npm - @cubist-labs/cubesigner-sdk - Versions diffs - 0.1.26 → 0.1.77 - Mend

@cubist-labs/cubesigner-sdk 0.1.26 → 0.1.77

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

package/README.md +94 -33
package/dist/src/ethers/index.d.ts +25 -5
package/dist/src/ethers/index.js +58 -16
package/dist/src/fido.d.ts +76 -0
package/dist/src/fido.js +148 -0
package/dist/src/index.d.ts +148 -35
package/dist/src/index.js +320 -53
package/dist/src/key.d.ts +64 -8
package/dist/src/key.js +91 -19
package/dist/src/org.d.ts +98 -9
package/dist/src/org.js +144 -29
package/dist/src/paginator.d.ts +76 -0
package/dist/src/paginator.js +99 -0
package/dist/src/role.d.ts +20 -8
package/dist/src/role.js +7 -5
package/dist/src/schema.d.ts +2395 -393
package/dist/src/schema.js +1 -1
package/dist/src/session/cognito_manager.d.ts +59 -0
package/dist/src/session/cognito_manager.js +111 -0
package/dist/src/session/session_manager.d.ts +15 -0
package/dist/src/session/session_manager.js +21 -2
package/dist/src/session/session_storage.js +1 -1
package/dist/src/session/signer_session_manager.d.ts +24 -12
package/dist/src/session/signer_session_manager.js +45 -20
package/dist/src/signer_session.d.ts +136 -38
package/dist/src/signer_session.js +187 -80
package/dist/src/util.d.ts +20 -0
package/dist/src/util.js +31 -2
package/package.json +12 -7
package/src/ethers/index.ts +88 -16
package/src/fido.ts +166 -0
package/src/index.ts +366 -77
package/src/key.ts +112 -16
package/src/org.ts +200 -37
package/src/paginator.ts +122 -0
package/src/role.ts +24 -11
package/src/schema.ts +2458 -449
package/src/session/{management_session_manager.ts → cognito_manager.ts} +13 -15
package/src/session/session_manager.ts +25 -1
package/src/session/session_storage.ts +1 -1
package/src/session/signer_session_manager.ts +57 -27
package/src/signer_session.ts +266 -89
package/src/util.ts +41 -0
package/src/session/oidc_session_manager.ts +0 -193

package/README.md CHANGED Viewed

@@ -71,11 +71,11 @@ session manager:
 ```typescript
 // Load session from a JSON file
-const fileStorage = new cs.JsonFileSessionStorage<cs.ManagementSessionInfo>(
+const fileStorage = new cs.JsonFileSessionStorage<cs.CognitoSessionInfo>(
   `${process.env.HOME}/.config/cubesigner/management-session.json`,
 );
 // Create a session manager for a management token
-const sessionMgr = await cs.ManagementSessionManager.loadFromStorage(fileStorage);
+const sessionMgr = await cs.CognitoSessionManager.loadFromStorage(fileStorage);
 new cs.CubeSigner({
   sessionMgr,
 });
@@ -113,7 +113,8 @@ transaction. For that, we need a key of type `Secp256k1.Evm`.
 const secpKey = await org.createKey(cs.Secp256k1.Evm);
 assert((await secpKey.owner()) == me.user_id);
 assert(await secpKey.enabled());
-console.log(`Created '${secpKey.type}' key ${secpKey.id}`);
+assert(await secpKey.type(), cs.Secp256k1.Evm);
+console.log(`Created '${cs.Secp256k1.Evm}' key ${secpKey.id}`);
 ```
 ### Create a `Role` and a `SignerSession`
@@ -201,7 +202,7 @@ assert(sig.data().rlp_signed_tx);
 ```typescript
 const { ethers } = require("ethers");
 // Create new Signer
-const ethersSigner = new cs.ethers.Signer(secpKey.materialId, session /*, provider */);
+const ethersSigner = new cs.ethers.Signer(secpKey.materialId, session);
 assert((await ethersSigner.getAddress()) === secpKey.materialId);
 // sign transaction as usual:
 console.log(
@@ -264,22 +265,30 @@ disabled for `BLS` keys, and for other key types it can be enabled by
 attaching an `"AllowRawBlobSigning"` policy:
 ```typescript
-console.log("Confirming that raw blob is rejected by default");
-const blobReq = <cs.BlobSignRequest>{
-  message_base64: "L1kE9g59xD3fzYQQSR7340BwU9fGrP6EMfIFcyX/YBc=",
-};
-try {
-  await session.signBlob(secpKey, blobReq);
-  assert(false, "Must be rejected by policy");
-} catch (e) {
-  assert(`${e}`.includes("Raw blob signing not allowed"));
+// Create a new Ed25519 key (e.g., for Cardano) and add it to our session role
+const edKey = await org.createKey(cs.Ed25519.Cardano);
+await role.addKey(edKey);
+console.log(`Created '${await edKey.type()}' key ${edKey.id} and added it to role ${role.id}`);
+// Sign raw blobs with our new ed key and the secp we created before
+for (const key of [edKey, secpKey]) {
+  console.log(`Confirming that raw blob with ${await key.type()} is rejected by default`);
+  const blobReq = <cs.BlobSignRequest>{
+    message_base64: "L1kE9g59xD3fzYQQSR7340BwU9fGrP6EMfIFcyX/YBc=",
+  };
+  try {
+    await session.signBlob(key, blobReq);
+    assert(false, "Must be rejected by policy");
+  } catch (e) {
+    assert(`${e}`.includes("Raw blob signing not allowed"));
+  }
+  console.log("Signing raw blob after adding 'AllowRawBlobSigning' policy");
+  await key.appendPolicy(["AllowRawBlobSigning"]);
+  const blobSig = await session.signBlob(key, blobReq);
+  console.log(blobSig.data());
+  assert(blobSig.data().signature);
 }
-console.log("Signing raw blob after adding 'AllowRawBlobSigning' policy");
-await secpKey.appendPolicy(["AllowRawBlobSigning"]);
-const blobSig = await session.signBlob(secpKey, blobReq);
-console.log(blobSig.data());
-assert(blobSig.data().signature);
 ```
 > **Warning**
@@ -343,12 +352,29 @@ export the underlying token:
 const oidcToken = await cubesigner.sessionMgr!.token();
 ```
-and then exchange it for either a _signer_ session (i.e., an instance
-of `SignerSession`, required by all signing endpoints, e.g.,
-`signEvm`)
+Before we can use the OIDC token for authentication, we must add an org policy
+to allow the particular issuer/audience pair from the token.
 ```typescript
-const oidcSession = await cubesigner.createOidcSession(oidcToken, org.id, ["sign:*"]);
+const oldOrgPolicy = await org.policy();
+const oidcPayload = JSON.parse(atob(oidcToken.split(".")[1].replace(/-/g, "+").replace(/_/g, "/")));
+const oidcAuthSourcesPolicy = {
+  OidcAuthSources: {
+    [oidcPayload.iss]: [oidcPayload.aud],
+  },
+};
+console.log("Setting org policy", oidcAuthSourcesPolicy);
+await org.setPolicy([oidcAuthSourcesPolicy]);
+```
+Finally, exchange the OIDC token for either a _signer_ session (i.e., an instance
+of `SignerSession`, required by all signing endpoints, e.g., `signEvm`)
+```typescript
+const oidcSession = new cs.SignerSession(
+  // we'll use this session for both signing and approving MFA request, hence the following scopes
+  await cubesigner.oidcAuth(oidcToken, org.id, ["manage:mfa", "sign:*"]),
+);
 ```
 or a _management_ session (i.e., and instance of `CubeSigner`,
@@ -357,7 +383,7 @@ information, configuring user MFA methods, etc.).
 ```typescript
 const oidcCubeSigner = new cs.CubeSigner({
-  sessionMgr: await cubesigner.createOidcManager(oidcToken, org.id, ["manage:*"]),
+  sessionMgr: await cubesigner.oidcAuth(oidcToken, org.id, ["manage:*"]),
 });
 ```
@@ -374,26 +400,56 @@ doesn't matter if that user is native to CubeSigner or a third-party
 OIDC user. For that purpose, in this section we are going to use the
 previously created `oidcCubeSigner` instance.
-To set up TOTP, we call the `resetTotp` method which creates a new
-TOTP configuration for the users (overwriting the previous one, if
-any) and returns a [TOTP
-url](https://github.com/google/google-authenticator/wiki/Key-Uri-Format).
+To set up TOTP, we first call the `resetTotpStart` method to initiate a
+TOTP reset procedure.
 ```typescript
 console.log(`Setting up TOTP for user ${me.email}`);
-const totpResp = await oidcCubeSigner.resetTotp();
-assert(totpResp.totp_url);
+let totpResetResp = await oidcCubeSigner.resetTotpStart();
+```
+If the user has already configured TOTP (or any other form of MFA),
+this response will require multi factor authentication. In that case,
+for example, call `approveTotp` and provide the code for the existing
+TOTP to proceed:
+```typescript
+import { authenticator } from "otplib"; // npm install otplib@12.0.1
+let totpSecret = process.env["CS_USER_TOTP_SECRET"]!;
+if (totpResetResp.requiresMfa()) {
+  console.log("Resetting TOTP requires MFA");
+  const code = authenticator.generate(totpSecret);
+  totpResetResp = await totpResetResp.approveTotp(oidcSession, code);
+  assert(!totpResetResp.requiresMfa());
+  console.log("MFA approved using existing TOTP");
+}
 ```
+The response contains a TOTP challenge, i.e., a new TOTP
+configuration in the form of the standard
+[TOTP url](https://github.com/google/google-authenticator/wiki/Key-Uri-Format).
 From that url, we can generate a QR code to present to the user, or
 create an authenticator for automated testing.
 ```typescript
-import { authenticator } from "otplib"; // npm install otplib@12.0.1
+const totpChallenge = totpResetResp.data();
+assert(totpChallenge.totpUrl);
+```
+To complete the challenge, we must call `resetTotpComplete` and
+provide the TOTP code matching the TOTP configuration from the challenge:
-const totpSecret = new URL(totpResp.totp_url).searchParams.get("secret");
+```typescript norun
+totpSecret = new URL(totpChallenge.totp_url).searchParams.get("secret");
 assert(totpSecret);
+await totpChallenge.answer(authenticator.generate(totpSecret));
+```
+After TOTP is configured, we can double check that our authenticator
+is generating the correct code by calling `verifyTotp`
+```typescript
 console.log(`Verifying current TOTP code`);
 let code = authenticator.generate(totpSecret);
 await oidcCubeSigner.verifyTotp(code);
@@ -405,7 +461,7 @@ as one of the configured MFA factors.
 ```typescript
 const mfa = (await oidcCubeSigner.aboutMe()).mfa;
 console.log("Configured MFA types", mfa);
-assert(mfa.includes("Totp"));
+assert(mfa.map((m) => m.type).includes("totp"));
 ```
 ### Configure MFA policy for signing
@@ -453,6 +509,11 @@ we created.
 console.log("Cleaning up");
 await session.sessionMgr.revoke();
 await role.delete();
+// restore the old policy for the sake of repeatability of this example
+// (normally you'd set your org policies once and leave them be)
+console.log("Restoring org policy", oldOrgPolicy);
+await org.setPolicy(oldOrgPolicy);
 ```
 As of now, deleting keys is not supported.

package/dist/src/ethers/index.d.ts CHANGED Viewed

@@ -1,16 +1,35 @@
 import { TypedDataDomain, TypedDataField, ethers } from "ethers";
-import { SignerSession } from "../signer_session";
+import { MfaRequestInfo, SignerSession } from "../signer_session";
+import { KeyInfo } from "../key";
+import { CubeSigner } from "..";
+/** Options for the signer */
+interface SignerOptions {
+    /** Optional provider to use */
+    provider?: null | ethers.Provider;
+    /**
+     * The function to call when MFA information is retrieved. If this callback
+     * throws, no transaction is broadcast.
+     */
+    onMfaPoll?: (arg0: MfaRequestInfo) => void;
+    /**
+     * The amount of time (in milliseconds) to wait between checks for MFA
+     * updates. Default is 1000ms
+     */
+    mfaPollIntervalMs?: number;
+    /** Optional management session. Used to check for MFA updates */
+    managementSession?: CubeSigner;
+}
 /**
  * A ethers.js Signer using CubeSigner
  */
 export declare class Signer extends ethers.AbstractSigner {
     #private;
     /** Create new Signer instance
-     * @param {string} address The address of the account to use.
+     * @param {KeyInfo | string} address The key or the eth address of the account to use.
      * @param {SignerSession} signerSession The underlying Signer session.
-     * @param {null | ethers.Provider} provider The optional provider instance to use.
+     * @param {SignerOptions} options The options to use for the Signer instance
      */
-    constructor(address: string, signerSession: SignerSession, provider?: null | ethers.Provider);
+    constructor(address: KeyInfo | string, signerSession: SignerSession, options?: SignerOptions);
     /** Resolves to the signer address. */
     getAddress(): Promise<string>;
     /**
@@ -20,7 +39,7 @@ export declare class Signer extends ethers.AbstractSigner {
      */
     connect(provider: null | ethers.Provider): Signer;
     /**
-     * Signs a transaction. This populates the transaction type to `0x02` (EIP-1559) unless set.
+     * Signs a transaction. This populates the transaction type to `0x02` (EIP-1559) unless set. This method will block if the key requires MFA approval.
      * @param {ethers.TransactionRequest} tx The transaction to sign.
      * @return {Promise<string>} Hex-encoded RLP encoding of the transaction and its signature.
      */
@@ -48,3 +67,4 @@ export declare class Signer extends ethers.AbstractSigner {
      */
     private signBlob;
 }
+export {};

package/dist/src/ethers/index.js CHANGED Viewed

@@ -10,7 +10,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
-var _Signer_address, _Signer_key, _Signer_signerSession;
+var _Signer_instances, _Signer_address, _Signer_key, _Signer_signerSession, _Signer_onMfaPoll, _Signer_mfaPollIntervalMs, _Signer_managementSession, _Signer_handleMfa;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Signer = void 0;
 const ethers_1 = require("ethers");
@@ -19,20 +19,39 @@ const ethers_1 = require("ethers");
  */
 class Signer extends ethers_1.ethers.AbstractSigner {
     /** Create new Signer instance
-     * @param {string} address The address of the account to use.
+     * @param {KeyInfo | string} address The key or the eth address of the account to use.
      * @param {SignerSession} signerSession The underlying Signer session.
-     * @param {null | ethers.Provider} provider The optional provider instance to use.
+     * @param {SignerOptions} options The options to use for the Signer instance
      */
-    constructor(address, signerSession, provider) {
-        super(provider);
+    constructor(address, signerSession, options) {
+        super(options?.provider);
+        _Signer_instances.add(this);
         /** The address of the account */
         _Signer_address.set(this, void 0);
         /** The key to use for signing */
         _Signer_key.set(this, void 0);
         /** The underlying session */
         _Signer_signerSession.set(this, void 0);
-        __classPrivateFieldSet(this, _Signer_address, address, "f");
+        /**
+         * The function to call when MFA information is retrieved. If this callback
+         * throws, no transaction is broadcast.
+         */
+        _Signer_onMfaPoll.set(this, void 0);
+        /** The amount of time to wait between checks for MFA updates */
+        _Signer_mfaPollIntervalMs.set(this, void 0);
+        /** Optional management session, used for MFA flows */
+        _Signer_managementSession.set(this, void 0);
+        if (typeof address === "string") {
+            __classPrivateFieldSet(this, _Signer_address, address, "f");
+        }
+        else {
+            __classPrivateFieldSet(this, _Signer_address, address.materialId, "f");
+            __classPrivateFieldSet(this, _Signer_key, address, "f");
+        }
         __classPrivateFieldSet(this, _Signer_signerSession, signerSession, "f");
+        __classPrivateFieldSet(this, _Signer_onMfaPoll, options?.onMfaPoll ?? (( /* _mfaInfo: MfaRequestInfo */) => { }), "f"); // eslint-disable-line @typescript-eslint/no-empty-function
+        __classPrivateFieldSet(this, _Signer_mfaPollIntervalMs, options?.mfaPollIntervalMs ?? 1000, "f");
+        __classPrivateFieldSet(this, _Signer_managementSession, options?.managementSession, "f");
     }
     /** Resolves to the signer address. */
     async getAddress() {
@@ -44,10 +63,10 @@ class Signer extends ethers_1.ethers.AbstractSigner {
      *  @return {Signer} The signer connected to signer.
      */
     connect(provider) {
-        return new Signer(__classPrivateFieldGet(this, _Signer_address, "f"), __classPrivateFieldGet(this, _Signer_signerSession, "f"), provider);
+        return new Signer(__classPrivateFieldGet(this, _Signer_address, "f"), __classPrivateFieldGet(this, _Signer_signerSession, "f"), { provider });
     }
     /**
-     * Signs a transaction. This populates the transaction type to `0x02` (EIP-1559) unless set.
+     * Signs a transaction. This populates the transaction type to `0x02` (EIP-1559) unless set. This method will block if the key requires MFA approval.
      * @param {ethers.TransactionRequest} tx The transaction to sign.
      * @return {Promise<string>} Hex-encoded RLP encoding of the transaction and its signature.
      */
@@ -70,8 +89,9 @@ class Signer extends ethers_1.ethers.AbstractSigner {
             chain_id: Number(chainId),
             tx: rpcTx,
         };
-        const sig = await __classPrivateFieldGet(this, _Signer_signerSession, "f").signEvm(__classPrivateFieldGet(this, _Signer_address, "f"), req);
-        return sig.data().rlp_signed_tx;
+        const res = await __classPrivateFieldGet(this, _Signer_signerSession, "f").signEvm(__classPrivateFieldGet(this, _Signer_address, "f"), req);
+        const data = await __classPrivateFieldGet(this, _Signer_instances, "m", _Signer_handleMfa).call(this, res);
+        return data.rlp_signed_tx;
     }
     /** Signs arbitrary messages. This uses ethers.js's [hashMessage](https://docs.ethers.org/v6/api/hashing/#hashMessage)
      * to compute the EIP-191 digest and signs this digest using {@link Key#signBlob}.
@@ -106,17 +126,39 @@ class Signer extends ethers_1.ethers.AbstractSigner {
         };
         // Get the key corresponding to this address
         if (__classPrivateFieldGet(this, _Signer_key, "f") === undefined) {
-            const key = (await __classPrivateFieldGet(this, _Signer_signerSession, "f").keys()).find((k) => k.materialId === __classPrivateFieldGet(this, _Signer_address, "f"));
+            const key = (await __classPrivateFieldGet(this, _Signer_signerSession, "f").keys()).find((k) => k.material_id === __classPrivateFieldGet(this, _Signer_address, "f"));
             if (key === undefined) {
                 throw new Error(`Cannot access key '${__classPrivateFieldGet(this, _Signer_address, "f")}'`);
             }
             __classPrivateFieldSet(this, _Signer_key, key, "f");
         }
-        // sign
-        const result = await __classPrivateFieldGet(this, _Signer_signerSession, "f").signBlob(__classPrivateFieldGet(this, _Signer_key, "f"), blobReq);
-        return result.data().signature;
+        const res = await __classPrivateFieldGet(this, _Signer_signerSession, "f").signBlob(__classPrivateFieldGet(this, _Signer_key, "f").key_id, blobReq);
+        const data = await __classPrivateFieldGet(this, _Signer_instances, "m", _Signer_handleMfa).call(this, res);
+        return data.signature;
     }
 }
 exports.Signer = Signer;
-_Signer_address = new WeakMap(), _Signer_key = new WeakMap(), _Signer_signerSession = new WeakMap();
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvZXRoZXJzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7OztBQUFBLG1DQVFnQjtBQUloQjs7R0FFRztBQUNILE1BQWEsTUFBTyxTQUFRLGVBQU0sQ0FBQyxjQUFjO0lBVS9DOzs7O09BSUc7SUFDSCxZQUFZLE9BQWUsRUFBRSxhQUE0QixFQUFFLFFBQWlDO1FBQzFGLEtBQUssQ0FBQyxRQUFRLENBQUMsQ0FBQztRQWZsQixpQ0FBaUM7UUFDeEIsa0NBQWlCO1FBRTFCLGlDQUFpQztRQUNqQyw4QkFBVztRQUVYLDZCQUE2QjtRQUNwQix3Q0FBOEI7UUFTckMsdUJBQUEsSUFBSSxtQkFBWSxPQUFPLE1BQUEsQ0FBQztRQUN4Qix1QkFBQSxJQUFJLHlCQUFrQixhQUFhLE1BQUEsQ0FBQztJQUN0QyxDQUFDO0lBRUQsc0NBQXNDO0lBQ3RDLEtBQUssQ0FBQyxVQUFVO1FBQ2QsT0FBTyx1QkFBQSxJQUFJLHVCQUFTLENBQUM7SUFDdkIsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxPQUFPLENBQUMsUUFBZ0M7UUFDdEMsT0FBTyxJQUFJLE1BQU0sQ0FBQyx1QkFBQSxJQUFJLHVCQUFTLEVBQUUsdUJBQUEsSUFBSSw2QkFBZSxFQUFFLFFBQVEsQ0FBQyxDQUFDO0lBQ2xFLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLGVBQWUsQ0FBQyxFQUE2QjtRQUNqRCwwQ0FBMEM7UUFDMUMsSUFBSSxPQUFPLEdBQUcsRUFBRSxDQUFDLE9BQU8sQ0FBQztRQUN6QixJQUFJLE9BQU8sS0FBSyxTQUFTLEVBQUU7WUFDekIsTUFBTSxPQUFPLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxFQUFFLFVBQVUsRUFBRSxDQUFDO1lBQ2xELE9BQU8sR0FBRyxPQUFPLEVBQUUsT0FBTyxFQUFFLFFBQVEsRUFBRSxJQUFJLEdBQUcsQ0FBQztTQUMvQztRQUVELHNEQUFzRDtRQUN0RCxNQUFNLEtBQUssR0FDVCxJQUFJLENBQUMsUUFBUSxZQUFZLDJCQUFrQjtZQUN6QyxDQUFDLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQyxFQUFFLENBQUM7WUFDckMsQ0FBQyxDQUFDLGdEQUFnRDtnQkFDaEQsaURBQWlEO2dCQUNqRCwwQ0FBMEM7Z0JBQzFDLDJCQUFrQixDQUFDLFNBQVMsQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ3BFLEtBQUssQ0FBQyxJQUFJLEdBQUcsSUFBQSxnQkFBTyxFQUFDLEVBQUUsQ0FBQyxJQUFJLElBQUksSUFBSSxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMscUJBQXFCO1FBRS9ELE1BQU0sR0FBRyxHQUFtQjtZQUMxQixRQUFRLEVBQUUsTUFBTSxDQUFDLE9BQU8sQ0FBQztZQUN6QixFQUFFLEVBQUUsS0FBSztTQUNWLENBQUM7UUFDRixNQUFNLEdBQUcsR0FBRyxNQUFNLHVCQUFBLElBQUksNkJBQWUsQ0FBQyxPQUFPLENBQUMsdUJBQUEsSUFBSSx1QkFBUyxFQUFFLEdBQUcsQ0FBQyxDQUFDO1FBQ2xFLE9BQU8sR0FBRyxDQUFDLElBQUksRUFBRSxDQUFDLGFBQWEsQ0FBQztJQUNsQyxDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSCxLQUFLLENBQUMsV0FBVyxDQUFDLE9BQTRCO1FBQzVDLE1BQU0sTUFBTSxHQUFHLGVBQU0sQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDM0MsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQy9CLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNILEtBQUssQ0FBQyxhQUFhLENBQ2pCLE1BQXVCLEVBQ3ZCLEtBQTRDLEVBQzVDLEtBQTBCO1FBRTFCLE1BQU0sTUFBTSxHQUFHLHlCQUFnQixDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsS0FBSyxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzNELE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0ssS0FBSyxDQUFDLFFBQVEsQ0FBQyxNQUFjO1FBQ25DLE1BQU0sT0FBTyxHQUFvQjtZQUMvQixjQUFjLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFBLGlCQUFRLEVBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDO1NBQ2pFLENBQUM7UUFDRiw0Q0FBNEM7UUFDNUMsSUFBSSx1QkFBQSxJQUFJLG1CQUFLLEtBQUssU0FBUyxFQUFFO1lBQzNCLE1BQU0sR0FBRyxHQUFHLENBQUMsTUFBTSx1QkFBQSxJQUFJLDZCQUFlLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxVQUFVLEtBQUssdUJBQUEsSUFBSSx1QkFBUyxDQUFDLENBQUM7WUFDM0YsSUFBSSxHQUFHLEtBQUssU0FBUyxFQUFFO2dCQUNyQixNQUFNLElBQUksS0FBSyxDQUFDLHNCQUFzQix1QkFBQSxJQUFJLHVCQUFTLEdBQUcsQ0FBQyxDQUFDO2FBQ3pEO1lBQ0QsdUJBQUEsSUFBSSxlQUFRLEdBQUcsTUFBQSxDQUFDO1NBQ2pCO1FBQ0QsT0FBTztRQUNQLE1BQU0sTUFBTSxHQUFHLE1BQU0sdUJBQUEsSUFBSSw2QkFBZSxDQUFDLFFBQVEsQ0FBQyx1QkFBQSxJQUFJLG1CQUFLLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDdEUsT0FBTyxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUMsU0FBUyxDQUFDO0lBQ2pDLENBQUM7Q0FDRjtBQW5IRCx3QkFtSEMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQge1xuICBKc29uUnBjQXBpUHJvdmlkZXIsXG4gIFR5cGVkRGF0YURvbWFpbixcbiAgVHlwZWREYXRhRW5jb2RlcixcbiAgVHlwZWREYXRhRmllbGQsXG4gIGV0aGVycyxcbiAgZ2V0Qnl0ZXMsXG4gIHRvQmVIZXgsXG59IGZyb20gXCJldGhlcnNcIjtcbmltcG9ydCB7IEJsb2JTaWduUmVxdWVzdCwgRXZtU2lnblJlcXVlc3QsIFNpZ25lclNlc3Npb24gfSBmcm9tIFwiLi4vc2lnbmVyX3Nlc3Npb25cIjtcbmltcG9ydCB7IEtleSB9IGZyb20gXCIuLi9rZXlcIjtcblxuLyoqXG4gKiBBIGV0aGVycy5qcyBTaWduZXIgdXNpbmcgQ3ViZVNpZ25lclxuICovXG5leHBvcnQgY2xhc3MgU2lnbmVyIGV4dGVuZHMgZXRoZXJzLkFic3RyYWN0U2lnbmVyIHtcbiAgLyoqIFRoZSBhZGRyZXNzIG9mIHRoZSBhY2NvdW50ICovXG4gIHJlYWRvbmx5ICNhZGRyZXNzOiBzdHJpbmc7XG5cbiAgLyoqIFRoZSBrZXkgdG8gdXNlIGZvciBzaWduaW5nICovXG4gICNrZXk/OiBLZXk7XG5cbiAgLyoqIFRoZSB1bmRlcmx5aW5nIHNlc3Npb24gKi9cbiAgcmVhZG9ubHkgI3NpZ25lclNlc3Npb246IFNpZ25lclNlc3Npb247XG5cbiAgLyoqIENyZWF0ZSBuZXcgU2lnbmVyIGluc3RhbmNlXG4gICAqIEBwYXJhbSB7c3RyaW5nfSBhZGRyZXNzIFRoZSBhZGRyZXNzIG9mIHRoZSBhY2NvdW50IHRvIHVzZS5cbiAgICogQHBhcmFtIHtTaWduZXJTZXNzaW9ufSBzaWduZXJTZXNzaW9uIFRoZSB1bmRlcmx5aW5nIFNpZ25lciBzZXNzaW9uLlxuICAgKiBAcGFyYW0ge251bGwgfCBldGhlcnMuUHJvdmlkZXJ9IHByb3ZpZGVyIFRoZSBvcHRpb25hbCBwcm92aWRlciBpbnN0YW5jZSB0byB1c2UuXG4gICAqL1xuICBjb25zdHJ1Y3RvcihhZGRyZXNzOiBzdHJpbmcsIHNpZ25lclNlc3Npb246IFNpZ25lclNlc3Npb24sIHByb3ZpZGVyPzogbnVsbCB8IGV0aGVycy5Qcm92aWRlcikge1xuICAgIHN1cGVyKHByb3ZpZGVyKTtcbiAgICB0aGlzLiNhZGRyZXNzID0gYWRkcmVzcztcbiAgICB0aGlzLiNzaWduZXJTZXNzaW9uID0gc2lnbmVyU2Vzc2lvbjtcbiAgfVxuXG4gIC8qKiBSZXNvbHZlcyB0byB0aGUgc2lnbmVyIGFkZHJlc3MuICovXG4gIGFzeW5jIGdldEFkZHJlc3MoKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICByZXR1cm4gdGhpcy4jYWRkcmVzcztcbiAgfVxuXG4gIC8qKlxuICAgKiAgUmV0dXJucyB0aGUgc2lnbmVyIGNvbm5lY3RlZCB0byAlJXByb3ZpZGVyJSUuXG4gICAqICBAcGFyYW0ge251bGwgfCBldGhlcnMuUHJvdmlkZXJ9IHByb3ZpZGVyIFRoZSBvcHRpb25hbCBwcm92aWRlciBpbnN0YW5jZSB0byB1c2UuXG4gICAqICBAcmV0dXJuIHtTaWduZXJ9IFRoZSBzaWduZXIgY29ubmVjdGVkIHRvIHNpZ25lci5cbiAgICovXG4gIGNvbm5lY3QocHJvdmlkZXI6IG51bGwgfCBldGhlcnMuUHJvdmlkZXIpOiBTaWduZXIge1xuICAgIHJldHVybiBuZXcgU2lnbmVyKHRoaXMuI2FkZHJlc3MsIHRoaXMuI3NpZ25lclNlc3Npb24sIHByb3ZpZGVyKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBTaWducyBhIHRyYW5zYWN0aW9uLiBUaGlzIHBvcHVsYXRlcyB0aGUgdHJhbnNhY3Rpb24gdHlwZSB0byBgMHgwMmAgKEVJUC0xNTU5KSB1bmxlc3Mgc2V0LlxuICAgKiBAcGFyYW0ge2V0aGVycy5UcmFuc2FjdGlvblJlcXVlc3R9IHR4IFRoZSB0cmFuc2FjdGlvbiB0byBzaWduLlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPHN0cmluZz59IEhleC1lbmNvZGVkIFJMUCBlbmNvZGluZyBvZiB0aGUgdHJhbnNhY3Rpb24gYW5kIGl0cyBzaWduYXR1cmUuXG4gICAqL1xuICBhc3luYyBzaWduVHJhbnNhY3Rpb24odHg6IGV0aGVycy5UcmFuc2FjdGlvblJlcXVlc3QpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIC8vIGdldCB0aGUgY2hhaW4gaWQgZnJvbSB0aGUgbmV0d29yayBvciB0eFxuICAgIGxldCBjaGFpbklkID0gdHguY2hhaW5JZDtcbiAgICBpZiAoY2hhaW5JZCA9PT0gdW5kZWZpbmVkKSB7XG4gICAgICBjb25zdCBuZXR3b3JrID0gYXdhaXQgdGhpcy5wcm92aWRlcj8uZ2V0TmV0d29yaygpO1xuICAgICAgY2hhaW5JZCA9IG5ldHdvcms/LmNoYWluSWQ/LnRvU3RyaW5nKCkgPz8gXCIxXCI7XG4gICAgfVxuXG4gICAgLy8gQ29udmVydCB0aGUgdHJhbnNhY3Rpb24gaW50byBhIEpTT04tUlBDIHRyYW5zYWN0aW9uXG4gICAgY29uc3QgcnBjVHggPVxuICAgICAgdGhpcy5wcm92aWRlciBpbnN0YW5jZW9mIEpzb25ScGNBcGlQcm92aWRlclxuICAgICAgICA/IHRoaXMucHJvdmlkZXIuZ2V0UnBjVHJhbnNhY3Rpb24odHgpXG4gICAgICAgIDogLy8gV2UgY2FuIGp1c3QgY2FsbCB0aGUgZ2V0UnBjVHJhbnNhY3Rpb24gd2l0aCBhXG4gICAgICAgICAgLy8gbnVsbCByZWNlaXZlciBzaW5jZSBpdCBkb2Vzbid0IGFjdHVhbGx5IHVzZSBpdFxuICAgICAgICAgIC8vIChhbmQgcmVhbGx5IHNob3VsZCBiZSBkZWNsYXJlZCBzdGF0aWMpLlxuICAgICAgICAgIEpzb25ScGNBcGlQcm92aWRlci5wcm90b3R5cGUuZ2V0UnBjVHJhbnNhY3Rpb24uY2FsbChudWxsLCB0eCk7XG4gICAgcnBjVHgudHlwZSA9IHRvQmVIZXgodHgudHlwZSA/PyAweDAyLCAxKTsgLy8gd2UgZXhwZWN0IDB4MFswLTJdXG5cbiAgICBjb25zdCByZXEgPSA8RXZtU2lnblJlcXVlc3Q+e1xuICAgICAgY2hhaW5faWQ6IE51bWJlcihjaGFpbklkKSxcbiAgICAgIHR4OiBycGNUeCxcbiAgICB9O1xuICAgIGNvbnN0IHNpZyA9IGF3YWl0IHRoaXMuI3NpZ25lclNlc3Npb24uc2lnbkV2bSh0aGlzLiNhZGRyZXNzLCByZXEpO1xuICAgIHJldHVybiBzaWcuZGF0YSgpLnJscF9zaWduZWRfdHg7XG4gIH1cblxuICAvKiogU2lnbnMgYXJiaXRyYXJ5IG1lc3NhZ2VzLiBUaGlzIHVzZXMgZXRoZXJzLmpzJ3MgW2hhc2hNZXNzYWdlXShodHRwczovL2RvY3MuZXRoZXJzLm9yZy92Ni9hcGkvaGFzaGluZy8jaGFzaE1lc3NhZ2UpXG4gICAqIHRvIGNvbXB1dGUgdGhlIEVJUC0xOTEgZGlnZXN0IGFuZCBzaWducyB0aGlzIGRpZ2VzdCB1c2luZyB7QGxpbmsgS2V5I3NpZ25CbG9ifS5cbiAgICogVGhlIGtleSAoZm9yIHRoaXMgc2Vzc2lvbikgbXVzdCBoYXZlIHRoZSBgXCJBbGxvd1Jhd0Jsb2JTaWduaW5nXCJgIHBvbGljeSBhdHRhY2hlZC5cbiAgICogQHBhcmFtIHtzdHJpbmcgfCBVaW50OEFycmF5fSBtZXNzYWdlIFRoZSBtZXNzYWdlIHRvIHNpZ24uXG4gICAqIEByZXR1cm4ge1Byb21pc2U8c3RyaW5nPn0gVGhlIHNpZ25hdHVyZS5cbiAgICovXG4gIGFzeW5jIHNpZ25NZXNzYWdlKG1lc3NhZ2U6IHN0cmluZyB8IFVpbnQ4QXJyYXkpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGRpZ2VzdCA9IGV0aGVycy5oYXNoTWVzc2FnZShtZXNzYWdlKTtcbiAgICByZXR1cm4gdGhpcy5zaWduQmxvYihkaWdlc3QpO1xuICB9XG5cbiAgLyoqIFNpZ25zIEVJUC03MTIgdHlwZWQgZGF0YS4gVGhpcyB1c2VzIGV0aGVycy5qcydzXG4gICAqIFtUeXBlZERhdGFFbmNvZGVyLmhhc2hdKGh0dHBzOi8vZG9jcy5ldGhlcnMub3JnL3Y2L2FwaS9oYXNoaW5nLyNUeXBlZERhdGFFbmNvZGVyX2hhc2gpXG4gICAqIHRvIGNvbXB1dGUgdGhlIEVJUC03MTIgZGlnZXN0IGFuZCBzaWducyB0aGlzIGRpZ2VzdCB1c2luZyB7QGxpbmsgS2V5I3NpZ25CbG9ifS5cbiAgICogVGhlIGtleSAoZm9yIHRoaXMgc2Vzc2lvbikgbXVzdCBoYXZlIHRoZSBgXCJBbGxvd1Jhd0Jsb2JTaWduaW5nXCJgIHBvbGljeSBhdHRhY2hlZC5cbiAgICogQHBhcmFtIHtUeXBlZERhdGFEb21haW59IGRvbWFpbiBUaGUgZG9tYWluIG9mIHRoZSB0eXBlZCBkYXRhLlxuICAgKiBAcGFyYW0ge1JlY29yZDxzdHJpbmcsIEFycmF5PFR5cGVkRGF0YUZpZWxkPj59IHR5cGVzIFRoZSB0eXBlcyBvZiB0aGUgdHlwZWQgZGF0YS5cbiAgICogQHBhcmFtIHtSZWNvcmQ8c3RyaW5nLCBhbnk+fSB2YWx1ZSBUaGUgdmFsdWUgb2YgdGhlIHR5cGVkIGRhdGEuXG4gICAqIEByZXR1cm4ge1Byb21pc2U8c3RyaW5nPn0gVGhlIHNpZ25hdHVyZS5cbiAgICovXG4gIGFzeW5jIHNpZ25UeXBlZERhdGEoXG4gICAgZG9tYWluOiBUeXBlZERhdGFEb21haW4sXG4gICAgdHlwZXM6IFJlY29yZDxzdHJpbmcsIEFycmF5PFR5cGVkRGF0YUZpZWxkPj4sXG4gICAgdmFsdWU6IFJlY29yZDxzdHJpbmcsIGFueT4sIC8vIGVzbGludC1kaXNhYmxlLWxpbmUgQHR5cGVzY3JpcHQtZXNsaW50L25vLWV4cGxpY2l0LWFueVxuICApOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGRpZ2VzdCA9IFR5cGVkRGF0YUVuY29kZXIuaGFzaChkb21haW4sIHR5cGVzLCB2YWx1ZSk7XG4gICAgcmV0dXJuIHRoaXMuc2lnbkJsb2IoZGlnZXN0KTtcbiAgfVxuXG4gIC8qKiBTaWduIGFyYml0cmFyeSBkaWdlc3QuIFRoaXMgdXNlcyB7QGxpbmsgS2V5I3NpZ25CbG9ifS5cbiAgICogQHBhcmFtIHtzdHJpbmd9IGRpZ2VzdCBUaGUgZGlnZXN0IHRvIHNpZ24uXG4gICAqIEByZXR1cm4ge1Byb21pc2U8c3RyaW5nPn0gVGhlIHNpZ25hdHVyZS5cbiAgICovXG4gIHByaXZhdGUgYXN5bmMgc2lnbkJsb2IoZGlnZXN0OiBzdHJpbmcpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGJsb2JSZXEgPSA8QmxvYlNpZ25SZXF1ZXN0PntcbiAgICAgIG1lc3NhZ2VfYmFzZTY0OiBCdWZmZXIuZnJvbShnZXRCeXRlcyhkaWdlc3QpKS50b1N0cmluZyhcImJhc2U2NFwiKSxcbiAgICB9O1xuICAgIC8vIEdldCB0aGUga2V5IGNvcnJlc3BvbmRpbmcgdG8gdGhpcyBhZGRyZXNzXG4gICAgaWYgKHRoaXMuI2tleSA9PT0gdW5kZWZpbmVkKSB7XG4gICAgICBjb25zdCBrZXkgPSAoYXdhaXQgdGhpcy4jc2lnbmVyU2Vzc2lvbi5rZXlzKCkpLmZpbmQoKGspID0+IGsubWF0ZXJpYWxJZCA9PT0gdGhpcy4jYWRkcmVzcyk7XG4gICAgICBpZiAoa2V5ID09PSB1bmRlZmluZWQpIHtcbiAgICAgICAgdGhyb3cgbmV3IEVycm9yKGBDYW5ub3QgYWNjZXNzIGtleSAnJHt0aGlzLiNhZGRyZXNzfSdgKTtcbiAgICAgIH1cbiAgICAgIHRoaXMuI2tleSA9IGtleTtcbiAgICB9XG4gICAgLy8gc2lnblxuICAgIGNvbnN0IHJlc3VsdCA9IGF3YWl0IHRoaXMuI3NpZ25lclNlc3Npb24uc2lnbkJsb2IodGhpcy4ja2V5LCBibG9iUmVxKTtcbiAgICByZXR1cm4gcmVzdWx0LmRhdGEoKS5zaWduYXR1cmU7XG4gIH1cbn1cbiJdfQ==
+_Signer_address = new WeakMap(), _Signer_key = new WeakMap(), _Signer_signerSession = new WeakMap(), _Signer_onMfaPoll = new WeakMap(), _Signer_mfaPollIntervalMs = new WeakMap(), _Signer_managementSession = new WeakMap(), _Signer_instances = new WeakSet(), _Signer_handleMfa =
+/**
+ * If the sign request requires MFA, this method waits for approvals
+ *
+ * @param {SignResponse<U>} res The response of a sign request
+ * @return {Promise<U>} The sign data after MFA approvals
+ */
+async function _Signer_handleMfa(res) {
+    while (res.requiresMfa()) {
+        await new Promise((resolve) => setTimeout(resolve, __classPrivateFieldGet(this, _Signer_mfaPollIntervalMs, "f")));
+        const mfaId = res.mfaId();
+        const mfaInfo = await __classPrivateFieldGet(this, _Signer_signerSession, "f").getMfaInfo(__classPrivateFieldGet(this, _Signer_managementSession, "f"), mfaId);
+        __classPrivateFieldGet(this, _Signer_onMfaPoll, "f").call(this, mfaInfo);
+        if (mfaInfo.receipt) {
+            res = await res.signWithMfaApproval({
+                mfaId,
+                mfaOrgId: __classPrivateFieldGet(this, _Signer_signerSession, "f").orgId,
+                mfaConf: mfaInfo.receipt.confirmation,
+            });
+        }
+    }
+    return res.data();
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvZXRoZXJzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7OztBQUFBLG1DQVFnQjtBQTZCaEI7O0dBRUc7QUFDSCxNQUFhLE1BQU8sU0FBUSxlQUFNLENBQUMsY0FBYztJQXNCL0M7Ozs7T0FJRztJQUNILFlBQVksT0FBeUIsRUFBRSxhQUE0QixFQUFFLE9BQXVCO1FBQzFGLEtBQUssQ0FBQyxPQUFPLEVBQUUsUUFBUSxDQUFDLENBQUM7O1FBM0IzQixpQ0FBaUM7UUFDeEIsa0NBQWlCO1FBRTFCLGlDQUFpQztRQUNqQyw4QkFBZTtRQUVmLDZCQUE2QjtRQUNwQix3Q0FBOEI7UUFFdkM7OztXQUdHO1FBQ00sb0NBQTJDO1FBRXBELGdFQUFnRTtRQUN2RCw0Q0FBMkI7UUFFcEMsc0RBQXNEO1FBQzdDLDRDQUFnQztRQVN2QyxJQUFJLE9BQU8sT0FBTyxLQUFLLFFBQVEsRUFBRTtZQUMvQix1QkFBQSxJQUFJLG1CQUFZLE9BQU8sTUFBQSxDQUFDO1NBQ3pCO2FBQU07WUFDTCx1QkFBQSxJQUFJLG1CQUFZLE9BQU8sQ0FBQyxVQUFVLE1BQUEsQ0FBQztZQUNuQyx1QkFBQSxJQUFJLGVBQVEsT0FBa0IsTUFBQSxDQUFDO1NBQ2hDO1FBQ0QsdUJBQUEsSUFBSSx5QkFBa0IsYUFBYSxNQUFBLENBQUM7UUFDcEMsdUJBQUEsSUFBSSxxQkFBYyxPQUFPLEVBQUUsU0FBUyxJQUFJLENBQUMsRUFBQyw4QkFBOEIsRUFBRSxFQUFFLEdBQUUsQ0FBQyxDQUFDLE1BQUEsQ0FBQyxDQUFDLDJEQUEyRDtRQUM3SSx1QkFBQSxJQUFJLDZCQUFzQixPQUFPLEVBQUUsaUJBQWlCLElBQUksSUFBSSxNQUFBLENBQUM7UUFDN0QsdUJBQUEsSUFBSSw2QkFBc0IsT0FBTyxFQUFFLGlCQUFpQixNQUFBLENBQUM7SUFDdkQsQ0FBQztJQUVELHNDQUFzQztJQUN0QyxLQUFLLENBQUMsVUFBVTtRQUNkLE9BQU8sdUJBQUEsSUFBSSx1QkFBUyxDQUFDO0lBQ3ZCLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsT0FBTyxDQUFDLFFBQWdDO1FBQ3RDLE9BQU8sSUFBSSxNQUFNLENBQUMsdUJBQUEsSUFBSSx1QkFBUyxFQUFFLHVCQUFBLElBQUksNkJBQWUsRUFBRSxFQUFFLFFBQVEsRUFBRSxDQUFDLENBQUM7SUFDdEUsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxLQUFLLENBQUMsZUFBZSxDQUFDLEVBQTZCO1FBQ2pELDBDQUEwQztRQUMxQyxJQUFJLE9BQU8sR0FBRyxFQUFFLENBQUMsT0FBTyxDQUFDO1FBQ3pCLElBQUksT0FBTyxLQUFLLFNBQVMsRUFBRTtZQUN6QixNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLEVBQUUsVUFBVSxFQUFFLENBQUM7WUFDbEQsT0FBTyxHQUFHLE9BQU8sRUFBRSxPQUFPLEVBQUUsUUFBUSxFQUFFLElBQUksR0FBRyxDQUFDO1NBQy9DO1FBRUQsc0RBQXNEO1FBQ3RELE1BQU0sS0FBSyxHQUNULElBQUksQ0FBQyxRQUFRLFlBQVksMkJBQWtCO1lBQ3pDLENBQUMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDLEVBQUUsQ0FBQztZQUNyQyxDQUFDLENBQUMsZ0RBQWdEO2dCQUNoRCxpREFBaUQ7Z0JBQ2pELDBDQUEwQztnQkFDMUMsMkJBQWtCLENBQUMsU0FBUyxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDcEUsS0FBSyxDQUFDLElBQUksR0FBRyxJQUFBLGdCQUFPLEVBQUMsRUFBRSxDQUFDLElBQUksSUFBSSxJQUFJLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxxQkFBcUI7UUFFL0QsTUFBTSxHQUFHLEdBQW1CO1lBQzFCLFFBQVEsRUFBRSxNQUFNLENBQUMsT0FBTyxDQUFDO1lBQ3pCLEVBQUUsRUFBRSxLQUFLO1NBQ1YsQ0FBQztRQUVGLE1BQU0sR0FBRyxHQUFHLE1BQU0sdUJBQUEsSUFBSSw2QkFBZSxDQUFDLE9BQU8sQ0FBQyx1QkFBQSxJQUFJLHVCQUFTLEVBQUUsR0FBRyxDQUFDLENBQUM7UUFDbEUsTUFBTSxJQUFJLEdBQUcsTUFBTSx1QkFBQSxJQUFJLDRDQUFXLE1BQWYsSUFBSSxFQUFZLEdBQUcsQ0FBQyxDQUFDO1FBQ3hDLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQztJQUM1QixDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSCxLQUFLLENBQUMsV0FBVyxDQUFDLE9BQTRCO1FBQzVDLE1BQU0sTUFBTSxHQUFHLGVBQU0sQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDM0MsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQy9CLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNILEtBQUssQ0FBQyxhQUFhLENBQ2pCLE1BQXVCLEVBQ3ZCLEtBQTRDLEVBQzVDLEtBQTBCO1FBRTFCLE1BQU0sTUFBTSxHQUFHLHlCQUFnQixDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsS0FBSyxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzNELE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0ssS0FBSyxDQUFDLFFBQVEsQ0FBQyxNQUFjO1FBQ25DLE1BQU0sT0FBTyxHQUFvQjtZQUMvQixjQUFjLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFBLGlCQUFRLEVBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDO1NBQ2pFLENBQUM7UUFDRiw0Q0FBNEM7UUFDNUMsSUFBSSx1QkFBQSxJQUFJLG1CQUFLLEtBQUssU0FBUyxFQUFFO1lBQzNCLE1BQU0sR0FBRyxHQUFHLENBQUMsTUFBTSx1QkFBQSxJQUFJLDZCQUFlLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxXQUFXLEtBQUssdUJBQUEsSUFBSSx1QkFBUyxDQUFDLENBQUM7WUFDNUYsSUFBSSxHQUFHLEtBQUssU0FBUyxFQUFFO2dCQUNyQixNQUFNLElBQUksS0FBSyxDQUFDLHNCQUFzQix1QkFBQSxJQUFJLHVCQUFTLEdBQUcsQ0FBQyxDQUFDO2FBQ3pEO1lBQ0QsdUJBQUEsSUFBSSxlQUFRLEdBQUcsTUFBQSxDQUFDO1NBQ2pCO1FBRUQsTUFBTSxHQUFHLEdBQUcsTUFBTSx1QkFBQSxJQUFJLDZCQUFlLENBQUMsUUFBUSxDQUFDLHVCQUFBLElBQUksbUJBQUssQ0FBQyxNQUFNLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDMUUsTUFBTSxJQUFJLEdBQUcsTUFBTSx1QkFBQSxJQUFJLDRDQUFXLE1BQWYsSUFBSSxFQUFZLEdBQUcsQ0FBQyxDQUFDO1FBQ3hDLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQztJQUN4QixDQUFDO0NBeUJGO0FBbEtELHdCQWtLQzs7QUF2QkM7Ozs7O0dBS0c7QUFDSCxLQUFLLDRCQUFlLEdBQW9CO0lBQ3RDLE9BQU8sR0FBRyxDQUFDLFdBQVcsRUFBRSxFQUFFO1FBQ3hCLE1BQU0sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLFVBQVUsQ0FBQyxPQUFPLEVBQUUsdUJBQUEsSUFBSSxpQ0FBbUIsQ0FBQyxDQUFDLENBQUM7UUFFN0UsTUFBTSxLQUFLLEdBQUcsR0FBRyxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQzFCLE1BQU0sT0FBTyxHQUFHLE1BQU0sdUJBQUEsSUFBSSw2QkFBZSxDQUFDLFVBQVUsQ0FBQyx1QkFBQSxJQUFJLGlDQUFvQixFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQ3RGLHVCQUFBLElBQUkseUJBQVcsTUFBZixJQUFJLEVBQVksT0FBTyxDQUFDLENBQUM7UUFDekIsSUFBSSxPQUFPLENBQUMsT0FBTyxFQUFFO1lBQ25CLEdBQUcsR0FBRyxNQUFNLEdBQUcsQ0FBQyxtQkFBbUIsQ0FBQztnQkFDbEMsS0FBSztnQkFDTCxRQUFRLEVBQUUsdUJBQUEsSUFBSSw2QkFBZSxDQUFDLEtBQUs7Z0JBQ25DLE9BQU8sRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLFlBQVk7YUFDdEMsQ0FBQyxDQUFDO1NBQ0o7S0FDRjtJQUNELE9BQU8sR0FBRyxDQUFDLElBQUksRUFBRSxDQUFDO0FBQ3BCLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQge1xuICBKc29uUnBjQXBpUHJvdmlkZXIsXG4gIFR5cGVkRGF0YURvbWFpbixcbiAgVHlwZWREYXRhRW5jb2RlcixcbiAgVHlwZWREYXRhRmllbGQsXG4gIGV0aGVycyxcbiAgZ2V0Qnl0ZXMsXG4gIHRvQmVIZXgsXG59IGZyb20gXCJldGhlcnNcIjtcbmltcG9ydCB7XG4gIEJsb2JTaWduUmVxdWVzdCxcbiAgRXZtU2lnblJlcXVlc3QsXG4gIE1mYVJlcXVlc3RJbmZvLFxuICBTaWduZXJTZXNzaW9uLFxuICBTaWduUmVzcG9uc2UsXG59IGZyb20gXCIuLi9zaWduZXJfc2Vzc2lvblwiO1xuaW1wb3J0IHsgS2V5SW5mbyB9IGZyb20gXCIuLi9rZXlcIjtcbmltcG9ydCB7IEN1YmVTaWduZXIgfSBmcm9tIFwiLi5cIjtcblxuLyoqIE9wdGlvbnMgZm9yIHRoZSBzaWduZXIgKi9cbmludGVyZmFjZSBTaWduZXJPcHRpb25zIHtcbiAgLyoqIE9wdGlvbmFsIHByb3ZpZGVyIHRvIHVzZSAqL1xuICBwcm92aWRlcj86IG51bGwgfCBldGhlcnMuUHJvdmlkZXI7XG4gIC8qKlxuICAgKiBUaGUgZnVuY3Rpb24gdG8gY2FsbCB3aGVuIE1GQSBpbmZvcm1hdGlvbiBpcyByZXRyaWV2ZWQuIElmIHRoaXMgY2FsbGJhY2tcbiAgICogdGhyb3dzLCBubyB0cmFuc2FjdGlvbiBpcyBicm9hZGNhc3QuXG4gICAqL1xuICBvbk1mYVBvbGw/OiAoYXJnMDogTWZhUmVxdWVzdEluZm8pID0+IHZvaWQ7XG4gIC8qKlxuICAgKiBUaGUgYW1vdW50IG9mIHRpbWUgKGluIG1pbGxpc2Vjb25kcykgdG8gd2FpdCBiZXR3ZWVuIGNoZWNrcyBmb3IgTUZBXG4gICAqIHVwZGF0ZXMuIERlZmF1bHQgaXMgMTAwMG1zXG4gICAqL1xuICBtZmFQb2xsSW50ZXJ2YWxNcz86IG51bWJlcjtcbiAgLyoqIE9wdGlvbmFsIG1hbmFnZW1lbnQgc2Vzc2lvbi4gVXNlZCB0byBjaGVjayBmb3IgTUZBIHVwZGF0ZXMgKi9cbiAgbWFuYWdlbWVudFNlc3Npb24/OiBDdWJlU2lnbmVyO1xufVxuXG4vKipcbiAqIEEgZXRoZXJzLmpzIFNpZ25lciB1c2luZyBDdWJlU2lnbmVyXG4gKi9cbmV4cG9ydCBjbGFzcyBTaWduZXIgZXh0ZW5kcyBldGhlcnMuQWJzdHJhY3RTaWduZXIge1xuICAvKiogVGhlIGFkZHJlc3Mgb2YgdGhlIGFjY291bnQgKi9cbiAgcmVhZG9ubHkgI2FkZHJlc3M6IHN0cmluZztcblxuICAvKiogVGhlIGtleSB0byB1c2UgZm9yIHNpZ25pbmcgKi9cbiAgI2tleT86IEtleUluZm87XG5cbiAgLyoqIFRoZSB1bmRlcmx5aW5nIHNlc3Npb24gKi9cbiAgcmVhZG9ubHkgI3NpZ25lclNlc3Npb246IFNpZ25lclNlc3Npb247XG5cbiAgLyoqXG4gICAqIFRoZSBmdW5jdGlvbiB0byBjYWxsIHdoZW4gTUZBIGluZm9ybWF0aW9uIGlzIHJldHJpZXZlZC4gSWYgdGhpcyBjYWxsYmFja1xuICAgKiB0aHJvd3MsIG5vIHRyYW5zYWN0aW9uIGlzIGJyb2FkY2FzdC5cbiAgICovXG4gIHJlYWRvbmx5ICNvbk1mYVBvbGw6IChhcmcwOiBNZmFSZXF1ZXN0SW5mbykgPT4gdm9pZDtcblxuICAvKiogVGhlIGFtb3VudCBvZiB0aW1lIHRvIHdhaXQgYmV0d2VlbiBjaGVja3MgZm9yIE1GQSB1cGRhdGVzICovXG4gIHJlYWRvbmx5ICNtZmFQb2xsSW50ZXJ2YWxNczogbnVtYmVyO1xuXG4gIC8qKiBPcHRpb25hbCBtYW5hZ2VtZW50IHNlc3Npb24sIHVzZWQgZm9yIE1GQSBmbG93cyAqL1xuICByZWFkb25seSAjbWFuYWdlbWVudFNlc3Npb24/OiBDdWJlU2lnbmVyO1xuXG4gIC8qKiBDcmVhdGUgbmV3IFNpZ25lciBpbnN0YW5jZVxuICAgKiBAcGFyYW0ge0tleUluZm8gfCBzdHJpbmd9IGFkZHJlc3MgVGhlIGtleSBvciB0aGUgZXRoIGFkZHJlc3Mgb2YgdGhlIGFjY291bnQgdG8gdXNlLlxuICAgKiBAcGFyYW0ge1NpZ25lclNlc3Npb259IHNpZ25lclNlc3Npb24gVGhlIHVuZGVybHlpbmcgU2lnbmVyIHNlc3Npb24uXG4gICAqIEBwYXJhbSB7U2lnbmVyT3B0aW9uc30gb3B0aW9ucyBUaGUgb3B0aW9ucyB0byB1c2UgZm9yIHRoZSBTaWduZXIgaW5zdGFuY2VcbiAgICovXG4gIGNvbnN0cnVjdG9yKGFkZHJlc3M6IEtleUluZm8gfCBzdHJpbmcsIHNpZ25lclNlc3Npb246IFNpZ25lclNlc3Npb24sIG9wdGlvbnM/OiBTaWduZXJPcHRpb25zKSB7XG4gICAgc3VwZXIob3B0aW9ucz8ucHJvdmlkZXIpO1xuICAgIGlmICh0eXBlb2YgYWRkcmVzcyA9PT0gXCJzdHJpbmdcIikge1xuICAgICAgdGhpcy4jYWRkcmVzcyA9IGFkZHJlc3M7XG4gICAgfSBlbHNlIHtcbiAgICAgIHRoaXMuI2FkZHJlc3MgPSBhZGRyZXNzLm1hdGVyaWFsSWQ7XG4gICAgICB0aGlzLiNrZXkgPSBhZGRyZXNzIGFzIEtleUluZm87XG4gICAgfVxuICAgIHRoaXMuI3NpZ25lclNlc3Npb24gPSBzaWduZXJTZXNzaW9uO1xuICAgIHRoaXMuI29uTWZhUG9sbCA9IG9wdGlvbnM/Lm9uTWZhUG9sbCA/PyAoKC8qIF9tZmFJbmZvOiBNZmFSZXF1ZXN0SW5mbyAqLykgPT4ge30pOyAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIEB0eXBlc2NyaXB0LWVzbGludC9uby1lbXB0eS1mdW5jdGlvblxuICAgIHRoaXMuI21mYVBvbGxJbnRlcnZhbE1zID0gb3B0aW9ucz8ubWZhUG9sbEludGVydmFsTXMgPz8gMTAwMDtcbiAgICB0aGlzLiNtYW5hZ2VtZW50U2Vzc2lvbiA9IG9wdGlvbnM/Lm1hbmFnZW1lbnRTZXNzaW9uO1xuICB9XG5cbiAgLyoqIFJlc29sdmVzIHRvIHRoZSBzaWduZXIgYWRkcmVzcy4gKi9cbiAgYXN5bmMgZ2V0QWRkcmVzcygpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIHJldHVybiB0aGlzLiNhZGRyZXNzO1xuICB9XG5cbiAgLyoqXG4gICAqICBSZXR1cm5zIHRoZSBzaWduZXIgY29ubmVjdGVkIHRvICUlcHJvdmlkZXIlJS5cbiAgICogIEBwYXJhbSB7bnVsbCB8IGV0aGVycy5Qcm92aWRlcn0gcHJvdmlkZXIgVGhlIG9wdGlvbmFsIHByb3ZpZGVyIGluc3RhbmNlIHRvIHVzZS5cbiAgICogIEByZXR1cm4ge1NpZ25lcn0gVGhlIHNpZ25lciBjb25uZWN0ZWQgdG8gc2lnbmVyLlxuICAgKi9cbiAgY29ubmVjdChwcm92aWRlcjogbnVsbCB8IGV0aGVycy5Qcm92aWRlcik6IFNpZ25lciB7XG4gICAgcmV0dXJuIG5ldyBTaWduZXIodGhpcy4jYWRkcmVzcywgdGhpcy4jc2lnbmVyU2Vzc2lvbiwgeyBwcm92aWRlciB9KTtcbiAgfVxuXG4gIC8qKlxuICAgKiBTaWducyBhIHRyYW5zYWN0aW9uLiBUaGlzIHBvcHVsYXRlcyB0aGUgdHJhbnNhY3Rpb24gdHlwZSB0byBgMHgwMmAgKEVJUC0xNTU5KSB1bmxlc3Mgc2V0LiBUaGlzIG1ldGhvZCB3aWxsIGJsb2NrIGlmIHRoZSBrZXkgcmVxdWlyZXMgTUZBIGFwcHJvdmFsLlxuICAgKiBAcGFyYW0ge2V0aGVycy5UcmFuc2FjdGlvblJlcXVlc3R9IHR4IFRoZSB0cmFuc2FjdGlvbiB0byBzaWduLlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPHN0cmluZz59IEhleC1lbmNvZGVkIFJMUCBlbmNvZGluZyBvZiB0aGUgdHJhbnNhY3Rpb24gYW5kIGl0cyBzaWduYXR1cmUuXG4gICAqL1xuICBhc3luYyBzaWduVHJhbnNhY3Rpb24odHg6IGV0aGVycy5UcmFuc2FjdGlvblJlcXVlc3QpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIC8vIGdldCB0aGUgY2hhaW4gaWQgZnJvbSB0aGUgbmV0d29yayBvciB0eFxuICAgIGxldCBjaGFpbklkID0gdHguY2hhaW5JZDtcbiAgICBpZiAoY2hhaW5JZCA9PT0gdW5kZWZpbmVkKSB7XG4gICAgICBjb25zdCBuZXR3b3JrID0gYXdhaXQgdGhpcy5wcm92aWRlcj8uZ2V0TmV0d29yaygpO1xuICAgICAgY2hhaW5JZCA9IG5ldHdvcms/LmNoYWluSWQ/LnRvU3RyaW5nKCkgPz8gXCIxXCI7XG4gICAgfVxuXG4gICAgLy8gQ29udmVydCB0aGUgdHJhbnNhY3Rpb24gaW50byBhIEpTT04tUlBDIHRyYW5zYWN0aW9uXG4gICAgY29uc3QgcnBjVHggPVxuICAgICAgdGhpcy5wcm92aWRlciBpbnN0YW5jZW9mIEpzb25ScGNBcGlQcm92aWRlclxuICAgICAgICA/IHRoaXMucHJvdmlkZXIuZ2V0UnBjVHJhbnNhY3Rpb24odHgpXG4gICAgICAgIDogLy8gV2UgY2FuIGp1c3QgY2FsbCB0aGUgZ2V0UnBjVHJhbnNhY3Rpb24gd2l0aCBhXG4gICAgICAgICAgLy8gbnVsbCByZWNlaXZlciBzaW5jZSBpdCBkb2Vzbid0IGFjdHVhbGx5IHVzZSBpdFxuICAgICAgICAgIC8vIChhbmQgcmVhbGx5IHNob3VsZCBiZSBkZWNsYXJlZCBzdGF0aWMpLlxuICAgICAgICAgIEpzb25ScGNBcGlQcm92aWRlci5wcm90b3R5cGUuZ2V0UnBjVHJhbnNhY3Rpb24uY2FsbChudWxsLCB0eCk7XG4gICAgcnBjVHgudHlwZSA9IHRvQmVIZXgodHgudHlwZSA/PyAweDAyLCAxKTsgLy8gd2UgZXhwZWN0IDB4MFswLTJdXG5cbiAgICBjb25zdCByZXEgPSA8RXZtU2lnblJlcXVlc3Q+e1xuICAgICAgY2hhaW5faWQ6IE51bWJlcihjaGFpbklkKSxcbiAgICAgIHR4OiBycGNUeCxcbiAgICB9O1xuXG4gICAgY29uc3QgcmVzID0gYXdhaXQgdGhpcy4jc2lnbmVyU2Vzc2lvbi5zaWduRXZtKHRoaXMuI2FkZHJlc3MsIHJlcSk7XG4gICAgY29uc3QgZGF0YSA9IGF3YWl0IHRoaXMuI2hhbmRsZU1mYShyZXMpO1xuICAgIHJldHVybiBkYXRhLnJscF9zaWduZWRfdHg7XG4gIH1cblxuICAvKiogU2lnbnMgYXJiaXRyYXJ5IG1lc3NhZ2VzLiBUaGlzIHVzZXMgZXRoZXJzLmpzJ3MgW2hhc2hNZXNzYWdlXShodHRwczovL2RvY3MuZXRoZXJzLm9yZy92Ni9hcGkvaGFzaGluZy8jaGFzaE1lc3NhZ2UpXG4gICAqIHRvIGNvbXB1dGUgdGhlIEVJUC0xOTEgZGlnZXN0IGFuZCBzaWducyB0aGlzIGRpZ2VzdCB1c2luZyB7QGxpbmsgS2V5I3NpZ25CbG9ifS5cbiAgICogVGhlIGtleSAoZm9yIHRoaXMgc2Vzc2lvbikgbXVzdCBoYXZlIHRoZSBgXCJBbGxvd1Jhd0Jsb2JTaWduaW5nXCJgIHBvbGljeSBhdHRhY2hlZC5cbiAgICogQHBhcmFtIHtzdHJpbmcgfCBVaW50OEFycmF5fSBtZXNzYWdlIFRoZSBtZXNzYWdlIHRvIHNpZ24uXG4gICAqIEByZXR1cm4ge1Byb21pc2U8c3RyaW5nPn0gVGhlIHNpZ25hdHVyZS5cbiAgICovXG4gIGFzeW5jIHNpZ25NZXNzYWdlKG1lc3NhZ2U6IHN0cmluZyB8IFVpbnQ4QXJyYXkpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGRpZ2VzdCA9IGV0aGVycy5oYXNoTWVzc2FnZShtZXNzYWdlKTtcbiAgICByZXR1cm4gdGhpcy5zaWduQmxvYihkaWdlc3QpO1xuICB9XG5cbiAgLyoqIFNpZ25zIEVJUC03MTIgdHlwZWQgZGF0YS4gVGhpcyB1c2VzIGV0aGVycy5qcydzXG4gICAqIFtUeXBlZERhdGFFbmNvZGVyLmhhc2hdKGh0dHBzOi8vZG9jcy5ldGhlcnMub3JnL3Y2L2FwaS9oYXNoaW5nLyNUeXBlZERhdGFFbmNvZGVyX2hhc2gpXG4gICAqIHRvIGNvbXB1dGUgdGhlIEVJUC03MTIgZGlnZXN0IGFuZCBzaWducyB0aGlzIGRpZ2VzdCB1c2luZyB7QGxpbmsgS2V5I3NpZ25CbG9ifS5cbiAgICogVGhlIGtleSAoZm9yIHRoaXMgc2Vzc2lvbikgbXVzdCBoYXZlIHRoZSBgXCJBbGxvd1Jhd0Jsb2JTaWduaW5nXCJgIHBvbGljeSBhdHRhY2hlZC5cbiAgICogQHBhcmFtIHtUeXBlZERhdGFEb21haW59IGRvbWFpbiBUaGUgZG9tYWluIG9mIHRoZSB0eXBlZCBkYXRhLlxuICAgKiBAcGFyYW0ge1JlY29yZDxzdHJpbmcsIEFycmF5PFR5cGVkRGF0YUZpZWxkPj59IHR5cGVzIFRoZSB0eXBlcyBvZiB0aGUgdHlwZWQgZGF0YS5cbiAgICogQHBhcmFtIHtSZWNvcmQ8c3RyaW5nLCBhbnk+fSB2YWx1ZSBUaGUgdmFsdWUgb2YgdGhlIHR5cGVkIGRhdGEuXG4gICAqIEByZXR1cm4ge1Byb21pc2U8c3RyaW5nPn0gVGhlIHNpZ25hdHVyZS5cbiAgICovXG4gIGFzeW5jIHNpZ25UeXBlZERhdGEoXG4gICAgZG9tYWluOiBUeXBlZERhdGFEb21haW4sXG4gICAgdHlwZXM6IFJlY29yZDxzdHJpbmcsIEFycmF5PFR5cGVkRGF0YUZpZWxkPj4sXG4gICAgdmFsdWU6IFJlY29yZDxzdHJpbmcsIGFueT4sIC8vIGVzbGludC1kaXNhYmxlLWxpbmUgQHR5cGVzY3JpcHQtZXNsaW50L25vLWV4cGxpY2l0LWFueVxuICApOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGRpZ2VzdCA9IFR5cGVkRGF0YUVuY29kZXIuaGFzaChkb21haW4sIHR5cGVzLCB2YWx1ZSk7XG4gICAgcmV0dXJuIHRoaXMuc2lnbkJsb2IoZGlnZXN0KTtcbiAgfVxuXG4gIC8qKiBTaWduIGFyYml0cmFyeSBkaWdlc3QuIFRoaXMgdXNlcyB7QGxpbmsgS2V5I3NpZ25CbG9ifS5cbiAgICogQHBhcmFtIHtzdHJpbmd9IGRpZ2VzdCBUaGUgZGlnZXN0IHRvIHNpZ24uXG4gICAqIEByZXR1cm4ge1Byb21pc2U8c3RyaW5nPn0gVGhlIHNpZ25hdHVyZS5cbiAgICovXG4gIHByaXZhdGUgYXN5bmMgc2lnbkJsb2IoZGlnZXN0OiBzdHJpbmcpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGJsb2JSZXEgPSA8QmxvYlNpZ25SZXF1ZXN0PntcbiAgICAgIG1lc3NhZ2VfYmFzZTY0OiBCdWZmZXIuZnJvbShnZXRCeXRlcyhkaWdlc3QpKS50b1N0cmluZyhcImJhc2U2NFwiKSxcbiAgICB9O1xuICAgIC8vIEdldCB0aGUga2V5IGNvcnJlc3BvbmRpbmcgdG8gdGhpcyBhZGRyZXNzXG4gICAgaWYgKHRoaXMuI2tleSA9PT0gdW5kZWZpbmVkKSB7XG4gICAgICBjb25zdCBrZXkgPSAoYXdhaXQgdGhpcy4jc2lnbmVyU2Vzc2lvbi5rZXlzKCkpLmZpbmQoKGspID0+IGsubWF0ZXJpYWxfaWQgPT09IHRoaXMuI2FkZHJlc3MpO1xuICAgICAgaWYgKGtleSA9PT0gdW5kZWZpbmVkKSB7XG4gICAgICAgIHRocm93IG5ldyBFcnJvcihgQ2Fubm90IGFjY2VzcyBrZXkgJyR7dGhpcy4jYWRkcmVzc30nYCk7XG4gICAgICB9XG4gICAgICB0aGlzLiNrZXkgPSBrZXk7XG4gICAgfVxuXG4gICAgY29uc3QgcmVzID0gYXdhaXQgdGhpcy4jc2lnbmVyU2Vzc2lvbi5zaWduQmxvYih0aGlzLiNrZXkua2V5X2lkLCBibG9iUmVxKTtcbiAgICBjb25zdCBkYXRhID0gYXdhaXQgdGhpcy4jaGFuZGxlTWZhKHJlcyk7XG4gICAgcmV0dXJuIGRhdGEuc2lnbmF0dXJlO1xuICB9XG5cbiAgLyoqXG4gICAqIElmIHRoZSBzaWduIHJlcXVlc3QgcmVxdWlyZXMgTUZBLCB0aGlzIG1ldGhvZCB3YWl0cyBmb3IgYXBwcm92YWxzXG4gICAqXG4gICAqIEBwYXJhbSB7U2lnblJlc3BvbnNlPFU+fSByZXMgVGhlIHJlc3BvbnNlIG9mIGEgc2lnbiByZXF1ZXN0XG4gICAqIEByZXR1cm4ge1Byb21pc2U8VT59IFRoZSBzaWduIGRhdGEgYWZ0ZXIgTUZBIGFwcHJvdmFsc1xuICAgKi9cbiAgYXN5bmMgI2hhbmRsZU1mYTxVPihyZXM6IFNpZ25SZXNwb25zZTxVPik6IFByb21pc2U8VT4ge1xuICAgIHdoaWxlIChyZXMucmVxdWlyZXNNZmEoKSkge1xuICAgICAgYXdhaXQgbmV3IFByb21pc2UoKHJlc29sdmUpID0+IHNldFRpbWVvdXQocmVzb2x2ZSwgdGhpcy4jbWZhUG9sbEludGVydmFsTXMpKTtcblxuICAgICAgY29uc3QgbWZhSWQgPSByZXMubWZhSWQoKTtcbiAgICAgIGNvbnN0IG1mYUluZm8gPSBhd2FpdCB0aGlzLiNzaWduZXJTZXNzaW9uLmdldE1mYUluZm8odGhpcy4jbWFuYWdlbWVudFNlc3Npb24hLCBtZmFJZCk7XG4gICAgICB0aGlzLiNvbk1mYVBvbGwobWZhSW5mbyk7XG4gICAgICBpZiAobWZhSW5mby5yZWNlaXB0KSB7XG4gICAgICAgIHJlcyA9IGF3YWl0IHJlcy5zaWduV2l0aE1mYUFwcHJvdmFsKHtcbiAgICAgICAgICBtZmFJZCxcbiAgICAgICAgICBtZmFPcmdJZDogdGhpcy4jc2lnbmVyU2Vzc2lvbi5vcmdJZCxcbiAgICAgICAgICBtZmFDb25mOiBtZmFJbmZvLnJlY2VpcHQuY29uZmlybWF0aW9uLFxuICAgICAgICB9KTtcbiAgICAgIH1cbiAgICB9XG4gICAgcmV0dXJuIHJlcy5kYXRhKCk7XG4gIH1cbn1cbiJdfQ==

package/dist/src/fido.d.ts ADDED Viewed

@@ -0,0 +1,76 @@
+import { CubeSigner, MfaRequestInfo, SignerSession } from ".";
+import { components } from "./schema";
+export type ApiAddFidoChallenge = components["responses"]["FidoCreateChallengeResponse"]["content"]["application/json"];
+export type ApiMfaFidoChallenge = components["responses"]["FidoAssertChallenge"]["content"]["application/json"];
+export type PublicKeyCredentialCreationOptions = components["schemas"]["PublicKeyCredentialCreationOptions"];
+export type PublicKeyCredentialRequestOptions = components["schemas"]["PublicKeyCredentialRequestOptions"];
+export type PublicKeyCredentialParameters = components["schemas"]["PublicKeyCredentialParameters"];
+export type PublicKeyCredentialDescriptor = components["schemas"]["PublicKeyCredentialDescriptor"];
+export type AuthenticatorSelectionCriteria = components["schemas"]["AuthenticatorSelectionCriteria"];
+export type PublicKeyCredentialUserEntity = components["schemas"]["PublicKeyCredentialUserEntity"];
+export type PublicKeyCredential = components["schemas"]["PublicKeyCredential"];
+/**
+ * Returned after creating a request to add a new FIDO device.
+ * Provides some helper methods for answering this challenge.
+ */
+export declare class AddFidoChallenge {
+    #private;
+    readonly challengeId: string;
+    readonly options: any;
+    /**
+     * Constructor
+     * @param {CubeSigner} cs CubeSigner instance used to request to add a FIDO device
+     * @param {ApiAddFidoChallenge} challenge The challenge returned by the remote end.
+     */
+    constructor(cs: CubeSigner, challenge: ApiAddFidoChallenge);
+    /**
+     * Answers this challenge by using the `CredentialsContainer` API to create a credential
+     * based on the the public key credential creation options from this challenge.
+     */
+    createCredentialAndAnswer(): Promise<void>;
+    /**
+     * Answers this challenge using a given credential `cred`;
+     * the credential should be obtained by calling
+     *
+     * ```
+     * const cred = await navigator.credentials.create({ publicKey: this.options });
+     * ```
+     *
+     * @param {any} cred Credential created by calling the `CredentialContainer`'s `create` method
+     *                   based on the public key creation options from this challenge.
+     */
+    answer(cred: any): Promise<void>;
+}
+/**
+ * Returned after initiating MFA approval using FIDO.
+ * Provides some helper methods for answering this challenge.
+ */
+export declare class MfaFidoChallenge {
+    #private;
+    readonly mfaId: string;
+    readonly challengeId: string;
+    readonly options: any;
+    /**
+     * @param {SignerSession} ss The session used to initiate MFA approval using FIDO
+     * @param {string} mfaId The MFA request id.
+     * @param {ApiMfaFidoChallenge} challenge The challenge returned by the remote end
+     */
+    constructor(ss: SignerSession, mfaId: string, challenge: ApiMfaFidoChallenge);
+    /**
+     * Answers this challenge by using the `CredentialsContainer` API to get a credential
+     * based on the the public key credential request options from this challenge.
+     */
+    createCredentialAndAnswer(): Promise<MfaRequestInfo>;
+    /**
+     * Answers this challenge using a given credential `cred`.
+     * To obtain this credential, for example, call
+     *
+     * ```
+     * const cred = await navigator.credentials.get({ publicKey: this.options });
+     * ```
+     *
+     * @param {any} cred Credential created by calling the `CredentialContainer`'s `get` method
+     *                   based on the public key credential request options from this challenge.
+     */
+    answer(cred: any): Promise<MfaRequestInfo>;
+}