, _Signer_address, "f"));
110
130
  if (key === undefined) {
111
131
  throw new Error(`Cannot access key '${__classPrivateFieldGet(this, _Signer_address, "f")}'`);
112
132
  }
113
133
  __classPrivateFieldSet(this, _Signer_key, key, "f");
114
134
  }
115
- // sign
116
- const result = await __classPrivateFieldGet(this, _Signer_signerSession, "f").signBlob(__classPrivateFieldGet(this, _Signer_key, "f"), blobReq);
117
- return result.data().signature;
135
+ const res = await __classPrivateFieldGet(this, _Signer_signerSession, "f").signBlob(__classPrivateFieldGet(this, _Signer_key, "f").key_id, blobReq);
136
+ const data = await __classPrivateFieldGet(this, _Signer_instances, "m", _Signer_handleMfa).call(this, res);
137
+ return data.signature;
118
138
  }
119
139
  }
120
140
  exports.Signer = Signer;
121
- _Signer_address = new WeakMap(), _Signer_key = new WeakMap(), _Signer_signerSession = new WeakMap();
122
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvZXRoZXJzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7OztBQUFBLG1DQVFnQjtBQUloQjs7R0FFRztBQUNILE1BQWEsTUFBTyxTQUFRLGVBQU0sQ0FBQyxjQUFjO0lBVS9DOzs7O09BSUc7SUFDSCxZQUFZLE9BQWUsRUFBRSxhQUE0QixFQUFFLFFBQWlDO1FBQzFGLEtBQUssQ0FBQyxRQUFRLENBQUMsQ0FBQztRQWZsQixpQ0FBaUM7UUFDeEIsa0NBQWlCO1FBRTFCLGlDQUFpQztRQUNqQyw4QkFBVztRQUVYLDZCQUE2QjtRQUNwQix3Q0FBOEI7UUFTckMsdUJBQUEsSUFBSSxtQkFBWSxPQUFPLE1BQUEsQ0FBQztRQUN4Qix1QkFBQSxJQUFJLHlCQUFrQixhQUFhLE1BQUEsQ0FBQztJQUN0QyxDQUFDO0lBRUQsc0NBQXNDO0lBQ3RDLEtBQUssQ0FBQyxVQUFVO1FBQ2QsT0FBTyx1QkFBQSxJQUFJLHVCQUFTLENBQUM7SUFDdkIsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxPQUFPLENBQUMsUUFBZ0M7UUFDdEMsT0FBTyxJQUFJLE1BQU0sQ0FBQyx1QkFBQSxJQUFJLHVCQUFTLEVBQUUsdUJBQUEsSUFBSSw2QkFBZSxFQUFFLFFBQVEsQ0FBQyxDQUFDO0lBQ2xFLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLGVBQWUsQ0FBQyxFQUE2QjtRQUNqRCwwQ0FBMEM7UUFDMUMsSUFBSSxPQUFPLEdBQUcsRUFBRSxDQUFDLE9BQU8sQ0FBQztRQUN6QixJQUFJLE9BQU8sS0FBSyxTQUFTLEVBQUU7WUFDekIsTUFBTSxPQUFPLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxFQUFFLFVBQVUsRUFBRSxDQUFDO1lBQ2xELE9BQU8sR0FBRyxPQUFPLEVBQUUsT0FBTyxFQUFFLFFBQVEsRUFBRSxJQUFJLEdBQUcsQ0FBQztTQUMvQztRQUVELHNEQUFzRDtRQUN0RCxNQUFNLEtBQUssR0FDVCxJQUFJLENBQUMsUUFBUSxZQUFZLDJCQUFrQjtZQUN6QyxDQUFDLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxFQUFFLENBQUM7WUFDckMsQ0FBQyxDQUFDLGdEQUFnRDtnQkFDaEQsaURBQWlEO2dCQUNqRCwwQ0FBMEM7Z0JBQzFDLDJCQUFrQixDQUFDLFNBQVMsQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ3BFLEtBQUssQ0FBQyxJQUFJLEdBQUcsSUFBQSxnQkFBTyxFQUFDLEVBQUUsQ0FBQyxJQUFJLElBQUksSUFBSSxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMscUJBQXFCO1FBRS9ELE1BQU0sR0FBRyxHQUFtQjtZQUMxQixRQUFRLEVBQUUsTUFBTSxDQUFDLE9BQU8sQ0FBQztZQUN6QixFQUFFLEVBQUUsS0FBSztTQUNWLENBQUM7UUFDRixNQUFNLEdBQUcsR0FBRyxNQUFNLHVCQUFBLElBQUksNkJBQWUsQ0FBQyxPQUFPLENBQUMsdUJBQUEsSUFBSSx1QkFBUyxFQUFFLEdBQUcsQ0FBQyxDQUFDO1FBQ2xFLE9BQU8sR0FBRyxDQUFDLElBQUksRUFBRSxDQUFDLGFBQWEsQ0FBQztJQUNsQyxDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSCxLQUFLLENBQUMsV0FBVyxDQUFDLE9BQTRCO1FBQzVDLE1BQU0sTUFBTSxHQUFHLGVBQU0sQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDM0MsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQy9CLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNILEtBQUssQ0FBQyxhQUFhLENBQ2pCLE1BQXVCLEVBQ3ZCLEtBQTRDLEVBQzVDLEtBQTBCO1FBRTFCLE1BQU0sTUFBTSxHQUFHLHlCQUFnQixDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsS0FBSyxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzNELE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0ssS0FBSyxDQUFDLFFBQVEsQ0FBQyxNQUFjO1FBQ25DLE1BQU0sT0FBTyxHQUFvQjtZQUMvQixjQUFjLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFBLGlCQUFRLEVBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDO1NBQ2pFLENBQUM7UUFDRiw0Q0FBNEM7UUFDNUMsSUFBSSx1QkFBQSxJQUFJLG1CQUFLLEtBQUssU0FBUyxFQUFFO1lBQzNCLE1BQU0sR0FBRyxHQUFHLENBQUMsTUFBTSx1QkFBQSxJQUFJLDZCQUFlLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxVQUFVLEtBQUssdUJBQUEsSUFBSSx1QkFBUyxDQUFDLENBQUM7WUFDM0YsSUFBSSxHQUFHLEtBQUssU0FBUyxFQUFFO2dCQUNyQixNQUFNLElBQUksS0FBSyxDQUFDLHNCQUFzQix1QkFBQSxJQUFJLHVCQUFTLEdBQUcsQ0FBQyxDQUFDO2FBQ3pEO1lBQ0QsdUJBQUEsSUFBSSxlQUFRLEdBQUcsTUFBQSxDQUFDO1NBQ2pCO1FBQ0QsT0FBTztRQUNQLE1BQU0sTUFBTSxHQUFHLE1BQU0sdUJBQUEsSUFBSSw2QkFBZSxDQUFDLFFBQVEsQ0FBQyx1QkFBQSxJQUFJLG1CQUFLLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDdEUsT0FBTyxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUMsU0FBUyxDQUFDO0lBQ2pDLENBQUM7Q0FDRjtBQW5IRCx3QkFtSEMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQge1xuICBKc29uUnBjQXBpUHJvdmlkZXIsXG4gIFR5cGVkRGF0YURvbWFpbixcbiAgVHlwZWREYXRhRW5jb2RlcixcbiAgVHlwZWREYXRhRmllbGQsXG4gIGV0aGVycyxcbiAgZ2V0Qnl0ZXMsXG4gIHRvQmVIZXgsXG59IGZyb20gXCJldGhlcnNcIjtcbmltcG9ydCB7IEJsb2JTaWduUmVxdWVzdCwgRXZtU2lnblJlcXVlc3QsIFNpZ25lclNlc3Npb24gfSBmcm9tIFwiLi4vc2lnbmVyX3Nlc3Npb25cIjtcbmltcG9ydCB7IEtleSB9IGZyb20gXCIuLi9rZXlcIjtcblxuLyoqXG4gKiBBIGV0aGVycy5qcyBTaWduZXIgdXNpbmcgQ3ViZVNpZ25lclxuICovXG5leHBvcnQgY2xhc3MgU2lnbmVyIGV4dGVuZHMgZXRoZXJzLkFic3RyYWN0U2lnbmVyIHtcbiAgLyoqIFRoZSBhZGRyZXNzIG9mIHRoZSBhY2NvdW50ICovXG4gIHJlYWRvbmx5ICNhZGRyZXNzOiBzdHJpbmc7XG5cbiAgLyoqIFRoZSBrZXkgdG8gdXNlIGZvciBzaWduaW5nICovXG4gICNrZXk/OiBLZXk7XG5cbiAgLyoqIFRoZSB1bmRlcmx5aW5nIHNlc3Npb24gKi9cbiAgcmVhZG9ubHkgI3NpZ25lclNlc3Npb246IFNpZ25lclNlc3Npb247XG5cbiAgLyoqIENyZWF0ZSBuZXcgU2lnbmVyIGluc3RhbmNlXG4gICAqIEBwYXJhbSB7c3RyaW5nfSBhZGRyZXNzIFRoZSBhZGRyZXNzIG9mIHRoZSBhY2NvdW50IHRvIHVzZS5cbiAgICogQHBhcmFtIHtTaWduZXJTZXNzaW9ufSBzaWduZXJTZXNzaW9uIFRoZSB1bmRlcmx5aW5nIFNpZ25lciBzZXNzaW9uLlxuICAgKiBAcGFyYW0ge251bGwgfCBldGhlcnMuUHJvdmlkZXJ9IHByb3ZpZGVyIFRoZSBvcHRpb25hbCBwcm92aWRlciBpbnN0YW5jZSB0byB1c2UuXG4gICAqL1xuICBjb25zdHJ1Y3RvcihhZGRyZXNzOiBzdHJpbmcsIHNpZ25lclNlc3Npb246IFNpZ25lclNlc3Npb24sIHByb3ZpZGVyPzogbnVsbCB8IGV0aGVycy5Qcm92aWRlcikge1xuICAgIHN1cGVyKHByb3ZpZGVyKTtcbiAgICB0aGlzLiNhZGRyZXNzID0gYWRkcmVzcztcbiAgICB0aGlzLiNzaWduZXJTZXNzaW9uID0gc2lnbmVyU2Vzc2lvbjtcbiAgfVxuXG4gIC8qKiBSZXNvbHZlcyB0byB0aGUgc2lnbmVyIGFkZHJlc3MuICovXG4gIGFzeW5jIGdldEFkZHJlc3MoKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICByZXR1cm4gdGhpcy4jYWRkcmVzcztcbiAgfVxuXG4gIC8qKlxuICAgKiAgUmV0dXJucyB0aGUgc2lnbmVyIGNvbm5lY3RlZCB0byAlJXByb3ZpZGVyJSUuXG4gICAqICBAcGFyYW0ge251bGwgfCBldGhlcnMuUHJvdmlkZXJ9IHByb3ZpZGVyIFRoZSBvcHRpb25hbCBwcm92aWRlciBpbnN0YW5jZSB0byB1c2UuXG4gICAqICBAcmV0dXJuIHtTaWduZXJ9IFRoZSBzaWduZXIgY29ubmVjdGVkIHRvIHNpZ25lci5cbiAgICovXG4gIGNvbm5lY3QocHJvdmlkZXI6IG51bGwgfCBldGhlcnMuUHJvdmlkZXIpOiBTaWduZXIge1xuICAgIHJldHVybiBuZXcgU2lnbmVyKHRoaXMuI2FkZHJlc3MsIHRoaXMuI3NpZ25lclNlc3Npb24sIHByb3ZpZGVyKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBTaWducyBhIHRyYW5zYWN0aW9uLiBUaGlzIHBvcHVsYXRlcyB0aGUgdHJhbnNhY3Rpb24gdHlwZSB0byBgMHgwMmAgKEVJUC0xNTU5KSB1bmxlc3Mgc2V0LlxuICAgKiBAcGFyYW0ge2V0aGVycy5UcmFuc2FjdGlvblJlcXVlc3R9IHR4IFRoZSB0cmFuc2FjdGlvbiB0byBzaWduLlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPHN0cmluZz59IEhleC1lbmNvZGVkIFJMUCBlbmNvZGluZyBvZiB0aGUgdHJhbnNhY3Rpb24gYW5kIGl0cyBzaWduYXR1cmUuXG4gICAqL1xuICBhc3luYyBzaWduVHJhbnNhY3Rpb24odHg6IGV0aGVycy5UcmFuc2FjdGlvblJlcXVlc3QpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIC8vIGdldCB0aGUgY2hhaW4gaWQgZnJvbSB0aGUgbmV0d29yayBvciB0eFxuICAgIGxldCBjaGFpbklkID0gdHguY2hhaW5JZDtcbiAgICBpZiAoY2hhaW5JZCA9PT0gdW5kZWZpbmVkKSB7XG4gICAgICBjb25zdCBuZXR3b3JrID0gYXdhaXQgdGhpcy5wcm92aWRlcj8uZ2V0TmV0d29yaygpO1xuICAgICAgY2hhaW5JZCA9IG5ldHdvcms/LmNoYWluSWQ/LnRvU3RyaW5nKCkgPz8gXCIxXCI7XG4gICAgfVxuXG4gICAgLy8gQ29udmVydCB0aGUgdHJhbnNhY3Rpb24gaW50byBhIEpTT04tUlBDIHRyYW5zYWN0aW9uXG4gICAgY29uc3QgcnBjVHggPVxuICAgICAgdGhpcy5wcm92aWRlciBpbnN0YW5jZW9mIEpzb25ScGNBcGlQcm92aWRlclxuICAgICAgICA/IHRoaXMucHJvdmlkZXIuZ2V0UnBjVHJhbnNhY3Rpb24odHgpXG4gICAgICAgIDogLy8gV2UgY2FuIGp1c3QgY2FsbCB0aGUgZ2V0UnBjVHJhbnNhY3Rpb24gd2l0aCBhXG4gICAgICAgICAgLy8gbnVsbCByZWNlaXZlciBzaW5jZSBpdCBkb2Vzbid0IGFjdHVhbGx5IHVzZSBpdFxuICAgICAgICAgIC8vIChhbmQgcmVhbGx5IHNob3VsZCBiZSBkZWNsYXJlZCBzdGF0aWMpLlxuICAgICAgICAgIEpzb25ScGNBcGlQcm92aWRlci5wcm90b3R5cGUuZ2V0UnBjVHJhbnNhY3Rpb24uY2FsbChudWxsLCB0eCk7XG4gICAgcnBjVHgudHlwZSA9IHRvQmVIZXgodHgudHlwZSA/PyAweDAyLCAxKTsgLy8gd2UgZXhwZWN0IDB4MFswLTJdXG5cbiAgICBjb25zdCByZXEgPSA8RXZtU2lnblJlcXVlc3Q+e1xuICAgICAgY2hhaW5faWQ6IE51bWJlcihjaGFpbklkKSxcbiAgICAgIHR4OiBycGNUeCxcbiAgICB9O1xuICAgIGNvbnN0IHNpZyA9IGF3YWl0IHRoaXMuI3NpZ25lclNlc3Npb24uc2lnbkV2bSh0aGlzLiNhZGRyZXNzLCByZXEpO1xuICAgIHJldHVybiBzaWcuZGF0YSgpLnJscF9zaWduZWRfdHg7XG4gIH1cblxuICAvKiogU2lnbnMgYXJiaXRyYXJ5IG1lc3NhZ2VzLiBUaGlzIHVzZXMgZXRoZXJzLmpzJ3MgW2hhc2hNZXNzYWdlXShodHRwczovL2RvY3MuZXRoZXJzLm9yZy92Ni9hcGkvaGFzaGluZy8jaGFzaE1lc3NhZ2UpXG4gICAqIHRvIGNvbXB1dGUgdGhlIEVJUC0xOTEgZGlnZXN0IGFuZCBzaWducyB0aGlzIGRpZ2VzdCB1c2luZyB7QGxpbmsgS2V5I3NpZ25CbG9ifS5cbiAgICogVGhlIGtleSAoZm9yIHRoaXMgc2Vzc2lvbikgbXVzdCBoYXZlIHRoZSBgXCJBbGxvd1Jhd0Jsb2JTaWduaW5nXCJgIHBvbGljeSBhdHRhY2hlZC5cbiAgICogQHBhcmFtIHtzdHJpbmcgfCBVaW50OEFycmF5fSBtZXNzYWdlIFRoZSBtZXNzYWdlIHRvIHNpZ24uXG4gICAqIEByZXR1cm4ge1Byb21pc2U8c3RyaW5nPn0gVGhlIHNpZ25hdHVyZS5cbiAgICovXG4gIGFzeW5jIHNpZ25NZXNzYWdlKG1lc3NhZ2U6IHN0cmluZyB8IFVpbnQ4QXJyYXkpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGRpZ2VzdCA9IGV0aGVycy5oYXNoTWVzc2FnZShtZXNzYWdlKTtcbiAgICByZXR1cm4gdGhpcy5zaWduQmxvYihkaWdlc3QpO1xuICB9XG5cbiAgLyoqIFNpZ25zIEVJUC03MTIgdHlwZWQgZGF0YS4gVGhpcyB1c2VzIGV0aGVycy5qcydzXG4gICAqIFtUeXBlZERhdGFFbmNvZGVyLmhhc2hdKGh0dHBzOi8vZG9jcy5ldGhlcnMub3JnL3Y2L2FwaS9oYXNoaW5nLyNUeXBlZERhdGFFbmNvZGVyX2hhc2gpXG4gICAqIHRvIGNvbXB1dGUgdGhlIEVJUC03MTIgZGlnZXN0IGFuZCBzaWducyB0aGlzIGRpZ2VzdCB1c2luZyB7QGxpbmsgS2V5I3NpZ25CbG9ifS5cbiAgICogVGhlIGtleSAoZm9yIHRoaXMgc2Vzc2lvbikgbXVzdCBoYXZlIHRoZSBgXCJBbGxvd1Jhd0Jsb2JTaWduaW5nXCJgIHBvbGljeSBhdHRhY2hlZC5cbiAgICogQHBhcmFtIHtUeXBlZERhdGFEb21haW59IGRvbWFpbiBUaGUgZG9tYWluIG9mIHRoZSB0eXBlZCBkYXRhLlxuICAgKiBAcGFyYW0ge1JlY29yZDxzdHJpbmcsIEFycmF5PFR5cGVkRGF0YUZpZWxkPj59IHR5cGVzIFRoZSB0eXBlcyBvZiB0aGUgdHlwZWQgZGF0YS5cbiAgICogQHBhcmFtIHtSZWNvcmQ8c3RyaW5nLCBhbnk+fSB2YWx1ZSBUaGUgdmFsdWUgb2YgdGhlIHR5cGVkIGRhdGEuXG4gICAqIEByZXR1cm4ge1Byb21pc2U8c3RyaW5nPn0gVGhlIHNpZ25hdHVyZS5cbiAgICovXG4gIGFzeW5jIHNpZ25UeXBlZERhdGEoXG4gICAgZG9tYWluOiBUeXBlZERhdGFEb21haW4sXG4gICAgdHlwZXM6IFJlY29yZDxzdHJpbmcsIEFycmF5PFR5cGVkRGF0YUZpZWxkPj4sXG4gICAgdmFsdWU6IFJlY29yZDxzdHJpbmcsIGFueT4sIC8vIGVzbGludC1kaXNhYmxlLWxpbmUgQHR5cGVzY3JpcHQtZXNsaW50L25vLWV4cGxpY2l0LWFueVxuICApOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGRpZ2VzdCA9IFR5cGVkRGF0YUVuY29kZXIuaGFzaChkb21haW4sIHR5cGVzLCB2YWx1ZSk7XG4gICAgcmV0dXJuIHRoaXMuc2lnbkJsb2IoZGlnZXN0KTtcbiAgfVxuXG4gIC8qKiBTaWduIGFyYml0cmFyeSBkaWdlc3QuIFRoaXMgdXNlcyB7QGxpbmsgS2V5I3NpZ25CbG9ifS5cbiAgICogQHBhcmFtIHtzdHJpbmd9IGRpZ2VzdCBUaGUgZGlnZXN0IHRvIHNpZ24uXG4gICAqIEByZXR1cm4ge1Byb21pc2U8c3RyaW5nPn0gVGhlIHNpZ25hdHVyZS5cbiAgICovXG4gIHByaXZhdGUgYXN5bmMgc2lnbkJsb2IoZGlnZXN0OiBzdHJpbmcpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGJsb2JSZXEgPSA8QmxvYlNpZ25SZXF1ZXN0PntcbiAgICAgIG1lc3NhZ2VfYmFzZTY0OiBCdWZmZXIuZnJvbShnZXRCeXRlcyhkaWdlc3QpKS50b1N0cmluZyhcImJhc2U2NFwiKSxcbiAgICB9O1xuICAgIC8vIEdldCB0aGUga2V5IGNvcnJlc3BvbmRpbmcgdG8gdGhpcyBhZGRyZXNzXG4gICAgaWYgKHRoaXMuI2tleSA9PT0gdW5kZWZpbmVkKSB7XG4gICAgICBjb25zdCBrZXkgPSAoYXdhaXQgdGhpcy4jc2lnbmVyU2Vzc2lvbi5rZXlzKCkpLmZpbmQoKGspID0+IGsubWF0ZXJpYWxJZCA9PT0gdGhpcy4jYWRkcmVzcyk7XG4gICAgICBpZiAoa2V5ID09PSB1bmRlZmluZWQpIHtcbiAgICAgICAgdGhyb3cgbmV3IEVycm9yKGBDYW5ub3QgYWNjZXNzIGtleSAnJHt0aGlzLiNhZGRyZXNzfSdgKTtcbiAgICAgIH1cbiAgICAgIHRoaXMuI2tleSA9IGtleTtcbiAgICB9XG4gICAgLy8gc2lnblxuICAgIGNvbnN0IHJlc3VsdCA9IGF3YWl0IHRoaXMuI3NpZ25lclNlc3Npb24uc2lnbkJsb2IodGhpcy4ja2V5LCBibG9iUmVxKTtcbiAgICByZXR1cm4gcmVzdWx0LmRhdGEoKS5zaWduYXR1cmU7XG4gIH1cbn1cbiJdfQ==
141
+ _Signer_address = new WeakMap(), _Signer_key = new WeakMap(), _Signer_signerSession = new WeakMap(), _Signer_onMfaPoll = new WeakMap(), _Signer_mfaPollIntervalMs = new WeakMap(), _Signer_managementSession = new WeakMap(), _Signer_instances = new WeakSet(), _Signer_handleMfa =
142
+ /**
143
+ * If the sign request requires MFA, this method waits for approvals
144
+ *
145
+ * @param {SignResponse<U>} res The response of a sign request
146
+ * @return {Promise<U>} The sign data after MFA approvals
147
+ */
148
+ async function _Signer_handleMfa(res) {
149
+ while (res.requiresMfa()) {
150
+ await new Promise((resolve) => setTimeout(resolve, __classPrivateFieldGet(this, _Signer_mfaPollIntervalMs, "f")));
151
+ const mfaInfo = await __classPrivateFieldGet(this, _Signer_signerSession, "f").getMfaInfo(__classPrivateFieldGet(this, _Signer_managementSession, "f"), res.mfaId());
152
+ __classPrivateFieldGet(this, _Signer_onMfaPoll, "f").call(this, mfaInfo);
153
+ if (mfaInfo.receipt) {
154
+ res = await res.signWithMfaApproval(mfaInfo);
155
+ }
156
+ }
157
+ return res.data();
158
+ };
159
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvZXRoZXJzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7OztBQUFBLG1DQVFnQjtBQTZCaEI7O0dBRUc7QUFDSCxNQUFhLE1BQU8sU0FBUSxlQUFNLENBQUMsY0FBYztJQXNCL0M7Ozs7T0FJRztJQUNILFlBQVksT0FBeUIsRUFBRSxhQUE0QixFQUFFLE9BQXVCO1FBQzFGLEtBQUssQ0FBQyxPQUFPLEVBQUUsUUFBUSxDQUFDLENBQUM7O1FBM0IzQixpQ0FBaUM7UUFDeEIsa0NBQWlCO1FBRTFCLGlDQUFpQztRQUNqQyw4QkFBZTtRQUVmLDZCQUE2QjtRQUNwQix3Q0FBOEI7UUFFdkM7OztXQUdHO1FBQ00sb0NBQTJDO1FBRXBELGdFQUFnRTtRQUN2RCw0Q0FBMkI7UUFFcEMsc0RBQXNEO1FBQzdDLDRDQUFnQztRQVN2QyxJQUFJLE9BQU8sT0FBTyxLQUFLLFFBQVEsRUFBRTtZQUMvQix1QkFBQSxJQUFJLG1CQUFZLE9BQU8sTUFBQSxDQUFDO1NBQ3pCO2FBQU07WUFDTCx1QkFBQSxJQUFJLG1CQUFZLE9BQU8sQ0FBQyxVQUFVLE1BQUEsQ0FBQztZQUNuQyx1QkFBQSxJQUFJLGVBQVEsT0FBa0IsTUFBQSxDQUFDO1NBQ2hDO1FBQ0QsdUJBQUEsSUFBSSx5QkFBa0IsYUFBYSxNQUFBLENBQUM7UUFDcEMsdUJBQUEsSUFBSSxxQkFBYyxPQUFPLEVBQUUsU0FBUyxJQUFJLENBQUMsRUFBQyw4QkFBOEIsRUFBRSxFQUFFLEdBQUUsQ0FBQyxDQUFDLE1BQUEsQ0FBQyxDQUFDLDJEQUEyRDtRQUM3SSx1QkFBQSxJQUFJLDZCQUFzQixPQUFPLEVBQUUsaUJBQWlCLElBQUksSUFBSSxNQUFBLENBQUM7UUFDN0QsdUJBQUEsSUFBSSw2QkFBc0IsT0FBTyxFQUFFLGlCQUFpQixNQUFBLENBQUM7SUFDdkQsQ0FBQztJQUVELHNDQUFzQztJQUN0QyxLQUFLLENBQUMsVUFBVTtRQUNkLE9BQU8sdUJBQUEsSUFBSSx1QkFBUyxDQUFDO0lBQ3ZCLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsT0FBTyxDQUFDLFFBQWdDO1FBQ3RDLE9BQU8sSUFBSSxNQUFNLENBQUMsdUJBQUEsSUFBSSx1QkFBUyxFQUFFLHVCQUFBLElBQUksNkJBQWUsRUFBRSxFQUFFLFFBQVEsRUFBRSxDQUFDLENBQUM7SUFDdEUsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxLQUFLLENBQUMsZUFBZSxDQUFDLEVBQTZCO1FBQ2pELDBDQUEwQztRQUMxQyxJQUFJLE9BQU8sR0FBRyxFQUFFLENBQUMsT0FBTyxDQUFDO1FBQ3pCLElBQUksT0FBTyxLQUFLLFNBQVMsRUFBRTtZQUN6QixNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLEVBQUUsVUFBVSxFQUFFLENBQUM7WUFDbEQsT0FBTyxHQUFHLE9BQU8sRUFBRSxPQUFPLEVBQUUsUUFBUSxFQUFFLElBQUksR0FBRyxDQUFDO1NBQy9DO1FBRUQsc0RBQXNEO1FBQ3RELE1BQU0sS0FBSyxHQUNULElBQUksQ0FBQyxRQUFRLFlBQVksMkJBQWtCO1lBQ3pDLENBQUMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDLEVBQUUsQ0FBQztZQUNyQyxDQUFDLENBQUMsZ0RBQWdEO2dCQUNoRCxpREFBaUQ7Z0JBQ2pELDBDQUEwQztnQkFDMUMsMkJBQWtCLENBQUMsU0FBUyxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDcEUsS0FBSyxDQUFDLElBQUksR0FBRyxJQUFBLGdCQUFPLEVBQUMsRUFBRSxDQUFDLElBQUksSUFBSSxJQUFJLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxxQkFBcUI7UUFFL0QsTUFBTSxHQUFHLEdBQW1CO1lBQzFCLFFBQVEsRUFBRSxNQUFNLENBQUMsT0FBTyxDQUFDO1lBQ3pCLEVBQUUsRUFBRSxLQUFLO1NBQ1YsQ0FBQztRQUVGLE1BQU0sR0FBRyxHQUFHLE1BQU0sdUJBQUEsSUFBSSw2QkFBZSxDQUFDLE9BQU8sQ0FBQyx1QkFBQSxJQUFJLHVCQUFTLEVBQUUsR0FBRyxDQUFDLENBQUM7UUFDbEUsTUFBTSxJQUFJLEdBQUcsTUFBTSx1QkFBQSxJQUFJLDRDQUFXLE1BQWYsSUFBSSxFQUFZLEdBQUcsQ0FBQyxDQUFDO1FBQ3hDLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQztJQUM1QixDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSCxLQUFLLENBQUMsV0FBVyxDQUFDLE9BQTRCO1FBQzVDLE1BQU0sTUFBTSxHQUFHLGVBQU0sQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDM0MsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQy9CLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNILEtBQUssQ0FBQyxhQUFhLENBQ2pCLE1BQXVCLEVBQ3ZCLEtBQTRDLEVBQzVDLEtBQTBCO1FBRTFCLE1BQU0sTUFBTSxHQUFHLHlCQUFnQixDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsS0FBSyxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzNELE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0ssS0FBSyxDQUFDLFFBQVEsQ0FBQyxNQUFjO1FBQ25DLE1BQU0sT0FBTyxHQUFvQjtZQUMvQixjQUFjLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFBLGlCQUFRLEVBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDO1NBQ2pFLENBQUM7UUFDRiw0Q0FBNEM7UUFDNUMsSUFBSSx1QkFBQSxJQUFJLG1CQUFLLEtBQUssU0FBUyxFQUFFO1lBQzNCLE1BQU0sR0FBRyxHQUFHLENBQUMsTUFBTSx1QkFBQSxJQUFJLDZCQUFlLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxXQUFXLEtBQUssdUJBQUEsSUFBSSx1QkFBUyxDQUFDLENBQUM7WUFDNUYsSUFBSSxHQUFHLEtBQUssU0FBUyxFQUFFO2dCQUNyQixNQUFNLElBQUksS0FBSyxDQUFDLHNCQUFzQix1QkFBQSxJQUFJLHVCQUFTLEdBQUcsQ0FBQyxDQUFDO2FBQ3pEO1lBQ0QsdUJBQUEsSUFBSSxlQUFRLEdBQUcsTUFBQSxDQUFDO1NBQ2pCO1FBRUQsTUFBTSxHQUFHLEdBQUcsTUFBTSx1QkFBQSxJQUFJLDZCQUFlLENBQUMsUUFBUSxDQUFDLHVCQUFBLElBQUksbUJBQUssQ0FBQyxNQUFNLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDMUUsTUFBTSxJQUFJLEdBQUcsTUFBTSx1QkFBQSxJQUFJLDRDQUFXLE1BQWYsSUFBSSxFQUFZLEdBQUcsQ0FBQyxDQUFDO1FBQ3hDLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQztJQUN4QixDQUFDO0NBb0JGO0FBN0pELHdCQTZKQzs7QUFsQkM7Ozs7O0dBS0c7QUFDSCxLQUFLLDRCQUFlLEdBQW9CO0lBQ3RDLE9BQU8sR0FBRyxDQUFDLFdBQVcsRUFBRSxFQUFFO1FBQ3hCLE1BQU0sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLFVBQVUsQ0FBQyxPQUFPLEVBQUUsdUJBQUEsSUFBSSxpQ0FBbUIsQ0FBQyxDQUFDLENBQUM7UUFFN0UsTUFBTSxPQUFPLEdBQUcsTUFBTSx1QkFBQSxJQUFJLDZCQUFlLENBQUMsVUFBVSxDQUFDLHVCQUFBLElBQUksaUNBQW9CLEVBQUUsR0FBRyxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUM7UUFDNUYsdUJBQUEsSUFBSSx5QkFBVyxNQUFmLElBQUksRUFBWSxPQUFPLENBQUMsQ0FBQztRQUN6QixJQUFJLE9BQU8sQ0FBQyxPQUFPLEVBQUU7WUFDbkIsR0FBRyxHQUFHLE1BQU0sR0FBRyxDQUFDLG1CQUFtQixDQUFDLE9BQU8sQ0FBQyxDQUFDO1NBQzlDO0tBQ0Y7SUFDRCxPQUFPLEdBQUcsQ0FBQyxJQUFJLEVBQUUsQ0FBQztBQUNwQixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHtcbiAgSnNvblJwY0FwaVByb3ZpZGVyLFxuICBUeXBlZERhdGFEb21haW4sXG4gIFR5cGVkRGF0YUVuY29kZXIsXG4gIFR5cGVkRGF0YUZpZWxkLFxuICBldGhlcnMsXG4gIGdldEJ5dGVzLFxuICB0b0JlSGV4LFxufSBmcm9tIFwiZXRoZXJzXCI7XG5pbXBvcnQge1xuICBCbG9iU2lnblJlcXVlc3QsXG4gIEV2bVNpZ25SZXF1ZXN0LFxuICBNZmFSZXF1ZXN0SW5mbyxcbiAgU2lnbmVyU2Vzc2lvbixcbiAgU2lnblJlc3BvbnNlLFxufSBmcm9tIFwiLi4vc2lnbmVyX3Nlc3Npb25cIjtcbmltcG9ydCB7IEtleUluZm8gfSBmcm9tIFwiLi4va2V5XCI7XG5pbXBvcnQgeyBDdWJlU2lnbmVyIH0gZnJvbSBcIi4uXCI7XG5cbi8qKiBPcHRpb25zIGZvciB0aGUgc2lnbmVyICovXG5pbnRlcmZhY2UgU2lnbmVyT3B0aW9ucyB7XG4gIC8qKiBPcHRpb25hbCBwcm92aWRlciB0byB1c2UgKi9cbiAgcHJvdmlkZXI/OiBudWxsIHwgZXRoZXJzLlByb3ZpZGVyO1xuICAvKipcbiAgICogVGhlIGZ1bmN0aW9uIHRvIGNhbGwgd2hlbiBNRkEgaW5mb3JtYXRpb24gaXMgcmV0cmlldmVkLiBJZiB0aGlzIGNhbGxiYWNrXG4gICAqIHRocm93cywgbm8gdHJhbnNhY3Rpb24gaXMgYnJvYWRjYXN0LlxuICAgKi9cbiAgb25NZmFQb2xsPzogKGFyZzA6IE1mYVJlcXVlc3RJbmZvKSA9PiB2b2lkO1xuICAvKipcbiAgICogVGhlIGFtb3VudCBvZiB0aW1lIChpbiBtaWxsaXNlY29uZHMpIHRvIHdhaXQgYmV0d2VlbiBjaGVja3MgZm9yIE1GQVxuICAgKiB1cGRhdGVzLiBEZWZhdWx0IGlzIDEwMDBtc1xuICAgKi9cbiAgbWZhUG9sbEludGVydmFsTXM/OiBudW1iZXI7XG4gIC8qKiBPcHRpb25hbCBtYW5hZ2VtZW50IHNlc3Npb24uIFVzZWQgdG8gY2hlY2sgZm9yIE1GQSB1cGRhdGVzICovXG4gIG1hbmFnZW1lbnRTZXNzaW9uPzogQ3ViZVNpZ25lcjtcbn1cblxuLyoqXG4gKiBBIGV0aGVycy5qcyBTaWduZXIgdXNpbmcgQ3ViZVNpZ25lclxuICovXG5leHBvcnQgY2xhc3MgU2lnbmVyIGV4dGVuZHMgZXRoZXJzLkFic3RyYWN0U2lnbmVyIHtcbiAgLyoqIFRoZSBhZGRyZXNzIG9mIHRoZSBhY2NvdW50ICovXG4gIHJlYWRvbmx5ICNhZGRyZXNzOiBzdHJpbmc7XG5cbiAgLyoqIFRoZSBrZXkgdG8gdXNlIGZvciBzaWduaW5nICovXG4gICNrZXk/OiBLZXlJbmZvO1xuXG4gIC8qKiBUaGUgdW5kZXJseWluZyBzZXNzaW9uICovXG4gIHJlYWRvbmx5ICNzaWduZXJTZXNzaW9uOiBTaWduZXJTZXNzaW9uO1xuXG4gIC8qKlxuICAgKiBUaGUgZnVuY3Rpb24gdG8gY2FsbCB3aGVuIE1GQSBpbmZvcm1hdGlvbiBpcyByZXRyaWV2ZWQuIElmIHRoaXMgY2FsbGJhY2tcbiAgICogdGhyb3dzLCBubyB0cmFuc2FjdGlvbiBpcyBicm9hZGNhc3QuXG4gICAqL1xuICByZWFkb25seSAjb25NZmFQb2xsOiAoYXJnMDogTWZhUmVxdWVzdEluZm8pID0+IHZvaWQ7XG5cbiAgLyoqIFRoZSBhbW91bnQgb2YgdGltZSB0byB3YWl0IGJldHdlZW4gY2hlY2tzIGZvciBNRkEgdXBkYXRlcyAqL1xuICByZWFkb25seSAjbWZhUG9sbEludGVydmFsTXM6IG51bWJlcjtcblxuICAvKiogT3B0aW9uYWwgbWFuYWdlbWVudCBzZXNzaW9uLCB1c2VkIGZvciBNRkEgZmxvd3MgKi9cbiAgcmVhZG9ubHkgI21hbmFnZW1lbnRTZXNzaW9uPzogQ3ViZVNpZ25lcjtcblxuICAvKiogQ3JlYXRlIG5ldyBTaWduZXIgaW5zdGFuY2VcbiAgICogQHBhcmFtIHtLZXlJbmZvIHwgc3RyaW5nfSBhZGRyZXNzIFRoZSBrZXkgb3IgdGhlIGV0aCBhZGRyZXNzIG9mIHRoZSBhY2NvdW50IHRvIHVzZS5cbiAgICogQHBhcmFtIHtTaWduZXJTZXNzaW9ufSBzaWduZXJTZXNzaW9uIFRoZSB1bmRlcmx5aW5nIFNpZ25lciBzZXNzaW9uLlxuICAgKiBAcGFyYW0ge1NpZ25lck9wdGlvbnN9IG9wdGlvbnMgVGhlIG9wdGlvbnMgdG8gdXNlIGZvciB0aGUgU2lnbmVyIGluc3RhbmNlXG4gICAqL1xuICBjb25zdHJ1Y3RvcihhZGRyZXNzOiBLZXlJbmZvIHwgc3RyaW5nLCBzaWduZXJTZXNzaW9uOiBTaWduZXJTZXNzaW9uLCBvcHRpb25zPzogU2lnbmVyT3B0aW9ucykge1xuICAgIHN1cGVyKG9wdGlvbnM/LnByb3ZpZGVyKTtcbiAgICBpZiAodHlwZW9mIGFkZHJlc3MgPT09IFwic3RyaW5nXCIpIHtcbiAgICAgIHRoaXMuI2FkZHJlc3MgPSBhZGRyZXNzO1xuICAgIH0gZWxzZSB7XG4gICAgICB0aGlzLiNhZGRyZXNzID0gYWRkcmVzcy5tYXRlcmlhbElkO1xuICAgICAgdGhpcy4ja2V5ID0gYWRkcmVzcyBhcyBLZXlJbmZvO1xuICAgIH1cbiAgICB0aGlzLiNzaWduZXJTZXNzaW9uID0gc2lnbmVyU2Vzc2lvbjtcbiAgICB0aGlzLiNvbk1mYVBvbGwgPSBvcHRpb25zPy5vbk1mYVBvbGwgPz8gKCgvKiBfbWZhSW5mbzogTWZhUmVxdWVzdEluZm8gKi8pID0+IHt9KTsgLy8gZXNsaW50LWRpc2FibGUtbGluZSBAdHlwZXNjcmlwdC1lc2xpbnQvbm8tZW1wdHktZnVuY3Rpb25cbiAgICB0aGlzLiNtZmFQb2xsSW50ZXJ2YWxNcyA9IG9wdGlvbnM/Lm1mYVBvbGxJbnRlcnZhbE1zID8/IDEwMDA7XG4gICAgdGhpcy4jbWFuYWdlbWVudFNlc3Npb24gPSBvcHRpb25zPy5tYW5hZ2VtZW50U2Vzc2lvbjtcbiAgfVxuXG4gIC8qKiBSZXNvbHZlcyB0byB0aGUgc2lnbmVyIGFkZHJlc3MuICovXG4gIGFzeW5jIGdldEFkZHJlc3MoKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICByZXR1cm4gdGhpcy4jYWRkcmVzcztcbiAgfVxuXG4gIC8qKlxuICAgKiAgUmV0dXJucyB0aGUgc2lnbmVyIGNvbm5lY3RlZCB0byAlJXByb3ZpZGVyJSUuXG4gICAqICBAcGFyYW0ge251bGwgfCBldGhlcnMuUHJvdmlkZXJ9IHByb3ZpZGVyIFRoZSBvcHRpb25hbCBwcm92aWRlciBpbnN0YW5jZSB0byB1c2UuXG4gICAqICBAcmV0dXJuIHtTaWduZXJ9IFRoZSBzaWduZXIgY29ubmVjdGVkIHRvIHNpZ25lci5cbiAgICovXG4gIGNvbm5lY3QocHJvdmlkZXI6IG51bGwgfCBldGhlcnMuUHJvdmlkZXIpOiBTaWduZXIge1xuICAgIHJldHVybiBuZXcgU2lnbmVyKHRoaXMuI2FkZHJlc3MsIHRoaXMuI3NpZ25lclNlc3Npb24sIHsgcHJvdmlkZXIgfSk7XG4gIH1cblxuICAvKipcbiAgICogU2lnbnMgYSB0cmFuc2FjdGlvbi4gVGhpcyBwb3B1bGF0ZXMgdGhlIHRyYW5zYWN0aW9uIHR5cGUgdG8gYDB4MDJgIChFSVAtMTU1OSkgdW5sZXNzIHNldC4gVGhpcyBtZXRob2Qgd2lsbCBibG9jayBpZiB0aGUga2V5IHJlcXVpcmVzIE1GQSBhcHByb3ZhbC5cbiAgICogQHBhcmFtIHtldGhlcnMuVHJhbnNhY3Rpb25SZXF1ZXN0fSB0eCBUaGUgdHJhbnNhY3Rpb24gdG8gc2lnbi5cbiAgICogQHJldHVybiB7UHJvbWlzZTxzdHJpbmc+fSBIZXgtZW5jb2RlZCBSTFAgZW5jb2Rpbmcgb2YgdGhlIHRyYW5zYWN0aW9uIGFuZCBpdHMgc2lnbmF0dXJlLlxuICAgKi9cbiAgYXN5bmMgc2lnblRyYW5zYWN0aW9uKHR4OiBldGhlcnMuVHJhbnNhY3Rpb25SZXF1ZXN0KTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICAvLyBnZXQgdGhlIGNoYWluIGlkIGZyb20gdGhlIG5ldHdvcmsgb3IgdHhcbiAgICBsZXQgY2hhaW5JZCA9IHR4LmNoYWluSWQ7XG4gICAgaWYgKGNoYWluSWQgPT09IHVuZGVmaW5lZCkge1xuICAgICAgY29uc3QgbmV0d29yayA9IGF3YWl0IHRoaXMucHJvdmlkZXI/LmdldE5ldHdvcmsoKTtcbiAgICAgIGNoYWluSWQgPSBuZXR3b3JrPy5jaGFpbklkPy50b1N0cmluZygpID8/IFwiMVwiO1xuICAgIH1cblxuICAgIC8vIENvbnZlcnQgdGhlIHRyYW5zYWN0aW9uIGludG8gYSBKU09OLVJQQyB0cmFuc2FjdGlvblxuICAgIGNvbnN0IHJwY1R4ID1cbiAgICAgIHRoaXMucHJvdmlkZXIgaW5zdGFuY2VvZiBKc29uUnBjQXBpUHJvdmlkZXJcbiAgICAgICAgPyB0aGlzLnByb3ZpZGVyLmdldFJwY1RyYW5zYWN0aW9uKHR4KVxuICAgICAgICA6IC8vIFdlIGNhbiBqdXN0IGNhbGwgdGhlIGdldFJwY1RyYW5zYWN0aW9uIHdpdGggYVxuICAgICAgICAgIC8vIG51bGwgcmVjZWl2ZXIgc2luY2UgaXQgZG9lc24ndCBhY3R1YWxseSB1c2UgaXRcbiAgICAgICAgICAvLyAoYW5kIHJlYWxseSBzaG91bGQgYmUgZGVjbGFyZWQgc3RhdGljKS5cbiAgICAgICAgICBKc29uUnBjQXBpUHJvdmlkZXIucHJvdG90eXBlLmdldFJwY1RyYW5zYWN0aW9uLmNhbGwobnVsbCwgdHgpO1xuICAgIHJwY1R4LnR5cGUgPSB0b0JlSGV4KHR4LnR5cGUgPz8gMHgwMiwgMSk7IC8vIHdlIGV4cGVjdCAweDBbMC0yXVxuXG4gICAgY29uc3QgcmVxID0gPEV2bVNpZ25SZXF1ZXN0PntcbiAgICAgIGNoYWluX2lkOiBOdW1iZXIoY2hhaW5JZCksXG4gICAgICB0eDogcnBjVHgsXG4gICAgfTtcblxuICAgIGNvbnN0IHJlcyA9IGF3YWl0IHRoaXMuI3NpZ25lclNlc3Npb24uc2lnbkV2bSh0aGlzLiNhZGRyZXNzLCByZXEpO1xuICAgIGNvbnN0IGRhdGEgPSBhd2FpdCB0aGlzLiNoYW5kbGVNZmEocmVzKTtcbiAgICByZXR1cm4gZGF0YS5ybHBfc2lnbmVkX3R4O1xuICB9XG5cbiAgLyoqIFNpZ25zIGFyYml0cmFyeSBtZXNzYWdlcy4gVGhpcyB1c2VzIGV0aGVycy5qcydzIFtoYXNoTWVzc2FnZV0oaHR0cHM6Ly9kb2NzLmV0aGVycy5vcmcvdjYvYXBpL2hhc2hpbmcvI2hhc2hNZXNzYWdlKVxuICAgKiB0byBjb21wdXRlIHRoZSBFSVAtMTkxIGRpZ2VzdCBhbmQgc2lnbnMgdGhpcyBkaWdlc3QgdXNpbmcge0BsaW5rIEtleSNzaWduQmxvYn0uXG4gICAqIFRoZSBrZXkgKGZvciB0aGlzIHNlc3Npb24pIG11c3QgaGF2ZSB0aGUgYFwiQWxsb3dSYXdCbG9iU2lnbmluZ1wiYCBwb2xpY3kgYXR0YWNoZWQuXG4gICAqIEBwYXJhbSB7c3RyaW5nIHwgVWludDhBcnJheX0gbWVzc2FnZSBUaGUgbWVzc2FnZSB0byBzaWduLlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPHN0cmluZz59IFRoZSBzaWduYXR1cmUuXG4gICAqL1xuICBhc3luYyBzaWduTWVzc2FnZShtZXNzYWdlOiBzdHJpbmcgfCBVaW50OEFycmF5KTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICBjb25zdCBkaWdlc3QgPSBldGhlcnMuaGFzaE1lc3NhZ2UobWVzc2FnZSk7XG4gICAgcmV0dXJuIHRoaXMuc2lnbkJsb2IoZGlnZXN0KTtcbiAgfVxuXG4gIC8qKiBTaWducyBFSVAtNzEyIHR5cGVkIGRhdGEuIFRoaXMgdXNlcyBldGhlcnMuanMnc1xuICAgKiBbVHlwZWREYXRhRW5jb2Rlci5oYXNoXShodHRwczovL2RvY3MuZXRoZXJzLm9yZy92Ni9hcGkvaGFzaGluZy8jVHlwZWREYXRhRW5jb2Rlcl9oYXNoKVxuICAgKiB0byBjb21wdXRlIHRoZSBFSVAtNzEyIGRpZ2VzdCBhbmQgc2lnbnMgdGhpcyBkaWdlc3QgdXNpbmcge0BsaW5rIEtleSNzaWduQmxvYn0uXG4gICAqIFRoZSBrZXkgKGZvciB0aGlzIHNlc3Npb24pIG11c3QgaGF2ZSB0aGUgYFwiQWxsb3dSYXdCbG9iU2lnbmluZ1wiYCBwb2xpY3kgYXR0YWNoZWQuXG4gICAqIEBwYXJhbSB7VHlwZWREYXRhRG9tYWlufSBkb21haW4gVGhlIGRvbWFpbiBvZiB0aGUgdHlwZWQgZGF0YS5cbiAgICogQHBhcmFtIHtSZWNvcmQ8c3RyaW5nLCBBcnJheTxUeXBlZERhdGFGaWVsZD4+fSB0eXBlcyBUaGUgdHlwZXMgb2YgdGhlIHR5cGVkIGRhdGEuXG4gICAqIEBwYXJhbSB7UmVjb3JkPHN0cmluZywgYW55Pn0gdmFsdWUgVGhlIHZhbHVlIG9mIHRoZSB0eXBlZCBkYXRhLlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPHN0cmluZz59IFRoZSBzaWduYXR1cmUuXG4gICAqL1xuICBhc3luYyBzaWduVHlwZWREYXRhKFxuICAgIGRvbWFpbjogVHlwZWREYXRhRG9tYWluLFxuICAgIHR5cGVzOiBSZWNvcmQ8c3RyaW5nLCBBcnJheTxUeXBlZERhdGFGaWVsZD4+LFxuICAgIHZhbHVlOiBSZWNvcmQ8c3RyaW5nLCBhbnk+LCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIEB0eXBlc2NyaXB0LWVzbGludC9uby1leHBsaWNpdC1hbnlcbiAgKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICBjb25zdCBkaWdlc3QgPSBUeXBlZERhdGFFbmNvZGVyLmhhc2goZG9tYWluLCB0eXBlcywgdmFsdWUpO1xuICAgIHJldHVybiB0aGlzLnNpZ25CbG9iKGRpZ2VzdCk7XG4gIH1cblxuICAvKiogU2lnbiBhcmJpdHJhcnkgZGlnZXN0LiBUaGlzIHVzZXMge0BsaW5rIEtleSNzaWduQmxvYn0uXG4gICAqIEBwYXJhbSB7c3RyaW5nfSBkaWdlc3QgVGhlIGRpZ2VzdCB0byBzaWduLlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPHN0cmluZz59IFRoZSBzaWduYXR1cmUuXG4gICAqL1xuICBwcml2YXRlIGFzeW5jIHNpZ25CbG9iKGRpZ2VzdDogc3RyaW5nKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICBjb25zdCBibG9iUmVxID0gPEJsb2JTaWduUmVxdWVzdD57XG4gICAgICBtZXNzYWdlX2Jhc2U2NDogQnVmZmVyLmZyb20oZ2V0Qnl0ZXMoZGlnZXN0KSkudG9TdHJpbmcoXCJiYXNlNjRcIiksXG4gICAgfTtcbiAgICAvLyBHZXQgdGhlIGtleSBjb3JyZXNwb25kaW5nIHRvIHRoaXMgYWRkcmVzc1xuICAgIGlmICh0aGlzLiNrZXkgPT09IHVuZGVmaW5lZCkge1xuICAgICAgY29uc3Qga2V5ID0gKGF3YWl0IHRoaXMuI3NpZ25lclNlc3Npb24ua2V5cygpKS5maW5kKChrKSA9PiBrLm1hdGVyaWFsX2lkID09PSB0aGlzLiNhZGRyZXNzKTtcbiAgICAgIGlmIChrZXkgPT09IHVuZGVmaW5lZCkge1xuICAgICAgICB0aHJvdyBuZXcgRXJyb3IoYENhbm5vdCBhY2Nlc3Mga2V5ICcke3RoaXMuI2FkZHJlc3N9J2ApO1xuICAgICAgfVxuICAgICAgdGhpcy4ja2V5ID0ga2V5O1xuICAgIH1cblxuICAgIGNvbnN0IHJlcyA9IGF3YWl0IHRoaXMuI3NpZ25lclNlc3Npb24uc2lnbkJsb2IodGhpcy4ja2V5LmtleV9pZCwgYmxvYlJlcSk7XG4gICAgY29uc3QgZGF0YSA9IGF3YWl0IHRoaXMuI2hhbmRsZU1mYShyZXMpO1xuICAgIHJldHVybiBkYXRhLnNpZ25hdHVyZTtcbiAgfVxuXG4gIC8qKlxuICAgKiBJZiB0aGUgc2lnbiByZXF1ZXN0IHJlcXVpcmVzIE1GQSwgdGhpcyBtZXRob2Qgd2FpdHMgZm9yIGFwcHJvdmFsc1xuICAgKlxuICAgKiBAcGFyYW0ge1NpZ25SZXNwb25zZTxVPn0gcmVzIFRoZSByZXNwb25zZSBvZiBhIHNpZ24gcmVxdWVzdFxuICAgKiBAcmV0dXJuIHtQcm9taXNlPFU+fSBUaGUgc2lnbiBkYXRhIGFmdGVyIE1GQSBhcHByb3ZhbHNcbiAgICovXG4gIGFzeW5jICNoYW5kbGVNZmE8VT4ocmVzOiBTaWduUmVzcG9uc2U8VT4pOiBQcm9taXNlPFU+IHtcbiAgICB3aGlsZSAocmVzLnJlcXVpcmVzTWZhKCkpIHtcbiAgICAgIGF3YWl0IG5ldyBQcm9taXNlKChyZXNvbHZlKSA9PiBzZXRUaW1lb3V0KHJlc29sdmUsIHRoaXMuI21mYVBvbGxJbnRlcnZhbE1zKSk7XG5cbiAgICAgIGNvbnN0IG1mYUluZm8gPSBhd2FpdCB0aGlzLiNzaWduZXJTZXNzaW9uLmdldE1mYUluZm8odGhpcy4jbWFuYWdlbWVudFNlc3Npb24hLCByZXMubWZhSWQoKSk7XG4gICAgICB0aGlzLiNvbk1mYVBvbGwobWZhSW5mbyk7XG4gICAgICBpZiAobWZhSW5mby5yZWNlaXB0KSB7XG4gICAgICAgIHJlcyA9IGF3YWl0IHJlcy5zaWduV2l0aE1mYUFwcHJvdmFsKG1mYUluZm8pO1xuICAgICAgfVxuICAgIH1cbiAgICByZXR1cm4gcmVzLmRhdGEoKTtcbiAgfVxufVxuIl19
package/dist/src/index.d.ts CHANGED
@@ -1,34 +1,35 @@
1
1
  import { EnvInterface } from "./env";
2
- import { components, Client } from "./client";
2
+ import { components, Client, paths } from "./client";
3
3
  import { Org } from "./org";
4
- import { SignerSessionStorage } from "./session/signer_session_manager";
5
- import { SignerSession } from "./signer_session";
6
- import { ManagementSessionManager, ManagementSessionStorage } from "./session/management_session_manager";
7
- import { OidcSessionManager, OidcSessionStorage } from "./session/oidc_session_manager";
4
+ import { SignerSessionStorage, SignerSessionManager } from "./session/signer_session_manager";
5
+ import { MfaRequestInfo, SignResponse, SignerSession } from "./signer_session";
6
+ import { CognitoSessionManager, CognitoSessionStorage } from "./session/cognito_manager";
8
7
  /** CubeSigner constructor options */
9
8
  export interface CubeSignerOptions {
10
9
  /** The environment to use */
11
10
  env?: EnvInterface;
12
11
  /** The management authorization token */
13
- sessionMgr?: ManagementSessionManager | OidcSessionManager;
12
+ sessionMgr?: CognitoSessionManager | SignerSessionManager;
14
13
  }
15
14
  export type UserInfo = components["schemas"]["UserInfo"];
16
15
  export type TotpInfo = components["responses"]["TotpInfo"]["content"]["application/json"];
17
16
  export type ConfiguredMfa = components["schemas"]["ConfiguredMfa"];
17
+ export type RatchetConfig = components["schemas"]["RatchetConfig"];
18
+ type OidcAuthResponse = paths["/v0/org/{org_id}/oidc"]["post"]["responses"]["200"]["content"]["application/json"];
18
19
  /** CubeSigner client */
19
20
  export declare class CubeSigner {
20
21
  #private;
21
- readonly sessionMgr?: ManagementSessionManager | OidcSessionManager;
22
+ readonly sessionMgr?: CognitoSessionManager | SignerSessionManager;
22
23
  /** @return {EnvInterface} The CubeSigner environment of this client */
23
24
  get env(): EnvInterface;
24
25
  /**
25
26
  * Loads an existing management session and creates a CubeSigner instance.
26
- * @param {ManagementSessionStorage} storage Optional session storage to load
27
+ * @param {CognitoSessionStorage} storage Optional session storage to load
27
28
  * the session from. If not specified, the management session from the config
28
29
  * directory will be loaded.
29
30
  * @return {Promise<CubeSigner>} New CubeSigner instance
30
31
  */
31
- static loadManagementSession(storage?: ManagementSessionStorage): Promise<CubeSigner>;
32
+ static loadManagementSession(storage?: CognitoSessionStorage): Promise<CubeSigner>;
32
33
  /**
33
34
  * Loads a signer session from a session storage (e.g., session file).
34
35
  * @param {SignerSessionStorage} storage Optional session storage to load
@@ -37,37 +38,38 @@ export declare class CubeSigner {
37
38
  * @return {Promise<SignerSession>} New signer session
38
39
  */
39
40
  static loadSignerSession(storage?: SignerSessionStorage): Promise<SignerSession>;
40
- /**
41
- * Loads a signer session from OIDC storage
42
- * @param {OidcSessionStorage} storage The storage to load from
43
- * @return {Promise<SignerSession>} New signer session
44
- */
45
- static loadOidcSession(storage: OidcSessionStorage): Promise<SignerSession>;
46
41
  /**
47
42
  * Create a new CubeSigner instance.
48
- * @param {CubeSignerOptions} options The options for the CubeSigner instance.
43
+ * @param {CubeSignerOptions} options The optional configuraiton options for the CubeSigner instance.
49
44
  */
50
- constructor(options: CubeSignerOptions);
45
+ constructor(options?: CubeSignerOptions);
51
46
  /**
52
- * Authenticate an OIDC user and create a new OIDC session manager for them.
47
+ * Authenticate an OIDC user and create a new session manager for them.
53
48
  * @param {string} oidcToken The OIDC token
54
49
  * @param {string} orgId The id of the organization that the user is in
55
50
  * @param {List<string>} scopes The scopes of the resulting session
56
- * @param {OidcSessionStorage} storage The signer session storage
57
- * @return {Promise<OidcSessionManager>} The OIDC session manager
51
+ * @param {RatchetConfig} lifetimes Lifetimes of the new session.
52
+ * @param {SignerSessionStorage?} storage Optional signer session storage (defaults to in-memory storage)
53
+ * @return {Promise<SignerSessionManager>} The signer session manager
58
54
  */
59
- createOidcManager(oidcToken: string, orgId: string, scopes: Array<string>, storage?: OidcSessionStorage): Promise<OidcSessionManager>;
60
- /**
61
- * Authenticate an OIDC user and create a new session for them.
62
- * @param {string} oidcToken The OIDC token
63
- * @param {string} orgId The id of the organization that the user is in
64
- * @param {List<string>} scopes The scopes of the resulting session
65
- * @param {OidcSessionStorage} storage The signer session storage
66
- * @return {Promise<SignerSession>} The signer session
67
- */
68
- createOidcSession(oidcToken: string, orgId: string, scopes: Array<string>, storage?: OidcSessionStorage): Promise<SignerSession>;
55
+ oidcAuth(oidcToken: string, orgId: string, scopes: Array<string>, lifetimes?: RatchetConfig, storage?: SignerSessionStorage): Promise<SignerSessionManager>;
69
56
  /** Retrieves information about the current user. */
70
57
  aboutMe(): Promise<UserInfo>;
58
+ /**
59
+ * Creates and sets a new TOTP configuration for the logged in user,
60
+ * if and only if no TOTP configuration is already set.
61
+ *
62
+ * @return {Promise<TotpInfo>} Newly created TOTP configuration.
63
+ */
64
+ initTotp(): Promise<TotpInfo>;
65
+ /**
66
+ * Retrieves existing MFA request.
67
+ *
68
+ * @param {string} orgId Organization ID
69
+ * @param {string} mfaId MFA request ID
70
+ * @return {Promise<MfaRequestInfo>} MFA request information
71
+ */
72
+ mfaGet(orgId: string, mfaId: string): Promise<MfaRequestInfo>;
71
73
  /**
72
74
  * Creates and sets a new TOTP configuration for the logged-in user,
73
75
  * overriding the existing one (if any).
@@ -89,6 +91,23 @@ export declare class CubeSigner {
89
91
  * @internal
90
92
  * */
91
93
  management(): Promise<Client>;
94
+ /**
95
+ * Exchange an OIDC token for a CubeSigner session token.
96
+ * @param {string} oidcToken The OIDC token
97
+ * @param {string} orgId The id of the organization that the user is in
98
+ * @param {List<string>} scopes The scopes of the resulting session
99
+ * @param {RatchetConfig} lifetimes Lifetimes of the new session.
100
+ * @param {MfaReceipt} mfaReceipt Optional MFA receipt (id + confirmation code)
101
+ * @return {Promise<SignResponse<OidcAuthResponse>>} The session data.
102
+ */
103
+ oidcLogin(oidcToken: string, orgId: string, scopes: Array<string>, lifetimes?: RatchetConfig, mfaReceipt?: MfaReceipt): Promise<SignResponse<OidcAuthResponse>>;
104
+ }
105
+ /** MFA receipt */
106
+ export interface MfaReceipt {
107
+ /** MFA request ID */
108
+ mfaId: string;
109
+ /** MFA confirmation code */
110
+ mfaConf: string;
92
111
  }
93
112
  /** Organizations */
94
113
  export * from "./org";
@@ -105,9 +124,7 @@ export * from "./session/session_storage";
105
124
  /** Session manager */
106
125
  export * from "./session/session_manager";
107
126
  /** Management session manager */
108
- export * from "./session/management_session_manager";
109
- /** OIDC session manager */
110
- export * from "./session/oidc_session_manager";
127
+ export * from "./session/cognito_manager";
111
128
  /** Signer session manager */
112
129
  export * from "./session/signer_session_manager";
113
130
  /** Export ethers.js Signer */