@cubist-labs/cubesigner-sdk 0.2.28 → 0.3.1

package/dist/cjs/src/signer_session.d.ts

@@ -0,0 +1,41 @@
+import { CubeSignerClient } from "./client";
+import { KeyInfo } from "./key";
+import { SignerSessionManager, SignerSessionStorage } from "./session/signer_session_manager";
+/** Signer session info. Can only be used to revoke a token, but not for authentication. */
+export declare class SignerSessionInfo {
+    #private;
+    readonly purpose: string;
+    /** Revoke this session */
+    revoke(): Promise<void>;
+    /**
+     * Internal constructor.
+     * @param {CubeSignerClient} cs CubeSigner instance to use when calling `revoke`
+     * @param {string} sessionId The ID of the session; can be used for revocation but not for auth
+     * @param {string} purpose Session purpose
+     * @internal
+     */
+    constructor(cs: CubeSignerClient, sessionId: string, purpose: string);
+}
+/**
+ * Signer session.
+ * Extends {@link CubeSignerClient} and provides a few convenience methods on top.
+ */
+export declare class SignerSession extends CubeSignerClient {
+    /**
+     * Loads an existing signer session from storage.
+     * @param {SignerSessionStorage} storage The session storage to use
+     * @return {Promise<SingerSession>} New signer session
+     */
+    static loadSignerSession(storage: SignerSessionStorage): Promise<SignerSession>;
+    /**
+     * Constructor.
+     * @param {SignerSessionManager} sessionMgr The session manager to use
+     * @internal
+     */
+    constructor(sessionMgr: SignerSessionManager);
+    /**
+     * Returns the list of keys that this token grants access to.
+     * @return {KeyInfo[]} The list of keys.
+     */
+    keys(): Promise<KeyInfo[]>;
+}

package/dist/cjs/src/signer_session.js

@@ -0,0 +1,77 @@
+"use strict";
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var _SignerSessionInfo_csc, _SignerSessionInfo_sessionId;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SignerSession = exports.SignerSessionInfo = void 0;
+const client_1 = require("./client");
+const key_1 = require("./key");
+const signer_session_manager_1 = require("./session/signer_session_manager");
+/** Signer session info. Can only be used to revoke a token, but not for authentication. */
+class SignerSessionInfo {
+    /** Revoke this session */
+    async revoke() {
+        await __classPrivateFieldGet(this, _SignerSessionInfo_csc, "f").sessionRevoke(__classPrivateFieldGet(this, _SignerSessionInfo_sessionId, "f"));
+    }
+    // --------------------------------------------------------------------------
+    // -- INTERNAL --------------------------------------------------------------
+    // --------------------------------------------------------------------------
+    /**
+     * Internal constructor.
+     * @param {CubeSignerClient} cs CubeSigner instance to use when calling `revoke`
+     * @param {string} sessionId The ID of the session; can be used for revocation but not for auth
+     * @param {string} purpose Session purpose
+     * @internal
+     */
+    constructor(cs, sessionId, purpose) {
+        _SignerSessionInfo_csc.set(this, void 0);
+        _SignerSessionInfo_sessionId.set(this, void 0);
+        __classPrivateFieldSet(this, _SignerSessionInfo_csc, cs, "f");
+        __classPrivateFieldSet(this, _SignerSessionInfo_sessionId, sessionId, "f");
+        this.purpose = purpose;
+    }
+}
+exports.SignerSessionInfo = SignerSessionInfo;
+_SignerSessionInfo_csc = new WeakMap(), _SignerSessionInfo_sessionId = new WeakMap();
+/**
+ * Signer session.
+ * Extends {@link CubeSignerClient} and provides a few convenience methods on top.
+ */
+class SignerSession extends client_1.CubeSignerClient {
+    /**
+     * Loads an existing signer session from storage.
+     * @param {SignerSessionStorage} storage The session storage to use
+     * @return {Promise<SingerSession>} New signer session
+     */
+    static async loadSignerSession(storage) {
+        const manager = await signer_session_manager_1.SignerSessionManager.loadFromStorage(storage);
+        return new SignerSession(manager);
+    }
+    /**
+     * Constructor.
+     * @param {SignerSessionManager} sessionMgr The session manager to use
+     * @internal
+     */
+    constructor(sessionMgr) {
+        super(sessionMgr);
+    }
+    /**
+     * Returns the list of keys that this token grants access to.
+     * @return {KeyInfo[]} The list of keys.
+     */
+    async keys() {
+        const keys = await this.sessionKeysList();
+        return keys.map((k) => (0, key_1.toKeyInfo)(k));
+    }
+}
+exports.SignerSession = SignerSession;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2lnbmVyX3Nlc3Npb24uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvc2lnbmVyX3Nlc3Npb24udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7O0FBQUEscUNBQTRDO0FBQzVDLCtCQUEyQztBQUMzQyw2RUFBOEY7QUFFOUYsMkZBQTJGO0FBQzNGLE1BQWEsaUJBQWlCO0lBSzVCLDBCQUEwQjtJQUMxQixLQUFLLENBQUMsTUFBTTtRQUNWLE1BQU0sdUJBQUEsSUFBSSw4QkFBSyxDQUFDLGFBQWEsQ0FBQyx1QkFBQSxJQUFJLG9DQUFXLENBQUMsQ0FBQztJQUNqRCxDQUFDO0lBRUQsNkVBQTZFO0lBQzdFLDZFQUE2RTtJQUM3RSw2RUFBNkU7SUFFN0U7Ozs7OztPQU1HO0lBQ0gsWUFBWSxFQUFvQixFQUFFLFNBQWlCLEVBQUUsT0FBZTtRQXBCM0QseUNBQXVCO1FBQ3ZCLCtDQUFtQjtRQW9CMUIsdUJBQUEsSUFBSSwwQkFBUSxFQUFFLE1BQUEsQ0FBQztRQUNmLHVCQUFBLElBQUksZ0NBQWMsU0FBUyxNQUFBLENBQUM7UUFDNUIsSUFBSSxDQUFDLE9BQU8sR0FBRyxPQUFPLENBQUM7SUFDekIsQ0FBQztDQUNGO0FBMUJELDhDQTBCQzs7QUFFRDs7O0dBR0c7QUFDSCxNQUFhLGFBQWMsU0FBUSx5QkFBZ0I7SUFDakQ7Ozs7T0FJRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsaUJBQWlCLENBQUMsT0FBNkI7UUFDMUQsTUFBTSxPQUFPLEdBQUcsTUFBTSw2Q0FBb0IsQ0FBQyxlQUFlLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDcEUsT0FBTyxJQUFJLGFBQWEsQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUNwQyxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILFlBQVksVUFBZ0M7UUFDMUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQ3BCLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsSUFBSTtRQUNSLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO1FBQzFDLE9BQU8sSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsSUFBQSxlQUFTLEVBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUN2QyxDQUFDO0NBQ0Y7QUE1QkQsc0NBNEJDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgQ3ViZVNpZ25lckNsaWVudCB9IGZyb20gXCIuL2NsaWVudFwiO1xuaW1wb3J0IHsgS2V5SW5mbywgdG9LZXlJbmZvIH0gZnJvbSBcIi4va2V5XCI7XG5pbXBvcnQgeyBTaWduZXJTZXNzaW9uTWFuYWdlciwgU2lnbmVyU2Vzc2lvblN0b3JhZ2UgfSBmcm9tIFwiLi9zZXNzaW9uL3NpZ25lcl9zZXNzaW9uX21hbmFnZXJcIjtcblxuLyoqIFNpZ25lciBzZXNzaW9uIGluZm8uIENhbiBvbmx5IGJlIHVzZWQgdG8gcmV2b2tlIGEgdG9rZW4sIGJ1dCBub3QgZm9yIGF1dGhlbnRpY2F0aW9uLiAqL1xuZXhwb3J0IGNsYXNzIFNpZ25lclNlc3Npb25JbmZvIHtcbiAgcmVhZG9ubHkgI2NzYzogQ3ViZVNpZ25lckNsaWVudDtcbiAgcmVhZG9ubHkgI3Nlc3Npb25JZDogc3RyaW5nO1xuICBwdWJsaWMgcmVhZG9ubHkgcHVycG9zZTogc3RyaW5nO1xuXG4gIC8qKiBSZXZva2UgdGhpcyBzZXNzaW9uICovXG4gIGFzeW5jIHJldm9rZSgpIHtcbiAgICBhd2FpdCB0aGlzLiNjc2Muc2Vzc2lvblJldm9rZSh0aGlzLiNzZXNzaW9uSWQpO1xuICB9XG5cbiAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgLy8gLS0gSU5URVJOQUwgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cblxuICAvKipcbiAgICogSW50ZXJuYWwgY29uc3RydWN0b3IuXG4gICAqIEBwYXJhbSB7Q3ViZVNpZ25lckNsaWVudH0gY3MgQ3ViZVNpZ25lciBpbnN0YW5jZSB0byB1c2Ugd2hlbiBjYWxsaW5nIGByZXZva2VgXG4gICAqIEBwYXJhbSB7c3RyaW5nfSBzZXNzaW9uSWQgVGhlIElEIG9mIHRoZSBzZXNzaW9uOyBjYW4gYmUgdXNlZCBmb3IgcmV2b2NhdGlvbiBidXQgbm90IGZvciBhdXRoXG4gICAqIEBwYXJhbSB7c3RyaW5nfSBwdXJwb3NlIFNlc3Npb24gcHVycG9zZVxuICAgKiBAaW50ZXJuYWxcbiAgICovXG4gIGNvbnN0cnVjdG9yKGNzOiBDdWJlU2lnbmVyQ2xpZW50LCBzZXNzaW9uSWQ6IHN0cmluZywgcHVycG9zZTogc3RyaW5nKSB7XG4gICAgdGhpcy4jY3NjID0gY3M7XG4gICAgdGhpcy4jc2Vzc2lvbklkID0gc2Vzc2lvbklkO1xuICAgIHRoaXMucHVycG9zZSA9IHB1cnBvc2U7XG4gIH1cbn1cblxuLyoqXG4gKiBTaWduZXIgc2Vzc2lvbi5cbiAqIEV4dGVuZHMge0BsaW5rIEN1YmVTaWduZXJDbGllbnR9IGFuZCBwcm92aWRlcyBhIGZldyBjb252ZW5pZW5jZSBtZXRob2RzIG9uIHRvcC5cbiAqL1xuZXhwb3J0IGNsYXNzIFNpZ25lclNlc3Npb24gZXh0ZW5kcyBDdWJlU2lnbmVyQ2xpZW50IHtcbiAgLyoqXG4gICAqIExvYWRzIGFuIGV4aXN0aW5nIHNpZ25lciBzZXNzaW9uIGZyb20gc3RvcmFnZS5cbiAgICogQHBhcmFtIHtTaWduZXJTZXNzaW9uU3RvcmFnZX0gc3RvcmFnZSBUaGUgc2Vzc2lvbiBzdG9yYWdlIHRvIHVzZVxuICAgKiBAcmV0dXJuIHtQcm9taXNlPFNpbmdlclNlc3Npb24+fSBOZXcgc2lnbmVyIHNlc3Npb25cbiAgICovXG4gIHN0YXRpYyBhc3luYyBsb2FkU2lnbmVyU2Vzc2lvbihzdG9yYWdlOiBTaWduZXJTZXNzaW9uU3RvcmFnZSk6IFByb21pc2U8U2lnbmVyU2Vzc2lvbj4ge1xuICAgIGNvbnN0IG1hbmFnZXIgPSBhd2FpdCBTaWduZXJTZXNzaW9uTWFuYWdlci5sb2FkRnJvbVN0b3JhZ2Uoc3RvcmFnZSk7XG4gICAgcmV0dXJuIG5ldyBTaWduZXJTZXNzaW9uKG1hbmFnZXIpO1xuICB9XG5cbiAgLyoqXG4gICAqIENvbnN0cnVjdG9yLlxuICAgKiBAcGFyYW0ge1NpZ25lclNlc3Npb25NYW5hZ2VyfSBzZXNzaW9uTWdyIFRoZSBzZXNzaW9uIG1hbmFnZXIgdG8gdXNlXG4gICAqIEBpbnRlcm5hbFxuICAgKi9cbiAgY29uc3RydWN0b3Ioc2Vzc2lvbk1ncjogU2lnbmVyU2Vzc2lvbk1hbmFnZXIpIHtcbiAgICBzdXBlcihzZXNzaW9uTWdyKTtcbiAgfVxuXG4gIC8qKlxuICAgKiBSZXR1cm5zIHRoZSBsaXN0IG9mIGtleXMgdGhhdCB0aGlzIHRva2VuIGdyYW50cyBhY2Nlc3MgdG8uXG4gICAqIEByZXR1cm4ge0tleUluZm9bXX0gVGhlIGxpc3Qgb2Yga2V5cy5cbiAgICovXG4gIGFzeW5jIGtleXMoKTogUHJvbWlzZTxLZXlJbmZvW10+IHtcbiAgICBjb25zdCBrZXlzID0gYXdhaXQgdGhpcy5zZXNzaW9uS2V5c0xpc3QoKTtcbiAgICByZXR1cm4ga2V5cy5tYXAoKGspID0+IHRvS2V5SW5mbyhrKSk7XG4gIH1cbn1cbiJdfQ==

package/dist/cjs/src/user_export.d.ts

@@ -0,0 +1,52 @@
+import { UserExportCompleteResponse, UserExportKeyMaterial } from "./schema_types";
+import type { CipherSuite } from "@hpke/core";
+/** Get the HPKE ciphersuite for user-export decryption.
+ *
+ * @return {any} The HPKE ciphersuite for user export.
+ */
+export declare function userExportCipherSuite(): Promise<CipherSuite>;
+/**
+ * Generate a key pair for user export.
+ *
+ * @return {Promise<CryptoKeyPair>} The newly generated key pair.
+ */
+export declare function userExportKeygen(): Promise<CryptoKeyPair>;
+/**
+ * Decrypt a user export.
+ *
+ * @param {CryptoKey} recipientKey The NIST P-256 secret key corresponding to the `publicKey` argument to the `userExportComplete` invocation that returned `response`.
+ * @param {UserExportCompleteResponse} response The response from a successful `userExportComplete` request.
+ * @return {Promise<UserExportKeyMaterial>} The decrypted key material.
+ */
+export declare function userExportDecrypt(recipientKey: CryptoKey, response: UserExportCompleteResponse): Promise<UserExportKeyMaterial>;
+/**
+ * Figure out how to load SubtleCrypto in the current environment.
+ *
+ * This functionality is reproduced from the hpke-js package,
+ *   https://github.com/dajiaji/hpke-js/
+ * which is Copyright (C) 2022 Ajitomi Daisuke and licensed
+ * under the MIT License, which follows:
+ *
+ * MIT License
+ *
+ * Copyright (c) 2022 Ajitomi Daisuke
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+export declare function loadSubtleCrypto(): Promise<SubtleCrypto>;

package/dist/cjs/src/user_export.js

@@ -0,0 +1,129 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadSubtleCrypto = exports.userExportDecrypt = exports.userExportKeygen = exports.userExportCipherSuite = void 0;
+const util_1 = require("./util");
+/** Get the HPKE ciphersuite for user-export decryption.
+ *
+ * @return {any} The HPKE ciphersuite for user export.
+ */
+async function userExportCipherSuite() {
+    const hpke = await Promise.resolve().then(() => __importStar(require("@hpke/core"))); // eslint-disable-line @typescript-eslint/no-var-requires
+    const suite = new hpke.CipherSuite({
+        kem: new hpke.DhkemP256HkdfSha256(),
+        kdf: new hpke.HkdfSha256(),
+        aead: new hpke.Aes256Gcm(),
+    });
+    return suite;
+}
+exports.userExportCipherSuite = userExportCipherSuite;
+/**
+ * Generate a key pair for user export.
+ *
+ * @return {Promise<CryptoKeyPair>} The newly generated key pair.
+ */
+async function userExportKeygen() {
+    return (await userExportCipherSuite()).kem.generateKeyPair();
+}
+exports.userExportKeygen = userExportKeygen;
+/**
+ * Get the ArrayBuffer slice represented by a Buffer
+ *
+ * @param {Uint8Array} b The buffer to convert
+ * @return {ArrayBuffer} The resulting ArrayBuffer
+ */
+function toArrayBuffer(b) {
+    return b.buffer.slice(b.byteOffset, b.byteOffset + b.byteLength);
+}
+/**
+ * Decrypt a user export.
+ *
+ * @param {CryptoKey} recipientKey The NIST P-256 secret key corresponding to the `publicKey` argument to the `userExportComplete` invocation that returned `response`.
+ * @param {UserExportCompleteResponse} response The response from a successful `userExportComplete` request.
+ * @return {Promise<UserExportKeyMaterial>} The decrypted key material.
+ */
+async function userExportDecrypt(recipientKey, response) {
+    // The ciphersuite we use for decryption
+    const suite = await userExportCipherSuite();
+    // decrypt the export ciphertext using the HPKE one-shot API
+    const tenc = new TextEncoder();
+    const tdec = new TextDecoder();
+    const info = toArrayBuffer(tenc.encode(`cubist-signer::UserExportOwner::${response.user_id}`));
+    const public_key = toArrayBuffer((0, util_1.decodeBase64)(response.ephemeral_public_key));
+    const ctxt = toArrayBuffer((0, util_1.decodeBase64)(response.encrypted_key_material));
+    const decrypted = JSON.parse(tdec.decode(await suite.open({
+        recipientKey,
+        enc: public_key,
+        info: info,
+    }, ctxt)));
+    return decrypted;
+}
+exports.userExportDecrypt = userExportDecrypt;
+/**
+ * Figure out how to load SubtleCrypto in the current environment.
+ *
+ * This functionality is reproduced from the hpke-js package,
+ *   https://github.com/dajiaji/hpke-js/
+ * which is Copyright (C) 2022 Ajitomi Daisuke and licensed
+ * under the MIT License, which follows:
+ *
+ * MIT License
+ *
+ * Copyright (c) 2022 Ajitomi Daisuke
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+async function loadSubtleCrypto() {
+    if (globalThis !== undefined && globalThis.crypto !== undefined) {
+        // Browsers, Node.js >= v19, Cloudflare Workers, Bun, etc.
+        return globalThis.crypto.subtle;
+    }
+    // Node.js <= v18
+    try {
+        const { webcrypto } = await Promise.resolve().then(() => __importStar(require("crypto"))); // node:crypto
+        return webcrypto.subtle;
+    }
+    catch (e) {
+        throw new Error("subtle crypto not supported");
+    }
+}
+exports.loadSubtleCrypto = loadSubtleCrypto;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXNlcl9leHBvcnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvdXNlcl9leHBvcnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFDQSxpQ0FBc0M7QUFHdEM7OztHQUdHO0FBQ0ksS0FBSyxVQUFVLHFCQUFxQjtJQUN6QyxNQUFNLElBQUksR0FBRyx3REFBYSxZQUFZLEdBQUMsQ0FBQyxDQUFDLHlEQUF5RDtJQUNsRyxNQUFNLEtBQUssR0FBRyxJQUFJLElBQUksQ0FBQyxXQUFXLENBQUM7UUFDakMsR0FBRyxFQUFFLElBQUksSUFBSSxDQUFDLG1CQUFtQixFQUFFO1FBQ25DLEdBQUcsRUFBRSxJQUFJLElBQUksQ0FBQyxVQUFVLEVBQUU7UUFDMUIsSUFBSSxFQUFFLElBQUksSUFBSSxDQUFDLFNBQVMsRUFBRTtLQUMzQixDQUFDLENBQUM7SUFDSCxPQUFPLEtBQUssQ0FBQztBQUNmLENBQUM7QUFSRCxzREFRQztBQUVEOzs7O0dBSUc7QUFDSSxLQUFLLFVBQVUsZ0JBQWdCO0lBQ3BDLE9BQU8sQ0FBQyxNQUFNLHFCQUFxQixFQUFFLENBQUMsQ0FBQyxHQUFHLENBQUMsZUFBZSxFQUFFLENBQUM7QUFDL0QsQ0FBQztBQUZELDRDQUVDO0FBRUQ7Ozs7O0dBS0c7QUFDSCxTQUFTLGFBQWEsQ0FBQyxDQUFhO0lBQ2xDLE9BQU8sQ0FBQyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLFVBQVUsRUFBRSxDQUFDLENBQUMsVUFBVSxHQUFHLENBQUMsQ0FBQyxVQUFVLENBQUMsQ0FBQztBQUNuRSxDQUFDO0FBRUQ7Ozs7OztHQU1HO0FBQ0ksS0FBSyxVQUFVLGlCQUFpQixDQUNyQyxZQUF1QixFQUN2QixRQUFvQztJQUVwQyx3Q0FBd0M7SUFDeEMsTUFBTSxLQUFLLEdBQUcsTUFBTSxxQkFBcUIsRUFBRSxDQUFDO0lBRTVDLDREQUE0RDtJQUM1RCxNQUFNLElBQUksR0FBRyxJQUFJLFdBQVcsRUFBRSxDQUFDO0lBQy9CLE1BQU0sSUFBSSxHQUFHLElBQUksV0FBVyxFQUFFLENBQUM7SUFDL0IsTUFBTSxJQUFJLEdBQUcsYUFBYSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsbUNBQW1DLFFBQVEsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDLENBQUM7SUFDL0YsTUFBTSxVQUFVLEdBQUcsYUFBYSxDQUFDLElBQUEsbUJBQVksRUFBQyxRQUFRLENBQUMsb0JBQW9CLENBQUMsQ0FBQyxDQUFDO0lBQzlFLE1BQU0sSUFBSSxHQUFHLGFBQWEsQ0FBQyxJQUFBLG1CQUFZLEVBQUMsUUFBUSxDQUFDLHNCQUFzQixDQUFDLENBQUMsQ0FBQztJQUMxRSxNQUFNLFNBQVMsR0FBMEIsSUFBSSxDQUFDLEtBQUssQ0FDakQsSUFBSSxDQUFDLE1BQU0sQ0FDVCxNQUFNLEtBQUssQ0FBQyxJQUFJLENBQ2Q7UUFDRSxZQUFZO1FBQ1osR0FBRyxFQUFFLFVBQVU7UUFDZixJQUFJLEVBQUUsSUFBSTtLQUNYLEVBQ0QsSUFBSSxDQUNMLENBQ0YsQ0FDRixDQUFDO0lBRUYsT0FBTyxTQUFTLENBQUM7QUFDbkIsQ0FBQztBQTNCRCw4Q0EyQkM7QUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7R0E2Qkc7QUFDSSxLQUFLLFVBQVUsZ0JBQWdCO0lBQ3BDLElBQUksVUFBVSxLQUFLLFNBQVMsSUFBSSxVQUFVLENBQUMsTUFBTSxLQUFLLFNBQVMsRUFBRSxDQUFDO1FBQ2hFLDBEQUEwRDtRQUMxRCxPQUFPLFVBQVUsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDO0lBQ2xDLENBQUM7SUFDRCxpQkFBaUI7SUFDakIsSUFBSSxDQUFDO1FBQ0gsTUFBTSxFQUFFLFNBQVMsRUFBRSxHQUFHLHdEQUFhLFFBQVEsR0FBQyxDQUFDLENBQUMsY0FBYztRQUM1RCxPQUFRLFNBQStCLENBQUMsTUFBTSxDQUFDO0lBQ2pELENBQUM7SUFBQyxPQUFPLENBQVUsRUFBRSxDQUFDO1FBQ3BCLE1BQU0sSUFBSSxLQUFLLENBQUMsNkJBQTZCLENBQUMsQ0FBQztJQUNqRCxDQUFDO0FBQ0gsQ0FBQztBQVpELDRDQVlDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgVXNlckV4cG9ydENvbXBsZXRlUmVzcG9uc2UsIFVzZXJFeHBvcnRLZXlNYXRlcmlhbCB9IGZyb20gXCIuL3NjaGVtYV90eXBlc1wiO1xuaW1wb3J0IHsgZGVjb2RlQmFzZTY0IH0gZnJvbSBcIi4vdXRpbFwiO1xuaW1wb3J0IHR5cGUgeyBDaXBoZXJTdWl0ZSB9IGZyb20gXCJAaHBrZS9jb3JlXCI7XG5cbi8qKiBHZXQgdGhlIEhQS0UgY2lwaGVyc3VpdGUgZm9yIHVzZXItZXhwb3J0IGRlY3J5cHRpb24uXG4gKlxuICogQHJldHVybiB7YW55fSBUaGUgSFBLRSBjaXBoZXJzdWl0ZSBmb3IgdXNlciBleHBvcnQuXG4gKi9cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiB1c2VyRXhwb3J0Q2lwaGVyU3VpdGUoKTogUHJvbWlzZTxDaXBoZXJTdWl0ZT4ge1xuICBjb25zdCBocGtlID0gYXdhaXQgaW1wb3J0KFwiQGhwa2UvY29yZVwiKTsgLy8gZXNsaW50LWRpc2FibGUtbGluZSBAdHlwZXNjcmlwdC1lc2xpbnQvbm8tdmFyLXJlcXVpcmVzXG4gIGNvbnN0IHN1aXRlID0gbmV3IGhwa2UuQ2lwaGVyU3VpdGUoe1xuICAgIGtlbTogbmV3IGhwa2UuRGhrZW1QMjU2SGtkZlNoYTI1NigpLFxuICAgIGtkZjogbmV3IGhwa2UuSGtkZlNoYTI1NigpLFxuICAgIGFlYWQ6IG5ldyBocGtlLkFlczI1NkdjbSgpLFxuICB9KTtcbiAgcmV0dXJuIHN1aXRlO1xufVxuXG4vKipcbiAqIEdlbmVyYXRlIGEga2V5IHBhaXIgZm9yIHVzZXIgZXhwb3J0LlxuICpcbiAqIEByZXR1cm4ge1Byb21pc2U8Q3J5cHRvS2V5UGFpcj59IFRoZSBuZXdseSBnZW5lcmF0ZWQga2V5IHBhaXIuXG4gKi9cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiB1c2VyRXhwb3J0S2V5Z2VuKCk6IFByb21pc2U8Q3J5cHRvS2V5UGFpcj4ge1xuICByZXR1cm4gKGF3YWl0IHVzZXJFeHBvcnRDaXBoZXJTdWl0ZSgpKS5rZW0uZ2VuZXJhdGVLZXlQYWlyKCk7XG59XG5cbi8qKlxuICogR2V0IHRoZSBBcnJheUJ1ZmZlciBzbGljZSByZXByZXNlbnRlZCBieSBhIEJ1ZmZlclxuICpcbiAqIEBwYXJhbSB7VWludDhBcnJheX0gYiBUaGUgYnVmZmVyIHRvIGNvbnZlcnRcbiAqIEByZXR1cm4ge0FycmF5QnVmZmVyfSBUaGUgcmVzdWx0aW5nIEFycmF5QnVmZmVyXG4gKi9cbmZ1bmN0aW9uIHRvQXJyYXlCdWZmZXIoYjogVWludDhBcnJheSk6IEFycmF5QnVmZmVyIHtcbiAgcmV0dXJuIGIuYnVmZmVyLnNsaWNlKGIuYnl0ZU9mZnNldCwgYi5ieXRlT2Zmc2V0ICsgYi5ieXRlTGVuZ3RoKTtcbn1cblxuLyoqXG4gKiBEZWNyeXB0IGEgdXNlciBleHBvcnQuXG4gKlxuICogQHBhcmFtIHtDcnlwdG9LZXl9IHJlY2lwaWVudEtleSBUaGUgTklTVCBQLTI1NiBzZWNyZXQga2V5IGNvcnJlc3BvbmRpbmcgdG8gdGhlIGBwdWJsaWNLZXlgIGFyZ3VtZW50IHRvIHRoZSBgdXNlckV4cG9ydENvbXBsZXRlYCBpbnZvY2F0aW9uIHRoYXQgcmV0dXJuZWQgYHJlc3BvbnNlYC5cbiAqIEBwYXJhbSB7VXNlckV4cG9ydENvbXBsZXRlUmVzcG9uc2V9IHJlc3BvbnNlIFRoZSByZXNwb25zZSBmcm9tIGEgc3VjY2Vzc2Z1bCBgdXNlckV4cG9ydENvbXBsZXRlYCByZXF1ZXN0LlxuICogQHJldHVybiB7UHJvbWlzZTxVc2VyRXhwb3J0S2V5TWF0ZXJpYWw+fSBUaGUgZGVjcnlwdGVkIGtleSBtYXRlcmlhbC5cbiAqL1xuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIHVzZXJFeHBvcnREZWNyeXB0KFxuICByZWNpcGllbnRLZXk6IENyeXB0b0tleSxcbiAgcmVzcG9uc2U6IFVzZXJFeHBvcnRDb21wbGV0ZVJlc3BvbnNlLFxuKTogUHJvbWlzZTxVc2VyRXhwb3J0S2V5TWF0ZXJpYWw+IHtcbiAgLy8gVGhlIGNpcGhlcnN1aXRlIHdlIHVzZSBmb3IgZGVjcnlwdGlvblxuICBjb25zdCBzdWl0ZSA9IGF3YWl0IHVzZXJFeHBvcnRDaXBoZXJTdWl0ZSgpO1xuXG4gIC8vIGRlY3J5cHQgdGhlIGV4cG9ydCBjaXBoZXJ0ZXh0IHVzaW5nIHRoZSBIUEtFIG9uZS1zaG90IEFQSVxuICBjb25zdCB0ZW5jID0gbmV3IFRleHRFbmNvZGVyKCk7XG4gIGNvbnN0IHRkZWMgPSBuZXcgVGV4dERlY29kZXIoKTtcbiAgY29uc3QgaW5mbyA9IHRvQXJyYXlCdWZmZXIodGVuYy5lbmNvZGUoYGN1YmlzdC1zaWduZXI6OlVzZXJFeHBvcnRPd25lcjo6JHtyZXNwb25zZS51c2VyX2lkfWApKTtcbiAgY29uc3QgcHVibGljX2tleSA9IHRvQXJyYXlCdWZmZXIoZGVjb2RlQmFzZTY0KHJlc3BvbnNlLmVwaGVtZXJhbF9wdWJsaWNfa2V5KSk7XG4gIGNvbnN0IGN0eHQgPSB0b0FycmF5QnVmZmVyKGRlY29kZUJhc2U2NChyZXNwb25zZS5lbmNyeXB0ZWRfa2V5X21hdGVyaWFsKSk7XG4gIGNvbnN0IGRlY3J5cHRlZDogVXNlckV4cG9ydEtleU1hdGVyaWFsID0gSlNPTi5wYXJzZShcbiAgICB0ZGVjLmRlY29kZShcbiAgICAgIGF3YWl0IHN1aXRlLm9wZW4oXG4gICAgICAgIHtcbiAgICAgICAgICByZWNpcGllbnRLZXksXG4gICAgICAgICAgZW5jOiBwdWJsaWNfa2V5LFxuICAgICAgICAgIGluZm86IGluZm8sXG4gICAgICAgIH0sXG4gICAgICAgIGN0eHQsXG4gICAgICApLFxuICAgICksXG4gICk7XG5cbiAgcmV0dXJuIGRlY3J5cHRlZDtcbn1cblxuLyoqXG4gKiBGaWd1cmUgb3V0IGhvdyB0byBsb2FkIFN1YnRsZUNyeXB0byBpbiB0aGUgY3VycmVudCBlbnZpcm9ubWVudC5cbiAqXG4gKiBUaGlzIGZ1bmN0aW9uYWxpdHkgaXMgcmVwcm9kdWNlZCBmcm9tIHRoZSBocGtlLWpzIHBhY2thZ2UsXG4gKiAgIGh0dHBzOi8vZ2l0aHViLmNvbS9kYWppYWppL2hwa2UtanMvXG4gKiB3aGljaCBpcyBDb3B5cmlnaHQgKEMpIDIwMjIgQWppdG9taSBEYWlzdWtlIGFuZCBsaWNlbnNlZFxuICogdW5kZXIgdGhlIE1JVCBMaWNlbnNlLCB3aGljaCBmb2xsb3dzOlxuICpcbiAqIE1JVCBMaWNlbnNlXG4gKlxuICogQ29weXJpZ2h0IChjKSAyMDIyIEFqaXRvbWkgRGFpc3VrZVxuICpcbiAqIFBlcm1pc3Npb24gaXMgaGVyZWJ5IGdyYW50ZWQsIGZyZWUgb2YgY2hhcmdlLCB0byBhbnkgcGVyc29uIG9idGFpbmluZyBhIGNvcHlcbiAqIG9mIHRoaXMgc29mdHdhcmUgYW5kIGFzc29jaWF0ZWQgZG9jdW1lbnRhdGlvbiBmaWxlcyAodGhlIFwiU29mdHdhcmVcIiksIHRvIGRlYWxcbiAqIGluIHRoZSBTb2Z0d2FyZSB3aXRob3V0IHJlc3RyaWN0aW9uLCBpbmNsdWRpbmcgd2l0aG91dCBsaW1pdGF0aW9uIHRoZSByaWdodHNcbiAqIHRvIHVzZSwgY29weSwgbW9kaWZ5LCBtZXJnZSwgcHVibGlzaCwgZGlzdHJpYnV0ZSwgc3VibGljZW5zZSwgYW5kL29yIHNlbGxcbiAqIGNvcGllcyBvZiB0aGUgU29mdHdhcmUsIGFuZCB0byBwZXJtaXQgcGVyc29ucyB0byB3aG9tIHRoZSBTb2Z0d2FyZSBpc1xuICogZnVybmlzaGVkIHRvIGRvIHNvLCBzdWJqZWN0IHRvIHRoZSBmb2xsb3dpbmcgY29uZGl0aW9uczpcbiAqXG4gKiBUaGUgYWJvdmUgY29weXJpZ2h0IG5vdGljZSBhbmQgdGhpcyBwZXJtaXNzaW9uIG5vdGljZSBzaGFsbCBiZSBpbmNsdWRlZCBpbiBhbGxcbiAqIGNvcGllcyBvciBzdWJzdGFudGlhbCBwb3J0aW9ucyBvZiB0aGUgU29mdHdhcmUuXG4gKlxuICogVEhFIFNPRlRXQVJFIElTIFBST1ZJREVEIFwiQVMgSVNcIiwgV0lUSE9VVCBXQVJSQU5UWSBPRiBBTlkgS0lORCwgRVhQUkVTUyBPUlxuICogSU1QTElFRCwgSU5DTFVESU5HIEJVVCBOT1QgTElNSVRFRCBUTyBUSEUgV0FSUkFOVElFUyBPRiBNRVJDSEFOVEFCSUxJVFksXG4gKiBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBTkQgTk9OSU5GUklOR0VNRU5ULiBJTiBOTyBFVkVOVCBTSEFMTCBUSEVcbiAqIEFVVEhPUlMgT1IgQ09QWVJJR0hUIEhPTERFUlMgQkUgTElBQkxFIEZPUiBBTlkgQ0xBSU0sIERBTUFHRVMgT1IgT1RIRVJcbiAqIExJQUJJTElUWSwgV0hFVEhFUiBJTiBBTiBBQ1RJT04gT0YgQ09OVFJBQ1QsIFRPUlQgT1IgT1RIRVJXSVNFLCBBUklTSU5HIEZST00sXG4gKiBPVVQgT0YgT1IgSU4gQ09OTkVDVElPTiBXSVRIIFRIRSBTT0ZUV0FSRSBPUiBUSEUgVVNFIE9SIE9USEVSIERFQUxJTkdTIElOIFRIRVxuICogU09GVFdBUkUuXG4gKi9cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBsb2FkU3VidGxlQ3J5cHRvKCkge1xuICBpZiAoZ2xvYmFsVGhpcyAhPT0gdW5kZWZpbmVkICYmIGdsb2JhbFRoaXMuY3J5cHRvICE9PSB1bmRlZmluZWQpIHtcbiAgICAvLyBCcm93c2VycywgTm9kZS5qcyA+PSB2MTksIENsb3VkZmxhcmUgV29ya2VycywgQnVuLCBldGMuXG4gICAgcmV0dXJuIGdsb2JhbFRoaXMuY3J5cHRvLnN1YnRsZTtcbiAgfVxuICAvLyBOb2RlLmpzIDw9IHYxOFxuICB0cnkge1xuICAgIGNvbnN0IHsgd2ViY3J5cHRvIH0gPSBhd2FpdCBpbXBvcnQoXCJjcnlwdG9cIik7IC8vIG5vZGU6Y3J5cHRvXG4gICAgcmV0dXJuICh3ZWJjcnlwdG8gYXMgdW5rbm93biBhcyBDcnlwdG8pLnN1YnRsZTtcbiAgfSBjYXRjaCAoZTogdW5rbm93bikge1xuICAgIHRocm93IG5ldyBFcnJvcihcInN1YnRsZSBjcnlwdG8gbm90IHN1cHBvcnRlZFwiKTtcbiAgfVxufVxuIl19

package/dist/cjs/src/util.d.ts

@@ -0,0 +1,56 @@
+/** JSON map type */
+export interface JsonMap {
+    [member: string]: string | number | boolean | null | JsonArray | JsonMap;
+}
+/** JSON array type */
+export type JsonArray = Array<string | number | boolean | null | JsonArray | JsonMap>;
+/**
+ * Path join
+ * @param {string} dir Parent directory
+ * @param {string} file Pathname
+ * @return {string} New pathname
+ */
+export declare function pathJoin(dir: string, file: string): string;
+/**
+ * Browser-friendly helper for decoding a 'base64'-encoded string into a byte array.
+ *
+ * @param {string} b64 The 'base64'-encoded string to decode
+ * @return {Uint8Array} Decoded byte array
+ */
+export declare function decodeBase64(b64: string): Uint8Array;
+/**
+ * Browser-friendly helper for decoding a 'base64url'-encoded string into a byte array.
+ *
+ * @param {string} b64url The 'base64url'-encoded string to decode
+ * @return {Uint8Array} Decoded byte array
+ */
+export declare function decodeBase64Url(b64url: string): Uint8Array;
+/**
+ *
+ * Browser-friendly helper for encoding a byte array into a padded `base64`-encoded string.
+ *
+ * @param {Iterable<number>} buffer The byte array to encode
+ * @return {string} The 'base64' encoding of the byte array.
+ */
+export declare function encodeToBase64(buffer: Iterable<number>): string;
+/**
+ * Browser-friendly helper for encoding a byte array into a 'base64url`-encoded string.
+ *
+ * @param {Iterable<number>} buffer The byte array to encode
+ * @return {string} The 'base64url' encoding of the byte array.
+ */
+export declare function encodeToBase64Url(buffer: Iterable<number>): string;
+/**
+ * Sleeps for `ms` milliseconds.
+ *
+ * @param {number} ms Milliseconds to sleep
+ * @return {Promise<void>} A promise that is resolved after `ms` milliseconds.
+ */
+export declare function delay(ms: number): Promise<void>;
+/**
+ * Converts a string or a uint8 array into a hex string. Strings are encoded in UTF-8 before
+ * being converted to hex.
+ * @param {string | Uint8Array} message The input
+ * @return {string} Hex string prefixed with "0x"
+ */
+export declare function encodeToHex(message: string | Uint8Array): string;

package/dist/cjs/src/util.js

@@ -0,0 +1,86 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encodeToHex = exports.delay = exports.encodeToBase64Url = exports.encodeToBase64 = exports.decodeBase64Url = exports.decodeBase64 = exports.pathJoin = void 0;
+/**
+ * Path join
+ * @param {string} dir Parent directory
+ * @param {string} file Pathname
+ * @return {string} New pathname
+ */
+function pathJoin(dir, file) {
+    const sep = globalThis?.process?.platform === "win32" ? "\\" : "/";
+    return `${dir}${sep}${file}`;
+}
+exports.pathJoin = pathJoin;
+/**
+ * Browser-friendly helper for decoding a 'base64'-encoded string into a byte array.
+ *
+ * @param {string} b64 The 'base64'-encoded string to decode
+ * @return {Uint8Array} Decoded byte array
+ */
+function decodeBase64(b64) {
+    return typeof Buffer === "function"
+        ? Buffer.from(b64, "base64")
+        : Uint8Array.from(atob(b64), (c) => c.charCodeAt(0));
+}
+exports.decodeBase64 = decodeBase64;
+/**
+ * Browser-friendly helper for decoding a 'base64url'-encoded string into a byte array.
+ *
+ * @param {string} b64url The 'base64url'-encoded string to decode
+ * @return {Uint8Array} Decoded byte array
+ */
+function decodeBase64Url(b64url) {
+    // NOTE: there is no "base64url" encoding in the "buffer" module for the browser (unlike in node.js)
+    const b64 = b64url.replace(/-/g, "+").replace(/_/g, "/").replace(/=*$/g, "");
+    return decodeBase64(b64);
+}
+exports.decodeBase64Url = decodeBase64Url;
+/**
+ *
+ * Browser-friendly helper for encoding a byte array into a padded `base64`-encoded string.
+ *
+ * @param {Iterable<number>} buffer The byte array to encode
+ * @return {string} The 'base64' encoding of the byte array.
+ */
+function encodeToBase64(buffer) {
+    const bytes = new Uint8Array(buffer);
+    const b64 = typeof Buffer === "function"
+        ? Buffer.from(bytes).toString("base64")
+        : btoa(bytes.reduce((s, b) => s + String.fromCharCode(b), ""));
+    return b64;
+}
+exports.encodeToBase64 = encodeToBase64;
+/**
+ * Browser-friendly helper for encoding a byte array into a 'base64url`-encoded string.
+ *
+ * @param {Iterable<number>} buffer The byte array to encode
+ * @return {string} The 'base64url' encoding of the byte array.
+ */
+function encodeToBase64Url(buffer) {
+    const b64 = encodeToBase64(buffer);
+    // NOTE: there is no "base64url" encoding in the "buffer" module for the browser (unlike in node.js)
+    return b64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=*$/g, "");
+}
+exports.encodeToBase64Url = encodeToBase64Url;
+/**
+ * Sleeps for `ms` milliseconds.
+ *
+ * @param {number} ms Milliseconds to sleep
+ * @return {Promise<void>} A promise that is resolved after `ms` milliseconds.
+ */
+function delay(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+exports.delay = delay;
+/**
+ * Converts a string or a uint8 array into a hex string. Strings are encoded in UTF-8 before
+ * being converted to hex.
+ * @param {string | Uint8Array} message The input
+ * @return {string} Hex string prefixed with "0x"
+ */
+function encodeToHex(message) {
+    return ("0x" + (typeof message === "string" ? Buffer.from(message, "utf8") : message).toString("hex"));
+}
+exports.encodeToHex = encodeToHex;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXRpbC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy91dGlsLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQVFBOzs7OztHQUtHO0FBQ0gsU0FBZ0IsUUFBUSxDQUFDLEdBQVcsRUFBRSxJQUFZO0lBQ2hELE1BQU0sR0FBRyxHQUFHLFVBQVUsRUFBRSxPQUFPLEVBQUUsUUFBUSxLQUFLLE9BQU8sQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7SUFDbkUsT0FBTyxHQUFHLEdBQUcsR0FBRyxHQUFHLEdBQUcsSUFBSSxFQUFFLENBQUM7QUFDL0IsQ0FBQztBQUhELDRCQUdDO0FBRUQ7Ozs7O0dBS0c7QUFDSCxTQUFnQixZQUFZLENBQUMsR0FBVztJQUN0QyxPQUFPLE9BQU8sTUFBTSxLQUFLLFVBQVU7UUFDakMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLFFBQVEsQ0FBQztRQUM1QixDQUFDLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztBQUN6RCxDQUFDO0FBSkQsb0NBSUM7QUFFRDs7Ozs7R0FLRztBQUNILFNBQWdCLGVBQWUsQ0FBQyxNQUFjO0lBQzVDLG9HQUFvRztJQUNwRyxNQUFNLEdBQUcsR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxHQUFHLENBQUMsQ0FBQyxPQUFPLENBQUMsSUFBSSxFQUFFLEdBQUcsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDN0UsT0FBTyxZQUFZLENBQUMsR0FBRyxDQUFDLENBQUM7QUFDM0IsQ0FBQztBQUpELDBDQUlDO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsU0FBZ0IsY0FBYyxDQUFDLE1BQXdCO0lBQ3JELE1BQU0sS0FBSyxHQUFHLElBQUksVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3JDLE1BQU0sR0FBRyxHQUNQLE9BQU8sTUFBTSxLQUFLLFVBQVU7UUFDMUIsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQztRQUN2QyxDQUFDLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLEdBQUcsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQ25FLE9BQU8sR0FBRyxDQUFDO0FBQ2IsQ0FBQztBQVBELHdDQU9DO0FBRUQ7Ozs7O0dBS0c7QUFDSCxTQUFnQixpQkFBaUIsQ0FBQyxNQUF3QjtJQUN4RCxNQUFNLEdBQUcsR0FBRyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDbkMsb0dBQW9HO0lBQ3BHLE9BQU8sR0FBRyxDQUFDLE9BQU8sQ0FBQyxLQUFLLEVBQUUsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxHQUFHLENBQUMsQ0FBQyxPQUFPLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxDQUFDO0FBQ3pFLENBQUM7QUFKRCw4Q0FJQztBQUVEOzs7OztHQUtHO0FBQ0gsU0FBZ0IsS0FBSyxDQUFDLEVBQVU7SUFDOUIsT0FBTyxJQUFJLE9BQU8sQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsVUFBVSxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDO0FBQzNELENBQUM7QUFGRCxzQkFFQztBQUVEOzs7OztHQUtHO0FBQ0gsU0FBZ0IsV0FBVyxDQUFDLE9BQTRCO0lBQ3RELE9BQU8sQ0FDTCxJQUFJLEdBQUcsQ0FBQyxPQUFPLE9BQU8sS0FBSyxRQUFRLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQzlGLENBQUM7QUFDSixDQUFDO0FBSkQsa0NBSUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKiogSlNPTiBtYXAgdHlwZSAqL1xuZXhwb3J0IGludGVyZmFjZSBKc29uTWFwIHtcbiAgW21lbWJlcjogc3RyaW5nXTogc3RyaW5nIHwgbnVtYmVyIHwgYm9vbGVhbiB8IG51bGwgfCBKc29uQXJyYXkgfCBKc29uTWFwO1xufVxuXG4vKiogSlNPTiBhcnJheSB0eXBlICovXG5leHBvcnQgdHlwZSBKc29uQXJyYXkgPSBBcnJheTxzdHJpbmcgfCBudW1iZXIgfCBib29sZWFuIHwgbnVsbCB8IEpzb25BcnJheSB8IEpzb25NYXA+O1xuXG4vKipcbiAqIFBhdGggam9pblxuICogQHBhcmFtIHtzdHJpbmd9IGRpciBQYXJlbnQgZGlyZWN0b3J5XG4gKiBAcGFyYW0ge3N0cmluZ30gZmlsZSBQYXRobmFtZVxuICogQHJldHVybiB7c3RyaW5nfSBOZXcgcGF0aG5hbWVcbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIHBhdGhKb2luKGRpcjogc3RyaW5nLCBmaWxlOiBzdHJpbmcpOiBzdHJpbmcge1xuICBjb25zdCBzZXAgPSBnbG9iYWxUaGlzPy5wcm9jZXNzPy5wbGF0Zm9ybSA9PT0gXCJ3aW4zMlwiID8gXCJcXFxcXCIgOiBcIi9cIjtcbiAgcmV0dXJuIGAke2Rpcn0ke3NlcH0ke2ZpbGV9YDtcbn1cblxuLyoqXG4gKiBCcm93c2VyLWZyaWVuZGx5IGhlbHBlciBmb3IgZGVjb2RpbmcgYSAnYmFzZTY0Jy1lbmNvZGVkIHN0cmluZyBpbnRvIGEgYnl0ZSBhcnJheS5cbiAqXG4gKiBAcGFyYW0ge3N0cmluZ30gYjY0IFRoZSAnYmFzZTY0Jy1lbmNvZGVkIHN0cmluZyB0byBkZWNvZGVcbiAqIEByZXR1cm4ge1VpbnQ4QXJyYXl9IERlY29kZWQgYnl0ZSBhcnJheVxuICovXG5leHBvcnQgZnVuY3Rpb24gZGVjb2RlQmFzZTY0KGI2NDogc3RyaW5nKTogVWludDhBcnJheSB7XG4gIHJldHVybiB0eXBlb2YgQnVmZmVyID09PSBcImZ1bmN0aW9uXCJcbiAgICA/IEJ1ZmZlci5mcm9tKGI2NCwgXCJiYXNlNjRcIilcbiAgICA6IFVpbnQ4QXJyYXkuZnJvbShhdG9iKGI2NCksIChjKSA9PiBjLmNoYXJDb2RlQXQoMCkpO1xufVxuXG4vKipcbiAqIEJyb3dzZXItZnJpZW5kbHkgaGVscGVyIGZvciBkZWNvZGluZyBhICdiYXNlNjR1cmwnLWVuY29kZWQgc3RyaW5nIGludG8gYSBieXRlIGFycmF5LlxuICpcbiAqIEBwYXJhbSB7c3RyaW5nfSBiNjR1cmwgVGhlICdiYXNlNjR1cmwnLWVuY29kZWQgc3RyaW5nIHRvIGRlY29kZVxuICogQHJldHVybiB7VWludDhBcnJheX0gRGVjb2RlZCBieXRlIGFycmF5XG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBkZWNvZGVCYXNlNjRVcmwoYjY0dXJsOiBzdHJpbmcpOiBVaW50OEFycmF5IHtcbiAgLy8gTk9URTogdGhlcmUgaXMgbm8gXCJiYXNlNjR1cmxcIiBlbmNvZGluZyBpbiB0aGUgXCJidWZmZXJcIiBtb2R1bGUgZm9yIHRoZSBicm93c2VyICh1bmxpa2UgaW4gbm9kZS5qcylcbiAgY29uc3QgYjY0ID0gYjY0dXJsLnJlcGxhY2UoLy0vZywgXCIrXCIpLnJlcGxhY2UoL18vZywgXCIvXCIpLnJlcGxhY2UoLz0qJC9nLCBcIlwiKTtcbiAgcmV0dXJuIGRlY29kZUJhc2U2NChiNjQpO1xufVxuXG4vKipcbiAqXG4gKiBCcm93c2VyLWZyaWVuZGx5IGhlbHBlciBmb3IgZW5jb2RpbmcgYSBieXRlIGFycmF5IGludG8gYSBwYWRkZWQgYGJhc2U2NGAtZW5jb2RlZCBzdHJpbmcuXG4gKlxuICogQHBhcmFtIHtJdGVyYWJsZTxudW1iZXI+fSBidWZmZXIgVGhlIGJ5dGUgYXJyYXkgdG8gZW5jb2RlXG4gKiBAcmV0dXJuIHtzdHJpbmd9IFRoZSAnYmFzZTY0JyBlbmNvZGluZyBvZiB0aGUgYnl0ZSBhcnJheS5cbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGVuY29kZVRvQmFzZTY0KGJ1ZmZlcjogSXRlcmFibGU8bnVtYmVyPik6IHN0cmluZyB7XG4gIGNvbnN0IGJ5dGVzID0gbmV3IFVpbnQ4QXJyYXkoYnVmZmVyKTtcbiAgY29uc3QgYjY0ID1cbiAgICB0eXBlb2YgQnVmZmVyID09PSBcImZ1bmN0aW9uXCJcbiAgICAgID8gQnVmZmVyLmZyb20oYnl0ZXMpLnRvU3RyaW5nKFwiYmFzZTY0XCIpXG4gICAgICA6IGJ0b2EoYnl0ZXMucmVkdWNlKChzLCBiKSA9PiBzICsgU3RyaW5nLmZyb21DaGFyQ29kZShiKSwgXCJcIikpO1xuICByZXR1cm4gYjY0O1xufVxuXG4vKipcbiAqIEJyb3dzZXItZnJpZW5kbHkgaGVscGVyIGZvciBlbmNvZGluZyBhIGJ5dGUgYXJyYXkgaW50byBhICdiYXNlNjR1cmxgLWVuY29kZWQgc3RyaW5nLlxuICpcbiAqIEBwYXJhbSB7SXRlcmFibGU8bnVtYmVyPn0gYnVmZmVyIFRoZSBieXRlIGFycmF5IHRvIGVuY29kZVxuICogQHJldHVybiB7c3RyaW5nfSBUaGUgJ2Jhc2U2NHVybCcgZW5jb2Rpbmcgb2YgdGhlIGJ5dGUgYXJyYXkuXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBlbmNvZGVUb0Jhc2U2NFVybChidWZmZXI6IEl0ZXJhYmxlPG51bWJlcj4pOiBzdHJpbmcge1xuICBjb25zdCBiNjQgPSBlbmNvZGVUb0Jhc2U2NChidWZmZXIpO1xuICAvLyBOT1RFOiB0aGVyZSBpcyBubyBcImJhc2U2NHVybFwiIGVuY29kaW5nIGluIHRoZSBcImJ1ZmZlclwiIG1vZHVsZSBmb3IgdGhlIGJyb3dzZXIgKHVubGlrZSBpbiBub2RlLmpzKVxuICByZXR1cm4gYjY0LnJlcGxhY2UoL1xcKy9nLCBcIi1cIikucmVwbGFjZSgvXFwvL2csIFwiX1wiKS5yZXBsYWNlKC89KiQvZywgXCJcIik7XG59XG5cbi8qKlxuICogU2xlZXBzIGZvciBgbXNgIG1pbGxpc2Vjb25kcy5cbiAqXG4gKiBAcGFyYW0ge251bWJlcn0gbXMgTWlsbGlzZWNvbmRzIHRvIHNsZWVwXG4gKiBAcmV0dXJuIHtQcm9taXNlPHZvaWQ+fSBBIHByb21pc2UgdGhhdCBpcyByZXNvbHZlZCBhZnRlciBgbXNgIG1pbGxpc2Vjb25kcy5cbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGRlbGF5KG1zOiBudW1iZXIpOiBQcm9taXNlPHZvaWQ+IHtcbiAgcmV0dXJuIG5ldyBQcm9taXNlKChyZXNvbHZlKSA9PiBzZXRUaW1lb3V0KHJlc29sdmUsIG1zKSk7XG59XG5cbi8qKlxuICogQ29udmVydHMgYSBzdHJpbmcgb3IgYSB1aW50OCBhcnJheSBpbnRvIGEgaGV4IHN0cmluZy4gU3RyaW5ncyBhcmUgZW5jb2RlZCBpbiBVVEYtOCBiZWZvcmVcbiAqIGJlaW5nIGNvbnZlcnRlZCB0byBoZXguXG4gKiBAcGFyYW0ge3N0cmluZyB8IFVpbnQ4QXJyYXl9IG1lc3NhZ2UgVGhlIGlucHV0XG4gKiBAcmV0dXJuIHtzdHJpbmd9IEhleCBzdHJpbmcgcHJlZml4ZWQgd2l0aCBcIjB4XCJcbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGVuY29kZVRvSGV4KG1lc3NhZ2U6IHN0cmluZyB8IFVpbnQ4QXJyYXkpOiBzdHJpbmcge1xuICByZXR1cm4gKFxuICAgIFwiMHhcIiArICh0eXBlb2YgbWVzc2FnZSA9PT0gXCJzdHJpbmdcIiA/IEJ1ZmZlci5mcm9tKG1lc3NhZ2UsIFwidXRmOFwiKSA6IG1lc3NhZ2UpLnRvU3RyaW5nKFwiaGV4XCIpXG4gICk7XG59XG4iXX0=

package/dist/esm/package.json

@@ -0,0 +1,41 @@
+{
+    "name": "@cubist-labs/cubesigner-sdk",
+    "version": "0.3.1",
+    "description": "CubeSigner TypeScript SDK",
+    "license": "MIT OR Apache-2.0",
+    "author": "Cubist, Inc.",
+    "main": "dist/cjs/src/index.js",
+    "files": [
+        "tsconfig.json",
+        "src/**",
+        "dist/**",
+        "../..NOTICE",
+        "../..LICENSE-APACHE",
+        "../..LICENSE-MIT"
+    ],
+    "exports": {
+        "require": "./dist/cjs/src/index.js",
+        "import": "./dist/esm/src/index.js"
+    },
+    "scripts": {
+        "build": "npm run build:cjs && npm run build:mjs",
+        "prepack": "npm run build",
+        "build:cjs": "tsc -p . --outDir dist/cjs --module commonjs --moduleResolution node",
+        "build:mjs": "tsc -p . --outDir dist/esm --module es2022",
+        "gen-schema": "openapi-typescript ./spec/openapi.json --output ./src/schema.ts",
+        "test": "jest --maxWorkers=1",
+        "typedoc": "typedoc"
+    },
+    "dependencies": {
+        "openapi-fetch": "0.6.1"
+    },
+    "optionalDependencies": {
+        "@hpke/core": "^1.2.5"
+    },
+    "engines": {
+        "node": ">=18.0.0"
+    },
+    "directories": {
+        "test": "test"
+    }
+}

package/dist/esm/spec/env/beta.json

@@ -0,0 +1,9 @@
+{
+    "Dev-CubeSignerStack": {
+        "ClientId": "405mhvv13llufju1ruvnq42rdc",
+        "LongLivedClientId": "6he1bnm17s0dv8bb4hjim6fs6i",
+        "Region": "us-east-1",
+        "UserPoolId": "us-east-1_79ljlRRfX",
+        "SignerApiRoot": "https://beta.signer.cubist.dev"
+    }
+}

package/dist/esm/spec/env/gamma.json

@@ -0,0 +1,9 @@
+{
+    "Dev-CubeSignerStack": {
+        "ClientId": "1tiou9ecj058khiidmhj4ds4rj",
+        "LongLivedClientId": "4jiuai7mtl5164of3drmvej234",
+        "Region": "us-east-1",
+        "UserPoolId": "us-east-1_RU7HEslOW",
+        "SignerApiRoot": "https://gamma.signer.cubist.dev"
+    }
+}

package/dist/esm/spec/env/prod.json

@@ -0,0 +1,9 @@
+{
+    "Dev-CubeSignerStack": {
+        "ClientId": "2saesgbmeu8p981sk33sr6nq1j",
+        "LongLivedClientId": "79qoe43lbiphd7jv0emqadtoia",
+        "Region": "us-east-1",
+        "UserPoolId": "us-east-1_lLLal8vGd",
+        "SignerApiRoot": "https://prod.signer.cubist.dev"
+    }
+}