@cubist-labs/cubesigner-sdk 0.2.24 → 0.3.1

package/dist/esm/src/key.js

@@ -0,0 +1,236 @@
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var _Key_data;
+/** Secp256k1 key type */
+export var Secp256k1;
+(function (Secp256k1) {
+    Secp256k1["Evm"] = "SecpEthAddr";
+    Secp256k1["Btc"] = "SecpBtc";
+    Secp256k1["BtcTest"] = "SecpBtcTest";
+    Secp256k1["Ava"] = "SecpAvaAddr";
+    Secp256k1["AvaTest"] = "SecpAvaTestAddr";
+})(Secp256k1 || (Secp256k1 = {}));
+/** BLS key type */
+export var Bls;
+(function (Bls) {
+    Bls["Eth2Deposited"] = "BlsPub";
+    Bls["Eth2Inactive"] = "BlsInactive";
+})(Bls || (Bls = {}));
+/** Ed25519 key type */
+export var Ed25519;
+(function (Ed25519) {
+    Ed25519["Solana"] = "Ed25519SolanaAddr";
+    Ed25519["Sui"] = "Ed25519SuiAddr";
+    Ed25519["Aptos"] = "Ed25519AptosAddr";
+    Ed25519["Cardano"] = "Ed25519CardanoAddrVk";
+    Ed25519["Stellar"] = "Ed25519StellarAddr";
+})(Ed25519 || (Ed25519 = {}));
+/** Mnemonic key type */
+export const Mnemonic = "Mnemonic";
+/** Stark key type */
+export const Stark = "Stark";
+/**
+ * Define some additional (backward compatibility) properties
+ * on a `KeyInfoApi` object returned from the remote end.
+ *
+ * @param {KeyInfoApi} key Key information returned from the remote end
+ * @return {KeyInfo} The same `key` object extended with some derived properties.
+ */
+export function toKeyInfo(key) {
+    return {
+        ...key,
+        id: key.key_id,
+        type: key.key_type,
+        publicKey: key.public_key,
+        materialId: key.material_id,
+    };
+}
+/**
+ * A representation of a signing key.
+ */
+export class Key {
+    /** The organization that this key is in */
+    get orgId() {
+        return this.csc.orgId;
+    }
+    /**
+     * The id of the key: "Key#" followed by a unique identifier specific to
+     * the type of key (such as a public key for BLS or an ethereum address for Secp)
+     * @example Key#0x8e3484687e66cdd26cf04c3647633ab4f3570148
+     */
+    get id() {
+        return __classPrivateFieldGet(this, _Key_data, "f").key_id;
+    }
+    /**
+     * A unique identifier specific to the type of key, such as a public key or an ethereum address
+     * @example 0x8e3484687e66cdd26cf04c3647633ab4f3570148
+     */
+    get materialId() {
+        return __classPrivateFieldGet(this, _Key_data, "f").material_id;
+    }
+    /**
+     * @description Hex-encoded, serialized public key. The format used depends on the key type:
+     * - secp256k1 keys use 65-byte uncompressed SECG format
+     * - BLS keys use 48-byte compressed BLS12-381 (ZCash) format
+     * @example 0x04d2688b6bc2ce7f9879b9e745f3c4dc177908c5cef0c1b64cff19ae7ff27dee623c64fe9d9c325c7fbbc748bbd5f607ce14dd83e28ebbbb7d3e7f2ffb70a79431
+     */
+    get publicKey() {
+        return __classPrivateFieldGet(this, _Key_data, "f").public_key;
+    }
+    /**
+     * Get the cached properties of this key. The cached properties reflect the
+     * state of the last fetch or update (e.g., after awaiting `Key.enabled()`
+     * or `Key.disable()`).
+     */
+    get cached() {
+        return __classPrivateFieldGet(this, _Key_data, "f");
+    }
+    /** The type of key. */
+    async type() {
+        const data = await this.fetch();
+        return fromSchemaKeyType(data.key_type);
+    }
+    /** Is the key enabled? */
+    async enabled() {
+        const data = await this.fetch();
+        return data.enabled;
+    }
+    /** Enable the key. */
+    async enable() {
+        await this.update({ enabled: true });
+    }
+    /** Disable the key. */
+    async disable() {
+        await this.update({ enabled: false });
+    }
+    /**
+     * Set new policy (overwriting any policies previously set for this key)
+     * @param {KeyPolicy} policy The new policy to set
+     */
+    async setPolicy(policy) {
+        await this.update({ policy: policy });
+    }
+    /**
+     * Append to existing key policy. This append is not atomic -- it uses {@link policy} to fetch the current policy and then {@link setPolicy} to set the policy -- and should not be used in across concurrent sessions.
+     * @param {KeyPolicy} policy The policy to append to the existing one.
+     */
+    async appendPolicy(policy) {
+        const existing = await this.policy();
+        await this.setPolicy([...existing, ...policy]);
+    }
+    /**
+     * Get the policy for the key.
+     * @return {Promise<KeyPolicy>} The policy for the key.
+     */
+    async policy() {
+        const data = await this.fetch();
+        return (data.policy ?? []);
+    }
+    /**
+     * @description Owner of the key
+     * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
+     */
+    async owner() {
+        const data = await this.fetch();
+        return data.owner;
+    }
+    /**
+     * Set the owner of the key. Only the key (or org) owner can change the owner of the key.
+     * @param {string} owner The user-id of the new owner of the key.
+     */
+    async setOwner(owner) {
+        await this.update({ owner });
+    }
+    /**
+     * Delete this key.
+     */
+    async delete() {
+        await this.csc.keyDelete(this.id);
+    }
+    // --------------------------------------------------------------------------
+    // -- INTERNAL --------------------------------------------------------------
+    // --------------------------------------------------------------------------
+    /**
+     * Create a new key.
+     *
+     * @param {CubeSignerClient} csc The CubeSigner instance to use for signing.
+     * @param {KeyInfoApi} data The JSON response from the API server.
+     * @internal
+     */
+    constructor(csc, data) {
+        /** The key information */
+        _Key_data.set(this, void 0);
+        this.csc = csc;
+        __classPrivateFieldSet(this, _Key_data, toKeyInfo(data), "f");
+    }
+    /**
+     * Update the key.
+     * @param {UpdateKeyRequest} request The JSON request to send to the API server.
+     * @return {KeyInfo} The JSON response from the API server.
+     * @internal
+     */
+    async update(request) {
+        __classPrivateFieldSet(this, _Key_data, await this.csc.keyUpdate(this.id, request).then(toKeyInfo), "f");
+        return __classPrivateFieldGet(this, _Key_data, "f");
+    }
+    /**
+     * Fetch the key information.
+     *
+     * @return {KeyInfo} The key information.
+     * @internal
+     */
+    async fetch() {
+        __classPrivateFieldSet(this, _Key_data, await this.csc.keyGet(this.id).then(toKeyInfo), "f");
+        return __classPrivateFieldGet(this, _Key_data, "f");
+    }
+}
+_Key_data = new WeakMap();
+/**
+ * Convert a schema key type to a key type.
+ *
+ * @param {SchemaKeyType} ty The schema key type.
+ * @return {KeyType} The key type.
+ * @internal
+ */
+export function fromSchemaKeyType(ty) {
+    switch (ty) {
+        case "SecpEthAddr":
+            return Secp256k1.Evm;
+        case "SecpBtc":
+            return Secp256k1.Btc;
+        case "SecpBtcTest":
+            return Secp256k1.BtcTest;
+        case "SecpAvaAddr":
+            return Secp256k1.Ava;
+        case "SecpAvaTestAddr":
+            return Secp256k1.AvaTest;
+        case "BlsPub":
+            return Bls.Eth2Deposited;
+        case "BlsInactive":
+            return Bls.Eth2Inactive;
+        case "Ed25519SolanaAddr":
+            return Ed25519.Solana;
+        case "Ed25519SuiAddr":
+            return Ed25519.Sui;
+        case "Ed25519AptosAddr":
+            return Ed25519.Aptos;
+        case "Ed25519CardanoAddrVk":
+            return Ed25519.Cardano;
+        case "Ed25519StellarAddr":
+            return Ed25519.Stellar;
+        case "Stark":
+            return Stark;
+        case "Mnemonic":
+            return Mnemonic;
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2tleS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7QUFJQSx5QkFBeUI7QUFDekIsTUFBTSxDQUFOLElBQVksU0FNWDtBQU5ELFdBQVksU0FBUztJQUNuQixnQ0FBbUIsQ0FBQTtJQUNuQiw0QkFBZSxDQUFBO0lBQ2Ysb0NBQXVCLENBQUE7SUFDdkIsZ0NBQW1CLENBQUE7SUFDbkIsd0NBQTJCLENBQUE7QUFDN0IsQ0FBQyxFQU5XLFNBQVMsS0FBVCxTQUFTLFFBTXBCO0FBRUQsbUJBQW1CO0FBQ25CLE1BQU0sQ0FBTixJQUFZLEdBR1g7QUFIRCxXQUFZLEdBQUc7SUFDYiwrQkFBd0IsQ0FBQTtJQUN4QixtQ0FBNEIsQ0FBQTtBQUM5QixDQUFDLEVBSFcsR0FBRyxLQUFILEdBQUcsUUFHZDtBQUVELHVCQUF1QjtBQUN2QixNQUFNLENBQU4sSUFBWSxPQU1YO0FBTkQsV0FBWSxPQUFPO0lBQ2pCLHVDQUE0QixDQUFBO0lBQzVCLGlDQUFzQixDQUFBO0lBQ3RCLHFDQUEwQixDQUFBO0lBQzFCLDJDQUFnQyxDQUFBO0lBQ2hDLHlDQUE4QixDQUFBO0FBQ2hDLENBQUMsRUFOVyxPQUFPLEtBQVAsT0FBTyxRQU1sQjtBQUVELHdCQUF3QjtBQUN4QixNQUFNLENBQUMsTUFBTSxRQUFRLEdBQUcsVUFBbUIsQ0FBQztBQUc1QyxxQkFBcUI7QUFDckIsTUFBTSxDQUFDLE1BQU0sS0FBSyxHQUFHLE9BQWdCLENBQUM7QUFrQnRDOzs7Ozs7R0FNRztBQUNILE1BQU0sVUFBVSxTQUFTLENBQUMsR0FBZTtJQUN2QyxPQUFPO1FBQ0wsR0FBRyxHQUFHO1FBQ04sRUFBRSxFQUFFLEdBQUcsQ0FBQyxNQUFNO1FBQ2QsSUFBSSxFQUFFLEdBQUcsQ0FBQyxRQUFRO1FBQ2xCLFNBQVMsRUFBRSxHQUFHLENBQUMsVUFBVTtRQUN6QixVQUFVLEVBQUUsR0FBRyxDQUFDLFdBQVc7S0FDNUIsQ0FBQztBQUNKLENBQUM7QUFFRDs7R0FFRztBQUNILE1BQU0sT0FBTyxHQUFHO0lBTWQsMkNBQTJDO0lBQzNDLElBQUksS0FBSztRQUNQLE9BQU8sSUFBSSxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUM7SUFDeEIsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxJQUFJLEVBQUU7UUFDSixPQUFPLHVCQUFBLElBQUksaUJBQU0sQ0FBQyxNQUFNLENBQUM7SUFDM0IsQ0FBQztJQUVEOzs7T0FHRztJQUNILElBQUksVUFBVTtRQUNaLE9BQU8sdUJBQUEsSUFBSSxpQkFBTSxDQUFDLFdBQVcsQ0FBQztJQUNoQyxDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSCxJQUFJLFNBQVM7UUFDWCxPQUFPLHVCQUFBLElBQUksaUJBQU0sQ0FBQyxVQUFVLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxJQUFJLE1BQU07UUFDUixPQUFPLHVCQUFBLElBQUksaUJBQU0sQ0FBQztJQUNwQixDQUFDO0lBRUQsdUJBQXVCO0lBQ3ZCLEtBQUssQ0FBQyxJQUFJO1FBQ1IsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDaEMsT0FBTyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVELDBCQUEwQjtJQUMxQixLQUFLLENBQUMsT0FBTztRQUNYLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQ2hDLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQztJQUN0QixDQUFDO0lBRUQsc0JBQXNCO0lBQ3RCLEtBQUssQ0FBQyxNQUFNO1FBQ1YsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUM7SUFDdkMsQ0FBQztJQUVELHVCQUF1QjtJQUN2QixLQUFLLENBQUMsT0FBTztRQUNYLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLE9BQU8sRUFBRSxLQUFLLEVBQUUsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsU0FBUyxDQUFDLE1BQWlCO1FBQy9CLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLE1BQU0sRUFBRSxNQUE0QyxFQUFFLENBQUMsQ0FBQztJQUM5RSxDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsS0FBSyxDQUFDLFlBQVksQ0FBQyxNQUFpQjtRQUNsQyxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUNyQyxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQyxHQUFHLFFBQVEsRUFBRSxHQUFHLE1BQU0sQ0FBQyxDQUFDLENBQUM7SUFDakQsQ0FBQztJQUVEOzs7T0FHRztJQUNILEtBQUssQ0FBQyxNQUFNO1FBQ1YsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDaEMsT0FBTyxDQUFDLElBQUksQ0FBQyxNQUFNLElBQUksRUFBRSxDQUF5QixDQUFDO0lBQ3JELENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsS0FBSztRQUNULE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQ2hDLE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQztJQUNwQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsS0FBSyxDQUFDLFFBQVEsQ0FBQyxLQUFhO1FBQzFCLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLEtBQUssRUFBRSxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOztPQUVHO0lBQ0gsS0FBSyxDQUFDLE1BQU07UUFDVixNQUFNLElBQUksQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUNwQyxDQUFDO0lBRUQsNkVBQTZFO0lBQzdFLDZFQUE2RTtJQUM3RSw2RUFBNkU7SUFFN0U7Ozs7OztPQU1HO0lBQ0gsWUFBWSxHQUFxQixFQUFFLElBQWdCO1FBL0huRCwwQkFBMEI7UUFDMUIsNEJBQWU7UUErSGIsSUFBSSxDQUFDLEdBQUcsR0FBRyxHQUFHLENBQUM7UUFDZix1QkFBQSxJQUFJLGFBQVMsU0FBUyxDQUFDLElBQUksQ0FBQyxNQUFBLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0ssS0FBSyxDQUFDLE1BQU0sQ0FBQyxPQUF5QjtRQUM1Qyx1QkFBQSxJQUFJLGFBQVMsTUFBTSxJQUFJLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsRUFBRSxFQUFFLE9BQU8sQ0FBQyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsTUFBQSxDQUFDO1FBQ3hFLE9BQU8sdUJBQUEsSUFBSSxpQkFBTSxDQUFDO0lBQ3BCLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNLLEtBQUssQ0FBQyxLQUFLO1FBQ2pCLHVCQUFBLElBQUksYUFBUyxNQUFNLElBQUksQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQUEsQ0FBQztRQUM1RCxPQUFPLHVCQUFBLElBQUksaUJBQU0sQ0FBQztJQUNwQixDQUFDO0NBQ0Y7O0FBRUQ7Ozs7OztHQU1HO0FBQ0gsTUFBTSxVQUFVLGlCQUFpQixDQUFDLEVBQWlCO0lBQ2pELFFBQVEsRUFBRSxFQUFFLENBQUM7UUFDWCxLQUFLLGFBQWE7WUFDaEIsT0FBTyxTQUFTLENBQUMsR0FBRyxDQUFDO1FBQ3ZCLEtBQUssU0FBUztZQUNaLE9BQU8sU0FBUyxDQUFDLEdBQUcsQ0FBQztRQUN2QixLQUFLLGFBQWE7WUFDaEIsT0FBTyxTQUFTLENBQUMsT0FBTyxDQUFDO1FBQzNCLEtBQUssYUFBYTtZQUNoQixPQUFPLFNBQVMsQ0FBQyxHQUFHLENBQUM7UUFDdkIsS0FBSyxpQkFBaUI7WUFDcEIsT0FBTyxTQUFTLENBQUMsT0FBTyxDQUFDO1FBQzNCLEtBQUssUUFBUTtZQUNYLE9BQU8sR0FBRyxDQUFDLGFBQWEsQ0FBQztRQUMzQixLQUFLLGFBQWE7WUFDaEIsT0FBTyxHQUFHLENBQUMsWUFBWSxDQUFDO1FBQzFCLEtBQUssbUJBQW1CO1lBQ3RCLE9BQU8sT0FBTyxDQUFDLE1BQU0sQ0FBQztRQUN4QixLQUFLLGdCQUFnQjtZQUNuQixPQUFPLE9BQU8sQ0FBQyxHQUFHLENBQUM7UUFDckIsS0FBSyxrQkFBa0I7WUFDckIsT0FBTyxPQUFPLENBQUMsS0FBSyxDQUFDO1FBQ3ZCLEtBQUssc0JBQXNCO1lBQ3pCLE9BQU8sT0FBTyxDQUFDLE9BQU8sQ0FBQztRQUN6QixLQUFLLG9CQUFvQjtZQUN2QixPQUFPLE9BQU8sQ0FBQyxPQUFPLENBQUM7UUFDekIsS0FBSyxPQUFPO1lBQ1YsT0FBTyxLQUFLLENBQUM7UUFDZixLQUFLLFVBQVU7WUFDYixPQUFPLFFBQVEsQ0FBQztJQUNwQixDQUFDO0FBQ0gsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEtleVBvbGljeSB9IGZyb20gXCIuL3JvbGVcIjtcbmltcG9ydCB7IEtleUluZm9BcGksIEtleVR5cGVBcGksIFVwZGF0ZUtleVJlcXVlc3QsIFNjaGVtYUtleVR5cGUgfSBmcm9tIFwiLi9zY2hlbWFfdHlwZXNcIjtcbmltcG9ydCB7IEN1YmVTaWduZXJDbGllbnQgfSBmcm9tIFwiLi9jbGllbnRcIjtcblxuLyoqIFNlY3AyNTZrMSBrZXkgdHlwZSAqL1xuZXhwb3J0IGVudW0gU2VjcDI1NmsxIHtcbiAgRXZtID0gXCJTZWNwRXRoQWRkclwiLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIG5vLXVudXNlZC12YXJzXG4gIEJ0YyA9IFwiU2VjcEJ0Y1wiLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIG5vLXVudXNlZC12YXJzXG4gIEJ0Y1Rlc3QgPSBcIlNlY3BCdGNUZXN0XCIsIC8vIGVzbGludC1kaXNhYmxlLWxpbmUgbm8tdW51c2VkLXZhcnNcbiAgQXZhID0gXCJTZWNwQXZhQWRkclwiLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIG5vLXVudXNlZC12YXJzXG4gIEF2YVRlc3QgPSBcIlNlY3BBdmFUZXN0QWRkclwiLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIG5vLXVudXNlZC12YXJzXG59XG5cbi8qKiBCTFMga2V5IHR5cGUgKi9cbmV4cG9ydCBlbnVtIEJscyB7XG4gIEV0aDJEZXBvc2l0ZWQgPSBcIkJsc1B1YlwiLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIG5vLXVudXNlZC12YXJzXG4gIEV0aDJJbmFjdGl2ZSA9IFwiQmxzSW5hY3RpdmVcIiwgLy8gZXNsaW50LWRpc2FibGUtbGluZSBuby11bnVzZWQtdmFyc1xufVxuXG4vKiogRWQyNTUxOSBrZXkgdHlwZSAqL1xuZXhwb3J0IGVudW0gRWQyNTUxOSB7XG4gIFNvbGFuYSA9IFwiRWQyNTUxOVNvbGFuYUFkZHJcIiwgLy8gZXNsaW50LWRpc2FibGUtbGluZSBuby11bnVzZWQtdmFyc1xuICBTdWkgPSBcIkVkMjU1MTlTdWlBZGRyXCIsIC8vIGVzbGludC1kaXNhYmxlLWxpbmUgbm8tdW51c2VkLXZhcnNcbiAgQXB0b3MgPSBcIkVkMjU1MTlBcHRvc0FkZHJcIiwgLy8gZXNsaW50LWRpc2FibGUtbGluZSBuby11bnVzZWQtdmFyc1xuICBDYXJkYW5vID0gXCJFZDI1NTE5Q2FyZGFub0FkZHJWa1wiLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIG5vLXVudXNlZC12YXJzXG4gIFN0ZWxsYXIgPSBcIkVkMjU1MTlTdGVsbGFyQWRkclwiLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIG5vLXVudXNlZC12YXJzXG59XG5cbi8qKiBNbmVtb25pYyBrZXkgdHlwZSAqL1xuZXhwb3J0IGNvbnN0IE1uZW1vbmljID0gXCJNbmVtb25pY1wiIGFzIGNvbnN0O1xuZXhwb3J0IHR5cGUgTW5lbW9uaWMgPSB0eXBlb2YgTW5lbW9uaWM7XG5cbi8qKiBTdGFyayBrZXkgdHlwZSAqL1xuZXhwb3J0IGNvbnN0IFN0YXJrID0gXCJTdGFya1wiIGFzIGNvbnN0O1xuZXhwb3J0IHR5cGUgU3RhcmsgPSB0eXBlb2YgU3Rhcms7XG5cbi8qKiBLZXkgdHlwZSAqL1xuZXhwb3J0IHR5cGUgS2V5VHlwZSA9IFNlY3AyNTZrMSB8IEJscyB8IEVkMjU1MTkgfCBNbmVtb25pYyB8IFN0YXJrO1xuXG4vKiogQWRkaXRpb25hbCBwcm9wZXJ0aWVzIChmb3IgYmFja3dhcmQgY29tcGF0aWJpbGl0eSkgKi9cbmV4cG9ydCBpbnRlcmZhY2UgS2V5SW5mbyBleHRlbmRzIEtleUluZm9BcGkge1xuICAvKiogQWxpYXMgZm9yIGtleV9pZCAqL1xuICBpZDogc3RyaW5nO1xuICAvKiogQWxpYXMgZm9yIGtleV90eXBlICovXG4gIHR5cGU6IEtleVR5cGVBcGk7XG4gIC8qKiBBbGlhcyBmb3IgbWF0ZXJpYWxfaWQgKi9cbiAgbWF0ZXJpYWxJZDogc3RyaW5nO1xuICAvKiogQWxpYXMgZm9yIHB1YmxpY19rZXkgKi9cbiAgcHVibGljS2V5OiBzdHJpbmc7XG59XG5cbi8qKlxuICogRGVmaW5lIHNvbWUgYWRkaXRpb25hbCAoYmFja3dhcmQgY29tcGF0aWJpbGl0eSkgcHJvcGVydGllc1xuICogb24gYSBgS2V5SW5mb0FwaWAgb2JqZWN0IHJldHVybmVkIGZyb20gdGhlIHJlbW90ZSBlbmQuXG4gKlxuICogQHBhcmFtIHtLZXlJbmZvQXBpfSBrZXkgS2V5IGluZm9ybWF0aW9uIHJldHVybmVkIGZyb20gdGhlIHJlbW90ZSBlbmRcbiAqIEByZXR1cm4ge0tleUluZm99IFRoZSBzYW1lIGBrZXlgIG9iamVjdCBleHRlbmRlZCB3aXRoIHNvbWUgZGVyaXZlZCBwcm9wZXJ0aWVzLlxuICovXG5leHBvcnQgZnVuY3Rpb24gdG9LZXlJbmZvKGtleTogS2V5SW5mb0FwaSk6IEtleUluZm8ge1xuICByZXR1cm4ge1xuICAgIC4uLmtleSxcbiAgICBpZDoga2V5LmtleV9pZCxcbiAgICB0eXBlOiBrZXkua2V5X3R5cGUsXG4gICAgcHVibGljS2V5OiBrZXkucHVibGljX2tleSxcbiAgICBtYXRlcmlhbElkOiBrZXkubWF0ZXJpYWxfaWQsXG4gIH07XG59XG5cbi8qKlxuICogQSByZXByZXNlbnRhdGlvbiBvZiBhIHNpZ25pbmcga2V5LlxuICovXG5leHBvcnQgY2xhc3MgS2V5IHtcbiAgLyoqIFRoZSBDdWJlU2lnbmVyIGluc3RhbmNlIHRoYXQgdGhpcyBrZXkgaXMgYXNzb2NpYXRlZCB3aXRoICovXG4gIHByb3RlY3RlZCByZWFkb25seSBjc2M6IEN1YmVTaWduZXJDbGllbnQ7XG4gIC8qKiBUaGUga2V5IGluZm9ybWF0aW9uICovXG4gICNkYXRhOiBLZXlJbmZvO1xuXG4gIC8qKiBUaGUgb3JnYW5pemF0aW9uIHRoYXQgdGhpcyBrZXkgaXMgaW4gKi9cbiAgZ2V0IG9yZ0lkKCkge1xuICAgIHJldHVybiB0aGlzLmNzYy5vcmdJZDtcbiAgfVxuXG4gIC8qKlxuICAgKiBUaGUgaWQgb2YgdGhlIGtleTogXCJLZXkjXCIgZm9sbG93ZWQgYnkgYSB1bmlxdWUgaWRlbnRpZmllciBzcGVjaWZpYyB0b1xuICAgKiB0aGUgdHlwZSBvZiBrZXkgKHN1Y2ggYXMgYSBwdWJsaWMga2V5IGZvciBCTFMgb3IgYW4gZXRoZXJldW0gYWRkcmVzcyBmb3IgU2VjcClcbiAgICogQGV4YW1wbGUgS2V5IzB4OGUzNDg0Njg3ZTY2Y2RkMjZjZjA0YzM2NDc2MzNhYjRmMzU3MDE0OFxuICAgKi9cbiAgZ2V0IGlkKCk6IHN0cmluZyB7XG4gICAgcmV0dXJuIHRoaXMuI2RhdGEua2V5X2lkO1xuICB9XG5cbiAgLyoqXG4gICAqIEEgdW5pcXVlIGlkZW50aWZpZXIgc3BlY2lmaWMgdG8gdGhlIHR5cGUgb2Yga2V5LCBzdWNoIGFzIGEgcHVibGljIGtleSBvciBhbiBldGhlcmV1bSBhZGRyZXNzXG4gICAqIEBleGFtcGxlIDB4OGUzNDg0Njg3ZTY2Y2RkMjZjZjA0YzM2NDc2MzNhYjRmMzU3MDE0OFxuICAgKi9cbiAgZ2V0IG1hdGVyaWFsSWQoKTogc3RyaW5nIHtcbiAgICByZXR1cm4gdGhpcy4jZGF0YS5tYXRlcmlhbF9pZDtcbiAgfVxuXG4gIC8qKlxuICAgKiBAZGVzY3JpcHRpb24gSGV4LWVuY29kZWQsIHNlcmlhbGl6ZWQgcHVibGljIGtleS4gVGhlIGZvcm1hdCB1c2VkIGRlcGVuZHMgb24gdGhlIGtleSB0eXBlOlxuICAgKiAtIHNlY3AyNTZrMSBrZXlzIHVzZSA2NS1ieXRlIHVuY29tcHJlc3NlZCBTRUNHIGZvcm1hdFxuICAgKiAtIEJMUyBrZXlzIHVzZSA0OC1ieXRlIGNvbXByZXNzZWQgQkxTMTItMzgxIChaQ2FzaCkgZm9ybWF0XG4gICAqIEBleGFtcGxlIDB4MDRkMjY4OGI2YmMyY2U3Zjk4NzliOWU3NDVmM2M0ZGMxNzc5MDhjNWNlZjBjMWI2NGNmZjE5YWU3ZmYyN2RlZTYyM2M2NGZlOWQ5YzMyNWM3ZmJiYzc0OGJiZDVmNjA3Y2UxNGRkODNlMjhlYmJiYjdkM2U3ZjJmZmI3MGE3OTQzMVxuICAgKi9cbiAgZ2V0IHB1YmxpY0tleSgpOiBzdHJpbmcge1xuICAgIHJldHVybiB0aGlzLiNkYXRhLnB1YmxpY19rZXk7XG4gIH1cblxuICAvKipcbiAgICogR2V0IHRoZSBjYWNoZWQgcHJvcGVydGllcyBvZiB0aGlzIGtleS4gVGhlIGNhY2hlZCBwcm9wZXJ0aWVzIHJlZmxlY3QgdGhlXG4gICAqIHN0YXRlIG9mIHRoZSBsYXN0IGZldGNoIG9yIHVwZGF0ZSAoZS5nLiwgYWZ0ZXIgYXdhaXRpbmcgYEtleS5lbmFibGVkKClgXG4gICAqIG9yIGBLZXkuZGlzYWJsZSgpYCkuXG4gICAqL1xuICBnZXQgY2FjaGVkKCk6IEtleUluZm8ge1xuICAgIHJldHVybiB0aGlzLiNkYXRhO1xuICB9XG5cbiAgLyoqIFRoZSB0eXBlIG9mIGtleS4gKi9cbiAgYXN5bmMgdHlwZSgpOiBQcm9taXNlPEtleVR5cGU+IHtcbiAgICBjb25zdCBkYXRhID0gYXdhaXQgdGhpcy5mZXRjaCgpO1xuICAgIHJldHVybiBmcm9tU2NoZW1hS2V5VHlwZShkYXRhLmtleV90eXBlKTtcbiAgfVxuXG4gIC8qKiBJcyB0aGUga2V5IGVuYWJsZWQ/ICovXG4gIGFzeW5jIGVuYWJsZWQoKTogUHJvbWlzZTxib29sZWFuPiB7XG4gICAgY29uc3QgZGF0YSA9IGF3YWl0IHRoaXMuZmV0Y2goKTtcbiAgICByZXR1cm4gZGF0YS5lbmFibGVkO1xuICB9XG5cbiAgLyoqIEVuYWJsZSB0aGUga2V5LiAqL1xuICBhc3luYyBlbmFibGUoKSB7XG4gICAgYXdhaXQgdGhpcy51cGRhdGUoeyBlbmFibGVkOiB0cnVlIH0pO1xuICB9XG5cbiAgLyoqIERpc2FibGUgdGhlIGtleS4gKi9cbiAgYXN5bmMgZGlzYWJsZSgpIHtcbiAgICBhd2FpdCB0aGlzLnVwZGF0ZSh7IGVuYWJsZWQ6IGZhbHNlIH0pO1xuICB9XG5cbiAgLyoqXG4gICAqIFNldCBuZXcgcG9saWN5IChvdmVyd3JpdGluZyBhbnkgcG9saWNpZXMgcHJldmlvdXNseSBzZXQgZm9yIHRoaXMga2V5KVxuICAgKiBAcGFyYW0ge0tleVBvbGljeX0gcG9saWN5IFRoZSBuZXcgcG9saWN5IHRvIHNldFxuICAgKi9cbiAgYXN5bmMgc2V0UG9saWN5KHBvbGljeTogS2V5UG9saWN5KSB7XG4gICAgYXdhaXQgdGhpcy51cGRhdGUoeyBwb2xpY3k6IHBvbGljeSBhcyB1bmtub3duIGFzIFJlY29yZDxzdHJpbmcsIG5ldmVyPltdIH0pO1xuICB9XG5cbiAgLyoqXG4gICAqIEFwcGVuZCB0byBleGlzdGluZyBrZXkgcG9saWN5LiBUaGlzIGFwcGVuZCBpcyBub3QgYXRvbWljIC0tIGl0IHVzZXMge0BsaW5rIHBvbGljeX0gdG8gZmV0Y2ggdGhlIGN1cnJlbnQgcG9saWN5IGFuZCB0aGVuIHtAbGluayBzZXRQb2xpY3l9IHRvIHNldCB0aGUgcG9saWN5IC0tIGFuZCBzaG91bGQgbm90IGJlIHVzZWQgaW4gYWNyb3NzIGNvbmN1cnJlbnQgc2Vzc2lvbnMuXG4gICAqIEBwYXJhbSB7S2V5UG9saWN5fSBwb2xpY3kgVGhlIHBvbGljeSB0byBhcHBlbmQgdG8gdGhlIGV4aXN0aW5nIG9uZS5cbiAgICovXG4gIGFzeW5jIGFwcGVuZFBvbGljeShwb2xpY3k6IEtleVBvbGljeSkge1xuICAgIGNvbnN0IGV4aXN0aW5nID0gYXdhaXQgdGhpcy5wb2xpY3koKTtcbiAgICBhd2FpdCB0aGlzLnNldFBvbGljeShbLi4uZXhpc3RpbmcsIC4uLnBvbGljeV0pO1xuICB9XG5cbiAgLyoqXG4gICAqIEdldCB0aGUgcG9saWN5IGZvciB0aGUga2V5LlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPEtleVBvbGljeT59IFRoZSBwb2xpY3kgZm9yIHRoZSBrZXkuXG4gICAqL1xuICBhc3luYyBwb2xpY3koKTogUHJvbWlzZTxLZXlQb2xpY3k+IHtcbiAgICBjb25zdCBkYXRhID0gYXdhaXQgdGhpcy5mZXRjaCgpO1xuICAgIHJldHVybiAoZGF0YS5wb2xpY3kgPz8gW10pIGFzIHVua25vd24gYXMgS2V5UG9saWN5O1xuICB9XG5cbiAgLyoqXG4gICAqIEBkZXNjcmlwdGlvbiBPd25lciBvZiB0aGUga2V5XG4gICAqIEBleGFtcGxlIFVzZXIjYzNiOTM3OWMtNGU4Yy00MjE2LWJkMGEtNjVhY2U1M2NmOThmXG4gICAqL1xuICBhc3luYyBvd25lcigpOiBQcm9taXNlPHN0cmluZz4ge1xuICAgIGNvbnN0IGRhdGEgPSBhd2FpdCB0aGlzLmZldGNoKCk7XG4gICAgcmV0dXJuIGRhdGEub3duZXI7XG4gIH1cblxuICAvKipcbiAgICogU2V0IHRoZSBvd25lciBvZiB0aGUga2V5LiBPbmx5IHRoZSBrZXkgKG9yIG9yZykgb3duZXIgY2FuIGNoYW5nZSB0aGUgb3duZXIgb2YgdGhlIGtleS5cbiAgICogQHBhcmFtIHtzdHJpbmd9IG93bmVyIFRoZSB1c2VyLWlkIG9mIHRoZSBuZXcgb3duZXIgb2YgdGhlIGtleS5cbiAgICovXG4gIGFzeW5jIHNldE93bmVyKG93bmVyOiBzdHJpbmcpIHtcbiAgICBhd2FpdCB0aGlzLnVwZGF0ZSh7IG93bmVyIH0pO1xuICB9XG5cbiAgLyoqXG4gICAqIERlbGV0ZSB0aGlzIGtleS5cbiAgICovXG4gIGFzeW5jIGRlbGV0ZSgpIHtcbiAgICBhd2FpdCB0aGlzLmNzYy5rZXlEZWxldGUodGhpcy5pZCk7XG4gIH1cblxuICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuICAvLyAtLSBJTlRFUk5BTCAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuXG4gIC8qKlxuICAgKiBDcmVhdGUgYSBuZXcga2V5LlxuICAgKlxuICAgKiBAcGFyYW0ge0N1YmVTaWduZXJDbGllbnR9IGNzYyBUaGUgQ3ViZVNpZ25lciBpbnN0YW5jZSB0byB1c2UgZm9yIHNpZ25pbmcuXG4gICAqIEBwYXJhbSB7S2V5SW5mb0FwaX0gZGF0YSBUaGUgSlNPTiByZXNwb25zZSBmcm9tIHRoZSBBUEkgc2VydmVyLlxuICAgKiBAaW50ZXJuYWxcbiAgICovXG4gIGNvbnN0cnVjdG9yKGNzYzogQ3ViZVNpZ25lckNsaWVudCwgZGF0YTogS2V5SW5mb0FwaSkge1xuICAgIHRoaXMuY3NjID0gY3NjO1xuICAgIHRoaXMuI2RhdGEgPSB0b0tleUluZm8oZGF0YSk7XG4gIH1cblxuICAvKipcbiAgICogVXBkYXRlIHRoZSBrZXkuXG4gICAqIEBwYXJhbSB7VXBkYXRlS2V5UmVxdWVzdH0gcmVxdWVzdCBUaGUgSlNPTiByZXF1ZXN0IHRvIHNlbmQgdG8gdGhlIEFQSSBzZXJ2ZXIuXG4gICAqIEByZXR1cm4ge0tleUluZm99IFRoZSBKU09OIHJlc3BvbnNlIGZyb20gdGhlIEFQSSBzZXJ2ZXIuXG4gICAqIEBpbnRlcm5hbFxuICAgKi9cbiAgcHJpdmF0ZSBhc3luYyB1cGRhdGUocmVxdWVzdDogVXBkYXRlS2V5UmVxdWVzdCk6IFByb21pc2U8S2V5SW5mbz4ge1xuICAgIHRoaXMuI2RhdGEgPSBhd2FpdCB0aGlzLmNzYy5rZXlVcGRhdGUodGhpcy5pZCwgcmVxdWVzdCkudGhlbih0b0tleUluZm8pO1xuICAgIHJldHVybiB0aGlzLiNkYXRhO1xuICB9XG5cbiAgLyoqXG4gICAqIEZldGNoIHRoZSBrZXkgaW5mb3JtYXRpb24uXG4gICAqXG4gICAqIEByZXR1cm4ge0tleUluZm99IFRoZSBrZXkgaW5mb3JtYXRpb24uXG4gICAqIEBpbnRlcm5hbFxuICAgKi9cbiAgcHJpdmF0ZSBhc3luYyBmZXRjaCgpOiBQcm9taXNlPEtleUluZm8+IHtcbiAgICB0aGlzLiNkYXRhID0gYXdhaXQgdGhpcy5jc2Mua2V5R2V0KHRoaXMuaWQpLnRoZW4odG9LZXlJbmZvKTtcbiAgICByZXR1cm4gdGhpcy4jZGF0YTtcbiAgfVxufVxuXG4vKipcbiAqIENvbnZlcnQgYSBzY2hlbWEga2V5IHR5cGUgdG8gYSBrZXkgdHlwZS5cbiAqXG4gKiBAcGFyYW0ge1NjaGVtYUtleVR5cGV9IHR5IFRoZSBzY2hlbWEga2V5IHR5cGUuXG4gKiBAcmV0dXJuIHtLZXlUeXBlfSBUaGUga2V5IHR5cGUuXG4gKiBAaW50ZXJuYWxcbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGZyb21TY2hlbWFLZXlUeXBlKHR5OiBTY2hlbWFLZXlUeXBlKTogS2V5VHlwZSB7XG4gIHN3aXRjaCAodHkpIHtcbiAgICBjYXNlIFwiU2VjcEV0aEFkZHJcIjpcbiAgICAgIHJldHVybiBTZWNwMjU2azEuRXZtO1xuICAgIGNhc2UgXCJTZWNwQnRjXCI6XG4gICAgICByZXR1cm4gU2VjcDI1NmsxLkJ0YztcbiAgICBjYXNlIFwiU2VjcEJ0Y1Rlc3RcIjpcbiAgICAgIHJldHVybiBTZWNwMjU2azEuQnRjVGVzdDtcbiAgICBjYXNlIFwiU2VjcEF2YUFkZHJcIjpcbiAgICAgIHJldHVybiBTZWNwMjU2azEuQXZhO1xuICAgIGNhc2UgXCJTZWNwQXZhVGVzdEFkZHJcIjpcbiAgICAgIHJldHVybiBTZWNwMjU2azEuQXZhVGVzdDtcbiAgICBjYXNlIFwiQmxzUHViXCI6XG4gICAgICByZXR1cm4gQmxzLkV0aDJEZXBvc2l0ZWQ7XG4gICAgY2FzZSBcIkJsc0luYWN0aXZlXCI6XG4gICAgICByZXR1cm4gQmxzLkV0aDJJbmFjdGl2ZTtcbiAgICBjYXNlIFwiRWQyNTUxOVNvbGFuYUFkZHJcIjpcbiAgICAgIHJldHVybiBFZDI1NTE5LlNvbGFuYTtcbiAgICBjYXNlIFwiRWQyNTUxOVN1aUFkZHJcIjpcbiAgICAgIHJldHVybiBFZDI1NTE5LlN1aTtcbiAgICBjYXNlIFwiRWQyNTUxOUFwdG9zQWRkclwiOlxuICAgICAgcmV0dXJuIEVkMjU1MTkuQXB0b3M7XG4gICAgY2FzZSBcIkVkMjU1MTlDYXJkYW5vQWRkclZrXCI6XG4gICAgICByZXR1cm4gRWQyNTUxOS5DYXJkYW5vO1xuICAgIGNhc2UgXCJFZDI1NTE5U3RlbGxhckFkZHJcIjpcbiAgICAgIHJldHVybiBFZDI1NTE5LlN0ZWxsYXI7XG4gICAgY2FzZSBcIlN0YXJrXCI6XG4gICAgICByZXR1cm4gU3Rhcms7XG4gICAgY2FzZSBcIk1uZW1vbmljXCI6XG4gICAgICByZXR1cm4gTW5lbW9uaWM7XG4gIH1cbn1cbiJdfQ==

package/dist/esm/src/mfa.d.ts

@@ -0,0 +1,94 @@
+import { ApiAddFidoChallenge, ApiMfaFidoChallenge, MfaRequestInfo, TotpInfo } from "./schema_types";
+import { CubeSignerApi } from "./api";
+/** MFA receipt */
+export interface MfaReceipt {
+    /** MFA request ID */
+    mfaId: string;
+    /** Corresponding org ID */
+    mfaOrgId: string;
+    /** MFA confirmation code */
+    mfaConf: string;
+}
+/** TOTP challenge that must be answered before user's TOTP is updated */
+export declare class TotpChallenge {
+    #private;
+    /** The id of the challenge */
+    get totpId(): string;
+    /** The new TOTP configuration */
+    get totpUrl(): string;
+    /**
+     * @param {CubeSignerApi} api Used when answering the challenge.
+     * @param {TotpInfo} totpInfo TOTP challenge information.
+     */
+    constructor(api: CubeSignerApi, totpInfo: TotpInfo);
+    /**
+     * Answer the challenge with the code that corresponds to `this.totpUrl`.
+     * @param {string} code 6-digit code that corresponds to `this.totpUrl`.
+     */
+    answer(code: string): Promise<void>;
+}
+/**
+ * Returned after creating a request to add a new FIDO device.
+ * Provides some helper methods for answering this challenge.
+ */
+export declare class AddFidoChallenge {
+    #private;
+    readonly challengeId: string;
+    readonly options: any;
+    /**
+     * Constructor
+     * @param {CubeSignerApi} api The API client used to request to add a FIDO device
+     * @param {ApiAddFidoChallenge} challenge The challenge returned by the remote end.
+     */
+    constructor(api: CubeSignerApi, challenge: ApiAddFidoChallenge);
+    /**
+     * Answers this challenge by using the `CredentialsContainer` API to create a credential
+     * based on the the public key credential creation options from this challenge.
+     */
+    createCredentialAndAnswer(): Promise<void>;
+    /**
+     * Answers this challenge using a given credential `cred`;
+     * the credential should be obtained by calling
+     *
+     * ```
+     * const cred = await navigator.credentials.create({ publicKey: this.options });
+     * ```
+     *
+     * @param {any} cred Credential created by calling the `CredentialContainer`'s `create` method
+     *                   based on the public key creation options from this challenge.
+     */
+    answer(cred: any): Promise<void>;
+}
+/**
+ * Returned after initiating MFA approval using FIDO.
+ * Provides some helper methods for answering this challenge.
+ */
+export declare class MfaFidoChallenge {
+    #private;
+    readonly mfaId: string;
+    readonly challengeId: string;
+    readonly options: any;
+    /**
+     * @param {CubeSignerApi} api The API client used to initiate MFA approval using FIDO
+     * @param {string} mfaId The MFA request id.
+     * @param {ApiMfaFidoChallenge} challenge The challenge returned by the remote end
+     */
+    constructor(api: CubeSignerApi, mfaId: string, challenge: ApiMfaFidoChallenge);
+    /**
+     * Answers this challenge by using the `CredentialsContainer` API to get a credential
+     * based on the the public key credential request options from this challenge.
+     */
+    createCredentialAndAnswer(): Promise<MfaRequestInfo>;
+    /**
+     * Answers this challenge using a given credential `cred`.
+     * To obtain this credential, for example, call
+     *
+     * ```
+     * const cred = await navigator.credentials.get({ publicKey: this.options });
+     * ```
+     *
+     * @param {any} cred Credential created by calling the `CredentialContainer`'s `get` method
+     *                   based on the public key credential request options from this challenge.
+     */
+    answer(cred: any): Promise<MfaRequestInfo>;
+}

package/dist/esm/src/mfa.js

@@ -0,0 +1,163 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var _TotpChallenge_api, _TotpChallenge_totpInfo, _AddFidoChallenge_api, _MfaFidoChallenge_api;
+import { decodeBase64Url, encodeToBase64Url } from "./util";
+/** TOTP challenge that must be answered before user's TOTP is updated */
+export class TotpChallenge {
+    /** The id of the challenge */
+    get totpId() {
+        return __classPrivateFieldGet(this, _TotpChallenge_totpInfo, "f").totp_id;
+    }
+    /** The new TOTP configuration */
+    get totpUrl() {
+        return __classPrivateFieldGet(this, _TotpChallenge_totpInfo, "f").totp_url;
+    }
+    /**
+     * @param {CubeSignerApi} api Used when answering the challenge.
+     * @param {TotpInfo} totpInfo TOTP challenge information.
+     */
+    constructor(api, totpInfo) {
+        _TotpChallenge_api.set(this, void 0);
+        _TotpChallenge_totpInfo.set(this, void 0);
+        __classPrivateFieldSet(this, _TotpChallenge_api, api, "f");
+        __classPrivateFieldSet(this, _TotpChallenge_totpInfo, totpInfo, "f");
+    }
+    /**
+     * Answer the challenge with the code that corresponds to `this.totpUrl`.
+     * @param {string} code 6-digit code that corresponds to `this.totpUrl`.
+     */
+    async answer(code) {
+        if (!/^\d{1,6}$/.test(code)) {
+            throw new Error(`Invalid TOTP code: ${code}; it must be a 6-digit string`);
+        }
+        await __classPrivateFieldGet(this, _TotpChallenge_api, "f").userTotpResetComplete(this.totpId, code);
+    }
+}
+_TotpChallenge_api = new WeakMap(), _TotpChallenge_totpInfo = new WeakMap();
+/**
+ * Returned after creating a request to add a new FIDO device.
+ * Provides some helper methods for answering this challenge.
+ */
+export class AddFidoChallenge {
+    /**
+     * Constructor
+     * @param {CubeSignerApi} api The API client used to request to add a FIDO device
+     * @param {ApiAddFidoChallenge} challenge The challenge returned by the remote end.
+     */
+    constructor(api, challenge) {
+        _AddFidoChallenge_api.set(this, void 0);
+        __classPrivateFieldSet(this, _AddFidoChallenge_api, api, "f");
+        this.challengeId = challenge.challenge_id;
+        // fix options returned from the server: rename fields and decode base64 fields to uint8[]
+        this.options = {
+            ...challenge.options,
+            challenge: decodeBase64Url(challenge.options.challenge),
+        };
+        if (challenge.options.user) {
+            this.options.user.id = decodeBase64Url(challenge.options.user.id);
+        }
+        for (const credential of this.options.excludeCredentials ?? []) {
+            credential.id = decodeBase64Url(credential.id);
+        }
+    }
+    /**
+     * Answers this challenge by using the `CredentialsContainer` API to create a credential
+     * based on the the public key credential creation options from this challenge.
+     */
+    async createCredentialAndAnswer() {
+        const cred = await navigator.credentials.create({ publicKey: this.options });
+        await this.answer(cred);
+    }
+    /**
+     * Answers this challenge using a given credential `cred`;
+     * the credential should be obtained by calling
+     *
+     * ```
+     * const cred = await navigator.credentials.create({ publicKey: this.options });
+     * ```
+     *
+     * @param {any} cred Credential created by calling the `CredentialContainer`'s `create` method
+     *                   based on the public key creation options from this challenge.
+     */
+    async answer(cred) {
+        const answer = {
+            id: cred.id,
+            response: {
+                clientDataJSON: encodeToBase64Url(cred.response.clientDataJSON),
+                attestationObject: encodeToBase64Url(cred.response.attestationObject),
+            },
+        };
+        await __classPrivateFieldGet(this, _AddFidoChallenge_api, "f").userFidoRegisterComplete(this.challengeId, answer);
+    }
+}
+_AddFidoChallenge_api = new WeakMap();
+/**
+ * Returned after initiating MFA approval using FIDO.
+ * Provides some helper methods for answering this challenge.
+ */
+export class MfaFidoChallenge {
+    /**
+     * @param {CubeSignerApi} api The API client used to initiate MFA approval using FIDO
+     * @param {string} mfaId The MFA request id.
+     * @param {ApiMfaFidoChallenge} challenge The challenge returned by the remote end
+     */
+    constructor(api, mfaId, challenge) {
+        _MfaFidoChallenge_api.set(this, void 0);
+        __classPrivateFieldSet(this, _MfaFidoChallenge_api, api, "f");
+        this.mfaId = mfaId;
+        this.challengeId = challenge.challenge_id;
+        // fix options returned from the server: rename fields and decode base64 fields into uint8[]
+        this.options = {
+            ...challenge.options,
+            challenge: decodeBase64Url(challenge.options.challenge),
+        };
+        for (const credential of this.options.allowCredentials ?? []) {
+            credential.id = decodeBase64Url(credential.id);
+            if (credential.transports === null) {
+                delete credential.transports;
+            }
+        }
+    }
+    /**
+     * Answers this challenge by using the `CredentialsContainer` API to get a credential
+     * based on the the public key credential request options from this challenge.
+     */
+    async createCredentialAndAnswer() {
+        const cred = await navigator.credentials.get({ publicKey: this.options });
+        return await this.answer(cred);
+    }
+    /**
+     * Answers this challenge using a given credential `cred`.
+     * To obtain this credential, for example, call
+     *
+     * ```
+     * const cred = await navigator.credentials.get({ publicKey: this.options });
+     * ```
+     *
+     * @param {any} cred Credential created by calling the `CredentialContainer`'s `get` method
+     *                   based on the public key credential request options from this challenge.
+     */
+    async answer(cred) {
+        const answer = {
+            id: cred.id,
+            response: {
+                clientDataJSON: encodeToBase64Url(cred.response.clientDataJSON),
+                authenticatorData: encodeToBase64Url(cred.response.authenticatorData),
+                signature: encodeToBase64Url(cred.response.signature),
+            },
+        };
+        return await __classPrivateFieldGet(this, _MfaFidoChallenge_api, "f").mfaApproveFidoComplete(this.mfaId, this.challengeId, answer);
+    }
+}
+_MfaFidoChallenge_api = new WeakMap();
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWZhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL21mYS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSx1REFBdUQ7Ozs7Ozs7Ozs7Ozs7QUFTdkQsT0FBTyxFQUFFLGVBQWUsRUFBRSxpQkFBaUIsRUFBRSxNQUFNLFFBQVEsQ0FBQztBQWE1RCx5RUFBeUU7QUFDekUsTUFBTSxPQUFPLGFBQWE7SUFJeEIsOEJBQThCO0lBQzlCLElBQUksTUFBTTtRQUNSLE9BQU8sdUJBQUEsSUFBSSwrQkFBVSxDQUFDLE9BQU8sQ0FBQztJQUNoQyxDQUFDO0lBRUQsaUNBQWlDO0lBQ2pDLElBQUksT0FBTztRQUNULE9BQU8sdUJBQUEsSUFBSSwrQkFBVSxDQUFDLFFBQVEsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsWUFBWSxHQUFrQixFQUFFLFFBQWtCO1FBakJ6QyxxQ0FBb0I7UUFDcEIsMENBQW9CO1FBaUIzQix1QkFBQSxJQUFJLHNCQUFRLEdBQUcsTUFBQSxDQUFDO1FBQ2hCLHVCQUFBLElBQUksMkJBQWEsUUFBUSxNQUFBLENBQUM7SUFDNUIsQ0FBQztJQUVEOzs7T0FHRztJQUNILEtBQUssQ0FBQyxNQUFNLENBQUMsSUFBWTtRQUN2QixJQUFJLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO1lBQzVCLE1BQU0sSUFBSSxLQUFLLENBQUMsc0JBQXNCLElBQUksK0JBQStCLENBQUMsQ0FBQztRQUM3RSxDQUFDO1FBRUQsTUFBTSx1QkFBQSxJQUFJLDBCQUFLLENBQUMscUJBQXFCLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxJQUFJLENBQUMsQ0FBQztJQUMzRCxDQUFDO0NBQ0Y7O0FBRUQ7OztHQUdHO0FBQ0gsTUFBTSxPQUFPLGdCQUFnQjtJQUszQjs7OztPQUlHO0lBQ0gsWUFBWSxHQUFrQixFQUFFLFNBQThCO1FBVHJELHdDQUFvQjtRQVUzQix1QkFBQSxJQUFJLHlCQUFRLEdBQUcsTUFBQSxDQUFDO1FBQ2hCLElBQUksQ0FBQyxXQUFXLEdBQUcsU0FBUyxDQUFDLFlBQVksQ0FBQztRQUUxQywwRkFBMEY7UUFDMUYsSUFBSSxDQUFDLE9BQU8sR0FBRztZQUNiLEdBQUcsU0FBUyxDQUFDLE9BQU87WUFDcEIsU0FBUyxFQUFFLGVBQWUsQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQztTQUN4RCxDQUFDO1FBRUYsSUFBSSxTQUFTLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxDQUFDO1lBQzNCLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLEVBQUUsR0FBRyxlQUFlLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDcEUsQ0FBQztRQUVELEtBQUssTUFBTSxVQUFVLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxrQkFBa0IsSUFBSSxFQUFFLEVBQUUsQ0FBQztZQUMvRCxVQUFVLENBQUMsRUFBRSxHQUFHLGVBQWUsQ0FBQyxVQUFVLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDakQsQ0FBQztJQUNILENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMseUJBQXlCO1FBQzdCLE1BQU0sSUFBSSxHQUFHLE1BQU0sU0FBUyxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsRUFBRSxTQUFTLEVBQUUsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7UUFDN0UsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQzFCLENBQUM7SUFFRDs7Ozs7Ozs7OztPQVVHO0lBQ0gsS0FBSyxDQUFDLE1BQU0sQ0FBQyxJQUFTO1FBQ3BCLE1BQU0sTUFBTSxHQUF3QjtZQUNsQyxFQUFFLEVBQUUsSUFBSSxDQUFDLEVBQUU7WUFDWCxRQUFRLEVBQUU7Z0JBQ1IsY0FBYyxFQUFFLGlCQUFpQixDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsY0FBYyxDQUFDO2dCQUMvRCxpQkFBaUIsRUFBRSxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDO2FBQ3RFO1NBQ0YsQ0FBQztRQUNGLE1BQU0sdUJBQUEsSUFBSSw2QkFBSyxDQUFDLHdCQUF3QixDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsTUFBTSxDQUFDLENBQUM7SUFDckUsQ0FBQztDQUNGOztBQUVEOzs7R0FHRztBQUNILE1BQU0sT0FBTyxnQkFBZ0I7SUFNM0I7Ozs7T0FJRztJQUNILFlBQVksR0FBa0IsRUFBRSxLQUFhLEVBQUUsU0FBOEI7UUFWcEUsd0NBQW9CO1FBVzNCLHVCQUFBLElBQUkseUJBQVEsR0FBRyxNQUFBLENBQUM7UUFDaEIsSUFBSSxDQUFDLEtBQUssR0FBRyxLQUFLLENBQUM7UUFDbkIsSUFBSSxDQUFDLFdBQVcsR0FBRyxTQUFTLENBQUMsWUFBWSxDQUFDO1FBRTFDLDRGQUE0RjtRQUM1RixJQUFJLENBQUMsT0FBTyxHQUFHO1lBQ2IsR0FBRyxTQUFTLENBQUMsT0FBTztZQUNwQixTQUFTLEVBQUUsZUFBZSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDO1NBQ3hELENBQUM7UUFFRixLQUFLLE1BQU0sVUFBVSxJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsZ0JBQWdCLElBQUksRUFBRSxFQUFFLENBQUM7WUFDN0QsVUFBVSxDQUFDLEVBQUUsR0FBRyxlQUFlLENBQUMsVUFBVSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQy9DLElBQUksVUFBVSxDQUFDLFVBQVUsS0FBSyxJQUFJLEVBQUUsQ0FBQztnQkFDbkMsT0FBTyxVQUFVLENBQUMsVUFBVSxDQUFDO1lBQy9CLENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQztJQUVEOzs7T0FHRztJQUNILEtBQUssQ0FBQyx5QkFBeUI7UUFDN0IsTUFBTSxJQUFJLEdBQUcsTUFBTSxTQUFTLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxFQUFFLFNBQVMsRUFBRSxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztRQUMxRSxPQUFPLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7T0FVRztJQUNILEtBQUssQ0FBQyxNQUFNLENBQUMsSUFBUztRQUNwQixNQUFNLE1BQU0sR0FBd0I7WUFDbEMsRUFBRSxFQUFFLElBQUksQ0FBQyxFQUFFO1lBQ1gsUUFBUSxFQUFFO2dCQUNSLGNBQWMsRUFBRSxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLGNBQWMsQ0FBQztnQkFDL0QsaUJBQWlCLEVBQUUsaUJBQWlCLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQztnQkFDckUsU0FBUyxFQUFFLGlCQUFpQixDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDO2FBQ3REO1NBQ0YsQ0FBQztRQUNGLE9BQU8sTUFBTSx1QkFBQSxJQUFJLDZCQUFLLENBQUMsc0JBQXNCLENBQUMsSUFBSSxDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsV0FBVyxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQ3RGLENBQUM7Q0FDRiIsInNvdXJjZXNDb250ZW50IjpbIi8qIGVzbGludC1kaXNhYmxlIEB0eXBlc2NyaXB0LWVzbGludC9uby1leHBsaWNpdC1hbnkgKi9cblxuaW1wb3J0IHtcbiAgQXBpQWRkRmlkb0NoYWxsZW5nZSxcbiAgQXBpTWZhRmlkb0NoYWxsZW5nZSxcbiAgTWZhUmVxdWVzdEluZm8sXG4gIFB1YmxpY0tleUNyZWRlbnRpYWwsXG4gIFRvdHBJbmZvLFxufSBmcm9tIFwiLi9zY2hlbWFfdHlwZXNcIjtcbmltcG9ydCB7IGRlY29kZUJhc2U2NFVybCwgZW5jb2RlVG9CYXNlNjRVcmwgfSBmcm9tIFwiLi91dGlsXCI7XG5pbXBvcnQgeyBDdWJlU2lnbmVyQXBpIH0gZnJvbSBcIi4vYXBpXCI7XG5cbi8qKiBNRkEgcmVjZWlwdCAqL1xuZXhwb3J0IGludGVyZmFjZSBNZmFSZWNlaXB0IHtcbiAgLyoqIE1GQSByZXF1ZXN0IElEICovXG4gIG1mYUlkOiBzdHJpbmc7XG4gIC8qKiBDb3JyZXNwb25kaW5nIG9yZyBJRCAqL1xuICBtZmFPcmdJZDogc3RyaW5nO1xuICAvKiogTUZBIGNvbmZpcm1hdGlvbiBjb2RlICovXG4gIG1mYUNvbmY6IHN0cmluZztcbn1cblxuLyoqIFRPVFAgY2hhbGxlbmdlIHRoYXQgbXVzdCBiZSBhbnN3ZXJlZCBiZWZvcmUgdXNlcidzIFRPVFAgaXMgdXBkYXRlZCAqL1xuZXhwb3J0IGNsYXNzIFRvdHBDaGFsbGVuZ2Uge1xuICByZWFkb25seSAjYXBpOiBDdWJlU2lnbmVyQXBpO1xuICByZWFkb25seSAjdG90cEluZm86IFRvdHBJbmZvO1xuXG4gIC8qKiBUaGUgaWQgb2YgdGhlIGNoYWxsZW5nZSAqL1xuICBnZXQgdG90cElkKCkge1xuICAgIHJldHVybiB0aGlzLiN0b3RwSW5mby50b3RwX2lkO1xuICB9XG5cbiAgLyoqIFRoZSBuZXcgVE9UUCBjb25maWd1cmF0aW9uICovXG4gIGdldCB0b3RwVXJsKCkge1xuICAgIHJldHVybiB0aGlzLiN0b3RwSW5mby50b3RwX3VybDtcbiAgfVxuXG4gIC8qKlxuICAgKiBAcGFyYW0ge0N1YmVTaWduZXJBcGl9IGFwaSBVc2VkIHdoZW4gYW5zd2VyaW5nIHRoZSBjaGFsbGVuZ2UuXG4gICAqIEBwYXJhbSB7VG90cEluZm99IHRvdHBJbmZvIFRPVFAgY2hhbGxlbmdlIGluZm9ybWF0aW9uLlxuICAgKi9cbiAgY29uc3RydWN0b3IoYXBpOiBDdWJlU2lnbmVyQXBpLCB0b3RwSW5mbzogVG90cEluZm8pIHtcbiAgICB0aGlzLiNhcGkgPSBhcGk7XG4gICAgdGhpcy4jdG90cEluZm8gPSB0b3RwSW5mbztcbiAgfVxuXG4gIC8qKlxuICAgKiBBbnN3ZXIgdGhlIGNoYWxsZW5nZSB3aXRoIHRoZSBjb2RlIHRoYXQgY29ycmVzcG9uZHMgdG8gYHRoaXMudG90cFVybGAuXG4gICAqIEBwYXJhbSB7c3RyaW5nfSBjb2RlIDYtZGlnaXQgY29kZSB0aGF0IGNvcnJlc3BvbmRzIHRvIGB0aGlzLnRvdHBVcmxgLlxuICAgKi9cbiAgYXN5bmMgYW5zd2VyKGNvZGU6IHN0cmluZykge1xuICAgIGlmICghL15cXGR7MSw2fSQvLnRlc3QoY29kZSkpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihgSW52YWxpZCBUT1RQIGNvZGU6ICR7Y29kZX07IGl0IG11c3QgYmUgYSA2LWRpZ2l0IHN0cmluZ2ApO1xuICAgIH1cblxuICAgIGF3YWl0IHRoaXMuI2FwaS51c2VyVG90cFJlc2V0Q29tcGxldGUodGhpcy50b3RwSWQsIGNvZGUpO1xuICB9XG59XG5cbi8qKlxuICogUmV0dXJuZWQgYWZ0ZXIgY3JlYXRpbmcgYSByZXF1ZXN0IHRvIGFkZCBhIG5ldyBGSURPIGRldmljZS5cbiAqIFByb3ZpZGVzIHNvbWUgaGVscGVyIG1ldGhvZHMgZm9yIGFuc3dlcmluZyB0aGlzIGNoYWxsZW5nZS5cbiAqL1xuZXhwb3J0IGNsYXNzIEFkZEZpZG9DaGFsbGVuZ2Uge1xuICByZWFkb25seSAjYXBpOiBDdWJlU2lnbmVyQXBpO1xuICByZWFkb25seSBjaGFsbGVuZ2VJZDogc3RyaW5nO1xuICByZWFkb25seSBvcHRpb25zOiBhbnk7XG5cbiAgLyoqXG4gICAqIENvbnN0cnVjdG9yXG4gICAqIEBwYXJhbSB7Q3ViZVNpZ25lckFwaX0gYXBpIFRoZSBBUEkgY2xpZW50IHVzZWQgdG8gcmVxdWVzdCB0byBhZGQgYSBGSURPIGRldmljZVxuICAgKiBAcGFyYW0ge0FwaUFkZEZpZG9DaGFsbGVuZ2V9IGNoYWxsZW5nZSBUaGUgY2hhbGxlbmdlIHJldHVybmVkIGJ5IHRoZSByZW1vdGUgZW5kLlxuICAgKi9cbiAgY29uc3RydWN0b3IoYXBpOiBDdWJlU2lnbmVyQXBpLCBjaGFsbGVuZ2U6IEFwaUFkZEZpZG9DaGFsbGVuZ2UpIHtcbiAgICB0aGlzLiNhcGkgPSBhcGk7XG4gICAgdGhpcy5jaGFsbGVuZ2VJZCA9IGNoYWxsZW5nZS5jaGFsbGVuZ2VfaWQ7XG5cbiAgICAvLyBmaXggb3B0aW9ucyByZXR1cm5lZCBmcm9tIHRoZSBzZXJ2ZXI6IHJlbmFtZSBmaWVsZHMgYW5kIGRlY29kZSBiYXNlNjQgZmllbGRzIHRvIHVpbnQ4W11cbiAgICB0aGlzLm9wdGlvbnMgPSB7XG4gICAgICAuLi5jaGFsbGVuZ2Uub3B0aW9ucyxcbiAgICAgIGNoYWxsZW5nZTogZGVjb2RlQmFzZTY0VXJsKGNoYWxsZW5nZS5vcHRpb25zLmNoYWxsZW5nZSksXG4gICAgfTtcblxuICAgIGlmIChjaGFsbGVuZ2Uub3B0aW9ucy51c2VyKSB7XG4gICAgICB0aGlzLm9wdGlvbnMudXNlci5pZCA9IGRlY29kZUJhc2U2NFVybChjaGFsbGVuZ2Uub3B0aW9ucy51c2VyLmlkKTtcbiAgICB9XG5cbiAgICBmb3IgKGNvbnN0IGNyZWRlbnRpYWwgb2YgdGhpcy5vcHRpb25zLmV4Y2x1ZGVDcmVkZW50aWFscyA/PyBbXSkge1xuICAgICAgY3JlZGVudGlhbC5pZCA9IGRlY29kZUJhc2U2NFVybChjcmVkZW50aWFsLmlkKTtcbiAgICB9XG4gIH1cblxuICAvKipcbiAgICogQW5zd2VycyB0aGlzIGNoYWxsZW5nZSBieSB1c2luZyB0aGUgYENyZWRlbnRpYWxzQ29udGFpbmVyYCBBUEkgdG8gY3JlYXRlIGEgY3JlZGVudGlhbFxuICAgKiBiYXNlZCBvbiB0aGUgdGhlIHB1YmxpYyBrZXkgY3JlZGVudGlhbCBjcmVhdGlvbiBvcHRpb25zIGZyb20gdGhpcyBjaGFsbGVuZ2UuXG4gICAqL1xuICBhc3luYyBjcmVhdGVDcmVkZW50aWFsQW5kQW5zd2VyKCkge1xuICAgIGNvbnN0IGNyZWQgPSBhd2FpdCBuYXZpZ2F0b3IuY3JlZGVudGlhbHMuY3JlYXRlKHsgcHVibGljS2V5OiB0aGlzLm9wdGlvbnMgfSk7XG4gICAgYXdhaXQgdGhpcy5hbnN3ZXIoY3JlZCk7XG4gIH1cblxuICAvKipcbiAgICogQW5zd2VycyB0aGlzIGNoYWxsZW5nZSB1c2luZyBhIGdpdmVuIGNyZWRlbnRpYWwgYGNyZWRgO1xuICAgKiB0aGUgY3JlZGVudGlhbCBzaG91bGQgYmUgb2J0YWluZWQgYnkgY2FsbGluZ1xuICAgKlxuICAgKiBgYGBcbiAgICogY29uc3QgY3JlZCA9IGF3YWl0IG5hdmlnYXRvci5jcmVkZW50aWFscy5jcmVhdGUoeyBwdWJsaWNLZXk6IHRoaXMub3B0aW9ucyB9KTtcbiAgICogYGBgXG4gICAqXG4gICAqIEBwYXJhbSB7YW55fSBjcmVkIENyZWRlbnRpYWwgY3JlYXRlZCBieSBjYWxsaW5nIHRoZSBgQ3JlZGVudGlhbENvbnRhaW5lcmAncyBgY3JlYXRlYCBtZXRob2RcbiAgICogICAgICAgICAgICAgICAgICAgYmFzZWQgb24gdGhlIHB1YmxpYyBrZXkgY3JlYXRpb24gb3B0aW9ucyBmcm9tIHRoaXMgY2hhbGxlbmdlLlxuICAgKi9cbiAgYXN5bmMgYW5zd2VyKGNyZWQ6IGFueSkge1xuICAgIGNvbnN0IGFuc3dlciA9IDxQdWJsaWNLZXlDcmVkZW50aWFsPntcbiAgICAgIGlkOiBjcmVkLmlkLFxuICAgICAgcmVzcG9uc2U6IHtcbiAgICAgICAgY2xpZW50RGF0YUpTT046IGVuY29kZVRvQmFzZTY0VXJsKGNyZWQucmVzcG9uc2UuY2xpZW50RGF0YUpTT04pLFxuICAgICAgICBhdHRlc3RhdGlvbk9iamVjdDogZW5jb2RlVG9CYXNlNjRVcmwoY3JlZC5yZXNwb25zZS5hdHRlc3RhdGlvbk9iamVjdCksXG4gICAgICB9LFxuICAgIH07XG4gICAgYXdhaXQgdGhpcy4jYXBpLnVzZXJGaWRvUmVnaXN0ZXJDb21wbGV0ZSh0aGlzLmNoYWxsZW5nZUlkLCBhbnN3ZXIpO1xuICB9XG59XG5cbi8qKlxuICogUmV0dXJuZWQgYWZ0ZXIgaW5pdGlhdGluZyBNRkEgYXBwcm92YWwgdXNpbmcgRklETy5cbiAqIFByb3ZpZGVzIHNvbWUgaGVscGVyIG1ldGhvZHMgZm9yIGFuc3dlcmluZyB0aGlzIGNoYWxsZW5nZS5cbiAqL1xuZXhwb3J0IGNsYXNzIE1mYUZpZG9DaGFsbGVuZ2Uge1xuICByZWFkb25seSAjYXBpOiBDdWJlU2lnbmVyQXBpO1xuICByZWFkb25seSBtZmFJZDogc3RyaW5nO1xuICByZWFkb25seSBjaGFsbGVuZ2VJZDogc3RyaW5nO1xuICByZWFkb25seSBvcHRpb25zOiBhbnk7XG5cbiAgLyoqXG4gICAqIEBwYXJhbSB7Q3ViZVNpZ25lckFwaX0gYXBpIFRoZSBBUEkgY2xpZW50IHVzZWQgdG8gaW5pdGlhdGUgTUZBIGFwcHJvdmFsIHVzaW5nIEZJRE9cbiAgICogQHBhcmFtIHtzdHJpbmd9IG1mYUlkIFRoZSBNRkEgcmVxdWVzdCBpZC5cbiAgICogQHBhcmFtIHtBcGlNZmFGaWRvQ2hhbGxlbmdlfSBjaGFsbGVuZ2UgVGhlIGNoYWxsZW5nZSByZXR1cm5lZCBieSB0aGUgcmVtb3RlIGVuZFxuICAgKi9cbiAgY29uc3RydWN0b3IoYXBpOiBDdWJlU2lnbmVyQXBpLCBtZmFJZDogc3RyaW5nLCBjaGFsbGVuZ2U6IEFwaU1mYUZpZG9DaGFsbGVuZ2UpIHtcbiAgICB0aGlzLiNhcGkgPSBhcGk7XG4gICAgdGhpcy5tZmFJZCA9IG1mYUlkO1xuICAgIHRoaXMuY2hhbGxlbmdlSWQgPSBjaGFsbGVuZ2UuY2hhbGxlbmdlX2lkO1xuXG4gICAgLy8gZml4IG9wdGlvbnMgcmV0dXJuZWQgZnJvbSB0aGUgc2VydmVyOiByZW5hbWUgZmllbGRzIGFuZCBkZWNvZGUgYmFzZTY0IGZpZWxkcyBpbnRvIHVpbnQ4W11cbiAgICB0aGlzLm9wdGlvbnMgPSB7XG4gICAgICAuLi5jaGFsbGVuZ2Uub3B0aW9ucyxcbiAgICAgIGNoYWxsZW5nZTogZGVjb2RlQmFzZTY0VXJsKGNoYWxsZW5nZS5vcHRpb25zLmNoYWxsZW5nZSksXG4gICAgfTtcblxuICAgIGZvciAoY29uc3QgY3JlZGVudGlhbCBvZiB0aGlzLm9wdGlvbnMuYWxsb3dDcmVkZW50aWFscyA/PyBbXSkge1xuICAgICAgY3JlZGVudGlhbC5pZCA9IGRlY29kZUJhc2U2NFVybChjcmVkZW50aWFsLmlkKTtcbiAgICAgIGlmIChjcmVkZW50aWFsLnRyYW5zcG9ydHMgPT09IG51bGwpIHtcbiAgICAgICAgZGVsZXRlIGNyZWRlbnRpYWwudHJhbnNwb3J0cztcbiAgICAgIH1cbiAgICB9XG4gIH1cblxuICAvKipcbiAgICogQW5zd2VycyB0aGlzIGNoYWxsZW5nZSBieSB1c2luZyB0aGUgYENyZWRlbnRpYWxzQ29udGFpbmVyYCBBUEkgdG8gZ2V0IGEgY3JlZGVudGlhbFxuICAgKiBiYXNlZCBvbiB0aGUgdGhlIHB1YmxpYyBrZXkgY3JlZGVudGlhbCByZXF1ZXN0IG9wdGlvbnMgZnJvbSB0aGlzIGNoYWxsZW5nZS5cbiAgICovXG4gIGFzeW5jIGNyZWF0ZUNyZWRlbnRpYWxBbmRBbnN3ZXIoKTogUHJvbWlzZTxNZmFSZXF1ZXN0SW5mbz4ge1xuICAgIGNvbnN0IGNyZWQgPSBhd2FpdCBuYXZpZ2F0b3IuY3JlZGVudGlhbHMuZ2V0KHsgcHVibGljS2V5OiB0aGlzLm9wdGlvbnMgfSk7XG4gICAgcmV0dXJuIGF3YWl0IHRoaXMuYW5zd2VyKGNyZWQpO1xuICB9XG5cbiAgLyoqXG4gICAqIEFuc3dlcnMgdGhpcyBjaGFsbGVuZ2UgdXNpbmcgYSBnaXZlbiBjcmVkZW50aWFsIGBjcmVkYC5cbiAgICogVG8gb2J0YWluIHRoaXMgY3JlZGVudGlhbCwgZm9yIGV4YW1wbGUsIGNhbGxcbiAgICpcbiAgICogYGBgXG4gICAqIGNvbnN0IGNyZWQgPSBhd2FpdCBuYXZpZ2F0b3IuY3JlZGVudGlhbHMuZ2V0KHsgcHVibGljS2V5OiB0aGlzLm9wdGlvbnMgfSk7XG4gICAqIGBgYFxuICAgKlxuICAgKiBAcGFyYW0ge2FueX0gY3JlZCBDcmVkZW50aWFsIGNyZWF0ZWQgYnkgY2FsbGluZyB0aGUgYENyZWRlbnRpYWxDb250YWluZXJgJ3MgYGdldGAgbWV0aG9kXG4gICAqICAgICAgICAgICAgICAgICAgIGJhc2VkIG9uIHRoZSBwdWJsaWMga2V5IGNyZWRlbnRpYWwgcmVxdWVzdCBvcHRpb25zIGZyb20gdGhpcyBjaGFsbGVuZ2UuXG4gICAqL1xuICBhc3luYyBhbnN3ZXIoY3JlZDogYW55KTogUHJvbWlzZTxNZmFSZXF1ZXN0SW5mbz4ge1xuICAgIGNvbnN0IGFuc3dlciA9IDxQdWJsaWNLZXlDcmVkZW50aWFsPntcbiAgICAgIGlkOiBjcmVkLmlkLFxuICAgICAgcmVzcG9uc2U6IHtcbiAgICAgICAgY2xpZW50RGF0YUpTT046IGVuY29kZVRvQmFzZTY0VXJsKGNyZWQucmVzcG9uc2UuY2xpZW50RGF0YUpTT04pLFxuICAgICAgICBhdXRoZW50aWNhdG9yRGF0YTogZW5jb2RlVG9CYXNlNjRVcmwoY3JlZC5yZXNwb25zZS5hdXRoZW50aWNhdG9yRGF0YSksXG4gICAgICAgIHNpZ25hdHVyZTogZW5jb2RlVG9CYXNlNjRVcmwoY3JlZC5yZXNwb25zZS5zaWduYXR1cmUpLFxuICAgICAgfSxcbiAgICB9O1xuICAgIHJldHVybiBhd2FpdCB0aGlzLiNhcGkubWZhQXBwcm92ZUZpZG9Db21wbGV0ZSh0aGlzLm1mYUlkLCB0aGlzLmNoYWxsZW5nZUlkLCBhbnN3ZXIpO1xuICB9XG59XG4iXX0=

package/dist/esm/src/org.d.ts

@@ -0,0 +1,99 @@
+import { CubeSignerClient } from "./client";
+import { OrgInfo, SignerSessionManager, SignerSessionStorage } from ".";
+/** Organization id */
+export type OrgId = string;
+/** Org-wide policy */
+export type OrgPolicy = SourceIpAllowlistPolicy | OidcAuthSourcesPolicy | OriginAllowlistPolicy | MaxDailyUnstakePolicy;
+/**
+ * Provides an allowlist of OIDC Issuers and audiences that are allowed to authenticate into this org.
+ * @example {"OidcAuthSources": { "https://accounts.google.com": [ "1234.apps.googleusercontent.com" ]}}
+ */
+export interface OidcAuthSourcesPolicy {
+    OidcAuthSources: Record<string, string[]>;
+}
+/**
+ * Only allow requests from the specified origins.
+ * @example {"OriginAllowlist": "*"}
+ */
+export interface OriginAllowlistPolicy {
+    OriginAllowlist: string[] | "*";
+}
+/**
+ * Restrict signing to specific source IP addresses.
+ * @example {"SourceIpAllowlist": ["10.1.2.3/8", "169.254.17.1/16"]}
+ */
+export interface SourceIpAllowlistPolicy {
+    SourceIpAllowlist: string[];
+}
+/**
+ * Restrict the number of unstakes per day.
+ * @example {"MaxDailyUnstake": 5 }
+ */
+export interface MaxDailyUnstakePolicy {
+    MaxDailyUnstake: number;
+}
+/**
+ * An organization.
+ *
+ * Extends {@link CubeSignerClient} and provides a few org-specific methods on top.
+ */
+export declare class Org extends CubeSignerClient {
+    /**
+     * @description The org id
+     * @example Org#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
+     */
+    get id(): OrgId;
+    /**
+     * Obtain information about the current organization.
+     *
+     * Same as {@link orgGet}.
+     */
+    get info(): () => Promise<{
+        enabled: boolean;
+        key_import_key?: string | null | undefined;
+        kwk_id: string;
+        last_unstake: string;
+        last_unstake_day_count: number;
+        name?: string | null | undefined;
+        org_id: string;
+        policy?: Record<string, never>[] | undefined;
+        totp_failure_limit: number;
+        user_export_delay: number;
+        user_export_window: number;
+    }>;
+    /** Human-readable name for the org */
+    name(): Promise<string | undefined>;
+    /** Get all keys in the org. */
+    get keys(): (type?: import("./key").KeyType | undefined, page?: import("./paginator").PageOpts | undefined) => Promise<import("./key").Key[]>;
+    /**
+     * Set the human-readable name for the org.
+     * @param {string} name The new human-readable name for the org (must be alphanumeric).
+     * @example my_org_name
+     */
+    setName(name: string): Promise<void>;
+    /** Is the org enabled? */
+    enabled(): Promise<boolean>;
+    /** Enable the org. */
+    enable(): Promise<void>;
+    /** Disable the org. */
+    disable(): Promise<void>;
+    /** Get the policy for the org. */
+    policy(): Promise<OrgPolicy[]>;
+    /**
+     * Set the policy for the org.
+     * @param {OrgPolicy[]} policy The new policy for the org.
+     */
+    setPolicy(policy: OrgPolicy[]): Promise<void>;
+    /**
+     * Retrieve the org associated with a session.
+     * @param {SessionStorage} storage The session
+     * @return {Org} An {@link Org} instance for the org associated with this session.
+     */
+    static retrieveFromStorage(storage: SignerSessionStorage): Promise<Org>;
+    /**
+     * Constructor.
+     * @param {CubeSignerClient | SignerSessionManager} csc The CubeSigner instance.
+     * @param {OrgInfo| string} data Either org id or name or {@link OrgInfo}.
+     */
+    constructor(csc: CubeSignerClient | SignerSessionManager, data?: OrgInfo | string);
+}