@cubist-labs/cubesigner-sdk 0.1.26 → 0.1.77

package/dist/src/util.d.ts

@@ -1,3 +1,9 @@
+/** JSON map type */
+export interface JsonMap {
+    [member: string]: string | number | boolean | null | JsonArray | JsonMap;
+}
+/** JSON array type */
+export type JsonArray = Array<string | number | boolean | null | JsonArray | JsonMap>;
 /**
  * Directory where CubeSigner stores config files.
  * @return {string} Config dir
@@ -32,4 +38,18 @@ export declare class ErrResponse extends Error {
  * @internal
  */
 export declare function assertOk<D, T>(resp: ResponseType<D, T>, description?: string): D;
+/**
+ * Browser-friendly helper for decoding a 'base64url'-encoded string into a byte array.
+ *
+ * @param {string} b64url The 'base64url'-encoded string to decode
+ * @return {Uint8Array} Decoded byte array
+ */
+export declare function decodeBase64Url(b64url: string): Uint8Array;
+/**
+ * Browser-friendly helper for encoding a byte array into a 'base64url`-encoded string.
+ *
+ * @param {Iterable<number>} buffer The byte array to encode
+ * @return {string} The 'base64url' encoding of the byte array.
+ */
+export declare function encodeToBase64Url(buffer: Iterable<number>): string;
 export {};

package/dist/src/util.js

@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.assertOk = exports.ErrResponse = exports.configDir = void 0;
+exports.encodeToBase64Url = exports.decodeBase64Url = exports.assertOk = exports.ErrResponse = exports.configDir = void 0;
 const path = __importStar(require("path"));
 /**
  * Directory where CubeSigner stores config files.
@@ -72,4 +72,33 @@ function assertOk(resp, description) {
     return resp.data;
 }
 exports.assertOk = assertOk;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXRpbC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy91dGlsLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsMkNBQTZCO0FBRTdCOzs7R0FHRztBQUNILFNBQWdCLFNBQVM7SUFDdkIsTUFBTSxTQUFTLEdBQ2IsT0FBTyxDQUFDLFFBQVEsS0FBSyxRQUFRO1FBQzNCLENBQUMsQ0FBQyxHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSw4QkFBOEI7UUFDbkQsQ0FBQyxDQUFDLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLFVBQVUsQ0FBQztJQUNwQyxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFFLFlBQVksQ0FBQyxDQUFDO0FBQzVDLENBQUM7QUFORCw4QkFNQztBQUlEOztHQUVHO0FBQ0gsTUFBYSxXQUFZLFNBQVEsS0FBSztJQVFwQzs7O09BR0c7SUFDSCxZQUFZLElBQTBCO1FBQ3BDLEtBQUssQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDcEIsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUM7SUFDNUIsQ0FBQztDQUNGO0FBaEJELGtDQWdCQztBQUVEOzs7Ozs7R0FNRztBQUNILFNBQWdCLFFBQVEsQ0FBTyxJQUF3QixFQUFFLFdBQW9CO0lBQzNFLElBQUksSUFBSSxDQUFDLEtBQUssRUFBRTtRQUNkLE1BQU0sSUFBSSxXQUFXLENBQUM7WUFDcEIsV0FBVztZQUNYLE9BQU8sRUFBRyxJQUFJLENBQUMsS0FBYSxDQUFDLE9BQU87WUFDcEMsVUFBVSxFQUFFLElBQUksQ0FBQyxRQUFRLEVBQUUsVUFBVTtZQUNyQyxNQUFNLEVBQUUsSUFBSSxDQUFDLFFBQVEsRUFBRSxNQUFNO1NBQzlCLENBQUMsQ0FBQztLQUNKO0lBQ0QsSUFBSSxJQUFJLENBQUMsSUFBSSxLQUFLLFNBQVMsRUFBRTtRQUMzQixNQUFNLElBQUksS0FBSyxDQUFDLDRCQUE0QixDQUFDLENBQUM7S0FDL0M7SUFDRCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUM7QUFDbkIsQ0FBQztBQWJELDRCQWFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgcGF0aCBmcm9tIFwicGF0aFwiO1xuXG4vKipcbiAqIERpcmVjdG9yeSB3aGVyZSBDdWJlU2lnbmVyIHN0b3JlcyBjb25maWcgZmlsZXMuXG4gKiBAcmV0dXJuIHtzdHJpbmd9IENvbmZpZyBkaXJcbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGNvbmZpZ0RpcigpOiBzdHJpbmcge1xuICBjb25zdCBjb25maWdEaXIgPVxuICAgIHByb2Nlc3MucGxhdGZvcm0gPT09IFwiZGFyd2luXCJcbiAgICAgID8gYCR7cHJvY2Vzcy5lbnYuSE9NRX0vTGlicmFyeS9BcHBsaWNhdGlvbiBTdXBwb3J0YFxuICAgICAgOiBgJHtwcm9jZXNzLmVudi5IT01FfS8uY29uZmlnYDtcbiAgcmV0dXJuIHBhdGguam9pbihjb25maWdEaXIsIFwiY3ViZXNpZ25lclwiKTtcbn1cblxudHlwZSBSZXNwb25zZVR5cGU8RCwgVD4gPSB7IGRhdGE/OiBEOyBlcnJvcj86IFQ7IHJlc3BvbnNlPzogUmVzcG9uc2UgfTtcblxuLyoqXG4gKiBFcnJvciByZXNwb25zZSB0eXBlLCB0aHJvd24gb24gbm9uLXN1Y2Nlc3NmdWwgcmVzcG9uc2VzLlxuICovXG5leHBvcnQgY2xhc3MgRXJyUmVzcG9uc2UgZXh0ZW5kcyBFcnJvciB7XG4gIC8qKiBEZXNjcmlwdGlvbiAqL1xuICByZWFkb25seSBkZXNjcmlwdGlvbj86IHN0cmluZztcbiAgLyoqIEhUVFAgc3RhdHVzIGNvZGUgdGV4dCAoZGVyaXZlZCBmcm9tIGB0aGlzLnN0YXR1c2ApICovXG4gIHJlYWRvbmx5IHN0YXR1c1RleHQ/OiBzdHJpbmc7XG4gIC8qKiBIVFRQIHN0YXR1cyBjb2RlICovXG4gIHJlYWRvbmx5IHN0YXR1cz86IG51bWJlcjtcblxuICAvKipcbiAgICogQ29uc3RydWN0b3JcbiAgICogQHBhcmFtIHtQYXJ0aWFsPEVyclJlc3BvbnNlPn0gaW5pdCBJbml0aWFsaXplclxuICAgKi9cbiAgY29uc3RydWN0b3IoaW5pdDogUGFydGlhbDxFcnJSZXNwb25zZT4pIHtcbiAgICBzdXBlcihpbml0Lm1lc3NhZ2UpO1xuICAgIE9iamVjdC5hc3NpZ24odGhpcywgaW5pdCk7XG4gIH1cbn1cblxuLyoqXG4gKiBUaHJvdyBpZiBvbiBlcnJvciByZXNwb25zZS4gT3RoZXJ3aXNlLCByZXR1cm4gdGhlIHJlc3BvbnNlIGRhdGEuXG4gKiBAcGFyYW0ge1Jlc3BvbnNlVHlwZX0gcmVzcCBUaGUgcmVzcG9uc2UgdG8gY2hlY2tcbiAqIEBwYXJhbSB7c3RyaW5nfSBkZXNjcmlwdGlvbiBEZXNjcmlwdGlvbiB0byBpbmNsdWRlIGluIHRoZSB0aHJvd24gZXJyb3JcbiAqIEByZXR1cm4ge0R9IFRoZSByZXNwb25zZSBkYXRhLlxuICogQGludGVybmFsXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBhc3NlcnRPazxELCBUPihyZXNwOiBSZXNwb25zZVR5cGU8RCwgVD4sIGRlc2NyaXB0aW9uPzogc3RyaW5nKTogRCB7XG4gIGlmIChyZXNwLmVycm9yKSB7XG4gICAgdGhyb3cgbmV3IEVyclJlc3BvbnNlKHtcbiAgICAgIGRlc2NyaXB0aW9uLFxuICAgICAgbWVzc2FnZTogKHJlc3AuZXJyb3IgYXMgYW55KS5tZXNzYWdlLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIEB0eXBlc2NyaXB0LWVzbGludC9uby1leHBsaWNpdC1hbnlcbiAgICAgIHN0YXR1c1RleHQ6IHJlc3AucmVzcG9uc2U/LnN0YXR1c1RleHQsXG4gICAgICBzdGF0dXM6IHJlc3AucmVzcG9uc2U/LnN0YXR1cyxcbiAgICB9KTtcbiAgfVxuICBpZiAocmVzcC5kYXRhID09PSB1bmRlZmluZWQpIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoXCJSZXNwb25zZSBkYXRhIGlzIHVuZGVmaW5lZFwiKTtcbiAgfVxuICByZXR1cm4gcmVzcC5kYXRhO1xufVxuIl19
+/**
+ * Browser-friendly helper for decoding a 'base64url'-encoded string into a byte array.
+ *
+ * @param {string} b64url The 'base64url'-encoded string to decode
+ * @return {Uint8Array} Decoded byte array
+ */
+function decodeBase64Url(b64url) {
+    const b64 = b64url.replace(/-/g, "+").replace(/_/g, "/").replace(/=*$/g, "");
+    // NOTE: there is no "base64url" encoding in the "buffer" module for the browser (unlike in node.js)
+    return typeof Buffer === "function"
+        ? Buffer.from(b64, "base64")
+        : Uint8Array.from(atob(b64), (c) => c.charCodeAt(0));
+}
+exports.decodeBase64Url = decodeBase64Url;
+/**
+ * Browser-friendly helper for encoding a byte array into a 'base64url`-encoded string.
+ *
+ * @param {Iterable<number>} buffer The byte array to encode
+ * @return {string} The 'base64url' encoding of the byte array.
+ */
+function encodeToBase64Url(buffer) {
+    const bytes = new Uint8Array(buffer);
+    // NOTE: there is no "base64url" encoding in the "buffer" module for the browser (unlike in node.js)
+    const b64 = typeof Buffer === "function"
+        ? Buffer.from(bytes).toString("base64")
+        : btoa(bytes.reduce((s, b) => s + String.fromCharCode(b), ""));
+    return b64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=*$/g, "");
+}
+exports.encodeToBase64Url = encodeToBase64Url;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXRpbC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy91dGlsLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsMkNBQTZCO0FBVTdCOzs7R0FHRztBQUNILFNBQWdCLFNBQVM7SUFDdkIsTUFBTSxTQUFTLEdBQ2IsT0FBTyxDQUFDLFFBQVEsS0FBSyxRQUFRO1FBQzNCLENBQUMsQ0FBQyxHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSw4QkFBOEI7UUFDbkQsQ0FBQyxDQUFDLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLFVBQVUsQ0FBQztJQUNwQyxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFFLFlBQVksQ0FBQyxDQUFDO0FBQzVDLENBQUM7QUFORCw4QkFNQztBQUlEOztHQUVHO0FBQ0gsTUFBYSxXQUFZLFNBQVEsS0FBSztJQVFwQzs7O09BR0c7SUFDSCxZQUFZLElBQTBCO1FBQ3BDLEtBQUssQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDcEIsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUM7SUFDNUIsQ0FBQztDQUNGO0FBaEJELGtDQWdCQztBQUVEOzs7Ozs7R0FNRztBQUNILFNBQWdCLFFBQVEsQ0FBTyxJQUF3QixFQUFFLFdBQW9CO0lBQzNFLElBQUksSUFBSSxDQUFDLEtBQUssRUFBRTtRQUNkLE1BQU0sSUFBSSxXQUFXLENBQUM7WUFDcEIsV0FBVztZQUNYLE9BQU8sRUFBRyxJQUFJLENBQUMsS0FBYSxDQUFDLE9BQU87WUFDcEMsVUFBVSxFQUFFLElBQUksQ0FBQyxRQUFRLEVBQUUsVUFBVTtZQUNyQyxNQUFNLEVBQUUsSUFBSSxDQUFDLFFBQVEsRUFBRSxNQUFNO1NBQzlCLENBQUMsQ0FBQztLQUNKO0lBQ0QsSUFBSSxJQUFJLENBQUMsSUFBSSxLQUFLLFNBQVMsRUFBRTtRQUMzQixNQUFNLElBQUksS0FBSyxDQUFDLDRCQUE0QixDQUFDLENBQUM7S0FDL0M7SUFDRCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUM7QUFDbkIsQ0FBQztBQWJELDRCQWFDO0FBRUQ7Ozs7O0dBS0c7QUFDSCxTQUFnQixlQUFlLENBQUMsTUFBYztJQUM1QyxNQUFNLEdBQUcsR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxHQUFHLENBQUMsQ0FBQyxPQUFPLENBQUMsSUFBSSxFQUFFLEdBQUcsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFFN0Usb0dBQW9HO0lBQ3BHLE9BQU8sT0FBTyxNQUFNLEtBQUssVUFBVTtRQUNqQyxDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsUUFBUSxDQUFDO1FBQzVCLENBQUMsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO0FBQ3pELENBQUM7QUFQRCwwQ0FPQztBQUVEOzs7OztHQUtHO0FBQ0gsU0FBZ0IsaUJBQWlCLENBQUMsTUFBd0I7SUFDeEQsTUFBTSxLQUFLLEdBQUcsSUFBSSxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUM7SUFFckMsb0dBQW9HO0lBQ3BHLE1BQU0sR0FBRyxHQUNQLE9BQU8sTUFBTSxLQUFLLFVBQVU7UUFDMUIsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQztRQUN2QyxDQUFDLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLEdBQUcsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBRW5FLE9BQU8sR0FBRyxDQUFDLE9BQU8sQ0FBQyxLQUFLLEVBQUUsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxHQUFHLENBQUMsQ0FBQyxPQUFPLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxDQUFDO0FBQ3pFLENBQUM7QUFWRCw4Q0FVQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIHBhdGggZnJvbSBcInBhdGhcIjtcblxuLyoqIEpTT04gbWFwIHR5cGUgKi9cbmV4cG9ydCBpbnRlcmZhY2UgSnNvbk1hcCB7XG4gIFttZW1iZXI6IHN0cmluZ106IHN0cmluZyB8IG51bWJlciB8IGJvb2xlYW4gfCBudWxsIHwgSnNvbkFycmF5IHwgSnNvbk1hcDtcbn1cblxuLyoqIEpTT04gYXJyYXkgdHlwZSAqL1xuZXhwb3J0IHR5cGUgSnNvbkFycmF5ID0gQXJyYXk8c3RyaW5nIHwgbnVtYmVyIHwgYm9vbGVhbiB8IG51bGwgfCBKc29uQXJyYXkgfCBKc29uTWFwPjtcblxuLyoqXG4gKiBEaXJlY3Rvcnkgd2hlcmUgQ3ViZVNpZ25lciBzdG9yZXMgY29uZmlnIGZpbGVzLlxuICogQHJldHVybiB7c3RyaW5nfSBDb25maWcgZGlyXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBjb25maWdEaXIoKTogc3RyaW5nIHtcbiAgY29uc3QgY29uZmlnRGlyID1cbiAgICBwcm9jZXNzLnBsYXRmb3JtID09PSBcImRhcndpblwiXG4gICAgICA/IGAke3Byb2Nlc3MuZW52LkhPTUV9L0xpYnJhcnkvQXBwbGljYXRpb24gU3VwcG9ydGBcbiAgICAgIDogYCR7cHJvY2Vzcy5lbnYuSE9NRX0vLmNvbmZpZ2A7XG4gIHJldHVybiBwYXRoLmpvaW4oY29uZmlnRGlyLCBcImN1YmVzaWduZXJcIik7XG59XG5cbnR5cGUgUmVzcG9uc2VUeXBlPEQsIFQ+ID0geyBkYXRhPzogRDsgZXJyb3I/OiBUOyByZXNwb25zZT86IFJlc3BvbnNlIH07XG5cbi8qKlxuICogRXJyb3IgcmVzcG9uc2UgdHlwZSwgdGhyb3duIG9uIG5vbi1zdWNjZXNzZnVsIHJlc3BvbnNlcy5cbiAqL1xuZXhwb3J0IGNsYXNzIEVyclJlc3BvbnNlIGV4dGVuZHMgRXJyb3Ige1xuICAvKiogRGVzY3JpcHRpb24gKi9cbiAgcmVhZG9ubHkgZGVzY3JpcHRpb24/OiBzdHJpbmc7XG4gIC8qKiBIVFRQIHN0YXR1cyBjb2RlIHRleHQgKGRlcml2ZWQgZnJvbSBgdGhpcy5zdGF0dXNgKSAqL1xuICByZWFkb25seSBzdGF0dXNUZXh0Pzogc3RyaW5nO1xuICAvKiogSFRUUCBzdGF0dXMgY29kZSAqL1xuICByZWFkb25seSBzdGF0dXM/OiBudW1iZXI7XG5cbiAgLyoqXG4gICAqIENvbnN0cnVjdG9yXG4gICAqIEBwYXJhbSB7UGFydGlhbDxFcnJSZXNwb25zZT59IGluaXQgSW5pdGlhbGl6ZXJcbiAgICovXG4gIGNvbnN0cnVjdG9yKGluaXQ6IFBhcnRpYWw8RXJyUmVzcG9uc2U+KSB7XG4gICAgc3VwZXIoaW5pdC5tZXNzYWdlKTtcbiAgICBPYmplY3QuYXNzaWduKHRoaXMsIGluaXQpO1xuICB9XG59XG5cbi8qKlxuICogVGhyb3cgaWYgb24gZXJyb3IgcmVzcG9uc2UuIE90aGVyd2lzZSwgcmV0dXJuIHRoZSByZXNwb25zZSBkYXRhLlxuICogQHBhcmFtIHtSZXNwb25zZVR5cGV9IHJlc3AgVGhlIHJlc3BvbnNlIHRvIGNoZWNrXG4gKiBAcGFyYW0ge3N0cmluZ30gZGVzY3JpcHRpb24gRGVzY3JpcHRpb24gdG8gaW5jbHVkZSBpbiB0aGUgdGhyb3duIGVycm9yXG4gKiBAcmV0dXJuIHtEfSBUaGUgcmVzcG9uc2UgZGF0YS5cbiAqIEBpbnRlcm5hbFxuICovXG5leHBvcnQgZnVuY3Rpb24gYXNzZXJ0T2s8RCwgVD4ocmVzcDogUmVzcG9uc2VUeXBlPEQsIFQ+LCBkZXNjcmlwdGlvbj86IHN0cmluZyk6IEQge1xuICBpZiAocmVzcC5lcnJvcikge1xuICAgIHRocm93IG5ldyBFcnJSZXNwb25zZSh7XG4gICAgICBkZXNjcmlwdGlvbixcbiAgICAgIG1lc3NhZ2U6IChyZXNwLmVycm9yIGFzIGFueSkubWVzc2FnZSwgLy8gZXNsaW50LWRpc2FibGUtbGluZSBAdHlwZXNjcmlwdC1lc2xpbnQvbm8tZXhwbGljaXQtYW55XG4gICAgICBzdGF0dXNUZXh0OiByZXNwLnJlc3BvbnNlPy5zdGF0dXNUZXh0LFxuICAgICAgc3RhdHVzOiByZXNwLnJlc3BvbnNlPy5zdGF0dXMsXG4gICAgfSk7XG4gIH1cbiAgaWYgKHJlc3AuZGF0YSA9PT0gdW5kZWZpbmVkKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKFwiUmVzcG9uc2UgZGF0YSBpcyB1bmRlZmluZWRcIik7XG4gIH1cbiAgcmV0dXJuIHJlc3AuZGF0YTtcbn1cblxuLyoqXG4gKiBCcm93c2VyLWZyaWVuZGx5IGhlbHBlciBmb3IgZGVjb2RpbmcgYSAnYmFzZTY0dXJsJy1lbmNvZGVkIHN0cmluZyBpbnRvIGEgYnl0ZSBhcnJheS5cbiAqXG4gKiBAcGFyYW0ge3N0cmluZ30gYjY0dXJsIFRoZSAnYmFzZTY0dXJsJy1lbmNvZGVkIHN0cmluZyB0byBkZWNvZGVcbiAqIEByZXR1cm4ge1VpbnQ4QXJyYXl9IERlY29kZWQgYnl0ZSBhcnJheVxuICovXG5leHBvcnQgZnVuY3Rpb24gZGVjb2RlQmFzZTY0VXJsKGI2NHVybDogc3RyaW5nKTogVWludDhBcnJheSB7XG4gIGNvbnN0IGI2NCA9IGI2NHVybC5yZXBsYWNlKC8tL2csIFwiK1wiKS5yZXBsYWNlKC9fL2csIFwiL1wiKS5yZXBsYWNlKC89KiQvZywgXCJcIik7XG5cbiAgLy8gTk9URTogdGhlcmUgaXMgbm8gXCJiYXNlNjR1cmxcIiBlbmNvZGluZyBpbiB0aGUgXCJidWZmZXJcIiBtb2R1bGUgZm9yIHRoZSBicm93c2VyICh1bmxpa2UgaW4gbm9kZS5qcylcbiAgcmV0dXJuIHR5cGVvZiBCdWZmZXIgPT09IFwiZnVuY3Rpb25cIlxuICAgID8gQnVmZmVyLmZyb20oYjY0LCBcImJhc2U2NFwiKVxuICAgIDogVWludDhBcnJheS5mcm9tKGF0b2IoYjY0KSwgKGMpID0+IGMuY2hhckNvZGVBdCgwKSk7XG59XG5cbi8qKlxuICogQnJvd3Nlci1mcmllbmRseSBoZWxwZXIgZm9yIGVuY29kaW5nIGEgYnl0ZSBhcnJheSBpbnRvIGEgJ2Jhc2U2NHVybGAtZW5jb2RlZCBzdHJpbmcuXG4gKlxuICogQHBhcmFtIHtJdGVyYWJsZTxudW1iZXI+fSBidWZmZXIgVGhlIGJ5dGUgYXJyYXkgdG8gZW5jb2RlXG4gKiBAcmV0dXJuIHtzdHJpbmd9IFRoZSAnYmFzZTY0dXJsJyBlbmNvZGluZyBvZiB0aGUgYnl0ZSBhcnJheS5cbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGVuY29kZVRvQmFzZTY0VXJsKGJ1ZmZlcjogSXRlcmFibGU8bnVtYmVyPik6IHN0cmluZyB7XG4gIGNvbnN0IGJ5dGVzID0gbmV3IFVpbnQ4QXJyYXkoYnVmZmVyKTtcblxuICAvLyBOT1RFOiB0aGVyZSBpcyBubyBcImJhc2U2NHVybFwiIGVuY29kaW5nIGluIHRoZSBcImJ1ZmZlclwiIG1vZHVsZSBmb3IgdGhlIGJyb3dzZXIgKHVubGlrZSBpbiBub2RlLmpzKVxuICBjb25zdCBiNjQgPVxuICAgIHR5cGVvZiBCdWZmZXIgPT09IFwiZnVuY3Rpb25cIlxuICAgICAgPyBCdWZmZXIuZnJvbShieXRlcykudG9TdHJpbmcoXCJiYXNlNjRcIilcbiAgICAgIDogYnRvYShieXRlcy5yZWR1Y2UoKHMsIGIpID0+IHMgKyBTdHJpbmcuZnJvbUNoYXJDb2RlKGIpLCBcIlwiKSk7XG5cbiAgcmV0dXJuIGI2NC5yZXBsYWNlKC9cXCsvZywgXCItXCIpLnJlcGxhY2UoL1xcLy9nLCBcIl9cIikucmVwbGFjZSgvPSokL2csIFwiXCIpO1xufVxuIl19

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@cubist-labs/cubesigner-sdk",
   "author": "Cubist, Inc.",
-  "version": "0.1.26",
+  "version": "0.1.77",
   "description": "CubeSigner TypeScript SDK",
   "homepage": "https://github.com/cubist-labs/CubeSigner-TypeScript-SDK",
   "bugs": "https://github.com/cubist-labs/CubeSigner-TypeScript-SDK/issues",
@@ -28,34 +28,39 @@
     "gen-schema": "npx openapi-typescript ./spec/openapi.json --output ./src/schema.ts"
   },
   "dependencies": {
-    "ethers": "^6.7.1",
+    "ethers": "6.7.1",
     "openapi-fetch": "0.6.1"
   },
   "devDependencies": {
     "@types/chai": "^4.3.5",
+    "@types/chai-as-promised": "^7.1.8",
     "@types/jest": "^29.5.2",
-    "@types/node": "^20.3.2",
+    "@types/node": "^20.9.0",
     "@types/node-fetch": "^2.6.4",
     "@types/tmp": "^0.2.3",
     "@typescript-eslint/eslint-plugin": "^5.60.1",
     "chai": "^4.3.7",
+    "chai-as-promised": "^7.1.1",
+    "dotenv": "^16.3.1",
     "eslint": "^8.43.0",
     "eslint-config-google": "^0.14.0",
     "eslint-config-prettier": "^8.8.0",
     "jest": "^29.5.0",
-    "openapi-typescript": "^6.2.8",
+    "openapi-typescript": "^6.7.0",
     "otplib": "^12.0.1",
-    "prettier": "3.0.0",
+    "prettier": "3.0.3",
     "tmp": "^0.2.1",
     "ts-jest": "^29.1.0",
     "ts-node": "^10.9.1",
-    "typedoc": "^0.24.8",
     "typescript": "^5.1.6"
   },
   "optionalDependencies": {
-    "@aws-sdk/client-cognito-identity-provider": "^3.398.0"
+    "@aws-sdk/client-cognito-identity-provider": "^3.445.0"
   },
   "prettier": {
     "printWidth": 100
+  },
+  "engines": {
+    "node": ">=18.0.0"
   }
 }

package/src/ethers/index.ts

@@ -7,8 +7,33 @@ import {
   getBytes,
   toBeHex,
 } from "ethers";
-import { BlobSignRequest, EvmSignRequest, SignerSession } from "../signer_session";
-import { Key } from "../key";
+import {
+  BlobSignRequest,
+  EvmSignRequest,
+  MfaRequestInfo,
+  SignerSession,
+  SignResponse,
+} from "../signer_session";
+import { KeyInfo } from "../key";
+import { CubeSigner } from "..";
+
+/** Options for the signer */
+interface SignerOptions {
+  /** Optional provider to use */
+  provider?: null | ethers.Provider;
+  /**
+   * The function to call when MFA information is retrieved. If this callback
+   * throws, no transaction is broadcast.
+   */
+  onMfaPoll?: (arg0: MfaRequestInfo) => void;
+  /**
+   * The amount of time (in milliseconds) to wait between checks for MFA
+   * updates. Default is 1000ms
+   */
+  mfaPollIntervalMs?: number;
+  /** Optional management session. Used to check for MFA updates */
+  managementSession?: CubeSigner;
+}
 
 /**
  * A ethers.js Signer using CubeSigner
@@ -18,20 +43,40 @@ export class Signer extends ethers.AbstractSigner {
   readonly #address: string;
 
   /** The key to use for signing */
-  #key?: Key;
+  #key?: KeyInfo;
 
   /** The underlying session */
   readonly #signerSession: SignerSession;
 
+  /**
+   * The function to call when MFA information is retrieved. If this callback
+   * throws, no transaction is broadcast.
+   */
+  readonly #onMfaPoll: (arg0: MfaRequestInfo) => void;
+
+  /** The amount of time to wait between checks for MFA updates */
+  readonly #mfaPollIntervalMs: number;
+
+  /** Optional management session, used for MFA flows */
+  readonly #managementSession?: CubeSigner;
+
   /** Create new Signer instance
-   * @param {string} address The address of the account to use.
+   * @param {KeyInfo | string} address The key or the eth address of the account to use.
    * @param {SignerSession} signerSession The underlying Signer session.
-   * @param {null | ethers.Provider} provider The optional provider instance to use.
+   * @param {SignerOptions} options The options to use for the Signer instance
    */
-  constructor(address: string, signerSession: SignerSession, provider?: null | ethers.Provider) {
-    super(provider);
-    this.#address = address;
+  constructor(address: KeyInfo | string, signerSession: SignerSession, options?: SignerOptions) {
+    super(options?.provider);
+    if (typeof address === "string") {
+      this.#address = address;
+    } else {
+      this.#address = address.materialId;
+      this.#key = address as KeyInfo;
+    }
     this.#signerSession = signerSession;
+    this.#onMfaPoll = options?.onMfaPoll ?? ((/* _mfaInfo: MfaRequestInfo */) => {}); // eslint-disable-line @typescript-eslint/no-empty-function
+    this.#mfaPollIntervalMs = options?.mfaPollIntervalMs ?? 1000;
+    this.#managementSession = options?.managementSession;
   }
 
   /** Resolves to the signer address. */
@@ -45,11 +90,11 @@ export class Signer extends ethers.AbstractSigner {
    *  @return {Signer} The signer connected to signer.
    */
   connect(provider: null | ethers.Provider): Signer {
-    return new Signer(this.#address, this.#signerSession, provider);
+    return new Signer(this.#address, this.#signerSession, { provider });
   }
 
   /**
-   * Signs a transaction. This populates the transaction type to `0x02` (EIP-1559) unless set.
+   * Signs a transaction. This populates the transaction type to `0x02` (EIP-1559) unless set. This method will block if the key requires MFA approval.
    * @param {ethers.TransactionRequest} tx The transaction to sign.
    * @return {Promise<string>} Hex-encoded RLP encoding of the transaction and its signature.
    */
@@ -75,8 +120,10 @@ export class Signer extends ethers.AbstractSigner {
       chain_id: Number(chainId),
       tx: rpcTx,
     };
-    const sig = await this.#signerSession.signEvm(this.#address, req);
-    return sig.data().rlp_signed_tx;
+
+    const res = await this.#signerSession.signEvm(this.#address, req);
+    const data = await this.#handleMfa(res);
+    return data.rlp_signed_tx;
   }
 
   /** Signs arbitrary messages. This uses ethers.js's [hashMessage](https://docs.ethers.org/v6/api/hashing/#hashMessage)
@@ -118,14 +165,39 @@ export class Signer extends ethers.AbstractSigner {
     };
     // Get the key corresponding to this address
     if (this.#key === undefined) {
-      const key = (await this.#signerSession.keys()).find((k) => k.materialId === this.#address);
+      const key = (await this.#signerSession.keys()).find((k) => k.material_id === this.#address);
       if (key === undefined) {
         throw new Error(`Cannot access key '${this.#address}'`);
       }
       this.#key = key;
     }
-    // sign
-    const result = await this.#signerSession.signBlob(this.#key, blobReq);
-    return result.data().signature;
+
+    const res = await this.#signerSession.signBlob(this.#key.key_id, blobReq);
+    const data = await this.#handleMfa(res);
+    return data.signature;
+  }
+
+  /**
+   * If the sign request requires MFA, this method waits for approvals
+   *
+   * @param {SignResponse<U>} res The response of a sign request
+   * @return {Promise<U>} The sign data after MFA approvals
+   */
+  async #handleMfa<U>(res: SignResponse<U>): Promise<U> {
+    while (res.requiresMfa()) {
+      await new Promise((resolve) => setTimeout(resolve, this.#mfaPollIntervalMs));
+
+      const mfaId = res.mfaId();
+      const mfaInfo = await this.#signerSession.getMfaInfo(this.#managementSession!, mfaId);
+      this.#onMfaPoll(mfaInfo);
+      if (mfaInfo.receipt) {
+        res = await res.signWithMfaApproval({
+          mfaId,
+          mfaOrgId: this.#signerSession.orgId,
+          mfaConf: mfaInfo.receipt.confirmation,
+        });
+      }
+    }
+    return res.data();
   }
 }

package/src/fido.ts

@@ -0,0 +1,166 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
+
+import { CubeSigner, MfaRequestInfo, SignerSession } from ".";
+import { components } from "./schema";
+import { decodeBase64Url, encodeToBase64Url } from "./util";
+
+export type ApiAddFidoChallenge =
+  components["responses"]["FidoCreateChallengeResponse"]["content"]["application/json"];
+
+export type ApiMfaFidoChallenge =
+  components["responses"]["FidoAssertChallenge"]["content"]["application/json"];
+
+export type PublicKeyCredentialCreationOptions =
+  components["schemas"]["PublicKeyCredentialCreationOptions"];
+export type PublicKeyCredentialRequestOptions =
+  components["schemas"]["PublicKeyCredentialRequestOptions"];
+export type PublicKeyCredentialParameters = components["schemas"]["PublicKeyCredentialParameters"];
+export type PublicKeyCredentialDescriptor = components["schemas"]["PublicKeyCredentialDescriptor"];
+export type AuthenticatorSelectionCriteria =
+  components["schemas"]["AuthenticatorSelectionCriteria"];
+export type PublicKeyCredentialUserEntity = components["schemas"]["PublicKeyCredentialUserEntity"];
+export type PublicKeyCredential = components["schemas"]["PublicKeyCredential"];
+
+/**
+ * Returned after creating a request to add a new FIDO device.
+ * Provides some helper methods for answering this challenge.
+ */
+export class AddFidoChallenge {
+  readonly #cs: CubeSigner;
+  readonly challengeId: string;
+  readonly options: any;
+
+  /**
+   * Constructor
+   * @param {CubeSigner} cs CubeSigner instance used to request to add a FIDO device
+   * @param {ApiAddFidoChallenge} challenge The challenge returned by the remote end.
+   */
+  constructor(cs: CubeSigner, challenge: ApiAddFidoChallenge) {
+    this.#cs = cs;
+    this.challengeId = challenge.challenge_id;
+
+    // fix options returned from the server: rename fields and decode base64 fields to uint8[]
+    this.options = {
+      ...challenge.options,
+      challenge: decodeBase64Url(challenge.options.challenge),
+    };
+    this.options.pubKeyCredParams ??= challenge.options.pub_key_cred_params;
+    this.options.excludeCredentials ??= challenge.options.exclude_credentials;
+    this.options.authenticatorSelection ??= challenge.options.authenticator_selection;
+    delete this.options.pub_key_cred_params;
+    delete this.options.exclude_credentials;
+    delete this.options.authenticator_selection;
+
+    if (challenge.options.user) {
+      this.options.user.id = decodeBase64Url(challenge.options.user.id);
+    }
+
+    for (const credential of this.options.excludeCredentials ?? []) {
+      credential.id = decodeBase64Url(credential.id);
+    }
+  }
+
+  /**
+   * Answers this challenge by using the `CredentialsContainer` API to create a credential
+   * based on the the public key credential creation options from this challenge.
+   */
+  async createCredentialAndAnswer() {
+    const cred = await navigator.credentials.create({ publicKey: this.options });
+    await this.answer(cred);
+  }
+
+  /**
+   * Answers this challenge using a given credential `cred`;
+   * the credential should be obtained by calling
+   *
+   * ```
+   * const cred = await navigator.credentials.create({ publicKey: this.options });
+   * ```
+   *
+   * @param {any} cred Credential created by calling the `CredentialContainer`'s `create` method
+   *                   based on the public key creation options from this challenge.
+   */
+  async answer(cred: any) {
+    const answer = <PublicKeyCredential>{
+      id: cred.id,
+      response: {
+        clientDataJSON: encodeToBase64Url(cred.response.clientDataJSON),
+        attestationObject: encodeToBase64Url(cred.response.attestationObject),
+      },
+    };
+    await this.#cs.addFidoComplete(this.challengeId, answer);
+  }
+}
+
+/**
+ * Returned after initiating MFA approval using FIDO.
+ * Provides some helper methods for answering this challenge.
+ */
+export class MfaFidoChallenge {
+  readonly #ss: SignerSession;
+  readonly mfaId: string;
+  readonly challengeId: string;
+  readonly options: any;
+
+  /**
+   * @param {SignerSession} ss The session used to initiate MFA approval using FIDO
+   * @param {string} mfaId The MFA request id.
+   * @param {ApiMfaFidoChallenge} challenge The challenge returned by the remote end
+   */
+  constructor(ss: SignerSession, mfaId: string, challenge: ApiMfaFidoChallenge) {
+    this.#ss = ss;
+    this.mfaId = mfaId;
+    this.challengeId = challenge.challenge_id;
+
+    // fix options returned from the server: rename fields and decode base64 fields into uint8[]
+    this.options = {
+      ...challenge.options,
+      challenge: decodeBase64Url(challenge.options.challenge),
+    };
+    this.options.rpId ??= challenge.options.rp_id;
+    this.options.allowCredentials ??= challenge.options.allow_credentials;
+    this.options.userVerification ??= challenge.options.user_verification;
+    delete this.options.rp_id;
+    delete this.options.allow_credentials;
+    delete this.options.user_verification;
+
+    for (const credential of this.options.allowCredentials ?? []) {
+      credential.id = decodeBase64Url(credential.id);
+      if (credential.transports === null) {
+        delete credential.transports;
+      }
+    }
+  }
+
+  /**
+   * Answers this challenge by using the `CredentialsContainer` API to get a credential
+   * based on the the public key credential request options from this challenge.
+   */
+  async createCredentialAndAnswer(): Promise<MfaRequestInfo> {
+    const cred = await navigator.credentials.get({ publicKey: this.options });
+    return await this.answer(cred);
+  }
+
+  /**
+   * Answers this challenge using a given credential `cred`.
+   * To obtain this credential, for example, call
+   *
+   * ```
+   * const cred = await navigator.credentials.get({ publicKey: this.options });
+   * ```
+   *
+   * @param {any} cred Credential created by calling the `CredentialContainer`'s `get` method
+   *                   based on the public key credential request options from this challenge.
+   */
+  async answer(cred: any): Promise<MfaRequestInfo> {
+    const answer = <PublicKeyCredential>{
+      id: cred.id,
+      response: {
+        clientDataJSON: encodeToBase64Url(cred.response.clientDataJSON),
+        authenticatorData: encodeToBase64Url(cred.response.authenticatorData),
+        signature: encodeToBase64Url(cred.response.signature),
+      },
+    };
+    return await this.#ss.fidoApproveComplete(this.mfaId, this.challengeId, answer);
+  }
+}