@keetanetwork/keetanet-client 0.16.2 → 0.18.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (190) hide show
  1. package/client/builder.d.ts +23 -10
  2. package/client/index-browser.d.ts +1 -1
  3. package/client/index-browser.js +597 -182
  4. package/client/index.d.ts +1 -1
  5. package/client/index.js +588 -161
  6. package/docs/assets/hierarchy.js +1 -1
  7. package/docs/assets/navigation.js +1 -1
  8. package/docs/assets/search.js +1 -1
  9. package/docs/classes/KeetaNetSDK.Client.html +4 -4
  10. package/docs/classes/KeetaNetSDK.Referenced.BaseSet.html +1 -1
  11. package/docs/classes/KeetaNetSDK.Referenced.BaseVoteBuilder.html +1 -1
  12. package/docs/classes/KeetaNetSDK.Referenced.Block.html +3 -3
  13. package/docs/classes/KeetaNetSDK.Referenced.BlockBuilder.html +1 -1
  14. package/docs/classes/KeetaNetSDK.Referenced.BlockHash.html +1 -1
  15. package/docs/classes/KeetaNetSDK.Referenced.BlockOperation.html +1 -1
  16. package/docs/classes/KeetaNetSDK.Referenced.BlockOperationCREATE_IDENTIFIER.html +1 -1
  17. package/docs/classes/KeetaNetSDK.Referenced.BlockOperationMANAGE_CERTIFICATE.html +1 -1
  18. package/docs/classes/KeetaNetSDK.Referenced.BlockOperationMODIFY_PERMISSIONS.html +2 -2
  19. package/docs/classes/KeetaNetSDK.Referenced.BlockOperationRECEIVE.html +1 -1
  20. package/docs/classes/KeetaNetSDK.Referenced.BlockOperationSEND.html +1 -1
  21. package/docs/classes/KeetaNetSDK.Referenced.BlockOperationSET_INFO.html +1 -1
  22. package/docs/classes/KeetaNetSDK.Referenced.BlockOperationSET_REP.html +1 -1
  23. package/docs/classes/KeetaNetSDK.Referenced.BlockOperationTOKEN_ADMIN_MODIFY_BALANCE.html +1 -1
  24. package/docs/classes/KeetaNetSDK.Referenced.BlockOperationTOKEN_ADMIN_SUPPLY.html +1 -1
  25. package/docs/classes/KeetaNetSDK.Referenced.Certificate.html +1 -4
  26. package/docs/classes/KeetaNetSDK.Referenced.CertificateHash.html +1 -1
  27. package/docs/classes/KeetaNetSDK.Referenced.ECDSAKeyPair.html +1 -1
  28. package/docs/classes/KeetaNetSDK.Referenced.ECDSASECP256K1KeyPair.html +1 -1
  29. package/docs/classes/KeetaNetSDK.Referenced.ECDSASECP256K1PrivateKey.html +1 -1
  30. package/docs/classes/KeetaNetSDK.Referenced.ECDSASECP256K1PublicKey.html +1 -1
  31. package/docs/classes/KeetaNetSDK.Referenced.ECDSASECP256K1Signature.html +1 -1
  32. package/docs/classes/KeetaNetSDK.Referenced.ECDSASECP256R1KeyPair.html +1 -1
  33. package/docs/classes/KeetaNetSDK.Referenced.ECDSASECP256R1PrivateKey.html +1 -1
  34. package/docs/classes/KeetaNetSDK.Referenced.ECDSASECP256R1PublicKey.html +1 -1
  35. package/docs/classes/KeetaNetSDK.Referenced.ECDSASECP256R1Signature.html +1 -1
  36. package/docs/classes/KeetaNetSDK.Referenced.ED25519KeyPair.html +1 -1
  37. package/docs/classes/KeetaNetSDK.Referenced.ED25519PrivateKey.html +1 -1
  38. package/docs/classes/KeetaNetSDK.Referenced.ED25519PublicKey.html +1 -1
  39. package/docs/classes/KeetaNetSDK.Referenced.ED25519Signature.html +1 -1
  40. package/docs/classes/KeetaNetSDK.Referenced.ExternalKeyPair.html +1 -1
  41. package/docs/classes/KeetaNetSDK.Referenced.ExternalSet.html +1 -1
  42. package/docs/classes/KeetaNetSDK.Referenced.IdempotentKey.html +1 -1
  43. package/docs/classes/KeetaNetSDK.Referenced.IdentifierKey.html +1 -1
  44. package/docs/classes/KeetaNetSDK.Referenced.IdentifierKeyPair.html +1 -1
  45. package/docs/classes/KeetaNetSDK.Referenced.KeetaNetError.html +2 -2
  46. package/docs/classes/KeetaNetSDK.Referenced.KeetaNetErrorBase.html +1 -1
  47. package/docs/classes/KeetaNetSDK.Referenced.KeetaNetLedgerError.html +2 -2
  48. package/docs/classes/KeetaNetSDK.Referenced.KeetaNetLedgerIdempotentKeyError.html +1 -1
  49. package/docs/classes/KeetaNetSDK.Referenced.KeetaNetLedgerVoteError.html +1 -1
  50. package/docs/classes/KeetaNetSDK.Referenced.KeyInterface.html +1 -1
  51. package/docs/classes/KeetaNetSDK.Referenced.KeyStorage.html +1 -1
  52. package/docs/classes/KeetaNetSDK.Referenced.Ledger.html +1 -1
  53. package/docs/classes/KeetaNetSDK.Referenced.LedgerAtomicInterface.html +1 -1
  54. package/docs/classes/KeetaNetSDK.Referenced.PermissionSetHolder.html +1 -1
  55. package/docs/classes/KeetaNetSDK.Referenced.PossiblyExpiredVote.html +1 -1
  56. package/docs/classes/KeetaNetSDK.Referenced.PossiblyUnsignedBlock.html +3 -3
  57. package/docs/classes/KeetaNetSDK.Referenced.SignatureStorage.html +1 -1
  58. package/docs/classes/KeetaNetSDK.Referenced.Stats.html +1 -1
  59. package/docs/classes/KeetaNetSDK.Referenced.StatsPending.html +1 -1
  60. package/docs/classes/KeetaNetSDK.Referenced.UnsignedBlock.html +3 -3
  61. package/docs/classes/KeetaNetSDK.Referenced.UserClientBuilder.html +1 -1
  62. package/docs/classes/KeetaNetSDK.Referenced.Vote.html +1 -1
  63. package/docs/classes/KeetaNetSDK.Referenced.VoteBlockBundle.html +2 -2
  64. package/docs/classes/KeetaNetSDK.Referenced.VoteBlockHash.html +1 -1
  65. package/docs/classes/KeetaNetSDK.Referenced.VoteBuilder.html +1 -1
  66. package/docs/classes/KeetaNetSDK.Referenced.VoteHash.html +1 -1
  67. package/docs/classes/KeetaNetSDK.Referenced.VoteLikeBase.html +1 -1
  68. package/docs/classes/KeetaNetSDK.Referenced.VoteQuote.html +1 -1
  69. package/docs/classes/KeetaNetSDK.Referenced.VoteQuoteBuilder.html +1 -1
  70. package/docs/classes/KeetaNetSDK.Referenced.VoteStaple.html +2 -2
  71. package/docs/classes/KeetaNetSDK.Referenced.VoteStapleHash.html +1 -1
  72. package/docs/classes/KeetaNetSDK.Referenced.src_lib_utils_buffer.BufferStorage.html +1 -1
  73. package/docs/classes/KeetaNetSDK.UserClient.html +6 -6
  74. package/docs/hierarchy.html +1 -1
  75. package/docs/interfaces/KeetaNetSDK.Referenced.ASN1ExplicitContextTag.html +1 -1
  76. package/docs/interfaces/KeetaNetSDK.Referenced.ASN1ImplicitContextTag.html +1 -1
  77. package/docs/interfaces/KeetaNetSDK.Referenced.ASN1Object.html +1 -1
  78. package/docs/interfaces/KeetaNetSDK.Referenced.AccountACLRow.html +11 -0
  79. package/docs/interfaces/KeetaNetSDK.Referenced.AccountComputedEffect.html +4 -0
  80. package/docs/interfaces/KeetaNetSDK.Referenced.BaseACLRow.html +9 -0
  81. package/docs/interfaces/KeetaNetSDK.Referenced.BaseAccountInfo.html +1 -1
  82. package/docs/interfaces/KeetaNetSDK.Referenced.BaseExternalKeyPairFunctions.html +1 -1
  83. package/docs/interfaces/KeetaNetSDK.Referenced.BaseGenerationConfig.html +1 -1
  84. package/docs/interfaces/KeetaNetSDK.Referenced.BaseIdentifierAccountInfo.html +1 -1
  85. package/docs/interfaces/KeetaNetSDK.Referenced.BaseIdentifierCreateArguments.html +1 -1
  86. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperation.html +1 -1
  87. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperationCREATE_IDENTIFIER.html +1 -1
  88. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperationMANAGE_CERTIFICATE.html +1 -1
  89. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperationMODIFY_PERMISSIONS.html +2 -2
  90. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperationRECEIVE.html +1 -1
  91. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperationSEND.html +1 -1
  92. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperationSET_INFO.html +1 -1
  93. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperationSET_REP.html +1 -1
  94. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperationTOKEN_ADMIN_MODIFY_BALANCE.html +1 -1
  95. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperationTOKEN_ADMIN_SUPPLY.html +1 -1
  96. package/docs/interfaces/KeetaNetSDK.Referenced.BlockV1Canonical.html +1 -1
  97. package/docs/interfaces/KeetaNetSDK.Referenced.BlockV2Canonical.html +1 -1
  98. package/docs/interfaces/KeetaNetSDK.Referenced.CertificateACLPrincipal.html +4 -0
  99. package/docs/interfaces/KeetaNetSDK.Referenced.CertificateACLRow.html +11 -0
  100. package/docs/interfaces/KeetaNetSDK.Referenced.CertificateComputedEffect.html +5 -0
  101. package/docs/interfaces/KeetaNetSDK.Referenced.ComputedBlocksEffectFields.html +2 -2
  102. package/docs/interfaces/KeetaNetSDK.Referenced.Constructor.html +1 -1
  103. package/docs/interfaces/KeetaNetSDK.Referenced.DisposableTimingHandle.html +1 -1
  104. package/docs/interfaces/KeetaNetSDK.Referenced.ECDSA_SECP256K1AccountInfo.html +1 -1
  105. package/docs/interfaces/KeetaNetSDK.Referenced.ECDSA_SECP256R1AccountInfo.html +1 -1
  106. package/docs/interfaces/KeetaNetSDK.Referenced.ED25519AccountInfo.html +1 -1
  107. package/docs/interfaces/KeetaNetSDK.Referenced.ExternalKeyPairFunctionsNoEncryption.html +1 -1
  108. package/docs/interfaces/KeetaNetSDK.Referenced.ExternalKeyPairFunctionsSupportsEncryption.html +1 -1
  109. package/docs/interfaces/KeetaNetSDK.Referenced.InitialConfigSupply.html +1 -1
  110. package/docs/interfaces/KeetaNetSDK.Referenced.InstanceSet.html +1 -1
  111. package/docs/interfaces/KeetaNetSDK.Referenced.KVGenericOptionsType.html +1 -1
  112. package/docs/interfaces/KeetaNetSDK.Referenced.KVSetOptionsType.html +1 -1
  113. package/docs/interfaces/KeetaNetSDK.Referenced.LedgerStorageAPI.html +3 -3
  114. package/docs/interfaces/KeetaNetSDK.Referenced.ListACLsByEntityFilters.html +4 -0
  115. package/docs/interfaces/KeetaNetSDK.Referenced.ModifyTokenBalanceEntry.html +1 -1
  116. package/docs/interfaces/KeetaNetSDK.Referenced.MultiSigIdentifierCreateArguments.html +1 -1
  117. package/docs/interfaces/KeetaNetSDK.Referenced.MultisigAccountInfo.html +1 -1
  118. package/docs/interfaces/KeetaNetSDK.Referenced.MultisigConfig.html +1 -1
  119. package/docs/interfaces/KeetaNetSDK.Referenced.NetworkAccountInfo.html +1 -1
  120. package/docs/interfaces/KeetaNetSDK.Referenced.NumericValueEntry.html +1 -1
  121. package/docs/interfaces/KeetaNetSDK.Referenced.P2PPeerBase.html +1 -1
  122. package/docs/interfaces/KeetaNetSDK.Referenced.P2PPeerListener.html +1 -1
  123. package/docs/interfaces/KeetaNetSDK.Referenced.P2PPeerRepBase.html +1 -1
  124. package/docs/interfaces/KeetaNetSDK.Referenced.PendingOperations.html +2 -2
  125. package/docs/interfaces/KeetaNetSDK.Referenced.PendingOperationsJSON.html +2 -2
  126. package/docs/interfaces/KeetaNetSDK.Referenced.PrincipalACLWithInfoParsed.html +2 -7
  127. package/docs/interfaces/KeetaNetSDK.Referenced.PublicKeyStorage.html +1 -1
  128. package/docs/interfaces/KeetaNetSDK.Referenced.PublishOptions.html +1 -1
  129. package/docs/interfaces/KeetaNetSDK.Referenced.RequestTokenReceiveEntry.html +1 -1
  130. package/docs/interfaces/KeetaNetSDK.Referenced.StorageAccountInfo.html +1 -1
  131. package/docs/interfaces/KeetaNetSDK.Referenced.TokenAccountInfo.html +1 -1
  132. package/docs/interfaces/KeetaNetSDK.Referenced.TokenNumericEntry.html +1 -1
  133. package/docs/interfaces/KeetaNetSDK.Referenced.UserClientConfig.html +1 -1
  134. package/docs/interfaces/KeetaNetSDK.Referenced.UserClientOptions.html +1 -1
  135. package/docs/interfaces/KeetaNetSDK.Referenced.VoteStapleJSON.html +2 -2
  136. package/docs/interfaces/KeetaNetSDK.Referenced.WithIsInstance.html +1 -1
  137. package/docs/interfaces/KeetaNetSDK.Referenced.src_lib_utils_asn1.ASN1BitString.html +1 -1
  138. package/docs/interfaces/KeetaNetSDK.Referenced.src_lib_utils_asn1.ASN1Date.html +1 -1
  139. package/docs/interfaces/KeetaNetSDK.Referenced.src_lib_utils_asn1.ASN1OID.html +1 -1
  140. package/docs/interfaces/KeetaNetSDK.Referenced.src_lib_utils_asn1.ASN1Set.html +1 -1
  141. package/docs/interfaces/KeetaNetSDK.Referenced.src_lib_utils_asn1.ASN1String.html +1 -1
  142. package/docs/interfaces/KeetaNetSDK.Referenced.src_lib_utils_asn1.ASN1Struct.html +1 -1
  143. package/docs/modules/KeetaNetSDK.Referenced.html +1 -1
  144. package/docs/types/KeetaNetSDK.Referenced.ACLEntryUnparsed.html +1 -5
  145. package/docs/types/KeetaNetSDK.Referenced.ACLPermissionRequirement.html +2 -0
  146. package/docs/types/KeetaNetSDK.Referenced.ACLPrincipalType.html +1 -0
  147. package/docs/types/KeetaNetSDK.Referenced.ACLRow.html +2 -0
  148. package/docs/types/KeetaNetSDK.Referenced.ACLUpdate.html +5 -0
  149. package/docs/types/KeetaNetSDK.Referenced.ComputedBlockEffect.html +2 -0
  150. package/docs/types/KeetaNetSDK.Referenced.ComputedEffectOfBlocks.html +2 -2
  151. package/docs/types/KeetaNetSDK.Referenced.ComputedEffectOfBlocksByEntity.html +2 -0
  152. package/docs/types/KeetaNetSDK.Referenced.ModifyPermissionsPrincipal.html +1 -0
  153. package/docs/types/KeetaNetSDK.Referenced.ModifyPermissionsPrincipalInput.html +1 -0
  154. package/docs/variables/KeetaNetSDK.Referenced.BlockOperationASN1Schema.html +2 -2
  155. package/docs/variables/KeetaNetSDK.Referenced.FullLedgerBaseErrorCode.html +1 -1
  156. package/docs/variables/KeetaNetSDK.Referenced.aclPrincipalType.html +1 -0
  157. package/docs/variables/KeetaNetSDK.Referenced.allFullErrorCodes.html +1 -1
  158. package/lib/block/index.d.ts +14 -2
  159. package/lib/block/operations.d.ts +40 -4
  160. package/lib/error/block.d.ts +2 -2
  161. package/lib/error/index.d.ts +1 -1
  162. package/lib/error/ledger.d.ts +3 -3
  163. package/lib/ledger/common.d.ts +7 -5
  164. package/lib/ledger/db_dynamodb.d.ts +2 -2
  165. package/lib/ledger/db_postgres.d.ts +3 -3
  166. package/lib/ledger/db_spanner.d.ts +3 -3
  167. package/lib/ledger/db_spanner_helper.d.ts +23 -3
  168. package/lib/ledger/db_sqlite.d.ts +3 -3
  169. package/lib/ledger/effects.d.ts +17 -9
  170. package/lib/ledger/index.d.ts +14 -5
  171. package/lib/ledger/types.d.ts +38 -14
  172. package/lib/log/target_gcp.js +19 -17
  173. package/lib/utils/certificate.d.ts +0 -1
  174. package/lib/utils/external-keys/gcp-kms-wrapped.d.ts +85 -0
  175. package/lib/utils/external-keys/gcp-kms-wrapped.js +453 -0
  176. package/lib/utils/external-keys/gcp-kms.common.d.ts +17 -0
  177. package/lib/utils/external-keys/gcp-kms.d.ts +4 -9
  178. package/lib/utils/external-keys/gcp-kms.js +52 -39
  179. package/lib/utils/external-keys/passkey-prf.d.ts +42 -1
  180. package/lib/utils/external-keys/passkey-prf.js +107 -13
  181. package/lib/utils/helper_testing.d.ts +10 -0
  182. package/lib/vote.d.ts +7 -1
  183. package/npm-shrinkwrap.json +24 -24
  184. package/package.json +1 -1
  185. package/version.d.ts +1 -1
  186. package/docs/interfaces/KeetaNetSDK.Referenced.ACLEntry.html +0 -10
  187. package/docs/interfaces/KeetaNetSDK.Referenced.ACLRow.html +0 -10
  188. package/docs/interfaces/KeetaNetSDK.Referenced.ACLUpdate.html +0 -12
  189. package/docs/interfaces/KeetaNetSDK.Referenced.ComputedBlockEffect.html +0 -4
  190. package/docs/types/KeetaNetSDK.Referenced.ComputedEffectOfBlocksByAccount.html +0 -2
@@ -115473,7 +115473,7 @@ const client_baseValidationConfig = {
115473
115473
  },
115474
115474
  blockOperations: {
115475
115475
  external: {
115476
- maxLength: 256,
115476
+ maxLength: 1024,
115477
115477
  regex: /^[-_A-Za-z0-9+/= ]+$/,
115478
115478
  canBeEmpty: true
115479
115479
  },
@@ -116297,7 +116297,7 @@ function client_block_toPrimitive(t, r) { if ("object" != typeof t || !t) return
116297
116297
 
116298
116298
 
116299
116299
  const client_BlockErrorType = 'BLOCK';
116300
- const client_BlockErrorCodes = ['AMOUNT_BELOW_ZERO', 'CANNOT_FORWARD_TO_SELF', 'CANNOT_SEND_NON_TOKEN', 'CERTIFICATE_SUBJECT_MISMATCH', 'EXACT_TRUE_WHEN_FORWARDING', 'EXTERNAL_INVALID', 'EXTERNAL_MISSING', 'EXTERNAL_TOO_LONG', 'GENERAL_FIELD_INVALID', 'IDENTIFIER_INVALID', 'IDENTIFIER_NEED_DEFAULT_PERMISSIONS', 'INTERMEDIATE_CERTIFICATES_ONLY_ADD', 'INVALID_ACCOUNT_TYPE', 'INVALID_CERTIFICATE_VALUE', 'INVALID_CREATE_IDENTIFIER_ARGS', 'INVALID_IDEMPOTENT_FORMAT', 'INVALID_IDEMPOTENT_LENGTH', 'INVALID_MULTISIG_QUORUM', 'INVALID_MULTISIG_SIGNER_COUNT', 'INVALID_MULTISIG_SIGNER_DEPTH', 'INVALID_MULTISIG_SIGNER_DUPLICATE', 'INVALID_PURPOSE_VALIDATION', 'INVALID_SIGNATURE', 'INVALID_SIGNER', 'INVALID_TYPE', 'INVALID_VERSION', 'NO_ADMIN_ON_TARGET', 'NO_DELEGATE_ADMIN', 'NO_DUPLICATE_CERTIFICATE_OPERATION', 'NO_IDENTIFIER_OP', 'NO_MODIFY_PERMISSION_DUPE', 'NO_MULTIPLE_SET_REP', 'NO_MULTISIG_OP', 'NO_TOKEN_OP', 'ONLY_IDENTIFIER_OP', 'ONLY_TOKEN_OP', 'PERMISSIONS_INVALID_DEFAULT', 'PERMISSIONS_INVALID_ENTITY', 'PERMISSIONS_INVALID_PRINCIPAL', 'PERMISSIONS_INVALID_TARGET', 'PREVIOUS_SELF', 'SUPPLY_INVALID', 'TOKEN_RECEIVE_DIFFERS', 'SIGNATURE_REQUIRED', 'SIGNATURE_PARAMETER_DIFFERS'];
116300
+ const client_BlockErrorCodes = ['AMOUNT_BELOW_ZERO', 'CANNOT_FORWARD_TO_SELF', 'CANNOT_SEND_NON_TOKEN', 'CERTIFICATE_SUBJECT_MISMATCH', 'EXACT_TRUE_WHEN_FORWARDING', 'EXTERNAL_INVALID', 'EXTERNAL_MISSING', 'EXTERNAL_TOO_LONG', 'GENERAL_FIELD_INVALID', 'IDENTIFIER_INVALID', 'IDENTIFIER_NEED_DEFAULT_PERMISSIONS', 'INTERMEDIATE_CERTIFICATES_ONLY_ADD', 'INVALID_ACCOUNT_TYPE', 'INVALID_CERTIFICATE_VALUE', 'INVALID_CREATE_IDENTIFIER_ARGS', 'INVALID_IDEMPOTENT_FORMAT', 'INVALID_IDEMPOTENT_LENGTH', 'INVALID_MULTISIG_QUORUM', 'INVALID_MULTISIG_SIGNER_COUNT', 'INVALID_MULTISIG_SIGNER_DEPTH', 'INVALID_MULTISIG_SIGNER_DUPLICATE', 'INVALID_PURPOSE_VALIDATION', 'INVALID_SIGNATURE', 'INVALID_SIGNER', 'INVALID_TYPE', 'INVALID_VERSION', 'INVALID_PRINCIPAL', 'NO_ADMIN_ON_TARGET', 'NO_DELEGATE_ADMIN', 'NO_DUPLICATE_CERTIFICATE_OPERATION', 'NO_IDENTIFIER_OP', 'NO_MODIFY_PERMISSION_DUPE', 'NO_MULTIPLE_SET_REP', 'NO_MULTISIG_OP', 'NO_TOKEN_OP', 'ONLY_IDENTIFIER_OP', 'ONLY_TOKEN_OP', 'PERMISSIONS_INVALID_DEFAULT', 'PERMISSIONS_INVALID_ENTITY', 'PERMISSIONS_INVALID_PRINCIPAL', 'PERMISSIONS_INVALID_TARGET', 'PREVIOUS_SELF', 'SUPPLY_INVALID', 'TOKEN_RECEIVE_DIFFERS', 'SIGNATURE_REQUIRED', 'SIGNATURE_PARAMETER_DIFFERS'];
116301
116301
  const client_FullBlockErrorCodes = client_BlockErrorCodes.map(code => `${client_BlockErrorType}_${code}`);
116302
116302
  class src_client_KeetaNetBlockError extends src_client_KeetaNetErrorBase {
116303
116303
  constructor(code, message) {
@@ -117365,7 +117365,22 @@ class src_client_Certificate {
117365
117365
  * Verify against a given certificate store
117366
117366
  */
117367
117367
 
117368
- verifyChain(store, _ignore_seenCerts) {
117368
+ /** @internal */
117369
+
117370
+ verifyChain(store) {
117371
+ let seenHashes = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : new src_client_CertificateHash.Set();
117372
+ /**
117373
+ * Loop detection: reject any certificate already on the current
117374
+ * verification path, per RFC 4158 Section 2.4.1 (no certificate may
117375
+ * repeat in a path) and Section 5.2 (detection guidance).
117376
+ *
117377
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc4158#section-5.2 RFC 4158 Section 5.2}
117378
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc4158#section-2.4.1 RFC 4158 Section 2.4.1}
117379
+ */
117380
+ if (seenHashes.has(client_certificate_assertClassBrand(client_Certificate_brand, this, client_computeHash).call(this))) {
117381
+ return null;
117382
+ }
117383
+
117369
117384
  /*
117370
117385
  * Check to see if the certificate is signed by any of the Root CAs
117371
117386
  */
@@ -117397,6 +117412,8 @@ class src_client_Certificate {
117397
117412
  * Check to see if the certificate is signed by any of the specified intermediates
117398
117413
  */
117399
117414
  if (store.intermediate !== undefined) {
117415
+ const nextSeen = new src_client_CertificateHash.Set(seenHashes);
117416
+ nextSeen.add(client_certificate_assertClassBrand(client_Certificate_brand, this, client_computeHash).call(this));
117400
117417
  store.intermediate.forEach(intermediateCertificate => {
117401
117418
  if (retval !== null) {
117402
117419
  return;
@@ -117404,7 +117421,7 @@ class src_client_Certificate {
117404
117421
  const checkIssued = client_certificate_assertClassBrand(client_Certificate_brand, this, client_checkIssued).call(this, intermediateCertificate);
117405
117422
  if (checkIssued.issued) {
117406
117423
  if (intermediateCertificate.checkValid(this.moment)) {
117407
- const moreChain = intermediateCertificate.verifyChain(store, undefined /* seenCerts XXX:TODO */);
117424
+ const moreChain = intermediateCertificate.verifyChain(store, nextSeen);
117408
117425
  if (moreChain !== null) {
117409
117426
  const checkRetval = [...moreChain, intermediateCertificate];
117410
117427
  const validChain = src_client_Certificate.verifyChainDepth([...checkRetval, this]);
@@ -117581,12 +117598,13 @@ class src_client_Certificate {
117581
117598
  */
117582
117599
  hash() {
117583
117600
  this.assertConstructed();
117584
- if (!client_certificate_classPrivateFieldGet(client_hash, this)) {
117585
- client_certificate_classPrivateFieldSet(client_hash, this, src_client_CertificateHash.fromData(client_certificate_Buffer.from(client_certificate_classPrivateFieldGet(client_raw2, this))));
117586
- }
117587
- return client_certificate_classPrivateFieldGet(client_hash, this);
117601
+ return client_certificate_assertClassBrand(client_Certificate_brand, this, client_computeHash).call(this);
117588
117602
  }
117589
117603
 
117604
+ /*
117605
+ * Compute the hash without asserting full construction.
117606
+ */
117607
+
117590
117608
  /**
117591
117609
  * Get a JSON representation of the certificate
117592
117610
  */
@@ -117890,6 +117908,12 @@ function client_checkIssued(issuer) {
117890
117908
  issued: true
117891
117909
  };
117892
117910
  }
117911
+ function client_computeHash() {
117912
+ if (!client_certificate_classPrivateFieldGet(client_hash, this)) {
117913
+ client_certificate_classPrivateFieldSet(client_hash, this, src_client_CertificateHash.fromData(client_certificate_Buffer.from(client_certificate_classPrivateFieldGet(client_raw2, this))));
117914
+ }
117915
+ return client_certificate_classPrivateFieldGet(client_hash, this);
117916
+ }
117893
117917
  /**
117894
117918
  * The Certificate Builder
117895
117919
  */
@@ -117915,7 +117939,7 @@ function client_ledger_toPrimitive(t, r) { if ("object" != typeof t || !t) retur
117915
117939
 
117916
117940
 
117917
117941
  const client_LedgerErrorType = 'LEDGER';
117918
- const client_LedgerBaseErrorCodes = ['BLOCK_ALREADY_EXISTS', 'BLOCK_EXPIRED', 'TRANSACTION_ABORTED', 'INVALID_CHAIN', 'INVALID_NETWORK', 'INVALID_SUBNET', 'INVALID_PERMISSIONS', 'INVALID_OWNER_COUNT', 'INVALID_BALANCE', 'INVALID_SET_REP', 'OPERATION_NOT_SUPPORTED', 'NOT_EMPTY', 'PREVIOUS_ALREADY_USED', 'PREVIOUS_NOT_SEEN', 'SUCCESSOR_VOTE_EXISTS', 'INSUFFICIENT_VOTING_WEIGHT', 'INVALID_ACCOUNT_INFO_KEY', 'RECEIVE_NOT_MET', 'DUPLICATE_VOTE_FOUND', 'CANNOT_EXCHANGE_PERM_VOTE', 'TEMP_VOTE_INCLUDES_SELF', 'BLOCKS_DIFFER_FROM_VOTED_ON', 'NO_PERM_WITHOUT_SELF_TEMP', 'DUPLICATE_VOTE_ISSUER_FOUND', 'OTHER', 'MISSING_BLOCKS',
117942
+ const client_LedgerBaseErrorCodes = ['BLOCK_ALREADY_EXISTS', 'BLOCK_EXPIRED', 'TRANSACTION_ABORTED', 'INVALID_CHAIN', 'INVALID_NETWORK', 'INVALID_SUBNET', 'INVALID_PERMISSIONS', 'INVALID_OWNER_COUNT', 'INVALID_BALANCE', 'INVALID_SET_REP', 'INVALID_ACL_ROW_TYPE', 'OPERATION_NOT_SUPPORTED', 'NOT_EMPTY', 'PREVIOUS_ALREADY_USED', 'PREVIOUS_NOT_SEEN', 'SUCCESSOR_VOTE_EXISTS', 'INSUFFICIENT_VOTING_WEIGHT', 'INVALID_ACCOUNT_INFO_KEY', 'RECEIVE_NOT_MET', 'DUPLICATE_VOTE_FOUND', 'CANNOT_EXCHANGE_PERM_VOTE', 'TEMP_VOTE_INCLUDES_SELF', 'BLOCKS_DIFFER_FROM_VOTED_ON', 'NO_PERM_WITHOUT_SELF_TEMP', 'DUPLICATE_VOTE_ISSUER_FOUND', 'OTHER', 'MISSING_BLOCKS', 'CERTIFICATE_NOT_FOUND',
117919
117943
  // Fee Errors
117920
117944
  'FEE_AMOUNT_MISMATCH', 'FEE_TOKEN_MISMATCH', 'FEE_MISSING', 'MISSING_REQUIRED_FEE_BLOCK', 'MULTIPLE_FEE_BLOCK', 'VOTE_WITH_QUOTE', 'QUOTE_MISMATCH', 'REQUIRED_FEE_MISMATCH'];
117921
117945
 
@@ -118036,6 +118060,16 @@ function client_common_assertClassBrand(e, t, n) { if ("function" == typeof e ?
118036
118060
 
118037
118061
 
118038
118062
 
118063
+ function client_areACLPrincipalEqual(a, b) {
118064
+ if (client_lib_account.isInstance(a) || client_lib_account.isInstance(b)) {
118065
+ if (!client_lib_account.isInstance(a) || !client_lib_account.isInstance(b)) {
118066
+ return false;
118067
+ }
118068
+ return a.comparePublicKey(b);
118069
+ } else {
118070
+ return a.certificate.compareHexString(b.certificate) && a.certificateAccount.comparePublicKey(b.certificateAccount);
118071
+ }
118072
+ }
118039
118073
  function client_findPermissionMatch(lookingFor, entries) {
118040
118074
  const {
118041
118075
  principal,
@@ -118044,7 +118078,8 @@ function client_findPermissionMatch(lookingFor, entries) {
118044
118078
  } = lookingFor;
118045
118079
  let foundRow;
118046
118080
  for (const entry of entries) {
118047
- if (!principal.comparePublicKey(entry.principal)) {
118081
+ // If principals do not match, we can skip
118082
+ if (!client_areACLPrincipalEqual(principal, entry.principal)) {
118048
118083
  continue;
118049
118084
  }
118050
118085
 
@@ -118182,79 +118217,111 @@ async function client_computeLedgerEffect(options, effects, storageProvider, net
118182
118217
  const resolved = await getAccountInfoPromises[accountPubKey];
118183
118218
  return resolved;
118184
118219
  };
118220
+ const getCertificatePromises = {};
118221
+ const getCertificate = async (certificateHash, account) => {
118222
+ const promiseKey = `${certificateHash.toString()}-${account.publicKeyString.get()}`;
118223
+ if (getCertificatePromises[promiseKey] === undefined) {
118224
+ getCertificatePromises[promiseKey] = storageProvider.getAccountCertificateByHash(transaction, account, certificateHash);
118225
+ }
118226
+ return await getCertificatePromises[promiseKey];
118227
+ };
118185
118228
  const getPermissionPromises = {};
118186
- const getPermissions = async (account, entityList) => {
118187
- const accountPubKey = account.publicKeyString.get();
118229
+ const getPermissions = async (principal, entityList) => {
118230
+ let promiseKey;
118231
+ if (client_lib_account.isInstance(principal)) {
118232
+ promiseKey = `account-${principal.publicKeyString.get()}`;
118233
+ } else {
118234
+ promiseKey = `certificate-${principal.certificate.toString()}-${principal.certificateAccount.publicKeyString.get()}`;
118235
+ }
118188
118236
  if (!entityList) {
118189
- return await getPermissionPromises[accountPubKey];
118237
+ return await getPermissionPromises[promiseKey];
118190
118238
  }
118191
- if (getPermissionPromises[accountPubKey] !== undefined) {
118239
+ if (getPermissionPromises[promiseKey] !== undefined) {
118192
118240
  throw new Error('getPermissions() can only be called once per account');
118193
118241
  }
118194
- getPermissionPromises[accountPubKey] = storageProvider.listACLsByPrincipal(transaction, account, entityList);
118195
- return await getPermissionPromises[accountPubKey];
118242
+ getPermissionPromises[promiseKey] = storageProvider.listACLsByPrincipal(transaction, principal, entityList);
118243
+ return await getPermissionPromises[promiseKey];
118196
118244
  };
118197
118245
  const prefetchPromises = [];
118198
- for (const {
118199
- account,
118200
- fields
118201
- } of Object.values(effects)) {
118202
- var _fields$supply, _effects$accountPubKe;
118203
- // Always fetch the supply from accountInfo if it's changing so we can validate the effect
118204
- if (((_fields$supply = fields.supply) !== null && _fields$supply !== void 0 ? _fields$supply : []).length > 0 && (checkRangeConstraints || getFinalNumericValues)) {
118205
- prefetchPromises.push(getAccountInfo(account));
118206
- }
118207
- const accountPubKey = account.publicKeyString.get();
118208
- if (computePermissions && fields.permissions) {
118209
- const toReadEntity = new client_lib_account.Set();
118210
- for (const permUpdate of (_fields$permissions = fields.permissions) !== null && _fields$permissions !== void 0 ? _fields$permissions : []) {
118211
- var _fields$permissions;
118212
- if (permUpdate.method === src_client_Block.AdjustMethod.SET || permUpdate.permissions === null) {
118213
- toReadEntity.delete(permUpdate.entity);
118214
- continue;
118215
- }
118216
- toReadEntity.add(permUpdate.entity);
118246
+ for (const effect of Object.values(effects)) {
118247
+ const fields = effect.fields;
118248
+ const toReadEntity = new client_lib_account.Set();
118249
+ for (const permUpdate of (_fields$permissions = fields.permissions) !== null && _fields$permissions !== void 0 ? _fields$permissions : []) {
118250
+ var _fields$permissions;
118251
+ if ((permUpdate.method === src_client_Block.AdjustMethod.ADD || permUpdate.method === src_client_Block.AdjustMethod.SET) && permUpdate.principalType === 'CERTIFICATE') {
118252
+ prefetchPromises.push(getCertificate(permUpdate.principal.certificate, permUpdate.principal.certificateAccount));
118253
+ }
118254
+ if (permUpdate.method === src_client_Block.AdjustMethod.SET || permUpdate.permissions === null) {
118255
+ toReadEntity.delete(permUpdate.entity);
118256
+ continue;
118217
118257
  }
118218
- prefetchPromises.push(getPermissions(account, toReadEntity.toArray()));
118258
+ toReadEntity.add(permUpdate.entity);
118219
118259
  }
118220
- const delegationField = (_effects$accountPubKe = effects[accountPubKey]) === null || _effects$accountPubKe === void 0 ? void 0 : _effects$accountPubKe.fields.delegation;
118221
- const isDelegating = delegationField !== undefined;
118222
- let requestedRep = false;
118223
- if (isDelegating && computeWeights && getFinalNumericValues && client_canDelegate(account.keyType)) {
118224
- requestedRep = true;
118225
- prefetchPromises.push(getRep(account, getFinalNumericValues));
118226
- prefetchPromises.push(getWeight(delegationField.delegateTo));
118260
+ let principal;
118261
+ if (effect.type === 'ACCOUNT') {
118262
+ principal = effect.account;
118263
+ } else {
118264
+ principal = {
118265
+ usingCertificate: true,
118266
+ certificate: effect.certificateHash,
118267
+ certificateAccount: effect.certificateAccount
118268
+ };
118227
118269
  }
118228
- const rollingChanges = {};
118229
- for (const tokenPubKey in (_fields$balance = fields.balance) !== null && _fields$balance !== void 0 ? _fields$balance : {}) {
118230
- var _fields$balance;
118231
- for (const balanceUpdate of ((_fields$balance2 = fields.balance) !== null && _fields$balance2 !== void 0 ? _fields$balance2 : {})[tokenPubKey]) {
118232
- var _fields$balance2;
118233
- if (balanceUpdate.isReceive) {
118234
- continue;
118235
- }
118236
- const {
118237
- set,
118238
- value
118239
- } = balanceUpdate;
118240
- const token = client_lib_account.fromPublicKeyString(tokenPubKey).assertKeyType(client_AccountKeyAlgorithm.TOKEN);
118241
- if (rollingChanges[tokenPubKey] === undefined) {
118242
- rollingChanges[tokenPubKey] = 0n;
118243
- }
118244
- if (set) {
118245
- prefetchPromises.push(getPreviousBalance(token, token));
118246
- rollingChanges[tokenPubKey] = value;
118247
- } else {
118248
- rollingChanges[tokenPubKey] += value;
118249
- }
118250
- const isBaseToken = baseToken.comparePublicKey(tokenPubKey);
118251
- const possibleNegative = rollingChanges[tokenPubKey] < 0n && checkRangeConstraints;
118252
- if (possibleNegative && checkRangeConstraints || set || getFinalNumericValues || isDelegating && computeWeights) {
118253
- prefetchPromises.push(getPreviousBalance(account, token));
118254
- }
118255
- if (computeWeights && isBaseToken && client_canDelegate(account.keyType) && !requestedRep) {
118256
- requestedRep = true;
118257
- prefetchPromises.push(getRep(account, getFinalNumericValues));
118270
+
118271
+ // Only prefetch the permissions if we are computing the permissions
118272
+ if (computePermissions) {
118273
+ prefetchPromises.push(getPermissions(principal, toReadEntity.toArray()));
118274
+ }
118275
+ if (effect.type !== 'CERTIFICATE') {
118276
+ var _fields$supply, _effects$accountPubKe;
118277
+ const {
118278
+ account
118279
+ } = effect;
118280
+
118281
+ // Always fetch the supply from accountInfo if it's changing so we can validate the effect
118282
+ if (((_fields$supply = fields.supply) !== null && _fields$supply !== void 0 ? _fields$supply : []).length > 0 && (checkRangeConstraints || getFinalNumericValues)) {
118283
+ prefetchPromises.push(getAccountInfo(account));
118284
+ }
118285
+ const accountPubKey = account.publicKeyString.get();
118286
+ const delegationField = (_effects$accountPubKe = effects[accountPubKey]) === null || _effects$accountPubKe === void 0 ? void 0 : _effects$accountPubKe.fields.delegation;
118287
+ const isDelegating = delegationField !== undefined;
118288
+ let requestedRep = false;
118289
+ if (isDelegating && computeWeights && getFinalNumericValues && client_canDelegate(account.keyType)) {
118290
+ requestedRep = true;
118291
+ prefetchPromises.push(getRep(account, getFinalNumericValues));
118292
+ prefetchPromises.push(getWeight(delegationField.delegateTo));
118293
+ }
118294
+ const rollingChanges = {};
118295
+ for (const tokenPubKey in (_fields$balance = fields.balance) !== null && _fields$balance !== void 0 ? _fields$balance : {}) {
118296
+ var _fields$balance;
118297
+ for (const balanceUpdate of ((_fields$balance2 = fields.balance) !== null && _fields$balance2 !== void 0 ? _fields$balance2 : {})[tokenPubKey]) {
118298
+ var _fields$balance2;
118299
+ if (balanceUpdate.isReceive) {
118300
+ continue;
118301
+ }
118302
+ const {
118303
+ set,
118304
+ value
118305
+ } = balanceUpdate;
118306
+ const token = client_lib_account.fromPublicKeyString(tokenPubKey).assertKeyType(client_AccountKeyAlgorithm.TOKEN);
118307
+ if (rollingChanges[tokenPubKey] === undefined) {
118308
+ rollingChanges[tokenPubKey] = 0n;
118309
+ }
118310
+ if (set) {
118311
+ prefetchPromises.push(getPreviousBalance(token, token));
118312
+ rollingChanges[tokenPubKey] = value;
118313
+ } else {
118314
+ rollingChanges[tokenPubKey] += value;
118315
+ }
118316
+ const isBaseToken = baseToken.comparePublicKey(tokenPubKey);
118317
+ const possibleNegative = rollingChanges[tokenPubKey] < 0n && checkRangeConstraints;
118318
+ if (possibleNegative && checkRangeConstraints || set || getFinalNumericValues || isDelegating && computeWeights) {
118319
+ prefetchPromises.push(getPreviousBalance(account, token));
118320
+ }
118321
+ if (computeWeights && isBaseToken && client_canDelegate(account.keyType) && !requestedRep) {
118322
+ requestedRep = true;
118323
+ prefetchPromises.push(getRep(account, getFinalNumericValues));
118324
+ }
118258
118325
  }
118259
118326
  }
118260
118327
  }
@@ -118357,34 +118424,56 @@ async function client_computeLedgerEffect(options, effects, storageProvider, net
118357
118424
  newEntry.change += change;
118358
118425
  supplies[tokenPubKey] = newEntry;
118359
118426
  };
118360
- for (const {
118361
- account,
118362
- fields
118363
- } of Object.values(effects)) {
118364
- var _effects$accountPubKe2;
118365
- const accountPubKey = account.publicKeyString.get();
118427
+ for (const effect of Object.values(effects)) {
118428
+ const fields = effect.fields;
118366
118429
  for (const supplyChange of (_fields$supply2 = fields.supply) !== null && _fields$supply2 !== void 0 ? _fields$supply2 : []) {
118367
118430
  var _fields$supply2;
118368
- if (!account.isToken()) {
118431
+ if (effect.type !== 'ACCOUNT' || !effect.account.isToken()) {
118369
118432
  throw new Error('Cannot modify supply of non-token account');
118370
118433
  }
118371
- await modifySupply(account, supplyChange.value);
118372
- }
118373
- let permissionUpdates = [];
118374
- if (computePermissions && fields.permissions) {
118375
- permissionUpdates = fields.permissions;
118434
+ await modifySupply(effect.account, supplyChange.value);
118376
118435
  }
118377
- for (const permUpdate of permissionUpdates) {
118378
- var _previousEntry$permis;
118379
- if (!permUpdate.principal.comparePublicKey(account)) {
118380
- throw new Error('permUpdate.principal should not differ current account');
118436
+ for (const permUpdate of (_fields$permissions2 = fields.permissions) !== null && _fields$permissions2 !== void 0 ? _fields$permissions2 : []) {
118437
+ var _fields$permissions2, _previousEntry$permis;
118438
+ let principal;
118439
+ if (effect.type === 'ACCOUNT') {
118440
+ principal = effect.account;
118441
+ if (!client_lib_account.isInstance(permUpdate.principal)) {
118442
+ throw new Error('permUpdate.principal should be an account for ACCOUNT type effects');
118443
+ }
118444
+ if (!permUpdate.principal.comparePublicKey(effect.account)) {
118445
+ throw new Error('permUpdate.principal should not differ current account');
118446
+ }
118447
+ } else {
118448
+ if (client_lib_account.isInstance(permUpdate.principal)) {
118449
+ throw new Error('permUpdate.principal should be a certificate for CERTIFICATE type effects');
118450
+ }
118451
+ if (!permUpdate.principal.certificate.compareHexString(effect.certificateHash)) {
118452
+ throw new Error('permUpdate.principal should not differ current certificate');
118453
+ }
118454
+ principal = {
118455
+ usingCertificate: true,
118456
+ certificate: effect.certificateHash,
118457
+ certificateAccount: effect.certificateAccount
118458
+ };
118459
+ if (permUpdate.method === src_client_Block.AdjustMethod.ADD || permUpdate.method === src_client_Block.AdjustMethod.SET) {
118460
+ const certificate = await getCertificate(permUpdate.principal.certificate, permUpdate.principal.certificateAccount);
118461
+ if (!certificate) {
118462
+ throw new client_ledger_KeetaNetLedgerError('LEDGER_CERTIFICATE_NOT_FOUND', `Certificate with hash ${permUpdate.principal.certificate.toString()} for account ${permUpdate.principal.certificateAccount.publicKeyString.get()} not found`);
118463
+ }
118464
+ }
118465
+ }
118466
+
118467
+ // If not computing permissions, we only need to validate certificate existence
118468
+ if (!computePermissions) {
118469
+ continue;
118381
118470
  }
118382
118471
  if (permUpdate.method === src_client_Block.AdjustMethod.SET || permUpdate.permissions === null) {
118383
118472
  permissions.push(permUpdate);
118384
118473
  continue;
118385
118474
  }
118386
118475
  let newPermissions;
118387
- const previousEntry = client_findPermissionMatch(permUpdate, await getPermissions(account));
118476
+ const previousEntry = client_findPermissionMatch(permUpdate, await getPermissions(principal));
118388
118477
  const previousPermissions = (_previousEntry$permis = previousEntry === null || previousEntry === void 0 ? void 0 : previousEntry.permissions) !== null && _previousEntry$permis !== void 0 ? _previousEntry$permis : new client_permissions_Permissions();
118389
118478
  switch (permUpdate.method) {
118390
118479
  case src_client_Block.AdjustMethod.ADD:
@@ -118400,14 +118489,19 @@ async function client_computeLedgerEffect(options, effects, storageProvider, net
118400
118489
  permissions: newPermissions
118401
118490
  });
118402
118491
  }
118403
- const delegationField = (_effects$accountPubKe2 = effects[accountPubKey]) === null || _effects$accountPubKe2 === void 0 ? void 0 : _effects$accountPubKe2.fields.delegation;
118404
- const isDelegating = delegationField !== undefined;
118405
- if (isDelegating && client_canDelegate(account.keyType) && computeWeights) {
118406
- const currentDelegation = await getRep(account, getFinalNumericValues);
118407
- const previousBalance = await getPreviousBalance(account, baseToken);
118408
- await modifyWeight(delegationField.delegateTo, previousBalance);
118409
- if (currentDelegation) {
118410
- await modifyWeight(currentDelegation, -1n * previousBalance);
118492
+ let isDelegating;
118493
+ let delegationField;
118494
+ if (effect.type === 'ACCOUNT') {
118495
+ var _effects$effect$accou;
118496
+ delegationField = (_effects$effect$accou = effects[effect.account.publicKeyString.get()]) === null || _effects$effect$accou === void 0 ? void 0 : _effects$effect$accou.fields.delegation;
118497
+ isDelegating = delegationField !== undefined;
118498
+ if (isDelegating && delegationField && client_canDelegate(effect.account.keyType) && computeWeights) {
118499
+ const currentDelegation = await getRep(effect.account, getFinalNumericValues);
118500
+ const previousBalance = await getPreviousBalance(effect.account, baseToken);
118501
+ await modifyWeight(delegationField.delegateTo, previousBalance);
118502
+ if (currentDelegation) {
118503
+ await modifyWeight(currentDelegation, -1n * previousBalance);
118504
+ }
118411
118505
  }
118412
118506
  }
118413
118507
  const receivable = {};
@@ -118416,6 +118510,9 @@ async function client_computeLedgerEffect(options, effects, storageProvider, net
118416
118510
  const tokenAcct = client_lib_account.fromPublicKeyString(tokenPubKey).assertKeyType(client_AccountKeyAlgorithm.TOKEN);
118417
118511
  for (const balanceUpdate of ((_fields$balance4 = fields.balance) !== null && _fields$balance4 !== void 0 ? _fields$balance4 : {})[tokenPubKey]) {
118418
118512
  var _fields$balance4;
118513
+ if (effect.type !== 'ACCOUNT') {
118514
+ throw new Error('Only accounts can have balance changes');
118515
+ }
118419
118516
  const {
118420
118517
  isReceive,
118421
118518
  value,
@@ -118423,7 +118520,7 @@ async function client_computeLedgerEffect(options, effects, storageProvider, net
118423
118520
  } = balanceUpdate;
118424
118521
  if (isReceive) {
118425
118522
  const receiveFromPubKey = otherAccount.publicKeyString.get();
118426
- const previousEntry = getBalanceEntry(account, tokenAcct);
118523
+ const previousEntry = getBalanceEntry(effect.account, tokenAcct);
118427
118524
  if (previousEntry.receiveValidated === false) {
118428
118525
  continue;
118429
118526
  }
@@ -118440,15 +118537,15 @@ async function client_computeLedgerEffect(options, effects, storageProvider, net
118440
118537
  } else {
118441
118538
  receiveValid = value <= receivableAmount;
118442
118539
  }
118443
- balances[accountPubKey][tokenPubKey].receiveValidated = receiveValid;
118540
+ balances[effect.account.publicKeyString.get()][tokenPubKey].receiveValidated = receiveValid;
118444
118541
  continue;
118445
118542
  }
118446
118543
  let balanceChange;
118447
118544
  if (balanceUpdate.set) {
118448
- balanceChange = await modifyBalance(account, tokenAcct, value, true);
118545
+ balanceChange = await modifyBalance(effect.account, tokenAcct, value, true);
118449
118546
  await modifyBalance(tokenAcct, tokenAcct, -1n * balanceChange, false);
118450
118547
  } else {
118451
- balanceChange = await modifyBalance(account, tokenAcct, value, false);
118548
+ balanceChange = await modifyBalance(effect.account, tokenAcct, value, false);
118452
118549
  }
118453
118550
  if (balanceUpdate.receivable) {
118454
118551
  const otherAccountPubKey = otherAccount.publicKeyString.get();
@@ -118463,11 +118560,14 @@ async function client_computeLedgerEffect(options, effects, storageProvider, net
118463
118560
  receivable[otherAccountPubKey][tokenPubKey] += balanceChange;
118464
118561
  }
118465
118562
  const isBaseToken = baseToken.comparePublicKey(tokenAcct);
118466
- if (isBaseToken && client_canDelegate(account.keyType) && computeWeights) {
118563
+ if (isBaseToken && client_canDelegate(effect.account.keyType) && computeWeights) {
118467
118564
  if (isDelegating) {
118565
+ if (!delegationField) {
118566
+ throw new Error('delegationField should be defined if isDelegating is true');
118567
+ }
118468
118568
  await modifyWeight(delegationField.delegateTo, balanceChange);
118469
118569
  } else {
118470
- const currentRep = await getRep(account);
118570
+ const currentRep = await getRep(effect.account);
118471
118571
  if (currentRep) {
118472
118572
  await modifyWeight(currentRep, balanceChange);
118473
118573
  }
@@ -118889,6 +118989,9 @@ function client_operationTypeToNumber(str) {
118889
118989
  }
118890
118990
  return type;
118891
118991
  }
118992
+ const client_ModifyPermissionsPrincipalContextSpecificTagValues = {
118993
+ CERTIFICATE: 1
118994
+ };
118892
118995
  function client_makeEncodeDecodePermission(emptyValue) {
118893
118996
  return {
118894
118997
  encode: data => {
@@ -118984,7 +119087,52 @@ const client_BlockOperationASN1SchemaBase = {
118984
119087
  }],
118985
119088
  'MODIFY_PERMISSIONS': [{
118986
119089
  name: 'principal',
118987
- schema: client_ValidateASN1.IsOctetString
119090
+ schema: {
119091
+ choice: [client_ValidateASN1.IsOctetString, {
119092
+ type: 'context',
119093
+ kind: 'explicit',
119094
+ value: client_ModifyPermissionsPrincipalContextSpecificTagValues.CERTIFICATE,
119095
+ contains: [/* Certificate Hash */
119096
+ client_ValidateASN1.IsOctetString, /* Certificate Issued To Account */
119097
+ client_ValidateASN1.IsOctetString]
119098
+ }]
119099
+ },
119100
+ encode(data) {
119101
+ if (client_lib_account.isInstance(data)) {
119102
+ return data.publicKeyAndType;
119103
+ } else if (data.usingCertificate) {
119104
+ return {
119105
+ type: 'context',
119106
+ kind: 'explicit',
119107
+ value: client_ModifyPermissionsPrincipalContextSpecificTagValues.CERTIFICATE,
119108
+ contains: [data.certificateHash.getBuffer(), data.certificateAccount.publicKeyAndType]
119109
+ };
119110
+ } else {
119111
+ throw new Error('Invalid principal type for MODIFY_PERMISSIONS operation');
119112
+ }
119113
+ },
119114
+ decode(data) {
119115
+ if (client_isBuffer(data)) {
119116
+ return client_lib_account.fromPublicKeyAndType(data);
119117
+ } else if (client_ASN1CheckUtilities.isASN1ContextTag(data, 'explicit')) {
119118
+ if (data.value === client_ModifyPermissionsPrincipalContextSpecificTagValues.CERTIFICATE) {
119119
+ if (!Array.isArray(data.contains) || data.contains.length !== 2) {
119120
+ throw new Error('Invalid principal data for MODIFY_PERMISSIONS operation');
119121
+ }
119122
+ const certificateHashData = data.contains[0];
119123
+ const certificateAccountData = data.contains[1];
119124
+ if (!client_isBuffer(certificateHashData) || !client_isBuffer(certificateAccountData)) {
119125
+ throw new Error('Invalid certificate hash data for MODIFY_PERMISSIONS operation');
119126
+ }
119127
+ return {
119128
+ usingCertificate: true,
119129
+ certificateHash: new src_client_CertificateHash(client_bufferToArrayBuffer(certificateHashData)),
119130
+ certificateAccount: client_lib_account.fromPublicKeyAndType(certificateAccountData)
119131
+ };
119132
+ }
119133
+ }
119134
+ throw new Error('Invalid principal data for MODIFY_PERMISSIONS operation');
119135
+ }
118988
119136
  }, {
118989
119137
  name: 'method',
118990
119138
  schema: client_ValidateASN1.IsInteger
@@ -119724,10 +119872,6 @@ class src_client_BlockOperationSET_INFO extends src_client_BlockOperation {
119724
119872
  return client_toJSONSerializable(val);
119725
119873
  }
119726
119874
  }
119727
-
119728
- /**
119729
- * Set Permissions Operation
119730
- */
119731
119875
  client_BlockOperationSET_INFO = src_client_BlockOperationSET_INFO;
119732
119876
  function client_validateNameDesc(field, value, network) {
119733
119877
  const {
@@ -119746,6 +119890,9 @@ function client_validateNameDesc(field, value, network) {
119746
119890
  return;
119747
119891
  }
119748
119892
  client_operations_defineProperty(src_client_BlockOperationSET_INFO, "isInstance", client_checkableGenerator(client_BlockOperationSET_INFO));
119893
+ /**
119894
+ * Set Permissions Operation
119895
+ */
119749
119896
  var client_principal = /*#__PURE__*/new WeakMap();
119750
119897
  var client_target = /*#__PURE__*/new WeakMap();
119751
119898
  var client_method2 = /*#__PURE__*/new WeakMap();
@@ -119763,7 +119910,7 @@ class src_client_BlockOperationMODIFY_PERMISSIONS extends src_client_BlockOperat
119763
119910
  if (input.type !== client_OperationType.MODIFY_PERMISSIONS) {
119764
119911
  throw new src_client_KeetaNetBlockError('BLOCK_INVALID_TYPE', 'Invalid construction of BlockJSONOperationMODIFY_PERMISSIONS');
119765
119912
  }
119766
- client_operations_classPrivateFieldSet(client_principal, this, this.computeTo(input.principal));
119913
+ client_operations_classPrivateFieldSet(client_principal, this, client_operations_assertClassBrand(client_BlockOperationMODIFY_PERMISSIONS_brand, this, client_computePrincipal).call(this, input.principal));
119767
119914
  client_operations_classPrivateFieldSet(client_target, this, client_lib_account.toAccount(input.target));
119768
119915
  client_operations_classPrivateFieldSet(client_method2, this, client_toAdjustMethod(input.method));
119769
119916
  client_operations_classPrivateFieldSet(client_permissions, this, client_operations_assertClassBrand(client_BlockOperationMODIFY_PERMISSIONS_brand, this, client_computePermissions).call(this, input.permissions));
@@ -119811,8 +119958,15 @@ class src_client_BlockOperationMODIFY_PERMISSIONS extends src_client_BlockOperat
119811
119958
  base
119812
119959
  } = this.permissions;
119813
119960
  const baseFlagsString = `[${base.flags.join(',')}]`;
119814
- if (!base.checkAccountMatchesGroup('principal', this.principal)) {
119815
- throw new src_client_KeetaNetBlockError('BLOCK_PERMISSIONS_INVALID_PRINCIPAL', `Incorrect principal for flags ${baseFlagsString}`);
119961
+ if (client_lib_account.isInstance(this.principal)) {
119962
+ if (!base.checkAccountMatchesGroup('principal', this.principal)) {
119963
+ throw new src_client_KeetaNetBlockError('BLOCK_PERMISSIONS_INVALID_PRINCIPAL', `Incorrect principal for flags ${baseFlagsString}`);
119964
+ }
119965
+ } else {
119966
+ // If the principal is not an account, we only allow default permissions to be issued by a certificate principal
119967
+ if (!base.isValidForDefault) {
119968
+ throw new src_client_KeetaNetBlockError('BLOCK_PERMISSIONS_INVALID_DEFAULT', 'Invalid permissions, cannot use certificate principal with non-default permissions');
119969
+ }
119816
119970
  }
119817
119971
  if (this.target && !base.checkAccountMatchesGroup('target', this.target)) {
119818
119972
  throw new src_client_KeetaNetBlockError('BLOCK_PERMISSIONS_INVALID_TARGET', `Incorrect target for flags ${baseFlagsString}`);
@@ -119840,7 +119994,12 @@ class src_client_BlockOperationMODIFY_PERMISSIONS extends src_client_BlockOperat
119840
119994
  target,
119841
119995
  method
119842
119996
  } = operation;
119843
- const principalKey = principal.publicKeyString.get();
119997
+ let principalKey;
119998
+ if (client_lib_account.isInstance(principal)) {
119999
+ principalKey = principal.publicKeyString.get();
120000
+ } else {
120001
+ principalKey = `cert:${principal.certificateHash.get()}:${principal.certificateAccount.publicKeyString.get()}`;
120002
+ }
119844
120003
  const targetKey = (target !== null && target !== void 0 ? target : block.account).publicKeyString.get();
119845
120004
  if (!foundPrevious[principalKey]) {
119846
120005
  foundPrevious[principalKey] = {};
@@ -119870,6 +120029,26 @@ class src_client_BlockOperationMODIFY_PERMISSIONS extends src_client_BlockOperat
119870
120029
  * Token Supply operation
119871
120030
  */
119872
120031
  client_BlockOperationMODIFY_PERMISSIONS = src_client_BlockOperationMODIFY_PERMISSIONS;
120032
+ function client_computePrincipal(principal) {
120033
+ if (typeof principal === 'string' || client_lib_account.isInstance(principal)) {
120034
+ return this.computeTo(principal);
120035
+ } else if (principal.usingCertificate) {
120036
+ const certificateAccount = client_lib_account.toAccount(principal.certificateAccount);
120037
+ let certificateHash;
120038
+ if (src_client_CertificateHash.isInstance(principal.certificateHash)) {
120039
+ certificateHash = principal.certificateHash;
120040
+ } else {
120041
+ certificateHash = new src_client_CertificateHash(principal.certificateHash);
120042
+ }
120043
+ return {
120044
+ usingCertificate: true,
120045
+ certificateHash,
120046
+ certificateAccount
120047
+ };
120048
+ } else {
120049
+ throw new src_client_KeetaNetBlockError('BLOCK_INVALID_PRINCIPAL', 'Invalid principal for MODIFY_PERMISSIONS');
120050
+ }
120051
+ }
119873
120052
  function client_computePermissions(permissions) {
119874
120053
  if (!permissions) {
119875
120054
  return null;
@@ -124018,34 +124197,53 @@ function client_addOrCombineRequirements(existing, addition, alwaysCombine) {
124018
124197
  resp.push(addition);
124019
124198
  return resp;
124020
124199
  }
124021
- function client_addPermission(state, addition) {
124022
- const principalPubKey = addition.principal.publicKeyString.get();
124023
- if (state.accounts[principalPubKey] === undefined) {
124024
- state.accounts[principalPubKey] = {
124200
+ function client_touchStateFields(state, toTouch) {
124201
+ let entityKey;
124202
+ let defaultValue;
124203
+ if (client_lib_account.isInstance(toTouch)) {
124204
+ entityKey = toTouch.publicKeyString.get();
124205
+ defaultValue = {
124206
+ type: 'ACCOUNT',
124207
+ fields: {},
124208
+ account: toTouch
124209
+ };
124210
+ } else if (toTouch.usingCertificate) {
124211
+ entityKey = `${toTouch.certificate.toString()}:${toTouch.certificateAccount.publicKeyString.get()}`;
124212
+ defaultValue = {
124213
+ type: 'CERTIFICATE',
124025
124214
  fields: {},
124026
- account: client_lib_account.fromPublicKeyString(principalPubKey)
124215
+ certificateHash: toTouch.certificate,
124216
+ certificateAccount: toTouch.certificateAccount
124027
124217
  };
124218
+ } else {
124219
+ throw new Error('Invalid principal type in touchStateFields');
124028
124220
  }
124029
- if (state.accounts[principalPubKey].fields === undefined) {
124030
- state.accounts[principalPubKey].fields = {};
124221
+ let value = state.accounts[entityKey];
124222
+ if (value === undefined) {
124223
+ state.accounts[entityKey] = defaultValue;
124224
+ value = state.accounts[entityKey];
124031
124225
  }
124032
- if (state.accounts[principalPubKey].fields.permissions === undefined) {
124033
- state.accounts[principalPubKey].fields.permissions = [];
124226
+ return {
124227
+ value,
124228
+ entityKey
124229
+ };
124230
+ }
124231
+ function client_addPermission(state, addition) {
124232
+ const {
124233
+ value
124234
+ } = client_touchStateFields(state, addition.principal);
124235
+ if (value.fields.permissions === undefined) {
124236
+ value.fields.permissions = [];
124034
124237
  }
124035
- const existing = state.accounts[principalPubKey].fields.permissions || [];
124036
- state.accounts[principalPubKey].fields.permissions = client_addOrCombineRequirements(existing, addition);
124238
+ const existing = value.fields.permissions || [];
124239
+ value.fields.permissions = client_addOrCombineRequirements(existing, addition);
124037
124240
  }
124038
124241
  function client_addPermissionRequirement(state, requirement) {
124039
- var _state$accounts$princ, _state$accounts$princ2;
124040
- const principalPubKey = requirement.principal.publicKeyString.get();
124041
- const entityPubKey = requirement.entity.publicKeyString.get();
124042
- if (state.accounts[principalPubKey] === undefined) {
124043
- state.accounts[principalPubKey] = {
124044
- account: requirement.principal,
124045
- fields: {}
124046
- };
124047
- }
124048
- const alreadyAdded = (_state$accounts$princ = state.accounts[principalPubKey].fields.permissions) !== null && _state$accounts$princ !== void 0 ? _state$accounts$princ : [];
124242
+ var _principalFields$fiel, _principalFields$fiel2;
124243
+ const {
124244
+ value: principalFields
124245
+ } = client_touchStateFields(state, requirement.principal);
124246
+ const alreadyAdded = (_principalFields$fiel = principalFields.fields.permissions) !== null && _principalFields$fiel !== void 0 ? _principalFields$fiel : [];
124049
124247
  const foundAddedMatch = alreadyAdded.find(function (_ref) {
124050
124248
  let {
124051
124249
  permissions
@@ -124058,6 +124256,7 @@ function client_addPermissionRequirement(state, requirement) {
124058
124256
  if (foundAddedMatch !== undefined) {
124059
124257
  return;
124060
124258
  }
124259
+ const entityPubKey = requirement.entity.publicKeyString.get();
124061
124260
  if (state.accounts[entityPubKey] !== undefined) {
124062
124261
  const entityInfo = state.accounts[entityPubKey].fields.info;
124063
124262
  if (entityInfo !== undefined && 'defaultPermission' in entityInfo) {
@@ -124069,13 +124268,14 @@ function client_addPermissionRequirement(state, requirement) {
124069
124268
  }
124070
124269
  }
124071
124270
  }
124072
- const existing = (_state$accounts$princ2 = state.accounts[principalPubKey].fields.permissionRequirements) !== null && _state$accounts$princ2 !== void 0 ? _state$accounts$princ2 : [];
124073
- state.accounts[principalPubKey].fields.permissionRequirements = client_addOrCombineRequirements(existing, requirement, true);
124271
+ const existing = (_principalFields$fiel2 = principalFields.fields.permissionRequirements) !== null && _principalFields$fiel2 !== void 0 ? _principalFields$fiel2 : [];
124272
+ principalFields.fields.permissionRequirements = client_addOrCombineRequirements(existing, requirement, true);
124074
124273
  }
124075
124274
  function client_updateMinSignerSetLength(state, multisigAccount, count) {
124076
124275
  const multisigPublicKey = multisigAccount.publicKeyString.get();
124077
124276
  if (state.accounts[multisigPublicKey] === undefined) {
124078
124277
  state.accounts[multisigPublicKey] = {
124278
+ type: 'ACCOUNT',
124079
124279
  account: multisigAccount,
124080
124280
  fields: {}
124081
124281
  };
@@ -124099,6 +124299,7 @@ function client_modifyBalanceInState(balanceState) {
124099
124299
  const tokenPubKey = token.publicKeyString.get();
124100
124300
  if (state.accounts[accountPubKey] === undefined) {
124101
124301
  state.accounts[accountPubKey] = {
124302
+ type: 'ACCOUNT',
124102
124303
  account: client_lib_account.fromPublicKeyString(accountPubKey),
124103
124304
  fields: {}
124104
124305
  };
@@ -124164,6 +124365,7 @@ function client_updateAccountInfoInState(state, account, info) {
124164
124365
  }
124165
124366
  if (!state.accounts[accountPubKey]) {
124166
124367
  state.accounts[accountPubKey] = {
124368
+ type: 'ACCOUNT',
124167
124369
  account: account,
124168
124370
  fields: {}
124169
124371
  };
@@ -124321,6 +124523,7 @@ function client_computeEffectOfOperationCREATE_IDENTIFIER(state, block, operatio
124321
124523
  for (const multisigSigner of operation.createArguments.signers) {
124322
124524
  state.possibleNewAccounts.add(multisigSigner);
124323
124525
  client_addPermission(state, {
124526
+ principalType: 'ACCOUNT',
124324
124527
  principal: multisigSigner,
124325
124528
  entity: operation.identifier,
124326
124529
  method: src_client_Block.AdjustMethod.SET,
@@ -124329,6 +124532,7 @@ function client_computeEffectOfOperationCREATE_IDENTIFIER(state, block, operatio
124329
124532
  }
124330
124533
  } else {
124331
124534
  client_addPermission(state, {
124535
+ principalType: 'ACCOUNT',
124332
124536
  principal: block.account,
124333
124537
  entity: operation.identifier,
124334
124538
  method: src_client_Block.AdjustMethod.SET,
@@ -124345,17 +124549,41 @@ function client_computeEffectOfOperationSET_INFO(state, block, operation) {
124345
124549
  });
124346
124550
  }
124347
124551
  function client_computeEffectOfOperationMODIFY_PERMISSIONS(state, block, operation) {
124348
- state.possibleNewAccounts.add(operation.principal);
124552
+ if (client_lib_account.isInstance(operation.principal)) {
124553
+ state.possibleNewAccounts.add(operation.principal);
124554
+ } else if (operation.principal.usingCertificate) {
124555
+ state.possibleNewAccounts.add(operation.principal.certificateAccount);
124556
+ } else {
124557
+ throw new Error('Invalid principal in MODIFY_PERMISSIONS operation');
124558
+ }
124349
124559
  if (operation.target) {
124350
124560
  state.possibleNewAccounts.add(operation.target);
124351
124561
  }
124352
- client_addPermission(state, {
124353
- principal: operation.principal,
124562
+ const shared = {
124354
124563
  entity: block.account,
124355
124564
  permissions: operation.permissions,
124356
124565
  method: operation.method,
124357
124566
  target: operation.target
124358
- });
124567
+ };
124568
+ if (client_lib_account.isInstance(operation.principal)) {
124569
+ client_addPermission(state, {
124570
+ principalType: 'ACCOUNT',
124571
+ principal: operation.principal,
124572
+ ...shared
124573
+ });
124574
+ } else if (operation.principal.usingCertificate) {
124575
+ client_addPermission(state, {
124576
+ principalType: 'CERTIFICATE',
124577
+ principal: {
124578
+ usingCertificate: true,
124579
+ certificate: operation.principal.certificateHash,
124580
+ certificateAccount: operation.principal.certificateAccount
124581
+ },
124582
+ ...shared
124583
+ });
124584
+ } else {
124585
+ throw new Error('Invalid principal in MODIFY_PERMISSIONS operation');
124586
+ }
124359
124587
  }
124360
124588
  function client_computeEffectOfOperationTOKEN_ADMIN_SUPPLY(state, block, operation) {
124361
124589
  var _state$accounts$token;
@@ -124436,14 +124664,19 @@ function client_computeEffectOfOperationMANAGE_CERTIFICATE(state, block, operati
124436
124664
  const client_operationHandlers = {
124437
124665
  [src_client_Block.OperationType.SEND]: {
124438
124666
  effectGenerator: client_computeEffectOfOperationSEND,
124439
- accountPermissionACL: (block, operation, context) => {
124440
- const baseEffect = {
124441
- entity: operation.token || context.ledger.baseToken
124442
- };
124667
+ accountPermissionACL: (block, operation) => {
124668
+ // Require both the sender and the recipient to have ['ACCESS'] on the token
124669
+ const baseEffect = [{
124670
+ principal: block.account,
124671
+ entity: operation.token
124672
+ }, {
124673
+ principal: operation.to,
124674
+ entity: operation.token
124675
+ }];
124443
124676
  if (operation.to.keyType !== client_AccountKeyAlgorithm.STORAGE) {
124444
124677
  return baseEffect;
124445
124678
  }
124446
- return [baseEffect,
124679
+ return [...baseEffect,
124447
124680
  // Require that the token identifier was granted access by storage account for it to be able to hold
124448
124681
  {
124449
124682
  entity: operation.to,
@@ -124541,9 +124774,16 @@ const client_operationHandlers = {
124541
124774
  delegateMethodNeeded = 'PERMISSION_DELEGATE_ADD';
124542
124775
  break;
124543
124776
  }
124777
+ let target;
124778
+ if (client_lib_account.isInstance(operation.principal)) {
124779
+ target = operation.principal;
124780
+ } else {
124781
+ // Currently, we do not have a way to specify a target for certificate principals, so we will not include a target in this case
124782
+ target = undefined;
124783
+ }
124544
124784
  necessary.push({
124545
124785
  permissions: new client_permissions_Permissions([delegateMethodNeeded]),
124546
- target: operation.principal
124786
+ target: target
124547
124787
  });
124548
124788
  return necessary;
124549
124789
  }
@@ -124691,6 +124931,7 @@ function client_computeEffectOfBlocks(blocks, ledger) {
124691
124931
  }
124692
124932
  if (accumulatedEffects.accounts[blockAccountPubKey] === undefined) {
124693
124933
  accumulatedEffects.accounts[blockAccountPubKey] = {
124934
+ type: 'ACCOUNT',
124694
124935
  account: block.account,
124695
124936
  fields: {}
124696
124937
  };
@@ -124747,6 +124988,9 @@ function client_computeEffectOfBlocks(blocks, ledger) {
124747
124988
  }
124748
124989
  }
124749
124990
  for (const effect of Object.values(accumulatedEffects.accounts)) {
124991
+ if (effect.type !== 'ACCOUNT') {
124992
+ continue;
124993
+ }
124750
124994
  accumulatedEffects.touched.add(effect.account);
124751
124995
  if (effect.fields.balance) {
124752
124996
  let hasDebit = false;
@@ -126739,6 +126983,8 @@ const src_client_Testing = {
126739
126983
  feeExtensionSchema: client_feeExtensionSchema
126740
126984
  };
126741
126985
  ;// ./src/lib/ledger/types.ts
126986
+
126987
+
126742
126988
  /**
126743
126989
  * Account info entry
126744
126990
  */
@@ -126769,19 +127015,33 @@ function client_isKeyPairAccountInfo(info) {
126769
127015
  function client_isAccountInfoOfType(info, type) {
126770
127016
  return info.account.isKeyType(type);
126771
127017
  }
127018
+ const client_aclPrincipalType = (/* unused pure expression or super */ null && (['ACCOUNT', 'CERTIFICATE']));
127019
+ function client_isACLPrincipalType(type) {
127020
+ // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
127021
+ return client_aclPrincipalType.includes(type);
127022
+ }
127023
+ function client_assertACLPrincipalType(type) {
127024
+ if (!client_isACLPrincipalType(type)) {
127025
+ throw new KeetaNetLedgerError('LEDGER_INVALID_ACL_ROW_TYPE', `Invalid ACL Row Type: ${type}`);
127026
+ }
127027
+ }
127028
+ function client_asACLPrincipalType(type) {
127029
+ client_assertACLPrincipalType(type);
127030
+ return type;
127031
+ }
126772
127032
 
126773
127033
  /**
126774
127034
  * Permissions types
126775
127035
  */
126776
127036
 
126777
127037
  /**
126778
- * An entry for the ACL
126779
- * @expandType ACLRow
127038
+ * A permission requirement for ledger effects
127039
+ * @expandType AccountACLRow
126780
127040
  */
126781
127041
 
126782
127042
  /**
126783
127043
  * Update an ACL for an account
126784
- * @expandType ACLEntry
127044
+ * @expandType ACLRow
126785
127045
  */
126786
127046
 
126787
127047
  /**
@@ -128102,6 +128362,7 @@ function client_lib_ledger_toPrimitive(t, r) { if ("object" != typeof t || !t) r
128102
128362
 
128103
128363
 
128104
128364
 
128365
+
128105
128366
  /**
128106
128367
  * Kind of ledger
128107
128368
  */
@@ -128131,6 +128392,10 @@ let client_LedgerKind = /*#__PURE__*/function (LedgerKind) {
128131
128392
  * Options for "getVotesAfter"
128132
128393
  */
128133
128394
 
128395
+ /**
128396
+ * Filters for listing ACLs by entity
128397
+ */
128398
+
128134
128399
  /**
128135
128400
  * Idempotent Key
128136
128401
  */
@@ -128716,9 +128981,9 @@ class client_LedgerAtomicInterface {
128716
128981
  const permissions = await client_ledger_classPrivateFieldGet(client_ledger_storage, this).listACLsByPrincipal(transaction, principal, entityList);
128717
128982
  return permissions;
128718
128983
  }
128719
- async listACLsByEntity(entity) {
128984
+ async listACLsByEntity(entity, options) {
128720
128985
  const transaction = client_ledger_assertClassBrand(client_LedgerAtomicInterface_brand, this, client_assertTransaction).call(this);
128721
- const permissions = await client_ledger_classPrivateFieldGet(client_ledger_storage, this).listACLsByEntity(transaction, entity);
128986
+ const permissions = await client_ledger_classPrivateFieldGet(client_ledger_storage, this).listACLsByEntity(transaction, entity, options);
128722
128987
  return permissions;
128723
128988
  }
128724
128989
  async votingPower(rep) {
@@ -129065,6 +129330,71 @@ async function client_listAccountInfo(accounts) {
129065
129330
  await Promise.all(permissionPromises);
129066
129331
  return accountInfo;
129067
129332
  }
129333
+ async function client_fetchSatisfiedCertificateACLs(account, requirement) {
129334
+ const entityCertificateACLs = await this.listACLsByEntity(requirement.entity, {
129335
+ principalType: 'CERTIFICATE'
129336
+ });
129337
+ if (entityCertificateACLs.length === 0) {
129338
+ return null;
129339
+ }
129340
+ const entityACLsWithValuesResponse = await Promise.all(entityCertificateACLs.map(async acl => {
129341
+ if (acl.principalType !== 'CERTIFICATE') {
129342
+ throw new Error('Expected certificate ACL row');
129343
+ }
129344
+ const certificate = await this.getAccountCertificateByHash(acl.principal.certificateAccount, acl.principal.certificate);
129345
+ if (certificate === null) {
129346
+ return null;
129347
+ }
129348
+ return {
129349
+ acl,
129350
+ certificate
129351
+ };
129352
+ }));
129353
+
129354
+ // XXX:TODO does this need to be paginated
129355
+ const userCertificates = await this.getAccountCertificates(account);
129356
+ const matchedCertificateACLs = [];
129357
+ for (const aclWithCertificate of entityACLsWithValuesResponse) {
129358
+ if (!aclWithCertificate) {
129359
+ continue;
129360
+ }
129361
+ const {
129362
+ certificate: aclCertificate,
129363
+ acl
129364
+ } = aclWithCertificate;
129365
+ const issuerCertificate = new src_client_Certificate(aclCertificate.certificate, {
129366
+ isTrustedRoot: true
129367
+ });
129368
+ if (!issuerCertificate.checkValid()) {
129369
+ continue;
129370
+ }
129371
+ for (const userCertificate of userCertificates) {
129372
+ var _aclCertificate$inter, _aclCertificate$inter2, _userCertificate$inte, _userCertificate$inte2;
129373
+ if (!userCertificate.certificate.checkValid()) {
129374
+ continue;
129375
+ }
129376
+ const foundChain = userCertificate.certificate.verifyChain({
129377
+ root: new Set([issuerCertificate]),
129378
+ intermediate: new Set([...((_aclCertificate$inter = (_aclCertificate$inter2 = aclCertificate.intermediates) === null || _aclCertificate$inter2 === void 0 ? void 0 : _aclCertificate$inter2.getCertificates()) !== null && _aclCertificate$inter !== void 0 ? _aclCertificate$inter : []), ...((_userCertificate$inte = (_userCertificate$inte2 = userCertificate.intermediates) === null || _userCertificate$inte2 === void 0 ? void 0 : _userCertificate$inte2.getCertificates()) !== null && _userCertificate$inte !== void 0 ? _userCertificate$inte : [])])
129379
+ });
129380
+ if (foundChain === null) {
129381
+ continue;
129382
+ }
129383
+ let foundRootInChain = false;
129384
+ for (const certInChain of foundChain) {
129385
+ if (certInChain.hash().compareHexString(issuerCertificate.hash())) {
129386
+ foundRootInChain = true;
129387
+ break;
129388
+ }
129389
+ }
129390
+ if (!foundRootInChain) {
129391
+ throw new Error('Internal error: issuer certificate not found in verified chain');
129392
+ }
129393
+ matchedCertificateACLs.push(acl);
129394
+ }
129395
+ }
129396
+ return matchedCertificateACLs;
129397
+ }
129068
129398
  async function client_checkSingleAccountPermissions(account, requirements, accountInfos) {
129069
129399
  client_ledger_assertClassBrand(client_LedgerAtomicInterface_brand, this, client_assertTransaction).call(this);
129070
129400
 
@@ -129073,6 +129403,9 @@ async function client_checkSingleAccountPermissions(account, requirements, accou
129073
129403
  const entityAccounts = new client_lib_account.Set(unfilteredEntity).toArray();
129074
129404
  const gotPermissions = await this.listACLsByPrincipal(account, entityAccounts);
129075
129405
  for (const requirement of requirements) {
129406
+ if (!requirement.permissions) {
129407
+ throw new Error('Unexpected null permissions in requirement');
129408
+ }
129076
129409
  const reqEntityKey = requirement.entity.publicKeyString.get();
129077
129410
  const foundACLRow = client_findPermissionMatch(requirement, gotPermissions);
129078
129411
  const foundAccountInfo = accountInfos[reqEntityKey];
@@ -129084,10 +129417,19 @@ async function client_checkSingleAccountPermissions(account, requirements, accou
129084
129417
  } else {
129085
129418
  foundPermission = new client_permissions_Permissions();
129086
129419
  }
129087
- if (requirement.permissions === null) {
129088
- continue;
129420
+ let hasPermissions = foundPermission.has(requirement.permissions);
129421
+ if (!hasPermissions && account.isAccount()) {
129422
+ const found = await client_ledger_assertClassBrand(client_LedgerAtomicInterface_brand, this, client_fetchSatisfiedCertificateACLs).call(this, account, requirement);
129423
+ if (found) {
129424
+ for (const row of found) {
129425
+ const certificateRowHasPermissions = row.permissions.has(requirement.permissions);
129426
+ if (certificateRowHasPermissions) {
129427
+ hasPermissions = true;
129428
+ break;
129429
+ }
129430
+ }
129431
+ }
129089
129432
  }
129090
- const hasPermissions = foundPermission.has(requirement.permissions);
129091
129433
  if (!hasPermissions) {
129092
129434
  var _requirement$target;
129093
129435
  const accountPubKey = account.publicKeyString.get();
@@ -129105,19 +129447,22 @@ async function client_checkPermissionRequirements(effects) {
129105
129447
  const needToGetAccountInfoFor = new client_lib_account.Set();
129106
129448
  const allAccountsChanges = Object.values(effects);
129107
129449
  const foundMultisigSignerLengths = [];
129108
- for (const {
129109
- account,
129110
- fields
129111
- } of allAccountsChanges) {
129112
- if (account.isMultisig()) {
129450
+ for (const accountChanges of allAccountsChanges) {
129451
+ const {
129452
+ fields
129453
+ } = accountChanges;
129454
+ if (accountChanges.type === 'ACCOUNT' && accountChanges.account.isMultisig()) {
129113
129455
  if (fields.minSignerSetLength !== undefined) {
129114
- needToGetAccountInfoFor.add(account);
129115
- foundMultisigSignerLengths.push([account, fields.minSignerSetLength]);
129456
+ needToGetAccountInfoFor.add(accountChanges.account);
129457
+ foundMultisigSignerLengths.push([accountChanges.account, fields.minSignerSetLength]);
129116
129458
  }
129117
129459
  }
129118
129460
  for (const singleRequirement of (_fields$permissionReq = fields.permissionRequirements) !== null && _fields$permissionReq !== void 0 ? _fields$permissionReq : []) {
129119
129461
  var _fields$permissionReq;
129120
129462
  const principal = singleRequirement.principal;
129463
+ if (!client_lib_account.isInstance(principal)) {
129464
+ throw new Error('Principal in permission requirement is not an account');
129465
+ }
129121
129466
  const principalPubKey = principal.publicKeyString.get();
129122
129467
  if (!requirementsByPrincipal[principalPubKey]) {
129123
129468
  requirementsByPrincipal[principalPubKey] = [];
@@ -129261,6 +129606,9 @@ async function client_validateLedgerOutcome(blocks) {
129261
129606
  }
129262
129607
  for (const accountChanges of allAccountsChanges) {
129263
129608
  var _fields$createRequest, _fields$permissions;
129609
+ if (accountChanges.type === 'CERTIFICATE') {
129610
+ continue;
129611
+ }
129264
129612
  const {
129265
129613
  account,
129266
129614
  fields = {}
@@ -129279,6 +129627,10 @@ async function client_validateLedgerOutcome(blocks) {
129279
129627
  */
129280
129628
  const addedPermissions = (_fields$permissions = fields.permissions) !== null && _fields$permissions !== void 0 ? _fields$permissions : [];
129281
129629
  for (const newPerm of addedPermissions) {
129630
+ // We only care about permissions that include ownership, and non-accounts (ex: certificate principals) cannot be owners
129631
+ if (newPerm.principalType === 'CERTIFICATE') {
129632
+ continue;
129633
+ }
129282
129634
  let method = 'ADD';
129283
129635
  if (newPerm.permissions === null || !newPerm.permissions.has(['OWNER'])) {
129284
129636
  method = 'REMOVE';
@@ -129904,7 +130256,7 @@ client_lib_ledger_defineProperty(src_client_Ledger, "isInstance", client_checkab
129904
130256
  // EXTERNAL MODULE: ws (ignored)
129905
130257
  var client_ws_ignored_ = __webpack_require__(4708);
129906
130258
  ;// ./src/version.ts
129907
- const client_version = '0.16.2+g2c1441eed2a1c71a895d0fb5166c431799b3d3ca';
130259
+ const client_version = '0.18.1+gae2caf00c1e19c6d232ff1a37b9fd8e7ea8a1ddc';
129908
130260
  /* harmony default export */ const client_src_version = ((/* unused pure expression or super */ null && (client_version)));
129909
130261
  ;// ./src/lib/p2p.ts
129910
130262
  /* provided dependency */ var client_p2p_Buffer = __webpack_require__(8287)["Buffer"];
@@ -132803,20 +133155,33 @@ class src_client_UserClientBuilder {
132803
133155
  }
132804
133156
  if (operations.permissionsChanges !== undefined) {
132805
133157
  pendingOperations.permissionsChanges = {};
132806
- for (const accountPubKey in operations.permissionsChanges) {
132807
- pendingOperations.permissionsChanges[accountPubKey] = {};
132808
- for (const targetPubKey in operations.permissionsChanges[accountPubKey]) {
133158
+ for (const [certificateOrAccountKey, changes] of Object.entries(operations.permissionsChanges)) {
133159
+ pendingOperations.permissionsChanges[certificateOrAccountKey] = {
133160
+ principal: (() => {
133161
+ if (typeof changes.principal === 'string') {
133162
+ return src_client_Account.toAccount(changes.principal);
133163
+ } else {
133164
+ return {
133165
+ usingCertificate: true,
133166
+ certificate: new src_client_Certificate.Hash(changes.principal.certificate),
133167
+ certificateAccount: src_client_Account.toAccount(changes.principal.certificateAccount)
133168
+ };
133169
+ }
133170
+ })(),
133171
+ targets: {}
133172
+ };
133173
+ for (const targetPubKey in changes.targets) {
132809
133174
  const updateArray = [];
132810
133175
  for (const {
132811
133176
  method,
132812
133177
  permissions
132813
- } of operations.permissionsChanges[accountPubKey][targetPubKey]) {
133178
+ } of changes.targets[targetPubKey]) {
132814
133179
  updateArray.push({
132815
133180
  method,
132816
133181
  permissions: client_permissions_Permissions.FromAcceptedTypes(permissions)
132817
133182
  });
132818
133183
  }
132819
- pendingOperations.permissionsChanges[accountPubKey][targetPubKey] = updateArray;
133184
+ pendingOperations.permissionsChanges[certificateOrAccountKey].targets[targetPubKey] = updateArray;
132820
133185
  }
132821
133186
  }
132822
133187
  }
@@ -133266,9 +133631,13 @@ class src_client_UserClientBuilder {
133266
133631
  amount: amount
133267
133632
  });
133268
133633
  }
133269
- for (const principalPubKey in pending.permissionsChanges) {
133270
- for (const targetPubKey in pending.permissionsChanges[principalPubKey]) {
133271
- for (const change of pending.permissionsChanges[principalPubKey][targetPubKey]) {
133634
+ for (const {
133635
+ targets,
133636
+ principal
133637
+ } of Object.values((_pending$permissionsC = pending.permissionsChanges) !== null && _pending$permissionsC !== void 0 ? _pending$permissionsC : {})) {
133638
+ var _pending$permissionsC;
133639
+ for (const targetPubKey in targets) {
133640
+ for (const change of targets[targetPubKey]) {
133272
133641
  const {
133273
133642
  method,
133274
133643
  permissions
@@ -133279,7 +133648,17 @@ class src_client_UserClientBuilder {
133279
133648
  }
133280
133649
  operations.push({
133281
133650
  type: src_client_Block.OperationType.MODIFY_PERMISSIONS,
133282
- principal: src_client_Account.fromPublicKeyString(principalPubKey),
133651
+ principal: (() => {
133652
+ if (src_client_Account.isInstance(principal)) {
133653
+ return principal;
133654
+ } else {
133655
+ return {
133656
+ usingCertificate: true,
133657
+ certificateHash: principal.certificate,
133658
+ certificateAccount: principal.certificateAccount
133659
+ };
133660
+ }
133661
+ })(),
133283
133662
  target: target,
133284
133663
  method: method,
133285
133664
  permissions: permissions
@@ -133345,18 +133724,26 @@ class src_client_UserClientBuilder {
133345
133724
  let options = arguments.length > 4 && arguments[4] !== undefined ? arguments[4] : {};
133346
133725
  client_builder_assertClassBrand(client_UserClientBuilder_brand, this, client_useOptions).call(this, options);
133347
133726
  method = method !== null && method !== void 0 ? method : src_client_Block.AdjustMethod.SET;
133348
- const principalPubKey = principal.publicKeyString.get();
133349
- const targetPubKey = (target !== null && target !== void 0 ? target : client_builder_classPrivateFieldGet(client_pendingOptions, this).account).publicKeyString.get();
133727
+ let principalKey;
133728
+ if (typeof principal === 'string' || src_client_Account.isInstance(principal)) {
133729
+ principalKey = src_client_Account.toAccount(principal).publicKeyString.get();
133730
+ } else {
133731
+ principalKey = principal.certificate.toString();
133732
+ }
133350
133733
  if (!client_builder_classPrivateFieldGet(client_pendingOperations, this).permissionsChanges) {
133351
133734
  client_builder_classPrivateFieldGet(client_pendingOperations, this).permissionsChanges = {};
133352
133735
  }
133353
- if (!client_builder_classPrivateFieldGet(client_pendingOperations, this).permissionsChanges[principalPubKey]) {
133354
- client_builder_classPrivateFieldGet(client_pendingOperations, this).permissionsChanges[principalPubKey] = {};
133736
+ if (!client_builder_classPrivateFieldGet(client_pendingOperations, this).permissionsChanges[principalKey]) {
133737
+ client_builder_classPrivateFieldGet(client_pendingOperations, this).permissionsChanges[principalKey] = {
133738
+ principal,
133739
+ targets: {}
133740
+ };
133355
133741
  }
133356
- if (!client_builder_classPrivateFieldGet(client_pendingOperations, this).permissionsChanges[principalPubKey][targetPubKey]) {
133357
- client_builder_classPrivateFieldGet(client_pendingOperations, this).permissionsChanges[principalPubKey][targetPubKey] = [];
133742
+ const targetPubKey = (target !== null && target !== void 0 ? target : client_builder_classPrivateFieldGet(client_pendingOptions, this).account).publicKeyString.get();
133743
+ if (!client_builder_classPrivateFieldGet(client_pendingOperations, this).permissionsChanges[principalKey].targets[targetPubKey]) {
133744
+ client_builder_classPrivateFieldGet(client_pendingOperations, this).permissionsChanges[principalKey].targets[targetPubKey] = [];
133358
133745
  }
133359
- client_builder_classPrivateFieldGet(client_pendingOperations, this).permissionsChanges[principalPubKey][targetPubKey].push({
133746
+ client_builder_classPrivateFieldGet(client_pendingOperations, this).permissionsChanges[principalKey].targets[targetPubKey].push({
133360
133747
  method: method,
133361
133748
  permissions: client_permissions_Permissions.FromAcceptedTypes(permissions)
133362
133749
  });
@@ -133639,6 +134026,7 @@ function client_client_assertClassBrand(e, t, n) { if ("function" == typeof e ?
133639
134026
 
133640
134027
 
133641
134028
 
134029
+
133642
134030
 
133643
134031
 
133644
134032
  /*
@@ -135558,12 +135946,31 @@ function client_parseAccountInfo(account, accountInfo) {
135558
135946
  }
135559
135947
  function client_parsePermissionEntries(entries) {
135560
135948
  return entries.map(entry => {
135561
- return {
135562
- principal: client_src_lib.Account.fromPublicKeyString(entry.principal),
135949
+ const shared = {
135563
135950
  entity: client_src_lib.Account.fromPublicKeyString(entry.entity),
135564
135951
  permissions: client_client_assertClassBrand(client_Client_brand, this, client_parseResponsePermissions).call(this, entry.permissions),
135565
135952
  target: client_src_lib.Account.fromPublicKeyString(entry.target)
135566
135953
  };
135954
+ if (entry.principalType === 'ACCOUNT') {
135955
+ return {
135956
+ principalType: 'ACCOUNT',
135957
+ principal: client_src_lib.Account.fromPublicKeyString(entry.principal),
135958
+ ...shared
135959
+ };
135960
+ } else if (entry.principalType === 'CERTIFICATE') {
135961
+ return {
135962
+ principalType: 'CERTIFICATE',
135963
+ principal: {
135964
+ usingCertificate: true,
135965
+ certificate: new src_client_Certificate.Hash(entry.principal.certificate),
135966
+ certificateAccount: client_src_lib.Account.fromPublicKeyString(entry.principal.certificateAccount)
135967
+ },
135968
+ ...shared
135969
+ };
135970
+ } else {
135971
+ client_assertNever(entry);
135972
+ }
135973
+ throw new Error('Unknown ACL Entry Type');
135567
135974
  });
135568
135975
  }
135569
135976
  function client_mapCertificateWithBundleResult(input) {
@@ -135908,7 +136315,9 @@ class src_client_UserClient {
135908
136315
  principals.push(operation.to);
135909
136316
  break;
135910
136317
  case client_OperationType.MODIFY_PERMISSIONS:
135911
- principals.push(operation.principal);
136318
+ if (client_lib_account.isInstance(operation.principal)) {
136319
+ principals.push(operation.principal);
136320
+ }
135912
136321
  break;
135913
136322
  case client_OperationType.CREATE_IDENTIFIER:
135914
136323
  principals.push(operation.identifier);
@@ -136360,7 +136769,13 @@ class src_client_UserClient {
136360
136769
  async updatePermissions(principal, permissions, target, method) {
136361
136770
  let options = arguments.length > 4 && arguments[4] !== undefined ? arguments[4] : {};
136362
136771
  const builder = this.initBuilder(options);
136363
- builder.updatePermissions(client_lib_account.toAccount(principal), permissions, client_lib_account.toAccount(target), method, options);
136772
+ let principalValue;
136773
+ if (typeof principal === 'string' || client_lib_account.isInstance(principal)) {
136774
+ principalValue = client_lib_account.toAccount(principal);
136775
+ } else {
136776
+ principalValue = principal;
136777
+ }
136778
+ builder.updatePermissions(principalValue, permissions, client_lib_account.toAccount(target), method, options);
136364
136779
  return await this.publishBuilder(builder);
136365
136780
  }
136366
136781