@ledgerhq/device-trusted-app-kit-ledger-keyring-protocol 0.0.0-ledger-button-20250806141658

package/lib/cjs/internal/app-binder/command/utils/extractTrustedProperty.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../src/internal/app-binder/command/utils/extractTrustedProperty.ts"],
+  "sourcesContent": ["import { type ApduParser } from \"@ledgerhq/device-management-kit\";\n\nimport { type TrustedProperty } from \"@internal/externalTypes\";\n\nexport function extractTrustedProperty(\n  parser: ApduParser,\n): Partial<TrustedProperty> {\n  const trustedProperty: Partial<TrustedProperty> = {};\n\n  let tag = parser.extractFieldTLVEncoded();\n  while (tag && tag.value) {\n    switch (tag.tag) {\n      case 0x00:\n        trustedProperty.iv = tag.value;\n        break;\n      case 0x01:\n        trustedProperty.issuer = tag.value;\n        break;\n      case 0x02:\n        trustedProperty.xpriv = tag.value;\n        break;\n      case 0x03:\n        trustedProperty.ephemeralPubKey = tag.value;\n        break;\n      case 0x04:\n        trustedProperty.commandIV = tag.value;\n        break;\n      case 0x05:\n        trustedProperty.groupKey = tag.value;\n        break;\n      case 0x06:\n        trustedProperty.newMember = tag.value;\n        break;\n      default:\n        break;\n    }\n\n    tag = parser.extractFieldTLVEncoded();\n  }\n\n  return trustedProperty;\n}\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,4BAAAE,IAAA,eAAAC,EAAAH,GAIO,SAASE,EACdE,EAC0B,CAC1B,MAAMC,EAA4C,CAAC,EAEnD,IAAIC,EAAMF,EAAO,uBAAuB,EACxC,KAAOE,GAAOA,EAAI,OAAO,CACvB,OAAQA,EAAI,IAAK,CACf,IAAK,GACHD,EAAgB,GAAKC,EAAI,MACzB,MACF,IAAK,GACHD,EAAgB,OAASC,EAAI,MAC7B,MACF,IAAK,GACHD,EAAgB,MAAQC,EAAI,MAC5B,MACF,IAAK,GACHD,EAAgB,gBAAkBC,EAAI,MACtC,MACF,IAAK,GACHD,EAAgB,UAAYC,EAAI,MAChC,MACF,IAAK,GACHD,EAAgB,SAAWC,EAAI,MAC/B,MACF,IAAK,GACHD,EAAgB,UAAYC,EAAI,MAChC,MACF,QACE,KACJ,CAEAA,EAAMF,EAAO,uBAAuB,CACtC,CAEA,OAAOC,CACT",
+  "names": ["extractTrustedProperty_exports", "__export", "extractTrustedProperty", "__toCommonJS", "parser", "trustedProperty", "tag"]
+}

package/lib/cjs/internal/app-binder/command/utils/ledgerKeyringProtocolErrors.js

@@ -0,0 +1,2 @@
+"use strict";var t=Object.defineProperty;var d=Object.getOwnPropertyDescriptor;var g=Object.getOwnPropertyNames;var i=Object.prototype.hasOwnProperty;var c=(e,r)=>{for(var s in r)t(e,s,{get:r[s],enumerable:!0})},l=(e,r,s,a)=>{if(r&&typeof r=="object"||typeof r=="function")for(let o of g(r))!i.call(e,o)&&o!==s&&t(e,o,{get:()=>r[o],enumerable:!(a=d(r,o))||a.enumerable});return e};var E=e=>l(t({},"__esModule",{value:!0}),e);var y={};c(y,{LEDGER_SYNC_ERRORS:()=>b,LedgerKeyringProcotolError:()=>n,LedgerKeyringProtocolErrorFactory:()=>p});module.exports=E(y);var m=require("@ledgerhq/device-management-kit");const b={6985:{message:"Rejected by user"},"6a86":{message:"Either P1 or P2 is incorrect"},"6a87":{message:"Lc or minimum APDU length is incorrect"},"6d00":{message:"No command exists with INS"},"6e00":{message:"Bad CLA used for this application"},b000:{message:"Wrong response length (buffer size problem)"},b007:{message:"Security issue with bad state"},b008:{message:"Signature of raw transaction failed"},b009:{message:"Security issue lead by an invalid Command stream"},b00a:{message:"Invalid or unsupported command stream format"},b00b:{message:"Trusted properties buffer can't receive all data"},b00c:{message:"Attempt to perform an action on a closed stream"}};class n extends m.DeviceExchangeError{constructor(r){super({tag:"LedgerKeyringProtocolError",...r})}}const p=e=>new n(e);0&&(module.exports={LEDGER_SYNC_ERRORS,LedgerKeyringProcotolError,LedgerKeyringProtocolErrorFactory});
+//# sourceMappingURL=ledgerKeyringProtocolErrors.js.map

package/lib/cjs/internal/app-binder/command/utils/ledgerKeyringProtocolErrors.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../src/internal/app-binder/command/utils/ledgerKeyringProtocolErrors.ts"],
+  "sourcesContent": ["import {\n  type CommandErrorArgs,\n  type CommandErrorResult,\n  type CommandErrors,\n  DeviceExchangeError,\n} from \"@ledgerhq/device-management-kit\";\n\nexport type LedgerKeyringProtocolErrorCodes =\n  | \"6985\"\n  | \"6a86\"\n  | \"6a87\"\n  | \"6d00\"\n  | \"6e00\"\n  | \"b000\"\n  | \"b007\"\n  | \"b008\"\n  | \"b009\"\n  | \"b00a\"\n  | \"b00b\"\n  | \"b00c\";\n\nexport type LKRPDeviceCommandError =\n  CommandErrorResult<LedgerKeyringProtocolErrorCodes>[\"error\"];\n\nexport const LEDGER_SYNC_ERRORS: CommandErrors<LedgerKeyringProtocolErrorCodes> =\n  {\n    \"6985\": { message: \"Rejected by user\" },\n    \"6a86\": { message: \"Either P1 or P2 is incorrect\" },\n    \"6a87\": { message: \"Lc or minimum APDU length is incorrect\" },\n    \"6d00\": { message: \"No command exists with INS\" },\n    \"6e00\": { message: \"Bad CLA used for this application\" },\n    b000: { message: \"Wrong response length (buffer size problem)\" },\n    b007: { message: \"Security issue with bad state\" },\n    b008: { message: \"Signature of raw transaction failed\" },\n    b009: { message: \"Security issue lead by an invalid Command stream\" },\n    b00a: { message: \"Invalid or unsupported command stream format\" },\n    b00b: { message: \"Trusted properties buffer can't receive all data\" },\n    b00c: { message: \"Attempt to perform an action on a closed stream\" },\n  };\n\nexport class LedgerKeyringProcotolError extends DeviceExchangeError<LedgerKeyringProtocolErrorCodes> {\n  constructor(args: CommandErrorArgs<LedgerKeyringProtocolErrorCodes>) {\n    super({ tag: \"LedgerKeyringProtocolError\", ...args });\n  }\n}\n\nexport const LedgerKeyringProtocolErrorFactory = (\n  args: CommandErrorArgs<LedgerKeyringProtocolErrorCodes>,\n) => new LedgerKeyringProcotolError(args);\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,wBAAAE,EAAA,+BAAAC,EAAA,sCAAAC,IAAA,eAAAC,EAAAL,GAAA,IAAAM,EAKO,2CAmBA,MAAMJ,EACX,CACE,KAAQ,CAAE,QAAS,kBAAmB,EACtC,OAAQ,CAAE,QAAS,8BAA+B,EAClD,OAAQ,CAAE,QAAS,wCAAyC,EAC5D,OAAQ,CAAE,QAAS,4BAA6B,EAChD,OAAQ,CAAE,QAAS,mCAAoC,EACvD,KAAM,CAAE,QAAS,6CAA8C,EAC/D,KAAM,CAAE,QAAS,+BAAgC,EACjD,KAAM,CAAE,QAAS,qCAAsC,EACvD,KAAM,CAAE,QAAS,kDAAmD,EACpE,KAAM,CAAE,QAAS,8CAA+C,EAChE,KAAM,CAAE,QAAS,kDAAmD,EACpE,KAAM,CAAE,QAAS,iDAAkD,CACrE,EAEK,MAAMC,UAAmC,qBAAqD,CACnG,YAAYI,EAAyD,CACnE,MAAM,CAAE,IAAK,6BAA8B,GAAGA,CAAK,CAAC,CACtD,CACF,CAEO,MAAMH,EACXG,GACG,IAAIJ,EAA2BI,CAAI",
+  "names": ["ledgerKeyringProtocolErrors_exports", "__export", "LEDGER_SYNC_ERRORS", "LedgerKeyringProcotolError", "LedgerKeyringProtocolErrorFactory", "__toCommonJS", "import_device_management_kit", "args"]
+}

package/lib/cjs/internal/app-binder/device-action/AddToTrustchainDeviceAction.js

@@ -0,0 +1,2 @@
+"use strict";var l=Object.defineProperty;var S=Object.getOwnPropertyDescriptor;var D=Object.getOwnPropertyNames;var E=Object.prototype.hasOwnProperty;var g=(p,r)=>{for(var s in r)l(p,s,{get:r[s],enumerable:!0})},k=(p,r,s,u)=>{if(r&&typeof r=="object"||typeof r=="function")for(let d of D(r))!E.call(p,d)&&d!==s&&l(p,d,{get:()=>r[d],enumerable:!(u=S(r,d))||u.enumerable});return p};var I=p=>k(l({},"__esModule",{value:!0}),p);var v={};g(v,{AddToTrustchainDeviceAction:()=>f});module.exports=I(v);var n=require("@ledgerhq/device-management-kit"),c=require("purify-ts"),i=require("xstate"),T=require("../../app-binder/task/InitTask"),A=require("../../app-binder/task/ParseStreamToDeviceTask"),y=require("../../app-binder/task/SignBlockTask"),h=require("../../utils/eitherSeqRecord"),o=require("../../utils/required"),m=require("./utils/raiseAndAssign");class f extends n.XStateDeviceAction{makeStateMachine(r){const{initCommand:s,parseStream:u,signBlock:d}=this.extractDependencies(r);return(0,i.setup)({types:{input:{},context:{},output:{}},actors:{initCommand:(0,i.fromPromise)(s),parseStream:(0,i.fromPromise)(u),signBlock:(0,i.fromPromise)(d)},actions:{assignErrorFromEvent:(0,m.raiseAndAssign)(({event:t})=>(0,c.Left)(new n.UnknownDAError(String(t.error))))},guards:{isTustchainEmpty:({context:t})=>t.input.toMaybe().chain(e=>e.applicationStream.parse().toMaybe()).map(e=>e.length===0).orDefault(!0)}}).createMachine({id:"AddToTrustchainDeviceAction",context:({input:t})=>({input:t,intermediateValue:{requiredUserInteraction:n.UserInteractionRequired.None},_internalState:(0,c.Right)({sessionKeypair:null})}),initial:"InitSession",states:{InitSession:{on:{success:"ParseStream",error:"Error"},invoke:{id:"initCommand",src:"initCommand",onError:{actions:"assignErrorFromEvent"},onDone:{actions:(0,m.raiseAndAssign)(({event:t})=>t.output.map(e=>({raise:"success",assign:{sessionKeypair:e}})))}}},ParseStream:{on:{success:"CheckApplicationStreamExist",error:"Error"},invoke:{id:"parseStream",src:"parseStream",input:({context:t})=>t.input.chain(e=>(0,o.required)(e.trustchain?.["m/"],"Missing root stream").chain(a=>a.parse()).chain(a=>(0,o.required)(a[0],"Missing seed block")).map(a=>({seedBlock:a,applicationStream:e.applicationStream}))),onError:{actions:"assignErrorFromEvent"},onDone:{actions:(0,m.raiseAndAssign)(({event:t})=>t.output.map(()=>({raise:"success"})))}}},CheckApplicationStreamExist:{always:[{target:"AddToNewStream",guard:"isTustchainEmpty"},{target:"AddToExistingStream"}]},AddToExistingStream:{on:{success:"Success",error:"Error"},entry:(0,i.assign)({intermediateValue:{requiredUserInteraction:"add-ledger-sync"}}),exit:(0,i.assign)({intermediateValue:{requiredUserInteraction:n.UserInteractionRequired.None}}),invoke:{id:"signBlock",src:"signBlock",input:({context:t})=>t.input.chain(e=>(0,h.eitherSeqRecord)({lkrpDataSource:e.lkrpDataSource,trustchainId:e.trustchainId,jwt:e.jwt,clientName:e.clientName,sessionKeypair:()=>t._internalState.chain(({sessionKeypair:a})=>(0,o.required)(a,"Missing session keypair")),path:()=>(0,o.required)(e.applicationStream.getPath().extract(),"Missing application path"),parent:()=>(0,o.required)(e.applicationStream.parse().toMaybe().chainNullable(a=>a.at(-1)?.hash()).chainNullable(n.hexaStringToBuffer).extract(),"Missing parent block"),blockFlow:{type:"addMember",data:{name:e.clientName,publicKey:e.keypair.pubKeyToU8a(),permissions:e.permissions}}})),onError:{actions:"assignErrorFromEvent"},onDone:{actions:(0,m.raiseAndAssign)(({event:t})=>t.output.map(()=>({raise:"success"})))}}},AddToNewStream:{on:{success:"Success",error:"Error"},entry:(0,i.assign)({intermediateValue:{requiredUserInteraction:"add-ledger-sync"}}),exit:(0,i.assign)({intermediateValue:{requiredUserInteraction:n.UserInteractionRequired.None}}),invoke:{id:"signBlock",src:"signBlock",input:({context:t})=>t.input.chain(e=>(0,h.eitherSeqRecord)({lkrpDataSource:e.lkrpDataSource,trustchainId:e.trustchainId,jwt:e.jwt,clientName:e.clientName,sessionKeypair:()=>t._internalState.chain(({sessionKeypair:a})=>(0,o.required)(a,"Missing session keypair")),path:()=>(0,o.required)(e.applicationStream.getPath().extract(),"Missing application path"),parent:()=>(0,o.required)(c.Maybe.fromNullable(e.trustchain["m/"]).chain(a=>a.parse().toMaybe()).chainNullable(a=>a[0]?.hash()).chainNullable(n.hexaStringToBuffer).extract(),"Missing init block"),blockFlow:{type:"derive",data:{name:e.clientName,publicKey:e.keypair.pubKeyToU8a(),permissions:e.permissions}}})),onError:{actions:"assignErrorFromEvent"},onDone:{actions:(0,m.raiseAndAssign)(({event:t})=>t.output.map(()=>({raise:"success"})))}}},Success:{type:"final"},Error:{type:"final"}},output:({context:t})=>t._internalState.map(e=>{})})}extractDependencies(r){return{initCommand:()=>new T.InitTask(r).run(),parseStream:async s=>c.EitherAsync.liftEither(s.input).chain(u=>new A.ParseStreamToDeviceTask(r).run(u)).run(),signBlock:s=>c.EitherAsync.liftEither(s.input).chain(u=>new y.SignBlockTask(r).run(u)).run()}}}0&&(module.exports={AddToTrustchainDeviceAction});
+//# sourceMappingURL=AddToTrustchainDeviceAction.js.map

package/lib/cjs/internal/app-binder/device-action/AddToTrustchainDeviceAction.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/device-action/AddToTrustchainDeviceAction.ts"],
+  "sourcesContent": ["import {\n  type DeviceActionStateMachine,\n  hexaStringToBuffer,\n  type InternalApi,\n  type StateMachineTypes,\n  UnknownDAError,\n  UserInteractionRequired,\n  XStateDeviceAction,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Maybe, Right } from \"purify-ts\";\nimport { assign, fromPromise, setup } from \"xstate\";\n\nimport {\n  type AddToTrustchainDAError,\n  type AddToTrustchainDAInput,\n  type AddToTrustchainDAIntermediateValue,\n  type AddToTrustchainDAInternalState,\n  type AddToTrustchainDAOutput,\n} from \"@api/app-binder/AddToTrustchainDeviceActionTypes\";\nimport { type Keypair } from \"@api/index\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { InitTask } from \"@internal/app-binder/task/InitTask\";\nimport {\n  ParseStreamToDeviceTask,\n  type ParseStreamToDeviceTaskInput,\n} from \"@internal/app-binder/task/ParseStreamToDeviceTask\";\nimport {\n  type SignBlockError,\n  SignBlockTask,\n  type SignBlockTaskInput,\n} from \"@internal/app-binder/task/SignBlockTask\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { required } from \"@internal/utils/required\";\n\nimport { raiseAndAssign } from \"./utils/raiseAndAssign\";\n\nexport class AddToTrustchainDeviceAction extends XStateDeviceAction<\n  AddToTrustchainDAOutput,\n  AddToTrustchainDAInput,\n  AddToTrustchainDAError,\n  AddToTrustchainDAIntermediateValue,\n  AddToTrustchainDAInternalState\n> {\n  makeStateMachine(\n    internalApi: InternalApi,\n  ): DeviceActionStateMachine<\n    AddToTrustchainDAOutput,\n    AddToTrustchainDAInput,\n    AddToTrustchainDAError,\n    AddToTrustchainDAIntermediateValue,\n    AddToTrustchainDAInternalState\n  > {\n    type types = StateMachineTypes<\n      AddToTrustchainDAOutput,\n      AddToTrustchainDAInput,\n      AddToTrustchainDAError,\n      AddToTrustchainDAIntermediateValue,\n      AddToTrustchainDAInternalState\n    >;\n\n    const { initCommand, parseStream, signBlock } =\n      this.extractDependencies(internalApi);\n\n    return setup({\n      types: {\n        input: {} as types[\"input\"],\n        context: {} as types[\"context\"],\n        output: {} as types[\"output\"],\n      },\n\n      actors: {\n        initCommand: fromPromise(initCommand),\n        parseStream: fromPromise(parseStream),\n        signBlock: fromPromise(signBlock),\n      },\n\n      actions: {\n        assignErrorFromEvent: raiseAndAssign(\n          ({ event }) =>\n            Left(\n              new UnknownDAError(String((event as { error?: unknown }).error)),\n            ), // NOTE: it should never happen, the error is not typed anymore here\n        ),\n      },\n\n      guards: {\n        isTustchainEmpty: ({ context }) =>\n          context.input\n            .toMaybe()\n            .chain((input) => input.applicationStream.parse().toMaybe())\n            .map((blocks) => blocks.length === 0)\n            .orDefault(true),\n      },\n    }).createMachine({\n      /** @xstate-layout N4IgpgJg5mDOIC5QEEIQCoHt0CcCusALgMYAWAhgJYB2AImAG6XFjLGGWbUB0AktZUIBlOLE7UAxBC5huNBpgDWsmoIDCmALaby1CAG0ADAF1EoAA6YxHLmZAAPRAEZDAdm6unAFgAcAJi9PLwA2PycAVmCAGhAAT0QAZhDucJDXAE5XcO9wsOCAX3yY1AxsfCIyKjpGZlZ2cT4BYVFxCTAcHEwcbnMAG3JCADMuzTkmjW1dAxM7S2txO0cEdPTuMMN0hKcEnycMwx9ouMQ-cITuDYTg1wOb4PScwuK0LFwCEgoaeiYWNhsefiCESwMRcCSwPDEFggoymJAgOaCBbwpYJVLcBKuLwrQx+dJnbZeGLxBAJALcLxOYLhHGGFx+BJPEAlV7lD5Vb61P4NQHNEGtdqdHCw2ZWJG2FGJdGY7HpXH4rZJYmIXx+NaywKbBk3VyMorMl5ld6VL41X71LjcAAK5BwsDAQkIODA5E0UhkYwUyh6tvtjudrpF8MR-0WiDOwW4wT2ex8CTJ122yoQYR8FzSPkyEWyXiuTJZRoqn2qPzq-2tvodTpdbsFXR6-SGIx9dqrAc0QYsYtDkoQuUjNNcwUC4V2up8yac5JpV2CCTcVJ8XgZ+cNbyLHLNZYaNtb-pr4Mh0NgnYR3eRoCWrlcad1udcpxWu0xyb8fkM3CpwWCBzlSR8o5eKupTruypqltylq7n61aum0HRdKeIYXg4iDXreSSYo+6TPq4yZoucWIrF4dLxlcaLAayxrFpy5rlmopBgMQijIOYfTMAM4j7q6ACi9iUEQEhIeeEqXs4VJeCkN5+D4D4-ocESvm+3APNSP6+GSETpAU+oFqBJollyFo8AxTEsWxvQcf83GaHxAmEEJThwl28yiahCBOE4hwYoYvi+D4dIHLiyYALRTu4bh4mcN43psAGUYWYGGXRDQFnZRA0FANnutQKjUF6shiFA1AAEK9JgzHCa51Bhh5XjLtwAWBIYwQARJU6hXikm5CEnleOEWSUk4CX6TRW6QTwaX8Rl1BZbBtYId0fQDMMOCjEVpXlZVMzBiJNW9t4DKfpEpy7JEmbaaFOxqgk6Tvp5A1-vVerPCBbIGbR26WlN9mZdlEJQqIVXivtYkecOapZD4sleYYhgDd+nUZBSlKpNDWG5CN71jRBxncD9M1ze28FCsDPZg1S4ThBc773IE843IpxwIGFBweLdGyyZhByyVj1Gbrj5YFgAcmAADu2XSLlnpKIVlDFWVFWKGTKFLIdkZDjs2ZtS+zOYh4NxwxkAXpNicZ8xu4FGULhqixL80k-Wy1Nmt3AbYr23OWe1W1d4ewYps0ZTpsmxZKFvhrOEdLXg8LgtbdFtJZ9E347b4v-UeQM7S5IO+xDHijtpgR+PciPM94kZuLieK3XiRvpInH3jXjIvpw7dbCtn3u5wd1LU7iLWm7qVdMySYSSZSpzeDsngl1OhT6tQmAQHAdh6djAvWyhyFuUsYXh-cjUPE+ThxW+w26WuG9Wyllq8sCoKg935PuYEyb1ZJKwrAEERxtkWSNxxlvKClYbKih9r2QI7hKQkSjhsM4pt8JUgpF-KkaJNj1XCIAzet8TKMWYqxdixBOJcBsulQg4Ce5gzlE4A2mEGRPlNgkJSH5vx9xuNiOGYRXDYJvl9SahpyF-XmpQl+atMSRm2KmNwAFUhlxJCFd85x4yjnHpPQIvheHJX4anUodswG7QgRTK4qxoyGB2GbN8qZJzkgeLsH80ZNjw2hlo5OeMhCZxBKI1Wzg4yrBajSe6A1erhE6gFKMDwBrbHxP1O8rjm7lh4otbxu9fEDRSFqUcUNIgHFCi4VYOE5Q4RahsRcOlChAA */\n\n      id: \"AddToTrustchainDeviceAction\",\n      context: ({ input }) => ({\n        input,\n        intermediateValue: {\n          requiredUserInteraction: UserInteractionRequired.None,\n        },\n        _internalState: Right({\n          sessionKeypair: null,\n        }),\n      }),\n\n      initial: \"InitSession\",\n      states: {\n        InitSession: {\n          on: { success: \"ParseStream\", error: \"Error\" },\n          invoke: {\n            id: \"initCommand\",\n            src: \"initCommand\",\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map((sessionKeypair) => ({\n                  raise: \"success\",\n                  assign: { sessionKeypair },\n                })),\n              ),\n            },\n          },\n        },\n\n        ParseStream: {\n          on: { success: \"CheckApplicationStreamExist\", error: \"Error\" },\n          invoke: {\n            id: \"parseStream\",\n            src: \"parseStream\",\n            input: ({ context }) =>\n              context.input.chain((input) =>\n                required(input.trustchain?.[\"m/\"], \"Missing root stream\")\n                  .chain((rootStream) => rootStream.parse())\n                  .chain((blocks) => required(blocks[0], \"Missing seed block\"))\n                  .map((seedBlock) => ({\n                    seedBlock,\n                    applicationStream: input.applicationStream,\n                  })),\n              ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map(() => ({ raise: \"success\" })),\n              ),\n            },\n          },\n        },\n\n        CheckApplicationStreamExist: {\n          always: [\n            { target: \"AddToNewStream\", guard: \"isTustchainEmpty\" },\n            { target: \"AddToExistingStream\" },\n          ],\n        },\n\n        AddToExistingStream: {\n          on: { success: \"Success\", error: \"Error\" },\n          entry: assign({\n            intermediateValue: {\n              requiredUserInteraction: \"add-ledger-sync\",\n            },\n          }),\n          exit: assign({\n            intermediateValue: {\n              requiredUserInteraction: UserInteractionRequired.None,\n            },\n          }),\n          invoke: {\n            id: \"signBlock\",\n            src: \"signBlock\",\n            input: ({ context }) =>\n              context.input.chain((input) =>\n                eitherSeqRecord({\n                  lkrpDataSource: input.lkrpDataSource,\n                  trustchainId: input.trustchainId,\n                  jwt: input.jwt,\n                  clientName: input.clientName,\n                  sessionKeypair: () =>\n                    context._internalState.chain(({ sessionKeypair }) =>\n                      required(sessionKeypair, \"Missing session keypair\"),\n                    ),\n                  path: () =>\n                    required(\n                      input.applicationStream.getPath().extract(),\n                      \"Missing application path\",\n                    ),\n                  parent: () =>\n                    required(\n                      input.applicationStream\n                        .parse()\n                        .toMaybe()\n                        .chainNullable((blocks) => blocks.at(-1)?.hash())\n                        .chainNullable(hexaStringToBuffer)\n                        .extract(),\n                      \"Missing parent block\",\n                    ),\n                  blockFlow: {\n                    type: \"addMember\",\n                    data: {\n                      name: input.clientName,\n                      publicKey: input.keypair.pubKeyToU8a(),\n                      permissions: input.permissions,\n                    },\n                  },\n                }),\n              ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map(() => ({ raise: \"success\" })),\n              ),\n            },\n          },\n        },\n\n        AddToNewStream: {\n          on: { success: \"Success\", error: \"Error\" },\n          entry: assign({\n            intermediateValue: {\n              requiredUserInteraction: \"add-ledger-sync\",\n            },\n          }),\n          exit: assign({\n            intermediateValue: {\n              requiredUserInteraction: UserInteractionRequired.None,\n            },\n          }),\n          invoke: {\n            id: \"signBlock\",\n            src: \"signBlock\",\n            input: ({ context }) =>\n              context.input.chain((input) =>\n                eitherSeqRecord({\n                  lkrpDataSource: input.lkrpDataSource,\n                  trustchainId: input.trustchainId,\n                  jwt: input.jwt,\n                  clientName: input.clientName,\n                  sessionKeypair: () =>\n                    context._internalState.chain(({ sessionKeypair }) =>\n                      required(sessionKeypair, \"Missing session keypair\"),\n                    ),\n                  path: () =>\n                    required(\n                      input.applicationStream.getPath().extract(),\n                      \"Missing application path\",\n                    ),\n                  parent: () =>\n                    required(\n                      Maybe.fromNullable(input.trustchain[\"m/\"])\n                        .chain((rootStream) => rootStream.parse().toMaybe())\n                        .chainNullable((blocks) => blocks[0]?.hash())\n                        .chainNullable(hexaStringToBuffer)\n                        .extract(),\n                      \"Missing init block\",\n                    ),\n                  blockFlow: {\n                    type: \"derive\",\n                    data: {\n                      name: input.clientName,\n                      publicKey: input.keypair.pubKeyToU8a(),\n                      permissions: input.permissions,\n                    },\n                  },\n                }),\n              ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map(() => ({ raise: \"success\" })),\n              ),\n            },\n          },\n        },\n\n        Success: { type: \"final\" },\n\n        Error: { type: \"final\" },\n      },\n\n      output: ({ context }) => context._internalState.map((_) => undefined),\n    });\n  }\n\n  extractDependencies(internalApi: InternalApi) {\n    return {\n      initCommand: (): Promise<Either<LKRPDeviceCommandError, Keypair>> =>\n        new InitTask(internalApi).run(),\n\n      parseStream: async (args: {\n        input: Either<AddToTrustchainDAError, ParseStreamToDeviceTaskInput>;\n      }) =>\n        EitherAsync.liftEither(args.input)\n          .chain<AddToTrustchainDAError, unknown>((input) =>\n            new ParseStreamToDeviceTask(internalApi).run(input),\n          )\n          .run(),\n\n      signBlock: (args: {\n        input: Either<AddToTrustchainDAError, SignBlockTaskInput>;\n      }): Promise<Either<SignBlockError, void>> =>\n        EitherAsync.liftEither(args.input)\n          .chain((input) => new SignBlockTask(internalApi).run(input))\n          .run(),\n    };\n  }\n}\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,iCAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAQO,2CACPC,EAA6D,qBAC7DC,EAA2C,kBAW3CC,EAAyB,8CACzBC,EAGO,6DACPC,EAIO,mDACPC,EAAgC,2CAChCC,EAAyB,oCAEzBC,EAA+B,kCAExB,MAAMV,UAAoC,oBAM/C,CACA,iBACEW,EAOA,CASA,KAAM,CAAE,YAAAC,EAAa,YAAAC,EAAa,UAAAC,CAAU,EAC1C,KAAK,oBAAoBH,CAAW,EAEtC,SAAO,SAAM,CACX,MAAO,CACL,MAAO,CAAC,EACR,QAAS,CAAC,EACV,OAAQ,CAAC,CACX,EAEA,OAAQ,CACN,eAAa,eAAYC,CAAW,EACpC,eAAa,eAAYC,CAAW,EACpC,aAAW,eAAYC,CAAS,CAClC,EAEA,QAAS,CACP,wBAAsB,kBACpB,CAAC,CAAE,MAAAC,CAAM,OACP,QACE,IAAI,iBAAe,OAAQA,EAA8B,KAAK,CAAC,CACjE,CACJ,CACF,EAEA,OAAQ,CACN,iBAAkB,CAAC,CAAE,QAAAC,CAAQ,IAC3BA,EAAQ,MACL,QAAQ,EACR,MAAOC,GAAUA,EAAM,kBAAkB,MAAM,EAAE,QAAQ,CAAC,EAC1D,IAAKC,GAAWA,EAAO,SAAW,CAAC,EACnC,UAAU,EAAI,CACrB,CACF,CAAC,EAAE,cAAc,CAGf,GAAI,8BACJ,QAAS,CAAC,CAAE,MAAAD,CAAM,KAAO,CACvB,MAAAA,EACA,kBAAmB,CACjB,wBAAyB,0BAAwB,IACnD,EACA,kBAAgB,SAAM,CACpB,eAAgB,IAClB,CAAC,CACH,GAEA,QAAS,cACT,OAAQ,CACN,YAAa,CACX,GAAI,CAAE,QAAS,cAAe,MAAO,OAAQ,EAC7C,OAAQ,CACN,GAAI,cACJ,IAAK,cACL,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,WAAS,kBAAe,CAAC,CAAE,MAAAF,CAAM,IAC/BA,EAAM,OAAO,IAAKI,IAAoB,CACpC,MAAO,UACP,OAAQ,CAAE,eAAAA,CAAe,CAC3B,EAAE,CACJ,CACF,CACF,CACF,EAEA,YAAa,CACX,GAAI,CAAE,QAAS,8BAA+B,MAAO,OAAQ,EAC7D,OAAQ,CACN,GAAI,cACJ,IAAK,cACL,MAAO,CAAC,CAAE,QAAAH,CAAQ,IAChBA,EAAQ,MAAM,MAAOC,MACnB,YAASA,EAAM,aAAa,IAAI,EAAG,qBAAqB,EACrD,MAAOG,GAAeA,EAAW,MAAM,CAAC,EACxC,MAAOF,MAAW,YAASA,EAAO,CAAC,EAAG,oBAAoB,CAAC,EAC3D,IAAKG,IAAe,CACnB,UAAAA,EACA,kBAAmBJ,EAAM,iBAC3B,EAAE,CACN,EACF,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,WAAS,kBAAe,CAAC,CAAE,MAAAF,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CAAE,MAAO,SAAU,EAAE,CAC/C,CACF,CACF,CACF,EAEA,4BAA6B,CAC3B,OAAQ,CACN,CAAE,OAAQ,iBAAkB,MAAO,kBAAmB,EACtD,CAAE,OAAQ,qBAAsB,CAClC,CACF,EAEA,oBAAqB,CACnB,GAAI,CAAE,QAAS,UAAW,MAAO,OAAQ,EACzC,SAAO,UAAO,CACZ,kBAAmB,CACjB,wBAAyB,iBAC3B,CACF,CAAC,EACD,QAAM,UAAO,CACX,kBAAmB,CACjB,wBAAyB,0BAAwB,IACnD,CACF,CAAC,EACD,OAAQ,CACN,GAAI,YACJ,IAAK,YACL,MAAO,CAAC,CAAE,QAAAC,CAAQ,IAChBA,EAAQ,MAAM,MAAOC,MACnB,mBAAgB,CACd,eAAgBA,EAAM,eACtB,aAAcA,EAAM,aACpB,IAAKA,EAAM,IACX,WAAYA,EAAM,WAClB,eAAgB,IACdD,EAAQ,eAAe,MAAM,CAAC,CAAE,eAAAG,CAAe,OAC7C,YAASA,EAAgB,yBAAyB,CACpD,EACF,KAAM,OACJ,YACEF,EAAM,kBAAkB,QAAQ,EAAE,QAAQ,EAC1C,0BACF,EACF,OAAQ,OACN,YACEA,EAAM,kBACH,MAAM,EACN,QAAQ,EACR,cAAeC,GAAWA,EAAO,GAAG,EAAE,GAAG,KAAK,CAAC,EAC/C,cAAc,oBAAkB,EAChC,QAAQ,EACX,sBACF,EACF,UAAW,CACT,KAAM,YACN,KAAM,CACJ,KAAMD,EAAM,WACZ,UAAWA,EAAM,QAAQ,YAAY,EACrC,YAAaA,EAAM,WACrB,CACF,CACF,CAAC,CACH,EACF,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,WAAS,kBAAe,CAAC,CAAE,MAAAF,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CAAE,MAAO,SAAU,EAAE,CAC/C,CACF,CACF,CACF,EAEA,eAAgB,CACd,GAAI,CAAE,QAAS,UAAW,MAAO,OAAQ,EACzC,SAAO,UAAO,CACZ,kBAAmB,CACjB,wBAAyB,iBAC3B,CACF,CAAC,EACD,QAAM,UAAO,CACX,kBAAmB,CACjB,wBAAyB,0BAAwB,IACnD,CACF,CAAC,EACD,OAAQ,CACN,GAAI,YACJ,IAAK,YACL,MAAO,CAAC,CAAE,QAAAC,CAAQ,IAChBA,EAAQ,MAAM,MAAOC,MACnB,mBAAgB,CACd,eAAgBA,EAAM,eACtB,aAAcA,EAAM,aACpB,IAAKA,EAAM,IACX,WAAYA,EAAM,WAClB,eAAgB,IACdD,EAAQ,eAAe,MAAM,CAAC,CAAE,eAAAG,CAAe,OAC7C,YAASA,EAAgB,yBAAyB,CACpD,EACF,KAAM,OACJ,YACEF,EAAM,kBAAkB,QAAQ,EAAE,QAAQ,EAC1C,0BACF,EACF,OAAQ,OACN,YACE,QAAM,aAAaA,EAAM,WAAW,IAAI,CAAC,EACtC,MAAOG,GAAeA,EAAW,MAAM,EAAE,QAAQ,CAAC,EAClD,cAAeF,GAAWA,EAAO,CAAC,GAAG,KAAK,CAAC,EAC3C,cAAc,oBAAkB,EAChC,QAAQ,EACX,oBACF,EACF,UAAW,CACT,KAAM,SACN,KAAM,CACJ,KAAMD,EAAM,WACZ,UAAWA,EAAM,QAAQ,YAAY,EACrC,YAAaA,EAAM,WACrB,CACF,CACF,CAAC,CACH,EACF,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,WAAS,kBAAe,CAAC,CAAE,MAAAF,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CAAE,MAAO,SAAU,EAAE,CAC/C,CACF,CACF,CACF,EAEA,QAAS,CAAE,KAAM,OAAQ,EAEzB,MAAO,CAAE,KAAM,OAAQ,CACzB,EAEA,OAAQ,CAAC,CAAE,QAAAC,CAAQ,IAAMA,EAAQ,eAAe,IAAKM,GAAG,EAAY,CACtE,CAAC,CACH,CAEA,oBAAoBX,EAA0B,CAC5C,MAAO,CACL,YAAa,IACX,IAAI,WAASA,CAAW,EAAE,IAAI,EAEhC,YAAa,MAAOY,GAGlB,cAAY,WAAWA,EAAK,KAAK,EAC9B,MAAwCN,GACvC,IAAI,0BAAwBN,CAAW,EAAE,IAAIM,CAAK,CACpD,EACC,IAAI,EAET,UAAYM,GAGV,cAAY,WAAWA,EAAK,KAAK,EAC9B,MAAON,GAAU,IAAI,gBAAcN,CAAW,EAAE,IAAIM,CAAK,CAAC,EAC1D,IAAI,CACX,CACF,CACF",
+  "names": ["AddToTrustchainDeviceAction_exports", "__export", "AddToTrustchainDeviceAction", "__toCommonJS", "import_device_management_kit", "import_purify_ts", "import_xstate", "import_InitTask", "import_ParseStreamToDeviceTask", "import_SignBlockTask", "import_eitherSeqRecord", "import_required", "import_raiseAndAssign", "internalApi", "initCommand", "parseStream", "signBlock", "event", "context", "input", "blocks", "sessionKeypair", "rootStream", "seedBlock", "_", "args"]
+}

package/lib/cjs/internal/app-binder/device-action/AuthenticateDeviceAction.js

@@ -0,0 +1,2 @@
+"use strict";var y=Object.defineProperty;var k=Object.getOwnPropertyDescriptor;var I=Object.getOwnPropertyNames;var f=Object.prototype.hasOwnProperty;var v=(p,i)=>{for(var n in i)y(p,n,{get:i[n],enumerable:!0})},M=(p,i,n,r)=>{if(i&&typeof i=="object"||typeof i=="function")for(let a of I(i))!f.call(p,a)&&a!==n&&y(p,a,{get:()=>i[a],enumerable:!(r=k(i,a))||r.enumerable});return p};var w=p=>M(y({},"__esModule",{value:!0}),p);var P={};v(P,{AuthenticateDeviceAction:()=>K});module.exports=w(P);var o=require("@ledgerhq/device-management-kit"),s=require("purify-ts"),c=require("xstate"),A=require("../../../api/app-binder/Errors"),g=require("../../app-binder/task/SignChallengeWithDeviceTask"),T=require("../../app-binder/task/SignChallengeWithKeypairTask"),m=require("../../utils/eitherSeqRecord"),E=require("../../utils/LKRPBlockStream"),u=require("../../utils/required"),h=require("./utils/raiseAndAssign"),S=require("./AddToTrustchainDeviceAction");const D="Ledger Sync";class K extends o.XStateDeviceAction{makeStateMachine(i){const{deviceAuth:n,keypairAuth:r,getTrustchain:a,extractEncryptionKey:d}=this.extractDependencies(i);return(0,c.setup)({types:{input:{},context:{},output:{}},actors:{openAppStateMachine:new o.OpenAppDeviceAction({input:{appName:D}}).makeStateMachine(i),deviceAuth:(0,c.fromPromise)(n),keypairAuth:(0,c.fromPromise)(r),getTrustchain:(0,c.fromPromise)(a),addToTrustchainStateMachine:new S.AddToTrustchainDeviceAction({input:(0,s.Left)(new A.LKRPMissingDataError("Missing input for GetEncryptionKey"))}).makeStateMachine(i),extractEncryptionKey:(0,c.fromPromise)(d)},actions:{assignErrorFromEvent:(0,h.raiseAndAssign)(({event:t})=>(0,s.Left)(new o.UnknownDAError(String(t.error))))},guards:{hasNoTrustchainId:({context:t})=>!t.input.trustchainId,hasNoJwt:({context:t})=>!t.input.jwt,isTrustchainMember:({context:t})=>t._internalState.toMaybe().map(e=>e.wasAddedToTrustchain||e.applicationStream?.hasMember(t.input.keypair.pubKeyToHex())).extract()??!1}}).createMachine({id:"AuthenticateDeviceAction",context:({input:t})=>({input:t,intermediateValue:{requiredUserInteraction:o.UserInteractionRequired.None},_internalState:(0,s.Right)({trustchainId:null,jwt:null,trustchain:null,applicationStream:null,encryptionKey:null,wasAddedToTrustchain:!1})}),initial:"CheckCredentials",states:{CheckCredentials:{always:[{target:"DeviceAuth",guard:"hasNoTrustchainId"},{target:"KeypairAuth",guard:"hasNoJwt"},{target:"GetTrustchain"}]},KeypairAuth:{on:{success:"GetTrustchain",invalidCredentials:"DeviceAuth",error:"Error"},invoke:{id:"keypairAuth",src:"keypairAuth",input:({context:t})=>({lkrpDataSource:t.input.lkrpDataSource,keypair:t.input.keypair,trustchainId:(0,u.required)(t.input.trustchainId,"Missing Trustchain ID in the input")}),onError:{actions:"assignErrorFromEvent"},onDone:{actions:(0,h.raiseAndAssign)(({event:t})=>t.output.map(({jwt:e})=>({raise:"success",assign:{jwt:e}})).chainLeft(e=>e instanceof A.LKRPUnauthorizedError?(0,s.Right)({raise:"invalidCredentials"}):(0,s.Left)(e)))}}},DeviceAuth:{on:{success:"GetTrustchain",error:"Error"},initial:"OpenApp",states:{OpenApp:{on:{success:"Auth"},invoke:{id:"openApp",src:"openAppStateMachine",input:{appName:D},onError:{actions:"assignErrorFromEvent"},onDone:{actions:(0,h.raiseAndAssign)(({event:t})=>t.output.map(()=>({raise:"success"})))}}},Auth:{entry:(0,c.assign)({intermediateValue:{requiredUserInteraction:"connect-ledger-sync"}}),exit:(0,c.assign)({intermediateValue:{requiredUserInteraction:o.UserInteractionRequired.None}}),invoke:{id:"deviceAuth",src:"deviceAuth",input:({context:t})=>t.input,onError:{actions:"assignErrorFromEvent"},onDone:{actions:(0,h.raiseAndAssign)(({event:t})=>t.output.chain(e=>e.trustchainId.caseOf({Nothing:()=>(0,s.Left)(new A.LKRPUnhandledState("The trustchain is empty")),Just:l=>(0,s.Right)({raise:"success",assign:{jwt:e.jwt,trustchainId:l}})})))}}}}},GetTrustchain:{on:{success:"CheckIsMembers",invalidCredentials:"KeypairAuth",error:"Error"},invoke:{id:"getTrustchain",src:"getTrustchain",input:({context:t})=>t._internalState.chain(e=>(0,m.eitherSeqRecord)({lkrpDataSource:t.input.lkrpDataSource,applicationId:t.input.applicationId,trustchainId:()=>(0,u.required)(e.trustchainId??t.input.trustchainId,"Missing Trustchain ID in the input for GetTrustchain"),jwt:()=>(0,u.required)(e.jwt??t.input.jwt,"Missing JWT in the input for GetTrustchain")})),onError:{actions:"assignErrorFromEvent"},onDone:{actions:(0,h.raiseAndAssign)(({event:t})=>t.output.map(({trustchain:e,applicationStream:l})=>({raise:"success",assign:{trustchain:e,applicationStream:l}})))}}},CheckIsMembers:{always:[{target:"ExtractEncryptionKey",guard:"isTrustchainMember"},{target:"AddToTrustchain"}]},AddToTrustchain:{on:{success:"GetTrustchain",error:"Error"},invoke:{id:"AddToTrustchain",src:"addToTrustchainStateMachine",input:({context:t})=>t._internalState.mapLeft(()=>new A.LKRPMissingDataError("Missing data in the input for AddToTrustchain")).chain(e=>(0,m.eitherSeqRecord)({lkrpDataSource:t.input.lkrpDataSource,keypair:t.input.keypair,clientName:t.input.clientName,permissions:t.input.permissions,jwt:()=>(0,u.required)(e.jwt??t.input.jwt,"Missing JWT in the input for AddToTrustchain"),trustchainId:()=>(0,u.required)(e.trustchainId??t.input.trustchainId,"Missing Trustchain ID in the input for GetTrustchain"),trustchain:()=>(0,u.required)(e.trustchain,"Missing Trustchain in the input for AddToTrustchain"),applicationStream:()=>(0,u.required)(e.applicationStream,"Missing application stream in the input for AddToTrustchain")})),onError:{actions:"assignErrorFromEvent"},onDone:{actions:(0,h.raiseAndAssign)(({event:t})=>t.output.map(()=>({raise:"success",assign:{wasAddedToTrustchain:!0}})))}}},ExtractEncryptionKey:{on:{success:"Success",error:"Error"},invoke:{id:"ExtractEncryptionKey",src:"extractEncryptionKey",input:({context:t})=>t._internalState.chain(e=>(0,u.required)(e.applicationStream,"Missing application stream").map(l=>({applicationStream:l,keypair:t.input.keypair}))),onError:{actions:"assignErrorFromEvent"},onDone:{actions:(0,h.raiseAndAssign)(({event:t})=>t.output.map(e=>({raise:"success",assign:{encryptionKey:e}})))}}},Success:{type:"final"},Error:{type:"final"}},output:({context:t})=>t._internalState.chain(e=>(0,m.eitherSeqRecord)({trustchainId:()=>(0,u.required)(e.trustchainId??t.input.trustchainId,"Missing Trustchain ID in the output"),jwt:()=>(0,u.required)(e.jwt??t.input.jwt,"Missing JWT in the output"),applicationPath:()=>(0,u.required)(e.applicationStream?.getPath().extract(),"Missing application path in the output"),encryptionKey:()=>(0,u.required)(e.encryptionKey,"Missing encryption key in the output")}))})}extractDependencies(i){return{deviceAuth:n=>this.auth(n.input.lkrpDataSource,new g.SignChallengeWithDeviceTask(i)).run(),keypairAuth:n=>{const{lkrpDataSource:r,keypair:a}=n.input;return s.EitherAsync.liftEither(n.input.trustchainId).chain(d=>this.auth(r,new T.SignChallengeWithKeypairTask(a,d))).run()},getTrustchain:n=>s.EitherAsync.liftEither(n.input).chain(({applicationId:r,lkrpDataSource:a,trustchainId:d,jwt:t})=>a.getTrustchainById(d,t).map(e=>({trustchain:e,applicationStream:e[`m/${r}'`]??E.LKRPBlockStream.fromPath(`m/0'/${r}'/0'`)}))).run(),extractEncryptionKey:async n=>Promise.resolve(n.input.chain(({applicationStream:r,keypair:a})=>r.getPublishedKey(a).toEither(new o.UnknownDAError("There is no encryption key for the current member in the application stream."))).map(r=>r.privateKey))}}auth(i,n){return i.getChallenge().chain(r=>n.run(r)).chain(r=>i.authenticate(r))}}0&&(module.exports={AuthenticateDeviceAction});
+//# sourceMappingURL=AuthenticateDeviceAction.js.map

package/lib/cjs/internal/app-binder/device-action/AuthenticateDeviceAction.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/device-action/AuthenticateDeviceAction.ts"],
+  "sourcesContent": ["import {\n  type DeviceActionStateMachine,\n  type InternalApi,\n  OpenAppDeviceAction,\n  type StateMachineTypes,\n  UnknownDAError,\n  UserInteractionRequired,\n  XStateDeviceAction,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Right } from \"purify-ts\";\nimport { assign, fromPromise, setup } from \"xstate\";\n\nimport {\n  type AuthenticateDAError,\n  type AuthenticateDAInput,\n  type AuthenticateDAIntermediateValue,\n  type AuthenticateDAInternalState,\n  type AuthenticateDAOutput,\n} from \"@api/app-binder/AuthenticateDeviceActionTypes\";\nimport {\n  LKRPMissingDataError,\n  LKRPUnauthorizedError,\n  LKRPUnhandledState,\n} from \"@api/app-binder/Errors\";\nimport { type Keypair } from \"@api/app-binder/LKRPTypes\";\nimport { type JWT } from \"@api/index\";\nimport { SignChallengeWithDeviceTask } from \"@internal/app-binder/task/SignChallengeWithDeviceTask\";\nimport { SignChallengeWithKeypairTask } from \"@internal/app-binder/task/SignChallengeWithKeypairTask\";\nimport {\n  type AuthenticationPayload,\n  type Challenge,\n  type LKRPDataSource,\n} from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\nimport { required } from \"@internal/utils/required\";\n\nimport { raiseAndAssign } from \"./utils/raiseAndAssign\";\nimport { AddToTrustchainDeviceAction } from \"./AddToTrustchainDeviceAction\";\n\nconst APP_NAME = \"Ledger Sync\";\n\nexport class AuthenticateDeviceAction extends XStateDeviceAction<\n  AuthenticateDAOutput,\n  AuthenticateDAInput,\n  AuthenticateDAError,\n  AuthenticateDAIntermediateValue,\n  AuthenticateDAInternalState\n> {\n  makeStateMachine(\n    internalApi: InternalApi,\n  ): DeviceActionStateMachine<\n    AuthenticateDAOutput,\n    AuthenticateDAInput,\n    AuthenticateDAError,\n    AuthenticateDAIntermediateValue,\n    AuthenticateDAInternalState\n  > {\n    type types = StateMachineTypes<\n      AuthenticateDAOutput,\n      AuthenticateDAInput,\n      AuthenticateDAError,\n      AuthenticateDAIntermediateValue,\n      AuthenticateDAInternalState\n    >;\n\n    const { deviceAuth, keypairAuth, getTrustchain, extractEncryptionKey } =\n      this.extractDependencies(internalApi);\n\n    return setup({\n      types: {\n        input: {} as types[\"input\"],\n        context: {} as types[\"context\"],\n        output: {} as types[\"output\"],\n      },\n\n      actors: {\n        openAppStateMachine: new OpenAppDeviceAction({\n          input: { appName: APP_NAME },\n        }).makeStateMachine(internalApi),\n\n        deviceAuth: fromPromise(deviceAuth),\n        keypairAuth: fromPromise(keypairAuth),\n\n        getTrustchain: fromPromise(getTrustchain),\n\n        addToTrustchainStateMachine: new AddToTrustchainDeviceAction({\n          input: Left(\n            new LKRPMissingDataError(\"Missing input for GetEncryptionKey\"),\n          ),\n        }).makeStateMachine(internalApi),\n\n        extractEncryptionKey: fromPromise(extractEncryptionKey),\n      },\n\n      actions: {\n        assignErrorFromEvent: raiseAndAssign(\n          ({ event }) =>\n            Left(\n              new UnknownDAError(String((event as { error?: unknown }).error)),\n            ), // NOTE: it should never happen, the error is not typed anymore here\n        ),\n      },\n\n      guards: {\n        hasNoTrustchainId: ({ context }) => !context.input.trustchainId,\n        hasNoJwt: ({ context }) => !context.input.jwt,\n        isTrustchainMember: ({ context }) =>\n          context._internalState\n            .toMaybe()\n            .map(\n              (state) =>\n                state.wasAddedToTrustchain ||\n                state.applicationStream?.hasMember(\n                  context.input.keypair.pubKeyToHex(),\n                ),\n            )\n            .extract() ?? false,\n      },\n    }).createMachine({\n      /** @xstate-layout N4IgpgJg5mDOIC5QEECuAXAFmAduglgMYCG6YAImAG5FjKEED2OAdAMLaEDWbATpLgLEANrADEAbQAMAXUSgADo1j4mOeSAAeiAMxSALC30BOHfoDsAJinGAHADYp94wBoQAT0QBaAKwsf9lYBAIzB9jrm5vr6OgC+sW5oWIJEpBTUtPRq7Jw8-BApIuISwXJIIEoqahraCDrBOizG+pb2tq06PlJStvo+bp4IPsZSLBHBprZWnVI+tvGJGNh4qWSUNIR0DPjMOWDcfAIrRZKWZYrKqjvq5bU6lsZGkb0Rsz1TOgOII34+oebGQJmOytBYgJLLAgkNYZTZZa4sADSYHcCmI+F4ELEEGYYBY+BwVEYXDxJNR6MxS2k5wql2qt0Q9miLEsJh8lmewWGrK+Q30wSMOk61k6OjaLTBEJS0PSGy22WR5IxWLAvF4jF4LAUwlIADMNQBbFhktHKqmyDSVK7MGqM+r+Fr6WyA8xM2zBSy86LmJq2Axi-T2YZTQGSpbStLrTLbXaK02UrBiWCoQibWCwamWunXW0IYw+H2BVmWOa2MxScy88xSAXmYJlh5CiYBYxh5IrGVRuEx1hxilYglUET4CCHArHUSZ8pW+mgWrO0b8-kPYyWDkxfS8gujWb2Cb3fmRAxtyGrWXRhUo+MqtUaqcXKo5hl55xNMzBCyzZp9TceRl-FhHCcHo11aKIfBPCMYTleFdi7OgliTFM0wzC1p2zG1nw9fRRmaRwTDXcIuk9P8EEDUZzB0fNLGCOtzB8LpWwScFww7SNYXlBF4JvdVeHvWlH0wudEA-GwjFomsDBsHDPlIj9DFsdkAldZ4WhLSC2Ogi8uI4iEWAAeQUXBkAUBRsVxfFCWJPFGCMnATIUfiZyfYSEHsIMmkiB4PUsCJ3RIwZaMaBouVdFoqJ8Cx5mYqVNPPbtsm4pYDLshyxFVXitR1dB9V4I1bOM0ynIwm5XKZQwGMi3yzHuBsq0eQJehsCZFNdCYNKhdiYJ7FgkqwFLCrM5NUzgVCaWcoStG+MIWArYIDF6BiPzaXkHgq3o2qZSxFLiGLWM6rSEp0mDkqxHEcDxQdrJYAoTqwYrBNKqaEHm0wWHaLoJnMP12nCXl61sFkPymAJulscHAw6s9uJ6vrMBYHiNSyvVDRu3TzXGkrc3mgExmMBoTBGIifFkwZmhYNrqzLejGLsKHO10nqAHEwHQAAVXhUFgdBCEwdEcHMi7LKJEkWBgdnOe53n+Ye60ntqBoAPc4wrHCewaO+gLEHdAVqbaJwwmaXbFnbA74s43YWYlrmeb5gl0tvTVtRRvKxdZjmbelglZdnZ6CYq-MLDMaIpAefpSLrPwehsBxqw9Tp6a67TLfdyXbf5pCRvTH2XL9gI-HoktXv5aTeVMRpJidZ0HgrGxE8Oi3WCtj2pbtgXB2HUd8kKSc0IfOXc3CQHKJ0Z0zHV9oJl5BwKOmesbGLMt6-N2Cm9Tz224d3ic8mhWTEBlpXWaKQxXaepeSDAUgLaEsZnm42WNN6HGeyDh9i4ABJWAAFkwANAAjVU4h8CwAAAQGj-oAvifcBIDywmPQC3RPx6Eos4Um3wVbvX9A8QIPRL7Lxhq-XIX9f4AKAWIEBoCcCMHQOAyBqod7yxEiGCmykGjuiApRMuvkjABFHv5eoJgCEvwRG-bgJD6G8HEBlO8MCJpMJeuBd6Jh1azDDs4C+Stug3xJp9E+wjurZGQBACAbNGAt3Tvbc6l0rKi2MaY8xacvY4EYbmGizoxjemMCMU+oRbD1UaM6J0dg5jxwfrFM2hCET2LMRY5xW8kbOxyqjGJjiN4yzkVjZ8NERizQ9ACVohF6JVgMLNIC3R6glimJYAxydWCpLiZvYaKFXHZL6IDPQYRb4ODFKYMuHkIZ+iIt4qItSjq7AaU4zeMjoGY0em4z8-hwg0Vqg0E+v5Bjg0BmEP4gIzAPGsPYMZjcWAAFFNDoF4MQBgpycCEF4KiNQipM4tMyfM7JE93oAnaFMb6AJ0EvXWf4CswwIishPq6Y5q8zkXKuTcu5DyFBPJRAk2ZWZ3muVaDWFgH5lreL9Ixew-S-AQzrICE+phjxgmoQUeA5QInP0MbneRuY-Q4vmlMQIEwwiOErKRLw+Yxg0VLJEAGYpwn7UZXUvYBxu4Tjpf3X2Cttrsp6Cpbl7kKy8i8D6d0VgTA1lqvmJee0n4MyZbGK8-Yljorga5dkPoR7OnmkGCp4dBjhEeODTVjp2GzChbDdGWBbVKsQA6poq5Vzg1mO6fx-LdXCudN9dyJM6zRRNqec10q4YDXsqZENudagFj8N4g50bQlxsGByAUcwLAxCZOXMwAbEpBvhhCAtu8RIUtVWEPo4ryqrQcIBfWLRfpgWCM2hEzcpn8w7Qoj0DExj0XxSTcqAL8aLlHhYRwTJd1HNNZmpO4zWBiM-j-SRCrYGhpem0A+1gGw0VmH8d12tvFNACNEfMdZgIQQPVBFePVJnpIJHOtxu5ZpRBaiYLyGztZlgprRJNURVFNr-XFKJuxzmXOuegW59zHnXEVKBtpM0Qx7kog4RwHp-pAq6K6fW4rKL6EnbsAAyshUaxHMWuksEK9R312j4xo0KFkBYmQ7JGN0cwLHWCnMdlx56HJ6IshLNtcC3ogz9MMOECwxYnTAn3fEIAA */\n\n      id: \"AuthenticateDeviceAction\",\n      context: ({ input }): types[\"context\"] => ({\n        input,\n        intermediateValue: {\n          requiredUserInteraction: UserInteractionRequired.None,\n        },\n        _internalState: Right({\n          trustchainId: null,\n          jwt: null,\n          trustchain: null,\n          applicationStream: null,\n          encryptionKey: null,\n          wasAddedToTrustchain: false,\n        }),\n      }),\n\n      initial: \"CheckCredentials\",\n      states: {\n        CheckCredentials: {\n          always: [\n            { target: \"DeviceAuth\", guard: \"hasNoTrustchainId\" },\n            { target: \"KeypairAuth\", guard: \"hasNoJwt\" },\n            { target: \"GetTrustchain\" },\n          ],\n        },\n\n        KeypairAuth: {\n          on: {\n            success: \"GetTrustchain\",\n            invalidCredentials: \"DeviceAuth\",\n            error: \"Error\",\n          },\n          invoke: {\n            id: \"keypairAuth\",\n            src: \"keypairAuth\",\n            input: ({ context }) => ({\n              lkrpDataSource: context.input.lkrpDataSource,\n              keypair: context.input.keypair,\n              trustchainId: required(\n                context.input.trustchainId,\n                \"Missing Trustchain ID in the input\",\n              ),\n            }),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output\n                  .map(({ jwt }) => ({\n                    raise: \"success\",\n                    assign: { jwt },\n                  }))\n                  .chainLeft((error) =>\n                    error instanceof LKRPUnauthorizedError\n                      ? Right({ raise: \"invalidCredentials\" })\n                      : Left(error),\n                  ),\n              ),\n            },\n          },\n        },\n\n        DeviceAuth: {\n          on: { success: \"GetTrustchain\", error: \"Error\" },\n          initial: \"OpenApp\",\n          states: {\n            OpenApp: {\n              // TODO snapshot for intermediateValue\n              on: { success: \"Auth\" },\n              invoke: {\n                id: \"openApp\",\n                src: \"openAppStateMachine\",\n                input: { appName: APP_NAME },\n                onError: { actions: \"assignErrorFromEvent\" },\n                onDone: {\n                  actions: raiseAndAssign(({ event }) =>\n                    event.output.map(() => ({ raise: \"success\" })),\n                  ),\n                },\n              },\n            },\n\n            Auth: {\n              entry: assign({\n                intermediateValue: {\n                  requiredUserInteraction: \"connect-ledger-sync\",\n                },\n              }),\n              exit: assign({\n                intermediateValue: {\n                  requiredUserInteraction: UserInteractionRequired.None,\n                },\n              }),\n              invoke: {\n                id: \"deviceAuth\",\n                src: \"deviceAuth\",\n                input: ({ context }) => context.input,\n                onError: { actions: \"assignErrorFromEvent\" },\n                onDone: {\n                  actions: raiseAndAssign(({ event }) =>\n                    event.output.chain((payload) =>\n                      payload.trustchainId.caseOf({\n                        Nothing: () =>\n                          Left(\n                            new LKRPUnhandledState(\"The trustchain is empty\"),\n                          ),\n                        Just: (trustchainId) =>\n                          Right({\n                            raise: \"success\",\n                            assign: { jwt: payload.jwt, trustchainId },\n                          }),\n                      }),\n                    ),\n                  ),\n                },\n              },\n            },\n          },\n        },\n\n        GetTrustchain: {\n          on: {\n            success: \"CheckIsMembers\",\n            invalidCredentials: \"KeypairAuth\",\n            error: \"Error\",\n          },\n          invoke: {\n            id: \"getTrustchain\",\n            src: \"getTrustchain\",\n            input: ({ context }) =>\n              context._internalState.chain((state) =>\n                eitherSeqRecord({\n                  lkrpDataSource: context.input.lkrpDataSource,\n                  applicationId: context.input.applicationId,\n                  trustchainId: () =>\n                    required(\n                      state.trustchainId ?? context.input.trustchainId,\n                      \"Missing Trustchain ID in the input for GetTrustchain\",\n                    ),\n                  jwt: () =>\n                    required(\n                      state.jwt ?? context.input.jwt,\n                      \"Missing JWT in the input for GetTrustchain\",\n                    ),\n                }),\n              ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map(({ trustchain, applicationStream }) => ({\n                  raise: \"success\",\n                  assign: { trustchain, applicationStream },\n                })),\n              ),\n            },\n          },\n        },\n\n        CheckIsMembers: {\n          always: [\n            { target: \"ExtractEncryptionKey\", guard: \"isTrustchainMember\" },\n            { target: \"AddToTrustchain\" },\n          ],\n        },\n\n        AddToTrustchain: {\n          // TODO snapshot for intermediateValue\n          on: {\n            success: \"GetTrustchain\",\n            error: \"Error\",\n          },\n          invoke: {\n            id: \"AddToTrustchain\",\n            src: \"addToTrustchainStateMachine\",\n            input: ({ context }) =>\n              context._internalState\n                .mapLeft(\n                  () =>\n                    new LKRPMissingDataError(\n                      \"Missing data in the input for AddToTrustchain\",\n                    ),\n                )\n                .chain((state) =>\n                  eitherSeqRecord({\n                    lkrpDataSource: context.input.lkrpDataSource,\n                    keypair: context.input.keypair,\n                    clientName: context.input.clientName,\n                    permissions: context.input.permissions,\n                    jwt: () =>\n                      required(\n                        state.jwt ?? context.input.jwt,\n                        \"Missing JWT in the input for AddToTrustchain\",\n                      ),\n                    trustchainId: () =>\n                      required(\n                        state.trustchainId ?? context.input.trustchainId,\n                        \"Missing Trustchain ID in the input for GetTrustchain\",\n                      ),\n                    trustchain: () =>\n                      required(\n                        state.trustchain,\n                        \"Missing Trustchain in the input for AddToTrustchain\",\n                      ),\n                    applicationStream: () =>\n                      required(\n                        state.applicationStream,\n                        \"Missing application stream in the input for AddToTrustchain\",\n                      ),\n                  }),\n                ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map(() => ({\n                  raise: \"success\",\n                  assign: { wasAddedToTrustchain: true },\n                })),\n              ),\n            },\n          },\n        },\n\n        ExtractEncryptionKey: {\n          on: { success: \"Success\", error: \"Error\" },\n          invoke: {\n            id: \"ExtractEncryptionKey\",\n            src: \"extractEncryptionKey\",\n            input: ({ context }) =>\n              context._internalState.chain((state) =>\n                required(\n                  state.applicationStream,\n                  \"Missing application stream\",\n                ).map((applicationStream) => ({\n                  applicationStream,\n                  keypair: context.input.keypair,\n                })),\n              ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map((encryptionKey) => ({\n                  raise: \"success\",\n                  assign: { encryptionKey },\n                })),\n              ),\n            },\n          },\n        },\n\n        Success: { type: \"final\" },\n\n        Error: { type: \"final\" },\n      },\n\n      output: ({ context }) =>\n        context._internalState.chain((state) =>\n          eitherSeqRecord({\n            trustchainId: () =>\n              required(\n                state.trustchainId ?? context.input.trustchainId,\n                \"Missing Trustchain ID in the output\",\n              ),\n            jwt: () =>\n              required(\n                state.jwt ?? context.input.jwt,\n                \"Missing JWT in the output\",\n              ),\n            applicationPath: () =>\n              required(\n                state.applicationStream?.getPath().extract(),\n                \"Missing application path in the output\",\n              ),\n            encryptionKey: () =>\n              required(\n                state.encryptionKey,\n                \"Missing encryption key in the output\",\n              ),\n          }),\n        ),\n    });\n  }\n\n  extractDependencies(internalApi: InternalApi) {\n    return {\n      deviceAuth: (args: { input: { lkrpDataSource: LKRPDataSource } }) =>\n        this.auth(\n          args.input.lkrpDataSource,\n          new SignChallengeWithDeviceTask(internalApi),\n        ).run(),\n\n      keypairAuth: (args: {\n        input: Pick<AuthenticateDAInput, \"lkrpDataSource\" | \"keypair\"> & {\n          trustchainId: Either<LKRPMissingDataError, string>;\n        };\n      }) => {\n        const { lkrpDataSource, keypair } = args.input;\n        return EitherAsync.liftEither(args.input.trustchainId)\n          .chain((trustchainId) =>\n            this.auth(\n              lkrpDataSource,\n              new SignChallengeWithKeypairTask(keypair, trustchainId),\n            ),\n          )\n          .run();\n      },\n\n      getTrustchain: (args: {\n        input: Either<\n          AuthenticateDAError,\n          {\n            applicationId: number;\n            lkrpDataSource: LKRPDataSource;\n            trustchainId: string;\n            jwt: JWT;\n          }\n        >;\n      }) =>\n        EitherAsync.liftEither(args.input)\n          .chain(({ applicationId, lkrpDataSource, trustchainId, jwt }) =>\n            lkrpDataSource\n              .getTrustchainById(trustchainId, jwt)\n              .map((trustchain) => ({\n                trustchain,\n                applicationStream:\n                  trustchain[`m/${applicationId}'`] ??\n                  LKRPBlockStream.fromPath(`m/0'/${applicationId}'/0'`),\n              })),\n          )\n          .run(),\n\n      extractEncryptionKey: async (args: {\n        input: Either<\n          AuthenticateDAError,\n          {\n            applicationStream: LKRPBlockStream;\n            keypair: Keypair;\n          }\n        >;\n      }) => {\n        // TODO additional derivations should be supported:\n        // https://github.com/LedgerHQ/ledger-live/blob/develop/libs/hw-ledger-key-ring-protocol/src/Device.ts#L216...L226\n        // Probably not needed for Ledger Sync\n        return Promise.resolve(\n          args.input\n            .chain(({ applicationStream, keypair }) =>\n              applicationStream\n                .getPublishedKey(keypair)\n                .toEither(\n                  new UnknownDAError(\n                    \"There is no encryption key for the current member in the application stream.\",\n                  ),\n                ),\n            )\n            .map((key) => key.privateKey),\n        );\n      },\n    };\n  }\n\n  private auth(\n    lkrpDataSource: LKRPDataSource,\n    signerTask: {\n      run: (\n        challenge: Challenge,\n      ) => PromiseLike<Either<AuthenticateDAError, AuthenticationPayload>>;\n    },\n  ) {\n    return lkrpDataSource\n      .getChallenge()\n      .chain((challenge) => signerTask.run(challenge))\n      .chain((payload) => lkrpDataSource.authenticate(payload));\n  }\n}\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,8BAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAQO,2CACPC,EAAsD,qBACtDC,EAA2C,kBAS3CC,EAIO,kCAGPC,EAA4C,iEAC5CC,EAA6C,kEAM7CC,EAAgC,2CAChCC,EAAgC,2CAChCC,EAAyB,oCAEzBC,EAA+B,kCAC/BC,EAA4C,yCAE5C,MAAMC,EAAW,cAEV,MAAMb,UAAiC,oBAM5C,CACA,iBACEc,EAOA,CASA,KAAM,CAAE,WAAAC,EAAY,YAAAC,EAAa,cAAAC,EAAe,qBAAAC,CAAqB,EACnE,KAAK,oBAAoBJ,CAAW,EAEtC,SAAO,SAAM,CACX,MAAO,CACL,MAAO,CAAC,EACR,QAAS,CAAC,EACV,OAAQ,CAAC,CACX,EAEA,OAAQ,CACN,oBAAqB,IAAI,sBAAoB,CAC3C,MAAO,CAAE,QAASD,CAAS,CAC7B,CAAC,EAAE,iBAAiBC,CAAW,EAE/B,cAAY,eAAYC,CAAU,EAClC,eAAa,eAAYC,CAAW,EAEpC,iBAAe,eAAYC,CAAa,EAExC,4BAA6B,IAAI,8BAA4B,CAC3D,SAAO,QACL,IAAI,uBAAqB,oCAAoC,CAC/D,CACF,CAAC,EAAE,iBAAiBH,CAAW,EAE/B,wBAAsB,eAAYI,CAAoB,CACxD,EAEA,QAAS,CACP,wBAAsB,kBACpB,CAAC,CAAE,MAAAC,CAAM,OACP,QACE,IAAI,iBAAe,OAAQA,EAA8B,KAAK,CAAC,CACjE,CACJ,CACF,EAEA,OAAQ,CACN,kBAAmB,CAAC,CAAE,QAAAC,CAAQ,IAAM,CAACA,EAAQ,MAAM,aACnD,SAAU,CAAC,CAAE,QAAAA,CAAQ,IAAM,CAACA,EAAQ,MAAM,IAC1C,mBAAoB,CAAC,CAAE,QAAAA,CAAQ,IAC7BA,EAAQ,eACL,QAAQ,EACR,IACEC,GACCA,EAAM,sBACNA,EAAM,mBAAmB,UACvBD,EAAQ,MAAM,QAAQ,YAAY,CACpC,CACJ,EACC,QAAQ,GAAK,EACpB,CACF,CAAC,EAAE,cAAc,CAGf,GAAI,2BACJ,QAAS,CAAC,CAAE,MAAAE,CAAM,KAAyB,CACzC,MAAAA,EACA,kBAAmB,CACjB,wBAAyB,0BAAwB,IACnD,EACA,kBAAgB,SAAM,CACpB,aAAc,KACd,IAAK,KACL,WAAY,KACZ,kBAAmB,KACnB,cAAe,KACf,qBAAsB,EACxB,CAAC,CACH,GAEA,QAAS,mBACT,OAAQ,CACN,iBAAkB,CAChB,OAAQ,CACN,CAAE,OAAQ,aAAc,MAAO,mBAAoB,EACnD,CAAE,OAAQ,cAAe,MAAO,UAAW,EAC3C,CAAE,OAAQ,eAAgB,CAC5B,CACF,EAEA,YAAa,CACX,GAAI,CACF,QAAS,gBACT,mBAAoB,aACpB,MAAO,OACT,EACA,OAAQ,CACN,GAAI,cACJ,IAAK,cACL,MAAO,CAAC,CAAE,QAAAF,CAAQ,KAAO,CACvB,eAAgBA,EAAQ,MAAM,eAC9B,QAASA,EAAQ,MAAM,QACvB,gBAAc,YACZA,EAAQ,MAAM,aACd,oCACF,CACF,GACA,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,WAAS,kBAAe,CAAC,CAAE,MAAAD,CAAM,IAC/BA,EAAM,OACH,IAAI,CAAC,CAAE,IAAAI,CAAI,KAAO,CACjB,MAAO,UACP,OAAQ,CAAE,IAAAA,CAAI,CAChB,EAAE,EACD,UAAWC,GACVA,aAAiB,2BACb,SAAM,CAAE,MAAO,oBAAqB,CAAC,KACrC,QAAKA,CAAK,CAChB,CACJ,CACF,CACF,CACF,EAEA,WAAY,CACV,GAAI,CAAE,QAAS,gBAAiB,MAAO,OAAQ,EAC/C,QAAS,UACT,OAAQ,CACN,QAAS,CAEP,GAAI,CAAE,QAAS,MAAO,EACtB,OAAQ,CACN,GAAI,UACJ,IAAK,sBACL,MAAO,CAAE,QAASX,CAAS,EAC3B,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,WAAS,kBAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CAAE,MAAO,SAAU,EAAE,CAC/C,CACF,CACF,CACF,EAEA,KAAM,CACJ,SAAO,UAAO,CACZ,kBAAmB,CACjB,wBAAyB,qBAC3B,CACF,CAAC,EACD,QAAM,UAAO,CACX,kBAAmB,CACjB,wBAAyB,0BAAwB,IACnD,CACF,CAAC,EACD,OAAQ,CACN,GAAI,aACJ,IAAK,aACL,MAAO,CAAC,CAAE,QAAAC,CAAQ,IAAMA,EAAQ,MAChC,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,WAAS,kBAAe,CAAC,CAAE,MAAAD,CAAM,IAC/BA,EAAM,OAAO,MAAOM,GAClBA,EAAQ,aAAa,OAAO,CAC1B,QAAS,OACP,QACE,IAAI,qBAAmB,yBAAyB,CAClD,EACF,KAAOC,MACL,SAAM,CACJ,MAAO,UACP,OAAQ,CAAE,IAAKD,EAAQ,IAAK,aAAAC,CAAa,CAC3C,CAAC,CACL,CAAC,CACH,CACF,CACF,CACF,CACF,CACF,CACF,EAEA,cAAe,CACb,GAAI,CACF,QAAS,iBACT,mBAAoB,cACpB,MAAO,OACT,EACA,OAAQ,CACN,GAAI,gBACJ,IAAK,gBACL,MAAO,CAAC,CAAE,QAAAN,CAAQ,IAChBA,EAAQ,eAAe,MAAOC,MAC5B,mBAAgB,CACd,eAAgBD,EAAQ,MAAM,eAC9B,cAAeA,EAAQ,MAAM,cAC7B,aAAc,OACZ,YACEC,EAAM,cAAgBD,EAAQ,MAAM,aACpC,sDACF,EACF,IAAK,OACH,YACEC,EAAM,KAAOD,EAAQ,MAAM,IAC3B,4CACF,CACJ,CAAC,CACH,EACF,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,WAAS,kBAAe,CAAC,CAAE,MAAAD,CAAM,IAC/BA,EAAM,OAAO,IAAI,CAAC,CAAE,WAAAQ,EAAY,kBAAAC,CAAkB,KAAO,CACvD,MAAO,UACP,OAAQ,CAAE,WAAAD,EAAY,kBAAAC,CAAkB,CAC1C,EAAE,CACJ,CACF,CACF,CACF,EAEA,eAAgB,CACd,OAAQ,CACN,CAAE,OAAQ,uBAAwB,MAAO,oBAAqB,EAC9D,CAAE,OAAQ,iBAAkB,CAC9B,CACF,EAEA,gBAAiB,CAEf,GAAI,CACF,QAAS,gBACT,MAAO,OACT,EACA,OAAQ,CACN,GAAI,kBACJ,IAAK,8BACL,MAAO,CAAC,CAAE,QAAAR,CAAQ,IAChBA,EAAQ,eACL,QACC,IACE,IAAI,uBACF,+CACF,CACJ,EACC,MAAOC,MACN,mBAAgB,CACd,eAAgBD,EAAQ,MAAM,eAC9B,QAASA,EAAQ,MAAM,QACvB,WAAYA,EAAQ,MAAM,WAC1B,YAAaA,EAAQ,MAAM,YAC3B,IAAK,OACH,YACEC,EAAM,KAAOD,EAAQ,MAAM,IAC3B,8CACF,EACF,aAAc,OACZ,YACEC,EAAM,cAAgBD,EAAQ,MAAM,aACpC,sDACF,EACF,WAAY,OACV,YACEC,EAAM,WACN,qDACF,EACF,kBAAmB,OACjB,YACEA,EAAM,kBACN,6DACF,CACJ,CAAC,CACH,EACJ,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,WAAS,kBAAe,CAAC,CAAE,MAAAF,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CACtB,MAAO,UACP,OAAQ,CAAE,qBAAsB,EAAK,CACvC,EAAE,CACJ,CACF,CACF,CACF,EAEA,qBAAsB,CACpB,GAAI,CAAE,QAAS,UAAW,MAAO,OAAQ,EACzC,OAAQ,CACN,GAAI,uBACJ,IAAK,uBACL,MAAO,CAAC,CAAE,QAAAC,CAAQ,IAChBA,EAAQ,eAAe,MAAOC,MAC5B,YACEA,EAAM,kBACN,4BACF,EAAE,IAAKO,IAAuB,CAC5B,kBAAAA,EACA,QAASR,EAAQ,MAAM,OACzB,EAAE,CACJ,EACF,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,WAAS,kBAAe,CAAC,CAAE,MAAAD,CAAM,IAC/BA,EAAM,OAAO,IAAKU,IAAmB,CACnC,MAAO,UACP,OAAQ,CAAE,cAAAA,CAAc,CAC1B,EAAE,CACJ,CACF,CACF,CACF,EAEA,QAAS,CAAE,KAAM,OAAQ,EAEzB,MAAO,CAAE,KAAM,OAAQ,CACzB,EAEA,OAAQ,CAAC,CAAE,QAAAT,CAAQ,IACjBA,EAAQ,eAAe,MAAOC,MAC5B,mBAAgB,CACd,aAAc,OACZ,YACEA,EAAM,cAAgBD,EAAQ,MAAM,aACpC,qCACF,EACF,IAAK,OACH,YACEC,EAAM,KAAOD,EAAQ,MAAM,IAC3B,2BACF,EACF,gBAAiB,OACf,YACEC,EAAM,mBAAmB,QAAQ,EAAE,QAAQ,EAC3C,wCACF,EACF,cAAe,OACb,YACEA,EAAM,cACN,sCACF,CACJ,CAAC,CACH,CACJ,CAAC,CACH,CAEA,oBAAoBP,EAA0B,CAC5C,MAAO,CACL,WAAagB,GACX,KAAK,KACHA,EAAK,MAAM,eACX,IAAI,8BAA4BhB,CAAW,CAC7C,EAAE,IAAI,EAER,YAAcgB,GAIR,CACJ,KAAM,CAAE,eAAAC,EAAgB,QAAAC,CAAQ,EAAIF,EAAK,MACzC,OAAO,cAAY,WAAWA,EAAK,MAAM,YAAY,EAClD,MAAOJ,GACN,KAAK,KACHK,EACA,IAAI,+BAA6BC,EAASN,CAAY,CACxD,CACF,EACC,IAAI,CACT,EAEA,cAAgBI,GAWd,cAAY,WAAWA,EAAK,KAAK,EAC9B,MAAM,CAAC,CAAE,cAAAG,EAAe,eAAAF,EAAgB,aAAAL,EAAc,IAAAH,CAAI,IACzDQ,EACG,kBAAkBL,EAAcH,CAAG,EACnC,IAAKI,IAAgB,CACpB,WAAAA,EACA,kBACEA,EAAW,KAAKM,CAAa,GAAG,GAChC,kBAAgB,SAAS,QAAQA,CAAa,MAAM,CACxD,EAAE,CACN,EACC,IAAI,EAET,qBAAsB,MAAOH,GAYpB,QAAQ,QACbA,EAAK,MACF,MAAM,CAAC,CAAE,kBAAAF,EAAmB,QAAAI,CAAQ,IACnCJ,EACG,gBAAgBI,CAAO,EACvB,SACC,IAAI,iBACF,8EACF,CACF,CACJ,EACC,IAAKE,GAAQA,EAAI,UAAU,CAChC,CAEJ,CACF,CAEQ,KACNH,EACAI,EAKA,CACA,OAAOJ,EACJ,aAAa,EACb,MAAOK,GAAcD,EAAW,IAAIC,CAAS,CAAC,EAC9C,MAAOX,GAAYM,EAAe,aAAaN,CAAO,CAAC,CAC5D,CACF",
+  "names": ["AuthenticateDeviceAction_exports", "__export", "AuthenticateDeviceAction", "__toCommonJS", "import_device_management_kit", "import_purify_ts", "import_xstate", "import_Errors", "import_SignChallengeWithDeviceTask", "import_SignChallengeWithKeypairTask", "import_eitherSeqRecord", "import_LKRPBlockStream", "import_required", "import_raiseAndAssign", "import_AddToTrustchainDeviceAction", "APP_NAME", "internalApi", "deviceAuth", "keypairAuth", "getTrustchain", "extractEncryptionKey", "event", "context", "state", "input", "jwt", "error", "payload", "trustchainId", "trustchain", "applicationStream", "encryptionKey", "args", "lkrpDataSource", "keypair", "applicationId", "key", "signerTask", "challenge"]
+}

package/lib/cjs/internal/app-binder/device-action/utils/raiseAndAssign.js

@@ -0,0 +1,2 @@
+"use strict";var a=Object.defineProperty;var E=Object.getOwnPropertyDescriptor;var d=Object.getOwnPropertyNames;var c=Object.prototype.hasOwnProperty;var x=(e,t)=>{for(var n in t)a(e,n,{get:t[n],enumerable:!0})},p=(e,t,n,i)=>{if(t&&typeof t=="object"||typeof t=="function")for(let r of d(t))!c.call(e,r)&&r!==n&&a(e,r,{get:()=>t[r],enumerable:!(i=E(t,r))||i.enumerable});return e};var v=e=>p(a({},"__esModule",{value:!0}),e);var P={};x(P,{raiseAndAssign:()=>m});module.exports=v(P);var o=require("purify-ts"),s=require("xstate");function m(e){return(0,s.enqueueActions)(({enqueue:t,...n})=>{e(n).ifLeft(i=>{t.assign({_internalState:(0,o.Left)(i)}),t.raise({type:"error"})}).ifRight(({raise:i,assign:r})=>{if(n.context._internalState.isLeft())return t.raise({type:"error"});r&&t.assign({_internalState:n.context._internalState.map(T=>({...T,...r}))}),t.raise({type:i})})})}0&&(module.exports={raiseAndAssign});
+//# sourceMappingURL=raiseAndAssign.js.map

package/lib/cjs/internal/app-binder/device-action/utils/raiseAndAssign.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../src/internal/app-binder/device-action/utils/raiseAndAssign.ts"],
+  "sourcesContent": ["import { type Either, Left } from \"purify-ts\";\nimport {\n  type ActionArgs,\n  type ActionFunction,\n  enqueueActions,\n  type EventObject,\n  type MachineContext,\n  type ParameterizedObject,\n  type ProvidedActor,\n} from \"xstate\";\n\ntype UnwrapEither<T extends Either<unknown, unknown>> =\n  T extends Either<infer L, infer R> ? { L: L; R: R } : never;\n\n/**\n * Both raises an event and assigns values to the _internalState based on an Either result.\n * When the result is Left: automatically raises \"error\" and set the _internalState to the result.\n *\n * Example usage:\n *\n * Foo: {\n *   on: { bar: Bar , baz: Baz, retry: Retry, error: Error },\n *   invoke: {\n *     src: \"someActor\",\n *     onDone: raiseAndAssign(({ event }) =>\n *       event.output\n *         .map(({ resultType, payload }) => {\n *           switch(resultType) {\n *             case \"A\":\n *               return { raise: \"bar\", assign: { A: payload.A } };\n *             case \"B\":\n *               return { raise: \"baz\", assign: { B: payload.B } };\n *           }\n *         })\n *         .chainLeft((error) =>\n *           error instanceof SomeError\n *             ? Right({ raise: \"retry\", assign: { count: error.count } })\n *             : Left(error)\n *         ),\n *     ),\n */\n\nexport function raiseAndAssign<\n  TContext extends MachineContext & {\n    _internalState: Either<unknown, object>;\n  },\n  TExpressionEvent extends EventObject,\n  TParams extends ParameterizedObject[\"params\"] | undefined,\n  TEvent extends EventObject = TExpressionEvent,\n  TActor extends ProvidedActor = ProvidedActor,\n  TAction extends ParameterizedObject = ParameterizedObject,\n  TGuard extends ParameterizedObject = ParameterizedObject,\n  TDelay extends string = never,\n  TEmitted extends EventObject = EventObject,\n>(\n  args: (args: ActionArgs<TContext, TExpressionEvent, TEvent>) => Either<\n    UnwrapEither<TContext[\"_internalState\"]>[\"L\"],\n    {\n      raise: TEvent[\"type\"];\n      assign?: Partial<UnwrapEither<TContext[\"_internalState\"]>[\"R\"]>;\n    }\n  >,\n): ActionFunction<\n  TContext,\n  TExpressionEvent,\n  TEvent,\n  TParams,\n  TActor,\n  TAction,\n  TGuard,\n  TDelay,\n  TEmitted\n> {\n  return enqueueActions(({ enqueue, ...actionArgs }) => {\n    args(actionArgs)\n      .ifLeft((error) => {\n        enqueue.assign({ _internalState: Left(error) } as Partial<TContext>);\n        enqueue.raise({ type: \"error\" } as TEvent);\n      })\n\n      .ifRight(({ raise, assign }) => {\n        // Double check internal state\n        if (actionArgs.context._internalState.isLeft()) {\n          return enqueue.raise({ type: \"error\" } as TEvent);\n        }\n\n        if (assign) {\n          enqueue.assign({\n            _internalState: actionArgs.context._internalState.map<\n              Partial<UnwrapEither<TContext[\"_internalState\"]>[\"R\"]>\n            >((prev) => ({ ...prev, ...assign })),\n          } as Partial<TContext>);\n        }\n        enqueue.raise({ type: raise } as TEvent);\n      });\n  });\n}\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,oBAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAAkC,qBAClCC,EAQO,kBAiCA,SAASH,EAadI,EAiBA,CACA,SAAO,kBAAe,CAAC,CAAE,QAAAC,EAAS,GAAGC,CAAW,IAAM,CACpDF,EAAKE,CAAU,EACZ,OAAQC,GAAU,CACjBF,EAAQ,OAAO,CAAE,kBAAgB,QAAKE,CAAK,CAAE,CAAsB,EACnEF,EAAQ,MAAM,CAAE,KAAM,OAAQ,CAAW,CAC3C,CAAC,EAEA,QAAQ,CAAC,CAAE,MAAAG,EAAO,OAAAC,CAAO,IAAM,CAE9B,GAAIH,EAAW,QAAQ,eAAe,OAAO,EAC3C,OAAOD,EAAQ,MAAM,CAAE,KAAM,OAAQ,CAAW,EAG9CI,GACFJ,EAAQ,OAAO,CACb,eAAgBC,EAAW,QAAQ,eAAe,IAE/CI,IAAU,CAAE,GAAGA,EAAM,GAAGD,CAAO,EAAE,CACtC,CAAsB,EAExBJ,EAAQ,MAAM,CAAE,KAAMG,CAAM,CAAW,CACzC,CAAC,CACL,CAAC,CACH",
+  "names": ["raiseAndAssign_exports", "__export", "raiseAndAssign", "__toCommonJS", "import_purify_ts", "import_xstate", "args", "enqueue", "actionArgs", "error", "raise", "assign", "prev"]
+}

package/lib/cjs/internal/app-binder/di/appBinderModule.js

@@ -0,0 +1,2 @@
+"use strict";var n=Object.defineProperty;var a=Object.getOwnPropertyDescriptor;var g=Object.getOwnPropertyNames;var B=Object.prototype.hasOwnProperty;var c=(o,r)=>{for(var i in r)n(o,i,{get:r[i],enumerable:!0})},f=(o,r,i,p)=>{if(r&&typeof r=="object"||typeof r=="function")for(let e of g(r))!B.call(o,e)&&e!==i&&n(o,e,{get:()=>r[e],enumerable:!(p=a(r,e))||p.enumerable});return o};var l=o=>f(n({},"__esModule",{value:!0}),o);var s={};c(s,{appBindingModuleFactory:()=>y});module.exports=l(s);var t=require("inversify"),d=require("../../app-binder/di/appBinderTypes"),m=require("../../app-binder/LedgerKeyringProtocolBinder");const y=()=>new t.ContainerModule(({bind:o})=>{o(d.appBinderTypes.AppBinding).to(m.LedgerKeyringProtocolBinder)});0&&(module.exports={appBindingModuleFactory});
+//# sourceMappingURL=appBinderModule.js.map

package/lib/cjs/internal/app-binder/di/appBinderModule.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/di/appBinderModule.ts"],
+  "sourcesContent": ["import { ContainerModule } from \"inversify\";\n\nimport { appBinderTypes } from \"@internal/app-binder/di/appBinderTypes\";\nimport { LedgerKeyringProtocolBinder } from \"@internal/app-binder/LedgerKeyringProtocolBinder\";\n\nexport const appBindingModuleFactory = () =>\n  new ContainerModule(({ bind }) => {\n    bind(appBinderTypes.AppBinding).to(LedgerKeyringProtocolBinder);\n  });\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,6BAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAAgC,qBAEhCC,EAA+B,kDAC/BC,EAA4C,4DAErC,MAAMJ,EAA0B,IACrC,IAAI,kBAAgB,CAAC,CAAE,KAAAK,CAAK,IAAM,CAChCA,EAAK,iBAAe,UAAU,EAAE,GAAG,6BAA2B,CAChE,CAAC",
+  "names": ["appBinderModule_exports", "__export", "appBindingModuleFactory", "__toCommonJS", "import_inversify", "import_appBinderTypes", "import_LedgerKeyringProtocolBinder", "bind"]
+}

package/lib/cjs/internal/app-binder/di/appBinderTypes.js

@@ -0,0 +1,2 @@
+"use strict";var o=Object.defineProperty;var d=Object.getOwnPropertyDescriptor;var B=Object.getOwnPropertyNames;var s=Object.prototype.hasOwnProperty;var t=(n,p)=>{for(var i in p)o(n,i,{get:p[i],enumerable:!0})},y=(n,p,i,r)=>{if(p&&typeof p=="object"||typeof p=="function")for(let e of B(p))!s.call(n,e)&&e!==i&&o(n,e,{get:()=>p[e],enumerable:!(r=d(p,e))||r.enumerable});return n};var A=n=>y(o({},"__esModule",{value:!0}),n);var b={};t(b,{appBinderTypes:()=>a});module.exports=A(b);const a={AppBinding:Symbol.for("AppBinder")};0&&(module.exports={appBinderTypes});
+//# sourceMappingURL=appBinderTypes.js.map

package/lib/cjs/internal/app-binder/di/appBinderTypes.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/di/appBinderTypes.ts"],
+  "sourcesContent": ["export const appBinderTypes = {\n  AppBinding: Symbol.for(\"AppBinder\"),\n};\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,oBAAAE,IAAA,eAAAC,EAAAH,GAAO,MAAME,EAAiB,CAC5B,WAAY,OAAO,IAAI,WAAW,CACpC",
+  "names": ["appBinderTypes_exports", "__export", "appBinderTypes", "__toCommonJS"]
+}

package/lib/cjs/internal/app-binder/task/InitTask.js

@@ -0,0 +1,2 @@
+"use strict";var a=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var c=Object.getOwnPropertyNames;var u=Object.prototype.hasOwnProperty;var d=(t,r)=>{for(var e in r)a(t,e,{get:r[e],enumerable:!0})},K=(t,r,e,m)=>{if(r&&typeof r=="object"||typeof r=="function")for(let o of c(r))!u.call(t,o)&&o!==e&&a(t,o,{get:()=>r[o],enumerable:!(m=y(r,o))||m.enumerable});return t};var f=t=>K(a({},"__esModule",{value:!0}),t);var C={};d(C,{InitTask:()=>l});module.exports=f(C);var p=require("@ledgerhq/device-management-kit"),i=require("purify-ts"),n=require("../../app-binder/command/InitCommand"),s=require("../../utils/crypto");class l{constructor(r){this.api=r}async run(){const r=s.CryptoUtils.randomKeypair(),e=await this.api.sendCommand(new n.InitCommand({publicKey:r.pubKeyToU8a()}));return e.status!==p.CommandResultStatus.Success?(0,i.Left)(e.error):(0,i.Right)(r)}}0&&(module.exports={InitTask});
+//# sourceMappingURL=InitTask.js.map

package/lib/cjs/internal/app-binder/task/InitTask.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/task/InitTask.ts"],
+  "sourcesContent": ["import {\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, Left, Right } from \"purify-ts\";\n\nimport { type Keypair } from \"@api/index\";\nimport { InitCommand } from \"@internal/app-binder/command/InitCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { CryptoUtils } from \"@internal/utils/crypto\";\n\nexport class InitTask {\n  constructor(private readonly api: InternalApi) {}\n\n  async run(): Promise<Either<LKRPDeviceCommandError, Keypair>> {\n    const sessionKeypair = CryptoUtils.randomKeypair();\n    const response = await this.api.sendCommand(\n      new InitCommand({ publicKey: sessionKeypair.pubKeyToU8a() }),\n    );\n\n    return response.status !== CommandResultStatus.Success\n      ? Left(response.error)\n      : Right(sessionKeypair);\n  }\n}\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,cAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAGO,2CACPC,EAAyC,qBAGzCC,EAA4B,oDAE5BC,EAA4B,kCAErB,MAAML,CAAS,CACpB,YAA6BM,EAAkB,CAAlB,SAAAA,CAAmB,CAEhD,MAAM,KAAwD,CAC5D,MAAMC,EAAiB,cAAY,cAAc,EAC3CC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,cAAY,CAAE,UAAWD,EAAe,YAAY,CAAE,CAAC,CAC7D,EAEA,OAAOC,EAAS,SAAW,sBAAoB,WAC3C,QAAKA,EAAS,KAAK,KACnB,SAAMD,CAAc,CAC1B,CACF",
+  "names": ["InitTask_exports", "__export", "InitTask", "__toCommonJS", "import_device_management_kit", "import_purify_ts", "import_InitCommand", "import_crypto", "api", "sessionKeypair", "response"]
+}

package/lib/cjs/internal/app-binder/task/ParseStreamToDeviceTask.js

@@ -0,0 +1,2 @@
+"use strict";var i=Object.defineProperty;var f=Object.getOwnPropertyDescriptor;var l=Object.getOwnPropertyNames;var k=Object.prototype.hasOwnProperty;var S=(o,t)=>{for(var r in t)i(o,r,{get:t[r],enumerable:!0})},T=(o,t,r,e)=>{if(t&&typeof t=="object"||typeof t=="function")for(let a of l(t))!k.call(o,a)&&a!==r&&i(o,a,{get:()=>t[a],enumerable:!(e=f(t,a))||e.enumerable});return o};var g=o=>T(i({},"__esModule",{value:!0}),o);var R={};S(R,{ParseStreamToDeviceTask:()=>E});module.exports=g(R);var n=require("@ledgerhq/device-management-kit"),s=require("purify-ts"),u=require("../../app-binder/command/ParseBlockSignatureCommand"),c=require("../../app-binder/command/ParseStreamBlockCommand"),d=require("../../app-binder/command/ParseStreamBlockHeader"),p=require("../../app-binder/command/SetTrustedMemberCommand"),P=require("../../utils/eitherSeqRecord"),m=require("../../utils/hex"),h=require("./utils/TrustedProperties");class E{constructor(t){this.api=t}lastTrustedMember=null;trustedMembers=new Map;run({seedBlock:t,applicationStream:r}){return this.parseBlock(t).chain(()=>r?this.parseStream(r):s.EitherAsync.liftEither((0,s.Right)(void 0)))}parseStream(t){return s.EitherAsync.liftEither(t.parse()).chain(r=>s.EitherAsync.sequence(r.map(e=>this.parseBlock(e))))}parseBlock(t){return s.EitherAsync.liftEither(t.parse()).chain(r=>this.setTrustedMember((0,m.bytesToHex)(r.issuer)).map(()=>r)).chain(async r=>{try{const e=await this.api.sendCommand(new d.ParseBlockHeaderCommand(r));if(e.status!==n.CommandResultStatus.Success)return(0,s.Left)(e.error)}catch(e){return(0,s.Left)(new n.UnknownDAError(String(e)))}return(0,s.Right)(r)}).chain(r=>s.EitherAsync.sequence(r.commands.map(e=>this.parseCommand(e,(0,m.bytesToHex)(r.issuer)))).map(()=>r)).chain(async r=>{try{const e=await this.api.sendCommand(new u.ParseBlockSignatureCommand(r));if(e.status!==n.CommandResultStatus.Success)return(0,s.Left)(e.error)}catch(e){return(0,s.Left)(new n.UnknownDAError(String(e)))}return(0,s.Right)(void 0)})}parseCommand(t,r){const e=t.getPublicKey().orDefault(r);return this.setTrustedMember(e).chain(async()=>{try{const a=await this.api.sendCommand(new c.ParseSingleCommand({command:t.toU8A()}));return a.status!==n.CommandResultStatus.Success?(0,s.Left)(a.error):this.recordTrustedMembers(e,a.data)}catch(a){return(0,s.Left)(new n.UnknownDAError(String(a)))}})}setTrustedMember(t){return s.EitherAsync.fromPromise(async()=>{if(t===this.lastTrustedMember)return(0,s.Right)(void 0);const r=this.trustedMembers.get(t);if(!r)return(0,s.Right)(void 0);try{const e=await this.api.sendCommand(new p.SetTrustedMemberCommand(r));if(e.status!==n.CommandResultStatus.Success)return(0,s.Left)(e.error)}catch(e){return(0,s.Left)(new n.UnknownDAError(String(e)))}return(0,s.Right)(void 0)})}recordTrustedMembers(t,r){if(this.lastTrustedMember=t,r.length===0||this.trustedMembers.has(t))return(0,s.Right)(void 0);const e=new h.TrustedProperties(r);return(0,P.eitherSeqRecord)({iv:()=>e.getIv(),memberTlv:()=>e.getNewMember()}).ifRight(a=>this.trustedMembers.set(t,a))}}0&&(module.exports={ParseStreamToDeviceTask});
+//# sourceMappingURL=ParseStreamToDeviceTask.js.map

package/lib/cjs/internal/app-binder/task/ParseStreamToDeviceTask.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/task/ParseStreamToDeviceTask.ts"],
+  "sourcesContent": ["import {\n  CommandResultStatus,\n  type InternalApi,\n  UnknownDAError,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Right } from \"purify-ts\";\n\nimport {\n  type LKRPMissingDataError,\n  type LKRPParsingError,\n} from \"@api/app-binder/Errors\";\nimport { type SetTrustedMemberCommandArgs } from \"@api/app-binder/SetTrustedMemberTypes\";\nimport { ParseBlockSignatureCommand } from \"@internal/app-binder/command/ParseBlockSignatureCommand\";\nimport { ParseSingleCommand } from \"@internal/app-binder/command/ParseStreamBlockCommand\";\nimport { ParseBlockHeaderCommand } from \"@internal/app-binder/command/ParseStreamBlockHeader\";\nimport { SetTrustedMemberCommand } from \"@internal/app-binder/command/SetTrustedMemberCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { bytesToHex } from \"@internal/utils/hex\";\nimport { type LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\nimport { type LKRPCommand } from \"@internal/utils/LKRPCommand\";\nimport { type LKRPBlockParsedData } from \"@internal/utils/types\";\n\nimport { TrustedProperties } from \"./utils/TrustedProperties\";\n\nexport type ParseStreamToDeviceTaskInput = {\n  seedBlock: LKRPBlock; // The seed block is mandatory for now because the trustchain creation / parse empty stream are not yet implemented\n  applicationStream: LKRPBlockStream | null;\n};\n\ntype ParseStreamTaskError =\n  | LKRPDeviceCommandError\n  | LKRPParsingError\n  | LKRPMissingDataError\n  | UnknownDAError;\n\nexport class ParseStreamToDeviceTask {\n  private lastTrustedMember: string | null = null;\n  private trustedMembers = new Map<string, SetTrustedMemberCommandArgs>();\n\n  constructor(private readonly api: InternalApi) {}\n\n  run({ seedBlock, applicationStream }: ParseStreamToDeviceTaskInput) {\n    return this.parseBlock(seedBlock).chain<ParseStreamTaskError, unknown>(\n      () =>\n        applicationStream\n          ? this.parseStream(applicationStream)\n          : EitherAsync.liftEither(Right(undefined)),\n    );\n  }\n\n  parseStream(stream: LKRPBlockStream) {\n    return EitherAsync.liftEither(stream.parse()).chain<\n      ParseStreamTaskError,\n      unknown\n    >((blocks) =>\n      EitherAsync.sequence(blocks.map((block) => this.parseBlock(block))),\n    );\n  }\n\n  parseBlock(block: LKRPBlock) {\n    return (\n      EitherAsync.liftEither(block.parse())\n\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>((data) =>\n          this.setTrustedMember(bytesToHex(data.issuer)).map(() => data),\n        )\n\n        // Parse the block header\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>(async (data) => {\n          try {\n            const response = await this.api.sendCommand(\n              new ParseBlockHeaderCommand(data),\n            );\n            if (response.status !== CommandResultStatus.Success) {\n              return Left(response.error);\n            }\n          } catch (error) {\n            return Left(new UnknownDAError(String(error)));\n          }\n          return Right(data);\n        })\n\n        // Parse each command\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>((data) =>\n          EitherAsync.sequence(\n            data.commands.map((command) =>\n              this.parseCommand(command, bytesToHex(data.issuer)),\n            ),\n          ).map(() => data),\n        )\n\n        // Parse the block signature\n        .chain<ParseStreamTaskError, void>(async (data) => {\n          try {\n            const response = await this.api.sendCommand(\n              new ParseBlockSignatureCommand(data),\n            );\n            if (response.status !== CommandResultStatus.Success) {\n              return Left(response.error);\n            }\n          } catch (error) {\n            return Left(new UnknownDAError(String(error)));\n          }\n          return Right(undefined);\n        })\n    );\n  }\n\n  parseCommand(command: LKRPCommand, blockIssuer: string) {\n    const publicKey = command.getPublicKey().orDefault(blockIssuer);\n\n    // Parse the command\n    return this.setTrustedMember(publicKey).chain<\n      ParseStreamTaskError,\n      unknown\n    >(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new ParseSingleCommand({ command: command.toU8A() }),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        return this.recordTrustedMembers(publicKey, response.data);\n      } catch (error) {\n        return Left(new UnknownDAError(String(error)));\n      }\n    });\n  }\n\n  setTrustedMember(publicKey: string) {\n    // NOTE: Set Trusted Member only when needed\n    // i.e: when this command wasn't signed by the device (see recordTrustedMembers NOTE) nor the last trusted member\n    return EitherAsync.fromPromise<ParseStreamTaskError, void>(async () => {\n      if (publicKey === this.lastTrustedMember) {\n        return Right(undefined);\n      }\n      const trustedMember = this.trustedMembers.get(publicKey);\n      if (!trustedMember) {\n        return Right(undefined);\n      }\n      try {\n        const response = await this.api.sendCommand(\n          new SetTrustedMemberCommand(trustedMember),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n      } catch (error) {\n        return Left(new UnknownDAError(String(error)));\n      }\n      return Right(undefined);\n    });\n  }\n\n  recordTrustedMembers(\n    publicKey: string,\n    trustedPropsBytes: Uint8Array,\n  ): Either<LKRPParsingError | LKRPMissingDataError, unknown> {\n    this.lastTrustedMember = publicKey;\n\n    // NOTE: Whenever a command which was signed by the device is parsed on the same device\n    // the parse block apdu returns empty trusted properties.\n    // Therefore this function will never record the device as a trusted member.\n    // (which is fine because the device doesn't need to set itself as a trusted member).\n    if (trustedPropsBytes.length === 0 || this.trustedMembers.has(publicKey)) {\n      return Right(undefined);\n    }\n\n    const trustedProps = new TrustedProperties(trustedPropsBytes);\n    return eitherSeqRecord({\n      iv: () => trustedProps.getIv(),\n      memberTlv: () => trustedProps.getNewMember(),\n    }).ifRight((trustedMember) =>\n      this.trustedMembers.set(publicKey, trustedMember),\n    );\n  }\n}\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,6BAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAIO,2CACPC,EAAsD,qBAOtDC,EAA2C,mEAC3CC,EAAmC,gEACnCC,EAAwC,+DACxCC,EAAwC,gEAExCC,EAAgC,2CAChCC,EAA2B,+BAM3BC,EAAkC,qCAa3B,MAAMV,CAAwB,CAInC,YAA6BW,EAAkB,CAAlB,SAAAA,CAAmB,CAHxC,kBAAmC,KACnC,eAAiB,IAAI,IAI7B,IAAI,CAAE,UAAAC,EAAW,kBAAAC,CAAkB,EAAiC,CAClE,OAAO,KAAK,WAAWD,CAAS,EAAE,MAChC,IACEC,EACI,KAAK,YAAYA,CAAiB,EAClC,cAAY,cAAW,SAAM,MAAS,CAAC,CAC/C,CACF,CAEA,YAAYC,EAAyB,CACnC,OAAO,cAAY,WAAWA,EAAO,MAAM,CAAC,EAAE,MAG3CC,GACD,cAAY,SAASA,EAAO,IAAKC,GAAU,KAAK,WAAWA,CAAK,CAAC,CAAC,CACpE,CACF,CAEA,WAAWA,EAAkB,CAC3B,OACE,cAAY,WAAWA,EAAM,MAAM,CAAC,EAEjC,MAAkDC,GACjD,KAAK,oBAAiB,cAAWA,EAAK,MAAM,CAAC,EAAE,IAAI,IAAMA,CAAI,CAC/D,EAGC,MAAiD,MAAOA,GAAS,CAChE,GAAI,CACF,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,0BAAwBD,CAAI,CAClC,EACA,GAAIC,EAAS,SAAW,sBAAoB,QAC1C,SAAO,QAAKA,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,SAAO,QAAK,IAAI,iBAAe,OAAOA,CAAK,CAAC,CAAC,CAC/C,CACA,SAAO,SAAMF,CAAI,CACnB,CAAC,EAGA,MAAkDA,GACjD,cAAY,SACVA,EAAK,SAAS,IAAKG,GACjB,KAAK,aAAaA,KAAS,cAAWH,EAAK,MAAM,CAAC,CACpD,CACF,EAAE,IAAI,IAAMA,CAAI,CAClB,EAGC,MAAkC,MAAOA,GAAS,CACjD,GAAI,CACF,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,6BAA2BD,CAAI,CACrC,EACA,GAAIC,EAAS,SAAW,sBAAoB,QAC1C,SAAO,QAAKA,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,SAAO,QAAK,IAAI,iBAAe,OAAOA,CAAK,CAAC,CAAC,CAC/C,CACA,SAAO,SAAM,MAAS,CACxB,CAAC,CAEP,CAEA,aAAaC,EAAsBC,EAAqB,CACtD,MAAMC,EAAYF,EAAQ,aAAa,EAAE,UAAUC,CAAW,EAG9D,OAAO,KAAK,iBAAiBC,CAAS,EAAE,MAGtC,SAAY,CACZ,GAAI,CACF,MAAMJ,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,qBAAmB,CAAE,QAASE,EAAQ,MAAM,CAAE,CAAC,CACrD,EACA,OAAIF,EAAS,SAAW,sBAAoB,WACnC,QAAKA,EAAS,KAAK,EAErB,KAAK,qBAAqBI,EAAWJ,EAAS,IAAI,CAC3D,OAASC,EAAO,CACd,SAAO,QAAK,IAAI,iBAAe,OAAOA,CAAK,CAAC,CAAC,CAC/C,CACF,CAAC,CACH,CAEA,iBAAiBG,EAAmB,CAGlC,OAAO,cAAY,YAAwC,SAAY,CACrE,GAAIA,IAAc,KAAK,kBACrB,SAAO,SAAM,MAAS,EAExB,MAAMC,EAAgB,KAAK,eAAe,IAAID,CAAS,EACvD,GAAI,CAACC,EACH,SAAO,SAAM,MAAS,EAExB,GAAI,CACF,MAAML,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,0BAAwBK,CAAa,CAC3C,EACA,GAAIL,EAAS,SAAW,sBAAoB,QAC1C,SAAO,QAAKA,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,SAAO,QAAK,IAAI,iBAAe,OAAOA,CAAK,CAAC,CAAC,CAC/C,CACA,SAAO,SAAM,MAAS,CACxB,CAAC,CACH,CAEA,qBACEG,EACAE,EAC0D,CAO1D,GANA,KAAK,kBAAoBF,EAMrBE,EAAkB,SAAW,GAAK,KAAK,eAAe,IAAIF,CAAS,EACrE,SAAO,SAAM,MAAS,EAGxB,MAAMG,EAAe,IAAI,oBAAkBD,CAAiB,EAC5D,SAAO,mBAAgB,CACrB,GAAI,IAAMC,EAAa,MAAM,EAC7B,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,EAAE,QAASF,GACV,KAAK,eAAe,IAAID,EAAWC,CAAa,CAClD,CACF,CACF",
+  "names": ["ParseStreamToDeviceTask_exports", "__export", "ParseStreamToDeviceTask", "__toCommonJS", "import_device_management_kit", "import_purify_ts", "import_ParseBlockSignatureCommand", "import_ParseStreamBlockCommand", "import_ParseStreamBlockHeader", "import_SetTrustedMemberCommand", "import_eitherSeqRecord", "import_hex", "import_TrustedProperties", "api", "seedBlock", "applicationStream", "stream", "blocks", "block", "data", "response", "error", "command", "blockIssuer", "publicKey", "trustedMember", "trustedPropsBytes", "trustedProps"]
+}

package/lib/cjs/internal/app-binder/task/SignBlockTask.js

@@ -0,0 +1,2 @@
+"use strict";var g=Object.defineProperty;var b=Object.getOwnPropertyDescriptor;var P=Object.getOwnPropertyNames;var f=Object.prototype.hasOwnProperty;var B=(s,r)=>{for(var e in r)g(s,e,{get:r[e],enumerable:!0})},K=(s,r,e,i)=>{if(r&&typeof r=="object"||typeof r=="function")for(let n of P(r))!f.call(s,n)&&n!==e&&g(s,n,{get:()=>r[n],enumerable:!(i=b(r,n))||i.enumerable});return s};var D=s=>K(g({},"__esModule",{value:!0}),s);var M={};B(M,{ISSUER_PLACEHOLDER:()=>h,SignBlockTask:()=>w});module.exports=D(M);var o=require("@ledgerhq/device-management-kit"),t=require("purify-ts"),S=require("../../app-binder/command/SignBlockHeader"),C=require("../../app-binder/command/SignBlockSignatureCommand"),v=require("../../app-binder/command/SignBlockSingleCommand"),l=require("../../utils/crypto"),d=require("../../utils/eitherSeqRecord"),k=require("../../utils/LKRPBlock"),y=require("../../utils/LKRPCommand"),a=require("../../utils/TLVTags"),u=require("./utils/TrustedProperties");const h=new Uint8Array([3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]);class w{constructor(r){this.api=r}run({lkrpDataSource:r,trustchainId:e,path:i,jwt:n,parent:m,blockFlow:c,sessionKeypair:A}){const E=this.signCommands(i,c);return(0,d.eitherAsyncSeqRecord)({header:this.signBlockHeader(m,E.length),commands:t.EitherAsync.sequence(E),signature:this.signBlockSignature(A)}).chain(p=>t.EitherAsync.liftEither(this.decryptBlock(m,p))).chain(p=>{switch(c.type){case"derive":return r.postDerivation(e,p,n);case"addMember":return r.putCommands(e,i,p,n)}})}signBlockHeader(r,e){return t.EitherAsync.fromPromise(async()=>{const i=Uint8Array.from([[a.GeneralTags.Int,1,1],[a.GeneralTags.Hash,r.length,...r],[a.GeneralTags.PublicKey,h.length,...h],[a.GeneralTags.Int,1,e]].flat());try{const n=await this.api.sendCommand(new S.SignBlockHeaderCommand({header:i}));if(n.status!==o.CommandResultStatus.Success)return(0,t.Left)(n.error);const m=new u.TrustedProperties(n.data);return(0,d.eitherSeqRecord)({iv:()=>m.getIv(),issuer:()=>m.getIssuer()})}catch(n){return(0,t.Left)(new o.UnknownDAError(String(n)))}})}signBlockSignature(r){return t.EitherAsync.fromPromise(async()=>{try{const e=await this.api.sendCommand(new C.SignBlockSignatureCommand);if(e.status!==o.CommandResultStatus.Success)return(0,t.Left)(e.error);const{signature:i,deviceSessionKey:n}=e.data,m=r.ecdh(n).slice(1);return(0,t.Right)({signature:i,secret:m})}catch(e){return(0,t.Left)(new o.UnknownDAError(String(e)))}})}signCommands(r,e){switch(e.type){case"derive":return[this.signDeriveCommand(r),this.signAddMemberCommand(e.data),this.signPublishKeyCommand(e.data)];case"addMember":return[this.signAddMemberCommand(e.data),this.signPublishKeyCommand(e.data)]}}signSingleCommand(r){return t.EitherAsync.fromPromise(async()=>{try{const e=await this.api.sendCommand(new v.SignBlockSingleCommand({command:r}));return e.status!==o.CommandResultStatus.Success?(0,t.Left)(e.error):(0,t.Right)(new u.TrustedProperties(e.data))}catch(e){return(0,t.Left)(new o.UnknownDAError(String(e)))}})}signDeriveCommand(r){return this.signSingleCommand(y.LKRPCommand.bytesFromUnsignedData({type:a.CommandTags.Derive,path:r})).chain(e=>t.EitherAsync.liftEither((0,d.eitherSeqRecord)({type:a.CommandTags.Derive,path:r,iv:()=>e.getIv(),xpriv:()=>e.getXPriv(),ephemeralPublicKey:()=>e.getEphemeralPublicKey(),commandIv:()=>e.getCommandIv(),groupKey:()=>e.getGroupKey(),newMember:()=>e.getNewMember()})))}signAddMemberCommand({name:r,publicKey:e,permissions:i}){return this.signSingleCommand(y.LKRPCommand.bytesFromUnsignedData({type:a.CommandTags.AddMember,name:r,publicKey:e,permissions:i})).chain(n=>t.EitherAsync.liftEither((0,d.eitherSeqRecord)({type:a.CommandTags.AddMember,name:r,publicKey:e,permissions:i,iv:()=>n.getIv(),newMember:()=>n.getNewMember()})))}signPublishKeyCommand({publicKey:r}){return this.signSingleCommand(y.LKRPCommand.bytesFromUnsignedData({type:a.CommandTags.PublishKey,recipient:r})).chain(e=>t.EitherAsync.liftEither((0,d.eitherSeqRecord)({type:a.CommandTags.PublishKey,recipient:r,iv:()=>e.getIv(),xpriv:()=>e.getXPriv(),ephemeralPublicKey:()=>e.getEphemeralPublicKey(),commandIv:()=>e.getCommandIv(),newMember:()=>e.getNewMember()})))}decryptBlock(r,{header:e,commands:i,signature:n}){const m=l.CryptoUtils.decrypt(n.secret,e.iv,e.issuer);return t.Either.sequence(i.map(c=>this.decryptCommand(n.secret,c))).map(c=>k.LKRPBlock.fromData({parent:(0,o.bufferToHexaString)(r),issuer:m,commands:c,signature:n.signature}))}decryptCommand(r,e){switch(e.type){case a.CommandTags.Derive:case a.CommandTags.PublishKey:{const i=l.CryptoUtils.decrypt(r,e.iv,e.xpriv);return(0,t.Right)(y.LKRPCommand.fromData({...e,initializationVector:e.commandIv,encryptedXpriv:i}))}case a.CommandTags.AddMember:return(0,t.Right)(y.LKRPCommand.fromData({...e}));default:return(0,t.Left)(new o.UnknownDAError("Unsupported command type"))}}}0&&(module.exports={ISSUER_PLACEHOLDER,SignBlockTask});
+//# sourceMappingURL=SignBlockTask.js.map

package/lib/cjs/internal/app-binder/task/SignBlockTask.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/task/SignBlockTask.ts"],
+  "sourcesContent": ["import {\n  bufferToHexaString,\n  CommandResultStatus,\n  type InternalApi,\n  UnknownDAError,\n} from \"@ledgerhq/device-management-kit\";\nimport { Either, EitherAsync, Left, Right } from \"purify-ts\";\n\nimport {\n  type LKRPHttpRequestError,\n  type LKRPMissingDataError,\n  type LKRPParsingError,\n} from \"@api/app-binder/Errors\";\nimport { type JWT, type Keypair } from \"@api/index\";\nimport { SignBlockHeaderCommand } from \"@internal/app-binder/command/SignBlockHeader\";\nimport { SignBlockSignatureCommand } from \"@internal/app-binder/command/SignBlockSignatureCommand\";\nimport { SignBlockSingleCommand } from \"@internal/app-binder/command/SignBlockSingleCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { type LKRPDataSource } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { CryptoUtils } from \"@internal/utils/crypto\";\nimport {\n  eitherAsyncSeqRecord,\n  eitherSeqRecord,\n} from \"@internal/utils/eitherSeqRecord\";\nimport { LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { LKRPCommand } from \"@internal/utils/LKRPCommand\";\nimport { CommandTags, GeneralTags } from \"@internal/utils/TLVTags\";\nimport {\n  type AddMemberUnsignedData,\n  type EncryptedCommand,\n  type EncryptedDeriveCommand,\n  type EncryptedPublishKeyCommand,\n} from \"@internal/utils/types\";\n\nimport { TrustedProperties } from \"./utils/TrustedProperties\";\n\ntype BlockFlow =\n  | { type: \"derive\"; data: AddMemberBlockData }\n  | { type: \"addMember\"; data: AddMemberBlockData };\n\ntype AddMemberBlockData = {\n  name: string;\n  publicKey: Uint8Array;\n  permissions: number;\n};\n\ntype HeaderPayload = {\n  iv: Uint8Array;\n  issuer: Uint8Array;\n};\ntype SignaturePayload = {\n  secret: Uint8Array;\n  signature: Uint8Array;\n};\n\ntype EncryptedBlock = {\n  header: HeaderPayload;\n  commands: EncryptedCommand[];\n  signature: SignaturePayload;\n};\n\nexport type SignBlockError =\n  | LKRPDeviceCommandError\n  | LKRPParsingError\n  | LKRPMissingDataError\n  | LKRPHttpRequestError\n  | UnknownDAError;\n\nexport type SignBlockTaskInput = {\n  lkrpDataSource: LKRPDataSource;\n  trustchainId: string;\n  path: string;\n  jwt: JWT;\n  parent: Uint8Array;\n  blockFlow: BlockFlow;\n  sessionKeypair: Keypair;\n};\n\nexport const ISSUER_PLACEHOLDER = new Uint8Array([\n  3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n  0, 0, 0, 0, 0, 0, 0,\n]);\n\nexport class SignBlockTask {\n  constructor(private readonly api: InternalApi) {}\n\n  run({\n    lkrpDataSource,\n    trustchainId,\n    path,\n    jwt,\n    parent,\n    blockFlow,\n    sessionKeypair,\n  }: SignBlockTaskInput): EitherAsync<SignBlockError, void> {\n    const commands = this.signCommands(path, blockFlow);\n    return eitherAsyncSeqRecord({\n      header: this.signBlockHeader(parent, commands.length),\n      commands: EitherAsync.sequence(commands),\n      signature: this.signBlockSignature(sessionKeypair),\n    })\n      .chain((encryptedBlock) =>\n        EitherAsync.liftEither(this.decryptBlock(parent, encryptedBlock)),\n      )\n      .chain((block) => {\n        switch (blockFlow.type) {\n          case \"derive\":\n            return lkrpDataSource.postDerivation(trustchainId, block, jwt);\n          case \"addMember\":\n            return lkrpDataSource.putCommands(trustchainId, path, block, jwt);\n        }\n      });\n  }\n\n  signBlockHeader(\n    parent: Uint8Array,\n    commandCount: number,\n  ): EitherAsync<SignBlockError, HeaderPayload> {\n    return EitherAsync.fromPromise(async () => {\n      const header = Uint8Array.from(\n        [\n          [GeneralTags.Int, 1, 1], // Version 1\n          [GeneralTags.Hash, parent.length, ...parent], // Parent block hash\n          [\n            GeneralTags.PublicKey,\n            ISSUER_PLACEHOLDER.length,\n            ...ISSUER_PLACEHOLDER,\n          ], // Placeholder for issuer public key (will be replaced by the device)\n          [GeneralTags.Int, 1, commandCount],\n        ].flat(),\n      );\n      try {\n        const response = await this.api.sendCommand(\n          new SignBlockHeaderCommand({ header }),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        const trustedProps = new TrustedProperties(response.data);\n        return eitherSeqRecord({\n          iv: () => trustedProps.getIv(),\n          issuer: () => trustedProps.getIssuer(),\n        }) as Either<SignBlockError, HeaderPayload>;\n      } catch (error) {\n        return Left(new UnknownDAError(String(error)));\n      }\n    });\n  }\n\n  signBlockSignature(\n    sessionKeypair: Keypair,\n  ): EitherAsync<SignBlockError, SignaturePayload> {\n    return EitherAsync.fromPromise(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new SignBlockSignatureCommand(),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        const { signature, deviceSessionKey } = response.data;\n        // At this step, the shared secret is used directly as an encryption key after removing the first byte\n        const secret = sessionKeypair.ecdh(deviceSessionKey).slice(1);\n        return Right({ signature, secret });\n      } catch (error) {\n        return Left(new UnknownDAError(String(error)));\n      }\n    });\n  }\n\n  signCommands(\n    applicationPath: string,\n    block: BlockFlow,\n  ): EitherAsync<SignBlockError, EncryptedCommand>[] {\n    switch (block.type) {\n      case \"derive\":\n        return [\n          this.signDeriveCommand(applicationPath),\n          this.signAddMemberCommand(block.data),\n          this.signPublishKeyCommand(block.data),\n        ];\n      case \"addMember\":\n        return [\n          this.signAddMemberCommand(block.data),\n          this.signPublishKeyCommand(block.data),\n        ];\n    }\n  }\n\n  signSingleCommand(command: Uint8Array) {\n    return EitherAsync.fromPromise(\n      async (): Promise<Either<SignBlockError, TrustedProperties>> => {\n        try {\n          const response = await this.api.sendCommand(\n            new SignBlockSingleCommand({ command }),\n          );\n          if (response.status !== CommandResultStatus.Success) {\n            return Left(response.error);\n          }\n          return Right(new TrustedProperties(response.data));\n        } catch (error) {\n          return Left(new UnknownDAError(String(error)));\n        }\n      },\n    );\n  }\n\n  signDeriveCommand(applicationPath: string) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.Derive,\n        path: applicationPath,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, EncryptedDeriveCommand>(\n        eitherSeqRecord({\n          type: CommandTags.Derive,\n          path: applicationPath,\n          iv: () => trustedProps.getIv(),\n          xpriv: () => trustedProps.getXPriv(),\n          ephemeralPublicKey: () => trustedProps.getEphemeralPublicKey(),\n          commandIv: () => trustedProps.getCommandIv(),\n          groupKey: () => trustedProps.getGroupKey(),\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there\n        }),\n      ),\n    );\n  }\n\n  signAddMemberCommand({ name, publicKey, permissions }: AddMemberBlockData) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.AddMember,\n        name,\n        publicKey,\n        permissions,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, AddMemberUnsignedData>(\n        eitherSeqRecord({\n          type: CommandTags.AddMember,\n          name,\n          publicKey,\n          permissions,\n          iv: () => trustedProps.getIv(), // Just validate it's there\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there\n        }),\n      ),\n    );\n  }\n\n  signPublishKeyCommand({ publicKey }: Pick<AddMemberBlockData, \"publicKey\">) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.PublishKey,\n        recipient: publicKey,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, EncryptedPublishKeyCommand>(\n        eitherSeqRecord({\n          type: CommandTags.PublishKey,\n          recipient: publicKey,\n          iv: () => trustedProps.getIv(),\n          xpriv: () => trustedProps.getXPriv(),\n          ephemeralPublicKey: () => trustedProps.getEphemeralPublicKey(),\n          commandIv: () => trustedProps.getCommandIv(),\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there,\n        }),\n      ),\n    );\n  }\n\n  decryptBlock(\n    parent: Uint8Array,\n    { header, commands, signature }: EncryptedBlock,\n  ): Either<SignBlockError, LKRPBlock> {\n    const decryptedIssuer = CryptoUtils.decrypt(\n      signature.secret,\n      header.iv,\n      header.issuer,\n    );\n    return Either.sequence(\n      commands.map((command) => this.decryptCommand(signature.secret, command)),\n    ).map((decryptedCommands) =>\n      LKRPBlock.fromData({\n        parent: bufferToHexaString(parent),\n        issuer: decryptedIssuer,\n        commands: decryptedCommands,\n        signature: signature.signature,\n      }),\n    );\n  }\n\n  decryptCommand(\n    secret: Uint8Array,\n    command: EncryptedCommand,\n  ): Either<UnknownDAError, LKRPCommand> {\n    switch (command.type) {\n      case CommandTags.Derive:\n      case CommandTags.PublishKey: {\n        const encryptedXpriv = CryptoUtils.decrypt(\n          secret,\n          command.iv,\n          command.xpriv,\n        );\n        return Right(\n          LKRPCommand.fromData({\n            ...command,\n            initializationVector: command.commandIv,\n            encryptedXpriv,\n          }),\n        );\n      }\n      case CommandTags.AddMember:\n        return Right(LKRPCommand.fromData({ ...command }));\n      default:\n        return Left(new UnknownDAError(\"Unsupported command type\"));\n    }\n  }\n}\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,wBAAAE,EAAA,kBAAAC,IAAA,eAAAC,EAAAJ,GAAA,IAAAK,EAKO,2CACPC,EAAiD,qBAQjDC,EAAuC,wDACvCC,EAA0C,kEAC1CC,EAAuC,+DAGvCC,EAA4B,kCAC5BC,EAGO,2CACPC,EAA0B,qCAC1BC,EAA4B,uCAC5BC,EAAyC,mCAQzCC,EAAkC,qCA4C3B,MAAMb,EAAqB,IAAI,WAAW,CAC/C,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAC3E,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,CACpB,CAAC,EAEM,MAAMC,CAAc,CACzB,YAA6Ba,EAAkB,CAAlB,SAAAA,CAAmB,CAEhD,IAAI,CACF,eAAAC,EACA,aAAAC,EACA,KAAAC,EACA,IAAAC,EACA,OAAAC,EACA,UAAAC,EACA,eAAAC,CACF,EAA0D,CACxD,MAAMC,EAAW,KAAK,aAAaL,EAAMG,CAAS,EAClD,SAAO,wBAAqB,CAC1B,OAAQ,KAAK,gBAAgBD,EAAQG,EAAS,MAAM,EACpD,SAAU,cAAY,SAASA,CAAQ,EACvC,UAAW,KAAK,mBAAmBD,CAAc,CACnD,CAAC,EACE,MAAOE,GACN,cAAY,WAAW,KAAK,aAAaJ,EAAQI,CAAc,CAAC,CAClE,EACC,MAAOC,GAAU,CAChB,OAAQJ,EAAU,KAAM,CACtB,IAAK,SACH,OAAOL,EAAe,eAAeC,EAAcQ,EAAON,CAAG,EAC/D,IAAK,YACH,OAAOH,EAAe,YAAYC,EAAcC,EAAMO,EAAON,CAAG,CACpE,CACF,CAAC,CACL,CAEA,gBACEC,EACAM,EAC4C,CAC5C,OAAO,cAAY,YAAY,SAAY,CACzC,MAAMC,EAAS,WAAW,KACxB,CACE,CAAC,cAAY,IAAK,EAAG,CAAC,EACtB,CAAC,cAAY,KAAMP,EAAO,OAAQ,GAAGA,CAAM,EAC3C,CACE,cAAY,UACZnB,EAAmB,OACnB,GAAGA,CACL,EACA,CAAC,cAAY,IAAK,EAAGyB,CAAY,CACnC,EAAE,KAAK,CACT,EACA,GAAI,CACF,MAAME,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,yBAAuB,CAAE,OAAAD,CAAO,CAAC,CACvC,EACA,GAAIC,EAAS,SAAW,sBAAoB,QAC1C,SAAO,QAAKA,EAAS,KAAK,EAE5B,MAAMC,EAAe,IAAI,oBAAkBD,EAAS,IAAI,EACxD,SAAO,mBAAgB,CACrB,GAAI,IAAMC,EAAa,MAAM,EAC7B,OAAQ,IAAMA,EAAa,UAAU,CACvC,CAAC,CACH,OAASC,EAAO,CACd,SAAO,QAAK,IAAI,iBAAe,OAAOA,CAAK,CAAC,CAAC,CAC/C,CACF,CAAC,CACH,CAEA,mBACER,EAC+C,CAC/C,OAAO,cAAY,YAAY,SAAY,CACzC,GAAI,CACF,MAAMM,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,2BACN,EACA,GAAIA,EAAS,SAAW,sBAAoB,QAC1C,SAAO,QAAKA,EAAS,KAAK,EAE5B,KAAM,CAAE,UAAAG,EAAW,iBAAAC,CAAiB,EAAIJ,EAAS,KAE3CK,EAASX,EAAe,KAAKU,CAAgB,EAAE,MAAM,CAAC,EAC5D,SAAO,SAAM,CAAE,UAAAD,EAAW,OAAAE,CAAO,CAAC,CACpC,OAASH,EAAO,CACd,SAAO,QAAK,IAAI,iBAAe,OAAOA,CAAK,CAAC,CAAC,CAC/C,CACF,CAAC,CACH,CAEA,aACEI,EACAT,EACiD,CACjD,OAAQA,EAAM,KAAM,CAClB,IAAK,SACH,MAAO,CACL,KAAK,kBAAkBS,CAAe,EACtC,KAAK,qBAAqBT,EAAM,IAAI,EACpC,KAAK,sBAAsBA,EAAM,IAAI,CACvC,EACF,IAAK,YACH,MAAO,CACL,KAAK,qBAAqBA,EAAM,IAAI,EACpC,KAAK,sBAAsBA,EAAM,IAAI,CACvC,CACJ,CACF,CAEA,kBAAkBU,EAAqB,CACrC,OAAO,cAAY,YACjB,SAAgE,CAC9D,GAAI,CACF,MAAMP,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,yBAAuB,CAAE,QAAAO,CAAQ,CAAC,CACxC,EACA,OAAIP,EAAS,SAAW,sBAAoB,WACnC,QAAKA,EAAS,KAAK,KAErB,SAAM,IAAI,oBAAkBA,EAAS,IAAI,CAAC,CACnD,OAASE,EAAO,CACd,SAAO,QAAK,IAAI,iBAAe,OAAOA,CAAK,CAAC,CAAC,CAC/C,CACF,CACF,CACF,CAEA,kBAAkBI,EAAyB,CACzC,OAAO,KAAK,kBACV,cAAY,sBAAsB,CAChC,KAAM,cAAY,OAClB,KAAMA,CACR,CAAC,CACH,EAAE,MAAOL,GACP,cAAY,cACV,mBAAgB,CACd,KAAM,cAAY,OAClB,KAAMK,EACN,GAAI,IAAML,EAAa,MAAM,EAC7B,MAAO,IAAMA,EAAa,SAAS,EACnC,mBAAoB,IAAMA,EAAa,sBAAsB,EAC7D,UAAW,IAAMA,EAAa,aAAa,EAC3C,SAAU,IAAMA,EAAa,YAAY,EACzC,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,qBAAqB,CAAE,KAAAO,EAAM,UAAAC,EAAW,YAAAC,CAAY,EAAuB,CACzE,OAAO,KAAK,kBACV,cAAY,sBAAsB,CAChC,KAAM,cAAY,UAClB,KAAAF,EACA,UAAAC,EACA,YAAAC,CACF,CAAC,CACH,EAAE,MAAOT,GACP,cAAY,cACV,mBAAgB,CACd,KAAM,cAAY,UAClB,KAAAO,EACA,UAAAC,EACA,YAAAC,EACA,GAAI,IAAMT,EAAa,MAAM,EAC7B,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,sBAAsB,CAAE,UAAAQ,CAAU,EAA0C,CAC1E,OAAO,KAAK,kBACV,cAAY,sBAAsB,CAChC,KAAM,cAAY,WAClB,UAAWA,CACb,CAAC,CACH,EAAE,MAAOR,GACP,cAAY,cACV,mBAAgB,CACd,KAAM,cAAY,WAClB,UAAWQ,EACX,GAAI,IAAMR,EAAa,MAAM,EAC7B,MAAO,IAAMA,EAAa,SAAS,EACnC,mBAAoB,IAAMA,EAAa,sBAAsB,EAC7D,UAAW,IAAMA,EAAa,aAAa,EAC3C,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,aACET,EACA,CAAE,OAAAO,EAAQ,SAAAJ,EAAU,UAAAQ,CAAU,EACK,CACnC,MAAMQ,EAAkB,cAAY,QAClCR,EAAU,OACVJ,EAAO,GACPA,EAAO,MACT,EACA,OAAO,SAAO,SACZJ,EAAS,IAAKY,GAAY,KAAK,eAAeJ,EAAU,OAAQI,CAAO,CAAC,CAC1E,EAAE,IAAKK,GACL,YAAU,SAAS,CACjB,UAAQ,sBAAmBpB,CAAM,EACjC,OAAQmB,EACR,SAAUC,EACV,UAAWT,EAAU,SACvB,CAAC,CACH,CACF,CAEA,eACEE,EACAE,EACqC,CACrC,OAAQA,EAAQ,KAAM,CACpB,KAAK,cAAY,OACjB,KAAK,cAAY,WAAY,CAC3B,MAAMM,EAAiB,cAAY,QACjCR,EACAE,EAAQ,GACRA,EAAQ,KACV,EACA,SAAO,SACL,cAAY,SAAS,CACnB,GAAGA,EACH,qBAAsBA,EAAQ,UAC9B,eAAAM,CACF,CAAC,CACH,CACF,CACA,KAAK,cAAY,UACf,SAAO,SAAM,cAAY,SAAS,CAAE,GAAGN,CAAQ,CAAC,CAAC,EACnD,QACE,SAAO,QAAK,IAAI,iBAAe,0BAA0B,CAAC,CAC9D,CACF,CACF",
+  "names": ["SignBlockTask_exports", "__export", "ISSUER_PLACEHOLDER", "SignBlockTask", "__toCommonJS", "import_device_management_kit", "import_purify_ts", "import_SignBlockHeader", "import_SignBlockSignatureCommand", "import_SignBlockSingleCommand", "import_crypto", "import_eitherSeqRecord", "import_LKRPBlock", "import_LKRPCommand", "import_TLVTags", "import_TrustedProperties", "api", "lkrpDataSource", "trustchainId", "path", "jwt", "parent", "blockFlow", "sessionKeypair", "commands", "encryptedBlock", "block", "commandCount", "header", "response", "trustedProps", "error", "signature", "deviceSessionKey", "secret", "applicationPath", "command", "name", "publicKey", "permissions", "decryptedIssuer", "decryptedCommands", "encryptedXpriv"]
+}

package/lib/cjs/internal/app-binder/task/SignChallengeWithDeviceTask.js

@@ -0,0 +1,2 @@
+"use strict";var i=Object.defineProperty;var p=Object.getOwnPropertyDescriptor;var c=Object.getOwnPropertyNames;var d=Object.prototype.hasOwnProperty;var u=(e,t)=>{for(var r in t)i(e,r,{get:t[r],enumerable:!0})},h=(e,t,r,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let a of c(t))!d.call(e,a)&&a!==r&&i(e,a,{get:()=>t[a],enumerable:!(n=p(t,a))||n.enumerable});return e};var y=e=>h(i({},"__esModule",{value:!0}),e);var C={};u(C,{SignChallengeWithDeviceTask:()=>g});module.exports=y(C);var s=require("@ledgerhq/device-management-kit"),o=require("purify-ts"),m=require("../../app-binder/command/GetSeedIdCommand");class g{constructor(t){this.api=t}async run(t){const r=await this.api.sendCommand(new m.GetSeedIdCommand({challengeTLV:t.tlv}));if(r.status!==s.CommandResultStatus.Success)return(0,o.Left)(r.error);const{credential:n,signature:a,attestation:l}=r.data;return(0,o.Right)({challenge:t.json,signature:{credential:n,signature:a,attestation:l}})}}0&&(module.exports={SignChallengeWithDeviceTask});
+//# sourceMappingURL=SignChallengeWithDeviceTask.js.map

package/lib/cjs/internal/app-binder/task/SignChallengeWithDeviceTask.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/task/SignChallengeWithDeviceTask.ts"],
+  "sourcesContent": ["import {\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, Left, Right } from \"purify-ts\";\n\nimport { GetSeedIdCommand } from \"@internal/app-binder/command/GetSeedIdCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport {\n  type AuthenticationPayload,\n  type Challenge,\n} from \"@internal/lkrp-datasource/data/LKRPDataSource\";\n\nexport class SignChallengeWithDeviceTask {\n  constructor(private readonly api: InternalApi) {}\n\n  async run(\n    challenge: Challenge,\n  ): Promise<Either<LKRPDeviceCommandError, AuthenticationPayload>> {\n    const response = await this.api.sendCommand(\n      new GetSeedIdCommand({ challengeTLV: challenge.tlv }),\n    );\n\n    if (response.status !== CommandResultStatus.Success) {\n      return Left(response.error);\n    }\n\n    const { credential, signature, attestation } = response.data;\n    return Right({\n      challenge: challenge.json,\n      signature: { credential, signature, attestation },\n    });\n  }\n}\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,iCAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAGO,2CACPC,EAAyC,qBAEzCC,EAAiC,yDAO1B,MAAMJ,CAA4B,CACvC,YAA6BK,EAAkB,CAAlB,SAAAA,CAAmB,CAEhD,MAAM,IACJC,EACgE,CAChE,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI,mBAAiB,CAAE,aAAcD,EAAU,GAAI,CAAC,CACtD,EAEA,GAAIC,EAAS,SAAW,sBAAoB,QAC1C,SAAO,QAAKA,EAAS,KAAK,EAG5B,KAAM,CAAE,WAAAC,EAAY,UAAAC,EAAW,YAAAC,CAAY,EAAIH,EAAS,KACxD,SAAO,SAAM,CACX,UAAWD,EAAU,KACrB,UAAW,CAAE,WAAAE,EAAY,UAAAC,EAAW,YAAAC,CAAY,CAClD,CAAC,CACH,CACF",
+  "names": ["SignChallengeWithDeviceTask_exports", "__export", "SignChallengeWithDeviceTask", "__toCommonJS", "import_device_management_kit", "import_purify_ts", "import_GetSeedIdCommand", "api", "challenge", "response", "credential", "signature", "attestation"]
+}

package/lib/cjs/internal/app-binder/task/SignChallengeWithKeypairTask.js

@@ -0,0 +1,2 @@
+"use strict";var p=Object.defineProperty;var m=Object.getOwnPropertyDescriptor;var x=Object.getOwnPropertyNames;var u=Object.prototype.hasOwnProperty;var d=(a,t)=>{for(var n in t)p(a,n,{get:t[n],enumerable:!0})},E=(a,t,n,i)=>{if(t&&typeof t=="object"||typeof t=="function")for(let e of x(t))!u.call(a,e)&&e!==n&&p(a,e,{get:()=>t[e],enumerable:!(i=m(t,e))||i.enumerable});return a};var v=a=>E(p({},"__esModule",{value:!0}),a);var C={};d(C,{SignChallengeWithKeypairTask:()=>A});module.exports=v(C);var g=require("@ledgerhq/device-management-kit"),o=require("purify-ts"),s=require("../../../api/app-binder/Errors"),h=require("../../utils/crypto"),y=require("../../utils/eitherSeqRecord"),l=require("../../utils/hex");class A{constructor(t,n){this.keypair=t;this.trustchainId=n}run(t){const n=this.getAttestation(),i=this.getCredential(this.keypair.pubKeyToHex());return o.EitherAsync.liftEither(this.getUnsignedChallengeTLV(t.tlv)).map(h.CryptoUtils.hash).map(e=>this.keypair.sign(e)).map(l.bytesToHex).map(e=>({challenge:t.json,signature:{attestation:n,credential:i,signature:e}})).mapLeft(e=>e instanceof s.LKRPMissingDataError?e:new g.UnknownDAError(String(e)))}getAttestation(){const t=new TextEncoder().encode(this.trustchainId),n=Uint8Array.from([2,t.length,...t]);return(0,l.bytesToHex)(n)}getCredential(t){return{version:0,curveId:33,signAlgorithm:1,publicKey:t}}getUnsignedChallengeTLV(t){const n=new g.ByteArrayParser((0,l.hexToBytes)(t)),i=new Map(function*(){for(;;){const r=n.extractFieldTLVEncoded();if(!r)break;yield[r.tag,r.value]}}());if(i.size>10)return(0,o.Left)(new s.LKRPMissingDataError("Challenge TLV contains unexpected data"));const e=(r,c)=>o.Maybe.fromNullable(i.get(r)).toEither(new s.LKRPMissingDataError(`Missing ${c} field`));return(0,y.eitherSeqRecord)({payloadType:()=>e(1,"Payload type"),version:()=>e(2,"Version"),challengeExpiry:()=>e(22,"Challenge expiry"),host:()=>e(32,"Host"),protocolVersion:()=>e(96,"Protocol version"),curveId:()=>e(50,"Curve ID"),publicKey:()=>e(51,"Public key"),challengeData:()=>e(18,"Challenge data"),signAlgorithm:()=>e(20,"Sign algorithm"),rpSignatureField:()=>e(21,"RP signature field")}).map(r=>Uint8Array.from([[1,r.payloadType.length,...r.payloadType],[2,r.version.length,...r.version],[18,r.challengeData.length,...r.challengeData],[22,r.challengeExpiry.length,...r.challengeExpiry],[32,r.host.length,...r.host],[96,r.protocolVersion.length,...r.protocolVersion]].flat()))}}0&&(module.exports={SignChallengeWithKeypairTask});
+//# sourceMappingURL=SignChallengeWithKeypairTask.js.map

package/lib/cjs/internal/app-binder/task/SignChallengeWithKeypairTask.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/task/SignChallengeWithKeypairTask.ts"],
+  "sourcesContent": ["import {\n  ByteArrayParser,\n  UnknownDAError,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Maybe } from \"purify-ts\";\n\nimport { LKRPMissingDataError } from \"@api/app-binder/Errors\";\nimport { type Keypair } from \"@api/app-binder/LKRPTypes\";\nimport {\n  type AuthenticationPayload,\n  type Challenge,\n} from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { CryptoUtils } from \"@internal/utils/crypto\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { bytesToHex, hexToBytes } from \"@internal/utils/hex\";\n\nexport class SignChallengeWithKeypairTask {\n  constructor(\n    private readonly keypair: Keypair,\n    private readonly trustchainId: string,\n  ) {}\n\n  run(\n    challenge: Challenge,\n  ): EitherAsync<LKRPMissingDataError | UnknownDAError, AuthenticationPayload> {\n    const attestation = this.getAttestation();\n    const credential = this.getCredential(this.keypair.pubKeyToHex());\n\n    return EitherAsync.liftEither(this.getUnsignedChallengeTLV(challenge.tlv))\n      .map(CryptoUtils.hash)\n      .map((hash) => this.keypair.sign(hash))\n      .map(bytesToHex)\n      .map((signature) => ({\n        challenge: challenge.json,\n        signature: { attestation, credential, signature },\n      }))\n      .mapLeft((error) =>\n        error instanceof LKRPMissingDataError\n          ? error\n          : new UnknownDAError(String(error)),\n      );\n  }\n\n  // Spec https://ledgerhq.atlassian.net/wiki/spaces/TA/pages/4335960138/ARCH+LedgerLive+Auth+specifications\n  private getAttestation() {\n    const bytes = new TextEncoder().encode(this.trustchainId);\n    const attestation = Uint8Array.from([0x02, bytes.length, ...bytes]);\n    return bytesToHex(attestation);\n  }\n\n  private getCredential(publicKey: string) {\n    return { version: 0, curveId: 33, signAlgorithm: 1, publicKey };\n  }\n\n  private getUnsignedChallengeTLV(\n    tlv: string,\n  ): Either<LKRPMissingDataError, Uint8Array> {\n    const parser = new ByteArrayParser(hexToBytes(tlv));\n    const parsed = new Map(\n      (function* () {\n        while (true) {\n          const field = parser.extractFieldTLVEncoded();\n          if (!field) break; // No more fields to extract\n          yield [field.tag, field.value];\n        }\n      })(),\n    );\n\n    // We expect 10 fields in the TLV\n    if (parsed.size > 10) {\n      return Left(\n        new LKRPMissingDataError(\"Challenge TLV contains unexpected data\"),\n      );\n    }\n\n    const getField = (tag: number, fieldName: string) =>\n      Maybe.fromNullable(parsed.get(tag)).toEither(\n        new LKRPMissingDataError(`Missing ${fieldName} field`),\n      );\n\n    return eitherSeqRecord({\n      // Unsigned fields\n      payloadType: () => getField(0x01, \"Payload type\"),\n      version: () => getField(0x02, \"Version\"),\n      challengeExpiry: () => getField(0x16, \"Challenge expiry\"),\n      host: () => getField(0x20, \"Host\"),\n      protocolVersion: () => getField(0x60, \"Protocol version\"),\n\n      // Signed fields\n      curveId: () => getField(0x32, \"Curve ID\"),\n      publicKey: () => getField(0x33, \"Public key\"),\n      challengeData: () => getField(0x12, \"Challenge data\"),\n      signAlgorithm: () => getField(0x14, \"Sign algorithm\"),\n      rpSignatureField: () => getField(0x15, \"RP signature field\"),\n    }).map((fields) =>\n      Uint8Array.from(\n        [\n          [0x01, fields.payloadType.length, ...fields.payloadType],\n          [0x02, fields.version.length, ...fields.version],\n          [0x12, fields.challengeData.length, ...fields.challengeData],\n          [0x16, fields.challengeExpiry.length, ...fields.challengeExpiry],\n          [0x20, fields.host.length, ...fields.host],\n          [0x60, fields.protocolVersion.length, ...fields.protocolVersion],\n        ].flat(),\n      ),\n    );\n  }\n}\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,kCAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAGO,2CACPC,EAAsD,qBAEtDC,EAAqC,kCAMrCC,EAA4B,kCAC5BC,EAAgC,2CAChCC,EAAuC,+BAEhC,MAAMP,CAA6B,CACxC,YACmBQ,EACAC,EACjB,CAFiB,aAAAD,EACA,kBAAAC,CAChB,CAEH,IACEC,EAC2E,CAC3E,MAAMC,EAAc,KAAK,eAAe,EAClCC,EAAa,KAAK,cAAc,KAAK,QAAQ,YAAY,CAAC,EAEhE,OAAO,cAAY,WAAW,KAAK,wBAAwBF,EAAU,GAAG,CAAC,EACtE,IAAI,cAAY,IAAI,EACpB,IAAKG,GAAS,KAAK,QAAQ,KAAKA,CAAI,CAAC,EACrC,IAAI,YAAU,EACd,IAAKC,IAAe,CACnB,UAAWJ,EAAU,KACrB,UAAW,CAAE,YAAAC,EAAa,WAAAC,EAAY,UAAAE,CAAU,CAClD,EAAE,EACD,QAASC,GACRA,aAAiB,uBACbA,EACA,IAAI,iBAAe,OAAOA,CAAK,CAAC,CACtC,CACJ,CAGQ,gBAAiB,CACvB,MAAMC,EAAQ,IAAI,YAAY,EAAE,OAAO,KAAK,YAAY,EAClDL,EAAc,WAAW,KAAK,CAAC,EAAMK,EAAM,OAAQ,GAAGA,CAAK,CAAC,EAClE,SAAO,cAAWL,CAAW,CAC/B,CAEQ,cAAcM,EAAmB,CACvC,MAAO,CAAE,QAAS,EAAG,QAAS,GAAI,cAAe,EAAG,UAAAA,CAAU,CAChE,CAEQ,wBACNC,EAC0C,CAC1C,MAAMC,EAAS,IAAI,qBAAgB,cAAWD,CAAG,CAAC,EAC5CE,EAAS,IAAI,IAChB,WAAa,CACZ,OAAa,CACX,MAAMC,EAAQF,EAAO,uBAAuB,EAC5C,GAAI,CAACE,EAAO,MACZ,KAAM,CAACA,EAAM,IAAKA,EAAM,KAAK,CAC/B,CACF,EAAG,CACL,EAGA,GAAID,EAAO,KAAO,GAChB,SAAO,QACL,IAAI,uBAAqB,wCAAwC,CACnE,EAGF,MAAME,EAAW,CAACC,EAAaC,IAC7B,QAAM,aAAaJ,EAAO,IAAIG,CAAG,CAAC,EAAE,SAClC,IAAI,uBAAqB,WAAWC,CAAS,QAAQ,CACvD,EAEF,SAAO,mBAAgB,CAErB,YAAa,IAAMF,EAAS,EAAM,cAAc,EAChD,QAAS,IAAMA,EAAS,EAAM,SAAS,EACvC,gBAAiB,IAAMA,EAAS,GAAM,kBAAkB,EACxD,KAAM,IAAMA,EAAS,GAAM,MAAM,EACjC,gBAAiB,IAAMA,EAAS,GAAM,kBAAkB,EAGxD,QAAS,IAAMA,EAAS,GAAM,UAAU,EACxC,UAAW,IAAMA,EAAS,GAAM,YAAY,EAC5C,cAAe,IAAMA,EAAS,GAAM,gBAAgB,EACpD,cAAe,IAAMA,EAAS,GAAM,gBAAgB,EACpD,iBAAkB,IAAMA,EAAS,GAAM,oBAAoB,CAC7D,CAAC,EAAE,IAAKG,GACN,WAAW,KACT,CACE,CAAC,EAAMA,EAAO,YAAY,OAAQ,GAAGA,EAAO,WAAW,EACvD,CAAC,EAAMA,EAAO,QAAQ,OAAQ,GAAGA,EAAO,OAAO,EAC/C,CAAC,GAAMA,EAAO,cAAc,OAAQ,GAAGA,EAAO,aAAa,EAC3D,CAAC,GAAMA,EAAO,gBAAgB,OAAQ,GAAGA,EAAO,eAAe,EAC/D,CAAC,GAAMA,EAAO,KAAK,OAAQ,GAAGA,EAAO,IAAI,EACzC,CAAC,GAAMA,EAAO,gBAAgB,OAAQ,GAAGA,EAAO,eAAe,CACjE,EAAE,KAAK,CACT,CACF,CACF,CACF",
+  "names": ["SignChallengeWithKeypairTask_exports", "__export", "SignChallengeWithKeypairTask", "__toCommonJS", "import_device_management_kit", "import_purify_ts", "import_Errors", "import_crypto", "import_eitherSeqRecord", "import_hex", "keypair", "trustchainId", "challenge", "attestation", "credential", "hash", "signature", "error", "bytes", "publicKey", "tlv", "parser", "parsed", "field", "getField", "tag", "fieldName", "fields"]
+}

package/lib/cjs/internal/app-binder/task/SignChallengeWithKeypairTask.test.js

@@ -0,0 +1,2 @@
+"use strict";var r=require("../../../api/app-binder/Errors"),s=require("../../../api/app-binder/KeypairFromBytes"),f=require("../../utils/hex"),d=require("./SignChallengeWithKeypairTask");describe("SignChallengeWithKeypairTask",()=>{it("should sign a challenge with a keypair",async()=>{const{challenge:e,keypair:a,trustchainId:c}=i(),n=await new d.SignChallengeWithKeypairTask(a,c).run(e).run();expect(n.isRight()).toBe(!0),n.ifRight(t=>{expect(t.challenge).toBe(e.json),expect(t.signature.credential).toEqual({version:0,curveId:33,signAlgorithm:1,publicKey:a.pubKeyToHex()}),expect(t.signature.attestation).toBe("0242303062373538386231393136633036373635343632656266343530363734346665323565643164623831393635326532646562613732313338393738396364633337"),expect(t.signature.signature).toBe("3045022100e9fead4e341f4e145f8888d7897184ff585e23c832a4c7acd15b5a2e53c58d2902204c58596d039960ab9b56ba4f9d27dbc5e647dbe779089e5e7e608501c5270049")})}),it("should handle invalid challenge",async()=>{const{challenge:e,keypair:a,trustchainId:c}=i({tlv:"invalid-tlv"});(await new d.SignChallengeWithKeypairTask(a,c).run(e).run()).ifLeft(t=>expect(t).toBeInstanceOf(r.LKRPMissingDataError))})});function i({privateKey:e="b21ef366414b1aaba29b9576b7c1a661d663cfd8b4f998257dddbf7dc60d315d",trustchainId:a="00b7588b1916c06765462ebf4506744fe25ed1db819652e2deba721389789cdc37",tlv:c="0101070201001210bb1ea0c98526e1ea2deb7c7537f2989514010115473045022038632e8fa245483f0ecdbaa4ca0d455a03e7510da269d2089fed0d5cfa69d3d6022100c2f938d60bf1c34e96a2d332822a86059d90ec26ea222189cd9731834a5c151216046878ab74202b7472757374636861696e2d6261636b656e642e6170692e6177732e7374672e6c64672d746563682e636f6d320121332103cb7628e7248ddf9c07da54b979f16bf081fb3d173aac0992ad2a44ef6a388ae2600401000000"}={}){return{challenge:{tlv:c,json:{}},keypair:new s.KeypairFromBytes((0,f.hexToBytes)(e)),trustchainId:a}}
+//# sourceMappingURL=SignChallengeWithKeypairTask.test.js.map

package/lib/cjs/internal/app-binder/task/SignChallengeWithKeypairTask.test.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/task/SignChallengeWithKeypairTask.test.ts"],
+  "sourcesContent": ["import { LKRPMissingDataError } from \"@api/app-binder/Errors\";\nimport { KeypairFromBytes } from \"@api/app-binder/KeypairFromBytes\";\nimport { type Challenge } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { hexToBytes } from \"@internal/utils/hex\";\n\nimport { SignChallengeWithKeypairTask } from \"./SignChallengeWithKeypairTask\";\n\ndescribe(\"SignChallengeWithKeypairTask\", () => {\n  it(\"should sign a challenge with a keypair\", async () => {\n    // GIVEN\n    const { challenge, keypair, trustchainId } = getParameters();\n\n    // WHEN\n    const task = new SignChallengeWithKeypairTask(keypair, trustchainId);\n    const result = await task.run(challenge).run();\n\n    // THEN\n    expect(result.isRight()).toBe(true);\n    result.ifRight((payload) => {\n      expect(payload.challenge).toBe(challenge.json);\n      expect(payload.signature.credential).toEqual({\n        version: 0,\n        curveId: 33,\n        signAlgorithm: 1,\n        publicKey: keypair.pubKeyToHex(),\n      });\n      expect(payload.signature.attestation).toBe(\n        \"0242303062373538386231393136633036373635343632656266343530363734346665323565643164623831393635326532646562613732313338393738396364633337\",\n      );\n      expect(payload.signature.signature).toBe(\n        \"3045022100e9fead4e341f4e145f8888d7897184ff585e23c832a4c7acd15b5a2e53c58d2902204c58596d039960ab9b56ba4f9d27dbc5e647dbe779089e5e7e608501c5270049\",\n      );\n    });\n  });\n\n  it(\"should handle invalid challenge\", async () => {\n    // GIVEN\n    const { challenge, keypair, trustchainId } = getParameters({\n      tlv: \"invalid-tlv\", // Invalid TLV\n    });\n\n    // WHEN\n    const task = new SignChallengeWithKeypairTask(keypair, trustchainId);\n    const result = await task.run(challenge).run();\n\n    // THEN\n    result.ifLeft((error) =>\n      expect(error).toBeInstanceOf(LKRPMissingDataError),\n    );\n  });\n});\n\nfunction getParameters({\n  privateKey = \"b21ef366414b1aaba29b9576b7c1a661d663cfd8b4f998257dddbf7dc60d315d\",\n  trustchainId = \"00b7588b1916c06765462ebf4506744fe25ed1db819652e2deba721389789cdc37\",\n  tlv = \"0101070201001210bb1ea0c98526e1ea2deb7c7537f2989514010115473045022038632e8fa245483f0ecdbaa4ca0d455a03e7510da269d2089fed0d5cfa69d3d6022100c2f938d60bf1c34e96a2d332822a86059d90ec26ea222189cd9731834a5c151216046878ab74202b7472757374636861696e2d6261636b656e642e6170692e6177732e7374672e6c64672d746563682e636f6d320121332103cb7628e7248ddf9c07da54b979f16bf081fb3d173aac0992ad2a44ef6a388ae2600401000000\",\n} = {}) {\n  return {\n    challenge: { tlv, json: {} as Challenge[\"json\"] },\n    keypair: new KeypairFromBytes(hexToBytes(privateKey)),\n    trustchainId,\n  };\n}\n"],
+  "mappings": "aAAA,IAAAA,EAAqC,kCACrCC,EAAiC,4CAEjCC,EAA2B,+BAE3BC,EAA6C,0CAE7C,SAAS,+BAAgC,IAAM,CAC7C,GAAG,yCAA0C,SAAY,CAEvD,KAAM,CAAE,UAAAC,EAAW,QAAAC,EAAS,aAAAC,CAAa,EAAIC,EAAc,EAIrDC,EAAS,MADF,IAAI,+BAA6BH,EAASC,CAAY,EACzC,IAAIF,CAAS,EAAE,IAAI,EAG7C,OAAOI,EAAO,QAAQ,CAAC,EAAE,KAAK,EAAI,EAClCA,EAAO,QAASC,GAAY,CAC1B,OAAOA,EAAQ,SAAS,EAAE,KAAKL,EAAU,IAAI,EAC7C,OAAOK,EAAQ,UAAU,UAAU,EAAE,QAAQ,CAC3C,QAAS,EACT,QAAS,GACT,cAAe,EACf,UAAWJ,EAAQ,YAAY,CACjC,CAAC,EACD,OAAOI,EAAQ,UAAU,WAAW,EAAE,KACpC,0IACF,EACA,OAAOA,EAAQ,UAAU,SAAS,EAAE,KAClC,gJACF,CACF,CAAC,CACH,CAAC,EAED,GAAG,kCAAmC,SAAY,CAEhD,KAAM,CAAE,UAAAL,EAAW,QAAAC,EAAS,aAAAC,CAAa,EAAIC,EAAc,CACzD,IAAK,aACP,CAAC,GAIc,MADF,IAAI,+BAA6BF,EAASC,CAAY,EACzC,IAAIF,CAAS,EAAE,IAAI,GAGtC,OAAQM,GACb,OAAOA,CAAK,EAAE,eAAe,sBAAoB,CACnD,CACF,CAAC,CACH,CAAC,EAED,SAASH,EAAc,CACrB,WAAAI,EAAa,mEACb,aAAAL,EAAe,qEACf,IAAAM,EAAM,wYACR,EAAI,CAAC,EAAG,CACN,MAAO,CACL,UAAW,CAAE,IAAAA,EAAK,KAAM,CAAC,CAAuB,EAChD,QAAS,IAAI,sBAAiB,cAAWD,CAAU,CAAC,EACpD,aAAAL,CACF,CACF",
+  "names": ["import_Errors", "import_KeypairFromBytes", "import_hex", "import_SignChallengeWithKeypairTask", "challenge", "keypair", "trustchainId", "getParameters", "result", "payload", "error", "privateKey", "tlv"]
+}

package/lib/cjs/internal/app-binder/task/utils/TrustedProperties.js

@@ -0,0 +1,2 @@
+"use strict";var p=Object.defineProperty;var g=Object.getOwnPropertyDescriptor;var y=Object.getOwnPropertyNames;var c=Object.prototype.hasOwnProperty;var d=(e,r)=>{for(var i in r)p(e,i,{get:r[i],enumerable:!0})},u=(e,r,i,o)=>{if(r&&typeof r=="object"||typeof r=="function")for(let a of y(r))!c.call(e,a)&&a!==i&&p(e,a,{get:()=>r[a],enumerable:!(o=g(r,a))||o.enumerable});return e};var h=e=>u(p({},"__esModule",{value:!0}),e);var m={};d(m,{TrustedProperties:()=>l});module.exports=h(m);var P=require("@ledgerhq/device-management-kit"),t=require("purify-ts"),E=require("../../../../api/app-binder/Errors"),s=require("../../../utils/required"),n=require("../../../utils/TLVTags");class l{constructor(r){this.bytes=r;this.parser=new P.ByteArrayParser(r)}parser;iv=null;encryptedProps=null;getIv(){if(!this.iv){const r=this.parser.extractFieldTLVEncoded();if(!r||r.tag!==0)return(0,t.Left)(new E.LKRPParsingError("Invalid trusted property: missing IV"));this.iv=r.value}return(0,t.Right)(this.iv)}getIssuer(){return this.parseEncryptedProps().chain(r=>(0,s.required)(r.get(n.TPTags.ISSUER)?.value,"Missing issuer in trusted properties"))}getXPriv(){return this.parseEncryptedProps().chain(r=>(0,s.required)(r.get(n.TPTags.XPRIV)?.value,"Missing xpriv in trusted properties"))}getEphemeralPublicKey(){return this.parseEncryptedProps().chain(r=>(0,s.required)(r.get(n.TPTags.EPHEMERAL_PUBLIC_KEY)?.value,"Missing ephemeral public key in trusted properties"))}getCommandIv(){return this.parseEncryptedProps().chain(r=>(0,s.required)(r.get(n.TPTags.COMMAND_IV)?.value,"Missing command IV in trusted properties"))}getGroupKey(){return this.parseEncryptedProps().chain(r=>(0,s.required)(r.get(n.TPTags.GROUPKEY)?.value,"Missing group key in trusted properties"))}getNewMember(){return this.parseEncryptedProps().chain(r=>(0,s.required)(r.get(n.TPTags.NEW_MEMBER)?.tlv,"Missing new member in trusted properties"))}parseEncryptedProps(){return this.encryptedProps?(0,t.Right)(this.encryptedProps):this.getIv().chain(()=>t.Either.sequence(Array.from(R(this.parser)))).map(r=>new Map(r.map(i=>[i.tag,i]))).ifRight(r=>{this.encryptedProps=r})}}function*R(e){for(;;){const r=e.extractFieldTLVEncoded();if(!r)return;yield(0,t.Right)(r)}}0&&(module.exports={TrustedProperties});
+//# sourceMappingURL=TrustedProperties.js.map

package/lib/cjs/internal/app-binder/task/utils/TrustedProperties.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../src/internal/app-binder/task/utils/TrustedProperties.ts"],
+  "sourcesContent": ["import { ByteArrayParser } from \"@ledgerhq/device-management-kit\";\nimport { Either, Left, Right } from \"purify-ts\";\n\nimport {\n  type LKRPMissingDataError,\n  LKRPParsingError,\n} from \"@api/app-binder/Errors\";\nimport { required } from \"@internal/utils/required\";\nimport { TPTags } from \"@internal/utils/TLVTags\";\n\ntype EncryptedTPTag = Exclude<TPTags, TPTags.IV>;\ntype EncryptedTP = { tag: EncryptedTPTag; value: Uint8Array; tlv: Uint8Array };\n\nexport class TrustedProperties {\n  private readonly parser: ByteArrayParser;\n  private iv: Uint8Array | null = null;\n  private encryptedProps: Map<EncryptedTPTag, EncryptedTP> | null = null;\n\n  constructor(public readonly bytes: Uint8Array) {\n    this.parser = new ByteArrayParser(bytes);\n  }\n\n  getIv(): Either<LKRPParsingError, Uint8Array> {\n    if (!this.iv) {\n      const field = this.parser.extractFieldTLVEncoded();\n      if (!field || field.tag !== 0x00) {\n        return Left(\n          new LKRPParsingError(\"Invalid trusted property: missing IV\"),\n        );\n      }\n\n      this.iv = field.value;\n    }\n    return Right(this.iv);\n  }\n\n  getIssuer(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.ISSUER)?.value,\n        \"Missing issuer in trusted properties\",\n      ),\n    );\n  }\n\n  getXPriv(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.XPRIV)?.value,\n        \"Missing xpriv in trusted properties\",\n      ),\n    );\n  }\n\n  getEphemeralPublicKey(): Either<\n    LKRPParsingError | LKRPMissingDataError,\n    Uint8Array\n  > {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.EPHEMERAL_PUBLIC_KEY)?.value,\n        \"Missing ephemeral public key in trusted properties\",\n      ),\n    );\n  }\n\n  getCommandIv(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.COMMAND_IV)?.value,\n        \"Missing command IV in trusted properties\",\n      ),\n    );\n  }\n\n  getGroupKey(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.GROUPKEY)?.value,\n        \"Missing group key in trusted properties\",\n      ),\n    );\n  }\n\n  getNewMember(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.NEW_MEMBER)?.tlv,\n        \"Missing new member in trusted properties\",\n      ),\n    );\n  }\n\n  parseEncryptedProps(): Either<\n    LKRPParsingError,\n    Map<EncryptedTPTag, EncryptedTP>\n  > {\n    return this.encryptedProps\n      ? Right(this.encryptedProps)\n      : this.getIv()\n          .chain(() => Either.sequence(Array.from(parseTPs(this.parser))))\n          .map((fields) => new Map(fields.map((field) => [field.tag, field])))\n          .ifRight((props) => {\n            this.encryptedProps = props;\n          });\n  }\n}\n\nfunction* parseTPs(\n  parser: ByteArrayParser,\n): Generator<Either<LKRPParsingError, EncryptedTP>> {\n  while (true) {\n    const field = parser.extractFieldTLVEncoded();\n    if (!field) return;\n    yield Right(field);\n  }\n}\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,uBAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAAgC,2CAChCC,EAAoC,qBAEpCC,EAGO,kCACPC,EAAyB,oCACzBC,EAAuB,mCAKhB,MAAMN,CAAkB,CAK7B,YAA4BO,EAAmB,CAAnB,WAAAA,EAC1B,KAAK,OAAS,IAAI,kBAAgBA,CAAK,CACzC,CANiB,OACT,GAAwB,KACxB,eAA0D,KAMlE,OAA8C,CAC5C,GAAI,CAAC,KAAK,GAAI,CACZ,MAAMC,EAAQ,KAAK,OAAO,uBAAuB,EACjD,GAAI,CAACA,GAASA,EAAM,MAAQ,EAC1B,SAAO,QACL,IAAI,mBAAiB,sCAAsC,CAC7D,EAGF,KAAK,GAAKA,EAAM,KAClB,CACA,SAAO,SAAM,KAAK,EAAE,CACtB,CAEA,WAAyE,CACvE,OAAO,KAAK,oBAAoB,EAAE,MAAOC,MACvC,YACEA,EAAM,IAAI,SAAO,MAAM,GAAG,MAC1B,sCACF,CACF,CACF,CAEA,UAAwE,CACtE,OAAO,KAAK,oBAAoB,EAAE,MAAOA,MACvC,YACEA,EAAM,IAAI,SAAO,KAAK,GAAG,MACzB,qCACF,CACF,CACF,CAEA,uBAGE,CACA,OAAO,KAAK,oBAAoB,EAAE,MAAOA,MACvC,YACEA,EAAM,IAAI,SAAO,oBAAoB,GAAG,MACxC,oDACF,CACF,CACF,CAEA,cAA4E,CAC1E,OAAO,KAAK,oBAAoB,EAAE,MAAOA,MACvC,YACEA,EAAM,IAAI,SAAO,UAAU,GAAG,MAC9B,0CACF,CACF,CACF,CAEA,aAA2E,CACzE,OAAO,KAAK,oBAAoB,EAAE,MAAOA,MACvC,YACEA,EAAM,IAAI,SAAO,QAAQ,GAAG,MAC5B,yCACF,CACF,CACF,CAEA,cAA4E,CAC1E,OAAO,KAAK,oBAAoB,EAAE,MAAOA,MACvC,YACEA,EAAM,IAAI,SAAO,UAAU,GAAG,IAC9B,0CACF,CACF,CACF,CAEA,qBAGE,CACA,OAAO,KAAK,kBACR,SAAM,KAAK,cAAc,EACzB,KAAK,MAAM,EACR,MAAM,IAAM,SAAO,SAAS,MAAM,KAAKC,EAAS,KAAK,MAAM,CAAC,CAAC,CAAC,EAC9D,IAAKC,GAAW,IAAI,IAAIA,EAAO,IAAKH,GAAU,CAACA,EAAM,IAAKA,CAAK,CAAC,CAAC,CAAC,EAClE,QAASC,GAAU,CAClB,KAAK,eAAiBA,CACxB,CAAC,CACT,CACF,CAEA,SAAUC,EACRE,EACkD,CAClD,OAAa,CACX,MAAMJ,EAAQI,EAAO,uBAAuB,EAC5C,GAAI,CAACJ,EAAO,OACZ,QAAM,SAAMA,CAAK,CACnB,CACF",
+  "names": ["TrustedProperties_exports", "__export", "TrustedProperties", "__toCommonJS", "import_device_management_kit", "import_purify_ts", "import_Errors", "import_required", "import_TLVTags", "bytes", "field", "props", "parseTPs", "fields", "parser"]
+}

package/lib/cjs/internal/di.js

@@ -0,0 +1,2 @@
+"use strict";var i=Object.defineProperty;var d=Object.getOwnPropertyDescriptor;var l=Object.getOwnPropertyNames;var u=Object.prototype.hasOwnProperty;var y=(t,e)=>{for(var n in e)i(t,n,{get:e[n],enumerable:!0})},D=(t,e,n,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let o of l(e))!u.call(t,o)&&o!==n&&i(t,o,{get:()=>e[o],enumerable:!(r=d(e,o))||r.enumerable});return t};var M=t=>D(i({},"__esModule",{value:!0}),t);var f={};y(f,{makeContainer:()=>C});module.exports=M(f);var s=require("inversify"),m=require("./app-binder/di/appBinderModule"),p=require("./lkrp-datasource/di/lkrpDatasourceModuleFactory"),c=require("./use-cases/di/useCasesModule"),a=require("./externalTypes");const C=({dmk:t,sessionId:e,baseUrl:n,stub:r})=>{const o=new s.Container;return o.bind(a.externalTypes.Dmk).toConstantValue(t),o.bind(a.externalTypes.SessionId).toConstantValue(e),o.loadSync((0,m.appBindingModuleFactory)(),(0,p.lkrpDatasourceModuleFactory)({baseUrl:n,stub:r}),(0,c.useCasesModuleFactory)()),o};0&&(module.exports={makeContainer});
+//# sourceMappingURL=di.js.map

package/lib/cjs/internal/di.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/internal/di.ts"],
+  "sourcesContent": ["import {\n  type DeviceManagementKit,\n  type DeviceSessionId,\n} from \"@ledgerhq/device-management-kit\";\nimport { Container } from \"inversify\";\n\nimport { appBindingModuleFactory } from \"@internal/app-binder/di/appBinderModule\";\n\nimport { lkrpDatasourceModuleFactory } from \"./lkrp-datasource/di/lkrpDatasourceModuleFactory\";\nimport { useCasesModuleFactory } from \"./use-cases/di/useCasesModule\";\nimport { externalTypes } from \"./externalTypes\";\n\nexport type MakeContainerProps = {\n  dmk: DeviceManagementKit;\n  sessionId: DeviceSessionId;\n  baseUrl?: string; // Optional base URL for the LKRP network requests\n  stub?: boolean;\n};\n\nexport const makeContainer = ({\n  dmk,\n  sessionId,\n  baseUrl,\n  stub,\n}: MakeContainerProps) => {\n  const container = new Container();\n\n  container.bind<DeviceManagementKit>(externalTypes.Dmk).toConstantValue(dmk);\n  container\n    .bind<DeviceSessionId>(externalTypes.SessionId)\n    .toConstantValue(sessionId);\n\n  container.loadSync(\n    appBindingModuleFactory(),\n    lkrpDatasourceModuleFactory({ baseUrl, stub }),\n    useCasesModuleFactory(),\n  );\n\n  return container;\n};\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,mBAAAE,IAAA,eAAAC,EAAAH,GAIA,IAAAI,EAA0B,qBAE1BC,EAAwC,mDAExCC,EAA4C,4DAC5CC,EAAsC,yCACtCC,EAA8B,2BASvB,MAAMN,EAAgB,CAAC,CAC5B,IAAAO,EACA,UAAAC,EACA,QAAAC,EACA,KAAAC,CACF,IAA0B,CACxB,MAAMC,EAAY,IAAI,YAEtB,OAAAA,EAAU,KAA0B,gBAAc,GAAG,EAAE,gBAAgBJ,CAAG,EAC1EI,EACG,KAAsB,gBAAc,SAAS,EAC7C,gBAAgBH,CAAS,EAE5BG,EAAU,YACR,2BAAwB,KACxB,+BAA4B,CAAE,QAAAF,EAAS,KAAAC,CAAK,CAAC,KAC7C,yBAAsB,CACxB,EAEOC,CACT",
+  "names": ["di_exports", "__export", "makeContainer", "__toCommonJS", "import_inversify", "import_appBinderModule", "import_lkrpDatasourceModuleFactory", "import_useCasesModule", "import_externalTypes", "dmk", "sessionId", "baseUrl", "stub", "container"]
+}

package/lib/cjs/internal/externalTypes.js

@@ -0,0 +1,2 @@
+"use strict";var n=Object.defineProperty;var o=Object.getOwnPropertyDescriptor;var a=Object.getOwnPropertyNames;var s=Object.prototype.hasOwnProperty;var m=(e,r)=>{for(var y in r)n(e,y,{get:r[y],enumerable:!0})},p=(e,r,y,i)=>{if(r&&typeof r=="object"||typeof r=="function")for(let t of a(r))!s.call(e,t)&&t!==y&&n(e,t,{get:()=>r[t],enumerable:!(i=o(r,t))||i.enumerable});return e};var A=e=>p(n({},"__esModule",{value:!0}),e);var b={};m(b,{externalTypes:()=>U});module.exports=A(b);const U={Dmk:Symbol.for("Dmk"),SessionId:Symbol.for("SessionId")};0&&(module.exports={externalTypes});
+//# sourceMappingURL=externalTypes.js.map

package/lib/cjs/internal/externalTypes.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/internal/externalTypes.ts"],
+  "sourcesContent": ["export const externalTypes = {\n  Dmk: Symbol.for(\"Dmk\"),\n  SessionId: Symbol.for(\"SessionId\"),\n};\n\nexport type TrustedProperty = {\n  iv: Uint8Array;\n  issuer: Uint8Array;\n  xpriv: Uint8Array;\n  ephemeralPubKey: Uint8Array;\n  commandIV: Uint8Array;\n  groupKey: Uint8Array;\n  newMember: Uint8Array;\n};\n"],
+  "mappings": "yaAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,mBAAAE,IAAA,eAAAC,EAAAH,GAAO,MAAME,EAAgB,CAC3B,IAAK,OAAO,IAAI,KAAK,EACrB,UAAW,OAAO,IAAI,WAAW,CACnC",
+  "names": ["externalTypes_exports", "__export", "externalTypes", "__toCommonJS"]
+}

package/lib/cjs/internal/lkrp-datasource/data/HttpLKRPDataSource.js

@@ -0,0 +1,2 @@
+"use strict";var m=Object.defineProperty;var l=Object.getOwnPropertyDescriptor;var y=Object.getOwnPropertyNames;var R=Object.prototype.hasOwnProperty;var b=(o,t)=>{for(var e in t)m(o,e,{get:t[e],enumerable:!0})},T=(o,t,e,s)=>{if(t&&typeof t=="object"||typeof t=="function")for(let r of y(t))!R.call(o,r)&&r!==e&&m(o,r,{get:()=>t[r],enumerable:!(s=l(t,r))||s.enumerable});return o};var P=o=>T(m({},"__esModule",{value:!0}),o),p=(o,t,e,s)=>{for(var r=s>1?void 0:s?l(t,e):t,i=o.length-1,u;i>=0;i--)(u=o[i])&&(r=(s?u(t,e,r):u(r))||r);return s&&r&&m(t,e,r),r},d=(o,t)=>(e,s)=>t(e,s,o);var $={};b($,{HttpLKRPDataSource:()=>h});module.exports=P($);var c=require("inversify"),n=require("purify-ts"),a=require("../../../api/app-binder/Errors"),f=require("../../lkrp-datasource/di/lkrpDatasourceTypes"),g=require("../../utils/LKRPBlockStream");let h=class{constructor(t){this.baseUrl=t}getChallenge(){return this.request("/challenge",n.Nothing)}authenticate(t){return this.request("/authenticate",n.Nothing,{method:"POST",body:JSON.stringify(t)}).map(e=>({jwt:e,trustchainId:n.Maybe.fromNullable(Object.keys(e.permissions).find(s=>!!e.permissions[s]?.["m/"]))}))}getTrustchainById(t,e){return this.request(`/trustchain/${t}`,(0,n.Just)(e)).map(s=>Object.fromEntries(Object.entries(s).map(([r,i])=>[r,g.LKRPBlockStream.fromHex(i)])))}postDerivation(t,e,s){return this.request(`/trustchain/${t}/derivation`,(0,n.Just)(s),{method:"POST",body:JSON.stringify(e.toString())})}putCommands(t,e,s,r){return this.request(`/trustchain/${t}/commands`,(0,n.Just)(r),{method:"PUT",body:JSON.stringify({path:e,blocks:[s.toString()]})})}request(t,e,s){const r=this.baseUrl+t;return n.EitherAsync.fromPromise(async()=>{const i=await fetch(r,{...s,headers:{...s?.headers,"Content-Type":"application/json",...e.mapOrDefault(({access_token:u})=>({Authorization:`Bearer ${u}`}),{})}});switch(i.status){case 204:return(0,n.Right)(void 0);case 401:throw new a.LKRPUnauthorizedError(`Unauthorized request to ${r}: [${i.status}] ${i.statusText}`);default:if(!i.ok)throw new a.LKRPHttpRequestError(`Failed to fetch ${r}: [${i.status}] ${i.statusText}`);return(0,n.Right)(await i.json())}}).mapLeft(i=>i instanceof a.LKRPHttpRequestError?i:new a.LKRPHttpRequestError(i))}};h=p([(0,c.injectable)(),d(0,(0,c.inject)(f.lkrpDatasourceTypes.BaseUrl))],h);0&&(module.exports={HttpLKRPDataSource});
+//# sourceMappingURL=HttpLKRPDataSource.js.map

package/lib/cjs/internal/lkrp-datasource/data/HttpLKRPDataSource.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/lkrp-datasource/data/HttpLKRPDataSource.ts"],
+  "sourcesContent": ["import { inject, injectable } from \"inversify\";\nimport { EitherAsync, Just, Maybe, Nothing, Right } from \"purify-ts\";\n\nimport {\n  LKRPHttpRequestError,\n  LKRPUnauthorizedError,\n} from \"@api/app-binder/Errors\";\nimport { JWT } from \"@api/app-binder/LKRPTypes\";\nimport { lkrpDatasourceTypes } from \"@internal/lkrp-datasource/di/lkrpDatasourceTypes\";\nimport { LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\n\nimport {\n  AuthenticationPayload,\n  Challenge,\n  LKRPDataSource,\n} from \"./LKRPDataSource\";\n\n@injectable()\nexport class HttpLKRPDataSource implements LKRPDataSource {\n  constructor(\n    @inject(lkrpDatasourceTypes.BaseUrl) private readonly baseUrl: string,\n  ) {}\n\n  getChallenge() {\n    return this.request<Challenge>(\"/challenge\", Nothing);\n  }\n\n  authenticate(payload: AuthenticationPayload) {\n    return this.request<JWT>(\"/authenticate\", Nothing, {\n      method: \"POST\",\n      body: JSON.stringify(payload),\n    }).map((jwt) => ({\n      jwt,\n      trustchainId: Maybe.fromNullable(\n        Object.keys(jwt.permissions).find((id) =>\n          Boolean(jwt.permissions[id]?.[\"m/\"]),\n        ),\n      ),\n    }));\n  }\n\n  getTrustchainById(id: string, jwt: JWT) {\n    return this.request<{ [path: string]: string }>(\n      `/trustchain/${id}`,\n      Just(jwt),\n    ).map((serialized) =>\n      Object.fromEntries(\n        Object.entries(serialized).map(([path, stream]) => [\n          path,\n          LKRPBlockStream.fromHex(stream),\n        ]),\n      ),\n    );\n  }\n\n  postDerivation(id: string, block: LKRPBlock, jwt: JWT) {\n    return this.request<void>(`/trustchain/${id}/derivation`, Just(jwt), {\n      method: \"POST\",\n      body: JSON.stringify(block.toString()),\n    });\n  }\n\n  putCommands(id: string, path: string, block: LKRPBlock, jwt: JWT) {\n    return this.request<void>(`/trustchain/${id}/commands`, Just(jwt), {\n      method: \"PUT\",\n      body: JSON.stringify({ path, blocks: [block.toString()] }),\n    });\n  }\n\n  private request<Res>(\n    endpoint: `/${string}`,\n    jwt: Maybe<{ access_token: string }>,\n    init?: RequestInit,\n  ): EitherAsync<LKRPHttpRequestError, Res> {\n    const href = this.baseUrl + endpoint;\n\n    return EitherAsync.fromPromise(async () => {\n      const response = await fetch(href, {\n        ...init,\n        headers: {\n          ...init?.headers,\n          \"Content-Type\": \"application/json\",\n          ...jwt.mapOrDefault<{ Authorization?: string }>(\n            ({ access_token }) => ({ Authorization: `Bearer ${access_token}` }),\n            {},\n          ),\n        },\n      });\n      switch (response.status) {\n        case 204:\n          return Right(undefined as Res);\n\n        case 401:\n          throw new LKRPUnauthorizedError(\n            `Unauthorized request to ${href}: [${response.status}] ${response.statusText}`,\n          );\n\n        default:\n          if (!response.ok) {\n            throw new LKRPHttpRequestError(\n              `Failed to fetch ${href}: [${response.status}] ${response.statusText}`,\n            );\n          }\n          return Right((await response.json()) as Res);\n      }\n    }).mapLeft((error: unknown) =>\n      error instanceof LKRPHttpRequestError\n        ? error\n        : new LKRPHttpRequestError(error),\n    );\n  }\n}\n"],
+  "mappings": "okBAAA,IAAAA,EAAA,GAAAC,EAAAD,EAAA,wBAAAE,IAAA,eAAAC,EAAAH,GAAA,IAAAI,EAAmC,qBACnCC,EAAyD,qBAEzDC,EAGO,kCAEPC,EAAoC,4DAEpCC,EAAgC,2CASzB,IAAMC,EAAN,KAAmD,CACxD,YACwDC,EACtD,CADsD,aAAAA,CACrD,CAEH,cAAe,CACb,OAAO,KAAK,QAAmB,aAAc,SAAO,CACtD,CAEA,aAAaC,EAAgC,CAC3C,OAAO,KAAK,QAAa,gBAAiB,UAAS,CACjD,OAAQ,OACR,KAAM,KAAK,UAAUA,CAAO,CAC9B,CAAC,EAAE,IAAKC,IAAS,CACf,IAAAA,EACA,aAAc,QAAM,aAClB,OAAO,KAAKA,EAAI,WAAW,EAAE,KAAMC,GACjC,EAAQD,EAAI,YAAYC,CAAE,IAAI,IAAI,CACpC,CACF,CACF,EAAE,CACJ,CAEA,kBAAkBA,EAAYD,EAAU,CACtC,OAAO,KAAK,QACV,eAAeC,CAAE,MACjB,QAAKD,CAAG,CACV,EAAE,IAAKE,GACL,OAAO,YACL,OAAO,QAAQA,CAAU,EAAE,IAAI,CAAC,CAACC,EAAMC,CAAM,IAAM,CACjDD,EACA,kBAAgB,QAAQC,CAAM,CAChC,CAAC,CACH,CACF,CACF,CAEA,eAAeH,EAAYI,EAAkBL,EAAU,CACrD,OAAO,KAAK,QAAc,eAAeC,CAAE,iBAAe,QAAKD,CAAG,EAAG,CACnE,OAAQ,OACR,KAAM,KAAK,UAAUK,EAAM,SAAS,CAAC,CACvC,CAAC,CACH,CAEA,YAAYJ,EAAYE,EAAcE,EAAkBL,EAAU,CAChE,OAAO,KAAK,QAAc,eAAeC,CAAE,eAAa,QAAKD,CAAG,EAAG,CACjE,OAAQ,MACR,KAAM,KAAK,UAAU,CAAE,KAAAG,EAAM,OAAQ,CAACE,EAAM,SAAS,CAAC,CAAE,CAAC,CAC3D,CAAC,CACH,CAEQ,QACNC,EACAN,EACAO,EACwC,CACxC,MAAMC,EAAO,KAAK,QAAUF,EAE5B,OAAO,cAAY,YAAY,SAAY,CACzC,MAAMG,EAAW,MAAM,MAAMD,EAAM,CACjC,GAAGD,EACH,QAAS,CACP,GAAGA,GAAM,QACT,eAAgB,mBAChB,GAAGP,EAAI,aACL,CAAC,CAAE,aAAAU,CAAa,KAAO,CAAE,cAAe,UAAUA,CAAY,EAAG,GACjE,CAAC,CACH,CACF,CACF,CAAC,EACD,OAAQD,EAAS,OAAQ,CACvB,IAAK,KACH,SAAO,SAAM,MAAgB,EAE/B,IAAK,KACH,MAAM,IAAI,wBACR,2BAA2BD,CAAI,MAAMC,EAAS,MAAM,KAAKA,EAAS,UAAU,EAC9E,EAEF,QACE,GAAI,CAACA,EAAS,GACZ,MAAM,IAAI,uBACR,mBAAmBD,CAAI,MAAMC,EAAS,MAAM,KAAKA,EAAS,UAAU,EACtE,EAEF,SAAO,SAAO,MAAMA,EAAS,KAAK,CAAS,CAC/C,CACF,CAAC,EAAE,QAASE,GACVA,aAAiB,uBACbA,EACA,IAAI,uBAAqBA,CAAK,CACpC,CACF,CACF,EA7Fad,EAANe,EAAA,IADN,cAAW,EAGPC,EAAA,eAAO,sBAAoB,OAAO,IAF1BhB",
+  "names": ["HttpLKRPDataSource_exports", "__export", "HttpLKRPDataSource", "__toCommonJS", "import_inversify", "import_purify_ts", "import_Errors", "import_lkrpDatasourceTypes", "import_LKRPBlockStream", "HttpLKRPDataSource", "baseUrl", "payload", "jwt", "id", "serialized", "path", "stream", "block", "endpoint", "init", "href", "response", "access_token", "error", "__decorateClass", "__decorateParam"]
+}

package/lib/cjs/internal/lkrp-datasource/data/HttpLKRPDataSource.test.js

@@ -0,0 +1,2 @@
+"use strict";var o=require("purify-ts"),u=require("../../../api/app-binder/Errors"),h=require("../../utils/LKRPBlock"),m=require("../../utils/LKRPBlockStream"),c=require("./HttpLKRPDataSource");const r={access_token:"ACCESS TOKEN",permissions:{TRUSTCHAIN_ID:{"m/":["owner"]}}},i={version:0,challenge:{data:"1010101010010101010",expiry:"2025-06-30T10:00:00Z"},host:"example.com",rp:[{credential:{version:0,curveId:33,signAlgorithm:1,publicKey:"aaaaaaaaaaaaaaaaaaaaaaaaaa"},signature:"abababababababab"}],protocolVersion:{major:1,minor:0,patch:0}},l={credential:{version:0,curveId:33,signAlgorithm:1,publicKey:"bbbbbbbbbbbbbbbbbbbbbbbbbbb"},signature:"acacacacacacacac",attestation:"0000000000000000"};describe("HttpLKRPDataSource",()=>{const a=vi.spyOn(global,"fetch"),t="https://example.com";afterEach(()=>{a.mockClear()}),describe("getChallenge",()=>{it("should fetch challenge successfully",async()=>{const e={tlv:"0f1234567890",json:i};a.mockResolvedValueOnce({ok:!0,json:()=>Promise.resolve(e)});const n=await new c.HttpLKRPDataSource(t).getChallenge();expect(a).toHaveBeenCalledWith(`${t}/challenge`,{headers:{"Content-Type":"application/json"}}),expect(n).toEqual((0,o.Right)(e))}),it("should handle fetch error",async()=>{const e=new Error("Random error");a.mockRejectedValueOnce(e);const n=await new c.HttpLKRPDataSource(t).getChallenge();expect(n).toEqual((0,o.Left)(new u.LKRPHttpRequestError(e)))})}),describe("authenticate",()=>{it("should fetch a JWT when the authentication is successful",async()=>{a.mockResolvedValueOnce({ok:!0,json:()=>Promise.resolve(r)});const s=await new c.HttpLKRPDataSource(t).authenticate({challenge:i,signature:l});expect(a).toHaveBeenCalledWith(`${t}/authenticate`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({challenge:i,signature:l})}),expect(s).toEqual((0,o.Right)({jwt:r,trustchainId:(0,o.Just)("TRUSTCHAIN_ID")}))}),it("should return no trustchainId the returned JWT does not contain one",async()=>{const e={access_token:"ACCESS TOKEN",permissions:{}};a.mockResolvedValueOnce({ok:!0,json:()=>Promise.resolve(e)});const n=await new c.HttpLKRPDataSource(t).authenticate({challenge:i,signature:l});expect(n).toEqual((0,o.Right)({jwt:e,trustchainId:o.Nothing}))}),it("should handle authentication error",async()=>{a.mockResolvedValueOnce({ok:!1,status:401,statusText:"Unauthorized"});const s=await new c.HttpLKRPDataSource(t).authenticate({challenge:i,signature:l});expect(s).toEqual((0,o.Left)(new u.LKRPUnauthorizedError(`Unauthorized request to ${t}/authenticate: [401] Unauthorized`)))})}),describe("getTrustchainById",()=>{it("should fetch trustchain by ID successfully",async()=>{const e={"m/":"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1e1d","m/16'":"1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b"};a.mockResolvedValueOnce({ok:!0,json:()=>Promise.resolve(e)});const n=await new c.HttpLKRPDataSource(t).getTrustchainById("TRUSTCHAIN_ID",r);expect(a).toHaveBeenCalledWith(`${t}/trustchain/TRUSTCHAIN_ID`,{headers:{"Content-Type":"application/json",Authorization:`Bearer ${r.access_token}`}}),expect(n).toEqual((0,o.Right)({"m/":m.LKRPBlockStream.fromHex("0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1e1d"),"m/16'":m.LKRPBlockStream.fromHex("1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b")}))}),it("should handle errors",async()=>{a.mockResolvedValueOnce({ok:!1,status:500,statusText:"Internal Server Error"});const s=await new c.HttpLKRPDataSource(t).getTrustchainById("TRUSTCHAIN_ID",r);expect(s).toEqual((0,o.Left)(new u.LKRPHttpRequestError(`Failed to fetch ${t}/trustchain/TRUSTCHAIN_ID: [500] Internal Server Error`)))})}),describe("postDerivation",()=>{it("should post derivation successfully",async()=>{const e="0102030405060708090a0b0c0d0e0f",s=h.LKRPBlock.fromHex(e);a.mockResolvedValueOnce({ok:!0,status:204});const d=await new c.HttpLKRPDataSource(t).postDerivation("TRUSTCHAIN_ID",s,r);expect(a).toHaveBeenCalledWith(`${t}/trustchain/TRUSTCHAIN_ID/derivation`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${r.access_token}`},body:JSON.stringify(e)}),expect(d).toEqual((0,o.Right)(void 0))})}),describe("putCommands",()=>{it("should put commands successfully",async()=>{const e="0102030405060708090a0b0c0d0e0f",s=h.LKRPBlock.fromHex(e);a.mockResolvedValueOnce({ok:!0,status:204});const d=await new c.HttpLKRPDataSource(t).putCommands("TRUSTCHAIN_ID","m/0'/16'/0'",s,r);expect(a).toHaveBeenCalledWith(`${t}/trustchain/TRUSTCHAIN_ID/commands`,{method:"PUT",headers:{"Content-Type":"application/json",Authorization:`Bearer ${r.access_token}`},body:JSON.stringify({path:"m/0'/16'/0'",blocks:[e]})}),expect(d).toEqual((0,o.Right)(void 0))})})});
+//# sourceMappingURL=HttpLKRPDataSource.test.js.map