npm - @haneullabs/signers - Versions diffs - 0.1.0 - Mend

@haneullabs/signers 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (88) hide show

package/CHANGELOG.md +555 -0
package/README.md +200 -0
package/aws/package.json +6 -0
package/dist/cjs/aws/aws-client.d.ts +43 -0
package/dist/cjs/aws/aws-client.js +79 -0
package/dist/cjs/aws/aws-client.js.map +7 -0
package/dist/cjs/aws/aws-kms-signer.d.ts +61 -0
package/dist/cjs/aws/aws-kms-signer.js +114 -0
package/dist/cjs/aws/aws-kms-signer.js.map +7 -0
package/dist/cjs/aws/aws4fetch.d.ts +125 -0
package/dist/cjs/aws/aws4fetch.js +382 -0
package/dist/cjs/aws/aws4fetch.js.map +7 -0
package/dist/cjs/aws/index.d.ts +5 -0
package/dist/cjs/aws/index.js +25 -0
package/dist/cjs/aws/index.js.map +7 -0
package/dist/cjs/gcp/gcp-kms-client.d.ts +68 -0
package/dist/cjs/gcp/gcp-kms-client.js +147 -0
package/dist/cjs/gcp/gcp-kms-client.js.map +7 -0
package/dist/cjs/gcp/index.d.ts +4 -0
package/dist/cjs/gcp/index.js +25 -0
package/dist/cjs/gcp/index.js.map +7 -0
package/dist/cjs/ledger/bcs.d.ts +14 -0
package/dist/cjs/ledger/bcs.js +85 -0
package/dist/cjs/ledger/bcs.js.map +7 -0
package/dist/cjs/ledger/index.d.ts +66 -0
package/dist/cjs/ledger/index.js +158 -0
package/dist/cjs/ledger/index.js.map +7 -0
package/dist/cjs/ledger/objects.d.ts +5 -0
package/dist/cjs/ledger/objects.js +60 -0
package/dist/cjs/ledger/objects.js.map +7 -0
package/dist/cjs/package.json +5 -0
package/dist/cjs/utils/utils.d.ts +18 -0
package/dist/cjs/utils/utils.js +85 -0
package/dist/cjs/utils/utils.js.map +7 -0
package/dist/cjs/webcrypto/index.d.ts +26 -0
package/dist/cjs/webcrypto/index.js +112 -0
package/dist/cjs/webcrypto/index.js.map +7 -0
package/dist/esm/aws/aws-client.d.ts +43 -0
package/dist/esm/aws/aws-client.js +59 -0
package/dist/esm/aws/aws-client.js.map +7 -0
package/dist/esm/aws/aws-kms-signer.d.ts +61 -0
package/dist/esm/aws/aws-kms-signer.js +94 -0
package/dist/esm/aws/aws-kms-signer.js.map +7 -0
package/dist/esm/aws/aws4fetch.d.ts +125 -0
package/dist/esm/aws/aws4fetch.js +362 -0
package/dist/esm/aws/aws4fetch.js.map +7 -0
package/dist/esm/aws/index.d.ts +5 -0
package/dist/esm/aws/index.js +5 -0
package/dist/esm/aws/index.js.map +7 -0
package/dist/esm/gcp/gcp-kms-client.d.ts +68 -0
package/dist/esm/gcp/gcp-kms-client.js +127 -0
package/dist/esm/gcp/gcp-kms-client.js.map +7 -0
package/dist/esm/gcp/index.d.ts +4 -0
package/dist/esm/gcp/index.js +5 -0
package/dist/esm/gcp/index.js.map +7 -0
package/dist/esm/ledger/bcs.d.ts +14 -0
package/dist/esm/ledger/bcs.js +70 -0
package/dist/esm/ledger/bcs.js.map +7 -0
package/dist/esm/ledger/index.d.ts +66 -0
package/dist/esm/ledger/index.js +138 -0
package/dist/esm/ledger/index.js.map +7 -0
package/dist/esm/ledger/objects.d.ts +5 -0
package/dist/esm/ledger/objects.js +40 -0
package/dist/esm/ledger/objects.js.map +7 -0
package/dist/esm/package.json +5 -0
package/dist/esm/utils/utils.d.ts +18 -0
package/dist/esm/utils/utils.js +65 -0
package/dist/esm/utils/utils.js.map +7 -0
package/dist/esm/webcrypto/index.d.ts +26 -0
package/dist/esm/webcrypto/index.js +92 -0
package/dist/esm/webcrypto/index.js.map +7 -0
package/dist/tsconfig.esm.tsbuildinfo +1 -0
package/dist/tsconfig.tsbuildinfo +1 -0
package/gcp/package.json +6 -0
package/ledger/package.json +6 -0
package/package.json +76 -0
package/src/aws/aws-client.ts +107 -0
package/src/aws/aws-kms-signer.ts +111 -0
package/src/aws/aws4fetch.ts +502 -0
package/src/aws/index.ts +9 -0
package/src/gcp/gcp-kms-client.ts +165 -0
package/src/gcp/index.ts +9 -0
package/src/ledger/bcs.ts +87 -0
package/src/ledger/index.ts +164 -0
package/src/ledger/objects.ts +56 -0
package/src/utils/utils.ts +119 -0
package/src/webcrypto/index.ts +108 -0
package/webcrypto/package.json +6 -0

package/dist/esm/aws/aws4fetch.d.ts ADDED Viewed

@@ -0,0 +1,125 @@
+type AwsRequestInit = RequestInit & {
+    aws?: {
+        accessKeyId?: string;
+        secretAccessKey?: string;
+        sessionToken?: string;
+        service?: string;
+        region?: string;
+        cache?: Map<string, ArrayBuffer>;
+        datetime?: string;
+        signQuery?: boolean;
+        appendSessionToken?: boolean;
+        allHeaders?: boolean;
+        singleEncode?: boolean;
+    };
+};
+export declare class AwsClient {
+    accessKeyId: string;
+    secretAccessKey: string;
+    sessionToken: string | undefined;
+    service: string | undefined;
+    region: string | undefined;
+    cache: Map<any, any>;
+    retries: number;
+    initRetryMs: number;
+    /**
+     * @param {} options
+     */
+    constructor({ accessKeyId, secretAccessKey, sessionToken, service, region, cache, retries, initRetryMs, }: {
+        accessKeyId: string;
+        secretAccessKey: string;
+        sessionToken?: string;
+        service?: string;
+        region?: string;
+        cache?: Map<string, ArrayBuffer>;
+        retries?: number;
+        initRetryMs?: number;
+    });
+    sign(input: Request | {
+        toString: () => string;
+    }, init: AwsRequestInit): Promise<Request>;
+    /**
+     * @param {Request | { toString: () => string }} input
+     * @param {?AwsRequestInit} [init]
+     * @returns {Promise<Response>}
+     */
+    fetch(input: Request | {
+        toString: () => string;
+    }, init: AwsRequestInit): Promise<Response>;
+}
+export declare class AwsV4Signer {
+    method: any;
+    url: URL;
+    headers: Headers;
+    body: any;
+    accessKeyId: any;
+    secretAccessKey: any;
+    sessionToken: any;
+    service: any;
+    region: any;
+    cache: any;
+    datetime: any;
+    signQuery: any;
+    appendSessionToken: any;
+    signableHeaders: any[];
+    signedHeaders: any;
+    canonicalHeaders: any;
+    credentialString: string;
+    encodedPath: string;
+    encodedSearch: string;
+    /**
+     * @param {} options
+     */
+    constructor({ method, url, headers, body, accessKeyId, secretAccessKey, sessionToken, service, region, cache, datetime, signQuery, appendSessionToken, allHeaders, singleEncode, }: {
+        method?: string;
+        url: string;
+        headers?: HeadersInit;
+        body?: BodyInit | null;
+        accessKeyId: string;
+        secretAccessKey: string;
+        sessionToken?: string;
+        service?: string;
+        region?: string;
+        cache?: Map<string, ArrayBuffer>;
+        datetime?: string;
+        signQuery?: boolean;
+        appendSessionToken?: boolean;
+        allHeaders?: boolean;
+        singleEncode?: boolean;
+    });
+    /**
+     * @returns {Promise<{
+     *   method: string
+     *   url: URL
+     *   headers: Headers
+     *   body?: BodyInit | null
+     * }>}
+     */
+    sign(): Promise<{
+        method: any;
+        url: URL;
+        headers: Headers;
+        body: any;
+    }>;
+    /**
+     * @returns {Promise<string>}
+     */
+    authHeader(): Promise<string>;
+    /**
+     * @returns {Promise<string>}
+     */
+    signature(): Promise<string>;
+    /**
+     * @returns {Promise<string>}
+     */
+    stringToSign(): Promise<string>;
+    /**
+     * @returns {Promise<string>}
+     */
+    canonicalString(): Promise<string>;
+    /**
+     * @returns {Promise<string>}
+     */
+    hexBodyHash(): Promise<string>;
+}
+export {};

package/dist/esm/aws/aws4fetch.js ADDED Viewed

@@ -0,0 +1,362 @@
+/**
+ * Original implementation https://github.com/mhart/aws4fetch, inlined to reduce external dependencies
+ * @license MIT <https://opensource.org/licenses/MIT>
+ * @copyright Michael Hart 2024
+ */
+const encoder = new TextEncoder();
+const HOST_SERVICES = {
+  appstream2: "appstream",
+  cloudhsmv2: "cloudhsm",
+  email: "ses",
+  marketplace: "aws-marketplace",
+  mobile: "AWSMobileHubService",
+  pinpoint: "mobiletargeting",
+  queue: "sqs",
+  "git-codecommit": "codecommit",
+  "mturk-requester-sandbox": "mturk-requester",
+  "personalize-runtime": "personalize"
+};
+const UNSIGNABLE_HEADERS = /* @__PURE__ */ new Set([
+  "authorization",
+  "content-type",
+  "content-length",
+  "user-agent",
+  "presigned-expires",
+  "expect",
+  "x-amzn-trace-id",
+  "range",
+  "connection"
+]);
+class AwsClient {
+  /**
+   * @param {} options
+   */
+  constructor({
+    accessKeyId,
+    secretAccessKey,
+    sessionToken,
+    service,
+    region,
+    cache,
+    retries,
+    initRetryMs
+  }) {
+    if (accessKeyId == null) throw new TypeError("accessKeyId is a required option");
+    if (secretAccessKey == null) throw new TypeError("secretAccessKey is a required option");
+    this.accessKeyId = accessKeyId;
+    this.secretAccessKey = secretAccessKey;
+    this.sessionToken = sessionToken;
+    this.service = service;
+    this.region = region;
+    this.cache = cache || /* @__PURE__ */ new Map();
+    this.retries = retries != null ? retries : 10;
+    this.initRetryMs = initRetryMs || 50;
+  }
+  async sign(input, init) {
+    if (input instanceof Request) {
+      const { method, url, headers, body } = input;
+      init = Object.assign({ method, url, headers }, init);
+      if (init.body == null && headers.has("Content-Type")) {
+        init.body = body != null && headers.has("X-Amz-Content-Sha256") ? body : await input.clone().arrayBuffer();
+      }
+      input = url;
+    }
+    const signer = new AwsV4Signer(
+      Object.assign({ url: input.toString() }, init, this, init && init.aws)
+    );
+    const signed = Object.assign({}, init, await signer.sign());
+    delete signed.aws;
+    try {
+      return new Request(signed.url.toString(), signed);
+    } catch (e) {
+      if (e instanceof TypeError) {
+        return new Request(signed.url.toString(), Object.assign({ duplex: "half" }, signed));
+      }
+      throw e;
+    }
+  }
+  /**
+   * @param {Request | { toString: () => string }} input
+   * @param {?AwsRequestInit} [init]
+   * @returns {Promise<Response>}
+   */
+  async fetch(input, init) {
+    for (let i = 0; i <= this.retries; i++) {
+      const fetched = fetch(await this.sign(input, init));
+      if (i === this.retries) {
+        return fetched;
+      }
+      const res = await fetched;
+      if (res.status < 500 && res.status !== 429) {
+        return res;
+      }
+      await new Promise(
+        (resolve) => setTimeout(resolve, Math.random() * this.initRetryMs * Math.pow(2, i))
+      );
+    }
+    throw new Error("An unknown error occurred, ensure retries is not negative");
+  }
+}
+class AwsV4Signer {
+  /**
+   * @param {} options
+   */
+  constructor({
+    method,
+    url,
+    headers,
+    body,
+    accessKeyId,
+    secretAccessKey,
+    sessionToken,
+    service,
+    region,
+    cache,
+    datetime,
+    signQuery,
+    appendSessionToken,
+    allHeaders,
+    singleEncode
+  }) {
+    if (url == null) throw new TypeError("url is a required option");
+    if (accessKeyId == null) throw new TypeError("accessKeyId is a required option");
+    if (secretAccessKey == null) throw new TypeError("secretAccessKey is a required option");
+    this.method = method || (body ? "POST" : "GET");
+    this.url = new URL(url);
+    this.headers = new Headers(headers || {});
+    this.body = body;
+    this.accessKeyId = accessKeyId;
+    this.secretAccessKey = secretAccessKey;
+    this.sessionToken = sessionToken;
+    let guessedService, guessedRegion;
+    if (!service || !region) {
+      [guessedService, guessedRegion] = guessServiceRegion(this.url, this.headers);
+    }
+    this.service = service || guessedService || "";
+    this.region = region || guessedRegion || "us-east-1";
+    this.cache = cache || /* @__PURE__ */ new Map();
+    this.datetime = datetime || (/* @__PURE__ */ new Date()).toISOString().replace(/[:-]|\.\d{3}/g, "");
+    this.signQuery = signQuery;
+    this.appendSessionToken = appendSessionToken || this.service === "iotdevicegateway";
+    this.headers.delete("Host");
+    if (this.service === "s3" && !this.signQuery && !this.headers.has("X-Amz-Content-Sha256")) {
+      this.headers.set("X-Amz-Content-Sha256", "UNSIGNED-PAYLOAD");
+    }
+    const params = this.signQuery ? this.url.searchParams : this.headers;
+    params.set("X-Amz-Date", this.datetime);
+    if (this.sessionToken && !this.appendSessionToken) {
+      params.set("X-Amz-Security-Token", this.sessionToken);
+    }
+    this.signableHeaders = ["host", ...this.headers.keys()].filter((header) => allHeaders || !UNSIGNABLE_HEADERS.has(header)).sort();
+    this.signedHeaders = this.signableHeaders.join(";");
+    this.canonicalHeaders = this.signableHeaders.map(
+      (header) => header + ":" + (header === "host" ? this.url.host : (this.headers.get(header) || "").replace(/\s+/g, " "))
+    ).join("\n");
+    this.credentialString = [
+      this.datetime.slice(0, 8),
+      this.region,
+      this.service,
+      "aws4_request"
+    ].join("/");
+    if (this.signQuery) {
+      if (this.service === "s3" && !params.has("X-Amz-Expires")) {
+        params.set("X-Amz-Expires", "86400");
+      }
+      params.set("X-Amz-Algorithm", "AWS4-HMAC-SHA256");
+      params.set("X-Amz-Credential", this.accessKeyId + "/" + this.credentialString);
+      params.set("X-Amz-SignedHeaders", this.signedHeaders);
+    }
+    if (this.service === "s3") {
+      try {
+        this.encodedPath = decodeURIComponent(this.url.pathname.replace(/\+/g, " "));
+      } catch {
+        this.encodedPath = this.url.pathname;
+      }
+    } else {
+      this.encodedPath = this.url.pathname.replace(/\/+/g, "/");
+    }
+    if (!singleEncode) {
+      this.encodedPath = encodeURIComponent(this.encodedPath).replace(/%2F/g, "/");
+    }
+    this.encodedPath = encodeRfc3986(this.encodedPath);
+    const seenKeys = /* @__PURE__ */ new Set();
+    this.encodedSearch = [...this.url.searchParams].filter(([k]) => {
+      if (!k) return false;
+      if (this.service === "s3") {
+        if (seenKeys.has(k)) return false;
+        seenKeys.add(k);
+      }
+      return true;
+    }).map((pair) => pair.map((p) => encodeRfc3986(encodeURIComponent(p)))).sort(([k1, v1], [k2, v2]) => k1 < k2 ? -1 : k1 > k2 ? 1 : v1 < v2 ? -1 : v1 > v2 ? 1 : 0).map((pair) => pair.join("=")).join("&");
+  }
+  /**
+   * @returns {Promise<{
+   *   method: string
+   *   url: URL
+   *   headers: Headers
+   *   body?: BodyInit | null
+   * }>}
+   */
+  async sign() {
+    if (this.signQuery) {
+      this.url.searchParams.set("X-Amz-Signature", await this.signature());
+      if (this.sessionToken && this.appendSessionToken) {
+        this.url.searchParams.set("X-Amz-Security-Token", this.sessionToken);
+      }
+    } else {
+      this.headers.set("Authorization", await this.authHeader());
+    }
+    return {
+      method: this.method,
+      url: this.url,
+      headers: this.headers,
+      body: this.body
+    };
+  }
+  /**
+   * @returns {Promise<string>}
+   */
+  async authHeader() {
+    return [
+      "AWS4-HMAC-SHA256 Credential=" + this.accessKeyId + "/" + this.credentialString,
+      "SignedHeaders=" + this.signedHeaders,
+      "Signature=" + await this.signature()
+    ].join(", ");
+  }
+  /**
+   * @returns {Promise<string>}
+   */
+  async signature() {
+    const date = this.datetime.slice(0, 8);
+    const cacheKey = [this.secretAccessKey, date, this.region, this.service].join();
+    let kCredentials = this.cache.get(cacheKey);
+    if (!kCredentials) {
+      const kDate = await hmac("AWS4" + this.secretAccessKey, date);
+      const kRegion = await hmac(kDate, this.region);
+      const kService = await hmac(kRegion, this.service);
+      kCredentials = await hmac(kService, "aws4_request");
+      this.cache.set(cacheKey, kCredentials);
+    }
+    return buf2hex(await hmac(kCredentials, await this.stringToSign()));
+  }
+  /**
+   * @returns {Promise<string>}
+   */
+  async stringToSign() {
+    return [
+      "AWS4-HMAC-SHA256",
+      this.datetime,
+      this.credentialString,
+      buf2hex(await hash(await this.canonicalString()))
+    ].join("\n");
+  }
+  /**
+   * @returns {Promise<string>}
+   */
+  async canonicalString() {
+    return [
+      this.method.toUpperCase(),
+      this.encodedPath,
+      this.encodedSearch,
+      this.canonicalHeaders + "\n",
+      this.signedHeaders,
+      await this.hexBodyHash()
+    ].join("\n");
+  }
+  /**
+   * @returns {Promise<string>}
+   */
+  async hexBodyHash() {
+    let hashHeader = this.headers.get("X-Amz-Content-Sha256") || (this.service === "s3" && this.signQuery ? "UNSIGNED-PAYLOAD" : null);
+    if (hashHeader == null) {
+      if (this.body && typeof this.body !== "string" && !("byteLength" in this.body)) {
+        throw new Error(
+          "body must be a string, ArrayBuffer or ArrayBufferView, unless you include the X-Amz-Content-Sha256 header"
+        );
+      }
+      hashHeader = buf2hex(await hash(this.body || ""));
+    }
+    return hashHeader;
+  }
+}
+async function hmac(key, string) {
+  const cryptoKey = await crypto.subtle.importKey(
+    "raw",
+    typeof key === "string" ? encoder.encode(key) : key,
+    { name: "HMAC", hash: { name: "SHA-256" } },
+    false,
+    ["sign"]
+  );
+  return crypto.subtle.sign("HMAC", cryptoKey, encoder.encode(string));
+}
+async function hash(content) {
+  return crypto.subtle.digest(
+    "SHA-256",
+    typeof content === "string" ? encoder.encode(content) : content
+  );
+}
+const HEX_CHARS = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f"];
+function buf2hex(arrayBuffer) {
+  const buffer = new Uint8Array(arrayBuffer);
+  let out = "";
+  for (let idx = 0; idx < buffer.length; idx++) {
+    const n = buffer[idx];
+    out += HEX_CHARS[n >>> 4 & 15];
+    out += HEX_CHARS[n & 15];
+  }
+  return out;
+}
+function encodeRfc3986(urlEncodedStr) {
+  return urlEncodedStr.replace(/[!'()*]/g, (c) => "%" + c.charCodeAt(0).toString(16).toUpperCase());
+}
+function guessServiceRegion(url, headers) {
+  const { hostname, pathname } = url;
+  if (hostname.endsWith(".on.aws")) {
+    const match2 = hostname.match(/^[^.]{1,63}\.lambda-url\.([^.]{1,63})\.on\.aws$/);
+    return match2 != null ? ["lambda", match2[1] || ""] : ["", ""];
+  }
+  if (hostname.endsWith(".r2.cloudflarestorage.com")) {
+    return ["s3", "auto"];
+  }
+  if (hostname.endsWith(".backblazeb2.com")) {
+    const match2 = hostname.match(/^(?:[^.]{1,63}\.)?s3\.([^.]{1,63})\.backblazeb2\.com$/);
+    return match2 != null ? ["s3", match2[1] || ""] : ["", ""];
+  }
+  const match = hostname.replace("dualstack.", "").match(/([^.]{1,63})\.(?:([^.]{0,63})\.)?amazonaws\.com(?:\.cn)?$/);
+  let service = match && match[1] || "";
+  let region = match && match[2];
+  if (region === "us-gov") {
+    region = "us-gov-west-1";
+  } else if (region === "s3" || region === "s3-accelerate") {
+    region = "us-east-1";
+    service = "s3";
+  } else if (service === "iot") {
+    if (hostname.startsWith("iot.")) {
+      service = "execute-api";
+    } else if (hostname.startsWith("data.jobs.iot.")) {
+      service = "iot-jobs-data";
+    } else {
+      service = pathname === "/mqtt" ? "iotdevicegateway" : "iotdata";
+    }
+  } else if (service === "autoscaling") {
+    const targetPrefix = (headers.get("X-Amz-Target") || "").split(".")[0];
+    if (targetPrefix === "AnyScaleFrontendService") {
+      service = "application-autoscaling";
+    } else if (targetPrefix === "AnyScaleScalingPlannerFrontendService") {
+      service = "autoscaling-plans";
+    }
+  } else if (region == null && service.startsWith("s3-")) {
+    region = service.slice(3).replace(/^fips-|^external-1/, "");
+    service = "s3";
+  } else if (service.endsWith("-fips")) {
+    service = service.slice(0, -5);
+  } else if (region && /-\d$/.test(service) && !/-\d$/.test(region)) {
+    [service, region] = [region, service];
+  }
+  return [HOST_SERVICES[service] || service, region || ""];
+}
+export {
+  AwsClient,
+  AwsV4Signer
+};
+//# sourceMappingURL=aws4fetch.js.map

package/dist/esm/aws/aws4fetch.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/aws/aws4fetch.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n/**\n * Original implementation https://github.com/mhart/aws4fetch, inlined to reduce external dependencies\n * @license MIT <https://opensource.org/licenses/MIT>\n * @copyright Michael Hart 2024\n */\n\nconst encoder = new TextEncoder();\n\n/** @type {Record<string, string>} */\nconst HOST_SERVICES: Record<string, string> = {\n\tappstream2: 'appstream',\n\tcloudhsmv2: 'cloudhsm',\n\temail: 'ses',\n\tmarketplace: 'aws-marketplace',\n\tmobile: 'AWSMobileHubService',\n\tpinpoint: 'mobiletargeting',\n\tqueue: 'sqs',\n\t'git-codecommit': 'codecommit',\n\t'mturk-requester-sandbox': 'mturk-requester',\n\t'personalize-runtime': 'personalize',\n};\n\n// https://github.com/aws/aws-sdk-js/blob/cc29728c1c4178969ebabe3bbe6b6f3159436394/lib/signers/v4.js#L190-L198\nconst UNSIGNABLE_HEADERS = new Set([\n\t'authorization',\n\t'content-type',\n\t'content-length',\n\t'user-agent',\n\t'presigned-expires',\n\t'expect',\n\t'x-amzn-trace-id',\n\t'range',\n\t'connection',\n]);\n\ntype AwsRequestInit = RequestInit & {\n\taws?: {\n\t\taccessKeyId?: string;\n\t\tsecretAccessKey?: string;\n\t\tsessionToken?: string;\n\t\tservice?: string;\n\t\tregion?: string;\n\t\tcache?: Map<string, ArrayBuffer>;\n\t\tdatetime?: string;\n\t\tsignQuery?: boolean;\n\t\tappendSessionToken?: boolean;\n\t\tallHeaders?: boolean;\n\t\tsingleEncode?: boolean;\n\t};\n};\n\nexport class AwsClient {\n\taccessKeyId: string;\n\tsecretAccessKey: string;\n\tsessionToken: string | undefined;\n\tservice: string | undefined;\n\tregion: string | undefined;\n\tcache: Map<any, any>;\n\tretries: number;\n\tinitRetryMs: number;\n\t/**\n\t * @param {} options\n\t */\n\tconstructor({\n\t\taccessKeyId,\n\t\tsecretAccessKey,\n\t\tsessionToken,\n\t\tservice,\n\t\tregion,\n\t\tcache,\n\t\tretries,\n\t\tinitRetryMs,\n\t}: {\n\t\taccessKeyId: string;\n\t\tsecretAccessKey: string;\n\t\tsessionToken?: string;\n\t\tservice?: string;\n\t\tregion?: string;\n\t\tcache?: Map<string, ArrayBuffer>;\n\t\tretries?: number;\n\t\tinitRetryMs?: number;\n\t}) {\n\t\tif (accessKeyId == null) throw new TypeError('accessKeyId is a required option');\n\t\tif (secretAccessKey == null) throw new TypeError('secretAccessKey is a required option');\n\t\tthis.accessKeyId = accessKeyId;\n\t\tthis.secretAccessKey = secretAccessKey;\n\t\tthis.sessionToken = sessionToken;\n\t\tthis.service = service;\n\t\tthis.region = region;\n\t\t/** @type {Map<string, ArrayBuffer>} */\n\t\tthis.cache = cache || new Map();\n\t\tthis.retries = retries != null ? retries : 10; // Up to 25.6 secs\n\t\tthis.initRetryMs = initRetryMs || 50;\n\t}\n\n\tasync sign(input: Request | { toString: () => string }, init: AwsRequestInit): Promise<Request> {\n\t\tif (input instanceof Request) {\n\t\t\tconst { method, url, headers, body } = input;\n\t\t\tinit = Object.assign({ method, url, headers }, init);\n\t\t\tif (init.body == null && headers.has('Content-Type')) {\n\t\t\t\tinit.body =\n\t\t\t\t\tbody != null && headers.has('X-Amz-Content-Sha256')\n\t\t\t\t\t\t? body\n\t\t\t\t\t\t: await input.clone().arrayBuffer();\n\t\t\t}\n\t\t\tinput = url;\n\t\t}\n\t\tconst signer = new AwsV4Signer(\n\t\t\tObject.assign({ url: input.toString() }, init, this, init && init.aws),\n\t\t);\n\t\tconst signed = Object.assign({}, init, await signer.sign());\n\t\tdelete signed.aws;\n\t\ttry {\n\t\t\treturn new Request(signed.url.toString(), signed);\n\t\t} catch (e) {\n\t\t\tif (e instanceof TypeError) {\n\t\t\t\t// https://bugs.chromium.org/p/chromium/issues/detail?id=1360943\n\t\t\t\treturn new Request(signed.url.toString(), Object.assign({ duplex: 'half' }, signed));\n\t\t\t}\n\t\t\tthrow e;\n\t\t}\n\t}\n\n\t/**\n\t * @param {Request | { toString: () => string }} input\n\t * @param {?AwsRequestInit} [init]\n\t * @returns {Promise<Response>}\n\t */\n\tasync fetch(input: Request | { toString: () => string }, init: AwsRequestInit) {\n\t\tfor (let i = 0; i <= this.retries; i++) {\n\t\t\tconst fetched = fetch(await this.sign(input, init));\n\t\t\tif (i === this.retries) {\n\t\t\t\treturn fetched; // No need to await if we're returning anyway\n\t\t\t}\n\t\t\tconst res = await fetched;\n\t\t\tif (res.status < 500 && res.status !== 429) {\n\t\t\t\treturn res;\n\t\t\t}\n\t\t\tawait new Promise((resolve) =>\n\t\t\t\tsetTimeout(resolve, Math.random() * this.initRetryMs * Math.pow(2, i)),\n\t\t\t);\n\t\t}\n\t\tthrow new Error('An unknown error occurred, ensure retries is not negative');\n\t}\n}\n\nexport class AwsV4Signer {\n\tmethod: any;\n\turl: URL;\n\theaders: Headers;\n\tbody: any;\n\taccessKeyId: any;\n\tsecretAccessKey: any;\n\tsessionToken: any;\n\tservice: any;\n\tregion: any;\n\tcache: any;\n\tdatetime: any;\n\tsignQuery: any;\n\tappendSessionToken: any;\n\tsignableHeaders: any[];\n\tsignedHeaders: any;\n\tcanonicalHeaders: any;\n\tcredentialString: string;\n\tencodedPath: string;\n\tencodedSearch: string;\n\t/**\n\t * @param {} options\n\t */\n\tconstructor({\n\t\tmethod,\n\t\turl,\n\t\theaders,\n\t\tbody,\n\t\taccessKeyId,\n\t\tsecretAccessKey,\n\t\tsessionToken,\n\t\tservice,\n\t\tregion,\n\t\tcache,\n\t\tdatetime,\n\t\tsignQuery,\n\t\tappendSessionToken,\n\t\tallHeaders,\n\t\tsingleEncode,\n\t}: {\n\t\tmethod?: string;\n\t\turl: string;\n\t\theaders?: HeadersInit;\n\t\tbody?: BodyInit | null;\n\t\taccessKeyId: string;\n\t\tsecretAccessKey: string;\n\t\tsessionToken?: string;\n\t\tservice?: string;\n\t\tregion?: string;\n\t\tcache?: Map<string, ArrayBuffer>;\n\t\tdatetime?: string;\n\t\tsignQuery?: boolean;\n\t\tappendSessionToken?: boolean;\n\t\tallHeaders?: boolean;\n\t\tsingleEncode?: boolean;\n\t}) {\n\t\tif (url == null) throw new TypeError('url is a required option');\n\t\tif (accessKeyId == null) throw new TypeError('accessKeyId is a required option');\n\t\tif (secretAccessKey == null) throw new TypeError('secretAccessKey is a required option');\n\n\t\tthis.method = method || (body ? 'POST' : 'GET');\n\t\tthis.url = new URL(url);\n\t\tthis.headers = new Headers(headers || {});\n\t\tthis.body = body;\n\n\t\tthis.accessKeyId = accessKeyId;\n\t\tthis.secretAccessKey = secretAccessKey;\n\t\tthis.sessionToken = sessionToken;\n\n\t\tlet guessedService, guessedRegion;\n\t\tif (!service || !region) {\n\t\t\t[guessedService, guessedRegion] = guessServiceRegion(this.url, this.headers);\n\t\t}\n\t\tthis.service = service || guessedService || '';\n\t\tthis.region = region || guessedRegion || 'us-east-1';\n\n\t\t/** @type {Map<string, ArrayBuffer>} */\n\t\tthis.cache = cache || new Map();\n\t\tthis.datetime = datetime || new Date().toISOString().replace(/[:-]|\\.\\d{3}/g, '');\n\t\tthis.signQuery = signQuery;\n\t\tthis.appendSessionToken = appendSessionToken || this.service === 'iotdevicegateway';\n\n\t\tthis.headers.delete('Host'); // Can't be set in insecure env anyway\n\n\t\tif (this.service === 's3' && !this.signQuery && !this.headers.has('X-Amz-Content-Sha256')) {\n\t\t\tthis.headers.set('X-Amz-Content-Sha256', 'UNSIGNED-PAYLOAD');\n\t\t}\n\n\t\tconst params = this.signQuery ? this.url.searchParams : this.headers;\n\n\t\tparams.set('X-Amz-Date', this.datetime);\n\t\tif (this.sessionToken && !this.appendSessionToken) {\n\t\t\tparams.set('X-Amz-Security-Token', this.sessionToken);\n\t\t}\n\n\t\t// headers are always lowercase in keys()\n\n\t\tthis.signableHeaders = ['host', ...((this.headers as any).keys() as string[])]\n\t\t\t.filter((header) => allHeaders || !UNSIGNABLE_HEADERS.has(header))\n\t\t\t.sort();\n\n\t\tthis.signedHeaders = this.signableHeaders.join(';');\n\n\t\t// headers are always trimmed:\n\t\t// https://fetch.spec.whatwg.org/#concept-header-value-normalize\n\t\tthis.canonicalHeaders = this.signableHeaders\n\t\t\t.map(\n\t\t\t\t(header) =>\n\t\t\t\t\theader +\n\t\t\t\t\t':' +\n\t\t\t\t\t(header === 'host'\n\t\t\t\t\t\t? this.url.host\n\t\t\t\t\t\t: (this.headers.get(header) || '').replace(/\\s+/g, ' ')),\n\t\t\t)\n\t\t\t.join('\\n');\n\n\t\tthis.credentialString = [\n\t\t\tthis.datetime.slice(0, 8),\n\t\t\tthis.region,\n\t\t\tthis.service,\n\t\t\t'aws4_request',\n\t\t].join('/');\n\n\t\tif (this.signQuery) {\n\t\t\tif (this.service === 's3' && !params.has('X-Amz-Expires')) {\n\t\t\t\tparams.set('X-Amz-Expires', '86400'); // 24 hours\n\t\t\t}\n\t\t\tparams.set('X-Amz-Algorithm', 'AWS4-HMAC-SHA256');\n\t\t\tparams.set('X-Amz-Credential', this.accessKeyId + '/' + this.credentialString);\n\t\t\tparams.set('X-Amz-SignedHeaders', this.signedHeaders);\n\t\t}\n\n\t\tif (this.service === 's3') {\n\t\t\ttry {\n\t\t\t\tthis.encodedPath = decodeURIComponent(this.url.pathname.replace(/\\+/g, ' '));\n\t\t\t} catch {\n\t\t\t\tthis.encodedPath = this.url.pathname;\n\t\t\t}\n\t\t} else {\n\t\t\tthis.encodedPath = this.url.pathname.replace(/\\/+/g, '/');\n\t\t}\n\t\tif (!singleEncode) {\n\t\t\tthis.encodedPath = encodeURIComponent(this.encodedPath).replace(/%2F/g, '/');\n\t\t}\n\t\tthis.encodedPath = encodeRfc3986(this.encodedPath);\n\n\t\tconst seenKeys = new Set();\n\t\tthis.encodedSearch = [...this.url.searchParams]\n\t\t\t.filter(([k]) => {\n\t\t\t\tif (!k) return false; // no empty keys\n\t\t\t\tif (this.service === 's3') {\n\t\t\t\t\tif (seenKeys.has(k)) return false; // first val only for S3\n\t\t\t\t\tseenKeys.add(k);\n\t\t\t\t}\n\t\t\t\treturn true;\n\t\t\t})\n\t\t\t.map((pair) => pair.map((p) => encodeRfc3986(encodeURIComponent(p))))\n\t\t\t.sort(([k1, v1], [k2, v2]) => (k1 < k2 ? -1 : k1 > k2 ? 1 : v1 < v2 ? -1 : v1 > v2 ? 1 : 0))\n\t\t\t.map((pair) => pair.join('='))\n\t\t\t.join('&');\n\t}\n\n\t/**\n\t * @returns {Promise<{\n\t *   method: string\n\t *   url: URL\n\t *   headers: Headers\n\t *   body?: BodyInit | null\n\t * }>}\n\t */\n\tasync sign() {\n\t\tif (this.signQuery) {\n\t\t\tthis.url.searchParams.set('X-Amz-Signature', await this.signature());\n\t\t\tif (this.sessionToken && this.appendSessionToken) {\n\t\t\t\tthis.url.searchParams.set('X-Amz-Security-Token', this.sessionToken);\n\t\t\t}\n\t\t} else {\n\t\t\tthis.headers.set('Authorization', await this.authHeader());\n\t\t}\n\n\t\treturn {\n\t\t\tmethod: this.method,\n\t\t\turl: this.url,\n\t\t\theaders: this.headers,\n\t\t\tbody: this.body,\n\t\t};\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync authHeader() {\n\t\treturn [\n\t\t\t'AWS4-HMAC-SHA256 Credential=' + this.accessKeyId + '/' + this.credentialString,\n\t\t\t'SignedHeaders=' + this.signedHeaders,\n\t\t\t'Signature=' + (await this.signature()),\n\t\t].join(', ');\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync signature() {\n\t\tconst date = this.datetime.slice(0, 8);\n\t\tconst cacheKey = [this.secretAccessKey, date, this.region, this.service].join();\n\t\tlet kCredentials = this.cache.get(cacheKey);\n\t\tif (!kCredentials) {\n\t\t\tconst kDate = await hmac('AWS4' + this.secretAccessKey, date);\n\t\t\tconst kRegion = await hmac(kDate, this.region);\n\t\t\tconst kService = await hmac(kRegion, this.service);\n\t\t\tkCredentials = await hmac(kService, 'aws4_request');\n\t\t\tthis.cache.set(cacheKey, kCredentials);\n\t\t}\n\t\treturn buf2hex(await hmac(kCredentials, await this.stringToSign()));\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync stringToSign() {\n\t\treturn [\n\t\t\t'AWS4-HMAC-SHA256',\n\t\t\tthis.datetime,\n\t\t\tthis.credentialString,\n\t\t\tbuf2hex(await hash(await this.canonicalString())),\n\t\t].join('\\n');\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync canonicalString() {\n\t\treturn [\n\t\t\tthis.method.toUpperCase(),\n\t\t\tthis.encodedPath,\n\t\t\tthis.encodedSearch,\n\t\t\tthis.canonicalHeaders + '\\n',\n\t\t\tthis.signedHeaders,\n\t\t\tawait this.hexBodyHash(),\n\t\t].join('\\n');\n\t}\n\n\t/**\n\t * @returns {Promise<string>}\n\t */\n\tasync hexBodyHash() {\n\t\tlet hashHeader =\n\t\t\tthis.headers.get('X-Amz-Content-Sha256') ||\n\t\t\t(this.service === 's3' && this.signQuery ? 'UNSIGNED-PAYLOAD' : null);\n\t\tif (hashHeader == null) {\n\t\t\tif (this.body && typeof this.body !== 'string' && !('byteLength' in this.body)) {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t'body must be a string, ArrayBuffer or ArrayBufferView, unless you include the X-Amz-Content-Sha256 header',\n\t\t\t\t);\n\t\t\t}\n\t\t\thashHeader = buf2hex(await hash(this.body || ''));\n\t\t}\n\t\treturn hashHeader;\n\t}\n}\n\n/**\n * @param {string | BufferSource} key\n * @param {string} string\n * @returns {Promise<ArrayBuffer>}\n */\nasync function hmac(key: string | BufferSource, string: string): Promise<ArrayBuffer> {\n\tconst cryptoKey = await crypto.subtle.importKey(\n\t\t'raw',\n\t\ttypeof key === 'string' ? encoder.encode(key) : key,\n\t\t{ name: 'HMAC', hash: { name: 'SHA-256' } },\n\t\tfalse,\n\t\t['sign'],\n\t);\n\treturn crypto.subtle.sign('HMAC', cryptoKey, encoder.encode(string));\n}\n\nasync function hash(content: string | ArrayBufferLike): Promise<ArrayBuffer> {\n\treturn crypto.subtle.digest(\n\t\t'SHA-256',\n\t\t(typeof content === 'string' ? encoder.encode(content) : content) as ArrayBuffer,\n\t);\n}\n\nconst HEX_CHARS = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'];\n\nfunction buf2hex(arrayBuffer: ArrayBufferLike): string {\n\tconst buffer = new Uint8Array(arrayBuffer);\n\tlet out = '';\n\tfor (let idx = 0; idx < buffer.length; idx++) {\n\t\tconst n = buffer[idx];\n\n\t\tout += HEX_CHARS[(n >>> 4) & 0xf];\n\t\tout += HEX_CHARS[n & 0xf];\n\t}\n\treturn out;\n}\n\nfunction encodeRfc3986(urlEncodedStr: string): string {\n\treturn urlEncodedStr.replace(/[!'()*]/g, (c) => '%' + c.charCodeAt(0).toString(16).toUpperCase());\n}\n\nfunction guessServiceRegion(url: URL, headers: Headers): [string, string] {\n\tconst { hostname, pathname } = url;\n\n\tif (hostname.endsWith('.on.aws')) {\n\t\tconst match = hostname.match(/^[^.]{1,63}\\.lambda-url\\.([^.]{1,63})\\.on\\.aws$/);\n\t\treturn match != null ? ['lambda', match[1] || ''] : ['', ''];\n\t}\n\tif (hostname.endsWith('.r2.cloudflarestorage.com')) {\n\t\treturn ['s3', 'auto'];\n\t}\n\tif (hostname.endsWith('.backblazeb2.com')) {\n\t\tconst match = hostname.match(/^(?:[^.]{1,63}\\.)?s3\\.([^.]{1,63})\\.backblazeb2\\.com$/);\n\t\treturn match != null ? ['s3', match[1] || ''] : ['', ''];\n\t}\n\tconst match = hostname\n\t\t.replace('dualstack.', '')\n\t\t.match(/([^.]{1,63})\\.(?:([^.]{0,63})\\.)?amazonaws\\.com(?:\\.cn)?$/);\n\tlet service = (match && match[1]) || '';\n\tlet region = match && match[2];\n\n\tif (region === 'us-gov') {\n\t\tregion = 'us-gov-west-1';\n\t} else if (region === 's3' || region === 's3-accelerate') {\n\t\tregion = 'us-east-1';\n\t\tservice = 's3';\n\t} else if (service === 'iot') {\n\t\tif (hostname.startsWith('iot.')) {\n\t\t\tservice = 'execute-api';\n\t\t} else if (hostname.startsWith('data.jobs.iot.')) {\n\t\t\tservice = 'iot-jobs-data';\n\t\t} else {\n\t\t\tservice = pathname === '/mqtt' ? 'iotdevicegateway' : 'iotdata';\n\t\t}\n\t} else if (service === 'autoscaling') {\n\t\tconst targetPrefix = (headers.get('X-Amz-Target') || '').split('.')[0];\n\t\tif (targetPrefix === 'AnyScaleFrontendService') {\n\t\t\tservice = 'application-autoscaling';\n\t\t} else if (targetPrefix === 'AnyScaleScalingPlannerFrontendService') {\n\t\t\tservice = 'autoscaling-plans';\n\t\t}\n\t} else if (region == null && service.startsWith('s3-')) {\n\t\tregion = service.slice(3).replace(/^fips-|^external-1/, '');\n\t\tservice = 's3';\n\t} else if (service.endsWith('-fips')) {\n\t\tservice = service.slice(0, -5);\n\t} else if (region && /-\\d$/.test(service) && !/-\\d$/.test(region)) {\n\t\t[service, region] = [region, service];\n\t}\n\n\treturn [HOST_SERVICES[service] || service, region || ''];\n}\n"],
+  "mappings": "AAGA;AAAA;AAAA;AAAA;AAAA;AAMA,MAAM,UAAU,IAAI,YAAY;AAGhC,MAAM,gBAAwC;AAAA,EAC7C,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,OAAO;AAAA,EACP,aAAa;AAAA,EACb,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,OAAO;AAAA,EACP,kBAAkB;AAAA,EAClB,2BAA2B;AAAA,EAC3B,uBAAuB;AACxB;AAGA,MAAM,qBAAqB,oBAAI,IAAI;AAAA,EAClC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,CAAC;AAkBM,MAAM,UAAU;AAAA;AAAA;AAAA;AAAA,EAYtB,YAAY;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GASG;AACF,QAAI,eAAe,KAAM,OAAM,IAAI,UAAU,kCAAkC;AAC/E,QAAI,mBAAmB,KAAM,OAAM,IAAI,UAAU,sCAAsC;AACvF,SAAK,cAAc;AACnB,SAAK,kBAAkB;AACvB,SAAK,eAAe;AACpB,SAAK,UAAU;AACf,SAAK,SAAS;AAEd,SAAK,QAAQ,SAAS,oBAAI,IAAI;AAC9B,SAAK,UAAU,WAAW,OAAO,UAAU;AAC3C,SAAK,cAAc,eAAe;AAAA,EACnC;AAAA,EAEA,MAAM,KAAK,OAA6C,MAAwC;AAC/F,QAAI,iBAAiB,SAAS;AAC7B,YAAM,EAAE,QAAQ,KAAK,SAAS,KAAK,IAAI;AACvC,aAAO,OAAO,OAAO,EAAE,QAAQ,KAAK,QAAQ,GAAG,IAAI;AACnD,UAAI,KAAK,QAAQ,QAAQ,QAAQ,IAAI,cAAc,GAAG;AACrD,aAAK,OACJ,QAAQ,QAAQ,QAAQ,IAAI,sBAAsB,IAC/C,OACA,MAAM,MAAM,MAAM,EAAE,YAAY;AAAA,MACrC;AACA,cAAQ;AAAA,IACT;AACA,UAAM,SAAS,IAAI;AAAA,MAClB,OAAO,OAAO,EAAE,KAAK,MAAM,SAAS,EAAE,GAAG,MAAM,MAAM,QAAQ,KAAK,GAAG;AAAA,IACtE;AACA,UAAM,SAAS,OAAO,OAAO,CAAC,GAAG,MAAM,MAAM,OAAO,KAAK,CAAC;AAC1D,WAAO,OAAO;AACd,QAAI;AACH,aAAO,IAAI,QAAQ,OAAO,IAAI,SAAS,GAAG,MAAM;AAAA,IACjD,SAAS,GAAG;AACX,UAAI,aAAa,WAAW;AAE3B,eAAO,IAAI,QAAQ,OAAO,IAAI,SAAS,GAAG,OAAO,OAAO,EAAE,QAAQ,OAAO,GAAG,MAAM,CAAC;AAAA,MACpF;AACA,YAAM;AAAA,IACP;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,MAAM,OAA6C,MAAsB;AAC9E,aAAS,IAAI,GAAG,KAAK,KAAK,SAAS,KAAK;AACvC,YAAM,UAAU,MAAM,MAAM,KAAK,KAAK,OAAO,IAAI,CAAC;AAClD,UAAI,MAAM,KAAK,SAAS;AACvB,eAAO;AAAA,MACR;AACA,YAAM,MAAM,MAAM;AAClB,UAAI,IAAI,SAAS,OAAO,IAAI,WAAW,KAAK;AAC3C,eAAO;AAAA,MACR;AACA,YAAM,IAAI;AAAA,QAAQ,CAAC,YAClB,WAAW,SAAS,KAAK,OAAO,IAAI,KAAK,cAAc,KAAK,IAAI,GAAG,CAAC,CAAC;AAAA,MACtE;AAAA,IACD;AACA,UAAM,IAAI,MAAM,2DAA2D;AAAA,EAC5E;AACD;AAEO,MAAM,YAAY;AAAA;AAAA;AAAA;AAAA,EAuBxB,YAAY;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAgBG;AACF,QAAI,OAAO,KAAM,OAAM,IAAI,UAAU,0BAA0B;AAC/D,QAAI,eAAe,KAAM,OAAM,IAAI,UAAU,kCAAkC;AAC/E,QAAI,mBAAmB,KAAM,OAAM,IAAI,UAAU,sCAAsC;AAEvF,SAAK,SAAS,WAAW,OAAO,SAAS;AACzC,SAAK,MAAM,IAAI,IAAI,GAAG;AACtB,SAAK,UAAU,IAAI,QAAQ,WAAW,CAAC,CAAC;AACxC,SAAK,OAAO;AAEZ,SAAK,cAAc;AACnB,SAAK,kBAAkB;AACvB,SAAK,eAAe;AAEpB,QAAI,gBAAgB;AACpB,QAAI,CAAC,WAAW,CAAC,QAAQ;AACxB,OAAC,gBAAgB,aAAa,IAAI,mBAAmB,KAAK,KAAK,KAAK,OAAO;AAAA,IAC5E;AACA,SAAK,UAAU,WAAW,kBAAkB;AAC5C,SAAK,SAAS,UAAU,iBAAiB;AAGzC,SAAK,QAAQ,SAAS,oBAAI,IAAI;AAC9B,SAAK,WAAW,aAAY,oBAAI,KAAK,GAAE,YAAY,EAAE,QAAQ,iBAAiB,EAAE;AAChF,SAAK,YAAY;AACjB,SAAK,qBAAqB,sBAAsB,KAAK,YAAY;AAEjE,SAAK,QAAQ,OAAO,MAAM;AAE1B,QAAI,KAAK,YAAY,QAAQ,CAAC,KAAK,aAAa,CAAC,KAAK,QAAQ,IAAI,sBAAsB,GAAG;AAC1F,WAAK,QAAQ,IAAI,wBAAwB,kBAAkB;AAAA,IAC5D;AAEA,UAAM,SAAS,KAAK,YAAY,KAAK,IAAI,eAAe,KAAK;AAE7D,WAAO,IAAI,cAAc,KAAK,QAAQ;AACtC,QAAI,KAAK,gBAAgB,CAAC,KAAK,oBAAoB;AAClD,aAAO,IAAI,wBAAwB,KAAK,YAAY;AAAA,IACrD;AAIA,SAAK,kBAAkB,CAAC,QAAQ,GAAK,KAAK,QAAgB,KAAK,CAAc,EAC3E,OAAO,CAAC,WAAW,cAAc,CAAC,mBAAmB,IAAI,MAAM,CAAC,EAChE,KAAK;AAEP,SAAK,gBAAgB,KAAK,gBAAgB,KAAK,GAAG;AAIlD,SAAK,mBAAmB,KAAK,gBAC3B;AAAA,MACA,CAAC,WACA,SACA,OACC,WAAW,SACT,KAAK,IAAI,QACR,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,QAAQ,QAAQ,GAAG;AAAA,IACzD,EACC,KAAK,IAAI;AAEX,SAAK,mBAAmB;AAAA,MACvB,KAAK,SAAS,MAAM,GAAG,CAAC;AAAA,MACxB,KAAK;AAAA,MACL,KAAK;AAAA,MACL;AAAA,IACD,EAAE,KAAK,GAAG;AAEV,QAAI,KAAK,WAAW;AACnB,UAAI,KAAK,YAAY,QAAQ,CAAC,OAAO,IAAI,eAAe,GAAG;AAC1D,eAAO,IAAI,iBAAiB,OAAO;AAAA,MACpC;AACA,aAAO,IAAI,mBAAmB,kBAAkB;AAChD,aAAO,IAAI,oBAAoB,KAAK,cAAc,MAAM,KAAK,gBAAgB;AAC7E,aAAO,IAAI,uBAAuB,KAAK,aAAa;AAAA,IACrD;AAEA,QAAI,KAAK,YAAY,MAAM;AAC1B,UAAI;AACH,aAAK,cAAc,mBAAmB,KAAK,IAAI,SAAS,QAAQ,OAAO,GAAG,CAAC;AAAA,MAC5E,QAAQ;AACP,aAAK,cAAc,KAAK,IAAI;AAAA,MAC7B;AAAA,IACD,OAAO;AACN,WAAK,cAAc,KAAK,IAAI,SAAS,QAAQ,QAAQ,GAAG;AAAA,IACzD;AACA,QAAI,CAAC,cAAc;AAClB,WAAK,cAAc,mBAAmB,KAAK,WAAW,EAAE,QAAQ,QAAQ,GAAG;AAAA,IAC5E;AACA,SAAK,cAAc,cAAc,KAAK,WAAW;AAEjD,UAAM,WAAW,oBAAI,IAAI;AACzB,SAAK,gBAAgB,CAAC,GAAG,KAAK,IAAI,YAAY,EAC5C,OAAO,CAAC,CAAC,CAAC,MAAM;AAChB,UAAI,CAAC,EAAG,QAAO;AACf,UAAI,KAAK,YAAY,MAAM;AAC1B,YAAI,SAAS,IAAI,CAAC,EAAG,QAAO;AAC5B,iBAAS,IAAI,CAAC;AAAA,MACf;AACA,aAAO;AAAA,IACR,CAAC,EACA,IAAI,CAAC,SAAS,KAAK,IAAI,CAAC,MAAM,cAAc,mBAAmB,CAAC,CAAC,CAAC,CAAC,EACnE,KAAK,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,MAAO,KAAK,KAAK,KAAK,KAAK,KAAK,IAAI,KAAK,KAAK,KAAK,KAAK,KAAK,IAAI,CAAE,EAC1F,IAAI,CAAC,SAAS,KAAK,KAAK,GAAG,CAAC,EAC5B,KAAK,GAAG;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,OAAO;AACZ,QAAI,KAAK,WAAW;AACnB,WAAK,IAAI,aAAa,IAAI,mBAAmB,MAAM,KAAK,UAAU,CAAC;AACnE,UAAI,KAAK,gBAAgB,KAAK,oBAAoB;AACjD,aAAK,IAAI,aAAa,IAAI,wBAAwB,KAAK,YAAY;AAAA,MACpE;AAAA,IACD,OAAO;AACN,WAAK,QAAQ,IAAI,iBAAiB,MAAM,KAAK,WAAW,CAAC;AAAA,IAC1D;AAEA,WAAO;AAAA,MACN,QAAQ,KAAK;AAAA,MACb,KAAK,KAAK;AAAA,MACV,SAAS,KAAK;AAAA,MACd,MAAM,KAAK;AAAA,IACZ;AAAA,EACD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa;AAClB,WAAO;AAAA,MACN,iCAAiC,KAAK,cAAc,MAAM,KAAK;AAAA,MAC/D,mBAAmB,KAAK;AAAA,MACxB,eAAgB,MAAM,KAAK,UAAU;AAAA,IACtC,EAAE,KAAK,IAAI;AAAA,EACZ;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAY;AACjB,UAAM,OAAO,KAAK,SAAS,MAAM,GAAG,CAAC;AACrC,UAAM,WAAW,CAAC,KAAK,iBAAiB,MAAM,KAAK,QAAQ,KAAK,OAAO,EAAE,KAAK;AAC9E,QAAI,eAAe,KAAK,MAAM,IAAI,QAAQ;AAC1C,QAAI,CAAC,cAAc;AAClB,YAAM,QAAQ,MAAM,KAAK,SAAS,KAAK,iBAAiB,IAAI;AAC5D,YAAM,UAAU,MAAM,KAAK,OAAO,KAAK,MAAM;AAC7C,YAAM,WAAW,MAAM,KAAK,SAAS,KAAK,OAAO;AACjD,qBAAe,MAAM,KAAK,UAAU,cAAc;AAClD,WAAK,MAAM,IAAI,UAAU,YAAY;AAAA,IACtC;AACA,WAAO,QAAQ,MAAM,KAAK,cAAc,MAAM,KAAK,aAAa,CAAC,CAAC;AAAA,EACnE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAe;AACpB,WAAO;AAAA,MACN;AAAA,MACA,KAAK;AAAA,MACL,KAAK;AAAA,MACL,QAAQ,MAAM,KAAK,MAAM,KAAK,gBAAgB,CAAC,CAAC;AAAA,IACjD,EAAE,KAAK,IAAI;AAAA,EACZ;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,kBAAkB;AACvB,WAAO;AAAA,MACN,KAAK,OAAO,YAAY;AAAA,MACxB,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK,mBAAmB;AAAA,MACxB,KAAK;AAAA,MACL,MAAM,KAAK,YAAY;AAAA,IACxB,EAAE,KAAK,IAAI;AAAA,EACZ;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,cAAc;AACnB,QAAI,aACH,KAAK,QAAQ,IAAI,sBAAsB,MACtC,KAAK,YAAY,QAAQ,KAAK,YAAY,qBAAqB;AACjE,QAAI,cAAc,MAAM;AACvB,UAAI,KAAK,QAAQ,OAAO,KAAK,SAAS,YAAY,EAAE,gBAAgB,KAAK,OAAO;AAC/E,cAAM,IAAI;AAAA,UACT;AAAA,QACD;AAAA,MACD;AACA,mBAAa,QAAQ,MAAM,KAAK,KAAK,QAAQ,EAAE,CAAC;AAAA,IACjD;AACA,WAAO;AAAA,EACR;AACD;AAOA,eAAe,KAAK,KAA4B,QAAsC;AACrF,QAAM,YAAY,MAAM,OAAO,OAAO;AAAA,IACrC;AAAA,IACA,OAAO,QAAQ,WAAW,QAAQ,OAAO,GAAG,IAAI;AAAA,IAChD,EAAE,MAAM,QAAQ,MAAM,EAAE,MAAM,UAAU,EAAE;AAAA,IAC1C;AAAA,IACA,CAAC,MAAM;AAAA,EACR;AACA,SAAO,OAAO,OAAO,KAAK,QAAQ,WAAW,QAAQ,OAAO,MAAM,CAAC;AACpE;AAEA,eAAe,KAAK,SAAyD;AAC5E,SAAO,OAAO,OAAO;AAAA,IACpB;AAAA,IACC,OAAO,YAAY,WAAW,QAAQ,OAAO,OAAO,IAAI;AAAA,EAC1D;AACD;AAEA,MAAM,YAAY,CAAC,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,KAAK,GAAG;AAEjG,SAAS,QAAQ,aAAsC;AACtD,QAAM,SAAS,IAAI,WAAW,WAAW;AACzC,MAAI,MAAM;AACV,WAAS,MAAM,GAAG,MAAM,OAAO,QAAQ,OAAO;AAC7C,UAAM,IAAI,OAAO,GAAG;AAEpB,WAAO,UAAW,MAAM,IAAK,EAAG;AAChC,WAAO,UAAU,IAAI,EAAG;AAAA,EACzB;AACA,SAAO;AACR;AAEA,SAAS,cAAc,eAA+B;AACrD,SAAO,cAAc,QAAQ,YAAY,CAAC,MAAM,MAAM,EAAE,WAAW,CAAC,EAAE,SAAS,EAAE,EAAE,YAAY,CAAC;AACjG;AAEA,SAAS,mBAAmB,KAAU,SAAoC;AACzE,QAAM,EAAE,UAAU,SAAS,IAAI;AAE/B,MAAI,SAAS,SAAS,SAAS,GAAG;AACjC,UAAMA,SAAQ,SAAS,MAAM,iDAAiD;AAC9E,WAAOA,UAAS,OAAO,CAAC,UAAUA,OAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE;AAAA,EAC5D;AACA,MAAI,SAAS,SAAS,2BAA2B,GAAG;AACnD,WAAO,CAAC,MAAM,MAAM;AAAA,EACrB;AACA,MAAI,SAAS,SAAS,kBAAkB,GAAG;AAC1C,UAAMA,SAAQ,SAAS,MAAM,uDAAuD;AACpF,WAAOA,UAAS,OAAO,CAAC,MAAMA,OAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE;AAAA,EACxD;AACA,QAAM,QAAQ,SACZ,QAAQ,cAAc,EAAE,EACxB,MAAM,2DAA2D;AACnE,MAAI,UAAW,SAAS,MAAM,CAAC,KAAM;AACrC,MAAI,SAAS,SAAS,MAAM,CAAC;AAE7B,MAAI,WAAW,UAAU;AACxB,aAAS;AAAA,EACV,WAAW,WAAW,QAAQ,WAAW,iBAAiB;AACzD,aAAS;AACT,cAAU;AAAA,EACX,WAAW,YAAY,OAAO;AAC7B,QAAI,SAAS,WAAW,MAAM,GAAG;AAChC,gBAAU;AAAA,IACX,WAAW,SAAS,WAAW,gBAAgB,GAAG;AACjD,gBAAU;AAAA,IACX,OAAO;AACN,gBAAU,aAAa,UAAU,qBAAqB;AAAA,IACvD;AAAA,EACD,WAAW,YAAY,eAAe;AACrC,UAAM,gBAAgB,QAAQ,IAAI,cAAc,KAAK,IAAI,MAAM,GAAG,EAAE,CAAC;AACrE,QAAI,iBAAiB,2BAA2B;AAC/C,gBAAU;AAAA,IACX,WAAW,iBAAiB,yCAAyC;AACpE,gBAAU;AAAA,IACX;AAAA,EACD,WAAW,UAAU,QAAQ,QAAQ,WAAW,KAAK,GAAG;AACvD,aAAS,QAAQ,MAAM,CAAC,EAAE,QAAQ,sBAAsB,EAAE;AAC1D,cAAU;AAAA,EACX,WAAW,QAAQ,SAAS,OAAO,GAAG;AACrC,cAAU,QAAQ,MAAM,GAAG,EAAE;AAAA,EAC9B,WAAW,UAAU,OAAO,KAAK,OAAO,KAAK,CAAC,OAAO,KAAK,MAAM,GAAG;AAClE,KAAC,SAAS,MAAM,IAAI,CAAC,QAAQ,OAAO;AAAA,EACrC;AAEA,SAAO,CAAC,cAAc,OAAO,KAAK,SAAS,UAAU,EAAE;AACxD;",
+  "names": ["match"]
+}

package/dist/esm/aws/index.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import type { AwsClientOptions } from './aws-client.js';
+import type { AwsKmsSignerOptions } from './aws-kms-signer.js';
+import { AwsKmsSigner } from './aws-kms-signer.js';
+export { AwsKmsSigner };
+export type { AwsKmsSignerOptions, AwsClientOptions };

package/dist/esm/aws/index.js ADDED Viewed

@@ -0,0 +1,5 @@
+import { AwsKmsSigner } from "./aws-kms-signer.js";
+export {
+  AwsKmsSigner
+};
+//# sourceMappingURL=index.js.map

package/dist/esm/aws/index.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/aws/index.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport type { AwsClientOptions } from './aws-client.js';\nimport type { AwsKmsSignerOptions } from './aws-kms-signer.js';\nimport { AwsKmsSigner } from './aws-kms-signer.js';\n\nexport { AwsKmsSigner };\n\nexport type { AwsKmsSignerOptions, AwsClientOptions };\n"],
+  "mappings": "AAIA,SAAS,oBAAoB;",
+  "names": []
+}

package/dist/esm/gcp/gcp-kms-client.d.ts ADDED Viewed

@@ -0,0 +1,68 @@
+import { KeyManagementServiceClient } from '@google-cloud/kms';
+import type { PublicKey } from '@haneullabs/haneul/cryptography';
+import { Signer } from '@haneullabs/haneul/cryptography';
+/**
+ * Configuration options for initializing the GcpKmsSigner.
+ */
+export interface GcpKmsSignerOptions {
+    /** The version name generated from `client.cryptoKeyVersionPath()` */
+    versionName: string;
+    /** Options for setting up the GCP KMS client */
+    client: KeyManagementServiceClient;
+    /** Public key */
+    publicKey: PublicKey;
+}
+/**
+ * GCP KMS Signer integrates GCP Key Management Service (KMS) with the Haneul blockchain
+ * to provide signing capabilities using GCP-managed cryptographic keys.
+ */
+export declare class GcpKmsSigner extends Signer {
+    #private;
+    /**
+     * Creates an instance of GcpKmsSigner. It's expected to call the static `fromOptions`
+     * or `fromVersionName` method to create an instance.
+     * For example:
+     * ```
+     * const signer = await GcpKmsSigner.fromVersionName(versionName);
+     * ```
+     * @throws Will throw an error if required GCP credentials are not provided.
+     */
+    constructor({ versionName, client, publicKey }: GcpKmsSignerOptions);
+    /**
+     * Retrieves the key scheme used by this signer.
+     * @returns GCP supports only `Secp256k1` and `Secp256r1` schemes.
+     */
+    getKeyScheme(): "Secp256k1" | "Secp256r1" | "ED25519" | "MultiSig" | "ZkLogin" | "Passkey";
+    /**
+     * Retrieves the public key associated with this signer.
+     * @returns The Secp256k1PublicKey instance.
+     * @throws Will throw an error if the public key has not been initialized.
+     */
+    getPublicKey(): PublicKey;
+    /**
+     * Signs the given data using GCP KMS.
+     * @param bytes - The data to be signed as a Uint8Array.
+     * @returns A promise that resolves to the signature as a Uint8Array.
+     * @throws Will throw an error if the public key is not initialized or if signing fails.
+     */
+    sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>>;
+    /**
+     * Synchronous signing is not supported by GCP KMS.
+     * @throws Always throws an error indicating synchronous signing is unsupported.
+     * @deprecated use `sign` instead
+     */
+    signData(): never;
+    /**
+     * Creates a GCP KMS signer from the provided options.
+     * Expects the credentials file to be set as an env variable
+     * (GOOGLE_APPLICATION_CREDENTIALS).
+     */
+    static fromOptions(options: {
+        projectId: string;
+        location: string;
+        keyRing: string;
+        cryptoKey: string;
+        cryptoKeyVersion: string;
+    }): Promise<GcpKmsSigner>;
+    static fromVersionName(versionName: string): Promise<GcpKmsSigner>;
+}