@getpara/core-sdk 0.1.0

package/dist/esm/PlatformUtils.js

@@ -0,0 +1 @@
+export {};

package/dist/esm/StorageUtils.js

@@ -0,0 +1 @@
+export {};

package/dist/esm/cryptography/utils.js

@@ -0,0 +1,226 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import base64url from 'base64url';
+import forge from 'node-forge';
+import { getPortalBaseURL } from '../definitions.js';
+const rsa = forge.pki.rsa;
+const RSA_ENCRYPTION_SCHEME = 'RSA-OAEP';
+// ivs can be constant only because every key is only ever used to encrypt one message
+const CONSTANT_IV = '794241bc819a125a7b78ea313decc0bc';
+const CONSTANT_IV_AES = new Uint8Array([23, 66, 157, 146, 179, 158, 117, 120, 184, 73, 123, 81]);
+export function getSHA256HashHex(str) {
+    const md = forge.md.sha256.create();
+    md.update(str);
+    return md.digest().toHex();
+}
+export function getPublicKeyHex(keyPair) {
+    const pem = forge.pki.publicKeyToRSAPublicKeyPem(keyPair.publicKey);
+    return Buffer.from(pem, 'utf-8').toString('hex');
+}
+export function publicKeyFromHex(publicKeyHex) {
+    const pem = publicKeyHexToPem(publicKeyHex);
+    return forge.pki.publicKeyFromPem(pem);
+}
+export function publicKeyHexToPem(publicKeyHex) {
+    return Buffer.from(publicKeyHex, 'hex').toString('utf-8');
+}
+export function encodePrivateKeyToPemHex(keyPair) {
+    const pem = forge.pki.privateKeyToPem(keyPair.privateKey);
+    return Buffer.from(pem, 'utf-8').toString('hex');
+}
+export function decodePrivateKeyPemHex(privateKeyPemHex) {
+    const pem = Buffer.from(privateKeyPemHex, 'hex').toString('utf-8');
+    return forge.pki.privateKeyFromPem(pem);
+}
+export function encryptPrivateKey(keyPair, key) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const privateKeyPemHex = encodePrivateKeyToPemHex(keyPair);
+        const cryptoKey = yield window.crypto.subtle.importKey('raw', Buffer.from(key, 'base64'), {
+            name: 'AES-GCM',
+            length: 256,
+        }, true, ['encrypt', 'decrypt']);
+        const encodedPlaintext = new TextEncoder().encode(privateKeyPemHex);
+        const ciphertext = yield window.crypto.subtle.encrypt({ name: 'AES-GCM', iv: CONSTANT_IV_AES }, cryptoKey, encodedPlaintext);
+        return Buffer.from(ciphertext).toString('base64');
+    });
+}
+export function decryptPrivateKey(encryptedPrivateKeyPemHex, key) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const secretKey = yield crypto.subtle.importKey('raw', Buffer.from(key, 'base64'), {
+            name: 'AES-GCM',
+            length: 256,
+        }, true, ['encrypt', 'decrypt']);
+        const cleartext = yield crypto.subtle.decrypt({ name: 'AES-GCM', iv: CONSTANT_IV_AES }, secretKey, Buffer.from(encryptedPrivateKeyPemHex, 'base64'));
+        const privateKeyPemHex = new TextDecoder().decode(cleartext);
+        const privateKey = decodePrivateKeyPemHex(privateKeyPemHex);
+        return privateKey;
+    });
+}
+export function getAsymmetricKeyPair(ctx, seedValue) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const prng = forge.random.createInstance();
+        if (seedValue) {
+            prng.seedFileSync = (_n) => seedValue;
+            prng.seedFile = (_n, cb) => {
+                cb(null, seedValue);
+            };
+        }
+        const options = {
+            bits: 2048,
+            e: 65537,
+            prng,
+        };
+        if (!ctx.disableWorkers) {
+            options.workLoad = 100;
+            // only using 1 web worker as more makes the call non-deterministic
+            // -1 uses optimal amount of web workers
+            options.workers = seedValue ? 1 : -1;
+            const workerRes = yield fetch(`${getPortalBaseURL(ctx)}/static/js/prime.worker.min.js`);
+            const workerBlob = new Blob([yield workerRes.text()], { type: 'application/javascript' });
+            options.workerScript = URL.createObjectURL(workerBlob);
+        }
+        return new Promise((resolve, reject) => rsa.generateKeyPair(options, (err, keypair) => {
+            if (err) {
+                reject(err);
+            }
+            resolve(keypair);
+        }));
+    });
+}
+export function getPublicKeyFromSignature(ctx, userHandle) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const encodedUserHandle = base64url.encode(userHandle);
+        const keyPair = yield getAsymmetricKeyPair(ctx, encodedUserHandle);
+        return getPublicKeyHex(keyPair);
+    });
+}
+// only use for one time key encryptions as iv is constant
+export function symmetricKeyEncryptMessage(message) {
+    const key = forge.random.getBytesSync(16);
+    const cipher = forge.cipher.createCipher('AES-CBC', key);
+    // iv can be constant only because every key is only ever used to encrypt one message
+    cipher.start({ iv: CONSTANT_IV });
+    cipher.update(forge.util.createBuffer(message));
+    cipher.finish();
+    const encryptedMessageHex = cipher.output.toHex();
+    return { key, encryptedMessageHex };
+}
+function decipherEncryptedMessageHex(key, encryptedMessageHex) {
+    const decipher = forge.cipher.createDecipher('AES-CBC', key);
+    // iv can be constant only because every key is only ever used to encrypt one message
+    decipher.start({ iv: CONSTANT_IV });
+    decipher.update(forge.util.createBuffer(forge.util.hexToBytes(encryptedMessageHex)));
+    decipher.finish();
+    return decipher.output.toString();
+}
+// Deprecated in favor of decryptWithPrivateKey
+export function decryptWithKeyPair(keyPair, encryptedMessageHex, encryptedKeyHex) {
+    const encryptedKey = Buffer.from(encryptedKeyHex, 'hex').toString('utf-8');
+    const key = keyPair.privateKey.decrypt(encryptedKey, RSA_ENCRYPTION_SCHEME);
+    return decipherEncryptedMessageHex(key, encryptedMessageHex);
+}
+export function decryptWithPrivateKey(privateKey, encryptedMessageHex, encryptedKeyHex) {
+    const encryptedKey = Buffer.from(encryptedKeyHex, 'hex').toString('utf-8');
+    const key = privateKey.decrypt(encryptedKey, RSA_ENCRYPTION_SCHEME);
+    return decipherEncryptedMessageHex(key, encryptedMessageHex);
+}
+function decryptWithDerivedPrivateKey(ctx, { seedValue, encryptedMessageHex, encryptedKeyHex, }) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const keyPair = yield getAsymmetricKeyPair(ctx, seedValue);
+        return decryptWithPrivateKey(keyPair.privateKey, encryptedMessageHex, encryptedKeyHex);
+    });
+}
+export function getDerivedPrivateKeyAndDecrypt(ctx, seedValue, encryptedShares) {
+    return __awaiter(this, void 0, void 0, function* () {
+        return Promise.all(encryptedShares.map((share) => __awaiter(this, void 0, void 0, function* () {
+            return ({
+                walletId: share.walletId,
+                walletScheme: share.walletScheme,
+                partnerId: share.partnerId,
+                signer: yield decryptWithDerivedPrivateKey(ctx, {
+                    seedValue,
+                    encryptedMessageHex: share.encryptedShare,
+                    encryptedKeyHex: share.encryptedKey,
+                }),
+                protocolId: share.protocolId,
+            });
+        })));
+    });
+}
+export function decryptPrivateKeyAndDecryptShare(encryptionKey, encryptedShares, encryptedPrivateKey) {
+    return __awaiter(this, void 0, void 0, function* () {
+        let privateKey;
+        try {
+            privateKey = yield decryptPrivateKey(encryptedPrivateKey, encryptionKey);
+        }
+        catch (e) { }
+        try {
+            privateKey = yield decryptPrivateKeyWithPassword(encryptedPrivateKey, encryptionKey);
+        }
+        catch (e) { }
+        if (!privateKey) {
+            throw new Error('Could not decrypt private key');
+        }
+        return encryptedShares.map(share => ({
+            walletId: share.walletId,
+            walletScheme: share.walletScheme,
+            partnerId: share.partnerId,
+            signer: decryptWithPrivateKey(privateKey, share.encryptedShare, share.encryptedKey),
+            protocolId: share.protocolId,
+        }));
+    });
+}
+export function encryptWithDerivedPublicKey(publicKeyHex, message) {
+    const { key, encryptedMessageHex } = symmetricKeyEncryptMessage(message);
+    const publicKeyPem = publicKeyHexToPem(publicKeyHex);
+    const publicKey = forge.pki.publicKeyFromPem(publicKeyPem);
+    const encryptedKey = publicKey.encrypt(key, RSA_ENCRYPTION_SCHEME);
+    const encryptedKeyHex = Buffer.from(encryptedKey, 'utf-8').toString('hex');
+    return { encryptedMessageHex, encryptedKeyHex };
+}
+export function hashPasswordWithSalt(password) {
+    const salt = generateSalt();
+    const saltedPassword = salt + password;
+    const hash = getSHA256HashHex(saltedPassword);
+    return { salt, hash };
+}
+function generateSalt(length = 16) {
+    return forge.util.bytesToHex(forge.random.getBytesSync(length));
+}
+function deriveCryptoKeyFromPassword(hashedPassword) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const keyBuffer = Buffer.from(hashedPassword, 'hex');
+        return yield window.crypto.subtle.importKey('raw', keyBuffer, {
+            name: 'AES-GCM',
+            length: 256,
+        }, true, ['encrypt', 'decrypt']);
+    });
+}
+export function encryptPrivateKeyWithPassword(keyPair, hashedPassword) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const cryptoKey = yield deriveCryptoKeyFromPassword(hashedPassword);
+        const privateKeyPemHex = encodePrivateKeyToPemHex(keyPair);
+        const encodedPlaintext = new TextEncoder().encode(privateKeyPemHex);
+        const ciphertext = yield window.crypto.subtle.encrypt({ name: 'AES-GCM', iv: CONSTANT_IV_AES }, cryptoKey, encodedPlaintext);
+        return Buffer.from(ciphertext).toString('base64');
+    });
+}
+export function decryptPrivateKeyWithPassword(encryptedPrivateKeyPemHex, hashedPassword) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const secretKey = yield crypto.subtle.importKey('raw', Buffer.from(hashedPassword, 'hex'), {
+            name: 'AES-GCM',
+            length: 256,
+        }, true, ['encrypt', 'decrypt']);
+        const cleartext = yield crypto.subtle.decrypt({ name: 'AES-GCM', iv: CONSTANT_IV_AES }, secretKey, Buffer.from(encryptedPrivateKeyPemHex, 'base64'));
+        const privateKeyPemHex = new TextDecoder().decode(cleartext);
+        const privateKey = decodePrivateKeyPemHex(privateKeyPemHex);
+        return privateKey;
+    });
+}

package/dist/esm/definitions.js

@@ -0,0 +1,142 @@
+import { Buffer as NodeBuffer } from 'buffer';
+if (typeof global !== 'undefined') {
+    global.Buffer = global.Buffer || NodeBuffer;
+}
+else if (typeof window !== 'undefined') {
+    window.Buffer = window.Buffer || NodeBuffer;
+    window.global = window.global || window;
+}
+else {
+    self.Buffer = self.Buffer || NodeBuffer;
+    self.global = self.global || self;
+}
+import { Network, OnRampAsset, OnRampProvider, OnRampPurchaseStatus, WalletScheme, WalletType, } from '@getpara/user-management-client';
+export { Network, OnRampAsset, OnRampProvider, OnRampPurchaseStatus };
+export const is2FAEnabled = false;
+export var Environment;
+(function (Environment) {
+    // Internal Environments
+    Environment["DEV"] = "DEV";
+    Environment["SANDBOX"] = "SANDBOX";
+    Environment["BETA"] = "BETA";
+    Environment["PROD"] = "PROD";
+    // Customer-Facing Environments
+    // NOTE: these resolve to the corresponding internal environments for convenience
+    Environment["DEVELOPMENT"] = "BETA";
+    Environment["PRODUCTION"] = "PROD";
+})(Environment || (Environment = {}));
+export var EnabledFlow;
+(function (EnabledFlow) {
+    EnabledFlow["BUY"] = "BUY";
+    EnabledFlow["RECEIVE"] = "RECEIVE";
+    EnabledFlow["WITHDRAW"] = "WITHDRAW";
+})(EnabledFlow || (EnabledFlow = {}));
+export var OnRampMethod;
+(function (OnRampMethod) {
+    OnRampMethod["ACH"] = "ACH";
+    OnRampMethod["DEBIT"] = "Debit";
+    OnRampMethod["CREDIT"] = "Credit";
+    OnRampMethod["APPLE_PAY"] = "Apple Pay";
+})(OnRampMethod || (OnRampMethod = {}));
+export const WalletSchemeTypeMap = {
+    [WalletScheme.DKLS]: {
+        [WalletType.EVM]: true,
+        [WalletType.COSMOS]: true,
+    },
+    [WalletScheme.CGGMP]: {
+        [WalletType.EVM]: true,
+        [WalletType.COSMOS]: true,
+    },
+    [WalletScheme.ED25519]: {
+        [WalletType.SOLANA]: true,
+    },
+};
+export function getPortalDomain(env, isE2E) {
+    if (isE2E) {
+        return `localhost`;
+    }
+    switch (env) {
+        case Environment.DEV:
+            return 'localhost';
+        case Environment.SANDBOX:
+            return 'app.sandbox.usecapsule.com';
+        case Environment.BETA:
+            return 'app.beta.usecapsule.com';
+        case Environment.PROD:
+            return 'app.usecapsule.com';
+        default:
+            throw new Error(`env: ${env} not supported`);
+    }
+}
+export function getPortalBaseURL({ env, isE2E }, useLocalIp, isForWasm) {
+    if (isE2E) {
+        if (isForWasm) {
+            return `https://app.sandbox.usecapsule.com`;
+        }
+        return `http://localhost:3003`;
+    }
+    const domain = getPortalDomain(env);
+    if (env === Environment.DEV) {
+        if (useLocalIp) {
+            return `http://127.0.0.1:3003`;
+        }
+        return `http://${domain}:3003`;
+    }
+    return `https://${domain}`;
+}
+export function getParaConnectDomain(env) {
+    switch (env) {
+        case Environment.DEV:
+            return 'localhost';
+        case Environment.SANDBOX:
+            return 'connect.sandbox.getpara.com';
+        case Environment.BETA:
+            return 'connect.beta.getpara.com';
+        case Environment.PROD:
+            return 'connect.getpara.com';
+        default:
+            throw new Error(`env: ${env} not supported`);
+    }
+}
+export function getParaConnectBaseUrl({ env }, useLocalIp) {
+    const domain = getParaConnectDomain(env);
+    if (env === Environment.DEV) {
+        if (useLocalIp) {
+            return `http://127.0.0.1:3008`;
+        }
+        return `http://${domain}:3008`;
+    }
+    return `https://${domain}`;
+}
+export const EXTERNAL_WALLET_CHANGE_EVENT = 'paraExternalWalletChange';
+export const CURRENT_WALLET_IDS_CHANGE_EVENT = 'paraCurrentWalletIdsChange';
+export function toAssetInfoArray(data) {
+    const result = [];
+    Object.keys(data).forEach(walletType => {
+        const networks = data[walletType];
+        Object.keys(networks).forEach(network => {
+            const assets = networks[network];
+            Object.keys(assets).forEach(asset => {
+                const providerInfo = assets[asset];
+                result.push([walletType, network, asset, providerInfo]);
+            });
+        });
+    });
+    return result;
+}
+export function getOnRampNetworks(data, { walletType, allowed } = {}) {
+    return [
+        ...new Set(toAssetInfoArray(data)
+            .filter(([type, network]) => (!walletType || type === walletType) && (!allowed || allowed.includes(network)))
+            .map(([_, network]) => network)),
+    ];
+}
+export function getOnRampAssets(data, { walletType, network, allowed, } = {}) {
+    return [
+        ...new Set(toAssetInfoArray(data)
+            .filter(([t, n, a]) => (!walletType || t === walletType) &&
+            (!network || n === network) &&
+            (!Array.isArray(allowed) || allowed.includes(a)))
+            .map(([, , asset]) => asset)),
+    ];
+}

package/dist/esm/errors.js

@@ -0,0 +1,21 @@
+export class TransactionReviewError extends Error {
+    constructor(transactionReviewUrl) {
+        super('transaction review error');
+        this.name = 'TransactionReviewError';
+        this.transactionReviewUrl = transactionReviewUrl;
+    }
+}
+export class TransactionReviewDenied extends Error {
+    constructor() {
+        super('transaction review has been denied by the user');
+        this.name = 'TransactionReviewDenied';
+    }
+}
+export class TransactionReviewTimeout extends Error {
+    constructor(transactionReviewUrl, pendingTransactionId) {
+        super('transaction review has timed out');
+        this.name = 'TransactionReviewTimeout';
+        this.transactionReviewUrl = transactionReviewUrl;
+        this.pendingTransactionId = pendingTransactionId;
+    }
+}

package/dist/esm/external/mpcComputationClient.js

@@ -0,0 +1,26 @@
+import axios from 'axios';
+export function initClient(baseURL, useAdapter) {
+    const client = axios.create({ baseURL });
+    if (useAdapter) {
+        client.defaults.adapter = function (config) {
+            return fetch(config.baseURL + config.url, {
+                method: config.method,
+                headers: config.headers,
+                body: config.data,
+                credentials: config.withCredentials ? 'include' : undefined,
+            })
+                .then(response => response.text().then(text => ({
+                data: text,
+                status: response.status,
+                statusText: response.statusText,
+                headers: response.headers,
+                config: config,
+                request: fetch,
+            })))
+                .catch(function (reason) {
+                throw reason;
+            });
+        };
+    }
+    return client;
+}

package/dist/esm/external/userManagementClient.js

@@ -0,0 +1,42 @@
+import Client from '@getpara/user-management-client';
+import { Environment } from '../definitions.js';
+export function getBaseUrl(env) {
+    switch (env) {
+        case Environment.DEV:
+            return 'http://localhost:8080/';
+        case Environment.SANDBOX:
+            return 'https://api.sandbox.getpara.com/';
+        case Environment.BETA:
+            return 'https://api.beta.getpara.com/';
+        case Environment.PROD:
+            return 'https://api.getpara.com/';
+        default:
+            throw new Error(`unsupported env: ${env}`);
+    }
+}
+export function getBaseMPCNetworkUrl(env, useWebsocket) {
+    const prefix = useWebsocket ? 'ws' : 'http';
+    switch (env) {
+        case Environment.DEV:
+            return `${prefix}://localhost:3000`;
+        case Environment.SANDBOX:
+            return `${prefix}s://mpc-network.sandbox.getpara.com`;
+        case Environment.BETA:
+            return `${prefix}s://mpc-network.beta.getpara.com`;
+        case Environment.PROD:
+            return `${prefix}s://mpc-network.prod.getpara.com`;
+        default:
+            throw new Error(`unsupported env: ${env}`);
+    }
+}
+export function initClient({ env, version, apiKey, partnerId, useFetchAdapter = false, retrieveSessionCookie, persistSessionCookie, }) {
+    return new Client({
+        userManagementHost: getBaseUrl(env),
+        version: [Environment.DEV, Environment.SANDBOX].includes(env) ? 'dev' : version,
+        apiKey: apiKey,
+        partnerId,
+        opts: { useFetchAdapter },
+        retrieveSessionCookie,
+        persistSessionCookie,
+    });
+}

package/dist/esm/index.js

@@ -0,0 +1,19 @@
+import { ParaCore, PREFIX as STORAGE_PREFIX, PregenIdentifierType, isWalletSupported } from './ParaCore.js';
+export { AuthMethod, EmailTheme, WalletType, WalletScheme, OnRampPurchaseType, OAuthMethod, NON_ED25519, PREGEN_IDENTIFIER_TYPES, } from '@getpara/user-management-client';
+export * from './definitions.js';
+export * from './types/index.js';
+export { distributeNewShare } from './shares/shareDistribution.js';
+export { KeyContainer } from './shares/KeyContainer.js';
+export { RecoveryStatus, stringToPhoneNumber, entityToWallet } from './ParaCore.js';
+export { getBaseUrl, initClient } from './external/userManagementClient.js';
+import * as mpcComputationClient_1 from './external/mpcComputationClient.js';
+export { mpcComputationClient_1 as mpcComputationClient };
+export { decryptWithKeyPair, decryptWithPrivateKey, getAsymmetricKeyPair, getPublicKeyHex, encryptWithDerivedPublicKey, encodePrivateKeyToPemHex, getDerivedPrivateKeyAndDecrypt, getPublicKeyFromSignature, getSHA256HashHex, encryptPrivateKey, decryptPrivateKey, decryptPrivateKeyAndDecryptShare, hashPasswordWithSalt, encryptPrivateKeyWithPassword, decryptPrivateKeyWithPassword, publicKeyFromHex, } from './cryptography/utils.js';
+export * from './external/userManagementClient.js';
+export * from './utils/pollingUtils.js';
+export * from './errors.js';
+export * from './utils/formattingUtils.js';
+export { retrieve as transmissionUtilsRetrieve } from './transmission/transmissionUtils.js';
+export { STORAGE_PREFIX, PregenIdentifierType, isWalletSupported };
+export const paraVersion = ParaCore.version;
+export default ParaCore;

package/dist/esm/package.json

@@ -0,0 +1 @@
+{"type":"module","sideEffects":false}

package/dist/esm/shares/KeyContainer.js

@@ -0,0 +1,57 @@
+import { Encrypt as ECIESEncrypt, Decrypt as ECIESDecrypt } from '@celo/utils/lib/ecies.js';
+import * as eutil from 'ethereumjs-util';
+import * as forge from 'node-forge';
+export class KeyContainer {
+    constructor(walletId, keyshare, address) {
+        this.walletId = walletId;
+        this.keyshare = keyshare;
+        this.address = address;
+        this.backupDecryptionKey = Buffer.from(forge.random.getBytesSync(32), 'binary').toString('hex');
+    }
+    static buildFrom(serializedContainer) {
+        try {
+            const parsedObject = JSON.parse(serializedContainer);
+            return Object.assign(new KeyContainer('', '', ''), parsedObject);
+        }
+        catch (e) {
+            const container = new KeyContainer('', '', '');
+            container.backupDecryptionKey = serializedContainer.split('|')[0];
+            return container;
+        }
+    }
+    getPublicEncryptionKey() {
+        return Buffer.from(eutil.privateToPublic(Buffer.from(this.backupDecryptionKey, 'hex')));
+    }
+    getPublicEncryptionKeyHex() {
+        return this.getPublicEncryptionKey().toString('hex');
+    }
+    encryptForSelf(backup) {
+        try {
+            const pubkey = this.getPublicEncryptionKey();
+            const data = ECIESEncrypt(pubkey, Buffer.from(backup, 'ucs2')).toString('base64');
+            return data;
+        }
+        catch (error) {
+            throw Error('Error encrypting backup');
+        }
+    }
+    static encryptWithPublicKey(publicKey, backup) {
+        try {
+            const data = ECIESEncrypt(publicKey, Buffer.from(backup, 'ucs2')).toString('base64');
+            return data;
+        }
+        catch (error) {
+            throw Error('Error encrypting backup');
+        }
+    }
+    decrypt(encryptedBackup) {
+        try {
+            const buf = Buffer.from(encryptedBackup, 'base64');
+            const data = ECIESDecrypt(Buffer.from(this.backupDecryptionKey, 'hex'), buf);
+            return Buffer.from(data.buffer).toString('ucs2');
+        }
+        catch (error) {
+            throw Error('Error decrypting backup');
+        }
+    }
+}

package/dist/esm/shares/recovery.js

@@ -0,0 +1,58 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { EncryptorType, KeyShareType } from '@getpara/user-management-client';
+import { KeyContainer } from './KeyContainer.js';
+export function sendRecoveryForShare({ ctx, userId, walletId, otherEncryptedShares = [], userSigner, ignoreRedistributingBackupEncryptedShare = false, emailProps = {}, forceRefresh = false, }) {
+    return __awaiter(this, void 0, void 0, function* () {
+        if (ignoreRedistributingBackupEncryptedShare) {
+            yield ctx.client.uploadUserKeyShares(userId, otherEncryptedShares.map(share => (Object.assign({ walletId }, share))));
+            return '';
+        }
+        let userBackupKeyShareOptsArr;
+        let recoveryPrivateKeyContainer;
+        const { recoveryPublicKeys } = yield ctx.client.getRecoveryPublicKeys(userId);
+        if (forceRefresh || !(recoveryPublicKeys === null || recoveryPublicKeys === void 0 ? void 0 : recoveryPublicKeys.length)) {
+            recoveryPrivateKeyContainer = new KeyContainer(walletId, '', '');
+            const { recoveryPublicKeys } = yield ctx.client.persistRecoveryPublicKeys(userId, [
+                recoveryPrivateKeyContainer.getPublicEncryptionKeyHex(),
+            ]);
+            const encryptedUserBackup = recoveryPrivateKeyContainer.encryptForSelf(userSigner);
+            userBackupKeyShareOptsArr = [
+                {
+                    walletId,
+                    encryptedShare: encryptedUserBackup,
+                    type: KeyShareType.USER,
+                    encryptor: EncryptorType.RECOVERY,
+                    recoveryPublicKeyId: recoveryPublicKeys[0].id,
+                },
+            ];
+        }
+        else {
+            userBackupKeyShareOptsArr = recoveryPublicKeys.map(recoveryPublicKey => {
+                const { id: recoveryPublicKeyId, publicKey } = recoveryPublicKey;
+                const encryptedUserBackup = KeyContainer.encryptWithPublicKey(Buffer.from(publicKey, 'hex'), userSigner);
+                return {
+                    walletId,
+                    encryptedShare: encryptedUserBackup,
+                    type: KeyShareType.USER,
+                    encryptor: EncryptorType.RECOVERY,
+                    recoveryPublicKeyId,
+                };
+            });
+        }
+        yield ctx.client.uploadUserKeyShares(userId, [
+            ...otherEncryptedShares.map(share => (Object.assign({ walletId }, share))),
+            ...(ignoreRedistributingBackupEncryptedShare ? [] : userBackupKeyShareOptsArr),
+        ]);
+        yield ctx.client.distributeParaShare(Object.assign({ userId,
+            walletId, useDKLS: ctx.useDKLS }, emailProps));
+        return recoveryPrivateKeyContainer ? JSON.stringify(recoveryPrivateKeyContainer) : '';
+    });
+}

package/dist/esm/shares/shareDistribution.js

@@ -0,0 +1,63 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { EncryptorType, KeyShareType } from '@getpara/user-management-client';
+import { encryptWithDerivedPublicKey } from '../cryptography/utils.js';
+import { sendRecoveryForShare } from './recovery.js';
+// function to call on new user share to perform all necessary distribution
+export function distributeNewShare({ ctx, userId, walletId, userShare, ignoreRedistributingBackupEncryptedShare = false, emailProps = {}, partnerId, protocolId, }) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const publicKeysRes = yield ctx.client.getSessionPublicKeys(userId);
+        const biometricEncryptedShares = publicKeysRes.data.keys
+            .map(key => {
+            if (!key.publicKey) {
+                return;
+            }
+            const { encryptedMessageHex, encryptedKeyHex } = encryptWithDerivedPublicKey(key.sigDerivedPublicKey, userShare);
+            return {
+                encryptedShare: encryptedMessageHex,
+                encryptedKey: encryptedKeyHex,
+                type: KeyShareType.USER,
+                encryptor: EncryptorType.BIOMETRICS,
+                biometricPublicKey: key.sigDerivedPublicKey,
+                partnerId,
+                protocolId,
+            };
+        })
+            .filter(Boolean);
+        const passwords = yield ctx.client.getPasswords({ userId });
+        const passwordEncryptedShares = passwords
+            .map(password => {
+            if (password.status === 'PENDING') {
+                return;
+            }
+            const { encryptedMessageHex, encryptedKeyHex } = encryptWithDerivedPublicKey(password.sigDerivedPublicKey, userShare);
+            return {
+                encryptedShare: encryptedMessageHex,
+                encryptedKey: encryptedKeyHex,
+                type: KeyShareType.USER,
+                encryptor: EncryptorType.PASSWORD,
+                passwordId: password.id,
+                partnerId,
+                protocolId,
+            };
+        })
+            .filter(Boolean);
+        const allEncryptedShares = [...biometricEncryptedShares, ...passwordEncryptedShares];
+        return yield sendRecoveryForShare({
+            ctx,
+            userId,
+            walletId,
+            otherEncryptedShares: allEncryptedShares,
+            userSigner: userShare,
+            ignoreRedistributingBackupEncryptedShare,
+            emailProps,
+        });
+    });
+}