npm - @ledgerhq/device-trusted-app-kit-ledger-keyring-protocol - Versions diffs - 0.0.0-develop-20250904001204 → 0.0.0-e2e-speculos-20250904125723 - Mend

@ledgerhq/device-trusted-app-kit-ledger-keyring-protocol 0.0.0-develop-20250904001204 → 0.0.0-e2e-speculos-20250904125723

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (535) hide show

package/lib/esm/internal/app-binder/command/SignBlockSingleCommand.test.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{ApduResponse as d,isSuccessCommandResult as t}from"@ledgerhq/device-management-kit";import{describe as i,expect as s,it as c}from"vitest";import{SignBlockSingleCommand as m}from"./SignBlockSingleCommand";const a=Uint8Array.from([240,202,204,26]),l=Uint8Array.from([240,202,204,26]);i("SignBlockSingleCommand",()=>{i("getApdu()",()=>{c("should build the correct APDU for a given command",()=>{const o={command:a},e=new m(o).getApdu(),n=Uint8Array.from([224,7,1,0,a.length,...a]);s(e.getRawApdu()).toEqual(n)})}),i("parseResponse()",()=>{c("should return the raw TLV blob on success",()=>{const o={command:a},r=new m(o),e=new d({statusCode:Uint8Array.from([144,0]),data:l}),n=r.parseResponse(e);if(s(t(n)).toBe(!0),t(n)){const g=n.data;s(g).toEqual(l)}}),c("should map SW errors to CommandResult errors",()=>{const o={command:a},r=new m(o),e=new d({statusCode:Uint8Array.from([106,134]),data:new Uint8Array}),n=r.parseResponse(e);s(t(n)).toBe(!1),t(n)||s(n.error.errorCode).toBe("6a86")}),c("should return an empty Uint8Array if no data is returned",()=>{const o={command:a},r=new m(o),e=new d({statusCode:Uint8Array.from([144,0]),data:new Uint8Array}),n=r.parseResponse(e);s(t(n)).toBe(!0),t(n)&&s(n.data).toEqual(new Uint8Array)})})});
+import{ApduResponse as d,isSuccessCommandResult as t}from"@ledgerhq/device-management-kit";import{describe as i,expect as s,it as c}from"vitest";import{SignBlockSingleCommand as m}from"./SignBlockSingleCommand";const a=Uint8Array.from([240,202,204,26]),l=Uint8Array.from([240,202,204,26]);i("SignBlockSingleCommand",()=>{i("getApdu()",()=>{c("should build the correct APDU for a given command",()=>{const n={command:a},e=new m(n).getApdu(),o=Uint8Array.from([224,7,1,0,a.length,...a]);s(e.getRawApdu()).toEqual(o)})}),i("parseResponse()",()=>{c("should return the raw TLV blob on success",()=>{const n={command:a},r=new m(n),e=new d({statusCode:Uint8Array.from([144,0]),data:l}),o=r.parseResponse(e);if(s(t(o)).toBe(!0),t(o)){const g=o.data;s(g).toEqual(l)}}),c("should map SW errors to CommandResult errors",()=>{const n={command:a},r=new m(n),e=new d({statusCode:Uint8Array.from([106,134]),data:new Uint8Array}),o=r.parseResponse(e);s(t(o)).toBe(!1),t(o)||s(o.error.errorCode).toBe("6a86")}),c("should return an empty Uint8Array if no data is returned",()=>{const n={command:a},r=new m(n),e=new d({statusCode:Uint8Array.from([144,0]),data:new Uint8Array}),o=r.parseResponse(e);s(t(o)).toBe(!0),t(o)&&s(o.data).toEqual(new Uint8Array)})})});
 //# sourceMappingURL=SignBlockSingleCommand.test.js.map

package/lib/esm/internal/app-binder/command/SignBlockSingleCommand.test.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/command/SignBlockSingleCommand.test.ts"],
-  "sourcesContent": ["/* eslint-disable @typescript-eslint/no-unsafe-member-access */\n/* eslint-disable @typescript-eslint/no-explicit-any */\nimport {\n  ApduResponse,\n  isSuccessCommandResult,\n} from \"@ledgerhq/device-management-kit\";\nimport { describe, expect, it } from \"vitest\";\n\nimport {\n  SignBlockSingleCommand,\n  type SignBlockSingleCommandArgs,\n  type SignBlockSingleCommandResponse,\n} from \"./SignBlockSingleCommand\";\n\nconst COMMAND_BYTES = Uint8Array.from([0xf0, 0xca, 0xcc, 0x1a]);\nconst TLV_PAYLOAD = Uint8Array.from([0xf0, 0xca, 0xcc, 0x1a]);\n\ndescribe(\"SignBlockSingleCommand\", () => {\n  describe(\"getApdu()\", () => {\n    it(\"should build the correct APDU for a given command\", () => {\n      // given\n      const args: SignBlockSingleCommandArgs = { command: COMMAND_BYTES };\n      const cmd = new SignBlockSingleCommand(args);\n\n      // when\n      const apdu = cmd.getApdu();\n      const expected = Uint8Array.from([\n        0xe0,\n        0x07,\n        0x01,\n        0x00,\n        COMMAND_BYTES.length,\n        ...COMMAND_BYTES,\n      ]);\n\n      // then\n      expect(apdu.getRawApdu()).toEqual(expected);\n    });\n  });\n\n  describe(\"parseResponse()\", () => {\n    it(\"should return the raw TLV blob on success\", () => {\n      // given\n      const args: SignBlockSingleCommandArgs = { command: COMMAND_BYTES };\n      const cmd = new SignBlockSingleCommand(args);\n      const response = new ApduResponse({\n        statusCode: Uint8Array.from([0x90, 0x00]),\n        data: TLV_PAYLOAD,\n      });\n\n      // when\n      const result = cmd.parseResponse(response);\n\n      // then\n      expect(isSuccessCommandResult(result)).toBe(true);\n      if (isSuccessCommandResult(result)) {\n        const data: SignBlockSingleCommandResponse = result.data;\n        expect(data).toEqual(TLV_PAYLOAD);\n      }\n    });\n\n    it(\"should map SW errors to CommandResult errors\", () => {\n      // given\n      const args: SignBlockSingleCommandArgs = { command: COMMAND_BYTES };\n      const cmd = new SignBlockSingleCommand(args);\n      const response = new ApduResponse({\n        statusCode: Uint8Array.from([0x6a, 0x86]),\n        data: new Uint8Array(),\n      });\n\n      // when\n      const result = cmd.parseResponse(response);\n\n      // then\n      expect(isSuccessCommandResult(result)).toBe(false);\n      if (!isSuccessCommandResult(result)) {\n        expect((result.error as any).errorCode).toBe(\"6a86\");\n      }\n    });\n\n    it(\"should return an empty Uint8Array if no data is returned\", () => {\n      // given\n      const args: SignBlockSingleCommandArgs = { command: COMMAND_BYTES };\n      const cmd = new SignBlockSingleCommand(args);\n      const response = new ApduResponse({\n        statusCode: Uint8Array.from([0x90, 0x00]),\n        data: new Uint8Array(),\n      });\n\n      // when\n      const result = cmd.parseResponse(response);\n\n      // then\n      expect(isSuccessCommandResult(result)).toBe(true);\n      if (isSuccessCommandResult(result)) {\n        expect(result.data).toEqual(new Uint8Array());\n      }\n    });\n  });\n});\n"],
-  "mappings": "AAEA,OACE,gBAAAA,EACA,0BAAAC,MACK,kCACP,OAAS,YAAAC,EAAU,UAAAC,EAAQ,MAAAC,MAAU,SAErC,OACE,0BAAAC,MAGK,2BAEP,MAAMC,EAAgB,WAAW,KAAK,CAAC,IAAM,IAAM,IAAM,EAAI,CAAC,EACxDC,EAAc,WAAW,KAAK,CAAC,IAAM,IAAM,IAAM,EAAI,CAAC,EAE5DL,EAAS,yBAA0B,IAAM,CACvCA,EAAS,YAAa,IAAM,CAC1BE,EAAG,oDAAqD,IAAM,CAE5D,MAAMI,EAAmC,CAAE,QAASF,CAAc,EAI5DG,EAHM,IAAIJ,EAAuBG,CAAI,EAG1B,QAAQ,EACnBE,EAAW,WAAW,KAAK,CAC/B,IACA,EACA,EACA,EACAJ,EAAc,OACd,GAAGA,CACL,CAAC,EAGDH,EAAOM,EAAK,WAAW,CAAC,EAAE,QAAQC,CAAQ,CAC5C,CAAC,CACH,CAAC,EAEDR,EAAS,kBAAmB,IAAM,CAChCE,EAAG,4CAA6C,IAAM,CAEpD,MAAMI,EAAmC,CAAE,QAASF,CAAc,EAC5DK,EAAM,IAAIN,EAAuBG,CAAI,EACrCI,EAAW,IAAIZ,EAAa,CAChC,WAAY,WAAW,KAAK,CAAC,IAAM,CAAI,CAAC,EACxC,KAAMO,CACR,CAAC,EAGKM,EAASF,EAAI,cAAcC,CAAQ,EAIzC,GADAT,EAAOF,EAAuBY,CAAM,CAAC,EAAE,KAAK,EAAI,EAC5CZ,EAAuBY,CAAM,EAAG,CAClC,MAAMC,EAAuCD,EAAO,KACpDV,EAAOW,CAAI,EAAE,QAAQP,CAAW,CAClC,CACF,CAAC,EAEDH,EAAG,+CAAgD,IAAM,CAEvD,MAAMI,EAAmC,CAAE,QAASF,CAAc,EAC5DK,EAAM,IAAIN,EAAuBG,CAAI,EACrCI,EAAW,IAAIZ,EAAa,CAChC,WAAY,WAAW,KAAK,CAAC,IAAM,GAAI,CAAC,EACxC,KAAM,IAAI,UACZ,CAAC,EAGKa,EAASF,EAAI,cAAcC,CAAQ,EAGzCT,EAAOF,EAAuBY,CAAM,CAAC,EAAE,KAAK,EAAK,EAC5CZ,EAAuBY,CAAM,GAChCV,EAAQU,EAAO,MAAc,SAAS,EAAE,KAAK,MAAM,CAEvD,CAAC,EAEDT,EAAG,2DAA4D,IAAM,CAEnE,MAAMI,EAAmC,CAAE,QAASF,CAAc,EAC5DK,EAAM,IAAIN,EAAuBG,CAAI,EACrCI,EAAW,IAAIZ,EAAa,CAChC,WAAY,WAAW,KAAK,CAAC,IAAM,CAAI,CAAC,EACxC,KAAM,IAAI,UACZ,CAAC,EAGKa,EAASF,EAAI,cAAcC,CAAQ,EAGzCT,EAAOF,EAAuBY,CAAM,CAAC,EAAE,KAAK,EAAI,EAC5CZ,EAAuBY,CAAM,GAC/BV,EAAOU,EAAO,IAAI,EAAE,QAAQ,IAAI,UAAY,CAEhD,CAAC,CACH,CAAC,CACH,CAAC",
+  "sourcesContent": ["/* eslint-disable @typescript-eslint/no-unsafe-member-access */\n/* eslint-disable @typescript-eslint/no-explicit-any */\nimport {\n  ApduResponse,\n  isSuccessCommandResult,\n} from \"@ledgerhq/device-management-kit\";\nimport { describe, expect, it } from \"vitest\";\n\nimport {\n  type SignBlockSingleCommandArgs,\n  type SignBlockSingleCommandResponse,\n} from \"@api/app-binder/SignBlockSingleCommandTypes\";\n\nimport { SignBlockSingleCommand } from \"./SignBlockSingleCommand\";\n\nconst COMMAND_BYTES = Uint8Array.from([0xf0, 0xca, 0xcc, 0x1a]);\nconst TLV_PAYLOAD = Uint8Array.from([0xf0, 0xca, 0xcc, 0x1a]);\n\ndescribe(\"SignBlockSingleCommand\", () => {\n  describe(\"getApdu()\", () => {\n    it(\"should build the correct APDU for a given command\", () => {\n      // given\n      const args: SignBlockSingleCommandArgs = { command: COMMAND_BYTES };\n      const cmd = new SignBlockSingleCommand(args);\n\n      // when\n      const apdu = cmd.getApdu();\n      const expected = Uint8Array.from([\n        0xe0,\n        0x07,\n        0x01,\n        0x00,\n        COMMAND_BYTES.length,\n        ...COMMAND_BYTES,\n      ]);\n\n      // then\n      expect(apdu.getRawApdu()).toEqual(expected);\n    });\n  });\n\n  describe(\"parseResponse()\", () => {\n    it(\"should return the raw TLV blob on success\", () => {\n      // given\n      const args: SignBlockSingleCommandArgs = { command: COMMAND_BYTES };\n      const cmd = new SignBlockSingleCommand(args);\n      const response = new ApduResponse({\n        statusCode: Uint8Array.from([0x90, 0x00]),\n        data: TLV_PAYLOAD,\n      });\n\n      // when\n      const result = cmd.parseResponse(response);\n\n      // then\n      expect(isSuccessCommandResult(result)).toBe(true);\n      if (isSuccessCommandResult(result)) {\n        const data: SignBlockSingleCommandResponse = result.data;\n        expect(data).toEqual(TLV_PAYLOAD);\n      }\n    });\n\n    it(\"should map SW errors to CommandResult errors\", () => {\n      // given\n      const args: SignBlockSingleCommandArgs = { command: COMMAND_BYTES };\n      const cmd = new SignBlockSingleCommand(args);\n      const response = new ApduResponse({\n        statusCode: Uint8Array.from([0x6a, 0x86]),\n        data: new Uint8Array(),\n      });\n\n      // when\n      const result = cmd.parseResponse(response);\n\n      // then\n      expect(isSuccessCommandResult(result)).toBe(false);\n      if (!isSuccessCommandResult(result)) {\n        expect((result.error as any).errorCode).toBe(\"6a86\");\n      }\n    });\n\n    it(\"should return an empty Uint8Array if no data is returned\", () => {\n      // given\n      const args: SignBlockSingleCommandArgs = { command: COMMAND_BYTES };\n      const cmd = new SignBlockSingleCommand(args);\n      const response = new ApduResponse({\n        statusCode: Uint8Array.from([0x90, 0x00]),\n        data: new Uint8Array(),\n      });\n\n      // when\n      const result = cmd.parseResponse(response);\n\n      // then\n      expect(isSuccessCommandResult(result)).toBe(true);\n      if (isSuccessCommandResult(result)) {\n        expect(result.data).toEqual(new Uint8Array());\n      }\n    });\n  });\n});\n"],
+  "mappings": "AAEA,OACE,gBAAAA,EACA,0BAAAC,MACK,kCACP,OAAS,YAAAC,EAAU,UAAAC,EAAQ,MAAAC,MAAU,SAOrC,OAAS,0BAAAC,MAA8B,2BAEvC,MAAMC,EAAgB,WAAW,KAAK,CAAC,IAAM,IAAM,IAAM,EAAI,CAAC,EACxDC,EAAc,WAAW,KAAK,CAAC,IAAM,IAAM,IAAM,EAAI,CAAC,EAE5DL,EAAS,yBAA0B,IAAM,CACvCA,EAAS,YAAa,IAAM,CAC1BE,EAAG,oDAAqD,IAAM,CAE5D,MAAMI,EAAmC,CAAE,QAASF,CAAc,EAI5DG,EAHM,IAAIJ,EAAuBG,CAAI,EAG1B,QAAQ,EACnBE,EAAW,WAAW,KAAK,CAC/B,IACA,EACA,EACA,EACAJ,EAAc,OACd,GAAGA,CACL,CAAC,EAGDH,EAAOM,EAAK,WAAW,CAAC,EAAE,QAAQC,CAAQ,CAC5C,CAAC,CACH,CAAC,EAEDR,EAAS,kBAAmB,IAAM,CAChCE,EAAG,4CAA6C,IAAM,CAEpD,MAAMI,EAAmC,CAAE,QAASF,CAAc,EAC5DK,EAAM,IAAIN,EAAuBG,CAAI,EACrCI,EAAW,IAAIZ,EAAa,CAChC,WAAY,WAAW,KAAK,CAAC,IAAM,CAAI,CAAC,EACxC,KAAMO,CACR,CAAC,EAGKM,EAASF,EAAI,cAAcC,CAAQ,EAIzC,GADAT,EAAOF,EAAuBY,CAAM,CAAC,EAAE,KAAK,EAAI,EAC5CZ,EAAuBY,CAAM,EAAG,CAClC,MAAMC,EAAuCD,EAAO,KACpDV,EAAOW,CAAI,EAAE,QAAQP,CAAW,CAClC,CACF,CAAC,EAEDH,EAAG,+CAAgD,IAAM,CAEvD,MAAMI,EAAmC,CAAE,QAASF,CAAc,EAC5DK,EAAM,IAAIN,EAAuBG,CAAI,EACrCI,EAAW,IAAIZ,EAAa,CAChC,WAAY,WAAW,KAAK,CAAC,IAAM,GAAI,CAAC,EACxC,KAAM,IAAI,UACZ,CAAC,EAGKa,EAASF,EAAI,cAAcC,CAAQ,EAGzCT,EAAOF,EAAuBY,CAAM,CAAC,EAAE,KAAK,EAAK,EAC5CZ,EAAuBY,CAAM,GAChCV,EAAQU,EAAO,MAAc,SAAS,EAAE,KAAK,MAAM,CAEvD,CAAC,EAEDT,EAAG,2DAA4D,IAAM,CAEnE,MAAMI,EAAmC,CAAE,QAASF,CAAc,EAC5DK,EAAM,IAAIN,EAAuBG,CAAI,EACrCI,EAAW,IAAIZ,EAAa,CAChC,WAAY,WAAW,KAAK,CAAC,IAAM,CAAI,CAAC,EACxC,KAAM,IAAI,UACZ,CAAC,EAGKa,EAASF,EAAI,cAAcC,CAAQ,EAGzCT,EAAOF,EAAuBY,CAAM,CAAC,EAAE,KAAK,EAAI,EAC5CZ,EAAuBY,CAAM,GAC/BV,EAAOU,EAAO,IAAI,EAAE,QAAQ,IAAI,UAAY,CAEhD,CAAC,CACH,CAAC,CACH,CAAC",
   "names": ["ApduResponse", "isSuccessCommandResult", "describe", "expect", "it", "SignBlockSingleCommand", "COMMAND_BYTES", "TLV_PAYLOAD", "args", "apdu", "expected", "cmd", "response", "result", "data"]
 }

package/lib/esm/internal/app-binder/device-action/AddToTrustchainDeviceAction.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{hexaStringToBuffer as A,UserInteractionRequired as u,XStateDeviceAction as D}from"@ledgerhq/device-management-kit";import{EitherAsync as m,Left as T,Right as E}from"purify-ts";import{assign as p,fromPromise as h,setup as g}from"xstate";import{AddToTrustchainDAState as S,AddToTrustchaineDAStep as d}from"../../../api/app-binder/AddToTrustchainDeviceActionTypes";import{LKRPTrustchainNotReady as k,LKRPUnknownError as I}from"../../../api/model/Errors";import{InitTask as v}from"../../app-binder/task/InitTask";import{ParseStreamToDeviceTask as f}from"../../app-binder/task/ParseStreamToDeviceTask";import{SignBlockTask as b}from"../../app-binder/task/SignBlockTask";import{eitherSeqRecord as l}from"../../utils/eitherSeqRecord";import{required as s}from"../../utils/required";import{raiseAndAssign as c}from"./utils/raiseAndAssign";class U extends D{makeStateMachine(o){const{initCommand:i,parseStream:a,signBlock:y}=this.extractDependencies(o);return g({types:{input:{},context:{},output:{}},actors:{initCommand:h(i),parseStream:h(a),signBlock:h(y)},actions:{assignErrorFromEvent:c(({event:t})=>T(new I(String(t.error))))},guards:{isTustchainEmpty:({context:t})=>t.input.toMaybe().chain(e=>e.trustchain.getAppStream(e.appId)).chain(e=>e.parse().toMaybe()).map(e=>e.length===0).orDefault(!0)}}).createMachine({id:"AddToTrustchainDeviceAction",context:({input:t})=>({input:t,intermediateValue:{requiredUserInteraction:u.None},_internalState:E({sessionKeypair:null})}),initial:"InitSession",states:{InitSession:{entry:p({intermediateValue:{requiredUserInteraction:u.None,step:d.Initialize}}),on:{success:"ParseStream",error:"Error"},invoke:{id:"initCommand",src:"initCommand",input:({context:t})=>t.input.map(e=>e.cryptoService),onError:{actions:"assignErrorFromEvent"},onDone:{actions:c(({event:t})=>t.output.map(e=>({raise:"success",assign:{sessionKeypair:e}})))}}},ParseStream:{entry:p({intermediateValue:{requiredUserInteraction:u.None,step:d.ParseStream}}),on:{success:"CheckApplicationStreamExist",error:"Error"},invoke:{id:"parseStream",src:"parseStream",input:({context:t})=>t.input.chain(e=>l({seedBlock:()=>s(e.trustchain.getRootStream().chain(r=>r.parse().toMaybe()).extract()?.[0],"Missing seed block to parse"),applicationStream:()=>s(e.trustchain.getAppStream(e.appId).extract(),"Missing application stream to parse")})),onError:{actions:"assignErrorFromEvent"},onDone:{actions:c(({event:t})=>t.output.map(()=>({raise:"success"})))}}},CheckApplicationStreamExist:{always:[{target:"AddToNewStream",guard:"isTustchainEmpty"},{target:"AddToExistingStream"}]},AddToExistingStream:{entry:p({intermediateValue:{requiredUserInteraction:S.AddMember,step:d.AddMember}}),on:{success:"Success",error:"Error"},invoke:{id:"signBlock",src:"signBlock",input:({context:t})=>t.input.chain(e=>{const r=e.trustchain.getAppStream(e.appId);return l({cryptoService:e.cryptoService,lkrpDataSource:e.lkrpDataSource,trustchainId:e.trustchain.getId(),jwt:e.jwt,clientName:e.clientName,sessionKeypair:()=>t._internalState.chain(({sessionKeypair:n})=>s(n,"Missing session keypair")),path:()=>s(r.chain(n=>n.getPath()).extract(),"Missing application path"),parent:()=>s(r.chain(n=>n.parse().toMaybe()).chainNullable(n=>n.at(-1)?.hash()).chainNullable(A).extract(),"Missing parent block"),blockFlow:{type:"addMember",data:{name:e.clientName,publicKey:e.keypair.getPublicKey(),permissions:e.permissions}}})}),onError:{actions:"assignErrorFromEvent"},onDone:{actions:c(({event:t})=>t.output.map(()=>({raise:"success"})))}}},AddToNewStream:{entry:p({intermediateValue:{requiredUserInteraction:S.AddMember,step:d.AddMember}}),on:{success:"Success",error:"Error"},invoke:{id:"signBlock",src:"signBlock",input:({context:t})=>t.input.chain(e=>l({lkrpDataSource:e.lkrpDataSource,trustchainId:e.trustchain.getId(),jwt:e.jwt,clientName:e.clientName,sessionKeypair:()=>t._internalState.chain(({sessionKeypair:r})=>s(r,"Missing session keypair")),path:`m/0'/${e.appId}'/0'`,parent:()=>s(e.trustchain.getRootStream().chain(r=>r.parse().toMaybe()).chainNullable(r=>r[0]?.hash()).chainNullable(A).extract(),"Missing init block"),blockFlow:{type:"derive",data:{name:e.clientName,publicKey:e.keypair.getPublicKey(),permissions:e.permissions}}}).chain(()=>T(new k))),onError:{actions:"assignErrorFromEvent"},onDone:{actions:c(({event:t})=>t.output.map(()=>({raise:"success"})))}}},Success:{type:"final"},Error:{type:"final"}},output:({context:t})=>t._internalState.map(e=>{})})}extractDependencies(o){return{initCommand:async i=>m.liftEither(i.input).chain(a=>new v(o,a).run()).run(),parseStream:async i=>m.liftEither(i.input).chain(a=>new f(o).run(a)).run(),signBlock:i=>m.liftEither(i.input).chain(a=>new b(o,a.cryptoService).run(a)).run()}}}export{U as AddToTrustchainDeviceAction};
+import{hexaStringToBuffer as d,UnknownDAError as T,UserInteractionRequired as p,XStateDeviceAction as A}from"@ledgerhq/device-management-kit";import{EitherAsync as m,Left as y,Maybe as S,Right as D}from"purify-ts";import{assign as c,fromPromise as u,setup as E}from"xstate";import{InitTask as g}from"../../app-binder/task/InitTask";import{ParseStreamToDeviceTask as k}from"../../app-binder/task/ParseStreamToDeviceTask";import{SignBlockTask as I}from"../../app-binder/task/SignBlockTask";import{eitherSeqRecord as l}from"../../utils/eitherSeqRecord";import{required as a}from"../../utils/required";import{raiseAndAssign as o}from"./utils/raiseAndAssign";class C extends A{makeStateMachine(i){const{initCommand:n,parseStream:s,signBlock:h}=this.extractDependencies(i);return E({types:{input:{},context:{},output:{}},actors:{initCommand:u(n),parseStream:u(s),signBlock:u(h)},actions:{assignErrorFromEvent:o(({event:t})=>y(new T(String(t.error))))},guards:{isTustchainEmpty:({context:t})=>t.input.toMaybe().chain(e=>e.applicationStream.parse().toMaybe()).map(e=>e.length===0).orDefault(!0)}}).createMachine({id:"AddToTrustchainDeviceAction",context:({input:t})=>({input:t,intermediateValue:{requiredUserInteraction:p.None},_internalState:D({sessionKeypair:null})}),initial:"InitSession",states:{InitSession:{on:{success:"ParseStream",error:"Error"},invoke:{id:"initCommand",src:"initCommand",onError:{actions:"assignErrorFromEvent"},onDone:{actions:o(({event:t})=>t.output.map(e=>({raise:"success",assign:{sessionKeypair:e}})))}}},ParseStream:{on:{success:"CheckApplicationStreamExist",error:"Error"},invoke:{id:"parseStream",src:"parseStream",input:({context:t})=>t.input.chain(e=>a(e.trustchain?.["m/"],"Missing root stream").chain(r=>r.parse()).chain(r=>a(r[0],"Missing seed block")).map(r=>({seedBlock:r,applicationStream:e.applicationStream}))),onError:{actions:"assignErrorFromEvent"},onDone:{actions:o(({event:t})=>t.output.map(()=>({raise:"success"})))}}},CheckApplicationStreamExist:{always:[{target:"AddToNewStream",guard:"isTustchainEmpty"},{target:"AddToExistingStream"}]},AddToExistingStream:{on:{success:"Success",error:"Error"},entry:c({intermediateValue:{requiredUserInteraction:"add-ledger-sync"}}),exit:c({intermediateValue:{requiredUserInteraction:p.None}}),invoke:{id:"signBlock",src:"signBlock",input:({context:t})=>t.input.chain(e=>l({lkrpDataSource:e.lkrpDataSource,trustchainId:e.trustchainId,jwt:e.jwt,clientName:e.clientName,sessionKeypair:()=>t._internalState.chain(({sessionKeypair:r})=>a(r,"Missing session keypair")),path:()=>a(e.applicationStream.getPath().extract(),"Missing application path"),parent:()=>a(e.applicationStream.parse().toMaybe().chainNullable(r=>r.at(-1)?.hash()).chainNullable(d).extract(),"Missing parent block"),blockFlow:{type:"addMember",data:{name:e.clientName,publicKey:e.keypair.pubKeyToU8a(),permissions:e.permissions}}})),onError:{actions:"assignErrorFromEvent"},onDone:{actions:o(({event:t})=>t.output.map(()=>({raise:"success"})))}}},AddToNewStream:{on:{success:"Success",error:"Error"},entry:c({intermediateValue:{requiredUserInteraction:"add-ledger-sync"}}),exit:c({intermediateValue:{requiredUserInteraction:p.None}}),invoke:{id:"signBlock",src:"signBlock",input:({context:t})=>t.input.chain(e=>l({lkrpDataSource:e.lkrpDataSource,trustchainId:e.trustchainId,jwt:e.jwt,clientName:e.clientName,sessionKeypair:()=>t._internalState.chain(({sessionKeypair:r})=>a(r,"Missing session keypair")),path:()=>a(e.applicationStream.getPath().extract(),"Missing application path"),parent:()=>a(S.fromNullable(e.trustchain["m/"]).chain(r=>r.parse().toMaybe()).chainNullable(r=>r[0]?.hash()).chainNullable(d).extract(),"Missing init block"),blockFlow:{type:"derive",data:{name:e.clientName,publicKey:e.keypair.pubKeyToU8a(),permissions:e.permissions}}})),onError:{actions:"assignErrorFromEvent"},onDone:{actions:o(({event:t})=>t.output.map(()=>({raise:"success"})))}}},Success:{type:"final"},Error:{type:"final"}},output:({context:t})=>t._internalState.map(e=>{})})}extractDependencies(i){return{initCommand:()=>new g(i).run(),parseStream:async n=>m.liftEither(n.input).chain(s=>new k(i).run(s)).run(),signBlock:n=>m.liftEither(n.input).chain(s=>new I(i).run(s)).run()}}}export{C as AddToTrustchainDeviceAction};
 //# sourceMappingURL=AddToTrustchainDeviceAction.js.map

package/lib/esm/internal/app-binder/device-action/AddToTrustchainDeviceAction.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/device-action/AddToTrustchainDeviceAction.ts"],
-  "sourcesContent": ["import {\n  type DeviceActionStateMachine,\n  hexaStringToBuffer,\n  type InternalApi,\n  type StateMachineTypes,\n  UserInteractionRequired,\n  XStateDeviceAction,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Right } from \"purify-ts\";\nimport { assign, fromPromise, setup } from \"xstate\";\n\nimport {\n  type AddToTrustchainDAError,\n  type AddToTrustchainDAInput,\n  type AddToTrustchainDAIntermediateValue,\n  type AddToTrustchainDAInternalState,\n  type AddToTrustchainDAOutput,\n  AddToTrustchainDAState,\n  AddToTrustchaineDAStep,\n} from \"@api/app-binder/AddToTrustchainDeviceActionTypes\";\nimport { type CryptoService } from \"@api/crypto/CryptoService\";\nimport { type KeyPair } from \"@api/crypto/KeyPair\";\nimport { LKRPTrustchainNotReady, LKRPUnknownError } from \"@api/model/Errors\";\nimport { InitTask } from \"@internal/app-binder/task/InitTask\";\nimport {\n  ParseStreamToDeviceTask,\n  type ParseStreamToDeviceTaskInput,\n} from \"@internal/app-binder/task/ParseStreamToDeviceTask\";\nimport {\n  SignBlockTask,\n  type SignBlockTaskInput,\n} from \"@internal/app-binder/task/SignBlockTask\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { required } from \"@internal/utils/required\";\n\nimport { raiseAndAssign } from \"./utils/raiseAndAssign\";\n\nexport class AddToTrustchainDeviceAction extends XStateDeviceAction<\n  AddToTrustchainDAOutput,\n  AddToTrustchainDAInput,\n  AddToTrustchainDAError,\n  AddToTrustchainDAIntermediateValue,\n  AddToTrustchainDAInternalState\n> {\n  makeStateMachine(\n    internalApi: InternalApi,\n  ): DeviceActionStateMachine<\n    AddToTrustchainDAOutput,\n    AddToTrustchainDAInput,\n    AddToTrustchainDAError,\n    AddToTrustchainDAIntermediateValue,\n    AddToTrustchainDAInternalState\n  > {\n    type types = StateMachineTypes<\n      AddToTrustchainDAOutput,\n      AddToTrustchainDAInput,\n      AddToTrustchainDAError,\n      AddToTrustchainDAIntermediateValue,\n      AddToTrustchainDAInternalState\n    >;\n\n    const { initCommand, parseStream, signBlock } =\n      this.extractDependencies(internalApi);\n\n    return setup({\n      types: {\n        input: {} as types[\"input\"],\n        context: {} as types[\"context\"],\n        output: {} as types[\"output\"],\n      },\n\n      actors: {\n        initCommand: fromPromise(initCommand),\n        parseStream: fromPromise(parseStream),\n        signBlock: fromPromise(signBlock),\n      },\n\n      actions: {\n        assignErrorFromEvent: raiseAndAssign(\n          ({ event }) =>\n            Left(\n              new LKRPUnknownError(\n                String((event as { error?: unknown }).error),\n              ),\n            ), // NOTE: it should never happen, the error is not typed anymore here\n        ),\n      },\n\n      guards: {\n        isTustchainEmpty: ({ context }) =>\n          context.input\n            .toMaybe()\n            .chain((input) => input.trustchain.getAppStream(input.appId))\n            .chain((appStream) => appStream.parse().toMaybe())\n            .map((blocks) => blocks.length === 0)\n            .orDefault(true),\n      },\n    }).createMachine({\n      /** @xstate-layout N4IgpgJg5mDOIC5QEEIQCoHt0CcCusALgMYAWAhgJYB2AImAG6XFjLGGWbUB0AktZUIBlOLE7UAxBC5huNBpgDWsmoIDCmALaby1CAG0ADAF1EoAA6YxHLmZAAPRAEZDAdm6unAFgAcXpwBsAKwAzL7+TgA0IACezq4AnB6GIU4ATAFeaUEBuT5pAL4F0agY2PhEZFR0jMys7OJ8AsKi4hJgODiYONzmADbkhABm3ZpyzRraugYmdpbW4naOCAlJaS4JXgGpCZ6r0XEIPgHc2YaGXiEhOdlXTkUlaFi4BCQUNPRMLGw2PPyCIlgYi4ElgeGILCBRlMSBA80Ei1hy2uXm4IVcXlWZwS5xChiCB0QaQSQW4QVcxMC63SCTShWKIFKzwqb2qnzqP0a-xaQLaHS6OGhcysCNsSMQKLRGKxQUMOJS+MJKzlaPSXlcPkSPkMaQxD0ZT3KryqH1q3waXG4AAVyDhYGAhIQcGByJopDJxgplL1bfbHc7XULYfDfktEKETgEnJ4coZMkEsUqnNqySFgtGgsmsWkvPqmUbKu8al96r9rb6HU6XW7+d1egNhqMfXbKwHNEGLCLQ+KEEEMmTdvHXEFjj4-ErNdxDD4wviciT8gEfHnDS9C2yzaXGjaW-7q6DwZDYB24V3EaBlq4NR4wmnpylvCEfEriScvHHdX4cwF1gEV2U11ZU0S05S0dz9KtXXaTpuhPENzwcRArx8G9LgCe9UkuZ9YiQscyR-LwEwCDVzice4GXzQCTWLDkLR4NRSDAYhFGQcx+mYQZxD3V0AFF7EoIgJDgs8xQvZxozSU4NnxK5sl2KIcIQYlJLSEIFx8Mj0PVcjHgAllqPZc0ywYpiWLYvoON+bjND4gTCCEpwYU7BZRMQhAyIpKS5RkkI5M8JUo1JeN8hHVwdQCBI-wo1d9KLQyt0tfNbKIGgoGs91qBUagvVkMQoGoAAhPpMGY4SXOoMN3KyFC3AfBN0jpLwlUxFDrgSdEwoTTVEn-ZljTizdQJ4JL+JS6g0sgmsYJ6fpBhGHAxjywritK2ZgxEiqe28aduCyZMlzTA7NWai5uBxH90xcLYZ16gsgJoozGhGuzUvSsEIVEMrRU2sT3MyJxTkinxIqvNJRzSALvFOSl1QTdYKSi3S+vXYDaLLZ6xomttoIFL7u1+wJ-EBpcQYpcGAsyDxKXnPs6QSW6qIGkC6O4fMADkwAAd3S6RMs9JRcsofKipKxQ8YQ5ZvDBqcwtSeq6RzJMMTO0JvGB3zfOnBnYo3Zn0cNDnucmnG61mxsFu4JaRdWpzT3KyrtpQvbR0OmdjsUjSyXOc4NJ1BInFp7X+t1tGnoNrm3sPT61uc76Hf+4ngeIsmlwhxTiUMbh8mJJ9PESLZAiDlGHoS4bw6N7Ha0FGO7bjraE9fJPQfJxSwgB3zKX9hJtTjIIigZahMAgOA7EonXUce1z4Nc5YAFoFMOWfSVWVZNXnVxtm8Eki-u+KhqaAFWinjbKvVF9rwDi6KSCWUKVzaK9ODifS-LXdJuFe2e3Vdx-HfBMtnRLSNOhxPxnSTucEcfh8TLgfsjXeg0WYmWYqxdixBOJcGsslQgH866-RxADK8Vxu7dXahFF8kUzofkxEELwWxsg3x3gZBB+syhYNeu-dan8CboidivXYCYUiZFcEqIiWc1TA3OLSTU98kZ3SYXrMOZRDbWRwfjNyTgeG7T4cOHEaYz7p1cCEXaH50JjmjHiNMjCmah0tEIKOQJVES3iLsKcN9fCqU-JcAkiltJkllvkQxtV1gyINI-Yue8WY8Wmo4me8RMy7RzFSK6cZ0gUyMeqf2tDpxpnJH3fuQA */\n\n      id: \"AddToTrustchainDeviceAction\",\n      context: ({ input }) => ({\n        input,\n        intermediateValue: {\n          requiredUserInteraction: UserInteractionRequired.None,\n        },\n        _internalState: Right({\n          sessionKeypair: null,\n        }),\n      }),\n\n      initial: \"InitSession\",\n      states: {\n        InitSession: {\n          entry: assign({\n            intermediateValue: {\n              requiredUserInteraction: UserInteractionRequired.None,\n              step: AddToTrustchaineDAStep.Initialize,\n            },\n          }),\n          on: { success: \"ParseStream\", error: \"Error\" },\n          invoke: {\n            id: \"initCommand\",\n            src: \"initCommand\",\n            input: ({ context }) =>\n              context.input.map((input) => input.cryptoService),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map((sessionKeypair) => ({\n                  raise: \"success\",\n                  assign: { sessionKeypair },\n                })),\n              ),\n            },\n          },\n        },\n\n        ParseStream: {\n          entry: assign({\n            intermediateValue: {\n              requiredUserInteraction: UserInteractionRequired.None,\n              step: AddToTrustchaineDAStep.ParseStream,\n            },\n          }),\n          on: { success: \"CheckApplicationStreamExist\", error: \"Error\" },\n          invoke: {\n            id: \"parseStream\",\n            src: \"parseStream\",\n            input: ({ context }) =>\n              context.input.chain((input) =>\n                eitherSeqRecord({\n                  seedBlock: () =>\n                    required(\n                      input.trustchain\n                        .getRootStream()\n                        .chain((stream) => stream.parse().toMaybe())\n                        .extract()?.[0],\n                      \"Missing seed block to parse\",\n                    ),\n                  applicationStream: () =>\n                    required(\n                      input.trustchain.getAppStream(input.appId).extract(),\n                      \"Missing application stream to parse\",\n                    ),\n                }),\n              ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map(() => ({ raise: \"success\" })),\n              ),\n            },\n          },\n        },\n\n        CheckApplicationStreamExist: {\n          always: [\n            { target: \"AddToNewStream\", guard: \"isTustchainEmpty\" },\n            { target: \"AddToExistingStream\" },\n          ],\n        },\n\n        AddToExistingStream: {\n          entry: assign({\n            intermediateValue: {\n              requiredUserInteraction: AddToTrustchainDAState.AddMember,\n              step: AddToTrustchaineDAStep.AddMember,\n            },\n          }),\n          on: { success: \"Success\", error: \"Error\" },\n          invoke: {\n            id: \"signBlock\",\n            src: \"signBlock\",\n            input: ({ context }) =>\n              context.input.chain((input) => {\n                const appStream = input.trustchain.getAppStream(input.appId);\n                return eitherSeqRecord({\n                  cryptoService: input.cryptoService,\n                  lkrpDataSource: input.lkrpDataSource,\n                  trustchainId: input.trustchain.getId(),\n                  jwt: input.jwt,\n                  clientName: input.clientName,\n                  sessionKeypair: () =>\n                    context._internalState.chain(({ sessionKeypair }) =>\n                      required(sessionKeypair, \"Missing session keypair\"),\n                    ),\n                  path: () =>\n                    required(\n                      appStream.chain((stream) => stream.getPath()).extract(),\n                      \"Missing application path\",\n                    ),\n                  parent: () =>\n                    required(\n                      appStream\n                        .chain((stream) => stream.parse().toMaybe())\n                        .chainNullable((blocks) => blocks.at(-1)?.hash())\n                        .chainNullable(hexaStringToBuffer)\n                        .extract(),\n                      \"Missing parent block\",\n                    ),\n                  blockFlow: {\n                    type: \"addMember\",\n                    data: {\n                      name: input.clientName,\n                      publicKey: input.keypair.getPublicKey(),\n                      permissions: input.permissions,\n                    },\n                  },\n                });\n              }),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map(() => ({ raise: \"success\" })),\n              ),\n            },\n          },\n        },\n\n        AddToNewStream: {\n          entry: assign({\n            intermediateValue: {\n              requiredUserInteraction: AddToTrustchainDAState.AddMember,\n              step: AddToTrustchaineDAStep.AddMember,\n            },\n          }),\n          on: { success: \"Success\", error: \"Error\" },\n          invoke: {\n            id: \"signBlock\",\n            src: \"signBlock\",\n            input: ({ context }) =>\n              context.input.chain((input) =>\n                eitherSeqRecord({\n                  lkrpDataSource: input.lkrpDataSource,\n                  trustchainId: input.trustchain.getId(),\n                  jwt: input.jwt,\n                  clientName: input.clientName,\n                  sessionKeypair: () =>\n                    context._internalState.chain(({ sessionKeypair }) =>\n                      required(sessionKeypair, \"Missing session keypair\"),\n                    ),\n                  path: `m/0'/${input.appId}'/0'`,\n                  parent: () =>\n                    required(\n                      input.trustchain\n                        .getRootStream()\n                        .chain((stream) => stream.parse().toMaybe())\n                        .chainNullable((blocks) => blocks[0]?.hash())\n                        .chainNullable(hexaStringToBuffer)\n                        .extract(),\n                      \"Missing init block\",\n                    ),\n                  blockFlow: {\n                    type: \"derive\",\n                    data: {\n                      name: input.clientName,\n                      publicKey: input.keypair.getPublicKey(),\n                      permissions: input.permissions,\n                    },\n                  },\n                }).chain(() => Left(new LKRPTrustchainNotReady())),\n              ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map(() => ({ raise: \"success\" })),\n              ),\n            },\n          },\n        },\n\n        Success: { type: \"final\" },\n\n        Error: { type: \"final\" },\n      },\n\n      output: ({ context }) => context._internalState.map((_) => undefined),\n    });\n  }\n\n  extractDependencies(internalApi: InternalApi) {\n    return {\n      initCommand: async (args: {\n        input: Either<AddToTrustchainDAError, CryptoService>;\n      }): Promise<Either<AddToTrustchainDAError, KeyPair>> =>\n        EitherAsync.liftEither(args.input)\n          .chain((cryptoService) =>\n            new InitTask(internalApi, cryptoService).run(),\n          )\n          .run(),\n\n      parseStream: async (args: {\n        input: Either<AddToTrustchainDAError, ParseStreamToDeviceTaskInput>;\n      }) =>\n        EitherAsync.liftEither(args.input)\n          .chain<AddToTrustchainDAError, unknown>((input) =>\n            new ParseStreamToDeviceTask(internalApi).run(input),\n          )\n          .run(),\n\n      signBlock: (args: {\n        input: Either<\n          AddToTrustchainDAError,\n          SignBlockTaskInput & { cryptoService: CryptoService }\n        >;\n      }): Promise<Either<AddToTrustchainDAError, void>> =>\n        EitherAsync.liftEither(args.input)\n          .chain((input) =>\n            new SignBlockTask(internalApi, input.cryptoService).run(input),\n          )\n          .run(),\n    };\n  }\n}\n"],
-  "mappings": "AAAA,OAEE,sBAAAA,EAGA,2BAAAC,EACA,sBAAAC,MACK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YACtD,OAAS,UAAAC,EAAQ,eAAAC,EAAa,SAAAC,MAAa,SAE3C,OAME,0BAAAC,EACA,0BAAAC,MACK,mDAGP,OAAS,0BAAAC,EAAwB,oBAAAC,MAAwB,oBACzD,OAAS,YAAAC,MAAgB,qCACzB,OACE,2BAAAC,MAEK,oDACP,OACE,iBAAAC,MAEK,0CACP,OAAS,mBAAAC,MAAuB,kCAChC,OAAS,YAAAC,MAAgB,2BAEzB,OAAS,kBAAAC,MAAsB,yBAExB,MAAMC,UAAoCjB,CAM/C,CACA,iBACEkB,EAOA,CASA,KAAM,CAAE,YAAAC,EAAa,YAAAC,EAAa,UAAAC,CAAU,EAC1C,KAAK,oBAAoBH,CAAW,EAEtC,OAAOZ,EAAM,CACX,MAAO,CACL,MAAO,CAAC,EACR,QAAS,CAAC,EACV,OAAQ,CAAC,CACX,EAEA,OAAQ,CACN,YAAaD,EAAYc,CAAW,EACpC,YAAad,EAAYe,CAAW,EACpC,UAAWf,EAAYgB,CAAS,CAClC,EAEA,QAAS,CACP,qBAAsBL,EACpB,CAAC,CAAE,MAAAM,CAAM,IACPpB,EACE,IAAIQ,EACF,OAAQY,EAA8B,KAAK,CAC7C,CACF,CACJ,CACF,EAEA,OAAQ,CACN,iBAAkB,CAAC,CAAE,QAAAC,CAAQ,IAC3BA,EAAQ,MACL,QAAQ,EACR,MAAOC,GAAUA,EAAM,WAAW,aAAaA,EAAM,KAAK,CAAC,EAC3D,MAAOC,GAAcA,EAAU,MAAM,EAAE,QAAQ,CAAC,EAChD,IAAKC,GAAWA,EAAO,SAAW,CAAC,EACnC,UAAU,EAAI,CACrB,CACF,CAAC,EAAE,cAAc,CAGf,GAAI,8BACJ,QAAS,CAAC,CAAE,MAAAF,CAAM,KAAO,CACvB,MAAAA,EACA,kBAAmB,CACjB,wBAAyBzB,EAAwB,IACnD,EACA,eAAgBI,EAAM,CACpB,eAAgB,IAClB,CAAC,CACH,GAEA,QAAS,cACT,OAAQ,CACN,YAAa,CACX,MAAOC,EAAO,CACZ,kBAAmB,CACjB,wBAAyBL,EAAwB,KACjD,KAAMS,EAAuB,UAC/B,CACF,CAAC,EACD,GAAI,CAAE,QAAS,cAAe,MAAO,OAAQ,EAC7C,OAAQ,CACN,GAAI,cACJ,IAAK,cACL,MAAO,CAAC,CAAE,QAAAe,CAAQ,IAChBA,EAAQ,MAAM,IAAKC,GAAUA,EAAM,aAAa,EAClD,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASR,EAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAKK,IAAoB,CACpC,MAAO,UACP,OAAQ,CAAE,eAAAA,CAAe,CAC3B,EAAE,CACJ,CACF,CACF,CACF,EAEA,YAAa,CACX,MAAOvB,EAAO,CACZ,kBAAmB,CACjB,wBAAyBL,EAAwB,KACjD,KAAMS,EAAuB,WAC/B,CACF,CAAC,EACD,GAAI,CAAE,QAAS,8BAA+B,MAAO,OAAQ,EAC7D,OAAQ,CACN,GAAI,cACJ,IAAK,cACL,MAAO,CAAC,CAAE,QAAAe,CAAQ,IAChBA,EAAQ,MAAM,MAAOC,GACnBV,EAAgB,CACd,UAAW,IACTC,EACES,EAAM,WACH,cAAc,EACd,MAAOI,GAAWA,EAAO,MAAM,EAAE,QAAQ,CAAC,EAC1C,QAAQ,IAAI,CAAC,EAChB,6BACF,EACF,kBAAmB,IACjBb,EACES,EAAM,WAAW,aAAaA,EAAM,KAAK,EAAE,QAAQ,EACnD,qCACF,CACJ,CAAC,CACH,EACF,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASR,EAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CAAE,MAAO,SAAU,EAAE,CAC/C,CACF,CACF,CACF,EAEA,4BAA6B,CAC3B,OAAQ,CACN,CAAE,OAAQ,iBAAkB,MAAO,kBAAmB,EACtD,CAAE,OAAQ,qBAAsB,CAClC,CACF,EAEA,oBAAqB,CACnB,MAAOlB,EAAO,CACZ,kBAAmB,CACjB,wBAAyBG,EAAuB,UAChD,KAAMC,EAAuB,SAC/B,CACF,CAAC,EACD,GAAI,CAAE,QAAS,UAAW,MAAO,OAAQ,EACzC,OAAQ,CACN,GAAI,YACJ,IAAK,YACL,MAAO,CAAC,CAAE,QAAAe,CAAQ,IAChBA,EAAQ,MAAM,MAAOC,GAAU,CAC7B,MAAMC,EAAYD,EAAM,WAAW,aAAaA,EAAM,KAAK,EAC3D,OAAOV,EAAgB,CACrB,cAAeU,EAAM,cACrB,eAAgBA,EAAM,eACtB,aAAcA,EAAM,WAAW,MAAM,EACrC,IAAKA,EAAM,IACX,WAAYA,EAAM,WAClB,eAAgB,IACdD,EAAQ,eAAe,MAAM,CAAC,CAAE,eAAAI,CAAe,IAC7CZ,EAASY,EAAgB,yBAAyB,CACpD,EACF,KAAM,IACJZ,EACEU,EAAU,MAAOG,GAAWA,EAAO,QAAQ,CAAC,EAAE,QAAQ,EACtD,0BACF,EACF,OAAQ,IACNb,EACEU,EACG,MAAOG,GAAWA,EAAO,MAAM,EAAE,QAAQ,CAAC,EAC1C,cAAeF,GAAWA,EAAO,GAAG,EAAE,GAAG,KAAK,CAAC,EAC/C,cAAc5B,CAAkB,EAChC,QAAQ,EACX,sBACF,EACF,UAAW,CACT,KAAM,YACN,KAAM,CACJ,KAAM0B,EAAM,WACZ,UAAWA,EAAM,QAAQ,aAAa,EACtC,YAAaA,EAAM,WACrB,CACF,CACF,CAAC,CACH,CAAC,EACH,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASR,EAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CAAE,MAAO,SAAU,EAAE,CAC/C,CACF,CACF,CACF,EAEA,eAAgB,CACd,MAAOlB,EAAO,CACZ,kBAAmB,CACjB,wBAAyBG,EAAuB,UAChD,KAAMC,EAAuB,SAC/B,CACF,CAAC,EACD,GAAI,CAAE,QAAS,UAAW,MAAO,OAAQ,EACzC,OAAQ,CACN,GAAI,YACJ,IAAK,YACL,MAAO,CAAC,CAAE,QAAAe,CAAQ,IAChBA,EAAQ,MAAM,MAAOC,GACnBV,EAAgB,CACd,eAAgBU,EAAM,eACtB,aAAcA,EAAM,WAAW,MAAM,EACrC,IAAKA,EAAM,IACX,WAAYA,EAAM,WAClB,eAAgB,IACdD,EAAQ,eAAe,MAAM,CAAC,CAAE,eAAAI,CAAe,IAC7CZ,EAASY,EAAgB,yBAAyB,CACpD,EACF,KAAM,QAAQH,EAAM,KAAK,OACzB,OAAQ,IACNT,EACES,EAAM,WACH,cAAc,EACd,MAAOI,GAAWA,EAAO,MAAM,EAAE,QAAQ,CAAC,EAC1C,cAAeF,GAAWA,EAAO,CAAC,GAAG,KAAK,CAAC,EAC3C,cAAc5B,CAAkB,EAChC,QAAQ,EACX,oBACF,EACF,UAAW,CACT,KAAM,SACN,KAAM,CACJ,KAAM0B,EAAM,WACZ,UAAWA,EAAM,QAAQ,aAAa,EACtC,YAAaA,EAAM,WACrB,CACF,CACF,CAAC,EAAE,MAAM,IAAMtB,EAAK,IAAIO,CAAwB,CAAC,CACnD,EACF,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASO,EAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CAAE,MAAO,SAAU,EAAE,CAC/C,CACF,CACF,CACF,EAEA,QAAS,CAAE,KAAM,OAAQ,EAEzB,MAAO,CAAE,KAAM,OAAQ,CACzB,EAEA,OAAQ,CAAC,CAAE,QAAAC,CAAQ,IAAMA,EAAQ,eAAe,IAAKM,GAAG,EAAY,CACtE,CAAC,CACH,CAEA,oBAAoBX,EAA0B,CAC5C,MAAO,CACL,YAAa,MAAOY,GAGlB7B,EAAY,WAAW6B,EAAK,KAAK,EAC9B,MAAOC,GACN,IAAIpB,EAASO,EAAaa,CAAa,EAAE,IAAI,CAC/C,EACC,IAAI,EAET,YAAa,MAAOD,GAGlB7B,EAAY,WAAW6B,EAAK,KAAK,EAC9B,MAAwCN,GACvC,IAAIZ,EAAwBM,CAAW,EAAE,IAAIM,CAAK,CACpD,EACC,IAAI,EAET,UAAYM,GAMV7B,EAAY,WAAW6B,EAAK,KAAK,EAC9B,MAAON,GACN,IAAIX,EAAcK,EAAaM,EAAM,aAAa,EAAE,IAAIA,CAAK,CAC/D,EACC,IAAI,CACX,CACF,CACF",
-  "names": ["hexaStringToBuffer", "UserInteractionRequired", "XStateDeviceAction", "EitherAsync", "Left", "Right", "assign", "fromPromise", "setup", "AddToTrustchainDAState", "AddToTrustchaineDAStep", "LKRPTrustchainNotReady", "LKRPUnknownError", "InitTask", "ParseStreamToDeviceTask", "SignBlockTask", "eitherSeqRecord", "required", "raiseAndAssign", "AddToTrustchainDeviceAction", "internalApi", "initCommand", "parseStream", "signBlock", "event", "context", "input", "appStream", "blocks", "sessionKeypair", "stream", "_", "args", "cryptoService"]
+  "sourcesContent": ["import {\n  type DeviceActionStateMachine,\n  hexaStringToBuffer,\n  type InternalApi,\n  type StateMachineTypes,\n  UnknownDAError,\n  UserInteractionRequired,\n  XStateDeviceAction,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Maybe, Right } from \"purify-ts\";\nimport { assign, fromPromise, setup } from \"xstate\";\n\nimport {\n  type AddToTrustchainDAError,\n  type AddToTrustchainDAInput,\n  type AddToTrustchainDAIntermediateValue,\n  type AddToTrustchainDAInternalState,\n  type AddToTrustchainDAOutput,\n} from \"@api/app-binder/AddToTrustchainDeviceActionTypes\";\nimport { type Keypair } from \"@api/index\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { InitTask } from \"@internal/app-binder/task/InitTask\";\nimport {\n  ParseStreamToDeviceTask,\n  type ParseStreamToDeviceTaskInput,\n} from \"@internal/app-binder/task/ParseStreamToDeviceTask\";\nimport {\n  type SignBlockError,\n  SignBlockTask,\n  type SignBlockTaskInput,\n} from \"@internal/app-binder/task/SignBlockTask\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { required } from \"@internal/utils/required\";\n\nimport { raiseAndAssign } from \"./utils/raiseAndAssign\";\n\nexport class AddToTrustchainDeviceAction extends XStateDeviceAction<\n  AddToTrustchainDAOutput,\n  AddToTrustchainDAInput,\n  AddToTrustchainDAError,\n  AddToTrustchainDAIntermediateValue,\n  AddToTrustchainDAInternalState\n> {\n  makeStateMachine(\n    internalApi: InternalApi,\n  ): DeviceActionStateMachine<\n    AddToTrustchainDAOutput,\n    AddToTrustchainDAInput,\n    AddToTrustchainDAError,\n    AddToTrustchainDAIntermediateValue,\n    AddToTrustchainDAInternalState\n  > {\n    type types = StateMachineTypes<\n      AddToTrustchainDAOutput,\n      AddToTrustchainDAInput,\n      AddToTrustchainDAError,\n      AddToTrustchainDAIntermediateValue,\n      AddToTrustchainDAInternalState\n    >;\n\n    const { initCommand, parseStream, signBlock } =\n      this.extractDependencies(internalApi);\n\n    return setup({\n      types: {\n        input: {} as types[\"input\"],\n        context: {} as types[\"context\"],\n        output: {} as types[\"output\"],\n      },\n\n      actors: {\n        initCommand: fromPromise(initCommand),\n        parseStream: fromPromise(parseStream),\n        signBlock: fromPromise(signBlock),\n      },\n\n      actions: {\n        assignErrorFromEvent: raiseAndAssign(\n          ({ event }) =>\n            Left(\n              new UnknownDAError(String((event as { error?: unknown }).error)),\n            ), // NOTE: it should never happen, the error is not typed anymore here\n        ),\n      },\n\n      guards: {\n        isTustchainEmpty: ({ context }) =>\n          context.input\n            .toMaybe()\n            .chain((input) => input.applicationStream.parse().toMaybe())\n            .map((blocks) => blocks.length === 0)\n            .orDefault(true),\n      },\n    }).createMachine({\n      /** @xstate-layout N4IgpgJg5mDOIC5QEEIQCoHt0CcCusALgMYAWAhgJYB2AImAG6XFjLGGWbUB0AktZUIBlOLE7UAxBC5huNBpgDWsmoIDCmALaby1CAG0ADAF1EoAA6YxHLmZAAPRAEZDAdm6unAFgAcAJi9PLwA2PycAVmCAGhAAT0QAZhDucJDXAE5XcO9wsOCAX3yY1AxsfCIyKjpGZlZ2cT4BYVFxCTAcHEwcbnMAG3JCADMuzTkmjW1dAxM7S2txO0cEdPTuMMN0hKcEnycMwx9ouMQ-cITuDYTg1wOb4PScwuK0LFwCEgoaeiYWNhsefiCESwMRcCSwPDEFggoymJAgOaCBbwpYJVLcBKuLwrQx+dJnbZeGLxBAJALcLxOYLhHGGFx+BJPEAlV7lD5Vb61P4NQHNEGtdqdHCw2ZWJG2FGJdGY7HpXH4rZJYmIXx+NaywKbBk3VyMorMl5ld6VL41X71LjcAAK5BwsDAQkIODA5E0UhkYwUyh6tvtjudrpF8MR-0WiDOwW4wT2ex8CTJ122yoQYR8FzSPkyEWyXiuTJZRoqn2qPzq-2tvodTpdbsFXR6-SGIx9dqrAc0QYsYtDkoQuUjNNcwUC4V2up8yac5JpV2CCTcVJ8XgZ+cNbyLHLNZYaNtb-pr4Mh0NgnYR3eRoCWrlcad1udcpxWu0xyb8fkM3CpwWCBzlSR8o5eKupTruypqltylq7n61aum0HRdKeIYXg4iDXreSSYo+6TPq4yZoucWIrF4dLxlcaLAayxrFpy5rlmopBgMQijIOYfTMAM4j7q6ACi9iUEQEhIeeEqXs4VJeCkN5+D4D4-ocESvm+3APNSP6+GSETpAU+oFqBJollyFo8AxTEsWxvQcf83GaHxAmEEJThwl28yiahCBOE4hwYoYvi+D4dIHLiyYALRTu4bh4mcN43psAGUYWYGGXRDQFnZRA0FANnutQKjUF6shiFA1AAEK9JgzHCa51Bhh5XjLtwAWBIYwQARJU6hXikm5CEnleOEWSUk4CX6TRW6QTwaX8Rl1BZbBtYId0fQDMMOCjEVpXlZVMzBiJNW9t4DKfpEpy7JEmbaaFOxqgk6Tvp5A1-vVerPCBbIGbR26WlN9mZdlEJQqIVXivtYkecOapZD4sleYYhgDd+nUZBSlKpNDWG5CN71jRBxncD9M1ze28FCsDPZg1S4ThBc773IE843IpxwIGFBweLdGyyZhByyVj1Gbrj5YFgAcmAADu2XSLlnpKIVlDFWVFWKGTKFLIdkZDjs2ZtS+zOYh4NxwxkAXpNicZ8xu4FGULhqixL80k-Wy1Nmt3AbYr23OWe1W1d4ewYps0ZTpsmxZKFvhrOEdLXg8LgtbdFtJZ9E347b4v-UeQM7S5IO+xDHijtpgR+PciPM94kZuLieK3XiRvpInH3jXjIvpw7dbCtn3u5wd1LU7iLWm7qVdMySYSSZSpzeDsngl1OhT6tQmAQHAdh6djAvWyhyFuUsYXh-cjUPE+ThxW+w26WuG9Wyllq8sCoKg935PuYEyb1ZJKwrAEERxtkWSNxxlvKClYbKih9r2QI7hKQkSjhsM4pt8JUgpF-KkaJNj1XCIAzet8TKMWYqxdixBOJcBsulQg4Ce5gzlE4A2mEGRPlNgkJSH5vx9xuNiOGYRXDYJvl9SahpyF-XmpQl+atMSRm2KmNwAFUhlxJCFd85x4yjnHpPQIvheHJX4anUodswG7QgRTK4qxoyGB2GbN8qZJzkgeLsH80ZNjw2hlo5OeMhCZxBKI1Wzg4yrBajSe6A1erhE6gFKMDwBrbHxP1O8rjm7lh4otbxu9fEDRSFqUcUNIgHFCi4VYOE5Q4RahsRcOlChAA */\n\n      id: \"AddToTrustchainDeviceAction\",\n      context: ({ input }) => ({\n        input,\n        intermediateValue: {\n          requiredUserInteraction: UserInteractionRequired.None,\n        },\n        _internalState: Right({\n          sessionKeypair: null,\n        }),\n      }),\n\n      initial: \"InitSession\",\n      states: {\n        InitSession: {\n          on: { success: \"ParseStream\", error: \"Error\" },\n          invoke: {\n            id: \"initCommand\",\n            src: \"initCommand\",\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map((sessionKeypair) => ({\n                  raise: \"success\",\n                  assign: { sessionKeypair },\n                })),\n              ),\n            },\n          },\n        },\n\n        ParseStream: {\n          on: { success: \"CheckApplicationStreamExist\", error: \"Error\" },\n          invoke: {\n            id: \"parseStream\",\n            src: \"parseStream\",\n            input: ({ context }) =>\n              context.input.chain((input) =>\n                required(input.trustchain?.[\"m/\"], \"Missing root stream\")\n                  .chain((rootStream) => rootStream.parse())\n                  .chain((blocks) => required(blocks[0], \"Missing seed block\"))\n                  .map((seedBlock) => ({\n                    seedBlock,\n                    applicationStream: input.applicationStream,\n                  })),\n              ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map(() => ({ raise: \"success\" })),\n              ),\n            },\n          },\n        },\n\n        CheckApplicationStreamExist: {\n          always: [\n            { target: \"AddToNewStream\", guard: \"isTustchainEmpty\" },\n            { target: \"AddToExistingStream\" },\n          ],\n        },\n\n        AddToExistingStream: {\n          on: { success: \"Success\", error: \"Error\" },\n          entry: assign({\n            intermediateValue: {\n              requiredUserInteraction: \"add-ledger-sync\",\n            },\n          }),\n          exit: assign({\n            intermediateValue: {\n              requiredUserInteraction: UserInteractionRequired.None,\n            },\n          }),\n          invoke: {\n            id: \"signBlock\",\n            src: \"signBlock\",\n            input: ({ context }) =>\n              context.input.chain((input) =>\n                eitherSeqRecord({\n                  lkrpDataSource: input.lkrpDataSource,\n                  trustchainId: input.trustchainId,\n                  jwt: input.jwt,\n                  clientName: input.clientName,\n                  sessionKeypair: () =>\n                    context._internalState.chain(({ sessionKeypair }) =>\n                      required(sessionKeypair, \"Missing session keypair\"),\n                    ),\n                  path: () =>\n                    required(\n                      input.applicationStream.getPath().extract(),\n                      \"Missing application path\",\n                    ),\n                  parent: () =>\n                    required(\n                      input.applicationStream\n                        .parse()\n                        .toMaybe()\n                        .chainNullable((blocks) => blocks.at(-1)?.hash())\n                        .chainNullable(hexaStringToBuffer)\n                        .extract(),\n                      \"Missing parent block\",\n                    ),\n                  blockFlow: {\n                    type: \"addMember\",\n                    data: {\n                      name: input.clientName,\n                      publicKey: input.keypair.pubKeyToU8a(),\n                      permissions: input.permissions,\n                    },\n                  },\n                }),\n              ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map(() => ({ raise: \"success\" })),\n              ),\n            },\n          },\n        },\n\n        AddToNewStream: {\n          on: { success: \"Success\", error: \"Error\" },\n          entry: assign({\n            intermediateValue: {\n              requiredUserInteraction: \"add-ledger-sync\",\n            },\n          }),\n          exit: assign({\n            intermediateValue: {\n              requiredUserInteraction: UserInteractionRequired.None,\n            },\n          }),\n          invoke: {\n            id: \"signBlock\",\n            src: \"signBlock\",\n            input: ({ context }) =>\n              context.input.chain((input) =>\n                eitherSeqRecord({\n                  lkrpDataSource: input.lkrpDataSource,\n                  trustchainId: input.trustchainId,\n                  jwt: input.jwt,\n                  clientName: input.clientName,\n                  sessionKeypair: () =>\n                    context._internalState.chain(({ sessionKeypair }) =>\n                      required(sessionKeypair, \"Missing session keypair\"),\n                    ),\n                  path: () =>\n                    required(\n                      input.applicationStream.getPath().extract(),\n                      \"Missing application path\",\n                    ),\n                  parent: () =>\n                    required(\n                      Maybe.fromNullable(input.trustchain[\"m/\"])\n                        .chain((rootStream) => rootStream.parse().toMaybe())\n                        .chainNullable((blocks) => blocks[0]?.hash())\n                        .chainNullable(hexaStringToBuffer)\n                        .extract(),\n                      \"Missing init block\",\n                    ),\n                  blockFlow: {\n                    type: \"derive\",\n                    data: {\n                      name: input.clientName,\n                      publicKey: input.keypair.pubKeyToU8a(),\n                      permissions: input.permissions,\n                    },\n                  },\n                }),\n              ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map(() => ({ raise: \"success\" })),\n              ),\n            },\n          },\n        },\n\n        Success: { type: \"final\" },\n\n        Error: { type: \"final\" },\n      },\n\n      output: ({ context }) => context._internalState.map((_) => undefined),\n    });\n  }\n\n  extractDependencies(internalApi: InternalApi) {\n    return {\n      initCommand: (): Promise<Either<LKRPDeviceCommandError, Keypair>> =>\n        new InitTask(internalApi).run(),\n\n      parseStream: async (args: {\n        input: Either<AddToTrustchainDAError, ParseStreamToDeviceTaskInput>;\n      }) =>\n        EitherAsync.liftEither(args.input)\n          .chain<AddToTrustchainDAError, unknown>((input) =>\n            new ParseStreamToDeviceTask(internalApi).run(input),\n          )\n          .run(),\n\n      signBlock: (args: {\n        input: Either<AddToTrustchainDAError, SignBlockTaskInput>;\n      }): Promise<Either<SignBlockError, void>> =>\n        EitherAsync.liftEither(args.input)\n          .chain((input) => new SignBlockTask(internalApi).run(input))\n          .run(),\n    };\n  }\n}\n"],
+  "mappings": "AAAA,OAEE,sBAAAA,EAGA,kBAAAC,EACA,2BAAAC,EACA,sBAAAC,MACK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,EAAO,SAAAC,MAAa,YAC7D,OAAS,UAAAC,EAAQ,eAAAC,EAAa,SAAAC,MAAa,SAW3C,OAAS,YAAAC,MAAgB,qCACzB,OACE,2BAAAC,MAEK,oDACP,OAEE,iBAAAC,MAEK,0CACP,OAAS,mBAAAC,MAAuB,kCAChC,OAAS,YAAAC,MAAgB,2BAEzB,OAAS,kBAAAC,MAAsB,yBAExB,MAAMC,UAAoCd,CAM/C,CACA,iBACEe,EAOA,CASA,KAAM,CAAE,YAAAC,EAAa,YAAAC,EAAa,UAAAC,CAAU,EAC1C,KAAK,oBAAoBH,CAAW,EAEtC,OAAOR,EAAM,CACX,MAAO,CACL,MAAO,CAAC,EACR,QAAS,CAAC,EACV,OAAQ,CAAC,CACX,EAEA,OAAQ,CACN,YAAaD,EAAYU,CAAW,EACpC,YAAaV,EAAYW,CAAW,EACpC,UAAWX,EAAYY,CAAS,CAClC,EAEA,QAAS,CACP,qBAAsBL,EACpB,CAAC,CAAE,MAAAM,CAAM,IACPjB,EACE,IAAIJ,EAAe,OAAQqB,EAA8B,KAAK,CAAC,CACjE,CACJ,CACF,EAEA,OAAQ,CACN,iBAAkB,CAAC,CAAE,QAAAC,CAAQ,IAC3BA,EAAQ,MACL,QAAQ,EACR,MAAOC,GAAUA,EAAM,kBAAkB,MAAM,EAAE,QAAQ,CAAC,EAC1D,IAAKC,GAAWA,EAAO,SAAW,CAAC,EACnC,UAAU,EAAI,CACrB,CACF,CAAC,EAAE,cAAc,CAGf,GAAI,8BACJ,QAAS,CAAC,CAAE,MAAAD,CAAM,KAAO,CACvB,MAAAA,EACA,kBAAmB,CACjB,wBAAyBtB,EAAwB,IACnD,EACA,eAAgBK,EAAM,CACpB,eAAgB,IAClB,CAAC,CACH,GAEA,QAAS,cACT,OAAQ,CACN,YAAa,CACX,GAAI,CAAE,QAAS,cAAe,MAAO,OAAQ,EAC7C,OAAQ,CACN,GAAI,cACJ,IAAK,cACL,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASS,EAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAKI,IAAoB,CACpC,MAAO,UACP,OAAQ,CAAE,eAAAA,CAAe,CAC3B,EAAE,CACJ,CACF,CACF,CACF,EAEA,YAAa,CACX,GAAI,CAAE,QAAS,8BAA+B,MAAO,OAAQ,EAC7D,OAAQ,CACN,GAAI,cACJ,IAAK,cACL,MAAO,CAAC,CAAE,QAAAH,CAAQ,IAChBA,EAAQ,MAAM,MAAOC,GACnBT,EAASS,EAAM,aAAa,IAAI,EAAG,qBAAqB,EACrD,MAAOG,GAAeA,EAAW,MAAM,CAAC,EACxC,MAAOF,GAAWV,EAASU,EAAO,CAAC,EAAG,oBAAoB,CAAC,EAC3D,IAAKG,IAAe,CACnB,UAAAA,EACA,kBAAmBJ,EAAM,iBAC3B,EAAE,CACN,EACF,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASR,EAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CAAE,MAAO,SAAU,EAAE,CAC/C,CACF,CACF,CACF,EAEA,4BAA6B,CAC3B,OAAQ,CACN,CAAE,OAAQ,iBAAkB,MAAO,kBAAmB,EACtD,CAAE,OAAQ,qBAAsB,CAClC,CACF,EAEA,oBAAqB,CACnB,GAAI,CAAE,QAAS,UAAW,MAAO,OAAQ,EACzC,MAAOd,EAAO,CACZ,kBAAmB,CACjB,wBAAyB,iBAC3B,CACF,CAAC,EACD,KAAMA,EAAO,CACX,kBAAmB,CACjB,wBAAyBN,EAAwB,IACnD,CACF,CAAC,EACD,OAAQ,CACN,GAAI,YACJ,IAAK,YACL,MAAO,CAAC,CAAE,QAAAqB,CAAQ,IAChBA,EAAQ,MAAM,MAAOC,GACnBV,EAAgB,CACd,eAAgBU,EAAM,eACtB,aAAcA,EAAM,aACpB,IAAKA,EAAM,IACX,WAAYA,EAAM,WAClB,eAAgB,IACdD,EAAQ,eAAe,MAAM,CAAC,CAAE,eAAAG,CAAe,IAC7CX,EAASW,EAAgB,yBAAyB,CACpD,EACF,KAAM,IACJX,EACES,EAAM,kBAAkB,QAAQ,EAAE,QAAQ,EAC1C,0BACF,EACF,OAAQ,IACNT,EACES,EAAM,kBACH,MAAM,EACN,QAAQ,EACR,cAAeC,GAAWA,EAAO,GAAG,EAAE,GAAG,KAAK,CAAC,EAC/C,cAAczB,CAAkB,EAChC,QAAQ,EACX,sBACF,EACF,UAAW,CACT,KAAM,YACN,KAAM,CACJ,KAAMwB,EAAM,WACZ,UAAWA,EAAM,QAAQ,YAAY,EACrC,YAAaA,EAAM,WACrB,CACF,CACF,CAAC,CACH,EACF,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASR,EAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CAAE,MAAO,SAAU,EAAE,CAC/C,CACF,CACF,CACF,EAEA,eAAgB,CACd,GAAI,CAAE,QAAS,UAAW,MAAO,OAAQ,EACzC,MAAOd,EAAO,CACZ,kBAAmB,CACjB,wBAAyB,iBAC3B,CACF,CAAC,EACD,KAAMA,EAAO,CACX,kBAAmB,CACjB,wBAAyBN,EAAwB,IACnD,CACF,CAAC,EACD,OAAQ,CACN,GAAI,YACJ,IAAK,YACL,MAAO,CAAC,CAAE,QAAAqB,CAAQ,IAChBA,EAAQ,MAAM,MAAOC,GACnBV,EAAgB,CACd,eAAgBU,EAAM,eACtB,aAAcA,EAAM,aACpB,IAAKA,EAAM,IACX,WAAYA,EAAM,WAClB,eAAgB,IACdD,EAAQ,eAAe,MAAM,CAAC,CAAE,eAAAG,CAAe,IAC7CX,EAASW,EAAgB,yBAAyB,CACpD,EACF,KAAM,IACJX,EACES,EAAM,kBAAkB,QAAQ,EAAE,QAAQ,EAC1C,0BACF,EACF,OAAQ,IACNT,EACET,EAAM,aAAakB,EAAM,WAAW,IAAI,CAAC,EACtC,MAAOG,GAAeA,EAAW,MAAM,EAAE,QAAQ,CAAC,EAClD,cAAeF,GAAWA,EAAO,CAAC,GAAG,KAAK,CAAC,EAC3C,cAAczB,CAAkB,EAChC,QAAQ,EACX,oBACF,EACF,UAAW,CACT,KAAM,SACN,KAAM,CACJ,KAAMwB,EAAM,WACZ,UAAWA,EAAM,QAAQ,YAAY,EACrC,YAAaA,EAAM,WACrB,CACF,CACF,CAAC,CACH,EACF,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASR,EAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CAAE,MAAO,SAAU,EAAE,CAC/C,CACF,CACF,CACF,EAEA,QAAS,CAAE,KAAM,OAAQ,EAEzB,MAAO,CAAE,KAAM,OAAQ,CACzB,EAEA,OAAQ,CAAC,CAAE,QAAAC,CAAQ,IAAMA,EAAQ,eAAe,IAAKM,GAAG,EAAY,CACtE,CAAC,CACH,CAEA,oBAAoBX,EAA0B,CAC5C,MAAO,CACL,YAAa,IACX,IAAIP,EAASO,CAAW,EAAE,IAAI,EAEhC,YAAa,MAAOY,GAGlB1B,EAAY,WAAW0B,EAAK,KAAK,EAC9B,MAAwCN,GACvC,IAAIZ,EAAwBM,CAAW,EAAE,IAAIM,CAAK,CACpD,EACC,IAAI,EAET,UAAYM,GAGV1B,EAAY,WAAW0B,EAAK,KAAK,EAC9B,MAAON,GAAU,IAAIX,EAAcK,CAAW,EAAE,IAAIM,CAAK,CAAC,EAC1D,IAAI,CACX,CACF,CACF",
+  "names": ["hexaStringToBuffer", "UnknownDAError", "UserInteractionRequired", "XStateDeviceAction", "EitherAsync", "Left", "Maybe", "Right", "assign", "fromPromise", "setup", "InitTask", "ParseStreamToDeviceTask", "SignBlockTask", "eitherSeqRecord", "required", "raiseAndAssign", "AddToTrustchainDeviceAction", "internalApi", "initCommand", "parseStream", "signBlock", "event", "context", "input", "blocks", "sessionKeypair", "rootStream", "seedBlock", "_", "args"]
 }

package/lib/esm/internal/app-binder/device-action/AuthenticateDeviceAction.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import{OpenAppDeviceAction as E,UnknownDAError as l,UserInteractionRequired as m,XStateDeviceAction as S}from"@ledgerhq/device-management-kit";import{EitherAsync as y,Left as p,Right as A}from"purify-ts";import{assign as D,fromPromise as h,setup as k}from"xstate";import{LKRPMissingDataError as g,LKRPUnauthorizedError as I,LKRPUnhandledState as f}from"../../../api/app-binder/Errors";import{SignChallengeWithDeviceTask as v}from"../../app-binder/task/SignChallengeWithDeviceTask";import{SignChallengeWithKeypairTask as M}from"../../app-binder/task/SignChallengeWithKeypairTask";import{eitherSeqRecord as d}from"../../utils/eitherSeqRecord";import{LKRPBlockStream as w}from"../../utils/LKRPBlockStream";import{required as r}from"../../utils/required";import{raiseAndAssign as s}from"./utils/raiseAndAssign";import{AddToTrustchainDeviceAction as K}from"./AddToTrustchainDeviceAction";const T="Ledger Sync";class V extends S{makeStateMachine(a){const{deviceAuth:n,keypairAuth:i,getTrustchain:u,extractEncryptionKey:c}=this.extractDependencies(a);return k({types:{input:{},context:{},output:{}},actors:{openAppStateMachine:new E({input:{appName:T}}).makeStateMachine(a),deviceAuth:h(n),keypairAuth:h(i),getTrustchain:h(u),addToTrustchainStateMachine:new K({input:p(new g("Missing input for GetEncryptionKey"))}).makeStateMachine(a),extractEncryptionKey:h(c)},actions:{assignErrorFromEvent:s(({event:t})=>p(new l(String(t.error))))},guards:{hasNoTrustchainId:({context:t})=>!t.input.trustchainId,hasNoJwt:({context:t})=>!t.input.jwt,isTrustchainMember:({context:t})=>t._internalState.toMaybe().map(e=>e.wasAddedToTrustchain\|\|e.applicationStream?.hasMember(t.input.keypair.pubKeyToHex())).extract()??!1}}).createMachine({id:"AuthenticateDeviceAction",context:({input:t})=>({input:t,intermediateValue:{requiredUserInteraction:m.None},_internalState:A({trustchainId:null,jwt:null,trustchain:null,applicationStream:null,encryptionKey:null,wasAddedToTrustchain:!1})}),initial:"CheckCredentials",states:{CheckCredentials:{always:[{target:"DeviceAuth",guard:"hasNoTrustchainId"},{target:"KeypairAuth",guard:"hasNoJwt"},{target:"GetTrustchain"}]},KeypairAuth:{on:{success:"GetTrustchain",invalidCredentials:"DeviceAuth",error:"Error"},invoke:{id:"keypairAuth",src:"keypairAuth",input:({context:t})=>({lkrpDataSource:t.input.lkrpDataSource,keypair:t.input.keypair,trustchainId:r(t.input.trustchainId,"Missing Trustchain ID in the input")}),onError:{actions:"assignErrorFromEvent"},onDone:{actions:s(({event:t})=>t.output.map(({jwt:e})=>({raise:"success",assign:{jwt:e}})).chainLeft(e=>e instanceof I?A({raise:"invalidCredentials"}):p(e)))}}},DeviceAuth:{on:{success:"GetTrustchain",error:"Error"},initial:"OpenApp",states:{OpenApp:{on:{success:"Auth"},invoke:{id:"openApp",src:"openAppStateMachine",input:{appName:T},onError:{actions:"assignErrorFromEvent"},onDone:{actions:s(({event:t})=>t.output.map(()=>({raise:"success"})))}}},Auth:{entry:D({intermediateValue:{requiredUserInteraction:"connect-ledger-sync"}}),exit:D({intermediateValue:{requiredUserInteraction:m.None}}),invoke:{id:"deviceAuth",src:"deviceAuth",input:({context:t})=>t.input,onError:{actions:"assignErrorFromEvent"},onDone:{actions:s(({event:t})=>t.output.chain(e=>e.trustchainId.caseOf({Nothing:()=>p(new f("The trustchain is empty")),Just:o=>A({raise:"success",assign:{jwt:e.jwt,trustchainId:o}})})))}}}}},GetTrustchain:{on:{success:"CheckIsMembers",invalidCredentials:"KeypairAuth",error:"Error"},invoke:{id:"getTrustchain",src:"getTrustchain",input:({context:t})=>t._internalState.chain(e=>d({lkrpDataSource:t.input.lkrpDataSource,applicationId:t.input.applicationId,trustchainId:()=>r(e.trustchainId??t.input.trustchainId,"Missing Trustchain ID in the input for GetTrustchain"),jwt:()=>r(e.jwt??t.input.jwt,"Missing JWT in the input for GetTrustchain")})),onError:{actions:"assignErrorFromEvent"},onDone:{actions:s(({event:t})=>t.output.map(({trustchain:e,applicationStream:o})=>({raise:"success",assign:{trustchain:e,applicationStream:o}})))}}},CheckIsMembers:{always:[{target:"ExtractEncryptionKey",guard:"isTrustchainMember"},{target:"AddToTrustchain"}]},AddToTrustchain:{on:{success:"GetTrustchain",error:"Error"},invoke:{id:"AddToTrustchain",src:"addToTrustchainStateMachine",input:({context:t})=>t._internalState.mapLeft(()=>new g("Missing data in the input for AddToTrustchain")).chain(e=>d({lkrpDataSource:t.input.lkrpDataSource,keypair:t.input.keypair,clientName:t.input.clientName,permissions:t.input.permissions,jwt:()=>r(e.jwt??t.input.jwt,"Missing JWT in the input for AddToTrustchain"),trustchainId:()=>r(e.trustchainId??t.input.trustchainId,"Missing Trustchain ID in the input for GetTrustchain"),trustchain:()=>r(e.trustchain,"Missing Trustchain in the input for AddToTrustchain"),applicationStream:()=>r(e.applicationStream,"Missing application stream in the input for AddToTrustchain")})),onError:{actions:"assignErrorFromEvent"},onDone:{actions:s(({event:t})=>t.output.map(()=>({raise:"success",assign:{wasAddedToTrustchain:!0}})))}}},ExtractEncryptionKey:{on:{success:"Success",error:"Error"},invoke:{id:"ExtractEncryptionKey",src:"extractEncryptionKey",input:({context:t})=>t._internalState.chain(e=>r(e.applicationStream,"Missing application stream").map(o=>({applicationStream:o,keypair:t.input.keypair}))),onError:{actions:"assignErrorFromEvent"},onDone:{actions:s(({event:t})=>t.output.map(e=>({raise:"success",assign:{encryptionKey:e}})))}}},Success:{type:"final"},Error:{type:"final"}},output:({context:t})=>t._internalState.chain(e=>d({trustchainId:()=>r(e.trustchainId??t.input.trustchainId,"Missing Trustchain ID in the output"),jwt:()=>r(e.jwt??t.input.jwt,"Missing JWT in the output"),applicationPath:()=>r(e.applicationStream?.getPath().extract(),"Missing application path in the output"),encryptionKey:()=>r(e.encryptionKey,"Missing encryption key in the output")}))})}extractDependencies(a){return{deviceAuth:n=>this.auth(n.input.lkrpDataSource,new v(a)).run(),keypairAuth:n=>{const{lkrpDataSource:i,keypair:u}=n.input;return y.liftEither(n.input.trustchainId).chain(c=>this.auth(i,new M(u,c))).run()},getTrustchain:n=>y.liftEither(n.input).chain(({applicationId:i,lkrpDataSource:u,trustchainId:c,jwt:t})=>u.getTrustchainById(c,t).map(e=>({trustchain:e,applicationStream:e[`m/${i}'`]??w.fromPath(`m/0'/${i}'/0'`)}))).run(),extractEncryptionKey:async n=>Promise.resolve(n.input.chain(({applicationStream:i,keypair:u})=>i.getPublishedKey(u).toEither(new l("There is no encryption key for the current member in the application stream."))).map(i=>i.privateKey))}}auth(a,n){return a.getChallenge().chain(i=>n.run(i)).chain(i=>a.authenticate(i))}}export{V as AuthenticateDeviceAction};
2	+ //# sourceMappingURL=AuthenticateDeviceAction.js.map

package/lib/esm/internal/app-binder/device-action/AuthenticateDeviceAction.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/device-action/AuthenticateDeviceAction.ts"],
+  "sourcesContent": ["import {\n  type DeviceActionStateMachine,\n  type InternalApi,\n  OpenAppDeviceAction,\n  type StateMachineTypes,\n  UnknownDAError,\n  UserInteractionRequired,\n  XStateDeviceAction,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Right } from \"purify-ts\";\nimport { assign, fromPromise, setup } from \"xstate\";\n\nimport {\n  type AuthenticateDAError,\n  type AuthenticateDAInput,\n  type AuthenticateDAIntermediateValue,\n  type AuthenticateDAInternalState,\n  type AuthenticateDAOutput,\n} from \"@api/app-binder/AuthenticateDeviceActionTypes\";\nimport {\n  LKRPMissingDataError,\n  LKRPUnauthorizedError,\n  LKRPUnhandledState,\n} from \"@api/app-binder/Errors\";\nimport { type Keypair } from \"@api/app-binder/LKRPTypes\";\nimport { type JWT } from \"@api/index\";\nimport { SignChallengeWithDeviceTask } from \"@internal/app-binder/task/SignChallengeWithDeviceTask\";\nimport { SignChallengeWithKeypairTask } from \"@internal/app-binder/task/SignChallengeWithKeypairTask\";\nimport {\n  type AuthenticationPayload,\n  type Challenge,\n  type LKRPDataSource,\n} from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\nimport { required } from \"@internal/utils/required\";\n\nimport { raiseAndAssign } from \"./utils/raiseAndAssign\";\nimport { AddToTrustchainDeviceAction } from \"./AddToTrustchainDeviceAction\";\n\nconst APP_NAME = \"Ledger Sync\";\n\nexport class AuthenticateDeviceAction extends XStateDeviceAction<\n  AuthenticateDAOutput,\n  AuthenticateDAInput,\n  AuthenticateDAError,\n  AuthenticateDAIntermediateValue,\n  AuthenticateDAInternalState\n> {\n  makeStateMachine(\n    internalApi: InternalApi,\n  ): DeviceActionStateMachine<\n    AuthenticateDAOutput,\n    AuthenticateDAInput,\n    AuthenticateDAError,\n    AuthenticateDAIntermediateValue,\n    AuthenticateDAInternalState\n  > {\n    type types = StateMachineTypes<\n      AuthenticateDAOutput,\n      AuthenticateDAInput,\n      AuthenticateDAError,\n      AuthenticateDAIntermediateValue,\n      AuthenticateDAInternalState\n    >;\n\n    const { deviceAuth, keypairAuth, getTrustchain, extractEncryptionKey } =\n      this.extractDependencies(internalApi);\n\n    return setup({\n      types: {\n        input: {} as types[\"input\"],\n        context: {} as types[\"context\"],\n        output: {} as types[\"output\"],\n      },\n\n      actors: {\n        openAppStateMachine: new OpenAppDeviceAction({\n          input: { appName: APP_NAME },\n        }).makeStateMachine(internalApi),\n\n        deviceAuth: fromPromise(deviceAuth),\n        keypairAuth: fromPromise(keypairAuth),\n\n        getTrustchain: fromPromise(getTrustchain),\n\n        addToTrustchainStateMachine: new AddToTrustchainDeviceAction({\n          input: Left(\n            new LKRPMissingDataError(\"Missing input for GetEncryptionKey\"),\n          ),\n        }).makeStateMachine(internalApi),\n\n        extractEncryptionKey: fromPromise(extractEncryptionKey),\n      },\n\n      actions: {\n        assignErrorFromEvent: raiseAndAssign(\n          ({ event }) =>\n            Left(\n              new UnknownDAError(String((event as { error?: unknown }).error)),\n            ), // NOTE: it should never happen, the error is not typed anymore here\n        ),\n      },\n\n      guards: {\n        hasNoTrustchainId: ({ context }) => !context.input.trustchainId,\n        hasNoJwt: ({ context }) => !context.input.jwt,\n        isTrustchainMember: ({ context }) =>\n          context._internalState\n            .toMaybe()\n            .map(\n              (state) =>\n                state.wasAddedToTrustchain ||\n                state.applicationStream?.hasMember(\n                  context.input.keypair.pubKeyToHex(),\n                ),\n            )\n            .extract() ?? false,\n      },\n    }).createMachine({\n      /** @xstate-layout N4IgpgJg5mDOIC5QEECuAXAFmAduglgMYCG6YAImAG5FjKEED2OAdAMLaEDWbATpLgLEANrADEAbQAMAXUSgADo1j4mOeSAAeiAMxSALC30BOHfoDsAJinGAHADYp94wBoQAT0QBaAKwsf9lYBAIzB9jrm5vr6OgC+sW5oWIJEpBTUtPRq7Jw8-BApIuISwXJIIEoqahraCDrBOizG+pb2tq06PlJStvo+bp4IPsZSLBHBprZWnVI+tvGJGNh4qWSUNIR0DPjMOWDcfAIrRZKWZYrKqjvq5bU6lsZGkb0Rsz1TOgOII34+oebGQJmOytBYgJLLAgkNYZTZZa4sADSYHcCmI+F4ELEEGYYBY+BwVEYXDxJNR6MxS2k5wql2qt0Q9miLEsJh8lmewWGrK+Q30wSMOk61k6OjaLTBEJS0PSGy22WR5IxWLAvF4jF4LAUwlIADMNQBbFhktHKqmyDSVK7MGqM+r+Fr6WyA8xM2zBSy86LmJq2Axi-T2YZTQGSpbStLrTLbXaK02UrBiWCoQibWCwamWunXW0IYw+H2BVmWOa2MxScy88xSAXmYJlh5CiYBYxh5IrGVRuEx1hxilYglUET4CCHArHUSZ8pW+mgWrO0b8-kPYyWDkxfS8gujWb2Cb3fmRAxtyGrWXRhUo+MqtUaqcXKo5hl55xNMzBCyzZp9TceRl-FhHCcHo11aKIfBPCMYTleFdi7OgliTFM0wzC1p2zG1nw9fRRmaRwTDXcIuk9P8EEDUZzB0fNLGCOtzB8LpWwScFww7SNYXlBF4JvdVeHvWlH0wudEA-GwjFomsDBsHDPlIj9DFsdkAldZ4WhLSC2Ogi8uI4iEWAAeQUXBkAUBRsVxfFCWJPFGCMnATIUfiZyfYSEHsIMmkiB4PUsCJ3RIwZaMaBouVdFoqJ8Cx5mYqVNPPbtsm4pYDLshyxFVXitR1dB9V4I1bOM0ynIwm5XKZQwGMi3yzHuBsq0eQJehsCZFNdCYNKhdiYJ7FgkqwFLCrM5NUzgVCaWcoStG+MIWArYIDF6BiPzaXkHgq3o2qZSxFLiGLWM6rSEp0mDkqxHEcDxQdrJYAoTqwYrBNKqaEHm0wWHaLoJnMP12nCXl61sFkPymAJulscHAw6s9uJ6vrMBYHiNSyvVDRu3TzXGkrc3mgExmMBoTBGIifFkwZmhYNrqzLejGLsKHO10nqAHEwHQAAVXhUFgdBCEwdEcHMi7LKJEkWBgdnOe53n+Ye60ntqBoAPc4wrHCewaO+gLEHdAVqbaJwwmaXbFnbA74s43YWYlrmeb5gl0tvTVtRRvKxdZjmbelglZdnZ6CYq-MLDMaIpAefpSLrPwehsBxqw9Tp6a67TLfdyXbf5pCRvTH2XL9gI-HoktXv5aTeVMRpJidZ0HgrGxE8Oi3WCtj2pbtgXB2HUd8kKSc0IfOXc3CQHKJ0Z0zHV9oJl5BwKOmesbGLMt6-N2Cm9Tz224d3ic8mhWTEBlpXWaKQxXaepeSDAUgLaEsZnm42WNN6HGeyDh9i4ABJWAAFkwANAAjVU4h8CwAAAQGj-oAvifcBIDywmPQC3RPx6Eos4Um3wVbvX9A8QIPRL7Lxhq-XIX9f4AKAWIEBoCcCMHQOAyBqod7yxEiGCmykGjuiApRMuvkjABFHv5eoJgCEvwRG-bgJD6G8HEBlO8MCJpMJeuBd6Jh1azDDs4C+Stug3xJp9E+wjurZGQBACAbNGAt3Tvbc6l0rKi2MaY8xacvY4EYbmGizoxjemMCMU+oRbD1UaM6J0dg5jxwfrFM2hCET2LMRY5xW8kbOxyqjGJjiN4yzkVjZ8NERizQ9ACVohF6JVgMLNIC3R6glimJYAxydWCpLiZvYaKFXHZL6IDPQYRb4ODFKYMuHkIZ+iIt4qItSjq7AaU4zeMjoGY0em4z8-hwg0Vqg0E+v5Bjg0BmEP4gIzAPGsPYMZjcWAAFFNDoF4MQBgpycCEF4KiNQipM4tMyfM7JE93oAnaFMb6AJ0EvXWf4CswwIishPq6Y5q8zkXKuTcu5DyFBPJRAk2ZWZ3muVaDWFgH5lreL9Ixew-S-AQzrICE+phjxgmoQUeA5QInP0MbneRuY-Q4vmlMQIEwwiOErKRLw+Yxg0VLJEAGYpwn7UZXUvYBxu4Tjpf3X2Cttrsp6Cpbl7kKy8i8D6d0VgTA1lqvmJee0n4MyZbGK8-Yljorga5dkPoR7OnmkGCp4dBjhEeODTVjp2GzChbDdGWBbVKsQA6poq5Vzg1mO6fx-LdXCudN9dyJM6zRRNqec10q4YDXsqZENudagFj8N4g50bQlxsGByAUcwLAxCZOXMwAbEpBvhhCAtu8RIUtVWEPo4ryqrQcIBfWLRfpgWCM2hEzcpn8w7Qoj0DExj0XxSTcqAL8aLlHhYRwTJd1HNNZmpO4zWBiM-j-SRCrYGhpem0A+1gGw0VmH8d12tvFNACNEfMdZgIQQPVBFePVJnpIJHOtxu5ZpRBaiYLyGztZlgprRJNURVFNr-XFKJuxzmXOuegW59zHnXEVKBtpM0Qx7kog4RwHp-pAq6K6fW4rKL6EnbsAAyshUaxHMWuksEK9R312j4xo0KFkBYmQ7JGN0cwLHWCnMdlx56HJ6IshLNtcC3ogz9MMOECwxYnTAn3fEIAA */\n\n      id: \"AuthenticateDeviceAction\",\n      context: ({ input }): types[\"context\"] => ({\n        input,\n        intermediateValue: {\n          requiredUserInteraction: UserInteractionRequired.None,\n        },\n        _internalState: Right({\n          trustchainId: null,\n          jwt: null,\n          trustchain: null,\n          applicationStream: null,\n          encryptionKey: null,\n          wasAddedToTrustchain: false,\n        }),\n      }),\n\n      initial: \"CheckCredentials\",\n      states: {\n        CheckCredentials: {\n          always: [\n            { target: \"DeviceAuth\", guard: \"hasNoTrustchainId\" },\n            { target: \"KeypairAuth\", guard: \"hasNoJwt\" },\n            { target: \"GetTrustchain\" },\n          ],\n        },\n\n        KeypairAuth: {\n          on: {\n            success: \"GetTrustchain\",\n            invalidCredentials: \"DeviceAuth\",\n            error: \"Error\",\n          },\n          invoke: {\n            id: \"keypairAuth\",\n            src: \"keypairAuth\",\n            input: ({ context }) => ({\n              lkrpDataSource: context.input.lkrpDataSource,\n              keypair: context.input.keypair,\n              trustchainId: required(\n                context.input.trustchainId,\n                \"Missing Trustchain ID in the input\",\n              ),\n            }),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output\n                  .map(({ jwt }) => ({\n                    raise: \"success\",\n                    assign: { jwt },\n                  }))\n                  .chainLeft((error) =>\n                    error instanceof LKRPUnauthorizedError\n                      ? Right({ raise: \"invalidCredentials\" })\n                      : Left(error),\n                  ),\n              ),\n            },\n          },\n        },\n\n        DeviceAuth: {\n          on: { success: \"GetTrustchain\", error: \"Error\" },\n          initial: \"OpenApp\",\n          states: {\n            OpenApp: {\n              // TODO snapshot for intermediateValue\n              on: { success: \"Auth\" },\n              invoke: {\n                id: \"openApp\",\n                src: \"openAppStateMachine\",\n                input: { appName: APP_NAME },\n                onError: { actions: \"assignErrorFromEvent\" },\n                onDone: {\n                  actions: raiseAndAssign(({ event }) =>\n                    event.output.map(() => ({ raise: \"success\" })),\n                  ),\n                },\n              },\n            },\n\n            Auth: {\n              entry: assign({\n                intermediateValue: {\n                  requiredUserInteraction: \"connect-ledger-sync\",\n                },\n              }),\n              exit: assign({\n                intermediateValue: {\n                  requiredUserInteraction: UserInteractionRequired.None,\n                },\n              }),\n              invoke: {\n                id: \"deviceAuth\",\n                src: \"deviceAuth\",\n                input: ({ context }) => context.input,\n                onError: { actions: \"assignErrorFromEvent\" },\n                onDone: {\n                  actions: raiseAndAssign(({ event }) =>\n                    event.output.chain((payload) =>\n                      payload.trustchainId.caseOf({\n                        Nothing: () =>\n                          Left(\n                            new LKRPUnhandledState(\"The trustchain is empty\"),\n                          ),\n                        Just: (trustchainId) =>\n                          Right({\n                            raise: \"success\",\n                            assign: { jwt: payload.jwt, trustchainId },\n                          }),\n                      }),\n                    ),\n                  ),\n                },\n              },\n            },\n          },\n        },\n\n        GetTrustchain: {\n          on: {\n            success: \"CheckIsMembers\",\n            invalidCredentials: \"KeypairAuth\",\n            error: \"Error\",\n          },\n          invoke: {\n            id: \"getTrustchain\",\n            src: \"getTrustchain\",\n            input: ({ context }) =>\n              context._internalState.chain((state) =>\n                eitherSeqRecord({\n                  lkrpDataSource: context.input.lkrpDataSource,\n                  applicationId: context.input.applicationId,\n                  trustchainId: () =>\n                    required(\n                      state.trustchainId ?? context.input.trustchainId,\n                      \"Missing Trustchain ID in the input for GetTrustchain\",\n                    ),\n                  jwt: () =>\n                    required(\n                      state.jwt ?? context.input.jwt,\n                      \"Missing JWT in the input for GetTrustchain\",\n                    ),\n                }),\n              ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map(({ trustchain, applicationStream }) => ({\n                  raise: \"success\",\n                  assign: { trustchain, applicationStream },\n                })),\n              ),\n            },\n          },\n        },\n\n        CheckIsMembers: {\n          always: [\n            { target: \"ExtractEncryptionKey\", guard: \"isTrustchainMember\" },\n            { target: \"AddToTrustchain\" },\n          ],\n        },\n\n        AddToTrustchain: {\n          // TODO snapshot for intermediateValue\n          on: {\n            success: \"GetTrustchain\",\n            error: \"Error\",\n          },\n          invoke: {\n            id: \"AddToTrustchain\",\n            src: \"addToTrustchainStateMachine\",\n            input: ({ context }) =>\n              context._internalState\n                .mapLeft(\n                  () =>\n                    new LKRPMissingDataError(\n                      \"Missing data in the input for AddToTrustchain\",\n                    ),\n                )\n                .chain((state) =>\n                  eitherSeqRecord({\n                    lkrpDataSource: context.input.lkrpDataSource,\n                    keypair: context.input.keypair,\n                    clientName: context.input.clientName,\n                    permissions: context.input.permissions,\n                    jwt: () =>\n                      required(\n                        state.jwt ?? context.input.jwt,\n                        \"Missing JWT in the input for AddToTrustchain\",\n                      ),\n                    trustchainId: () =>\n                      required(\n                        state.trustchainId ?? context.input.trustchainId,\n                        \"Missing Trustchain ID in the input for GetTrustchain\",\n                      ),\n                    trustchain: () =>\n                      required(\n                        state.trustchain,\n                        \"Missing Trustchain in the input for AddToTrustchain\",\n                      ),\n                    applicationStream: () =>\n                      required(\n                        state.applicationStream,\n                        \"Missing application stream in the input for AddToTrustchain\",\n                      ),\n                  }),\n                ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map(() => ({\n                  raise: \"success\",\n                  assign: { wasAddedToTrustchain: true },\n                })),\n              ),\n            },\n          },\n        },\n\n        ExtractEncryptionKey: {\n          on: { success: \"Success\", error: \"Error\" },\n          invoke: {\n            id: \"ExtractEncryptionKey\",\n            src: \"extractEncryptionKey\",\n            input: ({ context }) =>\n              context._internalState.chain((state) =>\n                required(\n                  state.applicationStream,\n                  \"Missing application stream\",\n                ).map((applicationStream) => ({\n                  applicationStream,\n                  keypair: context.input.keypair,\n                })),\n              ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map((encryptionKey) => ({\n                  raise: \"success\",\n                  assign: { encryptionKey },\n                })),\n              ),\n            },\n          },\n        },\n\n        Success: { type: \"final\" },\n\n        Error: { type: \"final\" },\n      },\n\n      output: ({ context }) =>\n        context._internalState.chain((state) =>\n          eitherSeqRecord({\n            trustchainId: () =>\n              required(\n                state.trustchainId ?? context.input.trustchainId,\n                \"Missing Trustchain ID in the output\",\n              ),\n            jwt: () =>\n              required(\n                state.jwt ?? context.input.jwt,\n                \"Missing JWT in the output\",\n              ),\n            applicationPath: () =>\n              required(\n                state.applicationStream?.getPath().extract(),\n                \"Missing application path in the output\",\n              ),\n            encryptionKey: () =>\n              required(\n                state.encryptionKey,\n                \"Missing encryption key in the output\",\n              ),\n          }),\n        ),\n    });\n  }\n\n  extractDependencies(internalApi: InternalApi) {\n    return {\n      deviceAuth: (args: { input: { lkrpDataSource: LKRPDataSource } }) =>\n        this.auth(\n          args.input.lkrpDataSource,\n          new SignChallengeWithDeviceTask(internalApi),\n        ).run(),\n\n      keypairAuth: (args: {\n        input: Pick<AuthenticateDAInput, \"lkrpDataSource\" | \"keypair\"> & {\n          trustchainId: Either<LKRPMissingDataError, string>;\n        };\n      }) => {\n        const { lkrpDataSource, keypair } = args.input;\n        return EitherAsync.liftEither(args.input.trustchainId)\n          .chain((trustchainId) =>\n            this.auth(\n              lkrpDataSource,\n              new SignChallengeWithKeypairTask(keypair, trustchainId),\n            ),\n          )\n          .run();\n      },\n\n      getTrustchain: (args: {\n        input: Either<\n          AuthenticateDAError,\n          {\n            applicationId: number;\n            lkrpDataSource: LKRPDataSource;\n            trustchainId: string;\n            jwt: JWT;\n          }\n        >;\n      }) =>\n        EitherAsync.liftEither(args.input)\n          .chain(({ applicationId, lkrpDataSource, trustchainId, jwt }) =>\n            lkrpDataSource\n              .getTrustchainById(trustchainId, jwt)\n              .map((trustchain) => ({\n                trustchain,\n                applicationStream:\n                  trustchain[`m/${applicationId}'`] ??\n                  LKRPBlockStream.fromPath(`m/0'/${applicationId}'/0'`),\n              })),\n          )\n          .run(),\n\n      extractEncryptionKey: async (args: {\n        input: Either<\n          AuthenticateDAError,\n          {\n            applicationStream: LKRPBlockStream;\n            keypair: Keypair;\n          }\n        >;\n      }) => {\n        // TODO additional derivations should be supported:\n        // https://github.com/LedgerHQ/ledger-live/blob/develop/libs/hw-ledger-key-ring-protocol/src/Device.ts#L216...L226\n        // Probably not needed for Ledger Sync\n        return Promise.resolve(\n          args.input\n            .chain(({ applicationStream, keypair }) =>\n              applicationStream\n                .getPublishedKey(keypair)\n                .toEither(\n                  new UnknownDAError(\n                    \"There is no encryption key for the current member in the application stream.\",\n                  ),\n                ),\n            )\n            .map((key) => key.privateKey),\n        );\n      },\n    };\n  }\n\n  private auth(\n    lkrpDataSource: LKRPDataSource,\n    signerTask: {\n      run: (\n        challenge: Challenge,\n      ) => PromiseLike<Either<AuthenticateDAError, AuthenticationPayload>>;\n    },\n  ) {\n    return lkrpDataSource\n      .getChallenge()\n      .chain((challenge) => signerTask.run(challenge))\n      .chain((payload) => lkrpDataSource.authenticate(payload));\n  }\n}\n"],
+  "mappings": "AAAA,OAGE,uBAAAA,EAEA,kBAAAC,EACA,2BAAAC,EACA,sBAAAC,MACK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YACtD,OAAS,UAAAC,EAAQ,eAAAC,EAAa,SAAAC,MAAa,SAS3C,OACE,wBAAAC,EACA,yBAAAC,EACA,sBAAAC,MACK,yBAGP,OAAS,+BAAAC,MAAmC,wDAC5C,OAAS,gCAAAC,MAAoC,yDAM7C,OAAS,mBAAAC,MAAuB,kCAChC,OAAS,mBAAAC,MAAuB,kCAChC,OAAS,YAAAC,MAAgB,2BAEzB,OAAS,kBAAAC,MAAsB,yBAC/B,OAAS,+BAAAC,MAAmC,gCAE5C,MAAMC,EAAW,cAEV,MAAMC,UAAiClB,CAM5C,CACA,iBACEmB,EAOA,CASA,KAAM,CAAE,WAAAC,EAAY,YAAAC,EAAa,cAAAC,EAAe,qBAAAC,CAAqB,EACnE,KAAK,oBAAoBJ,CAAW,EAEtC,OAAOb,EAAM,CACX,MAAO,CACL,MAAO,CAAC,EACR,QAAS,CAAC,EACV,OAAQ,CAAC,CACX,EAEA,OAAQ,CACN,oBAAqB,IAAIT,EAAoB,CAC3C,MAAO,CAAE,QAASoB,CAAS,CAC7B,CAAC,EAAE,iBAAiBE,CAAW,EAE/B,WAAYd,EAAYe,CAAU,EAClC,YAAaf,EAAYgB,CAAW,EAEpC,cAAehB,EAAYiB,CAAa,EAExC,4BAA6B,IAAIN,EAA4B,CAC3D,MAAOd,EACL,IAAIK,EAAqB,oCAAoC,CAC/D,CACF,CAAC,EAAE,iBAAiBY,CAAW,EAE/B,qBAAsBd,EAAYkB,CAAoB,CACxD,EAEA,QAAS,CACP,qBAAsBR,EACpB,CAAC,CAAE,MAAAS,CAAM,IACPtB,EACE,IAAIJ,EAAe,OAAQ0B,EAA8B,KAAK,CAAC,CACjE,CACJ,CACF,EAEA,OAAQ,CACN,kBAAmB,CAAC,CAAE,QAAAC,CAAQ,IAAM,CAACA,EAAQ,MAAM,aACnD,SAAU,CAAC,CAAE,QAAAA,CAAQ,IAAM,CAACA,EAAQ,MAAM,IAC1C,mBAAoB,CAAC,CAAE,QAAAA,CAAQ,IAC7BA,EAAQ,eACL,QAAQ,EACR,IACEC,GACCA,EAAM,sBACNA,EAAM,mBAAmB,UACvBD,EAAQ,MAAM,QAAQ,YAAY,CACpC,CACJ,EACC,QAAQ,GAAK,EACpB,CACF,CAAC,EAAE,cAAc,CAGf,GAAI,2BACJ,QAAS,CAAC,CAAE,MAAAE,CAAM,KAAyB,CACzC,MAAAA,EACA,kBAAmB,CACjB,wBAAyB5B,EAAwB,IACnD,EACA,eAAgBI,EAAM,CACpB,aAAc,KACd,IAAK,KACL,WAAY,KACZ,kBAAmB,KACnB,cAAe,KACf,qBAAsB,EACxB,CAAC,CACH,GAEA,QAAS,mBACT,OAAQ,CACN,iBAAkB,CAChB,OAAQ,CACN,CAAE,OAAQ,aAAc,MAAO,mBAAoB,EACnD,CAAE,OAAQ,cAAe,MAAO,UAAW,EAC3C,CAAE,OAAQ,eAAgB,CAC5B,CACF,EAEA,YAAa,CACX,GAAI,CACF,QAAS,gBACT,mBAAoB,aACpB,MAAO,OACT,EACA,OAAQ,CACN,GAAI,cACJ,IAAK,cACL,MAAO,CAAC,CAAE,QAAAsB,CAAQ,KAAO,CACvB,eAAgBA,EAAQ,MAAM,eAC9B,QAASA,EAAQ,MAAM,QACvB,aAAcX,EACZW,EAAQ,MAAM,aACd,oCACF,CACF,GACA,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASV,EAAe,CAAC,CAAE,MAAAS,CAAM,IAC/BA,EAAM,OACH,IAAI,CAAC,CAAE,IAAAI,CAAI,KAAO,CACjB,MAAO,UACP,OAAQ,CAAE,IAAAA,CAAI,CAChB,EAAE,EACD,UAAWC,GACVA,aAAiBrB,EACbL,EAAM,CAAE,MAAO,oBAAqB,CAAC,EACrCD,EAAK2B,CAAK,CAChB,CACJ,CACF,CACF,CACF,EAEA,WAAY,CACV,GAAI,CAAE,QAAS,gBAAiB,MAAO,OAAQ,EAC/C,QAAS,UACT,OAAQ,CACN,QAAS,CAEP,GAAI,CAAE,QAAS,MAAO,EACtB,OAAQ,CACN,GAAI,UACJ,IAAK,sBACL,MAAO,CAAE,QAASZ,CAAS,EAC3B,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASF,EAAe,CAAC,CAAE,MAAAS,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CAAE,MAAO,SAAU,EAAE,CAC/C,CACF,CACF,CACF,EAEA,KAAM,CACJ,MAAOpB,EAAO,CACZ,kBAAmB,CACjB,wBAAyB,qBAC3B,CACF,CAAC,EACD,KAAMA,EAAO,CACX,kBAAmB,CACjB,wBAAyBL,EAAwB,IACnD,CACF,CAAC,EACD,OAAQ,CACN,GAAI,aACJ,IAAK,aACL,MAAO,CAAC,CAAE,QAAA0B,CAAQ,IAAMA,EAAQ,MAChC,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASV,EAAe,CAAC,CAAE,MAAAS,CAAM,IAC/BA,EAAM,OAAO,MAAOM,GAClBA,EAAQ,aAAa,OAAO,CAC1B,QAAS,IACP5B,EACE,IAAIO,EAAmB,yBAAyB,CAClD,EACF,KAAOsB,GACL5B,EAAM,CACJ,MAAO,UACP,OAAQ,CAAE,IAAK2B,EAAQ,IAAK,aAAAC,CAAa,CAC3C,CAAC,CACL,CAAC,CACH,CACF,CACF,CACF,CACF,CACF,CACF,EAEA,cAAe,CACb,GAAI,CACF,QAAS,iBACT,mBAAoB,cACpB,MAAO,OACT,EACA,OAAQ,CACN,GAAI,gBACJ,IAAK,gBACL,MAAO,CAAC,CAAE,QAAAN,CAAQ,IAChBA,EAAQ,eAAe,MAAOC,GAC5Bd,EAAgB,CACd,eAAgBa,EAAQ,MAAM,eAC9B,cAAeA,EAAQ,MAAM,cAC7B,aAAc,IACZX,EACEY,EAAM,cAAgBD,EAAQ,MAAM,aACpC,sDACF,EACF,IAAK,IACHX,EACEY,EAAM,KAAOD,EAAQ,MAAM,IAC3B,4CACF,CACJ,CAAC,CACH,EACF,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASV,EAAe,CAAC,CAAE,MAAAS,CAAM,IAC/BA,EAAM,OAAO,IAAI,CAAC,CAAE,WAAAQ,EAAY,kBAAAC,CAAkB,KAAO,CACvD,MAAO,UACP,OAAQ,CAAE,WAAAD,EAAY,kBAAAC,CAAkB,CAC1C,EAAE,CACJ,CACF,CACF,CACF,EAEA,eAAgB,CACd,OAAQ,CACN,CAAE,OAAQ,uBAAwB,MAAO,oBAAqB,EAC9D,CAAE,OAAQ,iBAAkB,CAC9B,CACF,EAEA,gBAAiB,CAEf,GAAI,CACF,QAAS,gBACT,MAAO,OACT,EACA,OAAQ,CACN,GAAI,kBACJ,IAAK,8BACL,MAAO,CAAC,CAAE,QAAAR,CAAQ,IAChBA,EAAQ,eACL,QACC,IACE,IAAIlB,EACF,+CACF,CACJ,EACC,MAAOmB,GACNd,EAAgB,CACd,eAAgBa,EAAQ,MAAM,eAC9B,QAASA,EAAQ,MAAM,QACvB,WAAYA,EAAQ,MAAM,WAC1B,YAAaA,EAAQ,MAAM,YAC3B,IAAK,IACHX,EACEY,EAAM,KAAOD,EAAQ,MAAM,IAC3B,8CACF,EACF,aAAc,IACZX,EACEY,EAAM,cAAgBD,EAAQ,MAAM,aACpC,sDACF,EACF,WAAY,IACVX,EACEY,EAAM,WACN,qDACF,EACF,kBAAmB,IACjBZ,EACEY,EAAM,kBACN,6DACF,CACJ,CAAC,CACH,EACJ,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASX,EAAe,CAAC,CAAE,MAAAS,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CACtB,MAAO,UACP,OAAQ,CAAE,qBAAsB,EAAK,CACvC,EAAE,CACJ,CACF,CACF,CACF,EAEA,qBAAsB,CACpB,GAAI,CAAE,QAAS,UAAW,MAAO,OAAQ,EACzC,OAAQ,CACN,GAAI,uBACJ,IAAK,uBACL,MAAO,CAAC,CAAE,QAAAC,CAAQ,IAChBA,EAAQ,eAAe,MAAOC,GAC5BZ,EACEY,EAAM,kBACN,4BACF,EAAE,IAAKO,IAAuB,CAC5B,kBAAAA,EACA,QAASR,EAAQ,MAAM,OACzB,EAAE,CACJ,EACF,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASV,EAAe,CAAC,CAAE,MAAAS,CAAM,IAC/BA,EAAM,OAAO,IAAKU,IAAmB,CACnC,MAAO,UACP,OAAQ,CAAE,cAAAA,CAAc,CAC1B,EAAE,CACJ,CACF,CACF,CACF,EAEA,QAAS,CAAE,KAAM,OAAQ,EAEzB,MAAO,CAAE,KAAM,OAAQ,CACzB,EAEA,OAAQ,CAAC,CAAE,QAAAT,CAAQ,IACjBA,EAAQ,eAAe,MAAOC,GAC5Bd,EAAgB,CACd,aAAc,IACZE,EACEY,EAAM,cAAgBD,EAAQ,MAAM,aACpC,qCACF,EACF,IAAK,IACHX,EACEY,EAAM,KAAOD,EAAQ,MAAM,IAC3B,2BACF,EACF,gBAAiB,IACfX,EACEY,EAAM,mBAAmB,QAAQ,EAAE,QAAQ,EAC3C,wCACF,EACF,cAAe,IACbZ,EACEY,EAAM,cACN,sCACF,CACJ,CAAC,CACH,CACJ,CAAC,CACH,CAEA,oBAAoBP,EAA0B,CAC5C,MAAO,CACL,WAAagB,GACX,KAAK,KACHA,EAAK,MAAM,eACX,IAAIzB,EAA4BS,CAAW,CAC7C,EAAE,IAAI,EAER,YAAcgB,GAIR,CACJ,KAAM,CAAE,eAAAC,EAAgB,QAAAC,CAAQ,EAAIF,EAAK,MACzC,OAAOlC,EAAY,WAAWkC,EAAK,MAAM,YAAY,EAClD,MAAOJ,GACN,KAAK,KACHK,EACA,IAAIzB,EAA6B0B,EAASN,CAAY,CACxD,CACF,EACC,IAAI,CACT,EAEA,cAAgBI,GAWdlC,EAAY,WAAWkC,EAAK,KAAK,EAC9B,MAAM,CAAC,CAAE,cAAAG,EAAe,eAAAF,EAAgB,aAAAL,EAAc,IAAAH,CAAI,IACzDQ,EACG,kBAAkBL,EAAcH,CAAG,EACnC,IAAKI,IAAgB,CACpB,WAAAA,EACA,kBACEA,EAAW,KAAKM,CAAa,GAAG,GAChCzB,EAAgB,SAAS,QAAQyB,CAAa,MAAM,CACxD,EAAE,CACN,EACC,IAAI,EAET,qBAAsB,MAAOH,GAYpB,QAAQ,QACbA,EAAK,MACF,MAAM,CAAC,CAAE,kBAAAF,EAAmB,QAAAI,CAAQ,IACnCJ,EACG,gBAAgBI,CAAO,EACvB,SACC,IAAIvC,EACF,8EACF,CACF,CACJ,EACC,IAAKyC,GAAQA,EAAI,UAAU,CAChC,CAEJ,CACF,CAEQ,KACNH,EACAI,EAKA,CACA,OAAOJ,EACJ,aAAa,EACb,MAAOK,GAAcD,EAAW,IAAIC,CAAS,CAAC,EAC9C,MAAOX,GAAYM,EAAe,aAAaN,CAAO,CAAC,CAC5D,CACF",
+  "names": ["OpenAppDeviceAction", "UnknownDAError", "UserInteractionRequired", "XStateDeviceAction", "EitherAsync", "Left", "Right", "assign", "fromPromise", "setup", "LKRPMissingDataError", "LKRPUnauthorizedError", "LKRPUnhandledState", "SignChallengeWithDeviceTask", "SignChallengeWithKeypairTask", "eitherSeqRecord", "LKRPBlockStream", "required", "raiseAndAssign", "AddToTrustchainDeviceAction", "APP_NAME", "AuthenticateDeviceAction", "internalApi", "deviceAuth", "keypairAuth", "getTrustchain", "extractEncryptionKey", "event", "context", "state", "input", "jwt", "error", "payload", "trustchainId", "trustchain", "applicationStream", "encryptionKey", "args", "lkrpDataSource", "keypair", "applicationId", "key", "signerTask", "challenge"]
+}

package/lib/esm/internal/app-binder/task/InitTask.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{CommandResultStatus as t}from"@ledgerhq/device-management-kit";import{Left as i,Right as o}from"purify-ts";import{Curve as a}from"../../../api/crypto/CryptoService";import{InitCommand as p}from"../../app-binder/command/InitCommand";class u{constructor(r,e){this.api=r;this.cryptoService=e}async run(){const r=await this.cryptoService.createKeyPair(a.K256),e=await this.api.sendCommand(new p({publicKey:r.getPublicKey()}));return e.status!==t.Success?i(e.error):o(r)}}export{u as InitTask};
+import{CommandResultStatus as e}from"@ledgerhq/device-management-kit";import{Left as o,Right as i}from"purify-ts";import{InitCommand as a}from"../../app-binder/command/InitCommand";import{CryptoUtils as m}from"../../utils/crypto";class u{constructor(r){this.api=r}async run(){const r=m.randomKeypair(),t=await this.api.sendCommand(new a({publicKey:r.pubKeyToU8a()}));return t.status!==e.Success?o(t.error):i(r)}}export{u as InitTask};
 //# sourceMappingURL=InitTask.js.map

package/lib/esm/internal/app-binder/task/InitTask.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/task/InitTask.ts"],
-  "sourcesContent": ["import {\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, Left, Right } from \"purify-ts\";\n\nimport { type CryptoService, Curve } from \"@api/crypto/CryptoService\";\nimport { type KeyPair } from \"@api/crypto/KeyPair\";\nimport { InitCommand } from \"@internal/app-binder/command/InitCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\n\nexport class InitTask {\n  constructor(\n    private readonly api: InternalApi,\n    private readonly cryptoService: CryptoService,\n  ) {}\n\n  async run(): Promise<Either<LKRPDeviceCommandError, KeyPair>> {\n    const sessionKeypair = await this.cryptoService.createKeyPair(Curve.K256);\n    const response = await this.api.sendCommand(\n      new InitCommand({ publicKey: sessionKeypair.getPublicKey() }),\n    );\n\n    return response.status !== CommandResultStatus.Success\n      ? Left(response.error)\n      : Right(sessionKeypair);\n  }\n}\n"],
-  "mappings": "AAAA,OACE,uBAAAA,MAEK,kCACP,OAAsB,QAAAC,EAAM,SAAAC,MAAa,YAEzC,OAA6B,SAAAC,MAAa,4BAE1C,OAAS,eAAAC,MAAmB,2CAGrB,MAAMC,CAAS,CACpB,YACmBC,EACAC,EACjB,CAFiB,SAAAD,EACA,mBAAAC,CAChB,CAEH,MAAM,KAAwD,CAC5D,MAAMC,EAAiB,MAAM,KAAK,cAAc,cAAcL,EAAM,IAAI,EAClEM,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIL,EAAY,CAAE,UAAWI,EAAe,aAAa,CAAE,CAAC,CAC9D,EAEA,OAAOC,EAAS,SAAWT,EAAoB,QAC3CC,EAAKQ,EAAS,KAAK,EACnBP,EAAMM,CAAc,CAC1B,CACF",
-  "names": ["CommandResultStatus", "Left", "Right", "Curve", "InitCommand", "InitTask", "api", "cryptoService", "sessionKeypair", "response"]
+  "sourcesContent": ["import {\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, Left, Right } from \"purify-ts\";\n\nimport { type Keypair } from \"@api/index\";\nimport { InitCommand } from \"@internal/app-binder/command/InitCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { CryptoUtils } from \"@internal/utils/crypto\";\n\nexport class InitTask {\n  constructor(private readonly api: InternalApi) {}\n\n  async run(): Promise<Either<LKRPDeviceCommandError, Keypair>> {\n    const sessionKeypair = CryptoUtils.randomKeypair();\n    const response = await this.api.sendCommand(\n      new InitCommand({ publicKey: sessionKeypair.pubKeyToU8a() }),\n    );\n\n    return response.status !== CommandResultStatus.Success\n      ? Left(response.error)\n      : Right(sessionKeypair);\n  }\n}\n"],
+  "mappings": "AAAA,OACE,uBAAAA,MAEK,kCACP,OAAsB,QAAAC,EAAM,SAAAC,MAAa,YAGzC,OAAS,eAAAC,MAAmB,2CAE5B,OAAS,eAAAC,MAAmB,yBAErB,MAAMC,CAAS,CACpB,YAA6BC,EAAkB,CAAlB,SAAAA,CAAmB,CAEhD,MAAM,KAAwD,CAC5D,MAAMC,EAAiBH,EAAY,cAAc,EAC3CI,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIL,EAAY,CAAE,UAAWI,EAAe,YAAY,CAAE,CAAC,CAC7D,EAEA,OAAOC,EAAS,SAAWR,EAAoB,QAC3CC,EAAKO,EAAS,KAAK,EACnBN,EAAMK,CAAc,CAC1B,CACF",
+  "names": ["CommandResultStatus", "Left", "Right", "InitCommand", "CryptoUtils", "InitTask", "api", "sessionKeypair", "response"]
 }

package/lib/esm/internal/app-binder/task/ParseStreamToDeviceTask.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{bufferToHexaString as u,CommandResultStatus as i}from"@ledgerhq/device-management-kit";import{EitherAsync as o,Left as s,Right as n}from"purify-ts";import{LKRPUnknownError as m}from"../../../api/model/Errors";import{ParseBlockSignatureCommand as c}from"../../app-binder/command/ParseBlockSignatureCommand";import{ParseSingleCommand as d}from"../../app-binder/command/ParseStreamBlockCommand";import{ParseBlockHeaderCommand as p}from"../../app-binder/command/ParseStreamBlockHeader";import{SetTrustedMemberCommand as P}from"../../app-binder/command/SetTrustedMemberCommand";import{eitherSeqRecord as f}from"../../utils/eitherSeqRecord";import{TrustedProperties as h}from"./utils/TrustedProperties";class K{constructor(t){this.api=t}lastTrustedMember=null;trustedMembers=new Map;run({seedBlock:t,applicationStream:r}){return this.parseBlock(t).chain(()=>r?this.parseStream(r):o.liftEither(n(void 0)))}parseStream(t){return o.liftEither(t.parse()).chain(r=>o.sequence(r.map(e=>this.parseBlock(e))))}parseBlock(t){return o.liftEither(t.parse()).chain(r=>this.setTrustedMember(u(r.issuer,!1)).map(()=>r)).chain(async r=>{try{const e=await this.api.sendCommand(new p(r));if(e.status!==i.Success)return s(e.error)}catch(e){return s(new m(String(e)))}return n(r)}).chain(r=>o.sequence(r.commands.map(e=>this.parseCommand(e,u(r.issuer,!1)))).map(()=>r)).chain(async r=>{try{const e=await this.api.sendCommand(new c(r));if(e.status!==i.Success)return s(e.error)}catch(e){return s(new m(String(e)))}return n(void 0)})}parseCommand(t,r){const e=t.getPublicKey().orDefault(r);return this.setTrustedMember(e).chain(async()=>{try{const a=await this.api.sendCommand(new d({command:t.toU8A()}));return a.status!==i.Success?s(a.error):this.recordTrustedMembers(e,a.data)}catch(a){return s(new m(String(a)))}})}setTrustedMember(t){return o.fromPromise(async()=>{if(t===this.lastTrustedMember)return n(void 0);const r=this.trustedMembers.get(t);if(!r)return n(void 0);try{const e=await this.api.sendCommand(new P(r));if(e.status!==i.Success)return s(e.error)}catch(e){return s(new m(String(e)))}return n(void 0)})}recordTrustedMembers(t,r){if(this.lastTrustedMember=t,r.length===0||this.trustedMembers.has(t))return n(void 0);const e=new h(r);return f({iv:()=>e.getIv(),memberTlv:()=>e.getNewMember()}).ifRight(a=>this.trustedMembers.set(t,a))}}export{K as ParseStreamToDeviceTask};
+import{CommandResultStatus as i,UnknownDAError as m}from"@ledgerhq/device-management-kit";import{EitherAsync as o,Left as s,Right as n}from"purify-ts";import{ParseBlockSignatureCommand as c}from"../../app-binder/command/ParseBlockSignatureCommand";import{ParseSingleCommand as d}from"../../app-binder/command/ParseStreamBlockCommand";import{ParseBlockHeaderCommand as p}from"../../app-binder/command/ParseStreamBlockHeader";import{SetTrustedMemberCommand as P}from"../../app-binder/command/SetTrustedMemberCommand";import{eitherSeqRecord as h}from"../../utils/eitherSeqRecord";import{bytesToHex as u}from"../../utils/hex";import{TrustedProperties as f}from"./utils/TrustedProperties";class M{constructor(t){this.api=t}lastTrustedMember=null;trustedMembers=new Map;run({seedBlock:t,applicationStream:r}){return this.parseBlock(t).chain(()=>r?this.parseStream(r):o.liftEither(n(void 0)))}parseStream(t){return o.liftEither(t.parse()).chain(r=>o.sequence(r.map(e=>this.parseBlock(e))))}parseBlock(t){return o.liftEither(t.parse()).chain(r=>this.setTrustedMember(u(r.issuer)).map(()=>r)).chain(async r=>{try{const e=await this.api.sendCommand(new p(r));if(e.status!==i.Success)return s(e.error)}catch(e){return s(new m(String(e)))}return n(r)}).chain(r=>o.sequence(r.commands.map(e=>this.parseCommand(e,u(r.issuer)))).map(()=>r)).chain(async r=>{try{const e=await this.api.sendCommand(new c(r));if(e.status!==i.Success)return s(e.error)}catch(e){return s(new m(String(e)))}return n(void 0)})}parseCommand(t,r){const e=t.getPublicKey().orDefault(r);return this.setTrustedMember(e).chain(async()=>{try{const a=await this.api.sendCommand(new d({command:t.toU8A()}));return a.status!==i.Success?s(a.error):this.recordTrustedMembers(e,a.data)}catch(a){return s(new m(String(a)))}})}setTrustedMember(t){return o.fromPromise(async()=>{if(t===this.lastTrustedMember)return n(void 0);const r=this.trustedMembers.get(t);if(!r)return n(void 0);try{const e=await this.api.sendCommand(new P(r));if(e.status!==i.Success)return s(e.error)}catch(e){return s(new m(String(e)))}return n(void 0)})}recordTrustedMembers(t,r){if(this.lastTrustedMember=t,r.length===0||this.trustedMembers.has(t))return n(void 0);const e=new f(r);return h({iv:()=>e.getIv(),memberTlv:()=>e.getNewMember()}).ifRight(a=>this.trustedMembers.set(t,a))}}export{M as ParseStreamToDeviceTask};
 //# sourceMappingURL=ParseStreamToDeviceTask.js.map

package/lib/esm/internal/app-binder/task/ParseStreamToDeviceTask.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/task/ParseStreamToDeviceTask.ts"],
-  "sourcesContent": ["import {\n  bufferToHexaString,\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Right } from \"purify-ts\";\n\nimport {\n  type LKRPMissingDataError,\n  type LKRPParsingError,\n  LKRPUnknownError,\n} from \"@api/model/Errors\";\nimport { ParseBlockSignatureCommand } from \"@internal/app-binder/command/ParseBlockSignatureCommand\";\nimport { ParseSingleCommand } from \"@internal/app-binder/command/ParseStreamBlockCommand\";\nimport { ParseBlockHeaderCommand } from \"@internal/app-binder/command/ParseStreamBlockHeader\";\nimport {\n  SetTrustedMemberCommand,\n  type SetTrustedMemberCommandArgs,\n} from \"@internal/app-binder/command/SetTrustedMemberCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { type LKRPBlockParsedData } from \"@internal/models/LKRPBlockTypes\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { type LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\nimport { type LKRPCommand } from \"@internal/utils/LKRPCommand\";\n\nimport { TrustedProperties } from \"./utils/TrustedProperties\";\n\nexport type ParseStreamToDeviceTaskInput = {\n  seedBlock: LKRPBlock; // The seed block is mandatory for now because the trustchain creation / parse empty stream are not yet implemented\n  applicationStream: LKRPBlockStream | null;\n};\n\ntype ParseStreamTaskError =\n  | LKRPDeviceCommandError\n  | LKRPParsingError\n  | LKRPMissingDataError\n  | LKRPUnknownError;\n\nexport class ParseStreamToDeviceTask {\n  private lastTrustedMember: string | null = null;\n  private trustedMembers = new Map<string, SetTrustedMemberCommandArgs>();\n\n  constructor(private readonly api: InternalApi) {}\n\n  run({ seedBlock, applicationStream }: ParseStreamToDeviceTaskInput) {\n    return this.parseBlock(seedBlock).chain<ParseStreamTaskError, unknown>(\n      () =>\n        applicationStream\n          ? this.parseStream(applicationStream)\n          : EitherAsync.liftEither(Right(undefined)),\n    );\n  }\n\n  parseStream(stream: LKRPBlockStream) {\n    return EitherAsync.liftEither(stream.parse()).chain<\n      ParseStreamTaskError,\n      unknown\n    >((blocks) =>\n      EitherAsync.sequence(blocks.map((block) => this.parseBlock(block))),\n    );\n  }\n\n  parseBlock(block: LKRPBlock) {\n    return (\n      EitherAsync.liftEither(block.parse())\n\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>((data) =>\n          this.setTrustedMember(bufferToHexaString(data.issuer, false)).map(\n            () => data,\n          ),\n        )\n\n        // Parse the block header\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>(async (data) => {\n          try {\n            const response = await this.api.sendCommand(\n              new ParseBlockHeaderCommand(data),\n            );\n            if (response.status !== CommandResultStatus.Success) {\n              return Left(response.error);\n            }\n          } catch (error) {\n            return Left(new LKRPUnknownError(String(error)));\n          }\n          return Right(data);\n        })\n\n        // Parse each command\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>((data) =>\n          EitherAsync.sequence(\n            data.commands.map((command) =>\n              this.parseCommand(\n                command,\n                bufferToHexaString(data.issuer, false),\n              ),\n            ),\n          ).map(() => data),\n        )\n\n        // Parse the block signature\n        .chain<ParseStreamTaskError, void>(async (data) => {\n          try {\n            const response = await this.api.sendCommand(\n              new ParseBlockSignatureCommand(data),\n            );\n            if (response.status !== CommandResultStatus.Success) {\n              return Left(response.error);\n            }\n          } catch (error) {\n            return Left(new LKRPUnknownError(String(error)));\n          }\n          return Right(undefined);\n        })\n    );\n  }\n\n  parseCommand(command: LKRPCommand, blockIssuer: string) {\n    const publicKey = command.getPublicKey().orDefault(blockIssuer);\n\n    // Parse the command\n    return this.setTrustedMember(publicKey).chain<\n      ParseStreamTaskError,\n      unknown\n    >(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new ParseSingleCommand({ command: command.toU8A() }),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        return this.recordTrustedMembers(publicKey, response.data);\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n    });\n  }\n\n  setTrustedMember(publicKey: string) {\n    // NOTE: Set Trusted Member only when needed\n    // i.e: when this command wasn't signed by the device (see recordTrustedMembers NOTE) nor the last trusted member\n    return EitherAsync.fromPromise<ParseStreamTaskError, void>(async () => {\n      if (publicKey === this.lastTrustedMember) {\n        return Right(undefined);\n      }\n      const trustedMember = this.trustedMembers.get(publicKey);\n      if (!trustedMember) {\n        return Right(undefined);\n      }\n      try {\n        const response = await this.api.sendCommand(\n          new SetTrustedMemberCommand(trustedMember),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n      return Right(undefined);\n    });\n  }\n\n  recordTrustedMembers(\n    publicKey: string,\n    trustedPropsBytes: Uint8Array,\n  ): Either<LKRPParsingError | LKRPMissingDataError, unknown> {\n    this.lastTrustedMember = publicKey;\n\n    // NOTE: Whenever a command which was signed by the device is parsed on the same device\n    // the parse block apdu returns empty trusted properties.\n    // Therefore this function will never record the device as a trusted member.\n    // (which is fine because the device doesn't need to set itself as a trusted member).\n    if (trustedPropsBytes.length === 0 || this.trustedMembers.has(publicKey)) {\n      return Right(undefined);\n    }\n\n    const trustedProps = new TrustedProperties(trustedPropsBytes);\n    return eitherSeqRecord({\n      iv: () => trustedProps.getIv(),\n      memberTlv: () => trustedProps.getNewMember(),\n    }).ifRight((trustedMember) =>\n      this.trustedMembers.set(publicKey, trustedMember),\n    );\n  }\n}\n"],
-  "mappings": "AAAA,OACE,sBAAAA,EACA,uBAAAC,MAEK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YAEtD,OAGE,oBAAAC,MACK,oBACP,OAAS,8BAAAC,MAAkC,0DAC3C,OAAS,sBAAAC,MAA0B,uDACnC,OAAS,2BAAAC,MAA+B,sDACxC,OACE,2BAAAC,MAEK,uDAGP,OAAS,mBAAAC,MAAuB,kCAKhC,OAAS,qBAAAC,MAAyB,4BAa3B,MAAMC,CAAwB,CAInC,YAA6BC,EAAkB,CAAlB,SAAAA,CAAmB,CAHxC,kBAAmC,KACnC,eAAiB,IAAI,IAI7B,IAAI,CAAE,UAAAC,EAAW,kBAAAC,CAAkB,EAAiC,CAClE,OAAO,KAAK,WAAWD,CAAS,EAAE,MAChC,IACEC,EACI,KAAK,YAAYA,CAAiB,EAClCb,EAAY,WAAWE,EAAM,MAAS,CAAC,CAC/C,CACF,CAEA,YAAYY,EAAyB,CACnC,OAAOd,EAAY,WAAWc,EAAO,MAAM,CAAC,EAAE,MAG3CC,GACDf,EAAY,SAASe,EAAO,IAAKC,GAAU,KAAK,WAAWA,CAAK,CAAC,CAAC,CACpE,CACF,CAEA,WAAWA,EAAkB,CAC3B,OACEhB,EAAY,WAAWgB,EAAM,MAAM,CAAC,EAEjC,MAAkDC,GACjD,KAAK,iBAAiBnB,EAAmBmB,EAAK,OAAQ,EAAK,CAAC,EAAE,IAC5D,IAAMA,CACR,CACF,EAGC,MAAiD,MAAOA,GAAS,CAChE,GAAI,CACF,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIZ,EAAwBW,CAAI,CAClC,EACA,GAAIC,EAAS,SAAWnB,EAAoB,QAC1C,OAAOE,EAAKiB,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,OAAOlB,EAAK,IAAIE,EAAiB,OAAOgB,CAAK,CAAC,CAAC,CACjD,CACA,OAAOjB,EAAMe,CAAI,CACnB,CAAC,EAGA,MAAkDA,GACjDjB,EAAY,SACViB,EAAK,SAAS,IAAKG,GACjB,KAAK,aACHA,EACAtB,EAAmBmB,EAAK,OAAQ,EAAK,CACvC,CACF,CACF,EAAE,IAAI,IAAMA,CAAI,CAClB,EAGC,MAAkC,MAAOA,GAAS,CACjD,GAAI,CACF,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAId,EAA2Ba,CAAI,CACrC,EACA,GAAIC,EAAS,SAAWnB,EAAoB,QAC1C,OAAOE,EAAKiB,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,OAAOlB,EAAK,IAAIE,EAAiB,OAAOgB,CAAK,CAAC,CAAC,CACjD,CACA,OAAOjB,EAAM,MAAS,CACxB,CAAC,CAEP,CAEA,aAAakB,EAAsBC,EAAqB,CACtD,MAAMC,EAAYF,EAAQ,aAAa,EAAE,UAAUC,CAAW,EAG9D,OAAO,KAAK,iBAAiBC,CAAS,EAAE,MAGtC,SAAY,CACZ,GAAI,CACF,MAAMJ,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIb,EAAmB,CAAE,QAASe,EAAQ,MAAM,CAAE,CAAC,CACrD,EACA,OAAIF,EAAS,SAAWnB,EAAoB,QACnCE,EAAKiB,EAAS,KAAK,EAErB,KAAK,qBAAqBI,EAAWJ,EAAS,IAAI,CAC3D,OAASC,EAAO,CACd,OAAOlB,EAAK,IAAIE,EAAiB,OAAOgB,CAAK,CAAC,CAAC,CACjD,CACF,CAAC,CACH,CAEA,iBAAiBG,EAAmB,CAGlC,OAAOtB,EAAY,YAAwC,SAAY,CACrE,GAAIsB,IAAc,KAAK,kBACrB,OAAOpB,EAAM,MAAS,EAExB,MAAMqB,EAAgB,KAAK,eAAe,IAAID,CAAS,EACvD,GAAI,CAACC,EACH,OAAOrB,EAAM,MAAS,EAExB,GAAI,CACF,MAAMgB,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIX,EAAwBgB,CAAa,CAC3C,EACA,GAAIL,EAAS,SAAWnB,EAAoB,QAC1C,OAAOE,EAAKiB,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,OAAOlB,EAAK,IAAIE,EAAiB,OAAOgB,CAAK,CAAC,CAAC,CACjD,CACA,OAAOjB,EAAM,MAAS,CACxB,CAAC,CACH,CAEA,qBACEoB,EACAE,EAC0D,CAO1D,GANA,KAAK,kBAAoBF,EAMrBE,EAAkB,SAAW,GAAK,KAAK,eAAe,IAAIF,CAAS,EACrE,OAAOpB,EAAM,MAAS,EAGxB,MAAMuB,EAAe,IAAIhB,EAAkBe,CAAiB,EAC5D,OAAOhB,EAAgB,CACrB,GAAI,IAAMiB,EAAa,MAAM,EAC7B,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,EAAE,QAASF,GACV,KAAK,eAAe,IAAID,EAAWC,CAAa,CAClD,CACF,CACF",
-  "names": ["bufferToHexaString", "CommandResultStatus", "EitherAsync", "Left", "Right", "LKRPUnknownError", "ParseBlockSignatureCommand", "ParseSingleCommand", "ParseBlockHeaderCommand", "SetTrustedMemberCommand", "eitherSeqRecord", "TrustedProperties", "ParseStreamToDeviceTask", "api", "seedBlock", "applicationStream", "stream", "blocks", "block", "data", "response", "error", "command", "blockIssuer", "publicKey", "trustedMember", "trustedPropsBytes", "trustedProps"]
+  "sourcesContent": ["import {\n  CommandResultStatus,\n  type InternalApi,\n  UnknownDAError,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Right } from \"purify-ts\";\n\nimport {\n  type LKRPMissingDataError,\n  type LKRPParsingError,\n} from \"@api/app-binder/Errors\";\nimport { type SetTrustedMemberCommandArgs } from \"@api/app-binder/SetTrustedMemberTypes\";\nimport { ParseBlockSignatureCommand } from \"@internal/app-binder/command/ParseBlockSignatureCommand\";\nimport { ParseSingleCommand } from \"@internal/app-binder/command/ParseStreamBlockCommand\";\nimport { ParseBlockHeaderCommand } from \"@internal/app-binder/command/ParseStreamBlockHeader\";\nimport { SetTrustedMemberCommand } from \"@internal/app-binder/command/SetTrustedMemberCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { bytesToHex } from \"@internal/utils/hex\";\nimport { type LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\nimport { type LKRPCommand } from \"@internal/utils/LKRPCommand\";\nimport { type LKRPBlockParsedData } from \"@internal/utils/types\";\n\nimport { TrustedProperties } from \"./utils/TrustedProperties\";\n\nexport type ParseStreamToDeviceTaskInput = {\n  seedBlock: LKRPBlock; // The seed block is mandatory for now because the trustchain creation / parse empty stream are not yet implemented\n  applicationStream: LKRPBlockStream | null;\n};\n\ntype ParseStreamTaskError =\n  | LKRPDeviceCommandError\n  | LKRPParsingError\n  | LKRPMissingDataError\n  | UnknownDAError;\n\nexport class ParseStreamToDeviceTask {\n  private lastTrustedMember: string | null = null;\n  private trustedMembers = new Map<string, SetTrustedMemberCommandArgs>();\n\n  constructor(private readonly api: InternalApi) {}\n\n  run({ seedBlock, applicationStream }: ParseStreamToDeviceTaskInput) {\n    return this.parseBlock(seedBlock).chain<ParseStreamTaskError, unknown>(\n      () =>\n        applicationStream\n          ? this.parseStream(applicationStream)\n          : EitherAsync.liftEither(Right(undefined)),\n    );\n  }\n\n  parseStream(stream: LKRPBlockStream) {\n    return EitherAsync.liftEither(stream.parse()).chain<\n      ParseStreamTaskError,\n      unknown\n    >((blocks) =>\n      EitherAsync.sequence(blocks.map((block) => this.parseBlock(block))),\n    );\n  }\n\n  parseBlock(block: LKRPBlock) {\n    return (\n      EitherAsync.liftEither(block.parse())\n\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>((data) =>\n          this.setTrustedMember(bytesToHex(data.issuer)).map(() => data),\n        )\n\n        // Parse the block header\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>(async (data) => {\n          try {\n            const response = await this.api.sendCommand(\n              new ParseBlockHeaderCommand(data),\n            );\n            if (response.status !== CommandResultStatus.Success) {\n              return Left(response.error);\n            }\n          } catch (error) {\n            return Left(new UnknownDAError(String(error)));\n          }\n          return Right(data);\n        })\n\n        // Parse each command\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>((data) =>\n          EitherAsync.sequence(\n            data.commands.map((command) =>\n              this.parseCommand(command, bytesToHex(data.issuer)),\n            ),\n          ).map(() => data),\n        )\n\n        // Parse the block signature\n        .chain<ParseStreamTaskError, void>(async (data) => {\n          try {\n            const response = await this.api.sendCommand(\n              new ParseBlockSignatureCommand(data),\n            );\n            if (response.status !== CommandResultStatus.Success) {\n              return Left(response.error);\n            }\n          } catch (error) {\n            return Left(new UnknownDAError(String(error)));\n          }\n          return Right(undefined);\n        })\n    );\n  }\n\n  parseCommand(command: LKRPCommand, blockIssuer: string) {\n    const publicKey = command.getPublicKey().orDefault(blockIssuer);\n\n    // Parse the command\n    return this.setTrustedMember(publicKey).chain<\n      ParseStreamTaskError,\n      unknown\n    >(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new ParseSingleCommand({ command: command.toU8A() }),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        return this.recordTrustedMembers(publicKey, response.data);\n      } catch (error) {\n        return Left(new UnknownDAError(String(error)));\n      }\n    });\n  }\n\n  setTrustedMember(publicKey: string) {\n    // NOTE: Set Trusted Member only when needed\n    // i.e: when this command wasn't signed by the device (see recordTrustedMembers NOTE) nor the last trusted member\n    return EitherAsync.fromPromise<ParseStreamTaskError, void>(async () => {\n      if (publicKey === this.lastTrustedMember) {\n        return Right(undefined);\n      }\n      const trustedMember = this.trustedMembers.get(publicKey);\n      if (!trustedMember) {\n        return Right(undefined);\n      }\n      try {\n        const response = await this.api.sendCommand(\n          new SetTrustedMemberCommand(trustedMember),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n      } catch (error) {\n        return Left(new UnknownDAError(String(error)));\n      }\n      return Right(undefined);\n    });\n  }\n\n  recordTrustedMembers(\n    publicKey: string,\n    trustedPropsBytes: Uint8Array,\n  ): Either<LKRPParsingError | LKRPMissingDataError, unknown> {\n    this.lastTrustedMember = publicKey;\n\n    // NOTE: Whenever a command which was signed by the device is parsed on the same device\n    // the parse block apdu returns empty trusted properties.\n    // Therefore this function will never record the device as a trusted member.\n    // (which is fine because the device doesn't need to set itself as a trusted member).\n    if (trustedPropsBytes.length === 0 || this.trustedMembers.has(publicKey)) {\n      return Right(undefined);\n    }\n\n    const trustedProps = new TrustedProperties(trustedPropsBytes);\n    return eitherSeqRecord({\n      iv: () => trustedProps.getIv(),\n      memberTlv: () => trustedProps.getNewMember(),\n    }).ifRight((trustedMember) =>\n      this.trustedMembers.set(publicKey, trustedMember),\n    );\n  }\n}\n"],
+  "mappings": "AAAA,OACE,uBAAAA,EAEA,kBAAAC,MACK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YAOtD,OAAS,8BAAAC,MAAkC,0DAC3C,OAAS,sBAAAC,MAA0B,uDACnC,OAAS,2BAAAC,MAA+B,sDACxC,OAAS,2BAAAC,MAA+B,uDAExC,OAAS,mBAAAC,MAAuB,kCAChC,OAAS,cAAAC,MAAkB,sBAM3B,OAAS,qBAAAC,MAAyB,4BAa3B,MAAMC,CAAwB,CAInC,YAA6BC,EAAkB,CAAlB,SAAAA,CAAmB,CAHxC,kBAAmC,KACnC,eAAiB,IAAI,IAI7B,IAAI,CAAE,UAAAC,EAAW,kBAAAC,CAAkB,EAAiC,CAClE,OAAO,KAAK,WAAWD,CAAS,EAAE,MAChC,IACEC,EACI,KAAK,YAAYA,CAAiB,EAClCb,EAAY,WAAWE,EAAM,MAAS,CAAC,CAC/C,CACF,CAEA,YAAYY,EAAyB,CACnC,OAAOd,EAAY,WAAWc,EAAO,MAAM,CAAC,EAAE,MAG3CC,GACDf,EAAY,SAASe,EAAO,IAAKC,GAAU,KAAK,WAAWA,CAAK,CAAC,CAAC,CACpE,CACF,CAEA,WAAWA,EAAkB,CAC3B,OACEhB,EAAY,WAAWgB,EAAM,MAAM,CAAC,EAEjC,MAAkDC,GACjD,KAAK,iBAAiBT,EAAWS,EAAK,MAAM,CAAC,EAAE,IAAI,IAAMA,CAAI,CAC/D,EAGC,MAAiD,MAAOA,GAAS,CAChE,GAAI,CACF,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIb,EAAwBY,CAAI,CAClC,EACA,GAAIC,EAAS,SAAWpB,EAAoB,QAC1C,OAAOG,EAAKiB,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,OAAOlB,EAAK,IAAIF,EAAe,OAAOoB,CAAK,CAAC,CAAC,CAC/C,CACA,OAAOjB,EAAMe,CAAI,CACnB,CAAC,EAGA,MAAkDA,GACjDjB,EAAY,SACViB,EAAK,SAAS,IAAKG,GACjB,KAAK,aAAaA,EAASZ,EAAWS,EAAK,MAAM,CAAC,CACpD,CACF,EAAE,IAAI,IAAMA,CAAI,CAClB,EAGC,MAAkC,MAAOA,GAAS,CACjD,GAAI,CACF,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIf,EAA2Bc,CAAI,CACrC,EACA,GAAIC,EAAS,SAAWpB,EAAoB,QAC1C,OAAOG,EAAKiB,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,OAAOlB,EAAK,IAAIF,EAAe,OAAOoB,CAAK,CAAC,CAAC,CAC/C,CACA,OAAOjB,EAAM,MAAS,CACxB,CAAC,CAEP,CAEA,aAAakB,EAAsBC,EAAqB,CACtD,MAAMC,EAAYF,EAAQ,aAAa,EAAE,UAAUC,CAAW,EAG9D,OAAO,KAAK,iBAAiBC,CAAS,EAAE,MAGtC,SAAY,CACZ,GAAI,CACF,MAAMJ,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAId,EAAmB,CAAE,QAASgB,EAAQ,MAAM,CAAE,CAAC,CACrD,EACA,OAAIF,EAAS,SAAWpB,EAAoB,QACnCG,EAAKiB,EAAS,KAAK,EAErB,KAAK,qBAAqBI,EAAWJ,EAAS,IAAI,CAC3D,OAASC,EAAO,CACd,OAAOlB,EAAK,IAAIF,EAAe,OAAOoB,CAAK,CAAC,CAAC,CAC/C,CACF,CAAC,CACH,CAEA,iBAAiBG,EAAmB,CAGlC,OAAOtB,EAAY,YAAwC,SAAY,CACrE,GAAIsB,IAAc,KAAK,kBACrB,OAAOpB,EAAM,MAAS,EAExB,MAAMqB,EAAgB,KAAK,eAAe,IAAID,CAAS,EACvD,GAAI,CAACC,EACH,OAAOrB,EAAM,MAAS,EAExB,GAAI,CACF,MAAMgB,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIZ,EAAwBiB,CAAa,CAC3C,EACA,GAAIL,EAAS,SAAWpB,EAAoB,QAC1C,OAAOG,EAAKiB,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,OAAOlB,EAAK,IAAIF,EAAe,OAAOoB,CAAK,CAAC,CAAC,CAC/C,CACA,OAAOjB,EAAM,MAAS,CACxB,CAAC,CACH,CAEA,qBACEoB,EACAE,EAC0D,CAO1D,GANA,KAAK,kBAAoBF,EAMrBE,EAAkB,SAAW,GAAK,KAAK,eAAe,IAAIF,CAAS,EACrE,OAAOpB,EAAM,MAAS,EAGxB,MAAMuB,EAAe,IAAIhB,EAAkBe,CAAiB,EAC5D,OAAOjB,EAAgB,CACrB,GAAI,IAAMkB,EAAa,MAAM,EAC7B,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,EAAE,QAASF,GACV,KAAK,eAAe,IAAID,EAAWC,CAAa,CAClD,CACF,CACF",
+  "names": ["CommandResultStatus", "UnknownDAError", "EitherAsync", "Left", "Right", "ParseBlockSignatureCommand", "ParseSingleCommand", "ParseBlockHeaderCommand", "SetTrustedMemberCommand", "eitherSeqRecord", "bytesToHex", "TrustedProperties", "ParseStreamToDeviceTask", "api", "seedBlock", "applicationStream", "stream", "blocks", "block", "data", "response", "error", "command", "blockIssuer", "publicKey", "trustedMember", "trustedPropsBytes", "trustedProps"]
 }

package/lib/esm/internal/app-binder/task/SignBlockTask.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{bufferToHexaString as v,CommandResultStatus as u}from"@ledgerhq/device-management-kit";import{Either as C,EitherAsync as a,Left as c,Right as h}from"purify-ts";import{EncryptionAlgo as E}from"../../../api/crypto/CryptoService";import{LKRPDataSourceError as K,LKRPOutdatedTrustchainError as k,LKRPUnknownError as l,LKRPUnsupportedCommandError as S}from"../../../api/model/Errors";import{SignBlockHeaderCommand as f}from"../../app-binder/command/SignBlockHeader";import{SignBlockSignatureCommand as A}from"../../app-binder/command/SignBlockSignatureCommand";import{SignBlockSingleCommand as w}from"../../app-binder/command/SignBlockSingleCommand";import{CommandTags as o}from"../../models/Tags";import{eitherAsyncSeqRecord as B,eitherSeqRecord as y}from"../../utils/eitherSeqRecord";import{LKRPBlock as b}from"../../utils/LKRPBlock";import{LKRPCommand as d}from"../../utils/LKRPCommand";import{TrustedProperties as P}from"./utils/TrustedProperties";class O{constructor(r,e){this.api=r;this.cryptoService=e}run({lkrpDataSource:r,trustchainId:e,path:t,jwt:n,parent:m,blockFlow:p,sessionKeypair:g}){const i=this.signCommands(t,p);return B({header:this.signBlockHeader(m,i.length),commands:a.sequence(i),signature:this.signBlockSignature(g)}).chain(async s=>this.decryptBlock(m,s)).chain(s=>{switch(p.type){case"derive":return r.postDerivation(e,s,n);case"addMember":return r.putCommands(e,t,s,n)}}).mapLeft(s=>s instanceof K&&s.status==="BAD_REQUEST"?new k:s)}signBlockHeader(r,e){return a.fromPromise(async()=>{try{const t=await this.api.sendCommand(new f({parent:r,commandCount:e}));if(t.status!==u.Success)return c(t.error);const n=new P(t.data);return y({iv:()=>n.getIv(),issuer:()=>n.getIssuer()})}catch(t){return c(new l(String(t)))}})}signBlockSignature(r){return a.fromPromise(async()=>{try{const e=await this.api.sendCommand(new A);if(e.status!==u.Success)return c(e.error);const{signature:t,deviceSessionKey:n}=e.data,m=(await r.deriveSharedSecret(n)).slice(1);return h({signature:t,secret:m})}catch(e){return c(new l(String(e)))}})}signCommands(r,e){switch(e.type){case"derive":return[this.signDeriveCommand(r),this.signAddMemberCommand(e.data),this.signPublishKeyCommand(e.data)];case"addMember":return[this.signAddMemberCommand(e.data),this.signPublishKeyCommand(e.data)]}}signSingleCommand(r){return a.fromPromise(async()=>{try{const e=await this.api.sendCommand(new w({command:r}));return e.status!==u.Success?c(e.error):h(new P(e.data))}catch(e){return c(new l(String(e)))}})}signDeriveCommand(r){return this.signSingleCommand(d.bytesFromUnsignedData({type:o.Derive,path:r})).chain(e=>a.liftEither(y({type:o.Derive,path:r,iv:()=>e.getIv(),xpriv:()=>e.getXPriv(),ephemeralPublicKey:()=>e.getEphemeralPublicKey(),commandIv:()=>e.getCommandIv(),groupKey:()=>e.getGroupKey(),newMember:()=>e.getNewMember()})))}signAddMemberCommand({name:r,publicKey:e,permissions:t}){return this.signSingleCommand(d.bytesFromUnsignedData({type:o.AddMember,name:r,publicKey:e,permissions:t})).chain(n=>a.liftEither(y({type:o.AddMember,name:r,publicKey:e,permissions:t,iv:()=>n.getIv(),newMember:()=>n.getNewMember()})))}signPublishKeyCommand({publicKey:r}){return this.signSingleCommand(d.bytesFromUnsignedData({type:o.PublishKey,recipient:r})).chain(e=>a.liftEither(y({type:o.PublishKey,recipient:r,iv:()=>e.getIv(),xpriv:()=>e.getXPriv(),ephemeralPublicKey:()=>e.getEphemeralPublicKey(),commandIv:()=>e.getCommandIv(),newMember:()=>e.getNewMember()})))}decryptBlock(r,{header:e,commands:t,signature:n}){return a(async({throwE:m})=>{const g=await this.cryptoService.importSymmetricKey(n.secret,E.AES256_GCM).decrypt(e.iv,e.issuer);return C.sequence(await Promise.all(t.map(i=>this.decryptCommand(n.secret,i).run()))).caseOf({Left:i=>{throw m(i),i},Right:i=>b.fromData({parent:v(r),issuer:g,commands:i,signature:n.signature})})})}decryptCommand(r,e){return a(async({throwE:t})=>{switch(e.type){case o.Derive:case o.PublishKey:{const m=await this.cryptoService.importSymmetricKey(r,E.AES256_GCM).decrypt(e.iv,e.xpriv);return d.fromData({...e,initializationVector:e.commandIv,encryptedXpriv:m})}case o.AddMember:return d.fromData({...e});default:throw t(new S(e)),new S(e)}})}}export{O as SignBlockTask};
+import{bufferToHexaString as k,CommandResultStatus as u,UnknownDAError as y}from"@ledgerhq/device-management-kit";import{Either as A,EitherAsync as o,Left as m,Right as p}from"purify-ts";import{SignBlockHeaderCommand as b}from"../../app-binder/command/SignBlockHeader";import{SignBlockSignatureCommand as P}from"../../app-binder/command/SignBlockSignatureCommand";import{SignBlockSingleCommand as f}from"../../app-binder/command/SignBlockSingleCommand";import{CryptoUtils as E}from"../../utils/crypto";import{eitherAsyncSeqRecord as B,eitherSeqRecord as g}from"../../utils/eitherSeqRecord";import{LKRPBlock as K}from"../../utils/LKRPBlock";import{LKRPCommand as d}from"../../utils/LKRPCommand";import{CommandTags as a,GeneralTags as l}from"../../utils/TLVTags";import{TrustedProperties as S}from"./utils/TrustedProperties";const C=new Uint8Array([3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]);class N{constructor(r){this.api=r}run({lkrpDataSource:r,trustchainId:e,path:n,jwt:t,parent:i,blockFlow:s,sessionKeypair:v}){const h=this.signCommands(n,s);return B({header:this.signBlockHeader(i,h.length),commands:o.sequence(h),signature:this.signBlockSignature(v)}).chain(c=>o.liftEither(this.decryptBlock(i,c))).chain(c=>{switch(s.type){case"derive":return r.postDerivation(e,c,t);case"addMember":return r.putCommands(e,n,c,t)}})}signBlockHeader(r,e){return o.fromPromise(async()=>{const n=Uint8Array.from([[l.Int,1,1],[l.Hash,r.length,...r],[l.PublicKey,C.length,...C],[l.Int,1,e]].flat());try{const t=await this.api.sendCommand(new b({header:n}));if(t.status!==u.Success)return m(t.error);const i=new S(t.data);return g({iv:()=>i.getIv(),issuer:()=>i.getIssuer()})}catch(t){return m(new y(String(t)))}})}signBlockSignature(r){return o.fromPromise(async()=>{try{const e=await this.api.sendCommand(new P);if(e.status!==u.Success)return m(e.error);const{signature:n,deviceSessionKey:t}=e.data,i=r.ecdh(t).slice(1);return p({signature:n,secret:i})}catch(e){return m(new y(String(e)))}})}signCommands(r,e){switch(e.type){case"derive":return[this.signDeriveCommand(r),this.signAddMemberCommand(e.data),this.signPublishKeyCommand(e.data)];case"addMember":return[this.signAddMemberCommand(e.data),this.signPublishKeyCommand(e.data)]}}signSingleCommand(r){return o.fromPromise(async()=>{try{const e=await this.api.sendCommand(new f({command:r}));return e.status!==u.Success?m(e.error):p(new S(e.data))}catch(e){return m(new y(String(e)))}})}signDeriveCommand(r){return this.signSingleCommand(d.bytesFromUnsignedData({type:a.Derive,path:r})).chain(e=>o.liftEither(g({type:a.Derive,path:r,iv:()=>e.getIv(),xpriv:()=>e.getXPriv(),ephemeralPublicKey:()=>e.getEphemeralPublicKey(),commandIv:()=>e.getCommandIv(),groupKey:()=>e.getGroupKey(),newMember:()=>e.getNewMember()})))}signAddMemberCommand({name:r,publicKey:e,permissions:n}){return this.signSingleCommand(d.bytesFromUnsignedData({type:a.AddMember,name:r,publicKey:e,permissions:n})).chain(t=>o.liftEither(g({type:a.AddMember,name:r,publicKey:e,permissions:n,iv:()=>t.getIv(),newMember:()=>t.getNewMember()})))}signPublishKeyCommand({publicKey:r}){return this.signSingleCommand(d.bytesFromUnsignedData({type:a.PublishKey,recipient:r})).chain(e=>o.liftEither(g({type:a.PublishKey,recipient:r,iv:()=>e.getIv(),xpriv:()=>e.getXPriv(),ephemeralPublicKey:()=>e.getEphemeralPublicKey(),commandIv:()=>e.getCommandIv(),newMember:()=>e.getNewMember()})))}decryptBlock(r,{header:e,commands:n,signature:t}){const i=E.decrypt(t.secret,e.iv,e.issuer);return A.sequence(n.map(s=>this.decryptCommand(t.secret,s))).map(s=>K.fromData({parent:k(r),issuer:i,commands:s,signature:t.signature}))}decryptCommand(r,e){switch(e.type){case a.Derive:case a.PublishKey:{const n=E.decrypt(r,e.iv,e.xpriv);return p(d.fromData({...e,initializationVector:e.commandIv,encryptedXpriv:n}))}case a.AddMember:return p(d.fromData({...e}));default:return m(new y("Unsupported command type"))}}}export{C as ISSUER_PLACEHOLDER,N as SignBlockTask};
 //# sourceMappingURL=SignBlockTask.js.map

package/lib/esm/internal/app-binder/task/SignBlockTask.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/task/SignBlockTask.ts"],
-  "sourcesContent": ["import {\n  bufferToHexaString,\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { Either, EitherAsync, Left, Right } from \"purify-ts\";\n\nimport { type CryptoService, EncryptionAlgo } from \"@api/crypto/CryptoService\";\nimport { type KeyPair } from \"@api/crypto/KeyPair\";\nimport {\n  LKRPDataSourceError,\n  type LKRPMissingDataError,\n  LKRPOutdatedTrustchainError,\n  type LKRPParsingError,\n  LKRPUnknownError,\n  LKRPUnsupportedCommandError,\n} from \"@api/model/Errors\";\nimport { type JWT } from \"@api/model/JWT\";\nimport { SignBlockHeaderCommand } from \"@internal/app-binder/command/SignBlockHeader\";\nimport { SignBlockSignatureCommand } from \"@internal/app-binder/command/SignBlockSignatureCommand\";\nimport { SignBlockSingleCommand } from \"@internal/app-binder/command/SignBlockSingleCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { type LKRPDataSource } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport {\n  type AddMemberUnsignedData,\n  type EncryptedCommand,\n  type EncryptedDeriveCommand,\n  type EncryptedPublishKeyCommand,\n} from \"@internal/models/LKRPCommandTypes\";\nimport { CommandTags } from \"@internal/models/Tags\";\nimport {\n  eitherAsyncSeqRecord,\n  eitherSeqRecord,\n} from \"@internal/utils/eitherSeqRecord\";\nimport { LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { LKRPCommand } from \"@internal/utils/LKRPCommand\";\n\nimport { TrustedProperties } from \"./utils/TrustedProperties\";\n\ntype BlockFlow =\n  | { type: \"derive\"; data: AddMemberBlockData }\n  | { type: \"addMember\"; data: AddMemberBlockData };\n\ntype AddMemberBlockData = {\n  name: string;\n  publicKey: Uint8Array;\n  permissions: number;\n};\n\ntype HeaderPayload = {\n  iv: Uint8Array;\n  issuer: Uint8Array;\n};\ntype SignaturePayload = {\n  secret: Uint8Array;\n  signature: Uint8Array;\n};\n\ntype EncryptedBlock = {\n  header: HeaderPayload;\n  commands: EncryptedCommand[];\n  signature: SignaturePayload;\n};\n\ntype SignBlockError =\n  | LKRPDeviceCommandError\n  | LKRPParsingError\n  | LKRPMissingDataError\n  | LKRPDataSourceError\n  | LKRPOutdatedTrustchainError\n  | LKRPUnknownError;\n\nexport type SignBlockTaskInput = {\n  lkrpDataSource: LKRPDataSource;\n  trustchainId: string;\n  path: string;\n  jwt: JWT;\n  parent: Uint8Array;\n  blockFlow: BlockFlow;\n  sessionKeypair: KeyPair;\n};\n\nexport class SignBlockTask {\n  constructor(\n    private readonly api: InternalApi,\n    private readonly cryptoService: CryptoService,\n  ) {}\n\n  run({\n    lkrpDataSource,\n    trustchainId,\n    path,\n    jwt,\n    parent,\n    blockFlow,\n    sessionKeypair,\n  }: SignBlockTaskInput): EitherAsync<SignBlockError, void> {\n    const commands = this.signCommands(path, blockFlow);\n    return eitherAsyncSeqRecord({\n      header: this.signBlockHeader(parent, commands.length),\n      commands: EitherAsync.sequence(commands),\n      signature: this.signBlockSignature(sessionKeypair),\n    })\n      .chain(async (encryptedBlock) =>\n        this.decryptBlock(parent, encryptedBlock),\n      )\n      .chain((block) => {\n        switch (blockFlow.type) {\n          case \"derive\":\n            return lkrpDataSource.postDerivation(trustchainId, block, jwt);\n          case \"addMember\":\n            return lkrpDataSource.putCommands(trustchainId, path, block, jwt);\n        }\n      })\n      .mapLeft((error) =>\n        error instanceof LKRPDataSourceError && error.status === \"BAD_REQUEST\"\n          ? new LKRPOutdatedTrustchainError()\n          : error,\n      );\n  }\n\n  signBlockHeader(\n    parent: Uint8Array,\n    commandCount: number,\n  ): EitherAsync<SignBlockError, HeaderPayload> {\n    return EitherAsync.fromPromise(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new SignBlockHeaderCommand({ parent, commandCount }),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        const trustedProps = new TrustedProperties(response.data);\n        return eitherSeqRecord({\n          iv: () => trustedProps.getIv(),\n          issuer: () => trustedProps.getIssuer(),\n        }) as Either<SignBlockError, HeaderPayload>;\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n    });\n  }\n\n  signBlockSignature(\n    sessionKeypair: KeyPair,\n  ): EitherAsync<SignBlockError, SignaturePayload> {\n    return EitherAsync.fromPromise(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new SignBlockSignatureCommand(),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        const { signature, deviceSessionKey } = response.data;\n        // At this step, the shared secret is used directly as an encryption key after removing the first byte\n        const secret = (\n          await sessionKeypair.deriveSharedSecret(deviceSessionKey)\n        ).slice(1);\n        return Right({ signature, secret });\n      } catch (error) {\n        return Left(new LKRPUnknownError(String(error)));\n      }\n    });\n  }\n\n  signCommands(\n    applicationPath: string,\n    block: BlockFlow,\n  ): EitherAsync<SignBlockError, EncryptedCommand>[] {\n    switch (block.type) {\n      case \"derive\":\n        return [\n          this.signDeriveCommand(applicationPath),\n          this.signAddMemberCommand(block.data),\n          this.signPublishKeyCommand(block.data),\n        ];\n      case \"addMember\":\n        return [\n          this.signAddMemberCommand(block.data),\n          this.signPublishKeyCommand(block.data),\n        ];\n    }\n  }\n\n  signSingleCommand(command: Uint8Array) {\n    return EitherAsync.fromPromise(\n      async (): Promise<Either<SignBlockError, TrustedProperties>> => {\n        try {\n          const response = await this.api.sendCommand(\n            new SignBlockSingleCommand({ command }),\n          );\n          if (response.status !== CommandResultStatus.Success) {\n            return Left(response.error);\n          }\n          return Right(new TrustedProperties(response.data));\n        } catch (error) {\n          return Left(new LKRPUnknownError(String(error)));\n        }\n      },\n    );\n  }\n\n  signDeriveCommand(applicationPath: string) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.Derive,\n        path: applicationPath,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, EncryptedDeriveCommand>(\n        eitherSeqRecord({\n          type: CommandTags.Derive,\n          path: applicationPath,\n          iv: () => trustedProps.getIv(),\n          xpriv: () => trustedProps.getXPriv(),\n          ephemeralPublicKey: () => trustedProps.getEphemeralPublicKey(),\n          commandIv: () => trustedProps.getCommandIv(),\n          groupKey: () => trustedProps.getGroupKey(),\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there\n        }),\n      ),\n    );\n  }\n\n  signAddMemberCommand({ name, publicKey, permissions }: AddMemberBlockData) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.AddMember,\n        name,\n        publicKey,\n        permissions,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, AddMemberUnsignedData>(\n        eitherSeqRecord({\n          type: CommandTags.AddMember,\n          name,\n          publicKey,\n          permissions,\n          iv: () => trustedProps.getIv(), // Just validate it's there\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there\n        }),\n      ),\n    );\n  }\n\n  signPublishKeyCommand({ publicKey }: Pick<AddMemberBlockData, \"publicKey\">) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.PublishKey,\n        recipient: publicKey,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, EncryptedPublishKeyCommand>(\n        eitherSeqRecord({\n          type: CommandTags.PublishKey,\n          recipient: publicKey,\n          iv: () => trustedProps.getIv(),\n          xpriv: () => trustedProps.getXPriv(),\n          ephemeralPublicKey: () => trustedProps.getEphemeralPublicKey(),\n          commandIv: () => trustedProps.getCommandIv(),\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there,\n        }),\n      ),\n    );\n  }\n\n  decryptBlock(\n    parent: Uint8Array,\n    { header, commands, signature }: EncryptedBlock,\n  ): EitherAsync<SignBlockError, LKRPBlock> {\n    return EitherAsync(async ({ throwE }) => {\n      const key = this.cryptoService.importSymmetricKey(\n        signature.secret,\n        EncryptionAlgo.AES256_GCM,\n      );\n      const decryptedIssuer = await key.decrypt(header.iv, header.issuer);\n      return Either.sequence(\n        await Promise.all(\n          commands.map((command) =>\n            this.decryptCommand(signature.secret, command).run(),\n          ),\n        ),\n      ).caseOf({\n        Left: (error) => {\n          throwE(error);\n          throw error;\n        },\n        Right: (decryptedCommands) =>\n          LKRPBlock.fromData({\n            parent: bufferToHexaString(parent),\n            issuer: decryptedIssuer,\n            commands: decryptedCommands,\n            signature: signature.signature,\n          }),\n      });\n    });\n  }\n\n  decryptCommand(\n    secret: Uint8Array,\n    command: EncryptedCommand,\n  ): EitherAsync<LKRPUnknownError, LKRPCommand> {\n    return EitherAsync<LKRPUnknownError, LKRPCommand>(async ({ throwE }) => {\n      switch (command.type) {\n        case CommandTags.Derive:\n        case CommandTags.PublishKey: {\n          const key = this.cryptoService.importSymmetricKey(\n            secret,\n            EncryptionAlgo.AES256_GCM,\n          );\n          const encryptedXpriv = await key.decrypt(command.iv, command.xpriv);\n          return LKRPCommand.fromData({\n            ...command,\n            initializationVector: command.commandIv,\n            encryptedXpriv,\n          });\n        }\n        case CommandTags.AddMember:\n          return LKRPCommand.fromData({ ...command });\n        default:\n          throwE(new LKRPUnsupportedCommandError(command));\n          throw new LKRPUnsupportedCommandError(command);\n      }\n    });\n  }\n}\n"],
-  "mappings": "AAAA,OACE,sBAAAA,EACA,uBAAAC,MAEK,kCACP,OAAS,UAAAC,EAAQ,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YAEjD,OAA6B,kBAAAC,MAAsB,4BAEnD,OACE,uBAAAC,EAEA,+BAAAC,EAEA,oBAAAC,EACA,+BAAAC,MACK,oBAEP,OAAS,0BAAAC,MAA8B,+CACvC,OAAS,6BAAAC,MAAiC,yDAC1C,OAAS,0BAAAC,MAA8B,sDASvC,OAAS,eAAAC,MAAmB,wBAC5B,OACE,wBAAAC,EACA,mBAAAC,MACK,kCACP,OAAS,aAAAC,MAAiB,4BAC1B,OAAS,eAAAC,MAAmB,8BAE5B,OAAS,qBAAAC,MAAyB,4BA6C3B,MAAMC,CAAc,CACzB,YACmBC,EACAC,EACjB,CAFiB,SAAAD,EACA,mBAAAC,CAChB,CAEH,IAAI,CACF,eAAAC,EACA,aAAAC,EACA,KAAAC,EACA,IAAAC,EACA,OAAAC,EACA,UAAAC,EACA,eAAAC,CACF,EAA0D,CACxD,MAAMC,EAAW,KAAK,aAAaL,EAAMG,CAAS,EAClD,OAAOb,EAAqB,CAC1B,OAAQ,KAAK,gBAAgBY,EAAQG,EAAS,MAAM,EACpD,SAAU3B,EAAY,SAAS2B,CAAQ,EACvC,UAAW,KAAK,mBAAmBD,CAAc,CACnD,CAAC,EACE,MAAM,MAAOE,GACZ,KAAK,aAAaJ,EAAQI,CAAc,CAC1C,EACC,MAAOC,GAAU,CAChB,OAAQJ,EAAU,KAAM,CACtB,IAAK,SACH,OAAOL,EAAe,eAAeC,EAAcQ,EAAON,CAAG,EAC/D,IAAK,YACH,OAAOH,EAAe,YAAYC,EAAcC,EAAMO,EAAON,CAAG,CACpE,CACF,CAAC,EACA,QAASO,GACRA,aAAiB1B,GAAuB0B,EAAM,SAAW,cACrD,IAAIzB,EACJyB,CACN,CACJ,CAEA,gBACEN,EACAO,EAC4C,CAC5C,OAAO/B,EAAY,YAAY,SAAY,CACzC,GAAI,CACF,MAAMgC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIxB,EAAuB,CAAE,OAAAgB,EAAQ,aAAAO,CAAa,CAAC,CACrD,EACA,GAAIC,EAAS,SAAWlC,EAAoB,QAC1C,OAAOG,EAAK+B,EAAS,KAAK,EAE5B,MAAMC,EAAe,IAAIjB,EAAkBgB,EAAS,IAAI,EACxD,OAAOnB,EAAgB,CACrB,GAAI,IAAMoB,EAAa,MAAM,EAC7B,OAAQ,IAAMA,EAAa,UAAU,CACvC,CAAC,CACH,OAASH,EAAO,CACd,OAAO7B,EAAK,IAAIK,EAAiB,OAAOwB,CAAK,CAAC,CAAC,CACjD,CACF,CAAC,CACH,CAEA,mBACEJ,EAC+C,CAC/C,OAAO1B,EAAY,YAAY,SAAY,CACzC,GAAI,CACF,MAAMgC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIvB,CACN,EACA,GAAIuB,EAAS,SAAWlC,EAAoB,QAC1C,OAAOG,EAAK+B,EAAS,KAAK,EAE5B,KAAM,CAAE,UAAAE,EAAW,iBAAAC,CAAiB,EAAIH,EAAS,KAE3CI,GACJ,MAAMV,EAAe,mBAAmBS,CAAgB,GACxD,MAAM,CAAC,EACT,OAAOjC,EAAM,CAAE,UAAAgC,EAAW,OAAAE,CAAO,CAAC,CACpC,OAASN,EAAO,CACd,OAAO7B,EAAK,IAAIK,EAAiB,OAAOwB,CAAK,CAAC,CAAC,CACjD,CACF,CAAC,CACH,CAEA,aACEO,EACAR,EACiD,CACjD,OAAQA,EAAM,KAAM,CAClB,IAAK,SACH,MAAO,CACL,KAAK,kBAAkBQ,CAAe,EACtC,KAAK,qBAAqBR,EAAM,IAAI,EACpC,KAAK,sBAAsBA,EAAM,IAAI,CACvC,EACF,IAAK,YACH,MAAO,CACL,KAAK,qBAAqBA,EAAM,IAAI,EACpC,KAAK,sBAAsBA,EAAM,IAAI,CACvC,CACJ,CACF,CAEA,kBAAkBS,EAAqB,CACrC,OAAOtC,EAAY,YACjB,SAAgE,CAC9D,GAAI,CACF,MAAMgC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAItB,EAAuB,CAAE,QAAA4B,CAAQ,CAAC,CACxC,EACA,OAAIN,EAAS,SAAWlC,EAAoB,QACnCG,EAAK+B,EAAS,KAAK,EAErB9B,EAAM,IAAIc,EAAkBgB,EAAS,IAAI,CAAC,CACnD,OAASF,EAAO,CACd,OAAO7B,EAAK,IAAIK,EAAiB,OAAOwB,CAAK,CAAC,CAAC,CACjD,CACF,CACF,CACF,CAEA,kBAAkBO,EAAyB,CACzC,OAAO,KAAK,kBACVtB,EAAY,sBAAsB,CAChC,KAAMJ,EAAY,OAClB,KAAM0B,CACR,CAAC,CACH,EAAE,MAAOJ,GACPjC,EAAY,WACVa,EAAgB,CACd,KAAMF,EAAY,OAClB,KAAM0B,EACN,GAAI,IAAMJ,EAAa,MAAM,EAC7B,MAAO,IAAMA,EAAa,SAAS,EACnC,mBAAoB,IAAMA,EAAa,sBAAsB,EAC7D,UAAW,IAAMA,EAAa,aAAa,EAC3C,SAAU,IAAMA,EAAa,YAAY,EACzC,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,qBAAqB,CAAE,KAAAM,EAAM,UAAAC,EAAW,YAAAC,CAAY,EAAuB,CACzE,OAAO,KAAK,kBACV1B,EAAY,sBAAsB,CAChC,KAAMJ,EAAY,UAClB,KAAA4B,EACA,UAAAC,EACA,YAAAC,CACF,CAAC,CACH,EAAE,MAAOR,GACPjC,EAAY,WACVa,EAAgB,CACd,KAAMF,EAAY,UAClB,KAAA4B,EACA,UAAAC,EACA,YAAAC,EACA,GAAI,IAAMR,EAAa,MAAM,EAC7B,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,sBAAsB,CAAE,UAAAO,CAAU,EAA0C,CAC1E,OAAO,KAAK,kBACVzB,EAAY,sBAAsB,CAChC,KAAMJ,EAAY,WAClB,UAAW6B,CACb,CAAC,CACH,EAAE,MAAOP,GACPjC,EAAY,WACVa,EAAgB,CACd,KAAMF,EAAY,WAClB,UAAW6B,EACX,GAAI,IAAMP,EAAa,MAAM,EAC7B,MAAO,IAAMA,EAAa,SAAS,EACnC,mBAAoB,IAAMA,EAAa,sBAAsB,EAC7D,UAAW,IAAMA,EAAa,aAAa,EAC3C,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,aACET,EACA,CAAE,OAAAkB,EAAQ,SAAAf,EAAU,UAAAO,CAAU,EACU,CACxC,OAAOlC,EAAY,MAAO,CAAE,OAAA2C,CAAO,IAAM,CAKvC,MAAMC,EAAkB,MAJZ,KAAK,cAAc,mBAC7BV,EAAU,OACV/B,EAAe,UACjB,EACkC,QAAQuC,EAAO,GAAIA,EAAO,MAAM,EAClE,OAAO3C,EAAO,SACZ,MAAM,QAAQ,IACZ4B,EAAS,IAAKW,GACZ,KAAK,eAAeJ,EAAU,OAAQI,CAAO,EAAE,IAAI,CACrD,CACF,CACF,EAAE,OAAO,CACP,KAAOR,GAAU,CACf,MAAAa,EAAOb,CAAK,EACNA,CACR,EACA,MAAQe,GACN/B,EAAU,SAAS,CACjB,OAAQjB,EAAmB2B,CAAM,EACjC,OAAQoB,EACR,SAAUC,EACV,UAAWX,EAAU,SACvB,CAAC,CACL,CAAC,CACH,CAAC,CACH,CAEA,eACEE,EACAE,EAC4C,CAC5C,OAAOtC,EAA2C,MAAO,CAAE,OAAA2C,CAAO,IAAM,CACtE,OAAQL,EAAQ,KAAM,CACpB,KAAK3B,EAAY,OACjB,KAAKA,EAAY,WAAY,CAK3B,MAAMmC,EAAiB,MAJX,KAAK,cAAc,mBAC7BV,EACAjC,EAAe,UACjB,EACiC,QAAQmC,EAAQ,GAAIA,EAAQ,KAAK,EAClE,OAAOvB,EAAY,SAAS,CAC1B,GAAGuB,EACH,qBAAsBA,EAAQ,UAC9B,eAAAQ,CACF,CAAC,CACH,CACA,KAAKnC,EAAY,UACf,OAAOI,EAAY,SAAS,CAAE,GAAGuB,CAAQ,CAAC,EAC5C,QACE,MAAAK,EAAO,IAAIpC,EAA4B+B,CAAO,CAAC,EACzC,IAAI/B,EAA4B+B,CAAO,CACjD,CACF,CAAC,CACH,CACF",
-  "names": ["bufferToHexaString", "CommandResultStatus", "Either", "EitherAsync", "Left", "Right", "EncryptionAlgo", "LKRPDataSourceError", "LKRPOutdatedTrustchainError", "LKRPUnknownError", "LKRPUnsupportedCommandError", "SignBlockHeaderCommand", "SignBlockSignatureCommand", "SignBlockSingleCommand", "CommandTags", "eitherAsyncSeqRecord", "eitherSeqRecord", "LKRPBlock", "LKRPCommand", "TrustedProperties", "SignBlockTask", "api", "cryptoService", "lkrpDataSource", "trustchainId", "path", "jwt", "parent", "blockFlow", "sessionKeypair", "commands", "encryptedBlock", "block", "error", "commandCount", "response", "trustedProps", "signature", "deviceSessionKey", "secret", "applicationPath", "command", "name", "publicKey", "permissions", "header", "throwE", "decryptedIssuer", "decryptedCommands", "encryptedXpriv"]
+  "sourcesContent": ["import {\n  bufferToHexaString,\n  CommandResultStatus,\n  type InternalApi,\n  UnknownDAError,\n} from \"@ledgerhq/device-management-kit\";\nimport { Either, EitherAsync, Left, Right } from \"purify-ts\";\n\nimport {\n  type LKRPHttpRequestError,\n  type LKRPMissingDataError,\n  type LKRPParsingError,\n} from \"@api/app-binder/Errors\";\nimport { type JWT, type Keypair } from \"@api/index\";\nimport { SignBlockHeaderCommand } from \"@internal/app-binder/command/SignBlockHeader\";\nimport { SignBlockSignatureCommand } from \"@internal/app-binder/command/SignBlockSignatureCommand\";\nimport { SignBlockSingleCommand } from \"@internal/app-binder/command/SignBlockSingleCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { type LKRPDataSource } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { CryptoUtils } from \"@internal/utils/crypto\";\nimport {\n  eitherAsyncSeqRecord,\n  eitherSeqRecord,\n} from \"@internal/utils/eitherSeqRecord\";\nimport { LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { LKRPCommand } from \"@internal/utils/LKRPCommand\";\nimport { CommandTags, GeneralTags } from \"@internal/utils/TLVTags\";\nimport {\n  type AddMemberUnsignedData,\n  type EncryptedCommand,\n  type EncryptedDeriveCommand,\n  type EncryptedPublishKeyCommand,\n} from \"@internal/utils/types\";\n\nimport { TrustedProperties } from \"./utils/TrustedProperties\";\n\ntype BlockFlow =\n  | { type: \"derive\"; data: AddMemberBlockData }\n  | { type: \"addMember\"; data: AddMemberBlockData };\n\ntype AddMemberBlockData = {\n  name: string;\n  publicKey: Uint8Array;\n  permissions: number;\n};\n\ntype HeaderPayload = {\n  iv: Uint8Array;\n  issuer: Uint8Array;\n};\ntype SignaturePayload = {\n  secret: Uint8Array;\n  signature: Uint8Array;\n};\n\ntype EncryptedBlock = {\n  header: HeaderPayload;\n  commands: EncryptedCommand[];\n  signature: SignaturePayload;\n};\n\nexport type SignBlockError =\n  | LKRPDeviceCommandError\n  | LKRPParsingError\n  | LKRPMissingDataError\n  | LKRPHttpRequestError\n  | UnknownDAError;\n\nexport type SignBlockTaskInput = {\n  lkrpDataSource: LKRPDataSource;\n  trustchainId: string;\n  path: string;\n  jwt: JWT;\n  parent: Uint8Array;\n  blockFlow: BlockFlow;\n  sessionKeypair: Keypair;\n};\n\nexport const ISSUER_PLACEHOLDER = new Uint8Array([\n  3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n  0, 0, 0, 0, 0, 0, 0,\n]);\n\nexport class SignBlockTask {\n  constructor(private readonly api: InternalApi) {}\n\n  run({\n    lkrpDataSource,\n    trustchainId,\n    path,\n    jwt,\n    parent,\n    blockFlow,\n    sessionKeypair,\n  }: SignBlockTaskInput): EitherAsync<SignBlockError, void> {\n    const commands = this.signCommands(path, blockFlow);\n    return eitherAsyncSeqRecord({\n      header: this.signBlockHeader(parent, commands.length),\n      commands: EitherAsync.sequence(commands),\n      signature: this.signBlockSignature(sessionKeypair),\n    })\n      .chain((encryptedBlock) =>\n        EitherAsync.liftEither(this.decryptBlock(parent, encryptedBlock)),\n      )\n      .chain((block) => {\n        switch (blockFlow.type) {\n          case \"derive\":\n            return lkrpDataSource.postDerivation(trustchainId, block, jwt);\n          case \"addMember\":\n            return lkrpDataSource.putCommands(trustchainId, path, block, jwt);\n        }\n      });\n  }\n\n  signBlockHeader(\n    parent: Uint8Array,\n    commandCount: number,\n  ): EitherAsync<SignBlockError, HeaderPayload> {\n    return EitherAsync.fromPromise(async () => {\n      const header = Uint8Array.from(\n        [\n          [GeneralTags.Int, 1, 1], // Version 1\n          [GeneralTags.Hash, parent.length, ...parent], // Parent block hash\n          [\n            GeneralTags.PublicKey,\n            ISSUER_PLACEHOLDER.length,\n            ...ISSUER_PLACEHOLDER,\n          ], // Placeholder for issuer public key (will be replaced by the device)\n          [GeneralTags.Int, 1, commandCount],\n        ].flat(),\n      );\n      try {\n        const response = await this.api.sendCommand(\n          new SignBlockHeaderCommand({ header }),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        const trustedProps = new TrustedProperties(response.data);\n        return eitherSeqRecord({\n          iv: () => trustedProps.getIv(),\n          issuer: () => trustedProps.getIssuer(),\n        }) as Either<SignBlockError, HeaderPayload>;\n      } catch (error) {\n        return Left(new UnknownDAError(String(error)));\n      }\n    });\n  }\n\n  signBlockSignature(\n    sessionKeypair: Keypair,\n  ): EitherAsync<SignBlockError, SignaturePayload> {\n    return EitherAsync.fromPromise(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new SignBlockSignatureCommand(),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        const { signature, deviceSessionKey } = response.data;\n        // At this step, the shared secret is used directly as an encryption key after removing the first byte\n        const secret = sessionKeypair.ecdh(deviceSessionKey).slice(1);\n        return Right({ signature, secret });\n      } catch (error) {\n        return Left(new UnknownDAError(String(error)));\n      }\n    });\n  }\n\n  signCommands(\n    applicationPath: string,\n    block: BlockFlow,\n  ): EitherAsync<SignBlockError, EncryptedCommand>[] {\n    switch (block.type) {\n      case \"derive\":\n        return [\n          this.signDeriveCommand(applicationPath),\n          this.signAddMemberCommand(block.data),\n          this.signPublishKeyCommand(block.data),\n        ];\n      case \"addMember\":\n        return [\n          this.signAddMemberCommand(block.data),\n          this.signPublishKeyCommand(block.data),\n        ];\n    }\n  }\n\n  signSingleCommand(command: Uint8Array) {\n    return EitherAsync.fromPromise(\n      async (): Promise<Either<SignBlockError, TrustedProperties>> => {\n        try {\n          const response = await this.api.sendCommand(\n            new SignBlockSingleCommand({ command }),\n          );\n          if (response.status !== CommandResultStatus.Success) {\n            return Left(response.error);\n          }\n          return Right(new TrustedProperties(response.data));\n        } catch (error) {\n          return Left(new UnknownDAError(String(error)));\n        }\n      },\n    );\n  }\n\n  signDeriveCommand(applicationPath: string) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.Derive,\n        path: applicationPath,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, EncryptedDeriveCommand>(\n        eitherSeqRecord({\n          type: CommandTags.Derive,\n          path: applicationPath,\n          iv: () => trustedProps.getIv(),\n          xpriv: () => trustedProps.getXPriv(),\n          ephemeralPublicKey: () => trustedProps.getEphemeralPublicKey(),\n          commandIv: () => trustedProps.getCommandIv(),\n          groupKey: () => trustedProps.getGroupKey(),\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there\n        }),\n      ),\n    );\n  }\n\n  signAddMemberCommand({ name, publicKey, permissions }: AddMemberBlockData) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.AddMember,\n        name,\n        publicKey,\n        permissions,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, AddMemberUnsignedData>(\n        eitherSeqRecord({\n          type: CommandTags.AddMember,\n          name,\n          publicKey,\n          permissions,\n          iv: () => trustedProps.getIv(), // Just validate it's there\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there\n        }),\n      ),\n    );\n  }\n\n  signPublishKeyCommand({ publicKey }: Pick<AddMemberBlockData, \"publicKey\">) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.PublishKey,\n        recipient: publicKey,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, EncryptedPublishKeyCommand>(\n        eitherSeqRecord({\n          type: CommandTags.PublishKey,\n          recipient: publicKey,\n          iv: () => trustedProps.getIv(),\n          xpriv: () => trustedProps.getXPriv(),\n          ephemeralPublicKey: () => trustedProps.getEphemeralPublicKey(),\n          commandIv: () => trustedProps.getCommandIv(),\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there,\n        }),\n      ),\n    );\n  }\n\n  decryptBlock(\n    parent: Uint8Array,\n    { header, commands, signature }: EncryptedBlock,\n  ): Either<SignBlockError, LKRPBlock> {\n    const decryptedIssuer = CryptoUtils.decrypt(\n      signature.secret,\n      header.iv,\n      header.issuer,\n    );\n    return Either.sequence(\n      commands.map((command) => this.decryptCommand(signature.secret, command)),\n    ).map((decryptedCommands) =>\n      LKRPBlock.fromData({\n        parent: bufferToHexaString(parent),\n        issuer: decryptedIssuer,\n        commands: decryptedCommands,\n        signature: signature.signature,\n      }),\n    );\n  }\n\n  decryptCommand(\n    secret: Uint8Array,\n    command: EncryptedCommand,\n  ): Either<UnknownDAError, LKRPCommand> {\n    switch (command.type) {\n      case CommandTags.Derive:\n      case CommandTags.PublishKey: {\n        const encryptedXpriv = CryptoUtils.decrypt(\n          secret,\n          command.iv,\n          command.xpriv,\n        );\n        return Right(\n          LKRPCommand.fromData({\n            ...command,\n            initializationVector: command.commandIv,\n            encryptedXpriv,\n          }),\n        );\n      }\n      case CommandTags.AddMember:\n        return Right(LKRPCommand.fromData({ ...command }));\n      default:\n        return Left(new UnknownDAError(\"Unsupported command type\"));\n    }\n  }\n}\n"],
+  "mappings": "AAAA,OACE,sBAAAA,EACA,uBAAAC,EAEA,kBAAAC,MACK,kCACP,OAAS,UAAAC,EAAQ,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YAQjD,OAAS,0BAAAC,MAA8B,+CACvC,OAAS,6BAAAC,MAAiC,yDAC1C,OAAS,0BAAAC,MAA8B,sDAGvC,OAAS,eAAAC,MAAmB,yBAC5B,OACE,wBAAAC,EACA,mBAAAC,MACK,kCACP,OAAS,aAAAC,MAAiB,4BAC1B,OAAS,eAAAC,MAAmB,8BAC5B,OAAS,eAAAC,EAAa,eAAAC,MAAmB,0BAQzC,OAAS,qBAAAC,MAAyB,4BA4C3B,MAAMC,EAAqB,IAAI,WAAW,CAC/C,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAC3E,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,CACpB,CAAC,EAEM,MAAMC,CAAc,CACzB,YAA6BC,EAAkB,CAAlB,SAAAA,CAAmB,CAEhD,IAAI,CACF,eAAAC,EACA,aAAAC,EACA,KAAAC,EACA,IAAAC,EACA,OAAAC,EACA,UAAAC,EACA,eAAAC,CACF,EAA0D,CACxD,MAAMC,EAAW,KAAK,aAAaL,EAAMG,CAAS,EAClD,OAAOf,EAAqB,CAC1B,OAAQ,KAAK,gBAAgBc,EAAQG,EAAS,MAAM,EACpD,SAAUxB,EAAY,SAASwB,CAAQ,EACvC,UAAW,KAAK,mBAAmBD,CAAc,CACnD,CAAC,EACE,MAAOE,GACNzB,EAAY,WAAW,KAAK,aAAaqB,EAAQI,CAAc,CAAC,CAClE,EACC,MAAOC,GAAU,CAChB,OAAQJ,EAAU,KAAM,CACtB,IAAK,SACH,OAAOL,EAAe,eAAeC,EAAcQ,EAAON,CAAG,EAC/D,IAAK,YACH,OAAOH,EAAe,YAAYC,EAAcC,EAAMO,EAAON,CAAG,CACpE,CACF,CAAC,CACL,CAEA,gBACEC,EACAM,EAC4C,CAC5C,OAAO3B,EAAY,YAAY,SAAY,CACzC,MAAM4B,EAAS,WAAW,KACxB,CACE,CAAChB,EAAY,IAAK,EAAG,CAAC,EACtB,CAACA,EAAY,KAAMS,EAAO,OAAQ,GAAGA,CAAM,EAC3C,CACET,EAAY,UACZE,EAAmB,OACnB,GAAGA,CACL,EACA,CAACF,EAAY,IAAK,EAAGe,CAAY,CACnC,EAAE,KAAK,CACT,EACA,GAAI,CACF,MAAME,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI1B,EAAuB,CAAE,OAAAyB,CAAO,CAAC,CACvC,EACA,GAAIC,EAAS,SAAWhC,EAAoB,QAC1C,OAAOI,EAAK4B,EAAS,KAAK,EAE5B,MAAMC,EAAe,IAAIjB,EAAkBgB,EAAS,IAAI,EACxD,OAAOrB,EAAgB,CACrB,GAAI,IAAMsB,EAAa,MAAM,EAC7B,OAAQ,IAAMA,EAAa,UAAU,CACvC,CAAC,CACH,OAASC,EAAO,CACd,OAAO9B,EAAK,IAAIH,EAAe,OAAOiC,CAAK,CAAC,CAAC,CAC/C,CACF,CAAC,CACH,CAEA,mBACER,EAC+C,CAC/C,OAAOvB,EAAY,YAAY,SAAY,CACzC,GAAI,CACF,MAAM6B,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIzB,CACN,EACA,GAAIyB,EAAS,SAAWhC,EAAoB,QAC1C,OAAOI,EAAK4B,EAAS,KAAK,EAE5B,KAAM,CAAE,UAAAG,EAAW,iBAAAC,CAAiB,EAAIJ,EAAS,KAE3CK,EAASX,EAAe,KAAKU,CAAgB,EAAE,MAAM,CAAC,EAC5D,OAAO/B,EAAM,CAAE,UAAA8B,EAAW,OAAAE,CAAO,CAAC,CACpC,OAASH,EAAO,CACd,OAAO9B,EAAK,IAAIH,EAAe,OAAOiC,CAAK,CAAC,CAAC,CAC/C,CACF,CAAC,CACH,CAEA,aACEI,EACAT,EACiD,CACjD,OAAQA,EAAM,KAAM,CAClB,IAAK,SACH,MAAO,CACL,KAAK,kBAAkBS,CAAe,EACtC,KAAK,qBAAqBT,EAAM,IAAI,EACpC,KAAK,sBAAsBA,EAAM,IAAI,CACvC,EACF,IAAK,YACH,MAAO,CACL,KAAK,qBAAqBA,EAAM,IAAI,EACpC,KAAK,sBAAsBA,EAAM,IAAI,CACvC,CACJ,CACF,CAEA,kBAAkBU,EAAqB,CACrC,OAAOpC,EAAY,YACjB,SAAgE,CAC9D,GAAI,CACF,MAAM6B,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIxB,EAAuB,CAAE,QAAA+B,CAAQ,CAAC,CACxC,EACA,OAAIP,EAAS,SAAWhC,EAAoB,QACnCI,EAAK4B,EAAS,KAAK,EAErB3B,EAAM,IAAIW,EAAkBgB,EAAS,IAAI,CAAC,CACnD,OAASE,EAAO,CACd,OAAO9B,EAAK,IAAIH,EAAe,OAAOiC,CAAK,CAAC,CAAC,CAC/C,CACF,CACF,CACF,CAEA,kBAAkBI,EAAyB,CACzC,OAAO,KAAK,kBACVzB,EAAY,sBAAsB,CAChC,KAAMC,EAAY,OAClB,KAAMwB,CACR,CAAC,CACH,EAAE,MAAOL,GACP9B,EAAY,WACVQ,EAAgB,CACd,KAAMG,EAAY,OAClB,KAAMwB,EACN,GAAI,IAAML,EAAa,MAAM,EAC7B,MAAO,IAAMA,EAAa,SAAS,EACnC,mBAAoB,IAAMA,EAAa,sBAAsB,EAC7D,UAAW,IAAMA,EAAa,aAAa,EAC3C,SAAU,IAAMA,EAAa,YAAY,EACzC,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,qBAAqB,CAAE,KAAAO,EAAM,UAAAC,EAAW,YAAAC,CAAY,EAAuB,CACzE,OAAO,KAAK,kBACV7B,EAAY,sBAAsB,CAChC,KAAMC,EAAY,UAClB,KAAA0B,EACA,UAAAC,EACA,YAAAC,CACF,CAAC,CACH,EAAE,MAAOT,GACP9B,EAAY,WACVQ,EAAgB,CACd,KAAMG,EAAY,UAClB,KAAA0B,EACA,UAAAC,EACA,YAAAC,EACA,GAAI,IAAMT,EAAa,MAAM,EAC7B,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,sBAAsB,CAAE,UAAAQ,CAAU,EAA0C,CAC1E,OAAO,KAAK,kBACV5B,EAAY,sBAAsB,CAChC,KAAMC,EAAY,WAClB,UAAW2B,CACb,CAAC,CACH,EAAE,MAAOR,GACP9B,EAAY,WACVQ,EAAgB,CACd,KAAMG,EAAY,WAClB,UAAW2B,EACX,GAAI,IAAMR,EAAa,MAAM,EAC7B,MAAO,IAAMA,EAAa,SAAS,EACnC,mBAAoB,IAAMA,EAAa,sBAAsB,EAC7D,UAAW,IAAMA,EAAa,aAAa,EAC3C,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,aACET,EACA,CAAE,OAAAO,EAAQ,SAAAJ,EAAU,UAAAQ,CAAU,EACK,CACnC,MAAMQ,EAAkBlC,EAAY,QAClC0B,EAAU,OACVJ,EAAO,GACPA,EAAO,MACT,EACA,OAAO7B,EAAO,SACZyB,EAAS,IAAKY,GAAY,KAAK,eAAeJ,EAAU,OAAQI,CAAO,CAAC,CAC1E,EAAE,IAAKK,GACLhC,EAAU,SAAS,CACjB,OAAQb,EAAmByB,CAAM,EACjC,OAAQmB,EACR,SAAUC,EACV,UAAWT,EAAU,SACvB,CAAC,CACH,CACF,CAEA,eACEE,EACAE,EACqC,CACrC,OAAQA,EAAQ,KAAM,CACpB,KAAKzB,EAAY,OACjB,KAAKA,EAAY,WAAY,CAC3B,MAAM+B,EAAiBpC,EAAY,QACjC4B,EACAE,EAAQ,GACRA,EAAQ,KACV,EACA,OAAOlC,EACLQ,EAAY,SAAS,CACnB,GAAG0B,EACH,qBAAsBA,EAAQ,UAC9B,eAAAM,CACF,CAAC,CACH,CACF,CACA,KAAK/B,EAAY,UACf,OAAOT,EAAMQ,EAAY,SAAS,CAAE,GAAG0B,CAAQ,CAAC,CAAC,EACnD,QACE,OAAOnC,EAAK,IAAIH,EAAe,0BAA0B,CAAC,CAC9D,CACF,CACF",
+  "names": ["bufferToHexaString", "CommandResultStatus", "UnknownDAError", "Either", "EitherAsync", "Left", "Right", "SignBlockHeaderCommand", "SignBlockSignatureCommand", "SignBlockSingleCommand", "CryptoUtils", "eitherAsyncSeqRecord", "eitherSeqRecord", "LKRPBlock", "LKRPCommand", "CommandTags", "GeneralTags", "TrustedProperties", "ISSUER_PLACEHOLDER", "SignBlockTask", "api", "lkrpDataSource", "trustchainId", "path", "jwt", "parent", "blockFlow", "sessionKeypair", "commands", "encryptedBlock", "block", "commandCount", "header", "response", "trustedProps", "error", "signature", "deviceSessionKey", "secret", "applicationPath", "command", "name", "publicKey", "permissions", "decryptedIssuer", "decryptedCommands", "encryptedXpriv"]
 }

package/lib/esm/internal/app-binder/task/SignChallengeWithKeypairTask.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{bufferToHexaString as o,ByteArrayParser as s,hexaStringToBuffer as g}from"@ledgerhq/device-management-kit";import{EitherAsync as p,Left as h,Maybe as c}from"purify-ts";import{HashAlgo as y}from"../../../api/crypto/CryptoService";import{SigFormat as m}from"../../../api/crypto/KeyPair";import{LKRPMissingDataError as i,LKRPUnknownError as u}from"../../../api/model/Errors";import{eitherSeqRecord as x}from"../../utils/eitherSeqRecord";class S{constructor(r,n,a){this.cryptoService=r;this.keypair=n;this.trustchainId=a}run(r){const n=this.getAttestation(),a=this.getCredential(this.keypair.getPublicKeyToHex());return p.liftEither(this.getUnsignedChallengeTLV(r.tlv)).map(e=>this.cryptoService.hash(e,y.SHA256)).map(e=>this.keypair.sign(e,m.DER)).map(e=>o(e,!1)).map(e=>({challenge:r.json,signature:{attestation:n,credential:a,signature:e}})).mapLeft(e=>e instanceof i?e:new u(String(e)))}getAttestation(){const r=new TextEncoder().encode(this.trustchainId),n=Uint8Array.from([2,r.length,...r]);return o(n,!1)}getCredential(r){return{version:0,curveId:33,signAlgorithm:1,publicKey:r}}getUnsignedChallengeTLV(r){const n=new s(g(r)??new Uint8Array),a=new Map(function*(){for(;;){const t=n.extractFieldTLVEncoded();if(!t)break;yield[t.tag,t.value]}}());if(a.size>10)return h(new i("Challenge TLV contains unexpected data"));const e=(t,l)=>c.fromNullable(a.get(t)).toEither(new i(`Missing ${l} field`));return x({payloadType:()=>e(1,"Payload type"),version:()=>e(2,"Version"),challengeExpiry:()=>e(22,"Challenge expiry"),host:()=>e(32,"Host"),protocolVersion:()=>e(96,"Protocol version"),curveId:()=>e(50,"Curve ID"),publicKey:()=>e(51,"Public key"),challengeData:()=>e(18,"Challenge data"),signAlgorithm:()=>e(20,"Sign algorithm"),rpSignatureField:()=>e(21,"RP signature field")}).map(t=>Uint8Array.from([[1,t.payloadType.length,...t.payloadType],[2,t.version.length,...t.version],[18,t.challengeData.length,...t.challengeData],[22,t.challengeExpiry.length,...t.challengeExpiry],[32,t.host.length,...t.host],[96,t.protocolVersion.length,...t.protocolVersion]].flat()))}}export{S as SignChallengeWithKeypairTask};
+import{ByteArrayParser as s,UnknownDAError as g}from"@ledgerhq/device-management-kit";import{EitherAsync as p,Left as h,Maybe as y}from"purify-ts";import{LKRPMissingDataError as i}from"../../../api/app-binder/Errors";import{CryptoUtils as c}from"../../utils/crypto";import{eitherSeqRecord as m}from"../../utils/eitherSeqRecord";import{bytesToHex as o,hexToBytes as x}from"../../utils/hex";class f{constructor(r,n){this.keypair=r;this.trustchainId=n}run(r){const n=this.getAttestation(),a=this.getCredential(this.keypair.pubKeyToHex());return p.liftEither(this.getUnsignedChallengeTLV(r.tlv)).map(c.hash).map(e=>this.keypair.sign(e)).map(o).map(e=>({challenge:r.json,signature:{attestation:n,credential:a,signature:e}})).mapLeft(e=>e instanceof i?e:new g(String(e)))}getAttestation(){const r=new TextEncoder().encode(this.trustchainId),n=Uint8Array.from([2,r.length,...r]);return o(n)}getCredential(r){return{version:0,curveId:33,signAlgorithm:1,publicKey:r}}getUnsignedChallengeTLV(r){const n=new s(x(r)),a=new Map(function*(){for(;;){const t=n.extractFieldTLVEncoded();if(!t)break;yield[t.tag,t.value]}}());if(a.size>10)return h(new i("Challenge TLV contains unexpected data"));const e=(t,l)=>y.fromNullable(a.get(t)).toEither(new i(`Missing ${l} field`));return m({payloadType:()=>e(1,"Payload type"),version:()=>e(2,"Version"),challengeExpiry:()=>e(22,"Challenge expiry"),host:()=>e(32,"Host"),protocolVersion:()=>e(96,"Protocol version"),curveId:()=>e(50,"Curve ID"),publicKey:()=>e(51,"Public key"),challengeData:()=>e(18,"Challenge data"),signAlgorithm:()=>e(20,"Sign algorithm"),rpSignatureField:()=>e(21,"RP signature field")}).map(t=>Uint8Array.from([[1,t.payloadType.length,...t.payloadType],[2,t.version.length,...t.version],[18,t.challengeData.length,...t.challengeData],[22,t.challengeExpiry.length,...t.challengeExpiry],[32,t.host.length,...t.host],[96,t.protocolVersion.length,...t.protocolVersion]].flat()))}}export{f as SignChallengeWithKeypairTask};
 //# sourceMappingURL=SignChallengeWithKeypairTask.js.map

package/lib/esm/internal/app-binder/task/SignChallengeWithKeypairTask.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../../src/internal/app-binder/task/SignChallengeWithKeypairTask.ts"],
-  "sourcesContent": ["import {\n  bufferToHexaString,\n  ByteArrayParser,\n  hexaStringToBuffer,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Maybe } from \"purify-ts\";\n\nimport { type CryptoService, HashAlgo } from \"@api/crypto/CryptoService\";\nimport { type KeyPair, SigFormat } from \"@api/crypto/KeyPair\";\nimport { LKRPMissingDataError, LKRPUnknownError } from \"@api/model/Errors\";\nimport {\n  type AuthenticationPayload,\n  type Challenge,\n} from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\n\nexport class SignChallengeWithKeypairTask {\n  constructor(\n    private readonly cryptoService: CryptoService,\n    private readonly keypair: KeyPair,\n    private readonly trustchainId: string,\n  ) {}\n\n  run(\n    challenge: Challenge,\n  ): EitherAsync<\n    LKRPMissingDataError | LKRPUnknownError,\n    AuthenticationPayload\n  > {\n    const attestation = this.getAttestation();\n    const credential = this.getCredential(this.keypair.getPublicKeyToHex());\n\n    return EitherAsync.liftEither(this.getUnsignedChallengeTLV(challenge.tlv))\n      .map((buf) => this.cryptoService.hash(buf, HashAlgo.SHA256))\n      .map((hash) => this.keypair.sign(hash, SigFormat.DER))\n      .map((str) => bufferToHexaString(str, false))\n      .map((signature) => ({\n        challenge: challenge.json,\n        signature: { attestation, credential, signature },\n      }))\n      .mapLeft((error) =>\n        error instanceof LKRPMissingDataError\n          ? error\n          : new LKRPUnknownError(String(error)),\n      );\n  }\n\n  // Spec https://ledgerhq.atlassian.net/wiki/spaces/TA/pages/4335960138/ARCH+LedgerLive+Auth+specifications\n  private getAttestation() {\n    const bytes = new TextEncoder().encode(this.trustchainId);\n    const attestation = Uint8Array.from([0x02, bytes.length, ...bytes]);\n    return bufferToHexaString(attestation, false);\n  }\n\n  private getCredential(publicKey: string) {\n    return { version: 0, curveId: 33, signAlgorithm: 1, publicKey };\n  }\n\n  private getUnsignedChallengeTLV(\n    tlv: string,\n  ): Either<LKRPMissingDataError, Uint8Array> {\n    const parser = new ByteArrayParser(\n      hexaStringToBuffer(tlv) ?? new Uint8Array(),\n    );\n    const parsed = new Map(\n      (function* () {\n        while (true) {\n          const field = parser.extractFieldTLVEncoded();\n          if (!field) break; // No more fields to extract\n          yield [field.tag, field.value];\n        }\n      })(),\n    );\n\n    // We expect 10 fields in the TLV\n    if (parsed.size > 10) {\n      return Left(\n        new LKRPMissingDataError(\"Challenge TLV contains unexpected data\"),\n      );\n    }\n\n    const getField = (tag: number, fieldName: string) =>\n      Maybe.fromNullable(parsed.get(tag)).toEither(\n        new LKRPMissingDataError(`Missing ${fieldName} field`),\n      );\n\n    return eitherSeqRecord({\n      // Unsigned fields\n      payloadType: () => getField(0x01, \"Payload type\"),\n      version: () => getField(0x02, \"Version\"),\n      challengeExpiry: () => getField(0x16, \"Challenge expiry\"),\n      host: () => getField(0x20, \"Host\"),\n      protocolVersion: () => getField(0x60, \"Protocol version\"),\n\n      // Signed fields\n      curveId: () => getField(0x32, \"Curve ID\"),\n      publicKey: () => getField(0x33, \"Public key\"),\n      challengeData: () => getField(0x12, \"Challenge data\"),\n      signAlgorithm: () => getField(0x14, \"Sign algorithm\"),\n      rpSignatureField: () => getField(0x15, \"RP signature field\"),\n    }).map((fields) =>\n      Uint8Array.from(\n        [\n          [0x01, fields.payloadType.length, ...fields.payloadType],\n          [0x02, fields.version.length, ...fields.version],\n          [0x12, fields.challengeData.length, ...fields.challengeData],\n          [0x16, fields.challengeExpiry.length, ...fields.challengeExpiry],\n          [0x20, fields.host.length, ...fields.host],\n          [0x60, fields.protocolVersion.length, ...fields.protocolVersion],\n        ].flat(),\n      ),\n    );\n  }\n}\n"],
-  "mappings": "AAAA,OACE,sBAAAA,EACA,mBAAAC,EACA,sBAAAC,MACK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YAEtD,OAA6B,YAAAC,MAAgB,4BAC7C,OAAuB,aAAAC,MAAiB,sBACxC,OAAS,wBAAAC,EAAsB,oBAAAC,MAAwB,oBAKvD,OAAS,mBAAAC,MAAuB,kCAEzB,MAAMC,CAA6B,CACxC,YACmBC,EACAC,EACAC,EACjB,CAHiB,mBAAAF,EACA,aAAAC,EACA,kBAAAC,CAChB,CAEH,IACEC,EAIA,CACA,MAAMC,EAAc,KAAK,eAAe,EAClCC,EAAa,KAAK,cAAc,KAAK,QAAQ,kBAAkB,CAAC,EAEtE,OAAOd,EAAY,WAAW,KAAK,wBAAwBY,EAAU,GAAG,CAAC,EACtE,IAAKG,GAAQ,KAAK,cAAc,KAAKA,EAAKZ,EAAS,MAAM,CAAC,EAC1D,IAAKa,GAAS,KAAK,QAAQ,KAAKA,EAAMZ,EAAU,GAAG,CAAC,EACpD,IAAKa,GAAQpB,EAAmBoB,EAAK,EAAK,CAAC,EAC3C,IAAKC,IAAe,CACnB,UAAWN,EAAU,KACrB,UAAW,CAAE,YAAAC,EAAa,WAAAC,EAAY,UAAAI,CAAU,CAClD,EAAE,EACD,QAASC,GACRA,aAAiBd,EACbc,EACA,IAAIb,EAAiB,OAAOa,CAAK,CAAC,CACxC,CACJ,CAGQ,gBAAiB,CACvB,MAAMC,EAAQ,IAAI,YAAY,EAAE,OAAO,KAAK,YAAY,EAClDP,EAAc,WAAW,KAAK,CAAC,EAAMO,EAAM,OAAQ,GAAGA,CAAK,CAAC,EAClE,OAAOvB,EAAmBgB,EAAa,EAAK,CAC9C,CAEQ,cAAcQ,EAAmB,CACvC,MAAO,CAAE,QAAS,EAAG,QAAS,GAAI,cAAe,EAAG,UAAAA,CAAU,CAChE,CAEQ,wBACNC,EAC0C,CAC1C,MAAMC,EAAS,IAAIzB,EACjBC,EAAmBuB,CAAG,GAAK,IAAI,UACjC,EACME,EAAS,IAAI,IAChB,WAAa,CACZ,OAAa,CACX,MAAMC,EAAQF,EAAO,uBAAuB,EAC5C,GAAI,CAACE,EAAO,MACZ,KAAM,CAACA,EAAM,IAAKA,EAAM,KAAK,CAC/B,CACF,EAAG,CACL,EAGA,GAAID,EAAO,KAAO,GAChB,OAAOvB,EACL,IAAII,EAAqB,wCAAwC,CACnE,EAGF,MAAMqB,EAAW,CAACC,EAAaC,IAC7B1B,EAAM,aAAasB,EAAO,IAAIG,CAAG,CAAC,EAAE,SAClC,IAAItB,EAAqB,WAAWuB,CAAS,QAAQ,CACvD,EAEF,OAAOrB,EAAgB,CAErB,YAAa,IAAMmB,EAAS,EAAM,cAAc,EAChD,QAAS,IAAMA,EAAS,EAAM,SAAS,EACvC,gBAAiB,IAAMA,EAAS,GAAM,kBAAkB,EACxD,KAAM,IAAMA,EAAS,GAAM,MAAM,EACjC,gBAAiB,IAAMA,EAAS,GAAM,kBAAkB,EAGxD,QAAS,IAAMA,EAAS,GAAM,UAAU,EACxC,UAAW,IAAMA,EAAS,GAAM,YAAY,EAC5C,cAAe,IAAMA,EAAS,GAAM,gBAAgB,EACpD,cAAe,IAAMA,EAAS,GAAM,gBAAgB,EACpD,iBAAkB,IAAMA,EAAS,GAAM,oBAAoB,CAC7D,CAAC,EAAE,IAAKG,GACN,WAAW,KACT,CACE,CAAC,EAAMA,EAAO,YAAY,OAAQ,GAAGA,EAAO,WAAW,EACvD,CAAC,EAAMA,EAAO,QAAQ,OAAQ,GAAGA,EAAO,OAAO,EAC/C,CAAC,GAAMA,EAAO,cAAc,OAAQ,GAAGA,EAAO,aAAa,EAC3D,CAAC,GAAMA,EAAO,gBAAgB,OAAQ,GAAGA,EAAO,eAAe,EAC/D,CAAC,GAAMA,EAAO,KAAK,OAAQ,GAAGA,EAAO,IAAI,EACzC,CAAC,GAAMA,EAAO,gBAAgB,OAAQ,GAAGA,EAAO,eAAe,CACjE,EAAE,KAAK,CACT,CACF,CACF,CACF",
-  "names": ["bufferToHexaString", "ByteArrayParser", "hexaStringToBuffer", "EitherAsync", "Left", "Maybe", "HashAlgo", "SigFormat", "LKRPMissingDataError", "LKRPUnknownError", "eitherSeqRecord", "SignChallengeWithKeypairTask", "cryptoService", "keypair", "trustchainId", "challenge", "attestation", "credential", "buf", "hash", "str", "signature", "error", "bytes", "publicKey", "tlv", "parser", "parsed", "field", "getField", "tag", "fieldName", "fields"]
+  "sourcesContent": ["import {\n  ByteArrayParser,\n  UnknownDAError,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Maybe } from \"purify-ts\";\n\nimport { LKRPMissingDataError } from \"@api/app-binder/Errors\";\nimport { type Keypair } from \"@api/app-binder/LKRPTypes\";\nimport {\n  type AuthenticationPayload,\n  type Challenge,\n} from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { CryptoUtils } from \"@internal/utils/crypto\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { bytesToHex, hexToBytes } from \"@internal/utils/hex\";\n\nexport class SignChallengeWithKeypairTask {\n  constructor(\n    private readonly keypair: Keypair,\n    private readonly trustchainId: string,\n  ) {}\n\n  run(\n    challenge: Challenge,\n  ): EitherAsync<LKRPMissingDataError | UnknownDAError, AuthenticationPayload> {\n    const attestation = this.getAttestation();\n    const credential = this.getCredential(this.keypair.pubKeyToHex());\n\n    return EitherAsync.liftEither(this.getUnsignedChallengeTLV(challenge.tlv))\n      .map(CryptoUtils.hash)\n      .map((hash) => this.keypair.sign(hash))\n      .map(bytesToHex)\n      .map((signature) => ({\n        challenge: challenge.json,\n        signature: { attestation, credential, signature },\n      }))\n      .mapLeft((error) =>\n        error instanceof LKRPMissingDataError\n          ? error\n          : new UnknownDAError(String(error)),\n      );\n  }\n\n  // Spec https://ledgerhq.atlassian.net/wiki/spaces/TA/pages/4335960138/ARCH+LedgerLive+Auth+specifications\n  private getAttestation() {\n    const bytes = new TextEncoder().encode(this.trustchainId);\n    const attestation = Uint8Array.from([0x02, bytes.length, ...bytes]);\n    return bytesToHex(attestation);\n  }\n\n  private getCredential(publicKey: string) {\n    return { version: 0, curveId: 33, signAlgorithm: 1, publicKey };\n  }\n\n  private getUnsignedChallengeTLV(\n    tlv: string,\n  ): Either<LKRPMissingDataError, Uint8Array> {\n    const parser = new ByteArrayParser(hexToBytes(tlv));\n    const parsed = new Map(\n      (function* () {\n        while (true) {\n          const field = parser.extractFieldTLVEncoded();\n          if (!field) break; // No more fields to extract\n          yield [field.tag, field.value];\n        }\n      })(),\n    );\n\n    // We expect 10 fields in the TLV\n    if (parsed.size > 10) {\n      return Left(\n        new LKRPMissingDataError(\"Challenge TLV contains unexpected data\"),\n      );\n    }\n\n    const getField = (tag: number, fieldName: string) =>\n      Maybe.fromNullable(parsed.get(tag)).toEither(\n        new LKRPMissingDataError(`Missing ${fieldName} field`),\n      );\n\n    return eitherSeqRecord({\n      // Unsigned fields\n      payloadType: () => getField(0x01, \"Payload type\"),\n      version: () => getField(0x02, \"Version\"),\n      challengeExpiry: () => getField(0x16, \"Challenge expiry\"),\n      host: () => getField(0x20, \"Host\"),\n      protocolVersion: () => getField(0x60, \"Protocol version\"),\n\n      // Signed fields\n      curveId: () => getField(0x32, \"Curve ID\"),\n      publicKey: () => getField(0x33, \"Public key\"),\n      challengeData: () => getField(0x12, \"Challenge data\"),\n      signAlgorithm: () => getField(0x14, \"Sign algorithm\"),\n      rpSignatureField: () => getField(0x15, \"RP signature field\"),\n    }).map((fields) =>\n      Uint8Array.from(\n        [\n          [0x01, fields.payloadType.length, ...fields.payloadType],\n          [0x02, fields.version.length, ...fields.version],\n          [0x12, fields.challengeData.length, ...fields.challengeData],\n          [0x16, fields.challengeExpiry.length, ...fields.challengeExpiry],\n          [0x20, fields.host.length, ...fields.host],\n          [0x60, fields.protocolVersion.length, ...fields.protocolVersion],\n        ].flat(),\n      ),\n    );\n  }\n}\n"],
+  "mappings": "AAAA,OACE,mBAAAA,EACA,kBAAAC,MACK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YAEtD,OAAS,wBAAAC,MAA4B,yBAMrC,OAAS,eAAAC,MAAmB,yBAC5B,OAAS,mBAAAC,MAAuB,kCAChC,OAAS,cAAAC,EAAY,cAAAC,MAAkB,sBAEhC,MAAMC,CAA6B,CACxC,YACmBC,EACAC,EACjB,CAFiB,aAAAD,EACA,kBAAAC,CAChB,CAEH,IACEC,EAC2E,CAC3E,MAAMC,EAAc,KAAK,eAAe,EAClCC,EAAa,KAAK,cAAc,KAAK,QAAQ,YAAY,CAAC,EAEhE,OAAOb,EAAY,WAAW,KAAK,wBAAwBW,EAAU,GAAG,CAAC,EACtE,IAAIP,EAAY,IAAI,EACpB,IAAKU,GAAS,KAAK,QAAQ,KAAKA,CAAI,CAAC,EACrC,IAAIR,CAAU,EACd,IAAKS,IAAe,CACnB,UAAWJ,EAAU,KACrB,UAAW,CAAE,YAAAC,EAAa,WAAAC,EAAY,UAAAE,CAAU,CAClD,EAAE,EACD,QAASC,GACRA,aAAiBb,EACba,EACA,IAAIjB,EAAe,OAAOiB,CAAK,CAAC,CACtC,CACJ,CAGQ,gBAAiB,CACvB,MAAMC,EAAQ,IAAI,YAAY,EAAE,OAAO,KAAK,YAAY,EAClDL,EAAc,WAAW,KAAK,CAAC,EAAMK,EAAM,OAAQ,GAAGA,CAAK,CAAC,EAClE,OAAOX,EAAWM,CAAW,CAC/B,CAEQ,cAAcM,EAAmB,CACvC,MAAO,CAAE,QAAS,EAAG,QAAS,GAAI,cAAe,EAAG,UAAAA,CAAU,CAChE,CAEQ,wBACNC,EAC0C,CAC1C,MAAMC,EAAS,IAAItB,EAAgBS,EAAWY,CAAG,CAAC,EAC5CE,EAAS,IAAI,IAChB,WAAa,CACZ,OAAa,CACX,MAAMC,EAAQF,EAAO,uBAAuB,EAC5C,GAAI,CAACE,EAAO,MACZ,KAAM,CAACA,EAAM,IAAKA,EAAM,KAAK,CAC/B,CACF,EAAG,CACL,EAGA,GAAID,EAAO,KAAO,GAChB,OAAOpB,EACL,IAAIE,EAAqB,wCAAwC,CACnE,EAGF,MAAMoB,EAAW,CAACC,EAAaC,IAC7BvB,EAAM,aAAamB,EAAO,IAAIG,CAAG,CAAC,EAAE,SAClC,IAAIrB,EAAqB,WAAWsB,CAAS,QAAQ,CACvD,EAEF,OAAOpB,EAAgB,CAErB,YAAa,IAAMkB,EAAS,EAAM,cAAc,EAChD,QAAS,IAAMA,EAAS,EAAM,SAAS,EACvC,gBAAiB,IAAMA,EAAS,GAAM,kBAAkB,EACxD,KAAM,IAAMA,EAAS,GAAM,MAAM,EACjC,gBAAiB,IAAMA,EAAS,GAAM,kBAAkB,EAGxD,QAAS,IAAMA,EAAS,GAAM,UAAU,EACxC,UAAW,IAAMA,EAAS,GAAM,YAAY,EAC5C,cAAe,IAAMA,EAAS,GAAM,gBAAgB,EACpD,cAAe,IAAMA,EAAS,GAAM,gBAAgB,EACpD,iBAAkB,IAAMA,EAAS,GAAM,oBAAoB,CAC7D,CAAC,EAAE,IAAKG,GACN,WAAW,KACT,CACE,CAAC,EAAMA,EAAO,YAAY,OAAQ,GAAGA,EAAO,WAAW,EACvD,CAAC,EAAMA,EAAO,QAAQ,OAAQ,GAAGA,EAAO,OAAO,EAC/C,CAAC,GAAMA,EAAO,cAAc,OAAQ,GAAGA,EAAO,aAAa,EAC3D,CAAC,GAAMA,EAAO,gBAAgB,OAAQ,GAAGA,EAAO,eAAe,EAC/D,CAAC,GAAMA,EAAO,KAAK,OAAQ,GAAGA,EAAO,IAAI,EACzC,CAAC,GAAMA,EAAO,gBAAgB,OAAQ,GAAGA,EAAO,eAAe,CACjE,EAAE,KAAK,CACT,CACF,CACF,CACF",
+  "names": ["ByteArrayParser", "UnknownDAError", "EitherAsync", "Left", "Maybe", "LKRPMissingDataError", "CryptoUtils", "eitherSeqRecord", "bytesToHex", "hexToBytes", "SignChallengeWithKeypairTask", "keypair", "trustchainId", "challenge", "attestation", "credential", "hash", "signature", "error", "bytes", "publicKey", "tlv", "parser", "parsed", "field", "getField", "tag", "fieldName", "fields"]
 }