@keetanetwork/keetanet-client 0.16.2 → 0.18.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (190) hide show
  1. package/client/builder.d.ts +23 -10
  2. package/client/index-browser.d.ts +1 -1
  3. package/client/index-browser.js +597 -182
  4. package/client/index.d.ts +1 -1
  5. package/client/index.js +588 -161
  6. package/docs/assets/hierarchy.js +1 -1
  7. package/docs/assets/navigation.js +1 -1
  8. package/docs/assets/search.js +1 -1
  9. package/docs/classes/KeetaNetSDK.Client.html +4 -4
  10. package/docs/classes/KeetaNetSDK.Referenced.BaseSet.html +1 -1
  11. package/docs/classes/KeetaNetSDK.Referenced.BaseVoteBuilder.html +1 -1
  12. package/docs/classes/KeetaNetSDK.Referenced.Block.html +3 -3
  13. package/docs/classes/KeetaNetSDK.Referenced.BlockBuilder.html +1 -1
  14. package/docs/classes/KeetaNetSDK.Referenced.BlockHash.html +1 -1
  15. package/docs/classes/KeetaNetSDK.Referenced.BlockOperation.html +1 -1
  16. package/docs/classes/KeetaNetSDK.Referenced.BlockOperationCREATE_IDENTIFIER.html +1 -1
  17. package/docs/classes/KeetaNetSDK.Referenced.BlockOperationMANAGE_CERTIFICATE.html +1 -1
  18. package/docs/classes/KeetaNetSDK.Referenced.BlockOperationMODIFY_PERMISSIONS.html +2 -2
  19. package/docs/classes/KeetaNetSDK.Referenced.BlockOperationRECEIVE.html +1 -1
  20. package/docs/classes/KeetaNetSDK.Referenced.BlockOperationSEND.html +1 -1
  21. package/docs/classes/KeetaNetSDK.Referenced.BlockOperationSET_INFO.html +1 -1
  22. package/docs/classes/KeetaNetSDK.Referenced.BlockOperationSET_REP.html +1 -1
  23. package/docs/classes/KeetaNetSDK.Referenced.BlockOperationTOKEN_ADMIN_MODIFY_BALANCE.html +1 -1
  24. package/docs/classes/KeetaNetSDK.Referenced.BlockOperationTOKEN_ADMIN_SUPPLY.html +1 -1
  25. package/docs/classes/KeetaNetSDK.Referenced.Certificate.html +1 -4
  26. package/docs/classes/KeetaNetSDK.Referenced.CertificateHash.html +1 -1
  27. package/docs/classes/KeetaNetSDK.Referenced.ECDSAKeyPair.html +1 -1
  28. package/docs/classes/KeetaNetSDK.Referenced.ECDSASECP256K1KeyPair.html +1 -1
  29. package/docs/classes/KeetaNetSDK.Referenced.ECDSASECP256K1PrivateKey.html +1 -1
  30. package/docs/classes/KeetaNetSDK.Referenced.ECDSASECP256K1PublicKey.html +1 -1
  31. package/docs/classes/KeetaNetSDK.Referenced.ECDSASECP256K1Signature.html +1 -1
  32. package/docs/classes/KeetaNetSDK.Referenced.ECDSASECP256R1KeyPair.html +1 -1
  33. package/docs/classes/KeetaNetSDK.Referenced.ECDSASECP256R1PrivateKey.html +1 -1
  34. package/docs/classes/KeetaNetSDK.Referenced.ECDSASECP256R1PublicKey.html +1 -1
  35. package/docs/classes/KeetaNetSDK.Referenced.ECDSASECP256R1Signature.html +1 -1
  36. package/docs/classes/KeetaNetSDK.Referenced.ED25519KeyPair.html +1 -1
  37. package/docs/classes/KeetaNetSDK.Referenced.ED25519PrivateKey.html +1 -1
  38. package/docs/classes/KeetaNetSDK.Referenced.ED25519PublicKey.html +1 -1
  39. package/docs/classes/KeetaNetSDK.Referenced.ED25519Signature.html +1 -1
  40. package/docs/classes/KeetaNetSDK.Referenced.ExternalKeyPair.html +1 -1
  41. package/docs/classes/KeetaNetSDK.Referenced.ExternalSet.html +1 -1
  42. package/docs/classes/KeetaNetSDK.Referenced.IdempotentKey.html +1 -1
  43. package/docs/classes/KeetaNetSDK.Referenced.IdentifierKey.html +1 -1
  44. package/docs/classes/KeetaNetSDK.Referenced.IdentifierKeyPair.html +1 -1
  45. package/docs/classes/KeetaNetSDK.Referenced.KeetaNetError.html +2 -2
  46. package/docs/classes/KeetaNetSDK.Referenced.KeetaNetErrorBase.html +1 -1
  47. package/docs/classes/KeetaNetSDK.Referenced.KeetaNetLedgerError.html +2 -2
  48. package/docs/classes/KeetaNetSDK.Referenced.KeetaNetLedgerIdempotentKeyError.html +1 -1
  49. package/docs/classes/KeetaNetSDK.Referenced.KeetaNetLedgerVoteError.html +1 -1
  50. package/docs/classes/KeetaNetSDK.Referenced.KeyInterface.html +1 -1
  51. package/docs/classes/KeetaNetSDK.Referenced.KeyStorage.html +1 -1
  52. package/docs/classes/KeetaNetSDK.Referenced.Ledger.html +1 -1
  53. package/docs/classes/KeetaNetSDK.Referenced.LedgerAtomicInterface.html +1 -1
  54. package/docs/classes/KeetaNetSDK.Referenced.PermissionSetHolder.html +1 -1
  55. package/docs/classes/KeetaNetSDK.Referenced.PossiblyExpiredVote.html +1 -1
  56. package/docs/classes/KeetaNetSDK.Referenced.PossiblyUnsignedBlock.html +3 -3
  57. package/docs/classes/KeetaNetSDK.Referenced.SignatureStorage.html +1 -1
  58. package/docs/classes/KeetaNetSDK.Referenced.Stats.html +1 -1
  59. package/docs/classes/KeetaNetSDK.Referenced.StatsPending.html +1 -1
  60. package/docs/classes/KeetaNetSDK.Referenced.UnsignedBlock.html +3 -3
  61. package/docs/classes/KeetaNetSDK.Referenced.UserClientBuilder.html +1 -1
  62. package/docs/classes/KeetaNetSDK.Referenced.Vote.html +1 -1
  63. package/docs/classes/KeetaNetSDK.Referenced.VoteBlockBundle.html +2 -2
  64. package/docs/classes/KeetaNetSDK.Referenced.VoteBlockHash.html +1 -1
  65. package/docs/classes/KeetaNetSDK.Referenced.VoteBuilder.html +1 -1
  66. package/docs/classes/KeetaNetSDK.Referenced.VoteHash.html +1 -1
  67. package/docs/classes/KeetaNetSDK.Referenced.VoteLikeBase.html +1 -1
  68. package/docs/classes/KeetaNetSDK.Referenced.VoteQuote.html +1 -1
  69. package/docs/classes/KeetaNetSDK.Referenced.VoteQuoteBuilder.html +1 -1
  70. package/docs/classes/KeetaNetSDK.Referenced.VoteStaple.html +2 -2
  71. package/docs/classes/KeetaNetSDK.Referenced.VoteStapleHash.html +1 -1
  72. package/docs/classes/KeetaNetSDK.Referenced.src_lib_utils_buffer.BufferStorage.html +1 -1
  73. package/docs/classes/KeetaNetSDK.UserClient.html +6 -6
  74. package/docs/hierarchy.html +1 -1
  75. package/docs/interfaces/KeetaNetSDK.Referenced.ASN1ExplicitContextTag.html +1 -1
  76. package/docs/interfaces/KeetaNetSDK.Referenced.ASN1ImplicitContextTag.html +1 -1
  77. package/docs/interfaces/KeetaNetSDK.Referenced.ASN1Object.html +1 -1
  78. package/docs/interfaces/KeetaNetSDK.Referenced.AccountACLRow.html +11 -0
  79. package/docs/interfaces/KeetaNetSDK.Referenced.AccountComputedEffect.html +4 -0
  80. package/docs/interfaces/KeetaNetSDK.Referenced.BaseACLRow.html +9 -0
  81. package/docs/interfaces/KeetaNetSDK.Referenced.BaseAccountInfo.html +1 -1
  82. package/docs/interfaces/KeetaNetSDK.Referenced.BaseExternalKeyPairFunctions.html +1 -1
  83. package/docs/interfaces/KeetaNetSDK.Referenced.BaseGenerationConfig.html +1 -1
  84. package/docs/interfaces/KeetaNetSDK.Referenced.BaseIdentifierAccountInfo.html +1 -1
  85. package/docs/interfaces/KeetaNetSDK.Referenced.BaseIdentifierCreateArguments.html +1 -1
  86. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperation.html +1 -1
  87. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperationCREATE_IDENTIFIER.html +1 -1
  88. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperationMANAGE_CERTIFICATE.html +1 -1
  89. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperationMODIFY_PERMISSIONS.html +2 -2
  90. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperationRECEIVE.html +1 -1
  91. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperationSEND.html +1 -1
  92. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperationSET_INFO.html +1 -1
  93. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperationSET_REP.html +1 -1
  94. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperationTOKEN_ADMIN_MODIFY_BALANCE.html +1 -1
  95. package/docs/interfaces/KeetaNetSDK.Referenced.BlockJSONOperationTOKEN_ADMIN_SUPPLY.html +1 -1
  96. package/docs/interfaces/KeetaNetSDK.Referenced.BlockV1Canonical.html +1 -1
  97. package/docs/interfaces/KeetaNetSDK.Referenced.BlockV2Canonical.html +1 -1
  98. package/docs/interfaces/KeetaNetSDK.Referenced.CertificateACLPrincipal.html +4 -0
  99. package/docs/interfaces/KeetaNetSDK.Referenced.CertificateACLRow.html +11 -0
  100. package/docs/interfaces/KeetaNetSDK.Referenced.CertificateComputedEffect.html +5 -0
  101. package/docs/interfaces/KeetaNetSDK.Referenced.ComputedBlocksEffectFields.html +2 -2
  102. package/docs/interfaces/KeetaNetSDK.Referenced.Constructor.html +1 -1
  103. package/docs/interfaces/KeetaNetSDK.Referenced.DisposableTimingHandle.html +1 -1
  104. package/docs/interfaces/KeetaNetSDK.Referenced.ECDSA_SECP256K1AccountInfo.html +1 -1
  105. package/docs/interfaces/KeetaNetSDK.Referenced.ECDSA_SECP256R1AccountInfo.html +1 -1
  106. package/docs/interfaces/KeetaNetSDK.Referenced.ED25519AccountInfo.html +1 -1
  107. package/docs/interfaces/KeetaNetSDK.Referenced.ExternalKeyPairFunctionsNoEncryption.html +1 -1
  108. package/docs/interfaces/KeetaNetSDK.Referenced.ExternalKeyPairFunctionsSupportsEncryption.html +1 -1
  109. package/docs/interfaces/KeetaNetSDK.Referenced.InitialConfigSupply.html +1 -1
  110. package/docs/interfaces/KeetaNetSDK.Referenced.InstanceSet.html +1 -1
  111. package/docs/interfaces/KeetaNetSDK.Referenced.KVGenericOptionsType.html +1 -1
  112. package/docs/interfaces/KeetaNetSDK.Referenced.KVSetOptionsType.html +1 -1
  113. package/docs/interfaces/KeetaNetSDK.Referenced.LedgerStorageAPI.html +3 -3
  114. package/docs/interfaces/KeetaNetSDK.Referenced.ListACLsByEntityFilters.html +4 -0
  115. package/docs/interfaces/KeetaNetSDK.Referenced.ModifyTokenBalanceEntry.html +1 -1
  116. package/docs/interfaces/KeetaNetSDK.Referenced.MultiSigIdentifierCreateArguments.html +1 -1
  117. package/docs/interfaces/KeetaNetSDK.Referenced.MultisigAccountInfo.html +1 -1
  118. package/docs/interfaces/KeetaNetSDK.Referenced.MultisigConfig.html +1 -1
  119. package/docs/interfaces/KeetaNetSDK.Referenced.NetworkAccountInfo.html +1 -1
  120. package/docs/interfaces/KeetaNetSDK.Referenced.NumericValueEntry.html +1 -1
  121. package/docs/interfaces/KeetaNetSDK.Referenced.P2PPeerBase.html +1 -1
  122. package/docs/interfaces/KeetaNetSDK.Referenced.P2PPeerListener.html +1 -1
  123. package/docs/interfaces/KeetaNetSDK.Referenced.P2PPeerRepBase.html +1 -1
  124. package/docs/interfaces/KeetaNetSDK.Referenced.PendingOperations.html +2 -2
  125. package/docs/interfaces/KeetaNetSDK.Referenced.PendingOperationsJSON.html +2 -2
  126. package/docs/interfaces/KeetaNetSDK.Referenced.PrincipalACLWithInfoParsed.html +2 -7
  127. package/docs/interfaces/KeetaNetSDK.Referenced.PublicKeyStorage.html +1 -1
  128. package/docs/interfaces/KeetaNetSDK.Referenced.PublishOptions.html +1 -1
  129. package/docs/interfaces/KeetaNetSDK.Referenced.RequestTokenReceiveEntry.html +1 -1
  130. package/docs/interfaces/KeetaNetSDK.Referenced.StorageAccountInfo.html +1 -1
  131. package/docs/interfaces/KeetaNetSDK.Referenced.TokenAccountInfo.html +1 -1
  132. package/docs/interfaces/KeetaNetSDK.Referenced.TokenNumericEntry.html +1 -1
  133. package/docs/interfaces/KeetaNetSDK.Referenced.UserClientConfig.html +1 -1
  134. package/docs/interfaces/KeetaNetSDK.Referenced.UserClientOptions.html +1 -1
  135. package/docs/interfaces/KeetaNetSDK.Referenced.VoteStapleJSON.html +2 -2
  136. package/docs/interfaces/KeetaNetSDK.Referenced.WithIsInstance.html +1 -1
  137. package/docs/interfaces/KeetaNetSDK.Referenced.src_lib_utils_asn1.ASN1BitString.html +1 -1
  138. package/docs/interfaces/KeetaNetSDK.Referenced.src_lib_utils_asn1.ASN1Date.html +1 -1
  139. package/docs/interfaces/KeetaNetSDK.Referenced.src_lib_utils_asn1.ASN1OID.html +1 -1
  140. package/docs/interfaces/KeetaNetSDK.Referenced.src_lib_utils_asn1.ASN1Set.html +1 -1
  141. package/docs/interfaces/KeetaNetSDK.Referenced.src_lib_utils_asn1.ASN1String.html +1 -1
  142. package/docs/interfaces/KeetaNetSDK.Referenced.src_lib_utils_asn1.ASN1Struct.html +1 -1
  143. package/docs/modules/KeetaNetSDK.Referenced.html +1 -1
  144. package/docs/types/KeetaNetSDK.Referenced.ACLEntryUnparsed.html +1 -5
  145. package/docs/types/KeetaNetSDK.Referenced.ACLPermissionRequirement.html +2 -0
  146. package/docs/types/KeetaNetSDK.Referenced.ACLPrincipalType.html +1 -0
  147. package/docs/types/KeetaNetSDK.Referenced.ACLRow.html +2 -0
  148. package/docs/types/KeetaNetSDK.Referenced.ACLUpdate.html +5 -0
  149. package/docs/types/KeetaNetSDK.Referenced.ComputedBlockEffect.html +2 -0
  150. package/docs/types/KeetaNetSDK.Referenced.ComputedEffectOfBlocks.html +2 -2
  151. package/docs/types/KeetaNetSDK.Referenced.ComputedEffectOfBlocksByEntity.html +2 -0
  152. package/docs/types/KeetaNetSDK.Referenced.ModifyPermissionsPrincipal.html +1 -0
  153. package/docs/types/KeetaNetSDK.Referenced.ModifyPermissionsPrincipalInput.html +1 -0
  154. package/docs/variables/KeetaNetSDK.Referenced.BlockOperationASN1Schema.html +2 -2
  155. package/docs/variables/KeetaNetSDK.Referenced.FullLedgerBaseErrorCode.html +1 -1
  156. package/docs/variables/KeetaNetSDK.Referenced.aclPrincipalType.html +1 -0
  157. package/docs/variables/KeetaNetSDK.Referenced.allFullErrorCodes.html +1 -1
  158. package/lib/block/index.d.ts +14 -2
  159. package/lib/block/operations.d.ts +40 -4
  160. package/lib/error/block.d.ts +2 -2
  161. package/lib/error/index.d.ts +1 -1
  162. package/lib/error/ledger.d.ts +3 -3
  163. package/lib/ledger/common.d.ts +7 -5
  164. package/lib/ledger/db_dynamodb.d.ts +2 -2
  165. package/lib/ledger/db_postgres.d.ts +3 -3
  166. package/lib/ledger/db_spanner.d.ts +3 -3
  167. package/lib/ledger/db_spanner_helper.d.ts +23 -3
  168. package/lib/ledger/db_sqlite.d.ts +3 -3
  169. package/lib/ledger/effects.d.ts +17 -9
  170. package/lib/ledger/index.d.ts +14 -5
  171. package/lib/ledger/types.d.ts +38 -14
  172. package/lib/log/target_gcp.js +19 -17
  173. package/lib/utils/certificate.d.ts +0 -1
  174. package/lib/utils/external-keys/gcp-kms-wrapped.d.ts +85 -0
  175. package/lib/utils/external-keys/gcp-kms-wrapped.js +453 -0
  176. package/lib/utils/external-keys/gcp-kms.common.d.ts +17 -0
  177. package/lib/utils/external-keys/gcp-kms.d.ts +4 -9
  178. package/lib/utils/external-keys/gcp-kms.js +52 -39
  179. package/lib/utils/external-keys/passkey-prf.d.ts +42 -1
  180. package/lib/utils/external-keys/passkey-prf.js +107 -13
  181. package/lib/utils/helper_testing.d.ts +10 -0
  182. package/lib/vote.d.ts +7 -1
  183. package/npm-shrinkwrap.json +24 -24
  184. package/package.json +1 -1
  185. package/version.d.ts +1 -1
  186. package/docs/interfaces/KeetaNetSDK.Referenced.ACLEntry.html +0 -10
  187. package/docs/interfaces/KeetaNetSDK.Referenced.ACLRow.html +0 -10
  188. package/docs/interfaces/KeetaNetSDK.Referenced.ACLUpdate.html +0 -12
  189. package/docs/interfaces/KeetaNetSDK.Referenced.ComputedBlockEffect.html +0 -4
  190. package/docs/types/KeetaNetSDK.Referenced.ComputedEffectOfBlocksByAccount.html +0 -2
package/client/index.js CHANGED
@@ -57418,14 +57418,28 @@ class UserClientBuilder {
57418
57418
  }
57419
57419
  if (operations.permissionsChanges !== undefined) {
57420
57420
  pendingOperations.permissionsChanges = {};
57421
- for (const accountPubKey in operations.permissionsChanges) {
57422
- pendingOperations.permissionsChanges[accountPubKey] = {};
57423
- for (const targetPubKey in operations.permissionsChanges[accountPubKey]) {
57421
+ for (const [certificateOrAccountKey, changes] of Object.entries(operations.permissionsChanges)) {
57422
+ pendingOperations.permissionsChanges[certificateOrAccountKey] = {
57423
+ principal: (() => {
57424
+ if (typeof changes.principal === 'string') {
57425
+ return (account_1.Account.toAccount(changes.principal));
57426
+ }
57427
+ else {
57428
+ return ({
57429
+ usingCertificate: true,
57430
+ certificate: new certificate_1.Certificate.Hash(changes.principal.certificate),
57431
+ certificateAccount: account_1.Account.toAccount(changes.principal.certificateAccount)
57432
+ });
57433
+ }
57434
+ })(),
57435
+ targets: {}
57436
+ };
57437
+ for (const targetPubKey in changes.targets) {
57424
57438
  const updateArray = [];
57425
- for (const { method, permissions } of operations.permissionsChanges[accountPubKey][targetPubKey]) {
57439
+ for (const { method, permissions } of changes.targets[targetPubKey]) {
57426
57440
  updateArray.push({ method, permissions: permissions_1.Permissions.FromAcceptedTypes(permissions) });
57427
57441
  }
57428
- pendingOperations.permissionsChanges[accountPubKey][targetPubKey] = updateArray;
57442
+ pendingOperations.permissionsChanges[certificateOrAccountKey].targets[targetPubKey] = updateArray;
57429
57443
  }
57430
57444
  }
57431
57445
  }
@@ -57802,9 +57816,9 @@ class UserClientBuilder {
57802
57816
  amount: amount
57803
57817
  });
57804
57818
  }
57805
- for (const principalPubKey in pending.permissionsChanges) {
57806
- for (const targetPubKey in pending.permissionsChanges[principalPubKey]) {
57807
- for (const change of pending.permissionsChanges[principalPubKey][targetPubKey]) {
57819
+ for (const { targets, principal } of Object.values(pending.permissionsChanges ?? {})) {
57820
+ for (const targetPubKey in targets) {
57821
+ for (const change of targets[targetPubKey]) {
57808
57822
  const { method, permissions } = change;
57809
57823
  let target;
57810
57824
  if (!account.comparePublicKey(targetPubKey)) {
@@ -57812,7 +57826,18 @@ class UserClientBuilder {
57812
57826
  }
57813
57827
  operations.push({
57814
57828
  type: block_1.Block.OperationType.MODIFY_PERMISSIONS,
57815
- principal: account_1.Account.fromPublicKeyString(principalPubKey),
57829
+ principal: (() => {
57830
+ if (account_1.Account.isInstance(principal)) {
57831
+ return (principal);
57832
+ }
57833
+ else {
57834
+ return ({
57835
+ usingCertificate: true,
57836
+ certificateHash: principal.certificate,
57837
+ certificateAccount: principal.certificateAccount
57838
+ });
57839
+ }
57840
+ })(),
57816
57841
  target: target,
57817
57842
  method: method,
57818
57843
  permissions: permissions
@@ -57860,18 +57885,24 @@ class UserClientBuilder {
57860
57885
  updatePermissions(principal, permissions, target, method, options = {}) {
57861
57886
  __classPrivateFieldGet(this, _UserClientBuilder_instances, "m", _UserClientBuilder_useOptions).call(this, options);
57862
57887
  method = method ?? block_1.Block.AdjustMethod.SET;
57863
- const principalPubKey = principal.publicKeyString.get();
57864
- const targetPubKey = (target ?? __classPrivateFieldGet(this, _UserClientBuilder_pendingOptions, "f").account).publicKeyString.get();
57888
+ let principalKey;
57889
+ if (typeof principal === 'string' || account_1.Account.isInstance(principal)) {
57890
+ principalKey = account_1.Account.toAccount(principal).publicKeyString.get();
57891
+ }
57892
+ else {
57893
+ principalKey = principal.certificate.toString();
57894
+ }
57865
57895
  if (!__classPrivateFieldGet(this, _UserClientBuilder_pendingOperations, "f").permissionsChanges) {
57866
57896
  __classPrivateFieldGet(this, _UserClientBuilder_pendingOperations, "f").permissionsChanges = {};
57867
57897
  }
57868
- if (!__classPrivateFieldGet(this, _UserClientBuilder_pendingOperations, "f").permissionsChanges[principalPubKey]) {
57869
- __classPrivateFieldGet(this, _UserClientBuilder_pendingOperations, "f").permissionsChanges[principalPubKey] = {};
57898
+ if (!__classPrivateFieldGet(this, _UserClientBuilder_pendingOperations, "f").permissionsChanges[principalKey]) {
57899
+ __classPrivateFieldGet(this, _UserClientBuilder_pendingOperations, "f").permissionsChanges[principalKey] = { principal, targets: {} };
57870
57900
  }
57871
- if (!__classPrivateFieldGet(this, _UserClientBuilder_pendingOperations, "f").permissionsChanges[principalPubKey][targetPubKey]) {
57872
- __classPrivateFieldGet(this, _UserClientBuilder_pendingOperations, "f").permissionsChanges[principalPubKey][targetPubKey] = [];
57901
+ const targetPubKey = (target ?? __classPrivateFieldGet(this, _UserClientBuilder_pendingOptions, "f").account).publicKeyString.get();
57902
+ if (!__classPrivateFieldGet(this, _UserClientBuilder_pendingOperations, "f").permissionsChanges[principalKey].targets[targetPubKey]) {
57903
+ __classPrivateFieldGet(this, _UserClientBuilder_pendingOperations, "f").permissionsChanges[principalKey].targets[targetPubKey] = [];
57873
57904
  }
57874
- __classPrivateFieldGet(this, _UserClientBuilder_pendingOperations, "f").permissionsChanges[principalPubKey][targetPubKey].push({
57905
+ __classPrivateFieldGet(this, _UserClientBuilder_pendingOperations, "f").permissionsChanges[principalKey].targets[targetPubKey].push({
57875
57906
  method: method,
57876
57907
  permissions: permissions_1.Permissions.FromAcceptedTypes(permissions)
57877
57908
  });
@@ -58172,6 +58203,7 @@ const certificate_1 = __webpack_require__(5661);
58172
58203
  const certificate_2 = __webpack_require__(5661);
58173
58204
  const vote_1 = __webpack_require__(1130);
58174
58205
  const ledger_1 = __webpack_require__(452);
58206
+ const never_1 = __webpack_require__(8692);
58175
58207
  function isGetAccountStateAPIResponseFailure(object) {
58176
58208
  if (typeof object !== 'object' || object === null) {
58177
58209
  return (false);
@@ -59898,12 +59930,33 @@ async function _Client_apiRaw(rep, api, method, options = {}) {
59898
59930
  });
59899
59931
  }, _Client_parsePermissionEntries = function _Client_parsePermissionEntries(entries) {
59900
59932
  return (entries.map(entry => {
59901
- return ({
59902
- principal: lib_1.default.Account.fromPublicKeyString(entry.principal),
59933
+ const shared = {
59903
59934
  entity: lib_1.default.Account.fromPublicKeyString(entry.entity),
59904
59935
  permissions: __classPrivateFieldGet(this, _Client_instances, "m", _Client_parseResponsePermissions).call(this, entry.permissions),
59905
59936
  target: lib_1.default.Account.fromPublicKeyString(entry.target)
59906
- });
59937
+ };
59938
+ if (entry.principalType === 'ACCOUNT') {
59939
+ return ({
59940
+ principalType: 'ACCOUNT',
59941
+ principal: lib_1.default.Account.fromPublicKeyString(entry.principal),
59942
+ ...shared
59943
+ });
59944
+ }
59945
+ else if (entry.principalType === 'CERTIFICATE') {
59946
+ return ({
59947
+ principalType: 'CERTIFICATE',
59948
+ principal: {
59949
+ usingCertificate: true,
59950
+ certificate: new certificate_1.Certificate.Hash(entry.principal.certificate),
59951
+ certificateAccount: lib_1.default.Account.fromPublicKeyString(entry.principal.certificateAccount)
59952
+ },
59953
+ ...shared
59954
+ });
59955
+ }
59956
+ else {
59957
+ (0, never_1.assertNever)(entry);
59958
+ }
59959
+ throw (new Error('Unknown ACL Entry Type'));
59907
59960
  }));
59908
59961
  }, _Client_mapCertificateWithBundleResult = function _Client_mapCertificateWithBundleResult(input) {
59909
59962
  let intermediates = null;
@@ -60209,7 +60262,9 @@ class UserClient {
60209
60262
  principals.push(operation.to);
60210
60263
  break;
60211
60264
  case operations_1.OperationType.MODIFY_PERMISSIONS:
60212
- principals.push(operation.principal);
60265
+ if (account_1.default.isInstance(operation.principal)) {
60266
+ principals.push(operation.principal);
60267
+ }
60213
60268
  break;
60214
60269
  case operations_1.OperationType.CREATE_IDENTIFIER:
60215
60270
  principals.push(operation.identifier);
@@ -60539,7 +60594,14 @@ class UserClient {
60539
60594
  */
60540
60595
  async updatePermissions(principal, permissions, target, method, options = {}) {
60541
60596
  const builder = this.initBuilder(options);
60542
- builder.updatePermissions(account_1.default.toAccount(principal), permissions, account_1.default.toAccount(target), method, options);
60597
+ let principalValue;
60598
+ if (typeof principal === 'string' || account_1.default.isInstance(principal)) {
60599
+ principalValue = account_1.default.toAccount(principal);
60600
+ }
60601
+ else {
60602
+ principalValue = principal;
60603
+ }
60604
+ builder.updatePermissions(principalValue, permissions, account_1.default.toAccount(target), method, options);
60543
60605
  return (await this.publishBuilder(builder));
60544
60606
  }
60545
60607
  /**
@@ -61167,7 +61229,7 @@ exports.baseValidationConfig = {
61167
61229
  },
61168
61230
  blockOperations: {
61169
61231
  external: {
61170
- maxLength: 256,
61232
+ maxLength: 1024,
61171
61233
  regex: /^[-_A-Za-z0-9+/= ]+$/,
61172
61234
  canBeEmpty: true
61173
61235
  },
@@ -64448,7 +64510,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
64448
64510
  var __importDefault = (this && this.__importDefault) || function (mod) {
64449
64511
  return (mod && mod.__esModule) ? mod : { "default": mod };
64450
64512
  };
64451
- var _BlockOperationSEND_instances, _BlockOperationSEND_to, _BlockOperationSEND_amount, _BlockOperationSEND_token, _BlockOperationSEND_computeToken, _BlockOperationRECEIVE_instances, _BlockOperationRECEIVE_amount, _BlockOperationRECEIVE_token, _BlockOperationRECEIVE_from, _BlockOperationRECEIVE_forward, _BlockOperationRECEIVE_exact, _BlockOperationRECEIVE_computeExact, _BlockOperationRECEIVE_computeForward, _BlockOperationRECEIVE_computeToken, _BlockOperationTOKEN_ADMIN_MODIFY_BALANCE_instances, _BlockOperationTOKEN_ADMIN_MODIFY_BALANCE_token, _BlockOperationTOKEN_ADMIN_MODIFY_BALANCE_method, _BlockOperationTOKEN_ADMIN_MODIFY_BALANCE_amount, _BlockOperationTOKEN_ADMIN_MODIFY_BALANCE_computeToken, _BlockOperationSET_REP_to, _BlockOperationCREATE_IDENTIFIER_instances, _BlockOperationCREATE_IDENTIFIER_identifier, _BlockOperationCREATE_IDENTIFIER_createArguments, _BlockOperationCREATE_IDENTIFIER_computeIdentifier, _BlockOperationCREATE_IDENTIFIER_computeCreateArguments, _BlockOperationSET_INFO_instances, _BlockOperationSET_INFO_name, _BlockOperationSET_INFO_description, _BlockOperationSET_INFO_metadata, _BlockOperationSET_INFO_defaultPermission, _BlockOperationSET_INFO_validateNameDesc, _BlockOperationMODIFY_PERMISSIONS_instances, _BlockOperationMODIFY_PERMISSIONS_principal, _BlockOperationMODIFY_PERMISSIONS_target, _BlockOperationMODIFY_PERMISSIONS_method, _BlockOperationMODIFY_PERMISSIONS_permissions, _BlockOperationMODIFY_PERMISSIONS_computePermissions, _BlockOperationTOKEN_ADMIN_SUPPLY_instances, _BlockOperationTOKEN_ADMIN_SUPPLY_amount, _BlockOperationTOKEN_ADMIN_SUPPLY_method, _BlockOperationTOKEN_ADMIN_SUPPLY_computeSupplyMethod, _BlockOperationMANAGE_CERTIFICATE_instances, _BlockOperationMANAGE_CERTIFICATE_certificateOrHash, _BlockOperationMANAGE_CERTIFICATE_intermediateCertificates, _BlockOperationMANAGE_CERTIFICATE_method, _BlockOperationMANAGE_CERTIFICATE_asCertificate, _BlockOperationMANAGE_CERTIFICATE_asIntermediateCertificates, _BlockOperationMANAGE_CERTIFICATE_computeCertificateMethod;
64513
+ var _BlockOperationSEND_instances, _BlockOperationSEND_to, _BlockOperationSEND_amount, _BlockOperationSEND_token, _BlockOperationSEND_computeToken, _BlockOperationRECEIVE_instances, _BlockOperationRECEIVE_amount, _BlockOperationRECEIVE_token, _BlockOperationRECEIVE_from, _BlockOperationRECEIVE_forward, _BlockOperationRECEIVE_exact, _BlockOperationRECEIVE_computeExact, _BlockOperationRECEIVE_computeForward, _BlockOperationRECEIVE_computeToken, _BlockOperationTOKEN_ADMIN_MODIFY_BALANCE_instances, _BlockOperationTOKEN_ADMIN_MODIFY_BALANCE_token, _BlockOperationTOKEN_ADMIN_MODIFY_BALANCE_method, _BlockOperationTOKEN_ADMIN_MODIFY_BALANCE_amount, _BlockOperationTOKEN_ADMIN_MODIFY_BALANCE_computeToken, _BlockOperationSET_REP_to, _BlockOperationCREATE_IDENTIFIER_instances, _BlockOperationCREATE_IDENTIFIER_identifier, _BlockOperationCREATE_IDENTIFIER_createArguments, _BlockOperationCREATE_IDENTIFIER_computeIdentifier, _BlockOperationCREATE_IDENTIFIER_computeCreateArguments, _BlockOperationSET_INFO_instances, _BlockOperationSET_INFO_name, _BlockOperationSET_INFO_description, _BlockOperationSET_INFO_metadata, _BlockOperationSET_INFO_defaultPermission, _BlockOperationSET_INFO_validateNameDesc, _BlockOperationMODIFY_PERMISSIONS_instances, _BlockOperationMODIFY_PERMISSIONS_principal, _BlockOperationMODIFY_PERMISSIONS_target, _BlockOperationMODIFY_PERMISSIONS_method, _BlockOperationMODIFY_PERMISSIONS_permissions, _BlockOperationMODIFY_PERMISSIONS_computePrincipal, _BlockOperationMODIFY_PERMISSIONS_computePermissions, _BlockOperationTOKEN_ADMIN_SUPPLY_instances, _BlockOperationTOKEN_ADMIN_SUPPLY_amount, _BlockOperationTOKEN_ADMIN_SUPPLY_method, _BlockOperationTOKEN_ADMIN_SUPPLY_computeSupplyMethod, _BlockOperationMANAGE_CERTIFICATE_instances, _BlockOperationMANAGE_CERTIFICATE_certificateOrHash, _BlockOperationMANAGE_CERTIFICATE_intermediateCertificates, _BlockOperationMANAGE_CERTIFICATE_method, _BlockOperationMANAGE_CERTIFICATE_asCertificate, _BlockOperationMANAGE_CERTIFICATE_asIntermediateCertificates, _BlockOperationMANAGE_CERTIFICATE_computeCertificateMethod;
64452
64514
  Object.defineProperty(exports, "__esModule", ({ value: true }));
64453
64515
  exports.Operation = exports.BlockOperationASN1Schema = exports.OperationType = void 0;
64454
64516
  exports.createBlockOperation = createBlockOperation;
@@ -64506,6 +64568,9 @@ function operationTypeToNumber(str) {
64506
64568
  }
64507
64569
  return (type);
64508
64570
  }
64571
+ const ModifyPermissionsPrincipalContextSpecificTagValues = {
64572
+ CERTIFICATE: 1
64573
+ };
64509
64574
  function makeEncodeDecodePermission(emptyValue) {
64510
64575
  return {
64511
64576
  encode: (data) => {
@@ -64560,7 +64625,67 @@ const BlockOperationASN1SchemaBase = {
64560
64625
  }
64561
64626
  ],
64562
64627
  'MODIFY_PERMISSIONS': [
64563
- { name: 'principal', schema: asn1_1.ValidateASN1.IsOctetString },
64628
+ {
64629
+ name: 'principal',
64630
+ schema: {
64631
+ choice: [
64632
+ asn1_1.ValidateASN1.IsOctetString,
64633
+ {
64634
+ type: 'context',
64635
+ kind: 'explicit',
64636
+ value: ModifyPermissionsPrincipalContextSpecificTagValues.CERTIFICATE,
64637
+ contains: [
64638
+ /* Certificate Hash */
64639
+ asn1_1.ValidateASN1.IsOctetString,
64640
+ /* Certificate Issued To Account */
64641
+ asn1_1.ValidateASN1.IsOctetString
64642
+ ]
64643
+ }
64644
+ ]
64645
+ },
64646
+ encode(data) {
64647
+ if (account_1.default.isInstance(data)) {
64648
+ return (data.publicKeyAndType);
64649
+ }
64650
+ else if (data.usingCertificate) {
64651
+ return ({
64652
+ type: 'context',
64653
+ kind: 'explicit',
64654
+ value: ModifyPermissionsPrincipalContextSpecificTagValues.CERTIFICATE,
64655
+ contains: [
64656
+ data.certificateHash.getBuffer(),
64657
+ data.certificateAccount.publicKeyAndType
64658
+ ]
64659
+ });
64660
+ }
64661
+ else {
64662
+ throw (new Error('Invalid principal type for MODIFY_PERMISSIONS operation'));
64663
+ }
64664
+ },
64665
+ decode(data) {
64666
+ if ((0, helper_1.isBuffer)(data)) {
64667
+ return (account_1.default.fromPublicKeyAndType(data));
64668
+ }
64669
+ else if (asn1_1.ASN1CheckUtilities.isASN1ContextTag(data, 'explicit')) {
64670
+ if (data.value === ModifyPermissionsPrincipalContextSpecificTagValues.CERTIFICATE) {
64671
+ if (!Array.isArray(data.contains) || data.contains.length !== 2) {
64672
+ throw (new Error('Invalid principal data for MODIFY_PERMISSIONS operation'));
64673
+ }
64674
+ const certificateHashData = data.contains[0];
64675
+ const certificateAccountData = data.contains[1];
64676
+ if (!(0, helper_1.isBuffer)(certificateHashData) || !(0, helper_1.isBuffer)(certificateAccountData)) {
64677
+ throw (new Error('Invalid certificate hash data for MODIFY_PERMISSIONS operation'));
64678
+ }
64679
+ return ({
64680
+ usingCertificate: true,
64681
+ certificateHash: new certificate_1.CertificateHash((0, helper_1.bufferToArrayBuffer)(certificateHashData)),
64682
+ certificateAccount: account_1.default.fromPublicKeyAndType(certificateAccountData)
64683
+ });
64684
+ }
64685
+ }
64686
+ throw (new Error('Invalid principal data for MODIFY_PERMISSIONS operation'));
64687
+ }
64688
+ },
64564
64689
  { name: 'method', schema: asn1_1.ValidateASN1.IsInteger },
64565
64690
  {
64566
64691
  name: 'permissions',
@@ -65258,7 +65383,7 @@ class BlockOperationMODIFY_PERMISSIONS extends BlockOperation {
65258
65383
  if (input.type !== OperationType.MODIFY_PERMISSIONS) {
65259
65384
  throw (new block_1.default('BLOCK_INVALID_TYPE', 'Invalid construction of BlockJSONOperationMODIFY_PERMISSIONS'));
65260
65385
  }
65261
- __classPrivateFieldSet(this, _BlockOperationMODIFY_PERMISSIONS_principal, this.computeTo(input.principal), "f");
65386
+ __classPrivateFieldSet(this, _BlockOperationMODIFY_PERMISSIONS_principal, __classPrivateFieldGet(this, _BlockOperationMODIFY_PERMISSIONS_instances, "m", _BlockOperationMODIFY_PERMISSIONS_computePrincipal).call(this, input.principal), "f");
65262
65387
  __classPrivateFieldSet(this, _BlockOperationMODIFY_PERMISSIONS_target, account_1.default.toAccount(input.target), "f");
65263
65388
  __classPrivateFieldSet(this, _BlockOperationMODIFY_PERMISSIONS_method, (0, _1.toAdjustMethod)(input.method), "f");
65264
65389
  __classPrivateFieldSet(this, _BlockOperationMODIFY_PERMISSIONS_permissions, __classPrivateFieldGet(this, _BlockOperationMODIFY_PERMISSIONS_instances, "m", _BlockOperationMODIFY_PERMISSIONS_computePermissions).call(this, input.permissions), "f");
@@ -65303,8 +65428,16 @@ class BlockOperationMODIFY_PERMISSIONS extends BlockOperation {
65303
65428
  }
65304
65429
  const { base } = this.permissions;
65305
65430
  const baseFlagsString = `[${base.flags.join(',')}]`;
65306
- if (!base.checkAccountMatchesGroup('principal', this.principal)) {
65307
- throw (new block_1.default('BLOCK_PERMISSIONS_INVALID_PRINCIPAL', `Incorrect principal for flags ${baseFlagsString}`));
65431
+ if (account_1.default.isInstance(this.principal)) {
65432
+ if (!base.checkAccountMatchesGroup('principal', this.principal)) {
65433
+ throw (new block_1.default('BLOCK_PERMISSIONS_INVALID_PRINCIPAL', `Incorrect principal for flags ${baseFlagsString}`));
65434
+ }
65435
+ }
65436
+ else {
65437
+ // If the principal is not an account, we only allow default permissions to be issued by a certificate principal
65438
+ if (!base.isValidForDefault) {
65439
+ throw (new block_1.default('BLOCK_PERMISSIONS_INVALID_DEFAULT', 'Invalid permissions, cannot use certificate principal with non-default permissions'));
65440
+ }
65308
65441
  }
65309
65442
  if (this.target && !base.checkAccountMatchesGroup('target', this.target)) {
65310
65443
  throw (new block_1.default('BLOCK_PERMISSIONS_INVALID_TARGET', `Incorrect target for flags ${baseFlagsString}`));
@@ -65327,7 +65460,13 @@ class BlockOperationMODIFY_PERMISSIONS extends BlockOperation {
65327
65460
  continue;
65328
65461
  }
65329
65462
  const { principal, target, method } = operation;
65330
- const principalKey = principal.publicKeyString.get();
65463
+ let principalKey;
65464
+ if (account_1.default.isInstance(principal)) {
65465
+ principalKey = principal.publicKeyString.get();
65466
+ }
65467
+ else {
65468
+ principalKey = `cert:${principal.certificateHash.get()}:${principal.certificateAccount.publicKeyString.get()}`;
65469
+ }
65331
65470
  const targetKey = (target ?? block.account).publicKeyString.get();
65332
65471
  if (!foundPrevious[principalKey]) {
65333
65472
  foundPrevious[principalKey] = {};
@@ -65352,7 +65491,29 @@ class BlockOperationMODIFY_PERMISSIONS extends BlockOperation {
65352
65491
  }));
65353
65492
  }
65354
65493
  }
65355
- _BlockOperationMODIFY_PERMISSIONS_principal = new WeakMap(), _BlockOperationMODIFY_PERMISSIONS_target = new WeakMap(), _BlockOperationMODIFY_PERMISSIONS_method = new WeakMap(), _BlockOperationMODIFY_PERMISSIONS_permissions = new WeakMap(), _BlockOperationMODIFY_PERMISSIONS_instances = new WeakSet(), _BlockOperationMODIFY_PERMISSIONS_computePermissions = function _BlockOperationMODIFY_PERMISSIONS_computePermissions(permissions) {
65494
+ _BlockOperationMODIFY_PERMISSIONS_principal = new WeakMap(), _BlockOperationMODIFY_PERMISSIONS_target = new WeakMap(), _BlockOperationMODIFY_PERMISSIONS_method = new WeakMap(), _BlockOperationMODIFY_PERMISSIONS_permissions = new WeakMap(), _BlockOperationMODIFY_PERMISSIONS_instances = new WeakSet(), _BlockOperationMODIFY_PERMISSIONS_computePrincipal = function _BlockOperationMODIFY_PERMISSIONS_computePrincipal(principal) {
65495
+ if (typeof principal === 'string' || account_1.default.isInstance(principal)) {
65496
+ return (this.computeTo(principal));
65497
+ }
65498
+ else if (principal.usingCertificate) {
65499
+ const certificateAccount = account_1.default.toAccount(principal.certificateAccount);
65500
+ let certificateHash;
65501
+ if (certificate_1.CertificateHash.isInstance(principal.certificateHash)) {
65502
+ certificateHash = principal.certificateHash;
65503
+ }
65504
+ else {
65505
+ certificateHash = new certificate_1.CertificateHash(principal.certificateHash);
65506
+ }
65507
+ return ({
65508
+ usingCertificate: true,
65509
+ certificateHash,
65510
+ certificateAccount
65511
+ });
65512
+ }
65513
+ else {
65514
+ throw (new block_1.default('BLOCK_INVALID_PRINCIPAL', 'Invalid principal for MODIFY_PERMISSIONS'));
65515
+ }
65516
+ }, _BlockOperationMODIFY_PERMISSIONS_computePermissions = function _BlockOperationMODIFY_PERMISSIONS_computePermissions(permissions) {
65356
65517
  if (!permissions) {
65357
65518
  return (null);
65358
65519
  }
@@ -65855,6 +66016,7 @@ exports.BlockErrorCodes = [
65855
66016
  'INVALID_SIGNER',
65856
66017
  'INVALID_TYPE',
65857
66018
  'INVALID_VERSION',
66019
+ 'INVALID_PRINCIPAL',
65858
66020
  'NO_ADMIN_ON_TARGET',
65859
66021
  'NO_DELEGATE_ADMIN',
65860
66022
  'NO_DUPLICATE_CERTIFICATE_OPERATION',
@@ -66169,6 +66331,7 @@ exports.LedgerBaseErrorCodes = [
66169
66331
  'INVALID_OWNER_COUNT',
66170
66332
  'INVALID_BALANCE',
66171
66333
  'INVALID_SET_REP',
66334
+ 'INVALID_ACL_ROW_TYPE',
66172
66335
  'OPERATION_NOT_SUPPORTED',
66173
66336
  'NOT_EMPTY',
66174
66337
  'PREVIOUS_ALREADY_USED',
@@ -66185,6 +66348,7 @@ exports.LedgerBaseErrorCodes = [
66185
66348
  'DUPLICATE_VOTE_ISSUER_FOUND',
66186
66349
  'OTHER',
66187
66350
  'MISSING_BLOCKS',
66351
+ 'CERTIFICATE_NOT_FOUND',
66188
66352
  // Fee Errors
66189
66353
  'FEE_AMOUNT_MISMATCH',
66190
66354
  'FEE_TOKEN_MISMATCH',
@@ -66800,11 +66964,23 @@ const ledger_1 = __webpack_require__(452);
66800
66964
  const helper_1 = __webpack_require__(3208);
66801
66965
  const config_1 = __webpack_require__(1491);
66802
66966
  const block_2 = __importDefault(__webpack_require__(7412));
66967
+ function areACLPrincipalEqual(a, b) {
66968
+ if (account_1.default.isInstance(a) || account_1.default.isInstance(b)) {
66969
+ if (!account_1.default.isInstance(a) || !account_1.default.isInstance(b)) {
66970
+ return (false);
66971
+ }
66972
+ return (a.comparePublicKey(b));
66973
+ }
66974
+ else {
66975
+ return (a.certificate.compareHexString(b.certificate) && a.certificateAccount.comparePublicKey(b.certificateAccount));
66976
+ }
66977
+ }
66803
66978
  function findPermissionMatch(lookingFor, entries) {
66804
66979
  const { principal, entity, target } = lookingFor;
66805
66980
  let foundRow;
66806
66981
  for (const entry of entries) {
66807
- if (!principal.comparePublicKey(entry.principal)) {
66982
+ // If principals do not match, we can skip
66983
+ if (!areACLPrincipalEqual(principal, entry.principal)) {
66808
66984
  continue;
66809
66985
  }
66810
66986
  // We only care about permissions that have the same entity
@@ -66922,70 +67098,103 @@ async function computeLedgerEffect(options, effects, storageProvider, network, t
66922
67098
  const resolved = await getAccountInfoPromises[accountPubKey];
66923
67099
  return (resolved);
66924
67100
  };
67101
+ const getCertificatePromises = {};
67102
+ const getCertificate = async (certificateHash, account) => {
67103
+ const promiseKey = `${certificateHash.toString()}-${account.publicKeyString.get()}`;
67104
+ if (getCertificatePromises[promiseKey] === undefined) {
67105
+ getCertificatePromises[promiseKey] = storageProvider.getAccountCertificateByHash(transaction, account, certificateHash);
67106
+ }
67107
+ return (await getCertificatePromises[promiseKey]);
67108
+ };
66925
67109
  const getPermissionPromises = {};
66926
- const getPermissions = async (account, entityList) => {
66927
- const accountPubKey = account.publicKeyString.get();
67110
+ const getPermissions = async (principal, entityList) => {
67111
+ let promiseKey;
67112
+ if (account_1.default.isInstance(principal)) {
67113
+ promiseKey = `account-${principal.publicKeyString.get()}`;
67114
+ }
67115
+ else {
67116
+ promiseKey = `certificate-${principal.certificate.toString()}-${principal.certificateAccount.publicKeyString.get()}`;
67117
+ }
66928
67118
  if (!entityList) {
66929
- return (await getPermissionPromises[accountPubKey]);
67119
+ return (await getPermissionPromises[promiseKey]);
66930
67120
  }
66931
- if (getPermissionPromises[accountPubKey] !== undefined) {
67121
+ if (getPermissionPromises[promiseKey] !== undefined) {
66932
67122
  throw (new Error('getPermissions() can only be called once per account'));
66933
67123
  }
66934
- getPermissionPromises[accountPubKey] = storageProvider.listACLsByPrincipal(transaction, account, entityList);
66935
- return (await getPermissionPromises[accountPubKey]);
67124
+ getPermissionPromises[promiseKey] = storageProvider.listACLsByPrincipal(transaction, principal, entityList);
67125
+ return (await getPermissionPromises[promiseKey]);
66936
67126
  };
66937
67127
  const prefetchPromises = [];
66938
- for (const { account, fields } of Object.values(effects)) {
66939
- // Always fetch the supply from accountInfo if it's changing so we can validate the effect
66940
- if ((fields.supply ?? []).length > 0 && (checkRangeConstraints || getFinalNumericValues)) {
66941
- prefetchPromises.push(getAccountInfo(account));
66942
- }
66943
- const accountPubKey = account.publicKeyString.get();
66944
- if (computePermissions && fields.permissions) {
66945
- const toReadEntity = new account_1.default.Set();
66946
- for (const permUpdate of fields.permissions ?? []) {
66947
- if (permUpdate.method === block_1.Block.AdjustMethod.SET || permUpdate.permissions === null) {
66948
- toReadEntity.delete(permUpdate.entity);
66949
- continue;
66950
- }
66951
- toReadEntity.add(permUpdate.entity);
67128
+ for (const effect of Object.values(effects)) {
67129
+ const fields = effect.fields;
67130
+ const toReadEntity = new account_1.default.Set();
67131
+ for (const permUpdate of fields.permissions ?? []) {
67132
+ if ((permUpdate.method === block_1.Block.AdjustMethod.ADD || permUpdate.method === block_1.Block.AdjustMethod.SET) && permUpdate.principalType === 'CERTIFICATE') {
67133
+ prefetchPromises.push(getCertificate(permUpdate.principal.certificate, permUpdate.principal.certificateAccount));
66952
67134
  }
66953
- prefetchPromises.push(getPermissions(account, toReadEntity.toArray()));
67135
+ if (permUpdate.method === block_1.Block.AdjustMethod.SET || permUpdate.permissions === null) {
67136
+ toReadEntity.delete(permUpdate.entity);
67137
+ continue;
67138
+ }
67139
+ toReadEntity.add(permUpdate.entity);
66954
67140
  }
66955
- const delegationField = effects[accountPubKey]?.fields.delegation;
66956
- const isDelegating = delegationField !== undefined;
66957
- let requestedRep = false;
66958
- if (isDelegating && computeWeights && getFinalNumericValues && canDelegate(account.keyType)) {
66959
- requestedRep = true;
66960
- prefetchPromises.push(getRep(account, getFinalNumericValues));
66961
- prefetchPromises.push(getWeight(delegationField.delegateTo));
67141
+ let principal;
67142
+ if (effect.type === 'ACCOUNT') {
67143
+ principal = effect.account;
66962
67144
  }
66963
- const rollingChanges = {};
66964
- for (const tokenPubKey in fields.balance ?? {}) {
66965
- for (const balanceUpdate of (fields.balance ?? {})[tokenPubKey]) {
66966
- if (balanceUpdate.isReceive) {
66967
- continue;
66968
- }
66969
- const { set, value } = balanceUpdate;
66970
- const token = account_1.default.fromPublicKeyString(tokenPubKey).assertKeyType(account_1.AccountKeyAlgorithm.TOKEN);
66971
- if (rollingChanges[tokenPubKey] === undefined) {
66972
- rollingChanges[tokenPubKey] = 0n;
66973
- }
66974
- if (set) {
66975
- prefetchPromises.push(getPreviousBalance(token, token));
66976
- rollingChanges[tokenPubKey] = value;
66977
- }
66978
- else {
66979
- rollingChanges[tokenPubKey] += value;
66980
- }
66981
- const isBaseToken = baseToken.comparePublicKey(tokenPubKey);
66982
- const possibleNegative = rollingChanges[tokenPubKey] < 0n && checkRangeConstraints;
66983
- if ((possibleNegative && checkRangeConstraints) || set || getFinalNumericValues || (isDelegating && computeWeights)) {
66984
- prefetchPromises.push(getPreviousBalance(account, token));
66985
- }
66986
- if (computeWeights && isBaseToken && canDelegate(account.keyType) && !requestedRep) {
66987
- requestedRep = true;
66988
- prefetchPromises.push(getRep(account, getFinalNumericValues));
67145
+ else {
67146
+ principal = {
67147
+ usingCertificate: true,
67148
+ certificate: effect.certificateHash,
67149
+ certificateAccount: effect.certificateAccount
67150
+ };
67151
+ }
67152
+ // Only prefetch the permissions if we are computing the permissions
67153
+ if (computePermissions) {
67154
+ prefetchPromises.push(getPermissions(principal, toReadEntity.toArray()));
67155
+ }
67156
+ if (effect.type !== 'CERTIFICATE') {
67157
+ const { account } = effect;
67158
+ // Always fetch the supply from accountInfo if it's changing so we can validate the effect
67159
+ if ((fields.supply ?? []).length > 0 && (checkRangeConstraints || getFinalNumericValues)) {
67160
+ prefetchPromises.push(getAccountInfo(account));
67161
+ }
67162
+ const accountPubKey = account.publicKeyString.get();
67163
+ const delegationField = effects[accountPubKey]?.fields.delegation;
67164
+ const isDelegating = delegationField !== undefined;
67165
+ let requestedRep = false;
67166
+ if (isDelegating && computeWeights && getFinalNumericValues && canDelegate(account.keyType)) {
67167
+ requestedRep = true;
67168
+ prefetchPromises.push(getRep(account, getFinalNumericValues));
67169
+ prefetchPromises.push(getWeight(delegationField.delegateTo));
67170
+ }
67171
+ const rollingChanges = {};
67172
+ for (const tokenPubKey in fields.balance ?? {}) {
67173
+ for (const balanceUpdate of (fields.balance ?? {})[tokenPubKey]) {
67174
+ if (balanceUpdate.isReceive) {
67175
+ continue;
67176
+ }
67177
+ const { set, value } = balanceUpdate;
67178
+ const token = account_1.default.fromPublicKeyString(tokenPubKey).assertKeyType(account_1.AccountKeyAlgorithm.TOKEN);
67179
+ if (rollingChanges[tokenPubKey] === undefined) {
67180
+ rollingChanges[tokenPubKey] = 0n;
67181
+ }
67182
+ if (set) {
67183
+ prefetchPromises.push(getPreviousBalance(token, token));
67184
+ rollingChanges[tokenPubKey] = value;
67185
+ }
67186
+ else {
67187
+ rollingChanges[tokenPubKey] += value;
67188
+ }
67189
+ const isBaseToken = baseToken.comparePublicKey(tokenPubKey);
67190
+ const possibleNegative = rollingChanges[tokenPubKey] < 0n && checkRangeConstraints;
67191
+ if ((possibleNegative && checkRangeConstraints) || set || getFinalNumericValues || (isDelegating && computeWeights)) {
67192
+ prefetchPromises.push(getPreviousBalance(account, token));
67193
+ }
67194
+ if (computeWeights && isBaseToken && canDelegate(account.keyType) && !requestedRep) {
67195
+ requestedRep = true;
67196
+ prefetchPromises.push(getRep(account, getFinalNumericValues));
67197
+ }
66989
67198
  }
66990
67199
  }
66991
67200
  }
@@ -67080,28 +67289,54 @@ async function computeLedgerEffect(options, effects, storageProvider, network, t
67080
67289
  newEntry.change += change;
67081
67290
  supplies[tokenPubKey] = newEntry;
67082
67291
  };
67083
- for (const { account, fields } of Object.values(effects)) {
67084
- const accountPubKey = account.publicKeyString.get();
67292
+ for (const effect of Object.values(effects)) {
67293
+ const fields = effect.fields;
67085
67294
  for (const supplyChange of fields.supply ?? []) {
67086
- if (!account.isToken()) {
67295
+ if (effect.type !== 'ACCOUNT' || !effect.account.isToken()) {
67087
67296
  throw (new Error('Cannot modify supply of non-token account'));
67088
67297
  }
67089
- await modifySupply(account, supplyChange.value);
67298
+ await modifySupply(effect.account, supplyChange.value);
67090
67299
  }
67091
- let permissionUpdates = [];
67092
- if (computePermissions && fields.permissions) {
67093
- permissionUpdates = fields.permissions;
67094
- }
67095
- for (const permUpdate of permissionUpdates) {
67096
- if (!permUpdate.principal.comparePublicKey(account)) {
67097
- throw (new Error('permUpdate.principal should not differ current account'));
67300
+ for (const permUpdate of fields.permissions ?? []) {
67301
+ let principal;
67302
+ if (effect.type === 'ACCOUNT') {
67303
+ principal = effect.account;
67304
+ if (!account_1.default.isInstance(permUpdate.principal)) {
67305
+ throw (new Error('permUpdate.principal should be an account for ACCOUNT type effects'));
67306
+ }
67307
+ if (!permUpdate.principal.comparePublicKey(effect.account)) {
67308
+ throw (new Error('permUpdate.principal should not differ current account'));
67309
+ }
67310
+ }
67311
+ else {
67312
+ if (account_1.default.isInstance(permUpdate.principal)) {
67313
+ throw (new Error('permUpdate.principal should be a certificate for CERTIFICATE type effects'));
67314
+ }
67315
+ if (!permUpdate.principal.certificate.compareHexString(effect.certificateHash)) {
67316
+ throw (new Error('permUpdate.principal should not differ current certificate'));
67317
+ }
67318
+ principal = {
67319
+ usingCertificate: true,
67320
+ certificate: effect.certificateHash,
67321
+ certificateAccount: effect.certificateAccount
67322
+ };
67323
+ if (permUpdate.method === block_1.Block.AdjustMethod.ADD || permUpdate.method === block_1.Block.AdjustMethod.SET) {
67324
+ const certificate = await getCertificate(permUpdate.principal.certificate, permUpdate.principal.certificateAccount);
67325
+ if (!certificate) {
67326
+ throw (new ledger_1.KeetaNetLedgerError('LEDGER_CERTIFICATE_NOT_FOUND', `Certificate with hash ${permUpdate.principal.certificate.toString()} for account ${permUpdate.principal.certificateAccount.publicKeyString.get()} not found`));
67327
+ }
67328
+ }
67329
+ }
67330
+ // If not computing permissions, we only need to validate certificate existence
67331
+ if (!computePermissions) {
67332
+ continue;
67098
67333
  }
67099
67334
  if (permUpdate.method === block_1.Block.AdjustMethod.SET || permUpdate.permissions === null) {
67100
67335
  permissions.push(permUpdate);
67101
67336
  continue;
67102
67337
  }
67103
67338
  let newPermissions;
67104
- const previousEntry = findPermissionMatch(permUpdate, await getPermissions(account));
67339
+ const previousEntry = findPermissionMatch(permUpdate, await getPermissions(principal));
67105
67340
  const previousPermissions = previousEntry?.permissions ?? new permissions_1.Permissions();
67106
67341
  switch (permUpdate.method) {
67107
67342
  case block_1.Block.AdjustMethod.ADD:
@@ -67117,24 +67352,31 @@ async function computeLedgerEffect(options, effects, storageProvider, network, t
67117
67352
  permissions: newPermissions
67118
67353
  });
67119
67354
  }
67120
- const delegationField = effects[accountPubKey]?.fields.delegation;
67121
- const isDelegating = delegationField !== undefined;
67122
- if (isDelegating && canDelegate(account.keyType) && computeWeights) {
67123
- const currentDelegation = await getRep(account, getFinalNumericValues);
67124
- const previousBalance = await getPreviousBalance(account, baseToken);
67125
- await modifyWeight(delegationField.delegateTo, previousBalance);
67126
- if (currentDelegation) {
67127
- await modifyWeight(currentDelegation, -1n * previousBalance);
67355
+ let isDelegating;
67356
+ let delegationField;
67357
+ if (effect.type === 'ACCOUNT') {
67358
+ delegationField = effects[effect.account.publicKeyString.get()]?.fields.delegation;
67359
+ isDelegating = delegationField !== undefined;
67360
+ if (isDelegating && delegationField && canDelegate(effect.account.keyType) && computeWeights) {
67361
+ const currentDelegation = await getRep(effect.account, getFinalNumericValues);
67362
+ const previousBalance = await getPreviousBalance(effect.account, baseToken);
67363
+ await modifyWeight(delegationField.delegateTo, previousBalance);
67364
+ if (currentDelegation) {
67365
+ await modifyWeight(currentDelegation, -1n * previousBalance);
67366
+ }
67128
67367
  }
67129
67368
  }
67130
67369
  const receivable = {};
67131
67370
  for (const tokenPubKey in fields.balance ?? {}) {
67132
67371
  const tokenAcct = account_1.default.fromPublicKeyString(tokenPubKey).assertKeyType(account_1.AccountKeyAlgorithm.TOKEN);
67133
67372
  for (const balanceUpdate of (fields.balance ?? {})[tokenPubKey]) {
67373
+ if (effect.type !== 'ACCOUNT') {
67374
+ throw (new Error('Only accounts can have balance changes'));
67375
+ }
67134
67376
  const { isReceive, value, otherAccount } = balanceUpdate;
67135
67377
  if (isReceive) {
67136
67378
  const receiveFromPubKey = otherAccount.publicKeyString.get();
67137
- const previousEntry = getBalanceEntry(account, tokenAcct);
67379
+ const previousEntry = getBalanceEntry(effect.account, tokenAcct);
67138
67380
  if (previousEntry.receiveValidated === false) {
67139
67381
  continue;
67140
67382
  }
@@ -67152,16 +67394,16 @@ async function computeLedgerEffect(options, effects, storageProvider, network, t
67152
67394
  else {
67153
67395
  receiveValid = value <= receivableAmount;
67154
67396
  }
67155
- balances[accountPubKey][tokenPubKey].receiveValidated = receiveValid;
67397
+ balances[effect.account.publicKeyString.get()][tokenPubKey].receiveValidated = receiveValid;
67156
67398
  continue;
67157
67399
  }
67158
67400
  let balanceChange;
67159
67401
  if (balanceUpdate.set) {
67160
- balanceChange = await modifyBalance(account, tokenAcct, value, true);
67402
+ balanceChange = await modifyBalance(effect.account, tokenAcct, value, true);
67161
67403
  await modifyBalance(tokenAcct, tokenAcct, -1n * balanceChange, false);
67162
67404
  }
67163
67405
  else {
67164
- balanceChange = await modifyBalance(account, tokenAcct, value, false);
67406
+ balanceChange = await modifyBalance(effect.account, tokenAcct, value, false);
67165
67407
  }
67166
67408
  if (balanceUpdate.receivable) {
67167
67409
  const otherAccountPubKey = otherAccount.publicKeyString.get();
@@ -67173,12 +67415,15 @@ async function computeLedgerEffect(options, effects, storageProvider, network, t
67173
67415
  receivable[otherAccountPubKey][tokenPubKey] += balanceChange;
67174
67416
  }
67175
67417
  const isBaseToken = baseToken.comparePublicKey(tokenAcct);
67176
- if (isBaseToken && canDelegate(account.keyType) && computeWeights) {
67418
+ if (isBaseToken && canDelegate(effect.account.keyType) && computeWeights) {
67177
67419
  if (isDelegating) {
67420
+ if (!delegationField) {
67421
+ throw (new Error('delegationField should be defined if isDelegating is true'));
67422
+ }
67178
67423
  await modifyWeight(delegationField.delegateTo, balanceChange);
67179
67424
  }
67180
67425
  else {
67181
- const currentRep = await getRep(account);
67426
+ const currentRep = await getRep(effect.account);
67182
67427
  if (currentRep) {
67183
67428
  await modifyWeight(currentRep, balanceChange);
67184
67429
  }
@@ -67610,33 +67855,47 @@ function addOrCombineRequirements(existing, addition, alwaysCombine) {
67610
67855
  resp.push(addition);
67611
67856
  return (resp);
67612
67857
  }
67613
- function addPermission(state, addition) {
67614
- const principalPubKey = addition.principal.publicKeyString.get();
67615
- if (state.accounts[principalPubKey] === undefined) {
67616
- state.accounts[principalPubKey] = {
67858
+ function touchStateFields(state, toTouch) {
67859
+ let entityKey;
67860
+ let defaultValue;
67861
+ if (account_1.default.isInstance(toTouch)) {
67862
+ entityKey = toTouch.publicKeyString.get();
67863
+ defaultValue = {
67864
+ type: 'ACCOUNT',
67865
+ fields: {},
67866
+ account: toTouch
67867
+ };
67868
+ }
67869
+ else if (toTouch.usingCertificate) {
67870
+ entityKey = `${toTouch.certificate.toString()}:${toTouch.certificateAccount.publicKeyString.get()}`;
67871
+ defaultValue = {
67872
+ type: 'CERTIFICATE',
67617
67873
  fields: {},
67618
- account: account_1.default.fromPublicKeyString(principalPubKey)
67874
+ certificateHash: toTouch.certificate,
67875
+ certificateAccount: toTouch.certificateAccount
67619
67876
  };
67620
67877
  }
67621
- if (state.accounts[principalPubKey].fields === undefined) {
67622
- state.accounts[principalPubKey].fields = {};
67878
+ else {
67879
+ throw (new Error('Invalid principal type in touchStateFields'));
67623
67880
  }
67624
- if (state.accounts[principalPubKey].fields.permissions === undefined) {
67625
- state.accounts[principalPubKey].fields.permissions = [];
67881
+ let value = state.accounts[entityKey];
67882
+ if (value === undefined) {
67883
+ state.accounts[entityKey] = defaultValue;
67884
+ value = state.accounts[entityKey];
67626
67885
  }
67627
- const existing = state.accounts[principalPubKey].fields.permissions || [];
67628
- state.accounts[principalPubKey].fields.permissions = addOrCombineRequirements(existing, addition);
67886
+ return ({ value, entityKey });
67629
67887
  }
67630
- function addPermissionRequirement(state, requirement) {
67631
- const principalPubKey = requirement.principal.publicKeyString.get();
67632
- const entityPubKey = requirement.entity.publicKeyString.get();
67633
- if (state.accounts[principalPubKey] === undefined) {
67634
- state.accounts[principalPubKey] = {
67635
- account: requirement.principal,
67636
- fields: {}
67637
- };
67888
+ function addPermission(state, addition) {
67889
+ const { value } = touchStateFields(state, addition.principal);
67890
+ if (value.fields.permissions === undefined) {
67891
+ value.fields.permissions = [];
67638
67892
  }
67639
- const alreadyAdded = state.accounts[principalPubKey].fields.permissions ?? [];
67893
+ const existing = value.fields.permissions || [];
67894
+ value.fields.permissions = addOrCombineRequirements(existing, addition);
67895
+ }
67896
+ function addPermissionRequirement(state, requirement) {
67897
+ const { value: principalFields } = touchStateFields(state, requirement.principal);
67898
+ const alreadyAdded = principalFields.fields.permissions ?? [];
67640
67899
  const foundAddedMatch = alreadyAdded.find(function ({ permissions }) {
67641
67900
  if (requirement.permissions === null) {
67642
67901
  return (true);
@@ -67646,6 +67905,7 @@ function addPermissionRequirement(state, requirement) {
67646
67905
  if (foundAddedMatch !== undefined) {
67647
67906
  return;
67648
67907
  }
67908
+ const entityPubKey = requirement.entity.publicKeyString.get();
67649
67909
  if (state.accounts[entityPubKey] !== undefined) {
67650
67910
  const entityInfo = state.accounts[entityPubKey].fields.info;
67651
67911
  if (entityInfo !== undefined && 'defaultPermission' in entityInfo) {
@@ -67657,13 +67917,14 @@ function addPermissionRequirement(state, requirement) {
67657
67917
  }
67658
67918
  }
67659
67919
  }
67660
- const existing = state.accounts[principalPubKey].fields.permissionRequirements ?? [];
67661
- state.accounts[principalPubKey].fields.permissionRequirements = addOrCombineRequirements(existing, requirement, true);
67920
+ const existing = principalFields.fields.permissionRequirements ?? [];
67921
+ principalFields.fields.permissionRequirements = addOrCombineRequirements(existing, requirement, true);
67662
67922
  }
67663
67923
  function updateMinSignerSetLength(state, multisigAccount, count) {
67664
67924
  const multisigPublicKey = multisigAccount.publicKeyString.get();
67665
67925
  if (state.accounts[multisigPublicKey] === undefined) {
67666
67926
  state.accounts[multisigPublicKey] = {
67927
+ type: 'ACCOUNT',
67667
67928
  account: multisigAccount,
67668
67929
  fields: {}
67669
67930
  };
@@ -67679,6 +67940,7 @@ function modifyBalanceInState(balanceState) {
67679
67940
  const tokenPubKey = token.publicKeyString.get();
67680
67941
  if (state.accounts[accountPubKey] === undefined) {
67681
67942
  state.accounts[accountPubKey] = {
67943
+ type: 'ACCOUNT',
67682
67944
  account: account_1.default.fromPublicKeyString(accountPubKey),
67683
67945
  fields: {}
67684
67946
  };
@@ -67745,6 +68007,7 @@ function updateAccountInfoInState(state, account, info) {
67745
68007
  }
67746
68008
  if (!state.accounts[accountPubKey]) {
67747
68009
  state.accounts[accountPubKey] = {
68010
+ type: 'ACCOUNT',
67748
68011
  account: account,
67749
68012
  fields: {}
67750
68013
  };
@@ -67892,6 +68155,7 @@ function computeEffectOfOperationCREATE_IDENTIFIER(state, block, operation, cont
67892
68155
  for (const multisigSigner of operation.createArguments.signers) {
67893
68156
  state.possibleNewAccounts.add(multisigSigner);
67894
68157
  addPermission(state, {
68158
+ principalType: 'ACCOUNT',
67895
68159
  principal: multisigSigner,
67896
68160
  entity: operation.identifier,
67897
68161
  method: block_1.Block.AdjustMethod.SET,
@@ -67901,6 +68165,7 @@ function computeEffectOfOperationCREATE_IDENTIFIER(state, block, operation, cont
67901
68165
  }
67902
68166
  else {
67903
68167
  addPermission(state, {
68168
+ principalType: 'ACCOUNT',
67904
68169
  principal: block.account,
67905
68170
  entity: operation.identifier,
67906
68171
  method: block_1.Block.AdjustMethod.SET,
@@ -67917,17 +68182,45 @@ function computeEffectOfOperationSET_INFO(state, block, operation) {
67917
68182
  });
67918
68183
  }
67919
68184
  function computeEffectOfOperationMODIFY_PERMISSIONS(state, block, operation) {
67920
- state.possibleNewAccounts.add(operation.principal);
68185
+ if (account_1.default.isInstance(operation.principal)) {
68186
+ state.possibleNewAccounts.add(operation.principal);
68187
+ }
68188
+ else if (operation.principal.usingCertificate) {
68189
+ state.possibleNewAccounts.add(operation.principal.certificateAccount);
68190
+ }
68191
+ else {
68192
+ throw (new Error('Invalid principal in MODIFY_PERMISSIONS operation'));
68193
+ }
67921
68194
  if (operation.target) {
67922
68195
  state.possibleNewAccounts.add(operation.target);
67923
68196
  }
67924
- addPermission(state, {
67925
- principal: operation.principal,
68197
+ const shared = {
67926
68198
  entity: block.account,
67927
68199
  permissions: operation.permissions,
67928
68200
  method: operation.method,
67929
68201
  target: operation.target
67930
- });
68202
+ };
68203
+ if (account_1.default.isInstance(operation.principal)) {
68204
+ addPermission(state, {
68205
+ principalType: 'ACCOUNT',
68206
+ principal: operation.principal,
68207
+ ...shared
68208
+ });
68209
+ }
68210
+ else if (operation.principal.usingCertificate) {
68211
+ addPermission(state, {
68212
+ principalType: 'CERTIFICATE',
68213
+ principal: {
68214
+ usingCertificate: true,
68215
+ certificate: operation.principal.certificateHash,
68216
+ certificateAccount: operation.principal.certificateAccount
68217
+ },
68218
+ ...shared
68219
+ });
68220
+ }
68221
+ else {
68222
+ throw (new Error('Invalid principal in MODIFY_PERMISSIONS operation'));
68223
+ }
67931
68224
  }
67932
68225
  function computeEffectOfOperationTOKEN_ADMIN_SUPPLY(state, block, operation) {
67933
68226
  const tokenPubKey = block.account.publicKeyString.get();
@@ -68007,15 +68300,23 @@ function computeEffectOfOperationMANAGE_CERTIFICATE(state, block, operation, con
68007
68300
  const operationHandlers = {
68008
68301
  [block_1.Block.OperationType.SEND]: {
68009
68302
  effectGenerator: computeEffectOfOperationSEND,
68010
- accountPermissionACL: (block, operation, context) => {
68011
- const baseEffect = {
68012
- entity: operation.token || context.ledger.baseToken
68013
- };
68303
+ accountPermissionACL: (block, operation) => {
68304
+ // Require both the sender and the recipient to have ['ACCESS'] on the token
68305
+ const baseEffect = [
68306
+ {
68307
+ principal: block.account,
68308
+ entity: operation.token
68309
+ },
68310
+ {
68311
+ principal: operation.to,
68312
+ entity: operation.token
68313
+ }
68314
+ ];
68014
68315
  if (operation.to.keyType !== account_1.AccountKeyAlgorithm.STORAGE) {
68015
68316
  return (baseEffect);
68016
68317
  }
68017
68318
  return ([
68018
- baseEffect,
68319
+ ...baseEffect,
68019
68320
  // Require that the token identifier was granted access by storage account for it to be able to hold
68020
68321
  {
68021
68322
  entity: operation.to,
@@ -68109,9 +68410,17 @@ const operationHandlers = {
68109
68410
  delegateMethodNeeded = 'PERMISSION_DELEGATE_ADD';
68110
68411
  break;
68111
68412
  }
68413
+ let target;
68414
+ if (account_1.default.isInstance(operation.principal)) {
68415
+ target = operation.principal;
68416
+ }
68417
+ else {
68418
+ // Currently, we do not have a way to specify a target for certificate principals, so we will not include a target in this case
68419
+ target = undefined;
68420
+ }
68112
68421
  necessary.push({
68113
68422
  permissions: new permissions_1.Permissions([delegateMethodNeeded]),
68114
- target: operation.principal
68423
+ target: target
68115
68424
  });
68116
68425
  return (necessary);
68117
68426
  }
@@ -68250,6 +68559,7 @@ function computeEffectOfBlocks(blocks, ledger) {
68250
68559
  }
68251
68560
  if (accumulatedEffects.accounts[blockAccountPubKey] === undefined) {
68252
68561
  accumulatedEffects.accounts[blockAccountPubKey] = {
68562
+ type: 'ACCOUNT',
68253
68563
  account: block.account,
68254
68564
  fields: {}
68255
68565
  };
@@ -68306,6 +68616,9 @@ function computeEffectOfBlocks(blocks, ledger) {
68306
68616
  }
68307
68617
  }
68308
68618
  for (const effect of Object.values(accumulatedEffects.accounts)) {
68619
+ if (effect.type !== 'ACCOUNT') {
68620
+ continue;
68621
+ }
68309
68622
  accumulatedEffects.touched.add(effect.account);
68310
68623
  if (effect.fields.balance) {
68311
68624
  let hasDebit = false;
@@ -68414,7 +68727,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
68414
68727
  var __importDefault = (this && this.__importDefault) || function (mod) {
68415
68728
  return (mod && mod.__esModule) ? mod : { "default": mod };
68416
68729
  };
68417
- var _LedgerAtomicInterface_instances, _LedgerAtomicInterface_network, _LedgerAtomicInterface_subnet, _LedgerAtomicInterface_kind, _LedgerAtomicInterface_privateKey, _LedgerAtomicInterface_computeFeeFromBlocks, _LedgerAtomicInterface_storage, _LedgerAtomicInterface_ledger, _LedgerAtomicInterface_cache, _LedgerAtomicInterface_operations, _LedgerAtomicInterface_transaction, _LedgerAtomicInterface_assertTransaction, _LedgerAtomicInterface_validateVotingWeight, _LedgerAtomicInterface_listAccountInfo, _LedgerAtomicInterface_checkSingleAccountPermissions, _LedgerAtomicInterface_checkPermissionRequirements, _LedgerAtomicInterface_validateBlockOperations, _LedgerAtomicInterface_validateLedgerOutcome, _LedgerAtomicInterface_validateBlocksForVote, _LedgerAtomicInterface_voteOrQuoteWithFees, _Ledger_storage, _Ledger_config;
68730
+ var _LedgerAtomicInterface_instances, _LedgerAtomicInterface_network, _LedgerAtomicInterface_subnet, _LedgerAtomicInterface_kind, _LedgerAtomicInterface_privateKey, _LedgerAtomicInterface_computeFeeFromBlocks, _LedgerAtomicInterface_storage, _LedgerAtomicInterface_ledger, _LedgerAtomicInterface_cache, _LedgerAtomicInterface_operations, _LedgerAtomicInterface_transaction, _LedgerAtomicInterface_assertTransaction, _LedgerAtomicInterface_validateVotingWeight, _LedgerAtomicInterface_listAccountInfo, _LedgerAtomicInterface_fetchSatisfiedCertificateACLs, _LedgerAtomicInterface_checkSingleAccountPermissions, _LedgerAtomicInterface_checkPermissionRequirements, _LedgerAtomicInterface_validateBlockOperations, _LedgerAtomicInterface_validateLedgerOutcome, _LedgerAtomicInterface_validateBlocksForVote, _LedgerAtomicInterface_voteOrQuoteWithFees, _Ledger_storage, _Ledger_config;
68418
68731
  Object.defineProperty(exports, "__esModule", ({ value: true }));
68419
68732
  exports.Ledger = exports.LedgerStorageTransactionBase = exports.IdempotentKey = exports.LedgerKind = void 0;
68420
68733
  const vote_1 = __webpack_require__(1130);
@@ -68430,6 +68743,7 @@ const types_1 = __webpack_require__(5773);
68430
68743
  const conversion_1 = __webpack_require__(2360);
68431
68744
  const cache_1 = __importDefault(__webpack_require__(5834));
68432
68745
  const timing_1 = __webpack_require__(2895);
68746
+ const certificate_1 = __webpack_require__(5661);
68433
68747
  const operations_1 = __webpack_require__(2778);
68434
68748
  const stats_1 = __webpack_require__(2127);
68435
68749
  const buffer_1 = __webpack_require__(3310);
@@ -68974,9 +69288,9 @@ class LedgerAtomicInterface {
68974
69288
  const permissions = await __classPrivateFieldGet(this, _LedgerAtomicInterface_storage, "f").listACLsByPrincipal(transaction, principal, entityList);
68975
69289
  return (permissions);
68976
69290
  }
68977
- async listACLsByEntity(entity) {
69291
+ async listACLsByEntity(entity, options) {
68978
69292
  const transaction = __classPrivateFieldGet(this, _LedgerAtomicInterface_instances, "m", _LedgerAtomicInterface_assertTransaction).call(this);
68979
- const permissions = await __classPrivateFieldGet(this, _LedgerAtomicInterface_storage, "f").listACLsByEntity(transaction, entity);
69293
+ const permissions = await __classPrivateFieldGet(this, _LedgerAtomicInterface_storage, "f").listACLsByEntity(transaction, entity, options);
68980
69294
  return (permissions);
68981
69295
  }
68982
69296
  async votingPower(rep) {
@@ -69289,6 +69603,63 @@ _LedgerAtomicInterface_network = new WeakMap(), _LedgerAtomicInterface_subnet =
69289
69603
  });
69290
69604
  await Promise.all(permissionPromises);
69291
69605
  return (accountInfo);
69606
+ }, _LedgerAtomicInterface_fetchSatisfiedCertificateACLs = async function _LedgerAtomicInterface_fetchSatisfiedCertificateACLs(account, requirement) {
69607
+ const entityCertificateACLs = await this.listACLsByEntity(requirement.entity, { principalType: 'CERTIFICATE' });
69608
+ if (entityCertificateACLs.length === 0) {
69609
+ return (null);
69610
+ }
69611
+ const entityACLsWithValuesResponse = await Promise.all(entityCertificateACLs.map(async (acl) => {
69612
+ if (acl.principalType !== 'CERTIFICATE') {
69613
+ throw (new Error('Expected certificate ACL row'));
69614
+ }
69615
+ const certificate = await this.getAccountCertificateByHash(acl.principal.certificateAccount, acl.principal.certificate);
69616
+ if (certificate === null) {
69617
+ return (null);
69618
+ }
69619
+ return ({ acl, certificate });
69620
+ }));
69621
+ // XXX:TODO does this need to be paginated
69622
+ const userCertificates = await this.getAccountCertificates(account);
69623
+ const matchedCertificateACLs = [];
69624
+ for (const aclWithCertificate of entityACLsWithValuesResponse) {
69625
+ if (!aclWithCertificate) {
69626
+ continue;
69627
+ }
69628
+ const { certificate: aclCertificate, acl } = aclWithCertificate;
69629
+ const issuerCertificate = new certificate_1.Certificate(aclCertificate.certificate, {
69630
+ isTrustedRoot: true
69631
+ });
69632
+ if (!issuerCertificate.checkValid()) {
69633
+ continue;
69634
+ }
69635
+ for (const userCertificate of userCertificates) {
69636
+ if (!userCertificate.certificate.checkValid()) {
69637
+ continue;
69638
+ }
69639
+ const foundChain = userCertificate.certificate.verifyChain({
69640
+ root: new Set([issuerCertificate]),
69641
+ intermediate: new Set([
69642
+ ...aclCertificate.intermediates?.getCertificates() ?? [],
69643
+ ...userCertificate.intermediates?.getCertificates() ?? []
69644
+ ])
69645
+ });
69646
+ if (foundChain === null) {
69647
+ continue;
69648
+ }
69649
+ let foundRootInChain = false;
69650
+ for (const certInChain of foundChain) {
69651
+ if (certInChain.hash().compareHexString(issuerCertificate.hash())) {
69652
+ foundRootInChain = true;
69653
+ break;
69654
+ }
69655
+ }
69656
+ if (!foundRootInChain) {
69657
+ throw (new Error('Internal error: issuer certificate not found in verified chain'));
69658
+ }
69659
+ matchedCertificateACLs.push(acl);
69660
+ }
69661
+ }
69662
+ return (matchedCertificateACLs);
69292
69663
  }, _LedgerAtomicInterface_checkSingleAccountPermissions = async function _LedgerAtomicInterface_checkSingleAccountPermissions(account, requirements, accountInfos) {
69293
69664
  __classPrivateFieldGet(this, _LedgerAtomicInterface_instances, "m", _LedgerAtomicInterface_assertTransaction).call(this);
69294
69665
  // Remove duplicates in entity
@@ -69296,6 +69667,9 @@ _LedgerAtomicInterface_network = new WeakMap(), _LedgerAtomicInterface_subnet =
69296
69667
  const entityAccounts = new account_1.default.Set(unfilteredEntity).toArray();
69297
69668
  const gotPermissions = await this.listACLsByPrincipal(account, entityAccounts);
69298
69669
  for (const requirement of requirements) {
69670
+ if (!requirement.permissions) {
69671
+ throw (new Error('Unexpected null permissions in requirement'));
69672
+ }
69299
69673
  const reqEntityKey = requirement.entity.publicKeyString.get();
69300
69674
  const foundACLRow = (0, common_1.findPermissionMatch)(requirement, gotPermissions);
69301
69675
  const foundAccountInfo = accountInfos[reqEntityKey];
@@ -69309,10 +69683,19 @@ _LedgerAtomicInterface_network = new WeakMap(), _LedgerAtomicInterface_subnet =
69309
69683
  else {
69310
69684
  foundPermission = new permissions_1.Permissions();
69311
69685
  }
69312
- if (requirement.permissions === null) {
69313
- continue;
69686
+ let hasPermissions = foundPermission.has(requirement.permissions);
69687
+ if (!hasPermissions && account.isAccount()) {
69688
+ const found = await __classPrivateFieldGet(this, _LedgerAtomicInterface_instances, "m", _LedgerAtomicInterface_fetchSatisfiedCertificateACLs).call(this, account, requirement);
69689
+ if (found) {
69690
+ for (const row of found) {
69691
+ const certificateRowHasPermissions = row.permissions.has(requirement.permissions);
69692
+ if (certificateRowHasPermissions) {
69693
+ hasPermissions = true;
69694
+ break;
69695
+ }
69696
+ }
69697
+ }
69314
69698
  }
69315
- const hasPermissions = foundPermission.has(requirement.permissions);
69316
69699
  if (!hasPermissions) {
69317
69700
  const accountPubKey = account.publicKeyString.get();
69318
69701
  const baseFlagsStr = requirement.permissions.base.flags.join(', ');
@@ -69328,15 +69711,19 @@ _LedgerAtomicInterface_network = new WeakMap(), _LedgerAtomicInterface_subnet =
69328
69711
  const needToGetAccountInfoFor = new account_1.default.Set();
69329
69712
  const allAccountsChanges = Object.values(effects);
69330
69713
  const foundMultisigSignerLengths = [];
69331
- for (const { account, fields } of allAccountsChanges) {
69332
- if (account.isMultisig()) {
69714
+ for (const accountChanges of allAccountsChanges) {
69715
+ const { fields } = accountChanges;
69716
+ if (accountChanges.type === 'ACCOUNT' && accountChanges.account.isMultisig()) {
69333
69717
  if (fields.minSignerSetLength !== undefined) {
69334
- needToGetAccountInfoFor.add(account);
69335
- foundMultisigSignerLengths.push([account, fields.minSignerSetLength]);
69718
+ needToGetAccountInfoFor.add(accountChanges.account);
69719
+ foundMultisigSignerLengths.push([accountChanges.account, fields.minSignerSetLength]);
69336
69720
  }
69337
69721
  }
69338
69722
  for (const singleRequirement of fields.permissionRequirements ?? []) {
69339
69723
  const principal = singleRequirement.principal;
69724
+ if (!account_1.default.isInstance(principal)) {
69725
+ throw (new Error('Principal in permission requirement is not an account'));
69726
+ }
69340
69727
  const principalPubKey = principal.publicKeyString.get();
69341
69728
  if (!requirementsByPrincipal[principalPubKey]) {
69342
69729
  requirementsByPrincipal[principalPubKey] = [];
@@ -69462,6 +69849,9 @@ async function _LedgerAtomicInterface_validateLedgerOutcome(blocks) {
69462
69849
  }
69463
69850
  }
69464
69851
  for (const accountChanges of allAccountsChanges) {
69852
+ if (accountChanges.type === 'CERTIFICATE') {
69853
+ continue;
69854
+ }
69465
69855
  const { account, fields = {} } = accountChanges;
69466
69856
  /**
69467
69857
  * Newly created identifiers automatically grant the creator ownership.
@@ -69475,6 +69865,10 @@ async function _LedgerAtomicInterface_validateLedgerOutcome(blocks) {
69475
69865
  */
69476
69866
  const addedPermissions = fields.permissions ?? [];
69477
69867
  for (const newPerm of addedPermissions) {
69868
+ // We only care about permissions that include ownership, and non-accounts (ex: certificate principals) cannot be owners
69869
+ if (newPerm.principalType === 'CERTIFICATE') {
69870
+ continue;
69871
+ }
69478
69872
  let method = 'ADD';
69479
69873
  if (newPerm.permissions === null || !newPerm.permissions.has(['OWNER'])) {
69480
69874
  method = 'REMOVE';
@@ -69993,7 +70387,7 @@ exports["default"] = Ledger;
69993
70387
  /***/ }),
69994
70388
 
69995
70389
  /***/ 5773:
69996
- /***/ ((__unused_webpack_module, exports) => {
70390
+ /***/ ((__unused_webpack_module, exports, __webpack_require__) => {
69997
70391
 
69998
70392
  "use strict";
69999
70393
 
@@ -70001,6 +70395,10 @@ Object.defineProperty(exports, "__esModule", ({ value: true }));
70001
70395
  exports.isIdentifierAccountInfo = isIdentifierAccountInfo;
70002
70396
  exports.isKeyPairAccountInfo = isKeyPairAccountInfo;
70003
70397
  exports.isAccountInfoOfType = isAccountInfoOfType;
70398
+ exports.isACLPrincipalType = isACLPrincipalType;
70399
+ exports.assertACLPrincipalType = assertACLPrincipalType;
70400
+ exports.asACLPrincipalType = asACLPrincipalType;
70401
+ const ledger_1 = __webpack_require__(452);
70004
70402
  function isIdentifierAccountInfo(info) {
70005
70403
  return (info.account.isIdentifier());
70006
70404
  }
@@ -70010,6 +70408,20 @@ function isKeyPairAccountInfo(info) {
70010
70408
  function isAccountInfoOfType(info, type) {
70011
70409
  return (info.account.isKeyType(type));
70012
70410
  }
70411
+ const aclPrincipalType = ['ACCOUNT', 'CERTIFICATE'];
70412
+ function isACLPrincipalType(type) {
70413
+ // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
70414
+ return (aclPrincipalType.includes(type));
70415
+ }
70416
+ function assertACLPrincipalType(type) {
70417
+ if (!isACLPrincipalType(type)) {
70418
+ throw (new ledger_1.KeetaNetLedgerError('LEDGER_INVALID_ACL_ROW_TYPE', `Invalid ACL Row Type: ${type}`));
70419
+ }
70420
+ }
70421
+ function asACLPrincipalType(type) {
70422
+ assertACLPrincipalType(type);
70423
+ return (type);
70424
+ }
70013
70425
 
70014
70426
 
70015
70427
  /***/ }),
@@ -76244,7 +76656,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
76244
76656
  var __importDefault = (this && this.__importDefault) || function (mod) {
76245
76657
  return (mod && mod.__esModule) ? mod : { "default": mod };
76246
76658
  };
76247
- var _CertificateBuilder_params, _CertificateBuilder_caPathLen, _CertificateBundle_raw, _CertificateBundle_contents, _Certificate_instances, _Certificate_raw, _Certificate_hash, _Certificate_extensionsRaw, _Certificate_extensionsProcessed, _Certificate_finalizeConstructionCalled, _Certificate_isSelfSigned, _Certificate_processExtensionsInternal, _Certificate_processBaseExtensions, _Certificate_parseKeyUsage, _Certificate_processBaseExtension, _Certificate_assertAllCriticalExtensionsProcessed, _Certificate_checkValid, _Certificate_checkIssued;
76659
+ var _CertificateBuilder_params, _CertificateBuilder_caPathLen, _CertificateBundle_raw, _CertificateBundle_contents, _Certificate_instances, _Certificate_raw, _Certificate_hash, _Certificate_extensionsRaw, _Certificate_extensionsProcessed, _Certificate_finalizeConstructionCalled, _Certificate_isSelfSigned, _Certificate_processExtensionsInternal, _Certificate_processBaseExtensions, _Certificate_parseKeyUsage, _Certificate_processBaseExtension, _Certificate_assertAllCriticalExtensionsProcessed, _Certificate_checkValid, _Certificate_checkIssued, _Certificate_computeHash;
76248
76660
  Object.defineProperty(exports, "__esModule", ({ value: true }));
76249
76661
  exports.Certificate = exports.CertificateBundle = exports.CertificateHash = exports.CertificateBuilder = void 0;
76250
76662
  const ASN1 = __importStar(__webpack_require__(6045));
@@ -77224,7 +77636,18 @@ class Certificate {
77224
77636
  }
77225
77637
  }
77226
77638
  }
77227
- verifyChain(store, _ignore_seenCerts /* XXX:TODO */) {
77639
+ verifyChain(store, seenHashes = new CertificateHash.Set()) {
77640
+ /**
77641
+ * Loop detection: reject any certificate already on the current
77642
+ * verification path, per RFC 4158 Section 2.4.1 (no certificate may
77643
+ * repeat in a path) and Section 5.2 (detection guidance).
77644
+ *
77645
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc4158#section-5.2 RFC 4158 Section 5.2}
77646
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc4158#section-2.4.1 RFC 4158 Section 2.4.1}
77647
+ */
77648
+ if (seenHashes.has(__classPrivateFieldGet(this, _Certificate_instances, "m", _Certificate_computeHash).call(this))) {
77649
+ return (null);
77650
+ }
77228
77651
  /*
77229
77652
  * Check to see if the certificate is signed by any of the Root CAs
77230
77653
  */
@@ -77255,6 +77678,8 @@ class Certificate {
77255
77678
  * Check to see if the certificate is signed by any of the specified intermediates
77256
77679
  */
77257
77680
  if (store.intermediate !== undefined) {
77681
+ const nextSeen = new CertificateHash.Set(seenHashes);
77682
+ nextSeen.add(__classPrivateFieldGet(this, _Certificate_instances, "m", _Certificate_computeHash).call(this));
77258
77683
  store.intermediate.forEach((intermediateCertificate) => {
77259
77684
  if (retval !== null) {
77260
77685
  return;
@@ -77262,7 +77687,7 @@ class Certificate {
77262
77687
  const checkIssued = __classPrivateFieldGet(this, _Certificate_instances, "m", _Certificate_checkIssued).call(this, intermediateCertificate);
77263
77688
  if (checkIssued.issued) {
77264
77689
  if (intermediateCertificate.checkValid(this.moment)) {
77265
- const moreChain = intermediateCertificate.verifyChain(store, undefined /* seenCerts XXX:TODO */);
77690
+ const moreChain = intermediateCertificate.verifyChain(store, nextSeen);
77266
77691
  if (moreChain !== null) {
77267
77692
  const checkRetval = [...moreChain, intermediateCertificate];
77268
77693
  const validChain = Certificate.verifyChainDepth([...checkRetval, this]);
@@ -77418,10 +77843,7 @@ class Certificate {
77418
77843
  */
77419
77844
  hash() {
77420
77845
  this.assertConstructed();
77421
- if (!__classPrivateFieldGet(this, _Certificate_hash, "f")) {
77422
- __classPrivateFieldSet(this, _Certificate_hash, CertificateHash.fromData(Buffer.from(__classPrivateFieldGet(this, _Certificate_raw, "f"))), "f");
77423
- }
77424
- return (__classPrivateFieldGet(this, _Certificate_hash, "f"));
77846
+ return (__classPrivateFieldGet(this, _Certificate_instances, "m", _Certificate_computeHash).call(this));
77425
77847
  }
77426
77848
  /**
77427
77849
  * Get a JSON representation of the certificate
@@ -77659,6 +78081,11 @@ _Certificate_raw = new WeakMap(), _Certificate_hash = new WeakMap(), _Certificat
77659
78081
  return ({ issued: false, reason: 'Signature verification failed' });
77660
78082
  }
77661
78083
  return ({ issued: true });
78084
+ }, _Certificate_computeHash = function _Certificate_computeHash() {
78085
+ if (!__classPrivateFieldGet(this, _Certificate_hash, "f")) {
78086
+ __classPrivateFieldSet(this, _Certificate_hash, CertificateHash.fromData(Buffer.from(__classPrivateFieldGet(this, _Certificate_raw, "f"))), "f");
78087
+ }
78088
+ return (__classPrivateFieldGet(this, _Certificate_hash, "f"));
77662
78089
  };
77663
78090
  /**
77664
78091
  * The Certificate Builder
@@ -80856,7 +81283,7 @@ exports.Testing = { findRDN, blockHashesFromVote, feeFromVote, hashDataSchema, f
80856
81283
 
80857
81284
  Object.defineProperty(exports, "__esModule", ({ value: true }));
80858
81285
  exports.version = void 0;
80859
- exports.version = '0.16.2+g2c1441eed2a1c71a895d0fb5166c431799b3d3ca';
81286
+ exports.version = '0.18.1+gae2caf00c1e19c6d232ff1a37b9fd8e7ea8a1ddc';
80860
81287
  exports["default"] = exports.version;
80861
81288
 
80862
81289