@cubist-labs/cubesigner-sdk 0.1.50 → 0.1.77

package/README.md

@@ -113,7 +113,8 @@ transaction. For that, we need a key of type `Secp256k1.Evm`.
 const secpKey = await org.createKey(cs.Secp256k1.Evm);
 assert((await secpKey.owner()) == me.user_id);
 assert(await secpKey.enabled());
-console.log(`Created '${await secpKey.type()}' key ${secpKey.id}`);
+assert(await secpKey.type(), cs.Secp256k1.Evm);
+console.log(`Created '${cs.Secp256k1.Evm}' key ${secpKey.id}`);
 ```
 
 ### Create a `Role` and a `SignerSession`
@@ -351,12 +352,29 @@ export the underlying token:
 const oidcToken = await cubesigner.sessionMgr!.token();
 ```
 
-and then exchange it for either a _signer_ session (i.e., an instance
-of `SignerSession`, required by all signing endpoints, e.g.,
-`signEvm`)
+Before we can use the OIDC token for authentication, we must add an org policy
+to allow the particular issuer/audience pair from the token.
 
 ```typescript
-const oidcSession = new cs.SignerSession(await cubesigner.oidcAuth(oidcToken, org.id, ["sign:*"]));
+const oldOrgPolicy = await org.policy();
+const oidcPayload = JSON.parse(atob(oidcToken.split(".")[1].replace(/-/g, "+").replace(/_/g, "/")));
+const oidcAuthSourcesPolicy = {
+  OidcAuthSources: {
+    [oidcPayload.iss]: [oidcPayload.aud],
+  },
+};
+console.log("Setting org policy", oidcAuthSourcesPolicy);
+await org.setPolicy([oidcAuthSourcesPolicy]);
+```
+
+Finally, exchange the OIDC token for either a _signer_ session (i.e., an instance
+of `SignerSession`, required by all signing endpoints, e.g., `signEvm`)
+
+```typescript
+const oidcSession = new cs.SignerSession(
+  // we'll use this session for both signing and approving MFA request, hence the following scopes
+  await cubesigner.oidcAuth(oidcToken, org.id, ["manage:mfa", "sign:*"]),
+);
 ```
 
 or a _management_ session (i.e., and instance of `CubeSigner`,
@@ -382,26 +400,56 @@ doesn't matter if that user is native to CubeSigner or a third-party
 OIDC user. For that purpose, in this section we are going to use the
 previously created `oidcCubeSigner` instance.
 
-To set up TOTP, we call the `resetTotp` method which creates a new
-TOTP configuration for the users (overwriting the previous one, if
-any) and returns a [TOTP
-url](https://github.com/google/google-authenticator/wiki/Key-Uri-Format).
+To set up TOTP, we first call the `resetTotpStart` method to initiate a
+TOTP reset procedure.
 
 ```typescript
 console.log(`Setting up TOTP for user ${me.email}`);
-const totpResp = await oidcCubeSigner.resetTotp();
-assert(totpResp.totp_url);
+let totpResetResp = await oidcCubeSigner.resetTotpStart();
 ```
 
+If the user has already configured TOTP (or any other form of MFA),
+this response will require multi factor authentication. In that case,
+for example, call `approveTotp` and provide the code for the existing
+TOTP to proceed:
+
+```typescript
+import { authenticator } from "otplib"; // npm install otplib@12.0.1
+
+let totpSecret = process.env["CS_USER_TOTP_SECRET"]!;
+if (totpResetResp.requiresMfa()) {
+  console.log("Resetting TOTP requires MFA");
+  const code = authenticator.generate(totpSecret);
+  totpResetResp = await totpResetResp.approveTotp(oidcSession, code);
+  assert(!totpResetResp.requiresMfa());
+  console.log("MFA approved using existing TOTP");
+}
+```
+
+The response contains a TOTP challenge, i.e., a new TOTP
+configuration in the form of the standard
+[TOTP url](https://github.com/google/google-authenticator/wiki/Key-Uri-Format).
 From that url, we can generate a QR code to present to the user, or
 create an authenticator for automated testing.
 
 ```typescript
-import { authenticator } from "otplib"; // npm install otplib@12.0.1
+const totpChallenge = totpResetResp.data();
+assert(totpChallenge.totpUrl);
+```
 
-const totpSecret = new URL(totpResp.totp_url).searchParams.get("secret");
+To complete the challenge, we must call `resetTotpComplete` and
+provide the TOTP code matching the TOTP configuration from the challenge:
+
+```typescript norun
+totpSecret = new URL(totpChallenge.totp_url).searchParams.get("secret");
 assert(totpSecret);
+await totpChallenge.answer(authenticator.generate(totpSecret));
+```
+
+After TOTP is configured, we can double check that our authenticator
+is generating the correct code by calling `verifyTotp`
 
+```typescript
 console.log(`Verifying current TOTP code`);
 let code = authenticator.generate(totpSecret);
 await oidcCubeSigner.verifyTotp(code);
@@ -461,6 +509,11 @@ we created.
 console.log("Cleaning up");
 await session.sessionMgr.revoke();
 await role.delete();
+
+// restore the old policy for the sake of repeatability of this example
+// (normally you'd set your org policies once and leave them be)
+console.log("Restoring org policy", oldOrgPolicy);
+await org.setPolicy(oldOrgPolicy);
 ```
 
 As of now, deleting keys is not supported.

package/dist/src/ethers/index.js

@@ -148,12 +148,17 @@ _Signer_address = new WeakMap(), _Signer_key = new WeakMap(), _Signer_signerSess
 async function _Signer_handleMfa(res) {
     while (res.requiresMfa()) {
         await new Promise((resolve) => setTimeout(resolve, __classPrivateFieldGet(this, _Signer_mfaPollIntervalMs, "f")));
-        const mfaInfo = await __classPrivateFieldGet(this, _Signer_signerSession, "f").getMfaInfo(__classPrivateFieldGet(this, _Signer_managementSession, "f"), res.mfaId());
+        const mfaId = res.mfaId();
+        const mfaInfo = await __classPrivateFieldGet(this, _Signer_signerSession, "f").getMfaInfo(__classPrivateFieldGet(this, _Signer_managementSession, "f"), mfaId);
         __classPrivateFieldGet(this, _Signer_onMfaPoll, "f").call(this, mfaInfo);
         if (mfaInfo.receipt) {
-            res = await res.signWithMfaApproval(mfaInfo);
+            res = await res.signWithMfaApproval({
+                mfaId,
+                mfaOrgId: __classPrivateFieldGet(this, _Signer_signerSession, "f").orgId,
+                mfaConf: mfaInfo.receipt.confirmation,
+            });
         }
     }
     return res.data();
 };
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvZXRoZXJzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7OztBQUFBLG1DQVFnQjtBQTZCaEI7O0dBRUc7QUFDSCxNQUFhLE1BQU8sU0FBUSxlQUFNLENBQUMsY0FBYztJQXNCL0M7Ozs7T0FJRztJQUNILFlBQVksT0FBeUIsRUFBRSxhQUE0QixFQUFFLE9BQXVCO1FBQzFGLEtBQUssQ0FBQyxPQUFPLEVBQUUsUUFBUSxDQUFDLENBQUM7O1FBM0IzQixpQ0FBaUM7UUFDeEIsa0NBQWlCO1FBRTFCLGlDQUFpQztRQUNqQyw4QkFBZTtRQUVmLDZCQUE2QjtRQUNwQix3Q0FBOEI7UUFFdkM7OztXQUdHO1FBQ00sb0NBQTJDO1FBRXBELGdFQUFnRTtRQUN2RCw0Q0FBMkI7UUFFcEMsc0RBQXNEO1FBQzdDLDRDQUFnQztRQVN2QyxJQUFJLE9BQU8sT0FBTyxLQUFLLFFBQVEsRUFBRTtZQUMvQix1QkFBQSxJQUFJLG1CQUFZLE9BQU8sTUFBQSxDQUFDO1NBQ3pCO2FBQU07WUFDTCx1QkFBQSxJQUFJLG1CQUFZLE9BQU8sQ0FBQyxVQUFVLE1BQUEsQ0FBQztZQUNuQyx1QkFBQSxJQUFJLGVBQVEsT0FBa0IsTUFBQSxDQUFDO1NBQ2hDO1FBQ0QsdUJBQUEsSUFBSSx5QkFBa0IsYUFBYSxNQUFBLENBQUM7UUFDcEMsdUJBQUEsSUFBSSxxQkFBYyxPQUFPLEVBQUUsU0FBUyxJQUFJLENBQUMsRUFBQyw4QkFBOEIsRUFBRSxFQUFFLEdBQUUsQ0FBQyxDQUFDLE1BQUEsQ0FBQyxDQUFDLDJEQUEyRDtRQUM3SSx1QkFBQSxJQUFJLDZCQUFzQixPQUFPLEVBQUUsaUJBQWlCLElBQUksSUFBSSxNQUFBLENBQUM7UUFDN0QsdUJBQUEsSUFBSSw2QkFBc0IsT0FBTyxFQUFFLGlCQUFpQixNQUFBLENBQUM7SUFDdkQsQ0FBQztJQUVELHNDQUFzQztJQUN0QyxLQUFLLENBQUMsVUFBVTtRQUNkLE9BQU8sdUJBQUEsSUFBSSx1QkFBUyxDQUFDO0lBQ3ZCLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsT0FBTyxDQUFDLFFBQWdDO1FBQ3RDLE9BQU8sSUFBSSxNQUFNLENBQUMsdUJBQUEsSUFBSSx1QkFBUyxFQUFFLHVCQUFBLElBQUksNkJBQWUsRUFBRSxFQUFFLFFBQVEsRUFBRSxDQUFDLENBQUM7SUFDdEUsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxLQUFLLENBQUMsZUFBZSxDQUFDLEVBQTZCO1FBQ2pELDBDQUEwQztRQUMxQyxJQUFJLE9BQU8sR0FBRyxFQUFFLENBQUMsT0FBTyxDQUFDO1FBQ3pCLElBQUksT0FBTyxLQUFLLFNBQVMsRUFBRTtZQUN6QixNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLEVBQUUsVUFBVSxFQUFFLENBQUM7WUFDbEQsT0FBTyxHQUFHLE9BQU8sRUFBRSxPQUFPLEVBQUUsUUFBUSxFQUFFLElBQUksR0FBRyxDQUFDO1NBQy9DO1FBRUQsc0RBQXNEO1FBQ3RELE1BQU0sS0FBSyxHQUNULElBQUksQ0FBQyxRQUFRLFlBQVksMkJBQWtCO1lBQ3pDLENBQUMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDLEVBQUUsQ0FBQztZQUNyQyxDQUFDLENBQUMsZ0RBQWdEO2dCQUNoRCxpREFBaUQ7Z0JBQ2pELDBDQUEwQztnQkFDMUMsMkJBQWtCLENBQUMsU0FBUyxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDcEUsS0FBSyxDQUFDLElBQUksR0FBRyxJQUFBLGdCQUFPLEVBQUMsRUFBRSxDQUFDLElBQUksSUFBSSxJQUFJLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxxQkFBcUI7UUFFL0QsTUFBTSxHQUFHLEdBQW1CO1lBQzFCLFFBQVEsRUFBRSxNQUFNLENBQUMsT0FBTyxDQUFDO1lBQ3pCLEVBQUUsRUFBRSxLQUFLO1NBQ1YsQ0FBQztRQUVGLE1BQU0sR0FBRyxHQUFHLE1BQU0sdUJBQUEsSUFBSSw2QkFBZSxDQUFDLE9BQU8sQ0FBQyx1QkFBQSxJQUFJLHVCQUFTLEVBQUUsR0FBRyxDQUFDLENBQUM7UUFDbEUsTUFBTSxJQUFJLEdBQUcsTUFBTSx1QkFBQSxJQUFJLDRDQUFXLE1BQWYsSUFBSSxFQUFZLEdBQUcsQ0FBQyxDQUFDO1FBQ3hDLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQztJQUM1QixDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSCxLQUFLLENBQUMsV0FBVyxDQUFDLE9BQTRCO1FBQzVDLE1BQU0sTUFBTSxHQUFHLGVBQU0sQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDM0MsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQy9CLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNILEtBQUssQ0FBQyxhQUFhLENBQ2pCLE1BQXVCLEVBQ3ZCLEtBQTRDLEVBQzVDLEtBQTBCO1FBRTFCLE1BQU0sTUFBTSxHQUFHLHlCQUFnQixDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsS0FBSyxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzNELE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0ssS0FBSyxDQUFDLFFBQVEsQ0FBQyxNQUFjO1FBQ25DLE1BQU0sT0FBTyxHQUFvQjtZQUMvQixjQUFjLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFBLGlCQUFRLEVBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDO1NBQ2pFLENBQUM7UUFDRiw0Q0FBNEM7UUFDNUMsSUFBSSx1QkFBQSxJQUFJLG1CQUFLLEtBQUssU0FBUyxFQUFFO1lBQzNCLE1BQU0sR0FBRyxHQUFHLENBQUMsTUFBTSx1QkFBQSxJQUFJLDZCQUFlLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxXQUFXLEtBQUssdUJBQUEsSUFBSSx1QkFBUyxDQUFDLENBQUM7WUFDNUYsSUFBSSxHQUFHLEtBQUssU0FBUyxFQUFFO2dCQUNyQixNQUFNLElBQUksS0FBSyxDQUFDLHNCQUFzQix1QkFBQSxJQUFJLHVCQUFTLEdBQUcsQ0FBQyxDQUFDO2FBQ3pEO1lBQ0QsdUJBQUEsSUFBSSxlQUFRLEdBQUcsTUFBQSxDQUFDO1NBQ2pCO1FBRUQsTUFBTSxHQUFHLEdBQUcsTUFBTSx1QkFBQSxJQUFJLDZCQUFlLENBQUMsUUFBUSxDQUFDLHVCQUFBLElBQUksbUJBQUssQ0FBQyxNQUFNLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDMUUsTUFBTSxJQUFJLEdBQUcsTUFBTSx1QkFBQSxJQUFJLDRDQUFXLE1BQWYsSUFBSSxFQUFZLEdBQUcsQ0FBQyxDQUFDO1FBQ3hDLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQztJQUN4QixDQUFDO0NBb0JGO0FBN0pELHdCQTZKQzs7QUFsQkM7Ozs7O0dBS0c7QUFDSCxLQUFLLDRCQUFlLEdBQW9CO0lBQ3RDLE9BQU8sR0FBRyxDQUFDLFdBQVcsRUFBRSxFQUFFO1FBQ3hCLE1BQU0sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLFVBQVUsQ0FBQyxPQUFPLEVBQUUsdUJBQUEsSUFBSSxpQ0FBbUIsQ0FBQyxDQUFDLENBQUM7UUFFN0UsTUFBTSxPQUFPLEdBQUcsTUFBTSx1QkFBQSxJQUFJLDZCQUFlLENBQUMsVUFBVSxDQUFDLHVCQUFBLElBQUksaUNBQW9CLEVBQUUsR0FBRyxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUM7UUFDNUYsdUJBQUEsSUFBSSx5QkFBVyxNQUFmLElBQUksRUFBWSxPQUFPLENBQUMsQ0FBQztRQUN6QixJQUFJLE9BQU8sQ0FBQyxPQUFPLEVBQUU7WUFDbkIsR0FBRyxHQUFHLE1BQU0sR0FBRyxDQUFDLG1CQUFtQixDQUFDLE9BQU8sQ0FBQyxDQUFDO1NBQzlDO0tBQ0Y7SUFDRCxPQUFPLEdBQUcsQ0FBQyxJQUFJLEVBQUUsQ0FBQztBQUNwQixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHtcbiAgSnNvblJwY0FwaVByb3ZpZGVyLFxuICBUeXBlZERhdGFEb21haW4sXG4gIFR5cGVkRGF0YUVuY29kZXIsXG4gIFR5cGVkRGF0YUZpZWxkLFxuICBldGhlcnMsXG4gIGdldEJ5dGVzLFxuICB0b0JlSGV4LFxufSBmcm9tIFwiZXRoZXJzXCI7XG5pbXBvcnQge1xuICBCbG9iU2lnblJlcXVlc3QsXG4gIEV2bVNpZ25SZXF1ZXN0LFxuICBNZmFSZXF1ZXN0SW5mbyxcbiAgU2lnbmVyU2Vzc2lvbixcbiAgU2lnblJlc3BvbnNlLFxufSBmcm9tIFwiLi4vc2lnbmVyX3Nlc3Npb25cIjtcbmltcG9ydCB7IEtleUluZm8gfSBmcm9tIFwiLi4va2V5XCI7XG5pbXBvcnQgeyBDdWJlU2lnbmVyIH0gZnJvbSBcIi4uXCI7XG5cbi8qKiBPcHRpb25zIGZvciB0aGUgc2lnbmVyICovXG5pbnRlcmZhY2UgU2lnbmVyT3B0aW9ucyB7XG4gIC8qKiBPcHRpb25hbCBwcm92aWRlciB0byB1c2UgKi9cbiAgcHJvdmlkZXI/OiBudWxsIHwgZXRoZXJzLlByb3ZpZGVyO1xuICAvKipcbiAgICogVGhlIGZ1bmN0aW9uIHRvIGNhbGwgd2hlbiBNRkEgaW5mb3JtYXRpb24gaXMgcmV0cmlldmVkLiBJZiB0aGlzIGNhbGxiYWNrXG4gICAqIHRocm93cywgbm8gdHJhbnNhY3Rpb24gaXMgYnJvYWRjYXN0LlxuICAgKi9cbiAgb25NZmFQb2xsPzogKGFyZzA6IE1mYVJlcXVlc3RJbmZvKSA9PiB2b2lkO1xuICAvKipcbiAgICogVGhlIGFtb3VudCBvZiB0aW1lIChpbiBtaWxsaXNlY29uZHMpIHRvIHdhaXQgYmV0d2VlbiBjaGVja3MgZm9yIE1GQVxuICAgKiB1cGRhdGVzLiBEZWZhdWx0IGlzIDEwMDBtc1xuICAgKi9cbiAgbWZhUG9sbEludGVydmFsTXM/OiBudW1iZXI7XG4gIC8qKiBPcHRpb25hbCBtYW5hZ2VtZW50IHNlc3Npb24uIFVzZWQgdG8gY2hlY2sgZm9yIE1GQSB1cGRhdGVzICovXG4gIG1hbmFnZW1lbnRTZXNzaW9uPzogQ3ViZVNpZ25lcjtcbn1cblxuLyoqXG4gKiBBIGV0aGVycy5qcyBTaWduZXIgdXNpbmcgQ3ViZVNpZ25lclxuICovXG5leHBvcnQgY2xhc3MgU2lnbmVyIGV4dGVuZHMgZXRoZXJzLkFic3RyYWN0U2lnbmVyIHtcbiAgLyoqIFRoZSBhZGRyZXNzIG9mIHRoZSBhY2NvdW50ICovXG4gIHJlYWRvbmx5ICNhZGRyZXNzOiBzdHJpbmc7XG5cbiAgLyoqIFRoZSBrZXkgdG8gdXNlIGZvciBzaWduaW5nICovXG4gICNrZXk/OiBLZXlJbmZvO1xuXG4gIC8qKiBUaGUgdW5kZXJseWluZyBzZXNzaW9uICovXG4gIHJlYWRvbmx5ICNzaWduZXJTZXNzaW9uOiBTaWduZXJTZXNzaW9uO1xuXG4gIC8qKlxuICAgKiBUaGUgZnVuY3Rpb24gdG8gY2FsbCB3aGVuIE1GQSBpbmZvcm1hdGlvbiBpcyByZXRyaWV2ZWQuIElmIHRoaXMgY2FsbGJhY2tcbiAgICogdGhyb3dzLCBubyB0cmFuc2FjdGlvbiBpcyBicm9hZGNhc3QuXG4gICAqL1xuICByZWFkb25seSAjb25NZmFQb2xsOiAoYXJnMDogTWZhUmVxdWVzdEluZm8pID0+IHZvaWQ7XG5cbiAgLyoqIFRoZSBhbW91bnQgb2YgdGltZSB0byB3YWl0IGJldHdlZW4gY2hlY2tzIGZvciBNRkEgdXBkYXRlcyAqL1xuICByZWFkb25seSAjbWZhUG9sbEludGVydmFsTXM6IG51bWJlcjtcblxuICAvKiogT3B0aW9uYWwgbWFuYWdlbWVudCBzZXNzaW9uLCB1c2VkIGZvciBNRkEgZmxvd3MgKi9cbiAgcmVhZG9ubHkgI21hbmFnZW1lbnRTZXNzaW9uPzogQ3ViZVNpZ25lcjtcblxuICAvKiogQ3JlYXRlIG5ldyBTaWduZXIgaW5zdGFuY2VcbiAgICogQHBhcmFtIHtLZXlJbmZvIHwgc3RyaW5nfSBhZGRyZXNzIFRoZSBrZXkgb3IgdGhlIGV0aCBhZGRyZXNzIG9mIHRoZSBhY2NvdW50IHRvIHVzZS5cbiAgICogQHBhcmFtIHtTaWduZXJTZXNzaW9ufSBzaWduZXJTZXNzaW9uIFRoZSB1bmRlcmx5aW5nIFNpZ25lciBzZXNzaW9uLlxuICAgKiBAcGFyYW0ge1NpZ25lck9wdGlvbnN9IG9wdGlvbnMgVGhlIG9wdGlvbnMgdG8gdXNlIGZvciB0aGUgU2lnbmVyIGluc3RhbmNlXG4gICAqL1xuICBjb25zdHJ1Y3RvcihhZGRyZXNzOiBLZXlJbmZvIHwgc3RyaW5nLCBzaWduZXJTZXNzaW9uOiBTaWduZXJTZXNzaW9uLCBvcHRpb25zPzogU2lnbmVyT3B0aW9ucykge1xuICAgIHN1cGVyKG9wdGlvbnM/LnByb3ZpZGVyKTtcbiAgICBpZiAodHlwZW9mIGFkZHJlc3MgPT09IFwic3RyaW5nXCIpIHtcbiAgICAgIHRoaXMuI2FkZHJlc3MgPSBhZGRyZXNzO1xuICAgIH0gZWxzZSB7XG4gICAgICB0aGlzLiNhZGRyZXNzID0gYWRkcmVzcy5tYXRlcmlhbElkO1xuICAgICAgdGhpcy4ja2V5ID0gYWRkcmVzcyBhcyBLZXlJbmZvO1xuICAgIH1cbiAgICB0aGlzLiNzaWduZXJTZXNzaW9uID0gc2lnbmVyU2Vzc2lvbjtcbiAgICB0aGlzLiNvbk1mYVBvbGwgPSBvcHRpb25zPy5vbk1mYVBvbGwgPz8gKCgvKiBfbWZhSW5mbzogTWZhUmVxdWVzdEluZm8gKi8pID0+IHt9KTsgLy8gZXNsaW50LWRpc2FibGUtbGluZSBAdHlwZXNjcmlwdC1lc2xpbnQvbm8tZW1wdHktZnVuY3Rpb25cbiAgICB0aGlzLiNtZmFQb2xsSW50ZXJ2YWxNcyA9IG9wdGlvbnM/Lm1mYVBvbGxJbnRlcnZhbE1zID8/IDEwMDA7XG4gICAgdGhpcy4jbWFuYWdlbWVudFNlc3Npb24gPSBvcHRpb25zPy5tYW5hZ2VtZW50U2Vzc2lvbjtcbiAgfVxuXG4gIC8qKiBSZXNvbHZlcyB0byB0aGUgc2lnbmVyIGFkZHJlc3MuICovXG4gIGFzeW5jIGdldEFkZHJlc3MoKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICByZXR1cm4gdGhpcy4jYWRkcmVzcztcbiAgfVxuXG4gIC8qKlxuICAgKiAgUmV0dXJucyB0aGUgc2lnbmVyIGNvbm5lY3RlZCB0byAlJXByb3ZpZGVyJSUuXG4gICAqICBAcGFyYW0ge251bGwgfCBldGhlcnMuUHJvdmlkZXJ9IHByb3ZpZGVyIFRoZSBvcHRpb25hbCBwcm92aWRlciBpbnN0YW5jZSB0byB1c2UuXG4gICAqICBAcmV0dXJuIHtTaWduZXJ9IFRoZSBzaWduZXIgY29ubmVjdGVkIHRvIHNpZ25lci5cbiAgICovXG4gIGNvbm5lY3QocHJvdmlkZXI6IG51bGwgfCBldGhlcnMuUHJvdmlkZXIpOiBTaWduZXIge1xuICAgIHJldHVybiBuZXcgU2lnbmVyKHRoaXMuI2FkZHJlc3MsIHRoaXMuI3NpZ25lclNlc3Npb24sIHsgcHJvdmlkZXIgfSk7XG4gIH1cblxuICAvKipcbiAgICogU2lnbnMgYSB0cmFuc2FjdGlvbi4gVGhpcyBwb3B1bGF0ZXMgdGhlIHRyYW5zYWN0aW9uIHR5cGUgdG8gYDB4MDJgIChFSVAtMTU1OSkgdW5sZXNzIHNldC4gVGhpcyBtZXRob2Qgd2lsbCBibG9jayBpZiB0aGUga2V5IHJlcXVpcmVzIE1GQSBhcHByb3ZhbC5cbiAgICogQHBhcmFtIHtldGhlcnMuVHJhbnNhY3Rpb25SZXF1ZXN0fSB0eCBUaGUgdHJhbnNhY3Rpb24gdG8gc2lnbi5cbiAgICogQHJldHVybiB7UHJvbWlzZTxzdHJpbmc+fSBIZXgtZW5jb2RlZCBSTFAgZW5jb2Rpbmcgb2YgdGhlIHRyYW5zYWN0aW9uIGFuZCBpdHMgc2lnbmF0dXJlLlxuICAgKi9cbiAgYXN5bmMgc2lnblRyYW5zYWN0aW9uKHR4OiBldGhlcnMuVHJhbnNhY3Rpb25SZXF1ZXN0KTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICAvLyBnZXQgdGhlIGNoYWluIGlkIGZyb20gdGhlIG5ldHdvcmsgb3IgdHhcbiAgICBsZXQgY2hhaW5JZCA9IHR4LmNoYWluSWQ7XG4gICAgaWYgKGNoYWluSWQgPT09IHVuZGVmaW5lZCkge1xuICAgICAgY29uc3QgbmV0d29yayA9IGF3YWl0IHRoaXMucHJvdmlkZXI/LmdldE5ldHdvcmsoKTtcbiAgICAgIGNoYWluSWQgPSBuZXR3b3JrPy5jaGFpbklkPy50b1N0cmluZygpID8/IFwiMVwiO1xuICAgIH1cblxuICAgIC8vIENvbnZlcnQgdGhlIHRyYW5zYWN0aW9uIGludG8gYSBKU09OLVJQQyB0cmFuc2FjdGlvblxuICAgIGNvbnN0IHJwY1R4ID1cbiAgICAgIHRoaXMucHJvdmlkZXIgaW5zdGFuY2VvZiBKc29uUnBjQXBpUHJvdmlkZXJcbiAgICAgICAgPyB0aGlzLnByb3ZpZGVyLmdldFJwY1RyYW5zYWN0aW9uKHR4KVxuICAgICAgICA6IC8vIFdlIGNhbiBqdXN0IGNhbGwgdGhlIGdldFJwY1RyYW5zYWN0aW9uIHdpdGggYVxuICAgICAgICAgIC8vIG51bGwgcmVjZWl2ZXIgc2luY2UgaXQgZG9lc24ndCBhY3R1YWxseSB1c2UgaXRcbiAgICAgICAgICAvLyAoYW5kIHJlYWxseSBzaG91bGQgYmUgZGVjbGFyZWQgc3RhdGljKS5cbiAgICAgICAgICBKc29uUnBjQXBpUHJvdmlkZXIucHJvdG90eXBlLmdldFJwY1RyYW5zYWN0aW9uLmNhbGwobnVsbCwgdHgpO1xuICAgIHJwY1R4LnR5cGUgPSB0b0JlSGV4KHR4LnR5cGUgPz8gMHgwMiwgMSk7IC8vIHdlIGV4cGVjdCAweDBbMC0yXVxuXG4gICAgY29uc3QgcmVxID0gPEV2bVNpZ25SZXF1ZXN0PntcbiAgICAgIGNoYWluX2lkOiBOdW1iZXIoY2hhaW5JZCksXG4gICAgICB0eDogcnBjVHgsXG4gICAgfTtcblxuICAgIGNvbnN0IHJlcyA9IGF3YWl0IHRoaXMuI3NpZ25lclNlc3Npb24uc2lnbkV2bSh0aGlzLiNhZGRyZXNzLCByZXEpO1xuICAgIGNvbnN0IGRhdGEgPSBhd2FpdCB0aGlzLiNoYW5kbGVNZmEocmVzKTtcbiAgICByZXR1cm4gZGF0YS5ybHBfc2lnbmVkX3R4O1xuICB9XG5cbiAgLyoqIFNpZ25zIGFyYml0cmFyeSBtZXNzYWdlcy4gVGhpcyB1c2VzIGV0aGVycy5qcydzIFtoYXNoTWVzc2FnZV0oaHR0cHM6Ly9kb2NzLmV0aGVycy5vcmcvdjYvYXBpL2hhc2hpbmcvI2hhc2hNZXNzYWdlKVxuICAgKiB0byBjb21wdXRlIHRoZSBFSVAtMTkxIGRpZ2VzdCBhbmQgc2lnbnMgdGhpcyBkaWdlc3QgdXNpbmcge0BsaW5rIEtleSNzaWduQmxvYn0uXG4gICAqIFRoZSBrZXkgKGZvciB0aGlzIHNlc3Npb24pIG11c3QgaGF2ZSB0aGUgYFwiQWxsb3dSYXdCbG9iU2lnbmluZ1wiYCBwb2xpY3kgYXR0YWNoZWQuXG4gICAqIEBwYXJhbSB7c3RyaW5nIHwgVWludDhBcnJheX0gbWVzc2FnZSBUaGUgbWVzc2FnZSB0byBzaWduLlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPHN0cmluZz59IFRoZSBzaWduYXR1cmUuXG4gICAqL1xuICBhc3luYyBzaWduTWVzc2FnZShtZXNzYWdlOiBzdHJpbmcgfCBVaW50OEFycmF5KTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICBjb25zdCBkaWdlc3QgPSBldGhlcnMuaGFzaE1lc3NhZ2UobWVzc2FnZSk7XG4gICAgcmV0dXJuIHRoaXMuc2lnbkJsb2IoZGlnZXN0KTtcbiAgfVxuXG4gIC8qKiBTaWducyBFSVAtNzEyIHR5cGVkIGRhdGEuIFRoaXMgdXNlcyBldGhlcnMuanMnc1xuICAgKiBbVHlwZWREYXRhRW5jb2Rlci5oYXNoXShodHRwczovL2RvY3MuZXRoZXJzLm9yZy92Ni9hcGkvaGFzaGluZy8jVHlwZWREYXRhRW5jb2Rlcl9oYXNoKVxuICAgKiB0byBjb21wdXRlIHRoZSBFSVAtNzEyIGRpZ2VzdCBhbmQgc2lnbnMgdGhpcyBkaWdlc3QgdXNpbmcge0BsaW5rIEtleSNzaWduQmxvYn0uXG4gICAqIFRoZSBrZXkgKGZvciB0aGlzIHNlc3Npb24pIG11c3QgaGF2ZSB0aGUgYFwiQWxsb3dSYXdCbG9iU2lnbmluZ1wiYCBwb2xpY3kgYXR0YWNoZWQuXG4gICAqIEBwYXJhbSB7VHlwZWREYXRhRG9tYWlufSBkb21haW4gVGhlIGRvbWFpbiBvZiB0aGUgdHlwZWQgZGF0YS5cbiAgICogQHBhcmFtIHtSZWNvcmQ8c3RyaW5nLCBBcnJheTxUeXBlZERhdGFGaWVsZD4+fSB0eXBlcyBUaGUgdHlwZXMgb2YgdGhlIHR5cGVkIGRhdGEuXG4gICAqIEBwYXJhbSB7UmVjb3JkPHN0cmluZywgYW55Pn0gdmFsdWUgVGhlIHZhbHVlIG9mIHRoZSB0eXBlZCBkYXRhLlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPHN0cmluZz59IFRoZSBzaWduYXR1cmUuXG4gICAqL1xuICBhc3luYyBzaWduVHlwZWREYXRhKFxuICAgIGRvbWFpbjogVHlwZWREYXRhRG9tYWluLFxuICAgIHR5cGVzOiBSZWNvcmQ8c3RyaW5nLCBBcnJheTxUeXBlZERhdGFGaWVsZD4+LFxuICAgIHZhbHVlOiBSZWNvcmQ8c3RyaW5nLCBhbnk+LCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIEB0eXBlc2NyaXB0LWVzbGludC9uby1leHBsaWNpdC1hbnlcbiAgKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICBjb25zdCBkaWdlc3QgPSBUeXBlZERhdGFFbmNvZGVyLmhhc2goZG9tYWluLCB0eXBlcywgdmFsdWUpO1xuICAgIHJldHVybiB0aGlzLnNpZ25CbG9iKGRpZ2VzdCk7XG4gIH1cblxuICAvKiogU2lnbiBhcmJpdHJhcnkgZGlnZXN0LiBUaGlzIHVzZXMge0BsaW5rIEtleSNzaWduQmxvYn0uXG4gICAqIEBwYXJhbSB7c3RyaW5nfSBkaWdlc3QgVGhlIGRpZ2VzdCB0byBzaWduLlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPHN0cmluZz59IFRoZSBzaWduYXR1cmUuXG4gICAqL1xuICBwcml2YXRlIGFzeW5jIHNpZ25CbG9iKGRpZ2VzdDogc3RyaW5nKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICBjb25zdCBibG9iUmVxID0gPEJsb2JTaWduUmVxdWVzdD57XG4gICAgICBtZXNzYWdlX2Jhc2U2NDogQnVmZmVyLmZyb20oZ2V0Qnl0ZXMoZGlnZXN0KSkudG9TdHJpbmcoXCJiYXNlNjRcIiksXG4gICAgfTtcbiAgICAvLyBHZXQgdGhlIGtleSBjb3JyZXNwb25kaW5nIHRvIHRoaXMgYWRkcmVzc1xuICAgIGlmICh0aGlzLiNrZXkgPT09IHVuZGVmaW5lZCkge1xuICAgICAgY29uc3Qga2V5ID0gKGF3YWl0IHRoaXMuI3NpZ25lclNlc3Npb24ua2V5cygpKS5maW5kKChrKSA9PiBrLm1hdGVyaWFsX2lkID09PSB0aGlzLiNhZGRyZXNzKTtcbiAgICAgIGlmIChrZXkgPT09IHVuZGVmaW5lZCkge1xuICAgICAgICB0aHJvdyBuZXcgRXJyb3IoYENhbm5vdCBhY2Nlc3Mga2V5ICcke3RoaXMuI2FkZHJlc3N9J2ApO1xuICAgICAgfVxuICAgICAgdGhpcy4ja2V5ID0ga2V5O1xuICAgIH1cblxuICAgIGNvbnN0IHJlcyA9IGF3YWl0IHRoaXMuI3NpZ25lclNlc3Npb24uc2lnbkJsb2IodGhpcy4ja2V5LmtleV9pZCwgYmxvYlJlcSk7XG4gICAgY29uc3QgZGF0YSA9IGF3YWl0IHRoaXMuI2hhbmRsZU1mYShyZXMpO1xuICAgIHJldHVybiBkYXRhLnNpZ25hdHVyZTtcbiAgfVxuXG4gIC8qKlxuICAgKiBJZiB0aGUgc2lnbiByZXF1ZXN0IHJlcXVpcmVzIE1GQSwgdGhpcyBtZXRob2Qgd2FpdHMgZm9yIGFwcHJvdmFsc1xuICAgKlxuICAgKiBAcGFyYW0ge1NpZ25SZXNwb25zZTxVPn0gcmVzIFRoZSByZXNwb25zZSBvZiBhIHNpZ24gcmVxdWVzdFxuICAgKiBAcmV0dXJuIHtQcm9taXNlPFU+fSBUaGUgc2lnbiBkYXRhIGFmdGVyIE1GQSBhcHByb3ZhbHNcbiAgICovXG4gIGFzeW5jICNoYW5kbGVNZmE8VT4ocmVzOiBTaWduUmVzcG9uc2U8VT4pOiBQcm9taXNlPFU+IHtcbiAgICB3aGlsZSAocmVzLnJlcXVpcmVzTWZhKCkpIHtcbiAgICAgIGF3YWl0IG5ldyBQcm9taXNlKChyZXNvbHZlKSA9PiBzZXRUaW1lb3V0KHJlc29sdmUsIHRoaXMuI21mYVBvbGxJbnRlcnZhbE1zKSk7XG5cbiAgICAgIGNvbnN0IG1mYUluZm8gPSBhd2FpdCB0aGlzLiNzaWduZXJTZXNzaW9uLmdldE1mYUluZm8odGhpcy4jbWFuYWdlbWVudFNlc3Npb24hLCByZXMubWZhSWQoKSk7XG4gICAgICB0aGlzLiNvbk1mYVBvbGwobWZhSW5mbyk7XG4gICAgICBpZiAobWZhSW5mby5yZWNlaXB0KSB7XG4gICAgICAgIHJlcyA9IGF3YWl0IHJlcy5zaWduV2l0aE1mYUFwcHJvdmFsKG1mYUluZm8pO1xuICAgICAgfVxuICAgIH1cbiAgICByZXR1cm4gcmVzLmRhdGEoKTtcbiAgfVxufVxuIl19
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvZXRoZXJzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7OztBQUFBLG1DQVFnQjtBQTZCaEI7O0dBRUc7QUFDSCxNQUFhLE1BQU8sU0FBUSxlQUFNLENBQUMsY0FBYztJQXNCL0M7Ozs7T0FJRztJQUNILFlBQVksT0FBeUIsRUFBRSxhQUE0QixFQUFFLE9BQXVCO1FBQzFGLEtBQUssQ0FBQyxPQUFPLEVBQUUsUUFBUSxDQUFDLENBQUM7O1FBM0IzQixpQ0FBaUM7UUFDeEIsa0NBQWlCO1FBRTFCLGlDQUFpQztRQUNqQyw4QkFBZTtRQUVmLDZCQUE2QjtRQUNwQix3Q0FBOEI7UUFFdkM7OztXQUdHO1FBQ00sb0NBQTJDO1FBRXBELGdFQUFnRTtRQUN2RCw0Q0FBMkI7UUFFcEMsc0RBQXNEO1FBQzdDLDRDQUFnQztRQVN2QyxJQUFJLE9BQU8sT0FBTyxLQUFLLFFBQVEsRUFBRTtZQUMvQix1QkFBQSxJQUFJLG1CQUFZLE9BQU8sTUFBQSxDQUFDO1NBQ3pCO2FBQU07WUFDTCx1QkFBQSxJQUFJLG1CQUFZLE9BQU8sQ0FBQyxVQUFVLE1BQUEsQ0FBQztZQUNuQyx1QkFBQSxJQUFJLGVBQVEsT0FBa0IsTUFBQSxDQUFDO1NBQ2hDO1FBQ0QsdUJBQUEsSUFBSSx5QkFBa0IsYUFBYSxNQUFBLENBQUM7UUFDcEMsdUJBQUEsSUFBSSxxQkFBYyxPQUFPLEVBQUUsU0FBUyxJQUFJLENBQUMsRUFBQyw4QkFBOEIsRUFBRSxFQUFFLEdBQUUsQ0FBQyxDQUFDLE1BQUEsQ0FBQyxDQUFDLDJEQUEyRDtRQUM3SSx1QkFBQSxJQUFJLDZCQUFzQixPQUFPLEVBQUUsaUJBQWlCLElBQUksSUFBSSxNQUFBLENBQUM7UUFDN0QsdUJBQUEsSUFBSSw2QkFBc0IsT0FBTyxFQUFFLGlCQUFpQixNQUFBLENBQUM7SUFDdkQsQ0FBQztJQUVELHNDQUFzQztJQUN0QyxLQUFLLENBQUMsVUFBVTtRQUNkLE9BQU8sdUJBQUEsSUFBSSx1QkFBUyxDQUFDO0lBQ3ZCLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsT0FBTyxDQUFDLFFBQWdDO1FBQ3RDLE9BQU8sSUFBSSxNQUFNLENBQUMsdUJBQUEsSUFBSSx1QkFBUyxFQUFFLHVCQUFBLElBQUksNkJBQWUsRUFBRSxFQUFFLFFBQVEsRUFBRSxDQUFDLENBQUM7SUFDdEUsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxLQUFLLENBQUMsZUFBZSxDQUFDLEVBQTZCO1FBQ2pELDBDQUEwQztRQUMxQyxJQUFJLE9BQU8sR0FBRyxFQUFFLENBQUMsT0FBTyxDQUFDO1FBQ3pCLElBQUksT0FBTyxLQUFLLFNBQVMsRUFBRTtZQUN6QixNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLEVBQUUsVUFBVSxFQUFFLENBQUM7WUFDbEQsT0FBTyxHQUFHLE9BQU8sRUFBRSxPQUFPLEVBQUUsUUFBUSxFQUFFLElBQUksR0FBRyxDQUFDO1NBQy9DO1FBRUQsc0RBQXNEO1FBQ3RELE1BQU0sS0FBSyxHQUNULElBQUksQ0FBQyxRQUFRLFlBQVksMkJBQWtCO1lBQ3pDLENBQUMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDLEVBQUUsQ0FBQztZQUNyQyxDQUFDLENBQUMsZ0RBQWdEO2dCQUNoRCxpREFBaUQ7Z0JBQ2pELDBDQUEwQztnQkFDMUMsMkJBQWtCLENBQUMsU0FBUyxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDcEUsS0FBSyxDQUFDLElBQUksR0FBRyxJQUFBLGdCQUFPLEVBQUMsRUFBRSxDQUFDLElBQUksSUFBSSxJQUFJLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxxQkFBcUI7UUFFL0QsTUFBTSxHQUFHLEdBQW1CO1lBQzFCLFFBQVEsRUFBRSxNQUFNLENBQUMsT0FBTyxDQUFDO1lBQ3pCLEVBQUUsRUFBRSxLQUFLO1NBQ1YsQ0FBQztRQUVGLE1BQU0sR0FBRyxHQUFHLE1BQU0sdUJBQUEsSUFBSSw2QkFBZSxDQUFDLE9BQU8sQ0FBQyx1QkFBQSxJQUFJLHVCQUFTLEVBQUUsR0FBRyxDQUFDLENBQUM7UUFDbEUsTUFBTSxJQUFJLEdBQUcsTUFBTSx1QkFBQSxJQUFJLDRDQUFXLE1BQWYsSUFBSSxFQUFZLEdBQUcsQ0FBQyxDQUFDO1FBQ3hDLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQztJQUM1QixDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSCxLQUFLLENBQUMsV0FBVyxDQUFDLE9BQTRCO1FBQzVDLE1BQU0sTUFBTSxHQUFHLGVBQU0sQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDM0MsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQy9CLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNILEtBQUssQ0FBQyxhQUFhLENBQ2pCLE1BQXVCLEVBQ3ZCLEtBQTRDLEVBQzVDLEtBQTBCO1FBRTFCLE1BQU0sTUFBTSxHQUFHLHlCQUFnQixDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsS0FBSyxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzNELE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0ssS0FBSyxDQUFDLFFBQVEsQ0FBQyxNQUFjO1FBQ25DLE1BQU0sT0FBTyxHQUFvQjtZQUMvQixjQUFjLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFBLGlCQUFRLEVBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDO1NBQ2pFLENBQUM7UUFDRiw0Q0FBNEM7UUFDNUMsSUFBSSx1QkFBQSxJQUFJLG1CQUFLLEtBQUssU0FBUyxFQUFFO1lBQzNCLE1BQU0sR0FBRyxHQUFHLENBQUMsTUFBTSx1QkFBQSxJQUFJLDZCQUFlLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxXQUFXLEtBQUssdUJBQUEsSUFBSSx1QkFBUyxDQUFDLENBQUM7WUFDNUYsSUFBSSxHQUFHLEtBQUssU0FBUyxFQUFFO2dCQUNyQixNQUFNLElBQUksS0FBSyxDQUFDLHNCQUFzQix1QkFBQSxJQUFJLHVCQUFTLEdBQUcsQ0FBQyxDQUFDO2FBQ3pEO1lBQ0QsdUJBQUEsSUFBSSxlQUFRLEdBQUcsTUFBQSxDQUFDO1NBQ2pCO1FBRUQsTUFBTSxHQUFHLEdBQUcsTUFBTSx1QkFBQSxJQUFJLDZCQUFlLENBQUMsUUFBUSxDQUFDLHVCQUFBLElBQUksbUJBQUssQ0FBQyxNQUFNLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDMUUsTUFBTSxJQUFJLEdBQUcsTUFBTSx1QkFBQSxJQUFJLDRDQUFXLE1BQWYsSUFBSSxFQUFZLEdBQUcsQ0FBQyxDQUFDO1FBQ3hDLE9BQU8sSUFBSSxDQUFDLFNBQVMsQ0FBQztJQUN4QixDQUFDO0NBeUJGO0FBbEtELHdCQWtLQzs7QUF2QkM7Ozs7O0dBS0c7QUFDSCxLQUFLLDRCQUFlLEdBQW9CO0lBQ3RDLE9BQU8sR0FBRyxDQUFDLFdBQVcsRUFBRSxFQUFFO1FBQ3hCLE1BQU0sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLFVBQVUsQ0FBQyxPQUFPLEVBQUUsdUJBQUEsSUFBSSxpQ0FBbUIsQ0FBQyxDQUFDLENBQUM7UUFFN0UsTUFBTSxLQUFLLEdBQUcsR0FBRyxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQzFCLE1BQU0sT0FBTyxHQUFHLE1BQU0sdUJBQUEsSUFBSSw2QkFBZSxDQUFDLFVBQVUsQ0FBQyx1QkFBQSxJQUFJLGlDQUFvQixFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQ3RGLHVCQUFBLElBQUkseUJBQVcsTUFBZixJQUFJLEVBQVksT0FBTyxDQUFDLENBQUM7UUFDekIsSUFBSSxPQUFPLENBQUMsT0FBTyxFQUFFO1lBQ25CLEdBQUcsR0FBRyxNQUFNLEdBQUcsQ0FBQyxtQkFBbUIsQ0FBQztnQkFDbEMsS0FBSztnQkFDTCxRQUFRLEVBQUUsdUJBQUEsSUFBSSw2QkFBZSxDQUFDLEtBQUs7Z0JBQ25DLE9BQU8sRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLFlBQVk7YUFDdEMsQ0FBQyxDQUFDO1NBQ0o7S0FDRjtJQUNELE9BQU8sR0FBRyxDQUFDLElBQUksRUFBRSxDQUFDO0FBQ3BCLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQge1xuICBKc29uUnBjQXBpUHJvdmlkZXIsXG4gIFR5cGVkRGF0YURvbWFpbixcbiAgVHlwZWREYXRhRW5jb2RlcixcbiAgVHlwZWREYXRhRmllbGQsXG4gIGV0aGVycyxcbiAgZ2V0Qnl0ZXMsXG4gIHRvQmVIZXgsXG59IGZyb20gXCJldGhlcnNcIjtcbmltcG9ydCB7XG4gIEJsb2JTaWduUmVxdWVzdCxcbiAgRXZtU2lnblJlcXVlc3QsXG4gIE1mYVJlcXVlc3RJbmZvLFxuICBTaWduZXJTZXNzaW9uLFxuICBTaWduUmVzcG9uc2UsXG59IGZyb20gXCIuLi9zaWduZXJfc2Vzc2lvblwiO1xuaW1wb3J0IHsgS2V5SW5mbyB9IGZyb20gXCIuLi9rZXlcIjtcbmltcG9ydCB7IEN1YmVTaWduZXIgfSBmcm9tIFwiLi5cIjtcblxuLyoqIE9wdGlvbnMgZm9yIHRoZSBzaWduZXIgKi9cbmludGVyZmFjZSBTaWduZXJPcHRpb25zIHtcbiAgLyoqIE9wdGlvbmFsIHByb3ZpZGVyIHRvIHVzZSAqL1xuICBwcm92aWRlcj86IG51bGwgfCBldGhlcnMuUHJvdmlkZXI7XG4gIC8qKlxuICAgKiBUaGUgZnVuY3Rpb24gdG8gY2FsbCB3aGVuIE1GQSBpbmZvcm1hdGlvbiBpcyByZXRyaWV2ZWQuIElmIHRoaXMgY2FsbGJhY2tcbiAgICogdGhyb3dzLCBubyB0cmFuc2FjdGlvbiBpcyBicm9hZGNhc3QuXG4gICAqL1xuICBvbk1mYVBvbGw/OiAoYXJnMDogTWZhUmVxdWVzdEluZm8pID0+IHZvaWQ7XG4gIC8qKlxuICAgKiBUaGUgYW1vdW50IG9mIHRpbWUgKGluIG1pbGxpc2Vjb25kcykgdG8gd2FpdCBiZXR3ZWVuIGNoZWNrcyBmb3IgTUZBXG4gICAqIHVwZGF0ZXMuIERlZmF1bHQgaXMgMTAwMG1zXG4gICAqL1xuICBtZmFQb2xsSW50ZXJ2YWxNcz86IG51bWJlcjtcbiAgLyoqIE9wdGlvbmFsIG1hbmFnZW1lbnQgc2Vzc2lvbi4gVXNlZCB0byBjaGVjayBmb3IgTUZBIHVwZGF0ZXMgKi9cbiAgbWFuYWdlbWVudFNlc3Npb24/OiBDdWJlU2lnbmVyO1xufVxuXG4vKipcbiAqIEEgZXRoZXJzLmpzIFNpZ25lciB1c2luZyBDdWJlU2lnbmVyXG4gKi9cbmV4cG9ydCBjbGFzcyBTaWduZXIgZXh0ZW5kcyBldGhlcnMuQWJzdHJhY3RTaWduZXIge1xuICAvKiogVGhlIGFkZHJlc3Mgb2YgdGhlIGFjY291bnQgKi9cbiAgcmVhZG9ubHkgI2FkZHJlc3M6IHN0cmluZztcblxuICAvKiogVGhlIGtleSB0byB1c2UgZm9yIHNpZ25pbmcgKi9cbiAgI2tleT86IEtleUluZm87XG5cbiAgLyoqIFRoZSB1bmRlcmx5aW5nIHNlc3Npb24gKi9cbiAgcmVhZG9ubHkgI3NpZ25lclNlc3Npb246IFNpZ25lclNlc3Npb247XG5cbiAgLyoqXG4gICAqIFRoZSBmdW5jdGlvbiB0byBjYWxsIHdoZW4gTUZBIGluZm9ybWF0aW9uIGlzIHJldHJpZXZlZC4gSWYgdGhpcyBjYWxsYmFja1xuICAgKiB0aHJvd3MsIG5vIHRyYW5zYWN0aW9uIGlzIGJyb2FkY2FzdC5cbiAgICovXG4gIHJlYWRvbmx5ICNvbk1mYVBvbGw6IChhcmcwOiBNZmFSZXF1ZXN0SW5mbykgPT4gdm9pZDtcblxuICAvKiogVGhlIGFtb3VudCBvZiB0aW1lIHRvIHdhaXQgYmV0d2VlbiBjaGVja3MgZm9yIE1GQSB1cGRhdGVzICovXG4gIHJlYWRvbmx5ICNtZmFQb2xsSW50ZXJ2YWxNczogbnVtYmVyO1xuXG4gIC8qKiBPcHRpb25hbCBtYW5hZ2VtZW50IHNlc3Npb24sIHVzZWQgZm9yIE1GQSBmbG93cyAqL1xuICByZWFkb25seSAjbWFuYWdlbWVudFNlc3Npb24/OiBDdWJlU2lnbmVyO1xuXG4gIC8qKiBDcmVhdGUgbmV3IFNpZ25lciBpbnN0YW5jZVxuICAgKiBAcGFyYW0ge0tleUluZm8gfCBzdHJpbmd9IGFkZHJlc3MgVGhlIGtleSBvciB0aGUgZXRoIGFkZHJlc3Mgb2YgdGhlIGFjY291bnQgdG8gdXNlLlxuICAgKiBAcGFyYW0ge1NpZ25lclNlc3Npb259IHNpZ25lclNlc3Npb24gVGhlIHVuZGVybHlpbmcgU2lnbmVyIHNlc3Npb24uXG4gICAqIEBwYXJhbSB7U2lnbmVyT3B0aW9uc30gb3B0aW9ucyBUaGUgb3B0aW9ucyB0byB1c2UgZm9yIHRoZSBTaWduZXIgaW5zdGFuY2VcbiAgICovXG4gIGNvbnN0cnVjdG9yKGFkZHJlc3M6IEtleUluZm8gfCBzdHJpbmcsIHNpZ25lclNlc3Npb246IFNpZ25lclNlc3Npb24sIG9wdGlvbnM/OiBTaWduZXJPcHRpb25zKSB7XG4gICAgc3VwZXIob3B0aW9ucz8ucHJvdmlkZXIpO1xuICAgIGlmICh0eXBlb2YgYWRkcmVzcyA9PT0gXCJzdHJpbmdcIikge1xuICAgICAgdGhpcy4jYWRkcmVzcyA9IGFkZHJlc3M7XG4gICAgfSBlbHNlIHtcbiAgICAgIHRoaXMuI2FkZHJlc3MgPSBhZGRyZXNzLm1hdGVyaWFsSWQ7XG4gICAgICB0aGlzLiNrZXkgPSBhZGRyZXNzIGFzIEtleUluZm87XG4gICAgfVxuICAgIHRoaXMuI3NpZ25lclNlc3Npb24gPSBzaWduZXJTZXNzaW9uO1xuICAgIHRoaXMuI29uTWZhUG9sbCA9IG9wdGlvbnM/Lm9uTWZhUG9sbCA/PyAoKC8qIF9tZmFJbmZvOiBNZmFSZXF1ZXN0SW5mbyAqLykgPT4ge30pOyAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIEB0eXBlc2NyaXB0LWVzbGludC9uby1lbXB0eS1mdW5jdGlvblxuICAgIHRoaXMuI21mYVBvbGxJbnRlcnZhbE1zID0gb3B0aW9ucz8ubWZhUG9sbEludGVydmFsTXMgPz8gMTAwMDtcbiAgICB0aGlzLiNtYW5hZ2VtZW50U2Vzc2lvbiA9IG9wdGlvbnM/Lm1hbmFnZW1lbnRTZXNzaW9uO1xuICB9XG5cbiAgLyoqIFJlc29sdmVzIHRvIHRoZSBzaWduZXIgYWRkcmVzcy4gKi9cbiAgYXN5bmMgZ2V0QWRkcmVzcygpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIHJldHVybiB0aGlzLiNhZGRyZXNzO1xuICB9XG5cbiAgLyoqXG4gICAqICBSZXR1cm5zIHRoZSBzaWduZXIgY29ubmVjdGVkIHRvICUlcHJvdmlkZXIlJS5cbiAgICogIEBwYXJhbSB7bnVsbCB8IGV0aGVycy5Qcm92aWRlcn0gcHJvdmlkZXIgVGhlIG9wdGlvbmFsIHByb3ZpZGVyIGluc3RhbmNlIHRvIHVzZS5cbiAgICogIEByZXR1cm4ge1NpZ25lcn0gVGhlIHNpZ25lciBjb25uZWN0ZWQgdG8gc2lnbmVyLlxuICAgKi9cbiAgY29ubmVjdChwcm92aWRlcjogbnVsbCB8IGV0aGVycy5Qcm92aWRlcik6IFNpZ25lciB7XG4gICAgcmV0dXJuIG5ldyBTaWduZXIodGhpcy4jYWRkcmVzcywgdGhpcy4jc2lnbmVyU2Vzc2lvbiwgeyBwcm92aWRlciB9KTtcbiAgfVxuXG4gIC8qKlxuICAgKiBTaWducyBhIHRyYW5zYWN0aW9uLiBUaGlzIHBvcHVsYXRlcyB0aGUgdHJhbnNhY3Rpb24gdHlwZSB0byBgMHgwMmAgKEVJUC0xNTU5KSB1bmxlc3Mgc2V0LiBUaGlzIG1ldGhvZCB3aWxsIGJsb2NrIGlmIHRoZSBrZXkgcmVxdWlyZXMgTUZBIGFwcHJvdmFsLlxuICAgKiBAcGFyYW0ge2V0aGVycy5UcmFuc2FjdGlvblJlcXVlc3R9IHR4IFRoZSB0cmFuc2FjdGlvbiB0byBzaWduLlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPHN0cmluZz59IEhleC1lbmNvZGVkIFJMUCBlbmNvZGluZyBvZiB0aGUgdHJhbnNhY3Rpb24gYW5kIGl0cyBzaWduYXR1cmUuXG4gICAqL1xuICBhc3luYyBzaWduVHJhbnNhY3Rpb24odHg6IGV0aGVycy5UcmFuc2FjdGlvblJlcXVlc3QpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIC8vIGdldCB0aGUgY2hhaW4gaWQgZnJvbSB0aGUgbmV0d29yayBvciB0eFxuICAgIGxldCBjaGFpbklkID0gdHguY2hhaW5JZDtcbiAgICBpZiAoY2hhaW5JZCA9PT0gdW5kZWZpbmVkKSB7XG4gICAgICBjb25zdCBuZXR3b3JrID0gYXdhaXQgdGhpcy5wcm92aWRlcj8uZ2V0TmV0d29yaygpO1xuICAgICAgY2hhaW5JZCA9IG5ldHdvcms/LmNoYWluSWQ/LnRvU3RyaW5nKCkgPz8gXCIxXCI7XG4gICAgfVxuXG4gICAgLy8gQ29udmVydCB0aGUgdHJhbnNhY3Rpb24gaW50byBhIEpTT04tUlBDIHRyYW5zYWN0aW9uXG4gICAgY29uc3QgcnBjVHggPVxuICAgICAgdGhpcy5wcm92aWRlciBpbnN0YW5jZW9mIEpzb25ScGNBcGlQcm92aWRlclxuICAgICAgICA/IHRoaXMucHJvdmlkZXIuZ2V0UnBjVHJhbnNhY3Rpb24odHgpXG4gICAgICAgIDogLy8gV2UgY2FuIGp1c3QgY2FsbCB0aGUgZ2V0UnBjVHJhbnNhY3Rpb24gd2l0aCBhXG4gICAgICAgICAgLy8gbnVsbCByZWNlaXZlciBzaW5jZSBpdCBkb2Vzbid0IGFjdHVhbGx5IHVzZSBpdFxuICAgICAgICAgIC8vIChhbmQgcmVhbGx5IHNob3VsZCBiZSBkZWNsYXJlZCBzdGF0aWMpLlxuICAgICAgICAgIEpzb25ScGNBcGlQcm92aWRlci5wcm90b3R5cGUuZ2V0UnBjVHJhbnNhY3Rpb24uY2FsbChudWxsLCB0eCk7XG4gICAgcnBjVHgudHlwZSA9IHRvQmVIZXgodHgudHlwZSA/PyAweDAyLCAxKTsgLy8gd2UgZXhwZWN0IDB4MFswLTJdXG5cbiAgICBjb25zdCByZXEgPSA8RXZtU2lnblJlcXVlc3Q+e1xuICAgICAgY2hhaW5faWQ6IE51bWJlcihjaGFpbklkKSxcbiAgICAgIHR4OiBycGNUeCxcbiAgICB9O1xuXG4gICAgY29uc3QgcmVzID0gYXdhaXQgdGhpcy4jc2lnbmVyU2Vzc2lvbi5zaWduRXZtKHRoaXMuI2FkZHJlc3MsIHJlcSk7XG4gICAgY29uc3QgZGF0YSA9IGF3YWl0IHRoaXMuI2hhbmRsZU1mYShyZXMpO1xuICAgIHJldHVybiBkYXRhLnJscF9zaWduZWRfdHg7XG4gIH1cblxuICAvKiogU2lnbnMgYXJiaXRyYXJ5IG1lc3NhZ2VzLiBUaGlzIHVzZXMgZXRoZXJzLmpzJ3MgW2hhc2hNZXNzYWdlXShodHRwczovL2RvY3MuZXRoZXJzLm9yZy92Ni9hcGkvaGFzaGluZy8jaGFzaE1lc3NhZ2UpXG4gICAqIHRvIGNvbXB1dGUgdGhlIEVJUC0xOTEgZGlnZXN0IGFuZCBzaWducyB0aGlzIGRpZ2VzdCB1c2luZyB7QGxpbmsgS2V5I3NpZ25CbG9ifS5cbiAgICogVGhlIGtleSAoZm9yIHRoaXMgc2Vzc2lvbikgbXVzdCBoYXZlIHRoZSBgXCJBbGxvd1Jhd0Jsb2JTaWduaW5nXCJgIHBvbGljeSBhdHRhY2hlZC5cbiAgICogQHBhcmFtIHtzdHJpbmcgfCBVaW50OEFycmF5fSBtZXNzYWdlIFRoZSBtZXNzYWdlIHRvIHNpZ24uXG4gICAqIEByZXR1cm4ge1Byb21pc2U8c3RyaW5nPn0gVGhlIHNpZ25hdHVyZS5cbiAgICovXG4gIGFzeW5jIHNpZ25NZXNzYWdlKG1lc3NhZ2U6IHN0cmluZyB8IFVpbnQ4QXJyYXkpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGRpZ2VzdCA9IGV0aGVycy5oYXNoTWVzc2FnZShtZXNzYWdlKTtcbiAgICByZXR1cm4gdGhpcy5zaWduQmxvYihkaWdlc3QpO1xuICB9XG5cbiAgLyoqIFNpZ25zIEVJUC03MTIgdHlwZWQgZGF0YS4gVGhpcyB1c2VzIGV0aGVycy5qcydzXG4gICAqIFtUeXBlZERhdGFFbmNvZGVyLmhhc2hdKGh0dHBzOi8vZG9jcy5ldGhlcnMub3JnL3Y2L2FwaS9oYXNoaW5nLyNUeXBlZERhdGFFbmNvZGVyX2hhc2gpXG4gICAqIHRvIGNvbXB1dGUgdGhlIEVJUC03MTIgZGlnZXN0IGFuZCBzaWducyB0aGlzIGRpZ2VzdCB1c2luZyB7QGxpbmsgS2V5I3NpZ25CbG9ifS5cbiAgICogVGhlIGtleSAoZm9yIHRoaXMgc2Vzc2lvbikgbXVzdCBoYXZlIHRoZSBgXCJBbGxvd1Jhd0Jsb2JTaWduaW5nXCJgIHBvbGljeSBhdHRhY2hlZC5cbiAgICogQHBhcmFtIHtUeXBlZERhdGFEb21haW59IGRvbWFpbiBUaGUgZG9tYWluIG9mIHRoZSB0eXBlZCBkYXRhLlxuICAgKiBAcGFyYW0ge1JlY29yZDxzdHJpbmcsIEFycmF5PFR5cGVkRGF0YUZpZWxkPj59IHR5cGVzIFRoZSB0eXBlcyBvZiB0aGUgdHlwZWQgZGF0YS5cbiAgICogQHBhcmFtIHtSZWNvcmQ8c3RyaW5nLCBhbnk+fSB2YWx1ZSBUaGUgdmFsdWUgb2YgdGhlIHR5cGVkIGRhdGEuXG4gICAqIEByZXR1cm4ge1Byb21pc2U8c3RyaW5nPn0gVGhlIHNpZ25hdHVyZS5cbiAgICovXG4gIGFzeW5jIHNpZ25UeXBlZERhdGEoXG4gICAgZG9tYWluOiBUeXBlZERhdGFEb21haW4sXG4gICAgdHlwZXM6IFJlY29yZDxzdHJpbmcsIEFycmF5PFR5cGVkRGF0YUZpZWxkPj4sXG4gICAgdmFsdWU6IFJlY29yZDxzdHJpbmcsIGFueT4sIC8vIGVzbGludC1kaXNhYmxlLWxpbmUgQHR5cGVzY3JpcHQtZXNsaW50L25vLWV4cGxpY2l0LWFueVxuICApOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGRpZ2VzdCA9IFR5cGVkRGF0YUVuY29kZXIuaGFzaChkb21haW4sIHR5cGVzLCB2YWx1ZSk7XG4gICAgcmV0dXJuIHRoaXMuc2lnbkJsb2IoZGlnZXN0KTtcbiAgfVxuXG4gIC8qKiBTaWduIGFyYml0cmFyeSBkaWdlc3QuIFRoaXMgdXNlcyB7QGxpbmsgS2V5I3NpZ25CbG9ifS5cbiAgICogQHBhcmFtIHtzdHJpbmd9IGRpZ2VzdCBUaGUgZGlnZXN0IHRvIHNpZ24uXG4gICAqIEByZXR1cm4ge1Byb21pc2U8c3RyaW5nPn0gVGhlIHNpZ25hdHVyZS5cbiAgICovXG4gIHByaXZhdGUgYXN5bmMgc2lnbkJsb2IoZGlnZXN0OiBzdHJpbmcpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGJsb2JSZXEgPSA8QmxvYlNpZ25SZXF1ZXN0PntcbiAgICAgIG1lc3NhZ2VfYmFzZTY0OiBCdWZmZXIuZnJvbShnZXRCeXRlcyhkaWdlc3QpKS50b1N0cmluZyhcImJhc2U2NFwiKSxcbiAgICB9O1xuICAgIC8vIEdldCB0aGUga2V5IGNvcnJlc3BvbmRpbmcgdG8gdGhpcyBhZGRyZXNzXG4gICAgaWYgKHRoaXMuI2tleSA9PT0gdW5kZWZpbmVkKSB7XG4gICAgICBjb25zdCBrZXkgPSAoYXdhaXQgdGhpcy4jc2lnbmVyU2Vzc2lvbi5rZXlzKCkpLmZpbmQoKGspID0+IGsubWF0ZXJpYWxfaWQgPT09IHRoaXMuI2FkZHJlc3MpO1xuICAgICAgaWYgKGtleSA9PT0gdW5kZWZpbmVkKSB7XG4gICAgICAgIHRocm93IG5ldyBFcnJvcihgQ2Fubm90IGFjY2VzcyBrZXkgJyR7dGhpcy4jYWRkcmVzc30nYCk7XG4gICAgICB9XG4gICAgICB0aGlzLiNrZXkgPSBrZXk7XG4gICAgfVxuXG4gICAgY29uc3QgcmVzID0gYXdhaXQgdGhpcy4jc2lnbmVyU2Vzc2lvbi5zaWduQmxvYih0aGlzLiNrZXkua2V5X2lkLCBibG9iUmVxKTtcbiAgICBjb25zdCBkYXRhID0gYXdhaXQgdGhpcy4jaGFuZGxlTWZhKHJlcyk7XG4gICAgcmV0dXJuIGRhdGEuc2lnbmF0dXJlO1xuICB9XG5cbiAgLyoqXG4gICAqIElmIHRoZSBzaWduIHJlcXVlc3QgcmVxdWlyZXMgTUZBLCB0aGlzIG1ldGhvZCB3YWl0cyBmb3IgYXBwcm92YWxzXG4gICAqXG4gICAqIEBwYXJhbSB7U2lnblJlc3BvbnNlPFU+fSByZXMgVGhlIHJlc3BvbnNlIG9mIGEgc2lnbiByZXF1ZXN0XG4gICAqIEByZXR1cm4ge1Byb21pc2U8VT59IFRoZSBzaWduIGRhdGEgYWZ0ZXIgTUZBIGFwcHJvdmFsc1xuICAgKi9cbiAgYXN5bmMgI2hhbmRsZU1mYTxVPihyZXM6IFNpZ25SZXNwb25zZTxVPik6IFByb21pc2U8VT4ge1xuICAgIHdoaWxlIChyZXMucmVxdWlyZXNNZmEoKSkge1xuICAgICAgYXdhaXQgbmV3IFByb21pc2UoKHJlc29sdmUpID0+IHNldFRpbWVvdXQocmVzb2x2ZSwgdGhpcy4jbWZhUG9sbEludGVydmFsTXMpKTtcblxuICAgICAgY29uc3QgbWZhSWQgPSByZXMubWZhSWQoKTtcbiAgICAgIGNvbnN0IG1mYUluZm8gPSBhd2FpdCB0aGlzLiNzaWduZXJTZXNzaW9uLmdldE1mYUluZm8odGhpcy4jbWFuYWdlbWVudFNlc3Npb24hLCBtZmFJZCk7XG4gICAgICB0aGlzLiNvbk1mYVBvbGwobWZhSW5mbyk7XG4gICAgICBpZiAobWZhSW5mby5yZWNlaXB0KSB7XG4gICAgICAgIHJlcyA9IGF3YWl0IHJlcy5zaWduV2l0aE1mYUFwcHJvdmFsKHtcbiAgICAgICAgICBtZmFJZCxcbiAgICAgICAgICBtZmFPcmdJZDogdGhpcy4jc2lnbmVyU2Vzc2lvbi5vcmdJZCxcbiAgICAgICAgICBtZmFDb25mOiBtZmFJbmZvLnJlY2VpcHQuY29uZmlybWF0aW9uLFxuICAgICAgICB9KTtcbiAgICAgIH1cbiAgICB9XG4gICAgcmV0dXJuIHJlcy5kYXRhKCk7XG4gIH1cbn1cbiJdfQ==

package/dist/src/fido.d.ts

@@ -0,0 +1,76 @@
+import { CubeSigner, MfaRequestInfo, SignerSession } from ".";
+import { components } from "./schema";
+export type ApiAddFidoChallenge = components["responses"]["FidoCreateChallengeResponse"]["content"]["application/json"];
+export type ApiMfaFidoChallenge = components["responses"]["FidoAssertChallenge"]["content"]["application/json"];
+export type PublicKeyCredentialCreationOptions = components["schemas"]["PublicKeyCredentialCreationOptions"];
+export type PublicKeyCredentialRequestOptions = components["schemas"]["PublicKeyCredentialRequestOptions"];
+export type PublicKeyCredentialParameters = components["schemas"]["PublicKeyCredentialParameters"];
+export type PublicKeyCredentialDescriptor = components["schemas"]["PublicKeyCredentialDescriptor"];
+export type AuthenticatorSelectionCriteria = components["schemas"]["AuthenticatorSelectionCriteria"];
+export type PublicKeyCredentialUserEntity = components["schemas"]["PublicKeyCredentialUserEntity"];
+export type PublicKeyCredential = components["schemas"]["PublicKeyCredential"];
+/**
+ * Returned after creating a request to add a new FIDO device.
+ * Provides some helper methods for answering this challenge.
+ */
+export declare class AddFidoChallenge {
+    #private;
+    readonly challengeId: string;
+    readonly options: any;
+    /**
+     * Constructor
+     * @param {CubeSigner} cs CubeSigner instance used to request to add a FIDO device
+     * @param {ApiAddFidoChallenge} challenge The challenge returned by the remote end.
+     */
+    constructor(cs: CubeSigner, challenge: ApiAddFidoChallenge);
+    /**
+     * Answers this challenge by using the `CredentialsContainer` API to create a credential
+     * based on the the public key credential creation options from this challenge.
+     */
+    createCredentialAndAnswer(): Promise<void>;
+    /**
+     * Answers this challenge using a given credential `cred`;
+     * the credential should be obtained by calling
+     *
+     * ```
+     * const cred = await navigator.credentials.create({ publicKey: this.options });
+     * ```
+     *
+     * @param {any} cred Credential created by calling the `CredentialContainer`'s `create` method
+     *                   based on the public key creation options from this challenge.
+     */
+    answer(cred: any): Promise<void>;
+}
+/**
+ * Returned after initiating MFA approval using FIDO.
+ * Provides some helper methods for answering this challenge.
+ */
+export declare class MfaFidoChallenge {
+    #private;
+    readonly mfaId: string;
+    readonly challengeId: string;
+    readonly options: any;
+    /**
+     * @param {SignerSession} ss The session used to initiate MFA approval using FIDO
+     * @param {string} mfaId The MFA request id.
+     * @param {ApiMfaFidoChallenge} challenge The challenge returned by the remote end
+     */
+    constructor(ss: SignerSession, mfaId: string, challenge: ApiMfaFidoChallenge);
+    /**
+     * Answers this challenge by using the `CredentialsContainer` API to get a credential
+     * based on the the public key credential request options from this challenge.
+     */
+    createCredentialAndAnswer(): Promise<MfaRequestInfo>;
+    /**
+     * Answers this challenge using a given credential `cred`.
+     * To obtain this credential, for example, call
+     *
+     * ```
+     * const cred = await navigator.credentials.get({ publicKey: this.options });
+     * ```
+     *
+     * @param {any} cred Credential created by calling the `CredentialContainer`'s `get` method
+     *                   based on the public key credential request options from this challenge.
+     */
+    answer(cred: any): Promise<MfaRequestInfo>;
+}

package/dist/src/fido.js

@@ -0,0 +1,148 @@
+"use strict";
+/* eslint-disable @typescript-eslint/no-explicit-any */
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _AddFidoChallenge_cs, _MfaFidoChallenge_ss;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MfaFidoChallenge = exports.AddFidoChallenge = void 0;
+const util_1 = require("./util");
+/**
+ * Returned after creating a request to add a new FIDO device.
+ * Provides some helper methods for answering this challenge.
+ */
+class AddFidoChallenge {
+    /**
+     * Constructor
+     * @param {CubeSigner} cs CubeSigner instance used to request to add a FIDO device
+     * @param {ApiAddFidoChallenge} challenge The challenge returned by the remote end.
+     */
+    constructor(cs, challenge) {
+        _AddFidoChallenge_cs.set(this, void 0);
+        __classPrivateFieldSet(this, _AddFidoChallenge_cs, cs, "f");
+        this.challengeId = challenge.challenge_id;
+        // fix options returned from the server: rename fields and decode base64 fields to uint8[]
+        this.options = {
+            ...challenge.options,
+            challenge: (0, util_1.decodeBase64Url)(challenge.options.challenge),
+        };
+        this.options.pubKeyCredParams ??= challenge.options.pub_key_cred_params;
+        this.options.excludeCredentials ??= challenge.options.exclude_credentials;
+        this.options.authenticatorSelection ??= challenge.options.authenticator_selection;
+        delete this.options.pub_key_cred_params;
+        delete this.options.exclude_credentials;
+        delete this.options.authenticator_selection;
+        if (challenge.options.user) {
+            this.options.user.id = (0, util_1.decodeBase64Url)(challenge.options.user.id);
+        }
+        for (const credential of this.options.excludeCredentials ?? []) {
+            credential.id = (0, util_1.decodeBase64Url)(credential.id);
+        }
+    }
+    /**
+     * Answers this challenge by using the `CredentialsContainer` API to create a credential
+     * based on the the public key credential creation options from this challenge.
+     */
+    async createCredentialAndAnswer() {
+        const cred = await navigator.credentials.create({ publicKey: this.options });
+        await this.answer(cred);
+    }
+    /**
+     * Answers this challenge using a given credential `cred`;
+     * the credential should be obtained by calling
+     *
+     * ```
+     * const cred = await navigator.credentials.create({ publicKey: this.options });
+     * ```
+     *
+     * @param {any} cred Credential created by calling the `CredentialContainer`'s `create` method
+     *                   based on the public key creation options from this challenge.
+     */
+    async answer(cred) {
+        const answer = {
+            id: cred.id,
+            response: {
+                clientDataJSON: (0, util_1.encodeToBase64Url)(cred.response.clientDataJSON),
+                attestationObject: (0, util_1.encodeToBase64Url)(cred.response.attestationObject),
+            },
+        };
+        await __classPrivateFieldGet(this, _AddFidoChallenge_cs, "f").addFidoComplete(this.challengeId, answer);
+    }
+}
+exports.AddFidoChallenge = AddFidoChallenge;
+_AddFidoChallenge_cs = new WeakMap();
+/**
+ * Returned after initiating MFA approval using FIDO.
+ * Provides some helper methods for answering this challenge.
+ */
+class MfaFidoChallenge {
+    /**
+     * @param {SignerSession} ss The session used to initiate MFA approval using FIDO
+     * @param {string} mfaId The MFA request id.
+     * @param {ApiMfaFidoChallenge} challenge The challenge returned by the remote end
+     */
+    constructor(ss, mfaId, challenge) {
+        _MfaFidoChallenge_ss.set(this, void 0);
+        __classPrivateFieldSet(this, _MfaFidoChallenge_ss, ss, "f");
+        this.mfaId = mfaId;
+        this.challengeId = challenge.challenge_id;
+        // fix options returned from the server: rename fields and decode base64 fields into uint8[]
+        this.options = {
+            ...challenge.options,
+            challenge: (0, util_1.decodeBase64Url)(challenge.options.challenge),
+        };
+        this.options.rpId ??= challenge.options.rp_id;
+        this.options.allowCredentials ??= challenge.options.allow_credentials;
+        this.options.userVerification ??= challenge.options.user_verification;
+        delete this.options.rp_id;
+        delete this.options.allow_credentials;
+        delete this.options.user_verification;
+        for (const credential of this.options.allowCredentials ?? []) {
+            credential.id = (0, util_1.decodeBase64Url)(credential.id);
+            if (credential.transports === null) {
+                delete credential.transports;
+            }
+        }
+    }
+    /**
+     * Answers this challenge by using the `CredentialsContainer` API to get a credential
+     * based on the the public key credential request options from this challenge.
+     */
+    async createCredentialAndAnswer() {
+        const cred = await navigator.credentials.get({ publicKey: this.options });
+        return await this.answer(cred);
+    }
+    /**
+     * Answers this challenge using a given credential `cred`.
+     * To obtain this credential, for example, call
+     *
+     * ```
+     * const cred = await navigator.credentials.get({ publicKey: this.options });
+     * ```
+     *
+     * @param {any} cred Credential created by calling the `CredentialContainer`'s `get` method
+     *                   based on the public key credential request options from this challenge.
+     */
+    async answer(cred) {
+        const answer = {
+            id: cred.id,
+            response: {
+                clientDataJSON: (0, util_1.encodeToBase64Url)(cred.response.clientDataJSON),
+                authenticatorData: (0, util_1.encodeToBase64Url)(cred.response.authenticatorData),
+                signature: (0, util_1.encodeToBase64Url)(cred.response.signature),
+            },
+        };
+        return await __classPrivateFieldGet(this, _MfaFidoChallenge_ss, "f").fidoApproveComplete(this.mfaId, this.challengeId, answer);
+    }
+}
+exports.MfaFidoChallenge = MfaFidoChallenge;
+_MfaFidoChallenge_ss = new WeakMap();
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZmlkby5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9maWRvLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSx1REFBdUQ7Ozs7Ozs7Ozs7Ozs7OztBQUl2RCxpQ0FBNEQ7QUFtQjVEOzs7R0FHRztBQUNILE1BQWEsZ0JBQWdCO0lBSzNCOzs7O09BSUc7SUFDSCxZQUFZLEVBQWMsRUFBRSxTQUE4QjtRQVRqRCx1Q0FBZ0I7UUFVdkIsdUJBQUEsSUFBSSx3QkFBTyxFQUFFLE1BQUEsQ0FBQztRQUNkLElBQUksQ0FBQyxXQUFXLEdBQUcsU0FBUyxDQUFDLFlBQVksQ0FBQztRQUUxQywwRkFBMEY7UUFDMUYsSUFBSSxDQUFDLE9BQU8sR0FBRztZQUNiLEdBQUcsU0FBUyxDQUFDLE9BQU87WUFDcEIsU0FBUyxFQUFFLElBQUEsc0JBQWUsRUFBQyxTQUFTLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQztTQUN4RCxDQUFDO1FBQ0YsSUFBSSxDQUFDLE9BQU8sQ0FBQyxnQkFBZ0IsS0FBSyxTQUFTLENBQUMsT0FBTyxDQUFDLG1CQUFtQixDQUFDO1FBQ3hFLElBQUksQ0FBQyxPQUFPLENBQUMsa0JBQWtCLEtBQUssU0FBUyxDQUFDLE9BQU8sQ0FBQyxtQkFBbUIsQ0FBQztRQUMxRSxJQUFJLENBQUMsT0FBTyxDQUFDLHNCQUFzQixLQUFLLFNBQVMsQ0FBQyxPQUFPLENBQUMsdUJBQXVCLENBQUM7UUFDbEYsT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLG1CQUFtQixDQUFDO1FBQ3hDLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQyxtQkFBbUIsQ0FBQztRQUN4QyxPQUFPLElBQUksQ0FBQyxPQUFPLENBQUMsdUJBQXVCLENBQUM7UUFFNUMsSUFBSSxTQUFTLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRTtZQUMxQixJQUFJLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxFQUFFLEdBQUcsSUFBQSxzQkFBZSxFQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1NBQ25FO1FBRUQsS0FBSyxNQUFNLFVBQVUsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLGtCQUFrQixJQUFJLEVBQUUsRUFBRTtZQUM5RCxVQUFVLENBQUMsRUFBRSxHQUFHLElBQUEsc0JBQWUsRUFBQyxVQUFVLENBQUMsRUFBRSxDQUFDLENBQUM7U0FDaEQ7SUFDSCxDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsS0FBSyxDQUFDLHlCQUF5QjtRQUM3QixNQUFNLElBQUksR0FBRyxNQUFNLFNBQVMsQ0FBQyxXQUFXLENBQUMsTUFBTSxDQUFDLEVBQUUsU0FBUyxFQUFFLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1FBQzdFLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUMxQixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNILEtBQUssQ0FBQyxNQUFNLENBQUMsSUFBUztRQUNwQixNQUFNLE1BQU0sR0FBd0I7WUFDbEMsRUFBRSxFQUFFLElBQUksQ0FBQyxFQUFFO1lBQ1gsUUFBUSxFQUFFO2dCQUNSLGNBQWMsRUFBRSxJQUFBLHdCQUFpQixFQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsY0FBYyxDQUFDO2dCQUMvRCxpQkFBaUIsRUFBRSxJQUFBLHdCQUFpQixFQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsaUJBQWlCLENBQUM7YUFDdEU7U0FDRixDQUFDO1FBQ0YsTUFBTSx1QkFBQSxJQUFJLDRCQUFJLENBQUMsZUFBZSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsTUFBTSxDQUFDLENBQUM7SUFDM0QsQ0FBQztDQUNGO0FBakVELDRDQWlFQzs7QUFFRDs7O0dBR0c7QUFDSCxNQUFhLGdCQUFnQjtJQU0zQjs7OztPQUlHO0lBQ0gsWUFBWSxFQUFpQixFQUFFLEtBQWEsRUFBRSxTQUE4QjtRQVZuRSx1Q0FBbUI7UUFXMUIsdUJBQUEsSUFBSSx3QkFBTyxFQUFFLE1BQUEsQ0FBQztRQUNkLElBQUksQ0FBQyxLQUFLLEdBQUcsS0FBSyxDQUFDO1FBQ25CLElBQUksQ0FBQyxXQUFXLEdBQUcsU0FBUyxDQUFDLFlBQVksQ0FBQztRQUUxQyw0RkFBNEY7UUFDNUYsSUFBSSxDQUFDLE9BQU8sR0FBRztZQUNiLEdBQUcsU0FBUyxDQUFDLE9BQU87WUFDcEIsU0FBUyxFQUFFLElBQUEsc0JBQWUsRUFBQyxTQUFTLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQztTQUN4RCxDQUFDO1FBQ0YsSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLEtBQUssU0FBUyxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUM7UUFDOUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxnQkFBZ0IsS0FBSyxTQUFTLENBQUMsT0FBTyxDQUFDLGlCQUFpQixDQUFDO1FBQ3RFLElBQUksQ0FBQyxPQUFPLENBQUMsZ0JBQWdCLEtBQUssU0FBUyxDQUFDLE9BQU8sQ0FBQyxpQkFBaUIsQ0FBQztRQUN0RSxPQUFPLElBQUksQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDO1FBQzFCLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQyxpQkFBaUIsQ0FBQztRQUN0QyxPQUFPLElBQUksQ0FBQyxPQUFPLENBQUMsaUJBQWlCLENBQUM7UUFFdEMsS0FBSyxNQUFNLFVBQVUsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLGdCQUFnQixJQUFJLEVBQUUsRUFBRTtZQUM1RCxVQUFVLENBQUMsRUFBRSxHQUFHLElBQUEsc0JBQWUsRUFBQyxVQUFVLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDL0MsSUFBSSxVQUFVLENBQUMsVUFBVSxLQUFLLElBQUksRUFBRTtnQkFDbEMsT0FBTyxVQUFVLENBQUMsVUFBVSxDQUFDO2FBQzlCO1NBQ0Y7SUFDSCxDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsS0FBSyxDQUFDLHlCQUF5QjtRQUM3QixNQUFNLElBQUksR0FBRyxNQUFNLFNBQVMsQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLEVBQUUsU0FBUyxFQUFFLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1FBQzFFLE9BQU8sTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRDs7Ozs7Ozs7OztPQVVHO0lBQ0gsS0FBSyxDQUFDLE1BQU0sQ0FBQyxJQUFTO1FBQ3BCLE1BQU0sTUFBTSxHQUF3QjtZQUNsQyxFQUFFLEVBQUUsSUFBSSxDQUFDLEVBQUU7WUFDWCxRQUFRLEVBQUU7Z0JBQ1IsY0FBYyxFQUFFLElBQUEsd0JBQWlCLEVBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxjQUFjLENBQUM7Z0JBQy9ELGlCQUFpQixFQUFFLElBQUEsd0JBQWlCLEVBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQztnQkFDckUsU0FBUyxFQUFFLElBQUEsd0JBQWlCLEVBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUM7YUFDdEQ7U0FDRixDQUFDO1FBQ0YsT0FBTyxNQUFNLHVCQUFBLElBQUksNEJBQUksQ0FBQyxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxXQUFXLEVBQUUsTUFBTSxDQUFDLENBQUM7SUFDbEYsQ0FBQztDQUNGO0FBbkVELDRDQW1FQyIsInNvdXJjZXNDb250ZW50IjpbIi8qIGVzbGludC1kaXNhYmxlIEB0eXBlc2NyaXB0LWVzbGludC9uby1leHBsaWNpdC1hbnkgKi9cblxuaW1wb3J0IHsgQ3ViZVNpZ25lciwgTWZhUmVxdWVzdEluZm8sIFNpZ25lclNlc3Npb24gfSBmcm9tIFwiLlwiO1xuaW1wb3J0IHsgY29tcG9uZW50cyB9IGZyb20gXCIuL3NjaGVtYVwiO1xuaW1wb3J0IHsgZGVjb2RlQmFzZTY0VXJsLCBlbmNvZGVUb0Jhc2U2NFVybCB9IGZyb20gXCIuL3V0aWxcIjtcblxuZXhwb3J0IHR5cGUgQXBpQWRkRmlkb0NoYWxsZW5nZSA9XG4gIGNvbXBvbmVudHNbXCJyZXNwb25zZXNcIl1bXCJGaWRvQ3JlYXRlQ2hhbGxlbmdlUmVzcG9uc2VcIl1bXCJjb250ZW50XCJdW1wiYXBwbGljYXRpb24vanNvblwiXTtcblxuZXhwb3J0IHR5cGUgQXBpTWZhRmlkb0NoYWxsZW5nZSA9XG4gIGNvbXBvbmVudHNbXCJyZXNwb25zZXNcIl1bXCJGaWRvQXNzZXJ0Q2hhbGxlbmdlXCJdW1wiY29udGVudFwiXVtcImFwcGxpY2F0aW9uL2pzb25cIl07XG5cbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxDcmVhdGlvbk9wdGlvbnMgPVxuICBjb21wb25lbnRzW1wic2NoZW1hc1wiXVtcIlB1YmxpY0tleUNyZWRlbnRpYWxDcmVhdGlvbk9wdGlvbnNcIl07XG5leHBvcnQgdHlwZSBQdWJsaWNLZXlDcmVkZW50aWFsUmVxdWVzdE9wdGlvbnMgPVxuICBjb21wb25lbnRzW1wic2NoZW1hc1wiXVtcIlB1YmxpY0tleUNyZWRlbnRpYWxSZXF1ZXN0T3B0aW9uc1wiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxQYXJhbWV0ZXJzID0gY29tcG9uZW50c1tcInNjaGVtYXNcIl1bXCJQdWJsaWNLZXlDcmVkZW50aWFsUGFyYW1ldGVyc1wiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxEZXNjcmlwdG9yID0gY29tcG9uZW50c1tcInNjaGVtYXNcIl1bXCJQdWJsaWNLZXlDcmVkZW50aWFsRGVzY3JpcHRvclwiXTtcbmV4cG9ydCB0eXBlIEF1dGhlbnRpY2F0b3JTZWxlY3Rpb25Dcml0ZXJpYSA9XG4gIGNvbXBvbmVudHNbXCJzY2hlbWFzXCJdW1wiQXV0aGVudGljYXRvclNlbGVjdGlvbkNyaXRlcmlhXCJdO1xuZXhwb3J0IHR5cGUgUHVibGljS2V5Q3JlZGVudGlhbFVzZXJFbnRpdHkgPSBjb21wb25lbnRzW1wic2NoZW1hc1wiXVtcIlB1YmxpY0tleUNyZWRlbnRpYWxVc2VyRW50aXR5XCJdO1xuZXhwb3J0IHR5cGUgUHVibGljS2V5Q3JlZGVudGlhbCA9IGNvbXBvbmVudHNbXCJzY2hlbWFzXCJdW1wiUHVibGljS2V5Q3JlZGVudGlhbFwiXTtcblxuLyoqXG4gKiBSZXR1cm5lZCBhZnRlciBjcmVhdGluZyBhIHJlcXVlc3QgdG8gYWRkIGEgbmV3IEZJRE8gZGV2aWNlLlxuICogUHJvdmlkZXMgc29tZSBoZWxwZXIgbWV0aG9kcyBmb3IgYW5zd2VyaW5nIHRoaXMgY2hhbGxlbmdlLlxuICovXG5leHBvcnQgY2xhc3MgQWRkRmlkb0NoYWxsZW5nZSB7XG4gIHJlYWRvbmx5ICNjczogQ3ViZVNpZ25lcjtcbiAgcmVhZG9ubHkgY2hhbGxlbmdlSWQ6IHN0cmluZztcbiAgcmVhZG9ubHkgb3B0aW9uczogYW55O1xuXG4gIC8qKlxuICAgKiBDb25zdHJ1Y3RvclxuICAgKiBAcGFyYW0ge0N1YmVTaWduZXJ9IGNzIEN1YmVTaWduZXIgaW5zdGFuY2UgdXNlZCB0byByZXF1ZXN0IHRvIGFkZCBhIEZJRE8gZGV2aWNlXG4gICAqIEBwYXJhbSB7QXBpQWRkRmlkb0NoYWxsZW5nZX0gY2hhbGxlbmdlIFRoZSBjaGFsbGVuZ2UgcmV0dXJuZWQgYnkgdGhlIHJlbW90ZSBlbmQuXG4gICAqL1xuICBjb25zdHJ1Y3RvcihjczogQ3ViZVNpZ25lciwgY2hhbGxlbmdlOiBBcGlBZGRGaWRvQ2hhbGxlbmdlKSB7XG4gICAgdGhpcy4jY3MgPSBjcztcbiAgICB0aGlzLmNoYWxsZW5nZUlkID0gY2hhbGxlbmdlLmNoYWxsZW5nZV9pZDtcblxuICAgIC8vIGZpeCBvcHRpb25zIHJldHVybmVkIGZyb20gdGhlIHNlcnZlcjogcmVuYW1lIGZpZWxkcyBhbmQgZGVjb2RlIGJhc2U2NCBmaWVsZHMgdG8gdWludDhbXVxuICAgIHRoaXMub3B0aW9ucyA9IHtcbiAgICAgIC4uLmNoYWxsZW5nZS5vcHRpb25zLFxuICAgICAgY2hhbGxlbmdlOiBkZWNvZGVCYXNlNjRVcmwoY2hhbGxlbmdlLm9wdGlvbnMuY2hhbGxlbmdlKSxcbiAgICB9O1xuICAgIHRoaXMub3B0aW9ucy5wdWJLZXlDcmVkUGFyYW1zID8/PSBjaGFsbGVuZ2Uub3B0aW9ucy5wdWJfa2V5X2NyZWRfcGFyYW1zO1xuICAgIHRoaXMub3B0aW9ucy5leGNsdWRlQ3JlZGVudGlhbHMgPz89IGNoYWxsZW5nZS5vcHRpb25zLmV4Y2x1ZGVfY3JlZGVudGlhbHM7XG4gICAgdGhpcy5vcHRpb25zLmF1dGhlbnRpY2F0b3JTZWxlY3Rpb24gPz89IGNoYWxsZW5nZS5vcHRpb25zLmF1dGhlbnRpY2F0b3Jfc2VsZWN0aW9uO1xuICAgIGRlbGV0ZSB0aGlzLm9wdGlvbnMucHViX2tleV9jcmVkX3BhcmFtcztcbiAgICBkZWxldGUgdGhpcy5vcHRpb25zLmV4Y2x1ZGVfY3JlZGVudGlhbHM7XG4gICAgZGVsZXRlIHRoaXMub3B0aW9ucy5hdXRoZW50aWNhdG9yX3NlbGVjdGlvbjtcblxuICAgIGlmIChjaGFsbGVuZ2Uub3B0aW9ucy51c2VyKSB7XG4gICAgICB0aGlzLm9wdGlvbnMudXNlci5pZCA9IGRlY29kZUJhc2U2NFVybChjaGFsbGVuZ2Uub3B0aW9ucy51c2VyLmlkKTtcbiAgICB9XG5cbiAgICBmb3IgKGNvbnN0IGNyZWRlbnRpYWwgb2YgdGhpcy5vcHRpb25zLmV4Y2x1ZGVDcmVkZW50aWFscyA/PyBbXSkge1xuICAgICAgY3JlZGVudGlhbC5pZCA9IGRlY29kZUJhc2U2NFVybChjcmVkZW50aWFsLmlkKTtcbiAgICB9XG4gIH1cblxuICAvKipcbiAgICogQW5zd2VycyB0aGlzIGNoYWxsZW5nZSBieSB1c2luZyB0aGUgYENyZWRlbnRpYWxzQ29udGFpbmVyYCBBUEkgdG8gY3JlYXRlIGEgY3JlZGVudGlhbFxuICAgKiBiYXNlZCBvbiB0aGUgdGhlIHB1YmxpYyBrZXkgY3JlZGVudGlhbCBjcmVhdGlvbiBvcHRpb25zIGZyb20gdGhpcyBjaGFsbGVuZ2UuXG4gICAqL1xuICBhc3luYyBjcmVhdGVDcmVkZW50aWFsQW5kQW5zd2VyKCkge1xuICAgIGNvbnN0IGNyZWQgPSBhd2FpdCBuYXZpZ2F0b3IuY3JlZGVudGlhbHMuY3JlYXRlKHsgcHVibGljS2V5OiB0aGlzLm9wdGlvbnMgfSk7XG4gICAgYXdhaXQgdGhpcy5hbnN3ZXIoY3JlZCk7XG4gIH1cblxuICAvKipcbiAgICogQW5zd2VycyB0aGlzIGNoYWxsZW5nZSB1c2luZyBhIGdpdmVuIGNyZWRlbnRpYWwgYGNyZWRgO1xuICAgKiB0aGUgY3JlZGVudGlhbCBzaG91bGQgYmUgb2J0YWluZWQgYnkgY2FsbGluZ1xuICAgKlxuICAgKiBgYGBcbiAgICogY29uc3QgY3JlZCA9IGF3YWl0IG5hdmlnYXRvci5jcmVkZW50aWFscy5jcmVhdGUoeyBwdWJsaWNLZXk6IHRoaXMub3B0aW9ucyB9KTtcbiAgICogYGBgXG4gICAqXG4gICAqIEBwYXJhbSB7YW55fSBjcmVkIENyZWRlbnRpYWwgY3JlYXRlZCBieSBjYWxsaW5nIHRoZSBgQ3JlZGVudGlhbENvbnRhaW5lcmAncyBgY3JlYXRlYCBtZXRob2RcbiAgICogICAgICAgICAgICAgICAgICAgYmFzZWQgb24gdGhlIHB1YmxpYyBrZXkgY3JlYXRpb24gb3B0aW9ucyBmcm9tIHRoaXMgY2hhbGxlbmdlLlxuICAgKi9cbiAgYXN5bmMgYW5zd2VyKGNyZWQ6IGFueSkge1xuICAgIGNvbnN0IGFuc3dlciA9IDxQdWJsaWNLZXlDcmVkZW50aWFsPntcbiAgICAgIGlkOiBjcmVkLmlkLFxuICAgICAgcmVzcG9uc2U6IHtcbiAgICAgICAgY2xpZW50RGF0YUpTT046IGVuY29kZVRvQmFzZTY0VXJsKGNyZWQucmVzcG9uc2UuY2xpZW50RGF0YUpTT04pLFxuICAgICAgICBhdHRlc3RhdGlvbk9iamVjdDogZW5jb2RlVG9CYXNlNjRVcmwoY3JlZC5yZXNwb25zZS5hdHRlc3RhdGlvbk9iamVjdCksXG4gICAgICB9LFxuICAgIH07XG4gICAgYXdhaXQgdGhpcy4jY3MuYWRkRmlkb0NvbXBsZXRlKHRoaXMuY2hhbGxlbmdlSWQsIGFuc3dlcik7XG4gIH1cbn1cblxuLyoqXG4gKiBSZXR1cm5lZCBhZnRlciBpbml0aWF0aW5nIE1GQSBhcHByb3ZhbCB1c2luZyBGSURPLlxuICogUHJvdmlkZXMgc29tZSBoZWxwZXIgbWV0aG9kcyBmb3IgYW5zd2VyaW5nIHRoaXMgY2hhbGxlbmdlLlxuICovXG5leHBvcnQgY2xhc3MgTWZhRmlkb0NoYWxsZW5nZSB7XG4gIHJlYWRvbmx5ICNzczogU2lnbmVyU2Vzc2lvbjtcbiAgcmVhZG9ubHkgbWZhSWQ6IHN0cmluZztcbiAgcmVhZG9ubHkgY2hhbGxlbmdlSWQ6IHN0cmluZztcbiAgcmVhZG9ubHkgb3B0aW9uczogYW55O1xuXG4gIC8qKlxuICAgKiBAcGFyYW0ge1NpZ25lclNlc3Npb259IHNzIFRoZSBzZXNzaW9uIHVzZWQgdG8gaW5pdGlhdGUgTUZBIGFwcHJvdmFsIHVzaW5nIEZJRE9cbiAgICogQHBhcmFtIHtzdHJpbmd9IG1mYUlkIFRoZSBNRkEgcmVxdWVzdCBpZC5cbiAgICogQHBhcmFtIHtBcGlNZmFGaWRvQ2hhbGxlbmdlfSBjaGFsbGVuZ2UgVGhlIGNoYWxsZW5nZSByZXR1cm5lZCBieSB0aGUgcmVtb3RlIGVuZFxuICAgKi9cbiAgY29uc3RydWN0b3Ioc3M6IFNpZ25lclNlc3Npb24sIG1mYUlkOiBzdHJpbmcsIGNoYWxsZW5nZTogQXBpTWZhRmlkb0NoYWxsZW5nZSkge1xuICAgIHRoaXMuI3NzID0gc3M7XG4gICAgdGhpcy5tZmFJZCA9IG1mYUlkO1xuICAgIHRoaXMuY2hhbGxlbmdlSWQgPSBjaGFsbGVuZ2UuY2hhbGxlbmdlX2lkO1xuXG4gICAgLy8gZml4IG9wdGlvbnMgcmV0dXJuZWQgZnJvbSB0aGUgc2VydmVyOiByZW5hbWUgZmllbGRzIGFuZCBkZWNvZGUgYmFzZTY0IGZpZWxkcyBpbnRvIHVpbnQ4W11cbiAgICB0aGlzLm9wdGlvbnMgPSB7XG4gICAgICAuLi5jaGFsbGVuZ2Uub3B0aW9ucyxcbiAgICAgIGNoYWxsZW5nZTogZGVjb2RlQmFzZTY0VXJsKGNoYWxsZW5nZS5vcHRpb25zLmNoYWxsZW5nZSksXG4gICAgfTtcbiAgICB0aGlzLm9wdGlvbnMucnBJZCA/Pz0gY2hhbGxlbmdlLm9wdGlvbnMucnBfaWQ7XG4gICAgdGhpcy5vcHRpb25zLmFsbG93Q3JlZGVudGlhbHMgPz89IGNoYWxsZW5nZS5vcHRpb25zLmFsbG93X2NyZWRlbnRpYWxzO1xuICAgIHRoaXMub3B0aW9ucy51c2VyVmVyaWZpY2F0aW9uID8/PSBjaGFsbGVuZ2Uub3B0aW9ucy51c2VyX3ZlcmlmaWNhdGlvbjtcbiAgICBkZWxldGUgdGhpcy5vcHRpb25zLnJwX2lkO1xuICAgIGRlbGV0ZSB0aGlzLm9wdGlvbnMuYWxsb3dfY3JlZGVudGlhbHM7XG4gICAgZGVsZXRlIHRoaXMub3B0aW9ucy51c2VyX3ZlcmlmaWNhdGlvbjtcblxuICAgIGZvciAoY29uc3QgY3JlZGVudGlhbCBvZiB0aGlzLm9wdGlvbnMuYWxsb3dDcmVkZW50aWFscyA/PyBbXSkge1xuICAgICAgY3JlZGVudGlhbC5pZCA9IGRlY29kZUJhc2U2NFVybChjcmVkZW50aWFsLmlkKTtcbiAgICAgIGlmIChjcmVkZW50aWFsLnRyYW5zcG9ydHMgPT09IG51bGwpIHtcbiAgICAgICAgZGVsZXRlIGNyZWRlbnRpYWwudHJhbnNwb3J0cztcbiAgICAgIH1cbiAgICB9XG4gIH1cblxuICAvKipcbiAgICogQW5zd2VycyB0aGlzIGNoYWxsZW5nZSBieSB1c2luZyB0aGUgYENyZWRlbnRpYWxzQ29udGFpbmVyYCBBUEkgdG8gZ2V0IGEgY3JlZGVudGlhbFxuICAgKiBiYXNlZCBvbiB0aGUgdGhlIHB1YmxpYyBrZXkgY3JlZGVudGlhbCByZXF1ZXN0IG9wdGlvbnMgZnJvbSB0aGlzIGNoYWxsZW5nZS5cbiAgICovXG4gIGFzeW5jIGNyZWF0ZUNyZWRlbnRpYWxBbmRBbnN3ZXIoKTogUHJvbWlzZTxNZmFSZXF1ZXN0SW5mbz4ge1xuICAgIGNvbnN0IGNyZWQgPSBhd2FpdCBuYXZpZ2F0b3IuY3JlZGVudGlhbHMuZ2V0KHsgcHVibGljS2V5OiB0aGlzLm9wdGlvbnMgfSk7XG4gICAgcmV0dXJuIGF3YWl0IHRoaXMuYW5zd2VyKGNyZWQpO1xuICB9XG5cbiAgLyoqXG4gICAqIEFuc3dlcnMgdGhpcyBjaGFsbGVuZ2UgdXNpbmcgYSBnaXZlbiBjcmVkZW50aWFsIGBjcmVkYC5cbiAgICogVG8gb2J0YWluIHRoaXMgY3JlZGVudGlhbCwgZm9yIGV4YW1wbGUsIGNhbGxcbiAgICpcbiAgICogYGBgXG4gICAqIGNvbnN0IGNyZWQgPSBhd2FpdCBuYXZpZ2F0b3IuY3JlZGVudGlhbHMuZ2V0KHsgcHVibGljS2V5OiB0aGlzLm9wdGlvbnMgfSk7XG4gICAqIGBgYFxuICAgKlxuICAgKiBAcGFyYW0ge2FueX0gY3JlZCBDcmVkZW50aWFsIGNyZWF0ZWQgYnkgY2FsbGluZyB0aGUgYENyZWRlbnRpYWxDb250YWluZXJgJ3MgYGdldGAgbWV0aG9kXG4gICAqICAgICAgICAgICAgICAgICAgIGJhc2VkIG9uIHRoZSBwdWJsaWMga2V5IGNyZWRlbnRpYWwgcmVxdWVzdCBvcHRpb25zIGZyb20gdGhpcyBjaGFsbGVuZ2UuXG4gICAqL1xuICBhc3luYyBhbnN3ZXIoY3JlZDogYW55KTogUHJvbWlzZTxNZmFSZXF1ZXN0SW5mbz4ge1xuICAgIGNvbnN0IGFuc3dlciA9IDxQdWJsaWNLZXlDcmVkZW50aWFsPntcbiAgICAgIGlkOiBjcmVkLmlkLFxuICAgICAgcmVzcG9uc2U6IHtcbiAgICAgICAgY2xpZW50RGF0YUpTT046IGVuY29kZVRvQmFzZTY0VXJsKGNyZWQucmVzcG9uc2UuY2xpZW50RGF0YUpTT04pLFxuICAgICAgICBhdXRoZW50aWNhdG9yRGF0YTogZW5jb2RlVG9CYXNlNjRVcmwoY3JlZC5yZXNwb25zZS5hdXRoZW50aWNhdG9yRGF0YSksXG4gICAgICAgIHNpZ25hdHVyZTogZW5jb2RlVG9CYXNlNjRVcmwoY3JlZC5yZXNwb25zZS5zaWduYXR1cmUpLFxuICAgICAgfSxcbiAgICB9O1xuICAgIHJldHVybiBhd2FpdCB0aGlzLiNzcy5maWRvQXBwcm92ZUNvbXBsZXRlKHRoaXMubWZhSWQsIHRoaXMuY2hhbGxlbmdlSWQsIGFuc3dlcik7XG4gIH1cbn1cbiJdfQ==

package/dist/src/index.d.ts

@@ -4,26 +4,54 @@ import { Org } from "./org";
 import { SignerSessionStorage, SignerSessionManager } from "./session/signer_session_manager";
 import { MfaRequestInfo, SignResponse, SignerSession } from "./signer_session";
 import { CognitoSessionManager, CognitoSessionStorage } from "./session/cognito_manager";
+import { AddFidoChallenge, PublicKeyCredential } from "./fido";
 /** CubeSigner constructor options */
 export interface CubeSignerOptions {
     /** The environment to use */
     env?: EnvInterface;
     /** The management authorization token */
     sessionMgr?: CognitoSessionManager | SignerSessionManager;
+    /** Optional organization id */
+    orgId?: string;
 }
 export type UserInfo = components["schemas"]["UserInfo"];
 export type TotpInfo = components["responses"]["TotpInfo"]["content"]["application/json"];
 export type ConfiguredMfa = components["schemas"]["ConfiguredMfa"];
 export type RatchetConfig = components["schemas"]["RatchetConfig"];
+export type IdentityProof = components["schemas"]["IdentityProof"];
 type OidcAuthResponse = paths["/v0/org/{org_id}/oidc"]["post"]["responses"]["200"]["content"]["application/json"];
+/** TOTP challenge that must be answered before user's TOTP is updated */
+export declare class TotpChallenge {
+    #private;
+    /** The id of the challenge */
+    get totpId(): string;
+    /** The new TOTP configuration */
+    get totpUrl(): string;
+    /**
+     * @param {CubeSigner} cs Used when answering the challenge.
+     * @param {TotpInfo} totpInfo TOTP challenge information.
+     */
+    constructor(cs: CubeSigner, totpInfo: TotpInfo);
+    /**
+     * Answer the challenge with the code that corresponds to this `this.totpUrl`.
+     * @param {string} code 6-digit code that corresponds to this `this.totpUrl`.
+     */
+    answer(code: string): Promise<void>;
+}
 /** CubeSigner client */
 export declare class CubeSigner {
     #private;
     readonly sessionMgr?: CognitoSessionManager | SignerSessionManager;
     /** @return {EnvInterface} The CubeSigner environment of this client */
     get env(): EnvInterface;
+    /**
+     * Set the organization ID
+     * @param {string} orgId The new organization id.
+     */
+    setOrgId(orgId: string): void;
     /**
      * Loads an existing management session and creates a CubeSigner instance.
+     *
      * @param {CognitoSessionStorage} storage Optional session storage to load
      * the session from. If not specified, the management session from the config
      * directory will be loaded.
@@ -53,15 +81,12 @@ export declare class CubeSigner {
      * @return {Promise<SignerSessionManager>} The signer session manager
      */
     oidcAuth(oidcToken: string, orgId: string, scopes: Array<string>, lifetimes?: RatchetConfig, storage?: SignerSessionStorage): Promise<SignerSessionManager>;
-    /** Retrieves information about the current user. */
-    aboutMe(): Promise<UserInfo>;
     /**
-     * Creates and sets a new TOTP configuration for the logged in user,
-     * if and only if no TOTP configuration is already set.
+     * Retrieves information about the current user.
      *
-     * @return {Promise<TotpInfo>} Newly created TOTP configuration.
+     * @return {Promise<UserInfo>} User information.
      */
-    initTotp(): Promise<TotpInfo>;
+    aboutMe(): Promise<UserInfo>;
     /**
      * Retrieves existing MFA request.
      *
@@ -71,10 +96,47 @@ export declare class CubeSigner {
      */
     mfaGet(orgId: string, mfaId: string): Promise<MfaRequestInfo>;
     /**
-     * Creates and sets a new TOTP configuration for the logged-in user,
-     * overriding the existing one (if any).
+     * List pending MFA requests accessible to the current user.
+     * @param {string} orgId Organization ID
+     * @return {Promise<MfaRequestInfo[]>} The MFA requests.
+     */
+    mfaList(orgId: string): Promise<MfaRequestInfo[]>;
+    /**
+     * Approve a pending MFA request.
+     *
+     * @param {string} orgId The org id of the MFA request
+     * @param {string} mfaId The id of the MFA request
+     * @return {Promise<MfaRequestInfo>} The result of the MFA request
+     */
+    mfaApprove(orgId: string, mfaId: string): Promise<MfaRequestInfo>;
+    /**
+     * Initiate adding a new FIDO device. MFA may be required.
+     * @param {string} name The name of the new device.
+     * @param {MfaReceipt} mfaReceipt Optional MFA receipt to include in HTTP headers
+     * @return {Promise<SignResponse<AddFidoChallenge>>} A challenge that must be answered in order to complete FIDO registration.
      */
-    resetTotp(): Promise<TotpInfo>;
+    addFidoStart(name: string, mfaReceipt?: MfaReceipt): Promise<SignResponse<AddFidoChallenge>>;
+    /**
+     * Complete a previously initiated request to add a new FIDO device.
+     * @param {string} challengeId The ID of the challenge returned by the remote end.
+     * @param {PublicKeyCredential} credential The answer to the challenge.
+     */
+    addFidoComplete(challengeId: string, credential: PublicKeyCredential): Promise<void>;
+    /**
+     * Creates a request to change user's TOTP. This request returns a new TOTP challenge
+     * that must be answered by calling `resetTotpComplete`
+     *
+     * @param {MfaReceipt} mfaReceipt MFA receipt to include in HTTP headers
+     */
+    resetTotpStart(mfaReceipt?: MfaReceipt): Promise<SignResponse<TotpChallenge>>;
+    /**
+     * Answer the TOTP challenge issued by `resetTotpStart`. If successful, user's
+     * TOTP configuration will be updated to that of the TOTP challenge.
+     *
+     * @param {string} totpId - The ID of the TOTP challenge
+     * @param {string} code - The TOTP code that should verify against the TOTP configuration from the challenge.
+     */
+    resetTotpComplete(totpId: string, code: string): Promise<void>;
     /**
      * Verifies a given TOTP code against the current user's TOTP configuration.
      * Throws an error if the verification fails.
@@ -86,11 +148,39 @@ export declare class CubeSigner {
      * @return {Org} The organization.
      * */
     getOrg(orgId: string): Promise<Org>;
+    /**
+     * Deletes a given key.
+     * @param {string} orgId - Organization id
+     * @param {string} keyId - Key id
+     */
+    deleteKey(orgId: string, keyId: string): Promise<void>;
     /** Get the management client.
      * @return {Client} The client.
      * @internal
      * */
     management(): Promise<Client>;
+    /**
+     * Obtain a proof of authentication.
+     *
+     * @param {string} orgId The id of the organization that the user is in
+     * @return {Promise<IdentityProof>} Proof of authentication
+     */
+    proveIdentity(orgId: string): Promise<IdentityProof>;
+    /**
+     * Exchange an OIDC token for a proof of authentication.
+     *
+     * @param {string} oidcToken The OIDC token
+     * @param {string} orgId The id of the organization that the user is in
+     * @return {Promise<IdentityProof>} Proof of authentication
+     */
+    oidcProveIdentity(oidcToken: string, orgId: string): Promise<IdentityProof>;
+    /**
+     * Checks if a given identity proof is valid.
+     *
+     * @param {string} orgId The id of the organization that the user is in.
+     * @param {IdentityProof} identityProof The proof of authentication.
+     */
+    verifyIdentity(orgId: string, identityProof: IdentityProof): Promise<void>;
     /**
      * Exchange an OIDC token for a CubeSigner session token.
      * @param {string} oidcToken The OIDC token
@@ -106,6 +196,8 @@ export declare class CubeSigner {
 export interface MfaReceipt {
     /** MFA request ID */
     mfaId: string;
+    /** Corresponding org ID */
+    mfaOrgId: string;
     /** MFA confirmation code */
     mfaConf: string;
 }
@@ -117,6 +209,10 @@ export * from "./key";
 export * from "./role";
 /** Env */
 export * from "./env";
+/** Fido */
+export * from "./fido";
+/** Pagination */
+export * from "./paginator";
 /** Sessions */
 export * from "./signer_session";
 /** Session storage */