@ledgerhq/device-trusted-app-kit-ledger-keyring-protocol 0.0.0-ledger-button-20250806141658

package/lib/esm/internal/app-binder/command/SignBlockSingleCommand.test.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/command/SignBlockSingleCommand.test.ts"],
+  "sourcesContent": ["/* eslint-disable @typescript-eslint/no-unsafe-member-access */\n/* eslint-disable @typescript-eslint/no-explicit-any */\nimport {\n  ApduResponse,\n  isSuccessCommandResult,\n} from \"@ledgerhq/device-management-kit\";\nimport { describe, expect, it } from \"vitest\";\n\nimport {\n  type SignBlockSingleCommandArgs,\n  type SignBlockSingleCommandResponse,\n} from \"@api/app-binder/SignBlockSingleCommandTypes\";\n\nimport { SignBlockSingleCommand } from \"./SignBlockSingleCommand\";\n\nconst COMMAND_BYTES = Uint8Array.from([0xf0, 0xca, 0xcc, 0x1a]);\nconst TLV_PAYLOAD = Uint8Array.from([0xf0, 0xca, 0xcc, 0x1a]);\n\ndescribe(\"SignBlockSingleCommand\", () => {\n  describe(\"getApdu()\", () => {\n    it(\"should build the correct APDU for a given command\", () => {\n      // given\n      const args: SignBlockSingleCommandArgs = { command: COMMAND_BYTES };\n      const cmd = new SignBlockSingleCommand(args);\n\n      // when\n      const apdu = cmd.getApdu();\n      const expected = Uint8Array.from([\n        0xe0,\n        0x07,\n        0x01,\n        0x00,\n        COMMAND_BYTES.length,\n        ...COMMAND_BYTES,\n      ]);\n\n      // then\n      expect(apdu.getRawApdu()).toEqual(expected);\n    });\n  });\n\n  describe(\"parseResponse()\", () => {\n    it(\"should return the raw TLV blob on success\", () => {\n      // given\n      const args: SignBlockSingleCommandArgs = { command: COMMAND_BYTES };\n      const cmd = new SignBlockSingleCommand(args);\n      const response = new ApduResponse({\n        statusCode: Uint8Array.from([0x90, 0x00]),\n        data: TLV_PAYLOAD,\n      });\n\n      // when\n      const result = cmd.parseResponse(response);\n\n      // then\n      expect(isSuccessCommandResult(result)).toBe(true);\n      if (isSuccessCommandResult(result)) {\n        const data: SignBlockSingleCommandResponse = result.data;\n        expect(data).toEqual(TLV_PAYLOAD);\n      }\n    });\n\n    it(\"should map SW errors to CommandResult errors\", () => {\n      // given\n      const args: SignBlockSingleCommandArgs = { command: COMMAND_BYTES };\n      const cmd = new SignBlockSingleCommand(args);\n      const response = new ApduResponse({\n        statusCode: Uint8Array.from([0x6a, 0x86]),\n        data: new Uint8Array(),\n      });\n\n      // when\n      const result = cmd.parseResponse(response);\n\n      // then\n      expect(isSuccessCommandResult(result)).toBe(false);\n      if (!isSuccessCommandResult(result)) {\n        expect((result.error as any).errorCode).toBe(\"6a86\");\n      }\n    });\n\n    it(\"should return an empty Uint8Array if no data is returned\", () => {\n      // given\n      const args: SignBlockSingleCommandArgs = { command: COMMAND_BYTES };\n      const cmd = new SignBlockSingleCommand(args);\n      const response = new ApduResponse({\n        statusCode: Uint8Array.from([0x90, 0x00]),\n        data: new Uint8Array(),\n      });\n\n      // when\n      const result = cmd.parseResponse(response);\n\n      // then\n      expect(isSuccessCommandResult(result)).toBe(true);\n      if (isSuccessCommandResult(result)) {\n        expect(result.data).toEqual(new Uint8Array());\n      }\n    });\n  });\n});\n"],
+  "mappings": "AAEA,OACE,gBAAAA,EACA,0BAAAC,MACK,kCACP,OAAS,YAAAC,EAAU,UAAAC,EAAQ,MAAAC,MAAU,SAOrC,OAAS,0BAAAC,MAA8B,2BAEvC,MAAMC,EAAgB,WAAW,KAAK,CAAC,IAAM,IAAM,IAAM,EAAI,CAAC,EACxDC,EAAc,WAAW,KAAK,CAAC,IAAM,IAAM,IAAM,EAAI,CAAC,EAE5DL,EAAS,yBAA0B,IAAM,CACvCA,EAAS,YAAa,IAAM,CAC1BE,EAAG,oDAAqD,IAAM,CAE5D,MAAMI,EAAmC,CAAE,QAASF,CAAc,EAI5DG,EAHM,IAAIJ,EAAuBG,CAAI,EAG1B,QAAQ,EACnBE,EAAW,WAAW,KAAK,CAC/B,IACA,EACA,EACA,EACAJ,EAAc,OACd,GAAGA,CACL,CAAC,EAGDH,EAAOM,EAAK,WAAW,CAAC,EAAE,QAAQC,CAAQ,CAC5C,CAAC,CACH,CAAC,EAEDR,EAAS,kBAAmB,IAAM,CAChCE,EAAG,4CAA6C,IAAM,CAEpD,MAAMI,EAAmC,CAAE,QAASF,CAAc,EAC5DK,EAAM,IAAIN,EAAuBG,CAAI,EACrCI,EAAW,IAAIZ,EAAa,CAChC,WAAY,WAAW,KAAK,CAAC,IAAM,CAAI,CAAC,EACxC,KAAMO,CACR,CAAC,EAGKM,EAASF,EAAI,cAAcC,CAAQ,EAIzC,GADAT,EAAOF,EAAuBY,CAAM,CAAC,EAAE,KAAK,EAAI,EAC5CZ,EAAuBY,CAAM,EAAG,CAClC,MAAMC,EAAuCD,EAAO,KACpDV,EAAOW,CAAI,EAAE,QAAQP,CAAW,CAClC,CACF,CAAC,EAEDH,EAAG,+CAAgD,IAAM,CAEvD,MAAMI,EAAmC,CAAE,QAASF,CAAc,EAC5DK,EAAM,IAAIN,EAAuBG,CAAI,EACrCI,EAAW,IAAIZ,EAAa,CAChC,WAAY,WAAW,KAAK,CAAC,IAAM,GAAI,CAAC,EACxC,KAAM,IAAI,UACZ,CAAC,EAGKa,EAASF,EAAI,cAAcC,CAAQ,EAGzCT,EAAOF,EAAuBY,CAAM,CAAC,EAAE,KAAK,EAAK,EAC5CZ,EAAuBY,CAAM,GAChCV,EAAQU,EAAO,MAAc,SAAS,EAAE,KAAK,MAAM,CAEvD,CAAC,EAEDT,EAAG,2DAA4D,IAAM,CAEnE,MAAMI,EAAmC,CAAE,QAASF,CAAc,EAC5DK,EAAM,IAAIN,EAAuBG,CAAI,EACrCI,EAAW,IAAIZ,EAAa,CAChC,WAAY,WAAW,KAAK,CAAC,IAAM,CAAI,CAAC,EACxC,KAAM,IAAI,UACZ,CAAC,EAGKa,EAASF,EAAI,cAAcC,CAAQ,EAGzCT,EAAOF,EAAuBY,CAAM,CAAC,EAAE,KAAK,EAAI,EAC5CZ,EAAuBY,CAAM,GAC/BV,EAAOU,EAAO,IAAI,EAAE,QAAQ,IAAI,UAAY,CAEhD,CAAC,CACH,CAAC,CACH,CAAC",
+  "names": ["ApduResponse", "isSuccessCommandResult", "describe", "expect", "it", "SignBlockSingleCommand", "COMMAND_BYTES", "TLV_PAYLOAD", "args", "apdu", "expected", "cmd", "response", "result", "data"]
+}

package/lib/esm/internal/app-binder/command/utils/extractTrustedProperty.js

@@ -0,0 +1,2 @@
+function t(a){const r={};let e=a.extractFieldTLVEncoded();for(;e&&e.value;){switch(e.tag){case 0:r.iv=e.value;break;case 1:r.issuer=e.value;break;case 2:r.xpriv=e.value;break;case 3:r.ephemeralPubKey=e.value;break;case 4:r.commandIV=e.value;break;case 5:r.groupKey=e.value;break;case 6:r.newMember=e.value;break;default:break}e=a.extractFieldTLVEncoded()}return r}export{t as extractTrustedProperty};
+//# sourceMappingURL=extractTrustedProperty.js.map

package/lib/esm/internal/app-binder/command/utils/extractTrustedProperty.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../src/internal/app-binder/command/utils/extractTrustedProperty.ts"],
+  "sourcesContent": ["import { type ApduParser } from \"@ledgerhq/device-management-kit\";\n\nimport { type TrustedProperty } from \"@internal/externalTypes\";\n\nexport function extractTrustedProperty(\n  parser: ApduParser,\n): Partial<TrustedProperty> {\n  const trustedProperty: Partial<TrustedProperty> = {};\n\n  let tag = parser.extractFieldTLVEncoded();\n  while (tag && tag.value) {\n    switch (tag.tag) {\n      case 0x00:\n        trustedProperty.iv = tag.value;\n        break;\n      case 0x01:\n        trustedProperty.issuer = tag.value;\n        break;\n      case 0x02:\n        trustedProperty.xpriv = tag.value;\n        break;\n      case 0x03:\n        trustedProperty.ephemeralPubKey = tag.value;\n        break;\n      case 0x04:\n        trustedProperty.commandIV = tag.value;\n        break;\n      case 0x05:\n        trustedProperty.groupKey = tag.value;\n        break;\n      case 0x06:\n        trustedProperty.newMember = tag.value;\n        break;\n      default:\n        break;\n    }\n\n    tag = parser.extractFieldTLVEncoded();\n  }\n\n  return trustedProperty;\n}\n"],
+  "mappings": "AAIO,SAASA,EACdC,EAC0B,CAC1B,MAAMC,EAA4C,CAAC,EAEnD,IAAIC,EAAMF,EAAO,uBAAuB,EACxC,KAAOE,GAAOA,EAAI,OAAO,CACvB,OAAQA,EAAI,IAAK,CACf,IAAK,GACHD,EAAgB,GAAKC,EAAI,MACzB,MACF,IAAK,GACHD,EAAgB,OAASC,EAAI,MAC7B,MACF,IAAK,GACHD,EAAgB,MAAQC,EAAI,MAC5B,MACF,IAAK,GACHD,EAAgB,gBAAkBC,EAAI,MACtC,MACF,IAAK,GACHD,EAAgB,UAAYC,EAAI,MAChC,MACF,IAAK,GACHD,EAAgB,SAAWC,EAAI,MAC/B,MACF,IAAK,GACHD,EAAgB,UAAYC,EAAI,MAChC,MACF,QACE,KACJ,CAEAA,EAAMF,EAAO,uBAAuB,CACtC,CAEA,OAAOC,CACT",
+  "names": ["extractTrustedProperty", "parser", "trustedProperty", "tag"]
+}

package/lib/esm/internal/app-binder/command/utils/ledgerKeyringProtocolErrors.js

@@ -0,0 +1,2 @@
+import{DeviceExchangeError as o}from"@ledgerhq/device-management-kit";const a={6985:{message:"Rejected by user"},"6a86":{message:"Either P1 or P2 is incorrect"},"6a87":{message:"Lc or minimum APDU length is incorrect"},"6d00":{message:"No command exists with INS"},"6e00":{message:"Bad CLA used for this application"},b000:{message:"Wrong response length (buffer size problem)"},b007:{message:"Security issue with bad state"},b008:{message:"Signature of raw transaction failed"},b009:{message:"Security issue lead by an invalid Command stream"},b00a:{message:"Invalid or unsupported command stream format"},b00b:{message:"Trusted properties buffer can't receive all data"},b00c:{message:"Attempt to perform an action on a closed stream"}};class s extends o{constructor(e){super({tag:"LedgerKeyringProtocolError",...e})}}const m=r=>new s(r);export{a as LEDGER_SYNC_ERRORS,s as LedgerKeyringProcotolError,m as LedgerKeyringProtocolErrorFactory};
+//# sourceMappingURL=ledgerKeyringProtocolErrors.js.map

package/lib/esm/internal/app-binder/command/utils/ledgerKeyringProtocolErrors.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../src/internal/app-binder/command/utils/ledgerKeyringProtocolErrors.ts"],
+  "sourcesContent": ["import {\n  type CommandErrorArgs,\n  type CommandErrorResult,\n  type CommandErrors,\n  DeviceExchangeError,\n} from \"@ledgerhq/device-management-kit\";\n\nexport type LedgerKeyringProtocolErrorCodes =\n  | \"6985\"\n  | \"6a86\"\n  | \"6a87\"\n  | \"6d00\"\n  | \"6e00\"\n  | \"b000\"\n  | \"b007\"\n  | \"b008\"\n  | \"b009\"\n  | \"b00a\"\n  | \"b00b\"\n  | \"b00c\";\n\nexport type LKRPDeviceCommandError =\n  CommandErrorResult<LedgerKeyringProtocolErrorCodes>[\"error\"];\n\nexport const LEDGER_SYNC_ERRORS: CommandErrors<LedgerKeyringProtocolErrorCodes> =\n  {\n    \"6985\": { message: \"Rejected by user\" },\n    \"6a86\": { message: \"Either P1 or P2 is incorrect\" },\n    \"6a87\": { message: \"Lc or minimum APDU length is incorrect\" },\n    \"6d00\": { message: \"No command exists with INS\" },\n    \"6e00\": { message: \"Bad CLA used for this application\" },\n    b000: { message: \"Wrong response length (buffer size problem)\" },\n    b007: { message: \"Security issue with bad state\" },\n    b008: { message: \"Signature of raw transaction failed\" },\n    b009: { message: \"Security issue lead by an invalid Command stream\" },\n    b00a: { message: \"Invalid or unsupported command stream format\" },\n    b00b: { message: \"Trusted properties buffer can't receive all data\" },\n    b00c: { message: \"Attempt to perform an action on a closed stream\" },\n  };\n\nexport class LedgerKeyringProcotolError extends DeviceExchangeError<LedgerKeyringProtocolErrorCodes> {\n  constructor(args: CommandErrorArgs<LedgerKeyringProtocolErrorCodes>) {\n    super({ tag: \"LedgerKeyringProtocolError\", ...args });\n  }\n}\n\nexport const LedgerKeyringProtocolErrorFactory = (\n  args: CommandErrorArgs<LedgerKeyringProtocolErrorCodes>,\n) => new LedgerKeyringProcotolError(args);\n"],
+  "mappings": "AAAA,OAIE,uBAAAA,MACK,kCAmBA,MAAMC,EACX,CACE,KAAQ,CAAE,QAAS,kBAAmB,EACtC,OAAQ,CAAE,QAAS,8BAA+B,EAClD,OAAQ,CAAE,QAAS,wCAAyC,EAC5D,OAAQ,CAAE,QAAS,4BAA6B,EAChD,OAAQ,CAAE,QAAS,mCAAoC,EACvD,KAAM,CAAE,QAAS,6CAA8C,EAC/D,KAAM,CAAE,QAAS,+BAAgC,EACjD,KAAM,CAAE,QAAS,qCAAsC,EACvD,KAAM,CAAE,QAAS,kDAAmD,EACpE,KAAM,CAAE,QAAS,8CAA+C,EAChE,KAAM,CAAE,QAAS,kDAAmD,EACpE,KAAM,CAAE,QAAS,iDAAkD,CACrE,EAEK,MAAMC,UAAmCF,CAAqD,CACnG,YAAYG,EAAyD,CACnE,MAAM,CAAE,IAAK,6BAA8B,GAAGA,CAAK,CAAC,CACtD,CACF,CAEO,MAAMC,EACXD,GACG,IAAID,EAA2BC,CAAI",
+  "names": ["DeviceExchangeError", "LEDGER_SYNC_ERRORS", "LedgerKeyringProcotolError", "args", "LedgerKeyringProtocolErrorFactory"]
+}

package/lib/esm/internal/app-binder/device-action/AddToTrustchainDeviceAction.js

@@ -0,0 +1,2 @@
+import{hexaStringToBuffer as d,UnknownDAError as T,UserInteractionRequired as p,XStateDeviceAction as A}from"@ledgerhq/device-management-kit";import{EitherAsync as m,Left as y,Maybe as S,Right as D}from"purify-ts";import{assign as c,fromPromise as u,setup as E}from"xstate";import{InitTask as g}from"../../app-binder/task/InitTask";import{ParseStreamToDeviceTask as k}from"../../app-binder/task/ParseStreamToDeviceTask";import{SignBlockTask as I}from"../../app-binder/task/SignBlockTask";import{eitherSeqRecord as l}from"../../utils/eitherSeqRecord";import{required as a}from"../../utils/required";import{raiseAndAssign as o}from"./utils/raiseAndAssign";class C extends A{makeStateMachine(i){const{initCommand:n,parseStream:s,signBlock:h}=this.extractDependencies(i);return E({types:{input:{},context:{},output:{}},actors:{initCommand:u(n),parseStream:u(s),signBlock:u(h)},actions:{assignErrorFromEvent:o(({event:t})=>y(new T(String(t.error))))},guards:{isTustchainEmpty:({context:t})=>t.input.toMaybe().chain(e=>e.applicationStream.parse().toMaybe()).map(e=>e.length===0).orDefault(!0)}}).createMachine({id:"AddToTrustchainDeviceAction",context:({input:t})=>({input:t,intermediateValue:{requiredUserInteraction:p.None},_internalState:D({sessionKeypair:null})}),initial:"InitSession",states:{InitSession:{on:{success:"ParseStream",error:"Error"},invoke:{id:"initCommand",src:"initCommand",onError:{actions:"assignErrorFromEvent"},onDone:{actions:o(({event:t})=>t.output.map(e=>({raise:"success",assign:{sessionKeypair:e}})))}}},ParseStream:{on:{success:"CheckApplicationStreamExist",error:"Error"},invoke:{id:"parseStream",src:"parseStream",input:({context:t})=>t.input.chain(e=>a(e.trustchain?.["m/"],"Missing root stream").chain(r=>r.parse()).chain(r=>a(r[0],"Missing seed block")).map(r=>({seedBlock:r,applicationStream:e.applicationStream}))),onError:{actions:"assignErrorFromEvent"},onDone:{actions:o(({event:t})=>t.output.map(()=>({raise:"success"})))}}},CheckApplicationStreamExist:{always:[{target:"AddToNewStream",guard:"isTustchainEmpty"},{target:"AddToExistingStream"}]},AddToExistingStream:{on:{success:"Success",error:"Error"},entry:c({intermediateValue:{requiredUserInteraction:"add-ledger-sync"}}),exit:c({intermediateValue:{requiredUserInteraction:p.None}}),invoke:{id:"signBlock",src:"signBlock",input:({context:t})=>t.input.chain(e=>l({lkrpDataSource:e.lkrpDataSource,trustchainId:e.trustchainId,jwt:e.jwt,clientName:e.clientName,sessionKeypair:()=>t._internalState.chain(({sessionKeypair:r})=>a(r,"Missing session keypair")),path:()=>a(e.applicationStream.getPath().extract(),"Missing application path"),parent:()=>a(e.applicationStream.parse().toMaybe().chainNullable(r=>r.at(-1)?.hash()).chainNullable(d).extract(),"Missing parent block"),blockFlow:{type:"addMember",data:{name:e.clientName,publicKey:e.keypair.pubKeyToU8a(),permissions:e.permissions}}})),onError:{actions:"assignErrorFromEvent"},onDone:{actions:o(({event:t})=>t.output.map(()=>({raise:"success"})))}}},AddToNewStream:{on:{success:"Success",error:"Error"},entry:c({intermediateValue:{requiredUserInteraction:"add-ledger-sync"}}),exit:c({intermediateValue:{requiredUserInteraction:p.None}}),invoke:{id:"signBlock",src:"signBlock",input:({context:t})=>t.input.chain(e=>l({lkrpDataSource:e.lkrpDataSource,trustchainId:e.trustchainId,jwt:e.jwt,clientName:e.clientName,sessionKeypair:()=>t._internalState.chain(({sessionKeypair:r})=>a(r,"Missing session keypair")),path:()=>a(e.applicationStream.getPath().extract(),"Missing application path"),parent:()=>a(S.fromNullable(e.trustchain["m/"]).chain(r=>r.parse().toMaybe()).chainNullable(r=>r[0]?.hash()).chainNullable(d).extract(),"Missing init block"),blockFlow:{type:"derive",data:{name:e.clientName,publicKey:e.keypair.pubKeyToU8a(),permissions:e.permissions}}})),onError:{actions:"assignErrorFromEvent"},onDone:{actions:o(({event:t})=>t.output.map(()=>({raise:"success"})))}}},Success:{type:"final"},Error:{type:"final"}},output:({context:t})=>t._internalState.map(e=>{})})}extractDependencies(i){return{initCommand:()=>new g(i).run(),parseStream:async n=>m.liftEither(n.input).chain(s=>new k(i).run(s)).run(),signBlock:n=>m.liftEither(n.input).chain(s=>new I(i).run(s)).run()}}}export{C as AddToTrustchainDeviceAction};
+//# sourceMappingURL=AddToTrustchainDeviceAction.js.map

package/lib/esm/internal/app-binder/device-action/AddToTrustchainDeviceAction.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/device-action/AddToTrustchainDeviceAction.ts"],
+  "sourcesContent": ["import {\n  type DeviceActionStateMachine,\n  hexaStringToBuffer,\n  type InternalApi,\n  type StateMachineTypes,\n  UnknownDAError,\n  UserInteractionRequired,\n  XStateDeviceAction,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Maybe, Right } from \"purify-ts\";\nimport { assign, fromPromise, setup } from \"xstate\";\n\nimport {\n  type AddToTrustchainDAError,\n  type AddToTrustchainDAInput,\n  type AddToTrustchainDAIntermediateValue,\n  type AddToTrustchainDAInternalState,\n  type AddToTrustchainDAOutput,\n} from \"@api/app-binder/AddToTrustchainDeviceActionTypes\";\nimport { type Keypair } from \"@api/index\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { InitTask } from \"@internal/app-binder/task/InitTask\";\nimport {\n  ParseStreamToDeviceTask,\n  type ParseStreamToDeviceTaskInput,\n} from \"@internal/app-binder/task/ParseStreamToDeviceTask\";\nimport {\n  type SignBlockError,\n  SignBlockTask,\n  type SignBlockTaskInput,\n} from \"@internal/app-binder/task/SignBlockTask\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { required } from \"@internal/utils/required\";\n\nimport { raiseAndAssign } from \"./utils/raiseAndAssign\";\n\nexport class AddToTrustchainDeviceAction extends XStateDeviceAction<\n  AddToTrustchainDAOutput,\n  AddToTrustchainDAInput,\n  AddToTrustchainDAError,\n  AddToTrustchainDAIntermediateValue,\n  AddToTrustchainDAInternalState\n> {\n  makeStateMachine(\n    internalApi: InternalApi,\n  ): DeviceActionStateMachine<\n    AddToTrustchainDAOutput,\n    AddToTrustchainDAInput,\n    AddToTrustchainDAError,\n    AddToTrustchainDAIntermediateValue,\n    AddToTrustchainDAInternalState\n  > {\n    type types = StateMachineTypes<\n      AddToTrustchainDAOutput,\n      AddToTrustchainDAInput,\n      AddToTrustchainDAError,\n      AddToTrustchainDAIntermediateValue,\n      AddToTrustchainDAInternalState\n    >;\n\n    const { initCommand, parseStream, signBlock } =\n      this.extractDependencies(internalApi);\n\n    return setup({\n      types: {\n        input: {} as types[\"input\"],\n        context: {} as types[\"context\"],\n        output: {} as types[\"output\"],\n      },\n\n      actors: {\n        initCommand: fromPromise(initCommand),\n        parseStream: fromPromise(parseStream),\n        signBlock: fromPromise(signBlock),\n      },\n\n      actions: {\n        assignErrorFromEvent: raiseAndAssign(\n          ({ event }) =>\n            Left(\n              new UnknownDAError(String((event as { error?: unknown }).error)),\n            ), // NOTE: it should never happen, the error is not typed anymore here\n        ),\n      },\n\n      guards: {\n        isTustchainEmpty: ({ context }) =>\n          context.input\n            .toMaybe()\n            .chain((input) => input.applicationStream.parse().toMaybe())\n            .map((blocks) => blocks.length === 0)\n            .orDefault(true),\n      },\n    }).createMachine({\n      /** @xstate-layout N4IgpgJg5mDOIC5QEEIQCoHt0CcCusALgMYAWAhgJYB2AImAG6XFjLGGWbUB0AktZUIBlOLE7UAxBC5huNBpgDWsmoIDCmALaby1CAG0ADAF1EoAA6YxHLmZAAPRAEZDAdm6unAFgAcAJi9PLwA2PycAVmCAGhAAT0QAZhDucJDXAE5XcO9wsOCAX3yY1AxsfCIyKjpGZlZ2cT4BYVFxCTAcHEwcbnMAG3JCADMuzTkmjW1dAxM7S2txO0cEdPTuMMN0hKcEnycMwx9ouMQ-cITuDYTg1wOb4PScwuK0LFwCEgoaeiYWNhsefiCESwMRcCSwPDEFggoymJAgOaCBbwpYJVLcBKuLwrQx+dJnbZeGLxBAJALcLxOYLhHGGFx+BJPEAlV7lD5Vb61P4NQHNEGtdqdHCw2ZWJG2FGJdGY7HpXH4rZJYmIXx+NaywKbBk3VyMorMl5ld6VL41X71LjcAAK5BwsDAQkIODA5E0UhkYwUyh6tvtjudrpF8MR-0WiDOwW4wT2ex8CTJ122yoQYR8FzSPkyEWyXiuTJZRoqn2qPzq-2tvodTpdbsFXR6-SGIx9dqrAc0QYsYtDkoQuUjNNcwUC4V2up8yac5JpV2CCTcVJ8XgZ+cNbyLHLNZYaNtb-pr4Mh0NgnYR3eRoCWrlcad1udcpxWu0xyb8fkM3CpwWCBzlSR8o5eKupTruypqltylq7n61aum0HRdKeIYXg4iDXreSSYo+6TPq4yZoucWIrF4dLxlcaLAayxrFpy5rlmopBgMQijIOYfTMAM4j7q6ACi9iUEQEhIeeEqXs4VJeCkN5+D4D4-ocESvm+3APNSP6+GSETpAU+oFqBJollyFo8AxTEsWxvQcf83GaHxAmEEJThwl28yiahCBOE4hwYoYvi+D4dIHLiyYALRTu4bh4mcN43psAGUYWYGGXRDQFnZRA0FANnutQKjUF6shiFA1AAEK9JgzHCa51Bhh5XjLtwAWBIYwQARJU6hXikm5CEnleOEWSUk4CX6TRW6QTwaX8Rl1BZbBtYId0fQDMMOCjEVpXlZVMzBiJNW9t4DKfpEpy7JEmbaaFOxqgk6Tvp5A1-vVerPCBbIGbR26WlN9mZdlEJQqIVXivtYkecOapZD4sleYYhgDd+nUZBSlKpNDWG5CN71jRBxncD9M1ze28FCsDPZg1S4ThBc773IE843IpxwIGFBweLdGyyZhByyVj1Gbrj5YFgAcmAADu2XSLlnpKIVlDFWVFWKGTKFLIdkZDjs2ZtS+zOYh4NxwxkAXpNicZ8xu4FGULhqixL80k-Wy1Nmt3AbYr23OWe1W1d4ewYps0ZTpsmxZKFvhrOEdLXg8LgtbdFtJZ9E347b4v-UeQM7S5IO+xDHijtpgR+PciPM94kZuLieK3XiRvpInH3jXjIvpw7dbCtn3u5wd1LU7iLWm7qVdMySYSSZSpzeDsngl1OhT6tQmAQHAdh6djAvWyhyFuUsYXh-cjUPE+ThxW+w26WuG9Wyllq8sCoKg935PuYEyb1ZJKwrAEERxtkWSNxxlvKClYbKih9r2QI7hKQkSjhsM4pt8JUgpF-KkaJNj1XCIAzet8TKMWYqxdixBOJcBsulQg4Ce5gzlE4A2mEGRPlNgkJSH5vx9xuNiOGYRXDYJvl9SahpyF-XmpQl+atMSRm2KmNwAFUhlxJCFd85x4yjnHpPQIvheHJX4anUodswG7QgRTK4qxoyGB2GbN8qZJzkgeLsH80ZNjw2hlo5OeMhCZxBKI1Wzg4yrBajSe6A1erhE6gFKMDwBrbHxP1O8rjm7lh4otbxu9fEDRSFqUcUNIgHFCi4VYOE5Q4RahsRcOlChAA */\n\n      id: \"AddToTrustchainDeviceAction\",\n      context: ({ input }) => ({\n        input,\n        intermediateValue: {\n          requiredUserInteraction: UserInteractionRequired.None,\n        },\n        _internalState: Right({\n          sessionKeypair: null,\n        }),\n      }),\n\n      initial: \"InitSession\",\n      states: {\n        InitSession: {\n          on: { success: \"ParseStream\", error: \"Error\" },\n          invoke: {\n            id: \"initCommand\",\n            src: \"initCommand\",\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map((sessionKeypair) => ({\n                  raise: \"success\",\n                  assign: { sessionKeypair },\n                })),\n              ),\n            },\n          },\n        },\n\n        ParseStream: {\n          on: { success: \"CheckApplicationStreamExist\", error: \"Error\" },\n          invoke: {\n            id: \"parseStream\",\n            src: \"parseStream\",\n            input: ({ context }) =>\n              context.input.chain((input) =>\n                required(input.trustchain?.[\"m/\"], \"Missing root stream\")\n                  .chain((rootStream) => rootStream.parse())\n                  .chain((blocks) => required(blocks[0], \"Missing seed block\"))\n                  .map((seedBlock) => ({\n                    seedBlock,\n                    applicationStream: input.applicationStream,\n                  })),\n              ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map(() => ({ raise: \"success\" })),\n              ),\n            },\n          },\n        },\n\n        CheckApplicationStreamExist: {\n          always: [\n            { target: \"AddToNewStream\", guard: \"isTustchainEmpty\" },\n            { target: \"AddToExistingStream\" },\n          ],\n        },\n\n        AddToExistingStream: {\n          on: { success: \"Success\", error: \"Error\" },\n          entry: assign({\n            intermediateValue: {\n              requiredUserInteraction: \"add-ledger-sync\",\n            },\n          }),\n          exit: assign({\n            intermediateValue: {\n              requiredUserInteraction: UserInteractionRequired.None,\n            },\n          }),\n          invoke: {\n            id: \"signBlock\",\n            src: \"signBlock\",\n            input: ({ context }) =>\n              context.input.chain((input) =>\n                eitherSeqRecord({\n                  lkrpDataSource: input.lkrpDataSource,\n                  trustchainId: input.trustchainId,\n                  jwt: input.jwt,\n                  clientName: input.clientName,\n                  sessionKeypair: () =>\n                    context._internalState.chain(({ sessionKeypair }) =>\n                      required(sessionKeypair, \"Missing session keypair\"),\n                    ),\n                  path: () =>\n                    required(\n                      input.applicationStream.getPath().extract(),\n                      \"Missing application path\",\n                    ),\n                  parent: () =>\n                    required(\n                      input.applicationStream\n                        .parse()\n                        .toMaybe()\n                        .chainNullable((blocks) => blocks.at(-1)?.hash())\n                        .chainNullable(hexaStringToBuffer)\n                        .extract(),\n                      \"Missing parent block\",\n                    ),\n                  blockFlow: {\n                    type: \"addMember\",\n                    data: {\n                      name: input.clientName,\n                      publicKey: input.keypair.pubKeyToU8a(),\n                      permissions: input.permissions,\n                    },\n                  },\n                }),\n              ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map(() => ({ raise: \"success\" })),\n              ),\n            },\n          },\n        },\n\n        AddToNewStream: {\n          on: { success: \"Success\", error: \"Error\" },\n          entry: assign({\n            intermediateValue: {\n              requiredUserInteraction: \"add-ledger-sync\",\n            },\n          }),\n          exit: assign({\n            intermediateValue: {\n              requiredUserInteraction: UserInteractionRequired.None,\n            },\n          }),\n          invoke: {\n            id: \"signBlock\",\n            src: \"signBlock\",\n            input: ({ context }) =>\n              context.input.chain((input) =>\n                eitherSeqRecord({\n                  lkrpDataSource: input.lkrpDataSource,\n                  trustchainId: input.trustchainId,\n                  jwt: input.jwt,\n                  clientName: input.clientName,\n                  sessionKeypair: () =>\n                    context._internalState.chain(({ sessionKeypair }) =>\n                      required(sessionKeypair, \"Missing session keypair\"),\n                    ),\n                  path: () =>\n                    required(\n                      input.applicationStream.getPath().extract(),\n                      \"Missing application path\",\n                    ),\n                  parent: () =>\n                    required(\n                      Maybe.fromNullable(input.trustchain[\"m/\"])\n                        .chain((rootStream) => rootStream.parse().toMaybe())\n                        .chainNullable((blocks) => blocks[0]?.hash())\n                        .chainNullable(hexaStringToBuffer)\n                        .extract(),\n                      \"Missing init block\",\n                    ),\n                  blockFlow: {\n                    type: \"derive\",\n                    data: {\n                      name: input.clientName,\n                      publicKey: input.keypair.pubKeyToU8a(),\n                      permissions: input.permissions,\n                    },\n                  },\n                }),\n              ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map(() => ({ raise: \"success\" })),\n              ),\n            },\n          },\n        },\n\n        Success: { type: \"final\" },\n\n        Error: { type: \"final\" },\n      },\n\n      output: ({ context }) => context._internalState.map((_) => undefined),\n    });\n  }\n\n  extractDependencies(internalApi: InternalApi) {\n    return {\n      initCommand: (): Promise<Either<LKRPDeviceCommandError, Keypair>> =>\n        new InitTask(internalApi).run(),\n\n      parseStream: async (args: {\n        input: Either<AddToTrustchainDAError, ParseStreamToDeviceTaskInput>;\n      }) =>\n        EitherAsync.liftEither(args.input)\n          .chain<AddToTrustchainDAError, unknown>((input) =>\n            new ParseStreamToDeviceTask(internalApi).run(input),\n          )\n          .run(),\n\n      signBlock: (args: {\n        input: Either<AddToTrustchainDAError, SignBlockTaskInput>;\n      }): Promise<Either<SignBlockError, void>> =>\n        EitherAsync.liftEither(args.input)\n          .chain((input) => new SignBlockTask(internalApi).run(input))\n          .run(),\n    };\n  }\n}\n"],
+  "mappings": "AAAA,OAEE,sBAAAA,EAGA,kBAAAC,EACA,2BAAAC,EACA,sBAAAC,MACK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,EAAO,SAAAC,MAAa,YAC7D,OAAS,UAAAC,EAAQ,eAAAC,EAAa,SAAAC,MAAa,SAW3C,OAAS,YAAAC,MAAgB,qCACzB,OACE,2BAAAC,MAEK,oDACP,OAEE,iBAAAC,MAEK,0CACP,OAAS,mBAAAC,MAAuB,kCAChC,OAAS,YAAAC,MAAgB,2BAEzB,OAAS,kBAAAC,MAAsB,yBAExB,MAAMC,UAAoCd,CAM/C,CACA,iBACEe,EAOA,CASA,KAAM,CAAE,YAAAC,EAAa,YAAAC,EAAa,UAAAC,CAAU,EAC1C,KAAK,oBAAoBH,CAAW,EAEtC,OAAOR,EAAM,CACX,MAAO,CACL,MAAO,CAAC,EACR,QAAS,CAAC,EACV,OAAQ,CAAC,CACX,EAEA,OAAQ,CACN,YAAaD,EAAYU,CAAW,EACpC,YAAaV,EAAYW,CAAW,EACpC,UAAWX,EAAYY,CAAS,CAClC,EAEA,QAAS,CACP,qBAAsBL,EACpB,CAAC,CAAE,MAAAM,CAAM,IACPjB,EACE,IAAIJ,EAAe,OAAQqB,EAA8B,KAAK,CAAC,CACjE,CACJ,CACF,EAEA,OAAQ,CACN,iBAAkB,CAAC,CAAE,QAAAC,CAAQ,IAC3BA,EAAQ,MACL,QAAQ,EACR,MAAOC,GAAUA,EAAM,kBAAkB,MAAM,EAAE,QAAQ,CAAC,EAC1D,IAAKC,GAAWA,EAAO,SAAW,CAAC,EACnC,UAAU,EAAI,CACrB,CACF,CAAC,EAAE,cAAc,CAGf,GAAI,8BACJ,QAAS,CAAC,CAAE,MAAAD,CAAM,KAAO,CACvB,MAAAA,EACA,kBAAmB,CACjB,wBAAyBtB,EAAwB,IACnD,EACA,eAAgBK,EAAM,CACpB,eAAgB,IAClB,CAAC,CACH,GAEA,QAAS,cACT,OAAQ,CACN,YAAa,CACX,GAAI,CAAE,QAAS,cAAe,MAAO,OAAQ,EAC7C,OAAQ,CACN,GAAI,cACJ,IAAK,cACL,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASS,EAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAKI,IAAoB,CACpC,MAAO,UACP,OAAQ,CAAE,eAAAA,CAAe,CAC3B,EAAE,CACJ,CACF,CACF,CACF,EAEA,YAAa,CACX,GAAI,CAAE,QAAS,8BAA+B,MAAO,OAAQ,EAC7D,OAAQ,CACN,GAAI,cACJ,IAAK,cACL,MAAO,CAAC,CAAE,QAAAH,CAAQ,IAChBA,EAAQ,MAAM,MAAOC,GACnBT,EAASS,EAAM,aAAa,IAAI,EAAG,qBAAqB,EACrD,MAAOG,GAAeA,EAAW,MAAM,CAAC,EACxC,MAAOF,GAAWV,EAASU,EAAO,CAAC,EAAG,oBAAoB,CAAC,EAC3D,IAAKG,IAAe,CACnB,UAAAA,EACA,kBAAmBJ,EAAM,iBAC3B,EAAE,CACN,EACF,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASR,EAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CAAE,MAAO,SAAU,EAAE,CAC/C,CACF,CACF,CACF,EAEA,4BAA6B,CAC3B,OAAQ,CACN,CAAE,OAAQ,iBAAkB,MAAO,kBAAmB,EACtD,CAAE,OAAQ,qBAAsB,CAClC,CACF,EAEA,oBAAqB,CACnB,GAAI,CAAE,QAAS,UAAW,MAAO,OAAQ,EACzC,MAAOd,EAAO,CACZ,kBAAmB,CACjB,wBAAyB,iBAC3B,CACF,CAAC,EACD,KAAMA,EAAO,CACX,kBAAmB,CACjB,wBAAyBN,EAAwB,IACnD,CACF,CAAC,EACD,OAAQ,CACN,GAAI,YACJ,IAAK,YACL,MAAO,CAAC,CAAE,QAAAqB,CAAQ,IAChBA,EAAQ,MAAM,MAAOC,GACnBV,EAAgB,CACd,eAAgBU,EAAM,eACtB,aAAcA,EAAM,aACpB,IAAKA,EAAM,IACX,WAAYA,EAAM,WAClB,eAAgB,IACdD,EAAQ,eAAe,MAAM,CAAC,CAAE,eAAAG,CAAe,IAC7CX,EAASW,EAAgB,yBAAyB,CACpD,EACF,KAAM,IACJX,EACES,EAAM,kBAAkB,QAAQ,EAAE,QAAQ,EAC1C,0BACF,EACF,OAAQ,IACNT,EACES,EAAM,kBACH,MAAM,EACN,QAAQ,EACR,cAAeC,GAAWA,EAAO,GAAG,EAAE,GAAG,KAAK,CAAC,EAC/C,cAAczB,CAAkB,EAChC,QAAQ,EACX,sBACF,EACF,UAAW,CACT,KAAM,YACN,KAAM,CACJ,KAAMwB,EAAM,WACZ,UAAWA,EAAM,QAAQ,YAAY,EACrC,YAAaA,EAAM,WACrB,CACF,CACF,CAAC,CACH,EACF,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASR,EAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CAAE,MAAO,SAAU,EAAE,CAC/C,CACF,CACF,CACF,EAEA,eAAgB,CACd,GAAI,CAAE,QAAS,UAAW,MAAO,OAAQ,EACzC,MAAOd,EAAO,CACZ,kBAAmB,CACjB,wBAAyB,iBAC3B,CACF,CAAC,EACD,KAAMA,EAAO,CACX,kBAAmB,CACjB,wBAAyBN,EAAwB,IACnD,CACF,CAAC,EACD,OAAQ,CACN,GAAI,YACJ,IAAK,YACL,MAAO,CAAC,CAAE,QAAAqB,CAAQ,IAChBA,EAAQ,MAAM,MAAOC,GACnBV,EAAgB,CACd,eAAgBU,EAAM,eACtB,aAAcA,EAAM,aACpB,IAAKA,EAAM,IACX,WAAYA,EAAM,WAClB,eAAgB,IACdD,EAAQ,eAAe,MAAM,CAAC,CAAE,eAAAG,CAAe,IAC7CX,EAASW,EAAgB,yBAAyB,CACpD,EACF,KAAM,IACJX,EACES,EAAM,kBAAkB,QAAQ,EAAE,QAAQ,EAC1C,0BACF,EACF,OAAQ,IACNT,EACET,EAAM,aAAakB,EAAM,WAAW,IAAI,CAAC,EACtC,MAAOG,GAAeA,EAAW,MAAM,EAAE,QAAQ,CAAC,EAClD,cAAeF,GAAWA,EAAO,CAAC,GAAG,KAAK,CAAC,EAC3C,cAAczB,CAAkB,EAChC,QAAQ,EACX,oBACF,EACF,UAAW,CACT,KAAM,SACN,KAAM,CACJ,KAAMwB,EAAM,WACZ,UAAWA,EAAM,QAAQ,YAAY,EACrC,YAAaA,EAAM,WACrB,CACF,CACF,CAAC,CACH,EACF,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASR,EAAe,CAAC,CAAE,MAAAM,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CAAE,MAAO,SAAU,EAAE,CAC/C,CACF,CACF,CACF,EAEA,QAAS,CAAE,KAAM,OAAQ,EAEzB,MAAO,CAAE,KAAM,OAAQ,CACzB,EAEA,OAAQ,CAAC,CAAE,QAAAC,CAAQ,IAAMA,EAAQ,eAAe,IAAKM,GAAG,EAAY,CACtE,CAAC,CACH,CAEA,oBAAoBX,EAA0B,CAC5C,MAAO,CACL,YAAa,IACX,IAAIP,EAASO,CAAW,EAAE,IAAI,EAEhC,YAAa,MAAOY,GAGlB1B,EAAY,WAAW0B,EAAK,KAAK,EAC9B,MAAwCN,GACvC,IAAIZ,EAAwBM,CAAW,EAAE,IAAIM,CAAK,CACpD,EACC,IAAI,EAET,UAAYM,GAGV1B,EAAY,WAAW0B,EAAK,KAAK,EAC9B,MAAON,GAAU,IAAIX,EAAcK,CAAW,EAAE,IAAIM,CAAK,CAAC,EAC1D,IAAI,CACX,CACF,CACF",
+  "names": ["hexaStringToBuffer", "UnknownDAError", "UserInteractionRequired", "XStateDeviceAction", "EitherAsync", "Left", "Maybe", "Right", "assign", "fromPromise", "setup", "InitTask", "ParseStreamToDeviceTask", "SignBlockTask", "eitherSeqRecord", "required", "raiseAndAssign", "AddToTrustchainDeviceAction", "internalApi", "initCommand", "parseStream", "signBlock", "event", "context", "input", "blocks", "sessionKeypair", "rootStream", "seedBlock", "_", "args"]
+}

package/lib/esm/internal/app-binder/device-action/AuthenticateDeviceAction.js

@@ -0,0 +1,2 @@
+import{OpenAppDeviceAction as E,UnknownDAError as l,UserInteractionRequired as m,XStateDeviceAction as S}from"@ledgerhq/device-management-kit";import{EitherAsync as y,Left as p,Right as A}from"purify-ts";import{assign as D,fromPromise as h,setup as k}from"xstate";import{LKRPMissingDataError as g,LKRPUnauthorizedError as I,LKRPUnhandledState as f}from"../../../api/app-binder/Errors";import{SignChallengeWithDeviceTask as v}from"../../app-binder/task/SignChallengeWithDeviceTask";import{SignChallengeWithKeypairTask as M}from"../../app-binder/task/SignChallengeWithKeypairTask";import{eitherSeqRecord as d}from"../../utils/eitherSeqRecord";import{LKRPBlockStream as w}from"../../utils/LKRPBlockStream";import{required as r}from"../../utils/required";import{raiseAndAssign as s}from"./utils/raiseAndAssign";import{AddToTrustchainDeviceAction as K}from"./AddToTrustchainDeviceAction";const T="Ledger Sync";class V extends S{makeStateMachine(a){const{deviceAuth:n,keypairAuth:i,getTrustchain:u,extractEncryptionKey:c}=this.extractDependencies(a);return k({types:{input:{},context:{},output:{}},actors:{openAppStateMachine:new E({input:{appName:T}}).makeStateMachine(a),deviceAuth:h(n),keypairAuth:h(i),getTrustchain:h(u),addToTrustchainStateMachine:new K({input:p(new g("Missing input for GetEncryptionKey"))}).makeStateMachine(a),extractEncryptionKey:h(c)},actions:{assignErrorFromEvent:s(({event:t})=>p(new l(String(t.error))))},guards:{hasNoTrustchainId:({context:t})=>!t.input.trustchainId,hasNoJwt:({context:t})=>!t.input.jwt,isTrustchainMember:({context:t})=>t._internalState.toMaybe().map(e=>e.wasAddedToTrustchain||e.applicationStream?.hasMember(t.input.keypair.pubKeyToHex())).extract()??!1}}).createMachine({id:"AuthenticateDeviceAction",context:({input:t})=>({input:t,intermediateValue:{requiredUserInteraction:m.None},_internalState:A({trustchainId:null,jwt:null,trustchain:null,applicationStream:null,encryptionKey:null,wasAddedToTrustchain:!1})}),initial:"CheckCredentials",states:{CheckCredentials:{always:[{target:"DeviceAuth",guard:"hasNoTrustchainId"},{target:"KeypairAuth",guard:"hasNoJwt"},{target:"GetTrustchain"}]},KeypairAuth:{on:{success:"GetTrustchain",invalidCredentials:"DeviceAuth",error:"Error"},invoke:{id:"keypairAuth",src:"keypairAuth",input:({context:t})=>({lkrpDataSource:t.input.lkrpDataSource,keypair:t.input.keypair,trustchainId:r(t.input.trustchainId,"Missing Trustchain ID in the input")}),onError:{actions:"assignErrorFromEvent"},onDone:{actions:s(({event:t})=>t.output.map(({jwt:e})=>({raise:"success",assign:{jwt:e}})).chainLeft(e=>e instanceof I?A({raise:"invalidCredentials"}):p(e)))}}},DeviceAuth:{on:{success:"GetTrustchain",error:"Error"},initial:"OpenApp",states:{OpenApp:{on:{success:"Auth"},invoke:{id:"openApp",src:"openAppStateMachine",input:{appName:T},onError:{actions:"assignErrorFromEvent"},onDone:{actions:s(({event:t})=>t.output.map(()=>({raise:"success"})))}}},Auth:{entry:D({intermediateValue:{requiredUserInteraction:"connect-ledger-sync"}}),exit:D({intermediateValue:{requiredUserInteraction:m.None}}),invoke:{id:"deviceAuth",src:"deviceAuth",input:({context:t})=>t.input,onError:{actions:"assignErrorFromEvent"},onDone:{actions:s(({event:t})=>t.output.chain(e=>e.trustchainId.caseOf({Nothing:()=>p(new f("The trustchain is empty")),Just:o=>A({raise:"success",assign:{jwt:e.jwt,trustchainId:o}})})))}}}}},GetTrustchain:{on:{success:"CheckIsMembers",invalidCredentials:"KeypairAuth",error:"Error"},invoke:{id:"getTrustchain",src:"getTrustchain",input:({context:t})=>t._internalState.chain(e=>d({lkrpDataSource:t.input.lkrpDataSource,applicationId:t.input.applicationId,trustchainId:()=>r(e.trustchainId??t.input.trustchainId,"Missing Trustchain ID in the input for GetTrustchain"),jwt:()=>r(e.jwt??t.input.jwt,"Missing JWT in the input for GetTrustchain")})),onError:{actions:"assignErrorFromEvent"},onDone:{actions:s(({event:t})=>t.output.map(({trustchain:e,applicationStream:o})=>({raise:"success",assign:{trustchain:e,applicationStream:o}})))}}},CheckIsMembers:{always:[{target:"ExtractEncryptionKey",guard:"isTrustchainMember"},{target:"AddToTrustchain"}]},AddToTrustchain:{on:{success:"GetTrustchain",error:"Error"},invoke:{id:"AddToTrustchain",src:"addToTrustchainStateMachine",input:({context:t})=>t._internalState.mapLeft(()=>new g("Missing data in the input for AddToTrustchain")).chain(e=>d({lkrpDataSource:t.input.lkrpDataSource,keypair:t.input.keypair,clientName:t.input.clientName,permissions:t.input.permissions,jwt:()=>r(e.jwt??t.input.jwt,"Missing JWT in the input for AddToTrustchain"),trustchainId:()=>r(e.trustchainId??t.input.trustchainId,"Missing Trustchain ID in the input for GetTrustchain"),trustchain:()=>r(e.trustchain,"Missing Trustchain in the input for AddToTrustchain"),applicationStream:()=>r(e.applicationStream,"Missing application stream in the input for AddToTrustchain")})),onError:{actions:"assignErrorFromEvent"},onDone:{actions:s(({event:t})=>t.output.map(()=>({raise:"success",assign:{wasAddedToTrustchain:!0}})))}}},ExtractEncryptionKey:{on:{success:"Success",error:"Error"},invoke:{id:"ExtractEncryptionKey",src:"extractEncryptionKey",input:({context:t})=>t._internalState.chain(e=>r(e.applicationStream,"Missing application stream").map(o=>({applicationStream:o,keypair:t.input.keypair}))),onError:{actions:"assignErrorFromEvent"},onDone:{actions:s(({event:t})=>t.output.map(e=>({raise:"success",assign:{encryptionKey:e}})))}}},Success:{type:"final"},Error:{type:"final"}},output:({context:t})=>t._internalState.chain(e=>d({trustchainId:()=>r(e.trustchainId??t.input.trustchainId,"Missing Trustchain ID in the output"),jwt:()=>r(e.jwt??t.input.jwt,"Missing JWT in the output"),applicationPath:()=>r(e.applicationStream?.getPath().extract(),"Missing application path in the output"),encryptionKey:()=>r(e.encryptionKey,"Missing encryption key in the output")}))})}extractDependencies(a){return{deviceAuth:n=>this.auth(n.input.lkrpDataSource,new v(a)).run(),keypairAuth:n=>{const{lkrpDataSource:i,keypair:u}=n.input;return y.liftEither(n.input.trustchainId).chain(c=>this.auth(i,new M(u,c))).run()},getTrustchain:n=>y.liftEither(n.input).chain(({applicationId:i,lkrpDataSource:u,trustchainId:c,jwt:t})=>u.getTrustchainById(c,t).map(e=>({trustchain:e,applicationStream:e[`m/${i}'`]??w.fromPath(`m/0'/${i}'/0'`)}))).run(),extractEncryptionKey:async n=>Promise.resolve(n.input.chain(({applicationStream:i,keypair:u})=>i.getPublishedKey(u).toEither(new l("There is no encryption key for the current member in the application stream."))).map(i=>i.privateKey))}}auth(a,n){return a.getChallenge().chain(i=>n.run(i)).chain(i=>a.authenticate(i))}}export{V as AuthenticateDeviceAction};
+//# sourceMappingURL=AuthenticateDeviceAction.js.map

package/lib/esm/internal/app-binder/device-action/AuthenticateDeviceAction.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/device-action/AuthenticateDeviceAction.ts"],
+  "sourcesContent": ["import {\n  type DeviceActionStateMachine,\n  type InternalApi,\n  OpenAppDeviceAction,\n  type StateMachineTypes,\n  UnknownDAError,\n  UserInteractionRequired,\n  XStateDeviceAction,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Right } from \"purify-ts\";\nimport { assign, fromPromise, setup } from \"xstate\";\n\nimport {\n  type AuthenticateDAError,\n  type AuthenticateDAInput,\n  type AuthenticateDAIntermediateValue,\n  type AuthenticateDAInternalState,\n  type AuthenticateDAOutput,\n} from \"@api/app-binder/AuthenticateDeviceActionTypes\";\nimport {\n  LKRPMissingDataError,\n  LKRPUnauthorizedError,\n  LKRPUnhandledState,\n} from \"@api/app-binder/Errors\";\nimport { type Keypair } from \"@api/app-binder/LKRPTypes\";\nimport { type JWT } from \"@api/index\";\nimport { SignChallengeWithDeviceTask } from \"@internal/app-binder/task/SignChallengeWithDeviceTask\";\nimport { SignChallengeWithKeypairTask } from \"@internal/app-binder/task/SignChallengeWithKeypairTask\";\nimport {\n  type AuthenticationPayload,\n  type Challenge,\n  type LKRPDataSource,\n} from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\nimport { required } from \"@internal/utils/required\";\n\nimport { raiseAndAssign } from \"./utils/raiseAndAssign\";\nimport { AddToTrustchainDeviceAction } from \"./AddToTrustchainDeviceAction\";\n\nconst APP_NAME = \"Ledger Sync\";\n\nexport class AuthenticateDeviceAction extends XStateDeviceAction<\n  AuthenticateDAOutput,\n  AuthenticateDAInput,\n  AuthenticateDAError,\n  AuthenticateDAIntermediateValue,\n  AuthenticateDAInternalState\n> {\n  makeStateMachine(\n    internalApi: InternalApi,\n  ): DeviceActionStateMachine<\n    AuthenticateDAOutput,\n    AuthenticateDAInput,\n    AuthenticateDAError,\n    AuthenticateDAIntermediateValue,\n    AuthenticateDAInternalState\n  > {\n    type types = StateMachineTypes<\n      AuthenticateDAOutput,\n      AuthenticateDAInput,\n      AuthenticateDAError,\n      AuthenticateDAIntermediateValue,\n      AuthenticateDAInternalState\n    >;\n\n    const { deviceAuth, keypairAuth, getTrustchain, extractEncryptionKey } =\n      this.extractDependencies(internalApi);\n\n    return setup({\n      types: {\n        input: {} as types[\"input\"],\n        context: {} as types[\"context\"],\n        output: {} as types[\"output\"],\n      },\n\n      actors: {\n        openAppStateMachine: new OpenAppDeviceAction({\n          input: { appName: APP_NAME },\n        }).makeStateMachine(internalApi),\n\n        deviceAuth: fromPromise(deviceAuth),\n        keypairAuth: fromPromise(keypairAuth),\n\n        getTrustchain: fromPromise(getTrustchain),\n\n        addToTrustchainStateMachine: new AddToTrustchainDeviceAction({\n          input: Left(\n            new LKRPMissingDataError(\"Missing input for GetEncryptionKey\"),\n          ),\n        }).makeStateMachine(internalApi),\n\n        extractEncryptionKey: fromPromise(extractEncryptionKey),\n      },\n\n      actions: {\n        assignErrorFromEvent: raiseAndAssign(\n          ({ event }) =>\n            Left(\n              new UnknownDAError(String((event as { error?: unknown }).error)),\n            ), // NOTE: it should never happen, the error is not typed anymore here\n        ),\n      },\n\n      guards: {\n        hasNoTrustchainId: ({ context }) => !context.input.trustchainId,\n        hasNoJwt: ({ context }) => !context.input.jwt,\n        isTrustchainMember: ({ context }) =>\n          context._internalState\n            .toMaybe()\n            .map(\n              (state) =>\n                state.wasAddedToTrustchain ||\n                state.applicationStream?.hasMember(\n                  context.input.keypair.pubKeyToHex(),\n                ),\n            )\n            .extract() ?? false,\n      },\n    }).createMachine({\n      /** @xstate-layout N4IgpgJg5mDOIC5QEECuAXAFmAduglgMYCG6YAImAG5FjKEED2OAdAMLaEDWbATpLgLEANrADEAbQAMAXUSgADo1j4mOeSAAeiAMxSALC30BOHfoDsAJinGAHADYp94wBoQAT0QBaAKwsf9lYBAIzB9jrm5vr6OgC+sW5oWIJEpBTUtPRq7Jw8-BApIuISwXJIIEoqahraCDrBOizG+pb2tq06PlJStvo+bp4IPsZSLBHBprZWnVI+tvGJGNh4qWSUNIR0DPjMOWDcfAIrRZKWZYrKqjvq5bU6lsZGkb0Rsz1TOgOII34+oebGQJmOytBYgJLLAgkNYZTZZa4sADSYHcCmI+F4ELEEGYYBY+BwVEYXDxJNR6MxS2k5wql2qt0Q9miLEsJh8lmewWGrK+Q30wSMOk61k6OjaLTBEJS0PSGy22WR5IxWLAvF4jF4LAUwlIADMNQBbFhktHKqmyDSVK7MGqM+r+Fr6WyA8xM2zBSy86LmJq2Axi-T2YZTQGSpbStLrTLbXaK02UrBiWCoQibWCwamWunXW0IYw+H2BVmWOa2MxScy88xSAXmYJlh5CiYBYxh5IrGVRuEx1hxilYglUET4CCHArHUSZ8pW+mgWrO0b8-kPYyWDkxfS8gujWb2Cb3fmRAxtyGrWXRhUo+MqtUaqcXKo5hl55xNMzBCyzZp9TceRl-FhHCcHo11aKIfBPCMYTleFdi7OgliTFM0wzC1p2zG1nw9fRRmaRwTDXcIuk9P8EEDUZzB0fNLGCOtzB8LpWwScFww7SNYXlBF4JvdVeHvWlH0wudEA-GwjFomsDBsHDPlIj9DFsdkAldZ4WhLSC2Ogi8uI4iEWAAeQUXBkAUBRsVxfFCWJPFGCMnATIUfiZyfYSEHsIMmkiB4PUsCJ3RIwZaMaBouVdFoqJ8Cx5mYqVNPPbtsm4pYDLshyxFVXitR1dB9V4I1bOM0ynIwm5XKZQwGMi3yzHuBsq0eQJehsCZFNdCYNKhdiYJ7FgkqwFLCrM5NUzgVCaWcoStG+MIWArYIDF6BiPzaXkHgq3o2qZSxFLiGLWM6rSEp0mDkqxHEcDxQdrJYAoTqwYrBNKqaEHm0wWHaLoJnMP12nCXl61sFkPymAJulscHAw6s9uJ6vrMBYHiNSyvVDRu3TzXGkrc3mgExmMBoTBGIifFkwZmhYNrqzLejGLsKHO10nqAHEwHQAAVXhUFgdBCEwdEcHMi7LKJEkWBgdnOe53n+Ye60ntqBoAPc4wrHCewaO+gLEHdAVqbaJwwmaXbFnbA74s43YWYlrmeb5gl0tvTVtRRvKxdZjmbelglZdnZ6CYq-MLDMaIpAefpSLrPwehsBxqw9Tp6a67TLfdyXbf5pCRvTH2XL9gI-HoktXv5aTeVMRpJidZ0HgrGxE8Oi3WCtj2pbtgXB2HUd8kKSc0IfOXc3CQHKJ0Z0zHV9oJl5BwKOmesbGLMt6-N2Cm9Tz224d3ic8mhWTEBlpXWaKQxXaepeSDAUgLaEsZnm42WNN6HGeyDh9i4ABJWAAFkwANAAjVU4h8CwAAAQGj-oAvifcBIDywmPQC3RPx6Eos4Um3wVbvX9A8QIPRL7Lxhq-XIX9f4AKAWIEBoCcCMHQOAyBqod7yxEiGCmykGjuiApRMuvkjABFHv5eoJgCEvwRG-bgJD6G8HEBlO8MCJpMJeuBd6Jh1azDDs4C+Stug3xJp9E+wjurZGQBACAbNGAt3Tvbc6l0rKi2MaY8xacvY4EYbmGizoxjemMCMU+oRbD1UaM6J0dg5jxwfrFM2hCET2LMRY5xW8kbOxyqjGJjiN4yzkVjZ8NERizQ9ACVohF6JVgMLNIC3R6glimJYAxydWCpLiZvYaKFXHZL6IDPQYRb4ODFKYMuHkIZ+iIt4qItSjq7AaU4zeMjoGY0em4z8-hwg0Vqg0E+v5Bjg0BmEP4gIzAPGsPYMZjcWAAFFNDoF4MQBgpycCEF4KiNQipM4tMyfM7JE93oAnaFMb6AJ0EvXWf4CswwIishPq6Y5q8zkXKuTcu5DyFBPJRAk2ZWZ3muVaDWFgH5lreL9Ixew-S-AQzrICE+phjxgmoQUeA5QInP0MbneRuY-Q4vmlMQIEwwiOErKRLw+Yxg0VLJEAGYpwn7UZXUvYBxu4Tjpf3X2Cttrsp6Cpbl7kKy8i8D6d0VgTA1lqvmJee0n4MyZbGK8-Yljorga5dkPoR7OnmkGCp4dBjhEeODTVjp2GzChbDdGWBbVKsQA6poq5Vzg1mO6fx-LdXCudN9dyJM6zRRNqec10q4YDXsqZENudagFj8N4g50bQlxsGByAUcwLAxCZOXMwAbEpBvhhCAtu8RIUtVWEPo4ryqrQcIBfWLRfpgWCM2hEzcpn8w7Qoj0DExj0XxSTcqAL8aLlHhYRwTJd1HNNZmpO4zWBiM-j-SRCrYGhpem0A+1gGw0VmH8d12tvFNACNEfMdZgIQQPVBFePVJnpIJHOtxu5ZpRBaiYLyGztZlgprRJNURVFNr-XFKJuxzmXOuegW59zHnXEVKBtpM0Qx7kog4RwHp-pAq6K6fW4rKL6EnbsAAyshUaxHMWuksEK9R312j4xo0KFkBYmQ7JGN0cwLHWCnMdlx56HJ6IshLNtcC3ogz9MMOECwxYnTAn3fEIAA */\n\n      id: \"AuthenticateDeviceAction\",\n      context: ({ input }): types[\"context\"] => ({\n        input,\n        intermediateValue: {\n          requiredUserInteraction: UserInteractionRequired.None,\n        },\n        _internalState: Right({\n          trustchainId: null,\n          jwt: null,\n          trustchain: null,\n          applicationStream: null,\n          encryptionKey: null,\n          wasAddedToTrustchain: false,\n        }),\n      }),\n\n      initial: \"CheckCredentials\",\n      states: {\n        CheckCredentials: {\n          always: [\n            { target: \"DeviceAuth\", guard: \"hasNoTrustchainId\" },\n            { target: \"KeypairAuth\", guard: \"hasNoJwt\" },\n            { target: \"GetTrustchain\" },\n          ],\n        },\n\n        KeypairAuth: {\n          on: {\n            success: \"GetTrustchain\",\n            invalidCredentials: \"DeviceAuth\",\n            error: \"Error\",\n          },\n          invoke: {\n            id: \"keypairAuth\",\n            src: \"keypairAuth\",\n            input: ({ context }) => ({\n              lkrpDataSource: context.input.lkrpDataSource,\n              keypair: context.input.keypair,\n              trustchainId: required(\n                context.input.trustchainId,\n                \"Missing Trustchain ID in the input\",\n              ),\n            }),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output\n                  .map(({ jwt }) => ({\n                    raise: \"success\",\n                    assign: { jwt },\n                  }))\n                  .chainLeft((error) =>\n                    error instanceof LKRPUnauthorizedError\n                      ? Right({ raise: \"invalidCredentials\" })\n                      : Left(error),\n                  ),\n              ),\n            },\n          },\n        },\n\n        DeviceAuth: {\n          on: { success: \"GetTrustchain\", error: \"Error\" },\n          initial: \"OpenApp\",\n          states: {\n            OpenApp: {\n              // TODO snapshot for intermediateValue\n              on: { success: \"Auth\" },\n              invoke: {\n                id: \"openApp\",\n                src: \"openAppStateMachine\",\n                input: { appName: APP_NAME },\n                onError: { actions: \"assignErrorFromEvent\" },\n                onDone: {\n                  actions: raiseAndAssign(({ event }) =>\n                    event.output.map(() => ({ raise: \"success\" })),\n                  ),\n                },\n              },\n            },\n\n            Auth: {\n              entry: assign({\n                intermediateValue: {\n                  requiredUserInteraction: \"connect-ledger-sync\",\n                },\n              }),\n              exit: assign({\n                intermediateValue: {\n                  requiredUserInteraction: UserInteractionRequired.None,\n                },\n              }),\n              invoke: {\n                id: \"deviceAuth\",\n                src: \"deviceAuth\",\n                input: ({ context }) => context.input,\n                onError: { actions: \"assignErrorFromEvent\" },\n                onDone: {\n                  actions: raiseAndAssign(({ event }) =>\n                    event.output.chain((payload) =>\n                      payload.trustchainId.caseOf({\n                        Nothing: () =>\n                          Left(\n                            new LKRPUnhandledState(\"The trustchain is empty\"),\n                          ),\n                        Just: (trustchainId) =>\n                          Right({\n                            raise: \"success\",\n                            assign: { jwt: payload.jwt, trustchainId },\n                          }),\n                      }),\n                    ),\n                  ),\n                },\n              },\n            },\n          },\n        },\n\n        GetTrustchain: {\n          on: {\n            success: \"CheckIsMembers\",\n            invalidCredentials: \"KeypairAuth\",\n            error: \"Error\",\n          },\n          invoke: {\n            id: \"getTrustchain\",\n            src: \"getTrustchain\",\n            input: ({ context }) =>\n              context._internalState.chain((state) =>\n                eitherSeqRecord({\n                  lkrpDataSource: context.input.lkrpDataSource,\n                  applicationId: context.input.applicationId,\n                  trustchainId: () =>\n                    required(\n                      state.trustchainId ?? context.input.trustchainId,\n                      \"Missing Trustchain ID in the input for GetTrustchain\",\n                    ),\n                  jwt: () =>\n                    required(\n                      state.jwt ?? context.input.jwt,\n                      \"Missing JWT in the input for GetTrustchain\",\n                    ),\n                }),\n              ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map(({ trustchain, applicationStream }) => ({\n                  raise: \"success\",\n                  assign: { trustchain, applicationStream },\n                })),\n              ),\n            },\n          },\n        },\n\n        CheckIsMembers: {\n          always: [\n            { target: \"ExtractEncryptionKey\", guard: \"isTrustchainMember\" },\n            { target: \"AddToTrustchain\" },\n          ],\n        },\n\n        AddToTrustchain: {\n          // TODO snapshot for intermediateValue\n          on: {\n            success: \"GetTrustchain\",\n            error: \"Error\",\n          },\n          invoke: {\n            id: \"AddToTrustchain\",\n            src: \"addToTrustchainStateMachine\",\n            input: ({ context }) =>\n              context._internalState\n                .mapLeft(\n                  () =>\n                    new LKRPMissingDataError(\n                      \"Missing data in the input for AddToTrustchain\",\n                    ),\n                )\n                .chain((state) =>\n                  eitherSeqRecord({\n                    lkrpDataSource: context.input.lkrpDataSource,\n                    keypair: context.input.keypair,\n                    clientName: context.input.clientName,\n                    permissions: context.input.permissions,\n                    jwt: () =>\n                      required(\n                        state.jwt ?? context.input.jwt,\n                        \"Missing JWT in the input for AddToTrustchain\",\n                      ),\n                    trustchainId: () =>\n                      required(\n                        state.trustchainId ?? context.input.trustchainId,\n                        \"Missing Trustchain ID in the input for GetTrustchain\",\n                      ),\n                    trustchain: () =>\n                      required(\n                        state.trustchain,\n                        \"Missing Trustchain in the input for AddToTrustchain\",\n                      ),\n                    applicationStream: () =>\n                      required(\n                        state.applicationStream,\n                        \"Missing application stream in the input for AddToTrustchain\",\n                      ),\n                  }),\n                ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map(() => ({\n                  raise: \"success\",\n                  assign: { wasAddedToTrustchain: true },\n                })),\n              ),\n            },\n          },\n        },\n\n        ExtractEncryptionKey: {\n          on: { success: \"Success\", error: \"Error\" },\n          invoke: {\n            id: \"ExtractEncryptionKey\",\n            src: \"extractEncryptionKey\",\n            input: ({ context }) =>\n              context._internalState.chain((state) =>\n                required(\n                  state.applicationStream,\n                  \"Missing application stream\",\n                ).map((applicationStream) => ({\n                  applicationStream,\n                  keypair: context.input.keypair,\n                })),\n              ),\n            onError: { actions: \"assignErrorFromEvent\" },\n            onDone: {\n              actions: raiseAndAssign(({ event }) =>\n                event.output.map((encryptionKey) => ({\n                  raise: \"success\",\n                  assign: { encryptionKey },\n                })),\n              ),\n            },\n          },\n        },\n\n        Success: { type: \"final\" },\n\n        Error: { type: \"final\" },\n      },\n\n      output: ({ context }) =>\n        context._internalState.chain((state) =>\n          eitherSeqRecord({\n            trustchainId: () =>\n              required(\n                state.trustchainId ?? context.input.trustchainId,\n                \"Missing Trustchain ID in the output\",\n              ),\n            jwt: () =>\n              required(\n                state.jwt ?? context.input.jwt,\n                \"Missing JWT in the output\",\n              ),\n            applicationPath: () =>\n              required(\n                state.applicationStream?.getPath().extract(),\n                \"Missing application path in the output\",\n              ),\n            encryptionKey: () =>\n              required(\n                state.encryptionKey,\n                \"Missing encryption key in the output\",\n              ),\n          }),\n        ),\n    });\n  }\n\n  extractDependencies(internalApi: InternalApi) {\n    return {\n      deviceAuth: (args: { input: { lkrpDataSource: LKRPDataSource } }) =>\n        this.auth(\n          args.input.lkrpDataSource,\n          new SignChallengeWithDeviceTask(internalApi),\n        ).run(),\n\n      keypairAuth: (args: {\n        input: Pick<AuthenticateDAInput, \"lkrpDataSource\" | \"keypair\"> & {\n          trustchainId: Either<LKRPMissingDataError, string>;\n        };\n      }) => {\n        const { lkrpDataSource, keypair } = args.input;\n        return EitherAsync.liftEither(args.input.trustchainId)\n          .chain((trustchainId) =>\n            this.auth(\n              lkrpDataSource,\n              new SignChallengeWithKeypairTask(keypair, trustchainId),\n            ),\n          )\n          .run();\n      },\n\n      getTrustchain: (args: {\n        input: Either<\n          AuthenticateDAError,\n          {\n            applicationId: number;\n            lkrpDataSource: LKRPDataSource;\n            trustchainId: string;\n            jwt: JWT;\n          }\n        >;\n      }) =>\n        EitherAsync.liftEither(args.input)\n          .chain(({ applicationId, lkrpDataSource, trustchainId, jwt }) =>\n            lkrpDataSource\n              .getTrustchainById(trustchainId, jwt)\n              .map((trustchain) => ({\n                trustchain,\n                applicationStream:\n                  trustchain[`m/${applicationId}'`] ??\n                  LKRPBlockStream.fromPath(`m/0'/${applicationId}'/0'`),\n              })),\n          )\n          .run(),\n\n      extractEncryptionKey: async (args: {\n        input: Either<\n          AuthenticateDAError,\n          {\n            applicationStream: LKRPBlockStream;\n            keypair: Keypair;\n          }\n        >;\n      }) => {\n        // TODO additional derivations should be supported:\n        // https://github.com/LedgerHQ/ledger-live/blob/develop/libs/hw-ledger-key-ring-protocol/src/Device.ts#L216...L226\n        // Probably not needed for Ledger Sync\n        return Promise.resolve(\n          args.input\n            .chain(({ applicationStream, keypair }) =>\n              applicationStream\n                .getPublishedKey(keypair)\n                .toEither(\n                  new UnknownDAError(\n                    \"There is no encryption key for the current member in the application stream.\",\n                  ),\n                ),\n            )\n            .map((key) => key.privateKey),\n        );\n      },\n    };\n  }\n\n  private auth(\n    lkrpDataSource: LKRPDataSource,\n    signerTask: {\n      run: (\n        challenge: Challenge,\n      ) => PromiseLike<Either<AuthenticateDAError, AuthenticationPayload>>;\n    },\n  ) {\n    return lkrpDataSource\n      .getChallenge()\n      .chain((challenge) => signerTask.run(challenge))\n      .chain((payload) => lkrpDataSource.authenticate(payload));\n  }\n}\n"],
+  "mappings": "AAAA,OAGE,uBAAAA,EAEA,kBAAAC,EACA,2BAAAC,EACA,sBAAAC,MACK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YACtD,OAAS,UAAAC,EAAQ,eAAAC,EAAa,SAAAC,MAAa,SAS3C,OACE,wBAAAC,EACA,yBAAAC,EACA,sBAAAC,MACK,yBAGP,OAAS,+BAAAC,MAAmC,wDAC5C,OAAS,gCAAAC,MAAoC,yDAM7C,OAAS,mBAAAC,MAAuB,kCAChC,OAAS,mBAAAC,MAAuB,kCAChC,OAAS,YAAAC,MAAgB,2BAEzB,OAAS,kBAAAC,MAAsB,yBAC/B,OAAS,+BAAAC,MAAmC,gCAE5C,MAAMC,EAAW,cAEV,MAAMC,UAAiClB,CAM5C,CACA,iBACEmB,EAOA,CASA,KAAM,CAAE,WAAAC,EAAY,YAAAC,EAAa,cAAAC,EAAe,qBAAAC,CAAqB,EACnE,KAAK,oBAAoBJ,CAAW,EAEtC,OAAOb,EAAM,CACX,MAAO,CACL,MAAO,CAAC,EACR,QAAS,CAAC,EACV,OAAQ,CAAC,CACX,EAEA,OAAQ,CACN,oBAAqB,IAAIT,EAAoB,CAC3C,MAAO,CAAE,QAASoB,CAAS,CAC7B,CAAC,EAAE,iBAAiBE,CAAW,EAE/B,WAAYd,EAAYe,CAAU,EAClC,YAAaf,EAAYgB,CAAW,EAEpC,cAAehB,EAAYiB,CAAa,EAExC,4BAA6B,IAAIN,EAA4B,CAC3D,MAAOd,EACL,IAAIK,EAAqB,oCAAoC,CAC/D,CACF,CAAC,EAAE,iBAAiBY,CAAW,EAE/B,qBAAsBd,EAAYkB,CAAoB,CACxD,EAEA,QAAS,CACP,qBAAsBR,EACpB,CAAC,CAAE,MAAAS,CAAM,IACPtB,EACE,IAAIJ,EAAe,OAAQ0B,EAA8B,KAAK,CAAC,CACjE,CACJ,CACF,EAEA,OAAQ,CACN,kBAAmB,CAAC,CAAE,QAAAC,CAAQ,IAAM,CAACA,EAAQ,MAAM,aACnD,SAAU,CAAC,CAAE,QAAAA,CAAQ,IAAM,CAACA,EAAQ,MAAM,IAC1C,mBAAoB,CAAC,CAAE,QAAAA,CAAQ,IAC7BA,EAAQ,eACL,QAAQ,EACR,IACEC,GACCA,EAAM,sBACNA,EAAM,mBAAmB,UACvBD,EAAQ,MAAM,QAAQ,YAAY,CACpC,CACJ,EACC,QAAQ,GAAK,EACpB,CACF,CAAC,EAAE,cAAc,CAGf,GAAI,2BACJ,QAAS,CAAC,CAAE,MAAAE,CAAM,KAAyB,CACzC,MAAAA,EACA,kBAAmB,CACjB,wBAAyB5B,EAAwB,IACnD,EACA,eAAgBI,EAAM,CACpB,aAAc,KACd,IAAK,KACL,WAAY,KACZ,kBAAmB,KACnB,cAAe,KACf,qBAAsB,EACxB,CAAC,CACH,GAEA,QAAS,mBACT,OAAQ,CACN,iBAAkB,CAChB,OAAQ,CACN,CAAE,OAAQ,aAAc,MAAO,mBAAoB,EACnD,CAAE,OAAQ,cAAe,MAAO,UAAW,EAC3C,CAAE,OAAQ,eAAgB,CAC5B,CACF,EAEA,YAAa,CACX,GAAI,CACF,QAAS,gBACT,mBAAoB,aACpB,MAAO,OACT,EACA,OAAQ,CACN,GAAI,cACJ,IAAK,cACL,MAAO,CAAC,CAAE,QAAAsB,CAAQ,KAAO,CACvB,eAAgBA,EAAQ,MAAM,eAC9B,QAASA,EAAQ,MAAM,QACvB,aAAcX,EACZW,EAAQ,MAAM,aACd,oCACF,CACF,GACA,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASV,EAAe,CAAC,CAAE,MAAAS,CAAM,IAC/BA,EAAM,OACH,IAAI,CAAC,CAAE,IAAAI,CAAI,KAAO,CACjB,MAAO,UACP,OAAQ,CAAE,IAAAA,CAAI,CAChB,EAAE,EACD,UAAWC,GACVA,aAAiBrB,EACbL,EAAM,CAAE,MAAO,oBAAqB,CAAC,EACrCD,EAAK2B,CAAK,CAChB,CACJ,CACF,CACF,CACF,EAEA,WAAY,CACV,GAAI,CAAE,QAAS,gBAAiB,MAAO,OAAQ,EAC/C,QAAS,UACT,OAAQ,CACN,QAAS,CAEP,GAAI,CAAE,QAAS,MAAO,EACtB,OAAQ,CACN,GAAI,UACJ,IAAK,sBACL,MAAO,CAAE,QAASZ,CAAS,EAC3B,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASF,EAAe,CAAC,CAAE,MAAAS,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CAAE,MAAO,SAAU,EAAE,CAC/C,CACF,CACF,CACF,EAEA,KAAM,CACJ,MAAOpB,EAAO,CACZ,kBAAmB,CACjB,wBAAyB,qBAC3B,CACF,CAAC,EACD,KAAMA,EAAO,CACX,kBAAmB,CACjB,wBAAyBL,EAAwB,IACnD,CACF,CAAC,EACD,OAAQ,CACN,GAAI,aACJ,IAAK,aACL,MAAO,CAAC,CAAE,QAAA0B,CAAQ,IAAMA,EAAQ,MAChC,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASV,EAAe,CAAC,CAAE,MAAAS,CAAM,IAC/BA,EAAM,OAAO,MAAOM,GAClBA,EAAQ,aAAa,OAAO,CAC1B,QAAS,IACP5B,EACE,IAAIO,EAAmB,yBAAyB,CAClD,EACF,KAAOsB,GACL5B,EAAM,CACJ,MAAO,UACP,OAAQ,CAAE,IAAK2B,EAAQ,IAAK,aAAAC,CAAa,CAC3C,CAAC,CACL,CAAC,CACH,CACF,CACF,CACF,CACF,CACF,CACF,EAEA,cAAe,CACb,GAAI,CACF,QAAS,iBACT,mBAAoB,cACpB,MAAO,OACT,EACA,OAAQ,CACN,GAAI,gBACJ,IAAK,gBACL,MAAO,CAAC,CAAE,QAAAN,CAAQ,IAChBA,EAAQ,eAAe,MAAOC,GAC5Bd,EAAgB,CACd,eAAgBa,EAAQ,MAAM,eAC9B,cAAeA,EAAQ,MAAM,cAC7B,aAAc,IACZX,EACEY,EAAM,cAAgBD,EAAQ,MAAM,aACpC,sDACF,EACF,IAAK,IACHX,EACEY,EAAM,KAAOD,EAAQ,MAAM,IAC3B,4CACF,CACJ,CAAC,CACH,EACF,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASV,EAAe,CAAC,CAAE,MAAAS,CAAM,IAC/BA,EAAM,OAAO,IAAI,CAAC,CAAE,WAAAQ,EAAY,kBAAAC,CAAkB,KAAO,CACvD,MAAO,UACP,OAAQ,CAAE,WAAAD,EAAY,kBAAAC,CAAkB,CAC1C,EAAE,CACJ,CACF,CACF,CACF,EAEA,eAAgB,CACd,OAAQ,CACN,CAAE,OAAQ,uBAAwB,MAAO,oBAAqB,EAC9D,CAAE,OAAQ,iBAAkB,CAC9B,CACF,EAEA,gBAAiB,CAEf,GAAI,CACF,QAAS,gBACT,MAAO,OACT,EACA,OAAQ,CACN,GAAI,kBACJ,IAAK,8BACL,MAAO,CAAC,CAAE,QAAAR,CAAQ,IAChBA,EAAQ,eACL,QACC,IACE,IAAIlB,EACF,+CACF,CACJ,EACC,MAAOmB,GACNd,EAAgB,CACd,eAAgBa,EAAQ,MAAM,eAC9B,QAASA,EAAQ,MAAM,QACvB,WAAYA,EAAQ,MAAM,WAC1B,YAAaA,EAAQ,MAAM,YAC3B,IAAK,IACHX,EACEY,EAAM,KAAOD,EAAQ,MAAM,IAC3B,8CACF,EACF,aAAc,IACZX,EACEY,EAAM,cAAgBD,EAAQ,MAAM,aACpC,sDACF,EACF,WAAY,IACVX,EACEY,EAAM,WACN,qDACF,EACF,kBAAmB,IACjBZ,EACEY,EAAM,kBACN,6DACF,CACJ,CAAC,CACH,EACJ,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASX,EAAe,CAAC,CAAE,MAAAS,CAAM,IAC/BA,EAAM,OAAO,IAAI,KAAO,CACtB,MAAO,UACP,OAAQ,CAAE,qBAAsB,EAAK,CACvC,EAAE,CACJ,CACF,CACF,CACF,EAEA,qBAAsB,CACpB,GAAI,CAAE,QAAS,UAAW,MAAO,OAAQ,EACzC,OAAQ,CACN,GAAI,uBACJ,IAAK,uBACL,MAAO,CAAC,CAAE,QAAAC,CAAQ,IAChBA,EAAQ,eAAe,MAAOC,GAC5BZ,EACEY,EAAM,kBACN,4BACF,EAAE,IAAKO,IAAuB,CAC5B,kBAAAA,EACA,QAASR,EAAQ,MAAM,OACzB,EAAE,CACJ,EACF,QAAS,CAAE,QAAS,sBAAuB,EAC3C,OAAQ,CACN,QAASV,EAAe,CAAC,CAAE,MAAAS,CAAM,IAC/BA,EAAM,OAAO,IAAKU,IAAmB,CACnC,MAAO,UACP,OAAQ,CAAE,cAAAA,CAAc,CAC1B,EAAE,CACJ,CACF,CACF,CACF,EAEA,QAAS,CAAE,KAAM,OAAQ,EAEzB,MAAO,CAAE,KAAM,OAAQ,CACzB,EAEA,OAAQ,CAAC,CAAE,QAAAT,CAAQ,IACjBA,EAAQ,eAAe,MAAOC,GAC5Bd,EAAgB,CACd,aAAc,IACZE,EACEY,EAAM,cAAgBD,EAAQ,MAAM,aACpC,qCACF,EACF,IAAK,IACHX,EACEY,EAAM,KAAOD,EAAQ,MAAM,IAC3B,2BACF,EACF,gBAAiB,IACfX,EACEY,EAAM,mBAAmB,QAAQ,EAAE,QAAQ,EAC3C,wCACF,EACF,cAAe,IACbZ,EACEY,EAAM,cACN,sCACF,CACJ,CAAC,CACH,CACJ,CAAC,CACH,CAEA,oBAAoBP,EAA0B,CAC5C,MAAO,CACL,WAAagB,GACX,KAAK,KACHA,EAAK,MAAM,eACX,IAAIzB,EAA4BS,CAAW,CAC7C,EAAE,IAAI,EAER,YAAcgB,GAIR,CACJ,KAAM,CAAE,eAAAC,EAAgB,QAAAC,CAAQ,EAAIF,EAAK,MACzC,OAAOlC,EAAY,WAAWkC,EAAK,MAAM,YAAY,EAClD,MAAOJ,GACN,KAAK,KACHK,EACA,IAAIzB,EAA6B0B,EAASN,CAAY,CACxD,CACF,EACC,IAAI,CACT,EAEA,cAAgBI,GAWdlC,EAAY,WAAWkC,EAAK,KAAK,EAC9B,MAAM,CAAC,CAAE,cAAAG,EAAe,eAAAF,EAAgB,aAAAL,EAAc,IAAAH,CAAI,IACzDQ,EACG,kBAAkBL,EAAcH,CAAG,EACnC,IAAKI,IAAgB,CACpB,WAAAA,EACA,kBACEA,EAAW,KAAKM,CAAa,GAAG,GAChCzB,EAAgB,SAAS,QAAQyB,CAAa,MAAM,CACxD,EAAE,CACN,EACC,IAAI,EAET,qBAAsB,MAAOH,GAYpB,QAAQ,QACbA,EAAK,MACF,MAAM,CAAC,CAAE,kBAAAF,EAAmB,QAAAI,CAAQ,IACnCJ,EACG,gBAAgBI,CAAO,EACvB,SACC,IAAIvC,EACF,8EACF,CACF,CACJ,EACC,IAAKyC,GAAQA,EAAI,UAAU,CAChC,CAEJ,CACF,CAEQ,KACNH,EACAI,EAKA,CACA,OAAOJ,EACJ,aAAa,EACb,MAAOK,GAAcD,EAAW,IAAIC,CAAS,CAAC,EAC9C,MAAOX,GAAYM,EAAe,aAAaN,CAAO,CAAC,CAC5D,CACF",
+  "names": ["OpenAppDeviceAction", "UnknownDAError", "UserInteractionRequired", "XStateDeviceAction", "EitherAsync", "Left", "Right", "assign", "fromPromise", "setup", "LKRPMissingDataError", "LKRPUnauthorizedError", "LKRPUnhandledState", "SignChallengeWithDeviceTask", "SignChallengeWithKeypairTask", "eitherSeqRecord", "LKRPBlockStream", "required", "raiseAndAssign", "AddToTrustchainDeviceAction", "APP_NAME", "AuthenticateDeviceAction", "internalApi", "deviceAuth", "keypairAuth", "getTrustchain", "extractEncryptionKey", "event", "context", "state", "input", "jwt", "error", "payload", "trustchainId", "trustchain", "applicationStream", "encryptionKey", "args", "lkrpDataSource", "keypair", "applicationId", "key", "signerTask", "challenge"]
+}

package/lib/esm/internal/app-binder/device-action/utils/raiseAndAssign.js

@@ -0,0 +1,2 @@
+import{Left as o}from"purify-ts";import{enqueueActions as s}from"xstate";function d(i){return s(({enqueue:t,...e})=>{i(e).ifLeft(n=>{t.assign({_internalState:o(n)}),t.raise({type:"error"})}).ifRight(({raise:n,assign:r})=>{if(e.context._internalState.isLeft())return t.raise({type:"error"});r&&t.assign({_internalState:e.context._internalState.map(a=>({...a,...r}))}),t.raise({type:n})})})}export{d as raiseAndAssign};
+//# sourceMappingURL=raiseAndAssign.js.map

package/lib/esm/internal/app-binder/device-action/utils/raiseAndAssign.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../src/internal/app-binder/device-action/utils/raiseAndAssign.ts"],
+  "sourcesContent": ["import { type Either, Left } from \"purify-ts\";\nimport {\n  type ActionArgs,\n  type ActionFunction,\n  enqueueActions,\n  type EventObject,\n  type MachineContext,\n  type ParameterizedObject,\n  type ProvidedActor,\n} from \"xstate\";\n\ntype UnwrapEither<T extends Either<unknown, unknown>> =\n  T extends Either<infer L, infer R> ? { L: L; R: R } : never;\n\n/**\n * Both raises an event and assigns values to the _internalState based on an Either result.\n * When the result is Left: automatically raises \"error\" and set the _internalState to the result.\n *\n * Example usage:\n *\n * Foo: {\n *   on: { bar: Bar , baz: Baz, retry: Retry, error: Error },\n *   invoke: {\n *     src: \"someActor\",\n *     onDone: raiseAndAssign(({ event }) =>\n *       event.output\n *         .map(({ resultType, payload }) => {\n *           switch(resultType) {\n *             case \"A\":\n *               return { raise: \"bar\", assign: { A: payload.A } };\n *             case \"B\":\n *               return { raise: \"baz\", assign: { B: payload.B } };\n *           }\n *         })\n *         .chainLeft((error) =>\n *           error instanceof SomeError\n *             ? Right({ raise: \"retry\", assign: { count: error.count } })\n *             : Left(error)\n *         ),\n *     ),\n */\n\nexport function raiseAndAssign<\n  TContext extends MachineContext & {\n    _internalState: Either<unknown, object>;\n  },\n  TExpressionEvent extends EventObject,\n  TParams extends ParameterizedObject[\"params\"] | undefined,\n  TEvent extends EventObject = TExpressionEvent,\n  TActor extends ProvidedActor = ProvidedActor,\n  TAction extends ParameterizedObject = ParameterizedObject,\n  TGuard extends ParameterizedObject = ParameterizedObject,\n  TDelay extends string = never,\n  TEmitted extends EventObject = EventObject,\n>(\n  args: (args: ActionArgs<TContext, TExpressionEvent, TEvent>) => Either<\n    UnwrapEither<TContext[\"_internalState\"]>[\"L\"],\n    {\n      raise: TEvent[\"type\"];\n      assign?: Partial<UnwrapEither<TContext[\"_internalState\"]>[\"R\"]>;\n    }\n  >,\n): ActionFunction<\n  TContext,\n  TExpressionEvent,\n  TEvent,\n  TParams,\n  TActor,\n  TAction,\n  TGuard,\n  TDelay,\n  TEmitted\n> {\n  return enqueueActions(({ enqueue, ...actionArgs }) => {\n    args(actionArgs)\n      .ifLeft((error) => {\n        enqueue.assign({ _internalState: Left(error) } as Partial<TContext>);\n        enqueue.raise({ type: \"error\" } as TEvent);\n      })\n\n      .ifRight(({ raise, assign }) => {\n        // Double check internal state\n        if (actionArgs.context._internalState.isLeft()) {\n          return enqueue.raise({ type: \"error\" } as TEvent);\n        }\n\n        if (assign) {\n          enqueue.assign({\n            _internalState: actionArgs.context._internalState.map<\n              Partial<UnwrapEither<TContext[\"_internalState\"]>[\"R\"]>\n            >((prev) => ({ ...prev, ...assign })),\n          } as Partial<TContext>);\n        }\n        enqueue.raise({ type: raise } as TEvent);\n      });\n  });\n}\n"],
+  "mappings": "AAAA,OAAsB,QAAAA,MAAY,YAClC,OAGE,kBAAAC,MAKK,SAiCA,SAASC,EAadC,EAiBA,CACA,OAAOF,EAAe,CAAC,CAAE,QAAAG,EAAS,GAAGC,CAAW,IAAM,CACpDF,EAAKE,CAAU,EACZ,OAAQC,GAAU,CACjBF,EAAQ,OAAO,CAAE,eAAgBJ,EAAKM,CAAK,CAAE,CAAsB,EACnEF,EAAQ,MAAM,CAAE,KAAM,OAAQ,CAAW,CAC3C,CAAC,EAEA,QAAQ,CAAC,CAAE,MAAAG,EAAO,OAAAC,CAAO,IAAM,CAE9B,GAAIH,EAAW,QAAQ,eAAe,OAAO,EAC3C,OAAOD,EAAQ,MAAM,CAAE,KAAM,OAAQ,CAAW,EAG9CI,GACFJ,EAAQ,OAAO,CACb,eAAgBC,EAAW,QAAQ,eAAe,IAE/CI,IAAU,CAAE,GAAGA,EAAM,GAAGD,CAAO,EAAE,CACtC,CAAsB,EAExBJ,EAAQ,MAAM,CAAE,KAAMG,CAAM,CAAW,CACzC,CAAC,CACL,CAAC,CACH",
+  "names": ["Left", "enqueueActions", "raiseAndAssign", "args", "enqueue", "actionArgs", "error", "raise", "assign", "prev"]
+}

package/lib/esm/internal/app-binder/di/appBinderModule.js

@@ -0,0 +1,2 @@
+import{ContainerModule as r}from"inversify";import{appBinderTypes as e}from"../../app-binder/di/appBinderTypes";import{LedgerKeyringProtocolBinder as i}from"../../app-binder/LedgerKeyringProtocolBinder";const d=()=>new r(({bind:o})=>{o(e.AppBinding).to(i)});export{d as appBindingModuleFactory};
+//# sourceMappingURL=appBinderModule.js.map

package/lib/esm/internal/app-binder/di/appBinderModule.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/di/appBinderModule.ts"],
+  "sourcesContent": ["import { ContainerModule } from \"inversify\";\n\nimport { appBinderTypes } from \"@internal/app-binder/di/appBinderTypes\";\nimport { LedgerKeyringProtocolBinder } from \"@internal/app-binder/LedgerKeyringProtocolBinder\";\n\nexport const appBindingModuleFactory = () =>\n  new ContainerModule(({ bind }) => {\n    bind(appBinderTypes.AppBinding).to(LedgerKeyringProtocolBinder);\n  });\n"],
+  "mappings": "AAAA,OAAS,mBAAAA,MAAuB,YAEhC,OAAS,kBAAAC,MAAsB,yCAC/B,OAAS,+BAAAC,MAAmC,mDAErC,MAAMC,EAA0B,IACrC,IAAIH,EAAgB,CAAC,CAAE,KAAAI,CAAK,IAAM,CAChCA,EAAKH,EAAe,UAAU,EAAE,GAAGC,CAA2B,CAChE,CAAC",
+  "names": ["ContainerModule", "appBinderTypes", "LedgerKeyringProtocolBinder", "appBindingModuleFactory", "bind"]
+}

package/lib/esm/internal/app-binder/di/appBinderTypes.js

@@ -0,0 +1,2 @@
+const p={AppBinding:Symbol.for("AppBinder")};export{p as appBinderTypes};
+//# sourceMappingURL=appBinderTypes.js.map

package/lib/esm/internal/app-binder/di/appBinderTypes.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/di/appBinderTypes.ts"],
+  "sourcesContent": ["export const appBinderTypes = {\n  AppBinding: Symbol.for(\"AppBinder\"),\n};\n"],
+  "mappings": "AAAO,MAAMA,EAAiB,CAC5B,WAAY,OAAO,IAAI,WAAW,CACpC",
+  "names": ["appBinderTypes"]
+}

package/lib/esm/internal/app-binder/task/InitTask.js

@@ -0,0 +1,2 @@
+import{CommandResultStatus as e}from"@ledgerhq/device-management-kit";import{Left as o,Right as i}from"purify-ts";import{InitCommand as a}from"../../app-binder/command/InitCommand";import{CryptoUtils as m}from"../../utils/crypto";class u{constructor(r){this.api=r}async run(){const r=m.randomKeypair(),t=await this.api.sendCommand(new a({publicKey:r.pubKeyToU8a()}));return t.status!==e.Success?o(t.error):i(r)}}export{u as InitTask};
+//# sourceMappingURL=InitTask.js.map

package/lib/esm/internal/app-binder/task/InitTask.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/task/InitTask.ts"],
+  "sourcesContent": ["import {\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, Left, Right } from \"purify-ts\";\n\nimport { type Keypair } from \"@api/index\";\nimport { InitCommand } from \"@internal/app-binder/command/InitCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { CryptoUtils } from \"@internal/utils/crypto\";\n\nexport class InitTask {\n  constructor(private readonly api: InternalApi) {}\n\n  async run(): Promise<Either<LKRPDeviceCommandError, Keypair>> {\n    const sessionKeypair = CryptoUtils.randomKeypair();\n    const response = await this.api.sendCommand(\n      new InitCommand({ publicKey: sessionKeypair.pubKeyToU8a() }),\n    );\n\n    return response.status !== CommandResultStatus.Success\n      ? Left(response.error)\n      : Right(sessionKeypair);\n  }\n}\n"],
+  "mappings": "AAAA,OACE,uBAAAA,MAEK,kCACP,OAAsB,QAAAC,EAAM,SAAAC,MAAa,YAGzC,OAAS,eAAAC,MAAmB,2CAE5B,OAAS,eAAAC,MAAmB,yBAErB,MAAMC,CAAS,CACpB,YAA6BC,EAAkB,CAAlB,SAAAA,CAAmB,CAEhD,MAAM,KAAwD,CAC5D,MAAMC,EAAiBH,EAAY,cAAc,EAC3CI,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIL,EAAY,CAAE,UAAWI,EAAe,YAAY,CAAE,CAAC,CAC7D,EAEA,OAAOC,EAAS,SAAWR,EAAoB,QAC3CC,EAAKO,EAAS,KAAK,EACnBN,EAAMK,CAAc,CAC1B,CACF",
+  "names": ["CommandResultStatus", "Left", "Right", "InitCommand", "CryptoUtils", "InitTask", "api", "sessionKeypair", "response"]
+}

package/lib/esm/internal/app-binder/task/ParseStreamToDeviceTask.js

@@ -0,0 +1,2 @@
+import{CommandResultStatus as i,UnknownDAError as m}from"@ledgerhq/device-management-kit";import{EitherAsync as o,Left as s,Right as n}from"purify-ts";import{ParseBlockSignatureCommand as c}from"../../app-binder/command/ParseBlockSignatureCommand";import{ParseSingleCommand as d}from"../../app-binder/command/ParseStreamBlockCommand";import{ParseBlockHeaderCommand as p}from"../../app-binder/command/ParseStreamBlockHeader";import{SetTrustedMemberCommand as P}from"../../app-binder/command/SetTrustedMemberCommand";import{eitherSeqRecord as h}from"../../utils/eitherSeqRecord";import{bytesToHex as u}from"../../utils/hex";import{TrustedProperties as f}from"./utils/TrustedProperties";class M{constructor(t){this.api=t}lastTrustedMember=null;trustedMembers=new Map;run({seedBlock:t,applicationStream:r}){return this.parseBlock(t).chain(()=>r?this.parseStream(r):o.liftEither(n(void 0)))}parseStream(t){return o.liftEither(t.parse()).chain(r=>o.sequence(r.map(e=>this.parseBlock(e))))}parseBlock(t){return o.liftEither(t.parse()).chain(r=>this.setTrustedMember(u(r.issuer)).map(()=>r)).chain(async r=>{try{const e=await this.api.sendCommand(new p(r));if(e.status!==i.Success)return s(e.error)}catch(e){return s(new m(String(e)))}return n(r)}).chain(r=>o.sequence(r.commands.map(e=>this.parseCommand(e,u(r.issuer)))).map(()=>r)).chain(async r=>{try{const e=await this.api.sendCommand(new c(r));if(e.status!==i.Success)return s(e.error)}catch(e){return s(new m(String(e)))}return n(void 0)})}parseCommand(t,r){const e=t.getPublicKey().orDefault(r);return this.setTrustedMember(e).chain(async()=>{try{const a=await this.api.sendCommand(new d({command:t.toU8A()}));return a.status!==i.Success?s(a.error):this.recordTrustedMembers(e,a.data)}catch(a){return s(new m(String(a)))}})}setTrustedMember(t){return o.fromPromise(async()=>{if(t===this.lastTrustedMember)return n(void 0);const r=this.trustedMembers.get(t);if(!r)return n(void 0);try{const e=await this.api.sendCommand(new P(r));if(e.status!==i.Success)return s(e.error)}catch(e){return s(new m(String(e)))}return n(void 0)})}recordTrustedMembers(t,r){if(this.lastTrustedMember=t,r.length===0||this.trustedMembers.has(t))return n(void 0);const e=new f(r);return h({iv:()=>e.getIv(),memberTlv:()=>e.getNewMember()}).ifRight(a=>this.trustedMembers.set(t,a))}}export{M as ParseStreamToDeviceTask};
+//# sourceMappingURL=ParseStreamToDeviceTask.js.map

package/lib/esm/internal/app-binder/task/ParseStreamToDeviceTask.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/task/ParseStreamToDeviceTask.ts"],
+  "sourcesContent": ["import {\n  CommandResultStatus,\n  type InternalApi,\n  UnknownDAError,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Right } from \"purify-ts\";\n\nimport {\n  type LKRPMissingDataError,\n  type LKRPParsingError,\n} from \"@api/app-binder/Errors\";\nimport { type SetTrustedMemberCommandArgs } from \"@api/app-binder/SetTrustedMemberTypes\";\nimport { ParseBlockSignatureCommand } from \"@internal/app-binder/command/ParseBlockSignatureCommand\";\nimport { ParseSingleCommand } from \"@internal/app-binder/command/ParseStreamBlockCommand\";\nimport { ParseBlockHeaderCommand } from \"@internal/app-binder/command/ParseStreamBlockHeader\";\nimport { SetTrustedMemberCommand } from \"@internal/app-binder/command/SetTrustedMemberCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { bytesToHex } from \"@internal/utils/hex\";\nimport { type LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { type LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\nimport { type LKRPCommand } from \"@internal/utils/LKRPCommand\";\nimport { type LKRPBlockParsedData } from \"@internal/utils/types\";\n\nimport { TrustedProperties } from \"./utils/TrustedProperties\";\n\nexport type ParseStreamToDeviceTaskInput = {\n  seedBlock: LKRPBlock; // The seed block is mandatory for now because the trustchain creation / parse empty stream are not yet implemented\n  applicationStream: LKRPBlockStream | null;\n};\n\ntype ParseStreamTaskError =\n  | LKRPDeviceCommandError\n  | LKRPParsingError\n  | LKRPMissingDataError\n  | UnknownDAError;\n\nexport class ParseStreamToDeviceTask {\n  private lastTrustedMember: string | null = null;\n  private trustedMembers = new Map<string, SetTrustedMemberCommandArgs>();\n\n  constructor(private readonly api: InternalApi) {}\n\n  run({ seedBlock, applicationStream }: ParseStreamToDeviceTaskInput) {\n    return this.parseBlock(seedBlock).chain<ParseStreamTaskError, unknown>(\n      () =>\n        applicationStream\n          ? this.parseStream(applicationStream)\n          : EitherAsync.liftEither(Right(undefined)),\n    );\n  }\n\n  parseStream(stream: LKRPBlockStream) {\n    return EitherAsync.liftEither(stream.parse()).chain<\n      ParseStreamTaskError,\n      unknown\n    >((blocks) =>\n      EitherAsync.sequence(blocks.map((block) => this.parseBlock(block))),\n    );\n  }\n\n  parseBlock(block: LKRPBlock) {\n    return (\n      EitherAsync.liftEither(block.parse())\n\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>((data) =>\n          this.setTrustedMember(bytesToHex(data.issuer)).map(() => data),\n        )\n\n        // Parse the block header\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>(async (data) => {\n          try {\n            const response = await this.api.sendCommand(\n              new ParseBlockHeaderCommand(data),\n            );\n            if (response.status !== CommandResultStatus.Success) {\n              return Left(response.error);\n            }\n          } catch (error) {\n            return Left(new UnknownDAError(String(error)));\n          }\n          return Right(data);\n        })\n\n        // Parse each command\n        .chain<ParseStreamTaskError, LKRPBlockParsedData>((data) =>\n          EitherAsync.sequence(\n            data.commands.map((command) =>\n              this.parseCommand(command, bytesToHex(data.issuer)),\n            ),\n          ).map(() => data),\n        )\n\n        // Parse the block signature\n        .chain<ParseStreamTaskError, void>(async (data) => {\n          try {\n            const response = await this.api.sendCommand(\n              new ParseBlockSignatureCommand(data),\n            );\n            if (response.status !== CommandResultStatus.Success) {\n              return Left(response.error);\n            }\n          } catch (error) {\n            return Left(new UnknownDAError(String(error)));\n          }\n          return Right(undefined);\n        })\n    );\n  }\n\n  parseCommand(command: LKRPCommand, blockIssuer: string) {\n    const publicKey = command.getPublicKey().orDefault(blockIssuer);\n\n    // Parse the command\n    return this.setTrustedMember(publicKey).chain<\n      ParseStreamTaskError,\n      unknown\n    >(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new ParseSingleCommand({ command: command.toU8A() }),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        return this.recordTrustedMembers(publicKey, response.data);\n      } catch (error) {\n        return Left(new UnknownDAError(String(error)));\n      }\n    });\n  }\n\n  setTrustedMember(publicKey: string) {\n    // NOTE: Set Trusted Member only when needed\n    // i.e: when this command wasn't signed by the device (see recordTrustedMembers NOTE) nor the last trusted member\n    return EitherAsync.fromPromise<ParseStreamTaskError, void>(async () => {\n      if (publicKey === this.lastTrustedMember) {\n        return Right(undefined);\n      }\n      const trustedMember = this.trustedMembers.get(publicKey);\n      if (!trustedMember) {\n        return Right(undefined);\n      }\n      try {\n        const response = await this.api.sendCommand(\n          new SetTrustedMemberCommand(trustedMember),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n      } catch (error) {\n        return Left(new UnknownDAError(String(error)));\n      }\n      return Right(undefined);\n    });\n  }\n\n  recordTrustedMembers(\n    publicKey: string,\n    trustedPropsBytes: Uint8Array,\n  ): Either<LKRPParsingError | LKRPMissingDataError, unknown> {\n    this.lastTrustedMember = publicKey;\n\n    // NOTE: Whenever a command which was signed by the device is parsed on the same device\n    // the parse block apdu returns empty trusted properties.\n    // Therefore this function will never record the device as a trusted member.\n    // (which is fine because the device doesn't need to set itself as a trusted member).\n    if (trustedPropsBytes.length === 0 || this.trustedMembers.has(publicKey)) {\n      return Right(undefined);\n    }\n\n    const trustedProps = new TrustedProperties(trustedPropsBytes);\n    return eitherSeqRecord({\n      iv: () => trustedProps.getIv(),\n      memberTlv: () => trustedProps.getNewMember(),\n    }).ifRight((trustedMember) =>\n      this.trustedMembers.set(publicKey, trustedMember),\n    );\n  }\n}\n"],
+  "mappings": "AAAA,OACE,uBAAAA,EAEA,kBAAAC,MACK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YAOtD,OAAS,8BAAAC,MAAkC,0DAC3C,OAAS,sBAAAC,MAA0B,uDACnC,OAAS,2BAAAC,MAA+B,sDACxC,OAAS,2BAAAC,MAA+B,uDAExC,OAAS,mBAAAC,MAAuB,kCAChC,OAAS,cAAAC,MAAkB,sBAM3B,OAAS,qBAAAC,MAAyB,4BAa3B,MAAMC,CAAwB,CAInC,YAA6BC,EAAkB,CAAlB,SAAAA,CAAmB,CAHxC,kBAAmC,KACnC,eAAiB,IAAI,IAI7B,IAAI,CAAE,UAAAC,EAAW,kBAAAC,CAAkB,EAAiC,CAClE,OAAO,KAAK,WAAWD,CAAS,EAAE,MAChC,IACEC,EACI,KAAK,YAAYA,CAAiB,EAClCb,EAAY,WAAWE,EAAM,MAAS,CAAC,CAC/C,CACF,CAEA,YAAYY,EAAyB,CACnC,OAAOd,EAAY,WAAWc,EAAO,MAAM,CAAC,EAAE,MAG3CC,GACDf,EAAY,SAASe,EAAO,IAAKC,GAAU,KAAK,WAAWA,CAAK,CAAC,CAAC,CACpE,CACF,CAEA,WAAWA,EAAkB,CAC3B,OACEhB,EAAY,WAAWgB,EAAM,MAAM,CAAC,EAEjC,MAAkDC,GACjD,KAAK,iBAAiBT,EAAWS,EAAK,MAAM,CAAC,EAAE,IAAI,IAAMA,CAAI,CAC/D,EAGC,MAAiD,MAAOA,GAAS,CAChE,GAAI,CACF,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIb,EAAwBY,CAAI,CAClC,EACA,GAAIC,EAAS,SAAWpB,EAAoB,QAC1C,OAAOG,EAAKiB,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,OAAOlB,EAAK,IAAIF,EAAe,OAAOoB,CAAK,CAAC,CAAC,CAC/C,CACA,OAAOjB,EAAMe,CAAI,CACnB,CAAC,EAGA,MAAkDA,GACjDjB,EAAY,SACViB,EAAK,SAAS,IAAKG,GACjB,KAAK,aAAaA,EAASZ,EAAWS,EAAK,MAAM,CAAC,CACpD,CACF,EAAE,IAAI,IAAMA,CAAI,CAClB,EAGC,MAAkC,MAAOA,GAAS,CACjD,GAAI,CACF,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIf,EAA2Bc,CAAI,CACrC,EACA,GAAIC,EAAS,SAAWpB,EAAoB,QAC1C,OAAOG,EAAKiB,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,OAAOlB,EAAK,IAAIF,EAAe,OAAOoB,CAAK,CAAC,CAAC,CAC/C,CACA,OAAOjB,EAAM,MAAS,CACxB,CAAC,CAEP,CAEA,aAAakB,EAAsBC,EAAqB,CACtD,MAAMC,EAAYF,EAAQ,aAAa,EAAE,UAAUC,CAAW,EAG9D,OAAO,KAAK,iBAAiBC,CAAS,EAAE,MAGtC,SAAY,CACZ,GAAI,CACF,MAAMJ,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAId,EAAmB,CAAE,QAASgB,EAAQ,MAAM,CAAE,CAAC,CACrD,EACA,OAAIF,EAAS,SAAWpB,EAAoB,QACnCG,EAAKiB,EAAS,KAAK,EAErB,KAAK,qBAAqBI,EAAWJ,EAAS,IAAI,CAC3D,OAASC,EAAO,CACd,OAAOlB,EAAK,IAAIF,EAAe,OAAOoB,CAAK,CAAC,CAAC,CAC/C,CACF,CAAC,CACH,CAEA,iBAAiBG,EAAmB,CAGlC,OAAOtB,EAAY,YAAwC,SAAY,CACrE,GAAIsB,IAAc,KAAK,kBACrB,OAAOpB,EAAM,MAAS,EAExB,MAAMqB,EAAgB,KAAK,eAAe,IAAID,CAAS,EACvD,GAAI,CAACC,EACH,OAAOrB,EAAM,MAAS,EAExB,GAAI,CACF,MAAMgB,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIZ,EAAwBiB,CAAa,CAC3C,EACA,GAAIL,EAAS,SAAWpB,EAAoB,QAC1C,OAAOG,EAAKiB,EAAS,KAAK,CAE9B,OAASC,EAAO,CACd,OAAOlB,EAAK,IAAIF,EAAe,OAAOoB,CAAK,CAAC,CAAC,CAC/C,CACA,OAAOjB,EAAM,MAAS,CACxB,CAAC,CACH,CAEA,qBACEoB,EACAE,EAC0D,CAO1D,GANA,KAAK,kBAAoBF,EAMrBE,EAAkB,SAAW,GAAK,KAAK,eAAe,IAAIF,CAAS,EACrE,OAAOpB,EAAM,MAAS,EAGxB,MAAMuB,EAAe,IAAIhB,EAAkBe,CAAiB,EAC5D,OAAOjB,EAAgB,CACrB,GAAI,IAAMkB,EAAa,MAAM,EAC7B,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,EAAE,QAASF,GACV,KAAK,eAAe,IAAID,EAAWC,CAAa,CAClD,CACF,CACF",
+  "names": ["CommandResultStatus", "UnknownDAError", "EitherAsync", "Left", "Right", "ParseBlockSignatureCommand", "ParseSingleCommand", "ParseBlockHeaderCommand", "SetTrustedMemberCommand", "eitherSeqRecord", "bytesToHex", "TrustedProperties", "ParseStreamToDeviceTask", "api", "seedBlock", "applicationStream", "stream", "blocks", "block", "data", "response", "error", "command", "blockIssuer", "publicKey", "trustedMember", "trustedPropsBytes", "trustedProps"]
+}

package/lib/esm/internal/app-binder/task/SignBlockTask.js

@@ -0,0 +1,2 @@
+import{bufferToHexaString as k,CommandResultStatus as u,UnknownDAError as y}from"@ledgerhq/device-management-kit";import{Either as A,EitherAsync as o,Left as m,Right as p}from"purify-ts";import{SignBlockHeaderCommand as b}from"../../app-binder/command/SignBlockHeader";import{SignBlockSignatureCommand as P}from"../../app-binder/command/SignBlockSignatureCommand";import{SignBlockSingleCommand as f}from"../../app-binder/command/SignBlockSingleCommand";import{CryptoUtils as E}from"../../utils/crypto";import{eitherAsyncSeqRecord as B,eitherSeqRecord as g}from"../../utils/eitherSeqRecord";import{LKRPBlock as K}from"../../utils/LKRPBlock";import{LKRPCommand as d}from"../../utils/LKRPCommand";import{CommandTags as a,GeneralTags as l}from"../../utils/TLVTags";import{TrustedProperties as S}from"./utils/TrustedProperties";const C=new Uint8Array([3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]);class N{constructor(r){this.api=r}run({lkrpDataSource:r,trustchainId:e,path:n,jwt:t,parent:i,blockFlow:s,sessionKeypair:v}){const h=this.signCommands(n,s);return B({header:this.signBlockHeader(i,h.length),commands:o.sequence(h),signature:this.signBlockSignature(v)}).chain(c=>o.liftEither(this.decryptBlock(i,c))).chain(c=>{switch(s.type){case"derive":return r.postDerivation(e,c,t);case"addMember":return r.putCommands(e,n,c,t)}})}signBlockHeader(r,e){return o.fromPromise(async()=>{const n=Uint8Array.from([[l.Int,1,1],[l.Hash,r.length,...r],[l.PublicKey,C.length,...C],[l.Int,1,e]].flat());try{const t=await this.api.sendCommand(new b({header:n}));if(t.status!==u.Success)return m(t.error);const i=new S(t.data);return g({iv:()=>i.getIv(),issuer:()=>i.getIssuer()})}catch(t){return m(new y(String(t)))}})}signBlockSignature(r){return o.fromPromise(async()=>{try{const e=await this.api.sendCommand(new P);if(e.status!==u.Success)return m(e.error);const{signature:n,deviceSessionKey:t}=e.data,i=r.ecdh(t).slice(1);return p({signature:n,secret:i})}catch(e){return m(new y(String(e)))}})}signCommands(r,e){switch(e.type){case"derive":return[this.signDeriveCommand(r),this.signAddMemberCommand(e.data),this.signPublishKeyCommand(e.data)];case"addMember":return[this.signAddMemberCommand(e.data),this.signPublishKeyCommand(e.data)]}}signSingleCommand(r){return o.fromPromise(async()=>{try{const e=await this.api.sendCommand(new f({command:r}));return e.status!==u.Success?m(e.error):p(new S(e.data))}catch(e){return m(new y(String(e)))}})}signDeriveCommand(r){return this.signSingleCommand(d.bytesFromUnsignedData({type:a.Derive,path:r})).chain(e=>o.liftEither(g({type:a.Derive,path:r,iv:()=>e.getIv(),xpriv:()=>e.getXPriv(),ephemeralPublicKey:()=>e.getEphemeralPublicKey(),commandIv:()=>e.getCommandIv(),groupKey:()=>e.getGroupKey(),newMember:()=>e.getNewMember()})))}signAddMemberCommand({name:r,publicKey:e,permissions:n}){return this.signSingleCommand(d.bytesFromUnsignedData({type:a.AddMember,name:r,publicKey:e,permissions:n})).chain(t=>o.liftEither(g({type:a.AddMember,name:r,publicKey:e,permissions:n,iv:()=>t.getIv(),newMember:()=>t.getNewMember()})))}signPublishKeyCommand({publicKey:r}){return this.signSingleCommand(d.bytesFromUnsignedData({type:a.PublishKey,recipient:r})).chain(e=>o.liftEither(g({type:a.PublishKey,recipient:r,iv:()=>e.getIv(),xpriv:()=>e.getXPriv(),ephemeralPublicKey:()=>e.getEphemeralPublicKey(),commandIv:()=>e.getCommandIv(),newMember:()=>e.getNewMember()})))}decryptBlock(r,{header:e,commands:n,signature:t}){const i=E.decrypt(t.secret,e.iv,e.issuer);return A.sequence(n.map(s=>this.decryptCommand(t.secret,s))).map(s=>K.fromData({parent:k(r),issuer:i,commands:s,signature:t.signature}))}decryptCommand(r,e){switch(e.type){case a.Derive:case a.PublishKey:{const n=E.decrypt(r,e.iv,e.xpriv);return p(d.fromData({...e,initializationVector:e.commandIv,encryptedXpriv:n}))}case a.AddMember:return p(d.fromData({...e}));default:return m(new y("Unsupported command type"))}}}export{C as ISSUER_PLACEHOLDER,N as SignBlockTask};
+//# sourceMappingURL=SignBlockTask.js.map

package/lib/esm/internal/app-binder/task/SignBlockTask.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/task/SignBlockTask.ts"],
+  "sourcesContent": ["import {\n  bufferToHexaString,\n  CommandResultStatus,\n  type InternalApi,\n  UnknownDAError,\n} from \"@ledgerhq/device-management-kit\";\nimport { Either, EitherAsync, Left, Right } from \"purify-ts\";\n\nimport {\n  type LKRPHttpRequestError,\n  type LKRPMissingDataError,\n  type LKRPParsingError,\n} from \"@api/app-binder/Errors\";\nimport { type JWT, type Keypair } from \"@api/index\";\nimport { SignBlockHeaderCommand } from \"@internal/app-binder/command/SignBlockHeader\";\nimport { SignBlockSignatureCommand } from \"@internal/app-binder/command/SignBlockSignatureCommand\";\nimport { SignBlockSingleCommand } from \"@internal/app-binder/command/SignBlockSingleCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport { type LKRPDataSource } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { CryptoUtils } from \"@internal/utils/crypto\";\nimport {\n  eitherAsyncSeqRecord,\n  eitherSeqRecord,\n} from \"@internal/utils/eitherSeqRecord\";\nimport { LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { LKRPCommand } from \"@internal/utils/LKRPCommand\";\nimport { CommandTags, GeneralTags } from \"@internal/utils/TLVTags\";\nimport {\n  type AddMemberUnsignedData,\n  type EncryptedCommand,\n  type EncryptedDeriveCommand,\n  type EncryptedPublishKeyCommand,\n} from \"@internal/utils/types\";\n\nimport { TrustedProperties } from \"./utils/TrustedProperties\";\n\ntype BlockFlow =\n  | { type: \"derive\"; data: AddMemberBlockData }\n  | { type: \"addMember\"; data: AddMemberBlockData };\n\ntype AddMemberBlockData = {\n  name: string;\n  publicKey: Uint8Array;\n  permissions: number;\n};\n\ntype HeaderPayload = {\n  iv: Uint8Array;\n  issuer: Uint8Array;\n};\ntype SignaturePayload = {\n  secret: Uint8Array;\n  signature: Uint8Array;\n};\n\ntype EncryptedBlock = {\n  header: HeaderPayload;\n  commands: EncryptedCommand[];\n  signature: SignaturePayload;\n};\n\nexport type SignBlockError =\n  | LKRPDeviceCommandError\n  | LKRPParsingError\n  | LKRPMissingDataError\n  | LKRPHttpRequestError\n  | UnknownDAError;\n\nexport type SignBlockTaskInput = {\n  lkrpDataSource: LKRPDataSource;\n  trustchainId: string;\n  path: string;\n  jwt: JWT;\n  parent: Uint8Array;\n  blockFlow: BlockFlow;\n  sessionKeypair: Keypair;\n};\n\nexport const ISSUER_PLACEHOLDER = new Uint8Array([\n  3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n  0, 0, 0, 0, 0, 0, 0,\n]);\n\nexport class SignBlockTask {\n  constructor(private readonly api: InternalApi) {}\n\n  run({\n    lkrpDataSource,\n    trustchainId,\n    path,\n    jwt,\n    parent,\n    blockFlow,\n    sessionKeypair,\n  }: SignBlockTaskInput): EitherAsync<SignBlockError, void> {\n    const commands = this.signCommands(path, blockFlow);\n    return eitherAsyncSeqRecord({\n      header: this.signBlockHeader(parent, commands.length),\n      commands: EitherAsync.sequence(commands),\n      signature: this.signBlockSignature(sessionKeypair),\n    })\n      .chain((encryptedBlock) =>\n        EitherAsync.liftEither(this.decryptBlock(parent, encryptedBlock)),\n      )\n      .chain((block) => {\n        switch (blockFlow.type) {\n          case \"derive\":\n            return lkrpDataSource.postDerivation(trustchainId, block, jwt);\n          case \"addMember\":\n            return lkrpDataSource.putCommands(trustchainId, path, block, jwt);\n        }\n      });\n  }\n\n  signBlockHeader(\n    parent: Uint8Array,\n    commandCount: number,\n  ): EitherAsync<SignBlockError, HeaderPayload> {\n    return EitherAsync.fromPromise(async () => {\n      const header = Uint8Array.from(\n        [\n          [GeneralTags.Int, 1, 1], // Version 1\n          [GeneralTags.Hash, parent.length, ...parent], // Parent block hash\n          [\n            GeneralTags.PublicKey,\n            ISSUER_PLACEHOLDER.length,\n            ...ISSUER_PLACEHOLDER,\n          ], // Placeholder for issuer public key (will be replaced by the device)\n          [GeneralTags.Int, 1, commandCount],\n        ].flat(),\n      );\n      try {\n        const response = await this.api.sendCommand(\n          new SignBlockHeaderCommand({ header }),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        const trustedProps = new TrustedProperties(response.data);\n        return eitherSeqRecord({\n          iv: () => trustedProps.getIv(),\n          issuer: () => trustedProps.getIssuer(),\n        }) as Either<SignBlockError, HeaderPayload>;\n      } catch (error) {\n        return Left(new UnknownDAError(String(error)));\n      }\n    });\n  }\n\n  signBlockSignature(\n    sessionKeypair: Keypair,\n  ): EitherAsync<SignBlockError, SignaturePayload> {\n    return EitherAsync.fromPromise(async () => {\n      try {\n        const response = await this.api.sendCommand(\n          new SignBlockSignatureCommand(),\n        );\n        if (response.status !== CommandResultStatus.Success) {\n          return Left(response.error);\n        }\n        const { signature, deviceSessionKey } = response.data;\n        // At this step, the shared secret is used directly as an encryption key after removing the first byte\n        const secret = sessionKeypair.ecdh(deviceSessionKey).slice(1);\n        return Right({ signature, secret });\n      } catch (error) {\n        return Left(new UnknownDAError(String(error)));\n      }\n    });\n  }\n\n  signCommands(\n    applicationPath: string,\n    block: BlockFlow,\n  ): EitherAsync<SignBlockError, EncryptedCommand>[] {\n    switch (block.type) {\n      case \"derive\":\n        return [\n          this.signDeriveCommand(applicationPath),\n          this.signAddMemberCommand(block.data),\n          this.signPublishKeyCommand(block.data),\n        ];\n      case \"addMember\":\n        return [\n          this.signAddMemberCommand(block.data),\n          this.signPublishKeyCommand(block.data),\n        ];\n    }\n  }\n\n  signSingleCommand(command: Uint8Array) {\n    return EitherAsync.fromPromise(\n      async (): Promise<Either<SignBlockError, TrustedProperties>> => {\n        try {\n          const response = await this.api.sendCommand(\n            new SignBlockSingleCommand({ command }),\n          );\n          if (response.status !== CommandResultStatus.Success) {\n            return Left(response.error);\n          }\n          return Right(new TrustedProperties(response.data));\n        } catch (error) {\n          return Left(new UnknownDAError(String(error)));\n        }\n      },\n    );\n  }\n\n  signDeriveCommand(applicationPath: string) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.Derive,\n        path: applicationPath,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, EncryptedDeriveCommand>(\n        eitherSeqRecord({\n          type: CommandTags.Derive,\n          path: applicationPath,\n          iv: () => trustedProps.getIv(),\n          xpriv: () => trustedProps.getXPriv(),\n          ephemeralPublicKey: () => trustedProps.getEphemeralPublicKey(),\n          commandIv: () => trustedProps.getCommandIv(),\n          groupKey: () => trustedProps.getGroupKey(),\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there\n        }),\n      ),\n    );\n  }\n\n  signAddMemberCommand({ name, publicKey, permissions }: AddMemberBlockData) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.AddMember,\n        name,\n        publicKey,\n        permissions,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, AddMemberUnsignedData>(\n        eitherSeqRecord({\n          type: CommandTags.AddMember,\n          name,\n          publicKey,\n          permissions,\n          iv: () => trustedProps.getIv(), // Just validate it's there\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there\n        }),\n      ),\n    );\n  }\n\n  signPublishKeyCommand({ publicKey }: Pick<AddMemberBlockData, \"publicKey\">) {\n    return this.signSingleCommand(\n      LKRPCommand.bytesFromUnsignedData({\n        type: CommandTags.PublishKey,\n        recipient: publicKey,\n      }),\n    ).chain((trustedProps) =>\n      EitherAsync.liftEither<SignBlockError, EncryptedPublishKeyCommand>(\n        eitherSeqRecord({\n          type: CommandTags.PublishKey,\n          recipient: publicKey,\n          iv: () => trustedProps.getIv(),\n          xpriv: () => trustedProps.getXPriv(),\n          ephemeralPublicKey: () => trustedProps.getEphemeralPublicKey(),\n          commandIv: () => trustedProps.getCommandIv(),\n          newMember: () => trustedProps.getNewMember(), // Just validate it's there,\n        }),\n      ),\n    );\n  }\n\n  decryptBlock(\n    parent: Uint8Array,\n    { header, commands, signature }: EncryptedBlock,\n  ): Either<SignBlockError, LKRPBlock> {\n    const decryptedIssuer = CryptoUtils.decrypt(\n      signature.secret,\n      header.iv,\n      header.issuer,\n    );\n    return Either.sequence(\n      commands.map((command) => this.decryptCommand(signature.secret, command)),\n    ).map((decryptedCommands) =>\n      LKRPBlock.fromData({\n        parent: bufferToHexaString(parent),\n        issuer: decryptedIssuer,\n        commands: decryptedCommands,\n        signature: signature.signature,\n      }),\n    );\n  }\n\n  decryptCommand(\n    secret: Uint8Array,\n    command: EncryptedCommand,\n  ): Either<UnknownDAError, LKRPCommand> {\n    switch (command.type) {\n      case CommandTags.Derive:\n      case CommandTags.PublishKey: {\n        const encryptedXpriv = CryptoUtils.decrypt(\n          secret,\n          command.iv,\n          command.xpriv,\n        );\n        return Right(\n          LKRPCommand.fromData({\n            ...command,\n            initializationVector: command.commandIv,\n            encryptedXpriv,\n          }),\n        );\n      }\n      case CommandTags.AddMember:\n        return Right(LKRPCommand.fromData({ ...command }));\n      default:\n        return Left(new UnknownDAError(\"Unsupported command type\"));\n    }\n  }\n}\n"],
+  "mappings": "AAAA,OACE,sBAAAA,EACA,uBAAAC,EAEA,kBAAAC,MACK,kCACP,OAAS,UAAAC,EAAQ,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YAQjD,OAAS,0BAAAC,MAA8B,+CACvC,OAAS,6BAAAC,MAAiC,yDAC1C,OAAS,0BAAAC,MAA8B,sDAGvC,OAAS,eAAAC,MAAmB,yBAC5B,OACE,wBAAAC,EACA,mBAAAC,MACK,kCACP,OAAS,aAAAC,MAAiB,4BAC1B,OAAS,eAAAC,MAAmB,8BAC5B,OAAS,eAAAC,EAAa,eAAAC,MAAmB,0BAQzC,OAAS,qBAAAC,MAAyB,4BA4C3B,MAAMC,EAAqB,IAAI,WAAW,CAC/C,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAC3E,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,CACpB,CAAC,EAEM,MAAMC,CAAc,CACzB,YAA6BC,EAAkB,CAAlB,SAAAA,CAAmB,CAEhD,IAAI,CACF,eAAAC,EACA,aAAAC,EACA,KAAAC,EACA,IAAAC,EACA,OAAAC,EACA,UAAAC,EACA,eAAAC,CACF,EAA0D,CACxD,MAAMC,EAAW,KAAK,aAAaL,EAAMG,CAAS,EAClD,OAAOf,EAAqB,CAC1B,OAAQ,KAAK,gBAAgBc,EAAQG,EAAS,MAAM,EACpD,SAAUxB,EAAY,SAASwB,CAAQ,EACvC,UAAW,KAAK,mBAAmBD,CAAc,CACnD,CAAC,EACE,MAAOE,GACNzB,EAAY,WAAW,KAAK,aAAaqB,EAAQI,CAAc,CAAC,CAClE,EACC,MAAOC,GAAU,CAChB,OAAQJ,EAAU,KAAM,CACtB,IAAK,SACH,OAAOL,EAAe,eAAeC,EAAcQ,EAAON,CAAG,EAC/D,IAAK,YACH,OAAOH,EAAe,YAAYC,EAAcC,EAAMO,EAAON,CAAG,CACpE,CACF,CAAC,CACL,CAEA,gBACEC,EACAM,EAC4C,CAC5C,OAAO3B,EAAY,YAAY,SAAY,CACzC,MAAM4B,EAAS,WAAW,KACxB,CACE,CAAChB,EAAY,IAAK,EAAG,CAAC,EACtB,CAACA,EAAY,KAAMS,EAAO,OAAQ,GAAGA,CAAM,EAC3C,CACET,EAAY,UACZE,EAAmB,OACnB,GAAGA,CACL,EACA,CAACF,EAAY,IAAK,EAAGe,CAAY,CACnC,EAAE,KAAK,CACT,EACA,GAAI,CACF,MAAME,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAI1B,EAAuB,CAAE,OAAAyB,CAAO,CAAC,CACvC,EACA,GAAIC,EAAS,SAAWhC,EAAoB,QAC1C,OAAOI,EAAK4B,EAAS,KAAK,EAE5B,MAAMC,EAAe,IAAIjB,EAAkBgB,EAAS,IAAI,EACxD,OAAOrB,EAAgB,CACrB,GAAI,IAAMsB,EAAa,MAAM,EAC7B,OAAQ,IAAMA,EAAa,UAAU,CACvC,CAAC,CACH,OAASC,EAAO,CACd,OAAO9B,EAAK,IAAIH,EAAe,OAAOiC,CAAK,CAAC,CAAC,CAC/C,CACF,CAAC,CACH,CAEA,mBACER,EAC+C,CAC/C,OAAOvB,EAAY,YAAY,SAAY,CACzC,GAAI,CACF,MAAM6B,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIzB,CACN,EACA,GAAIyB,EAAS,SAAWhC,EAAoB,QAC1C,OAAOI,EAAK4B,EAAS,KAAK,EAE5B,KAAM,CAAE,UAAAG,EAAW,iBAAAC,CAAiB,EAAIJ,EAAS,KAE3CK,EAASX,EAAe,KAAKU,CAAgB,EAAE,MAAM,CAAC,EAC5D,OAAO/B,EAAM,CAAE,UAAA8B,EAAW,OAAAE,CAAO,CAAC,CACpC,OAASH,EAAO,CACd,OAAO9B,EAAK,IAAIH,EAAe,OAAOiC,CAAK,CAAC,CAAC,CAC/C,CACF,CAAC,CACH,CAEA,aACEI,EACAT,EACiD,CACjD,OAAQA,EAAM,KAAM,CAClB,IAAK,SACH,MAAO,CACL,KAAK,kBAAkBS,CAAe,EACtC,KAAK,qBAAqBT,EAAM,IAAI,EACpC,KAAK,sBAAsBA,EAAM,IAAI,CACvC,EACF,IAAK,YACH,MAAO,CACL,KAAK,qBAAqBA,EAAM,IAAI,EACpC,KAAK,sBAAsBA,EAAM,IAAI,CACvC,CACJ,CACF,CAEA,kBAAkBU,EAAqB,CACrC,OAAOpC,EAAY,YACjB,SAAgE,CAC9D,GAAI,CACF,MAAM6B,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIxB,EAAuB,CAAE,QAAA+B,CAAQ,CAAC,CACxC,EACA,OAAIP,EAAS,SAAWhC,EAAoB,QACnCI,EAAK4B,EAAS,KAAK,EAErB3B,EAAM,IAAIW,EAAkBgB,EAAS,IAAI,CAAC,CACnD,OAASE,EAAO,CACd,OAAO9B,EAAK,IAAIH,EAAe,OAAOiC,CAAK,CAAC,CAAC,CAC/C,CACF,CACF,CACF,CAEA,kBAAkBI,EAAyB,CACzC,OAAO,KAAK,kBACVzB,EAAY,sBAAsB,CAChC,KAAMC,EAAY,OAClB,KAAMwB,CACR,CAAC,CACH,EAAE,MAAOL,GACP9B,EAAY,WACVQ,EAAgB,CACd,KAAMG,EAAY,OAClB,KAAMwB,EACN,GAAI,IAAML,EAAa,MAAM,EAC7B,MAAO,IAAMA,EAAa,SAAS,EACnC,mBAAoB,IAAMA,EAAa,sBAAsB,EAC7D,UAAW,IAAMA,EAAa,aAAa,EAC3C,SAAU,IAAMA,EAAa,YAAY,EACzC,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,qBAAqB,CAAE,KAAAO,EAAM,UAAAC,EAAW,YAAAC,CAAY,EAAuB,CACzE,OAAO,KAAK,kBACV7B,EAAY,sBAAsB,CAChC,KAAMC,EAAY,UAClB,KAAA0B,EACA,UAAAC,EACA,YAAAC,CACF,CAAC,CACH,EAAE,MAAOT,GACP9B,EAAY,WACVQ,EAAgB,CACd,KAAMG,EAAY,UAClB,KAAA0B,EACA,UAAAC,EACA,YAAAC,EACA,GAAI,IAAMT,EAAa,MAAM,EAC7B,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,sBAAsB,CAAE,UAAAQ,CAAU,EAA0C,CAC1E,OAAO,KAAK,kBACV5B,EAAY,sBAAsB,CAChC,KAAMC,EAAY,WAClB,UAAW2B,CACb,CAAC,CACH,EAAE,MAAOR,GACP9B,EAAY,WACVQ,EAAgB,CACd,KAAMG,EAAY,WAClB,UAAW2B,EACX,GAAI,IAAMR,EAAa,MAAM,EAC7B,MAAO,IAAMA,EAAa,SAAS,EACnC,mBAAoB,IAAMA,EAAa,sBAAsB,EAC7D,UAAW,IAAMA,EAAa,aAAa,EAC3C,UAAW,IAAMA,EAAa,aAAa,CAC7C,CAAC,CACH,CACF,CACF,CAEA,aACET,EACA,CAAE,OAAAO,EAAQ,SAAAJ,EAAU,UAAAQ,CAAU,EACK,CACnC,MAAMQ,EAAkBlC,EAAY,QAClC0B,EAAU,OACVJ,EAAO,GACPA,EAAO,MACT,EACA,OAAO7B,EAAO,SACZyB,EAAS,IAAKY,GAAY,KAAK,eAAeJ,EAAU,OAAQI,CAAO,CAAC,CAC1E,EAAE,IAAKK,GACLhC,EAAU,SAAS,CACjB,OAAQb,EAAmByB,CAAM,EACjC,OAAQmB,EACR,SAAUC,EACV,UAAWT,EAAU,SACvB,CAAC,CACH,CACF,CAEA,eACEE,EACAE,EACqC,CACrC,OAAQA,EAAQ,KAAM,CACpB,KAAKzB,EAAY,OACjB,KAAKA,EAAY,WAAY,CAC3B,MAAM+B,EAAiBpC,EAAY,QACjC4B,EACAE,EAAQ,GACRA,EAAQ,KACV,EACA,OAAOlC,EACLQ,EAAY,SAAS,CACnB,GAAG0B,EACH,qBAAsBA,EAAQ,UAC9B,eAAAM,CACF,CAAC,CACH,CACF,CACA,KAAK/B,EAAY,UACf,OAAOT,EAAMQ,EAAY,SAAS,CAAE,GAAG0B,CAAQ,CAAC,CAAC,EACnD,QACE,OAAOnC,EAAK,IAAIH,EAAe,0BAA0B,CAAC,CAC9D,CACF,CACF",
+  "names": ["bufferToHexaString", "CommandResultStatus", "UnknownDAError", "Either", "EitherAsync", "Left", "Right", "SignBlockHeaderCommand", "SignBlockSignatureCommand", "SignBlockSingleCommand", "CryptoUtils", "eitherAsyncSeqRecord", "eitherSeqRecord", "LKRPBlock", "LKRPCommand", "CommandTags", "GeneralTags", "TrustedProperties", "ISSUER_PLACEHOLDER", "SignBlockTask", "api", "lkrpDataSource", "trustchainId", "path", "jwt", "parent", "blockFlow", "sessionKeypair", "commands", "encryptedBlock", "block", "commandCount", "header", "response", "trustedProps", "error", "signature", "deviceSessionKey", "secret", "applicationPath", "command", "name", "publicKey", "permissions", "decryptedIssuer", "decryptedCommands", "encryptedXpriv"]
+}

package/lib/esm/internal/app-binder/task/SignChallengeWithDeviceTask.js

@@ -0,0 +1,2 @@
+import{CommandResultStatus as o}from"@ledgerhq/device-management-kit";import{Left as i,Right as s}from"purify-ts";import{GetSeedIdCommand as m}from"../../app-binder/command/GetSeedIdCommand";class u{constructor(t){this.api=t}async run(t){const e=await this.api.sendCommand(new m({challengeTLV:t.tlv}));if(e.status!==o.Success)return i(e.error);const{credential:r,signature:a,attestation:n}=e.data;return s({challenge:t.json,signature:{credential:r,signature:a,attestation:n}})}}export{u as SignChallengeWithDeviceTask};
+//# sourceMappingURL=SignChallengeWithDeviceTask.js.map

package/lib/esm/internal/app-binder/task/SignChallengeWithDeviceTask.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/task/SignChallengeWithDeviceTask.ts"],
+  "sourcesContent": ["import {\n  CommandResultStatus,\n  type InternalApi,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, Left, Right } from \"purify-ts\";\n\nimport { GetSeedIdCommand } from \"@internal/app-binder/command/GetSeedIdCommand\";\nimport { type LKRPDeviceCommandError } from \"@internal/app-binder/command/utils/ledgerKeyringProtocolErrors\";\nimport {\n  type AuthenticationPayload,\n  type Challenge,\n} from \"@internal/lkrp-datasource/data/LKRPDataSource\";\n\nexport class SignChallengeWithDeviceTask {\n  constructor(private readonly api: InternalApi) {}\n\n  async run(\n    challenge: Challenge,\n  ): Promise<Either<LKRPDeviceCommandError, AuthenticationPayload>> {\n    const response = await this.api.sendCommand(\n      new GetSeedIdCommand({ challengeTLV: challenge.tlv }),\n    );\n\n    if (response.status !== CommandResultStatus.Success) {\n      return Left(response.error);\n    }\n\n    const { credential, signature, attestation } = response.data;\n    return Right({\n      challenge: challenge.json,\n      signature: { credential, signature, attestation },\n    });\n  }\n}\n"],
+  "mappings": "AAAA,OACE,uBAAAA,MAEK,kCACP,OAAsB,QAAAC,EAAM,SAAAC,MAAa,YAEzC,OAAS,oBAAAC,MAAwB,gDAO1B,MAAMC,CAA4B,CACvC,YAA6BC,EAAkB,CAAlB,SAAAA,CAAmB,CAEhD,MAAM,IACJC,EACgE,CAChE,MAAMC,EAAW,MAAM,KAAK,IAAI,YAC9B,IAAIJ,EAAiB,CAAE,aAAcG,EAAU,GAAI,CAAC,CACtD,EAEA,GAAIC,EAAS,SAAWP,EAAoB,QAC1C,OAAOC,EAAKM,EAAS,KAAK,EAG5B,KAAM,CAAE,WAAAC,EAAY,UAAAC,EAAW,YAAAC,CAAY,EAAIH,EAAS,KACxD,OAAOL,EAAM,CACX,UAAWI,EAAU,KACrB,UAAW,CAAE,WAAAE,EAAY,UAAAC,EAAW,YAAAC,CAAY,CAClD,CAAC,CACH,CACF",
+  "names": ["CommandResultStatus", "Left", "Right", "GetSeedIdCommand", "SignChallengeWithDeviceTask", "api", "challenge", "response", "credential", "signature", "attestation"]
+}

package/lib/esm/internal/app-binder/task/SignChallengeWithKeypairTask.js

@@ -0,0 +1,2 @@
+import{ByteArrayParser as s,UnknownDAError as g}from"@ledgerhq/device-management-kit";import{EitherAsync as p,Left as h,Maybe as y}from"purify-ts";import{LKRPMissingDataError as i}from"../../../api/app-binder/Errors";import{CryptoUtils as c}from"../../utils/crypto";import{eitherSeqRecord as m}from"../../utils/eitherSeqRecord";import{bytesToHex as o,hexToBytes as x}from"../../utils/hex";class f{constructor(r,n){this.keypair=r;this.trustchainId=n}run(r){const n=this.getAttestation(),a=this.getCredential(this.keypair.pubKeyToHex());return p.liftEither(this.getUnsignedChallengeTLV(r.tlv)).map(c.hash).map(e=>this.keypair.sign(e)).map(o).map(e=>({challenge:r.json,signature:{attestation:n,credential:a,signature:e}})).mapLeft(e=>e instanceof i?e:new g(String(e)))}getAttestation(){const r=new TextEncoder().encode(this.trustchainId),n=Uint8Array.from([2,r.length,...r]);return o(n)}getCredential(r){return{version:0,curveId:33,signAlgorithm:1,publicKey:r}}getUnsignedChallengeTLV(r){const n=new s(x(r)),a=new Map(function*(){for(;;){const t=n.extractFieldTLVEncoded();if(!t)break;yield[t.tag,t.value]}}());if(a.size>10)return h(new i("Challenge TLV contains unexpected data"));const e=(t,l)=>y.fromNullable(a.get(t)).toEither(new i(`Missing ${l} field`));return m({payloadType:()=>e(1,"Payload type"),version:()=>e(2,"Version"),challengeExpiry:()=>e(22,"Challenge expiry"),host:()=>e(32,"Host"),protocolVersion:()=>e(96,"Protocol version"),curveId:()=>e(50,"Curve ID"),publicKey:()=>e(51,"Public key"),challengeData:()=>e(18,"Challenge data"),signAlgorithm:()=>e(20,"Sign algorithm"),rpSignatureField:()=>e(21,"RP signature field")}).map(t=>Uint8Array.from([[1,t.payloadType.length,...t.payloadType],[2,t.version.length,...t.version],[18,t.challengeData.length,...t.challengeData],[22,t.challengeExpiry.length,...t.challengeExpiry],[32,t.host.length,...t.host],[96,t.protocolVersion.length,...t.protocolVersion]].flat()))}}export{f as SignChallengeWithKeypairTask};
+//# sourceMappingURL=SignChallengeWithKeypairTask.js.map

package/lib/esm/internal/app-binder/task/SignChallengeWithKeypairTask.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/task/SignChallengeWithKeypairTask.ts"],
+  "sourcesContent": ["import {\n  ByteArrayParser,\n  UnknownDAError,\n} from \"@ledgerhq/device-management-kit\";\nimport { type Either, EitherAsync, Left, Maybe } from \"purify-ts\";\n\nimport { LKRPMissingDataError } from \"@api/app-binder/Errors\";\nimport { type Keypair } from \"@api/app-binder/LKRPTypes\";\nimport {\n  type AuthenticationPayload,\n  type Challenge,\n} from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { CryptoUtils } from \"@internal/utils/crypto\";\nimport { eitherSeqRecord } from \"@internal/utils/eitherSeqRecord\";\nimport { bytesToHex, hexToBytes } from \"@internal/utils/hex\";\n\nexport class SignChallengeWithKeypairTask {\n  constructor(\n    private readonly keypair: Keypair,\n    private readonly trustchainId: string,\n  ) {}\n\n  run(\n    challenge: Challenge,\n  ): EitherAsync<LKRPMissingDataError | UnknownDAError, AuthenticationPayload> {\n    const attestation = this.getAttestation();\n    const credential = this.getCredential(this.keypair.pubKeyToHex());\n\n    return EitherAsync.liftEither(this.getUnsignedChallengeTLV(challenge.tlv))\n      .map(CryptoUtils.hash)\n      .map((hash) => this.keypair.sign(hash))\n      .map(bytesToHex)\n      .map((signature) => ({\n        challenge: challenge.json,\n        signature: { attestation, credential, signature },\n      }))\n      .mapLeft((error) =>\n        error instanceof LKRPMissingDataError\n          ? error\n          : new UnknownDAError(String(error)),\n      );\n  }\n\n  // Spec https://ledgerhq.atlassian.net/wiki/spaces/TA/pages/4335960138/ARCH+LedgerLive+Auth+specifications\n  private getAttestation() {\n    const bytes = new TextEncoder().encode(this.trustchainId);\n    const attestation = Uint8Array.from([0x02, bytes.length, ...bytes]);\n    return bytesToHex(attestation);\n  }\n\n  private getCredential(publicKey: string) {\n    return { version: 0, curveId: 33, signAlgorithm: 1, publicKey };\n  }\n\n  private getUnsignedChallengeTLV(\n    tlv: string,\n  ): Either<LKRPMissingDataError, Uint8Array> {\n    const parser = new ByteArrayParser(hexToBytes(tlv));\n    const parsed = new Map(\n      (function* () {\n        while (true) {\n          const field = parser.extractFieldTLVEncoded();\n          if (!field) break; // No more fields to extract\n          yield [field.tag, field.value];\n        }\n      })(),\n    );\n\n    // We expect 10 fields in the TLV\n    if (parsed.size > 10) {\n      return Left(\n        new LKRPMissingDataError(\"Challenge TLV contains unexpected data\"),\n      );\n    }\n\n    const getField = (tag: number, fieldName: string) =>\n      Maybe.fromNullable(parsed.get(tag)).toEither(\n        new LKRPMissingDataError(`Missing ${fieldName} field`),\n      );\n\n    return eitherSeqRecord({\n      // Unsigned fields\n      payloadType: () => getField(0x01, \"Payload type\"),\n      version: () => getField(0x02, \"Version\"),\n      challengeExpiry: () => getField(0x16, \"Challenge expiry\"),\n      host: () => getField(0x20, \"Host\"),\n      protocolVersion: () => getField(0x60, \"Protocol version\"),\n\n      // Signed fields\n      curveId: () => getField(0x32, \"Curve ID\"),\n      publicKey: () => getField(0x33, \"Public key\"),\n      challengeData: () => getField(0x12, \"Challenge data\"),\n      signAlgorithm: () => getField(0x14, \"Sign algorithm\"),\n      rpSignatureField: () => getField(0x15, \"RP signature field\"),\n    }).map((fields) =>\n      Uint8Array.from(\n        [\n          [0x01, fields.payloadType.length, ...fields.payloadType],\n          [0x02, fields.version.length, ...fields.version],\n          [0x12, fields.challengeData.length, ...fields.challengeData],\n          [0x16, fields.challengeExpiry.length, ...fields.challengeExpiry],\n          [0x20, fields.host.length, ...fields.host],\n          [0x60, fields.protocolVersion.length, ...fields.protocolVersion],\n        ].flat(),\n      ),\n    );\n  }\n}\n"],
+  "mappings": "AAAA,OACE,mBAAAA,EACA,kBAAAC,MACK,kCACP,OAAsB,eAAAC,EAAa,QAAAC,EAAM,SAAAC,MAAa,YAEtD,OAAS,wBAAAC,MAA4B,yBAMrC,OAAS,eAAAC,MAAmB,yBAC5B,OAAS,mBAAAC,MAAuB,kCAChC,OAAS,cAAAC,EAAY,cAAAC,MAAkB,sBAEhC,MAAMC,CAA6B,CACxC,YACmBC,EACAC,EACjB,CAFiB,aAAAD,EACA,kBAAAC,CAChB,CAEH,IACEC,EAC2E,CAC3E,MAAMC,EAAc,KAAK,eAAe,EAClCC,EAAa,KAAK,cAAc,KAAK,QAAQ,YAAY,CAAC,EAEhE,OAAOb,EAAY,WAAW,KAAK,wBAAwBW,EAAU,GAAG,CAAC,EACtE,IAAIP,EAAY,IAAI,EACpB,IAAKU,GAAS,KAAK,QAAQ,KAAKA,CAAI,CAAC,EACrC,IAAIR,CAAU,EACd,IAAKS,IAAe,CACnB,UAAWJ,EAAU,KACrB,UAAW,CAAE,YAAAC,EAAa,WAAAC,EAAY,UAAAE,CAAU,CAClD,EAAE,EACD,QAASC,GACRA,aAAiBb,EACba,EACA,IAAIjB,EAAe,OAAOiB,CAAK,CAAC,CACtC,CACJ,CAGQ,gBAAiB,CACvB,MAAMC,EAAQ,IAAI,YAAY,EAAE,OAAO,KAAK,YAAY,EAClDL,EAAc,WAAW,KAAK,CAAC,EAAMK,EAAM,OAAQ,GAAGA,CAAK,CAAC,EAClE,OAAOX,EAAWM,CAAW,CAC/B,CAEQ,cAAcM,EAAmB,CACvC,MAAO,CAAE,QAAS,EAAG,QAAS,GAAI,cAAe,EAAG,UAAAA,CAAU,CAChE,CAEQ,wBACNC,EAC0C,CAC1C,MAAMC,EAAS,IAAItB,EAAgBS,EAAWY,CAAG,CAAC,EAC5CE,EAAS,IAAI,IAChB,WAAa,CACZ,OAAa,CACX,MAAMC,EAAQF,EAAO,uBAAuB,EAC5C,GAAI,CAACE,EAAO,MACZ,KAAM,CAACA,EAAM,IAAKA,EAAM,KAAK,CAC/B,CACF,EAAG,CACL,EAGA,GAAID,EAAO,KAAO,GAChB,OAAOpB,EACL,IAAIE,EAAqB,wCAAwC,CACnE,EAGF,MAAMoB,EAAW,CAACC,EAAaC,IAC7BvB,EAAM,aAAamB,EAAO,IAAIG,CAAG,CAAC,EAAE,SAClC,IAAIrB,EAAqB,WAAWsB,CAAS,QAAQ,CACvD,EAEF,OAAOpB,EAAgB,CAErB,YAAa,IAAMkB,EAAS,EAAM,cAAc,EAChD,QAAS,IAAMA,EAAS,EAAM,SAAS,EACvC,gBAAiB,IAAMA,EAAS,GAAM,kBAAkB,EACxD,KAAM,IAAMA,EAAS,GAAM,MAAM,EACjC,gBAAiB,IAAMA,EAAS,GAAM,kBAAkB,EAGxD,QAAS,IAAMA,EAAS,GAAM,UAAU,EACxC,UAAW,IAAMA,EAAS,GAAM,YAAY,EAC5C,cAAe,IAAMA,EAAS,GAAM,gBAAgB,EACpD,cAAe,IAAMA,EAAS,GAAM,gBAAgB,EACpD,iBAAkB,IAAMA,EAAS,GAAM,oBAAoB,CAC7D,CAAC,EAAE,IAAKG,GACN,WAAW,KACT,CACE,CAAC,EAAMA,EAAO,YAAY,OAAQ,GAAGA,EAAO,WAAW,EACvD,CAAC,EAAMA,EAAO,QAAQ,OAAQ,GAAGA,EAAO,OAAO,EAC/C,CAAC,GAAMA,EAAO,cAAc,OAAQ,GAAGA,EAAO,aAAa,EAC3D,CAAC,GAAMA,EAAO,gBAAgB,OAAQ,GAAGA,EAAO,eAAe,EAC/D,CAAC,GAAMA,EAAO,KAAK,OAAQ,GAAGA,EAAO,IAAI,EACzC,CAAC,GAAMA,EAAO,gBAAgB,OAAQ,GAAGA,EAAO,eAAe,CACjE,EAAE,KAAK,CACT,CACF,CACF,CACF",
+  "names": ["ByteArrayParser", "UnknownDAError", "EitherAsync", "Left", "Maybe", "LKRPMissingDataError", "CryptoUtils", "eitherSeqRecord", "bytesToHex", "hexToBytes", "SignChallengeWithKeypairTask", "keypair", "trustchainId", "challenge", "attestation", "credential", "hash", "signature", "error", "bytes", "publicKey", "tlv", "parser", "parsed", "field", "getField", "tag", "fieldName", "fields"]
+}

package/lib/esm/internal/app-binder/task/SignChallengeWithKeypairTask.test.js

@@ -0,0 +1,2 @@
+import{LKRPMissingDataError as s}from"../../../api/app-binder/Errors";import{KeypairFromBytes as f}from"../../../api/app-binder/KeypairFromBytes";import{hexToBytes as b}from"../../utils/hex";import{SignChallengeWithKeypairTask as d}from"./SignChallengeWithKeypairTask";describe("SignChallengeWithKeypairTask",()=>{it("should sign a challenge with a keypair",async()=>{const{challenge:e,keypair:a,trustchainId:c}=i(),n=await new d(a,c).run(e).run();expect(n.isRight()).toBe(!0),n.ifRight(t=>{expect(t.challenge).toBe(e.json),expect(t.signature.credential).toEqual({version:0,curveId:33,signAlgorithm:1,publicKey:a.pubKeyToHex()}),expect(t.signature.attestation).toBe("0242303062373538386231393136633036373635343632656266343530363734346665323565643164623831393635326532646562613732313338393738396364633337"),expect(t.signature.signature).toBe("3045022100e9fead4e341f4e145f8888d7897184ff585e23c832a4c7acd15b5a2e53c58d2902204c58596d039960ab9b56ba4f9d27dbc5e647dbe779089e5e7e608501c5270049")})}),it("should handle invalid challenge",async()=>{const{challenge:e,keypair:a,trustchainId:c}=i({tlv:"invalid-tlv"});(await new d(a,c).run(e).run()).ifLeft(t=>expect(t).toBeInstanceOf(s))})});function i({privateKey:e="b21ef366414b1aaba29b9576b7c1a661d663cfd8b4f998257dddbf7dc60d315d",trustchainId:a="00b7588b1916c06765462ebf4506744fe25ed1db819652e2deba721389789cdc37",tlv:c="0101070201001210bb1ea0c98526e1ea2deb7c7537f2989514010115473045022038632e8fa245483f0ecdbaa4ca0d455a03e7510da269d2089fed0d5cfa69d3d6022100c2f938d60bf1c34e96a2d332822a86059d90ec26ea222189cd9731834a5c151216046878ab74202b7472757374636861696e2d6261636b656e642e6170692e6177732e7374672e6c64672d746563682e636f6d320121332103cb7628e7248ddf9c07da54b979f16bf081fb3d173aac0992ad2a44ef6a388ae2600401000000"}={}){return{challenge:{tlv:c,json:{}},keypair:new f(b(e)),trustchainId:a}}
+//# sourceMappingURL=SignChallengeWithKeypairTask.test.js.map

package/lib/esm/internal/app-binder/task/SignChallengeWithKeypairTask.test.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/app-binder/task/SignChallengeWithKeypairTask.test.ts"],
+  "sourcesContent": ["import { LKRPMissingDataError } from \"@api/app-binder/Errors\";\nimport { KeypairFromBytes } from \"@api/app-binder/KeypairFromBytes\";\nimport { type Challenge } from \"@internal/lkrp-datasource/data/LKRPDataSource\";\nimport { hexToBytes } from \"@internal/utils/hex\";\n\nimport { SignChallengeWithKeypairTask } from \"./SignChallengeWithKeypairTask\";\n\ndescribe(\"SignChallengeWithKeypairTask\", () => {\n  it(\"should sign a challenge with a keypair\", async () => {\n    // GIVEN\n    const { challenge, keypair, trustchainId } = getParameters();\n\n    // WHEN\n    const task = new SignChallengeWithKeypairTask(keypair, trustchainId);\n    const result = await task.run(challenge).run();\n\n    // THEN\n    expect(result.isRight()).toBe(true);\n    result.ifRight((payload) => {\n      expect(payload.challenge).toBe(challenge.json);\n      expect(payload.signature.credential).toEqual({\n        version: 0,\n        curveId: 33,\n        signAlgorithm: 1,\n        publicKey: keypair.pubKeyToHex(),\n      });\n      expect(payload.signature.attestation).toBe(\n        \"0242303062373538386231393136633036373635343632656266343530363734346665323565643164623831393635326532646562613732313338393738396364633337\",\n      );\n      expect(payload.signature.signature).toBe(\n        \"3045022100e9fead4e341f4e145f8888d7897184ff585e23c832a4c7acd15b5a2e53c58d2902204c58596d039960ab9b56ba4f9d27dbc5e647dbe779089e5e7e608501c5270049\",\n      );\n    });\n  });\n\n  it(\"should handle invalid challenge\", async () => {\n    // GIVEN\n    const { challenge, keypair, trustchainId } = getParameters({\n      tlv: \"invalid-tlv\", // Invalid TLV\n    });\n\n    // WHEN\n    const task = new SignChallengeWithKeypairTask(keypair, trustchainId);\n    const result = await task.run(challenge).run();\n\n    // THEN\n    result.ifLeft((error) =>\n      expect(error).toBeInstanceOf(LKRPMissingDataError),\n    );\n  });\n});\n\nfunction getParameters({\n  privateKey = \"b21ef366414b1aaba29b9576b7c1a661d663cfd8b4f998257dddbf7dc60d315d\",\n  trustchainId = \"00b7588b1916c06765462ebf4506744fe25ed1db819652e2deba721389789cdc37\",\n  tlv = \"0101070201001210bb1ea0c98526e1ea2deb7c7537f2989514010115473045022038632e8fa245483f0ecdbaa4ca0d455a03e7510da269d2089fed0d5cfa69d3d6022100c2f938d60bf1c34e96a2d332822a86059d90ec26ea222189cd9731834a5c151216046878ab74202b7472757374636861696e2d6261636b656e642e6170692e6177732e7374672e6c64672d746563682e636f6d320121332103cb7628e7248ddf9c07da54b979f16bf081fb3d173aac0992ad2a44ef6a388ae2600401000000\",\n} = {}) {\n  return {\n    challenge: { tlv, json: {} as Challenge[\"json\"] },\n    keypair: new KeypairFromBytes(hexToBytes(privateKey)),\n    trustchainId,\n  };\n}\n"],
+  "mappings": "AAAA,OAAS,wBAAAA,MAA4B,yBACrC,OAAS,oBAAAC,MAAwB,mCAEjC,OAAS,cAAAC,MAAkB,sBAE3B,OAAS,gCAAAC,MAAoC,iCAE7C,SAAS,+BAAgC,IAAM,CAC7C,GAAG,yCAA0C,SAAY,CAEvD,KAAM,CAAE,UAAAC,EAAW,QAAAC,EAAS,aAAAC,CAAa,EAAIC,EAAc,EAIrDC,EAAS,MADF,IAAIL,EAA6BE,EAASC,CAAY,EACzC,IAAIF,CAAS,EAAE,IAAI,EAG7C,OAAOI,EAAO,QAAQ,CAAC,EAAE,KAAK,EAAI,EAClCA,EAAO,QAASC,GAAY,CAC1B,OAAOA,EAAQ,SAAS,EAAE,KAAKL,EAAU,IAAI,EAC7C,OAAOK,EAAQ,UAAU,UAAU,EAAE,QAAQ,CAC3C,QAAS,EACT,QAAS,GACT,cAAe,EACf,UAAWJ,EAAQ,YAAY,CACjC,CAAC,EACD,OAAOI,EAAQ,UAAU,WAAW,EAAE,KACpC,0IACF,EACA,OAAOA,EAAQ,UAAU,SAAS,EAAE,KAClC,gJACF,CACF,CAAC,CACH,CAAC,EAED,GAAG,kCAAmC,SAAY,CAEhD,KAAM,CAAE,UAAAL,EAAW,QAAAC,EAAS,aAAAC,CAAa,EAAIC,EAAc,CACzD,IAAK,aACP,CAAC,GAIc,MADF,IAAIJ,EAA6BE,EAASC,CAAY,EACzC,IAAIF,CAAS,EAAE,IAAI,GAGtC,OAAQM,GACb,OAAOA,CAAK,EAAE,eAAeV,CAAoB,CACnD,CACF,CAAC,CACH,CAAC,EAED,SAASO,EAAc,CACrB,WAAAI,EAAa,mEACb,aAAAL,EAAe,qEACf,IAAAM,EAAM,wYACR,EAAI,CAAC,EAAG,CACN,MAAO,CACL,UAAW,CAAE,IAAAA,EAAK,KAAM,CAAC,CAAuB,EAChD,QAAS,IAAIX,EAAiBC,EAAWS,CAAU,CAAC,EACpD,aAAAL,CACF,CACF",
+  "names": ["LKRPMissingDataError", "KeypairFromBytes", "hexToBytes", "SignChallengeWithKeypairTask", "challenge", "keypair", "trustchainId", "getParameters", "result", "payload", "error", "privateKey", "tlv"]
+}

package/lib/esm/internal/app-binder/task/utils/TrustedProperties.js

@@ -0,0 +1,2 @@
+import{ByteArrayParser as a}from"@ledgerhq/device-management-kit";import{Either as p,Left as o,Right as i}from"purify-ts";import{LKRPParsingError as P}from"../../../../api/app-binder/Errors";import{required as e}from"../../../utils/required";import{TPTags as t}from"../../../utils/TLVTags";class h{constructor(r){this.bytes=r;this.parser=new a(r)}parser;iv=null;encryptedProps=null;getIv(){if(!this.iv){const r=this.parser.extractFieldTLVEncoded();if(!r||r.tag!==0)return o(new P("Invalid trusted property: missing IV"));this.iv=r.value}return i(this.iv)}getIssuer(){return this.parseEncryptedProps().chain(r=>e(r.get(t.ISSUER)?.value,"Missing issuer in trusted properties"))}getXPriv(){return this.parseEncryptedProps().chain(r=>e(r.get(t.XPRIV)?.value,"Missing xpriv in trusted properties"))}getEphemeralPublicKey(){return this.parseEncryptedProps().chain(r=>e(r.get(t.EPHEMERAL_PUBLIC_KEY)?.value,"Missing ephemeral public key in trusted properties"))}getCommandIv(){return this.parseEncryptedProps().chain(r=>e(r.get(t.COMMAND_IV)?.value,"Missing command IV in trusted properties"))}getGroupKey(){return this.parseEncryptedProps().chain(r=>e(r.get(t.GROUPKEY)?.value,"Missing group key in trusted properties"))}getNewMember(){return this.parseEncryptedProps().chain(r=>e(r.get(t.NEW_MEMBER)?.tlv,"Missing new member in trusted properties"))}parseEncryptedProps(){return this.encryptedProps?i(this.encryptedProps):this.getIv().chain(()=>p.sequence(Array.from(E(this.parser)))).map(r=>new Map(r.map(n=>[n.tag,n]))).ifRight(r=>{this.encryptedProps=r})}}function*E(s){for(;;){const r=s.extractFieldTLVEncoded();if(!r)return;yield i(r)}}export{h as TrustedProperties};
+//# sourceMappingURL=TrustedProperties.js.map

package/lib/esm/internal/app-binder/task/utils/TrustedProperties.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../src/internal/app-binder/task/utils/TrustedProperties.ts"],
+  "sourcesContent": ["import { ByteArrayParser } from \"@ledgerhq/device-management-kit\";\nimport { Either, Left, Right } from \"purify-ts\";\n\nimport {\n  type LKRPMissingDataError,\n  LKRPParsingError,\n} from \"@api/app-binder/Errors\";\nimport { required } from \"@internal/utils/required\";\nimport { TPTags } from \"@internal/utils/TLVTags\";\n\ntype EncryptedTPTag = Exclude<TPTags, TPTags.IV>;\ntype EncryptedTP = { tag: EncryptedTPTag; value: Uint8Array; tlv: Uint8Array };\n\nexport class TrustedProperties {\n  private readonly parser: ByteArrayParser;\n  private iv: Uint8Array | null = null;\n  private encryptedProps: Map<EncryptedTPTag, EncryptedTP> | null = null;\n\n  constructor(public readonly bytes: Uint8Array) {\n    this.parser = new ByteArrayParser(bytes);\n  }\n\n  getIv(): Either<LKRPParsingError, Uint8Array> {\n    if (!this.iv) {\n      const field = this.parser.extractFieldTLVEncoded();\n      if (!field || field.tag !== 0x00) {\n        return Left(\n          new LKRPParsingError(\"Invalid trusted property: missing IV\"),\n        );\n      }\n\n      this.iv = field.value;\n    }\n    return Right(this.iv);\n  }\n\n  getIssuer(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.ISSUER)?.value,\n        \"Missing issuer in trusted properties\",\n      ),\n    );\n  }\n\n  getXPriv(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.XPRIV)?.value,\n        \"Missing xpriv in trusted properties\",\n      ),\n    );\n  }\n\n  getEphemeralPublicKey(): Either<\n    LKRPParsingError | LKRPMissingDataError,\n    Uint8Array\n  > {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.EPHEMERAL_PUBLIC_KEY)?.value,\n        \"Missing ephemeral public key in trusted properties\",\n      ),\n    );\n  }\n\n  getCommandIv(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.COMMAND_IV)?.value,\n        \"Missing command IV in trusted properties\",\n      ),\n    );\n  }\n\n  getGroupKey(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.GROUPKEY)?.value,\n        \"Missing group key in trusted properties\",\n      ),\n    );\n  }\n\n  getNewMember(): Either<LKRPParsingError | LKRPMissingDataError, Uint8Array> {\n    return this.parseEncryptedProps().chain((props) =>\n      required(\n        props.get(TPTags.NEW_MEMBER)?.tlv,\n        \"Missing new member in trusted properties\",\n      ),\n    );\n  }\n\n  parseEncryptedProps(): Either<\n    LKRPParsingError,\n    Map<EncryptedTPTag, EncryptedTP>\n  > {\n    return this.encryptedProps\n      ? Right(this.encryptedProps)\n      : this.getIv()\n          .chain(() => Either.sequence(Array.from(parseTPs(this.parser))))\n          .map((fields) => new Map(fields.map((field) => [field.tag, field])))\n          .ifRight((props) => {\n            this.encryptedProps = props;\n          });\n  }\n}\n\nfunction* parseTPs(\n  parser: ByteArrayParser,\n): Generator<Either<LKRPParsingError, EncryptedTP>> {\n  while (true) {\n    const field = parser.extractFieldTLVEncoded();\n    if (!field) return;\n    yield Right(field);\n  }\n}\n"],
+  "mappings": "AAAA,OAAS,mBAAAA,MAAuB,kCAChC,OAAS,UAAAC,EAAQ,QAAAC,EAAM,SAAAC,MAAa,YAEpC,OAEE,oBAAAC,MACK,yBACP,OAAS,YAAAC,MAAgB,2BACzB,OAAS,UAAAC,MAAc,0BAKhB,MAAMC,CAAkB,CAK7B,YAA4BC,EAAmB,CAAnB,WAAAA,EAC1B,KAAK,OAAS,IAAIR,EAAgBQ,CAAK,CACzC,CANiB,OACT,GAAwB,KACxB,eAA0D,KAMlE,OAA8C,CAC5C,GAAI,CAAC,KAAK,GAAI,CACZ,MAAMC,EAAQ,KAAK,OAAO,uBAAuB,EACjD,GAAI,CAACA,GAASA,EAAM,MAAQ,EAC1B,OAAOP,EACL,IAAIE,EAAiB,sCAAsC,CAC7D,EAGF,KAAK,GAAKK,EAAM,KAClB,CACA,OAAON,EAAM,KAAK,EAAE,CACtB,CAEA,WAAyE,CACvE,OAAO,KAAK,oBAAoB,EAAE,MAAOO,GACvCL,EACEK,EAAM,IAAIJ,EAAO,MAAM,GAAG,MAC1B,sCACF,CACF,CACF,CAEA,UAAwE,CACtE,OAAO,KAAK,oBAAoB,EAAE,MAAOI,GACvCL,EACEK,EAAM,IAAIJ,EAAO,KAAK,GAAG,MACzB,qCACF,CACF,CACF,CAEA,uBAGE,CACA,OAAO,KAAK,oBAAoB,EAAE,MAAOI,GACvCL,EACEK,EAAM,IAAIJ,EAAO,oBAAoB,GAAG,MACxC,oDACF,CACF,CACF,CAEA,cAA4E,CAC1E,OAAO,KAAK,oBAAoB,EAAE,MAAOI,GACvCL,EACEK,EAAM,IAAIJ,EAAO,UAAU,GAAG,MAC9B,0CACF,CACF,CACF,CAEA,aAA2E,CACzE,OAAO,KAAK,oBAAoB,EAAE,MAAOI,GACvCL,EACEK,EAAM,IAAIJ,EAAO,QAAQ,GAAG,MAC5B,yCACF,CACF,CACF,CAEA,cAA4E,CAC1E,OAAO,KAAK,oBAAoB,EAAE,MAAOI,GACvCL,EACEK,EAAM,IAAIJ,EAAO,UAAU,GAAG,IAC9B,0CACF,CACF,CACF,CAEA,qBAGE,CACA,OAAO,KAAK,eACRH,EAAM,KAAK,cAAc,EACzB,KAAK,MAAM,EACR,MAAM,IAAMF,EAAO,SAAS,MAAM,KAAKU,EAAS,KAAK,MAAM,CAAC,CAAC,CAAC,EAC9D,IAAKC,GAAW,IAAI,IAAIA,EAAO,IAAKH,GAAU,CAACA,EAAM,IAAKA,CAAK,CAAC,CAAC,CAAC,EAClE,QAASC,GAAU,CAClB,KAAK,eAAiBA,CACxB,CAAC,CACT,CACF,CAEA,SAAUC,EACRE,EACkD,CAClD,OAAa,CACX,MAAMJ,EAAQI,EAAO,uBAAuB,EAC5C,GAAI,CAACJ,EAAO,OACZ,MAAMN,EAAMM,CAAK,CACnB,CACF",
+  "names": ["ByteArrayParser", "Either", "Left", "Right", "LKRPParsingError", "required", "TPTags", "TrustedProperties", "bytes", "field", "props", "parseTPs", "fields", "parser"]
+}

package/lib/esm/internal/di.js

@@ -0,0 +1,2 @@
+import{Container as a}from"inversify";import{appBindingModuleFactory as s}from"./app-binder/di/appBinderModule";import{lkrpDatasourceModuleFactory as m}from"./lkrp-datasource/di/lkrpDatasourceModuleFactory";import{useCasesModuleFactory as p}from"./use-cases/di/useCasesModule";import{externalTypes as o}from"./externalTypes";const D=({dmk:t,sessionId:n,baseUrl:r,stub:i})=>{const e=new a;return e.bind(o.Dmk).toConstantValue(t),e.bind(o.SessionId).toConstantValue(n),e.loadSync(s(),m({baseUrl:r,stub:i}),p()),e};export{D as makeContainer};
+//# sourceMappingURL=di.js.map

package/lib/esm/internal/di.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/internal/di.ts"],
+  "sourcesContent": ["import {\n  type DeviceManagementKit,\n  type DeviceSessionId,\n} from \"@ledgerhq/device-management-kit\";\nimport { Container } from \"inversify\";\n\nimport { appBindingModuleFactory } from \"@internal/app-binder/di/appBinderModule\";\n\nimport { lkrpDatasourceModuleFactory } from \"./lkrp-datasource/di/lkrpDatasourceModuleFactory\";\nimport { useCasesModuleFactory } from \"./use-cases/di/useCasesModule\";\nimport { externalTypes } from \"./externalTypes\";\n\nexport type MakeContainerProps = {\n  dmk: DeviceManagementKit;\n  sessionId: DeviceSessionId;\n  baseUrl?: string; // Optional base URL for the LKRP network requests\n  stub?: boolean;\n};\n\nexport const makeContainer = ({\n  dmk,\n  sessionId,\n  baseUrl,\n  stub,\n}: MakeContainerProps) => {\n  const container = new Container();\n\n  container.bind<DeviceManagementKit>(externalTypes.Dmk).toConstantValue(dmk);\n  container\n    .bind<DeviceSessionId>(externalTypes.SessionId)\n    .toConstantValue(sessionId);\n\n  container.loadSync(\n    appBindingModuleFactory(),\n    lkrpDatasourceModuleFactory({ baseUrl, stub }),\n    useCasesModuleFactory(),\n  );\n\n  return container;\n};\n"],
+  "mappings": "AAIA,OAAS,aAAAA,MAAiB,YAE1B,OAAS,2BAAAC,MAA+B,0CAExC,OAAS,+BAAAC,MAAmC,mDAC5C,OAAS,yBAAAC,MAA6B,gCACtC,OAAS,iBAAAC,MAAqB,kBASvB,MAAMC,EAAgB,CAAC,CAC5B,IAAAC,EACA,UAAAC,EACA,QAAAC,EACA,KAAAC,CACF,IAA0B,CACxB,MAAMC,EAAY,IAAIV,EAEtB,OAAAU,EAAU,KAA0BN,EAAc,GAAG,EAAE,gBAAgBE,CAAG,EAC1EI,EACG,KAAsBN,EAAc,SAAS,EAC7C,gBAAgBG,CAAS,EAE5BG,EAAU,SACRT,EAAwB,EACxBC,EAA4B,CAAE,QAAAM,EAAS,KAAAC,CAAK,CAAC,EAC7CN,EAAsB,CACxB,EAEOO,CACT",
+  "names": ["Container", "appBindingModuleFactory", "lkrpDatasourceModuleFactory", "useCasesModuleFactory", "externalTypes", "makeContainer", "dmk", "sessionId", "baseUrl", "stub", "container"]
+}

package/lib/esm/internal/externalTypes.js

@@ -0,0 +1,2 @@
+const r={Dmk:Symbol.for("Dmk"),SessionId:Symbol.for("SessionId")};export{r as externalTypes};
+//# sourceMappingURL=externalTypes.js.map

package/lib/esm/internal/externalTypes.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/internal/externalTypes.ts"],
+  "sourcesContent": ["export const externalTypes = {\n  Dmk: Symbol.for(\"Dmk\"),\n  SessionId: Symbol.for(\"SessionId\"),\n};\n\nexport type TrustedProperty = {\n  iv: Uint8Array;\n  issuer: Uint8Array;\n  xpriv: Uint8Array;\n  ephemeralPubKey: Uint8Array;\n  commandIV: Uint8Array;\n  groupKey: Uint8Array;\n  newMember: Uint8Array;\n};\n"],
+  "mappings": "AAAO,MAAMA,EAAgB,CAC3B,IAAK,OAAO,IAAI,KAAK,EACrB,UAAW,OAAO,IAAI,WAAW,CACnC",
+  "names": ["externalTypes"]
+}

package/lib/esm/internal/lkrp-datasource/data/HttpLKRPDataSource.js

@@ -0,0 +1,2 @@
+var d=Object.defineProperty;var f=Object.getOwnPropertyDescriptor;var m=(n,t,e,r)=>{for(var i=r>1?void 0:r?f(t,e):t,s=n.length-1,o;s>=0;s--)(o=n[s])&&(i=(r?o(t,e,i):o(i))||i);return r&&i&&d(t,e,i),i},c=(n,t)=>(e,r)=>t(e,r,n);import{inject as g,injectable as y}from"inversify";import{EitherAsync as R,Just as u,Maybe as b,Nothing as l,Right as p}from"purify-ts";import{LKRPHttpRequestError as h,LKRPUnauthorizedError as T}from"../../../api/app-binder/Errors";import{lkrpDatasourceTypes as P}from"../../lkrp-datasource/di/lkrpDatasourceTypes";import{LKRPBlockStream as $}from"../../utils/LKRPBlockStream";let a=class{constructor(t){this.baseUrl=t}getChallenge(){return this.request("/challenge",l)}authenticate(t){return this.request("/authenticate",l,{method:"POST",body:JSON.stringify(t)}).map(e=>({jwt:e,trustchainId:b.fromNullable(Object.keys(e.permissions).find(r=>!!e.permissions[r]?.["m/"]))}))}getTrustchainById(t,e){return this.request(`/trustchain/${t}`,u(e)).map(r=>Object.fromEntries(Object.entries(r).map(([i,s])=>[i,$.fromHex(s)])))}postDerivation(t,e,r){return this.request(`/trustchain/${t}/derivation`,u(r),{method:"POST",body:JSON.stringify(e.toString())})}putCommands(t,e,r,i){return this.request(`/trustchain/${t}/commands`,u(i),{method:"PUT",body:JSON.stringify({path:e,blocks:[r.toString()]})})}request(t,e,r){const i=this.baseUrl+t;return R.fromPromise(async()=>{const s=await fetch(i,{...r,headers:{...r?.headers,"Content-Type":"application/json",...e.mapOrDefault(({access_token:o})=>({Authorization:`Bearer ${o}`}),{})}});switch(s.status){case 204:return p(void 0);case 401:throw new T(`Unauthorized request to ${i}: [${s.status}] ${s.statusText}`);default:if(!s.ok)throw new h(`Failed to fetch ${i}: [${s.status}] ${s.statusText}`);return p(await s.json())}}).mapLeft(s=>s instanceof h?s:new h(s))}};a=m([y(),c(0,g(P.BaseUrl))],a);export{a as HttpLKRPDataSource};
+//# sourceMappingURL=HttpLKRPDataSource.js.map

package/lib/esm/internal/lkrp-datasource/data/HttpLKRPDataSource.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/internal/lkrp-datasource/data/HttpLKRPDataSource.ts"],
+  "sourcesContent": ["import { inject, injectable } from \"inversify\";\nimport { EitherAsync, Just, Maybe, Nothing, Right } from \"purify-ts\";\n\nimport {\n  LKRPHttpRequestError,\n  LKRPUnauthorizedError,\n} from \"@api/app-binder/Errors\";\nimport { JWT } from \"@api/app-binder/LKRPTypes\";\nimport { lkrpDatasourceTypes } from \"@internal/lkrp-datasource/di/lkrpDatasourceTypes\";\nimport { LKRPBlock } from \"@internal/utils/LKRPBlock\";\nimport { LKRPBlockStream } from \"@internal/utils/LKRPBlockStream\";\n\nimport {\n  AuthenticationPayload,\n  Challenge,\n  LKRPDataSource,\n} from \"./LKRPDataSource\";\n\n@injectable()\nexport class HttpLKRPDataSource implements LKRPDataSource {\n  constructor(\n    @inject(lkrpDatasourceTypes.BaseUrl) private readonly baseUrl: string,\n  ) {}\n\n  getChallenge() {\n    return this.request<Challenge>(\"/challenge\", Nothing);\n  }\n\n  authenticate(payload: AuthenticationPayload) {\n    return this.request<JWT>(\"/authenticate\", Nothing, {\n      method: \"POST\",\n      body: JSON.stringify(payload),\n    }).map((jwt) => ({\n      jwt,\n      trustchainId: Maybe.fromNullable(\n        Object.keys(jwt.permissions).find((id) =>\n          Boolean(jwt.permissions[id]?.[\"m/\"]),\n        ),\n      ),\n    }));\n  }\n\n  getTrustchainById(id: string, jwt: JWT) {\n    return this.request<{ [path: string]: string }>(\n      `/trustchain/${id}`,\n      Just(jwt),\n    ).map((serialized) =>\n      Object.fromEntries(\n        Object.entries(serialized).map(([path, stream]) => [\n          path,\n          LKRPBlockStream.fromHex(stream),\n        ]),\n      ),\n    );\n  }\n\n  postDerivation(id: string, block: LKRPBlock, jwt: JWT) {\n    return this.request<void>(`/trustchain/${id}/derivation`, Just(jwt), {\n      method: \"POST\",\n      body: JSON.stringify(block.toString()),\n    });\n  }\n\n  putCommands(id: string, path: string, block: LKRPBlock, jwt: JWT) {\n    return this.request<void>(`/trustchain/${id}/commands`, Just(jwt), {\n      method: \"PUT\",\n      body: JSON.stringify({ path, blocks: [block.toString()] }),\n    });\n  }\n\n  private request<Res>(\n    endpoint: `/${string}`,\n    jwt: Maybe<{ access_token: string }>,\n    init?: RequestInit,\n  ): EitherAsync<LKRPHttpRequestError, Res> {\n    const href = this.baseUrl + endpoint;\n\n    return EitherAsync.fromPromise(async () => {\n      const response = await fetch(href, {\n        ...init,\n        headers: {\n          ...init?.headers,\n          \"Content-Type\": \"application/json\",\n          ...jwt.mapOrDefault<{ Authorization?: string }>(\n            ({ access_token }) => ({ Authorization: `Bearer ${access_token}` }),\n            {},\n          ),\n        },\n      });\n      switch (response.status) {\n        case 204:\n          return Right(undefined as Res);\n\n        case 401:\n          throw new LKRPUnauthorizedError(\n            `Unauthorized request to ${href}: [${response.status}] ${response.statusText}`,\n          );\n\n        default:\n          if (!response.ok) {\n            throw new LKRPHttpRequestError(\n              `Failed to fetch ${href}: [${response.status}] ${response.statusText}`,\n            );\n          }\n          return Right((await response.json()) as Res);\n      }\n    }).mapLeft((error: unknown) =>\n      error instanceof LKRPHttpRequestError\n        ? error\n        : new LKRPHttpRequestError(error),\n    );\n  }\n}\n"],
+  "mappings": "iOAAA,OAAS,UAAAA,EAAQ,cAAAC,MAAkB,YACnC,OAAS,eAAAC,EAAa,QAAAC,EAAM,SAAAC,EAAO,WAAAC,EAAS,SAAAC,MAAa,YAEzD,OACE,wBAAAC,EACA,yBAAAC,MACK,yBAEP,OAAS,uBAAAC,MAA2B,mDAEpC,OAAS,mBAAAC,MAAuB,kCASzB,IAAMC,EAAN,KAAmD,CACxD,YACwDC,EACtD,CADsD,aAAAA,CACrD,CAEH,cAAe,CACb,OAAO,KAAK,QAAmB,aAAcC,CAAO,CACtD,CAEA,aAAaC,EAAgC,CAC3C,OAAO,KAAK,QAAa,gBAAiBD,EAAS,CACjD,OAAQ,OACR,KAAM,KAAK,UAAUC,CAAO,CAC9B,CAAC,EAAE,IAAKC,IAAS,CACf,IAAAA,EACA,aAAcC,EAAM,aAClB,OAAO,KAAKD,EAAI,WAAW,EAAE,KAAME,GACjC,EAAQF,EAAI,YAAYE,CAAE,IAAI,IAAI,CACpC,CACF,CACF,EAAE,CACJ,CAEA,kBAAkBA,EAAYF,EAAU,CACtC,OAAO,KAAK,QACV,eAAeE,CAAE,GACjBC,EAAKH,CAAG,CACV,EAAE,IAAKI,GACL,OAAO,YACL,OAAO,QAAQA,CAAU,EAAE,IAAI,CAAC,CAACC,EAAMC,CAAM,IAAM,CACjDD,EACAE,EAAgB,QAAQD,CAAM,CAChC,CAAC,CACH,CACF,CACF,CAEA,eAAeJ,EAAYM,EAAkBR,EAAU,CACrD,OAAO,KAAK,QAAc,eAAeE,CAAE,cAAeC,EAAKH,CAAG,EAAG,CACnE,OAAQ,OACR,KAAM,KAAK,UAAUQ,EAAM,SAAS,CAAC,CACvC,CAAC,CACH,CAEA,YAAYN,EAAYG,EAAcG,EAAkBR,EAAU,CAChE,OAAO,KAAK,QAAc,eAAeE,CAAE,YAAaC,EAAKH,CAAG,EAAG,CACjE,OAAQ,MACR,KAAM,KAAK,UAAU,CAAE,KAAAK,EAAM,OAAQ,CAACG,EAAM,SAAS,CAAC,CAAE,CAAC,CAC3D,CAAC,CACH,CAEQ,QACNC,EACAT,EACAU,EACwC,CACxC,MAAMC,EAAO,KAAK,QAAUF,EAE5B,OAAOG,EAAY,YAAY,SAAY,CACzC,MAAMC,EAAW,MAAM,MAAMF,EAAM,CACjC,GAAGD,EACH,QAAS,CACP,GAAGA,GAAM,QACT,eAAgB,mBAChB,GAAGV,EAAI,aACL,CAAC,CAAE,aAAAc,CAAa,KAAO,CAAE,cAAe,UAAUA,CAAY,EAAG,GACjE,CAAC,CACH,CACF,CACF,CAAC,EACD,OAAQD,EAAS,OAAQ,CACvB,IAAK,KACH,OAAOE,EAAM,MAAgB,EAE/B,IAAK,KACH,MAAM,IAAIC,EACR,2BAA2BL,CAAI,MAAME,EAAS,MAAM,KAAKA,EAAS,UAAU,EAC9E,EAEF,QACE,GAAI,CAACA,EAAS,GACZ,MAAM,IAAII,EACR,mBAAmBN,CAAI,MAAME,EAAS,MAAM,KAAKA,EAAS,UAAU,EACtE,EAEF,OAAOE,EAAO,MAAMF,EAAS,KAAK,CAAS,CAC/C,CACF,CAAC,EAAE,QAASK,GACVA,aAAiBD,EACbC,EACA,IAAID,EAAqBC,CAAK,CACpC,CACF,CACF,EA7FatB,EAANuB,EAAA,CADNC,EAAW,EAGPC,EAAA,EAAAC,EAAOC,EAAoB,OAAO,IAF1B3B",
+  "names": ["inject", "injectable", "EitherAsync", "Just", "Maybe", "Nothing", "Right", "LKRPHttpRequestError", "LKRPUnauthorizedError", "lkrpDatasourceTypes", "LKRPBlockStream", "HttpLKRPDataSource", "baseUrl", "Nothing", "payload", "jwt", "Maybe", "id", "Just", "serialized", "path", "stream", "LKRPBlockStream", "block", "endpoint", "init", "href", "EitherAsync", "response", "access_token", "Right", "LKRPUnauthorizedError", "LKRPHttpRequestError", "error", "__decorateClass", "injectable", "__decorateParam", "inject", "lkrpDatasourceTypes"]
+}

package/lib/esm/internal/lkrp-datasource/data/HttpLKRPDataSource.test.js

@@ -0,0 +1,2 @@
+import{Just as b,Left as d,Nothing as S,Right as r}from"purify-ts";import{LKRPHttpRequestError as h,LKRPUnauthorizedError as T}from"../../../api/app-binder/Errors";import{LKRPBlock as m}from"../../utils/LKRPBlock";import{LKRPBlockStream as p}from"../../utils/LKRPBlockStream";import{HttpLKRPDataSource as c}from"./HttpLKRPDataSource";const n={access_token:"ACCESS TOKEN",permissions:{TRUSTCHAIN_ID:{"m/":["owner"]}}},i={version:0,challenge:{data:"1010101010010101010",expiry:"2025-06-30T10:00:00Z"},host:"example.com",rp:[{credential:{version:0,curveId:33,signAlgorithm:1,publicKey:"aaaaaaaaaaaaaaaaaaaaaaaaaa"},signature:"abababababababab"}],protocolVersion:{major:1,minor:0,patch:0}},u={credential:{version:0,curveId:33,signAlgorithm:1,publicKey:"bbbbbbbbbbbbbbbbbbbbbbbbbbb"},signature:"acacacacacacacac",attestation:"0000000000000000"};describe("HttpLKRPDataSource",()=>{const a=vi.spyOn(global,"fetch"),t="https://example.com";afterEach(()=>{a.mockClear()}),describe("getChallenge",()=>{it("should fetch challenge successfully",async()=>{const e={tlv:"0f1234567890",json:i};a.mockResolvedValueOnce({ok:!0,json:()=>Promise.resolve(e)});const s=await new c(t).getChallenge();expect(a).toHaveBeenCalledWith(`${t}/challenge`,{headers:{"Content-Type":"application/json"}}),expect(s).toEqual(r(e))}),it("should handle fetch error",async()=>{const e=new Error("Random error");a.mockRejectedValueOnce(e);const s=await new c(t).getChallenge();expect(s).toEqual(d(new h(e)))})}),describe("authenticate",()=>{it("should fetch a JWT when the authentication is successful",async()=>{a.mockResolvedValueOnce({ok:!0,json:()=>Promise.resolve(n)});const o=await new c(t).authenticate({challenge:i,signature:u});expect(a).toHaveBeenCalledWith(`${t}/authenticate`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({challenge:i,signature:u})}),expect(o).toEqual(r({jwt:n,trustchainId:b("TRUSTCHAIN_ID")}))}),it("should return no trustchainId the returned JWT does not contain one",async()=>{const e={access_token:"ACCESS TOKEN",permissions:{}};a.mockResolvedValueOnce({ok:!0,json:()=>Promise.resolve(e)});const s=await new c(t).authenticate({challenge:i,signature:u});expect(s).toEqual(r({jwt:e,trustchainId:S}))}),it("should handle authentication error",async()=>{a.mockResolvedValueOnce({ok:!1,status:401,statusText:"Unauthorized"});const o=await new c(t).authenticate({challenge:i,signature:u});expect(o).toEqual(d(new T(`Unauthorized request to ${t}/authenticate: [401] Unauthorized`)))})}),describe("getTrustchainById",()=>{it("should fetch trustchain by ID successfully",async()=>{const e={"m/":"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1e1d","m/16'":"1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b"};a.mockResolvedValueOnce({ok:!0,json:()=>Promise.resolve(e)});const s=await new c(t).getTrustchainById("TRUSTCHAIN_ID",n);expect(a).toHaveBeenCalledWith(`${t}/trustchain/TRUSTCHAIN_ID`,{headers:{"Content-Type":"application/json",Authorization:`Bearer ${n.access_token}`}}),expect(s).toEqual(r({"m/":p.fromHex("0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1e1d"),"m/16'":p.fromHex("1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b")}))}),it("should handle errors",async()=>{a.mockResolvedValueOnce({ok:!1,status:500,statusText:"Internal Server Error"});const o=await new c(t).getTrustchainById("TRUSTCHAIN_ID",n);expect(o).toEqual(d(new h(`Failed to fetch ${t}/trustchain/TRUSTCHAIN_ID: [500] Internal Server Error`)))})}),describe("postDerivation",()=>{it("should post derivation successfully",async()=>{const e="0102030405060708090a0b0c0d0e0f",o=m.fromHex(e);a.mockResolvedValueOnce({ok:!0,status:204});const l=await new c(t).postDerivation("TRUSTCHAIN_ID",o,n);expect(a).toHaveBeenCalledWith(`${t}/trustchain/TRUSTCHAIN_ID/derivation`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${n.access_token}`},body:JSON.stringify(e)}),expect(l).toEqual(r(void 0))})}),describe("putCommands",()=>{it("should put commands successfully",async()=>{const e="0102030405060708090a0b0c0d0e0f",o=m.fromHex(e);a.mockResolvedValueOnce({ok:!0,status:204});const l=await new c(t).putCommands("TRUSTCHAIN_ID","m/0'/16'/0'",o,n);expect(a).toHaveBeenCalledWith(`${t}/trustchain/TRUSTCHAIN_ID/commands`,{method:"PUT",headers:{"Content-Type":"application/json",Authorization:`Bearer ${n.access_token}`},body:JSON.stringify({path:"m/0'/16'/0'",blocks:[e]})}),expect(l).toEqual(r(void 0))})})});
+//# sourceMappingURL=HttpLKRPDataSource.test.js.map